Total CVEs

142,265

Critical Severity

3,947

High Severity

14,217

Last 7 Days

1,850
Quick preset (or use dates below)
Clear Filters
Showing 12,741 - 12,760 of 14,675 CVEs
CVE-2026-1600 MEDIUM - 4.3

A vulnerability was identified in Bdtask Bhojon All-In-One Restaurant Management System up to 20260116. The impacted element is an unknown function of the file /hungry/addtocart of the component Add-to-Cart Submission Endpoint. The manipulation of the argument price/allprice leads to business logic ...

Published: Jan 29, 2026
Source: NVD
CVE-2026-1599 MEDIUM - 4.3

A vulnerability was determined in Bdtask Bhojon All-In-One Restaurant Management System up to 20260116. The affected element is an unknown function of the file /hungry/placeorder of the component Checkout. Executing a manipulation of the argument orggrandTotal/vat/service_charge/grandtotal can lead ...

Published: Jan 29, 2026
Source: NVD
CVE-2025-45160 MEDIUM - 5.4

A HTML injection vulnerability exists in the file upload functionality of Cacti <= 1.2.29. When a file with an invalid format is uploaded, the application reflects the submitted filename back into an error popup without proper sanitization. As a result, attackers can inject arbitrary HTML element...

Published: Jan 29, 2026
Source: NVD
CVE-2026-1597 MEDIUM - 6.3

A vulnerability has been found in Bdtask SalesERP up to 20260116. This issue affects some unknown processing of the component Administrative Endpoint. Such manipulation of the argument ci_session leads to improper authorization. The attack may be performed from remote. The exploit has been disclosed...

Published: Jan 29, 2026
Source: NVD
CVE-2026-1596 MEDIUM - 6.3

A flaw has been found in D-Link DWR-M961 1.1.47. This vulnerability affects the function sub_419920 of the file /boafrm/formLtefotaUpgradeQuectel. This manipulation of the argument fota_url causes command injection. The attack is possible to be carried out remotely. The exploit has been published an...

Published: Jan 29, 2026
Source: NVD
CVE-2026-0936 MEDIUM - 5.0

An Insertion of Sensitive Information into Log File vulnerability in B&R PVI client versions prior to 6.5 may be abused by an authenticated local attacker to gather credential information which is processed by the PVI client application. The logging function of the PVI client application is disa...

Published: Jan 29, 2026
Source: NVD
CVE-2025-71011 MEDIUM - 6.2

An input validation vulnerability in the flow.Tensor.new_empty/flow.Tensor.new_ones/flow.Tensor.new_zeros component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.

Vendor: oneflow
Product: oneflow
Published: Jan 29, 2026
Source: NVD
CVE-2025-71009 MEDIUM - 6.2

An input validation vulnerability in the flow.scatter/flow.scatter_add component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted indices.

Vendor: oneflow
Product: oneflow
Published: Jan 29, 2026
Source: NVD
CVE-2025-71008 MEDIUM - 6.2

A segmentation violation in the oneflow._oneflow_internal.autograd.Function.FunctionCtx.mark_non_differentiable component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.

Vendor: oneflow
Product: oneflow
Published: Jan 29, 2026
Source: NVD
CVE-2020-37018 MEDIUM - 6.4

GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through message subjects. Attackers can craft messages with embedded JavaScript that will execute when an administrator reads the message, potentially stealing session...

Vendor: Goautodial
Product: GOautodial
Published: Jan 29, 2026
Source: NVD
CVE-2020-37007 MEDIUM - 5.3

Liman 0.7 contains a cross-site request forgery vulnerability that allows attackers to manipulate user account settings without proper request validation. Attackers can craft malicious HTML forms to change user passwords or modify account information by tricking logged-in users into submitting unaut...

Vendor: salihciftci
Product: Liman
Published: Jan 29, 2026
Source: NVD
CVE-2020-36994 MEDIUM - 6.2

QlikView 12.50.20000.0 contains a denial of service vulnerability in the FTP server address input field that allows local attackers to crash the application. Attackers can paste a 300-character buffer into the FTP server address field to trigger an application crash and prevent normal functionality.

Vendor: QlikTech International AB
Product: QlikView
Published: Jan 29, 2026
Source: NVD
CVE-2025-7014 MEDIUM - 5.7

Session Fixation vulnerability in QR Menu Pro Smart Menu Systems Menu Panel allows Session Hijacking.This issue affects Menu Panel: through 29012026.ย  NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Published: Jan 29, 2026
Source: NVD
CVE-2025-7013 MEDIUM - 5.7

Authorization Bypass Through User-Controlled Key vulnerability in QR Menu Pro Smart Menu Systems Menu Panel allows Exploitation of Trusted Identifiers.This issue affects Menu Panel: through 29012026.ย  NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Published: Jan 29, 2026
Source: NVD
CVE-2026-1587 MEDIUM - 5.3

A vulnerability has been found in Open5GS up to 2.7.6. The affected element is the function sgwc_s11_handle_modify_bearer_request of the file /sgwc/s11-handler.c of the component SGWC. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been d...

Vendor: open5gs
Product: open5gs
Published: Jan 29, 2026
Source: NVD
CVE-2026-1586 MEDIUM - 5.3

A flaw has been found in Open5GS up to 2.7.5. Impacted is the function ogs_gtp2_f_teid_to_ip of the file /sgwc/s11-handler.c of the component SGWC. Executing a manipulation can lead to denial of service. The attack may be performed from remote. The exploit has been published and may be used. It is a...

Vendor: open5gs
Product: open5gs
Published: Jan 29, 2026
Source: NVD
CVE-2025-7015 MEDIUM - 5.7

Session Fixation vulnerability in Akฤฑn Software Computer Import Export Industry and Trade Ltd. QR Menu allows Session Fixation.This issue affects QR Menu: before s1.05.12.

Published: Jan 29, 2026
Source: NVD
CVE-2026-22764 MEDIUM - 4.3

Dell OpenManage Network Integration, versions prior to 3.9, contains an Improper Authentication vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

Vendor: Dell
Product: OpenManage Network Integration
Published: Jan 29, 2026
Source: NVD
CVE-2026-23571 MEDIUM - 6.8

A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-RunPkgStatusRequest instruction. Improper input validation allows authenticated attackers with actioner privilege to run elevated arbitrary commands on connected hosts via malicious c...

Vendor: TeamViewer
Product: DEX
Published: Jan 29, 2026
Source: NVD
CVE-2026-23570 MEDIUM - 6.5

A missing validation of a user-controlled value in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an adjacent network attacker to tamper with log timestamps via crafted UDP Sync command. This could result in forged ...

Vendor: TeamViewer
Product: DEX
Published: Jan 29, 2026
Source: NVD