Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,868
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 13,621 - 13,640 of 13,803 CVEs
CVE-2025-46494 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themesgrove WidgetKit Pro allows Reflected XSS.This issue affects WidgetKit Pro: from n/a through 1.13.1.

Published: Jan 07, 2026
Source: NVD
CVE-2026-20893 HIGH - 7.8

Origin validation error issue exists in Fujitsu Security Solution AuthConductor Client Basic V2 2.0.25.0 and earlier. If this vulnerability is exploited, an attacker who can log in to the Windows system where the affected product is installed may execute arbitrary code with SYSTEM privilege and/or m...

Published: Jan 07, 2026
Source: NVD
CVE-2026-0656 HIGH - 8.2

The iPaymu Payment Gateway for WooCommerce plugin for WordPress is vulnerable to Missing Authentication in all versions up to, and including, 2.0.2 via the 'check_ipaymu_response' function. This is due to the plugin not validating webhook request authenticity through signature verification...

Published: Jan 07, 2026
Source: NVD
CVE-2026-0628 HIGH - 8.8

Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Jan 07, 2026
Source: NVD
CVE-2025-69082 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Frenify Arlo arlo allows Reflected XSS.This issue affects Arlo: from n/a through 6.0.3.

Published: Jan 07, 2026
Source: NVD
CVE-2025-69081 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Group Hope charity-is-hope allows PHP Local File Inclusion.This issue affects Hope: from n/a through 3.0.0.

Published: Jan 07, 2026
Source: NVD
CVE-2025-69080 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JanStudio Gecko allows PHP Local File Inclusion.This issue affects Gecko: from n/a through 1.9.8.

Published: Jan 07, 2026
Source: NVD
CVE-2025-47396 HIGH - 7.8

Memory corruption occurs when a secure application is launched on a device with insufficient memory.

Published: Jan 07, 2026
Source: NVD
CVE-2025-47394 HIGH - 7.8

Memory corruption when copying overlapping buffers during memory operations due to incorrect offset calculations.

Published: Jan 07, 2026
Source: NVD
CVE-2025-47393 HIGH - 7.8

Memory corruption when accessing resources in kernel driver.

Published: Jan 07, 2026
Source: NVD
CVE-2025-47388 HIGH - 7.8

Memory corruption while passing pages to DSP with an unaligned starting address.

Published: Jan 07, 2026
Source: NVD
CVE-2025-47380 HIGH - 7.8

Memory corruption while preprocessing IOCTLs in sensors.

Published: Jan 07, 2026
Source: NVD
CVE-2025-47356 HIGH - 7.8

Memory Corruption when multiple threads concurrently access and modify shared resources.

Published: Jan 07, 2026
Source: NVD
CVE-2025-47348 HIGH - 7.8

Memory corruption while processing identity credential operations in the trusted application.

Published: Jan 07, 2026
Source: NVD
CVE-2025-47346 HIGH - 7.8

Memory corruption while processing a secure logging command in the trusted application.

Published: Jan 07, 2026
Source: NVD
CVE-2025-47345 HIGH - 8.4

Cryptographic issue may occur while encrypting license data.

Published: Jan 07, 2026
Source: NVD
CVE-2025-47343 HIGH - 7.8

Memory corruption while processing a video session to set video parameters.

Vendor: qualcomm
Product: video_collaboration_vc3_platform_firmware
Published: Jan 07, 2026
Source: NVD
CVE-2025-47339 HIGH - 7.8

Memory corruption while deinitializing a HDCP session.

Published: Jan 07, 2026
Source: NVD
CVE-2025-32300 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital zoom studio DZS Video Gallery allows Reflected XSS.This issue affects DZS Video Gallery: from n/a through 12.25.

Published: Jan 07, 2026
Source: NVD
CVE-2025-31643 HIGH - 8.8

Incorrect Privilege Assignment vulnerability in Dasinfomedia WPCHURCH allows Privilege Escalation.This issue affects WPCHURCH: from n/a through 2.7.0.

Published: Jan 07, 2026
Source: NVD