Total CVEs

142,265

Critical Severity

3,947

High Severity

14,217

Last 7 Days

1,850
Quick preset (or use dates below)
Clear Filters
Showing 12,501 - 12,520 of 14,217 CVEs
CVE-2025-69516 HIGH - 8.8

A Server-Side Template Injection (SSTI) vulnerability in the /reporting/templates/preview/ endpoint of Amidaware Tactical RMM, affecting versions equal to or earlier than v1.3.1, allows low-privileged users with Report Viewer or Report Manager permissions to achieve remote command execution on the s...

Published: Jan 29, 2026
Source: NVD
CVE-2025-63658 HIGH - 7.5

A stack overflow in the mk_http_index_lookup function (mk_server/mk_http.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.

Published: Jan 29, 2026
Source: NVD
CVE-2025-63657 HIGH - 7.5

An out-of-bounds read in the mk_mimetype_find function (mk_server/mk_mimetype.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.

Published: Jan 29, 2026
Source: NVD
CVE-2025-63656 HIGH - 7.5

An out-of-bounds read in the header_cmp function (mk_server/mk_http_parser.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.

Published: Jan 29, 2026
Source: NVD
CVE-2025-63655 HIGH - 7.5

A NULL pointer dereference in the mk_http_range_parse function (mk_server/mk_http.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.

Published: Jan 29, 2026
Source: NVD
CVE-2025-63653 HIGH - 7.5

An out-of-bounds read in the mk_vhost_fdt_close function (mk_server/mk_vhost.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.

Published: Jan 29, 2026
Source: NVD
CVE-2025-63652 HIGH - 7.5

A use-after-free in the mk_http_request_end function (mk_server/mk_http.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.

Published: Jan 29, 2026
Source: NVD
CVE-2025-63651 HIGH - 7.5

A use-after-free in the mk_string_char_search function (mk_core/mk_string.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.

Published: Jan 29, 2026
Source: NVD
CVE-2025-63650 HIGH - 7.5

An out-of-bounds read in the mk_ptr_to_buf in mk_core function (mk_memory.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.

Published: Jan 29, 2026
Source: NVD
CVE-2025-63649 HIGH - 7.5

An out-of-bounds read in the http_parser_transfer_encoding_chunked function (mk_server/mk_http_parser.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted POST request to the server.

Published: Jan 29, 2026
Source: NVD
CVE-2026-1610 HIGH - 8.1

A vulnerability was found in Tenda AX12 Pro V2 16.03.49.24_cn. Affected by this issue is some unknown functionality of the component Telnet Service. Performing a manipulation results in hard-coded credentials. The attack is possible to be carried out remotely. A high degree of complexity is needed f...

Published: Jan 29, 2026
Source: NVD
CVE-2026-23896 HIGH - 7.2

immich is a high performance self-hosted photo and video management solution. Prior to version 2.5.0, API keys can escalate their own permissions by calling the update endpoint, allowing a low-privilege API key to grant itself full administrative access to the system. Version 2.5.0 fixes the issue.

Vendor: immich-app
Product: immich
Published: Jan 29, 2026
Source: NVD
CVE-2026-1595 HIGH - 7.3

A vulnerability was detected in itsourcecode Society Management System 1.0. This affects an unknown part of the file /admin/edit_student_query.php. The manipulation of the argument student_id results in sql injection. The attack can be executed remotely. The exploit is now public and may be used.

Vendor: angeljudesuarez
Product: society_management_system
Published: Jan 29, 2026
Source: NVD
CVE-2025-62514 HIGH - 8.3

Parsec is a cloud-based application for cryptographically secure file sharing. In versions on the 3.x branch prior to 3.6.0, `libparsec_crypto`, a component of the Parsec application, does not check for weak order point of Curve25519 when compiled with its RustCrypto backend. In practice this means ...

Vendor: Scille
Product: parsec-cloud
Published: Jan 29, 2026
Source: NVD
CVE-2026-1594 HIGH - 7.3

A security vulnerability has been detected in itsourcecode Society Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/add_expenses.php. The manipulation of the argument detail leads to sql injection. Remote exploitation of the attack is possible. The explo...

Vendor: angeljudesuarez
Product: society_management_system
Published: Jan 29, 2026
Source: NVD
CVE-2026-1593 HIGH - 7.3

A weakness has been identified in itsourcecode Society Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/edit_expenses_query.php. Executing a manipulation of the argument detail can lead to sql injection. The attack may be launched remotely. The exp...

Vendor: angeljudesuarez
Product: society_management_system
Published: Jan 29, 2026
Source: NVD
CVE-2026-1590 HIGH - 7.3

A vulnerability was identified in itsourcecode School Management System 1.0. This impacts an unknown function of the file /ramonsys/faculty/index.php. Such manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used...

Vendor: angeljudesuarez
Product: school_management_system
Published: Jan 29, 2026
Source: NVD
CVE-2026-1589 HIGH - 7.3

A vulnerability was determined in itsourcecode School Management System 1.0. This affects an unknown function of the file /ramonsys/inquiry/index.php. This manipulation of the argument txtsearch causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and m...

Vendor: angeljudesuarez
Product: school_management_system
Published: Jan 29, 2026
Source: NVD
CVE-2025-7714 HIGH - 7.5

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Global Interactive Design Media Software Inc. Content Management System (CMS) allows Command Line Execution through SQL Injection.This issue affects Content Management System (CMS): throug...

Published: Jan 29, 2026
Source: NVD
CVE-2025-7713 HIGH - 7.5

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Global Interactive Design Media Software Inc. Content Management System (CMS) allows XSS Through HTTP Headers.This issue affects Content Management System (CMS): through 21072025.

Published: Jan 29, 2026
Source: NVD