Total CVEs

142,696

Critical Severity

4,021

High Severity

14,390

Last 7 Days

1,406
Quick preset (or use dates below)
Clear Filters
Showing 14,301 - 14,320 of 14,816 CVEs
CVE-2025-14034 MEDIUM - 5.3

The ilGhera Support System for WooCommerce plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'delete_single_ticket_callback' and 'change_ticket_status_callback' functions in all versions up to, and including,...

Published: Jan 06, 2026
Source: NVD
CVE-2025-13746 MEDIUM - 6.4

The ForumWP – Forum & Discussion Board plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the User's Display Name in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

Published: Jan 06, 2026
Source: NVD
CVE-2025-13652 MEDIUM - 6.5

The CBX Bookmark & Favorite plugin for WordPress is vulnerable to generic SQL Injection via the β€˜orderby’ parameter in all versions up to, and including, 2.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

Published: Jan 06, 2026
Source: NVD
CVE-2025-13409 MEDIUM - 4.9

The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to SQL Injection via the 'params' parameter in all versions up to, and including, 1.4.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. ...

Published: Jan 06, 2026
Source: NVD
CVE-2025-11723 MEDIUM - 6.5

The Appointment Booking Calendar β€” Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.9.5 via the hash() function due to use of a hardcoded fall-back salt. This makes it possible for unauthenticat...

Published: Jan 06, 2026
Source: NVD
CVE-2025-11370 MEDIUM - 5.3

The Popup and Slider Builder by Depicter – Add Email collecting Popup, Popup Modal, Coupon Popup, Image Slider, Carousel Slider, Post Slider Carousel plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'store' function of the Rul...

Published: Jan 06, 2026
Source: NVD
CVE-2026-21674 MEDIUM - 5.5

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below contain a memory leak vulnerability in its XML MPE Parsing Path (iccFromXml). This issue is fixed in version 2.3.1.1.

Vendor: color
Product: iccdev
Published: Jan 06, 2026
Source: NVD
CVE-2025-20807 MEDIUM - 6.7

In dpe, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10114841; Issue ID: MSV-4451.

Vendor: google
Product: android
Published: Jan 06, 2026
Source: NVD
CVE-2025-20806 MEDIUM - 6.7

In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10114835; Issue ID: MSV-4479.

Vendor: google
Product: android
Published: Jan 06, 2026
Source: NVD
CVE-2025-20805 MEDIUM - 6.7

In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10114696; Issue ID: MSV-4480.

Vendor: google
Product: android
Published: Jan 06, 2026
Source: NVD
CVE-2025-20804 MEDIUM - 6.7

In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: ALPS10198951; Issue ID: MSV-4503.

Vendor: google
Product: android
Published: Jan 06, 2026
Source: NVD
CVE-2025-20803 MEDIUM - 6.7

In dpe, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: ALPS10199779; Issue ID: MSV-4504.

Vendor: google
Product: android
Published: Jan 06, 2026
Source: NVD
CVE-2025-20802 MEDIUM - 6.7

In geniezone, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10238968; Issue ID: MSV-4914.

Vendor: google
Product: android
Published: Jan 06, 2026
Source: NVD
CVE-2025-20787 MEDIUM - 6.7

In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10149879; Issue ID: MSV-4658.

Vendor: google
Product: android
Published: Jan 06, 2026
Source: NVD
CVE-2025-20786 MEDIUM - 6.7

In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10149882; Issue ID: MSV-4673.

Vendor: google
Product: android
Published: Jan 06, 2026
Source: NVD
CVE-2025-20785 MEDIUM - 6.7

In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10149882; Issue ID: MSV-4677.

Vendor: google
Product: android
Published: Jan 06, 2026
Source: NVD
CVE-2025-20784 MEDIUM - 6.7

In display, there is a possible memory corruption due to uninitialized data. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182882; Issue ID: MSV-4683.

Vendor: google
Product: android
Published: Jan 06, 2026
Source: NVD
CVE-2025-20783 MEDIUM - 6.7

In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182882; Issue ID: MSV-4684.

Vendor: google
Product: android
Published: Jan 06, 2026
Source: NVD
CVE-2025-20782 MEDIUM - 6.7

In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182882; Issue ID: MSV-4685.

Vendor: google
Product: android
Published: Jan 06, 2026
Source: NVD
CVE-2025-69197 MEDIUM - 6.5

Pterodactyl is a free, open-source game server management panel. Versions 1.11.11 and below allow TOTP to be used multiple times during its validity window. Users with 2FA enabled are prompted to enter a token during sign-in, and afterward it is not sufficiently marked as used in the system. This al...

Vendor: pterodactyl
Product: panel
Published: Jan 06, 2026
Source: NVD