Total CVEs

142,518

Critical Severity

3,992

High Severity

14,327

Last 7 Days

1,906
Quick preset (or use dates below)
Clear Filters
Showing 13,221 - 13,240 of 14,327 CVEs
CVE-2025-15347 HIGH - 8.8

The Creator LMS โ€“ The LMS for Creators, Coaches, and Trainers plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check in the get_items_permissions_check function in all versions up to, and including, 1.1.12. This...

Vendor: getwpfunnels
Product: Creator LMS โ€“ The LMS for Creators, Coaches, and Trainers
Published: Jan 20, 2026
Source: NVD
CVE-2025-14115 HIGH - 8.4

IBM Sterling Connect:Direct for UNIX Container 6.3.0.0 through 6.3.0.6 Interim Fix 016, and 6.4.0.0 through 6.4.0.3 Interim Fix 019 IBMยฎ Sterling Connect:Direct for UNIX contains hard-coded credentials, such as a password or cryptographic key, which it uses forย its own inbound authentication, outbou...

Vendor: IBM
Product: Sterling Connect:Direct for UNIX Container
Published: Jan 20, 2026
Source: NVD
CVE-2025-12985 HIGH - 8.4

IBM Licensing Operator incorrectly assigns privileges to security critical files which could allow a local root escalation inside a container running the IBM Licensing Operator image.

Vendor: IBM
Product: IBM Licensing Operator
Published: Jan 20, 2026
Source: NVD
CVE-2025-15281 HIGH - 7.5

Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.

Vendor: The GNU C Library
Product: glibc
Published: Jan 20, 2026
Source: NVD
CVE-2026-1222 HIGH - 7.2

PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

Published: Jan 20, 2026
Source: NVD
CVE-2026-0908 HIGH - 8.8

Use after free in ANGLE in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)

Published: Jan 20, 2026
Source: NVD
CVE-2026-0902 HIGH - 8.8

Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)

Published: Jan 20, 2026
Source: NVD
CVE-2026-0900 HIGH - 8.8

Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

Published: Jan 20, 2026
Source: NVD
CVE-2026-0899 HIGH - 8.8

Out of bounds memory access in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

Published: Jan 20, 2026
Source: NVD
CVE-2025-14977 HIGH - 8.1

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution โ€“ Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 4.2.4 via the `/wp-json/dokan/v1/settings` REST API endpoint due to missing validation on a ...

Vendor: dokaninc
Product: Dokan: AI Powered WooCommerce Multivendor Marketplace Solution โ€“ Build Your Own Amazon, eBay, Etsy
Published: Jan 20, 2026
Source: NVD
CVE-2026-23949 HIGH - 8.6

jaraco.context, an open-source software package that provides some useful decorators and context managers, has a Zip Slip path traversal vulnerability in the `jaraco.context.tarball()` function starting in version 5.2.0 and prior to version 6.1.0. The vulnerability may allow attackers to extract fil...

Vendor: jaraco
Product: jaraco.context
Published: Jan 20, 2026
Source: NVD
CVE-2026-23876 HIGH - 8.1

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-13 and 6.9.13-38, a heap buffer overflow vulnerability in the XBM image decoder (ReadXBMImage) allows an attacker to write controlled data past the allocated heap buffer when proces...

Vendor: ImageMagick
Product: ImageMagick
Published: Jan 20, 2026
Source: NVD
CVE-2026-1202 HIGH - 7.3

A security flaw has been discovered in CRMEB up to 5.6.3. The affected element is the function appleLogin of the file crmeb/app/api/controller/v1/LoginController.php. Performing a manipulation of the argument openId results in improper authentication. The attack is possible to be carried out remotel...

Published: Jan 20, 2026
Source: NVD
CVE-2026-1192 HIGH - 7.3

A vulnerability was determined in Tosei Online Store Management System ใƒใƒƒใƒˆๅบ—่ˆ—็ฎก็†ใ‚ทใ‚นใƒ†ใƒ  1.01. The affected element is an unknown function of the file /cgi-bin/imode_alldata.php. Executing a manipulation of the argument DevId can lead to command injection. The attack can be executed remotely. The exploit ...

Published: Jan 19, 2026
Source: NVD
CVE-2026-1179 HIGH - 7.3

A vulnerability was detected in Yonyou KSOA 9.0. This affects an unknown part of the file /kmf/user_popedom.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument folderid results in sql injection. The attack can be launched remotely. The exploit is now public and may be u...

Published: Jan 19, 2026
Source: NVD
CVE-2026-1178 HIGH - 7.3

A security vulnerability has been detected in Yonyou KSOA 9.0. Affected by this issue is some unknown functionality of the file /kmf/select.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument folderid leads to sql injection. The attack can be initiated remotely. The exp...

Published: Jan 19, 2026
Source: NVD
CVE-2026-1177 HIGH - 7.3

A weakness has been identified in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /kmf/save_folder.jsp of the component HTTP GET Parameter Handler. Executing a manipulation of the argument folderid can lead to sql injection. It is possible to launch the attack...

Published: Jan 19, 2026
Source: NVD
CVE-2026-23880 HIGH - 7.3

OnboardLite is a comprehensive membership lifecycle platform built for student organizations at the University of Central Florida. Versions of the software prior to commit 1d32081a66f21bcf41df1ecb672490b13f6e429f have a stored cross-site scripting vulnerability that can be rendered to an admin when ...

Vendor: HackUCF
Product: OnboardLite
Published: Jan 19, 2026
Source: NVD
CVE-2026-1176 HIGH - 7.3

A security flaw has been discovered in itsourcecode School Management System 1.0. Affected is an unknown function of the file /subject/index.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to th...

Published: Jan 19, 2026
Source: NVD
CVE-2026-23846 HIGH - 8.1

Tugtainer is a self-hosted app for automating updates of Docker containers. In versions prior to 1.16.1, the password authentication mechanism transmits passwords via URL query parameters instead of the HTTP request body. This causes passwords to be logged in server access logs and potentially expos...

Vendor: Quenary
Product: tugtainer
Published: Jan 19, 2026
Source: NVD