| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used. |
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used. |
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used. |
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used. |
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used. |
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used. |
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used. |
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used. |
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used. |
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used. |
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used. |
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used. |
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used. |
| MeetingHub developed by HAMASTAR Technology has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files. |
| MeetingHub developed by HAMASTAR Technology has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server. |
| Discord through 2026-01-16 allows gathering information about whether a user's client state is Invisible (and not actually offline) because the response to a WebSocket API request includes the user in the presences array (with "status": "offline"), whereas offline users are omitted from the presences array. This is arguably inconsistent with the UI description of Invisible as "You will appear offline." |
| The reserved CVE was never used. |
| The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Administrative User Creation in all versions up to, and including, 1.5.6.3. This is due to the 'ajax_register_handle' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'lakit_bkrole' parameter during registration and gain administrator access to the site. |
| The installers for multiple products provided by PIONEER CORPORATION contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running installer. |
| A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption. |
