Total
336347 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-69371 | 2026-02-24 | N/A | 9.8 CRITICAL | ||
|
Deserialization of Untrusted Data vulnerability in AncoraThemes KindlyCare kindlycare allows Object Injection.This issue affects KindlyCare: from n/a through <= 1.6.1.
|
|||||
| CVE-2025-69370 | 2026-02-24 | N/A | 9.8 CRITICAL | ||
|
Deserialization of Untrusted Data vulnerability in ThemeGoods Capella capella allows Object Injection.This issue affects Capella: from n/a through <= 2.5.5.
|
|||||
| CVE-2025-69301 | 2026-02-24 | N/A | 9.8 CRITICAL | ||
|
Deserialization of Untrusted Data vulnerability in ThemeGoods PhotoMe photome allows Object Injection.This issue affects PhotoMe: from n/a through <= 5.6.11.
|
|||||
| CVE-2025-69297 | 2026-02-24 | N/A | 7.5 HIGH | ||
|
Missing Authorization vulnerability in GhostPool Aardvark Plugin aardvark-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aardvark Plugin: from n/a through <= 2.19.
|
|||||
| CVE-2025-69294 | 2026-02-24 | N/A | 8.8 HIGH | ||
|
Deserialization of Untrusted Data vulnerability in fuelthemes PeakShops peakshops allows Object Injection.This issue affects PeakShops: from n/a through <= 1.5.9.
|
|||||
| CVE-2025-69063 | 2026-02-24 | N/A | 8.6 HIGH | ||
|
Missing Authorization vulnerability in Saad Iqbal New User Approve new-user-approve allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects New User Approve: from n/a through <= 3.2.0.
|
|||||
| CVE-2025-68853 | 2026-02-24 | N/A | 8.8 HIGH | ||
|
Deserialization of Untrusted Data vulnerability in Kleor Contact Manager contact-manager allows Object Injection.This issue affects Contact Manager: from n/a through <= 9.1.1.
|
|||||
| CVE-2025-68542 | 2026-02-24 | N/A | 6.5 MEDIUM | ||
|
Missing Authorization vulnerability in vgdevsolutions Checkout Gateway for IRIS checkout-gateway-iris allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Checkout Gateway for IRIS: from n/a through <= 1.3.
|
|||||
| CVE-2025-68541 | 2026-02-24 | N/A | 9.8 CRITICAL | ||
|
Deserialization of Untrusted Data vulnerability in BoldThemes Ippsum ippsum allows Object Injection.This issue affects Ippsum: from n/a through <= 1.2.0.
|
|||||
| CVE-2025-68534 | 2026-02-24 | N/A | 6.5 MEDIUM | ||
|
Missing Authorization vulnerability in add-ons.org PDF for WPForms pdf-for-wpforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF for WPForms: from n/a through <= 6.3.0.
|
|||||
| CVE-2025-68531 | 2026-02-24 | N/A | 8.8 HIGH | ||
|
Deserialization of Untrusted Data vulnerability in modeltheme ModelTheme Addons for WPBakery and Elementor modeltheme-addons-for-wpbakery allows Object Injection.This issue affects ModelTheme Addons for WPBakery and Elementor: from n/a through < 1.5.6.
|
|||||
| CVE-2025-68069 | 2026-02-24 | N/A | 7.1 HIGH | ||
|
Missing Authorization vulnerability in wpWax Directorist directorist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directorist: from n/a through <= 8.5.10.
|
|||||
| CVE-2025-68050 | 2026-02-24 | N/A | 6.5 MEDIUM | ||
|
Missing Authorization vulnerability in Leadpages Leadpages leadpages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Leadpages: from n/a through <= 1.1.3.
|
|||||
| CVE-2025-68043 | 2026-02-24 | N/A | 7.3 HIGH | ||
|
Missing Authorization vulnerability in LottieFiles LottieFiles lottiefiles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LottieFiles: from n/a through <= 3.0.0.
|
|||||
| CVE-2025-68026 | 2026-02-24 | N/A | 6.5 MEDIUM | ||
|
Missing Authorization vulnerability in Niaj Morshed LC Wizard ghl-wizard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LC Wizard: from n/a through <= 2.1.1.
|
|||||
| CVE-2025-68024 | 2026-02-24 | N/A | 6.5 MEDIUM | ||
|
Missing Authorization vulnerability in Addonify Addonify – WooCommerce Wishlist addonify-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Addonify – WooCommerce Wishlist: from n/a through <= 2.0.15.
|
|||||
| CVE-2025-68022 | 2026-02-24 | N/A | 6.3 MEDIUM | ||
|
Missing Authorization vulnerability in soporteblue Plugin BlueX for WooCommerce bluex-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Plugin BlueX for WooCommerce: from n/a through <= 3.1.6.
|
|||||
| CVE-2025-68005 | 2026-02-24 | N/A | 6.5 MEDIUM | ||
|
Missing Authorization vulnerability in themewant Easy Hotel Booking easy-hotel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Hotel Booking: from n/a through <= 1.8.7.
|
|||||
| CVE-2025-68000 | 2026-02-24 | N/A | 6.5 MEDIUM | ||
|
Missing Authorization vulnerability in PickPlugins Testimonial Slider testimonial allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Testimonial Slider: from n/a through <= 2.0.15.
|
|||||
| CVE-2025-67997 | 2026-02-24 | N/A | 9.8 CRITICAL | ||
|
Deserialization of Untrusted Data vulnerability in BoldThemes Travelicious travelicious allows Object Injection.This issue affects Travelicious: from n/a through < 1.6.7.
