Total CVEs

142,265

Critical Severity

3,947

High Severity

14,217

Last 7 Days

1,859
Quick preset (or use dates below)
Clear Filters
Showing 12,701 - 12,720 of 14,675 CVEs
CVE-2025-36070 MEDIUM - 6.5

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server)ย 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 is vulnerable to a denial of service as a trap may occur when selecting from certain types of tables.

Vendor: IBM
Product: Db2 for Linux, UNIX and Windows
Published: Jan 30, 2026
Source: NVD
CVE-2025-36009 MEDIUM - 6.5

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an unauthenticated user to cause a denial of service due to excessive use of a global variable.

Vendor: IBM
Product: Db2 for Linux, UNIX and Windows
Published: Jan 30, 2026
Source: NVD
CVE-2025-36001 MEDIUM - 6.5

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service using a specially crafted SQL statement including XML that performs uncontrolled recursion.

Vendor: IBM
Product: Db2 for Linux, UNIX and Windows
Published: Jan 30, 2026
Source: NVD
CVE-2025-2668 MEDIUM - 6.5

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server)ย 11.5.0 - 11.5.9 is vulnerable to a denial of service as the server may crash when an authenticated user creates a specially crafted query.

Vendor: ibm
Product: db2
Published: Jan 30, 2026
Source: NVD
CVE-2026-25129 MEDIUM - 6.7

PsySH is a runtime developer console, interactive debugger, and REPL for PHP. Prior to versions 0.11.23 and 0.12.19, PsySH automatically loads and executes a `.psysh.php` file from the Current Working Directory (CWD) on startup. If an attacker can write to a directory that a victim later uses as the...

Vendor: bobthecow
Product: psysh
Published: Jan 30, 2026
Source: NVD

LobeHub is an open source human-and-AI-agent network. Prior to version 1.143.3, the file upload feature in `Knowledge Base > File Upload` does not validate the integrity of the upload request, allowing users to intercept and modify the request parameters. As a result, it is possible to create arb...

Vendor: lobehub
Product: lobe-chat
Published: Jan 30, 2026
Source: NVD
CVE-2025-62349 MEDIUM - 6.2

Salt contains an authentication protocol version downgrade weakness that can allow a malicious minion to bypass newer authentication/security features by using an older request payload format, enabling minion impersonation and circumventing protections introduced in response to prior issues.

Vendor: Salt Project
Product: Salt
Published: Jan 30, 2026
Source: NVD
CVE-2026-1702 MEDIUM - 6.3

A vulnerability was detected in SourceCodester Pet Grooming Management Software 1.0. Impacted is an unknown function of the file /admin/operation/user.php of the component User Management. Performing a manipulation of the argument group_id results in improper authorization. The attack can be initiat...

Published: Jan 30, 2026
Source: NVD
CVE-2026-1691 MEDIUM - 6.3

A vulnerability has been found in bolo-solo up to 2.6.4. This impacts the function importMarkdownsSync of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component SnakeYAML. Such manipulation leads to deserialization. The attack may be launched remotely. The exploit has be...

Published: Jan 30, 2026
Source: NVD
CVE-2026-1690 MEDIUM - 4.7

A flaw has been found in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon. This affects the function system of the file /boaform/formSysCmd. This manipulation of the argument sysCmd causes command injection. The attack may be initiated remotely. The exploit has been published and may be used.

Published: Jan 30, 2026
Source: NVD
CVE-2020-37022 MEDIUM - 6.4

OpenZ ERP 3.6.60 contains a persistent cross-site scripting vulnerability in the Employee module's name and description parameters. Attackers can inject malicious scripts through POST requests to , enabling session hijacking and manipulation of application modules.

Vendor: OpenZ
Product: OpenZ ERP
Published: Jan 30, 2026
Source: NVD
CVE-2020-37019 MEDIUM - 6.4

Orchard Core RC1 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts through blog post creation. Attackers can create blog posts with embedded JavaScript in the MarkdownBodyPart.Source parameter to execute arbitrary scripts in victim brow...

Vendor: Orchardcore
Product: Orchard Core
Published: Jan 30, 2026
Source: NVD
CVE-2020-37014 MEDIUM - 6.4

Tryton 5.4 contains a persistent cross-site scripting vulnerability in the user profile name input that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability by inserting script payloads in the name field, which execute in the frontend and backend user interfac...

Vendor: Tryton
Product: Tryton
Published: Jan 30, 2026
Source: NVD
CVE-2020-37003 MEDIUM - 6.4

Sellacious eCommerce 4.6 contains a persistent cross-site scripting vulnerability in the Manage Your Addresses module that allows attackers to inject malicious scripts. Attackers can exploit multiple address input fields like full name, company, and address to execute persistent script code that can...

Vendor: Sellacious
Product: Sellacious eCommerce
Published: Jan 30, 2026
Source: NVD
CVE-2020-36998 MEDIUM - 6.4

Forma.lms The E-Learning Suite 2.3.0.2 contains a persistent cross-site scripting vulnerability in multiple course and profile parameters. Attackers can inject malicious scripts in course code, name, description fields, and email parameter to execute arbitrary JavaScript without proper input sanitiz...

Vendor: forma
Product: E-Learning Suite
Published: Jan 30, 2026
Source: NVD
CVE-2020-36996 MEDIUM - 6.4

PHPFusion 9.03.50 contains a persistent cross-site scripting vulnerability in the print.php page that fails to properly sanitize user-submitted message content. Attackers can inject malicious JavaScript through forum messages that will execute when the print page is generated, allowing script execut...

Vendor: Php-Fusion
Product: PHPFusion
Published: Jan 30, 2026
Source: NVD
CVE-2020-36966 MEDIUM - 6.4

Dolibarr 11.0.3 contains a persistent cross-site scripting vulnerability in LDAP synchronization settings that allows attackers to inject malicious scripts through multiple parameters. Attackers can exploit the host, slave, and port parameters in /dolibarr/admin/ldap.php to execute arbitrary JavaScr...

Vendor: Dolibarr
Product: Dolibarr
Published: Jan 30, 2026
Source: NVD
CVE-2026-1684 MEDIUM - 5.3

A vulnerability was found in Free5GC SMF up to 4.1.0. Affected by this issue is the function HandleReports of the file /internal/context/pfcp_reports.go of the component PFCP UDP Endpoint. The manipulation results in denial of service. The attack can be executed remotely. It is advisable to implemen...

Published: Jan 30, 2026
Source: NVD
CVE-2026-1683 MEDIUM - 5.3

A vulnerability has been found in Free5GC SMF up to 4.1.0. Affected by this vulnerability is the function HandlePfcpSessionReportRequest of the file internal/pfcp/handler/handler.go of the component PFCP. The manipulation leads to denial of service. Remote exploitation of the attack is possible. The...

Published: Jan 30, 2026
Source: NVD
CVE-2026-1682 MEDIUM - 5.3

A flaw has been found in Free5GC SMF up to 4.1.0. Affected is the function HandlePfcpAssociationReleaseRequest of the file internal/pfcp/handler/handler.go of the component PFCP UDP Endpoint. Executing a manipulation can lead to null pointer dereference. The attack may be launched remotely. The expl...

Published: Jan 30, 2026
Source: NVD