Total CVEs

142,888

Critical Severity

4,037

High Severity

14,476

Last 7 Days

1,331
Quick preset (or use dates below)
Clear Filters
πŸ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years β†’
Showing 13,881 - 13,900 of 14,508 CVEs
CVE-2025-68967 MEDIUM - 5.5

Vulnerability of improper permission control in the print module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Vendor: huawei
Product: harmonyos
Published: Jan 14, 2026
Source: NVD
CVE-2025-68966 MEDIUM - 5.5

Permission control vulnerability in the Notepad module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Vendor: huawei
Product: harmonyos
Published: Jan 14, 2026
Source: NVD
CVE-2025-68965 MEDIUM - 5.5

Permission control vulnerability in the Notepad module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Vendor: huawei
Product: harmonyos
Published: Jan 14, 2026
Source: NVD
CVE-2025-68964 MEDIUM - 5.5

Data verification vulnerability in the HiView module. Impact: Successful exploitation of this vulnerability may affect availability.

Vendor: huawei
Product: harmonyos
Published: Jan 14, 2026
Source: NVD
CVE-2025-68963 MEDIUM - 5.3

Man-in-the-middle attack vulnerability in the Clone module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Vendor: huawei
Product: emui
Published: Jan 14, 2026
Source: NVD
CVE-2025-68962 MEDIUM - 4.7

Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability.

Vendor: huawei
Product: harmonyos
Published: Jan 14, 2026
Source: NVD
CVE-2025-68961 MEDIUM - 4.7

Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability.

Vendor: huawei
Product: harmonyos
Published: Jan 14, 2026
Source: NVD
CVE-2025-68960 MEDIUM - 4.7

Multi-thread race condition vulnerability in the video framework module. Impact: Successful exploitation of this vulnerability may affect availability.

Vendor: huawei
Product: harmonyos
Published: Jan 14, 2026
Source: NVD
CVE-2025-68959 MEDIUM - 5.5

Permission verification bypass vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Vendor: huawei
Product: emui
Published: Jan 14, 2026
Source: NVD
CVE-2025-68958 MEDIUM - 4.7

Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability.

Vendor: huawei
Product: harmonyos
Published: Jan 14, 2026
Source: NVD
CVE-2025-68957 MEDIUM - 4.7

Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability.

Vendor: huawei
Product: harmonyos
Published: Jan 14, 2026
Source: NVD
CVE-2025-68956 MEDIUM - 4.7

Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability.

Vendor: huawei
Product: harmonyos
Published: Jan 14, 2026
Source: NVD
CVE-2025-68955 MEDIUM - 4.7

Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability.

Vendor: huawei
Product: harmonyos
Published: Jan 14, 2026
Source: NVD
CVE-2026-0716 MEDIUM - 4.8

A flaw was found in libsoup’s WebSocket frame processing when handling incoming messages. If a non-default configuration is used where the maximum incoming payload size is unset, the library may read memory outside the intended bounds. This can cause unintended memory exposure or a crash. Applicatio...

Published: Jan 13, 2026
Source: NVD
CVE-2023-54341 MEDIUM - 6.1

Webgrind 1.1 and before contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts via the file parameter in index.php. The application does not sufficiently encode user-controlled inputs, allowing attackers to execute arbitrary JavaScri...

Published: Jan 13, 2026
Source: NVD
CVE-2023-54332 MEDIUM - 6.1

Jetpack 11.4 contains a cross-site scripting vulnerability in the contact form module that allows attackers to inject malicious scripts through the post_id parameter. Attackers can craft malicious URLs with script payloads to execute arbitrary JavaScript in victims' browsers when they interact ...

Published: Jan 13, 2026
Source: NVD
CVE-2023-53985 MEDIUM - 6.1

Zstore, now referred to as Zippy CRM, 6.5.4 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts through unvalidated input parameters. Attackers can submit crafted payloads in manual insertion points to execute arbitrary JavaScript code in victim&...

Published: Jan 13, 2026
Source: NVD
CVE-2022-50927 MEDIUM - 6.2

Cyclades Serial Console Server 3.3.0 contains a local privilege escalation vulnerability due to overly permissive sudo privileges for the admin user and admin group. Attackers can exploit the default user configuration to gain root access by manipulating system binaries and leveraging unrestricted s...

Published: Jan 13, 2026
Source: NVD
CVE-2022-50906 MEDIUM - 4.8

e107 CMS 3.2.1 contains an upload restriction bypass vulnerability that allows authenticated administrators to upload malicious SVG files through the media manager. Attackers with admin privileges can exploit this vulnerability to upload SVG files with embedded cross-site scripting (XSS) payloads th...

Vendor: e107
Product: e107
Published: Jan 13, 2026
Source: NVD
CVE-2022-50905 MEDIUM - 6.1

e107 CMS version 3.2.1 contains multiple vulnerabilities that allow cross-site scripting (XSS) attacks. The first vulnerability is a reflected XSS that occurs in the news comment functionality when authenticated users interact with the comment form. An attacker can inject malicious JavaScript code t...

Vendor: e107
Product: e107
Published: Jan 13, 2026
Source: NVD