Total
332478 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-68910 | 2026-01-28 | N/A | 9.9 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in blazethemes Blogzee blogzee allows Using Malicious Files.This issue affects Blogzee: from n/a through <= 1.0.5. | |||||
| CVE-2025-68909 | 2026-01-28 | N/A | 9.9 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in blazethemes Blogistic blogistic allows Using Malicious Files.This issue affects Blogistic: from n/a through <= 1.0.5. | |||||
| CVE-2025-68059 | 2026-01-28 | N/A | 7.6 HIGH | ||
| Missing Authorization vulnerability in e-plugins Hotel Listing hotel-listing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hotel Listing: from n/a through <= 1.4.2. | |||||
| CVE-2025-68058 | 2026-01-28 | N/A | 7.6 HIGH | ||
| Missing Authorization vulnerability in e-plugins Institutions Directory institutions-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Institutions Directory: from n/a through <= 1.3..4. | |||||
| CVE-2025-68057 | 2026-01-28 | N/A | 7.6 HIGH | ||
| Missing Authorization vulnerability in e-plugins Hospital Doctor Directory hospital-doctor-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hospital Doctor Directory: from n/a through <= 1.3.9. | |||||
| CVE-2025-67946 | 2026-01-28 | N/A | 8.1 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in scriptsbundle AdForest adforest allows PHP Local File Inclusion.This issue affects AdForest: from n/a through <= 6.0.11. | |||||
| CVE-2025-67945 | 2026-01-28 | N/A | 9.3 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MailerLite MailerLite – WooCommerce integration woo-mailerlite allows SQL Injection.This issue affects MailerLite – WooCommerce integration: from n/a through <= 3.1.2. | |||||
| CVE-2025-67944 | 2026-01-28 | N/A | 9.1 CRITICAL | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Code Injection.This issue affects Nelio AB Testing: from n/a through <= 8.1.8. | |||||
| CVE-2025-67943 | 2026-01-28 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Reflected XSS.This issue affects My auctions allegro: from n/a through <= 3.6.32. | |||||
| CVE-2025-67942 | 2026-01-28 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in peachpayments Peach Payments Gateway wc-peach-payments-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Peach Payments Gateway: from n/a through <= 3.3.6. | |||||
| CVE-2025-63388 | 1 Langgenius | 1 Dify | 2026-01-28 | N/A | 9.1 CRITICAL |
| A Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability exists in Dify v1.9.1 in the /console/api/system-features endpoint. The endpoint implements an overly permissive CORS policy that reflects arbitrary Origin headers and sets Access-Control-Allow-Credentials: true, allowing any external domain to make authenticated cross-origin requests. NOTE: the Supplier disputes this, providing the rationale of "sending requests with credentials does not provide any additional access compared to unauthenticated requests." | |||||
| CVE-2025-27063 | 1 Qualcomm | 222 Csra6620, Csra6620 Firmware, Csra6640 and 219 more | 2026-01-28 | N/A | 7.8 HIGH |
| Memory corruption during video playback when video session open fails with time out error. | |||||
| CVE-2025-47319 | 1 Qualcomm | 236 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 233 more | 2026-01-28 | N/A | 6.7 MEDIUM |
| Information disclosure while exposing internal TA-to-TA communication APIs to HLOS | |||||
| CVE-2025-47322 | 1 Qualcomm | 222 Ar8031, Ar8031 Firmware, Ar8035 and 219 more | 2026-01-28 | N/A | 7.8 HIGH |
| Memory corruption while handling IOCTL calls to set mode. | |||||
| CVE-2026-24131 | 1 Pnpm | 1 Pnpm | 2026-01-28 | N/A | 5.5 MEDIUM |
| pnpm is a package manager. Prior to version 10.28.2, when pnpm processes a package's `directories.bin` field, it uses `path.join()` without validating the result stays within the package root. A malicious npm package can specify `"directories": {"bin": "../../../../tmp"}` to escape the package directory, causing pnpm to chmod 755 files at arbitrary locations. This issue only affects Unix/Linux/macOS. Windows is not affected (`fixBin` gated by `EXECUTABLE_SHEBANG_SUPPORTED`). Version 10.28.2 contains a patch. | |||||
| CVE-2025-47323 | 1 Qualcomm | 356 Ar8035, Ar8035 Firmware, Csra6620 and 353 more | 2026-01-28 | N/A | 7.8 HIGH |
| Memory corruption while routing GPR packets between user and root when handling large data packet. | |||||
| CVE-2025-47330 | 1 Qualcomm | 446 Ar8031, Ar8031 Firmware, Ar8035 and 443 more | 2026-01-28 | N/A | 5.5 MEDIUM |
| Transient DOS while parsing video packets received from the video firmware. | |||||
| CVE-2025-47331 | 1 Qualcomm | 598 Ar8031, Ar8031 Firmware, Ar8035 and 595 more | 2026-01-28 | N/A | 6.1 MEDIUM |
| Information disclosure while processing a firmware event. | |||||
| CVE-2025-47333 | 1 Qualcomm | 478 Aqt1000, Aqt1000 Firmware, Ar8031 and 475 more | 2026-01-28 | N/A | 6.6 MEDIUM |
| Memory corruption while handling buffer mapping operations in the cryptographic driver. | |||||
| CVE-2026-1448 | 1 Dlink | 2 Dir-615, Dir-615 Firmware | 2026-01-28 | 8.3 HIGH | 7.2 HIGH |
| A vulnerability was detected in D-Link DIR-615 up to 4.10. This impacts an unknown function of the file /wiz_policy_3_machine.php of the component Web Management Interface. Performing a manipulation of the argument ipaddr results in os command injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||