Export limit exceeded: 337774 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 337774 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 337774 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (337774 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-36746 | 1 Solaredge | 2 Monitoring Platform, Solaredge Monitoring Platform | 2026-01-06 | 5.4 Medium |
| SolarEdge monitoring platform contains a Cross‑Site Scripting (XSS) flaw that allows an authenticated user to inject payloads into report names, which may execute in a victim’s browser during a deletion attempt. | ||||
| CVE-2025-36743 | 1 Solaredge | 2 Se3680h, Se3680h Firmware | 2026-01-06 | 6.8 Medium |
| SolarEdge SE3680H has an exposed debug/test interface accessible to unauthenticated actors, allowing disclosure of system internals and execution of debug commands. | ||||
| CVE-2023-28802 | 1 Zscaler | 1 Client Connector | 2026-01-06 | 4.9 Medium |
| An Improper Validation of Integrity Check Value in Zscaler Client Connector on Windows allows an authenticated user to disable ZIA/ZPA by interrupting the service restart from Zscaler Diagnostics. This issue affects Client Connector: before 4.2.0.149. | ||||
| CVE-2025-27387 | 1 Oppo | 1 Oppo Clone Phone | 2026-01-06 | 7.4 High |
| OPPO Clone Phone uses a weak password WiFi hotspot to transfer files, resulting in Information disclosure. | ||||
| CVE-2026-21750 | 2026-01-06 | N/A | ||
| Not used | ||||
| CVE-2026-21749 | 2026-01-06 | N/A | ||
| Not used | ||||
| CVE-2026-21748 | 2026-01-06 | N/A | ||
| Not used | ||||
| CVE-2026-21747 | 2026-01-06 | N/A | ||
| Not used | ||||
| CVE-2026-21746 | 2026-01-06 | N/A | ||
| Not used | ||||
| CVE-2026-21745 | 2026-01-06 | N/A | ||
| Not used | ||||
| CVE-2026-21744 | 2026-01-06 | N/A | ||
| Not used | ||||
| CVE-2023-37466 | 2 Redhat, Vm2 Project | 3 Acm, Multicluster Engine, Vm2 | 2026-01-05 | 9.8 Critical |
| vm2 is an advanced vm/sandbox for Node.js. The library contains critical security issues and should not be used for production. The maintenance of the project has been discontinued. In vm2 for versions up to 3.9.19, `Promise` handler sanitization can be bypassed with the `@@species` accessor property allowing attackers to escape the sandbox and run arbitrary code, potentially allowing remote code execution inside the context of vm2 sandbox. Version 3.10.0 contains a patch for the issue. | ||||
| CVE-2025-55065 | 2026-01-05 | 7.5 High | ||
| CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | ||||
| CVE-2025-14047 | 1 Wordpress | 1 Wordpress | 2026-01-05 | 5.3 Medium |
| The Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission – WP User Frontend plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'Frontend_Form_Ajax::submit_post' function in all versions up to, and including, 4.2.4. This makes it possible for unauthenticated attackers to delete attachment. | ||||
| CVE-2025-14998 | 2 Wordpress, Wpmudev | 2 Wordpress, Branda | 2026-01-05 | 9.8 Critical |
| The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.24. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account. | ||||
| CVE-2025-62857 | 2 Qnap, Qnap Systems Inc. | 2 Qumagie, Qumagie | 2026-01-05 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version: QuMagie 2.8.1 and later | ||||
| CVE-2025-53589 | 2 Qnap, Qnap Systems Inc. | 4 Qts, Quts Hero, Qts and 1 more | 2026-01-05 | 4.9 Medium |
| A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later | ||||
| CVE-2025-53590 | 1 Qnap | 2 Qts, Quts Hero | 2026-01-05 | 4.9 Medium |
| A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following version: QTS 5.2.7.3256 build 20250913 and later | ||||
| CVE-2025-53591 | 2 Qnap, Qnap Systems Inc. | 4 Qts, Quts Hero, Qts and 1 more | 2026-01-05 | 6.5 Medium |
| A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later | ||||
| CVE-2025-53592 | 2 Qnap, Qnap Systems Inc. | 4 Qts, Quts Hero, Qts and 1 more | 2026-01-05 | 6.5 Medium |
| A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later | ||||