Critical vulnerabilities, curated daily for security professionals
π― SSCV Profile
See how vulnerabilities affect your specific environment
CRS uses the System Security Context Vector (SSCV) Framework v1.0 to adjust CVSS scores based on your system's exposure level, network position, and business criticality. Learn more about SSCV Framework
Risk scores will be adjusted based on your selected environment
π
Archived Security Brief
Wednesday's brief contains 14 critical vulnerabilities, unchanged from the prior day's count. High-priority CVEs increased substantially to 88, a 49% rise from yesterday's 59 disclosures. Two actively exploited vulnerabilities require attention: CVE-2023-52163 affecting Digiever DS-2105 Pro and CVE-2025-14847 impacting MongoDB Server. Notable critical disclosures include CVE-2025-30996 (CVSS 9.9) in Themify WordPress plugins, multiple WordPress privilege escalation flaws (CVE-2025-14996, CVE-2025-15001), and CVE-2025-15471 affecting TRENDnet devices. Patch availability currently stands at 0%, requiring organizations to implement compensating controls until vendor fixes become available.
14 critical CVEs disclosed, unchanged from prior day
88 high-priority CVEs represent a 49% increase from yesterday's 59
2 actively exploited vulnerabilities affecting Digiever and MongoDB systems
WordPress ecosystem heavily impacted with multiple privilege escalation flaws
TRENDnet and TECNO Mobile devices among affected network/mobile products
Immediate action: Organizations using WordPress with Themify, AS Password Field, or FS Registration Password plugins should restrict administrative access and monitor for unauthorized account changes. MongoDB Server and Digiever DS-2105 Pro deployments require immediate review given active exploitation, with network segmentation recommended until patches are released.
π‘ Tip: Swipe CVE cards left to β star, right to β remove
Section Navigation
β οΈ
CISA Known Exploited Vulnerabilities
β οΈ CISA KEVURGENT
CVE-2023-52163 (reserved 2023, disclosed 2025)
9.5
DigieverDS-2105 Pro
β° Federal Deadline:January 11, 2026(5 days remaining)
Digiever DS-2105 Pro Missing Authorization Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
β οΈ CISA KEV
CVE-2025-14847
9.5
MongoDBMongoDB and MongoDB Server
β° Federal Deadline:January 18, 2026(12 days remaining)
MongoDB and MongoDB Server Improper Handling of Length Parameter Inconsistency Vulnerability - Active in CISA KEV catalog.
CVSS Base9.5
β
CRSSelect profile
π¨
Critical Vulnerabilities
CVE-2025-30996 (reserved 2025, disclosed 2026)
9.9π
Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Sidepane WordPressMultiple Products
Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Sidepane WordPress Theme, Themify Themify Newsy, Themify Themify Folo, Themify Themify Edmin, Themify Bloggie, Themify Photobox, Themify Wigi, Themify Rezo, Themify Slide allows Upload a Web Shell to a Web Server.This issue affects Themify Sidepane WordPress Theme: from n/a through 1.9.8; Themify Newsy: from n/a through 1.9.9; Themify Folo: from n/a through 1.9.6; Themify Edmin: from n/a through 2.0.0; Bloggie: from n/a through 2.0.8; Photobox: from n/a through 2.0.1; Wigi: from n/a through 2.0.1; Rezo: from n/a through 1.9.7; Slide: from n/a through 1.7.5.
CVSS Base9.9
β
CRSSelect profile
CVE-2025-14996 (reserved 2025, disclosed 2026)
9.8π
The AS Password Field In Default Registration Form plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions upMultiple Products
The AS Password Field In Default Registration Form plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.0.0. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
CVSS Base9.8
β
CRSSelect profile
CVE-2025-15001 (reserved 2025, disclosed 2026)
9.8π
The FS Registration Password plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions upMultiple Products
The FS Registration Password plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.1. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
CVSS Base9.8
β
CRSSelect profile
CVE-2025-15444 (reserved 2025, disclosed 2026)
9.8π
UnknownMultiple Products
Crypt::Sodium::XS module versions prior toΒ 0.000042,Β for Perl, include a vulnerable version of libsodium
libsodium <= 1.0.20 or a version of libsodium released before December 30, 2025 contains a vulnerability documented as CVE-2025-69277Β https://www.cve.org/CVERecord?id=CVE-2025-69277 .
