7.5

CVSS3.1

CVE-2026-22910 - Weak Default Passwords Enable Unauthorized Access on SICK AG TDC-X401GL

The device is deployed with weak and publicly known default passwords for certain hidden user levels, increasing the risk of unauthorized access. This represents a high risk to the integrity of the system.

πŸ“… Published: Jan. 15, 2026, 1:02 p.m. πŸ”„ Last Modified: April 18, 2026, 4:15 p.m.

7.5

CVSS3.1

CVE-2026-22909 - Unauthorized Application Control via Missing Authorization in SICK TDC-X401GL

Certain system functions may be accessed without proper authorization, allowing attackers to start, stop, or delete installed applications, potentially disrupting system operations.

πŸ“… Published: Jan. 15, 2026, 1:01 p.m. πŸ”„ Last Modified: April 18, 2026, 6:15 a.m.

9.1

CVSS3.1

CVE-2026-22908 -

Uploading unvalidated container images may allow remote attackers to gain full access to the system, potentially compromising its integrity and confidentiality.

πŸ“… Published: Jan. 15, 2026, 1 p.m. πŸ”„ Last Modified: Jan. 23, 2026, 3:46 p.m.

9.9

CVSS3.1

CVE-2026-22907 - Unauthorized Access to Host Filesystem via TDC‑X401GL Vulnerability

An attacker may gain unauthorized access to the host filesystem, potentially allowing them to read and modify system data.

πŸ“… Published: Jan. 15, 2026, 12:59 p.m. πŸ”„ Last Modified: April 18, 2026, 6:15 a.m.

3.7

CVSS3.1

CVE-2025-14457 - Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.2 - Missing Authorization to Unauthe…

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing ownership check in the dnd_codedropz_upload_delete() function in all versions up to, and including, 1.3.9.2. This makes it possible for unauthenticated …

πŸ“… Published: Jan. 15, 2026, 6:45 a.m. πŸ”„ Last Modified: April 22, 2026, 3:45 p.m.

5.4

CVSS3.1

CVE-2025-14448 - WP-Members Membership Plugin <= 3.5.4.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting v…

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Multiple Checkbox and Multiple Select user profile fields in all versions up to, and including, 3.5.4.3 due to insufficient input sanitization and output escaping. This makes it possible for a…

πŸ“… Published: Jan. 15, 2026, 5:24 a.m. πŸ”„ Last Modified: April 21, 2026, 4:30 p.m.

3.7

CVSS3.1

CVE-2026-0988 - Glib: glib: denial of service via integer overflow in g_buffered_input_stream_peek()

A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), trig…

πŸ“… Published: Jan. 15, 2026, midnight πŸ”„ Last Modified: April 24, 2026, 8:38 p.m.

5.3

CVSS3.1

CVE-2025-67083 -

Directory traversal vulnerability in InvoicePlane through 1.6.3 allows unauthenticated attackers to read files from the server. The ability to read files and the file type depends on the web server and its configuration.

πŸ“… Published: Jan. 15, 2026, midnight πŸ”„ Last Modified: Jan. 22, 2026, 4:03 p.m.

7.5

CVSS3.1

CVE-2025-71019 -

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the wanSpeed parameter of the sub_65B5C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

πŸ“… Published: Jan. 15, 2026, midnight πŸ”„ Last Modified: Jan. 20, 2026, 5:35 p.m.

5.5

CVSS3.1

CVE-2025-70302 -

A heap overflow in the ghi_dmx_declare_opid_bin() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.

πŸ“… Published: Jan. 15, 2026, midnight πŸ”„ Last Modified: Jan. 23, 2026, 7:11 p.m.
Total resulsts: 349182
Page 2121 of 34,919
Β« previous page Β» next page
Filters