Total CVEs

142,714

Critical Severity

4,025

High Severity

14,400

Last 7 Days

1,411
Quick preset (or use dates below)
Clear Filters
Showing 14,341 - 14,360 of 14,826 CVEs
CVE-2025-67427 MEDIUM - 6.5

A Blind Server-Side Request Forgery (SSRF) vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to force the server to initiate an HTTP request via the "GET /images" API. The vulnerability occurs due to insufficient validation of the "src" query parameter, w...

Vendor: evershop
Product: evershop
Published: Jan 05, 2026
Source: NVD
CVE-2025-52517 MEDIUM - 5.9

An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos 1330, 1380, 1480, 2400, 1580, 2500. A race condition in the issimian device driver results in a double free, leading to a denial of service.

Vendor: samsung
Product: exynos_2500_firmware
Published: Jan 05, 2026
Source: NVD
CVE-2025-52516 MEDIUM - 6.2

An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos 1330, 1380, 1480, 2400, 1580, 2500. An invalid kernel address dereference in the issimian device driver leads to a denial of service.

Vendor: samsung
Product: exynos_1330_firmware
Published: Jan 05, 2026
Source: NVD
CVE-2025-52515 MEDIUM - 5.1

An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos 1330, 1380, 1480, 2400, 1580, 2500. A race condition in the issimian device driver results in an out-of-bounds access, leading to a denial of service.

Vendor: samsung
Product: exynos_1330_firmware
Published: Jan 05, 2026
Source: NVD
CVE-2025-65922 MEDIUM - 4.3

PLANKA 2.0.0 lacks X-Frame-Options and CSP frame-ancestors headers, allowing the application to be embedded within malicious iframes. While this does not lead to unintended modification of projects or tasks, it exposes users to Phishing attacks. Attackers can frame the legitimate Planka application ...

Published: Jan 05, 2026
Source: NVD
CVE-2025-59955 MEDIUM - 5.7

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Coolify versions prior to and including v4.0.0-beta.420.8 have an information disclosure vulnerability in the `/api/v1/teams/{team_id}/members` and `/api/v1/teams/current/members` API endpoints allows...

Vendor: coollabs
Product: coolify
Published: Jan 05, 2026
Source: NVD
CVE-2026-21635 MEDIUM - 5.3

An Improper Access Control could allow a malicious actor in Wi-Fi range to the EV Station Lite (v1.5.2 and earlier) to use WiFi AutoLink feature on a device that was only adopted via Ethernet.

Published: Jan 05, 2026
Source: NVD
CVE-2026-21634 MEDIUM - 6.5

A malicious actor with access to the adjacent network could overflow the UniFi Protect Application (Version 6.1.79 and earlier) discovery protocol causing it to restart. Affected Products: UniFi Protect Application (Version 6.1.79 and earlier). Mitigation: Update your UniFi Protect Appli...

Published: Jan 05, 2026
Source: NVD
CVE-2025-67316 MEDIUM - 5.4

An issue in realme Internet browser v.45.13.4.1 allows a remote attacker to execute arbitrary code via a crafted webpage in the built-in HeyTap/ColorOS browser

Published: Jan 05, 2026
Source: NVD
CVE-2025-53344 MEDIUM - 4.3

Cross-Site Request Forgery (CSRF) vulnerability in ThimPress Thim Core allows Cross Site Request Forgery.This issue affects Thim Core: from n/a through 2.3.3.

Published: Jan 05, 2026
Source: NVD
CVE-2025-39561 MEDIUM - 6.5

Missing Authorization vulnerability in Marketing Fire, LLC LoginWP - Pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LoginWP - Pro: from n/a through 4.0.8.5.

Published: Jan 05, 2026
Source: NVD
CVE-2025-39497 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dokan Dokan Pro allows Stored XSS.This issue affects Dokan Pro: from n/a through 3.14.5.

Published: Jan 05, 2026
Source: NVD
CVE-2025-67315 MEDIUM - 5.4

Cross Site Request Forgery vulnerability in Employee Leave Management System v.2.1 allows a remote attacker to escalate privileges via the manage-employee.php component

Published: Jan 05, 2026
Source: NVD
CVE-2025-65328 MEDIUM - 6.5

Mega-Fence (webgate-lib.*) 25.1.914 and prior trusts the first value of the X-Forwarded-For (XFF) header as the client IP without validating a trusted proxy chain. An attacker can supply an arbitrary XFF value in a remote request to spoof the client IP, which is then propagated to security-relevant ...

Published: Jan 05, 2026
Source: NVD
CVE-2025-68280 MEDIUM - 6.5

Improper Restriction of XML External Entity Reference vulnerability in Apache SIS. It is possible to write XML files in such a way that, when parsed by Apache SIS, an XML file reveals to the attacker the content of a local file on the server running Apache SIS. This vulnerability impacts the foll...

Published: Jan 05, 2026
Source: NVD
CVE-2025-12513 MEDIUM - 6.8

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Hosts configuration form modules) allows Stored XSS to users with high privileges. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from...

Published: Jan 05, 2026
Source: NVD
CVE-2025-12511 MEDIUM - 6.8

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (DSM extenstio configuration modules) allows Stored XSS to user with elevated privileges. This issue affects Infra Monitoring: from 25.10.0 before 25.10...

Published: Jan 05, 2026
Source: NVD
CVE-2024-23511 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows DOM-Based XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 5.3.3.

Published: Jan 05, 2026
Source: NVD
CVE-2023-52212 MEDIUM - 5.4

Cross-Site Request Forgery (CSRF) vulnerability in Automattic WP Job Manager allows Cross Site Request Forgery.This issue affects WP Job Manager: from n/a through 2.0.0.

Published: Jan 05, 2026
Source: NVD
CVE-2023-51513 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in INTINITUM FORM Geo Controller allows DOM-Based XSS.This issue affects Geo Controller: from n/a through 8.5.2.

Published: Jan 05, 2026
Source: NVD