The libsodium vulnerability states:
In atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.
0.000042 includes a version ofΒ libsodium updated to 1.0.20-stable, released January 3, 2026, which includes a fix for the vulnerability.
CVSS Base9.8
β
CRSSelect profile
CVE-2025-65212 (reserved 2025, disclosed 2026)
9.8π
An issue was discovered in NJHYSTMultiple Products
An issue was discovered in NJHYST HY511 POE core before 2.1 and plugins before 0.1. The vulnerability stems from the device's insufficient cookie verification, allowing an attacker to directly request the configuration file address and download the core configuration file without logging into the device management backend. By reading the corresponding username and self-decrypted MD5 password in the core configuration file, the attacker can directly log in to the backend, thereby bypassing the front-end backend login page.
CVSS Base9.8
β
CRSSelect profile
CVE-2025-60534 (reserved 2025, disclosed 2026)
9.8π
Blue Access CobaltMultiple Products
Blue Access Cobalt v02.000.195 suffers from an authentication bypass vulnerability, which allows an attacker to selectively proxy requests in order to operate functionality on the web application without the need to authenticate with legitimate credentials.
CVSS Base9.8
β
CRSSelect profile
CVE-2020-36925 (reserved 2020, disclosed 2026)
9.8π
Arteco Web ClientMultiple Products
Arteco Web Client DVR/NVR contains a session hijacking vulnerability with insufficient session ID complexity that allows remote attackers to bypass authentication. Attackers can brute force session IDs within a specific numeric range to obtain valid sessions and access live camera streams without authorization.
CVSS Base9.8
β
CRSSelect profile
CVE-2025-60262 (reserved 2025, disclosed 2026)
9.8π
An issue inMultiple Products
An issue in H3C M102G HM1A0V200R010 wireless controller and BA1500L SWBA1A0V100R006 wireless access point, there is a misconfiguration vulnerability about vsftpd. Through this vulnerability, all files uploaded anonymously via the FTP protocol is automatically owned by the root user and remote attackers could gain root-level control over the devices.
CVSS Base9.8
β
CRSSelect profile
CVE-2025-15471 (reserved 2025, disclosed 2026)
9.8π
A vulnerability was detected in TRENDnetMultiple Products
A vulnerability was detected in TRENDnet TEW-713RE 1.02. The impacted element is an unknown function of the file /goformX/formFSrvX. The manipulation of the argument SZCMD results in os command injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Base9.8
β
CRSSelect profile
CVE-2025-15385 (reserved 2025, disclosed 2026)
9.8π
Insufficient Verification of Data Authenticity vulnerability in TECNO MobileMultiple Products
Insufficient Verification of Data Authenticity vulnerability in TECNO Mobile com.Afmobi.Boomplayer allows Authentication Bypass.This issue affects com.Afmobi.Boomplayer: 7.4.63.
CVSS Base9.8
β
CRSSelect profile
CVE-2026-21675
9.8π
iccDEV provides a set of libraries and tools for working with ICC color managementMultiple Products
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below contain a Use After Free vulnerability in the CIccXform::Create() function, where it deletes the hint. This issue is fixed in version 2.3.1.1.
CVSS Base9.8
β
CRSSelect profile
CVE-2020-36912 (reserved 2020, disclosed 2026)
9.8π
Plexus anblick Digital Signage ManagementMultiple Products
Plexus anblick Digital Signage Management 3.1.13 contains an open redirect vulnerability in the 'PantallaLogin' script that allows attackers to manipulate the 'pagina' GET parameter. Attackers can craft malicious links that redirect users to arbitrary websites by exploiting improper input validation in the parameter.
