Total CVEs

141,537

Critical Severity

3,871

High Severity

13,923

Last 7 Days

1,585
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 13,441 - 13,460 of 13,618 CVEs
CVE-2025-69081 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Group Hope charity-is-hope allows PHP Local File Inclusion.This issue affects Hope: from n/a through 3.0.0.

Published: Jan 07, 2026
Source: NVD
CVE-2025-69080 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JanStudio Gecko allows PHP Local File Inclusion.This issue affects Gecko: from n/a through 1.9.8.

Published: Jan 07, 2026
Source: NVD
CVE-2025-47396 HIGH - 7.8

Memory corruption occurs when a secure application is launched on a device with insufficient memory.

Published: Jan 07, 2026
Source: NVD
CVE-2025-47394 HIGH - 7.8

Memory corruption when copying overlapping buffers during memory operations due to incorrect offset calculations.

Published: Jan 07, 2026
Source: NVD
CVE-2025-47393 HIGH - 7.8

Memory corruption when accessing resources in kernel driver.

Published: Jan 07, 2026
Source: NVD
CVE-2025-47388 HIGH - 7.8

Memory corruption while passing pages to DSP with an unaligned starting address.

Published: Jan 07, 2026
Source: NVD
CVE-2025-47380 HIGH - 7.8

Memory corruption while preprocessing IOCTLs in sensors.

Published: Jan 07, 2026
Source: NVD
CVE-2025-47356 HIGH - 7.8

Memory Corruption when multiple threads concurrently access and modify shared resources.

Published: Jan 07, 2026
Source: NVD
CVE-2025-47348 HIGH - 7.8

Memory corruption while processing identity credential operations in the trusted application.

Published: Jan 07, 2026
Source: NVD
CVE-2025-47346 HIGH - 7.8

Memory corruption while processing a secure logging command in the trusted application.

Published: Jan 07, 2026
Source: NVD
CVE-2025-47345 HIGH - 8.4

Cryptographic issue may occur while encrypting license data.

Published: Jan 07, 2026
Source: NVD
CVE-2025-47343 HIGH - 7.8

Memory corruption while processing a video session to set video parameters.

Vendor: qualcomm
Product: video_collaboration_vc3_platform_firmware
Published: Jan 07, 2026
Source: NVD
CVE-2025-47339 HIGH - 7.8

Memory corruption while deinitializing a HDCP session.

Published: Jan 07, 2026
Source: NVD
CVE-2025-32300 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital zoom studio DZS Video Gallery allows Reflected XSS.This issue affects DZS Video Gallery: from n/a through 12.25.

Published: Jan 07, 2026
Source: NVD
CVE-2025-31643 HIGH - 8.8

Incorrect Privilege Assignment vulnerability in Dasinfomedia WPCHURCH allows Privilege Escalation.This issue affects WPCHURCH: from n/a through 2.7.0.

Published: Jan 07, 2026
Source: NVD
CVE-2025-15472 HIGH - 7.2

A flaw has been found in TRENDnet TEW-811DRU 1.0.2.0. This affects the function setDeviceURL  of the file uapply.cgi of the component httpd . This manipulation of the argument DeviceURL causes os command injection. The attack can be initiated remotely. The exploit has been published and may be used....

Vendor: trendnet
Product: tew-811dru_firmware
Published: Jan 07, 2026
Source: NVD
CVE-2025-15158 HIGH - 8.8

The WP Enable WebP plugin for WordPress is vulnerable to arbitrary file uploads due to improper file type validation in the 'wpse_file_and_ext_webp' function in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Author-level access and above, t...

Published: Jan 07, 2026
Source: NVD
CVE-2025-14835 HIGH - 7.1

The WP Photo Album Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘shortcode’ parameter in all versions up to, and including, 9.1.05.008 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbit...

Published: Jan 07, 2026
Source: NVD
CVE-2025-14804 HIGH - 7.7

The Frontend File Manager Plugin WordPress plugin before 23.5 did not validate a path parameter and ownership of the file, allowing any authenticated users, such as subscribers to delete arbitrary files on the server

Published: Jan 07, 2026
Source: NVD
CVE-2025-14070 HIGH - 7.5

The Reviewify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'send_test_email' AJAX action in all versions up to, and including, 1.0.6. This makes it possible for authenticated attackers, with Contributor-level access and ab...

Published: Jan 07, 2026
Source: NVD