|
|||||
| CVE-2025-67993 | 2026-02-24 | N/A | 6.5 MEDIUM | ||
|
Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Atarim: from n/a through <= 4.2.1.
|
|||||
| CVE-2025-67977 | 2026-02-24 | N/A | 8.2 HIGH | ||
|
Missing Authorization vulnerability in VillaTheme HAPPY happy-helpdesk-support-ticket-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HAPPY: from n/a through <= 1.0.8.
|
|||||
| CVE-2025-67974 | 2026-02-24 | N/A | 7.5 HIGH | ||
|
Missing Authorization vulnerability in WP Legal Pages WPLegalPages wplegalpages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLegalPages: from n/a through <= 3.5.4.
|
|||||
| CVE-2025-67970 | 2026-02-24 | N/A | 5.3 MEDIUM | ||
|
Missing Authorization vulnerability in vertim Schedula schedula-smart-appointment-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Schedula: from n/a through <= 1.0.
|
|||||
| CVE-2025-67624 | 2026-02-24 | N/A | 6.5 MEDIUM | ||
|
Missing Authorization vulnerability in Arya Dhiratara Optimize More! – Images optimize-more-images allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Optimize More! – Images: from n/a through <= 1.1.3.
|
|||||
| CVE-2026-27205 | 1 Palletsprojects | 1 Flask | 2026-02-24 | N/A | 4.3 MEDIUM |
|
Flask is a web server gateway interface (WSGI) web application framework. In versions 3.1.2 and below, when the session object is accessed, Flask should set the Vary: Cookie header., resulting in a Use of Cache Containing Sensitive Information vulnerability. The logic instructs caches not to cache the response, as it may contain information specific to a logged in user. This is handled in most cases, but some forms of access such as the Python in operator were overlooked. The severity and risk d ...
Show More |
|||||
| CVE-2026-21420 | 1 Dell | 1 Repository Manager | 2026-02-24 | N/A | 7.3 HIGH |
|
Dell Repository Manager (DRM), versions prior to 3.4.8, contains an Uncontrolled Search Path Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution and escalation of privileges.
|
|||||
| CVE-2026-0797 | 1 Gimp | 1 Gimp | 2026-02-24 | N/A | 7.8 HIGH |
|
GIMP ICO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of ICO files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap- ...
Show More |
|||||
| CVE-2026-2036 | 1 Gfi | 1 Archiver | 2026-02-24 | N/A | 8.8 HIGH |
|
GFI Archiver MArc.Store Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the configuration of the MArc.Store.Remoting.exe process. The issue results from the lack of proper validation of user-supplied data, whic ...
Show More |
|||||
| CVE-2026-2038 | 1 Gfi | 1 Archiver | 2026-02-24 | N/A | 9.8 CRITICAL |
|
GFI Archiver MArc.Core Missing Authorization Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of GFI Archiver. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the configuration of the MArc.Core.Remoting.exe process, which listens on port 8017. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this in co ...
Show More |
|||||
| CVE-2026-2039 | 1 Gfi | 1 Archiver | 2026-02-24 | N/A | 9.8 CRITICAL |
|
GFI Archiver MArc.Store Missing Authorization Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of GFI Archiver. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the configuration of the MArc.Store.Remoting.exe process, which listens on port 8018. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this in ...
Show More |
|||||
| CVE-2026-2037 | 1 Gfi | 1 Archiver | 2026-02-24 | N/A | 8.8 HIGH |
|
GFI Archiver MArc.Core Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the configuration of the MArc.Core.Remoting.exe process, which listens on port 8017. The issue results from the lack of proper validation o ...
Show More |
|||||
| CVE-2026-2044 | 1 Gimp | 1 Gimp | 2026-02-24 | N/A | 7.8 HIGH |
|
GIMP PGM File Parsing Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PGM files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulne ...
Show More |
|||||
| CVE-2026-2045 | 1 Gimp | 1 Gimp | 2026-02-24 | N/A | 7.8 HIGH |
|
GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an all ...
Show More |
|||||
| CVE-2026-2047 | 1 Gimp | 1 Gimp | 2026-02-24 | N/A | 7.8 HIGH |
|
GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of ICNS files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a hea ...
Show More |
|||||
| CVE-2026-3016 | 1 Utt | 2 810g, 810g Firmware | 2026-02-24 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was identified in UTT HiPER 810G up to 1.7.7-171114. The affected element is the function strcpy of the file /goform/formP2PLimitConfig. The manipulation of the argument except leads to buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
|
|||||
| CVE-2026-2048 | 1 Gimp | 1 Gimp | 2026-02-24 | N/A | 7.8 HIGH |
|
GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an all ...
Show More |
|||||
| CVE-2026-3044 | 1 Tenda | 2 Ac8, Ac8 Firmware | 2026-02-24 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability has been found in Tenda AC8 16.03.34.06. This affects the function webCgiGetUploadFile of the file /cgi-bin/UploadCfg of the component Httpd Service. The manipulation of the argument boundary leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2026-25108 | 1 Soliton | 1 Filezen | 2026-02-24 | N/A | 8.8 HIGH |
|
FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command.
|
|||||
| CVE-2026-25543 | 1 Htmlsanitizer Project | 1 Htmlsanitizer | 2026-02-24 | N/A | 6.1 MEDIUM |
|
HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. Prior to versions 9.0.892 and 9.1.893-beta, if the template tag is allowed, its contents are not sanitized. The template tag is a special tag that does not usually render its contents, unless the shadowrootmode attribute is set to open or closed. This issue has been patched in versions 9.0.892 and 9.1.893-beta.
|
|||||