High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source Info | Patch Info |
|---|---|---|---|---|---|
| AA-Team–Amazon Native Shopping Recommendations | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in AA-Team Amazon Native Shopping Recommendations allows SQL Injection.This issue affects Amazon Native Shopping Recommendations: from n/a through 1.3. | 2026-01-05 | 9.3 | CVE-2025-30633 | https://vdp.patchstack.com/database/wordpress/plugin/woozone-contextual/vulnerability/wordpress-amazon-native-shopping-recommendations-plugin-1-3-sql-injection-vulnerability?_s_id=cve |
| AA-Team–Premium Age Verification / Restriction for WordPress | Incorrect Privilege Assignment vulnerability in AA-Team Premium Age Verification / Restriction for WordPress, AA-Team Responsive Coming Soon Landing Page / Holding Page for WordPress allows Privilege Escalation.This issue affects Premium Age Verification / Restriction for WordPress: from n/a through 3.0.2; Responsive Coming Soon Landing Page / Holding Page for WordPress: from n/a through 3.0. | 2026-01-06 | 8.8 | CVE-2025-29004 | https://patchstack.com/database/wordpress/plugin/age-restriction/vulnerability/wordpress-premium-age-verification-restriction-for-wordpress-plugin-3-0-2-privilege-escalation-vulnerability?_s_id=cve https://patchstack.com/database/wordpress/plugin/wordpress-flat-countdown/vulnerability/wordpress-responsive-coming-soon-landing-page-holding-page-for-wordpress-3-0-privilege-escalation-vulnerability?_s_id=cve |
| AA-Team–Premium SEO Pack | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in AA-Team Premium SEO Pack allows SQL Injection.This issue affects Premium SEO Pack: from n/a through 3.3.2. | 2026-01-05 | 8.5 | CVE-2025-31044 | https://vdp.patchstack.com/database/wordpress/plugin/premium-seo-pack/vulnerability/wordpress-premium-seo-pack-3-3-2-sql-injection-vulnerability?_s_id=cve |
| AA-Team–Woocommerce Sales Funnel Builder | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in AA-Team Woocommerce Sales Funnel Builder, AA-Team Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer) allows Reflected XSS.This issue affects Woocommerce Sales Funnel Builder: from n/a through 1.1; Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer): from n/a through 1.2. | 2026-01-06 | 7.1 | CVE-2025-30631 | https://patchstack.com/database/wordpress/plugin/woosales/vulnerability/wordpress-woocommerce-sales-funnel-builder-plugin-1-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve https://patchstack.com/database/wordpress/plugin/azon-addon-js-composer/vulnerability/wordpress-amazon-affiliates-addon-for-wpbakery-page-builder-formerly-visual-composer-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve |
| ABB–WebPro SNMP Card PowerValue | Incorrect Implementation of Authentication Algorithm vulnerability in ABB WebPro SNMP Card PowerValue, ABB WebPro SNMP Card PowerValue UL.This issue affects WebPro SNMP Card PowerValue: through 1.1.8.K; WebPro SNMP Card PowerValue UL: through 1.1.8.K. | 2026-01-07 | 8.8 | CVE-2025-4676 | https://search.abb.com/library/Download.aspx?DocumentID=2CRT000009&LanguageCode=en&DocumentPartId=&Action=Launch |
| Adtecdigital–SignEdje Digital Signage Player | Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default credentials that allow unauthenticated remote access to web, telnet, and SSH interfaces. Attackers can exploit these credentials to gain root-level access and execute system commands across multiple Adtec Digital product versions. | 2026-01-06 | 7.5 | CVE-2020-36915 | ExploitDB-48954 Adtec Digital Official Homepage Zero Science Lab Disclosure (ZSL-2020-5603) Packet Storm Security Exploit Entry IBM X-Force Vulnerability Exchange VulnCheck Advisory: Adtec Digital SignEdje Digital Signage Player v2.08.28 Default Credentials |
| aio-libs–aiohttp | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host’s memory. This issue is fixed in version 3.13.3. | 2026-01-05 | 7.5 | CVE-2025-69223 | https://github.com/aio-libs/aiohttp/security/advisories/GHSA-6mq8-rvhq-8wgg https://github.com/aio-libs/aiohttp/commit/2b920c39002cee0ec5b402581779bbaaf7c9138a |
| aksharsoftsolutions–AS Password Field In Default Registration Form | The AS Password Field In Default Registration Form plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.0.0. This is due to the plugin not properly validating a user’s identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user’s passwords, including administrators, and leverage that to gain access to their account. | 2026-01-06 | 9.8 | CVE-2025-14996 | https://www.wordfence.com/threat-intel/vulnerabilities/id/061f022b-b922-4499-bb34-8ea91ba5ace3?source=cve https://plugins.trac.wordpress.org/browser/as-password-field-in-default-registration-form/tags/2.0.0/as-password-field-default-registration.php |
| Alibaba–Fastjson | Fastjson before 1.2.48 mishandles autoType because, when an @type key is in a JSON document, and the value of that key is the name of a Java class, there may be calls to certain public methods of that class. Depending on the behavior of those methods, there may be JNDI injection with an attacker-supplied payload located elsewhere in that JSON document. This was exploited in the wild in 2023 through 2025. NOTE: this issue exists because of an incomplete fix for CVE-2017-18349. Also, a later bypass is covered by CVE-2022-25845. | 2026-01-09 | 10 | CVE-2025-70974 | https://github.com/alibaba/fastjson/compare/1.2.47…1.2.48 https://www.seebug.org/vuldb/ssvid-98020 https://www.cnvd.org.cn/flaw/show/CNVD-2019-22238 https://www.freebuf.com/vuls/208339.html https://github.com/vulhub/vulhub/tree/master/fastjson/1.2.47-rce https://www.cloudsek.com/blog/androxgh0st-continues-exploitation-operators-compromise-a-us-university-for-hosting-c2-logger https://cert.360.cn/warning/detail?id=7240aeab581c6dc2c9c5350756079955 |
| arraytics–Eventin Event Manager, Event Booking, Calendar, Tickets and Registration Plugin (AI Powered) | The Eventin – Event Manager, Events Calendar, Event Tickets and Registrations plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘post_settings’ function in all versions up to, and including, 4.0.51. This makes it possible for unauthenticated attackers to modify plugin settings. Furthermore, due to insufficient input sanitization and output escaping on the ‘etn_primary_color’ setting, this enables unauthenticated attackers to inject arbitrary web scripts that will execute whenever a user accesses a page where Eventin styles are loaded. | 2026-01-09 | 7.2 | CVE-2025-14657 | https://www.wordfence.com/threat-intel/vulnerabilities/id/e4188b26-80f8-41b8-be19-1ddcbd7e39f5?source=cve https://plugins.trac.wordpress.org/changeset/3429942/wp-event-solution/trunk/base/Enqueue/register.php?old=3390273&old_path=wp-event-solution%2Ftrunk%2Fbase%2FEnqueue%2Fregister.php https://plugins.trac.wordpress.org/changeset/3429942/wp-event-solution/trunk/base/api-handler.php?old=3390273&old_path=wp-event-solution%2Ftrunk%2Fbase%2Fapi-handler.php https://plugins.trac.wordpress.org/changeset/3429942/wp-event-solution/trunk/core/event/api.php?old=3390273&old_path=wp-event-solution%2Ftrunk%2Fcore%2Fevent%2Fapi.php |
| Arteco-Global–Arteco Web Client DVR/NVR | Arteco Web Client DVR/NVR contains a session hijacking vulnerability with insufficient session ID complexity that allows remote attackers to bypass authentication. Attackers can brute force session IDs within a specific numeric range to obtain valid sessions and access live camera streams without authorization. | 2026-01-06 | 9.8 | CVE-2020-36925 | ExploitDB-49348 Arteco Official Vendor Homepage Zero Science Lab Disclosure (ZSL-2020-5613) Packet Storm Security Exploit Archive IBM X-Force Exchange Vulnerability Entry 1 IBM X-Force Exchange Vulnerability Entry 2 CXSecurity Vulnerability Listing VulnCheck Advisory: Arteco Web Client DVR/NVR Session ID Brute Force Authentication Bypass |
| AWS–Kiro IDE | Processing specially crafted workspace folder names could allow for arbitrary command injection in the Kiro GitLab Merge-Request helper in Kiro IDE before version 0.6.18 when opening maliciously crafted workspaces. To mitigate, users should update to the latest version. | 2026-01-09 | 7.8 | CVE-2026-0830 | https://kiro.dev/changelog/spec-correctness-and-cli/ https://aws.amazon.com/security/security-bulletins/2026-001-AWS/ |
| bg5sbk–MiniCMS | A vulnerability was found in bg5sbk MiniCMS up to 1.8. The impacted element is an unknown function of the file /minicms/mc-admin/post.php of the component Trash File Restore Handler. Performing a manipulation results in improper authentication. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2026-01-05 | 7.3 | CVE-2025-15457 | VDB-339490 | bg5sbk MiniCMS Trash File Restore post.php improper authentication VDB-339490 | CTI Indicators (IOB, IOC, IOA) Submit #725139 | MiniCMS https://github.com/bg5sbk/MiniCMS V1.8 unauthorized vulnerability https://github.com/ueh1013/VULN/issues/12 |
| bg5sbk–MiniCMS | A vulnerability was determined in bg5sbk MiniCMS up to 1.8. This affects an unknown function of the file /mc-admin/post-edit.php of the component Article Handler. Executing a manipulation can lead to improper authentication. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | 2026-01-05 | 7.3 | CVE-2025-15458 | VDB-339491 | bg5sbk MiniCMS Article post-edit.php improper authentication VDB-339491 | CTI Indicators (IOB, IOC, IOA) Submit #725142 | MiniCMS https://github.com/bg5sbk/MiniCMS V1.8 unauthorized vulnerability https://github.com/ueh1013/VULN/issues/9 |
| Brecht–Custom Related Posts | Insertion of Sensitive Information Into Sent Data vulnerability in Brecht Custom Related Posts allows Retrieve Embedded Sensitive Data.This issue affects Custom Related Posts: from n/a through 1.8.0. | 2026-01-05 | 7.5 | CVE-2025-68033 | https://vdp.patchstack.com/database/wordpress/plugin/custom-related-posts/vulnerability/wordpress-custom-related-posts-plugin-1-8-0-sensitive-data-exposure-vulnerability?_s_id=cve |
| buddydev–BuddyPress Xprofile Custom Field Types | The BuddyPress Xprofile Custom Field Types plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ‘delete_field’ function in all versions up to, and including, 1.2.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). | 2026-01-06 | 7.2 | CVE-2025-14997 | https://www.wordfence.com/threat-intel/vulnerabilities/id/89a7a717-dac3-490e-89dd-268be8eb7bf5?source=cve https://plugins.trac.wordpress.org/browser/bp-xprofile-custom-field-types/tags/1.2.8/src/handlers/class-field-upload-helper.php https://plugins.trac.wordpress.org/changeset/3430565/bp-xprofile-custom-field-types |
| CAYIN Technology–SMP-8000QD | Cayin Signage Media Player 3.0 contains an authenticated remote command injection vulnerability in system.cgi and wizard_system.cgi pages. Attackers can exploit the ‘NTP_Server_IP’ parameter with default credentials to execute arbitrary shell commands as root. | 2026-01-06 | 8.8 | CVE-2020-36910 | ExploitDB-48557 Cayin Technology Official Website Zero Science Lab Disclosure (ZSL-2020-5569) Packet Storm Security Exploit Entry IBM X-Force Vulnerability Exchange CXSecurity Vulnerability Listing VulnCheck Advisory: Cayin Signage Media Player 3.0 Authenticated Remote Command Injection via NTP Parameter |
| Centreon–Infra Monitoring | Missing Authentication for Critical Function vulnerability in Centreon Infra Monitoring centreon-awie (Awie import module) allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24.04.0 before 24.04.3. | 2026-01-05 | 9.8 | CVE-2025-15026 | https://github.com/centreon/centreon/releases https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-15026-centreon-awie-critical-severity-5357 |
| Centreon–Infra Monitoring | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Centreon Infra Monitoring (Awie export modules) allows SQL Injection to unauthenticated user. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24.04.0 before 24.04.3. | 2026-01-05 | 9.8 | CVE-2025-15029 | https://github.com/centreon/centreon/releases https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-15029-centreon-awie-critical-severity-5356 |
| Centreon–Infra Monitoring | In the backup parameters, a user with high privilege is able to concatenate custom instructions to the backup setup. Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in Centreon Infra Monitoring (Backup configuration in the administration setup modules) allows OS Command Injection.This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19. | 2026-01-05 | 7.2 | CVE-2025-5965 | https://github.com/centreon/centreon/releases https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-5965-centreon-web-high-severity-5362 |
| code-projects–Intern Membership Management System | A vulnerability was determined in code-projects Intern Membership Management System 1.0. Affected is an unknown function of the file /intern/admin/check_admin.php. Executing a manipulation of the argument Username can lead to sql injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. | 2026-01-08 | 7.3 | CVE-2026-0700 | VDB-339977 | code-projects Intern Membership Management System check_admin.php sql injection VDB-339977 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #733001 | code-projects Intern Membership Management System check_admin.php 1.0 SQL injection https://github.com/xkalami-Tta0/CVE/blob/main/Intern%20Membership%20Management%20System/Intern%20Membership%20Management%20System%20check_admin.php%20sql%20injection.md https://code-projects.org/ |
| code-projects–Online Music Site | A security vulnerability has been detected in code-projects Online Music Site 1.0. Affected by this vulnerability is an unknown functionality of the file /login.php. Such manipulation of the argument username/password leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. | 2026-01-05 | 7.3 | CVE-2026-0605 | VDB-339549 | code-projects Online Music Site login.php sql injection VDB-339549 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #731695 | code-projects https://code-projects.org/online-music-site-in-php-with-source-code/ 1.0 SQL injection https://github.com/xkalami-Tta0/CVE/blob/main/Online%20Music%20Site/SQL%E6%B3%A8%E5%85%A52.md https://github.com/xkalami-Tta0/CVE/blob/main/Online%20Music%20Site/SQL%E6%B3%A8%E5%85%A52.md#vulnerability-details-and-poc https://code-projects.org/ |
| code-projects–Online Music Site | A vulnerability was detected in code-projects Online Music Site 1.0. Affected by this issue is some unknown functionality of the file /FrontEnd/Albums.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. | 2026-01-05 | 7.3 | CVE-2026-0606 | VDB-339550 | code-projects Online Music Site Albums.php sql injection VDB-339550 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #731696 | code-projects https://code-projects.org/online-music-site-in-php-with-source-code/ 1.0 SQL injection https://github.com/xkalami-Tta0/CVE/blob/main/Online%20Music%20Site/SQL%E6%B3%A8%E5%85%A51.md https://github.com/xkalami-Tta0/CVE/blob/main/Online%20Music%20Site/SQL%E6%B3%A8%E5%85%A51.md#vulnerability-details-and-poc https://code-projects.org/ |
| code-projects–Online Music Site | A flaw has been found in code-projects Online Music Site 1.0. This affects an unknown part of the file /Administrator/PHP/AdminViewSongs.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used. | 2026-01-05 | 7.3 | CVE-2026-0607 | VDB-339551 | code-projects Online Music Site AdminViewSongs.php sql injection VDB-339551 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #731697 | code-projects https://code-projects.org/online-music-site-in-php-with-source-code/ 1.0 SQL injection https://github.com/xkalami-Tta0/CVE/blob/main/Online%20Music%20Site/SQL%E6%B3%A8%E5%85%A53.md https://github.com/xkalami-Tta0/CVE/blob/main/Online%20Music%20Site/SQL%E6%B3%A8%E5%85%A53.md#vulnerability-details-and-poc https://code-projects.org/ |
| code-projects–Online Music Site | A vulnerability was identified in code-projects Online Music Site 1.0. The affected element is an unknown function of the file /Administrator/PHP/AdminAddUser.php. The manipulation of the argument txtusername leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. | 2026-01-11 | 7.3 | CVE-2026-0851 | VDB-340446 | code-projects Online Music Site AdminAddUser.php sql injection VDB-340446 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #733644 | Code-Projects Online Music Site V1.0 SQLinjection https://github.com/tuo159515/sql-injection/issues/2 https://code-projects.org/ |
| code-projects–Online Product Reservation System | A security flaw has been discovered in code-projects Online Product Reservation System 1.0. This vulnerability affects unknown code of the file app/user/login.php of the component User Login. The manipulation of the argument emailadd results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. | 2026-01-05 | 7.3 | CVE-2026-0583 | VDB-339475 | code-projects Online Product Reservation System User Login login.php sql injection VDB-339475 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #731093 | code-projects Online Product Reservation system V1.0 SQL Injection https://github.com/foeCat/CVE/blob/main/OnlineProductReservation_PHP/sqli_login.php.md https://github.com/foeCat/CVE/blob/main/OnlineProductReservation_PHP/sqli_login.php.md#poc https://code-projects.org/ |
| code-projects–Online Product Reservation System | A security vulnerability has been detected in code-projects Online Product Reservation System 1.0. Impacted is an unknown function of the file /order_view.php of the component GET Parameter Handler. Such manipulation of the argument transaction_id leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. | 2026-01-05 | 7.3 | CVE-2026-0585 | VDB-339477 | code-projects Online Product Reservation System GET Parameter order_view.php sql injection VDB-339477 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #731096 | code-projects Online Product Reservation system V1.0 SQL Injection https://github.com/foeCat/CVE/blob/main/OnlineProductReservation_PHP/sqli_order_view.php.md https://github.com/foeCat/CVE/blob/main/OnlineProductReservation_PHP/sqli_order_view.php.md#poc https://code-projects.org/ |
| code-projects–Online Product Reservation System | A vulnerability was found in code-projects Online Product Reservation System 1.0. Impacted is an unknown function of the component Administration Backend. The manipulation results in improper authentication. The attack may be performed from remote. The exploit has been made public and could be used. | 2026-01-05 | 7.3 | CVE-2026-0589 | VDB-339499 | code-projects Online Product Reservation System Administration Backend improper authentication VDB-339499 | CTI Indicators (IOB, IOC) Submit #731127 | code-projects Online Product Reservation System V1.0 Authentication Bypass Issues https://github.com/foeCat/CVE/blob/main/OnlineProductReservation_PHP/auth_bypass_admin_panel.md https://github.com/foeCat/CVE/blob/main/OnlineProductReservation_PHP/auth_bypass_admin_panel.md#poc https://code-projects.org/ |
| code-projects–Online Product Reservation System | A security flaw has been discovered in code-projects Online Product Reservation System 1.0. This affects an unknown function of the file /handgunner-administrator/register_code.php of the component User Registration Handler. Performing a manipulation of the argument fname/lname/address/city/province/country/zip/tel_no/email/username results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. | 2026-01-05 | 7.3 | CVE-2026-0592 | VDB-339502 | code-projects Online Product Reservation System User Registration register_code.php sql injection VDB-339502 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #731130 | code-projects Online Product Reservation System V1.0 SQL Injection https://github.com/foeCat/CVE/blob/main/OnlineProductReservation_PHP/sqli_register_code.php.md https://github.com/foeCat/CVE/blob/main/OnlineProductReservation_PHP/sqli_register_code.php.md#poc https://code-projects.org/ |
| codename065–Download Manager | The Download Manager plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.3.40. This is due to the plugin not properly validating a user’s identity prior to updating their details like password. This makes it possible for unauthenticated attackers to change user’s passwords, except administrators, and leverage that to gain access to their account. | 2026-01-06 | 7.3 | CVE-2025-15364 | https://www.wordfence.com/threat-intel/vulnerabilities/id/067031e8-6aa8-451c-a318-b1848c7a4f92?source=cve https://plugins.trac.wordpress.org/browser/download-manager/tags/3.3.40/src/__/Crypt.php#L18 https://plugins.trac.wordpress.org/changeset/3431915/download-manager#file7 |
| Codepeople–Sell Downloads | Missing Authorization vulnerability in Codepeople Sell Downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sell Downloads: from n/a through 1.1.12. | 2026-01-05 | 7.5 | CVE-2025-68850 | https://vdp.patchstack.com/database/wordpress/plugin/sell-downloads/vulnerability/wordpress-sell-downloads-plugin-1-1-12-broken-access-control-vulnerability?_s_id=cve |
