6.5

CVSS3.1

CVE-2026-22519 - WordPress MediaPress plugin <= 1.6.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BuddyDev MediaPress mediapress allows Stored XSS.This issue affects MediaPress: from n/a through <= 1.6.2.

πŸ“… Published: Jan. 8, 2026, 4:19 p.m. πŸ”„ Last Modified: April 23, 2026, 3:36 p.m.

7.5

CVSS3.1

CVE-2026-22521 - WordPress Handmade Framework plugin <= 3.9 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in G5Theme Handmade Framework handmade-framework allows PHP Local File Inclusion.This issue affects Handmade Framework: from n/a through <= 3.9.

πŸ“… Published: Jan. 8, 2026, 4:18 p.m. πŸ”„ Last Modified: April 23, 2026, 3:36 p.m.

9

CVSS3.1

CVE-2025-59468 -

This vulnerability allows a Backup Administrator to perform remote code execution (RCE) as the postgres user by sending a malicious password parameter.

πŸ“… Published: Jan. 8, 2026, 4:18 p.m. πŸ”„ Last Modified: Feb. 26, 2026, 3:04 p.m.

7.8

CVSS3.1

CVE-2025-55125 -

This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as root by creating a malicious backup configuration file.

πŸ“… Published: Jan. 8, 2026, 4:18 p.m. πŸ”„ Last Modified: Jan. 12, 2026, 4:44 p.m.

9

CVSS3.1

CVE-2025-59469 -

This vulnerability allows a Backup or Tape Operator to write files as root.

πŸ“… Published: Jan. 8, 2026, 4:18 p.m. πŸ”„ Last Modified: Feb. 26, 2026, 3:04 p.m.

9

CVSS3.1

CVE-2025-59470 -

This vulnerability allows a Backup Operator to perform remote code execution (RCE) as the postgres user by sending a malicious interval or order parameter.

πŸ“… Published: Jan. 8, 2026, 4:18 p.m. πŸ”„ Last Modified: Feb. 26, 2026, 3:04 p.m.

6.5

CVSS3.1

CVE-2026-22522 - WordPress Block Slider plugin <= 2.2.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Munir Kamal Block Slider block-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Block Slider: from n/a through <= 2.2.3.

πŸ“… Published: Jan. 8, 2026, 4:17 p.m. πŸ”„ Last Modified: April 23, 2026, 3:36 p.m.

5.4

CVSS3.1

CVE-2026-21639 - Remote Code Execution via airMAX Wireless Protocol in Ubiquiti AirMAX and AirFiber Devices

A malicious actor in Wi-Fi range of the affected product could leverage a vulnerability in the airMAX Wireless Protocol to achieve a remote code execution (RCE) within the affected product. Affected Products: airMAX AC (Version 8.7.20 and earlier) airMAX M (Version 6.3.22 and earlier) …

πŸ“… Published: Jan. 8, 2026, 4:14 p.m. πŸ”„ Last Modified: April 18, 2026, 7:45 a.m.

8.8

CVSS3.1

CVE-2026-21638 - Remote Code Execution via AirMAX Protocol in Ubiquiti Devices

A malicious actor in Wi-Fi range of the affected product could leverage a vulnerability in the airMAX Wireless Protocol to achieve a remote code execution (RCE) within the affected product. Affected Products: UBB-XG (Version 1.2.2 and earlier) UDB-Pro/UDB-Pro-Sector (Version 1.4.1 and earl…

πŸ“… Published: Jan. 8, 2026, 4:14 p.m. πŸ”„ Last Modified: April 18, 2026, 7:45 a.m.

6.6

CVSS4.0

CVE-2025-68151 - CoreDNS gRPC/HTTPS/HTTP3 servers lack resource limits, enabling DoS via unbounded connections and o…

CoreDNS is a DNS server that chains plugins. Prior to version 1.14.0, multiple CoreDNS server implementations (gRPC, HTTPS, and HTTP/3) lack critical resource-limiting controls. An unauthenticated remote attacker can exhaust memory and degrade or crash the server by opening many concurrent connecti…

πŸ“… Published: Jan. 8, 2026, 3:33 p.m. πŸ”„ Last Modified: Jan. 22, 2026, 1:47 p.m.
Total resulsts: 348413
Page 2146 of 34,842
Β« previous page Β» next page
Filters