Total CVEs

142,265

Critical Severity

3,947

High Severity

14,217

Last 7 Days

1,750
Quick preset (or use dates below)
Clear Filters
Showing 12,941 - 12,960 of 14,675 CVEs
CVE-2020-36954 MEDIUM - 6.4

Xeroneit Library Management System 3.1 contains a stored cross-site scripting vulnerability in the Book Category feature that allows administrators to inject malicious scripts. Attackers can insert a payload in the Category Name field to execute arbitrary JavaScript code when the page is loaded.

Vendor: Xeroneit
Product: Xeroneit Library Management System
Published: Jan 26, 2026
Source: NVD
CVE-2025-50537 MEDIUM - 5.5

Stack overflow vulnerability in eslint before 9.26.0 when serializing objects with circular references in eslint/lib/shared/serialization.js. The exploit is triggered via the RuleTester.run() method, which validates test cases and checks for duplicates. During validation, the internal function check...

Vendor: npm
Product: eslint
Published: Jan 26, 2026
Source: NVD
CVE-2026-1429 MEDIUM - 5.4

Single Sign-On Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing authenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.

Published: Jan 26, 2026
Source: NVD
CVE-2026-1425 MEDIUM - 5.6

A security flaw has been discovered in pymumu SmartDNS up to 47.1. This vulnerability affects the function _dns_decode_rr_head/_dns_decode_SVCB_HTTPS of the file src/dns.c of the component SVBC Record Parser. The manipulation results in stack-based buffer overflow. It is possible to launch the attac...

Published: Jan 26, 2026
Source: NVD
CVE-2026-1424 MEDIUM - 4.7

A vulnerability was identified in PHPGurukul News Portal 1.0. This affects an unknown part of the component Profile Pic Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.

Vendor: phpgurukul
Product: news_portal
Published: Jan 26, 2026
Source: NVD
CVE-2026-1423 MEDIUM - 6.3

A vulnerability was determined in code-projects Online Examination System 1.0. Affected by this issue is some unknown functionality of the file /admin_pic.php. Executing a manipulation can lead to unrestricted upload. The attack may be performed from remote. The exploit has been publicly disclosed a...

Vendor: fabian
Product: online_examination_system
Published: Jan 26, 2026
Source: NVD
CVE-2025-14973 MEDIUM - 6.8

The Recipe Card Blocks Lite WordPress plugin before 3.4.13 does not sanitize and escape a parameter before using it in a SQL statement, allowing contributors and above to perform SQL injection attacks.

Vendor: Unknown
Product: Recipe Card Blocks Lite
Published: Jan 26, 2026
Source: NVD
CVE-2026-1419 MEDIUM - 4.7

A weakness has been identified in D-Link DCS700l 1.03.09. Affected is an unknown function of the file /setDayNightMode of the component Web Form Handler. Executing a manipulation of the argument LightSensorControl can lead to command injection. The attack may be launched remotely. The exploit has be...

Vendor: dlink
Product: dcs-700l_firmware
Published: Jan 26, 2026
Source: NVD
CVE-2026-1418 MEDIUM - 5.3

A security vulnerability has been detected in GPAC up to 2.4.0. This affects the function gf_text_import_srt_bifs of the file src/scene_manager/text_to_bifs.c of the component SRT Subtitle Import. Such manipulation leads to out-of-bounds write. The attack needs to be performed locally. The exploit h...

Vendor: gpac
Product: gpac
Published: Jan 26, 2026
Source: NVD
CVE-2026-1414 MEDIUM - 6.3

A vulnerability was determined in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This impacts the function getInformation of the file /equipment/get_Information of the component HTTP POST Request Handler. Executing a manipulation of the argument fortEquipmentIp can lead t...

Vendor: sangfor
Product: operation_and_maintenance_security_management_system
Published: Jan 26, 2026
Source: NVD
CVE-2026-1413 MEDIUM - 6.3

A vulnerability was found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function portValidate of the file /fort/ip_and_port/port_validate of the component HTTP POST Request Handler. Performing a manipulation of the argument port results in command inj...

Vendor: sangfor
Product: operation_and_maintenance_security_management_system
Published: Jan 26, 2026
Source: NVD
CVE-2026-1411 MEDIUM - 6.1

A flaw has been found in Beetel 777VR1 up to 01.00.09/01.00.09_55. The affected element is an unknown function of the component UART Interface. This manipulation causes improper access controls. It is feasible to perform the attack on the physical device. The complexity of an attack is rather high. ...

Vendor: beetel
Product: 777vr1_firmware
Published: Jan 26, 2026
Source: NVD
CVE-2026-1410 MEDIUM - 6.4

A vulnerability was detected in Beetel 777VR1 up to 01.00.09/01.00.09_55. Impacted is an unknown function of the component UART Interface. The manipulation results in missing authentication. An attack on the physical device is feasible. This attack is characterized by high complexity. The exploitabi...

Vendor: beetel
Product: 777vr1_firmware
Published: Jan 26, 2026
Source: NVD
CVE-2020-36932 MEDIUM - 6.4

SeaCMS 11.1 contains a stored cross-site scripting vulnerability in the checkuser parameter of the admin settings page. Attackers can inject malicious JavaScript payloads that will execute in users' browsers when the page is loaded.

Vendor: Seacms
Product: Seacms
Published: Jan 25, 2026
Source: NVD
CVE-2020-36931 MEDIUM - 6.4

Click2Magic 1.1.5 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts in the chat name input. Attackers can craft a malicious payload in the chat name to capture administrator cookies when the admin processes user requests.

Vendor: Click2Magic
Product: Click2Magic
Published: Jan 25, 2026
Source: NVD
CVE-2025-6461 MEDIUM - 4.3

The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the search feature in class-cubewp-search-ajax-hooks.php due to insufficient restrictions on which posts can be included. This makes it possib...

Published: Jan 25, 2026
Source: NVD
CVE-2026-0593 MEDIUM - 5.3

The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the processBackgroundAction() function in all versions up to, and including, 10.0.04. This makes it possible for authenticated attackers, with Subscri...

Published: Jan 24, 2026
Source: NVD
CVE-2026-0862 MEDIUM - 6.1

The Save as PDF Plugin by PDFCrowd plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the β€˜options’ parameter in all versions up to, and including, 4.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject a...

Published: Jan 24, 2026
Source: NVD
CVE-2025-13920 MEDIUM - 5.3

The WP Directory Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the wdk_public_action AJAX handler. This makes it possible for unauthenticated attackers to extract email addresses for users with Directory Kit-specific user rol...

Vendor: wpdirectorykit
Product: WP Directory Kit
Published: Jan 24, 2026
Source: NVD
CVE-2026-1302 MEDIUM - 4.4

The Meta-box GalleryMeta plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and ...

Published: Jan 24, 2026
Source: NVD