| Columbia Weather Systems–MicroServer | An unused function in MicroServer can start a reverse SSH connection to a vendor registered domain, without mutual authentication. An attacker on the local network with admin access to the web server, and the ability to manipulate DNS responses, can redirect the SSH connection to an attacker controlled device. | 2026-01-07 | 8.8 | CVE-2025-61939 | https://www.cisa.gov/news-events/ics-advisories/icsa-26-006-01 https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-006-01.json |
| Columbia Weather Systems–MicroServer | An unused webshell in MicroServer allows unlimited login attempts, with sudo rights on certain files and directories. An attacker with admin access to MicroServer can gain limited shell access, enabling persistence through reverse shells, and the ability to modify or remove data stored in the file system. | 2026-01-07 | 8 | CVE-2025-66620 | https://www.cisa.gov/news-events/ics-advisories/icsa-26-006-01 https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-006-01.json |
| Comfy-Org–ComfyUI-Manager | ComfyUI-Manager is an extension designed to enhance the usability of ComfyUI. Prior to versions 3.39.2 and 4.0.5, an attacker can inject special characters into HTTP query parameters to add arbitrary configuration values to the config.ini file. This can lead to security setting tampering or modification of application behavior. This issue has been patched in versions 3.39.2 and 4.0.5. | 2026-01-10 | 7.5 | CVE-2026-22777 | https://github.com/Comfy-Org/ComfyUI-Manager/security/advisories/GHSA-562r-8445-54r2 https://github.com/Comfy-Org/ComfyUI-Manager/commit/f4fa394e0f03b013f1068c96cff168ad10bd0410 |
| coollabsio–coolify | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.420.7, the Git Repository field during project creation is vulnerable to command injection. User input is not properly sanitized, allowing attackers to inject arbitrary shell commands that execute on the underlying server during the deployment workflow. A regular member user can exploit this vulnerability. Version 4.0.0-beta.420.7 contains a patch for the issue. | 2026-01-05 | 10 | CVE-2025-59157 | https://github.com/coollabsio/coolify/security/advisories/GHSA-5cg9-38qj-8mc3 |
| coollabsio–coolify | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions prior to and including v4.0.0-beta.434, low privileged users are able to see the private key of the root user on the Coolify instance. This allows them to ssh to the server and authenticate as root user, using the private key. As of time of publication, it is unclear if a patch is available. | 2026-01-05 | 10 | CVE-2025-64420 | https://github.com/coollabsio/coolify/security/advisories/GHSA-qwxj-qch7-whpc |
| coollabsio–coolify | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.445, parameters coming from docker-compose.yaml are not sanitized when used in commands. If a victim user creates an application from an attacker repository (using build pack “docker compose”), the attacker can execute commands on the Coolify instance as root. Version 4.0.0-beta.445 fixes the issue. | 2026-01-05 | 9.7 | CVE-2025-64419 | https://github.com/coollabsio/coolify/security/advisories/GHSA-234r-xrrg-m8f3 https://github.com/coollabsio/coolify/commit/f86ccfaa9af572a5487da8ea46b0a125a4854cf6 |
| coreruleset–coreruleset | The OWASP core rule set (CRS) is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when processing multipart requests with multiple parts. When the first rule in a chain iterates over a collection (like `MULTIPART_PART_HEADERS`), the capture variables (`TX:0`, `TX:1`) get overwritten with each iteration. Only the last captured value is available to the chained rule, which means malicious charsets in earlier parts can be missed if a later part has a legitimate charset. Versions 4.22.0 and 3.3.8 patch the issue. | 2026-01-08 | 9.3 | CVE-2026-21876 | https://github.com/coreruleset/coreruleset/security/advisories/GHSA-36fv-25j3-r2c5 https://github.com/coreruleset/coreruleset/commit/80d80473abf71bd49bf6d3c1ab221e3c74e4eb83 https://github.com/coreruleset/coreruleset/commit/9917985de09a6cf38b3261faf9105e909d67a7d6 https://github.com/coreruleset/coreruleset/releases/tag/v3.3.8 https://github.com/coreruleset/coreruleset/releases/tag/v4.22.0 |
| Corourke–iPhone Webclip Manager | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Corourke iPhone Webclip Manager allows Stored XSS.This issue affects iPhone Webclip Manager: from n/a through 0.5. | 2026-01-05 | 7.1 | CVE-2024-53735 | https://vdp.patchstack.com/database/wordpress/plugin/iphone-webclip-manager/vulnerability/wordpress-iphone-webclip-manager-plugin-0-5-csrf-to-stored-xss-vulnerability?_s_id=cve |
| danny-avila–LibreChat | LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 is prone to a server-side request forgery (SSRF) vulnerability due to missing restrictions of the Actions feature in the default configuration. LibreChat enables users to configure agents with predefined instructions and actions that can interact with remote services via OpenAPI specifications, supporting various HTTP methods, parameters, and authentication methods including custom headers. By default, there are no restrictions on accessible services, which means agents can also access internal components like the RAG API included in the default Docker Compose setup. This issue is fixed in version 0.8.1-rc2. | 2026-01-07 | 9.1 | CVE-2025-69222 | https://github.com/danny-avila/LibreChat/security/advisories/GHSA-rgjq-4q58-m3q8 https://github.com/danny-avila/LibreChat/commit/3b41e392ba5c0d603c1737d8582875e04eaa6e02 https://github.com/danny-avila/LibreChat/releases/tag/v0.8.2-rc2 |
| danny-avila–LibreChat | LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control for file uploads to an agents file context and file search. An authenticated attacker with access to the agent ID can change the behavior of arbitrary agents by uploading new files to the file context or file search, even if they have no permissions for this agent. This issue is fixed in version 0.8.2-rc2. | 2026-01-07 | 7.1 | CVE-2025-69220 | https://github.com/danny-avila/LibreChat/security/advisories/GHSA-xcmf-rpmh-hg59 https://github.com/danny-avila/LibreChat/commit/4b9c6ab1cb9de626736de700c7981f38be08d237 https://cwe.mitre.org/data/definitions/284.html https://cwe.mitre.org/data/definitions/862.html https://github.com/danny-avila/LibreChat/releases/tag/v0.8.2-rc2 https://owasp.org/Top10/A01_2021-Broken_Access_Control https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/05-Authorization_Testing/02-Testing_for_Bypassing_Authorization_Schema.html https://raw.githubusercontent.com/OWASP/ASVS/v5.0.0/5.0/OWASP_Application_Security_Verification_Standard_5.0.0_en.pdf |
| Dasinfomedia–WPCHURCH | Incorrect Privilege Assignment vulnerability in Dasinfomedia WPCHURCH allows Privilege Escalation.This issue affects WPCHURCH: from n/a through 2.7.0. | 2026-01-07 | 8.8 | CVE-2025-31643 | https://patchstack.com/database/wordpress/plugin/church-management/vulnerability/wordpress-wpchurch-2-7-0-privilege-escalation-vulnerability?_s_id=cve |
| Dasinfomedia–WPCHURCH | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Dasinfomedia WPCHURCH allows Reflected XSS.This issue affects WPCHURCH: from n/a through 2.7.0. | 2026-01-06 | 7.1 | CVE-2025-31642 | https://patchstack.com/database/wordpress/plugin/church-management/vulnerability/wordpress-wpchurch-plugin-2-7-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Dell–Unisphere for PowerMax | Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access to data and resources outside of the intended sphere of control. | 2026-01-06 | 7.6 | CVE-2025-36589 | https://www.dell.com/support/kbdoc/en-us/000402262/dsa-2025-425-dell-powermaxos-dell-powermax-eem-dell-unisphere-for-powermax-dell-unisphere-for-powermax-virtual-appliance-dell-unisphere-360-dell-solutions-enabler-virtual-appliance-security-update-for-multiple-vulnerabilities |
| devolo AG–devolo dLAN Cockpit | devolo dLAN Cockpit 4.3.1 contains an unquoted service path vulnerability in the ‘DevoloNetworkService’ that allows local non-privileged users to potentially execute arbitrary code. Attackers can exploit the insecure service path configuration by inserting malicious code in the system root path to execute with elevated privileges during application startup or system reboot. | 2026-01-07 | 8.4 | CVE-2019-25231 | Zero Science Lab Vulnerability Advisory Packet Storm Security Exploit Entry CXSecurity Vulnerability Listing IBM X-Force Vulnerability Exchange Devolo Vendor Homepage |
| DevToys-app–DevToys | DevToys is a desktop app for developers. In versions from 2.0.0.0 to before 2.0.9.0, a path traversal vulnerability exists in the DevToys extension installation mechanism. When processing extension packages (NUPKG archives), DevToys does not sufficiently validate file paths contained within the archive. A malicious extension package could include crafted file entries such as ../../target-file, causing the extraction process to write files outside the intended extensions directory. This flaw enables an attacker to overwrite arbitrary files on the user’s system with the privileges of the DevToys process. Depending on the environment, this may lead to code execution, configuration tampering, or corruption of application or system files. This issue has been patched in version 2.0.9.0. | 2026-01-10 | 8.8 | CVE-2026-22685 | https://github.com/DevToys-app/DevToys/security/advisories/GHSA-ggxr-h6fm-p2qh https://github.com/DevToys-app/DevToys/pull/1643 https://github.com/DevToys-app/DevToys/commit/02fb7d46d9c663a4ee6ed968baa6a8810405047f |
| Digital zoom studio–DZS Video Gallery | Deserialization of Untrusted Data vulnerability in Digital zoom studio DZS Video Gallery allows Object Injection.This issue affects DZS Video Gallery: from n/a through 12.37. | 2026-01-07 | 9.8 | CVE-2025-47552 | https://patchstack.com/database/wordpress/plugin/dzs-videogallery/vulnerability/wordpress-dzs-video-gallery-12-25-php-object-injection-vulnerability?_s_id=cve |
| Digital zoom studio–DZS Video Gallery | Deserialization of Untrusted Data vulnerability in Digital zoom studio DZS Video Gallery allows Object Injection.This issue affects DZS Video Gallery: from n/a through 12.25. | 2026-01-06 | 8.8 | CVE-2025-47553 | https://patchstack.com/database/wordpress/plugin/dzs-videogallery/vulnerability/wordpress-dzs-video-gallery-plugin-12-25-php-object-injection-vulnerability?_s_id=cve |
| Digital zoom studio–DZS Video Gallery | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Digital zoom studio DZS Video Gallery allows Reflected XSS.This issue affects DZS Video Gallery: from n/a through 12.25. | 2026-01-07 | 7.1 | CVE-2025-32300 | https://patchstack.com/database/wordpress/plugin/dzs-videogallery/vulnerability/wordpress-dzs-video-gallery-plugin-12-25-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve |
| djanym–Optional Email | The Optional Email plugin for WordPress is vulnerable to Privilege Escalation via Account Takeover in all versions up to, and including, 1.3.11. This is due to the plugin not restricting its ‘random_password’ filter to registration contexts, allowing the filter to affect password reset key generation. This makes it possible for unauthenticated attackers to set a known password reset key when initiating a password reset, reset the password of any user including administrators, and gain access to their accounts. | 2026-01-07 | 9.8 | CVE-2025-15018 | https://www.wordfence.com/threat-intel/vulnerabilities/id/ff4243e9-cf72-40d5-bc7d-204426024a1d?source=cve https://plugins.trac.wordpress.org/browser/optional-email/tags/1.3.11/optional-email.php?marks=44,51#L44 |
| e-plugins–JobBank | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in e-plugins JobBank allows Reflected XSS.This issue affects JobBank: from n/a through 1.2.2. | 2026-01-06 | 7.1 | CVE-2025-69085 | https://patchstack.com/database/wordpress/plugin/jobbank/vulnerability/wordpress-jobbank-plugin-1-2-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve |
| eastsidecode–WP Enable WebP | The WP Enable WebP plugin for WordPress is vulnerable to arbitrary file uploads due to improper file type validation in the ‘wpse_file_and_ext_webp’ function in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible. | 2026-01-07 | 8.8 | CVE-2025-15158 | https://www.wordfence.com/threat-intel/vulnerabilities/id/fa53c5ee-fe7f-4fb2-baaa-2c1a151d4b2c?source=cve https://plugins.trac.wordpress.org/browser/wp-enable-webp/trunk/wp-enable-webp.php?rev=1998897#L43 |
| Elated-Themes–Frapp | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Elated-Themes Frappé allows PHP Local File Inclusion.This issue affects Frappé: from n/a through 1.8. | 2026-01-06 | 8.1 | CVE-2025-69083 | https://patchstack.com/database/wordpress/theme/frappe/vulnerability/wordpress-frappe-theme-1-8-local-file-inclusion-vulnerability?_s_id=cve |
| Extreme Networks–Aerohive HiveOS | Aerohive HiveOS contains a denial of service vulnerability in the NetConfig UI that allows unauthenticated attackers to render the web interface unusable. Attackers can send a crafted HTTP request to the action.php5 script with specific parameters to trigger a 5-minute service disruption. | 2026-01-06 | 7.5 | CVE-2020-36907 | ExploitDB-48441 Extreme Networks Product Homepage HiveOS Product Announcements Zero Science Lab Disclosure (ZSL-2020-5566) NCSC Security Advisory IBM X-Force Vulnerability Exchange Packet Storm Security Exploit Entry VulnCheck Advisory: Extreme Networks Aerohive HiveOS <=11.x 11.x Unauthenticated Remote Denial of Service |
| FIBAR GROUP S.A.–Home Center 3 | FIBARO System Home Center 5.021 contains a remote file inclusion vulnerability in the undocumented proxy API that allows attackers to include arbitrary client-side scripts. Attackers can exploit the ‘url’ GET parameter to inject malicious JavaScript and potentially hijack user sessions or manipulate page content. | 2026-01-06 | 7.5 | CVE-2020-36905 | ExploitDB-48240 Official Vendor Homepage Zero Science Lab Disclosure (ZSL-2020-5563) Packet Storm Security Exploit Entry CXSecurity Vulnerability Listing IBM X-Force Vulnerability Exchange VulnCheck Advisory: FIBARO System Home Center 5.021 Remote File Inclusion via Proxy API |
| FlagForgeCTF–flagForge | Flag Forge is a Capture The Flag (CTF) platform. Versions 2.3.2 and below have a Regular Expression Denial of Service (ReDoS) vulnerability in the user profile API endpoint (/api/user/[username]). The application constructs a regular expression dynamically using unescaped user input (the username parameter). An attacker can exploit this by sending a specially crafted username containing regex meta-characters (e.g., deeply nested groups or quantifiers), causing the MongoDB regex engine to consume excessive CPU resources. This can lead to Denial of Service for other users. The issue is fixed in version 2.3.3. To workaround this issue, implement a Web Application Firewall (WAF) rule to block requests containing regex meta-characters in the URL path. | 2026-01-08 | 7.5 | CVE-2026-21868 | https://github.com/FlagForgeCTF/flagForge/security/advisories/GHSA-949h-9824-xmcx |
| FLIR Systems, Inc.–FLIR Thermal Camera F/FC/PT/D | FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains hard-coded SSH credentials that cannot be changed through normal camera operations. Attackers can leverage these persistent, unmodifiable credentials to gain unauthorized remote access to the thermal camera system. | 2026-01-07 | 7.5 | CVE-2017-20214 | Zero Science Lab Vulnerability Advisory Exploit Database Entry 42787 Packet Storm Security Exploit Archive CXSecurity Vulnerability Listing Archived FLIR Security Advisory |
| FLIR Systems, Inc.–FLIR Thermal Camera F/FC/PT/D Stream | FLIR Thermal Camera F/FC/PT/D Stream firmware version 8.0.0.64 contains an unauthenticated vulnerability that allows remote attackers to access live camera streams without credentials. Attackers can exploit the vulnerability to view unauthorized thermal camera video feeds across multiple camera series without requiring any authentication. | 2026-01-07 | 7.5 | CVE-2017-20213 | Zero Science Lab Vulnerability Advisory Exploit Database Entry 42789 Packet Storm Security Exploit Archive CXSecurity Vulnerability Listing Archived FLIR Security Advisory |
| FLIR Systems, Inc.–FLIR Thermal Camera FC-S/PT | FLIR Thermal Camera FC-S/PT firmware version 8.0.0.64 contains an authenticated OS command injection vulnerability that allows attackers to execute shell commands with root privileges. Authenticated attackers can inject arbitrary shell commands through unvalidated input parameters to gain complete control of the thermal camera system. | 2026-01-07 | 8.8 | CVE-2017-20215 | Zero Science Lab Vulnerability Advisory Exploit Database Entry 42788 Packet Storm Security Exploit Archive CXSecurity Vulnerability Listing Archived FLIR Security Advisory |
| FLIR Systems, Inc.–FLIR Thermal Camera PT-Series | FLIR Thermal Camera PT-Series firmware version 8.0.0.64 contains multiple unauthenticated remote command injection vulnerabilities in the controllerFlirSystem.php script. Attackers can execute arbitrary system commands as root by exploiting unsanitized POST parameters in the execFlirSystem() function through shell_exec() calls. Exploitation evidence was observed by the Shadowserver Foundation on 2026-01-06 (UTC). | 2026-01-07 | 9.8 | CVE-2017-20216 | Zero Science Lab Vulnerability Advisory Exploit Database Entry 42785 Packet Storm Security Exploit Archive CXSecurity Vulnerability Listing Archived FLIR Security Advisory |
| frappe–frappe | Frappe is a full-stack web application framework. Versions 14.99.5 and below and 15.0.0 through 15.80.1 include requests that are vulnerable to path traversal attacks. Arbitrary files from the server could be retrieved due to a lack of proper sanitization on some requests. This issue is fixed in versions 14.99.6 and 15.88.1. To workaround, changing the setup to use a reverse proxy is recommended. | 2026-01-05 | 7.5 | CVE-2025-68953 | https://github.com/frappe/frappe/security/advisories/GHSA-xj39-3g4p-f46v https://github.com/frappe/frappe/commit/3867fb112c3f7be1a863e40f19e9235719f784fb https://github.com/frappe/frappe/commit/959efd6a498cfaeaf7d4e0ab6cca78c36192d34d |
| Frenify–Arlo | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Frenify Arlo arlo allows Reflected XSS.This issue affects Arlo: from n/a through 6.0.3. | 2026-01-07 | 7.1 | CVE-2025-69082 | https://patchstack.com/database/wordpress/theme/arlo/vulnerability/wordpress-arlo-theme-6-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve |
| fsylum–FS Registration Password | The FS Registration Password plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.1. This is due to the plugin not properly validating a user’s identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user’s passwords, including administrators, and leverage that to gain access to their account. | 2026-01-06 | 9.8 | CVE-2025-15001 | https://www.wordfence.com/threat-intel/vulnerabilities/id/22351b90-fc34-44ce-9241-4a0f01eb7b1c?source=cve https://plugins.trac.wordpress.org/browser/registration-password/tags/1.0.1/src/WP/Auth.php https://plugins.trac.wordpress.org/changeset/3431651/registration-password |
| G5Theme–Handmade Framework | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in G5Theme Handmade Framework allows PHP Local File Inclusion.This issue affects Handmade Framework: from n/a through 3.9. | 2026-01-08 | 7.5 | CVE-2026-22521 | https://patchstack.com/database/wordpress/plugin/handmade-framework/vulnerability/wordpress-handmade-framework-plugin-3-9-local-file-inclusion-vulnerability?_s_id=cve |
| ggml-org–llama.cpp | llama.cpp is an inference of several LLM models in C/C++. In commits 55d4206c8 and prior, the n_discard parameter is parsed directly from JSON input in the llama.cpp server’s completion endpoints without validation to ensure it’s non-negative. When a negative value is supplied and the context fills up, llama_memory_seq_rm/add receives a reversed range and negative offset, causing out-of-bounds memory writes in the token evaluation loop. This deterministic memory corruption can crash the process or enable remote code execution (RCE). There is no fix at the time of publication. | 2026-01-07 | 8.8 | CVE-2026-21869 | https://github.com/ggml-org/llama.cpp/security/advisories/GHSA-8947-pfff-2f3c |
| GitLab–GitLab | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an unauthenticated user to execute arbitrary code in the context of an authenticated user’s browser by convincing the legitimate user to visit a specially crafted webpage. | 2026-01-09 | 8 | CVE-2025-13761 | GitLab Issue #582237 HackerOne Bug Bounty Report #3441368 https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/ |
