Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,900
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 13,561 - 13,580 of 13,803 CVEs
CVE-2025-68873 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in chloédigital PRIMER by chloédigital primer-by-chloedigital allows Reflected XSS.This issue affects PRIMER by chloédigital: from n/a through <= 1.0.25.

Published: Jan 08, 2026
Source: NVD
CVE-2025-67937 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Hendon hendon allows PHP Local File Inclusion.This issue affects Hendon: from n/a through < 1.7.

Published: Jan 08, 2026
Source: NVD
CVE-2025-67936 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Curly curly allows PHP Local File Inclusion.This issue affects Curly: from n/a through < 3.3.

Published: Jan 08, 2026
Source: NVD
CVE-2025-67935 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Optimize optimizewp allows PHP Local File Inclusion.This issue affects Optimize: from n/a through < 2.4.

Published: Jan 08, 2026
Source: NVD
CVE-2025-67934 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Wellspring wellspring allows PHP Local File Inclusion.This issue affects Wellspring: from n/a through < 2.8.

Published: Jan 08, 2026
Source: NVD
CVE-2025-67931 HIGH - 7.5

Insertion of Sensitive Information Into Sent Data vulnerability in AITpro BulletProof Security bulletproof-security allows Retrieve Embedded Sensitive Data.This issue affects BulletProof Security: from n/a through <= 6.9.

Published: Jan 08, 2026
Source: NVD
CVE-2025-67926 HIGH - 8.8

Missing Authorization vulnerability in Shahjahan Jewel Fluent Support fluent-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fluent Support: from n/a through <= 1.10.4.

Published: Jan 08, 2026
Source: NVD
CVE-2025-67925 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in zozothemes Corpkit corpkit allows PHP Local File Inclusion.This issue affects Corpkit: from n/a through <= 2.0.

Published: Jan 08, 2026
Source: NVD
CVE-2025-67919 HIGH - 8.1

Authorization Bypass Through User-Controlled Key vulnerability in WofficeIO Woffice Core woffice-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woffice Core: from n/a through <= 5.4.30.

Published: Jan 08, 2026
Source: NVD
CVE-2025-67917 HIGH - 8.1

Missing Authorization vulnerability in shinetheme Traveler traveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Traveler: from n/a through <= 3.2.6.

Published: Jan 08, 2026
Source: NVD
CVE-2025-67914 HIGH - 7.5

Path Traversal: '.../...//' vulnerability in beeteam368 VidMov vidmov allows Path Traversal.This issue affects VidMov: from n/a through <= 2.3.8.

Published: Jan 08, 2026
Source: NVD
CVE-2025-22715 HIGH - 8.1

Missing Authorization vulnerability in loopus WP Attractive Donations System - Easy Stripe & Paypal donations WP_AttractiveDonationsSystem allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Attractive Donations System - Easy Stripe & Paypal donation...

Published: Jan 08, 2026
Source: NVD
CVE-2026-0701 HIGH - 7.2

A vulnerability was identified in code-projects Intern Membership Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /intern/admin/add_admin.php. The manipulation of the argument Username leads to sql injection. The attack is possible to be carried out remo...

Vendor: carmelo
Product: intern_membership_management_system
Published: Jan 08, 2026
Source: NVD
CVE-2026-0699 HIGH - 7.2

A vulnerability was found in code-projects Intern Membership Management System 1.0. This impacts an unknown function of the file /intern/admin/edit_activity.php. Performing a manipulation of the argument activity_id results in sql injection. Remote exploitation of the attack is possible. The exploit...

Vendor: carmelo
Product: intern_membership_management_system
Published: Jan 08, 2026
Source: NVD
CVE-2026-0698 HIGH - 7.2

A vulnerability has been found in code-projects Intern Membership Management System 1.0. This affects an unknown function of the file /intern/admin/edit_students.php. Such manipulation of the argument admin_id leads to sql injection. The attack may be launched remotely. The exploit has been disclose...

Vendor: carmelo
Product: intern_membership_management_system
Published: Jan 08, 2026
Source: NVD
CVE-2026-0697 HIGH - 7.2

A flaw has been found in code-projects Intern Membership Management System 1.0. The impacted element is an unknown function of the file /intern/admin/edit_admin.php. This manipulation of the argument admin_id causes sql injection. The attack may be initiated remotely. The exploit has been published ...

Vendor: carmelo
Product: intern_membership_management_system
Published: Jan 08, 2026
Source: NVD
CVE-2026-21427 HIGH - 7.8

The installers for multiple products provided by PIONEER CORPORATION contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running installer.

Published: Jan 08, 2026
Source: NVD
CVE-2026-22035 HIGH - 7.7

Greenshot is an open source Windows screenshot utility. Versions 1.3.310 and below arvulnerable to OS Command Injection through unsanitized filename processing. The FormatArguments method in ExternalCommandDestination.cs:269 uses string.Format() to insert user-controlled filenames directly into shel...

Published: Jan 08, 2026
Source: NVD
CVE-2026-21868 HIGH - 7.5

Flag Forge is a Capture The Flag (CTF) platform. Versions 2.3.2 and below have a Regular Expression Denial of Service (ReDoS) vulnerability in the user profile API endpoint (/api/user/[username]). The application constructs a regular expression dynamically using unescaped user input (the username pa...

Vendor: flagforge
Product: flagforge
Published: Jan 08, 2026
Source: NVD
CVE-2026-21869 HIGH - 8.8

llama.cpp is an inference of several LLM models in C/C++. In commits 55d4206c8 and prior, the n_discard parameter is parsed directly from JSON input in the llama.cpp server's completion endpoints without validation to ensure it's non-negative. When a negative value is supplied and the cont...

Published: Jan 08, 2026
Source: NVD