Export limit exceeded: 328764 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (328764 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-69001 | 1 Wordpress | 1 Wordpress | 2026-01-28 | 5.3 Medium |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Shahjahan Jewel FluentForm fluentform allows Code Injection.This issue affects FluentForm: from n/a through <= 6.1.11. | ||||
| CVE-2025-68999 | 2 Happymonster, Wordpress | 2 Happy Addons For Elementor, Wordpress | 2026-01-28 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows Blind SQL Injection.This issue affects Happy Addons for Elementor: from n/a through <= 3.20.4. | ||||
| CVE-2025-68986 | 1 Wordpress | 1 Wordpress | 2026-01-28 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Miion miion allows Upload a Web Shell to a Web Server.This issue affects Miion: from n/a through <= 1.2.7. | ||||
| CVE-2025-68912 | 1 Wordpress | 1 Wordpress | 2026-01-28 | 8.6 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Harmonic Design HDForms hdforms allows Path Traversal.This issue affects HDForms: from n/a through <= 1.6.1. | ||||
| CVE-2025-68910 | 1 Wordpress | 1 Wordpress | 2026-01-28 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in blazethemes Blogzee blogzee allows Using Malicious Files.This issue affects Blogzee: from n/a through <= 1.0.5. | ||||
| CVE-2025-68909 | 1 Wordpress | 1 Wordpress | 2026-01-28 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in blazethemes Blogistic blogistic allows Using Malicious Files.This issue affects Blogistic: from n/a through <= 1.0.5. | ||||
| CVE-2025-68059 | 1 Wordpress | 1 Wordpress | 2026-01-28 | 7.6 High |
| Missing Authorization vulnerability in e-plugins Hotel Listing hotel-listing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hotel Listing: from n/a through <= 1.4.2. | ||||
| CVE-2025-68058 | 2 E-plugins, Wordpress | 2 Institutions Directory, Wordpress | 2026-01-28 | 7.6 High |
| Missing Authorization vulnerability in e-plugins Institutions Directory institutions-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Institutions Directory: from n/a through <= 1.3..4. | ||||
| CVE-2025-68057 | 2 E-plugins, Wordpress | 2 Hospital & Doctor Directory, Wordpress | 2026-01-28 | 7.6 High |
| Missing Authorization vulnerability in e-plugins Hospital Doctor Directory hospital-doctor-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hospital Doctor Directory: from n/a through <= 1.3.9. | ||||
| CVE-2025-67946 | 2 Scriptsbundle, Wordpress | 2 Adforest, Wordpress | 2026-01-28 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in scriptsbundle AdForest adforest allows PHP Local File Inclusion.This issue affects AdForest: from n/a through <= 6.0.11. | ||||
| CVE-2025-67945 | 3 Mailerlite, Woocommerce, Wordpress | 3 Mailerlite, Woocommerce, Wordpress | 2026-01-28 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MailerLite MailerLite – WooCommerce integration woo-mailerlite allows SQL Injection.This issue affects MailerLite – WooCommerce integration: from n/a through <= 3.1.2. | ||||
| CVE-2025-67944 | 2 Neliosoftware, Wordpress | 2 Nelio Ab Testing, Wordpress | 2026-01-28 | 9.1 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Code Injection.This issue affects Nelio AB Testing: from n/a through <= 8.1.8. | ||||
| CVE-2025-67943 | 2 Wordpress, Wphocus | 2 Wordpress, My Auctions Allegro | 2026-01-28 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Reflected XSS.This issue affects My auctions allegro: from n/a through <= 3.6.32. | ||||
| CVE-2025-67942 | 1 Wordpress | 1 Wordpress | 2026-01-28 | 6.5 Medium |
| Missing Authorization vulnerability in peachpayments Peach Payments Gateway wc-peach-payments-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Peach Payments Gateway: from n/a through <= 3.3.6. | ||||
| CVE-2025-63388 | 2 Dify, Langgenius | 2 Dify, Dify | 2026-01-28 | 9.1 Critical |
| A Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability exists in Dify v1.9.1 in the /console/api/system-features endpoint. The endpoint implements an overly permissive CORS policy that reflects arbitrary Origin headers and sets Access-Control-Allow-Credentials: true, allowing any external domain to make authenticated cross-origin requests. NOTE: the Supplier disputes this, providing the rationale of "sending requests with credentials does not provide any additional access compared to unauthenticated requests." | ||||
| CVE-2025-27063 | 1 Qualcomm | 223 Csra6620, Csra6620 Firmware, Csra6640 and 220 more | 2026-01-28 | 7.8 High |
| Memory corruption during video playback when video session open fails with time out error. | ||||
| CVE-2025-47319 | 1 Qualcomm | 237 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 234 more | 2026-01-28 | 6.7 Medium |
| Information disclosure while exposing internal TA-to-TA communication APIs to HLOS | ||||
| CVE-2025-47322 | 1 Qualcomm | 223 Ar8031, Ar8031 Firmware, Ar8035 and 220 more | 2026-01-28 | 7.8 High |
| Memory corruption while handling IOCTL calls to set mode. | ||||
| CVE-2026-24131 | 1 Pnpm | 1 Pnpm | 2026-01-28 | 5.5 Medium |
| pnpm is a package manager. Prior to version 10.28.2, when pnpm processes a package's `directories.bin` field, it uses `path.join()` without validating the result stays within the package root. A malicious npm package can specify `"directories": {"bin": "../../../../tmp"}` to escape the package directory, causing pnpm to chmod 755 files at arbitrary locations. This issue only affects Unix/Linux/macOS. Windows is not affected (`fixBin` gated by `EXECUTABLE_SHEBANG_SUPPORTED`). Version 10.28.2 contains a patch. | ||||
| CVE-2025-47323 | 1 Qualcomm | 357 Ar8035, Ar8035 Firmware, Csra6620 and 354 more | 2026-01-28 | 7.8 High |
| Memory corruption while routing GPR packets between user and root when handling large data packet. | ||||