Search
Search Results (330145 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-24867 | 2026-01-28 | N/A | ||
| Not used | ||||
| CVE-2026-24866 | 2026-01-28 | N/A | ||
| Not used | ||||
| CVE-2026-24865 | 2026-01-28 | N/A | ||
| Not used | ||||
| CVE-2026-24864 | 2026-01-28 | N/A | ||
| Not used | ||||
| CVE-2026-24863 | 2026-01-28 | N/A | ||
| Not used | ||||
| CVE-2026-24862 | 2026-01-28 | N/A | ||
| Not used | ||||
| CVE-2026-24861 | 2026-01-28 | N/A | ||
| Not used | ||||
| CVE-2026-24860 | 2026-01-28 | N/A | ||
| Not used | ||||
| CVE-2026-24859 | 2026-01-28 | N/A | ||
| Not used | ||||
| CVE-2025-43860 | 2 Open-emr, Openemr | 2 Openemr, Openemr | 2026-01-27 | 7.6 High |
| OpenEMR is a free and open source electronic health records and medical practice management application. A stored cross-site scripting (XSS) vulnerability in versions prior to 7.0.3.4 allows any authenticated user with patient creation and editing privileges to inject arbitrary JavaScript code into the system by entering malicious payloads in the (1) Text Box fields of Address, Address Line 2, Postal Code and City fields and (2) Drop Down menu options of Address Use, State and Country of the Additional Addresses section of the Contact tab in Patient Demographics. The injected script can execute in two scenarios: (1) dynamically during form input, and (2) when the form data is later loaded for editing. Version 7.0.3.4 contains a patch for the issue. | ||||
| CVE-2026-24793 | 1 Azerothcore | 1 Wotlk | 2026-01-27 | N/A |
| Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in azerothcore azerothcore-wotlk (deps/zlib modules). This vulnerability is associated with program files inflate.C. This issue affects azerothcore-wotlk: through v4.0.0. | ||||
| CVE-2026-22481 | 1 Wordpress | 1 Wordpress | 2026-01-27 | 8.8 High |
| Missing Authorization vulnerability in Rasedul Haque Rumi BD Courier Order Ratio Checker bd-courier-order-ratio-checker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BD Courier Order Ratio Checker: from n/a through <= 2.0.1. | ||||
| CVE-2025-69190 | 1 Wordpress | 1 Wordpress | 2026-01-27 | 7.3 High |
| Missing Authorization vulnerability in e-plugins Listihub listihub allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Listihub: from n/a through <= 1.0.6. | ||||
| CVE-2025-69183 | 2 E-plugins, Wordpress | 2 Hospital & Doctor Directory, Wordpress | 2026-01-27 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in e-plugins Hospital Doctor Directory hospital-doctor-directory allows Privilege Escalation.This issue affects Hospital Doctor Directory: from n/a through <= 1.3.9. | ||||
| CVE-2025-69182 | 2 E-plugins, Wordpress | 2 Institutions Directory, Wordpress | 2026-01-27 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in e-plugins Institutions Directory institutions-directory allows Privilege Escalation.This issue affects Institutions Directory: from n/a through <= 1.3.4. | ||||
| CVE-2025-68899 | 2 Designthemes, Wordpress | 2 Vivagh, Wordpress | 2026-01-27 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in designthemes Vivagh vivagh allows Object Injection.This issue affects Vivagh: from n/a through <= 2.4. | ||||
| CVE-2025-68898 | 2 Cjjparadoxmax, Wordpress | 2 Synergy Project Manager, Wordpress | 2026-01-27 | 5.8 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cjjparadoxmax Synergy Project Manager synergy-project-manager allows Stored XSS.This issue affects Synergy Project Manager: from n/a through <= 1.5. | ||||
| CVE-2025-68896 | 1 Wordpress | 1 Wordpress | 2026-01-27 | 6.5 Medium |
| Missing Authorization vulnerability in vrpr WDV One Page Docs wdv-one-page-docs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WDV One Page Docs: from n/a through <= 1.2.4. | ||||
| CVE-2025-68894 | 1 Wordpress | 1 Wordpress | 2026-01-27 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shoutoutglobal ShoutOut shoutout allows Reflected XSS.This issue affects ShoutOut: from n/a through <= 4.0.2. | ||||
| CVE-2025-68884 | 1 Wordpress | 1 Wordpress | 2026-01-27 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arevico WP Simple Redirect wp-simple-redirect allows Reflected XSS.This issue affects WP Simple Redirect: from n/a through <= 1.1. | ||||