Total
329236 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-66428 | 2026-01-22 | N/A | ||
| An issue with WordPress directory names in WebPros WordPress Toolkit before 6.9.1 allows privilege escalation. | ||||
| CVE-2025-14071 | 2 Livecomposer, Wordpress | 2 Live Composer, Wordpress | 2026-01-22 | 7.5 High |
| The Live Composer – Free WordPress Website Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.2 via deserialization of untrusted input in the dslc_module_posts_output shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. | ||||
| CVE-2025-10180 | 1 Wordpress | 1 Wordpress | 2026-01-22 | 6.4 Medium |
| The Markdown Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'markdown' shortcode in all versions up to, and including, 0.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2026-0892 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-01-22 | 9.8 Critical |
| Memory safety bugs present in Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 147 and Thunderbird < 147. | ||||
| CVE-2026-0891 | 1 Mozilla | 4 Firefox, Firefox Esr, Thunderbird and 1 more | 2026-01-22 | 8.1 High |
| Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. | ||||
| CVE-2026-0890 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-01-22 | 5.4 Medium |
| Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. | ||||
| CVE-2026-0889 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-01-22 | 7.5 High |
| Denial-of-service in the DOM: Service Workers component. This vulnerability affects Firefox < 147 and Thunderbird < 147. | ||||
| CVE-2026-0888 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-01-22 | 5.3 Medium |
| Information disclosure in the XML component. This vulnerability affects Firefox < 147 and Thunderbird < 147. | ||||
| CVE-2026-0887 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-01-22 | 4.3 Medium |
| Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. | ||||
| CVE-2022-50496 | 1 Linux | 1 Linux Kernel | 2026-01-22 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: dm cache: Fix UAF in destroy() Dm_cache also has the same UAF problem when dm_resume() and dm_destroy() are concurrent. Therefore, cancelling timer again in destroy(). | ||||
| CVE-2026-0886 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-01-22 | 5.3 Medium |
| Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. | ||||
| CVE-2026-0883 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-01-22 | 5.3 Medium |
| Information disclosure in the Networking component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. | ||||
| CVE-2026-0884 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-01-22 | 9.8 Critical |
| Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. | ||||
| CVE-2026-0885 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-01-22 | 6.5 Medium |
| Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. | ||||
| CVE-2026-0878 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-01-22 | 8 High |
| Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. | ||||
| CVE-2025-27380 | 2026-01-22 | 7.6 High | ||
| HTML injection in Project Release in Altium Enterprise Server (AES) 7.0.3 on all platforms allows an authenticated attacker to execute arbitrary JavaScript in the victim’s browser via crafted HTML content. | ||||
| CVE-2026-0877 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-01-22 | 8.1 High |
| Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. | ||||
| CVE-2026-0881 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-01-22 | 10 Critical |
| Sandbox escape in the Messaging System component. This vulnerability affects Firefox < 147 and Thunderbird < 147. | ||||
| CVE-2026-0513 | 1 Sap | 1 Supplier Relationship Management | 2026-01-22 | 4.7 Medium |
| Due to an Open Redirect Vulnerability in SAP Supplier Relationship Management (SICF Handler in SRM Catalog), an unauthenticated attacker could craft a malicious URL that, if accessed by a victim, redirects them to an attacker-controlled site.This causes low impact on integrity of the application. Confidentiality and availability are not impacted. | ||||
| CVE-2026-0506 | 1 Sap | 6 Abap Platform, Application Server, Netweaver and 3 more | 2026-01-22 | 8.1 High |
| Due to a Missing Authorization Check vulnerability in Application Server ABAP and ABAP Platform, an authenticated attacker could misuse an RFC function to execute form routines (FORMs) in the ABAP system. Successful exploitation could allow the attacker to write or modify data accessible via FORMs and invoke system functionality exposed via FORMs, resulting in a high impact on integrity and availability, while confidentiality remains unaffected. | ||||