Total CVEs

142,518

Critical Severity

3,992

High Severity

14,327

Last 7 Days

1,917
Quick preset (or use dates below)
Clear Filters
Showing 13,421 - 13,440 of 14,756 CVEs
CVE-2025-67261 MEDIUM - 6.5

Abacre Retail Point of Sale 14.0.0.396 is vulnerable to content-based blind SQL injection. The vulnerability exists in the Search function of the Orders page.

Vendor: n/a
Product: n/a
Published: Jan 20, 2026
Source: NVD
CVE-2025-33231 MEDIUM - 6.7

NVIDIA Nsight Systems for Windows contains a vulnerability in the application’s DLL loading mechanism where an attacker could cause an uncontrolled search path element by exploiting insecure DLL search paths. A successful exploit of this vulnerability might lead to code execution, escalation of priv...

Vendor: NVIDIA
Product: CUDA Toolkit
Published: Jan 20, 2026
Source: NVD
CVE-2026-23829 MEDIUM - 5.3

Mailpit is an email testing tool and API for developers. Prior to version 1.28.3, Mailpit's SMTP server is vulnerable to Header Injection due to an insufficient Regular Expression used to validate `RCPT TO` and `MAIL FROM` addresses. An attacker can inject arbitrary SMTP headers (or corrupt exi...

Vendor: go
Product: github.com/axllent/mailpit
Published: Jan 20, 2026
Source: GitHub
CVE-2026-23733 MEDIUM - 6.4

LobeChat is an open source chat application platform. Prior to version 2.0.0-next.180, a stored Cross-Site Scripting (XSS) vulnerability in the Mermaid artifact renderer allows attackers to execute arbitrary JavaScript within the application context. This XSS can be escalated to Remote Code Executio...

Vendor: npm
Product: @lobehub/chat
Published: Jan 20, 2026
Source: GitHub
CVE-2026-22770 MEDIUM - 6.5

ImageMagick is free and open-source software used for editing and manipulating digital images. The BilateralBlurImage method will allocate a set of double buffers inside AcquireBilateralTLS. But, in versions prior to 7.1.2-13, the last element in the set is not properly initialized. This will result...

Vendor: nuget
Product: Magick.NET-Q8-x64
Published: Jan 20, 2026
Source: GitHub
CVE-2025-67824 MEDIUM - 6.1

The WorklogPRO - Jira Timesheets plugin in the Jira Data Center before 4.24.2-jira9, 4.24.2-jira10 and 4.24.2-jira11 allows attackers to inject arbitrary HTML or JavaScript via XSS. This is exploited via a crafted payload placed in the name of a filter. This code is executed in the browser when the ...

Vendor: n/a
Product: n/a
Published: Jan 20, 2026
Source: NVD
CVE-2025-36419 MEDIUM - 5.3

IBM ApplinX 11.1 could disclose sensitive information about server architecture that could aid in further attacks against the system.

Vendor: IBM
Product: ApplinX
Published: Jan 20, 2026
Source: NVD
CVE-2025-36409 MEDIUM - 5.4

IBM ApplinX 11.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Vendor: IBM
Product: ApplinX
Published: Jan 20, 2026
Source: NVD
CVE-2025-36408 MEDIUM - 6.4

IBM ApplinX 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Vendor: IBM
Product: ApplinX
Published: Jan 20, 2026
Source: NVD
CVE-2025-36397 MEDIUM - 5.4

IBM Application Gateway 23.10 through 25.09 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.

Vendor: IBM
Product: Application Gateway
Published: Jan 20, 2026
Source: NVD
CVE-2025-36396 MEDIUM - 5.4

IBM Application Gateway 23.10 through 25.09 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Vendor: IBM
Product: Application Gateway
Published: Jan 20, 2026
Source: NVD
CVE-2025-36115 MEDIUM - 6.3

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0.00 through 5.2.0.12 does not disallow the session id after use which could allow an authenticated user to impersonate another user on the system.

Vendor: IBM
Product: Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0
Published: Jan 20, 2026
Source: NVD
CVE-2025-36113 MEDIUM - 5.4

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to cre...

Vendor: IBM
Product: Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0
Published: Jan 20, 2026
Source: NVD
CVE-2025-36066 MEDIUM - 6.1

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading ...

Vendor: IBM
Product: Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0
Published: Jan 20, 2026
Source: NVD
CVE-2025-36065 MEDIUM - 6.3

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system.

Vendor: IBM
Product: Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0
Published: Jan 20, 2026
Source: NVD
CVE-2025-36063 MEDIUM - 6.3

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system.

Vendor: IBM
Product: Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0
Published: Jan 20, 2026
Source: NVD
CVE-2025-36059 MEDIUM - 4.7

IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 006. IBM Cloud Pak for Business Automation could allow a local user with access to the container to execute OS system calls.

Vendor: IBM
Product: Business Automation Workflow containers
Published: Jan 20, 2026
Source: NVD
CVE-2025-36058 MEDIUM - 5.5

IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 006. IBM Cloud Pak for Business Automation and IBM Business Automation Workflow containers may disclose sensitve configuration information i...

Vendor: IBM
Product: Business Automation Workflow containers
Published: Jan 20, 2026
Source: NVD
CVE-2026-0690 MEDIUM - 6.4

The FlatPM – Ad Manager, AdSense and Custom Code plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rank_math_description' custom field in all versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for...

Published: Jan 20, 2026
Source: NVD
CVE-2026-0608 MEDIUM - 6.4

The Head Meta Data plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'head-meta-data' post meta field in all versions up to, and including, 20251118 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with ...

Published: Jan 20, 2026
Source: NVD