Export limit exceeded: 337528 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (337528 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-9289 | 1 Tp-link | 2 Omada Controller, Omada Software Controller | 2026-01-26 | N/A |
| A Cross-Site Scripting (XSS) vulnerability was identified in a parameter in Omada Controllers due to improper input sanitization. Exploitation requires advanced conditions, such as network positioning or emulating a trusted entity, and user interaction by an authenticated administrator. If successful, an attacker could execute arbitrary JavaScript in the administrator’s browser, potentially exposing sensitive information and compromising confidentiality. | ||||
| CVE-2026-22468 | 2 Abosoluteplugins, Wordpress | 2 Absolute Addons For Elementor, Wordpress | 2026-01-26 | 4.3 Medium |
| Missing Authorization vulnerability in AbsolutePlugins Absolute Addons For Elementor absolute-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Absolute Addons For Elementor: from n/a through <= 1.0.14. | ||||
| CVE-2026-22469 | 1 Wordpress | 1 Wordpress | 2026-01-26 | 5.3 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in mwtemplates DeepDigital deepdigital allows Code Injection.This issue affects DeepDigital: from n/a through <= 1.0.2. | ||||
| CVE-2026-0778 | 1 Enel X | 1 Juicebox 40 | 2026-01-26 | N/A |
| Enel X JuiceBox 40 Telnet Service Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Enel X JuiceBox 40 charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the telnet service, which listens on TCP port 2000 by default. The issue results from the lack of authentication prior to allowing remote connections. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-23285. | ||||
| CVE-2026-0774 | 1 Watchyourlan | 1 Watchyourlan | 2026-01-26 | N/A |
| WatchYourLAN Configuration Page Argument Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of WatchYourLAN. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the arpstrs parameter. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-26708. | ||||
| CVE-2026-0773 | 1 Upsonic | 1 Upsonic | 2026-01-26 | N/A |
| Upsonic Cloudpickle Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Upsonic. Authentication is not required to exploit this vulnerability. The specific flaw exists within the add_tool endpoint, which listens on TCP port 7541 by default. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-26845. | ||||
| CVE-2026-0759 | 1 Katana Network | 1 Development Starter Kit | 2026-01-26 | N/A |
| Katana Network Development Starter Kit executeCommand Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Katana Network Development Starter Kit. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the executeCommand method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-27786. | ||||
| CVE-2026-0756 | 1 Github-kanban-mcp-server | 1 Github-kanban-mcp-server | 2026-01-26 | N/A |
| github-kanban-mcp-server execAsync Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of github-kanban-mcp-server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the create_issue parameter. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-27784. | ||||
| CVE-2025-69907 | 1 Newgensoft | 1 Omnidocs | 2026-01-26 | 7.5 High |
| An unauthenticated information disclosure vulnerability exists in Newgen OmniDocs due to missing authentication and access control on the /omnidocs/GetListofCabinet API endpoint. A remote attacker can access this endpoint without valid credentials to retrieve sensitive internal configuration information, including cabinet names and database-related metadata. This allows unauthorized enumeration of backend deployment details and may facilitate further targeted attacks. | ||||
| CVE-2026-24627 | 2 Trusona, Wordpress | 2 Trusona For Wordpress, Wordpress | 2026-01-26 | 4.3 Medium |
| Missing Authorization vulnerability in Trusona Trusona for WordPress trusona allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trusona for WordPress: from n/a through <= 2.0.0. | ||||
| CVE-2026-24605 | 2 Pencilwp, Wordpress | 2 X Addons For Elementor, Wordpress | 2026-01-26 | 4.3 Medium |
| Missing Authorization vulnerability in pencilwp X Addons for Elementor x-addons-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects X Addons for Elementor: from n/a through <= 1.0.23. | ||||
| CVE-2026-24613 | 2 Lightspeedhq, Wordpress | 2 Ecwid Ecommerce Shopping Cart, Wordpress | 2026-01-26 | 5.3 Medium |
| Missing Authorization vulnerability in Ecwid by Lightspeed Ecommerce Shopping Cart Ecwid Shopping Cart ecwid-shopping-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ecwid Shopping Cart: from n/a through <= 7.0.5. | ||||
| CVE-2026-24604 | 1 Wordpress | 1 Wordpress | 2026-01-26 | 5.3 Medium |
| Missing Authorization vulnerability in themebeez Simple GDPR Cookie Compliance simple-gdpr-cookie-compliance allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple GDPR Cookie Compliance: from n/a through <= 2.0.0. | ||||
| CVE-2026-24600 | 1 Wordpress | 1 Wordpress | 2026-01-26 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Review penci-review allows Stored XSS.This issue affects Penci Review: from n/a through <= 3.5. | ||||
| CVE-2026-24591 | 2 Wordpress, Yasir129 | 2 Wordpress, Turn Yoast Seo Faq Block To Accordion | 2026-01-26 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yasir129 Turn Yoast SEO FAQ Block to Accordion faq-schema-block-to-accordion allows Stored XSS.This issue affects Turn Yoast SEO FAQ Block to Accordion: from n/a through <= 1.0.6. | ||||
| CVE-2026-24587 | 1 Wordpress | 1 Wordpress | 2026-01-26 | 5.4 Medium |
| Missing Authorization vulnerability in kutsy AJAX Hits Counter + Popular Posts Widget ajax-hits-counter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AJAX Hits Counter + Popular Posts Widget: from n/a through <= 0.10.210305. | ||||
| CVE-2026-24577 | 2 Genetech Products, Wordpress | 2 Pie Register, Wordpress | 2026-01-26 | 5.3 Medium |
| Missing Authorization vulnerability in Genetech Products Pie Register pie-register allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pie Register: from n/a through <= 3.8.4.7. | ||||
| CVE-2026-24558 | 1 Wordpress | 1 Wordpress | 2026-01-26 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in antoniobg ABG Rich Pins abg-rich-pins allows Stored XSS.This issue affects ABG Rich Pins: from n/a through <= 1.1. | ||||
| CVE-2026-24555 | 2 Artplacer, Wordpress | 2 Artplacer Widget, Wordpress | 2026-01-26 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in artplacer ArtPlacer Widget artplacer-widget allows Stored XSS.This issue affects ArtPlacer Widget: from n/a through <= 2.23.1. | ||||
| CVE-2025-4319 | 1 Birebirsoft | 1 Sufirmam | 2026-01-26 | 9.4 Critical |
| Improper Restriction of Excessive Authentication Attempts, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutions Sufirmam allows Brute Force, Password Recovery Exploitation.This issue affects Sufirmam: through 23012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||