Total CVEs

142,588

Critical Severity

4,002

High Severity

14,356

Last 7 Days

1,782
Quick preset (or use dates below)
Clear Filters
πŸ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years β†’
Showing 13,781 - 13,800 of 14,399 CVEs
CVE-2025-68958 MEDIUM - 4.7

Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability.

Vendor: huawei
Product: harmonyos
Published: Jan 14, 2026
Source: NVD
CVE-2025-68957 MEDIUM - 4.7

Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability.

Vendor: huawei
Product: harmonyos
Published: Jan 14, 2026
Source: NVD
CVE-2025-68956 MEDIUM - 4.7

Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability.

Vendor: huawei
Product: harmonyos
Published: Jan 14, 2026
Source: NVD
CVE-2025-68955 MEDIUM - 4.7

Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability.

Vendor: huawei
Product: harmonyos
Published: Jan 14, 2026
Source: NVD
CVE-2026-0716 MEDIUM - 4.8

A flaw was found in libsoup’s WebSocket frame processing when handling incoming messages. If a non-default configuration is used where the maximum incoming payload size is unset, the library may read memory outside the intended bounds. This can cause unintended memory exposure or a crash. Applicatio...

Published: Jan 13, 2026
Source: NVD
CVE-2023-54341 MEDIUM - 6.1

Webgrind 1.1 and before contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts via the file parameter in index.php. The application does not sufficiently encode user-controlled inputs, allowing attackers to execute arbitrary JavaScri...

Published: Jan 13, 2026
Source: NVD
CVE-2023-54332 MEDIUM - 6.1

Jetpack 11.4 contains a cross-site scripting vulnerability in the contact form module that allows attackers to inject malicious scripts through the post_id parameter. Attackers can craft malicious URLs with script payloads to execute arbitrary JavaScript in victims' browsers when they interact ...

Published: Jan 13, 2026
Source: NVD
CVE-2023-53985 MEDIUM - 6.1

Zstore, now referred to as Zippy CRM, 6.5.4 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts through unvalidated input parameters. Attackers can submit crafted payloads in manual insertion points to execute arbitrary JavaScript code in victim&...

Published: Jan 13, 2026
Source: NVD
CVE-2022-50927 MEDIUM - 6.2

Cyclades Serial Console Server 3.3.0 contains a local privilege escalation vulnerability due to overly permissive sudo privileges for the admin user and admin group. Attackers can exploit the default user configuration to gain root access by manipulating system binaries and leveraging unrestricted s...

Published: Jan 13, 2026
Source: NVD
CVE-2022-50906 MEDIUM - 4.8

e107 CMS 3.2.1 contains an upload restriction bypass vulnerability that allows authenticated administrators to upload malicious SVG files through the media manager. Attackers with admin privileges can exploit this vulnerability to upload SVG files with embedded cross-site scripting (XSS) payloads th...

Vendor: e107
Product: e107
Published: Jan 13, 2026
Source: NVD
CVE-2022-50905 MEDIUM - 6.1

e107 CMS version 3.2.1 contains multiple vulnerabilities that allow cross-site scripting (XSS) attacks. The first vulnerability is a reflected XSS that occurs in the news comment functionality when authenticated users interact with the comment form. An attacker can inject malicious JavaScript code t...

Vendor: e107
Product: e107
Published: Jan 13, 2026
Source: NVD
CVE-2022-50899 MEDIUM - 6.5

Geonetwork 3.10 through 4.2.0 contains an XML external entity vulnerability in PDF rendering that allows attackers to retrieve arbitrary files from the server. Attackers can exploit the insecure XML parser by crafting a malicious XML document with external entity references to read system files thro...

Published: Jan 13, 2026
Source: NVD
CVE-2022-50897 MEDIUM - 6.2

mPDF 7.0 contains a local file inclusion vulnerability that allows attackers to read arbitrary system files by manipulating annotation file parameters. Attackers can generate URL-encoded or base64 payloads to include local files through crafted annotation content with file path specifications.

Published: Jan 13, 2026
Source: NVD
CVE-2022-50896 MEDIUM - 6.1

Testa 3.5.1 contains a reflected cross-site scripting vulnerability in the login.php redirect parameter that allows attackers to inject malicious scripts. Attackers can craft a specially encoded payload in the redirect parameter to execute arbitrary JavaScript in victim's browser context.

Published: Jan 13, 2026
Source: NVD
CVE-2022-50894 MEDIUM - 6.5

VIAVIWEB Wallpaper Admin 1.0 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the img_id parameter. Attackers can send GET requests to edit_gallery_image.php with malicious img_id values to extract database infor...

Vendor: viaviweb
Product: wallpaper_admin
Published: Jan 13, 2026
Source: NVD
CVE-2022-50891 MEDIUM - 6.2

Owlfiles File Manager 12.0.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the path parameter in HTTP server endpoints. Attackers can craft URLs targeting the download and list endpoints with embedded script tags to execute arbitrary JavaScri...

Published: Jan 13, 2026
Source: NVD
CVE-2021-47750 MEDIUM - 6.1

YouPHPTube <= 7.8 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the redirectUri parameter in the signup page. Attackers can craft special signup URLs with embedded script tags to execute arbitrary JavaScript in victims' browsers when ...

Vendor: youphptube
Product: youphptube
Published: Jan 13, 2026
Source: NVD
CVE-2021-47749 MEDIUM - 5.5

YouPHPTube <= 7.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to access arbitrary files by manipulating the 'lang' parameter in GET requests. Attackers can exploit the path traversal flaw in locale/function.php to include and view PHP files outsid...

Vendor: youphptube
Product: youphptube
Published: Jan 13, 2026
Source: NVD
CVE-2020-36919 MEDIUM - 6.1

WPForms 1.7.8 contains a cross-site scripting vulnerability in the slider import search feature and tab parameter. Attackers can inject malicious scripts through the ListTable.php endpoint to execute arbitrary JavaScript in victim's browser.

Published: Jan 13, 2026
Source: NVD
CVE-2025-68947 MEDIUM - 4.7

NSecsoft 'NSecKrnl' is a Windows driver that allows a local, authenticated attacker to terminate processes owned by other users, including SYSTEM and Protected Processes by issuing crafted IOCTL requests to the driver.

Published: Jan 13, 2026
Source: NVD