Total
332481 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-68894 | 2026-01-27 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shoutoutglobal ShoutOut shoutout allows Reflected XSS.This issue affects ShoutOut: from n/a through <= 4.0.2. | |||||
| CVE-2025-68884 | 2026-01-27 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arevico WP Simple Redirect wp-simple-redirect allows Reflected XSS.This issue affects WP Simple Redirect: from n/a through <= 1.1. | |||||
| CVE-2025-68883 | 2026-01-27 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in extremeidea bidorbuy Store Integrator bidorbuystoreintegrator allows Reflected XSS.This issue affects bidorbuy Store Integrator: from n/a through <= 2.12.0. | |||||
| CVE-2025-68882 | 2026-01-27 | N/A | 7.5 HIGH | ||
| Missing Authorization vulnerability in Scalenut Scalenut scalenut allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Scalenut: from n/a through <= 1.1.3. | |||||
| CVE-2025-68857 | 2026-01-27 | N/A | 9.3 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ichurakov Paid Downloads paid-downloads allows Blind SQL Injection.This issue affects Paid Downloads: from n/a through <= 3.15. | |||||
| CVE-2025-68839 | 2026-01-27 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Remi Corson Easy Theme Options easy-theme-options allows Reflected XSS.This issue affects Easy Theme Options: from n/a through <= 1.0. | |||||
| CVE-2025-68835 | 2026-01-27 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in matiskiba Ravpage ravpage allows Reflected XSS.This issue affects Ravpage: from n/a through <= 2.33. | |||||
| CVE-2025-68558 | 2026-01-27 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in averta Depicter Slider depicter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Depicter Slider: from n/a through <= 4.0.4. | |||||
| CVE-2025-68510 | 2026-01-27 | N/A | 8.1 HIGH | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeGoods Photography photography allows PHP Local File Inclusion.This issue affects Photography: from n/a through < 7.7.5. | |||||
| CVE-2024-1545 | 3 Linux, Microsoft, Wolfssl | 3 Linux Kernel, Windows, Wolfssl | 2026-01-27 | N/A | 5.9 MEDIUM |
| Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the RsaKey structure. | |||||
| CVE-2024-1544 | 1 Wolfssl | 1 Wolfssl | 2026-01-27 | N/A | 4.1 MEDIUM |
| Generating the ECDSA nonce k samples a random number r and then truncates this randomness with a modular reduction mod n where n is the order of the elliptic curve. Meaning k = r mod n. The division used during the reduction estimates a factor q_e by dividing the upper two digits (a digit having e.g. a size of 8 byte) of r by the upper digit of n and then decrements q_e in a loop until it has the correct size. Observing the number of times q_e is decremented through a control-flow revealing side-channel reveals a bias in the most significant bits of k. Depending on the curve this is either a negligible bias or a significant bias large enough to reconstruct k with lattice reduction methods. For SECP160R1, e.g., we find a bias of 15 bits. | |||||
| CVE-2025-47334 | 1 Qualcomm | 292 Csra6620, Csra6620 Firmware, Csra6640 and 289 more | 2026-01-27 | N/A | 6.7 MEDIUM |
| Memory corruption while processing shared command buffer packet between camera userspace and kernel. | |||||
| CVE-2025-47335 | 1 Qualcomm | 90 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 87 more | 2026-01-27 | N/A | 6.7 MEDIUM |
| Memory corruption while parsing clock configuration data for a specific hardware type. | |||||
| CVE-2025-47336 | 1 Qualcomm | 36 Fastconnect 7800, Fastconnect 7800 Firmware, Qmp1000 and 33 more | 2026-01-27 | N/A | 6.7 MEDIUM |
| Memory corruption while performing sensor register read operations. | |||||
| CVE-2025-47337 | 1 Qualcomm | 128 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 125 more | 2026-01-27 | N/A | 6.7 MEDIUM |
| Memory corruption while accessing a synchronization object during concurrent operations. | |||||
| CVE-2025-66518 | 1 Apache | 1 Kyuubi | 2026-01-27 | N/A | 8.8 HIGH |
| Any client who can access to Apache Kyuubi Server via Kyuubi frontend protocols can bypass server-side config kyuubi.session.local.dir.allow.list and use local files which are not listed in the config. This issue affects Apache Kyuubi: from 1.6.0 through 1.10.2. Users are recommended to upgrade to version 1.10.3 or upper, which fixes the issue. | |||||
| CVE-2025-14017 | 1 Haxx | 1 Curl | 2026-01-27 | N/A | 6.3 MEDIUM |
| When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well. | |||||
| CVE-2025-47339 | 1 Qualcomm | 370 Ar8035, Ar8035 Firmware, Ar9380 and 367 more | 2026-01-27 | N/A | 7.8 HIGH |
| Memory corruption while deinitializing a HDCP session. | |||||
| CVE-2025-47344 | 1 Qualcomm | 164 Csra6620, Csra6620 Firmware, Csra6640 and 161 more | 2026-01-27 | N/A | 6.7 MEDIUM |
| Memory corruption while handling sensor utility operations. | |||||
| CVE-2025-47345 | 1 Qualcomm | 210 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 207 more | 2026-01-27 | N/A | 8.4 HIGH |
| Cryptographic issue may occur while encrypting license data. | |||||