Total CVEs

143,745

Critical Severity

4,091

High Severity

14,757

Last 7 Days

1,557
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 14,601 - 14,620 of 14,877 CVEs
CVE-2026-0642 MEDIUM - 6.1

A vulnerability was detected in projectworlds House Rental and Property Listing 1.0. This issue affects some unknown processing of the file /app/complaint.php. The manipulation of the argument Name results in cross site scripting. The attack may be launched remotely. The exploit is now public and ma...

Vendor: projectworlds
Product: house_rental_and_property_listing_project
Published: Jan 07, 2026
Source: NVD
CVE-2025-69344 MEDIUM - 4.3

Missing Authorization vulnerability in ThemeHunk Oneline Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Oneline Lite: from n/a through 6.6.

Published: Jan 07, 2026
Source: NVD
CVE-2025-69333 MEDIUM - 4.3

Missing Authorization vulnerability in Crocoblock JetEngine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetEngine: from n/a through 3.8.1.1.

Published: Jan 07, 2026
Source: NVD
CVE-2025-47395 MEDIUM - 6.5

Transient DOS while parsing a WLAN management frame with a Vendor Specific Information Element.

Published: Jan 07, 2026
Source: NVD
CVE-2025-47369 MEDIUM - 5.5

Information disclosure when a weak hashed value is returned to userland code in response to a IOCTL call to obtain a session ID.

Published: Jan 07, 2026
Source: NVD
CVE-2025-47344 MEDIUM - 6.7

Memory corruption while handling sensor utility operations.

Published: Jan 07, 2026
Source: NVD
CVE-2025-47337 MEDIUM - 6.7

Memory corruption while accessing a synchronization object during concurrent operations.

Published: Jan 07, 2026
Source: NVD
CVE-2025-47336 MEDIUM - 6.7

Memory corruption while performing sensor register read operations.

Published: Jan 07, 2026
Source: NVD
CVE-2025-47335 MEDIUM - 6.7

Memory corruption while parsing clock configuration data for a specific hardware type.

Published: Jan 07, 2026
Source: NVD
CVE-2025-47334 MEDIUM - 6.7

Memory corruption while processing shared command buffer packet between camera userspace and kernel.

Published: Jan 07, 2026
Source: NVD
CVE-2025-47333 MEDIUM - 6.6

Memory corruption while handling buffer mapping operations in the cryptographic driver.

Published: Jan 07, 2026
Source: NVD
CVE-2025-47332 MEDIUM - 6.7

Memory corruption while processing a config call from userspace.

Published: Jan 07, 2026
Source: NVD
CVE-2025-47331 MEDIUM - 6.1

Information disclosure while processing a firmware event.

Published: Jan 07, 2026
Source: NVD
CVE-2025-47330 MEDIUM - 5.5

Transient DOS while parsing video packets received from the video firmware.

Published: Jan 07, 2026
Source: NVD
CVE-2025-31964 MEDIUM - 4.9

Improper service binding configuration in internal service components in HCL BigFix IVR version 4.2 allows a privileged attacker to impact service availability via exposure of administrative services bound to external network interfaces instead of the local authentication interface.

Vendor: hcltech
Product: bigfix_insights_for_vulnerability_remediation
Published: Jan 07, 2026
Source: NVD
CVE-2025-31962 MEDIUM - 4.3

Insufficient session expiration in the Web UI authentication component in HCL BigFix IVR version 4.2 allows an authenticated attacker to gain prolonged unauthorized access to protected API endpoints due to excessive expiration periods.

Vendor: hcltech
Product: bigfix_insights_for_vulnerability_remediation
Published: Jan 07, 2026
Source: NVD
CVE-2025-15058 MEDIUM - 6.4

The Responsive Pricing Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'table_currency' parameter in all versions up to, and including, 5.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...

Published: Jan 07, 2026
Source: NVD
CVE-2025-15000 MEDIUM - 4.4

The Page Keys plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the โ€˜page_keyโ€™ parameter in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to...

Published: Jan 07, 2026
Source: NVD
CVE-2025-14999 MEDIUM - 4.3

The Latest Tabs plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the settings update handler in admin-page.php. This makes it possible for unauthenticated attackers to modify plugin set...

Published: Jan 07, 2026
Source: NVD
CVE-2025-14904 MEDIUM - 4.3

The Newsletter Email Subscribe plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4. This is due to incorrect nonce validation on the nels_settings_page function. This makes it possible for unauthenticated attackers to update plugin settings via a fo...

Published: Jan 07, 2026
Source: NVD