| GitLab–GitLab | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2.2 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to achieve stored cross-site scripting by exploiting GitLab Flavored Markdown. | 2026-01-09 | 8.7 | CVE-2025-9222 | GitLab Issue #562561 HackerOne Bug Bounty Report #3297483 https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/ |
| GitLab–GitLab | GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to access and utilize AI model settings from unauthorized namespaces by manipulating namespace identifiers in API requests. | 2026-01-09 | 7.1 | CVE-2025-13772 | GitLab Issue #581268 https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/ |
| greenshot–greenshot | Greenshot is an open source Windows screenshot utility. Versions 1.3.310 and below arvulnerable to OS Command Injection through unsanitized filename processing. The FormatArguments method in ExternalCommandDestination.cs:269 uses string.Format() to insert user-controlled filenames directly into shell commands without sanitization, allowing attackers to execute arbitrary commands by crafting malicious filenames containing shell metacharacters. This issue is fixed in version 1.3.311. | 2026-01-08 | 7.8 | CVE-2026-22035 | https://github.com/greenshot/greenshot/security/advisories/GHSA-7hvw-q8q5-gpmj https://github.com/greenshot/greenshot/commit/5dedd5c9f0a9896fa0af1d4980d875a48bf432cb https://github.com/greenshot/greenshot/releases/tag/v1.3.311 |
| GT3 themes–Photo Gallery | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in GT3 themes Photo Gallery allows Reflected XSS.This issue affects Photo Gallery: from n/a through 2.7.7.26. | 2026-01-06 | 7.1 | CVE-2025-69084 | https://patchstack.com/database/wordpress/plugin/gt3-photo-video-gallery/vulnerability/wordpress-photo-gallery-plugin-2-7-7-26-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Guangzhou V–V-SOL GPON/EPON OLT Platform | V-SOL GPON/EPON OLT Platform v2.03 contains an open redirect vulnerability in the script that allows attackers to manipulate the ‘parent’ GET parameter. Attackers can craft malicious links that redirect logged-in users to arbitrary websites by exploiting improper input validation in the redirect mechanism. | 2026-01-07 | 9.8 | CVE-2019-25282 | Zero Science Lab Vulnerability Advisory Packet Storm Security Exploit Entry IBM X-Force Vulnerability Exchange CXSecurity Vulnerability Database Entry VSOL Vendor Homepage |
| Guangzhou Yeroo Tech Co., Ltd.–iDS6 DSSPro Digital Signage System | iDS6 DSSPro Digital Signage System 6.2 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept authentication credentials through cleartext cookie transmission. Attackers can exploit the autoSave feature to capture user passwords during man-in-the-middle attacks on HTTP communications. | 2026-01-06 | 7.5 | CVE-2020-36917 | Zero Science Lab Disclosure (ZSL-2020-5605) Packet Storm Security Exploit Entry IBM X-Force Vulnerability Exchange CXSecurity Vulnerability Database Entry Archived Yeroo Tech Vendor Homepage VulnCheck Advisory: iDS6 DSSPro Digital Signage System 6.2 Cleartext Password Disclosure via Cookie |
| haxtheweb–issues | HAX CMS helps manage microsite universe with PHP or NodeJs backends. In versions 11.0.6 to before 25.0.0, HAX CMS is vulnerable to stored XSS, which could lead to account takeover. This issue has been patched in version 25.0.0. | 2026-01-10 | 8.1 | CVE-2026-22704 | https://github.com/haxtheweb/issues/security/advisories/GHSA-3fm2-xfq7-7778 https://github.com/haxtheweb/haxcms-nodejs/releases/tag/v25.0.0 |
| IceWhaleTech–ZimaOS | ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In versions up to and including 1.5.0, the application checks the validity of the username but appears to skip, misinterpret, or incorrectly validate the password when the provided username matches a known system service account. The application’s login function fails to properly handle the password validation result for these users, effectively granting authenticated access to anyone who knows one of these common usernames and provides any password. As of time of publication, no known patched versions are available. | 2026-01-08 | 9.4 | CVE-2026-21891 | https://github.com/IceWhaleTech/ZimaOS/security/advisories/GHSA-xj93-qw9p-jxq4 |
| Infility–Infility Global | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Infility Infility Global allows SQL Injection.This issue affects Infility Global: from n/a through 2.14.48. | 2026-01-05 | 9.3 | CVE-2025-68865 | https://vdp.patchstack.com/database/wordpress/plugin/infility-global/vulnerability/wordpress-infility-global-plugin-2-14-38-sql-injection-vulnerability?_s_id=cve |
| INIM Electronics s.r.l.–SmartLiving SmartLAN/G/SI | SmartLiving SmartLAN <=6.x contains an authenticated remote command injection vulnerability in the web.cgi binary through the ‘par’ POST parameter with the ‘testemail’ module. Attackers can exploit the unsanitized parameter and system() function call to execute arbitrary system commands with root privileges using default credentials. | 2026-01-07 | 8.8 | CVE-2019-25289 | Zero Science Lab Vulnerability Advisory Exploit Database Entry 47765 Packet Storm Security Exploit File CXSecurity Vulnerability Issue IBM X-Force Vulnerability Exchange Entry Inim Vendor Homepage |
| INIM Electronics s.r.l.–Smartliving SmartLAN/G/SI | INIM Electronics Smartliving SmartLAN/G/SI <=6.x contains hard-coded credentials in its Linux distribution image that cannot be changed through normal device operations. Attackers can exploit these persistent credentials to log in and gain unauthorized system access across multiple SmartLiving device models. | 2026-01-07 | 7.5 | CVE-2019-25291 | Zero Science Lab Vulnerability Advisory Exploit Database Entry 47763 Packet Storm Security Exploit File IBM X-Force Vulnerability Exchange Entry INIM Vendor Homepage |
| InternationalColorConsortium–iccDEV | iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below contain a Use After Free vulnerability in the CIccXform::Create() function, where it deletes the hint. This issue is fixed in version 2.3.1.1. | 2026-01-06 | 9.8 | CVE-2026-21675 | https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-wcwx-794g-g78f https://github.com/InternationalColorConsortium/iccDEV/issues/182 https://github.com/InternationalColorConsortium/iccDEV/commit/510baf58fa48e00ebbb5dd577f0db4af8876bb31 |
| InternationalColorConsortium–iccDEV | iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are prone to have Undefined Behavior (UB) and Out of Memory errors. This issue is fixed in version 2.3.1.2. | 2026-01-06 | 8.8 | CVE-2026-21485 | https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-chp2-4gv5-2432 https://github.com/InternationalColorConsortium/iccDEV/issues/340 https://github.com/InternationalColorConsortium/iccDEV/commit/c136aac51d25cbb4d9db63f071edad4f088843df |
| InternationalColorConsortium–iccDEV | iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have a Heap-based Buffer Overflow in its CIccMBB::Validate function which checks tag data validity. This issue is fixed in version 2.3.1.1. | 2026-01-06 | 8.8 | CVE-2026-21676 | https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-j5vv-p2hv-c392 https://github.com/InternationalColorConsortium/iccDEV/issues/215 https://github.com/InternationalColorConsortium/iccDEV/commit/e4c38a67d06073b38d58580b0cfc78ca61005f84 |
| InternationalColorConsortium–iccDEV | iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have Undefined Behavior in its CIccCLUT::Init function which initializes and sets the size of a CLUT. This issue is fixed in version 2.3.1.1. | 2026-01-06 | 8.8 | CVE-2026-21677 | https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-95w5-jvqf-3994 https://github.com/InternationalColorConsortium/iccDEV/issues/181 https://github.com/InternationalColorConsortium/iccDEV/commit/201125fbda22c8e4ea95800a6b427093fa4b8a22 |
| InternationalColorConsortium–iccDEV | iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to heap-buffer-overflow in CIccLocalizedUnicode::GetText(). This issue has been patched in version 2.3.1.2. | 2026-01-07 | 8.8 | CVE-2026-21679 | https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-h4wg-473g-p5wc https://github.com/InternationalColorConsortium/iccDEV/issues/328 https://github.com/InternationalColorConsortium/iccDEV/pull/329 https://github.com/InternationalColorConsortium/iccDEV/commit/2eb25ab95f0db7664ec3850390b6f89e302e7039 |
| InternationalColorConsortium–iccDEV | iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a heap-buffer-overflow in `CIccXmlArrayType::ParseText()`. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available. | 2026-01-07 | 8.8 | CVE-2026-21682 | https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-jq9m-54gr-c56c https://github.com/InternationalColorConsortium/iccDEV/issues/178 https://github.com/InternationalColorConsortium/iccDEV/pull/229 |
| InternationalColorConsortium–iccDEV | iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in `icStatusCMM::CIccEvalCompare::EvaluateProfile()`. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available. | 2026-01-07 | 8.8 | CVE-2026-21683 | https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-f2wp-j3fr-938w https://github.com/InternationalColorConsortium/iccDEV/issues/183 https://github.com/InternationalColorConsortium/iccDEV/pull/228 |
| InternationalColorConsortium–iccDEV | iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in `SIccCalcOp::ArgsPushed()` at `IccProfLib/IccMpeCalc.cpp`. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available. | 2026-01-07 | 8.8 | CVE-2026-21688 | https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-3r2x-j7v3-pg6f https://github.com/InternationalColorConsortium/iccDEV/issues/379 https://github.com/InternationalColorConsortium/iccDEV/pull/422 |
| InternationalColorConsortium–iccDEV | iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in `ToXmlCurve()` at `IccXML/IccLibXML/IccMpeXml.cpp`. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available. | 2026-01-07 | 8.8 | CVE-2026-21692 | https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-7662-mf46-wr88 https://github.com/InternationalColorConsortium/iccDEV/issues/388 https://github.com/InternationalColorConsortium/iccDEV/pull/432 |
| InternationalColorConsortium–iccDEV | iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in `CIccSegmentedCurveXml::ToXml()` at `IccXML/IccLibXML/IccMpeXml.cpp`. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available. | 2026-01-07 | 8.8 | CVE-2026-21693 | https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-v3q7-7hw6-6jq8 https://github.com/InternationalColorConsortium/iccDEV/issues/389 https://github.com/InternationalColorConsortium/iccDEV/pull/432 |
| InternationalColorConsortium–iccDEV | iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a heap-buffer-overflow vulnerability in `CIccProfileXml::ParseBasic()` at `IccXML/IccLibXML/IccProfileXml.cpp`. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available. | 2026-01-07 | 8.8 | CVE-2026-22046 | https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-7v4q-mhr2-hj7r https://github.com/InternationalColorConsortium/iccDEV/issues/448 https://github.com/InternationalColorConsortium/iccDEV/pull/451 |
| InternationalColorConsortium–iccDEV | iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a heap-buffer-overflow vulnerability in `SIccCalcOp::Describe()` at `IccProfLib/IccMpeCalc.cpp`. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available. | 2026-01-07 | 8.8 | CVE-2026-22047 | https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-22q7-8347-79m5 https://github.com/InternationalColorConsortium/iccDEV/issues/454 https://github.com/InternationalColorConsortium/iccDEV/pull/459 |
| InternationalColorConsortium–iccDEV | iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a heap-buffer-overflow vulnerability in `CIccCLUT::Init()` at `IccProfLib/IccTagLut.cpp`. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available. | 2026-01-08 | 8.8 | CVE-2026-22255 | https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-qv2w-mq3g-73gv https://github.com/InternationalColorConsortium/iccDEV/issues/466 https://github.com/InternationalColorConsortium/iccDEV/pull/469 |
| InternationalColorConsortium–iccDEV | iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below contain Use After Free, Heap-based Buffer Overflow and Integer Overflow or Wraparound and Out-of-bounds Write vulnerabilities in its CIccSparseMatrix::CIccSparseMatrix function. This issue is fixed in version 2.3.1.2. | 2026-01-06 | 7.8 | CVE-2026-21486 | https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-mg98-j5q2-674w https://github.com/InternationalColorConsortium/iccDEV/commit/1ab7363f38a20089934d3410c88f714eea392bf5 |
| InternationalColorConsortium–iccDEV | iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have an infinite loop in the IccProfile.cpp function, CalcProfileID. This issue is fixed in version 2.3.1.1. | 2026-01-06 | 7.5 | CVE-2026-21507 | https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-hgp5-r8m9-8qpj https://github.com/InternationalColorConsortium/iccDEV/issues/244 https://github.com/InternationalColorConsortium/iccDEV/commit/3f3ce789d0d2b608c194ed172fa38943519dc198 |
| InternationalColorConsortium–iccDEV | iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have overflows and underflows in CIccXmlArrayType::ParseTextCountNum(). This vulnerability affects users of the iccDEV library who process ICC color profiles. This issue is fixed in version 2.3.1.1. | 2026-01-06 | 7.8 | CVE-2026-21673 | https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-g66g-f82c-vgm6 https://github.com/InternationalColorConsortium/iccDEV/issues/243 https://github.com/InternationalColorConsortium/iccDEV/commit/32740802ee14418bd14c429d7e2f142d92cd5c4f |
| InternationalColorConsortium–iccDEV | iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to heap-buffer-overflow vulnerability in IccTagXml(). This issue has been patched in version 2.3.1.2. | 2026-01-07 | 7.8 | CVE-2026-21678 | https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-9rp2-4c6g-hppf https://github.com/InternationalColorConsortium/iccDEV/issues/55 https://github.com/InternationalColorConsortium/iccDEV/pull/219 https://github.com/InternationalColorConsortium/iccDEV/commit/c6c0f1cf45b48db94266132ccda5280a1a33569d |
| InternationalColorConsortium–iccDEV | iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Undefined Behavior runtime error. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available. | 2026-01-07 | 7.1 | CVE-2026-21681 | https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-v4qq-v3c3-x62x https://github.com/InternationalColorConsortium/iccDEV/pull/269 |
| InternationalColorConsortium–iccDEV | iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in `CIccTagSpectralViewingConditions()`. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available. | 2026-01-07 | 7.1 | CVE-2026-21684 | https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-fg9m-j9x8-8279 https://github.com/InternationalColorConsortium/iccDEV/issues/216 https://github.com/InternationalColorConsortium/iccDEV/pull/225 |
| InternationalColorConsortium–iccDEV | iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in `CIccTagLut16::Read()`. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available. | 2026-01-07 | 7.1 | CVE-2026-21685 | https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-c3xr-6687-5c8p https://github.com/InternationalColorConsortium/iccDEV/issues/213 https://github.com/InternationalColorConsortium/iccDEV/pull/223 |
| InternationalColorConsortium–iccDEV | iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in `CIccTagLutAtoB::Validate()`. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available. | 2026-01-07 | 7.1 | CVE-2026-21686 | https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-792q-cqq9-mq4x https://github.com/InternationalColorConsortium/iccDEV/issues/214 https://github.com/InternationalColorConsortium/iccDEV/pull/222 |
| InternationalColorConsortium–iccDEV | iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in `CIccTagCurve::CIccTagCurve()`. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available. | 2026-01-07 | 7.1 | CVE-2026-21687 | https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-prmm-g479-4fv7 https://github.com/InternationalColorConsortium/iccDEV/issues/180 https://github.com/InternationalColorConsortium/iccDEV/pull/221 |
| ipaymu–iPaymu Payment Gateway for WooCommerce | The iPaymu Payment Gateway for WooCommerce plugin for WordPress is vulnerable to Missing Authentication in all versions up to, and including, 2.0.2 via the ‘check_ipaymu_response’ function. This is due to the plugin not validating webhook request authenticity through signature verification or origin checks. This makes it possible for unauthenticated attackers to mark WooCommerce orders as paid by sending crafted POST requests to the webhook endpoint without any payment occurring, as well as enumerate order IDs and obtain valid order keys via GET requests, exposing customer order PII including names, addresses, and purchased products. | 2026-01-07 | 8.2 | CVE-2026-0656 | https://www.wordfence.com/threat-intel/vulnerabilities/id/7e639aed-ec67-4212-9051-1f7465bbfde2?source=cve https://plugins.trac.wordpress.org/browser/ipaymu-for-woocommerce/tags/2.0.2/gateway.php?marks=316-336,370-380#L316 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3429657%40ipaymu-for-woocommerce&new=3429657%40ipaymu-for-woocommerce |
| iWT Ltd.–FaceSentry Access Control System | FaceSentry Access Control System 6.4.8 contains a cleartext password storage vulnerability that allows attackers to access unencrypted credentials in the device’s SQLite database. Attackers can directly read sensitive login information stored in /faceGuard/database/FaceSentryWeb.sqlite without additional authentication. | 2026-01-07 | 8.2 | CVE-2019-25279 | Zero Science Lab Vulnerability Advisory IBM X-Force Exchange Vulnerability Entry Packet Storm Security Exploit Entry |
| iWT Ltd.–FaceSentry Access Control System | FaceSentry Access Control System 6.4.8 contains a cleartext transmission vulnerability that allows remote attackers to intercept authentication credentials. Attackers can perform man-in-the-middle attacks to capture HTTP cookie authentication information during network communication. | 2026-01-07 | 7.5 | CVE-2019-25278 | Zero Science Lab Vulnerability Advisory Packet Storm Security Exploit Entry IBM X-Force Vulnerability Exchange Entry |
| JanStudio–Gecko | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in JanStudio Gecko allows PHP Local File Inclusion.This issue affects Gecko: from n/a through 1.9.8. | 2026-01-07 | 8.1 | CVE-2025-69080 | https://patchstack.com/database/wordpress/theme/gecko/vulnerability/wordpress-gecko-theme-1-9-8-local-file-inclusion-vulnerability?_s_id=cve |
| jwsthemes–FreeAgent | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in jwsthemes FreeAgent allows PHP Local File Inclusion.This issue affects FreeAgent: from n/a through 2.1.2. | 2026-01-05 | 8.1 | CVE-2025-69087 | https://vdp.patchstack.com/database/wordpress/theme/freeagent/vulnerability/wordpress-freeagent-theme-2-1-2-local-file-inclusion-vulnerability?_s_id=cve |
| Jwsthemes–Issabella | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Jwsthemes Issabella allows PHP Local File Inclusion.This issue affects Issabella: from n/a through 1.1.2. | 2026-01-06 | 8.1 | CVE-2025-69086 | https://patchstack.com/database/wordpress/theme/issabella/vulnerability/wordpress-issabella-theme-1-1-2-local-file-inclusion-vulnerability?_s_id=cve |
| kanboard–kanboard | Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below is vulnerable to a critical authentication bypass when REVERSE_PROXY_AUTH is enabled. The application blindly trusts HTTP headers for user authentication without verifying the request originated from a trusted reverse proxy. An attacker can impersonate any user, including administrators, by simply sending a spoofed HTTP header. This issue is fixed in version 1.2.49. | 2026-01-08 | 9.1 | CVE-2026-21881 | https://github.com/kanboard/kanboard/security/advisories/GHSA-wwpf-3j4p-739w https://github.com/kanboard/kanboard/commit/7af6143e2ad25b5c15549cca8af4341c7ac4e2fc https://github.com/kanboard/kanboard/releases/tag/v1.2.49 |
| KlbTheme–Machic Core | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in KlbTheme Machic Core allows DOM-Based XSS.This issue affects Machic Core: from n/a through 1.2.6. | 2026-01-05 | 7.1 | CVE-2023-49186 | https://vdp.patchstack.com/database/wordpress/plugin/machic-core/vulnerability/wordpress-machic-core-plugin-1-2-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve |
| loopus–WP Cost Estimation & Payment Forms Builder | The WP Cost Estimation plugin for WordPress is vulnerable to arbitrary file uploads and deletion due to missing file type validation in the lfb_upload_form and lfb_removeFile AJAX actions in versions up to, and including, 9.642. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. Additionally, the attacker can also delete files on the server such as database configuration files, subsequently uploading their own database files. | 2026-01-08 | 9.8 | CVE-2019-25296 | https://www.wordfence.com/threat-intel/vulnerabilities/id/ae50aa5d-95e3-4650-9dbf-118b4ba3abda?source=cve https://www.wordfence.com/blog/2019/02/vulnerabilities-patched-in-wp-cost-estimation-plugin/ https://www.zdnet.com/article/another-wordpress-commercial-plugin-gets-exploited-in-the-wild/ https://wpscan.com/vulnerability/9219 https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-wp-cost-estimation-payment-forms-builder-multiple-vulnerabilities-9-642/ |
| MacWarrior–clipbucket-v5 | ClipBucket v5 is an open source video sharing platform. Versions 5.5.2-#187 and below allow an attacker to perform Blind SQL Injection through the add comment section within a channel. When adding a comment within a channel, there is a POST request to the /actions/ajax.php endpoint. The obj_id parameter within the POST request to /actions/ajax.php is then used within the user_exists function of the upload/includes/classes/user.class. php file as the $id parameter. It is then used within the count function of the upload/includes/classes/db.class. php file. The $id parameter is concatenated into the query without validation or sanitization, and a user-supplied input like 1′ or 1=1– – can be used to trigger the injection. This issue does not have a fix at the time of publication. | 2026-01-07 | 9.8 | CVE-2026-21875 | https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-crpv-fmc4-j392 |
| Marketing Fire LLC–LoginWP – Pro | Missing Authorization vulnerability in Marketing Fire LLC LoginWP – Pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LoginWP – Pro: from n/a through 4.0.8.5. | 2026-01-05 | 7.5 | CVE-2025-46255 | https://vdp.patchstack.com/database/wordpress/plugin/loginwp-pro/vulnerability/wordpress-loginwp-pro-plugin-4-0-8-5-settings-change-vulnerability?_s_id=cve |
| Meow Apps–Media File Renamer | Unrestricted Upload of File with Dangerous Type vulnerability in Meow Apps Media File Renamer allows Using Malicious Files.This issue affects Media File Renamer: from n/a through 5.7.7. | 2026-01-05 | 9.1 | CVE-2023-50897 | https://vdp.patchstack.com/database/wordpress/plugin/media-file-renamer/vulnerability/wordpress-media-file-renamer-plugin-5-7-7-arbitrary-file-rename-lead-to-rce-vulnerability?_s_id=cve |
| Mojoomla–WPCHURCH | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Mojoomla WPCHURCH allows Blind SQL Injection.This issue affects WPCHURCH: from n/a through 2.7.0. | 2026-01-07 | 9.3 | CVE-2025-32303 | https://patchstack.com/database/wordpress/plugin/church-management/vulnerability/wordpress-wpchurch-2-7-0-sql-injection-vulnerability?_s_id=cve |
| Mojoomla–WPCHURCH | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Mojoomla WPCHURCH allows PHP Local File Inclusion.This issue affects WPCHURCH: from n/a through 2.7.0. | 2026-01-06 | 8.1 | CVE-2025-32304 | https://patchstack.com/database/wordpress/plugin/church-management/vulnerability/wordpress-wpchurch-plugin-2-7-0-local-file-inclusion-vulnerability?_s_id=cve |
| moneyspace–Money Space | The MoneySpace plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.13.9. This is due to the plugin storing full payment card details (PAN, card holder name, expiry month/year, and CVV) in WordPress post_meta using base64_encode(), and then embedding these values into the publicly accessible mspaylink page’s inline JavaScript without any authentication or authorization check. This makes it possible for unauthenticated attackers who know or can guess an order_id to access the mspaylink endpoint and retrieve full credit card numbers and CVV codes directly from the HTML/JS response, constituting a severe PCI-DSS violation. | 2026-01-07 | 8.6 | CVE-2025-13371 | https://www.wordfence.com/threat-intel/vulnerabilities/id/77db827d-9afd-4b59-b0ad-1ad562634c52?source=cve https://github.com/MoneySpace-net/money-space-for-Woocommerce/blob/e79d96cfc1b12cece15c6f0b309045403cc6a9d2/view/mspaylink.php#L164 https://plugins.trac.wordpress.org/browser/money-space/trunk/view/mspaylink.php#L232 https://plugins.trac.wordpress.org/browser/money-space/tags/2.13.9/view/mspaylink.php#L232 https://github.com/MoneySpace-net/money-space-for-Woocommerce/blob/e79d96cfc1b12cece15c6f0b309045403cc6a9d2/view/mspaylink.php#L232 |
| n/a–GNU Wget2 | A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink <file name> elements. An attacker can abuse this behavior to write files to unintended locations on the system. This can lead to data loss or potentially allow further compromise of the user’s environment. | 2026-01-09 | 8.8 | CVE-2025-69194 | https://access.redhat.com/security/cve/CVE-2025-69194 RHBZ#2425773 |
| n/a–GNU Wget2 | A flaw was found in GNU Wget2. This vulnerability, a stack-based buffer overflow, occurs in the filename sanitization logic when processing attacker-controlled URL paths, particularly when filename restriction options are active. A remote attacker can exploit this by providing a specially crafted URL, which, upon user interaction with wget2, can lead to memory corruption. This can cause the application to crash and potentially allow for further malicious activities. | 2026-01-09 | 7.6 | CVE-2025-69195 | https://access.redhat.com/security/cve/CVE-2025-69195 RHBZ#2425770 |
| n8n-io–n8n | n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0 enable an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker, resulting in exposure of sensitive information stored on the system and may enable further compromise depending on deployment configuration and workflow usage. This issue is fixed in version 1.121.0. | 2026-01-07 | 10 | CVE-2026-21858 | https://github.com/n8n-io/n8n/security/advisories/GHSA-v4pr-fm98-w9pg |
| n8n-io–n8n | n8n is an open source workflow automation platform. In versions 0.121.2 and below, an authenticated attacker may be able to execute malicious code using the n8n service. This could result in full compromise and can impact both self-hosted and n8n Cloud instances. This issue is fixed in version 1.121.3. Administrators can reduce exposure by disabling the Git node and limiting access for untrusted users, but upgrading to the latest version is recommended. | 2026-01-08 | 10 | CVE-2026-21877 | https://github.com/n8n-io/n8n/security/advisories/GHSA-v364-rw7m-3263 https://github.com/n8n-io/n8n/commit/f4b009d00d1f4ba9359b8e8f1c071e3d910a55f6 |
| nasa–CryptoLib | CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol – Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the Crypto_AOS_ProcessSecurity function reads memory without valid bounds checking when parsing AOS frame hashes. This issue has been patched in version 1.4.3. | 2026-01-10 | 8.2 | CVE-2026-21898 | https://github.com/nasa/CryptoLib/security/advisories/GHSA-7ch6-2pmg-m853 https://github.com/nasa/CryptoLib/releases/tag/v1.4.3 |
| nasa–CryptoLib | CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol – Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the Crypto_Config_Add_Gvcid_Managed_Parameters function only checks whether gvcid_counter > GVCID_MAN_PARAM_SIZE. As a result, it allows up to the 251st entry, which causes a write past the end of the array, overwriting gvcid_counter located immediately after gvcid_managed_parameters_array[250]. This leads to an out-of-bounds write, and the overwritten gvcid_counter may become an arbitrary value, potentially affecting the parameter lookup/registration logic that relies on it. This issue has been patched in version 1.4.3. | 2026-01-10 | 7.3 | CVE-2026-21897 | https://github.com/nasa/CryptoLib/security/advisories/GHSA-9x7j-gx23-7m5r https://github.com/nasa/CryptoLib/releases/tag/v1.4.3 |
| nasa–CryptoLib | CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol – Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, CryptoLib’s KMC crypto service integration is vulnerable to a heap buffer overflow when decoding Base64-encoded ciphertext/cleartext fields returned by the KMC service. The decode destination buffer is sized using an expected output length (len_data_out), but the Base64 decoder writes output based on the actual Base64 input length and does not enforce any destination size limit. An oversized Base64 string in the KMC JSON response can cause out-of-bounds writes on the heap, resulting in process crash and potentially code execution under certain conditions. This issue has been patched in version 1.4.3. | 2026-01-10 | 7.5 | CVE-2026-22697 | https://github.com/nasa/CryptoLib/security/advisories/GHSA-qjx3-83jh-2jc4 https://github.com/nasa/CryptoLib/releases/tag/v1.4.3 |
| neeraj_slit–Brevo for WooCommerce | The Brevo for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user_connection_id’ parameter in all versions up to, and including, 4.0.49 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2026-01-08 | 7.2 | CVE-2025-14436 | https://www.wordfence.com/threat-intel/vulnerabilities/id/670f4e26-75c9-40cd-8088-2fa4c40f6feb?source=cve https://plugins.trac.wordpress.org/browser/woocommerce-sendinblue-newsletter-subscription/trunk/woocommerce-sendinblue.php#L164 https://plugins.trac.wordpress.org/browser/woocommerce-sendinblue-newsletter-subscription/trunk/woocommerce-sendinblue.php#L171 https://plugins.trac.wordpress.org/browser/woocommerce-sendinblue-newsletter-subscription/trunk/woocommerce-sendinblue.php#L188 https://plugins.trac.wordpress.org/browser/woocommerce-sendinblue-newsletter-subscription/trunk/src/managers/admin-manager.php#L59 https://plugins.trac.wordpress.org/browser/woocommerce-sendinblue-newsletter-subscription/trunk/src/views/admin_menus.php#L728 https://plugins.trac.wordpress.org/changeset/3434903/woocommerce-sendinblue-newsletter-subscription |
| NREL–BEopt | NREL BEopt 2.8.0.0 contains a DLL hijacking vulnerability that allows attackers to load arbitrary libraries by tricking users into opening application files from remote shares. Attackers can exploit insecure library loading of sdl2.dll and libegl.dll by placing malicious libraries on WebDAV or SMB shares to execute unauthorized code. | 2026-01-07 | 9.8 | CVE-2019-25268 | Zero Science Lab Vulnerability Advisory Packet Storm Security Exploit Entry CXSecurity Vulnerability Listing IBM X-Force Vulnerability Exchange BEopt Product Homepage |
| opajaap–WP Photo Album Plus | The WP Photo Album Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘shortcode’ parameter in all versions up to, and including, 9.1.05.008 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2026-01-07 | 7.1 | CVE-2025-14835 | https://www.wordfence.com/threat-intel/vulnerabilities/id/0903521d-3b07-4539-97c9-15e6bbe2cc2e?source=cve https://plugins.trac.wordpress.org/browser/wp-photo-album-plus/tags/9.1.05.004/wppa-ajax.php#L43 https://plugins.trac.wordpress.org/browser/wp-photo-album-plus/tags/9.1.05.004/wppa-ajax.php#L1130 https://plugins.trac.wordpress.org/browser/wp-photo-album-plus/tags/9.1.05.004/wppa-filter.php#L125 https://plugins.trac.wordpress.org/browser/wp-photo-album-plus/tags/9.1.05.004/wppa-functions.php#L5617 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3427638%40wp-photo-album-plus%2Ftrunk&old=3426267%40wp-photo-album-plus%2Ftrunk&sfp_email=&sfph_mail= |
| OpenCTI-Platform–opencti | OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.8.1, the GraphQL mutation “WorkspacePopoverDeletionMutation” allows users to delete workspace-related objects such as dashboards and investigation cases. However, the mutation lacks proper authorization checks to verify ownership of the targeted resources. An attacker can exploit this by supplying an active UUID of another user. Since the API does not validate whether the requester owns the resource, the mutation executes successfully, resulting in unauthorized deletion of the entire workspace. Version 6.8.1 fixes the issue. | 2026-01-05 | 7.1 | CVE-2025-61781 | https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-pr6m-q4g7-342c |
| OPEXUS–eCASE Audit | OPEXUS eCASE Audit allows an authenticated attacker to modify client-side JavaScript or craft HTTP requests to access functions or buttons that have been disabled or blocked by an administrator. Fixed in eCASE Platform 11.14.1.0. | 2026-01-08 | 7.6 | CVE-2026-22230 | url url url |
| OPEXUS–eCase Portal | OPEXUS eCasePortal before version 9.0.45.0 allows an unauthenticated attacker to navigate to the ‘Attachments.aspx’ endpoint, iterate through predictable values of ‘formid’, and download or delete all user-uploaded files, or upload new files. | 2026-01-08 | 9.8 | CVE-2026-22234 | url url |
| OPEXUS–eComplaint | OPEXUS eComplaint before version 9.0.45.0 allows an attacker to visit the the ‘DocumentOpen.aspx’ endpoint, iterate through predictable values of ‘chargeNumber’, and download any uploaded files. | 2026-01-08 | 7.5 | CVE-2026-22235 | url url |
| opf–openproject | OpenProject is an open-source, web-based project management software. A Local File Read (LFR) vulnerability exists in the work package PDF export functionality of OpenProject prior to version 16.6.4. By uploading a specially crafted SVG file (disguised as a PNG) as a work package attachment, an attacker can exploit the backend image processing engine (ImageMagick). When the work package is exported to PDF, the backend attempts to resize the image, triggering the ImageMagick text: coder. This allows an attacker to read arbitrary local files that the application user has permissions to access (e.g., /etc/passwd, all project configuration files, private project data, etc.). The attack requires permissions to upload attachments to a container that can be exported to PDF, such as a work package. The issue has been patched in version 16.6.4. Those who are unable to upgrade may apply the patch manually. | 2026-01-10 | 9.1 | CVE-2026-22600 | https://github.com/opf/openproject/security/advisories/GHSA-m8f2-cwpq-vvhh https://github.com/opf/openproject/releases/tag/v16.6.4 |
| Plexus–Plexus anblick Digital Signage Management | Plexus anblick Digital Signage Management 3.1.13 contains an open redirect vulnerability in the ‘PantallaLogin’ script that allows attackers to manipulate the ‘pagina’ GET parameter. Attackers can craft malicious links that redirect users to arbitrary websites by exploiting improper input validation in the parameter. | 2026-01-06 | 9.8 | CVE-2020-36912 | Zero Science Lab Disclosure (ZSL-2020-5573) Packet Storm Security Exploit Entry IBM X-Force Vulnerability Exchange Entry Plexus Vendor Homepage VulnCheck Advisory: Plexus anblick Digital Signage Management 3.1.13 Open Redirect via Pagina Parameter |
| pnpm–pnpm | pnpm is a package manager. Versions 10.0.0 through 10.25 allow git-hosted dependencies to execute arbitrary code during pnpm install, circumventing the v10 security feature “Dependency lifecycle scripts execution disabled by default”. While pnpm v10 blocks postinstall scripts via the onlyBuiltDependencies mechanism, git dependencies can still execute prepare, prepublish, and prepack scripts during the fetch phase, enabling remote code execution without user consent or approval. This issue is fixed in version 10.26.0. | 2026-01-07 | 8.8 | CVE-2025-69264 | https://github.com/pnpm/pnpm/security/advisories/GHSA-379q-355j-w6rj https://github.com/pnpm/pnpm/commit/73cc63504d9bc360c43e4b2feb9080677f03c5b5 |
| pnpm–pnpm | pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Command Injection vulnerability when using environment variable substitution in .npmrc configuration files with tokenHelper settings. An attacker who can control environment variables during pnpm operations could achieve Remote Code Execution (RCE) in build environments. This issue is fixed in version 10.27.0. | 2026-01-07 | 7.6 | CVE-2025-69262 | https://github.com/pnpm/pnpm/security/advisories/GHSA-2phv-j68v-wwqx https://github.com/pnpm/pnpm/releases/tag/v10.27.0 |
| pnpm–pnpm | pnpm is a package manager. Versions 10.26.2 and below store HTTP tarball dependencies (and git-hosted tarballs) in the lockfile without integrity hashes. This allows the remote server to serve different content on each install, even when a lockfile is committed. An attacker who publishes a package with an HTTP tarball dependency can serve different code to different users or CI/CD environments. The attack requires the victim to install a package that has an HTTP/git tarball in its dependency tree. The victim’s lockfile provides no protection. This issue is fixed in version 10.26.0. | 2026-01-07 | 7.5 | CVE-2025-69263 | https://github.com/pnpm/pnpm/security/advisories/GHSA-7vhp-vf5g-r2fw https://github.com/pnpm/pnpm/commit/0958027f88a99ccefe7e9676cdebba393dfbdc85 |
| Pro-Bravia–Sony BRAVIA Digital Signage | Sony BRAVIA Digital Signage 1.7.8 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive system details through API endpoints. Attackers can retrieve network interface information, server configurations, and system metadata by sending requests to the exposed system API. | 2026-01-06 | 7.5 | CVE-2020-36922 | ExploitDB-49187 Sony BRAVIA Digital Signage Official Homepage BRAVIA Signage Software Resources Sony Professional Display Software Product Page Zero Science Lab Disclosure (ZSL-2020-5610) Packet Storm Security Exploit Entry CXSecurity Vulnerability Database IBM X-Force Vulnerability Exchange VulnCheck Advisory: Sony BRAVIA Digital Signage 1.7.8 Unauthenticated System API Information Disclosure |
| Pro-Bravia–Sony BRAVIA Digital Signage | Sony BRAVIA Digital Signage 1.7.8 contains a remote file inclusion vulnerability that allows attackers to inject arbitrary client-side scripts through the content material URL parameter. Attackers can exploit this vulnerability to hijack user sessions, execute cross-site scripting code, and modify display content by manipulating the input material type. | 2026-01-06 | 7.5 | CVE-2020-36924 | ExploitDB-49186 Sony BRAVIA Digital Signage Product Homepage BRAVIA Signage Software Resources Sony Professional Display Software Product Page Zero Science Lab Disclosure (ZSL-2020-5612) Packet Storm Security Exploit Archive IBM X-Force Exchange Vulnerability Entry CXSecurity Vulnerability Listing VulnCheck Advisory: Sony BRAVIA Digital Signage 1.7.8 Unauthenticated Remote File Inclusion |
| projectworlds–House Rental and Property Listing | A flaw has been found in projectworlds House Rental and Property Listing 1.0. Impacted is an unknown function of the file /app/register.php?action=reg of the component Signup. This manipulation of the argument image causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be used. | 2026-01-06 | 7.3 | CVE-2026-0643 | VDB-339686 | projectworlds House Rental and Property Listing Signup register.php unrestricted upload VDB-339686 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #732563 | projectworlds.com rental And Property Listing Project V1.0 File unrestricted upload https://github.com/1uzpk/cve/issues/4 |
| Qualcomm, Inc.–Snapdragon | Cryptographic issue may occur while encrypting license data. | 2026-01-06 | 8.4 | CVE-2025-47345 | https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2026-bulletin.html |
| Qualcomm, Inc.–Snapdragon | Memory corruption while deinitializing a HDCP session. | 2026-01-06 | 7.8 | CVE-2025-47339 | https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2026-bulletin.html |
| Qualcomm, Inc.–Snapdragon | Memory corruption while processing a video session to set video parameters. | 2026-01-06 | 7.8 | CVE-2025-47343 | https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2026-bulletin.html |
| Qualcomm, Inc.–Snapdragon | Memory corruption while processing a secure logging command in the trusted application. | 2026-01-06 | 7.8 | CVE-2025-47346 | https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2026-bulletin.html |
| Qualcomm, Inc.–Snapdragon | Memory corruption while processing identity credential operations in the trusted application. | 2026-01-06 | 7.8 | CVE-2025-47348 | https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2026-bulletin.html |
| Qualcomm, Inc.–Snapdragon | Memory Corruption when multiple threads concurrently access and modify shared resources. | 2026-01-06 | 7.8 | CVE-2025-47356 | https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2026-bulletin.html |
| Qualcomm, Inc.–Snapdragon | Memory corruption while preprocessing IOCTLs in sensors. | 2026-01-06 | 7.8 | CVE-2025-47380 | https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2026-bulletin.html |
| Qualcomm, Inc.–Snapdragon | Memory corruption while passing pages to DSP with an unaligned starting address. | 2026-01-06 | 7.8 | CVE-2025-47388 | https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2026-bulletin.html |
| Qualcomm, Inc.–Snapdragon | Memory corruption when accessing resources in kernel driver. | 2026-01-06 | 7.8 | CVE-2025-47393 | https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2026-bulletin.html |
