Total CVEs

141,537

Critical Severity

3,871

High Severity

13,923

Last 7 Days

1,576
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 13,481 - 13,500 of 13,618 CVEs
CVE-2025-36589 HIGH - 7.1

Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access to data and resources outside of the intended ...

Vendor: dell
Product: unisphere_for_powermax
Published: Jan 06, 2026
Source: NVD
CVE-2024-30547 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Shazdeh Header Image Slider header-image-slider allows DOM-Based XSS.This issue affects Header Image Slider: from n/a through 0.3.

Published: Jan 06, 2026
Source: NVD
CVE-2025-59379 HIGH - 7.5

DwyerOmega Isensix Advanced Remote Monitoring System (ARMS) 1.5.7 allows an attacker to retrieve sensitive information from the underlying SQL database via Blind SQL Injection through the user parameter in the login page. This allows an attacker to steal credentials, which may be cleartext, from exi...

Published: Jan 06, 2026
Source: NVD
CVE-2020-36922 HIGH - 7.5

Sony BRAVIA Digital Signage 1.7.8 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive system details through API endpoints. Attackers can retrieve network interface information, server configurations, and system metadata by sending requests to t...

Vendor: sony
Product: bravia_signage
Published: Jan 06, 2026
Source: NVD
CVE-2020-36921 HIGH - 7.5

RED-V Super Digital Signage System 5.1.1 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive webserver log files. Attackers can visit multiple endpoints to retrieve system resources and debug log information without authentication.

Published: Jan 06, 2026
Source: NVD
CVE-2020-36920 HIGH - 8.8

iDS6 DSSPro Digital Signage System 6.2 contains an improper access control vulnerability that allows authenticated users to elevate privileges through console JavaScript functions. Attackers can create users, modify roles and permissions, and potentially achieve full application takeover by exploiti...

Published: Jan 06, 2026
Source: NVD
CVE-2020-36917 HIGH - 7.5

iDS6 DSSPro Digital Signage System 6.2 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept authentication credentials through cleartext cookie transmission. Attackers can exploit the autoSave feature to capture user passwords during man-in-the-middle a...

Published: Jan 06, 2026
Source: NVD
CVE-2020-36916 HIGH - 8.8

TDM Digital Signage PC Player 4.1.0.4 contains an elevation of privileges vulnerability that allows authenticated users to modify executable files. Attackers can leverage the 'Modify' permissions for authenticated users to replace executable files with malicious binaries and gain elevated ...

Published: Jan 06, 2026
Source: NVD
CVE-2020-36915 HIGH - 7.5

Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default credentials that allow unauthenticated remote access to web, telnet, and SSH interfaces. Attackers can exploit these credentials to gain root-level access and execute system commands across multiple Adtec Digi...

Published: Jan 06, 2026
Source: NVD
CVE-2020-36914 HIGH - 7.5

QiHang Media Web Digital Signage 3.0.9 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept user authentication credentials through cleartext cookie transmission. Attackers can perform man-in-the-middle attacks to capture and potentially misuse stored a...

Published: Jan 06, 2026
Source: NVD
CVE-2020-36910 HIGH - 8.8

Cayin Signage Media Player 3.0 contains an authenticated remote command injection vulnerability in system.cgi and wizard_system.cgi pages. Attackers can exploit the 'NTP_Server_IP' parameter with default credentials to execute arbitrary shell commands as root.

Published: Jan 06, 2026
Source: NVD
CVE-2020-36907 HIGH - 7.5

Aerohive HiveOS contains a denial of service vulnerability in the NetConfig UI that allows unauthenticated attackers to render the web interface unusable. Attackers can send a crafted HTTP request to the action.php5 script with specific parameters to trigger a 5-minute service disruption.

Published: Jan 06, 2026
Source: NVD
CVE-2020-36905 HIGH - 7.5

FIBARO System Home Center 5.021 contains a remote file inclusion vulnerability in the undocumented proxy API that allows attackers to include arbitrary client-side scripts. Attackers can exploit the 'url' GET parameter to inject malicious JavaScript and potentially hijack user sessions or ...

Published: Jan 06, 2026
Source: NVD
CVE-2025-14026 HIGH - 7.8

Forcepoint One DLP Client, version 23.04.5642 (and possibly newer versions), includes a restricted version of Python 2.5.4 that prevents use of the ctypes library. ctypes is a foreign function interface (FFI) for Python, enabling calls to DLLs/shared libraries, memory allocation, and direct code exe...

Published: Jan 06, 2026
Source: NVD
CVE-2026-21489 HIGH - 7.1

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below have Out-of-bounds Read and Integer Underflow (Wrap or Wraparound) vulnerabilities in its CIccCalculatorFunc::SequenceNeedTempReset function. This issue is fixed in version 2.3.1.2...

Vendor: color
Product: iccdev
Published: Jan 06, 2026
Source: NVD
CVE-2026-21488 HIGH - 7.1

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are vulnerable to Out-of-bounds Read, Heap-based Buffer Overflow and Improper Null Termination through its CIccTagText::Read function. This issue is fixed in version 2.3.1.2.

Vendor: color
Product: iccdev
Published: Jan 06, 2026
Source: NVD
CVE-2026-21411 HIGH - 8.8

Authentication bypass issue exists in OpenBlocks series versions prior to FW5.0.8, which may allow an attacker to bypass administrator authentication and change the password.

Published: Jan 06, 2026
Source: NVD
CVE-2025-14997 HIGH - 7.2

The BuddyPress Xprofile Custom Field Types plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'delete_field' function in all versions up to, and including, 1.2.8. This makes it possible for authenticated attackers, with Subscriber-...

Published: Jan 06, 2026
Source: NVD
CVE-2026-21677 HIGH - 8.8

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have Undefined Behavior in its CIccCLUT::Init function which initializes and sets the size of a CLUT. This issue is fixed in version 2.3.1.1.

Vendor: color
Product: iccdev
Published: Jan 06, 2026
Source: NVD
CVE-2026-21676 HIGH - 8.8

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have a Heap-based Buffer Overflow in its CIccMBB::Validate function which checks tag data validity. This issue is fixed in version 2.3.1.1.

Vendor: color
Product: iccdev
Published: Jan 06, 2026
Source: NVD