Total CVEs

142,518

Critical Severity

3,992

High Severity

14,327

Last 7 Days

1,829
Quick preset (or use dates below)
Clear Filters
Showing 13,761 - 13,780 of 14,756 CVEs
CVE-2023-54332 MEDIUM - 6.1

Jetpack 11.4 contains a cross-site scripting vulnerability in the contact form module that allows attackers to inject malicious scripts through the post_id parameter. Attackers can craft malicious URLs with script payloads to execute arbitrary JavaScript in victims' browsers when they interact ...

Published: Jan 13, 2026
Source: NVD
CVE-2023-53985 MEDIUM - 6.1

Zstore, now referred to as Zippy CRM, 6.5.4 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts through unvalidated input parameters. Attackers can submit crafted payloads in manual insertion points to execute arbitrary JavaScript code in victim&...

Published: Jan 13, 2026
Source: NVD
CVE-2022-50927 MEDIUM - 6.2

Cyclades Serial Console Server 3.3.0 contains a local privilege escalation vulnerability due to overly permissive sudo privileges for the admin user and admin group. Attackers can exploit the default user configuration to gain root access by manipulating system binaries and leveraging unrestricted s...

Published: Jan 13, 2026
Source: NVD
CVE-2022-50906 MEDIUM - 4.8

e107 CMS 3.2.1 contains an upload restriction bypass vulnerability that allows authenticated administrators to upload malicious SVG files through the media manager. Attackers with admin privileges can exploit this vulnerability to upload SVG files with embedded cross-site scripting (XSS) payloads th...

Vendor: e107
Product: e107
Published: Jan 13, 2026
Source: NVD
CVE-2022-50905 MEDIUM - 6.1

e107 CMS version 3.2.1 contains multiple vulnerabilities that allow cross-site scripting (XSS) attacks. The first vulnerability is a reflected XSS that occurs in the news comment functionality when authenticated users interact with the comment form. An attacker can inject malicious JavaScript code t...

Vendor: e107
Product: e107
Published: Jan 13, 2026
Source: NVD
CVE-2022-50899 MEDIUM - 6.5

Geonetwork 3.10 through 4.2.0 contains an XML external entity vulnerability in PDF rendering that allows attackers to retrieve arbitrary files from the server. Attackers can exploit the insecure XML parser by crafting a malicious XML document with external entity references to read system files thro...

Published: Jan 13, 2026
Source: NVD
CVE-2022-50897 MEDIUM - 6.2

mPDF 7.0 contains a local file inclusion vulnerability that allows attackers to read arbitrary system files by manipulating annotation file parameters. Attackers can generate URL-encoded or base64 payloads to include local files through crafted annotation content with file path specifications.

Published: Jan 13, 2026
Source: NVD
CVE-2022-50896 MEDIUM - 6.1

Testa 3.5.1 contains a reflected cross-site scripting vulnerability in the login.php redirect parameter that allows attackers to inject malicious scripts. Attackers can craft a specially encoded payload in the redirect parameter to execute arbitrary JavaScript in victim's browser context.

Published: Jan 13, 2026
Source: NVD
CVE-2022-50894 MEDIUM - 6.5

VIAVIWEB Wallpaper Admin 1.0 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the img_id parameter. Attackers can send GET requests to edit_gallery_image.php with malicious img_id values to extract database infor...

Vendor: viaviweb
Product: wallpaper_admin
Published: Jan 13, 2026
Source: NVD
CVE-2022-50891 MEDIUM - 6.2

Owlfiles File Manager 12.0.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the path parameter in HTTP server endpoints. Attackers can craft URLs targeting the download and list endpoints with embedded script tags to execute arbitrary JavaScri...

Published: Jan 13, 2026
Source: NVD
CVE-2021-47750 MEDIUM - 6.1

YouPHPTube <= 7.8 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the redirectUri parameter in the signup page. Attackers can craft special signup URLs with embedded script tags to execute arbitrary JavaScript in victims' browsers when ...

Vendor: youphptube
Product: youphptube
Published: Jan 13, 2026
Source: NVD
CVE-2021-47749 MEDIUM - 5.5

YouPHPTube <= 7.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to access arbitrary files by manipulating the 'lang' parameter in GET requests. Attackers can exploit the path traversal flaw in locale/function.php to include and view PHP files outsid...

Vendor: youphptube
Product: youphptube
Published: Jan 13, 2026
Source: NVD
CVE-2020-36919 MEDIUM - 6.1

WPForms 1.7.8 contains a cross-site scripting vulnerability in the slider import search feature and tab parameter. Attackers can inject malicious scripts through the ListTable.php endpoint to execute arbitrary JavaScript in victim's browser.

Published: Jan 13, 2026
Source: NVD
CVE-2025-68947 MEDIUM - 4.7

NSecsoft 'NSecKrnl' is a Windows driver that allows a local, authenticated attacker to terminate processes owned by other users, including SYSTEM and Protected Processes by issuing crafted IOCTL requests to the driver.

Published: Jan 13, 2026
Source: NVD
CVE-2025-68658 MEDIUM - 4.8

Open Source Point of Sale (opensourcepos) is a web based point of sale application written in PHP using CodeIgniter framework. opensourcepos 3.4.0 and 3.4.1 has a stored XSS vulnerability exists in the Configuration (Information) functionality. An authenticated user with the permission “Configuratio...

Vendor: opensourcepos
Product: open_source_point_of_sale
Published: Jan 13, 2026
Source: NVD
CVE-2026-21303 MEDIUM - 5.5

Substance3D - Modeler versions 1.22.4 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a v...

Vendor: adobe
Product: substance_3d_modeler
Published: Jan 13, 2026
Source: NVD
CVE-2026-21302 MEDIUM - 5.5

Substance3D - Modeler versions 1.22.4 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a v...

Vendor: adobe
Product: substance_3d_modeler
Published: Jan 13, 2026
Source: NVD
CVE-2026-21301 MEDIUM - 5.5

Substance3D - Modeler versions 1.22.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: adobe
Product: substance_3d_modeler
Published: Jan 13, 2026
Source: NVD
CVE-2026-21300 MEDIUM - 5.5

Substance3D - Modeler versions 1.22.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor: adobe
Product: substance_3d_modeler
Published: Jan 13, 2026
Source: NVD
CVE-2026-0543 MEDIUM - 6.5

Improper Input Validation (CWE-20) in Kibana's Email Connector can allow an attacker to cause an Excessive Allocation (CAPEC-130) through a specially crafted email address parameter. This requires an attacker to have authenticated access with view-level privileges sufficient to execute connecto...

Vendor: elastic
Product: kibana
Published: Jan 13, 2026
Source: NVD