Total CVEs

143,746

Critical Severity

4,091

High Severity

14,758

Last 7 Days

1,538
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 14,781 - 14,800 of 14,877 CVEs
CVE-2025-59955 MEDIUM - 5.7

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Coolify versions prior to and including v4.0.0-beta.420.8 have an information disclosure vulnerability in the `/api/v1/teams/{team_id}/members` and `/api/v1/teams/current/members` API endpoints allows...

Vendor: coollabs
Product: coolify
Published: Jan 05, 2026
Source: NVD
CVE-2026-21635 MEDIUM - 5.3

An Improper Access Control could allow a malicious actor in Wi-Fi range to the EV Station Lite (v1.5.2 and earlier) to use WiFi AutoLink feature on a device that was only adopted via Ethernet.

Published: Jan 05, 2026
Source: NVD
CVE-2026-21634 MEDIUM - 6.5

A malicious actor with access to the adjacent network could overflow the UniFi Protect Application (Version 6.1.79 and earlier) discovery protocol causing it to restart. Affected Products: UniFi Protect Application (Version 6.1.79 and earlier). Mitigation: Update your UniFi Protect Appli...

Published: Jan 05, 2026
Source: NVD
CVE-2025-67316 MEDIUM - 5.4

An issue in realme Internet browser v.45.13.4.1 allows a remote attacker to execute arbitrary code via a crafted webpage in the built-in HeyTap/ColorOS browser

Published: Jan 05, 2026
Source: NVD
CVE-2025-53344 MEDIUM - 4.3

Cross-Site Request Forgery (CSRF) vulnerability in ThimPress Thim Core allows Cross Site Request Forgery.This issue affects Thim Core: from n/a through 2.3.3.

Published: Jan 05, 2026
Source: NVD
CVE-2025-39561 MEDIUM - 6.5

Missing Authorization vulnerability in Marketing Fire, LLC LoginWP - Pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LoginWP - Pro: from n/a through 4.0.8.5.

Published: Jan 05, 2026
Source: NVD
CVE-2025-39497 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dokan Dokan Pro allows Stored XSS.This issue affects Dokan Pro: from n/a through 3.14.5.

Published: Jan 05, 2026
Source: NVD
CVE-2025-67315 MEDIUM - 5.4

Cross Site Request Forgery vulnerability in Employee Leave Management System v.2.1 allows a remote attacker to escalate privileges via the manage-employee.php component

Published: Jan 05, 2026
Source: NVD
CVE-2025-65328 MEDIUM - 6.5

Mega-Fence (webgate-lib.*) 25.1.914 and prior trusts the first value of the X-Forwarded-For (XFF) header as the client IP without validating a trusted proxy chain. An attacker can supply an arbitrary XFF value in a remote request to spoof the client IP, which is then propagated to security-relevant ...

Published: Jan 05, 2026
Source: NVD
CVE-2025-68280 MEDIUM - 6.5

Improper Restriction of XML External Entity Reference vulnerability in Apache SIS. It is possible to write XML files in such a way that, when parsed by Apache SIS, an XML file reveals to the attacker the content of a local file on the server running Apache SIS. This vulnerability impacts the foll...

Published: Jan 05, 2026
Source: NVD
CVE-2025-12513 MEDIUM - 6.8

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Hosts configuration form modules) allows Stored XSS to users with high privileges. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from...

Published: Jan 05, 2026
Source: NVD
CVE-2025-12511 MEDIUM - 6.8

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (DSM extenstio configuration modules) allows Stored XSS to user with elevated privileges. This issue affects Infra Monitoring: from 25.10.0 before 25.10...

Published: Jan 05, 2026
Source: NVD
CVE-2024-23511 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows DOM-Based XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 5.3.3.

Published: Jan 05, 2026
Source: NVD
CVE-2023-52212 MEDIUM - 5.4

Cross-Site Request Forgery (CSRF) vulnerability in Automattic WP Job Manager allows Cross Site Request Forgery.This issue affects WP Job Manager: from n/a through 2.0.0.

Published: Jan 05, 2026
Source: NVD
CVE-2023-51513 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in INTINITUM FORM Geo Controller allows DOM-Based XSS.This issue affects Geo Controller: from n/a through 8.5.2.

Published: Jan 05, 2026
Source: NVD
CVE-2026-0588 MEDIUM - 6.1

A weakness has been identified in Xinhu Rainrock RockOA up to 2.7.1. Affected by this vulnerability is an unknown functionality of the file rockfun.php of the component API. This manipulation of the argument callback causes cross site scripting. The attack may be initiated remotely. The exploit has ...

Vendor: rockoa
Product: rockoa
Published: Jan 05, 2026
Source: NVD
CVE-2026-0587 MEDIUM - 5.4

A security flaw has been discovered in Xinhu Rainrock RockOA up to 2.7.1. Affected is an unknown function of the file rock_page_gong.php of the component Cover Image Handler. The manipulation of the argument fengmian results in cross site scripting. The attack can be launched remotely. The exploit h...

Vendor: rockoa
Product: rockoa
Published: Jan 05, 2026
Source: NVD
CVE-2026-0586 MEDIUM - 6.1

A vulnerability was detected in code-projects Online Product Reservation System 1.0. The affected element is an unknown function of the file handgunner-administrator/prod.php. Performing a manipulation of the argument cat results in cross site scripting. The attack is possible to be carried out remo...

Vendor: fabian
Product: online_product_reservation_system
Published: Jan 05, 2026
Source: NVD
CVE-2025-68029 MEDIUM - 6.3

Insertion of Sensitive Information Into Sent Data vulnerability in WP Swings Wallet System for WooCommerce allows Retrieve Embedded Sensitive Data.This issue affects Wallet System for WooCommerce: from n/a through 2.7.2.

Published: Jan 05, 2026
Source: NVD
CVE-2025-68014 MEDIUM - 6.5

Insertion of Sensitive Information Into Sent Data vulnerability in Awethemes AweBooking allows Retrieve Embedded Sensitive Data.This issue affects AweBooking: from n/a through 3.2.26.

Published: Jan 05, 2026
Source: NVD