| Qualcomm, Inc.–Snapdragon | Memory corruption when copying overlapping buffers during memory operations due to incorrect offset calculations. | 2026-01-06 | 7.8 | CVE-2025-47394 | https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2026-bulletin.html |
| Qualcomm, Inc.–Snapdragon | Memory corruption occurs when a secure application is launched on a device with insufficient memory. | 2026-01-06 | 7.8 | CVE-2025-47396 | https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2026-bulletin.html |
| Quanta Computer–QOCA aim AI Medical Cloud Platform | QOCA aim AI Medical Cloud Platform developed by Quanta Computer has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server. | 2026-01-05 | 8.8 | CVE-2025-15240 | https://www.twcert.org.tw/tw/cp-132-10615-157a3-1.html https://www.twcert.org.tw/en/cp-139-10616-cd942-2.html |
| quickjs-ng–quickjs | A vulnerability was determined in quickjs-ng quickjs up to 0.11.0. This vulnerability affects the function js_typed_array_constructor of the file quickjs.c. Executing a manipulation can lead to heap-based buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. This patch is called c5d80831e51e48a83eab16ea867be87f091783c5. A patch should be applied to remediate this issue. | 2026-01-10 | 7.3 | CVE-2026-0821 | VDB-340355 | quickjs-ng quickjs quickjs.c js_typed_array_constructor heap-based overflow VDB-340355 | CTI Indicators (IOB, IOC, IOA) Submit #731780 | quickjs-ng quickjs v0.11.0 Heap-based Buffer Overflow https://github.com/quickjs-ng/quickjs/issues/1296 https://github.com/quickjs-ng/quickjs/pull/1299 https://github.com/quickjs-ng/quickjs/issues/1296#issue-3780003395 https://github.com/quickjs-ng/quickjs/commit/c5d80831e51e48a83eab16ea867be87f091783c5 |
| Red Hat–Red Hat Ansible Automation Platform 2.5 for RHEL 8 | A flaw was found in Ansible Automation Platform (AAP). Read-only scoped OAuth2 API Tokens in AAP, are enforced at the Gateway level for Gateway-specific operations. However, this vulnerability allows read-only tokens to perform write operations on backend services (e.g., Controller, Hub, EDA). If this flaw were exploited, an attacker’s capabilities would only be limited by role based access controls (RBAC). | 2026-01-08 | 8.5 | CVE-2025-14025 | https://access.redhat.com/articles/7136004 RHSA-2026:0360 RHSA-2026:0361 RHSA-2026:0408 RHSA-2026:0409 https://access.redhat.com/security/cve/CVE-2025-14025 RHBZ#2418785 |
| Red Hat–Red Hat Enterprise Linux 10 | A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk. | 2026-01-08 | 7.5 | CVE-2026-0719 | https://access.redhat.com/security/cve/CVE-2026-0719 RHBZ#2427906 https://gitlab.gnome.org/GNOME/libsoup/-/issues/477 |
| Red Hat–Red Hat JBoss Enterprise Application Platform 8.1 | A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without rejection, enabling attackers to poison caches, perform internal network scans, or hijack user sessions. | 2026-01-07 | 9.6 | CVE-2025-12543 | RHSA-2026:0383 RHSA-2026:0384 RHSA-2026:0386 https://access.redhat.com/security/cve/CVE-2025-12543 RHBZ#2408784 |
| RED–RED-V Super Digital Signage System RXV-A740R | RED-V Super Digital Signage System 5.1.1 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive webserver log files. Attackers can visit multiple endpoints to retrieve system resources and debug log information without authentication. | 2026-01-06 | 7.5 | CVE-2020-36921 | Zero Science Lab Disclosure (ZSL-2020-5609) Packet Storm Security Exploit Entry IBM X-Force Vulnerability Exchange CXSecurity Vulnerability Database RED-V Vendor Homepage VulnCheck Advisory: RED-V Super Digital Signage System 5.1.1 Log Information Disclosure Vulnerability |
| remix-run–react-router | React Router is a router for React. In @react-router/node versions 7.0.0 through 7.9.3, @remix-run/deno prior to version 2.17.2, and @remix-run/node prior to version 2.17.2, if createFileSessionStorage() is being used from @react-router/node (or @remix-run/node/@remix-run/deno in Remix v2) with an unsigned cookie, it is possible for an attacker to cause the session to try to read/write from a location outside the specified session file directory. The success of the attack would depend on the permissions of the web server process to access those files. Read files cannot be returned directly to the attacker. Session file reads would only succeed if the file matched the expected session file format. If the file matched the session file format, the data would be populated into the server side session but not directly returned to the attacker unless the application logic returned specific session information. This issue has been patched in @react-router/node version 7.9.4, @remix-run/deno version 2.17.2, and @remix-run/node version 2.17.2. | 2026-01-10 | 9.1 | CVE-2025-61686 | https://github.com/remix-run/react-router/security/advisories/GHSA-9583-h5hc-x8cw |
| remix-run–react-router | React Router is a router for React. In @remix-run/react version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, a XSS vulnerability exists in in React Router’s <ScrollRestoration> API in Framework Mode when using the getKey/storageKey props during Server-Side Rendering which could allow arbitrary JavaScript execution during SSR if untrusted content is used to generate the keys. There is no impact if server-side rendering in Framework Mode is disabled, or if Declarative Mode (<BrowserRouter>) or Data Mode (createBrowserRouter/<RouterProvider>) is being used. This issue has been patched in @remix-run/react version 2.17.3 and react-router version 7.12.0. | 2026-01-10 | 8.2 | CVE-2026-21884 | https://github.com/remix-run/react-router/security/advisories/GHSA-8v8x-cx79-35w7 |
| remix-run–react-router | React Router is a router for React. In @remix-run/router version prior to 1.23.2. and react-router 7.0.0 through 7.11.0, React Router (and Remix v1/v2) SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs causing unintended javascript execution on the client. This is only an issue if you are creating redirect paths from untrusted content or via an open redirect. There is no impact if Declarative Mode (<BrowserRouter>) is being used. This issue has been patched in @remix-run/router version 1.23.2 and react-router version 7.12.0. | 2026-01-10 | 8 | CVE-2026-22029 | https://github.com/remix-run/react-router/security/advisories/GHSA-2w69-qvjg-hvjx |
| remix-run–react-router | React Router is a router for React. In @remix-run/react versions 1.15.0 through 2.17.0. and react-router versions 7.0.0 through 7.8.2, a XSS vulnerability exists in in React Router’s meta()/<Meta> APIs in Framework Mode when generating script:ld+json tags which could allow arbitrary JavaScript execution during SSR if untrusted content is used to generate the tag. There is no impact if the application is being used in Declarative Mode (<BrowserRouter>) or Data Mode (createBrowserRouter/<RouterProvider>). This issue has been patched in @remix-run/react version 2.17.1 and react-router version 7.9.0. | 2026-01-10 | 7.6 | CVE-2025-59057 | https://github.com/remix-run/react-router/security/advisories/GHSA-3cgp-3xvw-98×8 |
| Rustaurius–Five Star Restaurant Reservations | Authorization Bypass Through User-Controlled Key vulnerability in Rustaurius Five Star Restaurant Reservations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Five Star Restaurant Reservations: from n/a through 2.7.8. | 2026-01-05 | 8.6 | CVE-2025-68044 | https://vdp.patchstack.com/database/wordpress/plugin/restaurant-reservations/vulnerability/wordpress-five-star-restaurant-reservations-plugin-2-7-7-insecure-direct-object-references-idor-vulnerability?_s_id=cve |
| RustCrypto–elliptic-curves | RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography (ECC) support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a denial-of-service vulnerability exists in the SM2 PKE decryption path where an invalid elliptic-curve point (C1) is decoded and the resulting value is unwrapped without checking. Specifically, AffinePoint::from_encoded_point(&encoded_c1) may return a None/CtOption::None when the supplied coordinates are syntactically valid but do not lie on the SM2 curve. The calling code previously used .unwrap(), causing a panic when presented with such input. This issue has been patched via commit 085b7be. | 2026-01-10 | 7.5 | CVE-2026-22699 | https://github.com/RustCrypto/elliptic-curves/security/advisories/GHSA-78p6-6878-8mj6 https://github.com/RustCrypto/elliptic-curves/pull/1602 https://github.com/RustCrypto/elliptic-curves/commit/085b7bee647029bd189e1375203418205006bcab |
| RustCrypto–elliptic-curves | RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography (ECC) support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a denial-of-service vulnerability exists in the SM2 public-key encryption (PKE) implementation: the decrypt() path performs unchecked slice::split_at operations on input buffers derived from untrusted ciphertext. An attacker can submit short/undersized ciphertext or carefully-crafted DER-encoded structures to trigger bounds-check panics (Rust unwinding) which crash the calling thread or process. This issue has been patched via commit e60e991. | 2026-01-10 | 7.5 | CVE-2026-22700 | https://github.com/RustCrypto/elliptic-curves/security/advisories/GHSA-j9xq-69pf-pcm8 https://github.com/RustCrypto/elliptic-curves/pull/1603 https://github.com/RustCrypto/elliptic-curves/commit/e60e99167a9a2b187ebe80c994c5204b0fdaf4ab |
| SaasProject–Booking Package | Improper Validation of Specified Quantity in Input vulnerability in SaasProject Booking Package allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booking Package: from n/a through 1.6.27. | 2026-01-05 | 7.5 | CVE-2024-30516 | https://vdp.patchstack.com/database/wordpress/plugin/booking-package/vulnerability/wordpress-booking-package-plugin-1-6-27-price-manipulation-vulnerability?_s_id=cve |
| salvo-rs–salvo | Salvo is a Rust web backend framework. Prior to version 0.88.1, the function list_html generate an file view of a folder which include a render of the current path, in which its inserted in the HTML without proper sanitation, this leads to reflected XSS using the fact that request path is decoded and normalized in the matching stage but not is inserted raw in the html view (current.path), the only constraint here is for the root path (eg. /files in the PoC example) to have a sub directory (e.g common ones styles/scripts/etc) so that the matching return the list HTML page instead of the Not Found page. This issue has been patched in version 0.88.1. | 2026-01-08 | 8.8 | CVE-2026-22256 | https://github.com/salvo-rs/salvo/security/advisories/GHSA-rjf8-2wcw-f6mp https://github.com/salvo-rs/salvo/blob/16efeba312a274739606ce76366d921768628654/crates/serve-static/src/dir.rs#L593 |
| salvo-rs–salvo | Salvo is a Rust web backend framework. Prior to version 0.88.1, the function list_html generates a file view of a folder without sanitizing the files or folders names, this may potentially lead to XSS in cases where a website allow the access to public files using this feature and anyone can upload a file. This issue has been patched in version 0.88.1. | 2026-01-08 | 8.8 | CVE-2026-22257 | https://github.com/salvo-rs/salvo/security/advisories/GHSA-54m3-5fxr-2f3j https://github.com/salvo-rs/salvo/blob/16efeba312a274739606ce76366d921768628654/crates/serve-static/src/dir.rs#L581 |
| Sangfor–Operation and Maintenance Management System | A vulnerability was found in Sangfor Operation and Maintenance Management System up to 3.0.8. This issue affects some unknown processing of the file /isomp-protocol/protocol/getHis of the component HTTP POST Request Handler. The manipulation of the argument sessionPath results in os command injection. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2026-01-09 | 9.8 | CVE-2025-15500 | VDB-340345 | Sangfor Operation and Maintenance Management System HTTP POST Request getHis os command injection VDB-340345 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #727208 | Sangfor Operation and Maintenance Management System (OSM / è¿ç»´å®‰å…¨ç®¡ç†ç³»ç»Ÿ) 3.0.8 OS Command Injection https://github.com/master-abc/cve/issues/11 https://github.com/master-abc/cve/issues/11#issue-3770602189 |
| Sangfor–Operation and Maintenance Management System | A vulnerability was determined in Sangfor Operation and Maintenance Management System up to 3.0.8. Impacted is the function WriterHandle.getCmd of the file /isomp-protocol/protocol/getCmd. This manipulation of the argument sessionPath causes os command injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | 2026-01-09 | 9.8 | CVE-2025-15501 | VDB-340346 | Sangfor Operation and Maintenance Management System getCmd WriterHandle.getCmd os command injection VDB-340346 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #727214 | Sangfor Operation and Maintenance Management System (OSM / è¿ç»´å®‰å…¨ç®¡ç†ç³»ç»Ÿ) 3.0.8 OS Command Injection https://github.com/master-abc/cve/issues/12 https://github.com/master-abc/cve/issues/12#issue-3770615262 |
| Sangfor–Operation and Maintenance Management System | A vulnerability has been found in Sangfor Operation and Maintenance Management System up to 3.0.8. This vulnerability affects the function uploadCN of the file VersionController.java. The manipulation of the argument filename leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2026-01-09 | 8.8 | CVE-2025-15499 | VDB-340344 | Sangfor Operation and Maintenance Management System VersionController.java uploadCN os command injection VDB-340344 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #727207 | Sangfor Operation and Maintenance Management System (è¿ç»´å®‰å…¨ç®¡ç†ç³»ç»Ÿ / OSM) 3.0.8 Command Injection https://github.com/master-abc/cve/issues/10 https://github.com/master-abc/cve/issues/10#issue-3770540830 |
| Sangfor–Operation and Maintenance Management System | A vulnerability was identified in Sangfor Operation and Maintenance Management System up to 3.0.8. The affected element is the function SessionController of the file /isomp-protocol/protocol/session. Such manipulation of the argument Hostname leads to os command injection. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2026-01-10 | 7.3 | CVE-2025-15502 | VDB-340347 | Sangfor Operation and Maintenance Management System session SessionController os command injection VDB-340347 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #727217 | Sangfor Operation and Maintenance Management System (OSM / è¿ç»´å®‰å…¨ç®¡ç†ç³»ç»Ÿ) 3.0.8 OS Command Injection https://github.com/master-abc/cve/issues/14 https://github.com/master-abc/cve/issues/14#issue-3770634476 |
| Sangfor–Operation and Maintenance Management System | A security flaw has been discovered in Sangfor Operation and Maintenance Management System up to 3.0.8. The impacted element is an unknown function of the file /fort/trust/version/common/common.jsp. Performing a manipulation of the argument File results in unrestricted upload. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | 2026-01-10 | 7.3 | CVE-2025-15503 | VDB-340348 | Sangfor Operation and Maintenance Management System common.jsp unrestricted upload VDB-340348 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #727253 | Sangfor Operation and Maintenance Management System (OSM / è¿ç»´å®‰å…¨ç®¡ç†ç³»ç»Ÿ) 3.0.8 Unrestricted Upload https://github.com/master-abc/cve/issues/13 https://github.com/master-abc/cve/issues/13#issue-3770623333 |
| Sfwebservice–InWave Jobs | Missing Authorization vulnerability in Sfwebservice InWave Jobs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects InWave Jobs: from n/a through 3.5.8. | 2026-01-06 | 9.8 | CVE-2025-39477 | https://patchstack.com/database/wordpress/plugin/iwjob/vulnerability/wordpress-inwave-jobs-plugin-3-5-8-broken-access-control-vulnerability?_s_id=cve |
| shabti–Frontend Admin by DynamiApps | The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.28.25. This is due to insufficient validation of user-supplied role values in the ‘validate_value’, ‘pre_update_value’, and ‘get_fields_display’ functions. This makes it possible for unauthenticated attackers to register as administrators and gain complete control of the site, granted they can access a user registration form containing a Role field. | 2026-01-09 | 9.8 | CVE-2025-14736 | https://www.wordfence.com/threat-intel/vulnerabilities/id/07eb71fc-6588-490d-8947-3077ec4a9045?source=cve https://plugins.trac.wordpress.org/changeset/3427243/acf-frontend-form-element/trunk/main/frontend/fields/user/class-role.php |
| shabti–Frontend Admin by DynamiApps | The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to missing authorization to unauthorized data modification and deletion due to a missing capability check on the ‘delete_object’ function in all versions up to, and including, 3.28.25. This makes it possible for unauthenticated attackers to delete arbitrary posts, pages, products, taxonomy terms, and user accounts. | 2026-01-09 | 9.1 | CVE-2025-14741 | https://www.wordfence.com/threat-intel/vulnerabilities/id/53adbab6-953a-4a6f-bbfc-89efdbdd28e0?source=cve https://plugins.trac.wordpress.org/browser/acf-frontend-form-element/tags/3.28.26/main/frontend/fields/general/class-delete-object.php?marks=106,119,132,142#L106 |
| shabti–Frontend Admin by DynamiApps | The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘acff’ parameter in the ‘frontend_admin/forms/update_field’ AJAX action in all versions up to, and including, 3.28.23 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2026-01-09 | 7.2 | CVE-2025-14937 | https://www.wordfence.com/threat-intel/vulnerabilities/id/46c988ff-9cc5-4f2b-a3dd-06eaef5a7919?source=cve https://plugins.trac.wordpress.org/changeset/3427236/acf-frontend-form-element |
| Shazdeh–Header Image Slider | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Shazdeh Header Image Slider header-image-slider allows DOM-Based XSS.This issue affects Header Image Slider: from n/a through 0.3. | 2026-01-06 | 7.1 | CVE-2024-30547 | https://patchstack.com/database/wordpress/plugin/header-image-slider/vulnerability/wordpress-header-image-slider-plugin-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Shenzhen Xingmeng Qihang Media Co., Ltd.–QiHang Media Web (QH.aspx) Digital Signage | QiHang Media Web Digital Signage 3.0.9 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept user authentication credentials through cleartext cookie transmission. Attackers can perform man-in-the-middle attacks to capture and potentially misuse stored authentication credentials transmitted in an insecure manner. | 2026-01-06 | 7.5 | CVE-2020-36914 | Zero Science Lab Disclosure (ZSL-2020-5578) Packet Storm Security Exploit Entry IBM X-Force Vulnerability Exchange CXSecurity Vulnerability Database Entry HowFor Vendor Homepage VulnCheck Advisory: QiHang Media Web Digital Signage 3.0.9 Cookie Authentication Credentials Disclosure |
| solwininfotech–User Activity Log | The User Activity Log plugin is vulnerable to a limited options update in versions up to, and including, 2.2. The failed-login handler ‘ual_shook_wp_login_failed’ lacks a capability check and writes failed usernames directly into update_option() calls. This makes it possible for unauthenticated attackers to push select site options from 0 to a non-zero value, allowing them to reopen registration or corrupt options like ‘wp_user_roles’, breaking wp-admin access. | 2026-01-07 | 7.5 | CVE-2025-11877 | https://www.wordfence.com/threat-intel/vulnerabilities/id/24225f47-cec2-4270-88f0-8696ebfb7168?source=cve https://plugins.trac.wordpress.org/browser/user-activity-log/trunk/user-functions.php |
| Sony Electronics Inc.–Sony BRAVIA Digital Signage | Sony BRAVIA Digital Signage 1.7.8 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization controls. Attackers can access hidden system resources like ‘/#/content-creation’ by manipulating client-side access restrictions. | 2026-01-06 | 9.8 | CVE-2020-36923 | Zero Science Lab Disclosure (ZSL-2020-5611) IBM X-Force Exchange Vulnerability Entry CXSecurity Vulnerability Listing Packet Storm Security Exploit Archive Sony Professional Display Software Product Page BRAVIA Signage Software Resources Sony BRAVIA Digital Signage Official Homepage VulnCheck Advisory: Sony BRAVIA Digital Signage 1.7.8 Client-Side Protection Bypass via IDOR |
