Total CVEs

142,265

Critical Severity

3,947

High Severity

14,217

Last 7 Days

1,787
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 12,681 - 12,700 of 14,292 CVEs
CVE-2025-15525 MEDIUM - 5.3

The Ajax Load More โ€“ Infinite Scroll, Load More, & Lazy Load plugin for WordPress is vulnerable to unauthorized access of data due to incorrect authorization on the parse_custom_args() function in all versions up to, and including, 7.8.1. This makes it possible for unauthenticated attackers to e...

Vendor: dcooney
Product: Ajax Load More โ€“ Infinite Scroll, Load More, & Lazy Load
Published: Jan 31, 2026
Source: NVD
CVE-2025-15510 MEDIUM - 5.3

The NEX-Forms โ€“ Ultimate Forms Plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the NF5_Export_Forms class constructor in all versions up to, and including, 9.1.8. This makes it possible for unauthenticated attackers to export form configurations...

Vendor: webaways
Product: NEX-Forms โ€“ Ultimate Forms Plugin for WordPress
Published: Jan 31, 2026
Source: NVD
CVE-2020-37054 MEDIUM - 4.3

Navigate CMS 2.8.7 contains a cross-site request forgery vulnerability that allows attackers to upload malicious extensions through a crafted HTML page. Attackers can trick authenticated administrators into executing arbitrary file uploads by leveraging the extension upload functionality without add...

Vendor: Naviwebs S.C.
Product: Navigate CMS
Published: Jan 30, 2026
Source: NVD
CVE-2020-37046 MEDIUM - 5.3

Sistem Informasi Pengumuman Kelulusan Online 1.0 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized admin users through the tambahuser.php endpoint. Attackers can craft a malicious HTML form to submit admin credentials and create new administrative accounts...

Vendor: Adikiss
Product: Sistem Informasi Pengumuman Kelulusan Online
Published: Jan 30, 2026
Source: NVD
CVE-2020-37044 MEDIUM - 5.4

OpenCTI 3.3.1 is vulnerable to a reflected cross-site scripting (XSS) attack via the /graphql endpoint. An attacker can inject arbitrary JavaScript code by sending a crafted GET request with a malicious payload in the query string, leading to execution of JavaScript in the victim's browser. For...

Vendor: Filigran
Product: OpenCTI
Published: Jan 30, 2026
Source: NVD
CVE-2020-37026 MEDIUM - 5.3

Sickbeard alpha contains a cross-site request forgery vulnerability that allows attackers to disable authentication by submitting crafted configuration parameters. Attackers can trick users into submitting a malicious form that clears web username and password, effectively removing authentication pr...

Vendor: midgetspy
Product: Sickbeard
Published: Jan 30, 2026
Source: NVD
CVE-2026-25154 MEDIUM - 6.1

LocalSend is a free, open-source app that allows users to share files and messages with nearby devices over their local network without needing an internet connection. In versions up to and including 1.17.0, when a user initiates a "Share via Link" session, the LocalSend application starts...

Vendor: localsend
Product: localsend
Published: Jan 30, 2026
Source: NVD
CVE-2026-25152 MEDIUM - 5.3

Backstage is an open framework for building developer portals, and @backstage/plugin-techdocs-node provides common node.js functionalities for TechDocs. In versions of @backstage/plugin-techdocs-node prior to 1.13.11 and 1.14.1, a path traversal vulnerability in the TechDocs local generator allows a...

Vendor: backstage
Product: backstage
Published: Jan 30, 2026
Source: NVD
CVE-2025-36442 MEDIUM - 6.5

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query with XML columns.

Vendor: IBM
Product: Db2 for Linux, UNIX and Windows
Published: Jan 30, 2026
Source: NVD
CVE-2025-36428 MEDIUM - 5.3

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic when the RPSCAN feature is enabled.

Vendor: IBM
Product: Db2 for Linux, UNIX and Windows
Published: Jan 30, 2026
Source: NVD
CVE-2025-36427 MEDIUM - 6.5

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic.

Vendor: IBM
Product: Db2 for Linux, UNIX and Windows
Published: Jan 30, 2026
Source: NVD
CVE-2025-36424 MEDIUM - 6.5

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic.

Vendor: IBM
Product: Db2 for Linux, UNIX and Windows
Published: Jan 30, 2026
Source: NVD
CVE-2025-36423 MEDIUM - 6.5

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 12.1.0 - 12.1.3 could allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic.

Vendor: IBM
Product: Db2 for Linux, UNIX and Windows
Published: Jan 30, 2026
Source: NVD
CVE-2025-36407 MEDIUM - 6.5

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server)ย 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic.

Vendor: IBM
Product: Db2 for Linux, UNIX and Windows
Published: Jan 30, 2026
Source: NVD
CVE-2025-36387 MEDIUM - 6.5

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 - 11.5.9 could allow an authenticated user to cause a denial of service when given specially crafted query.

Vendor: IBM
Product: Db2 for Linux, UNIX and Windows
Published: Jan 30, 2026
Source: NVD
CVE-2025-36366 MEDIUM - 6.5

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a denial of service by executing a query that invokes the JSON_Object scalar function, which may trigger an unhandled exception leading to abnormal server termination.

Vendor: IBM
Product: Db2 for Linux, UNIX and Windows
Published: Jan 30, 2026
Source: NVD
CVE-2025-36365 MEDIUM - 6.8

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 under specific configuration of cataloged remote storage aliases could allow an authenticated user to execute unauthorized commands due to an authorization bypass vulnerability using a user-controll...

Vendor: IBM
Product: Db2 for Linux, UNIX and Windows
Published: Jan 30, 2026
Source: NVD
CVE-2025-36353 MEDIUM - 6.2

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic.

Vendor: IBM
Product: Db2 for Linux, UNIX and Windows
Published: Jan 30, 2026
Source: NVD
CVE-2025-36123 MEDIUM - 6.2

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3ย could allow a local user to cause a denial of service when copying large table containing XML data due to improper allocation of system resources.

Vendor: IBM
Product: Db2 for Linux, UNIX and Windows
Published: Jan 30, 2026
Source: NVD
CVE-2025-36098 MEDIUM - 6.5

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service due to improper allocation of resources.

Vendor: IBM
Product: Db2 for Linux, UNIX and Windows
Published: Jan 30, 2026
Source: NVD