Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,765
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 13,721 - 13,740 of 13,803 CVEs
CVE-2025-64423 HIGH - 8.8

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-beta.434, a low privileged user (member) can see and use invitation links sent to an administrator. When they use the link before the legitimate recipien...

Vendor: coollabs
Product: coolify
Published: Jan 05, 2026
Source: NVD
CVE-2025-67419 HIGH - 7.5

A Denial of Service (DoS) vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to exhaust the application server's resources via the "GET /images" API. The application fails to limit the height of the use-element shadow tree or the dimensions of pattern tiles dur...

Vendor: evershop
Product: evershop
Published: Jan 05, 2026
Source: NVD
CVE-2025-64421 HIGH - 8.0

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-beta.434, a low privileged user (member) can invite a high privileged user. At first, the application will throw an error, but if the attacker clicks the...

Vendor: coollabs
Product: coolify
Published: Jan 05, 2026
Source: NVD
CVE-2025-64420 HIGH - 8.8

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions prior to and including v4.0.0-beta.434, low privileged users are able to see the private key of the root user on the Coolify instance. This allows them to ssh to the server and aut...

Vendor: coollabs
Product: coolify
Published: Jan 05, 2026
Source: NVD
CVE-2025-64419 HIGH - 8.8

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.445, parameters coming from docker-compose.yaml are not sanitized when used in commands. If a victim user creates an application from an attacker repository (using build pa...

Vendor: coollabs
Product: coolify
Published: Jan 05, 2026
Source: NVD
CVE-2025-53966 HIGH - 8.4

An issue was discovered in Samsung Mobile Processor Exynos 1380, 1480, 2400, and 1580. Incorrect Handling of the NL80211 vendor command leads to a buffer overflow during handling of an IOCTL message.

Vendor: samsung
Product: exynos_1380_firmware
Published: Jan 05, 2026
Source: NVD
CVE-2025-49495 HIGH - 8.4

An issue was discovered in the WiFi driver in Samsung Mobile Processor Exynos 1380, 1480, 2400, 1580. Mishandling of an NL80211 vendor command leads to a buffer overflow.

Vendor: samsung
Product: exynos_1380_firmware
Published: Jan 05, 2026
Source: NVD
CVE-2025-43706 HIGH - 7.5

An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2400, 1580, 9110, W920, W930, Modem 5123, and Modem 5400. Incorrect handling of RRC packets leads to a Denial of Service.

Vendor: samsung
Product: exynos_1080_firmware
Published: Jan 05, 2026
Source: NVD
CVE-2025-61781 HIGH - 7.1

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.8.1, the GraphQL mutation "WorkspacePopoverDeletionMutation" allows users to delete workspace-related objects such as dashboards and investigation cases. However, the mut...

Published: Jan 05, 2026
Source: NVD
CVE-2025-59158 HIGH - 8.0

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Coolify versions prior to and including v4.0.0-beta.420.6 are vulnerable to a stored cross-site scripting (XSS) attack in the project creation workflow. An authenticated user with low privileges (e.g....

Vendor: coollabs
Product: coolify
Published: Jan 05, 2026
Source: NVD
CVE-2025-59157 HIGH - 8.8

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.420.7, the Git Repository field during project creation is vulnerable to command injection. User input is not properly sanitized, allowing attackers to inject arbitrary she...

Vendor: coollabs
Product: coolify
Published: Jan 05, 2026
Source: NVD
CVE-2025-59156 HIGH - 8.8

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.420.7, a Remote Code Execution (RCE)*vulnerability exists in Coolify's application deployment workflow. This flaw allows a low-privileged member to inject arbitrary Do...

Vendor: coollabs
Product: coolify
Published: Jan 05, 2026
Source: NVD
CVE-2026-21633 HIGH - 8.8

A malicious actor with access to the adjacent network could obtain unauthorized access to a UniFi Protect Camera by exploiting a discovery protocol vulnerability in the Unifi Protect Application (Version 6.1.79 and earlier). Affected Products: UniFi Protect Application (Version 6.1.79 and...

Published: Jan 05, 2026
Source: NVD
CVE-2025-59467 HIGH - 7.5

A Cross-Site Scripting (XSS) vulnerability in the UCRM Argentina AFIP invoices Plugin (v1.2.0 and earlier) could allow privilege escalation if an Administrator is tricked into visiting a crafted malicious page. This plugin is disabled by default. Affected Products: UCRM Argentina AFIP invoices P...

Published: Jan 05, 2026
Source: NVD
CVE-2025-57836 HIGH - 7.8

An issue was discovered in Samsung Magician 6.3.0 through 8.3.2 on Windows. The installer creates a temporary folder with weak permissions during installation, allowing a non-admin user to perform DLL hijacking and escalate privileges.

Published: Jan 05, 2026
Source: NVD
CVE-2025-52519 HIGH - 7.1

An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos 1330, 1380, 1480, 2400, 1580, and 2500. Improper validation of user-space input in the issimian device driver leads to information disclosure and a denial of service.

Published: Jan 05, 2026
Source: NVD
CVE-2025-46255 HIGH - 7.5

Missing Authorization vulnerability in Marketing Fire LLC LoginWP - Pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LoginWP - Pro: from n/a through 4.0.8.5.

Published: Jan 05, 2026
Source: NVD
CVE-2024-53735 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Corourke iPhone Webclip Manager allows Stored XSS.This issue affects iPhone Webclip Manager: from n/a through 0.5.

Published: Jan 05, 2026
Source: NVD
CVE-2024-30516 HIGH - 7.5

Improper Validation of Specified Quantity in Input vulnerability in SaasProject Booking Package allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booking Package: from n/a through 1.6.27.

Published: Jan 05, 2026
Source: NVD
CVE-2024-30461 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tumult Inc Tumult Hype Animations allows DOM-Based XSS.This issue affects Tumult Hype Animations: from n/a through 1.9.11.

Published: Jan 05, 2026
Source: NVD