Export limit exceeded: 334719 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (334719 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-68073 | 2 Ninjateam, Wordpress | 2 Gpdr Ccpa Compliance Support, Wordpress | 2026-01-28 | 6.5 Medium |
| Missing Authorization vulnerability in Ninja Team GDPR CCPA Compliance Support ninja-gdpr-compliance allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GDPR CCPA Compliance Support: from n/a through <= 2.7.4. | ||||
| CVE-2025-68072 | 2 Merv Barrett, Wordpress | 2 Easy Property Listings, Wordpress | 2026-01-28 | 6.5 Medium |
| Missing Authorization vulnerability in Merv Barrett Easy Property Listings easy-property-listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Property Listings: from n/a through <= 3.5.17. | ||||
| CVE-2025-47348 | 1 Qualcomm | 409 Aqt1000, Aqt1000 Firmware, Ar8035 and 406 more | 2026-01-28 | 7.8 High |
| Memory corruption while processing identity credential operations in the trusted application. | ||||
| CVE-2025-12636 | 1 Ubia | 1 Ubox | 2026-01-28 | 6.5 Medium |
| The Ubia camera ecosystem fails to adequately secure API credentials, potentially enabling an attacker to connect to backend services. The attacker would then be able to gain unauthorized access to available cameras, enabling the viewing of live feeds or modification of settings. | ||||
| CVE-2026-24477 | 1 Mintplexlabs | 2 Anything-llm, Anythingllm | 2026-01-28 | 7.5 High |
| AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. If AnythingLLM prior to version 1.10.0 is configured to use Qdrant as the vector database with an API key, this QdrantApiKey could be exposed in plain text to unauthenticated users via the `/api/setup-complete` endpoint. Leakage of QdrantApiKey allows an unauthenticated attacker full read/write access to the Qdrant vector database instance used by AnythingLLM. Since Qdrant often stores the core knowledge base for RAG in AnythingLLM, this can lead to complete compromise of the semantic search / retrieval functionality and indirect leakage of confidential uploaded documents. Version 1.10.0 patches the issue. | ||||
| CVE-2024-54383 | 3 Wordpress, Wpweb, Wpwebelite | 3 Wordpress, Woocommerce Pdf Vouchers, Woocommerce Pdf Vouchers | 2026-01-28 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in wpweb WooCommerce PDF Vouchers allows Privilege Escalation.This issue affects WooCommerce PDF Vouchers: from n/a before 4.9.9. | ||||
| CVE-2026-24478 | 1 Mintplexlabs | 2 Anything-llm, Anythingllm | 2026-01-28 | 7.2 High |
| AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.10.0, a critical Path Traversal vulnerability in the DrupalWiki integration allows a malicious admin (or an attacker who can convince an admin to configure a malicious DrupalWiki URL) to write arbitrary files to the server. This can lead to Remote Code Execution (RCE) by overwriting configuration files or writing executable scripts. Version 1.10.0 fixes the issue. | ||||
| CVE-2022-36943 | 1 Ziparchive Project | 1 Ziparchive | 2026-01-28 | 8.1 High |
| SSZipArchive versions 2.5.3 and older contain an arbitrary file write vulnerability due to lack of sanitization on paths which are symlinks. SSZipArchive will overwrite files on the filesystem when opening a malicious ZIP containing a symlink as the first item. | ||||
| CVE-2023-28689 | 2 Joomsky, Wordpress | 2 Js Job Manager, Wordpress | 2026-01-28 | 6.5 Medium |
| Missing Authorization vulnerability in JoomSky JS Job Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Job Manager: from n/a through 2.0.0. | ||||
| CVE-2023-25993 | 2 Webberzone, Wordpress | 2 Top 10, Wordpress | 2026-01-28 | 4.3 Medium |
| Missing Authorization vulnerability in WebberZone Top 10 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Top 10: from n/a through 3.2.3. | ||||
| CVE-2025-47382 | 1 Qualcomm | 199 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 196 more | 2026-01-28 | 7.8 High |
| Memory corruption while loading an invalid firmware in boot loader. | ||||
| CVE-2025-47387 | 1 Qualcomm | 91 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 88 more | 2026-01-28 | 7.8 High |
| Memory Corruption when processing IOCTLs for JPEG data without verification. | ||||
| CVE-2024-12397 | 1 Redhat | 13 Amq Streams, Apache Camel Hawtio, Build Keycloak and 10 more | 2026-01-28 | 7.4 High |
| A flaw was found in Quarkus-HTTP, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity. | ||||
| CVE-2025-47332 | 1 Qualcomm | 149 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 146 more | 2026-01-28 | 6.7 Medium |
| Memory corruption while processing a config call from userspace. | ||||
| CVE-2025-39485 | 1 Themegoods | 1 Grand Tour | 2026-01-28 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Tour | Travel Agency WordPress allows Object Injection. This issue affects Grand Tour | Travel Agency WordPress: from n/a through 5.5.1. | ||||
| CVE-2025-32309 | 1 Thememove | 1 Healsoul | 2026-01-28 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Healsoul allows PHP Local File Inclusion. This issue affects Healsoul: from n/a through 2.0.2. | ||||
| CVE-2025-39354 | 2 Themegoods, Wordpress | 2 Grand Conference, Wordpress | 2026-01-28 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Conference allows Object Injection.This issue affects Grand Conference: from n/a through 5.2. | ||||
| CVE-2025-39458 | 1 Qodeinteractive | 1 Foton | 2026-01-28 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Foton allows PHP Local File Inclusion.This issue affects Foton: from n/a through 2.5.2. | ||||
| CVE-2025-39590 | 1 Wpdeveloper | 1 Essential Addons For Elementor | 2026-01-28 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor allows Stored XSS. This issue affects Essential Addons for Elementor: from n/a through 6.1.9. | ||||
| CVE-2024-52616 | 1 Redhat | 2 Enterprise Linux, Openshift | 2026-01-28 | 5.3 Medium |
| A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs. | ||||