Total CVEs

142,666

Critical Severity

4,018

High Severity

14,386

Last 7 Days

1,417
Quick preset (or use dates below)
Clear Filters
Showing 14,141 - 14,160 of 14,805 CVEs
CVE-2025-49335 MEDIUM - 4.9

Server-Side Request Forgery (SSRF) vulnerability in minnur External Media allows Server Side Request Forgery.This issue affects External Media: from n/a through 1.0.36.

Published: Jan 07, 2026
Source: NVD
CVE-2025-46434 MEDIUM - 6.5

Missing Authorization vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus Addons for Elementor Pro: from n/a before 6.3.7.

Published: Jan 07, 2026
Source: NVD
CVE-2025-46256 MEDIUM - 6.4

Path Traversal: '.../...//' vulnerability in SigmaPlugin Advanced Database Cleaner PRO allows Path Traversal.This issue affects Advanced Database Cleaner PRO: from n/a through 3.2.10.

Published: Jan 07, 2026
Source: NVD
CVE-2026-0649 MEDIUM - 4.7

A security vulnerability has been detected in invoiceninja up to 5.12.38. The affected element is the function copy of the file /app/Jobs/Util/Import.php of the component Migration Import. The manipulation of the argument company_logo leads to server-side request forgery. It is possible to initiate ...

Published: Jan 07, 2026
Source: NVD
CVE-2026-0642 MEDIUM - 6.1

A vulnerability was detected in projectworlds House Rental and Property Listing 1.0. This issue affects some unknown processing of the file /app/complaint.php. The manipulation of the argument Name results in cross site scripting. The attack may be launched remotely. The exploit is now public and ma...

Vendor: projectworlds
Product: house_rental_and_property_listing_project
Published: Jan 07, 2026
Source: NVD
CVE-2025-69344 MEDIUM - 4.3

Missing Authorization vulnerability in ThemeHunk Oneline Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Oneline Lite: from n/a through 6.6.

Published: Jan 07, 2026
Source: NVD
CVE-2025-69333 MEDIUM - 4.3

Missing Authorization vulnerability in Crocoblock JetEngine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetEngine: from n/a through 3.8.1.1.

Published: Jan 07, 2026
Source: NVD
CVE-2025-47395 MEDIUM - 6.5

Transient DOS while parsing a WLAN management frame with a Vendor Specific Information Element.

Published: Jan 07, 2026
Source: NVD
CVE-2025-47369 MEDIUM - 5.5

Information disclosure when a weak hashed value is returned to userland code in response to a IOCTL call to obtain a session ID.

Published: Jan 07, 2026
Source: NVD
CVE-2025-47344 MEDIUM - 6.7

Memory corruption while handling sensor utility operations.

Published: Jan 07, 2026
Source: NVD
CVE-2025-47337 MEDIUM - 6.7

Memory corruption while accessing a synchronization object during concurrent operations.

Published: Jan 07, 2026
Source: NVD
CVE-2025-47336 MEDIUM - 6.7

Memory corruption while performing sensor register read operations.

Published: Jan 07, 2026
Source: NVD
CVE-2025-47335 MEDIUM - 6.7

Memory corruption while parsing clock configuration data for a specific hardware type.

Published: Jan 07, 2026
Source: NVD
CVE-2025-47334 MEDIUM - 6.7

Memory corruption while processing shared command buffer packet between camera userspace and kernel.

Published: Jan 07, 2026
Source: NVD
CVE-2025-47333 MEDIUM - 6.6

Memory corruption while handling buffer mapping operations in the cryptographic driver.

Published: Jan 07, 2026
Source: NVD
CVE-2025-47332 MEDIUM - 6.7

Memory corruption while processing a config call from userspace.

Published: Jan 07, 2026
Source: NVD
CVE-2025-47331 MEDIUM - 6.1

Information disclosure while processing a firmware event.

Published: Jan 07, 2026
Source: NVD
CVE-2025-47330 MEDIUM - 5.5

Transient DOS while parsing video packets received from the video firmware.

Published: Jan 07, 2026
Source: NVD
CVE-2025-31964 MEDIUM - 4.9

Improper service binding configuration in internal service components in HCL BigFix IVR version 4.2 allows a privileged attacker to impact service availability via exposure of administrative services bound to external network interfaces instead of the local authentication interface.

Vendor: hcltech
Product: bigfix_insights_for_vulnerability_remediation
Published: Jan 07, 2026
Source: NVD
CVE-2025-31962 MEDIUM - 4.3

Insufficient session expiration in the Web UI authentication component in HCL BigFix IVR version 4.2 allows an authenticated attacker to gain prolonged unauthorized access to protected API endpoints due to excessive expiration periods.

Vendor: hcltech
Product: bigfix_insights_for_vulnerability_remediation
Published: Jan 07, 2026
Source: NVD