Export limit exceeded: 334651 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (334651 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-68539 | 2 Thembay, Wordpress | 2 Fana, Wordpress | 2026-02-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Fana fana allows PHP Local File Inclusion.This issue affects Fana: from n/a through <= 1.1.35. | ||||
| CVE-2025-68536 | 2 Thembay, Wordpress | 2 Zota, Wordpress | 2026-02-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Zota zota allows PHP Local File Inclusion.This issue affects Zota: from n/a through <= 1.3.14. | ||||
| CVE-2025-68526 | 2 A Wp Life, Wordpress | 2 Modal Popup Box, Wordpress | 2026-02-24 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in A WP Life Modal Popup Box modal-popup-box allows Object Injection.This issue affects Modal Popup Box: from n/a through <= 1.6.1. | ||||
| CVE-2025-67996 | 2 Boldthemes, Wordpress | 2 Nestin, Wordpress | 2026-02-24 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in BoldThemes Nestin nestin allows Object Injection.This issue affects Nestin: from n/a through < 1.2.6. | ||||
| CVE-2025-67995 | 2 Loftocean, Wordpress | 2 Patiotime, Wordpress | 2026-02-24 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in LoftOcean PatioTime patiotime allows Object Injection.This issue affects PatioTime: from n/a through < 2.1. | ||||
| CVE-2025-67992 | 2 Loftocean, Wordpress | 2 Patiotime, Wordpress | 2026-02-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LoftOcean PatioTime patiotime allows PHP Local File Inclusion.This issue affects PatioTime: from n/a through < 2.1. | ||||
| CVE-2025-67988 | 2 Loftocean, Wordpress | 2 Cozystay, Wordpress | 2026-02-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LoftOcean CozyStay cozystay allows PHP Local File Inclusion.This issue affects CozyStay: from n/a through < 1.9.1. | ||||
| CVE-2025-67982 | 2 Thembay, Wordpress | 2 Urna, Wordpress | 2026-02-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Urna urna allows PHP Local File Inclusion.This issue affects Urna: from n/a through <= 2.5.12. | ||||
| CVE-2025-67981 | 2 Thembay, Wordpress | 2 Besa, Wordpress | 2026-02-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Besa besa allows PHP Local File Inclusion.This issue affects Besa: from n/a through <= 2.3.15. | ||||
| CVE-2025-67980 | 2 Thembay, Wordpress | 2 Hara, Wordpress | 2026-02-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Hara hara allows PHP Local File Inclusion.This issue affects Hara: from n/a through <= 1.2.17. | ||||
| CVE-2025-60087 | 2 Nenad-obradovic, Wordpress | 2 Extensive Vc Addons For Wpbakery Page Builder, Wordpress | 2026-02-24 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Nenad Obradovic Extensive VC Addons for WPBakery page builder extensive-vc-addon allows PHP Local File Inclusion.This issue affects Extensive VC Addons for WPBakery page builder: from n/a through <= 1.9.1. | ||||
| CVE-2019-25294 | 1 Lolypop55 | 1 Html5 Snmp | 2026-02-24 | 6.4 Medium |
| html5_snmp 1.11 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through the 'Remark' parameter in add_router_operation.php. Attackers can craft a POST request with a script payload in the Remark field to execute arbitrary JavaScript in victim browsers when the page is loaded. | ||||
| CVE-2019-25298 | 1 Lolypop55 | 1 Html5 Snmp | 2026-02-24 | 7.1 High |
| html5_snmp 1.11 contains multiple SQL injection vulnerabilities that allow attackers to manipulate database queries through Router_ID and Router_IP parameters. Attackers can exploit error-based, time-based, and union-based injection techniques to potentially extract or modify database information by sending crafted payloads. | ||||
| CVE-2026-25556 | 1 Artifex | 1 Mupdf | 2026-02-24 | 7.5 High |
| MuPDF versions 1.23.0 through 1.27.0 contain a double-free vulnerability in fz_fill_pixmap_from_display_list() when an exception occurs during display list rendering. The function accepts a caller-owned fz_pixmap pointer but incorrectly drops the pixmap in its error handling path before rethrowing the exception. Callers (including the barcode decoding path in fz_decode_barcode_from_display_list) also drop the same pixmap in cleanup, resulting in a double-free that can corrupt the heap and crash the process. This issue affects applications that enable and use MuPDF barcode decoding and can be triggered by processing crafted input that causes a rendering-time error while decoding barcodes. | ||||
| CVE-2026-3067 | 1 Hummerrisk | 1 Hummerrisk | 2026-02-24 | 6.3 Medium |
| A vulnerability has been found in HummerRisk up to 1.5.0. This issue affects the function extractTarGZ/extractZip of the file hummer-common/hummer-common-core/src/main/java/com/hummer/common/core/utils/CommandUtils.java of the component Archive Extraction. The manipulation leads to path traversal. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-3066 | 1 Hummerrisk | 1 Hummerrisk | 2026-02-24 | 6.3 Medium |
| A flaw has been found in HummerRisk up to 1.5.0. This vulnerability affects the function fixedCommand of the file hummer-common/hummer-common-core/src/main/java/com/hummer/common/core/utils/PlatformUtils.java of the component Cloud Compliance Scanning. Executing a manipulation can lead to command injection. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-3065 | 1 Hummerrisk | 1 Hummerrisk | 2026-02-24 | 6.3 Medium |
| A vulnerability was detected in HummerRisk up to 1.5.0. This affects the function CommandUtils.commonExecCmdWithResult of the file CloudTaskService.java of the component Cloud Task Dry-run. Performing a manipulation of the argument fileName results in command injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-3064 | 1 Hummerrisk | 1 Hummerrisk | 2026-02-24 | 6.3 Medium |
| A security vulnerability has been detected in HummerRisk up to 1.5.0. Affected by this issue is some unknown functionality of the file ResourceCreateService.java of the component Cloud Task Scheduler. Such manipulation of the argument regionId leads to command injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-56373 | 1 Apache | 1 Airflow | 2026-02-24 | 8.4 High |
| DAG Author (who already has quite a lot of permissions) could manipulate database of Airflow 2 in the way to execute arbitrary code in the web-server context, which they should normally not be able to do, leading to potentially remote code execution in the context of web-server (server-side) as a result of a user viewing historical task information. The functionality responsible for that (log template history) has been disabled by default in 2.11.1 and users should upgrade to Airflow 3 if they want to continue to use log template history. They can also manually modify historical log file names if they want to see historical logs that were generated before the last log template change. | ||||
| CVE-2025-27555 | 1 Apache | 1 Airflow | 2026-02-24 | 6.5 Medium |
| Airflow versions before 2.11.1 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive connection parameters were set via airflow CLI, values of those variables appeared in the audit log and were stored unencrypted in the Airflow database. While this risk is limited to users with audit log access, it is recommended to upgrade to Airflow 2.11.1 or a later version, which addresses this issue. Users who previously used the CLI to set connections should manually delete entries with those connection sensitive values from the log table. This is similar but not the same issue as CVE-2024-50378 | ||||