Total CVEs

142,588

Critical Severity

4,002

High Severity

14,356

Last 7 Days

1,844
Quick preset (or use dates below)
Clear Filters
πŸ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years β†’
Showing 13,701 - 13,720 of 14,399 CVEs
CVE-2026-22916 MEDIUM - 5.4

An attacker with low privileges may be able to trigger critical system functions such as reboot or factory reset without proper restrictions, potentially leading to service disruption or loss of configuration.

Vendor: sick
Product: tdc-x401gl_firmware
Published: Jan 15, 2026
Source: NVD
CVE-2026-22915 MEDIUM - 6.5

An attacker with low privileges may be able to read files from specific directories on the device, potentially exposing sensitive information.

Vendor: sick
Product: tdc-x401gl_firmware
Published: Jan 15, 2026
Source: NVD
CVE-2026-22914 MEDIUM - 6.5

An attacker with limited permissions may still be able to write files to specific locations on the device, potentially leading to system manipulation.

Vendor: sick
Product: tdc-x401gl_firmware
Published: Jan 15, 2026
Source: NVD
CVE-2026-22913 MEDIUM - 6.1

Improper handling of a URL parameter may allow attackers to execute code in a user's browser after login. This can lead to the extraction of sensitive data.

Vendor: sick
Product: tdc-x401gl_firmware
Published: Jan 15, 2026
Source: NVD
CVE-2026-22912 MEDIUM - 6.1

Improper validation of a login parameter may allow attackers to redirect users to malicious websites after authentication. This can lead to various risk including stealing credentials from unsuspecting users.

Vendor: sick
Product: tdc-x401gl_firmware
Published: Jan 15, 2026
Source: NVD
CVE-2025-14448 MEDIUM - 5.4

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Multiple Checkbox and Multiple Select user profile fields in all versions up to, and including, 3.5.4.3 due to insufficient input sanitization and output escaping. This makes it possible for au...

Vendor: cbutlerjr
Product: wp-members_membership_plugin
Published: Jan 15, 2026
Source: NVD
CVE-2026-0421 MEDIUM - 6.5

A potential vulnerability was reported in the BIOS of L13 Gen 6, L13 Gen 6 2-in-1, L14 Gen 6, and L16 Gen 2 ThinkPads which could result in Secure Boot being disabled even when configured as β€œOn” in the BIOS setup menu. This issue only affects systems where Secure Boot is set to User Mode.

Published: Jan 14, 2026
Source: NVD
CVE-2025-13454 MEDIUM - 4.7

A potential vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to gain access to sensitive device information.

Published: Jan 14, 2026
Source: NVD
CVE-2025-13453 MEDIUM - 6.8

A potential vulnerability was reported in some ThinkPlus USB drives that could allow a user with physical access to read data stored on the drive.

Published: Jan 14, 2026
Source: NVD
CVE-2025-13154 MEDIUM - 5.5

An improper link following vulnerability was reported in the SmartPerformanceAddin for Lenovo Vantage that could allow an authenticated local user to perform an arbitrary file deletion with elevated privileges.

Published: Jan 14, 2026
Source: NVD
CVE-2026-0962 MEDIUM - 6.5

SOME/IP-SD protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service

Vendor: wireshark
Product: wireshark
Published: Jan 14, 2026
Source: NVD
CVE-2026-0961 MEDIUM - 6.5

BLF file parser crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service

Vendor: wireshark
Product: wireshark
Published: Jan 14, 2026
Source: NVD
CVE-2026-0960 MEDIUM - 5.5

HTTP3 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.2 allows denial of service

Vendor: wireshark
Product: wireshark
Published: Jan 14, 2026
Source: NVD
CVE-2026-0959 MEDIUM - 6.5

IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service

Vendor: wireshark
Product: wireshark
Published: Jan 14, 2026
Source: NVD
CVE-2026-23497 MEDIUM - 5.4

Frappe Learning Management System (LMS) is a learning system that helps users structure their content. In 2.44.0 and earlier, there is a stored XSS vulnerability where a specially crafted image filename could execute malicious JavaScript when rendered on course or jobs pages.

Vendor: frappe
Product: learning
Published: Jan 14, 2026
Source: NVD
CVE-2026-23492 MEDIUM - 4.9

Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, an incomplete SQL injection patch in the Admin Search Find API allows an authenticated attacker to perform blind SQL injection. Although CVE-2023-30848 attempted to mitigate SQL injection by removing SQ...

Vendor: pimcore
Product: pimcore
Published: Jan 14, 2026
Source: NVD
CVE-2025-71166 MEDIUM - 5.4

Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting (XSS) vulnerability in the administrative interface within the Tools Status move message handling. The path parameter is reflected into the HTML output without proper output encoding in include/admin/Tools/Statu...

Vendor: typesettercms
Product: typesetter
Published: Jan 14, 2026
Source: NVD
CVE-2025-71165 MEDIUM - 5.4

Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting (XSS) vulnerability in the administrative interface within the Tools Status functionality. The path parameter is reflected into the HTML response without proper output encoding in include/admin/Tools/Status.php....

Vendor: typesettercms
Product: typesetter
Published: Jan 14, 2026
Source: NVD
CVE-2025-71164 MEDIUM - 5.4

Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting (XSS) vulnerability in the Editing component. The images parameter (submitted as images[] in a POST request) is reflected into an HTML href attribute without proper context-aware output encoding in include/tool/...

Vendor: typesettercms
Product: typesetter
Published: Jan 14, 2026
Source: NVD
CVE-2025-14557 MEDIUM - 4.8

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Facebook Pixel facebook_pixel allows Stored XSS.This issue affects Facebook Pixel: from 7.X-1.0 through 7.X-1.1.

Vendor: facebook_pixel_project
Product: facebook_pixel
Published: Jan 14, 2026
Source: NVD