3.7

CVSS3.1

CVE-2026-0989 - Libxml2: unbounded relaxng include recursion leading to stack overflow

A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested <include> directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. …

πŸ“… Published: Jan. 15, 2026, midnight πŸ”„ Last Modified: April 22, 2026, 10:16 a.m.

9.9

CVSS3.1

CVE-2025-67084 -

File upload vulnerability in InvoicePlane through 1.6.3 allows authenticated attackers to upload arbitrary PHP files into attachments, which can later be executed remotely, leading to Remote Code Execution (RCE).

πŸ“… Published: Jan. 15, 2026, midnight πŸ”„ Last Modified: Jan. 22, 2026, 4:03 p.m.

9.8

CVSS3.1

CVE-2025-67079 -

File upload vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute code through the MSL engine of the Imagick library via crafted PDF file to the file upload and thumbnail functions.

πŸ“… Published: Jan. 15, 2026, midnight πŸ”„ Last Modified: Jan. 21, 2026, 2:42 p.m.

6.2

CVSS4.0

CVE-2026-0600 - Nexus Repository 3 - Server-Side Request Forgery in Proxy Repository Configuration

Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Repository 3 versions 3.0.0 and later allows authenticated administrators to configure proxy repositories with URLs that can access unintended network destinations, potentially including cloud metadata services and internal network …

πŸ“… Published: Jan. 14, 2026, 10:29 p.m. πŸ”„ Last Modified: April 18, 2026, 6:15 a.m.

7.5

CVSS3.1

CVE-2025-12166 - Simply Schedule Appointments <= 1.6.9.9 - Unauthenticated SQL Injection via `order` and `append_whe…

The Appointment Booking Calendar β€” Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to blind SQL Injection via the `order` and `append_where_sql` parameters in all versions up to, and including, 1.6.9.9 due to insufficient escaping on the user supplied parameter and la…

πŸ“… Published: Jan. 14, 2026, 10:23 p.m. πŸ”„ Last Modified: April 22, 2026, noon

2.4

CVSS4.0

CVE-2025-14058 -

A potential missing authentication vulnerability was reported in some Lenovo Tablets that could allow an unauthorized user with physical access to modify Control Center settings if the device is locked when the "Allow Control Center access when locked" option is disabled.

πŸ“… Published: Jan. 14, 2026, 10:20 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

7

CVSS4.0

CVE-2026-0421 - Lenovo BIOS Vulnerability Allowing Secure Boot Disablement

A potential vulnerability was reported in the BIOS of L13 Gen 6, L13 Gen 6 2-in-1, L14 Gen 6, and L16 Gen 2 ThinkPads which could result in Secure Boot being disabled even when configured as β€œOn” in the BIOS setup menu. This issue only affects systems where Secure Boot is set to User Mode.

πŸ“… Published: Jan. 14, 2026, 10:18 p.m. πŸ”„ Last Modified: April 18, 2026, 4:15 p.m.

7.3

CVSS4.0

CVE-2025-13455 -

A vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to bypass ThinkPlus device authentication and enroll an untrusted fingerprint.

πŸ“… Published: Jan. 14, 2026, 10:18 p.m. πŸ”„ Last Modified: Feb. 23, 2026, 5:53 p.m.

6.8

CVSS4.0

CVE-2025-13454 -

A potential vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to gain access to sensitive device information.

πŸ“… Published: Jan. 14, 2026, 10:18 p.m. πŸ”„ Last Modified: Feb. 25, 2026, 10:16 p.m.

5.1

CVSS4.0

CVE-2025-13453 -

A potential vulnerability was reported in some ThinkPlus USB drives that could allow a user with physical access to read data stored on the drive.

πŸ“… Published: Jan. 14, 2026, 10:18 p.m. πŸ”„ Last Modified: Feb. 25, 2026, 10:16 p.m.
Total resulsts: 349182
Page 2125 of 34,919
Β« previous page Β» next page
Filters