Total CVEs

142,666

Critical Severity

4,018

High Severity

14,386

Last 7 Days

1,417
Quick preset (or use dates below)
Clear Filters
Showing 13,901 - 13,920 of 14,386 CVEs
CVE-2026-0628 HIGH - 8.8

Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Jan 07, 2026
Source: NVD
CVE-2025-69082 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Frenify Arlo arlo allows Reflected XSS.This issue affects Arlo: from n/a through 6.0.3.

Published: Jan 07, 2026
Source: NVD
CVE-2025-69081 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Group Hope charity-is-hope allows PHP Local File Inclusion.This issue affects Hope: from n/a through 3.0.0.

Published: Jan 07, 2026
Source: NVD
CVE-2025-69080 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JanStudio Gecko allows PHP Local File Inclusion.This issue affects Gecko: from n/a through 1.9.8.

Published: Jan 07, 2026
Source: NVD
CVE-2025-47396 HIGH - 7.8

Memory corruption occurs when a secure application is launched on a device with insufficient memory.

Published: Jan 07, 2026
Source: NVD
CVE-2025-47394 HIGH - 7.8

Memory corruption when copying overlapping buffers during memory operations due to incorrect offset calculations.

Published: Jan 07, 2026
Source: NVD
CVE-2025-47393 HIGH - 7.8

Memory corruption when accessing resources in kernel driver.

Published: Jan 07, 2026
Source: NVD
CVE-2025-47388 HIGH - 7.8

Memory corruption while passing pages to DSP with an unaligned starting address.

Published: Jan 07, 2026
Source: NVD
CVE-2025-47380 HIGH - 7.8

Memory corruption while preprocessing IOCTLs in sensors.

Published: Jan 07, 2026
Source: NVD
CVE-2025-47356 HIGH - 7.8

Memory Corruption when multiple threads concurrently access and modify shared resources.

Published: Jan 07, 2026
Source: NVD
CVE-2025-47348 HIGH - 7.8

Memory corruption while processing identity credential operations in the trusted application.

Published: Jan 07, 2026
Source: NVD
CVE-2025-47346 HIGH - 7.8

Memory corruption while processing a secure logging command in the trusted application.

Published: Jan 07, 2026
Source: NVD
CVE-2025-47345 HIGH - 8.4

Cryptographic issue may occur while encrypting license data.

Published: Jan 07, 2026
Source: NVD
CVE-2025-47343 HIGH - 7.8

Memory corruption while processing a video session to set video parameters.

Vendor: qualcomm
Product: video_collaboration_vc3_platform_firmware
Published: Jan 07, 2026
Source: NVD
CVE-2025-47339 HIGH - 7.8

Memory corruption while deinitializing a HDCP session.

Published: Jan 07, 2026
Source: NVD
CVE-2025-32300 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital zoom studio DZS Video Gallery allows Reflected XSS.This issue affects DZS Video Gallery: from n/a through 12.25.

Published: Jan 07, 2026
Source: NVD
CVE-2025-31643 HIGH - 8.8

Incorrect Privilege Assignment vulnerability in Dasinfomedia WPCHURCH allows Privilege Escalation.This issue affects WPCHURCH: from n/a through 2.7.0.

Published: Jan 07, 2026
Source: NVD
CVE-2025-15472 HIGH - 7.2

A flaw has been found in TRENDnet TEW-811DRU 1.0.2.0. This affects the function setDeviceURL  of the file uapply.cgi of the component httpd . This manipulation of the argument DeviceURL causes os command injection. The attack can be initiated remotely. The exploit has been published and may be used....

Vendor: trendnet
Product: tew-811dru_firmware
Published: Jan 07, 2026
Source: NVD
CVE-2025-15158 HIGH - 8.8

The WP Enable WebP plugin for WordPress is vulnerable to arbitrary file uploads due to improper file type validation in the 'wpse_file_and_ext_webp' function in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Author-level access and above, t...

Published: Jan 07, 2026
Source: NVD
CVE-2025-14835 HIGH - 7.1

The WP Photo Album Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘shortcode’ parameter in all versions up to, and including, 9.1.05.008 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbit...

Published: Jan 07, 2026
Source: NVD