Total CVEs

142,398

Critical Severity

3,966

High Severity

14,271

Last 7 Days

1,816
Quick preset (or use dates below)
Clear Filters
Showing 12,801 - 12,820 of 14,271 CVEs
CVE-2026-24524 HIGH - 8.1

Missing Authorization vulnerability in Essekia Tablesome tablesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tablesome: from n/a through <= 1.1.35.2.

Vendor: Essekia
Product: Tablesome
Published: Jan 23, 2026
Source: NVD
CVE-2026-24523 HIGH - 7.5

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Marcus (aka @msykes) WP FullCalendar wp-fullcalendar allows Retrieve Embedded Sensitive Data.This issue affects WP FullCalendar: from n/a through <= 1.6.

Vendor: Marcus (aka @msykes)
Product: WP FullCalendar
Published: Jan 23, 2026
Source: NVD
CVE-2025-69907 HIGH - 7.5

An unauthenticated information disclosure vulnerability exists in Newgen OmniDocs due to missing authentication and access control on the /omnidocs/GetListofCabinet API endpoint. A remote attacker can access this endpoint without valid credentials to retrieve sensitive internal configuration informa...

Vendor: n/a
Product: n/a
Published: Jan 23, 2026
Source: NVD
CVE-2025-14866 HIGH - 8.8

The Melapress Role Editor plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.1. This is due to a misconfigured capability check on the 'save_secondary_roles_field' function. This makes it possible for authenticated attackers, with Subscribe...

Vendor: melapress
Product: Melapress Role Editor
Published: Jan 23, 2026
Source: NVD
CVE-2026-22273 HIGH - 8.8

Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains an Use of Default Credentials vulnerability in the OS. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.

Vendor: Dell
Product: ObjectScale
Published: Jan 23, 2026
Source: NVD
CVE-2026-22271 HIGH - 7.5

Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Transmission of Sensitive Information vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to information exposure.

Vendor: Dell
Product: ObjectScale
Published: Jan 23, 2026
Source: NVD
CVE-2026-0603 HIGH - 8.3

A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection vulnerability by providing specially crafted, unsanitized non-alphanumeric characters in the ID column when the InlineIdsOrClauseBuilder is used. This could lead to sensitive information d...

Published: Jan 23, 2026
Source: NVD
CVE-2024-11976 HIGH - 7.3

The The BuddyPress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 14.3.3. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthe...

Vendor: buddypress
Product: BuddyPress
Published: Jan 23, 2026
Source: NVD
CVE-2025-67847 HIGH - 8.8

A flaw was found in Moodle. An attacker with access to the restore interface could trigger server-side execution of arbitrary code. This is due to insufficient validation of restore input, which leads to unintended interpretation by core restore routines. Successful exploitation could result in a fu...

Vendor: composer
Product: moodle/moodle
Published: Jan 23, 2026
Source: GitHub
CVE-2025-3839 HIGH - 8.0

A flaw was found in Epiphany, a tool that allows websites to open external URL handler applications with minimal user interaction. This design can be misused to exploit vulnerabilities within those handlers, making them appear remotely exploitable. The browser fails to properly warn or gate this act...

Published: Jan 23, 2026
Source: NVD
CVE-2026-0796 HIGH - 7.2

ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific flaw ...

Published: Jan 23, 2026
Source: NVD
CVE-2026-0795 HIGH - 7.2

ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific flaw ...

Published: Jan 23, 2026
Source: NVD
CVE-2026-0794 HIGH - 8.1

ALGO 8180 IP Audio Alerter SIP Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability. The specific flaw ex...

Published: Jan 23, 2026
Source: NVD
CVE-2026-0793 HIGH - 8.1

ALGO 8180 IP Audio Alerter InformaCast Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability. ...

Published: Jan 23, 2026
Source: NVD
CVE-2026-0792 HIGH - 8.1

ALGO 8180 IP Audio Alerter SIP INVITE Alert-Info Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulne...

Published: Jan 23, 2026
Source: NVD
CVE-2026-0791 HIGH - 8.1

ALGO 8180 IP Audio Alerter SIP INVITE Replaces Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnera...

Published: Jan 23, 2026
Source: NVD
CVE-2026-0787 HIGH - 8.1

ALGO 8180 IP Audio Alerter SAC Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability. The specific flaw...

Published: Jan 23, 2026
Source: NVD
CVE-2026-0786 HIGH - 7.5

ALGO 8180 IP Audio Alerter SCI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific flaw exi...

Published: Jan 23, 2026
Source: NVD
CVE-2026-0785 HIGH - 7.5

ALGO 8180 IP Audio Alerter API Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific flaw exi...

Published: Jan 23, 2026
Source: NVD
CVE-2026-0784 HIGH - 7.2

ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific flaw ...

Published: Jan 23, 2026
Source: NVD