Export limit exceeded: 341102 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 341102 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (76982 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-69004 | 3 Woocommerce, Wordpress, Xpeedstudio | 3 Woocommerce, Wordpress, Bajaar - Highly Customizable Woocommerce Wordpress Theme | 2026-01-28 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in XpeedStudio Bajaar - Highly Customizable WooCommerce WordPress Theme bajaar allows PHP Local File Inclusion.This issue affects Bajaar - Highly Customizable WooCommerce WordPress Theme: from n/a through <= 2.1.0. | ||||
| CVE-2025-69003 | 2 Qantumthemes, Wordpress | 2 Kentharadio, Wordpress | 2026-01-28 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QantumThemes KenthaRadio qt-kentharadio allows Reflected XSS.This issue affects KenthaRadio: from n/a through <= 2.2.0. | ||||
| CVE-2025-69002 | 2 Designthemes, Wordpress | 2 Onelife, Wordpress | 2026-01-28 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in designthemes OneLife onelife allows Object Injection.This issue affects OneLife: from n/a through <= 3.9. | ||||
| CVE-2025-68999 | 2 Happymonster, Wordpress | 2 Happy Addons For Elementor, Wordpress | 2026-01-28 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows Blind SQL Injection.This issue affects Happy Addons for Elementor: from n/a through <= 3.20.4. | ||||
| CVE-2025-68912 | 1 Wordpress | 1 Wordpress | 2026-01-28 | 8.6 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Harmonic Design HDForms hdforms allows Path Traversal.This issue affects HDForms: from n/a through <= 1.6.1. | ||||
| CVE-2025-68059 | 1 Wordpress | 1 Wordpress | 2026-01-28 | 7.6 High |
| Missing Authorization vulnerability in e-plugins Hotel Listing hotel-listing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hotel Listing: from n/a through <= 1.4.2. | ||||
| CVE-2025-68058 | 2 E-plugins, Wordpress | 2 Institutions Directory, Wordpress | 2026-01-28 | 7.6 High |
| Missing Authorization vulnerability in e-plugins Institutions Directory institutions-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Institutions Directory: from n/a through <= 1.3..4. | ||||
| CVE-2025-68057 | 2 E-plugins, Wordpress | 2 Hospital & Doctor Directory, Wordpress | 2026-01-28 | 7.6 High |
| Missing Authorization vulnerability in e-plugins Hospital Doctor Directory hospital-doctor-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hospital Doctor Directory: from n/a through <= 1.3.9. | ||||
| CVE-2025-67946 | 2 Scriptsbundle, Wordpress | 2 Adforest, Wordpress | 2026-01-28 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in scriptsbundle AdForest adforest allows PHP Local File Inclusion.This issue affects AdForest: from n/a through <= 6.0.11. | ||||
| CVE-2025-67943 | 2 Wordpress, Wphocus | 2 Wordpress, My Auctions Allegro | 2026-01-28 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Reflected XSS.This issue affects My auctions allegro: from n/a through <= 3.6.32. | ||||
| CVE-2025-27063 | 1 Qualcomm | 223 Csra6620, Csra6620 Firmware, Csra6640 and 220 more | 2026-01-28 | 7.8 High |
| Memory corruption during video playback when video session open fails with time out error. | ||||
| CVE-2025-47322 | 1 Qualcomm | 223 Ar8031, Ar8031 Firmware, Ar8035 and 220 more | 2026-01-28 | 7.8 High |
| Memory corruption while handling IOCTL calls to set mode. | ||||
| CVE-2025-47323 | 1 Qualcomm | 357 Ar8035, Ar8035 Firmware, Csra6620 and 354 more | 2026-01-28 | 7.8 High |
| Memory corruption while routing GPR packets between user and root when handling large data packet. | ||||
| CVE-2025-69076 | 2 Ancorathemes, Wordpress | 2 Modern Housewife, Wordpress | 2026-01-28 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Modern Housewife modernhousewife allows PHP Local File Inclusion.This issue affects Modern Housewife: from n/a through <= 1.0.12. | ||||
| CVE-2025-47348 | 1 Qualcomm | 409 Aqt1000, Aqt1000 Firmware, Ar8035 and 406 more | 2026-01-28 | 7.8 High |
| Memory corruption while processing identity credential operations in the trusted application. | ||||
| CVE-2026-24477 | 1 Mintplexlabs | 2 Anything-llm, Anythingllm | 2026-01-28 | 7.5 High |
| AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. If AnythingLLM prior to version 1.10.0 is configured to use Qdrant as the vector database with an API key, this QdrantApiKey could be exposed in plain text to unauthenticated users via the `/api/setup-complete` endpoint. Leakage of QdrantApiKey allows an unauthenticated attacker full read/write access to the Qdrant vector database instance used by AnythingLLM. Since Qdrant often stores the core knowledge base for RAG in AnythingLLM, this can lead to complete compromise of the semantic search / retrieval functionality and indirect leakage of confidential uploaded documents. Version 1.10.0 patches the issue. | ||||
| CVE-2026-24478 | 1 Mintplexlabs | 2 Anything-llm, Anythingllm | 2026-01-28 | 7.2 High |
| AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.10.0, a critical Path Traversal vulnerability in the DrupalWiki integration allows a malicious admin (or an attacker who can convince an admin to configure a malicious DrupalWiki URL) to write arbitrary files to the server. This can lead to Remote Code Execution (RCE) by overwriting configuration files or writing executable scripts. Version 1.10.0 fixes the issue. | ||||
| CVE-2022-36943 | 1 Ziparchive Project | 1 Ziparchive | 2026-01-28 | 8.1 High |
| SSZipArchive versions 2.5.3 and older contain an arbitrary file write vulnerability due to lack of sanitization on paths which are symlinks. SSZipArchive will overwrite files on the filesystem when opening a malicious ZIP containing a symlink as the first item. | ||||
| CVE-2025-47382 | 1 Qualcomm | 199 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 196 more | 2026-01-28 | 7.8 High |
| Memory corruption while loading an invalid firmware in boot loader. | ||||
| CVE-2025-47387 | 1 Qualcomm | 91 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 88 more | 2026-01-28 | 7.8 High |
| Memory Corruption when processing IOCTLs for JPEG data without verification. | ||||