Total CVEs

142,398

Critical Severity

3,966

High Severity

14,271

Last 7 Days

1,827
Quick preset (or use dates below)
Clear Filters
Showing 12,781 - 12,800 of 14,271 CVEs
CVE-2021-47892 HIGH - 7.2

PEEL Shopping 9.3.0 contains a stored cross-site scripting vulnerability in the 'Comments / Special Instructions' parameter of the purchase page. Attackers can inject malicious JavaScript payloads that will execute when the page is refreshed, potentially allowing client-side script executi...

Vendor: PEEL eCommerce
Product: PEEL Shopping
Published: Jan 23, 2026
Source: NVD
CVE-2021-47890 HIGH - 7.8

LogonExpert 8.1 contains an unquoted service path vulnerability in the LogonExpertSvc service running with LocalSystem privileges. Attackers can exploit the unquoted path to place malicious executables in intermediate directories, potentially gaining elevated system access during service startup.

Vendor: Softros Systems
Product: LogonExpert
Published: Jan 23, 2026
Source: NVD
CVE-2021-47889 HIGH - 7.8

Softros LAN Messenger 9.6.4 contains an unquoted service path vulnerability in the SoftrosSpellChecker service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\Softros Systems\Softros Messenger\Spell Checker\&#...

Vendor: Softros Systems
Product: LAN Messenger
Published: Jan 23, 2026
Source: NVD
CVE-2021-47888 HIGH - 8.8

Textpattern versions prior to 4.8.3 contain an authenticated remote code execution vulnerability that allows logged-in users to upload malicious PHP files. Attackers can upload a PHP file with a shell command execution payload and execute arbitrary commands by accessing the uploaded file through a s...

Vendor: The Textpattern Development Team
Product: Textpattern
Published: Jan 23, 2026
Source: NVD
CVE-2021-47881 HIGH - 8.4

dataSIMS Avionics ARINC 664-1 version 4.5.3 contains a local buffer overflow vulnerability that allows attackers to overwrite memory by manipulating the milstd1553result.txt file. Attackers can craft a malicious file with carefully constructed payload and alignment sections to potentially execute ar...

Vendor: Data Device Corporation
Product: dataSIMS Avionics ARINC
Published: Jan 23, 2026
Source: NVD
CVE-2025-69908 HIGH - 7.5

An unauthenticated information disclosure vulnerability in Newgen OmniApp allows attackers to enumerate valid privileged usernames via a publicly accessible client-side JavaScript resource.

Vendor: n/a
Product: n/a
Published: Jan 23, 2026
Source: NVD
CVE-2025-66720 HIGH - 7.5

Null pointer dereference in free5gc pcf 1.4.0 in file internal/sbi/processor/ampolicy.go in function HandleDeletePoliciesPolAssoId.

Vendor: n/a
Product: n/a
Published: Jan 23, 2026
Source: NVD

A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker ca...

Vendor: pip
Product: protobuf
Published: Jan 23, 2026
Source: GitHub
CVE-2026-24635 HIGH - 7.5

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in DevsBlink EduBlink Core edublink-core allows PHP Local File Inclusion.This issue affects EduBlink Core: from n/a through <= 2.0.7.

Vendor: DevsBlink
Product: EduBlink Core
Published: Jan 23, 2026
Source: NVD
CVE-2026-24624 HIGH - 7.2

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in saeros1984 Neoforum neoforum allows Blind SQL Injection.This issue affects Neoforum: from n/a through <= 1.0.

Vendor: saeros1984
Product: Neoforum
Published: Jan 23, 2026
Source: NVD
CVE-2026-24609 HIGH - 7.5

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Laurent laurent allows PHP Local File Inclusion.This issue affects Laurent: from n/a through <= 3.1.

Vendor: Elated-Themes
Product: Laurent
Published: Jan 23, 2026
Source: NVD
CVE-2026-24608 HIGH - 7.5

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Laurent Core laurent-core allows PHP Local File Inclusion.This issue affects Laurent Core: from n/a through <= 2.4.1.

Vendor: Elated-Themes
Product: Laurent Core
Published: Jan 23, 2026
Source: NVD
CVE-2026-24572 HIGH - 8.8

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nelio Software Nelio Content nelio-content allows Blind SQL Injection.This issue affects Nelio Content: from n/a through <= 4.1.0.

Vendor: Nelio Software
Product: Nelio Content
Published: Jan 23, 2026
Source: NVD
CVE-2026-24538 HIGH - 7.6

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in omnipressteam Omnipress omnipress allows PHP Local File Inclusion.This issue affects Omnipress: from n/a through <= 1.6.6.

Vendor: omnipressteam
Product: Omnipress
Published: Jan 23, 2026
Source: NVD
CVE-2026-24536 HIGH - 7.5

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in webpushr Webpushr webpushr-web-push-notifications allows Retrieve Embedded Sensitive Data.This issue affects Webpushr: from n/a through <= 4.38.0.

Vendor: webpushr
Product: Webpushr
Published: Jan 23, 2026
Source: NVD
CVE-2026-24534 HIGH - 8.8

Missing Authorization vulnerability in uPress Booter booter-bots-crawlers-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booter: from n/a through <= 1.5.7.

Vendor: uPress
Product: Booter
Published: Jan 23, 2026
Source: NVD
CVE-2026-24532 HIGH - 8.8

Missing Authorization vulnerability in SiteLock SiteLock Security sitelock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteLock Security: from n/a through <= 5.0.2.

Vendor: SiteLock
Product: SiteLock Security
Published: Jan 23, 2026
Source: NVD
CVE-2026-24530 HIGH - 8.8

Missing Authorization vulnerability in sheepfish WebP Conversion webp-conversion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebP Conversion: from n/a through <= 2.1.

Vendor: sheepfish
Product: WebP Conversion
Published: Jan 23, 2026
Source: NVD
CVE-2026-24529 HIGH - 8.8

Missing Authorization vulnerability in Alejandro Quick Restaurant Reservations quick-restaurant-reservations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Restaurant Reservations: from n/a through <= 1.6.7.

Vendor: Alejandro
Product: Quick Restaurant Reservations
Published: Jan 23, 2026
Source: NVD
CVE-2026-24525 HIGH - 8.1

Missing Authorization vulnerability in CloudPanel CLP Varnish Cache clp-varnish-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CLP Varnish Cache: from n/a through <= 1.0.2.

Vendor: CloudPanel
Product: CLP Varnish Cache
Published: Jan 23, 2026
Source: NVD