Total CVEs

142,518

Critical Severity

3,992

High Severity

14,327

Last 7 Days

1,847
Quick preset (or use dates below)
Clear Filters
Showing 13,661 - 13,680 of 14,756 CVEs
CVE-2021-47765 MEDIUM - 5.5

AbsoluteTelnet 11.24 contains a denial of service vulnerability that allows local attackers to crash the application by manipulating username and error report fields. Attackers can trigger the crash by inserting 1000 characters into the username or email address fields, causing the application to be...

Vendor: celestialsoftware
Product: absolutetelnet
Published: Jan 15, 2026
Source: NVD
CVE-2021-47764 MEDIUM - 5.5

AbsoluteTelnet 11.24 contains a denial of service vulnerability that allows local attackers to crash the application by manipulating DialUp connection and license name fields. Attackers can generate a 1000-character payload and paste it into specific input fields to trigger application crashes and f...

Vendor: celestialsoftware
Product: absolutetelnet
Published: Jan 15, 2026
Source: NVD
CVE-2021-47759 MEDIUM - 6.2

MTPutty 1.0.1.21 contains a sensitive information disclosure vulnerability that allows local attackers to view SSH connection passwords through Windows PowerShell process listing. Attackers can run a PowerShell command to retrieve the full command line of MTPutty processes, exposing plaintext SSH cr...

Vendor: Ttyplus
Product: MTPutty
Published: Jan 15, 2026
Source: NVD
CVE-2021-47754 MEDIUM - 6.5

Arunna 1.0.0 contains a cross-site request forgery vulnerability that allows attackers to manipulate user profile settings without authentication. Attackers can craft a malicious form to change user details, including passwords, email, and administrative privileges by tricking authenticated users in...

Vendor: arunna
Product: arunna
Published: Jan 15, 2026
Source: NVD
CVE-2026-0990 MEDIUM - 5.9

A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a sp...

Published: Jan 15, 2026
Source: NVD
CVE-2025-67083 MEDIUM - 5.3

Directory traversal vulnerability in InvoicePlane through 1.6.3 allows unauthenticated attackers to read files from the server. The ability to read files and the file type depends on the web server and its configuration.

Vendor: invoiceplane
Product: invoiceplane
Published: Jan 15, 2026
Source: NVD
CVE-2025-67082 MEDIUM - 6.5

An SQL injection vulnerability in InvoicePlane through 1.6.3 has been identified in "maxQuantity" and "minQuantity" parameters when generating a report. An authenticated attacker can exploit this issue via error-based SQL injection, allowing for the extraction of arbitrary data f...

Vendor: invoiceplane
Product: invoiceplane
Published: Jan 15, 2026
Source: NVD
CVE-2025-67081 MEDIUM - 4.9

An SQL injection vulnerability in Itflow through 25.06 has been identified in the "role_id" parameter when editing a profile. An attacker with admin account can exploit this issue via blind SQL injection, allowing for the extraction of arbitrary data from the database. The vulnerability ar...

Vendor: itflow
Product: itflow
Published: Jan 15, 2026
Source: NVD
CVE-2026-22646 MEDIUM - 4.3

Certain error messages returned by the application expose internal system details that should not be visible to end users, providing attackers with valuable reconnaissance information (like file paths, database errors, or software versions) that can be used to map the application's internal str...

Vendor: SICK AG
Product: Incoming Goods Suite
Published: Jan 15, 2026
Source: NVD
CVE-2026-22645 MEDIUM - 5.3

The application discloses all used components, versions and license information to unauthenticated actors, giving attackers the opportunity to target known security vulnerabilities of used components.

Vendor: SICK AG
Product: Incoming Goods Suite
Published: Jan 15, 2026
Source: NVD
CVE-2026-22644 MEDIUM - 5.3

Certain requests pass the authentication token in the URL as string query parameter, making it vulnerable to theft through server logs, proxy logs and Referer headers, which could allow an attacker to hijack the user's session and gain unauthorized access.

Vendor: SICK AG
Product: Incoming Goods Suite
Published: Jan 15, 2026
Source: NVD
CVE-2025-13859 MEDIUM - 6.4

The AffiliateX โ€“ Amazon Affiliate Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_customization_settings AJAX action in versions 1.0.0 to 1.3.9.3. This makes it possible for authenticated attackers, with Subscriber-level ac...

Vendor: wpcenter
Product: AffiliateX โ€“ Amazon Affiliate Plugin
Published: Jan 15, 2026
Source: NVD
CVE-2025-12895 MEDIUM - 5.3

The Kalium 3 | Creative WordPress & WooCommerce Theme theme for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the kalium_vc_contact_form_request() function in all versions up to, and including, 3.29. This makes it possible for unauthenticated attacker...

Vendor: Laborator
Product: Kalium 3 | Creative WordPress & WooCommerce Theme
Published: Jan 15, 2026
Source: NVD
CVE-2026-22919 MEDIUM - 4.8

An attacker with administrative access may inject malicious content into the login page, potentially enabling cross-site scripting (XSS) attacks, leading to the extraction of sensitive data.

Vendor: sick
Product: tdc-x401gl_firmware
Published: Jan 15, 2026
Source: NVD
CVE-2026-22916 MEDIUM - 5.4

An attacker with low privileges may be able to trigger critical system functions such as reboot or factory reset without proper restrictions, potentially leading to service disruption or loss of configuration.

Vendor: sick
Product: tdc-x401gl_firmware
Published: Jan 15, 2026
Source: NVD
CVE-2026-22915 MEDIUM - 6.5

An attacker with low privileges may be able to read files from specific directories on the device, potentially exposing sensitive information.

Vendor: sick
Product: tdc-x401gl_firmware
Published: Jan 15, 2026
Source: NVD
CVE-2026-22914 MEDIUM - 6.5

An attacker with limited permissions may still be able to write files to specific locations on the device, potentially leading to system manipulation.

Vendor: sick
Product: tdc-x401gl_firmware
Published: Jan 15, 2026
Source: NVD
CVE-2026-22913 MEDIUM - 6.1

Improper handling of a URL parameter may allow attackers to execute code in a user's browser after login. This can lead to the extraction of sensitive data.

Vendor: sick
Product: tdc-x401gl_firmware
Published: Jan 15, 2026
Source: NVD
CVE-2026-22912 MEDIUM - 6.1

Improper validation of a login parameter may allow attackers to redirect users to malicious websites after authentication. This can lead to various risk including stealing credentials from unsuspecting users.

Vendor: sick
Product: tdc-x401gl_firmware
Published: Jan 15, 2026
Source: NVD
CVE-2025-14448 MEDIUM - 5.4

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Multiple Checkbox and Multiple Select user profile fields in all versions up to, and including, 3.5.4.3 due to insufficient input sanitization and output escaping. This makes it possible for au...

Vendor: cbutlerjr
Product: wp-members_membership_plugin
Published: Jan 15, 2026
Source: NVD