CVSS Base9.8
β
CRSSelect profile
CVE-2020-36923 (reserved 2020, disclosed 2026)
9.8π
Sony BRAVIA Digital SignageMultiple Products
Sony BRAVIA Digital Signage 1.7.8 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization controls. Attackers can access hidden system resources like '/#/content-creation' by manipulating client-side access restrictions.
CVSS Base9.8
β
CRSSelect profile
CVE-2025-39477 (reserved 2025, disclosed 2026)
9.8π
Missing Authorization vulnerability in Sfwebservice InWave Jobs allows Exploiting Incorrectly Configured Access Control SecurityMultiple Products
Missing Authorization vulnerability in Sfwebservice InWave Jobs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects InWave Jobs: from n/a through 3.5.8.
CVSS Base9.8
β
CRSSelect profile
β οΈ
High Priority Updates
CVE-2025-69087 (reserved 2025, disclosed 2026)
8.1π
jwsthemes FreeAgentMultiple Products
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jwsthemes FreeAgent allows PHP Local File Inclusion
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Jwsthemes Issabella allows PHP Local File Inclusion
CVSS Base8.1
β
CRSSelect profile
CVE-2025-32304 (reserved 2025, disclosed 2026)
8.1π
Mojoomla WPCHURCHMultiple Products
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mojoomla WPCHURCH allows PHP Local File Inclusion
CVSS Base8.1
β
CRSSelect profile
CVE-2025-29004 (reserved 2025, disclosed 2026)
8.8π
WordPressMultiple Products
Incorrect Privilege Assignment vulnerability in AA-Team Premium Age Verification / Restriction for WordPress, AA-Team Responsive Coming Soon Landing Page / Holding Page for WordPress allows Privilege Escalation
CVSS Base8.8
β
CRSSelect profile
CVE-2025-69342 (reserved 2025, disclosed 2026)
7.5π
VanKarWai CalafateMultiple Products
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in VanKarWai Calafate calafate allows PHP Local File Inclusion
CVSS Base7.5
β
CRSSelect profile
CVE-2025-15364 (reserved 2025, disclosed 2026)
7.3π
WordPressMultiple Products
The Download Manager plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3
CVSS Base7.3
β
CRSSelect profile
CVE-2025-14997 (reserved 2025, disclosed 2026)
7.2π
WordPressMultiple Products
The BuddyPress Xprofile Custom Field Types plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'delete_field' function in all versions up to, and including, 1
CVSS Base7.2
β
CRSSelect profile
CVE-2023-49186 (reserved 2023, disclosed 2026)
7.1π
KlbTheme Machic CoreMultiple Products
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in KlbTheme Machic Core allows DOM-Based XSS
CVSS Base7.1
β
CRSSelect profile
CVE-2024-53735 (reserved 2024, disclosed 2026)
7.1π
WebclipMultiple Products
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Corourke iPhone Webclip Manager allows Stored XSS
CVSS Base7.1
β
CRSSelect profile
CVE-2025-36589 (reserved 2025, disclosed 2026)
7.6π
DellMultiple Products
Dell Unisphere for PowerMax, version(s) 9
CVSS Base7.6
β
CRSSelect profile
CVE-2025-69223 (reserved 2025, disclosed 2026)
7.5π
HTTPMultiple Products
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python
CVSS Base7.5
β
CRSSelect profile
CVE-2025-31047 (reserved 2025, disclosed 2026)
8.8π
Themify Themify EdminMultiple Products
Deserialization of Untrusted Data vulnerability in Themify Themify Edmin allows Object Injection
CVSS Base8.8
β
CRSSelect profile
CVE-2026-21411
8.8π
AuthenticationMultiple Products
Authentication bypass issue exists in OpenBlocks series versions prior to FW5
