Total CVEs

142,518

Critical Severity

3,992

High Severity

14,327

Last 7 Days

1,840
Quick preset (or use dates below)
Clear Filters
Showing 13,701 - 13,720 of 14,756 CVEs
CVE-2026-22694 MEDIUM - 6.1

AliasVault is a privacy-first password manager with built-in email aliasing. AliasVault Android versions 0.24.0 through 0.25.2 contained an issue in how passkey requests from Android apps were validated. Under certain local conditions, a malicious app could attempt to obtain a passkey response for a...

Published: Jan 14, 2026
Source: NVD
CVE-2025-67835 MEDIUM - 6.5

Paessler PRTG Network Monitor before 25.4.114 allows Denial-of-Service (DoS) by an authenticated attacker via the Notification Contacts functionality.

Vendor: paessler
Product: prtg_network_monitor
Published: Jan 14, 2026
Source: NVD
CVE-2025-67834 MEDIUM - 5.4

Paessler PRTG Network Monitor before 25.4.114 allows XSS by an unauthenticated attacker via the filter parameter.

Vendor: paessler
Product: prtg_network_monitor
Published: Jan 14, 2026
Source: NVD
CVE-2025-67833 MEDIUM - 6.1

Paessler PRTG Network Monitor before 25.4.114 allows XSS by an unauthenticated attacker via the tag parameter.

Vendor: paessler
Product: prtg_network_monitor
Published: Jan 14, 2026
Source: NVD
CVE-2025-65396 MEDIUM - 6.1

A vulnerability in the boot process of Blurams Flare Camera version 24.1114.151.929 and earlier allows a physically proximate attacker to hijack the boot mechanism and gain a bootloader shell via the UART interface. This is achieved by inducing a read error from the SPI flash memory during the boot,...

Published: Jan 14, 2026
Source: NVD
CVE-2025-37185 MEDIUM - 4.8

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attacks against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary s...

Vendor: arubanetworks
Product: edgeconnect_sd-wan_orchestrator
Published: Jan 14, 2026
Source: NVD
CVE-2025-67399 MEDIUM - 4.6

An issue in AIRTH SMART HOME AQI MONITOR Bootloader v.1.005 allows a physically proximate attacker to obtain sensitive information via the UART port of the BK7231N controller (Wi-Fi and BLE module) on the device is open to access

Published: Jan 14, 2026
Source: NVD
CVE-2025-14242 MEDIUM - 6.5

A flaw was found in vsftpd. This vulnerability allows a denial of service (DoS) via an integer overflow in the ls command parameter parsing, triggered by a remote, authenticated attacker sending a crafted STAT command with a specific byte sequence.

Published: Jan 14, 2026
Source: NVD
CVE-2025-56226 MEDIUM - 5.3

Libsndfile <=1.2.2 contains a memory leak vulnerability in the mpeg_l3_encoder_init() function within the mpeg_l3_encode.c file.

Vendor: libsndfile_project
Product: libsndfile
Published: Jan 14, 2026
Source: NVD
CVE-2025-66169 MEDIUM - 5.3

Cypher Injection vulnerability in Apache Camel camel-neo4j component. This issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.3, from 4.15.0 before 4.17.0 Users are recommended to upgrade to version 4.10.8 for 4.10.x LTS and 4.14.3 for 4.14.x LTS and 4.17.0.

Vendor: apache
Product: camel
Published: Jan 14, 2026
Source: NVD
CVE-2026-0529 MEDIUM - 6.5

Improper Validation of Array Index (CWE-129) in Packetbeat’s MongoDB protocol parser can allow an attacker to cause Overflow Buffers (CAPEC-100) through specially crafted network traffic. This requires an attacker to send a malformed payload to a monitored network interface where MongoDB protocol pa...

Published: Jan 14, 2026
Source: NVD
CVE-2026-0813 MEDIUM - 4.4

The Short Link plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'short_link_post_title' and 'short_link_page_title' parameters in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for...

Published: Jan 14, 2026
Source: NVD
CVE-2026-0812 MEDIUM - 4.4

The LinkedIn SC plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'linkedin_sc_date_format', 'linkedin_sc_api_key', and 'linkedin_sc_secret_key' parameters in all versions up to, and including, 1.1.9 due to insufficient input sanitization and out...

Published: Jan 14, 2026
Source: NVD
CVE-2026-0741 MEDIUM - 4.4

The Electric Studio Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-...

Published: Jan 14, 2026
Source: NVD
CVE-2026-0739 MEDIUM - 4.4

The WMF Mobile Redirector plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level acces...

Published: Jan 14, 2026
Source: NVD
CVE-2026-0734 MEDIUM - 4.4

The WP Allowed Hosts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'allowed-hosts' parameter in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administ...

Published: Jan 14, 2026
Source: NVD
CVE-2025-68492 MEDIUM - 4.2

Chainlit versions prior to 2.8.5 contain an authorization bypass through user-controlled key vulnerability. If this vulnerability is exploited, threads may be viewed or thread ownership may be obtained by an attacker who can log in to the product.

Published: Jan 14, 2026
Source: NVD
CVE-2025-15513 MEDIUM - 5.3

The Float Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to improper error handling in the verifyFloatResponse() function in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to mark any WooCommerce order as fa...

Published: Jan 14, 2026
Source: NVD
CVE-2025-15512 MEDIUM - 5.3

The Aplazo Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the check_success_response() function in all versions up to, and including, 1.4.2. This makes it possible for unauthenticated attackers to set any WooCommerce order...

Published: Jan 14, 2026
Source: NVD
CVE-2025-15475 MEDIUM - 5.3

The PayHere Payment Gateway Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to an improper validation logic in the check_payhere_response function in all versions up to, and including, 2.3.9. This makes it possible for unauthenticated attackers to c...

Published: Jan 14, 2026
Source: NVD