| spinnaker–spinnaker | Spinnaker is an open source, multi-cloud continuous delivery platform. Versions prior to 2025.1.6, 2025.2.3, and 2025.3.0 are vulnerable to server-side request forgery. The primary impact is allowing users to fetch data from a remote URL. This data can be then injected into spinnaker pipelines via helm or other methods to extract things LIKE idmsv1 authentication data. This also includes calling internal spinnaker API’s via a get and similar endpoints. Further, depending upon the artifact in question, auth data may be exposed to arbitrary endpoints (e.g. GitHub auth headers) leading to credentials exposure. To trigger this, a spinnaker installation MUST have two things. The first is an artifact enabled that allows user input. This includes GitHub file artifacts, BitBucket, GitLab, HTTP artifacts and similar artifact providers. JUST enabling the http artifact provider will add a “no-auth” http provider that could be used to extract link local data (e.g. AWS Metadata information). The second is a system that can consume the output of these artifacts. e.g. Rosco helm can use this to fetch values data. K8s account manifests if the API returns JSON can be used to inject that data into the pipeline itself though the pipeline would fail. This vulnerability is fixed in versions 2025.1.6, 2025.2.3, and 2025.3.0. As a workaround, disable HTTP account types that allow user input of a given URL. This is probably not feasible in most cases. Git, Docker and other artifact account types with explicit URL configurations bypass this limitation and should be safe as they limit artifact URL loading. Alternatively, use one of the various vendors which provide OPA policies to restrict pipelines from accessing or saving a pipeline with invalid URLs. | 2026-01-05 | 7.9 | CVE-2025-61916 | https://github.com/spinnaker/spinnaker/security/advisories/GHSA-vrjc-q2fh-6x9h |
| spree–spree | Spree is an open source e-commerce solution built with Ruby on Rails. Prior to versions 4.10.2, 5.0.7, 5.1.9, and 5.2.5, an Unauthenticated Insecure Direct Object Reference (IDOR) vulnerability was identified that allows an unauthenticated attacker to access guest address information without supplying valid credentials or session cookies. This issue has been patched in versions 4.10.2, 5.0.7, 5.1.9, and 5.2.5. | 2026-01-10 | 7.5 | CVE-2026-22589 | https://github.com/spree/spree/security/advisories/GHSA-3ghg-3787-w2xr https://github.com/spree/spree/commit/16067def6de8e0742d55313e83b0fbab6d2fd795 https://github.com/spree/spree/commit/4c2bd62326fba0d846fd9e4bad2c62433829b3ad https://github.com/spree/spree/commit/d051925778f24436b62fa8e4a6b842c72ca80a67 https://github.com/spree/spree/commit/e1cff4605eb15472904602aebaf8f2d04852d6ad |
| staniel359–muffon | muffon is a cross-platform music streaming client for desktop. Versions prior to 2.3.0 have a one-click Remote Code Execution (RCE) vulnerability in. An attacker can exploit this issue by embedding a specially crafted `muffon://` link on any website they control. When a victim visits the site or clicks the link, the browser triggers Muffon’s custom URL handler, causing the application to launch and process the URL. This leads to RCE on the victim’s machine without further interaction. Version 2.3.0 patches the issue. | 2026-01-05 | 8.8 | CVE-2025-55204 | https://github.com/staniel359/muffon/security/advisories/GHSA-gc3f-gqph-522q https://drive.google.com/file/d/1eCPCQ6leuVM_vecfofFv04c0t9isCBqR/view?usp=sharing https://github.com/staniel359/muffon/releases/tag/v2.3.0 |
| SUSE–harvester | Projects using the SUSE Virtualization (Harvester) environment may expose the OS default ssh login password if they are using the 1.5.x or 1.6.x interactive installer to either create a new cluster or add new hosts to an existing cluster. The environment is not affected if the PXE boot mechanism is utilized along with the Harvester configuration setup. | 2026-01-08 | 9.8 | CVE-2025-62877 | https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-62877 https://github.com/harvester/harvester/security/advisories/GHSA-6g8q-hp2j-gvwv |
| SUSE–neuvector | NeuVector supports login authentication through OpenID Connect. However, the TLS verification (which verifies the remote server’s authenticity and integrity) for OpenID Connect is not enforced by default. As a result this may expose the system to man-in-the-middle (MITM) attacks. | 2026-01-08 | 8.8 | CVE-2025-66001 | https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-66001 https://github.com/neuvector/neuvector/security/advisories/GHSA-4jj9-cgqc-x9h5 |
| Tdmsignage–TDM Digital Signage PC Player | TDM Digital Signage PC Player 4.1.0.4 contains an elevation of privileges vulnerability that allows authenticated users to modify executable files. Attackers can leverage the ‘Modify’ permissions for authenticated users to replace executable files with malicious binaries and gain elevated system access. | 2026-01-06 | 8.8 | CVE-2020-36916 | ExploitDB-48953 TDM Digital Signage Official Website Sony Professional Display Software Product Page Zero Science Lab Disclosure (ZSL-2020-5604) Packet Storm Security Exploit Entry IBM X-Force Vulnerability Exchange VulnCheck Advisory: TDM Digital Signage PC Player 4.1.0.4 Privilege Escalation via Insecure Permissions |
| Tencent–WeKnora | WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, there is a command injection vulnerability that allows authenticated users to inject stdio_config.command/args into MCP stdio settings, causing the server to execute subprocesses using these injected values. This issue has been patched in version 0.2.5. | 2026-01-10 | 10 | CVE-2026-22688 | https://github.com/Tencent/WeKnora/security/advisories/GHSA-78h3-63c4-5fqc https://github.com/Tencent/WeKnora/commit/f7900a5e9a18c99d25cec9589ead9e4e59ce04bb |
| Tencent–WeKnora | WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, after WeKnora enables the Agent service, it allows users to call the database query tool. Due to insufficient backend validation, an attacker can use prompt based bypass techniques to evade query restrictions and obtain sensitive information from the target server and database. This issue has been patched in version 0.2.5. | 2026-01-10 | 8.1 | CVE-2026-22687 | https://github.com/Tencent/WeKnora/security/advisories/GHSA-pcwc-3fw3-8cqv https://github.com/Tencent/WeKnora/commit/da55707022c252dd2c20f8e18145b2d899ee06a1 |
| Tenda–AC23 | A weakness has been identified in Tenda AC23 16.03.07.52. This affects the function sscanf of the file /goform/PowerSaveSet. Executing a manipulation of the argument Time can lead to buffer overflow. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. | 2026-01-06 | 8.8 | CVE-2026-0640 | VDB-339683 | Tenda AC23 PowerSaveSet sscanf buffer overflow VDB-339683 | CTI Indicators (IOB, IOC, IOA) Submit #731772 | Tenda AC23 V16.03.07.52 Buffer Overflow https://github.com/xyh4ck/iot_poc/blob/main/Tenda%20AC23_Buffer_Overflow/Tenda%20AC23_Buffer_Overflow.md https://github.com/xyh4ck/iot_poc/blob/main/Tenda%20AC23_Buffer_Overflow/Tenda%20AC23_Buffer_Overflow.md#poc https://www.tenda.com.cn/ |
| the-hideout–tarkov-data-manager | The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to 02 January 2025, an authentication bypass vulnerability in the login endpoint allows any unauthenticated user to gain full admin access to the Tarkov Data Manager admin panel by exploiting a JavaScript prototype property access vulnerability, combined with loose equality type coercion. A series of fix commits on 02 January 2025 fixed this and other vulnerabilities. | 2026-01-07 | 9.8 | CVE-2026-21854 | https://github.com/the-hideout/tarkov-data-manager/security/advisories/GHSA-r8w6-9xwg-6h73 https://github.com/the-hideout/tarkov-data-manager/commit/f188f0abf766cefe3f1b7b4fc6fe9dad3736174a |
| the-hideout–tarkov-data-manager | The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to 02 January 2025, a reflected Cross Site Scripting (XSS) vulnerability in the toast notification system allows any attacker to execute arbitrary JavaScript in the context of a victim’s browser session by crafting a malicious URL. A series of fix commits on 02 January 2025 fixed this and other vulnerabilities. | 2026-01-07 | 9.3 | CVE-2026-21855 | https://github.com/the-hideout/tarkov-data-manager/security/advisories/GHSA-9c23-rrg9-jc89 |
| the-hideout–tarkov-data-manager | The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to commit 9bdb3a75a98a7047b6d70144eb1da1655d6992a8, a time based blind SQL injection vulnerability in the webhook edit and scanner api endpoints that allow an authenticated attacker to execute arbitrary SQL queries against the MySQL database. Commit 9bdb3a75a98a7047b6d70144eb1da1655d6992a8 contains a patch. | 2026-01-07 | 7.2 | CVE-2026-21856 | https://github.com/the-hideout/tarkov-data-manager/security/advisories/GHSA-4gcx-ghwc-rc78 https://github.com/the-hideout/tarkov-data-manager/commit/9bdb3a75a98a7047b6d70144eb1da1655d6992a8 |
| ThemeREX Group–Hope | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in ThemeREX Group Hope charity-is-hope allows PHP Local File Inclusion.This issue affects Hope: from n/a through 3.0.0. | 2026-01-07 | 8.1 | CVE-2025-69081 | https://patchstack.com/database/wordpress/theme/charity-is-hope/vulnerability/wordpress-hope-theme-3-0-0-local-file-inclusion-vulnerability?_s_id=cve |
| Themesgrove–WidgetKit Pro | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Themesgrove WidgetKit Pro allows Reflected XSS.This issue affects WidgetKit Pro: from n/a through 1.13.1. | 2026-01-07 | 7.1 | CVE-2025-46494 | https://patchstack.com/database/wordpress/plugin/widgetkit-pro/vulnerability/wordpress-widgetkit-pro-plugin-1-13-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Themify–Shopo | Unrestricted Upload of File with Dangerous Type vulnerability in Themify Shopo allows Upload a Web Shell to a Web Server.This issue affects Shopo: from n/a through 1.1.4. | 2026-01-05 | 9.9 | CVE-2025-31048 | https://vdp.patchstack.com/database/wordpress/theme/shopo/vulnerability/wordpress-shopo-1-1-4-arbitrary-file-upload-vulnerability?_s_id=cve |
| Themify–Themify Edmin | Deserialization of Untrusted Data vulnerability in Themify Themify Edmin allows Object Injection.This issue affects Themify Edmin: from n/a through 2.0.0. | 2026-01-05 | 8.8 | CVE-2025-31047 | https://vdp.patchstack.com/database/wordpress/theme/edmin/vulnerability/wordpress-themify-edmin-2-0-0-php-object-injection-vulnerability?_s_id=cve |
| Themify–Themify Sidepane WordPress Theme | Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Sidepane WordPress Theme, Themify Themify Newsy, Themify Themify Folo, Themify Themify Edmin, Themify Bloggie, Themify Photobox, Themify Wigi, Themify Rezo, Themify Slide allows Upload a Web Shell to a Web Server.This issue affects Themify Sidepane WordPress Theme: from n/a through 1.9.8; Themify Newsy: from n/a through 1.9.9; Themify Folo: from n/a through 1.9.6; Themify Edmin: from n/a through 2.0.0; Bloggie: from n/a through 2.0.8; Photobox: from n/a through 2.0.1; Wigi: from n/a through 2.0.1; Rezo: from n/a through 1.9.7; Slide: from n/a through 1.7.5. | 2026-01-06 | 9.9 | CVE-2025-30996 | https://patchstack.com/database/wordpress/theme/sidepane/vulnerability/wordpress-themify-sidepane-wordpress-theme-1-9-8-arbitrary-file-upload-vulnerability?_s_id=cve https://patchstack.com/database/wordpress/theme/newsy/vulnerability/wordpress-themify-newsy-1-9-9-arbitrary-file-upload-vulnerability?_s_id=cve https://patchstack.com/database/wordpress/theme/folo/vulnerability/wordpress-themify-folo-1-9-6-arbitrary-file-upload-vulnerability?_s_id=cve https://patchstack.com/database/wordpress/theme/edmin/vulnerability/wordpress-themify-edmin-2-0-0-arbitrary-file-upload-vulnerability?_s_id=cve https://patchstack.com/database/wordpress/theme/bloggie/vulnerability/wordpress-bloggie-2-0-8-arbitrary-file-upload-vulnerability?_s_id=cve https://patchstack.com/database/wordpress/theme/photobox/vulnerability/wordpress-photobox-2-0-1-arbitrary-file-upload-vulnerability?_s_id=cve https://patchstack.com/database/wordpress/theme/wigi/vulnerability/wordpress-wigi-2-0-1-arbitrary-file-upload-vulnerability?_s_id=cve https://patchstack.com/database/wordpress/theme/rezo/vulnerability/wordpress-rezo-1-9-7-arbitrary-file-upload-vulnerability?_s_id=cve https://patchstack.com/database/wordpress/theme/slide/vulnerability/wordpress-slide-1-7-5-arbitrary-file-upload-vulnerability?_s_id=cve |
| Trend Micro, Inc.–Trend Micro Apex Central | A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations. | 2026-01-08 | 9.8 | CVE-2025-69258 | https://success.trendmicro.com/en-US/solution/KA-0022071 https://success.trendmicro.com/ja-JP/solution/KA-0022081 https://www.tenable.com/security/research/tra-2026-01 |
| Trend Micro, Inc.–Trend Micro Apex Central | A message unchecked NULL return value vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations. Please note: authentication is not required in order to exploit this vulnerability.. | 2026-01-08 | 7.5 | CVE-2025-69259 | https://success.trendmicro.com/en-US/solution/KA-0022071 https://success.trendmicro.com/ja-JP/solution/KA-0022081 https://www.tenable.com/security/research/tra-2026-01 |
| Trend Micro, Inc.–Trend Micro Apex Central | A message out-of-bounds read vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations. Please note: authentication is not required in order to exploit this vulnerability. | 2026-01-08 | 7.5 | CVE-2025-69260 | https://success.trendmicro.com/en-US/solution/KA-0022071 https://success.trendmicro.com/ja-JP/solution/KA-0022081 https://www.tenable.com/security/research/tra-2026-01 |
| TRENDnet–TEW-713RE | A vulnerability was detected in TRENDnet TEW-713RE 1.02. The impacted element is an unknown function of the file /goformX/formFSrvX. The manipulation of the argument SZCMD results in os command injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2026-01-06 | 9.8 | CVE-2025-15471 | VDB-339721 | TRENDnet TEW-713RE formFSrvX os command injection VDB-339721 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #721441 | TRENDnet TEW-713RE 1.02 OS Command Injection https://pentagonal-time-3a7.notion.site/Command-Injection-Vulnerability-in-formFSrvX-of-Trendnet-TEW-713RE-2d1e5dd4c5a5801481abe7a944763d39 |
| TRENDnet–TEW-811DRU | A flaw has been found in TRENDnet TEW-811DRU 1.0.2.0. This affects the function setDeviceURL of the file uapply.cgi of the component httpd . This manipulation of the argument DeviceURL causes os command injection. The attack can be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2026-01-06 | 7.2 | CVE-2025-15472 | VDB-339722 | TRENDnet TEW-811DRU httpd uapply.cgi setDeviceURL os command injection VDB-339722 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #721874 | TRENDnet TEW-811DRU 1.0.4.0 OS Command Injection https://pentagonal-time-3a7.notion.site/TrendNet-TEW-811DRU-2d2e5dd4c5a58016a612e99853b835f8 |
| TryGhost–Ghost | Ghost is a Node.js content management system. In versions 5.105.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s 2FA mechanism allows staff users to skip email 2FA. This issue has been patched in versions 5.130.6 and 6.11.0. | 2026-01-10 | 8.1 | CVE-2026-22594 | https://github.com/TryGhost/Ghost/security/advisories/GHSA-5fp7-g646-ccf4 https://github.com/TryGhost/Ghost/commit/b59f707f670e6f175b669977724ccf16c718430b https://github.com/TryGhost/Ghost/commit/fc7bc2fb0888513498154ec5cb4b21eccb88de07 |
| TryGhost–Ghost | Ghost is a Node.js content management system. In versions 5.121.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s handling of Staff Token authentication allowed certain endpoints to be accessed that were only intended to be accessible via Staff Session authentication. External systems that have been authenticated via Staff Tokens for Admin/Owner-role users would have had access to these endpoints. This issue has been patched in versions 5.130.6 and 6.11.0. | 2026-01-10 | 8.1 | CVE-2026-22595 | https://github.com/TryGhost/Ghost/security/advisories/GHSA-9xg7-mwmp-xmjx https://github.com/TryGhost/Ghost/commit/9513d2a35c21067127ce8192443d8919ddcefcc8 https://github.com/TryGhost/Ghost/commit/c3017f81a5387b253a7b8c1ba1959d430ee536a3 |
| Tumult Inc–Tumult Hype Animations | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Tumult Inc Tumult Hype Animations allows DOM-Based XSS.This issue affects Tumult Hype Animations: from n/a through 1.9.11. | 2026-01-05 | 7.1 | CVE-2024-30461 | https://vdp.patchstack.com/database/wordpress/plugin/tumult-hype-animations/vulnerability/wordpress-tumult-hype-animations-plugin-1-9-11-csrf-to-xss-vulnerability?_s_id=cve |
| Ubiquiti Inc–UBB-XG | A malicious actor in Wi-Fi range of the affected product could leverage a vulnerability in the airMAX Wireless Protocol to achieve a remote code execution (RCE) within the affected product. Affected Products: UBB-XG (Version 1.2.2 and earlier) UDB-Pro/UDB-Pro-Sector (Version 1.4.1 and earlier) UBB (Version 3.1.5 and earlier) Mitigation: Update your UBB-XG to Version 1.2.3 or later. Update your UDB-Pro/UDB-Pro-Sector to Version 1.4.2 or later. Update your UBB to Version 3.1.7 or later. | 2026-01-08 | 8.8 | CVE-2026-21638 | https://community.ui.com/releases/Security-Advisory-Bulletin-060-060/cde18da7-2bc4-41bb-a9cc-48a4a4c479c1 |
| Ubiquiti Inc–UCRM Argentina AFIP invoices Plugin | A Cross-Site Scripting (XSS) vulnerability in the UCRM Argentina AFIP invoices Plugin (v1.2.0 and earlier) could allow privilege escalation if an Administrator is tricked into visiting a crafted malicious page. This plugin is disabled by default. Affected Products: UCRM Argentina AFIP invoices Plugin (Version 1.2.0 and earlier) Mitigation: Update UCRM Argentina AFIP invoices Plugin to Version 1.3.0 or later. | 2026-01-05 | 7.5 | CVE-2025-59467 | https://community.ui.com/releases/Security-Advisory-Bulletin-057/6d3f2a51-22b8-47a1-9296-1e9dcd64e073 |
| Ubiquiti Inc–UniFi Protect Application | A malicious actor with access to the adjacent network could obtain unauthorized access to a UniFi Protect Camera by exploiting a discovery protocol vulnerability in the Unifi Protect Application (Version 6.1.79 and earlier). Affected Products: UniFi Protect Application (Version 6.1.79 and earlier). Mitigation: Update your UniFi Protect Application to Version 6.2.72 or later. | 2026-01-05 | 8.8 | CVE-2026-21633 | https://community.ui.com/releases/Security-Advisory-Bulletin-058-058/6922ff20-8cd7-4724-8d8c-676458a2d0f9 |
| UTT– 520W | A security vulnerability has been detected in UTT è¿›å– 520W 1.7.7-180627. Affected by this issue is the function strcpy of the file /goform/formUser. Such manipulation of the argument passwd1 leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2026-01-05 | 8.8 | CVE-2025-15459 | VDB-339495 | UTT è¿›å– 520W formUser strcpy buffer overflow VDB-339495 | CTI Indicators (IOB, IOC, IOA) Submit #725816 | UTT è¿›å– 520W v3v1.7.7-180627 Buffer Overflow https://github.com/cymiao1978/cve/blob/main/new/22.md https://github.com/cymiao1978/cve/blob/main/new/22.md#poc |
| UTT– 520W | A vulnerability was detected in UTT è¿›å– 520W 1.7.7-180627. This affects the function strcpy of the file /goform/formPptpClientConfig. Performing a manipulation of the argument EncryptionMode results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2026-01-05 | 8.8 | CVE-2025-15460 | VDB-339496 | UTT è¿›å– 520W formPptpClientConfig strcpy buffer overflow VDB-339496 | CTI Indicators (IOB, IOC, IOA) Submit #725817 | UTT è¿›å– 520W v3v1.7.7-180627 Buffer Overflow https://github.com/cymiao1978/cve/blob/main/new/23.md https://github.com/cymiao1978/cve/blob/main/new/23.md#poc |
| UTT– 520W | A flaw has been found in UTT è¿›å– 520W 1.7.7-180627. This vulnerability affects the function strcpy of the file /goform/formTaskEdit. Executing a manipulation of the argument selDateType can lead to buffer overflow. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2026-01-05 | 8.8 | CVE-2025-15461 | VDB-339497 | UTT è¿›å– 520W formTaskEdit strcpy buffer overflow VDB-339497 | CTI Indicators (IOB, IOC, IOA) Submit #725818 | UTT è¿›å– 520W v3v1.7.7-180627 Buffer Overflow https://github.com/cymiao1978/cve/blob/main/new/24.md https://github.com/cymiao1978/cve/blob/main/new/24.md#poc |
| UTT– 520W | A vulnerability has been found in UTT è¿›å– 520W 1.7.7-180627. This issue affects the function strcpy of the file /goform/ConfigAdvideo. The manipulation of the argument timestart leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2026-01-05 | 8.8 | CVE-2025-15462 | VDB-339498 | UTT è¿›å– 520W ConfigAdvideo strcpy buffer overflow VDB-339498 | CTI Indicators (IOB, IOC, IOA) Submit #725819 | UTT è¿›å– 520W v3v1.7.7-180627 Buffer Overflow https://github.com/cymiao1978/cve/blob/main/new/25.md https://github.com/cymiao1978/cve/blob/main/new/25.md#poc |
| UTT– 520W | A vulnerability was determined in UTT è¿›å– 520W 1.7.7-180627. The impacted element is the function strcpy of the file /goform/formConfigFastDirectionW. This manipulation of the argument ssid causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | 2026-01-11 | 8.8 | CVE-2026-0836 | VDB-340436 | UTT è¿›å– 520W formConfigFastDirectionW strcpy buffer overflow VDB-340436 | CTI Indicators (IOB, IOC, IOA) Submit #729018 | UTT è¿›å– 520W v3v1.7.7-180627 Buffer Overflow https://github.com/Lena-lyy/cve/blob/main/1223/26.md |
| UTT– 520W | A vulnerability was identified in UTT è¿›å– 520W 1.7.7-180627. This affects the function strcpy of the file /goform/formFireWall. Such manipulation of the argument GroupName leads to buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2026-01-11 | 8.8 | CVE-2026-0837 | VDB-340437 | UTT è¿›å– 520W formFireWall strcpy buffer overflow VDB-340437 | CTI Indicators (IOB, IOC, IOA) Submit #729019 | UTT è¿›å– 520W v3v1.7.7-180627 Buffer Overflow https://github.com/Lena-lyy/cve/blob/main/1223/27.md |
