Total CVEs

142,696

Critical Severity

4,021

High Severity

14,390

Last 7 Days

1,406
Quick preset (or use dates below)
Clear Filters
Showing 14,241 - 14,260 of 14,816 CVEs
CVE-2025-12449 MEDIUM - 5.4

The aBlocks – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data and disclosure of sensitive information due to missing capability checks on multiple AJAX actions in all versions up to, and including, 2.4.0. This makes it possible for authenticated att...

Published: Jan 07, 2026
Source: NVD
CVE-2025-12030 MEDIUM - 4.3

The ACF to REST API plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.4. This is due to insufficient capability checks in the update_item_permissions_check() method, which only verifies that the current user has the edit_posts capability...

Published: Jan 07, 2026
Source: NVD
CVE-2025-0980 MEDIUM - 6.4

Nokia SR Linux is vulnerable to an authentication vulnerability allowing unauthorized access to the JSON-RPC service. When exploited, an invalid validation allows JSON RPC access without providing valid authentication credentials.

Published: Jan 07, 2026
Source: NVD
CVE-2024-14020 MEDIUM - 5.0

A weakness has been identified in carboneio carbone up to fbcd349077ad0e8748be73eab2a82ea92b6f8a7e. This impacts an unknown function of the file lib/input.js of the component Formatter Handler. Executing a manipulation can lead to improperly controlled modification of object prototype attributes. Th...

Published: Jan 07, 2026
Source: NVD
CVE-2025-31051 MEDIUM - 5.3

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in EngoTheme Plant - Gardening & Houseplants WordPress Theme allows Retrieve Embedded Sensitive Data.This issue affects Plant - Gardening & Houseplants WordPress Theme: from n/a through 1.0.0.

Published: Jan 07, 2026
Source: NVD
CVE-2025-14612 MEDIUM - 6.7

Insecure Temporary File vulnerability in Altera Quartus Prime Pro  Installer (SFX) on Windows allows : Use of Predictable File Names.This issue affects Quartus Prime Pro: from 24.1 through 25.1.1.

Vendor: intel
Product: quartus_prime
Published: Jan 07, 2026
Source: NVD
CVE-2025-14605 MEDIUM - 6.7

Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro on Windows (System Console modules) allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 17.0 through 25.1.1.

Vendor: intel
Product: quartus_prime
Published: Jan 07, 2026
Source: NVD
CVE-2025-14599 MEDIUM - 6.7

Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard Installer (SFX) on Windows, Altera Quartus Prime Lite  Installer (SFX) on Windows allows Search Order Hijacking.This issue affects Quartus Prime Standard: from 23.1 through 24.1; Quartus Prime Lite: from 23.1 throu...

Vendor: intel
Product: quartus_prime
Published: Jan 07, 2026
Source: NVD
CVE-2025-14596 MEDIUM - 6.7

Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro Installer (SFX) on Windows allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 24.1 through 24.3.1.

Vendor: intel
Product: quartus_prime
Published: Jan 07, 2026
Source: NVD
CVE-2026-21492 MEDIUM - 5.5

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a NULL pointer member call vulnerability. This vulnerability affects users of the iccDEV librar...

Vendor: color
Product: iccdev
Published: Jan 06, 2026
Source: NVD
CVE-2025-7048 MEDIUM - 4.3

On affected platforms running Arista EOS with MACsec configuration, a specially crafted packet can cause the MACsec process to terminate unexpectedly. Continuous receipt of these packets with certain MACsec configurations can cause longer term disruption of dataplane traffic.

Published: Jan 06, 2026
Source: NVD
CVE-2025-69364 MEDIUM - 5.3

Missing Authorization vulnerability in Cloudways Breeze breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through <= 2.2.21.

Published: Jan 06, 2026
Source: NVD
CVE-2025-69363 MEDIUM - 6.5

Missing Authorization vulnerability in CyberChimps Responsive Addons for Elementor responsive-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Addons for Elementor: from n/a through <= 2.0.8.

Published: Jan 06, 2026
Source: NVD
CVE-2025-69362 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH UiChemy uichemy allows Stored XSS.This issue affects UiChemy: from n/a through <= 4.4.2.

Published: Jan 06, 2026
Source: NVD
CVE-2025-69361 MEDIUM - 4.3

Missing Authorization vulnerability in PublishPress Post Expirator post-expirator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Expirator: from n/a through <= 4.9.3.

Published: Jan 06, 2026
Source: NVD
CVE-2025-69360 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem Theme Elements (for WPBakery) thegem-elements allows DOM-Based XSS.This issue affects TheGem Theme Elements (for WPBakery): from n/a through <= 5.11.0.

Published: Jan 06, 2026
Source: NVD
CVE-2025-69359 MEDIUM - 5.3

Missing Authorization vulnerability in WPFunnels Creator LMS creatorlms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Creator LMS: from n/a through <= 1.1.12.

Published: Jan 06, 2026
Source: NVD
CVE-2025-69357 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem Theme Elements (for Elementor) thegem-elements-elementor allows Stored XSS.This issue affects TheGem Theme Elements (for Elementor): from n/a through <= 5.11.0.

Published: Jan 06, 2026
Source: NVD
CVE-2025-69355 MEDIUM - 4.3

Missing Authorization vulnerability in Tickera Tickera tickera-event-ticketing-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tickera: from n/a through <= 3.5.6.4.

Published: Jan 06, 2026
Source: NVD
CVE-2025-69354 MEDIUM - 5.4

Missing Authorization vulnerability in BBR Plugins Better Business Reviews better-business-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Better Business Reviews: from n/a through <= 0.1.1.

Published: Jan 06, 2026
Source: NVD