9.3

CVSS3.1

CVE-2025-39484 - WordPress Entrada Theme <= 5.7.7 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Waituk Entrada allows SQL Injection.This issue affects Entrada: from n/a through 5.7.7.

πŸ“… Published: Jan. 5, 2026, 4:53 p.m. πŸ”„ Last Modified: April 28, 2026, 4:12 p.m.

6.5

CVSS3.1

CVE-2025-39497 - WordPress Dokan Pro plugin <= 3.14.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dokan Dokan Pro allows Stored XSS.This issue affects Dokan Pro: from n/a through 3.14.5.

πŸ“… Published: Jan. 5, 2026, 4:51 p.m. πŸ”„ Last Modified: April 28, 2026, 4:12 p.m.

6.5

CVSS3.1

CVE-2025-39561 - WordPress LoginWP - Pro Plugin <= 4.0.8.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Marketing Fire, LLC LoginWP - Pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LoginWP - Pro: from n/a through 4.0.8.5.

πŸ“… Published: Jan. 5, 2026, 4:50 p.m. πŸ”„ Last Modified: April 28, 2026, 4:12 p.m.

5.3

CVSS3.1

CVE-2026-21635 - Improper Access Control Allowing Wi‑Fi AutoLink on Ethernet‑Only Adopted Devices

An Improper Access Control could allow a malicious actor in Wi-Fi range to the EV Station Lite (v1.5.2 and earlier) to use WiFi AutoLink feature on a device that was only adopted via Ethernet.

πŸ“… Published: Jan. 5, 2026, 4:47 p.m. πŸ”„ Last Modified: April 18, 2026, 8:30 a.m.

6.5

CVSS3.1

CVE-2026-21634 - Buffer Overflow in UniFi Protect Discovery Protocol Causes Application Restart

A malicious actor with access to the adjacent network could overflow the UniFi Protect Application (Version 6.1.79 and earlier) discovery protocol causing it to restart. Affected Products: UniFi Protect Application (Version 6.1.79 and earlier). Mitigation: Update your UniFi Protect Appl…

πŸ“… Published: Jan. 5, 2026, 4:47 p.m. πŸ”„ Last Modified: April 18, 2026, 5 p.m.

7.5

CVSS3.1

CVE-2025-59467 -

A Cross-Site Scripting (XSS) vulnerability in the UCRM Argentina AFIP invoices Plugin (v1.2.0 and earlier) could allow privilege escalation if an Administrator is tricked into visiting a crafted malicious page. This plugin is disabled by default. Affected Products: UCRM Argentina AFIP invoices …

πŸ“… Published: Jan. 5, 2026, 4:47 p.m. πŸ”„ Last Modified: Feb. 5, 2026, 9:22 p.m.

8.8

CVSS3.1

CVE-2026-21633 - Unauthorized Camera Access via Discovery Protocol in UniFi Protect

A malicious actor with access to the adjacent network could obtain unauthorized access to a UniFi Protect Camera by exploiting a discovery protocol vulnerability in the Unifi Protect Application (Version 6.1.79 and earlier). Affected Products: UniFi Protect Application (Version 6.1.79 an…

πŸ“… Published: Jan. 5, 2026, 4:47 p.m. πŸ”„ Last Modified: April 18, 2026, 8:30 a.m.

7.5

CVSS3.1

CVE-2025-46255 - WordPress LoginWP - Pro Plugin <= 4.0.8.5 - Settings Change vulnerability

Missing Authorization vulnerability in Marketing Fire LLC LoginWP - Pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LoginWP - Pro: from n/a through 4.0.8.5.

πŸ“… Published: Jan. 5, 2026, 4:44 p.m. πŸ”„ Last Modified: April 28, 2026, 4:12 p.m.

0.0

CVE-2026-21867 -

Reason: This candidate was issued in error.

πŸ“… Published: Jan. 5, 2026, 4:44 p.m. πŸ”„ Last Modified: Jan. 23, 2026, 6:19 p.m.

4.3

CVSS3.1

CVE-2025-53344 - WordPress Thim Core Plugin <= 2.3.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in ThimPress Thim Core allows Cross Site Request Forgery.This issue affects Thim Core: from n/a through 2.3.3.

πŸ“… Published: Jan. 5, 2026, 4:42 p.m. πŸ”„ Last Modified: April 28, 2026, 4:13 p.m.
Total resulsts: 347827
Page 2150 of 34,783
Β« previous page Β» next page
Filters