Total CVEs

142,432

Critical Severity

3,972

High Severity

14,286

Last 7 Days

1,836
Quick preset (or use dates below)
Clear Filters
Showing 13,281 - 13,300 of 14,728 CVEs
CVE-2025-27005 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup HTML5 Video Player lbg-vp2-html5-bottom allows Reflected XSS.This issue affects HTML5 Video Player: from n/a through <= 5.3.5.

Vendor: LambertGroup
Product: HTML5 Video Player
Published: Jan 22, 2026
Source: NVD
CVE-2025-69820 MEDIUM - 6.0

Directory Traversal vulnerability in Beam beta9 v.0.1.521 allows a remote attacker to obtain sensitive information via the joinCleanPath function.

Vendor: n/a
Product: n/a
Published: Jan 22, 2026
Source: NVD
CVE-2025-69612 MEDIUM - 6.5

A path traversal vulnerability exists in TMS Management Console (version 6.3.7.27386.20250818) from TMS Global Software. The "Download Template" function in the profile dashboard does not neutralize directory traversal sequences (../) in the filePath parameter, allowing authenticated users...

Vendor: n/a
Product: n/a
Published: Jan 22, 2026
Source: NVD
CVE-2025-32057 MEDIUM - 6.5

The Infotainment ECU manufactured by Bosch which is installed in Nissan Leaf ZE1 โ€“ 2020 uses a Redbend service for over-the-air provisioning and updates. HTTPS is used for communication with the back-end server. Due to usage of the default configuration for the underlying SSL engine, the server root...

Vendor: Bosch
Product: Infotainment system ECU
Published: Jan 22, 2026
Source: NVD
CVE-2025-32056 MEDIUM - 4.0

The anti-theft protection mechanism can be bypassed by attackers due to weak response generation algorithms for the head unit. It is possible to reveal all 32 corresponding responses by sniffing CAN traffic or by pre-calculating the values, which allow to bypass the protection. First identified on ...

Vendor: Bosch
Product: Infotainment system ECU
Published: Jan 22, 2026
Source: NVD
CVE-2026-1327 MEDIUM - 6.3

A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279_B20210910. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Such manipulation of the argument command leads to command injection. The attack can be launc...

Vendor: totolink
Product: nr1800x_firmware
Published: Jan 22, 2026
Source: NVD
CVE-2026-1326 MEDIUM - 6.3

A weakness has been identified in Totolink NR1800X 9.1.0u.6279_B20210910. This vulnerability affects the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. This manipulation of the argument Hostname causes command injection. The attack can be initiated remotel...

Vendor: totolink
Product: nr1800x_firmware
Published: Jan 22, 2026
Source: NVD
CVE-2026-1325 MEDIUM - 5.3

A security flaw has been discovered in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function edit_pwd_mall of the file /fort/login/edit_pwd_mall. The manipulation of the argument flag results in weak password recovery. It is possible to launch the attac...

Published: Jan 22, 2026
Source: NVD
CVE-2026-1102 MEDIUM - 5.3

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.3 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an unauthenticated user to create a denial of service condition by sending repeated malformed SSH authentication requests.

Vendor: gitlab
Product: gitlab
Published: Jan 22, 2026
Source: NVD
CVE-2026-1332 MEDIUM - 5.3

MeetingHub developed by HAMASTAR Technology has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access specific API functions and obtain meeting-related information.

Published: Jan 22, 2026
Source: NVD
CVE-2025-4763 MEDIUM - 5.5

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Aida Computer Information Technology Inc. Hotel Guest Hotspot allows Reflected XSS.This issue affects Hotel Guest Hotspot: through 22012026.ย  NOTE: The vendor was contacted early a...

Published: Jan 22, 2026
Source: NVD
CVE-2025-13335 MEDIUM - 6.5

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that under certain circumstances could have allowed an authenticated user to create a denial of service condition by configuring malformed Wiki documents that byp...

Vendor: GitLab
Product: GitLab
Published: Jan 22, 2026
Source: NVD
CVE-2026-24332 MEDIUM - 4.3

Discord through 2026-01-16 allows gathering information about whether a user's client state is Invisible (and not actually offline) because the response to a WebSocket API request includes the user in the presences array (with "status": "offline"), whereas offline users are ...

Vendor: Discord
Product: WebSocket API service
Published: Jan 22, 2026
Source: NVD
CVE-2025-71176 MEDIUM - 6.8

pytest through 9.0.2 on UNIX relies on directories with the /tmp/pytest-of-{user} name pattern, which allows local users to cause a denial of service or possibly gain privileges.

Vendor: pytest
Product: pytest
Published: Jan 22, 2026
Source: NVD
CVE-2026-24039 MEDIUM - 4.3

Horilla is a free and open source Human Resource Management System (HRMS). Version 1.4.0 has Improper Access Control, allowing low-privileged employees to self-approve documents they have uploaded. The document-approval UI is intended to be restricted to administrator or high-privilege roles only; h...

Vendor: horilla-opensource
Product: horilla
Published: Jan 22, 2026
Source: NVD
CVE-2026-24037 MEDIUM - 4.8

Horilla is a free and open source Human Resource Management System (HRMS). In version 1.4.0, the has_xss() function attempts to block XSS by matching input against a set of regex patterns. However, the regexes are incomplete and context-agnostic, making them easy to bypass. Attackers are able to red...

Vendor: horilla-opensource
Product: horilla
Published: Jan 22, 2026
Source: NVD
CVE-2026-24036 MEDIUM - 5.3

Horilla is a free and open source Human Resource Management System (HRMS). Versions 1.4.0 and above expose unpublished job postings through the /recruitment/recruitment-details// endpoint without authentication. The response includes draft job titles, descriptions and application link allowing unaut...

Vendor: horilla-opensource
Product: horilla
Published: Jan 22, 2026
Source: NVD
CVE-2026-24035 MEDIUM - 4.3

Horilla is a free and open source Human Resource Management System (HRMS). An Improper Access Control vulnerability exists in Horilla HR Software starting in version 1.4.0 and prior to version 1.5.0, allowing any authenticated employee to upload documents on behalf of another employee without proper...

Vendor: horilla-opensource
Product: horilla
Published: Jan 22, 2026
Source: NVD
CVE-2026-24034 MEDIUM - 5.4

Horilla is a free and open source Human Resource Management System (HRMS). In versions prior to 1.5.0, a cross-site scripting vulnerability can be triggered because the extension and content-type are not checked during the profile photo update step. Version 1.5.0 fixes the issue.

Vendor: horilla-opensource
Product: horilla
Published: Jan 22, 2026
Source: NVD
CVE-2026-23964 MEDIUM - 6.5

Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.5.5, 4.4.12, and 4.3.18, an insecure direct object reference in the web push subscription update endpoint lets any authenticated user update another user's push subscription by guessing or obtaining ...

Vendor: mastodon
Product: mastodon
Published: Jan 22, 2026
Source: NVD