Total CVEs

142,518

Critical Severity

3,992

High Severity

14,327

Last 7 Days

1,904
Quick preset (or use dates below)
Clear Filters
Showing 13,501 - 13,520 of 14,756 CVEs
CVE-2026-23878 MEDIUM - 6.5

HotCRP is conference review software. Starting in commit aa20ef288828b04550950cf67c831af8a525f508 and prior to commit ceacd5f1476458792c44c6a993670f02c984b4a0, authors with at least one submission on a HotCRP site could use the document API to download any documents (PDFs, attachments) associated wi...

Vendor: kohler
Product: hotcrp
Published: Jan 19, 2026
Source: NVD
CVE-2026-1172 MEDIUM - 5.3

A vulnerability has been found in birkir prime up to 0.4.0.beta.0. The affected element is an unknown function of the file /graphql of the component GraphQL Directive Handler. The manipulation leads to denial of service. Remote exploitation of the attack is possible. The exploit has been disclosed t...

Published: Jan 19, 2026
Source: NVD
CVE-2026-1171 MEDIUM - 5.3

A flaw has been found in birkir prime up to 0.4.0.beta.0. Impacted is an unknown function of the file /graphql of the component GraphQL Field Handler. Executing a manipulation can lead to denial of service. The attack may be launched remotely. The exploit has been published and may be used. The proj...

Published: Jan 19, 2026
Source: NVD
CVE-2026-23721 MEDIUM - 4.3

OpenProject is an open-source, web-based project management software. When using groups in OpenProject to manage users, the group members should only be visible to users that have the View Members permission in any project that the group is also a member of. Prior to versions 17.0.1 and 16.6.5, due ...

Vendor: opf
Product: openproject
Published: Jan 19, 2026
Source: NVD
CVE-2026-23646 MEDIUM - 6.5

OpenProject is an open-source, web-based project management software. Users of OpenProject versions prior to 16.6.5 and 17.0.1 have the ability to view and end their active sessions via Account Settings โ†’ Sessions. When deleting a session, it was not properly checked if the session belongs to the us...

Vendor: opf
Product: openproject
Published: Jan 19, 2026
Source: NVD
CVE-2026-1170 MEDIUM - 5.3

A vulnerability was detected in birkir prime up to 0.4.0.beta.0. This issue affects some unknown processing of the file /graphql of the component GraphQL API. Performing a manipulation results in information disclosure. The attack may be initiated remotely. The exploit is now public and may be used....

Published: Jan 19, 2026
Source: NVD
CVE-2026-1169 MEDIUM - 4.3

A security vulnerability has been detected in birkir prime up to 0.4.0.beta.0. This vulnerability affects unknown code. Such manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The project was informed of the...

Published: Jan 19, 2026
Source: NVD
CVE-2025-11044 MEDIUM - 6.8

An Allocation of Resources Without Limits or Throttling vulnerability in the ANSL-Server component of B&R Automation Runtime versions prior to 6.5 and prior to R4.93 could be exploited by an unauthenti-cated attacker on the network to win a race condition, resulting in permanent denial-of-servic...

Vendor: B&R Industrial Automation GmbH
Product: Automation Runtime
Published: Jan 19, 2026
Source: NVD
CVE-2026-1154 MEDIUM - 4.3

A flaw has been found in SourceCodester E-Learning System 1.0. This impacts an unknown function of the file /admin/modules/lesson/index.php of the component Lesson Module Handler. Executing a manipulation of the argument Title/Description can lead to basic cross site scripting. The attack can be exe...

Published: Jan 19, 2026
Source: NVD
CVE-2026-1153 MEDIUM - 4.3

A vulnerability was detected in technical-laohu mpay up to 1.2.4. This affects an unknown function. Performing a manipulation results in cross-site request forgery. Remote exploitation of the attack is possible. The exploit is now public and may be used.

Published: Jan 19, 2026
Source: NVD
CVE-2026-1152 MEDIUM - 4.7

A security vulnerability has been detected in technical-laohu mpay up to 1.2.4. The impacted element is an unknown function of the component QR Code Image Handler. Such manipulation of the argument codeimg leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclo...

Published: Jan 19, 2026
Source: NVD
CVE-2026-1150 MEDIUM - 6.3

A security flaw has been discovered in Totolink LR350 9.3.5u.6369_B20220309. Impacted is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument command results in command injection. The attack can be launched remotely. T...

Published: Jan 19, 2026
Source: NVD
CVE-2026-1149 MEDIUM - 6.3

A vulnerability was identified in Totolink LR350 9.3.5u.6369_B20220309. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument ip leads to command injection. The attack can be initiated remotely. The ex...

Published: Jan 19, 2026
Source: NVD
CVE-2026-1148 MEDIUM - 4.3

A vulnerability was determined in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. This vulnerability affects unknown code. Executing a manipulation can lead to cross-site request forgery. It is possible to launch the attack remotely.

Published: Jan 19, 2026
Source: NVD
CVE-2026-1145 MEDIUM - 6.3

A flaw has been found in quickjs-ng quickjs up to 0.11.0. Affected by this vulnerability is the function js_typed_array_constructor_ta of the file quickjs.c. This manipulation causes heap-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may...

Published: Jan 19, 2026
Source: NVD
CVE-2025-59355 MEDIUM - 6.5

A vulnerability. When org.apache.linkis.metadata.util.HiveUtils.decode() fails to perform Base64 decoding, it records the complete input parameter string in the log via logger.error(str + "decode failed", e). If the input parameter contains sensitive information such as Hive Metastore key...

Vendor: Apache Software Foundation
Product: Apache Linkis
Published: Jan 19, 2026
Source: NVD
CVE-2026-1144 MEDIUM - 6.3

A vulnerability was detected in quickjs-ng quickjs up to 0.11.0. Affected is an unknown function of the file quickjs.c of the component Atomics Ops Handler. The manipulation results in use after free. The attack can be executed remotely. The exploit is now public and may be used. The patch is identi...

Published: Jan 19, 2026
Source: NVD
CVE-2026-1142 MEDIUM - 4.3

A security flaw has been discovered in PHPGurukul News Portal 1.0. The impacted element is an unknown function. Performing a manipulation results in cross-site request forgery. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.

Published: Jan 19, 2026
Source: NVD
CVE-2026-1141 MEDIUM - 6.3

A vulnerability was identified in PHPGurukul News Portal 1.0. The affected element is an unknown function of the file /admin/add-subadmins.php of the component Add Sub-Admin Page. Such manipulation leads to improper authorization. The attack can be launched remotely. The exploit is publicly availabl...

Published: Jan 19, 2026
Source: NVD
CVE-2026-1135 MEDIUM - 4.3

A security flaw has been discovered in itsourcecode Society Management System 1.0. This impacts an unknown function of the file /admin/activity.php. The manipulation of the argument Title results in cross site scripting. The attack may be launched remotely. The exploit has been released to the publi...

Published: Jan 19, 2026
Source: NVD