Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 76324 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (76324 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-56093 | 1 Ruijie | 7 Rg-eap602, Rg-eap602 Firmware, Rg-ew300 Pro and 4 more | 2026-01-27 | 8.8 High |
| OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V1_09241521 allowing attackers to execute arbitrary commands via a crafted POST request to the setWisp in file /usr/lib/lua/luci/modules/wireless.lua. | ||||
| CVE-2025-56094 | 1 Ruijie | 5 Rg-ew300 Pro, Rg-ew300 Pro Firmware, X30-pro and 2 more | 2026-01-27 | 8.8 High |
| OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V1_09241521 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/host_access_delay.lua. | ||||
| CVE-2025-56095 | 1 Ruijie | 4 Rg-eap602, Rg-eap602 Firmware, Rg-ew1200g Pro and 1 more | 2026-01-27 | 8.8 High |
| OS Command Injection vulnerability in Ruijie RG-EW1200G PRO RG-EW1200G PRO V1.00/V2.00/V3.00/V4.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_cwmp.lua. | ||||
| CVE-2025-56090 | 1 Ruijie | 4 Rg-ew1200g Pro, Rg-ew1200g Pro Firmware, Rg-ew1200r and 1 more | 2026-01-27 | 8.8 High |
| OS Command Injection vulnerability in Ruijie RG-EW1200G PRO RG-EW1200G PRO V1.00/V2.00/V3.00/V4.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_config/config_retain.lua. | ||||
| CVE-2022-50490 | 1 Linux | 1 Linux Kernel | 2026-01-27 | 7.1 High |
| In the Linux kernel, the following vulnerability has been resolved: bpf: Propagate error from htab_lock_bucket() to userspace In __htab_map_lookup_and_delete_batch() if htab_lock_bucket() returns -EBUSY, it will go to next bucket. Going to next bucket may not only skip the elements in current bucket silently, but also incur out-of-bound memory access or expose kernel memory to userspace if current bucket_cnt is greater than bucket_size or zero. Fixing it by stopping batch operation and returning -EBUSY when htab_lock_bucket() fails, and the application can retry or skip the busy batch as needed. | ||||
| CVE-2025-56123 | 1 Ruijie | 4 Rg-ew1200g Pro, Rg-ew1200g Pro Firmware, Rg-ew1300g and 1 more | 2026-01-27 | 8.8 High |
| OS Command Injection vulnerability in Ruijie RG-EW1200G PRO RG-EW1200G PRO V1.00/V2.00/V3.00/V4.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua. | ||||
| CVE-2025-56091 | 1 Ruijie | 4 Rg-ew1800gx, Rg-ew1800gx Firmware, Rg-ew300r and 1 more | 2026-01-27 | 8.8 High |
| OS Command Injection vulnerability in Ruijie RG-EW1800GX B11P226_EW1800GX_10223121 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_config/config_retain.lua. | ||||
| CVE-2025-56097 | 1 Ruijie | 4 Rg-ew1800gx Pro, Rg-ew1800gx Pro Firmware, Rg-ew300n and 1 more | 2026-01-27 | 8.8 High |
| OS Command Injection vulnerability in Ruijie RG-EW1800GX PRO B11P226_EW1800GX-PRO_10223117 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_config/config_retain.lua. | ||||
| CVE-2023-23436 | 1 Honor | 1 Magicos | 2026-01-27 | 7.3 High |
| Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file | ||||
| CVE-2025-56102 | 1 Ruijie | 4 Rg-ew1800gx, Rg-ew1800gx Firmware, Rg-ew300r and 1 more | 2026-01-27 | 8.8 High |
| OS Command Injection vulnerability in Ruijie RG-EW1800GX B11P226_EW1800GX_10223121 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua. | ||||
| CVE-2023-31594 | 1 Icrealtime | 2 Icip-p2012t, Icip-p2012t Firmware | 2026-01-27 | 7.5 High |
| IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Control via an exposed HTTP channel using VLC network. | ||||
| CVE-2023-31595 | 1 Icrealtime | 2 Icip-p2012t, Icip-p2012t Firmware | 2026-01-27 | 7.5 High |
| IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Control via unauthenticated port access. | ||||
| CVE-2025-69181 | 2 E-plugins, Wordpress | 2 Lawyer Directory, Wordpress | 2026-01-27 | 7.3 High |
| Missing Authorization vulnerability in e-plugins Lawyer Directory lawyer-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lawyer Directory: from n/a through <= 1.3.4. | ||||
| CVE-2025-69054 | 1 Wordpress | 1 Wordpress | 2026-01-27 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in highwarden Super Logos Showcase superlogoshowcase-wp allows Reflected XSS.This issue affects Super Logos Showcase: from n/a through <= 2.8. | ||||
| CVE-2025-50004 | 2 Artbees, Wordpress | 2 Jupiter X Core, Wordpress | 2026-01-27 | 8.5 High |
| Deserialization of Untrusted Data vulnerability in artbees JupiterX Core jupiterx-core allows Object Injection.This issue affects JupiterX Core: from n/a through <= 4.10.1. | ||||
| CVE-2025-49050 | 1 Wordpress | 1 Wordpress | 2026-01-27 | 8.8 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav WP Lead Capturing Pages wp-lead-capture allows Blind SQL Injection.This issue affects WP Lead Capturing Pages: from n/a through <= 2.5. | ||||
| CVE-2025-49049 | 1 Wordpress | 1 Wordpress | 2026-01-27 | 8.8 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ZoomIt DZS Video Gallery dzs-videogallery allows SQL Injection.This issue affects DZS Video Gallery: from n/a through <= 12.37. | ||||
| CVE-2025-58898 | 2 Ancorathemes, Wordpress | 2 Healthhub, Wordpress | 2026-01-27 | 8.2 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes HealthHub healthhub allows PHP Local File Inclusion.This issue affects HealthHub: from n/a through <= 1.3.0. | ||||
| CVE-2025-58929 | 2 Axiomthemes, Wordpress | 2 Pantry, Wordpress | 2026-01-27 | 8.2 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Pantry pantry allows PHP Local File Inclusion.This issue affects Pantry: from n/a through <= 1.4. | ||||
| CVE-2025-58930 | 2 Axiomthemes, Wordpress | 2 Fitflex, Wordpress | 2026-01-27 | 8.2 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes FitFlex fitflex allows PHP Local File Inclusion.This issue affects FitFlex: from n/a through <= 1.6. | ||||