CVSS Base8.8
β
CRSSelect profile
CVE-2025-47553 (reserved 2025, disclosed 2026)
8.8π
zoomMultiple Products
Deserialization of Untrusted Data vulnerability in Digital zoom studio DZS Video Gallery allows Object Injection
CVSS Base8.8
β
CRSSelect profile
CVE-2025-30631 (reserved 2025, disclosed 2026)
7.1
ImproperMultiple Products
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AA-Team Woocommerce Sales Funnel Builder, AA-Team Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer) allows Reflected XSS
CVSS Base7.1
β
CRSSelect profile
CVE-2025-31044 (reserved 2025, disclosed 2026)
8.5π
ImproperMultiple Products
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team Premium SEO Pack allows SQL Injection
CVSS Base8.5
β
CRSSelect profile
CVE-2025-68953 (reserved 2025, disclosed 2026)
7.5π
FrappeMultiple Products
Frappe is a full-stack web application framework
CVSS Base7.5
β
CRSSelect profile
CVE-2025-59379 (reserved 2025, disclosed 2026)
7.5
DwyerOmegaMultiple Products
DwyerOmega Isensix Advanced Remote Monitoring System (ARMS) 1
CVSS Base7.5
β
CRSSelect profile
CVE-2025-20780 (reserved 2025, disclosed 2026)
7.8
InMultiple Products
In display, there is a possible memory corruption due to use after free
CVSS Base7.8
β
CRSSelect profile
CVE-2025-20781 (reserved 2025, disclosed 2026)
7.8
InMultiple Products
In display, there is a possible memory corruption due to use after free
CVSS Base7.8
β
CRSSelect profile
CVE-2025-20799 (reserved 2025, disclosed 2026)
7.8
InMultiple Products
In c2ps, there is a possible memory corruption due to use after free
CVSS Base7.8
β
CRSSelect profile
CVE-2026-21633
8.8
Unifi ProtectMultiple Products
A malicious actor with access to the adjacent network could obtain unauthorized access to a UniFi Protect Camera by exploiting a discovery protocol vulnerability in the Unifi Protect Application (Version 6
CVSS Base8.8
β
CRSSelect profile
CVE-2025-55204 (reserved 2025, disclosed 2026)
8.8
streamingMultiple Products
muffon is a cross-platform music streaming client for desktop
CVSS Base8.8
β
CRSSelect profile
CVE-2026-21485
8.8
iccDEVMultiple Products
iccDEV provides a set of libraries and tools for working with ICC color management profiles
CVSS Base8.8
β
CRSSelect profile
CVE-2026-21676
8.8
iccDEVMultiple Products
iccDEV provides a set of libraries and tools for working with ICC color management profiles
CVSS Base8.8
β
CRSSelect profile
CVE-2026-21677
8.8
iccDEVMultiple Products
iccDEV provides a set of libraries and tools for working with ICC color management profiles
CVSS Base8.8
β
CRSSelect profile
CVE-2020-36910 (reserved 2020, disclosed 2026)
8.8
MediaMultiple Products
Cayin Signage Media Player 3
CVSS Base8.8
β
CRSSelect profile
CVE-2020-36916 (reserved 2020, disclosed 2026)
8.8
TDMMultiple Products
TDM Digital Signage PC Player 4
CVSS Base8.8
β
CRSSelect profile
CVE-2020-36920 (reserved 2020, disclosed 2026)
8.8
SignageMultiple Products
iDS6 DSSPro Digital Signage System 6
CVSS Base8.8
β
CRSSelect profile
CVE-2026-0640
8.8
weaknessMultiple Products
A weakness has been identified in Tenda AC23 16
CVSS Base8.8
β
CRSSelect profile
CVE-2025-68044 (reserved 2025, disclosed 2026)
8.6
Rustaurius Five StarMultiple Products
Authorization Bypass Through User-Controlled Key vulnerability in Rustaurius Five Star Restaurant Reservations allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base8.6
β
CRSSelect profile
