Total CVEs

142,518

Critical Severity

3,992

High Severity

14,327

Last 7 Days

1,840
Quick preset (or use dates below)
Clear Filters
Showing 13,441 - 13,460 of 14,327 CVEs
CVE-2025-37182 HIGH - 7.2

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to perform SQL injection attacks. Successful exploitation could allow an attacker to execute arbitrary SQL commands on the underlying database, potentially leading t...

Vendor: arubanetworks
Product: edgeconnect_sd-wan_orchestrator
Published: Jan 14, 2026
Source: NVD
CVE-2025-37181 HIGH - 7.2

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to perform SQL injection attacks. Successful exploitation could allow an attacker to execute arbitrary SQL commands on the underlying database, potentially leading t...

Vendor: arubanetworks
Product: edgeconnect_sd-wan_orchestrator
Published: Jan 14, 2026
Source: NVD
CVE-2025-9142 HIGH - 7.5

A local user can trigger Harmony SASE Windows client to write or delete files outside the intended certificate working directory.

Published: Jan 14, 2026
Source: NVD
CVE-2026-0532 HIGH - 8.6

External Control of File Name or Path (CWE-73) combined with Server-Side Request Forgery (CWE-918) can allow an attacker to cause arbitrary file disclosure through a specially crafted credentials JSON payload in the Google Gemini connector configuration. This requires an attacker to have authenticat...

Published: Jan 14, 2026
Source: NVD
CVE-2025-0647 HIGH - 7.9

In certain Arm CPUs, a CPP RCTX instruction executed on one Processing Element (PE) may inhibit TLB invalidation when a TLBI is issued to the PE, either by the same PE or another PE in the shareability domain. In this case, the PE may retain stale TLB entries which should have been invalidated by th...

Published: Jan 14, 2026
Source: NVD
CVE-2025-14770 HIGH - 7.5

The Shipping Rate By Cities plugin for WordPress is vulnerable to SQL Injection via the 'city' parameter in all versions up to, and including, 2.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possi...

Published: Jan 14, 2026
Source: NVD
CVE-2025-15378 HIGH - 7.2

The AJS Footnotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'note_list_class' and 'popup_display_effect_in' parameters in all versions up to, and including, 1.0 due to missing authorization and nonce verification on settings save, as well as insuff...

Published: Jan 14, 2026
Source: NVD
CVE-2025-15283 HIGH - 7.2

The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name_directory_name' and 'name_directory_description' parameters in all versions up to, and including, 1.30.3 due to insufficient input sanitization and output escaping. This makes it p...

Published: Jan 14, 2026
Source: NVD
CVE-2025-15266 HIGH - 7.2

The GeekyBot โ€” Generate AI Content Without Prompt, Chatbot and Lead Generation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the chat message field in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possible f...

Published: Jan 14, 2026
Source: NVD
CVE-2025-14615 HIGH - 7.1

The DASHBOARD BUILDER โ€“ WordPress plugin for Charts and Graphs plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.7. This is due to missing nonce validation on the settings handler in dashboardbuilder-admin.php. This makes it possible for unaut...

Published: Jan 14, 2026
Source: NVD
CVE-2025-14613 HIGH - 7.2

The GetContentFromURL plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0. This is due to the plugin using wp_remote_get() instead of wp_safe_remote_get() to fetch content from a user-supplied URL in the 'url' parameter of the [gcfu] ...

Published: Jan 14, 2026
Source: NVD
CVE-2025-68968 HIGH - 7.8

Double free vulnerability in the multi-mode input module. Impact: Successful exploitation of this vulnerability may affect the input function.

Vendor: huawei
Product: harmonyos
Published: Jan 14, 2026
Source: NVD
CVE-2025-12053 HIGH - 7.8

The drivers in the tool packages use RTL_QUERY_REGISTRY_DIRECT flag to read a registry value to which an untrusted user-mode application may be able to cause a buffer overflow.

Published: Jan 14, 2026
Source: NVD
CVE-2025-12052 HIGH - 7.8

The drivers in the tool packages use RTL_QUERY_REGISTRY_DIRECT flag to read a registry value to which an untrusted user-mode application may be able to cause a buffer overflow.

Published: Jan 14, 2026
Source: NVD
CVE-2025-12051 HIGH - 7.8

The drivers in the tool packages use RTL_QUERY_REGISTRY_DIRECT flag to read a registry value to which an untrusted user-mode application may be able to cause a buffer overflow.

Published: Jan 14, 2026
Source: NVD
CVE-2025-12050 HIGH - 7.8

The drivers in the tool packages use RTL_QUERY_REGISTRY_DIRECT flag to read a registry value to which an untrusted user-mode application may be able to cause a buffer overflow.

Published: Jan 14, 2026
Source: NVD
CVE-2023-54340 HIGH - 8.2

WorkOrder CMS 0.1.0 contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login by manipulating username and password parameters. Attackers can inject malicious SQL queries using techniques like OR '1'='1' and stacked queries to access database in...

Published: Jan 13, 2026
Source: NVD
CVE-2023-54338 HIGH - 8.4

Tftpd32 SE 4.60 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be run with system-level permissi...

Published: Jan 13, 2026
Source: NVD
CVE-2023-54336 HIGH - 8.4

Mediconta 3.7.27 contains an unquoted service path vulnerability in the servermedicontservice that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\medicont3\ to inject malicious code that would execute with Lo...

Published: Jan 13, 2026
Source: NVD
CVE-2023-54333 HIGH - 8.2

Social-Share-Buttons 2.2.3 contains a critical SQL injection vulnerability in the project_id parameter that allows attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted POST requests with malicious SQL payloads to retrieve and potentially steal entire ...

Published: Jan 13, 2026
Source: NVD