| UTT– 520W | A security flaw has been discovered in UTT è¿›å– 520W 1.7.7-180627. This impacts the function strcpy of the file /goform/ConfigWirelessBase. Performing a manipulation of the argument ssid results in buffer overflow. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | 2026-01-11 | 8.8 | CVE-2026-0838 | VDB-340438 | UTT è¿›å– 520W ConfigWirelessBase strcpy buffer overflow VDB-340438 | CTI Indicators (IOB, IOC, IOA) Submit #729020 | UTT è¿›å– 520W v3v1.7.7-180627 Buffer Overflow https://github.com/Lena-lyy/cve/blob/main/1223/28.md |
| UTT– 520W | A weakness has been identified in UTT è¿›å– 520W 1.7.7-180627. Affected is the function strcpy of the file /goform/APSecurity. Executing a manipulation of the argument wepkey1 can lead to buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | 2026-01-11 | 8.8 | CVE-2026-0839 | VDB-340439 | UTT è¿›å– 520W APSecurity strcpy buffer overflow VDB-340439 | CTI Indicators (IOB, IOC, IOA) Submit #729028 | UTT è¿›å– 520W v3v1.7.7-180627 Buffer Overflow https://github.com/GUOTINGTING2297/cve/blob/main/1234/29.md |
| UTT– 520W | A security vulnerability has been detected in UTT è¿›å– 520W 1.7.7-180627. Affected by this vulnerability is the function strcpy of the file /goform/formConfigNoticeConfig. The manipulation of the argument timestart leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2026-01-11 | 8.8 | CVE-2026-0840 | VDB-340440 | UTT è¿›å– 520W formConfigNoticeConfig strcpy buffer overflow VDB-340440 | CTI Indicators (IOB, IOC, IOA) Submit #729029 | UTT è¿›å– 520W v3v1.7.7-180627 Buffer Overflow https://github.com/GUOTINGTING2297/cve/blob/main/1234/30.md |
| UTT– 520W | A vulnerability was detected in UTT è¿›å– 520W 1.7.7-180627. Affected by this issue is the function strcpy of the file /goform/formPictureUrl. The manipulation of the argument importpictureurl results in buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2026-01-11 | 8.8 | CVE-2026-0841 | VDB-340441 | UTT è¿›å– 520W formPictureUrl strcpy buffer overflow VDB-340441 | CTI Indicators (IOB, IOC, IOA) Submit #729030 | UTT è¿›å– 520W v3v1.7.7-180627 Buffer Overflow https://github.com/GUOTINGTING2297/cve/blob/main/1234/31.md |
| Veeam–Backup And Recovery | This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as root by creating a malicious backup configuration file. | 2026-01-08 | 7.8 | CVE-2025-55125 | https://www.veeam.com/kb4792 |
| Veeam–Backup and Recovery | This vulnerability allows a Backup Administrator to perform remote code execution (RCE) as the postgres user by sending a malicious password parameter. | 2026-01-08 | 9 | CVE-2025-59468 | https://www.veeam.com/kb4792 |
| Veeam–Backup and Recovery | This vulnerability allows a Backup or Tape Operator to write files as root. | 2026-01-08 | 9 | CVE-2025-59469 | https://www.veeam.com/kb4792 |
| Veeam–Backup and Recovery | This vulnerability allows a Backup Operator to perform remote code execution (RCE) as the postgres user by sending a malicious interval or order parameter. | 2026-01-08 | 9 | CVE-2025-59470 | https://www.veeam.com/kb4792 |
| vega–vega | Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to versions 6.1.2 and 5.6.3, applications meeting two conditions are at risk of arbitrary JavaScript code execution, even if “safe mode” expressionInterpreter is used. First, they use `vega` in an application that attaches both `vega` library and a `vega.View` instance similar to the Vega Editor to the global `window`, or has any other satisfactory function gadgets in the global scope. Second, they allow user-defined Vega `JSON` definitions (vs JSON that was is only provided through source code). This vulnerability allows for DOM XSS, potentially stored, potentially reflected, depending on how the library is being used. The vulnerability requires user interaction with the page to trigger. An attacker can exploit this issue by tricking a user into opening a malicious Vega specification. Successful exploitation allows the attacker to execute arbitrary JavaScript in the context of the application’s domain. This can lead to theft of sensitive information such as authentication tokens, manipulation of data displayed to the user, or execution of unauthorized actions on behalf of the victim. This exploit compromises confidentiality and integrity of impacted applications.Patched versions are available in `vega-selections@6.1.2` (requires ESM) for Vega v6 and `vega-selections@5.6.3` (no ESM needed) for Vega v5. As a workaround, do not attach `vega` or `vega.View` instances to global variables or the window as the editor used to do. This is a development-only debugging practice that should not be used in any situation where Vega/Vega-lite definitions can come from untrusted parties. | 2026-01-05 | 8.1 | CVE-2025-65110 | https://github.com/vega/vega/security/advisories/GHSA-829q-m3qg-ph8r |
| vega–vega | vega-functions provides function implementations for the Vega expression language. Prior to version 6.1.1, for sites that allow users to supply untrusted user input, malicious use of an internal function (not part of the public API) could be used to run unintentional javascript (XSS). This issue is fixed in vega-functions `6.1.1`. There is no workaround besides upgrading. Using `vega.expressionInterpreter` as described in CSP safe mode does not prevent this issue. | 2026-01-05 | 7.2 | CVE-2025-66648 | https://github.com/vega/vega/security/advisories/GHSA-m9rg-mr6g-75gm |
| veronalabs–SlimStat Analytics | The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘notes’ and ‘resource’ parameters in all versions up to, and including, 5.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever an administrator accesses the Recent Custom Events report. | 2026-01-09 | 7.2 | CVE-2025-15055 | https://www.wordfence.com/threat-intel/vulnerabilities/id/afbfabfc-b923-4fe9-9e8f-0cf159f488db?source=cve https://plugins.trac.wordpress.org/changeset/3429990/wp-slimstat |
| veronalabs–SlimStat Analytics | The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `fh` (fingerprint) parameter in all versions up to, and including, 5.3.3. This is due to insufficient input sanitization and output escaping on the fingerprint value stored in the database. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever an administrator views the Real-time Access Log report. | 2026-01-09 | 7.2 | CVE-2025-15057 | https://www.wordfence.com/threat-intel/vulnerabilities/id/90920df9-1362-466b-b14b-4714087f556b?source=cve https://plugins.trac.wordpress.org/changeset/3428488/wp-slimstat |
| Waituk–Entrada | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Waituk Entrada allows SQL Injection.This issue affects Entrada: from n/a through 5.7.7. | 2026-01-05 | 9.3 | CVE-2025-39484 | https://vdp.patchstack.com/database/wordpress/theme/entrada/vulnerability/wordpress-entrada-theme-5-7-7-sql-injection-vulnerability?_s_id=cve |
| webrndexperts–Latest Registered Users | The Latest Registered Users plugin for WordPress is vulnerable to unauthorized user data export in all versions up to, and including, 1.4. This is due to missing authorization and nonce validation in the rnd_handle_form_submit function hooked to both admin_post_my_simple_form and admin_post_nopriv_my_simple_form actions. This makes it possible for unauthenticated attackers to export complete user details (excluding passwords and sensitive tokens) in CSV format via the ‘action’ parameter. | 2026-01-07 | 7.5 | CVE-2025-13493 | https://www.wordfence.com/threat-intel/vulnerabilities/id/e6139543-81e3-480a-93a4-1d87b3f3f51e?source=cve https://plugins.trac.wordpress.org/browser/latest-registered-users/trunk/latest-registered-users.php#L246 https://plugins.trac.wordpress.org/browser/latest-registered-users/tags/1.4/latest-registered-users.php#L246 https://plugins.trac.wordpress.org/browser/latest-registered-users/trunk/latest-registered-users.php#L66 |
| WHILL–Model C2 Electric Wheelchair | WHILL Model C2 Electric Wheelchairs and Model F Power Chairs do not enforce authentication for Bluetooth connections. An attacker within range can pair with the device and issue movement commands, override speed restrictions, and manipulate configuration profiles without any credentials or user interaction. | 2026-01-05 | 9.8 | CVE-2025-14346 | https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-364-01 |
| woocommerce–WooCommerce Square | The WooCommerce Square plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.1 via the get_token_by_id function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to expose arbitrary Square “ccof” (credit card on file) values and leverage this value to potentially make fraudulent charges on the target site. | 2026-01-10 | 7.5 | CVE-2025-13457 | https://www.wordfence.com/threat-intel/vulnerabilities/id/c7f4f726-7e53-4397-8d8b-7a574326adc6?source=cve https://plugins.trac.wordpress.org/changeset/3415850/woocommerce-square |
| WPweb–Follow My Blog Post | Missing Authorization vulnerability in WPweb Follow My Blog Post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Follow My Blog Post: from n/a through 2.4.0. | 2026-01-05 | 7.5 | CVE-2025-68547 | https://vdp.patchstack.com/database/wordpress/plugin/follow-my-blog-post/vulnerability/wordpress-follow-my-blog-post-plugin-2-4-0-arbitrary-content-deletion-vulnerability?_s_id=cve |
| xfinitysoft–Reviewify Review Discounts & Photo/Video Reviews for WooCommerce | The Reviewify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘send_test_email’ AJAX action in all versions up to, and including, 1.0.6. This makes it possible for authenticated attackers, with Contributor-level access and above, to create arbitrary WooCommerce discount coupons, potentially causing financial loss to the store. | 2026-01-07 | 7.5 | CVE-2025-14070 | https://www.wordfence.com/threat-intel/vulnerabilities/id/9db8756a-a177-4d39-b169-dc874cac2b3b?source=cve https://cwe.mitre.org/data/definitions/862.html https://plugins.trac.wordpress.org/browser/review-for-discount/trunk/admin/class-xswcrd-review-discounts-admin.php#L425 https://plugins.trac.wordpress.org/browser/review-for-discount/tags/1.0.6/admin/class-xswcrd-review-discounts-admin.php#L425 |
| xwiki-contrib–macro-fullcalendar | XWiki Full Calendar Macro displays objects from the wiki on the calendar. Prior to version 2.4.5, users with the right to view the Calendar.JSONService page (including guest users) can exploit a SQL injection vulnerability by accessing database info or starting a DoS attack. This issue has been patched in version 2.4.5. | 2026-01-10 | 10 | CVE-2025-65091 | https://github.com/xwiki-contrib/macro-fullcalendar/security/advisories/GHSA-2g22-wg49-fgv5 https://github.com/xwiki-contrib/macro-fullcalendar/commit/5fdcf06a05015786492fda69b4d9dea5460cc994 |
| Yerootech–iDS6 DSSPro Digital Signage System | iDS6 DSSPro Digital Signage System 6.2 contains an improper access control vulnerability that allows authenticated users to elevate privileges through console JavaScript functions. Attackers can create users, modify roles and permissions, and potentially achieve full application takeover by exploiting insecure direct object references. | 2026-01-06 | 8.8 | CVE-2020-36920 | ExploitDB-48992 Archived Yeroo Tech Vendor Homepage Zero Science Lab Disclosure (ZSL-2020-5608) Packet Storm Security Exploit Entry CXSecurity Vulnerability Database Entry IBM X-Force Vulnerability Exchange VulnCheck Advisory: iDS6 DSSPro Digital Signage System 6.2 Privilege Escalation via Access Control |
| yocoadmin–Yoco Payments | The Yoco Payments plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 3.8.8 via the file parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. | 2026-01-07 | 7.5 | CVE-2025-13801 | https://www.wordfence.com/threat-intel/vulnerabilities/id/ad74d5d0-270e-41d3-9596-2f71b05af276?source=cve https://plugins.trac.wordpress.org/browser/yoco-payment-gateway/tags/3.8.8/src/Helpers/Logs.php#L25 https://plugins.trac.wordpress.org/browser/yoco-payment-gateway/tags/3.8.8/src/Helpers/Logs.php#L59 |
| zauberzeug–nicegui | NiceGUI is a Python-based UI framework. From versions 2.22.0 to 3.4.1, an unsafe implementation in the pushstate event listener used by ui.sub_pages allows an attacker to manipulate the fragment identifier of the URL, which they can do despite being cross-site, using an iframe. This issue has been patched in version 3.5.0. | 2026-01-08 | 7.2 | CVE-2026-21873 | https://github.com/zauberzeug/nicegui/security/advisories/GHSA-mhpg-c27v-6mxr https://github.com/zauberzeug/nicegui/releases/tag/v3.5.0 |
| Zenitel–ICX500 | Remote Code Execution vulnerability that allows unauthenticated attackers to inject arbitrary commands into the hostname of the device. | 2026-01-09 | 10 | CVE-2025-64093 | Zenitel Security Advisory |
| Zenitel–ICX500 | This vulnerability allows unauthenticated attackers to inject an SQL request into GET request parameters and directly query the underlying database. | 2026-01-09 | 7.5 | CVE-2025-64092 | Zenitel Security Advisory |
| Zenitel–TCIS-3+ | This vulnerability allows authenticated attackers to execute commands via the hostname of the device. | 2026-01-09 | 10 | CVE-2025-64090 | Zenitel Security Advisory |
| Zenitel–TCIS-3+ | This vulnerability allows authenticated attackers to execute commands via the NTP-configuration of the device. | 2026-01-09 | 8.6 | CVE-2025-64091 | Zenitel Security Advisory |
| Zimbra–Collaboration | Zimbra Collaboration (ZCS) 10 before 10.0.18 and 10.1 before 10.1.13 allows Classic UI stored XSS via Cascading Style Sheets (CSS) @import directives in an HTML e-mail message. | 2026-01-05 | 7.2 | CVE-2025-66376 | https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.13#Security_Fixes https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.18#Security_Fixes |
Medium Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source Info | Patch Info |
|---|---|---|---|---|---|
| aaextensions–AA Block country | The AA Block Country plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 1.0.1. This is due to the plugin trusting user-supplied headers such as HTTP_X_FORWARDED_FOR to determine the client’s IP address without proper validation or considering if the server is behind a trusted proxy. This makes it possible for unauthenticated attackers to bypass IP-based access restrictions by spoofing their IP address via the X-Forwarded-For header. | 2026-01-07 | 5.3 | CVE-2025-13694 | https://www.wordfence.com/threat-intel/vulnerabilities/id/037ac32a-dc2e-4e9f-9318-65dfee1c80e9?source=cve https://plugins.trac.wordpress.org/browser/aa-block-country/trunk/aablockcountry.php#L26 https://plugins.trac.wordpress.org/browser/aa-block-country/tags/1.0.1/aablockcountry.php#L26 |
| ABB–WebPro SNMP Card PowerValue | Improper Check for Unusual or Exceptional Conditions vulnerability in ABB WebPro SNMP Card PowerValue, ABB WebPro SNMP Card PowerValue UL.This issue affects WebPro SNMP Card PowerValue: through 1.1.8.K; WebPro SNMP Card PowerValue UL: through 1.1.8.K. | 2026-01-07 | 6.5 | CVE-2025-4675 | https://search.abb.com/library/Download.aspx?DocumentID=2CRT000009&LanguageCode=en&DocumentPartId=&Action=Launch |
| ABB–WebPro SNMP Card PowerValue | Insufficient Session Expiration vulnerability in ABB WebPro SNMP Card PowerValue, ABB WebPro SNMP Card PowerValue UL.This issue affects WebPro SNMP Card PowerValue: through 1.1.8.K; WebPro SNMP Card PowerValue UL: through 1.1.8.K. | 2026-01-07 | 6.5 | CVE-2025-4677 | https://search.abb.com/library/Download.aspx?DocumentID=2CRT000009&LanguageCode=en&DocumentPartId=&Action=Launch |
| aharonyan–Guest posting / Frontend Posting / Front Editor WP Front User Submit | The Guest posting / Frontend Posting / Front Editor – WP Front User Submit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘/wp-json/bfe/v1/revert’ REST API endpoint in all versions up to, and including, 5.0.0. This makes it possible for unauthenticated attackers to delete arbitrary media attachments. | 2026-01-07 | 5.3 | CVE-2025-13419 | https://www.wordfence.com/threat-intel/vulnerabilities/id/874b3448-df4c-49c4-bf4f-435cf48f6305?source=cve https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3432207%40front-editor&new=3432207%40front-editor&sfp_email=&sfph_mail= |
| ahecht–AH Shortcodes | The AH Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘column’ shortcode attribute in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2026-01-07 | 6.4 | CVE-2025-14109 | https://www.wordfence.com/threat-intel/vulnerabilities/id/0b77243f-f48b-4a94-9d60-bf96dc26fe77?source=cve https://plugins.trac.wordpress.org/browser/ah-shortcodes/trunk/includes/shortcodes.php#L28 https://plugins.trac.wordpress.org/browser/ah-shortcodes/tags/1.0.2/includes/shortcodes.php#L28 |
| airesvsg–ACF to REST API | The ACF to REST API plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.4. This is due to insufficient capability checks in the update_item_permissions_check() method, which only verifies that the current user has the edit_posts capability without checking object-specific permissions (e.g., edit_post($id), edit_user($id), manage_options). This makes it possible for authenticated attackers, with Contributor-level access and above, to modify ACF fields on posts they do not own, any user account, comments, taxonomy terms, and even the global options page via the /wp-json/acf/v3/{type}/{id} endpoints, granted they can authenticate to the site. | 2026-01-07 | 4.3 | CVE-2025-12030 | https://www.wordfence.com/threat-intel/vulnerabilities/id/5ab508fa-298c-48c1-8510-f2e0a881675a?source=cve https://plugins.trac.wordpress.org/browser/acf-to-rest-api/tags/3.3.4/v3/lib/endpoints/class-acf-to-rest-api-controller.php#L108 https://plugins.trac.wordpress.org/browser/acf-to-rest-api/tags/3.3.4/v3/lib/endpoints/class-acf-to-rest-api-controller.php#L120 |
| All-Dynamics Software–enlogic:show Digital Signage System | All-Dynamics Software enlogic:show 2.0.2 contains a session fixation vulnerability that allows attackers to set a predefined PHP session identifier during the login process. Attackers can forge HTTP GET requests to welcome.php with a manipulated session token to bypass authentication and potentially execute cross-site request forgery attacks. | 2026-01-06 | 5.3 | CVE-2020-36913 | Zero Science Lab Disclosure (ZSL-2020-5577) Vendor Changelog for Version 2.0.3 Packet Storm Security Exploit Entry IBM X-Force Vulnerability Database Entry VulnCheck Advisory: All-Dynamics Software enlogic:show 2.0.2 Session Fixation Authentication Bypass |
| alobaidi–The Tooltip | The The Tooltip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘the_tooltip’ shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2026-01-09 | 6.4 | CVE-2025-13908 | https://www.wordfence.com/threat-intel/vulnerabilities/id/d2bac05e-ecd0-427b-90a0-6cf78175cd19?source=cve https://plugins.trac.wordpress.org/browser/the-tooltip/trunk/the-tooltip.php#L92 https://plugins.trac.wordpress.org/browser/the-tooltip/tags/1.0.2/the-tooltip.php#L92 |
| Altera–Quartus Prime Pro | Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro Installer (SFX) on Windows allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 24.1 through 24.3.1. | 2026-01-06 | 6.7 | CVE-2025-14596 | https://www.altera.com/security/security-advisory/asa-0004 |
| Altera–Quartus Prime Pro | Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro on Windows (System Console modules) allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 17.0 through 25.1.1. | 2026-01-06 | 6.7 | CVE-2025-14605 | https://www.altera.com/security/security-advisory/asa-0004 |
| Altera–Quartus Prime Pro | Insecure Temporary File vulnerability in Altera Quartus Prime Pro Installer (SFX) on Windows allows : Use of Predictable File Names.This issue affects Quartus Prime Pro: from 24.1 through 25.1.1. | 2026-01-06 | 6.7 | CVE-2025-14612 | https://www.altera.com/security/security-advisory/asa-0004 |
| Altera–Quartus Prime Standard | Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard Installer (SFX) on Windows, Altera Quartus Prime Lite Installer (SFX) on Windows allows Search Order Hijacking.This issue affects Quartus Prime Standard: from 23.1 through 24.1; Quartus Prime Lite: from 23.1 through 24.1. | 2026-01-06 | 6.7 | CVE-2025-14599 | https://www.altera.com/security/security-advisory/asa-0005 |
| Altera–Quartus Prime Standard | Insecure Temporary File vulnerability in Altera Quartus Prime Standard Installer (SFX) on Windows, Altera Quartus Prime Lite Installer (SFX) on Windows allows Explore for Predictable Temporary File Names.This issue affects Quartus Prime Standard: from 23.1 through 24.1; Quartus Prime Lite: from 23.1 through 24.1. | 2026-01-06 | 6.7 | CVE-2025-14614 | https://www.altera.com/security/security-advisory/asa-0005 |
