Export limit exceeded: 74443 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (74443 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-3134 | 2026-02-25 | 7.3 High | ||
| A security flaw has been discovered in itsourcecode News Portal Project 1.0. The affected element is an unknown function of the file /newsportal/admin/edit-category.php. The manipulation of the argument Category results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-3133 | 2026-02-25 | 7.3 High | ||
| A vulnerability has been found in itsourcecode Document Management System 1.0. This issue affects some unknown processing of the file /loging.php of the component Login. The manipulation of the argument Username leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-14905 | 1 Redhat | 3 Directory Server, Enterprise Linux, Redhat Directory Server | 2026-02-25 | 7.2 High |
| A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function within the `schema.c` file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for additional formatting characters. When a large number of aliases are processed, this oversight can lead to a heap overflow, potentially allowing a remote attacker to cause a Denial of Service (DoS) or achieve Remote Code Execution (RCE). | ||||
| CVE-2026-25108 | 2 Soliton, Soliton Systems K.k. | 2 Filezen, Filezen | 2026-02-24 | 8.8 High |
| FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command. | ||||
| CVE-2026-25899 | 2026-02-24 | 7.5 High | ||
| Fiber is an Express inspired web framework written in Go. In versions on the v3 branch prior to 3.1.0, the use of the `fiber_flash` cookie can force an unbounded allocation on any server. A crafted 10-character cookie value triggers an attempt to allocate up to 85GB of memory via unvalidated msgpack deserialization. No authentication is required. Every GoFiber v3 endpoint is affected regardless of whether the application uses flash messages. Version 3.1.0 fixes the issue. | ||||
| CVE-2026-22346 | 2 A Wp Life, Wordpress | 2 Slider Responsive Slideshow – Image Slider, Gallery Slideshow, Wordpress | 2026-02-24 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in A WP Life Slider Responsive Slideshow – Image slider, Gallery slideshow slider-responsive-slideshow allows Object Injection.This issue affects Slider Responsive Slideshow – Image slider, Gallery slideshow: from n/a through <= 1.5.4. | ||||
| CVE-2026-22345 | 2 A Wp Life, Wordpress | 2 Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery, Wordpress | 2026-02-24 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in A WP Life Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery new-image-gallery allows Object Injection.This issue affects Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery: from n/a through <= 1.6.0. | ||||
| CVE-2025-69297 | 2 Ghostpool, Wordpress | 2 Aardvark Plugin, Wordpress | 2026-02-24 | 7.5 High |
| Missing Authorization vulnerability in GhostPool Aardvark Plugin aardvark-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aardvark Plugin: from n/a through <= 2.19. | ||||
| CVE-2025-69294 | 2 Fuelthemes, Wordpress | 2 Peakshops, Wordpress | 2026-02-24 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in fuelthemes PeakShops peakshops allows Object Injection.This issue affects PeakShops: from n/a through <= 1.5.9. | ||||
| CVE-2025-69063 | 2 Saad Iqbal, Wordpress | 2 New User Approve, Wordpress | 2026-02-24 | 8.6 High |
| Missing Authorization vulnerability in Saad Iqbal New User Approve new-user-approve allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects New User Approve: from n/a through <= 3.2.0. | ||||
| CVE-2025-68853 | 2 Kleor, Wordpress | 2 Contact Manager, Wordpress | 2026-02-24 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in Kleor Contact Manager contact-manager allows Object Injection.This issue affects Contact Manager: from n/a through <= 9.1.1. | ||||
| CVE-2025-68531 | 2 Modeltheme, Wordpress | 2 Addons For Wpbakery And Elementor, Wordpress | 2026-02-24 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in modeltheme ModelTheme Addons for WPBakery and Elementor modeltheme-addons-for-wpbakery allows Object Injection.This issue affects ModelTheme Addons for WPBakery and Elementor: from n/a through < 1.5.6. | ||||
| CVE-2025-68069 | 2 Wordpress, Wpwax | 2 Wordpress, Directorist | 2026-02-24 | 7.1 High |
| Missing Authorization vulnerability in wpWax Directorist directorist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directorist: from n/a through <= 8.5.10. | ||||
| CVE-2025-68043 | 2 Lottiefiles, Wordpress | 2 Lottiefiles, Wordpress | 2026-02-24 | 7.3 High |
| Missing Authorization vulnerability in LottieFiles LottieFiles lottiefiles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LottieFiles: from n/a through <= 3.0.0. | ||||
| CVE-2025-67977 | 2 Villatheme, Wordpress | 2 Happy, Wordpress | 2026-02-24 | 8.2 High |
| Missing Authorization vulnerability in VillaTheme HAPPY happy-helpdesk-support-ticket-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HAPPY: from n/a through <= 1.0.8. | ||||
| CVE-2025-67974 | 2 Wordpress, Wplegalpages | 2 Wordpress, Wp Legal Pages | 2026-02-24 | 7.5 High |
| Missing Authorization vulnerability in WP Legal Pages WPLegalPages wplegalpages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLegalPages: from n/a through <= 3.5.4. | ||||
| CVE-2026-21420 | 1 Dell | 1 Repository Manager | 2026-02-24 | 7.3 High |
| Dell Repository Manager (DRM), versions prior to 3.4.8, contains an Uncontrolled Search Path Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution and escalation of privileges. | ||||
| CVE-2026-2778 | 2026-02-24 | 7.5 High | ||
| Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. | ||||
| CVE-2026-2764 | 2026-02-24 | 7.5 High | ||
| JIT miscompilation, use-after-free in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. | ||||
| CVE-2026-2757 | 2026-02-24 | 7.5 High | ||
| Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. | ||||