CVE-2025-20779 (reserved 2025, disclosed 2026)
7
InMultiple Products
In display, there is a possible use after free due to a race condition
CVSS Base7
β
CRSSelect profile
CVE-2025-49495 (reserved 2025, disclosed 2026)
8.4
ProcessorMultiple Products
An issue was discovered in the WiFi driver in Samsung Mobile Processor Exynos 1380, 1480, 2400, 1580
CVSS Base8.4
β
CRSSelect profile
CVE-2025-53966 (reserved 2025, disclosed 2026)
8.4
ProcessorMultiple Products
An issue was discovered in Samsung Mobile Processor Exynos 1380, 1480, 2400, and 1580
CVSS Base8.4
β
CRSSelect profile
CVE-2025-65110 (reserved 2025, disclosed 2026)
8.1
VegaMultiple Products
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs
CVSS Base8.1
β
CRSSelect profile
CVE-2025-61916 (reserved 2025, disclosed 2026)
7.9
SpinnakerMultiple Products
Spinnaker is an open source, multi-cloud continuous delivery platform
CVSS Base7.9
β
CRSSelect profile
CVE-2025-57836 (reserved 2025, disclosed 2026)
7.8
SamsungMultiple Products
An issue was discovered in Samsung Magician 6
CVSS Base7.8
β
CRSSelect profile
CVE-2025-20778 (reserved 2025, disclosed 2026)
7.8
InMultiple Products
In display, there is a possible out of bounds write due to a missing bounds check
CVSS Base7.8
β
CRSSelect profile
CVE-2025-20795 (reserved 2025, disclosed 2026)
7.8
InMultiple Products
In KeyInstall, there is a possible out of bounds write due to a missing bounds check
CVSS Base7.8
β
CRSSelect profile
CVE-2025-20796 (reserved 2025, disclosed 2026)
7.8
InMultiple Products
In imgsys, there is a possible out of bounds write due to improper input validation
CVSS Base7.8
β
CRSSelect profile
CVE-2025-20797 (reserved 2025, disclosed 2026)
7.8
InMultiple Products
In battery, there is a possible out of bounds write due to a missing bounds check
CVSS Base7.8
β
CRSSelect profile
CVE-2025-20798 (reserved 2025, disclosed 2026)
7.8
InMultiple Products
In battery, there is a possible out of bounds write due to a missing bounds check
CVSS Base7.8
β
CRSSelect profile
CVE-2025-20800 (reserved 2025, disclosed 2026)
7.8
InMultiple Products
In mminfra, there is a possible out of bounds write due to a missing bounds check
CVSS Base7.8
β
CRSSelect profile
CVE-2026-21673
7.8
iccDEVMultiple Products
iccDEV provides a set of libraries and tools for working with ICC color management profiles
CVSS Base7.8
β
CRSSelect profile
CVE-2026-21486
7.8
iccDEVMultiple Products
iccDEV provides a set of libraries and tools for working with ICC color management profiles
CVSS Base7.8
β
CRSSelect profile
CVE-2025-14026 (reserved 2025, disclosed 2026)
7.8
DLPMultiple Products
Forcepoint One DLP Client, version 23
CVSS Base7.8
β
CRSSelect profile
CVE-2025-68033 (reserved 2025, disclosed 2026)
7.5
Brecht Custom RelatedMultiple Products
Insertion of Sensitive Information Into Sent Data vulnerability in Brecht Custom Related Posts allows Retrieve Embedded Sensitive Data
CVSS Base7.5
β
CRSSelect profile
CVE-2025-68547 (reserved 2025, disclosed 2026)
7.5
WPweb Follow My BlogMultiple Products
Missing Authorization vulnerability in WPweb Follow My Blog Post allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base7.5
β
CRSSelect profile
CVE-2025-68850 (reserved 2025, disclosed 2026)
7.5
Codepeople SellMultiple Products
Missing Authorization vulnerability in Codepeople Sell Downloads allows Exploiting Incorrectly Configured Access Control Security Levels
CVSS Base7.5
β
CRSSelect profile
CVE-2025-67303 (reserved 2025, disclosed 2026)
