Total CVEs

142,518

Critical Severity

3,992

High Severity

14,327

Last 7 Days

1,922
Quick preset (or use dates below)
Clear Filters
Showing 13,081 - 13,100 of 14,327 CVEs
CVE-2025-66136 HIGH - 8.8

Missing Authorization vulnerability in merkulove Carter for Elementor carter-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Carter for Elementor: from n/a through <= 1.0.2.

Vendor: merkulove
Product: Carter for Elementor
Published: Jan 22, 2026
Source: NVD
CVE-2025-66135 HIGH - 8.8

Missing Authorization vulnerability in merkulove Imager for Elementor imager-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Imager for Elementor: from n/a through <= 2.0.4.

Vendor: merkulove
Product: Imager for Elementor
Published: Jan 22, 2026
Source: NVD
CVE-2025-63051 HIGH - 7.5

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in sizam REHub Framework rehub-framework allows Retrieve Embedded Sensitive Data.This issue affects REHub Framework: from n/a through < 19.9.9.4.

Vendor: sizam
Product: REHub Framework
Published: Jan 22, 2026
Source: NVD
CVE-2025-63019 HIGH - 7.5

Insertion of Sensitive Information Into Sent Data vulnerability in Johan Jonk Stenström Cookies and Content Security Policy cookies-and-content-security-policy allows Retrieve Embedded Sensitive Data.This issue affects Cookies and Content Security Policy: from n/a through <= 2.34.

Vendor: Johan Jonk Stenström
Product: Cookies and Content Security Policy
Published: Jan 22, 2026
Source: NVD
CVE-2025-63018 HIGH - 8.8

Missing Authorization vulnerability in wproyal Bard bard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bard: from n/a through <= 2.229.

Vendor: wproyal
Product: Bard
Published: Jan 22, 2026
Source: NVD
CVE-2025-62106 HIGH - 8.8

Missing Authorization vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CRM System: from n/a through <= 3.4.5.

Vendor: Mario Peshev
Product: WP-CRM System
Published: Jan 22, 2026
Source: NVD
CVE-2025-5805 HIGH - 8.8

Missing Authorization vulnerability in Ninetheme Electron electron allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Electron: from n/a through <= 1.8.2.

Published: Jan 22, 2026
Source: NVD
CVE-2025-56589 HIGH - 7.5

A Local File Inclusion (LFI) and a Server-Side Request Forgery (SSRF) vulnerability was found in the InsertFromHtmlString() function of the Apryse HTML2PDF SDK thru 11.6.0. These vulnerabilities could allow an attacker to read local files on the server or make arbitrary HTTP requests to internal or ...

Vendor: n/a
Product: n/a
Published: Jan 22, 2026
Source: NVD
CVE-2025-54002 HIGH - 8.8

Missing Authorization vulnerability in Jthemes xSmart xsmart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects xSmart: from n/a through <= 1.2.9.4.

Vendor: Jthemes
Product: xSmart
Published: Jan 22, 2026
Source: NVD
CVE-2025-50007 HIGH - 8.8

Incorrect Privilege Assignment vulnerability in Jthemes xSmart xsmart allows Privilege Escalation.This issue affects xSmart: from n/a through <= 1.2.9.4.

Vendor: Jthemes
Product: xSmart
Published: Jan 22, 2026
Source: NVD
CVE-2025-49375 HIGH - 8.8

Missing Authorization vulnerability in cozythemes HomeLancer homelancer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HomeLancer: from n/a through <= 1.0.1.

Vendor: cozythemes
Product: HomeLancer
Published: Jan 22, 2026
Source: NVD
CVE-2025-47555 HIGH - 8.1

Authorization Bypass Through User-Controlled Key vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through <= 3.9.4.

Vendor: Themeum
Product: Tutor LMS
Published: Jan 22, 2026
Source: NVD
CVE-2025-31413 HIGH - 8.8

Cross-Site Request Forgery (CSRF) vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Cross Site Request Forgery.This issue affects Element Pack Elementor Addons: from n/a through <= 8.3.13.

Vendor: bdthemes
Product: Element Pack Elementor Addons
Published: Jan 22, 2026
Source: NVD
CVE-2025-69822 HIGH - 7.4

An issue in Atomberg Atomberg Erica Smart Fan Firmware Version: V1.0.36 allows an attacker to obtain sensitive information and escalate privileges via a crafted deauth frame

Vendor: n/a
Product: n/a
Published: Jan 22, 2026
Source: NVD
CVE-2025-69821 HIGH - 7.4

An issue in Beat XP VEGA Smartwatch (Firmware Version - RB303ATV006229) allows an attacker to cause a denial of service via the BLE connection

Vendor: n/a
Product: n/a
Published: Jan 22, 2026
Source: NVD
CVE-2025-36588 HIGH - 8.8

Dell Unisphere for PowerMax, version(s) 10.2.0.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.

Vendor: Dell
Product: Unisphere for PowerMax, Unisphere for PowerMax Virtual Appliance
Published: Jan 22, 2026
Source: NVD
CVE-2026-1329 HIGH - 8.8

A flaw has been found in Tenda AX1803 1.0.0.1. The affected element is the function fromGetWifiGuestBasic of the file /goform/WifiGuestSet. Executing a manipulation of the argument guestWrlPwd/guestEn/guestSsid/hideSsid/guestSecurity can lead to stack-based buffer overflow. The attack may be launche...

Published: Jan 22, 2026
Source: NVD
CVE-2026-1328 HIGH - 8.8

A vulnerability was detected in Totolink NR1800X 9.1.0u.6279_B20210910. Impacted is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Performing a manipulation of the argument ssid results in buffer overflow. The attack may be initiated remotely. The e...

Vendor: totolink
Product: nr1800x_firmware
Published: Jan 22, 2026
Source: NVD
CVE-2026-1324 HIGH - 8.8

A vulnerability was identified in Sangfor Operation and Maintenance Management System up to 3.0.12. Affected by this issue is the function SessionController of the file /isomp-protocol/protocol/session of the component SSH Protocol Handler. The manipulation of the argument keypassword leads to os co...

Published: Jan 22, 2026
Source: NVD
CVE-2026-0723 HIGH - 7.4

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an individual with existing knowledge of a victim's credential ID to bypass two-factor authentication by submitting forged device res...

Vendor: gitlab
Product: gitlab
Published: Jan 22, 2026
Source: NVD