Total
332513 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-47254 | 1 Linux | 1 Linux Kernel | 2026-01-27 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix use-after-free in gfs2_glock_shrink_scan The GLF_LRU flag is checked under lru_lock in gfs2_glock_remove_from_lru() to remove the glock from the lru list in __gfs2_glock_put(). On the shrink scan path, the same flag is cleared under lru_lock but because of cond_resched_lock(&lru_lock) in gfs2_dispose_glock_lru(), progress on the put side can be made without deleting the glock from the lru list. Keep GLF_LRU across the race window opened by cond_resched_lock(&lru_lock) to ensure correct behavior on both sides - clear GLF_LRU after list_del under lru_lock. | |||||
| CVE-2025-47321 | 1 Qualcomm | 230 Ar8031, Ar8031 Firmware, Ar8035 and 227 more | 2026-01-27 | N/A | 7.8 HIGH |
| Memory corruption while copying packets received from unix clients. | |||||
| CVE-2025-8113 | 1 Shopfiles | 1 Ebook Store | 2026-01-27 | N/A | 6.1 MEDIUM |
| The Ebook Store WordPress plugin before 5.8015 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers. | |||||
| CVE-2025-47356 | 1 Qualcomm | 38 Cologne, Cologne Firmware, Fastconnect 6900 and 35 more | 2026-01-27 | N/A | 7.8 HIGH |
| Memory Corruption when multiple threads concurrently access and modify shared resources. | |||||
| CVE-2025-8098 | 1 Lenovo | 1 Pcmanager | 2026-01-27 | N/A | 7.8 HIGH |
| An improper permission vulnerability was reported in Lenovo PC Manager that could allow a local attacker to escalate privileges. | |||||
| CVE-2025-47369 | 1 Qualcomm | 350 Ar8035, Ar8035 Firmware, Csra6620 and 347 more | 2026-01-27 | N/A | 5.5 MEDIUM |
| Information disclosure when a weak hashed value is returned to userland code in response to a IOCTL call to obtain a session ID. | |||||
| CVE-2025-5115 | 1 Eclipse | 1 Jetty | 2026-01-27 | N/A | 7.5 HIGH |
| In Eclipse Jetty, versions <=9.4.57, <=10.0.25, <=11.0.25, <=12.0.21, <=12.1.0.alpha2, an HTTP/2 client may trigger the server to send RST_STREAM frames, for example by sending frames that are malformed or that should not be sent in a particular stream state, therefore forcing the server to consume resources such as CPU and memory. For example, a client can open a stream and then send WINDOW_UPDATE frames with window size increment of 0, which is illegal. Per specification https://www.rfc-editor.org/rfc/rfc9113.html#name-window_update , the server should send a RST_STREAM frame. The client can now open another stream and send another bad WINDOW_UPDATE, therefore causing the server to consume more resources than necessary, as this case does not exceed the max number of concurrent streams, yet the client is able to create an enormous amount of streams in a short period of time. The attack can be performed with other conditions (for example, a DATA frame for a closed stream) that cause the server to send a RST_STREAM frame. Links: * https://github.com/jetty/jetty.project/security/advisories/GHSA-mmxm-8w33-wc4h | |||||
| CVE-2025-47380 | 1 Qualcomm | 28 Fastconnect 7800, Fastconnect 7800 Firmware, Qcc2072 and 25 more | 2026-01-27 | N/A | 7.8 HIGH |
| Memory corruption while preprocessing IOCTLs in sensors. | |||||
| CVE-2025-47388 | 1 Qualcomm | 90 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 87 more | 2026-01-27 | N/A | 7.8 HIGH |
| Memory corruption while passing pages to DSP with an unaligned starting address. | |||||
| CVE-2025-47393 | 1 Qualcomm | 36 Qam8255p, Qam8255p Firmware, Qam8650p and 33 more | 2026-01-27 | N/A | 7.8 HIGH |
| Memory corruption when accessing resources in kernel driver. | |||||
| CVE-2025-47394 | 1 Qualcomm | 90 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 87 more | 2026-01-27 | N/A | 7.8 HIGH |
| Memory corruption when copying overlapping buffers during memory operations due to incorrect offset calculations. | |||||
| CVE-2026-22411 | 2026-01-27 | N/A | 5.4 MEDIUM | ||
| Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Dolcino dolcino allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dolcino: from n/a through <= 1.6. | |||||
| CVE-2026-22409 | 2026-01-27 | N/A | 5.4 MEDIUM | ||
| Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Justicia justicia allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Justicia: from n/a through <= 1.2. | |||||
| CVE-2026-22407 | 2026-01-27 | N/A | 5.4 MEDIUM | ||
| Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Roam roam allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Roam: from n/a through <= 2.1.1. | |||||
| CVE-2026-22406 | 2026-01-27 | N/A | 5.4 MEDIUM | ||
| Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Overton overton allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Overton: from n/a through <= 1.3. | |||||
| CVE-2026-22391 | 2026-01-27 | N/A | 5.4 MEDIUM | ||
| Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Cocco cocco allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cocco: from n/a through <= 1.5.1. | |||||
| CVE-2026-22358 | 2026-01-27 | N/A | 5.4 MEDIUM | ||
| Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Electrician - Electrical Service WordPress electrician allows Server Side Request Forgery.This issue affects Electrician - Electrical Service WordPress: from n/a through <= 5.6. | |||||
| CVE-2026-22348 | 2026-01-27 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Tasos Fel Civic Cookie Control civic-cookie-control-8 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Civic Cookie Control: from n/a through <= 1.53. | |||||
| CVE-2025-47395 | 1 Qualcomm | 2 Wcn7861, Wcn7861 Firmware | 2026-01-27 | N/A | 6.5 MEDIUM |
| Transient DOS while parsing a WLAN management frame with a Vendor Specific Information Element. | |||||
| CVE-2025-69319 | 2026-01-27 | N/A | 7.5 HIGH | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in Beaver Builder Beaver Builder beaver-builder-lite-version allows Code Injection.This issue affects Beaver Builder: from n/a through <= 2.9.4.1. | |||||