7.5
issueMultiple Products
An issue in ComfyUI-Manager prior to version 3
CVSS Base7.5
β
CRSSelect profile
CVE-2024-30516 (reserved 2024, disclosed 2026)
7.5
SaasProject BookingMultiple Products
Improper Validation of Specified Quantity in Input vulnerability in SaasProject Booking Package allows Accessing Functionality Not Properly Constrained by ACLs
CVSS Base7.5
β
CRSSelect profile
CVE-2025-46255 (reserved 2025, disclosed 2026)
7.5
Marketing Fire LLCMultiple Products
Missing Authorization vulnerability in Marketing Fire LLC LoginWP - Pro allows Accessing Functionality Not Properly Constrained by ACLs
CVSS Base7.5
β
CRSSelect profile
CVE-2025-59467 (reserved 2025, disclosed 2026)
7.5
UCRM ArgentinaMultiple Products
A Cross-Site Scripting (XSS) vulnerability in the UCRM Argentina AFIP invoices Plugin (v1
CVSS Base7.5
β
CRSSelect profile
CVE-2025-43706 (reserved 2025, disclosed 2026)
7.5
ModemMultiple Products
An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2400, 1580, 9110, W920, W930, Modem 5123, and Modem 5400
CVSS Base7.5
β
CRSSelect profile
CVE-2025-67419 (reserved 2025, disclosed 2026)
7.5
evershopMultiple Products
A Denial of Service (DoS) vulnerability in evershop 2
CVSS Base7.5
β
CRSSelect profile
CVE-2026-21507
7.5
iccDEVMultiple Products
iccDEV provides a set of libraries and tools for working with ICC color management profiles
CVSS Base7.5
β
CRSSelect profile
CVE-2025-20760 (reserved 2025, disclosed 2026)
7.5
InMultiple Products
In Modem, there is a possible read of uninitialized heap data due to an uncaught exception
CVSS Base7.5
β
CRSSelect profile
CVE-2025-20761 (reserved 2025, disclosed 2026)
7.5
InMultiple Products
In Modem, there is a possible system crash due to incorrect error handling
CVSS Base7.5
β
CRSSelect profile
CVE-2025-20762 (reserved 2025, disclosed 2026)
7.5
InMultiple Products
In Modem, there is a possible system crash due to incorrect error handling
CVSS Base7.5
β
CRSSelect profile
CVE-2025-20793 (reserved 2025, disclosed 2026)
7.5
InMultiple Products
In Modem, there is a possible system crash due to incorrect error handling
CVSS Base7.5
β
CRSSelect profile
CVE-2025-20794 (reserved 2025, disclosed 2026)
7.5
InMultiple Products
In Modem, there is a possible system crash due to improper input validation
CVSS Base7.5
β
CRSSelect profile
CVE-2020-36905 (reserved 2020, disclosed 2026)
7.5
HomeMultiple Products
FIBARO System Home Center 5
CVSS Base7.5
β
CRSSelect profile
CVE-2020-36907 (reserved 2020, disclosed 2026)
7.5
NetConfig UI thatMultiple Products
Aerohive HiveOS contains a denial of service vulnerability in the NetConfig UI that allows unauthenticated attackers to render the web interface unusable
CVSS Base7.5
β
CRSSelect profile
CVE-2020-36914 (reserved 2020, disclosed 2026)
7.5
DigitalMultiple Products
QiHang Media Web Digital Signage 3
CVSS Base7.5
β
CRSSelect profile
CVE-2020-36915 (reserved 2020, disclosed 2026)
7.5
AdtecMultiple Products
Adtec Digital SignEdje Digital Signage Player v2
CVSS Base7.5
β
CRSSelect profile
CVE-2020-36917 (reserved 2020, disclosed 2026)
7.5
SignageMultiple Products
iDS6 DSSPro Digital Signage System 6
CVSS Base7.5
β
CRSSelect profile
CVE-2020-36921 (reserved 2020, disclosed 2026)
7.5
SignageMultiple Products
RED-V Super Digital Signage System 5
CVSS Base7.5
β
CRSSelect profile
CVE-2020-36922 (reserved 2020, disclosed 2026)
7.5
DigitalMultiple Products
Sony BRAVIA Digital Signage 1
CVSS Base7.5
β
CRSSelect profile
