Search Results (363962 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-50461 1 Linux 1 Linux Kernel 2026-01-16 5.5 Medium
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: am65-cpsw: Fix PM runtime leakage in am65_cpsw_nuss_ndo_slave_open() Ensure pm_runtime_put() is issued in error path.
CVE-2022-50460 1 Linux 1 Linux Kernel 2026-01-16 5.5 Medium
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix xid leak in cifs_flock() If not flock, before return -ENOLCK, should free the xid, otherwise, the xid will be leaked.
CVE-2025-14823 1 Connectwise 1 Screenconnect 2026-01-16 5.3 Medium
In deployments using the ScreenConnect™ Certificate Signing Extension, encrypted configuration values including an Azure Key Vault-related key, could be returned to unauthenticated users through a client-facing endpoint under certain conditions. The values remained encrypted and securely stored at rest; however, an encrypted representation could be exposed in client responses. Updating the Certificate Signing Extension to version 1.0.12 or higher ensures configuration handling occurs exclusively on the server side, preventing encrypted values from being transmitted to or rendered by client-side components.
CVE-2025-68949 1 N8n 1 N8n 2026-01-16 5.3 Medium
n8n is an open source workflow automation platform. From 1.36.0 to before 2.2.0, the Webhook node’s IP whitelist validation performed partial string matching instead of exact IP comparison. As a result, an incoming request could be accepted if the source IP address merely contained the configured whitelist entry as a substring. This issue affected instances where workflow editors relied on IP-based access controls to restrict webhook access. Both IPv4 and IPv6 addresses were impacted. An attacker with a non-whitelisted IP could bypass restrictions if their IP shared a partial prefix with a trusted address, undermining the intended security boundary. This vulnerability is fixed in 2.2.0.
CVE-2025-68428 1 Parall 1 Jspdf 2026-01-16 7.5 High
jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.0.0, user control of the first argument of the loadFile method in the node.js build allows local file inclusion/path traversal. If given the possibility to pass unsanitized paths to the loadFile method, a user can retrieve file contents of arbitrary files in the local file system the node process is running in. The file contents are included verbatim in the generated PDFs. Other affected methods are `addImage`, `html`, and `addFont`. Only the node.js builds of the library are affected, namely the `dist/jspdf.node.js` and `dist/jspdf.node.min.js` files. The vulnerability has been fixed in jsPDF@4.0.0. This version restricts file system access per default. This semver-major update does not introduce other breaking changes. Some workarounds areavailable. With recent node versions, jsPDF recommends using the `--permission` flag in production. The feature was introduced experimentally in v20.0.0 and is stable since v22.13.0/v23.5.0/v24.0.0. For older node versions, sanitize user-provided paths before passing them to jsPDF.
CVE-2025-70753 1 Tenda 2 Ax1806, Ax1806 Firmware 2026-01-16 7.5 High
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the security_5g parameter of the sub_4CA50 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-71024 1 Tenda 2 Ax3, Ax3 Firmware 2026-01-16 7.5 High
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the serviceName2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-71025 1 Tenda 2 Ax3, Ax3 Firmware 2026-01-16 7.5 High
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the cloneType2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-71027 1 Tenda 2 Ax3, Ax3 Firmware 2026-01-16 7.5 High
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanMTU2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-71026 1 Tenda 2 Ax3, Ax3 Firmware 2026-01-16 7.5 High
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanSpeed2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2025-69990 1 Phpgurukul 2 News Portal, News Portal Project 2026-01-16 9.1 Critical
phpgurukul News Portal Project V4.1 has an Arbitrary File Deletion Vulnerability in remove_file.php. The parameter file can cause any file to be deleted.
CVE-2025-69991 1 Phpgurukul 2 News Portal, News Portal Project 2026-01-16 9.8 Critical
phpgurukul News Portal Project V4.1 is vulnerable to SQL Injection in check_availablity.php.
CVE-2025-69992 1 Phpgurukul 2 News Portal, News Portal Project 2026-01-16 9.8 Critical
phpgurukul News Portal Project V4.1 has File Upload Vulnerability via upload.php, which enables the upload of files of any format to the server without identity authentication.
CVE-2025-24980 1 Pimcore 1 Admin Classic Bundle 2026-01-16 5.3 Medium
pimcore/admin-ui-classic-bundle provides a Backend UI for Pimcore. In affected versions an error message discloses existing accounts and leads to user enumeration on the target via "Forgot password" function. No generic error message has been implemented. This issue has been addressed in version 1.7.4 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2024-53695 1 Qnap 1 Hybrid Backup Sync 2026-01-16 9.1 Critical
A buffer overflow vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to modify memory or crash processes. We have already fixed the vulnerability in the following version: HBS 3 Hybrid Backup Sync 25.1.4.952 and later
CVE-2025-51567 2 Jayesh, Kashipara 2 Online Exam System, Online Exam System 2026-01-16 9.1 Critical
A SQL Injection was found in the /exam/user/profile.php page of kashipara Online Exam System V1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the rname, rcollage, rnumber, rgender and rpassword parameters in a POST HTTP request.
CVE-2023-25797 1 Vibethemes 1 Vslider 2026-01-16 5.9 Medium
Auth. Stored Cross-Site Scripting (XSS) vulnerability in Mr.Vibe vSlider Multi Image Slider for WordPress plugin <= 4.1.2 versions.
CVE-2023-3604 1 Wpexperts 1 All In One Login 2026-01-16 7.5 High
The Change WP Admin Login WordPress plugin before 1.1.4 discloses the URL of the hidden login page when accessing a crafted URL, bypassing the protection offered.
CVE-2024-43947 1 Dineshkarki 1 Wp Armour 2026-01-16 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Dinesh Karki WP Armour Extended.This issue affects WP Armour Extended: from n/a through 1.26.
CVE-2025-52598 1 Hanwhavision 512 Knb-2000, Knb-2000 Firmware, Knb-5000n and 509 more 2026-01-16 3.7 Low
Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has found a flaw that camera's client service does not perform certificate validation. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.