Total
333807 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-39848 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-01-20 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: ax25: properly unshare skbs in ax25_kiss_rcv() Bernard Pidoux reported a regression apparently caused by commit c353e8983e0d ("net: introduce per netns packet chains"). skb->dev becomes NULL and we crash in __netif_receive_skb_core(). Before above commit, different kind of bugs or corruptions could happen without a major crash. But the root cause is that ax25_kiss_rcv() can queue/mangle input skb without checking if this skb is shared or not. Many thanks to Bernard Pidoux for his help, diagnosis and tests. We had a similar issue years ago fixed with commit 7aaed57c5c28 ("phonet: properly unshare skbs in phonet_rcv()"). | |||||
| CVE-2025-67575 | 2026-01-20 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Andrew Lima Sitewide Notice WP sitewide-notice-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sitewide Notice WP: from n/a through <= 2.4.1. | |||||
| CVE-2025-67574 | 2026-01-20 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in wpdevart Booking calendar, Appointment Booking System booking-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking calendar, Appointment Booking System: from n/a through <= 3.2.30. | |||||
| CVE-2025-67573 | 2026-01-20 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in ThimPress Sailing sailing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sailing: from n/a through < 4.4.6. | |||||
| CVE-2025-67572 | 2026-01-20 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in PenciDesign PenNews pennews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PenNews: from n/a through < 6.7.4. | |||||
| CVE-2025-67571 | 2026-01-20 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in WPFunnels WPFunnels wpfunnels allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPFunnels: from n/a through <= 3.6.2. | |||||
| CVE-2025-67570 | 2026-01-20 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in GSheetConnector by WesternDeal WPForms Google Sheet Connector gsheetconnector-wpforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPForms Google Sheet Connector: from n/a through <= 4.0.0. | |||||
| CVE-2025-67569 | 2026-01-20 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in scriptsbundle AdForest adforest allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AdForest: from n/a through <= 6.0.11. | |||||
| CVE-2025-67568 | 2026-01-20 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in xtemos Basel basel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Basel: from n/a through <= 5.9.1. | |||||
| CVE-2025-67567 | 2026-01-20 | N/A | 5.3 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in uixthemes Sober sober allows Retrieve Embedded Sensitive Data.This issue affects Sober: from n/a through <= 3.5.11. | |||||
| CVE-2025-67566 | 2026-01-20 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in WofficeIO Woffice Core woffice-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woffice Core: from n/a through <= 5.4.30. | |||||
| CVE-2025-67565 | 2026-01-20 | N/A | 5.3 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in sizam Rehub rehub-theme allows Retrieve Embedded Sensitive Data.This issue affects Rehub: from n/a through <= 19.9.9.1. | |||||
| CVE-2025-67564 | 2026-01-20 | N/A | 5.3 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in alekv Pixel Manager for WooCommerce woocommerce-google-adwords-conversion-tracking-tag allows Retrieve Embedded Sensitive Data.This issue affects Pixel Manager for WooCommerce: from n/a through <= 1.51.1. | |||||
| CVE-2025-67563 | 2026-01-20 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in Saad Iqbal Post SMTP post-smtp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post SMTP: from n/a through <= 3.6.1. | |||||
| CVE-2025-67562 | 2026-01-20 | N/A | 5.3 MEDIUM | ||
| Missing Authorization vulnerability in WebCodingPlace Image Caption Hover Pro image-caption-hover-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Caption Hover Pro: from n/a through < 20.0. | |||||
| CVE-2025-67561 | 2026-01-20 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in Oleksandr Lysyi Debug Log Viewer debug-log-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Debug Log Viewer: from n/a through <= 2.0.3. | |||||
| CVE-2025-67560 | 2026-01-20 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in Webilia Inc. Listdom listdom allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Listdom: from n/a through <= 5.0.1. | |||||
| CVE-2025-67559 | 1 Vcita | 1 Online Booking \& Scheduling Calendar | 2026-01-20 | N/A | 5.4 MEDIUM |
| Missing Authorization vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita meeting-scheduler-by-vcita allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through <= 4.5.5. | |||||
| CVE-2025-67558 | 2026-01-20 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jacques Malgrange Rencontre rencontre allows Stored XSS.This issue affects Rencontre: from n/a through <= 3.13.7. | |||||
| CVE-2025-67557 | 2026-01-20 | N/A | 6.5 MEDIUM | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rhys Wynne WP eBay Product Feeds ebay-feeds-for-wordpress allows Stored XSS.This issue affects WP eBay Product Feeds: from n/a through <= 3.4.9. | |||||