Total CVEs

141,292

Critical Severity

3,799

High Severity

13,738

Last 7 Days

1,583
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 12,621 - 12,640 of 13,433 CVEs
CVE-2026-23842 HIGH - 7.5

ChatterBot is a machine learning, conversational dialog engine for creating chat bots. ChatterBot versions up to 1.2.10 are vulnerable to a denial-of-service condition caused by improper database session and connection pool management. Concurrent invocations of the get_response() method can exhaust ...

Vendor: pip
Product: chatterbot
Published: Jan 20, 2026
Source: GitHub
CVE-2025-33233 HIGH - 7.8

NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability where an attacker could cause code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

Vendor: NVIDIA
Product: Merlin Transformers4Rec
Published: Jan 20, 2026
Source: NVD
CVE-2025-33230 HIGH - 7.3

NVIDIA Nsight Systems for Linux contains a vulnerability in the .run installer, where an attacker could cause an OS command injection by supplying a malicious string to the installation path. A successful exploit of this vulnerability might lead to escalation of privileges, code execution, data tamp...

Vendor: NVIDIA
Product: CUDA Toolkit
Published: Jan 20, 2026
Source: NVD
CVE-2025-33229 HIGH - 7.3

NVIDIA Nsight Visual Studio for Windows contains a vulnerability in Nsight Monitor where an attacker can execute arbitrary code with the same privileges as the NVIDIA Nsight Visual Studio Edition Monitor application. A successful exploit of this vulnerability may lead to escalation of privileges, co...

Vendor: NVIDIA
Product: CUDA Toolkit
Published: Jan 20, 2026
Source: NVD
CVE-2025-33228 HIGH - 7.3

NVIDIA Nsight Systems contains a vulnerability in the gfx_hotspot recipe, where an attacker could cause an OS command injection by supplying a malicious string to the process_nsys_rep_cli.py script if the script is invoked manually. A successful exploit of this vulnerability might lead to code execu...

Vendor: NVIDIA
Product: CUDA Toolkit
Published: Jan 20, 2026
Source: NVD

esm.sh is a no-build content delivery network (CDN) for web development. Prior to Go pseeudoversion 0.0.0-20260116051925-c62ab83c589e, the software has a path traversal vulnerability due to an incomplete fix. `path.Clean` normalizes a path but does not prevent absolute paths in a malicious tar file....

Vendor: go
Product: github.com/esm-dev/esm.sh
Published: Jan 20, 2026
Source: GitHub
CVE-2025-56353 HIGH - 7.5

In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 (2024-02-18), a memory leak occurs due to the broker's failure to validate or reject malformed UTF-8 strings in topic filters. An attacker can exploit this by sending repeated subscription requests with arbitrarily large or invalid fil...

Vendor: n/a
Product: n/a
Published: Jan 20, 2026
Source: NVD
CVE-2025-36418 HIGH - 7.3

IBM ApplinX 11.1 is vulnerable due to a privilege escalation vulnerability due to improper verification of JWT tokens. An attacker may be able to craft or modify a JSON web token in order to impersonate another user or to elevate their privileges.

Vendor: IBM
Product: ApplinX
Published: Jan 20, 2026
Source: NVD
CVE-2025-33015 HIGH - 8.8

IBM Concert 1.0.0 through 2.1.0 is vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface.

Vendor: IBM
Product: Concert
Published: Jan 20, 2026
Source: NVD
CVE-2026-0726 HIGH - 8.1

The Nexter Extension โ€“ Site Enhancements Toolkit plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.6 via deserialization of untrusted input in the 'nxt_unserialize_replace' function. This makes it possible for unauthenticated attackers to ...

Published: Jan 20, 2026
Source: NVD
CVE-2025-15380 HIGH - 7.2

The NotificationX โ€“ FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting via the 'nx-preview' POST parameter in all versions up to, and including,...

Vendor: wpdevteam
Product: NotificationX โ€“ FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar
Published: Jan 20, 2026
Source: NVD
CVE-2025-15347 HIGH - 8.8

The Creator LMS โ€“ The LMS for Creators, Coaches, and Trainers plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check in the get_items_permissions_check function in all versions up to, and including, 1.1.12. This...

Vendor: getwpfunnels
Product: Creator LMS โ€“ The LMS for Creators, Coaches, and Trainers
Published: Jan 20, 2026
Source: NVD
CVE-2025-14115 HIGH - 8.4

IBM Sterling Connect:Direct for UNIX Container 6.3.0.0 through 6.3.0.6 Interim Fix 016, and 6.4.0.0 through 6.4.0.3 Interim Fix 019 IBMยฎ Sterling Connect:Direct for UNIX contains hard-coded credentials, such as a password or cryptographic key, which it uses forย its own inbound authentication, outbou...

Vendor: IBM
Product: Sterling Connect:Direct for UNIX Container
Published: Jan 20, 2026
Source: NVD
CVE-2025-12985 HIGH - 8.4

IBM Licensing Operator incorrectly assigns privileges to security critical files which could allow a local root escalation inside a container running the IBM Licensing Operator image.

Vendor: IBM
Product: IBM Licensing Operator
Published: Jan 20, 2026
Source: NVD
CVE-2025-15281 HIGH - 7.5

Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.

Vendor: The GNU C Library
Product: glibc
Published: Jan 20, 2026
Source: NVD
CVE-2026-1222 HIGH - 7.2

PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

Published: Jan 20, 2026
Source: NVD
CVE-2026-0908 HIGH - 8.8

Use after free in ANGLE in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)

Published: Jan 20, 2026
Source: NVD
CVE-2026-0902 HIGH - 8.8

Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)

Published: Jan 20, 2026
Source: NVD
CVE-2026-0900 HIGH - 8.8

Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

Published: Jan 20, 2026
Source: NVD
CVE-2026-0899 HIGH - 8.8

Out of bounds memory access in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

Published: Jan 20, 2026
Source: NVD