Total CVEs

141,492

Critical Severity

3,867

High Severity

13,899

Last 7 Days

1,783
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 12,661 - 12,680 of 13,594 CVEs
CVE-2025-54002 HIGH - 8.8

Missing Authorization vulnerability in Jthemes xSmart xsmart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects xSmart: from n/a through <= 1.2.9.4.

Vendor: Jthemes
Product: xSmart
Published: Jan 22, 2026
Source: NVD
CVE-2025-50007 HIGH - 8.8

Incorrect Privilege Assignment vulnerability in Jthemes xSmart xsmart allows Privilege Escalation.This issue affects xSmart: from n/a through <= 1.2.9.4.

Vendor: Jthemes
Product: xSmart
Published: Jan 22, 2026
Source: NVD
CVE-2025-49375 HIGH - 8.8

Missing Authorization vulnerability in cozythemes HomeLancer homelancer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HomeLancer: from n/a through <= 1.0.1.

Vendor: cozythemes
Product: HomeLancer
Published: Jan 22, 2026
Source: NVD
CVE-2025-47555 HIGH - 8.1

Authorization Bypass Through User-Controlled Key vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through <= 3.9.4.

Vendor: Themeum
Product: Tutor LMS
Published: Jan 22, 2026
Source: NVD
CVE-2025-31413 HIGH - 8.8

Cross-Site Request Forgery (CSRF) vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Cross Site Request Forgery.This issue affects Element Pack Elementor Addons: from n/a through <= 8.3.13.

Vendor: bdthemes
Product: Element Pack Elementor Addons
Published: Jan 22, 2026
Source: NVD
CVE-2025-69822 HIGH - 7.4

An issue in Atomberg Atomberg Erica Smart Fan Firmware Version: V1.0.36 allows an attacker to obtain sensitive information and escalate privileges via a crafted deauth frame

Vendor: n/a
Product: n/a
Published: Jan 22, 2026
Source: NVD
CVE-2025-69821 HIGH - 7.4

An issue in Beat XP VEGA Smartwatch (Firmware Version - RB303ATV006229) allows an attacker to cause a denial of service via the BLE connection

Vendor: n/a
Product: n/a
Published: Jan 22, 2026
Source: NVD
CVE-2025-36588 HIGH - 8.8

Dell Unisphere for PowerMax, version(s) 10.2.0.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.

Vendor: Dell
Product: Unisphere for PowerMax, Unisphere for PowerMax Virtual Appliance
Published: Jan 22, 2026
Source: NVD
CVE-2026-1329 HIGH - 8.8

A flaw has been found in Tenda AX1803 1.0.0.1. The affected element is the function fromGetWifiGuestBasic of the file /goform/WifiGuestSet. Executing a manipulation of the argument guestWrlPwd/guestEn/guestSsid/hideSsid/guestSecurity can lead to stack-based buffer overflow. The attack may be launche...

Published: Jan 22, 2026
Source: NVD
CVE-2026-1328 HIGH - 8.8

A vulnerability was detected in Totolink NR1800X 9.1.0u.6279_B20210910. Impacted is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Performing a manipulation of the argument ssid results in buffer overflow. The attack may be initiated remotely. The e...

Vendor: totolink
Product: nr1800x_firmware
Published: Jan 22, 2026
Source: NVD
CVE-2026-1324 HIGH - 8.8

A vulnerability was identified in Sangfor Operation and Maintenance Management System up to 3.0.12. Affected by this issue is the function SessionController of the file /isomp-protocol/protocol/session of the component SSH Protocol Handler. The manipulation of the argument keypassword leads to os co...

Published: Jan 22, 2026
Source: NVD
CVE-2026-0723 HIGH - 7.4

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an individual with existing knowledge of a victim's credential ID to bypass two-factor authentication by submitting forged device res...

Vendor: gitlab
Product: gitlab
Published: Jan 22, 2026
Source: NVD
CVE-2025-13928 HIGH - 7.5

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an unauthenticated user to cause a denial of service condition by exploiting incorrect authorization validation in API endpoints.

Vendor: GitLab
Product: GitLab
Published: Jan 22, 2026
Source: NVD
CVE-2025-13927 HIGH - 7.5

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.9 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an unauthenticated user to create a denial of service condition by sending crafted requests with malformed authentication data.

Vendor: GitLab
Product: GitLab
Published: Jan 22, 2026
Source: NVD
CVE-2025-10856 HIGH - 8.1

Unrestricted Upload of File with Dangerous Type vulnerability in Solvera Software Services Trade Inc. Teknoera allows File Content Injection.This issue affects Teknoera: through 01102025.

Vendor: Solvera Software Services Trade Inc.
Product: Teknoera
Published: Jan 22, 2026
Source: NVD
CVE-2025-10855 HIGH - 7.5

Authorization Bypass Through User-Controlled Key vulnerability in Solvera Software Services Trade Inc. Teknoera allows Exploitation of Trusted Identifiers.This issue affects Teknoera: through 01102025.

Vendor: Solvera Software Services Trade Inc.
Product: Teknoera
Published: Jan 22, 2026
Source: NVD
CVE-2025-10024 HIGH - 7.5

Authorization Bypass Through User-Controlled Key vulnerability in EXERT Computer Technologies Software Ltd. Co. Education Management System allows Parameter Injection.This issue affects Education Management System: through 23.09.2025.

Vendor: EXERT Computer Technologies Software Ltd. Co.
Product: Education Management System
Published: Jan 22, 2026
Source: NVD
CVE-2025-4764 HIGH - 8.0

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aida Computer Information Technology Inc. Hotel Guest Hotspot allows SQL Injection.This issue affects Hotel Guest Hotspot: through 22012026.ย  NOTE: The vendor was contacted early about th...

Published: Jan 22, 2026
Source: NVD
CVE-2026-1330 HIGH - 7.5

MeetingHub developed by HAMASTAR Technology has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files.

Published: Jan 22, 2026
Source: NVD
CVE-2026-24038 HIGH - 8.1

Horilla is a free and open source Human Resource Management System (HRMS). In version 1.4.0, the OTP handling logic has a flawed equality check that can be bypassed. When an OTP expires, the server returns None, and if an attacker omits the otp field from their POST request, the user-supplied OTP is...

Vendor: horilla-opensource
Product: horilla
Published: Jan 22, 2026
Source: NVD