Total
333012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8455 | 2026-01-22 | N/A | N/A | ||
| Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used. | |||||
| CVE-2020-8454 | 2026-01-22 | N/A | N/A | ||
| Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used. | |||||
| CVE-2020-8453 | 2026-01-22 | N/A | N/A | ||
| Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used. | |||||
| CVE-2020-8452 | 2026-01-22 | N/A | N/A | ||
| Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used. | |||||
| CVE-2020-8451 | 2026-01-22 | N/A | N/A | ||
| Rejected reason: The reserved CVE was never used. | |||||
| CVE-2025-7425 | 2026-01-22 | N/A | 7.8 HIGH | ||
| A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption. | |||||
| CVE-2025-6020 | 2026-01-22 | N/A | 7.8 HIGH | ||
| A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions. | |||||
| CVE-2025-49796 | 2026-01-22 | N/A | 9.1 CRITICAL | ||
| A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory. | |||||
| CVE-2025-49794 | 2026-01-22 | N/A | 9.1 CRITICAL | ||
| A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors. | |||||
| CVE-2025-13439 | 2026-01-22 | N/A | 5.9 MEDIUM | ||
| The Fancy Product Designer plugin for WordPress is vulnerable to Information Disclosure and PHAR Deserialization in all versions up to, and including, 6.4.8. This is due to insufficient validation of user-supplied input in the 'url' parameter of the 'fpd_custom_uplod_file' AJAX action, which flows directly into the 'getimagesize' function without sanitization. This makes it possible for unauthenticated attackers to read arbitrary sensitive files from the server, including wp-config.php. | |||||
| CVE-2023-53894 | 1 Dulldusk | 1 Phpfilemanager | 2026-01-21 | N/A | 9.8 CRITICAL |
| phpfm 1.7.9 contains an authentication bypass vulnerability that allows attackers to log in by exploiting loose type comparison in password hash validation. Attackers can craft specific password hashes beginning with 0e or 00e to bypass authentication and upload malicious PHP files to the server. | |||||
| CVE-2021-47780 | 1 Macro-expert | 1 Macro Expert | 2026-01-21 | N/A | 7.8 HIGH |
| Macro Expert 4.7 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the improperly configured service path to inject malicious executables that will be run with LocalSystem permissions during service startup. | |||||
| CVE-2021-47805 | 1 Flexense | 1 Disksavvy | 2026-01-21 | N/A | 7.8 HIGH |
| Disk Savvy 13.6.14 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in service binaries to inject malicious executables that will be run with elevated LocalSystem privileges. | |||||
| CVE-2025-66686 | 1 Grabaperch | 1 Perch | 2026-01-21 | N/A | 6.1 MEDIUM |
| A stored Cross-Site Scripting (XSS) vulnerability exists in Perch CMS version 3.2. An authenticated attacker with administrative privileges can inject malicious JavaScript code into the “Help button url” setting within the admin panel. The injected payload is stored and executed when any authenticated user clicks the Help button, potentially leading to session hijacking, information disclosure, privilege escalation, and unauthorized administrative actions. | |||||
| CVE-2025-66838 | 1 Softwareag | 1 Aris | 2026-01-21 | N/A | 6.5 MEDIUM |
| In Aris v10.0.23.0.3587512 and before, the file upload functionality does not enforce any rate limiting or throttling, allowing users to upload files at an unrestricted rate. An attacker can exploit this behavior to rapidly upload a large volume of files, potentially leading to resource exhaustion such as disk space depletion, increased server load, or degraded performance | |||||
| CVE-2025-66837 | 1 Softwareag | 1 Aris | 2026-01-21 | N/A | 6.8 MEDIUM |
| A file upload vulnerability in ARIS 10.0.23.0.3587512 allows attackers to execute arbitrary code via uploading a crafted PDF file/Malware | |||||
| CVE-2025-46070 | 1 Automai | 1 Botmanager | 2026-01-21 | N/A | 9.8 CRITICAL |
| An issue in Automai BotManager v.25.2.0 allows a remote attacker to execute arbitrary code via the BotManager.exe component | |||||
| CVE-2025-46068 | 1 Automai | 1 Director | 2026-01-21 | N/A | 8.8 HIGH |
| An issue in Automai Director v.25.2.0 allows a remote attacker to execute arbitrary code via the update mechanism | |||||
| CVE-2025-46067 | 1 Automai | 1 Director | 2026-01-21 | N/A | 8.2 HIGH |
| An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges and obtain sensitive information via a crafted js file | |||||
| CVE-2025-46066 | 1 Automai | 1 Director | 2026-01-21 | N/A | 9.9 CRITICAL |
| An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges | |||||