CVE-2020-36924 (reserved 2020, disclosed 2026)
7.5
DigitalMultiple Products
Sony BRAVIA Digital Signage 1
CVSS Base7.5
β
CRSSelect profile
CVE-2026-0583
7.3
ReservationMultiple Products
A security flaw has been discovered in code-projects Online Product Reservation System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2026-0585
7.3
ReservationMultiple Products
A security vulnerability has been detected in code-projects Online Product Reservation System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2026-0589
7.3
ReservationMultiple Products
A vulnerability was found in code-projects Online Product Reservation System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2026-0592
7.3
ReservationMultiple Products
A security flaw has been discovered in code-projects Online Product Reservation System 1
CVSS Base7.3
β
CRSSelect profile
CVE-2026-0605
7.3
MusicMultiple Products
A security vulnerability has been detected in code-projects Online Music Site 1
CVSS Base7.3
β
CRSSelect profile
CVE-2026-0606
7.3
MusicMultiple Products
A vulnerability was detected in code-projects Online Music Site 1
CVSS Base7.3
β
CRSSelect profile
CVE-2026-0607
7.3
MusicMultiple Products
A flaw has been found in code-projects Online Music Site 1
CVSS Base7.3
β
CRSSelect profile
CVE-2025-5965 (reserved 2025, disclosed 2026)
7.2
backupMultiple Products
In the backup parameters, a user with high privilege is able to concatenate custom instructions to the backup setup
CVSS Base7.2
β
CRSSelect profile
CVE-2025-66376 (reserved 2025, disclosed 2026)
7.2
ZimbraMultiple Products
Zimbra Collaboration (ZCS) 10 before 10
CVSS Base7.2
β
CRSSelect profile
CVE-2025-66648 (reserved 2025, disclosed 2026)
7.2
UnknownMultiple Products
vega-functions provides function implementations for the Vega expression language
CVSS Base7.2
β
CRSSelect profile
CVE-2024-30461 (reserved 2024, disclosed 2026)
7.1
Tumult Inc TumultMultiple Products
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tumult Inc Tumult Hype Animations allows DOM-Based XSS
CVSS Base7.1
β
CRSSelect profile
CVE-2025-52519 (reserved 2025, disclosed 2026)
7.1
ProcessorMultiple Products
An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos 1330, 1380, 1480, 2400, 1580, and 2500
CVSS Base7.1
β
CRSSelect profile
CVE-2025-61781 (reserved 2025, disclosed 2026)
7.1
OpenCTIMultiple Products
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables
CVSS Base7.1
β
CRSSelect profile
CVE-2024-30547 (reserved 2024, disclosed 2026)
7.1
Shazdeh Header ImageMultiple Products
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Shazdeh Header Image Slider header-image-slider allows DOM-Based XSS
CVSS Base7.1
β
CRSSelect profile
CVE-2025-69084 (reserved 2025, disclosed 2026)
7.1
ImproperMultiple Products
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GT3 themes Photo Gallery allows Reflected XSS
CVSS Base7.1
β
CRSSelect profile
CVE-2025-69085 (reserved 2025, disclosed 2026)
7.1
ImproperMultiple Products
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e-plugins JobBank allows Reflected XSS
CVSS Base7.1
β
CRSSelect profile
CVE-2025-31642 (reserved 2025, disclosed 2026)
7.1
Dasinfomedia WPCHURCHMultiple Products
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dasinfomedia WPCHURCH allows Reflected XSS
CVSS Base7.1
β
CRSSelect profile
CVE-2025-20801 (reserved 2025, disclosed 2026)
7
InMultiple Products
In seninf, there is a possible memory corruption due to a race condition