Total
332502 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-58587 | 1 Sick | 5 Baggage Analytics, Enterprise Analytics, Logistic Diagnostic Analytics and 2 more | 2026-01-27 | N/A | 6.5 MEDIUM |
| The application does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it possible for an attacker to guess user credentials. | |||||
| CVE-2025-58589 | 1 Sick | 4 Baggage Analytics, Logistic Diagnostic Analytics, Package Analytics and 1 more | 2026-01-27 | N/A | 2.7 LOW |
| When an error occurs in the application a full stacktrace is provided to the user. The stacktrace lists class and method names as well as other internal information. An attacker thus receives information about the technology used and the structure of the application. | |||||
| CVE-2025-58590 | 1 Sick | 4 Baggage Analytics, Logistic Diagnostic Analytics, Package Analytics and 1 more | 2026-01-27 | N/A | 6.5 MEDIUM |
| It's possible to brute force folders and files, what can be used by an attacker to steal sensitve information. | |||||
| CVE-2025-58591 | 1 Sick | 4 Baggage Analytics, Logistic Diagnostic Analytics, Package Analytics and 1 more | 2026-01-27 | N/A | 6.5 MEDIUM |
| A remote, unauthorized attacker can brute force folders and files and read them like private keys or configurations, making the application vulnerable for gathering sensitive information. | |||||
| CVE-2025-46818 | 1 Redis | 1 Redis | 2026-01-27 | N/A | 6.0 MEDIUM |
| Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate different LUA objects and potentially run their own code in the context of another user. The problem exists in all versions of Redis with LUA scripting. This issue is fixed in version 8.2.2. A workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing LUA scripts. This can be done using ACL to block a script by restricting both the EVAL and FUNCTION command families. | |||||
| CVE-2025-46819 | 1 Redis | 1 Redis | 2026-01-27 | N/A | 6.3 MEDIUM |
| Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted LUA script to read out-of-bound data or crash the server and subsequent denial of service. The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2. To workaround this issue without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to block a script by restricting both the EVAL and FUNCTION command families. | |||||
| CVE-2025-46817 | 1 Redis | 1 Redis | 2026-01-27 | N/A | 7.0 HIGH |
| Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to cause an integer overflow and potentially lead to remote code execution The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2. | |||||
| CVE-2021-47254 | 1 Linux | 1 Linux Kernel | 2026-01-27 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix use-after-free in gfs2_glock_shrink_scan The GLF_LRU flag is checked under lru_lock in gfs2_glock_remove_from_lru() to remove the glock from the lru list in __gfs2_glock_put(). On the shrink scan path, the same flag is cleared under lru_lock but because of cond_resched_lock(&lru_lock) in gfs2_dispose_glock_lru(), progress on the put side can be made without deleting the glock from the lru list. Keep GLF_LRU across the race window opened by cond_resched_lock(&lru_lock) to ensure correct behavior on both sides - clear GLF_LRU after list_del under lru_lock. | |||||
| CVE-2025-47321 | 1 Qualcomm | 230 Ar8031, Ar8031 Firmware, Ar8035 and 227 more | 2026-01-27 | N/A | 7.8 HIGH |
| Memory corruption while copying packets received from unix clients. | |||||
| CVE-2025-8113 | 1 Shopfiles | 1 Ebook Store | 2026-01-27 | N/A | 6.1 MEDIUM |
| The Ebook Store WordPress plugin before 5.8015 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers. | |||||
| CVE-2025-47356 | 1 Qualcomm | 38 Cologne, Cologne Firmware, Fastconnect 6900 and 35 more | 2026-01-27 | N/A | 7.8 HIGH |
| Memory Corruption when multiple threads concurrently access and modify shared resources. | |||||
| CVE-2025-8098 | 1 Lenovo | 1 Pcmanager | 2026-01-27 | N/A | 7.8 HIGH |
| An improper permission vulnerability was reported in Lenovo PC Manager that could allow a local attacker to escalate privileges. | |||||
| CVE-2025-47369 | 1 Qualcomm | 350 Ar8035, Ar8035 Firmware, Csra6620 and 347 more | 2026-01-27 | N/A | 5.5 MEDIUM |
| Information disclosure when a weak hashed value is returned to userland code in response to a IOCTL call to obtain a session ID. | |||||
| CVE-2025-5115 | 1 Eclipse | 1 Jetty | 2026-01-27 | N/A | 7.5 HIGH |
| In Eclipse Jetty, versions <=9.4.57, <=10.0.25, <=11.0.25, <=12.0.21, <=12.1.0.alpha2, an HTTP/2 client may trigger the server to send RST_STREAM frames, for example by sending frames that are malformed or that should not be sent in a particular stream state, therefore forcing the server to consume resources such as CPU and memory. For example, a client can open a stream and then send WINDOW_UPDATE frames with window size increment of 0, which is illegal. Per specification https://www.rfc-editor.org/rfc/rfc9113.html#name-window_update , the server should send a RST_STREAM frame. The client can now open another stream and send another bad WINDOW_UPDATE, therefore causing the server to consume more resources than necessary, as this case does not exceed the max number of concurrent streams, yet the client is able to create an enormous amount of streams in a short period of time. The attack can be performed with other conditions (for example, a DATA frame for a closed stream) that cause the server to send a RST_STREAM frame. Links: * https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h | |||||
| CVE-2025-47380 | 1 Qualcomm | 28 Fastconnect 7800, Fastconnect 7800 Firmware, Qcc2072 and 25 more | 2026-01-27 | N/A | 7.8 HIGH |
| Memory corruption while preprocessing IOCTLs in sensors. | |||||
| CVE-2025-47388 | 1 Qualcomm | 90 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 87 more | 2026-01-27 | N/A | 7.8 HIGH |
| Memory corruption while passing pages to DSP with an unaligned starting address. | |||||
| CVE-2025-47393 | 1 Qualcomm | 36 Qam8255p, Qam8255p Firmware, Qam8650p and 33 more | 2026-01-27 | N/A | 7.8 HIGH |
| Memory corruption when accessing resources in kernel driver. | |||||
| CVE-2025-47394 | 1 Qualcomm | 90 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 87 more | 2026-01-27 | N/A | 7.8 HIGH |
| Memory corruption when copying overlapping buffers during memory operations due to incorrect offset calculations. | |||||
| CVE-2026-22411 | 2026-01-27 | N/A | 5.4 MEDIUM | ||
| Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Dolcino dolcino allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dolcino: from n/a through <= 1.6. | |||||
| CVE-2026-22409 | 2026-01-27 | N/A | 5.4 MEDIUM | ||
| Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Justicia justicia allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Justicia: from n/a through <= 1.2. | |||||