Total
332627 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-49197 | 1 Sick | 1 Media Server | 2026-01-26 | N/A | 6.5 MEDIUM |
| The application uses a weak password hash function, allowing an attacker to crack the weak password hash to gain access to an FTP user account. | |||||
| CVE-2025-49198 | 1 Sick | 1 Media Server | 2026-01-26 | N/A | 3.1 LOW |
| The Media Server’s authorization tokens have a poor quality of randomness. An attacker may be able to guess the token of an active user by computing plausible tokens. | |||||
| CVE-2025-49199 | 1 Sick | 1 Field Analytics | 2026-01-26 | N/A | 8.8 HIGH |
| The backup ZIPs are not signed by the application, leading to the possibility that an attacker can download a backup ZIP, modify and re-upload it. This allows the attacker to disrupt the application by configuring the services in a way that they are unable to run, making the application unusable. They can redirect traffic that is meant to be internal to their own hosted services and gathering information. | |||||
| CVE-2025-49200 | 1 Sick | 1 Field Analytics | 2026-01-26 | N/A | 6.5 MEDIUM |
| The created backup files are unencrypted, making the application vulnerable for gathering sensitive information by downloading and decompressing the backup files. | |||||
| CVE-2026-24551 | 2026-01-26 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in monetagwp Monetag Official Plugin monetag-official allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Monetag Official Plugin: from n/a through <= 1.1.3. | |||||
| CVE-2026-24548 | 2026-01-26 | N/A | 5.3 MEDIUM | ||
| Server-Side Request Forgery (SSRF) vulnerability in Prince Radio Player radio-player allows Server Side Request Forgery.This issue affects Radio Player: from n/a through <= 2.0.91. | |||||
| CVE-2026-24380 | 2026-01-26 | N/A | 8.8 HIGH | ||
| Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through <= 4.2.8.0. | |||||
| CVE-2026-24379 | 2026-01-26 | N/A | 9.1 CRITICAL | ||
| Authorization Bypass Through User-Controlled Key vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Portal: from n/a through <= 2.4.3. | |||||
| CVE-2026-24377 | 2026-01-26 | N/A | 7.5 HIGH | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Retrieve Embedded Sensitive Data.This issue affects Nexter Blocks: from n/a through <= 4.6.3. | |||||
| CVE-2026-24371 | 2026-01-26 | N/A | 9.8 CRITICAL | ||
| Missing Authorization vulnerability in bookingalgorithms BA Book Everything ba-book-everything allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BA Book Everything: from n/a through <= 1.8.16. | |||||
| CVE-2026-24368 | 2026-01-26 | N/A | 8.8 HIGH | ||
| Missing Authorization vulnerability in Theme-one The Grid the-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Grid: from n/a through < 2.8.0. | |||||
| CVE-2026-24358 | 2026-01-26 | N/A | 8.8 HIGH | ||
| Missing Authorization vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through <= 10.3.3. | |||||
| CVE-2026-24357 | 2026-01-26 | N/A | 8.1 HIGH | ||
| Missing Authorization vulnerability in Brecht WP Recipe Maker wp-recipe-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Recipe Maker: from n/a through <= 10.2.4. | |||||
| CVE-2026-24356 | 2026-01-26 | N/A | 8.8 HIGH | ||
| Missing Authorization vulnerability in Roxnor GetGenie getgenie allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GetGenie: from n/a through <= 4.3.0. | |||||
| CVE-2026-24353 | 2026-01-26 | N/A | 8.1 HIGH | ||
| Missing Authorization vulnerability in wpeverest User Registration user-registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through <= 4.4.9. | |||||
| CVE-2026-23978 | 2026-01-26 | N/A | 9.8 CRITICAL | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Softwebmedia Gyan Elements gyan-elements allows PHP Local File Inclusion.This issue affects Gyan Elements: from n/a through <= 2.2.1. | |||||
| CVE-2026-23975 | 2026-01-26 | N/A | 9.8 CRITICAL | ||
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxper Golo golo allows PHP Local File Inclusion.This issue affects Golo: from n/a through < 1.7.5. | |||||
| CVE-2026-23974 | 2026-01-26 | N/A | 8.8 HIGH | ||
| Missing Authorization vulnerability in uxper Golo golo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Golo: from n/a through < 1.7.5. | |||||
| CVE-2026-22482 | 2026-01-26 | N/A | 9.1 CRITICAL | ||
| Server-Side Request Forgery (SSRF) vulnerability in wbolt.com IMGspider imgspider allows Server Side Request Forgery.This issue affects IMGspider: from n/a through <= 2.3.12. | |||||
| CVE-2026-22472 | 2026-01-26 | N/A | 8.8 HIGH | ||
| Missing Authorization vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form Builder: from n/a through <= 3.9.6. | |||||