Total CVEs

142,518

Critical Severity

3,992

High Severity

14,327

Last 7 Days

1,883
Quick preset (or use dates below)
Clear Filters
Showing 13,321 - 13,340 of 14,327 CVEs
CVE-2025-14510 HIGH - 8.1

Incorrect Implementation of Authentication Algorithm vulnerability in ABB ABB Ability OPTIMAX.This issue affects ABB Ability OPTIMAX: 6.1, 6.2, from 6.3.0 before 6.3.1-251120, from 6.4.0 before 6.4.1-251120.

Vendor: ABB
Product: ABB Ability OPTIMAX
Published: Jan 16, 2026
Source: NVD
CVE-2025-68675 HIGH - 7.5

In Apache Airflow versions before 3.1.6, the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log output. As a result, when such con...

Vendor: apache
Product: airflow
Published: Jan 16, 2026
Source: NVD
CVE-2025-68438 HIGH - 7.5

In Apache Airflow versions before 3.1.6, when rendered template fields in a Dag exceed [core] max_templated_field_length, sensitive values could be exposed in cleartext in the Rendered Templates UI. This occurred because serialization of those fields used a secrets masker instance that did not inclu...

Vendor: apache
Product: airflow
Published: Jan 16, 2026
Source: NVD
CVE-2025-14844 HIGH - 7.5

The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Missing Authentication in all versions up to, and including, 3.2.16 via the 'rcp_stripe_create_setup_intent_for_saved_card' function due to missing capability check. Additionally, the plugin does not check a use...

Vendor: liquidweb
Product: restrict_content
Published: Jan 16, 2026
Source: NVD
CVE-2026-20759 HIGH - 8.8

OS Command Injection vulnerability exists in multiple Network Cameras TRIFORA 3 series provided by TOA Corporation, which may allow a logged-in user with the low("monitoring user") or higher privilege to execute an arbitrary OS command.

Vendor: TOA Corporation
Product: Multiple Network Cameras TRIFORA 3 series
Published: Jan 16, 2026
Source: NVD
CVE-2025-12007 HIGH - 7.2

There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X13SEM-F . An attacker can update the system firmware with a specially crafted image.

Vendor: SMCI
Product: X13SEM-F
Published: Jan 16, 2026
Source: NVD
CVE-2025-12006 HIGH - 7.2

There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X12STW-F . An attacker can update the system firmware with a specially crafted image.

Vendor: SMCI
Product: X12STW-F
Published: Jan 16, 2026
Source: NVD
CVE-2025-12957 HIGH - 8.8

The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 4.5.7. This is due to insufficient file type validation detecting VTT files, allowing double extension files to bypass sanitization while being accepted as a valid VTT file....

Vendor: plugins360
Product: All-in-One Video Gallery
Published: Jan 16, 2026
Source: NVD
CVE-2026-1023 HIGH - 7.5

Statistics Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly exploit a specific functionality to query database contents.

Vendor: gotac
Product: statistics_database_system
Published: Jan 16, 2026
Source: NVD
CVE-2026-1022 HIGH - 7.5

Statistics Database System developed by Gotac has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.

Vendor: gotac
Product: statistics_database_system
Published: Jan 16, 2026
Source: NVD
CVE-2026-1018 HIGH - 7.5

Police Statistics Database System developed by Gotac has an Arbitrary File Read vulnerability, allowing Unauthenticated remote attacker to exploit Absolute Path Traversal to download arbitrary system files.

Vendor: gotac
Product: police_statistics_database_system
Published: Jan 16, 2026
Source: NVD
CVE-2025-65118 HIGH - 8.8

The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to trick Process Optimization services into loading arbitrary code and escalate privileges to OS System, potentially resulting in complete compromise of the Model Application Server.

Vendor: aveva
Product: process_optimization
Published: Jan 16, 2026
Source: NVD
CVE-2025-65117 HIGH - 7.7

The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Designer User) to embed OLE objects into graphics, and escalate their privileges to the identity of a victim user who subsequently interacts with the graphical elements.

Vendor: aveva
Product: process_optimization
Published: Jan 16, 2026
Source: NVD
CVE-2025-64769 HIGH - 7.1

The Process Optimization application suite leverages connection channels/protocols that by-default are not encrypted and could become subject to hijacking or data leakage in certain man-in-the-middle or passive inspection scenarios.

Vendor: aveva
Product: process_optimization
Published: Jan 16, 2026
Source: NVD
CVE-2025-64729 HIGH - 8.2

The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to tamper with Process Optimization project files, embed code, and escalate their privileges to the identity of a victim user who subsequently interacts with the project files.

Vendor: aveva
Product: process_optimization
Published: Jan 16, 2026
Source: NVD
CVE-2025-64691 HIGH - 8.8

The vulnerability, if exploited, could allow an authenticated miscreant (OS standard user) to tamper with TCL Macro scripts and escalate privileges to OS system, potentially resulting in complete compromise of the model application server.

Vendor: aveva
Product: process_optimization
Published: Jan 16, 2026
Source: NVD
CVE-2025-61943 HIGH - 7.8

The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Standard User) to tamper with queries in Captive Historian and achieve code execution under SQL Server administrative privileges, potentially resulting in complete compromise of the SQL Server.

Vendor: aveva
Product: process_optimization
Published: Jan 16, 2026
Source: NVD
CVE-2021-47815 HIGH - 7.5

Nsauditor 3.2.3 contains a denial of service vulnerability in the registration code input field that allows attackers to crash the application. Attackers can paste a large buffer of 256 repeated characters into the 'Key' field to trigger an application crash.

Vendor: nsasoft
Product: nsauditor
Published: Jan 16, 2026
Source: NVD
CVE-2021-47814 HIGH - 7.5

NBMonitor 1.6.8 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the registration code input field. Attackers can paste a 256-character buffer into the registration key field to trigger an application crash and potential system instability.

Vendor: Nsauditor
Product: NBMonitor
Published: Jan 16, 2026
Source: NVD
CVE-2021-47813 HIGH - 7.5

Backup Key Recovery 2.2.7 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the registration code input field. Attackers can paste a large buffer of 256 repeated characters into the registration key field to trigger application instability and p...

Vendor: Nsauditor
Product: Backup Key Recovery
Published: Jan 16, 2026
Source: NVD