Export limit exceeded: 77009 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (77009 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-49375 | 1 Wordpress | 1 Wordpress | 2026-01-26 | 8.8 High |
| Missing Authorization vulnerability in cozythemes HomeLancer homelancer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HomeLancer: from n/a through <= 1.0.1. | ||||
| CVE-2025-47555 | 2 Themeum, Wordpress | 2 Tutor Lms, Wordpress | 2026-01-26 | 8.1 High |
| Authorization Bypass Through User-Controlled Key vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through <= 3.9.4. | ||||
| CVE-2025-31413 | 2 Bdthemes, Wordpress | 2 Element Pack Elementor Addons, Wordpress | 2026-01-26 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Cross Site Request Forgery.This issue affects Element Pack Elementor Addons: from n/a through <= 8.3.13. | ||||
| CVE-2025-56108 | 1 Ruijie | 11 Rg-eap602, Rg-eap602 Firmware, Rg-est310 and 8 more | 2026-01-26 | 8.8 High |
| OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V1_09241521 allowing attackers to execute arbitrary commands via a crafted POST request to the pwdmodify in file /usr/lib/lua/luci/modules/common.lua. | ||||
| CVE-2026-22401 | 1 Wordpress | 1 Wordpress | 2026-01-26 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in pavothemes Freshio freshio allows PHP Local File Inclusion.This issue affects Freshio: from n/a through <= 2.4.2. | ||||
| CVE-2025-69293 | 2 E-plugins, Wordpress | 2 Final User, Wordpress | 2026-01-26 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in e-plugins Final User final-user allows Privilege Escalation.This issue affects Final User: from n/a through <= 1.2.5. | ||||
| CVE-2025-69292 | 2 E-plugins, Wordpress | 2 Wp Membership, Wordpress | 2026-01-26 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in e-plugins WP Membership wp-membership allows Privilege Escalation.This issue affects WP Membership: from n/a through <= 1.6.4. | ||||
| CVE-2025-69193 | 2 E-plugins, Wordpress | 2 Wp Membership, Wordpress | 2026-01-26 | 7.3 High |
| Missing Authorization vulnerability in e-plugins WP Membership wp-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Membership: from n/a through <= 1.6.4. | ||||
| CVE-2025-69192 | 2 E-plugins, Wordpress | 2 Real Estate Pro, Wordpress | 2026-01-26 | 7.3 High |
| Missing Authorization vulnerability in e-plugins Real Estate Pro real-estate-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Real Estate Pro: from n/a through <= 2.1.5. | ||||
| CVE-2025-69191 | 1 Wordpress | 1 Wordpress | 2026-01-26 | 7.3 High |
| Missing Authorization vulnerability in e-plugins ListingHub listinghub allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingHub: from n/a through <= 1.2.7. | ||||
| CVE-2026-24390 | 3 Elementor, Qantumthemes, Wordpress | 3 Elementor, Kentha Elementor Widgets, Wordpress | 2026-01-26 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in QantumThemes Kentha Elementor Widgets kentha-elementor allows PHP Local File Inclusion.This issue affects Kentha Elementor Widgets: from n/a through < 3.1. | ||||
| CVE-2025-13928 | 1 Gitlab | 1 Gitlab | 2026-01-26 | 7.5 High |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an unauthenticated user to cause a denial of service condition by exploiting incorrect authorization validation in API endpoints. | ||||
| CVE-2025-13927 | 1 Gitlab | 1 Gitlab | 2026-01-26 | 7.5 High |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.9 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an unauthenticated user to create a denial of service condition by sending crafted requests with malformed authentication data. | ||||
| CVE-2026-22230 | 2 Opexus, Opexustech | 2 Ecase Audit, Ecase Audit | 2026-01-26 | 7.6 High |
| OPEXUS eCASE Audit allows an authenticated attacker to modify client-side JavaScript or craft HTTP requests to access functions or buttons that have been disabled or blocked by an administrator. Fixed in eCASE Platform 11.14.1.0. | ||||
| CVE-2025-70651 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2026-01-26 | 7.5 High |
| Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow in the ssid parameter of the form_fast_setting_wifi_set function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | ||||
| CVE-2025-70648 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2026-01-26 | 7.5 High |
| Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow in the security_5g parameter of the sub_727F4 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | ||||
| CVE-2025-70646 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2026-01-26 | 7.5 High |
| Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow in the security parameter of the sub_72290 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | ||||
| CVE-2025-71020 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2026-01-26 | 7.5 High |
| Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the security parameter of the sub_4C408 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | ||||
| CVE-2025-56088 | 1 Ruijie | 2 Rg-bcr860, Rg-bcr860 Firmware | 2026-01-26 | 8.8 High |
| OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the action_service in file /usr/lib/lua/luci/controller/admin/service.lua. | ||||
| CVE-2025-70746 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2026-01-26 | 7.5 High |
| Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the timeZone parameter of the fromSetSysTime function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. | ||||