Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,791
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 13,661 - 13,680 of 13,803 CVEs
CVE-2025-69086 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Jwsthemes Issabella allows PHP Local File Inclusion.This issue affects Issabella: from n/a through 1.1.2.

Published: Jan 06, 2026
Source: NVD
CVE-2025-69085 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e-plugins JobBank allows Reflected XSS.This issue affects JobBank: from n/a through 1.2.2.

Published: Jan 06, 2026
Source: NVD
CVE-2025-69084 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GT3 themes Photo Gallery allows Reflected XSS.This issue affects Photo Gallery: from n/a through 2.7.7.26.

Published: Jan 06, 2026
Source: NVD
CVE-2025-69083 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Frappé allows PHP Local File Inclusion.This issue affects Frappé: from n/a through 1.8.

Published: Jan 06, 2026
Source: NVD
CVE-2025-47553 HIGH - 8.8

Deserialization of Untrusted Data vulnerability in Digital zoom studio DZS Video Gallery allows Object Injection.This issue affects DZS Video Gallery: from n/a through 12.25.

Published: Jan 06, 2026
Source: NVD
CVE-2025-36589 HIGH - 7.1

Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access to data and resources outside of the intended ...

Vendor: dell
Product: unisphere_for_powermax
Published: Jan 06, 2026
Source: NVD
CVE-2024-30547 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Shazdeh Header Image Slider header-image-slider allows DOM-Based XSS.This issue affects Header Image Slider: from n/a through 0.3.

Published: Jan 06, 2026
Source: NVD
CVE-2025-59379 HIGH - 7.5

DwyerOmega Isensix Advanced Remote Monitoring System (ARMS) 1.5.7 allows an attacker to retrieve sensitive information from the underlying SQL database via Blind SQL Injection through the user parameter in the login page. This allows an attacker to steal credentials, which may be cleartext, from exi...

Published: Jan 06, 2026
Source: NVD
CVE-2020-36922 HIGH - 7.5

Sony BRAVIA Digital Signage 1.7.8 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive system details through API endpoints. Attackers can retrieve network interface information, server configurations, and system metadata by sending requests to t...

Vendor: sony
Product: bravia_signage
Published: Jan 06, 2026
Source: NVD
CVE-2020-36921 HIGH - 7.5

RED-V Super Digital Signage System 5.1.1 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive webserver log files. Attackers can visit multiple endpoints to retrieve system resources and debug log information without authentication.

Published: Jan 06, 2026
Source: NVD
CVE-2020-36920 HIGH - 8.8

iDS6 DSSPro Digital Signage System 6.2 contains an improper access control vulnerability that allows authenticated users to elevate privileges through console JavaScript functions. Attackers can create users, modify roles and permissions, and potentially achieve full application takeover by exploiti...

Published: Jan 06, 2026
Source: NVD
CVE-2020-36917 HIGH - 7.5

iDS6 DSSPro Digital Signage System 6.2 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept authentication credentials through cleartext cookie transmission. Attackers can exploit the autoSave feature to capture user passwords during man-in-the-middle a...

Published: Jan 06, 2026
Source: NVD
CVE-2020-36916 HIGH - 8.8

TDM Digital Signage PC Player 4.1.0.4 contains an elevation of privileges vulnerability that allows authenticated users to modify executable files. Attackers can leverage the 'Modify' permissions for authenticated users to replace executable files with malicious binaries and gain elevated ...

Published: Jan 06, 2026
Source: NVD
CVE-2020-36915 HIGH - 7.5

Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default credentials that allow unauthenticated remote access to web, telnet, and SSH interfaces. Attackers can exploit these credentials to gain root-level access and execute system commands across multiple Adtec Digi...

Published: Jan 06, 2026
Source: NVD
CVE-2020-36914 HIGH - 7.5

QiHang Media Web Digital Signage 3.0.9 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept user authentication credentials through cleartext cookie transmission. Attackers can perform man-in-the-middle attacks to capture and potentially misuse stored a...

Published: Jan 06, 2026
Source: NVD
CVE-2020-36910 HIGH - 8.8

Cayin Signage Media Player 3.0 contains an authenticated remote command injection vulnerability in system.cgi and wizard_system.cgi pages. Attackers can exploit the 'NTP_Server_IP' parameter with default credentials to execute arbitrary shell commands as root.

Published: Jan 06, 2026
Source: NVD
CVE-2020-36907 HIGH - 7.5

Aerohive HiveOS contains a denial of service vulnerability in the NetConfig UI that allows unauthenticated attackers to render the web interface unusable. Attackers can send a crafted HTTP request to the action.php5 script with specific parameters to trigger a 5-minute service disruption.

Published: Jan 06, 2026
Source: NVD
CVE-2020-36905 HIGH - 7.5

FIBARO System Home Center 5.021 contains a remote file inclusion vulnerability in the undocumented proxy API that allows attackers to include arbitrary client-side scripts. Attackers can exploit the 'url' GET parameter to inject malicious JavaScript and potentially hijack user sessions or ...

Published: Jan 06, 2026
Source: NVD
CVE-2025-14026 HIGH - 7.8

Forcepoint One DLP Client, version 23.04.5642 (and possibly newer versions), includes a restricted version of Python 2.5.4 that prevents use of the ctypes library. ctypes is a foreign function interface (FFI) for Python, enabling calls to DLLs/shared libraries, memory allocation, and direct code exe...

Published: Jan 06, 2026
Source: NVD
CVE-2026-21489 HIGH - 7.1

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below have Out-of-bounds Read and Integer Underflow (Wrap or Wraparound) vulnerabilities in its CIccCalculatorFunc::SequenceNeedTempReset function. This issue is fixed in version 2.3.1.2...

Vendor: color
Product: iccdev
Published: Jan 06, 2026
Source: NVD