Export limit exceeded: 334991 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (334991 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-1029 | 1 Utarit | 1 Soliclub | 2026-01-16 | 7.5 High |
| Use of Hard-coded Credentials vulnerability in Utarit Information Services Inc. SoliClub allows Read Sensitive Constants Within an Executable.This issue affects SoliClub: from 5.2.4 before 5.3.7. | ||||
| CVE-2025-1030 | 1 Utarit | 1 Soliclub | 2026-01-16 | 7.5 High |
| Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Utarit Informatics Services Inc. SoliClub allows Query System for Information.This issue affects SoliClub: from 5.2.4 before 5.3.7. | ||||
| CVE-2025-1031 | 1 Utarit | 1 Soliclub | 2026-01-16 | 7.5 High |
| Authorization Bypass Through User-Controlled Key vulnerability in Utarit Informatics Services Inc. SoliClub allows Functionality Misuse.This issue affects SoliClub: from 5.2.4 before 5.3.7. | ||||
| CVE-2025-7047 | 1 Utarit | 1 Soliclub | 2026-01-16 | 4.3 Medium |
| Missing Authorization vulnerability in Utarit Informatics Services Inc. SoliClub allows Privilege Abuse.This issue affects SoliClub: before 5.3.7. | ||||
| CVE-2025-7358 | 1 Utarit | 1 Soliclub | 2026-01-16 | 7.5 High |
| Use of Hard-coded Credentials vulnerability in Utarit Informatics Services Inc. SoliClub allows Authentication Abuse.This issue affects SoliClub: before 5.3.7. | ||||
| CVE-2025-7404 | 2 Gelbphoenix, Janeczku | 2 Autocaliweb, Calibre-web | 2026-01-16 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Calibre Web, Autocaliweb allows Blind OS Command Injection.This issue affects Calibre Web: 0.6.24 (Nicolette); Autocaliweb: from 0.7.0 before 0.7.1. | ||||
| CVE-2025-43023 | 2 Hp, Linux | 5 Hp, Linux Imaging And Printing, Linux Imaging And Printing Project and 2 more | 2026-01-16 | 9.1 Critical |
| A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software documentation. This potential vulnerability is due to the use of a weak code signing key, Digital Signature Algorithm (DSA). | ||||
| CVE-2025-68637 | 1 Apache | 1 Uniffle | 2026-01-16 | 9.1 Critical |
| The Uniffle HTTP client is configured to trust all SSL certificates and disables hostname verification by default. This insecure configuration exposes all REST API communication between the Uniffle CLI/client and the Uniffle Coordinator service to potential Man-in-the-Middle (MITM) attacks. This issue affects all versions from before 0.10.0. Users are recommended to upgrade to version 0.10.0, which fixes the issue. | ||||
| CVE-2025-68493 | 1 Apache | 1 Struts | 2026-01-16 | 8.1 High |
| Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue. | ||||
| CVE-2025-66169 | 1 Apache | 1 Camel | 2026-01-16 | 5.3 Medium |
| Cypher Injection vulnerability in Apache Camel camel-neo4j component. This issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.3, from 4.15.0 before 4.17.0 Users are recommended to upgrade to version 4.10.8 for 4.10.x LTS and 4.14.3 for 4.14.x LTS and 4.17.0. | ||||
| CVE-2025-39400 | 1 Wpeverest | 2 User Registration, User Registration \& Membership | 2026-01-16 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpeverest User Registration allows Reflected XSS. This issue affects User Registration: from n/a through n/a. | ||||
| CVE-2026-0823 | 2026-01-16 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage. | ||||
| CVE-2025-13558 | 2 Blog2social, Wordpress | 2 Blog2social, Wordpress | 2026-01-16 | 5.4 Medium |
| The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'deleteUserCcDraftPost' function in all versions up to, and including, 8.7.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change the status of arbitrary posts to trash. | ||||
| CVE-2025-10145 | 2 Themeisle, Wordpress | 2 Auto Featured Image, Wordpress | 2026-01-16 | N/A |
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-7073. Reason: This candidate is a reservation duplicate of CVE-2023-7073. Notes: All CVE users should reference CVE-2023-7073 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | ||||
| CVE-2024-3677 | 2 Tinyweb, Wordpress | 2 Ultimate 410 Gone Status Code, Wordpress | 2026-01-16 | 6.4 Medium |
| The Ultimate 410 Gone Status Code plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 410 entries in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Please note TinyWeb as a separate Web Browser is not affected, and only shares a name with the author of this plugin. | ||||
| CVE-2025-14082 | 1 Redhat | 1 Build Keycloak | 2026-01-16 | 2.7 Low |
| A flaw was found in Keycloak Admin REST (Representational State Transfer) API. This vulnerability allows information disclosure of sensitive role metadata via insufficient authorization checks on the /admin/realms/{realm}/roles endpoint. | ||||
| CVE-2026-23714 | 2026-01-16 | N/A | ||
| Not used | ||||
| CVE-2026-23713 | 2026-01-16 | N/A | ||
| Not used | ||||
| CVE-2026-23712 | 2026-01-16 | N/A | ||
| Not used | ||||
| CVE-2026-23711 | 2026-01-16 | N/A | ||
| Not used | ||||