Deco.agency CVEs and Security Vulnerabilities

Search

Expected end of text, found '.' (at char 11), (line:1, col:12)

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (333343 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-6590	2 Mediawiki, Wikimedia	2 Mediawiki, Mediawiki	2026-02-04	N/A
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLUserTextField.Php. This issue affects MediaWiki: from * through 1.39.12, 1.42.76 1.43.1, 1.44.0.
CVE-2025-12680	1 Brocade	1 Sannav	2026-02-04	N/A
Brocade SANnav before Brocade SANnav 2.4.0b logs database passwords in clear text in the standby SANnav server, after disaster recovery failover. The vulnerability could allow a remote authenticated attacker with admin privilege able to access the SANnav logs or the supportsave to read the database password.
CVE-2026-22778	1 Vllm-project	1 Vllm	2026-02-04	9.8 Critical
vLLM is an inference and serving engine for large language models (LLMs). From 0.8.3 to before 0.14.1, when an invalid image is sent to vLLM's multimodal endpoint, PIL throws an error. vLLM returns this error to the client, leaking a heap address. With this leak, we reduce ASLR from 4 billion guesses to ~8 guesses. This vulnerability can be chained a heap overflow with JPEG2000 decoder in OpenCV/FFmpeg to achieve remote code execution. This vulnerability is fixed in 0.14.1.
CVE-2025-61636	2 Mediawiki, Wikimedia	2 Mediawiki, Mediawiki	2026-02-04	N/A
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLButtonField.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.
CVE-2026-22780	1 Rizin	1 Rizin	2026-02-04	4.4 Medium
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Prior to 0.8.2, a heap overflow can be exploited when a malicious mach0 file, having bogus entries for the dyld chained segments, is parsed by rizin. This vulnerability is fixed in 0.8.2.
CVE-2025-69207	1 Khoj	1 Khoj	2026-02-04	5.4 Medium
Khoj is a self-hostable artificial intelligence app. Prior to 2.0.0-beta.23, an IDOR in the Notion OAuth callback allows an attacker to hijack any user's Notion integration by manipulating the state parameter. The callback endpoint accepts any user UUID without verifying the OAuth flow was initiated by that user, allowing attackers to replace victims' Notion configurations with their own, resulting in data poisoning and unauthorized access to the victim's Khoj search index. This attack requires knowing the user's UUID which can be leaked through shared conversations where an AI generated image is present. This vulnerability is fixed in 2.0.0-beta.23.
CVE-2025-61640	2 Mediawiki, Wikimedia	2 Mediawiki, Mediawiki	2026-02-04	4.6 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Rcfilters/ui/RclToOrFromWidget.Js. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.
CVE-2025-61635	1 Wikimedia	1 Confirmedit	2026-02-04	N/A
Vulnerability in Wikimedia Foundation ConfirmEdit. This vulnerability is associated with program files includes/FancyCaptcha/ApiFancyCaptchaReload.Php. This issue affects ConfirmEdit: *.
CVE-2025-61634	2 Mediawiki, Wikimedia	2 Mediawiki, Mediawiki	2026-02-04	N/A
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Rest/Handler/PageHTMLHandler.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.
CVE-2025-6595	1 Wikimedia	1 Multimediaviewer	2026-02-04	4.7 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MultimediaViewer.This issue affects MultimediaViewer: from * before 1.39.13, 1.42.7, 1.43.2, 1.44.0.
CVE-2025-6597	2 Mediawiki, Wikimedia	2 Mediawiki, Mediawiki	2026-02-04	0.0 Low
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/auth/AuthManager.Php. This issue affects MediaWiki: from * before 1.39.13, 1.42.7, 1.43.2, 1.44.0.
CVE-2025-61639	2 Mediawiki, Wikimedia	2 Mediawiki, Mediawiki	2026-02-04	N/A
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/logging/ManualLogEntry.Php, includes/recentchanges/RecentChangeFactory.Php, includes/recentchanges/RecentChangeStore.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.
CVE-2025-61638	2 Mediawiki, Wikimedia	2 Mediawiki, Parsoid	2026-02-04	N/A
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid. This vulnerability is associated with program files includes/parser/Sanitizer.Php, src/Core/Sanitizer.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1; Parsoid: from * before 0.16.6, 0.20.4, 0.21.1.
CVE-2025-61637	2 Mediawiki, Wikimedia	2 Mediawiki, Mediawiki	2026-02-04	4.6 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Action/mediawiki.Action.Edit.Preview.Js, resources/src/mediawiki.Page.Preview.Js. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.
CVE-2025-61644	2 Mediawiki, Wikimedia	2 Mediawiki, Mediawiki	2026-02-04	N/A
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Rcfilters/ui/WatchlistTopSectionWidget.Js. This issue affects MediaWiki: from * before > fb856ce9cf121e046305116852cca4899ecb48ca.
CVE-2026-1065	2 10web, Wordpress	2 Form Maker, Wordpress	2026-02-04	7.2 High
The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.15.35. This is due to the plugin's default file upload allowlist including SVG files combined with weak substring-based extension validation. This makes it possible for unauthenticated attackers to upload malicious SVG files containing JavaScript code that will execute when viewed by administrators or site visitors via file upload fields in forms granted they can submit forms.
CVE-2026-0950	2 Brainstormforce, Wordpress	2 Spectra, Wordpress	2026-02-04	5.3 Medium
The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.19.17. This is due to the plugin failing to check `post_password_required()` before rendering post excerpts in the `render_excerpt()` function and the `uagb_get_excerpt()` helper function. This makes it possible for unauthenticated attackers to read excerpts of password-protected posts by simply viewing any page that contains a Spectra Post Grid, Post Masonry, Post Carousel, or Post Timeline block.
CVE-2025-11173	1 Wikimedia	1 Oathauth	2026-02-04	N/A
Vulnerability in Wikimedia Foundation OATHAuth. This vulnerability is associated with program files src/Special/OATHManage.Php. This issue affects OATHAuth: from * before 1.39.14, 1.43.4, 1.44.1.
CVE-2026-24951	2 Saadiqbal, Wordpress	2 Mycred, Wordpress	2026-02-04	4.3 Medium
Missing Authorization vulnerability in Saad Iqbal myCred mycred allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects myCred: from n/a through <= 2.9.7.3.
CVE-2026-1058	2 10web, Wordpress	2 Form Maker, Wordpress	2026-02-04	7.1 High
The Form Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via hidden field values in all versions up to, and including, 1.15.35. This is due to insufficient output escaping when displaying hidden field values in the admin submissions list. The plugin uses html_entity_decode() on user-supplied hidden field values without subsequent escaping before output, which converts HTML entity-encoded payloads back into executable JavaScript. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in the admin submissions view that will execute whenever an administrator accesses the submissions list.

« first previous Page 293 of 16668. next last »