Total CVEs

142,518

Critical Severity

3,992

High Severity

14,327

Last 7 Days

1,922
Quick preset (or use dates below)
Clear Filters
Showing 13,301 - 13,320 of 14,756 CVEs
CVE-2025-49046 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup xPromoter top_bar_promoter allows Reflected XSS.This issue affects xPromoter: from n/a through <= 1.3.4.

Vendor: LambertGroup
Product: xPromoter
Published: Jan 22, 2026
Source: NVD
CVE-2025-49045 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in highwarden Super Interactive Maps super-interactive-maps allows Reflected XSS.This issue affects Super Interactive Maps: from n/a through <= 2.3.

Vendor: highwarden
Product: Super Interactive Maps
Published: Jan 22, 2026
Source: NVD
CVE-2025-49043 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Magic Responsive Slider and Carousel WordPress magic_carousel allows Reflected XSS.This issue affects Magic Responsive Slider and Carousel WordPress: from n/a through <= 1....

Vendor: LambertGroup
Product: Magic Responsive Slider and Carousel WordPress
Published: Jan 22, 2026
Source: NVD
CVE-2025-48094 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Magic Slider magic_slider allows Reflected XSS.This issue affects Magic Slider: from n/a through <= 2.2.

Vendor: LambertGroup
Product: Magic Slider
Published: Jan 22, 2026
Source: NVD
CVE-2025-47666 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Image&Video FullScreen Background lbg_fullscreen_fullwidth_slider allows Reflected XSS.This issue affects Image&Video FullScreen Background: from n/a through <= 1.6...

Vendor: LambertGroup
Product: Image&Video FullScreen Background
Published: Jan 22, 2026
Source: NVD
CVE-2025-47600 MEDIUM - 6.1

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in xtemos WoodMart woodmart allows Code Injection.This issue affects WoodMart: from n/a through <= 8.3.7.

Vendor: xtemos
Product: WoodMart
Published: Jan 22, 2026
Source: NVD
CVE-2025-47500 MEDIUM - 5.4

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Benjamin Intal Stackable stackable-ultimate-gutenberg-blocks allows Stored XSS.This issue affects Stackable: from n/a through <= 3.19.5.

Vendor: Benjamin Intal
Product: Stackable
Published: Jan 22, 2026
Source: NVD
CVE-2025-32123 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup HTML5 Video Player with Playlist & Multiple Skins lbg-vp2-html5-rightside allows Reflected XSS.This issue affects HTML5 Video Player with Playlist & Multiple Skins: fr...

Vendor: LambertGroup
Product: HTML5 Video Player with Playlist & Multiple Skins
Published: Jan 22, 2026
Source: NVD
CVE-2025-27005 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup HTML5 Video Player lbg-vp2-html5-bottom allows Reflected XSS.This issue affects HTML5 Video Player: from n/a through <= 5.3.5.

Vendor: LambertGroup
Product: HTML5 Video Player
Published: Jan 22, 2026
Source: NVD
CVE-2025-69820 MEDIUM - 6.0

Directory Traversal vulnerability in Beam beta9 v.0.1.521 allows a remote attacker to obtain sensitive information via the joinCleanPath function.

Vendor: n/a
Product: n/a
Published: Jan 22, 2026
Source: NVD
CVE-2025-69612 MEDIUM - 6.5

A path traversal vulnerability exists in TMS Management Console (version 6.3.7.27386.20250818) from TMS Global Software. The "Download Template" function in the profile dashboard does not neutralize directory traversal sequences (../) in the filePath parameter, allowing authenticated users...

Vendor: n/a
Product: n/a
Published: Jan 22, 2026
Source: NVD
CVE-2025-32057 MEDIUM - 6.5

The Infotainment ECU manufactured by Bosch which is installed in Nissan Leaf ZE1 โ€“ 2020 uses a Redbend service for over-the-air provisioning and updates. HTTPS is used for communication with the back-end server. Due to usage of the default configuration for the underlying SSL engine, the server root...

Vendor: Bosch
Product: Infotainment system ECU
Published: Jan 22, 2026
Source: NVD
CVE-2025-32056 MEDIUM - 4.0

The anti-theft protection mechanism can be bypassed by attackers due to weak response generation algorithms for the head unit. It is possible to reveal all 32 corresponding responses by sniffing CAN traffic or by pre-calculating the values, which allow to bypass the protection. First identified on ...

Vendor: Bosch
Product: Infotainment system ECU
Published: Jan 22, 2026
Source: NVD
CVE-2026-1327 MEDIUM - 6.3

A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279_B20210910. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Such manipulation of the argument command leads to command injection. The attack can be launc...

Vendor: totolink
Product: nr1800x_firmware
Published: Jan 22, 2026
Source: NVD
CVE-2026-1326 MEDIUM - 6.3

A weakness has been identified in Totolink NR1800X 9.1.0u.6279_B20210910. This vulnerability affects the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. This manipulation of the argument Hostname causes command injection. The attack can be initiated remotel...

Vendor: totolink
Product: nr1800x_firmware
Published: Jan 22, 2026
Source: NVD
CVE-2026-1325 MEDIUM - 5.3

A security flaw has been discovered in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function edit_pwd_mall of the file /fort/login/edit_pwd_mall. The manipulation of the argument flag results in weak password recovery. It is possible to launch the attac...

Published: Jan 22, 2026
Source: NVD
CVE-2026-1102 MEDIUM - 5.3

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.3 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an unauthenticated user to create a denial of service condition by sending repeated malformed SSH authentication requests.

Vendor: gitlab
Product: gitlab
Published: Jan 22, 2026
Source: NVD
CVE-2026-1332 MEDIUM - 5.3

MeetingHub developed by HAMASTAR Technology has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access specific API functions and obtain meeting-related information.

Published: Jan 22, 2026
Source: NVD
CVE-2025-4763 MEDIUM - 5.5

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Aida Computer Information Technology Inc. Hotel Guest Hotspot allows Reflected XSS.This issue affects Hotel Guest Hotspot: through 22012026.ย  NOTE: The vendor was contacted early a...

Published: Jan 22, 2026
Source: NVD
CVE-2025-13335 MEDIUM - 6.5

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that under certain circumstances could have allowed an authenticated user to create a denial of service condition by configuring malformed Wiki documents that byp...

Vendor: GitLab
Product: GitLab
Published: Jan 22, 2026
Source: NVD