Total
332481 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-14188 | 2026-01-28 | 8.3 HIGH | 7.2 HIGH | ||
| A security vulnerability has been detected in UGREEN DH2100+ up to 5.3.0.251125. This impacts the function handler_file_backup_create of the file /v1/file/backup/create of the component nas_svr. The manipulation of the argument path leads to command injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. Upgrading the affected component is advised. | |||||
| CVE-2025-14187 | 2026-01-28 | 8.3 HIGH | 7.2 HIGH | ||
| A weakness has been identified in UGREEN DH2100+ up to 5.3.0.251125. This affects the function handler_file_backup_create of the file /v1/file/backup/create of the component nas_svr. Executing a manipulation of the argument path can lead to buffer overflow. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. It is recommended to upgrade the affected component. | |||||
| CVE-2025-36911 | 1 Google | 1 Android | 2026-01-28 | N/A | 7.1 HIGH |
| In key-based pairing, there is a possible ID due to a logic error in the code. This could lead to remote (proximal/adjacent) information disclosure of user's conversations and location with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2026-24867 | 2026-01-28 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2026-24866 | 2026-01-28 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2026-24865 | 2026-01-28 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2026-24864 | 2026-01-28 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2026-24863 | 2026-01-28 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2026-24862 | 2026-01-28 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2026-24861 | 2026-01-28 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2026-24860 | 2026-01-28 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2026-24859 | 2026-01-28 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2026-24793 | 2026-01-27 | N/A | N/A | ||
| Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in azerothcore azerothcore-wotlk (deps/zlib modules). This vulnerability is associated with program files inflate.C. This issue affects azerothcore-wotlk: through v4.0.0. | |||||
| CVE-2026-22481 | 2026-01-27 | N/A | 8.8 HIGH | ||
| Missing Authorization vulnerability in Rasedul Haque Rumi BD Courier Order Ratio Checker bd-courier-order-ratio-checker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BD Courier Order Ratio Checker: from n/a through <= 2.0.1. | |||||
| CVE-2025-69190 | 2026-01-27 | N/A | 7.3 HIGH | ||
| Missing Authorization vulnerability in e-plugins Listihub listihub allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Listihub: from n/a through <= 1.0.6. | |||||
| CVE-2025-69183 | 2026-01-27 | N/A | 8.8 HIGH | ||
| Incorrect Privilege Assignment vulnerability in e-plugins Hospital Doctor Directory hospital-doctor-directory allows Privilege Escalation.This issue affects Hospital Doctor Directory: from n/a through <= 1.3.9. | |||||
| CVE-2025-69182 | 2026-01-27 | N/A | 8.8 HIGH | ||
| Incorrect Privilege Assignment vulnerability in e-plugins Institutions Directory institutions-directory allows Privilege Escalation.This issue affects Institutions Directory: from n/a through <= 1.3.4. | |||||
| CVE-2025-68899 | 2026-01-27 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in designthemes Vivagh vivagh allows Object Injection.This issue affects Vivagh: from n/a through <= 2.4. | |||||
| CVE-2025-68898 | 2026-01-27 | N/A | 5.8 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cjjparadoxmax Synergy Project Manager synergy-project-manager allows Stored XSS.This issue affects Synergy Project Manager: from n/a through <= 1.5. | |||||
| CVE-2025-68896 | 2026-01-27 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in vrpr WDV One Page Docs wdv-one-page-docs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WDV One Page Docs: from n/a through <= 1.2.4. | |||||