Export limit exceeded: 336222 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 336222 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (336222 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-47356 | 1 Qualcomm | 39 Cologne, Cologne Firmware, Fastconnect 6900 and 36 more | 2026-01-27 | 7.8 High |
| Memory Corruption when multiple threads concurrently access and modify shared resources. | ||||
| CVE-2025-47369 | 1 Qualcomm | 351 Ar8035, Ar8035 Firmware, Csra6620 and 348 more | 2026-01-27 | 5.5 Medium |
| Information disclosure when a weak hashed value is returned to userland code in response to a IOCTL call to obtain a session ID. | ||||
| CVE-2025-5115 | 1 Eclipse | 1 Jetty | 2026-01-27 | 7.5 High |
| In Eclipse Jetty, versions <=9.4.57, <=10.0.25, <=11.0.25, <=12.0.21, <=12.1.0.alpha2, an HTTP/2 client may trigger the server to send RST_STREAM frames, for example by sending frames that are malformed or that should not be sent in a particular stream state, therefore forcing the server to consume resources such as CPU and memory. For example, a client can open a stream and then send WINDOW_UPDATE frames with window size increment of 0, which is illegal. Per specification https://www.rfc-editor.org/rfc/rfc9113.html#name-window_update , the server should send a RST_STREAM frame. The client can now open another stream and send another bad WINDOW_UPDATE, therefore causing the server to consume more resources than necessary, as this case does not exceed the max number of concurrent streams, yet the client is able to create an enormous amount of streams in a short period of time. The attack can be performed with other conditions (for example, a DATA frame for a closed stream) that cause the server to send a RST_STREAM frame. Links: * https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h | ||||
| CVE-2025-47380 | 1 Qualcomm | 29 Fastconnect 7800, Fastconnect 7800 Firmware, Qcc2072 and 26 more | 2026-01-27 | 7.8 High |
| Memory corruption while preprocessing IOCTLs in sensors. | ||||
| CVE-2025-47388 | 1 Qualcomm | 91 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 88 more | 2026-01-27 | 7.8 High |
| Memory corruption while passing pages to DSP with an unaligned starting address. | ||||
| CVE-2025-47393 | 1 Qualcomm | 37 Qam8255p, Qam8255p Firmware, Qam8650p and 34 more | 2026-01-27 | 7.8 High |
| Memory corruption when accessing resources in kernel driver. | ||||
| CVE-2025-47394 | 1 Qualcomm | 91 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 88 more | 2026-01-27 | 7.8 High |
| Memory corruption when copying overlapping buffers during memory operations due to incorrect offset calculations. | ||||
| CVE-2026-22411 | 2 Mikado-themes, Wordpress | 2 Dolcino, Wordpress | 2026-01-27 | 5.4 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Dolcino dolcino allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dolcino: from n/a through <= 1.6. | ||||
| CVE-2026-22409 | 2 Mikado-themes, Wordpress | 2 Justicia, Wordpress | 2026-01-27 | 5.4 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Justicia justicia allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Justicia: from n/a through <= 1.2. | ||||
| CVE-2026-22407 | 2 Mikado-themes, Wordpress | 2 Roam, Wordpress | 2026-01-27 | 5.4 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Roam roam allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Roam: from n/a through <= 2.1.1. | ||||
| CVE-2026-22406 | 2 Mikado-themes, Wordpress | 2 Overton, Wordpress | 2026-01-27 | 5.4 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Overton overton allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Overton: from n/a through <= 1.3. | ||||
| CVE-2026-22391 | 2 Mikado-themes, Wordpress | 2 Cocco, Wordpress | 2026-01-27 | 5.4 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Cocco cocco allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cocco: from n/a through <= 1.5.1. | ||||
| CVE-2026-22358 | 2 Smartdatasoft, Wordpress | 2 Electrician - Electrical Service Wordpress, Wordpress | 2026-01-27 | 5.4 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Electrician - Electrical Service WordPress electrician allows Server Side Request Forgery.This issue affects Electrician - Electrical Service WordPress: from n/a through <= 5.6. | ||||
| CVE-2026-22348 | 1 Wordpress | 1 Wordpress | 2026-01-27 | 5.3 Medium |
| Missing Authorization vulnerability in Tasos Fel Civic Cookie Control civic-cookie-control-8 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Civic Cookie Control: from n/a through <= 1.53. | ||||
| CVE-2025-47395 | 1 Qualcomm | 3 Snapdragon, Wcn7861, Wcn7861 Firmware | 2026-01-27 | 6.5 Medium |
| Transient DOS while parsing a WLAN management frame with a Vendor Specific Information Element. | ||||
| CVE-2025-69319 | 2 Wordpress, Wpbeaverbuilder | 2 Wordpress, Beaver Builder | 2026-01-27 | 7.5 High |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Beaver Builder Beaver Builder beaver-builder-lite-version allows Code Injection.This issue affects Beaver Builder: from n/a through <= 2.9.4.1. | ||||
| CVE-2025-69315 | 2 Nsquared, Wordpress | 2 Simply Schedule Appointments, Wordpress | 2026-01-27 | 6.5 Medium |
| Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through <= 1.6.9.15. | ||||
| CVE-2025-69314 | 1 Wordpress | 1 Wordpress | 2026-01-27 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in fuelthemes Werkstatt werkstatt allows PHP Local File Inclusion.This issue affects Werkstatt: from n/a through < 4.8.3. | ||||
| CVE-2025-69313 | 2 Wordpress, Wpxpo | 2 Wordpress, Postx | 2026-01-27 | 7.5 High |
| Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostX: from n/a through <= 5.0.3. | ||||
| CVE-2025-69312 | 2 Wordpress, Xpro | 2 Wordpress, Xpro Elementor Addons | 2026-01-27 | 9.1 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows Upload a Web Shell to a Web Server.This issue affects Xpro Elementor Addons: from n/a through <= 1.4.19.1. | ||||