Total CVEs

142,714

Critical Severity

4,025

High Severity

14,400

Last 7 Days

1,395
Quick preset (or use dates below)
Clear Filters
Showing 14,361 - 14,380 of 14,826 CVEs
CVE-2026-0588 MEDIUM - 6.1

A weakness has been identified in Xinhu Rainrock RockOA up to 2.7.1. Affected by this vulnerability is an unknown functionality of the file rockfun.php of the component API. This manipulation of the argument callback causes cross site scripting. The attack may be initiated remotely. The exploit has ...

Vendor: rockoa
Product: rockoa
Published: Jan 05, 2026
Source: NVD
CVE-2026-0587 MEDIUM - 5.4

A security flaw has been discovered in Xinhu Rainrock RockOA up to 2.7.1. Affected is an unknown function of the file rock_page_gong.php of the component Cover Image Handler. The manipulation of the argument fengmian results in cross site scripting. The attack can be launched remotely. The exploit h...

Vendor: rockoa
Product: rockoa
Published: Jan 05, 2026
Source: NVD
CVE-2026-0586 MEDIUM - 6.1

A vulnerability was detected in code-projects Online Product Reservation System 1.0. The affected element is an unknown function of the file handgunner-administrator/prod.php. Performing a manipulation of the argument cat results in cross site scripting. The attack is possible to be carried out remo...

Vendor: fabian
Product: online_product_reservation_system
Published: Jan 05, 2026
Source: NVD
CVE-2025-68029 MEDIUM - 6.3

Insertion of Sensitive Information Into Sent Data vulnerability in WP Swings Wallet System for WooCommerce allows Retrieve Embedded Sensitive Data.This issue affects Wallet System for WooCommerce: from n/a through 2.7.2.

Published: Jan 05, 2026
Source: NVD
CVE-2025-68014 MEDIUM - 6.5

Insertion of Sensitive Information Into Sent Data vulnerability in Awethemes AweBooking allows Retrieve Embedded Sensitive Data.This issue affects AweBooking: from n/a through 3.2.26.

Published: Jan 05, 2026
Source: NVD
CVE-2025-31046 MEDIUM - 4.3

Missing Authorization vulnerability in WPvibes AnyWhere Elementor Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyWhere Elementor Pro: from n/a through 2.29.

Published: Jan 05, 2026
Source: NVD
CVE-2025-13056 MEDIUM - 6.8

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Administration ACL menu configuration modules) allows Stored XSS to users with high privileges. This issue affects Infra Monitoring: from 25.10.0 befor...

Published: Jan 05, 2026
Source: NVD
CVE-2025-12519 MEDIUM - 5.3

Missing Authorization vulnerability in Centreon Infra Monitoring (Administration parameters API endpoint modules) allows Accessing Functionality Not Properly Constrained by ACLs, resulting in Information Disclosure like downtime or acknowledgement configurations. This issue affects Infra Monitoring:...

Published: Jan 05, 2026
Source: NVD
CVE-2025-15239 MEDIUM - 6.5

QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.

Vendor: quantatw
Product: qoca_aim
Published: Jan 05, 2026
Source: NVD
CVE-2026-0580 MEDIUM - 6.1

A vulnerability was found in SourceCodester API Key Manager App 1.0. Affected by this vulnerability is an unknown functionality of the component Import Key Handler. Performing a manipulation results in cross site scripting. The attack can be initiated remotely.

Vendor: remyandrade
Product: api_key_manager_app
Published: Jan 05, 2026
Source: NVD
CVE-2025-15238 MEDIUM - 6.5

QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.

Vendor: quantatw
Product: qoca_aim
Published: Jan 05, 2026
Source: NVD
CVE-2025-15237 MEDIUM - 4.3

QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Path Traversal vulnerability, allowing authenticated remote attackers to read folder names under the specified path by exploiting an Absolute Path Traversal vulnerability.

Vendor: quantatw
Product: qoca_aim
Published: Jan 05, 2026
Source: NVD
CVE-2025-15236 MEDIUM - 4.3

QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Path Traversal vulnerability, allowing authenticated remote attackers to read folder names under the specified path by exploiting an Absolute Path Traversal vulnerability.

Vendor: quantatw
Product: qoca_aim
Published: Jan 05, 2026
Source: NVD
CVE-2025-15235 MEDIUM - 6.5

QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Missing Authorization vulnerability, allowing authenticated remote attackers to modify specific network packet parameters, enabling certain system functions to access other users' files.

Vendor: quantatw
Product: qoca_aim
Published: Jan 05, 2026
Source: NVD
CVE-2025-15455 MEDIUM - 6.5

A flaw has been found in bg5sbk MiniCMS up to 1.8. Impacted is the function delete_page of the file /minicms/mc-admin/page.php of the component File Recovery Request Handler. This manipulation causes improper authentication. The attack is possible to be carried out remotely. The exploit has been pub...

Vendor: 1234n
Product: minicms
Published: Jan 05, 2026
Source: NVD
CVE-2025-15453 MEDIUM - 6.3

A security vulnerability has been detected in milvus up to 2.6.7. This vulnerability affects the function expr.Exec of the file pkg/util/expr/expr.go of the component HTTP Endpoint. The manipulation of the argument code leads to deserialization. Remote exploitation of the attack is possible. The exp...

Published: Jan 05, 2026
Source: NVD
CVE-2025-15452 MEDIUM - 4.8

A weakness has been identified in xnx3 wangmarket up to 4.9. This affects the function variableList of the file /admin/system/variableList.do of the component Backend Variable Search. Executing a manipulation of the argument Description can lead to cross site scripting. The attack may be launched re...

Vendor: wang.market
Product: wangmarket
Published: Jan 05, 2026
Source: NVD
CVE-2025-15451 MEDIUM - 4.8

A security flaw has been discovered in xnx3 wangmarket up to 4.9. Affected by this issue is some unknown functionality of the file /admin/system/variableSave.do of the component System Variables Page. Performing a manipulation of the argument Description results in cross site scripting. The attack m...

Vendor: wang.market
Product: wangmarket
Published: Jan 05, 2026
Source: NVD
CVE-2025-15450 MEDIUM - 6.3

A vulnerability was identified in sfturing hosp_order up to 627f426331da8086ce8fff2017d65b1ddef384f8. Affected by this vulnerability is the function findOrderHosNum of the file /ssm_pro/orderHos/. Such manipulation of the argument hospitalAddress/hospitalName leads to sql injection. The attack can b...

Published: Jan 05, 2026
Source: NVD
CVE-2025-5591 MEDIUM - 5.4

Kentico Xperience 13 is vulnerable to a stored cross-site scripting attack via a form component, allowing an attacker to hijack a victim user’s session and perform actions in their security context.

Vendor: kentico
Product: xperience
Published: Jan 05, 2026
Source: NVD