Total CVEs

142,888

Critical Severity

4,037

High Severity

14,476

Last 7 Days

1,350
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 13,821 - 13,840 of 14,508 CVEs
CVE-2026-0961 MEDIUM - 6.5

BLF file parser crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service

Vendor: wireshark
Product: wireshark
Published: Jan 14, 2026
Source: NVD
CVE-2026-0960 MEDIUM - 5.5

HTTP3 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.2 allows denial of service

Vendor: wireshark
Product: wireshark
Published: Jan 14, 2026
Source: NVD
CVE-2026-0959 MEDIUM - 6.5

IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service

Vendor: wireshark
Product: wireshark
Published: Jan 14, 2026
Source: NVD
CVE-2026-23497 MEDIUM - 5.4

Frappe Learning Management System (LMS) is a learning system that helps users structure their content. In 2.44.0 and earlier, there is a stored XSS vulnerability where a specially crafted image filename could execute malicious JavaScript when rendered on course or jobs pages.

Vendor: frappe
Product: learning
Published: Jan 14, 2026
Source: NVD
CVE-2026-23492 MEDIUM - 4.9

Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, an incomplete SQL injection patch in the Admin Search Find API allows an authenticated attacker to perform blind SQL injection. Although CVE-2023-30848 attempted to mitigate SQL injection by removing SQ...

Vendor: pimcore
Product: pimcore
Published: Jan 14, 2026
Source: NVD
CVE-2025-71166 MEDIUM - 5.4

Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting (XSS) vulnerability in the administrative interface within the Tools Status move message handling. The path parameter is reflected into the HTML output without proper output encoding in include/admin/Tools/Statu...

Vendor: typesettercms
Product: typesetter
Published: Jan 14, 2026
Source: NVD
CVE-2025-71165 MEDIUM - 5.4

Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting (XSS) vulnerability in the administrative interface within the Tools Status functionality. The path parameter is reflected into the HTML response without proper output encoding in include/admin/Tools/Status.php....

Vendor: typesettercms
Product: typesetter
Published: Jan 14, 2026
Source: NVD
CVE-2025-71164 MEDIUM - 5.4

Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting (XSS) vulnerability in the Editing component. The images parameter (submitted as images[] in a POST request) is reflected into an HTML href attribute without proper context-aware output encoding in include/tool/...

Vendor: typesettercms
Product: typesetter
Published: Jan 14, 2026
Source: NVD
CVE-2025-14557 MEDIUM - 4.8

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Facebook Pixel facebook_pixel allows Stored XSS.This issue affects Facebook Pixel: from 7.X-1.0 through 7.X-1.1.

Vendor: facebook_pixel_project
Product: facebook_pixel
Published: Jan 14, 2026
Source: NVD
CVE-2025-14556 MEDIUM - 5.4

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Flag allows Cross-Site Scripting (XSS).This issue affects Flag: from 7.X-3.0 through 7.X-3.9.

Vendor: flag_module_project
Product: flag
Published: Jan 14, 2026
Source: NVD
CVE-2025-11224 MEDIUM - 5.4

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to execute stored cross-site scripting through improper input validation in the Kubernetes proxy functionality.

Vendor: gitlab
Product: gitlab
Published: Jan 14, 2026
Source: NVD
CVE-2026-22851 MEDIUM - 5.9

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race condition between the RDPGFX dynamic virtual channel thread and the SDL render thread leads to a heap use-after-free. Specifically, an escaped pointer to sdl->primary (SDL_Surface) is accessed after it has be...

Vendor: freerdp
Product: freerdp
Published: Jan 14, 2026
Source: NVD
CVE-2025-65397 MEDIUM - 6.8

An insecure authentication mechanism in the safe_exec.sh startup script of Blurams Flare Camera version 24.1114.151.929 and earlier allows an attacker with physical access to the device to execute arbitrary commands with root privileges, if file /opt/images/public_key.der is not present in the file ...

Published: Jan 14, 2026
Source: NVD
CVE-2025-63644 MEDIUM - 5.4

A stored cross-site scripting (XSS) vulnerability exists in pH7Software pH7-Social-Dating-CMS 17.9.1 in the user profile Description field.

Vendor: ph7builder
Product: ph7_social_dating_builder
Published: Jan 14, 2026
Source: NVD
CVE-2026-22779 MEDIUM - 5.3

BlackSheep is an asynchronous web framework to build event based web applications with Python. Prior to 2.4.6, the HTTP Client implementation in BlackSheep is vulnerable to CRLF injection. Missing headers validation makes it possible for an attacker to modify the HTTP requests (e.g. insert a new hea...

Vendor: neoteroi
Product: blacksheep
Published: Jan 14, 2026
Source: NVD
CVE-2026-22694 MEDIUM - 6.1

AliasVault is a privacy-first password manager with built-in email aliasing. AliasVault Android versions 0.24.0 through 0.25.2 contained an issue in how passkey requests from Android apps were validated. Under certain local conditions, a malicious app could attempt to obtain a passkey response for a...

Published: Jan 14, 2026
Source: NVD
CVE-2025-67835 MEDIUM - 6.5

Paessler PRTG Network Monitor before 25.4.114 allows Denial-of-Service (DoS) by an authenticated attacker via the Notification Contacts functionality.

Vendor: paessler
Product: prtg_network_monitor
Published: Jan 14, 2026
Source: NVD
CVE-2025-67834 MEDIUM - 5.4

Paessler PRTG Network Monitor before 25.4.114 allows XSS by an unauthenticated attacker via the filter parameter.

Vendor: paessler
Product: prtg_network_monitor
Published: Jan 14, 2026
Source: NVD
CVE-2025-67833 MEDIUM - 6.1

Paessler PRTG Network Monitor before 25.4.114 allows XSS by an unauthenticated attacker via the tag parameter.

Vendor: paessler
Product: prtg_network_monitor
Published: Jan 14, 2026
Source: NVD
CVE-2025-65396 MEDIUM - 6.1

A vulnerability in the boot process of Blurams Flare Camera version 24.1114.151.929 and earlier allows a physically proximate attacker to hijack the boot mechanism and gain a bootloader shell via the UART interface. This is achieved by inducing a read error from the SPI flash memory during the boot,...

Published: Jan 14, 2026
Source: NVD