Total CVEs

142,666

Critical Severity

4,018

High Severity

14,386

Last 7 Days

1,420
Quick preset (or use dates below)
Clear Filters
Showing 13,841 - 13,860 of 14,386 CVEs
CVE-2025-67935 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Optimize optimizewp allows PHP Local File Inclusion.This issue affects Optimize: from n/a through < 2.4.

Published: Jan 08, 2026
Source: NVD
CVE-2025-67934 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Wellspring wellspring allows PHP Local File Inclusion.This issue affects Wellspring: from n/a through < 2.8.

Published: Jan 08, 2026
Source: NVD
CVE-2025-67931 HIGH - 7.5

Insertion of Sensitive Information Into Sent Data vulnerability in AITpro BulletProof Security bulletproof-security allows Retrieve Embedded Sensitive Data.This issue affects BulletProof Security: from n/a through <= 6.9.

Published: Jan 08, 2026
Source: NVD
CVE-2025-67926 HIGH - 8.8

Missing Authorization vulnerability in Shahjahan Jewel Fluent Support fluent-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fluent Support: from n/a through <= 1.10.4.

Published: Jan 08, 2026
Source: NVD
CVE-2025-67925 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in zozothemes Corpkit corpkit allows PHP Local File Inclusion.This issue affects Corpkit: from n/a through <= 2.0.

Published: Jan 08, 2026
Source: NVD
CVE-2025-67919 HIGH - 8.1

Authorization Bypass Through User-Controlled Key vulnerability in WofficeIO Woffice Core woffice-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woffice Core: from n/a through <= 5.4.30.

Published: Jan 08, 2026
Source: NVD
CVE-2025-67917 HIGH - 8.1

Missing Authorization vulnerability in shinetheme Traveler traveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Traveler: from n/a through <= 3.2.6.

Published: Jan 08, 2026
Source: NVD
CVE-2025-67914 HIGH - 7.5

Path Traversal: '.../...//' vulnerability in beeteam368 VidMov vidmov allows Path Traversal.This issue affects VidMov: from n/a through <= 2.3.8.

Published: Jan 08, 2026
Source: NVD
CVE-2025-22715 HIGH - 8.1

Missing Authorization vulnerability in loopus WP Attractive Donations System - Easy Stripe & Paypal donations WP_AttractiveDonationsSystem allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Attractive Donations System - Easy Stripe & Paypal donation...

Published: Jan 08, 2026
Source: NVD
CVE-2026-0701 HIGH - 7.2

A vulnerability was identified in code-projects Intern Membership Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /intern/admin/add_admin.php. The manipulation of the argument Username leads to sql injection. The attack is possible to be carried out remo...

Vendor: carmelo
Product: intern_membership_management_system
Published: Jan 08, 2026
Source: NVD
CVE-2026-0699 HIGH - 7.2

A vulnerability was found in code-projects Intern Membership Management System 1.0. This impacts an unknown function of the file /intern/admin/edit_activity.php. Performing a manipulation of the argument activity_id results in sql injection. Remote exploitation of the attack is possible. The exploit...

Vendor: carmelo
Product: intern_membership_management_system
Published: Jan 08, 2026
Source: NVD
CVE-2026-0698 HIGH - 7.2

A vulnerability has been found in code-projects Intern Membership Management System 1.0. This affects an unknown function of the file /intern/admin/edit_students.php. Such manipulation of the argument admin_id leads to sql injection. The attack may be launched remotely. The exploit has been disclose...

Vendor: carmelo
Product: intern_membership_management_system
Published: Jan 08, 2026
Source: NVD
CVE-2026-0697 HIGH - 7.2

A flaw has been found in code-projects Intern Membership Management System 1.0. The impacted element is an unknown function of the file /intern/admin/edit_admin.php. This manipulation of the argument admin_id causes sql injection. The attack may be initiated remotely. The exploit has been published ...

Vendor: carmelo
Product: intern_membership_management_system
Published: Jan 08, 2026
Source: NVD
CVE-2026-21427 HIGH - 7.8

The installers for multiple products provided by PIONEER CORPORATION contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running installer.

Published: Jan 08, 2026
Source: NVD
CVE-2026-22035 HIGH - 7.7

Greenshot is an open source Windows screenshot utility. Versions 1.3.310 and below arvulnerable to OS Command Injection through unsanitized filename processing. The FormatArguments method in ExternalCommandDestination.cs:269 uses string.Format() to insert user-controlled filenames directly into shel...

Published: Jan 08, 2026
Source: NVD
CVE-2026-21868 HIGH - 7.5

Flag Forge is a Capture The Flag (CTF) platform. Versions 2.3.2 and below have a Regular Expression Denial of Service (ReDoS) vulnerability in the user profile API endpoint (/api/user/[username]). The application constructs a regular expression dynamically using unescaped user input (the username pa...

Vendor: flagforge
Product: flagforge
Published: Jan 08, 2026
Source: NVD
CVE-2026-21869 HIGH - 8.8

llama.cpp is an inference of several LLM models in C/C++. In commits 55d4206c8 and prior, the n_discard parameter is parsed directly from JSON input in the llama.cpp server's completion endpoints without validation to ensure it's non-negative. When a negative value is supplied and the cont...

Published: Jan 08, 2026
Source: NVD
CVE-2026-21694 HIGH - 8.1

Titra is open source project time tracking software. Versions 0.99.49 and below have Improper Access Control, allowing users to view and edit other users' time entries in private projects they have not been granted access to. This issue is fixed in version 0.99.50.

Vendor: kromit
Product: titra
Published: Jan 08, 2026
Source: NVD
CVE-2019-25291 HIGH - 7.5

INIM Electronics Smartliving SmartLAN/G/SI <=6.x contains hard-coded credentials in its Linux distribution image that cannot be changed through normal device operations. Attackers can exploit these persistent credentials to log in and gain unauthorized system access across multiple SmartLiving de...

Published: Jan 08, 2026
Source: NVD
CVE-2019-25289 HIGH - 8.8

SmartLiving SmartLAN <=6.x contains an authenticated remote command injection vulnerability in the web.cgi binary through the 'par' POST parameter with the 'testemail' module. Attackers can exploit the unsanitized parameter and system() function call to execute arbitrary syste...

Published: Jan 08, 2026
Source: NVD