Export limit exceeded: 339825 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (339825 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-26050 | 1 Ricoh | 1 Jobblogging Aggregation Tool | 2026-02-23 | N/A |
| The installer for ジョブログ集計/分析ソフトウェア RICOHジョブログ集計ツール versions prior to Ver.1.3.7 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrative privileges. | ||||
| CVE-2026-21620 | 1 Erlang | 3 Erlang/otp, Erlang\/otp, Otp | 2026-02-23 | 4.2 Medium |
| Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp (tftp_file modules), erlang otp inets (tftp_file modules), erlang otp tftp (tftp_file modules) allows Relative Path Traversal. This vulnerability is associated with program files lib/tftp/src/tftp_file.erl, src/tftp_file.erl. This issue affects otp: from 17.0, from 07b8f441ca711f9812fad9e9115bab3c3aa92f79; otp: from 5.10 before 7.0; otp: from 1.0. | ||||
| CVE-2026-2486 | 2 Litonice13, Wordpress | 2 Master Addons For Elementor – White Label, Free Widgets, Hover Effects, Conditions, & Animations, Wordpress | 2026-02-23 | 6.4 Medium |
| The Master Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ma_el_bh_table_btn_text' parameter in versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-10970 | 1 Kolay Software Inc. | 1 Talentics | 2026-02-23 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kolay Software Inc. Talentics allows Blind SQL Injection.This issue affects Talentics: through 20022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-14547 | 1 Silabs | 2 Gecko Sdk, Simplicity Sdk | 2026-02-23 | N/A |
| An integer underflow vulnerability is present in Silicon Lab’s implementation of PSA Crypto and SE Manager EC-JPAKE APIs during ZKP parsing. Triggering the underflow can lead to a hard fault, causing a temporary denial of service. | ||||
| CVE-2026-21627 | 1 Tassos.gr | 6 Advanced Custom Fields, Convert Forms, Engagebox and 3 more | 2026-02-23 | N/A |
| The vulnerability was rooted in how the Tassos Framework plugin handled specific AJAX requests through Joomla’s com_ajax entry point. Under certain conditions, internal framework functionality could be invoked without proper restriction. | ||||
| CVE-2025-14055 | 1 Silabs | 1 Simplicity Sdk | 2026-02-23 | N/A |
| An integer underflow vulnerability in Silicon Labs Secure NCP host implementation allows a buffer overread via a specially crafted packet. | ||||
| CVE-2025-52603 | 1 Hcltech | 1 Connections | 2026-02-23 | 3.5 Low |
| HCL Connections is vulnerable to information disclosure. In a very specific user navigation scenario, this could allow a user to obtain limited information when a single piece of internal metadata is returned in the browser. | ||||
| CVE-2026-20761 | 1 Enocean Edge | 1 Smartserver Iot | 2026-02-23 | 8.1 High |
| A vulnerability exists in EnOcean SmartServer IoT version 4.60.009 and prior, which would allow remote attackers, in the LON IP-852 management messages, to send specially crafted IP-852 messages resulting in arbitrary OS command execution on the device. | ||||
| CVE-2026-22885 | 1 Enocean Edge | 1 Smartserver Iot | 2026-02-23 | 3.7 Low |
| A vulnerability exists in EnOcean SmartServer IoT version 4.60.009 and prior, which would allow remote attackers, in the LON IP-852 management messages, to send specially crafted IP-852 messages resulting in a memory leak from the program's memory. | ||||
| CVE-2026-20141 | 1 Splunk | 2 Splunk, Splunk Enterprise | 2026-02-23 | 4.3 Medium |
| In Splunk Enterprise versions below 10.0.2, 10.0.3, 9.4.8, and 9.3.9, a low-privileged user who does not hold the "admin" Splunk role could access the Splunk Monitoring Console App endpoints due to an improper access control. This could lead to a sensitive information disclosure.<br><br>The Monitoring Console app is a bundled app that comes with Splunk Enterprise. It is not available for download on SplunkBase, and is not installed on Splunk Cloud Platform instances. This vulnerability does not affect [Cloud Monitoring Console](https://help.splunk.com/en/splunk-cloud-platform/administer/admin-manual/10.2.2510/monitor-your-splunk-cloud-platform-deployment/introduction-to-the-cloud-monitoring-console). | ||||
| CVE-2026-22362 | 2 Axiomthemes, Wordpress | 2 Photolia, Wordpress | 2026-02-23 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Photolia photolia allows PHP Local File Inclusion.This issue affects Photolia: from n/a through <= 1.0.3. | ||||
| CVE-2026-22364 | 2 Axiomthemes, Wordpress | 2 Seventrees, Wordpress | 2026-02-23 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes SevenTrees seventrees allows PHP Local File Inclusion.This issue affects SevenTrees: from n/a through <=1.0.2. | ||||
| CVE-2026-22366 | 2 Axiomthemes, Wordpress | 2 Jude, Wordpress | 2026-02-23 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Jude jude allows PHP Local File Inclusion.This issue affects Jude: from n/a through <= 1.3.0. | ||||
| CVE-2026-22368 | 2 Axiomthemes, Wordpress | 2 Redy, Wordpress | 2026-02-23 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Redy redy allows PHP Local File Inclusion.This issue affects Redy: from n/a through <= 1.0.2. | ||||
| CVE-2026-22370 | 2 Axiomthemes, Wordpress | 2 Marveland, Wordpress | 2026-02-23 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Marveland marveland allows PHP Local File Inclusion.This issue affects Marveland: from n/a through <= 1.3.0. | ||||
| CVE-2026-22372 | 2 Ancorathemes, Wordpress | 2 Isida, Wordpress | 2026-02-23 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Isida isida allows PHP Local File Inclusion.This issue affects Isida: from n/a through <= 1.4.2. | ||||
| CVE-2026-22374 | 2 Ancorathemes, Wordpress | 2 Zio Alberto, Wordpress | 2026-02-23 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Zio Alberto zioalberto allows PHP Local File Inclusion.This issue affects Zio Alberto: from n/a through <= 1.2.2. | ||||
| CVE-2026-22376 | 2 Ancorathemes, Wordpress | 2 Parkivia, Wordpress | 2026-02-23 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Parkivia parkivia allows PHP Local File Inclusion.This issue affects Parkivia: from n/a through <= 1.1.9. | ||||
| CVE-2026-22378 | 2 Ancorathemes, Wordpress | 2 Blabber, Wordpress | 2026-02-23 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Blabber blabber allows PHP Local File Inclusion.This issue affects Blabber: from n/a through <= 1.7.0. | ||||