Total
332499 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-44238 | 1 Apple | 2 Ipados, Iphone Os | 2026-01-27 | N/A | 7.8 HIGH |
| The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An app may be able to corrupt coprocessor memory. | |||||
| CVE-2024-44210 | 1 Apple | 1 Macos | 2026-01-27 | N/A | 3.3 LOW |
| This issue was addressed with improved permissions checking. This issue is fixed in macOS Sequoia 15.1. An app may be able to access user-sensitive data. | |||||
| CVE-2025-67146 | 1 Abhishekmali21 | 1 Gym Management System | 2026-01-27 | N/A | 9.4 CRITICAL |
| Multiple SQL Injection vulnerabilities exist in AbhishekMali21 GYM-MANAGEMENT-SYSTEM 1.0 via the 'name' parameter in (1) member_search.php, (2) trainer_search.php, and (3) gym_search.php, and via the 'id' parameter in (4) payment_search.php. An unauthenticated remote attacker can exploit these issues to inject malicious SQL commands, leading to unauthorized data extraction, authentication bypass, or modification of database contents. | |||||
| CVE-2025-31186 | 1 Apple | 1 Xcode | 2026-01-27 | N/A | 3.3 LOW |
| A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 16.3. An app may be able to bypass Privacy preferences. | |||||
| CVE-2025-43508 | 1 Apple | 1 Macos | 2026-01-27 | N/A | 5.5 MEDIUM |
| A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data. | |||||
| CVE-2025-48647 | 1 Google | 1 Android | 2026-01-27 | N/A | 7.8 HIGH |
| In cpm_fwtp_msg_handler of cpm/google/lib/tracepoint/cpm_fwtp_ipc.c, there is a possible memory overwrite due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2026-0492 | 1 Sap | 1 Hana Database | 2026-01-27 | N/A | 8.8 HIGH |
| SAP HANA database is vulnerable to privilege escalation allowing an attacker with valid credentials of any user to switch to another user potentially gaining administrative access. This exploit could result in a total compromise of the system�s confidentiality, integrity, and availability. | |||||
| CVE-2026-20613 | 1 Apple | 2 Container, Containerization | 2026-01-27 | N/A | 7.8 HIGH |
| The ArchiveReader.extractContents() function used by cctl image load and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or maliciously constructed archive can extract a file into any user-writable location on the system using relative pathnames. This issue is addressed in container 0.8.0 and containerization 0.21.0. | |||||
| CVE-2026-24620 | 2026-01-27 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PluginOps Landing Page Builder page-builder-add allows Stored XSS.This issue affects Landing Page Builder: from n/a through <= 1.5.3.3. | |||||
| CVE-2026-24584 | 2026-01-27 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Tutor LMS BunnyNet Integration tutor-lms-bunnynet-integration allows DOM-Based XSS.This issue affects Tutor LMS BunnyNet Integration: from n/a through <= 1.0.0. | |||||
| CVE-2026-24542 | 2026-01-27 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in John James Jacoby WP Term Order wp-term-order allows Cross Site Request Forgery.This issue affects WP Term Order: from n/a through <= 2.1.0. | |||||
| CVE-2026-24526 | 2026-01-27 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Steve Truman Email Inquiry & Cart Options for WooCommerce woocommerce-email-inquiry-cart-options allows DOM-Based XSS.This issue affects Email Inquiry & Cart Options for WooCommerce: from n/a through <= 3.4.3. | |||||
| CVE-2026-24521 | 2026-01-27 | N/A | 4.3 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Timur Kamaev Kama Thumbnail kama-thumbnail allows Cross Site Request Forgery.This issue affects Kama Thumbnail: from n/a through <= 3.5.1. | |||||
| CVE-2026-22388 | 2026-01-27 | N/A | 5.9 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Imran Emu Owl Carousel WP owl-carousel-wp allows Stored XSS.This issue affects Owl Carousel WP: from n/a through <= 2.2.2. | |||||
| CVE-2026-22382 | 2026-01-27 | N/A | 5.4 MEDIUM | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Mikado-Themes PawFriends - Pet Shop and Veterinary WordPress Theme pawfriends allows Cross Site Request Forgery.This issue affects PawFriends - Pet Shop and Veterinary WordPress Theme: from n/a through <= 1.3. | |||||
| CVE-2025-70368 | 2026-01-27 | N/A | 5.4 MEDIUM | ||
| Worklenz version 2.1.5 contains a Stored Cross-Site Scripting (XSS) vulnerability in the Project Updates feature. An attacker can submit a malicious payload in the Updates text field which is then rendered in the reporting view without proper sanitization. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2025-69184 | 2026-01-27 | N/A | 7.3 HIGH | ||
| Missing Authorization vulnerability in e-plugins Institutions Directory institutions-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Institutions Directory: from n/a through <= 1.3.4. | |||||
| CVE-2024-50571 | 1 Fortinet | 6 Fortianalyzer, Fortianalyzer Cloud, Fortimanager and 3 more | 2026-01-27 | N/A | 7.2 HIGH |
| A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.2, FortiAnalyzer 7.4.0 through 7.4.5, FortiAnalyzer 7.2.0 through 7.2.9, FortiAnalyzer 7.0.0 through 7.0.13, FortiAnalyzer 6.4 all versions, FortiAnalyzer 6.2 all versions, FortiAnalyzer 6.0 all versions, FortiAnalyzer Cloud 7.4.1 through 7.4.5, FortiAnalyzer Cloud 7.2.1 through 7.2.9, FortiAnalyzer Cloud 7.0.1 through 7.0.13, FortiAnalyzer Cloud 6.4 all versions, FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.0 through 7.4.5, FortiManager 7.2.0 through 7.2.9, FortiManager 7.0.0 through 7.0.13, FortiManager 6.4 all versions, FortiManager 6.2 all versions, FortiManager 6.0 all versions, FortiManager Cloud 7.6.2, FortiManager Cloud 7.4.1 through 7.4.5, FortiManager Cloud 7.2.1 through 7.2.9, FortiManager Cloud 7.0.1 through 7.0.13, FortiManager Cloud 6.4 all versions, FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4.0 through 6.4.15, FortiOS 6.2 all versions, FortiProxy 7.6.0 through 7.6.1, FortiProxy 7.4.0 through 7.4.7, FortiProxy 7.2.0 through 7.2.12, FortiProxy 7.0.0 through 7.0.19, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions allows attacker to execute unauthorized code or commands via specifically crafted requests. | |||||
| CVE-2025-47906 | 1 Golang | 1 Go | 2026-01-27 | N/A | 6.5 MEDIUM |
| If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath ("", ".", and ".."), can result in the binaries listed in the PATH being unexpectedly returned. | |||||
| CVE-2025-60116 | 1 Themegoods | 1 Grand Conference | 2026-01-27 | N/A | 5.4 MEDIUM |
| Missing Authorization vulnerability in ThemeGoods Grand Conference Theme Custom Post Type allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Grand Conference Theme Custom Post Type: from n/a through 2.6.3. | |||||