| Altera–Quartus Prime Standard | Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard on Windows (Nios II Command Shell modules), Altera Quartus Prime Lite on Windows (Nios II Command Shell modules) allows Search Order Hijacking.This issue affects Quartus Prime Standard: from 19.1 through 24.1; Quartus Prime Lite: from 19.1 through 24.1. | 2026-01-06 | 6.7 | CVE-2025-14625 | https://www.altera.com/security/security-advisory/asa-0005 |
| ameliabooking–Booking for Appointments and Events Calendar Amelia | The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on multiple AJAX actions in all versions up to, and including, 1.2.38. This makes it possible for unauthenticated attackers to mark payments as refunded, trigger sending of queued notifications (emails/SMS/WhatsApp), and access debug information among other things. | 2026-01-09 | 5.3 | CVE-2025-14720 | https://www.wordfence.com/threat-intel/vulnerabilities/id/771ed385-587c-400f-89c6-1a827c3e2c79?source=cve https://plugins.trac.wordpress.org/changeset/3429650/ameliabooking/trunk/src/Application/Commands/Square/SquareRefundWebhookCommandHandler.php |
| amirshk–Autogen Headers Menu | The Autogen Headers Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘head_class’ parameter of the ‘autogen_menu’ shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2026-01-09 | 6.4 | CVE-2025-13704 | https://www.wordfence.com/threat-intel/vulnerabilities/id/a63bf106-78cf-441b-a1b3-77ec1cf6c22b?source=cve https://plugins.trac.wordpress.org/browser/autogen-headers-menu/trunk/index.php#L115 https://plugins.trac.wordpress.org/browser/autogen-headers-menu/tags/1.0.1/index.php#L115 https://plugins.trac.wordpress.org/browser/autogen-headers-menu/trunk/index.php#L53 https://plugins.trac.wordpress.org/browser/autogen-headers-menu/tags/1.0.1/index.php#L53 |
| amu02aftab–Client Testimonial Slider | The Client Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘aft_testimonial_meta_name’ custom field in the Client Information metabox in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the injected administrative page. | 2026-01-09 | 6.4 | CVE-2025-13897 | https://www.wordfence.com/threat-intel/vulnerabilities/id/5bf12608-4e02-4b3a-9363-991dca5ee11b?source=cve https://plugins.trac.wordpress.org/browser/wp-client-testimonial/trunk/wp-client-testimonial.php#L117 https://plugins.trac.wordpress.org/browser/wp-client-testimonial/tags/2.0/wp-client-testimonial.php#L117 |
| anand_kumar–Header and Footer Scripts | The Header and Footer Scripts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _inpost_head_script parameter in all versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2026-01-09 | 6.4 | CVE-2025-11453 | https://www.wordfence.com/threat-intel/vulnerabilities/id/d658e087-8cc7-4653-af3c-407b6f73fb7b?source=cve https://plugins.trac.wordpress.org/browser/header-and-footer-scripts/tags/2.2.2/shfs.php#L119 |
| anilankola–Newsletter Email Subscribe | The Newsletter Email Subscribe plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4. This is due to incorrect nonce validation on the nels_settings_page function. This makes it possible for unauthenticated attackers to update plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2026-01-07 | 4.3 | CVE-2025-14904 | https://www.wordfence.com/threat-intel/vulnerabilities/id/00dd9a3c-a9f9-4fd2-9c93-0def42cec496?source=cve https://plugins.trac.wordpress.org/browser/newsletter-email-subscribe/tags/2.4/newsletter-email-subscribe.php#L109 |
| anjan011–Simple User Meta Editor | The Simple User Meta Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user meta value field in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2026-01-07 | 4.4 | CVE-2025-14888 | https://www.wordfence.com/threat-intel/vulnerabilities/id/37342a62-97cd-43ef-af27-33092e840e67?source=cve https://plugins.trac.wordpress.org/browser/simple-user-meta-editor/tags/1.0.0/includes/templates/editor/index.php#L57 |
| anwerashif–xShare | The xShare plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing nonce validation on the ‘xshare_plugin_reset()’ function. This makes it possible for unauthenticated attackers to reset the plugin’s settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2026-01-07 | 4.3 | CVE-2025-13527 | https://www.wordfence.com/threat-intel/vulnerabilities/id/d6006ffe-e2db-477f-8a9f-c0cf0434086b?source=cve https://plugins.trac.wordpress.org/browser/xshare/trunk/index.php#L50 https://plugins.trac.wordpress.org/browser/xshare/tags/1.0.1/index.php#L50 |
| anybodesign–AD Sliding FAQ | The AD Sliding FAQ plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘sliding_faq’ shortcode in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2026-01-07 | 6.4 | CVE-2025-14122 | https://www.wordfence.com/threat-intel/vulnerabilities/id/d6c277f4-28e0-4159-a524-6576d72d2059?source=cve https://plugins.trac.wordpress.org/browser/ad-sliding-faq/trunk/any-sliding-faq.php#L205 https://plugins.trac.wordpress.org/browser/ad-sliding-faq/tags/2.4/any-sliding-faq.php#L205 |
| Arista Networks–EOS | On affected platforms running Arista EOS with MACsec configuration, a specially crafted packet can cause the MACsec process to terminate unexpectedly. Continuous receipt of these packets with certain MACsec configurations can cause longer term disruption of dataplane traffic. | 2026-01-06 | 4.3 | CVE-2025-7048 | https://www.arista.com/en/support/advisories-notices/security-advisory/23120-security-advisory-0132 |
| arraytics–Appointment Booking Calendar WP Timetics Booking Plugin | The Appointment Booking and Scheduling Calendar Plugin – WP Timetics plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the update and register_routes functions in all versions up to, and including, 1.0.36. This makes it possible for unauthenticated attackers to view and modify booking details. | 2026-01-06 | 6.5 | CVE-2025-5919 | https://www.wordfence.com/threat-intel/vulnerabilities/id/d8d50b65-7479-4140-9231-c06c18d8be8f?source=cve https://plugins.trac.wordpress.org/browser/timetics/tags/1.0.36/core/bookings/api-booking.php#L56 https://plugins.trac.wordpress.org/browser/timetics/tags/1.0.36/core/bookings/booking.php#L592 |
| ashishajani–Contact Form vCard Generator | The Contact Form vCard Generator plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ‘wp_gvccf_check_download_request’ function in all versions up to, and including, 2.4. This makes it possible for unauthenticated attackers to export sensitive Contact Form 7 submission data via the ‘wp-gvc-cf-download-id’ parameter, including names, phone numbers, email addresses, and messages. | 2026-01-09 | 5.3 | CVE-2025-13717 | https://www.wordfence.com/threat-intel/vulnerabilities/id/bdde4399-af90-4528-92a4-5176dfa5e453?source=cve https://plugins.trac.wordpress.org/browser/contact-form-vcard-generator/trunk/includes/wp-gvc-cf-settings.php#L13 https://plugins.trac.wordpress.org/browser/contact-form-vcard-generator/tags/2.4/includes/wp-gvc-cf-settings.php#L13 https://plugins.trac.wordpress.org/browser/contact-form-vcard-generator/trunk/includes/wp-gvc-cf-settings.php#L105 https://plugins.trac.wordpress.org/browser/contact-form-vcard-generator/tags/2.4/includes/wp-gvc-cf-settings.php#L105 |
| audrasjb–Key Figures | The Key Figures plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the kf_field_figure_default_color_render function in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2026-01-07 | 4.4 | CVE-2025-14792 | https://www.wordfence.com/threat-intel/vulnerabilities/id/f4943899-a25a-4e50-b33e-139ed5e8f748?source=cve http://plugins.trac.wordpress.org/browser/key-figures/tags/1.1/admin/kf-admin.php#L201 |
| authlib–authlib | Authlib is a Python library which builds OAuth and OpenID Connect servers. In version 1.6.5 and prior, cache-backed state/request-token storage is not tied to the initiating user session, so CSRF is possible for any attacker that has a valid state (easily obtainable via an attacker-initiated authentication flow). When a cache is supplied to the OAuth client registry, FrameworkIntegration.set_state_data writes the entire state blob under _state_{app}_{state}, and get_state_data ignores the caller’s session altogether. This issue has been patched in version 1.6.6. | 2026-01-08 | 5.7 | CVE-2025-68158 | https://github.com/authlib/authlib/security/advisories/GHSA-fg6f-75jq-6523 https://github.com/authlib/authlib/commit/2808378611dd6fb2532b189a9087877d8f0c0489 https://github.com/authlib/authlib/commit/7974f45e4d7492ab5f527577677f2770ce423228 |
| Automattic–WP Job Manager | Cross-Site Request Forgery (CSRF) vulnerability in Automattic WP Job Manager allows Cross Site Request Forgery.This issue affects WP Job Manager: from n/a through 2.0.0. | 2026-01-05 | 5.4 | CVE-2023-52212 | https://vdp.patchstack.com/database/wordpress/plugin/wp-job-manager/vulnerability/wordpress-wp-job-manager-plugin-2-0-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| averta–Depicter Popup & Slider Builder | The Popup and Slider Builder by Depicter – Add Email collecting Popup, Popup Modal, Coupon Popup, Image Slider, Carousel Slider, Post Slider Carousel plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘store’ function of the RulesAjaxController class in all versions up to, and including, 4.0.7. This makes it possible for unauthenticated attackers to update pop-up display settings. | 2026-01-06 | 5.3 | CVE-2025-11370 | https://www.wordfence.com/threat-intel/vulnerabilities/id/d35faf39-4882-4393-9b77-57dc45ac9d04?source=cve https://github.com/nguy3nB4oo11/depicter-vuln-repro/blob/main/RulesAjaxController.php https://github.com/nguy3nB4oo11/depicter-vuln-repro/blob/main/ajax.php https://plugins.trac.wordpress.org/changeset/3428118/depicter/trunk/app/routes/ajax.php |
| averta–Phlox | The Phlox theme for WordPress is vulnerable to Stored Cross-Site Scripting via the `data-caption` HTML attribute in all versions up to, and including, 2.17.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2026-01-06 | 6.4 | CVE-2025-4776 | https://www.wordfence.com/threat-intel/vulnerabilities/id/a49f8150-a27d-4801-8923-31af335c3cbd?source=cve https://themes.trac.wordpress.org/changeset/300858/ |
| averta–Shortcodes and extra features for Phlox theme | The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a combination of the ‘tag’ and ‘title_tag’ parameters in all versions up to, and including, 2.17.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2026-01-10 | 6.4 | CVE-2025-12379 | https://www.wordfence.com/threat-intel/vulnerabilities/id/1144e0d9-692e-45a5-ac63-bcdd64a8bd8a?source=cve https://plugins.trac.wordpress.org/browser/auxin-elements/tags/2.17.12/includes/elementor/widgets/heading-modern.php#L1194 https://plugins.trac.wordpress.org/changeset/3429103/auxin-elements/trunk/includes/elementor/widgets/heading-modern.php |
| averta–Shortcodes and extra features for Phlox theme | The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.17.13 via the auxels_ajax_search due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract titles of draft posts that they should not have access to. | 2026-01-06 | 5.3 | CVE-2025-13215 | https://www.wordfence.com/threat-intel/vulnerabilities/id/7f47ab91-7d91-4231-91ef-66c556ad8496?source=cve https://plugins.trac.wordpress.org/browser/auxin-elements/tags/2.17.12/public/includes/frontend-ajax.php#L348 |
| Awethemes–AweBooking | Insertion of Sensitive Information Into Sent Data vulnerability in Awethemes AweBooking allows Retrieve Embedded Sensitive Data.This issue affects AweBooking: from n/a through 3.2.26. | 2026-01-05 | 6.5 | CVE-2025-68014 | https://vdp.patchstack.com/database/wordpress/plugin/awebooking/vulnerability/wordpress-awebooking-plugin-3-2-26-sensitive-data-exposure-vulnerability?_s_id=cve |
| axllent–mailpit | Mailpit is an email testing tool and API for developers. Prior to version 1.28.2, the Mailpit WebSocket server is configured to accept connections from any origin. This lack of Origin header validation introduces a Cross-Site WebSocket Hijacking (CSWSH) vulnerability. An attacker can host a malicious website that, when visited by a developer running Mailpit locally, establishes a WebSocket connection to the victim’s Mailpit instance (default ws://localhost:8025). This allows the attacker to intercept sensitive data such as email contents, headers, and server statistics in real-time. This issue has been patched in version 1.28.2. | 2026-01-10 | 6.5 | CVE-2026-22689 | https://github.com/axllent/mailpit/security/advisories/GHSA-524m-q5m7-79mm https://github.com/axllent/mailpit/commit/6f1f4f34c98989fd873261018fb73830b30aec3f |
| axllent–mailpit | Mailpit is an email testing tool and API for developers. Versions 1.28.0 and below have a Server-Side Request Forgery (SSRF) vulnerability in the /proxy endpoint, allowing attackers to make requests to internal network resources. The /proxy endpoint validates http:// and https:// schemes, but it does not block internal IP addresses, enabling attackers to access internal services and APIs. This vulnerability is limited to HTTP GET requests with minimal headers. The issue is fixed in version 1.28.1. | 2026-01-07 | 5.8 | CVE-2026-21859 | https://github.com/axllent/mailpit/security/advisories/GHSA-8v65-47jx-7mfr https://github.com/axllent/mailpit/commit/3b9b470c093b3d20b7d751722c1c24f3eed2e19d |
| baqend–Speed Kit | Missing Authorization vulnerability in baqend Speed Kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Speed Kit: from n/a through 2.0.2. | 2026-01-08 | 4.3 | CVE-2026-22487 | https://patchstack.com/database/wordpress/plugin/baqend/vulnerability/wordpress-speed-kit-plugin-2-0-2-broken-access-control-vulnerability?_s_id=cve |
| beshkin–Shabat Keeper | The Shabat Keeper plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $_SERVER[‘PHP_SELF’] parameter in all versions up to, and including, 0.4.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2026-01-09 | 6.1 | CVE-2025-13701 | https://www.wordfence.com/threat-intel/vulnerabilities/id/3aa73be6-0836-4540-8a80-e1da34c0ee0d?source=cve https://plugins.trac.wordpress.org/browser/shabat-keeper/trunk/shabat-keeper.php#L148 https://plugins.trac.wordpress.org/browser/shabat-keeper/tags/0.4.4/shabat-keeper.php#L148 |
| bg5sbk–MiniCMS | A flaw has been found in bg5sbk MiniCMS up to 1.8. Impacted is the function delete_page of the file /minicms/mc-admin/page.php of the component File Recovery Request Handler. This manipulation causes improper authentication. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2026-01-05 | 6.5 | CVE-2025-15455 | VDB-339488 | bg5sbk MiniCMS File Recovery Request page.php delete_page improper authentication VDB-339488 | CTI Indicators (IOB, IOC, IOA) Submit #725137 | MiniCMS https://github.com/bg5sbk/MiniCMS V1.8 Unauthorized page deletion https://github.com/ueh1013/VULN/issues/14 |
| BiggiDroid–Simple PHP CMS | A vulnerability was found in BiggiDroid Simple PHP CMS 1.0. This impacts an unknown function of the file /admin/editsite.php. The manipulation of the argument image results in unrestricted upload. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2026-01-09 | 4.7 | CVE-2025-15495 | VDB-340273 | BiggiDroid Simple PHP CMS editsite.php unrestricted upload VDB-340273 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #725890 | BiggiDroid Simple PHP CMS 1.0 Unrestricted Upload Submit #726040 | BiggiDroid Simple PHP CMS 1.0 Unrestricted Upload (Duplicate) https://gitee.com/hdert/ck/issues/IDGO28 https://github.com/Asim-QAZi/RCE-Simplephpblog-biggiedroid |
| bitpressadmin–Bit Form Custom Contact Form, Multi Step, Conversational Form & Payment Form builder | The Bit Form – Contact Form Plugin plugin for WordPress is vulnerable to unauthorized workflow execution due to missing authorization in the triggerWorkFlow function in all versions up to, and including, 2.21.6. This is due to a logic flaw in the nonce verification where the security check only blocks requests when both the nonce verification fails and the user is logged in. This makes it possible for unauthenticated attackers to replay form workflow executions and trigger all configured integrations including webhooks, email notifications, CRM integrations, and automation platforms via the bitforms_trigger_workflow AJAX action granted they can obtain the entry ID and log IDs from a legitimate form submission response. | 2026-01-07 | 6.5 | CVE-2025-14901 | https://www.wordfence.com/threat-intel/vulnerabilities/id/0402e4a6-73ba-49e6-bf80-997ac83b4cfe?source=cve https://plugins.trac.wordpress.org/browser/bit-form/tags/2.21.6/includes/Frontend/Ajax/FrontendAjax.php#L146 https://plugins.trac.wordpress.org/browser/bit-form/tags/2.21.6/includes/Frontend/Ajax/FrontendAjax.php#L30 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3429172%40bit-form%2Ftrunk&old=3420966%40bit-form%2Ftrunk&sfp_email=&sfph_mail=#file827 |
| bluelabsio–records-mover | A weakness has been identified in bluelabsio records-mover up to 1.5.4. The affected element is an unknown function of the component Table Object Handler. This manipulation causes sql injection. The attack needs to be launched locally. Upgrading to version 1.6.0 is sufficient to fix this issue. Patch name: 3f8383aa89f45d861ca081e3e9fd2cc9d0b5dfaa. You should upgrade the affected component. | 2026-01-07 | 5.3 | CVE-2023-7333 | VDB-339566 | bluelabsio records-mover Table Object sql injection VDB-339566 | CTI Indicators (IOB, IOC, TTP) https://github.com/bluelabsio/records-mover/pull/254 https://github.com/bluelabsio/records-mover/commit/3f8383aa89f45d861ca081e3e9fd2cc9d0b5dfaa https://github.com/bluelabsio/records-mover/releases/tag/v1.6.0 |
| bruterdregz–Contact Us Simple Form | The Contact Us Simple Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2026-01-07 | 4.4 | CVE-2025-14028 | https://www.wordfence.com/threat-intel/vulnerabilities/id/2c78ab13-22ed-4f00-b132-c9ff99c51273?source=cve https://plugins.trac.wordpress.org/browser/contact-us-simple-form/trunk/contact-us-simple-form.php#L223 https://plugins.trac.wordpress.org/browser/contact-us-simple-form/tags/1.0/contact-us-simple-form.php#L223 https://plugins.trac.wordpress.org/browser/contact-us-simple-form/trunk/contact-us-simple-form.php#L239 https://plugins.trac.wordpress.org/browser/contact-us-simple-form/tags/1.0/contact-us-simple-form.php#L239 |
| BuddyDev–MediaPress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in BuddyDev MediaPress allows Stored XSS.This issue affects MediaPress: from n/a through 1.6.2. | 2026-01-08 | 6.5 | CVE-2026-22519 | https://patchstack.com/database/wordpress/plugin/mediapress/vulnerability/wordpress-mediapress-plugin-1-6-1-cross-site-scripting-xss-vulnerability?_s_id=cve |
| buddydev–MediaPress | The MediaPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s mpp-uploader shortcode in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2026-01-06 | 6.4 | CVE-2025-14552 | https://www.wordfence.com/threat-intel/vulnerabilities/id/82b5ade8-582e-4440-b043-d30e757c9467?source=cve https://plugins.trac.wordpress.org/browser/mediapress/tags/1.6.1/core/gallery/mpp-gallery-template-tags.php#L665 |
| burtrw–Lesson Plan Book | The Lesson Plan Book plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER[‘PHP_SELF’]` variable in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2026-01-09 | 6.1 | CVE-2025-13893 | https://www.wordfence.com/threat-intel/vulnerabilities/id/18696937-5cc5-4e14-940d-fc25468377a3?source=cve https://plugins.trac.wordpress.org/browser/lesson-plan-book/trunk/lesson.php#L719 https://plugins.trac.wordpress.org/browser/lesson-plan-book/trunk/lesson.php#L1776 https://plugins.trac.wordpress.org/browser/lesson-plan-book/trunk/lesson.php#L1910 |
| bww–URL Image Importer | The URL Image Importer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.7 due to insufficient sanitization of SVG files. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2026-01-06 | 6.4 | CVE-2025-14120 | https://www.wordfence.com/threat-intel/vulnerabilities/id/8704320e-9624-4924-92e8-adb61356aecb?source=cve https://plugins.trac.wordpress.org/browser/url-image-importer/trunk/url-image-importer.php#L176 https://plugins.trac.wordpress.org/browser/url-image-importer/tags/1.0.7/url-image-importer.php#L176 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3429292%40url-image-importer&new=3429292%40url-image-importer&sfp_email=&sfph_mail= |
| callumalden–Starred Review | The Starred Review plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the PHP_SELF variable in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2026-01-07 | 6.1 | CVE-2025-14118 | https://www.wordfence.com/threat-intel/vulnerabilities/id/2eb65c25-9400-4c5a-a4b2-b72628725500?source=cve https://plugins.trac.wordpress.org/browser/starred-review/trunk/starred-review.php#L29 https://plugins.trac.wordpress.org/browser/starred-review/tags/1.4.2/starred-review.php#L29 |
| Campcodes–Supplier Management System | A flaw has been found in Campcodes Supplier Management System 1.0. Affected by this issue is some unknown functionality of the file /retailer/edit_profile.php. This manipulation of the argument txtRetailerAddress causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used. | 2026-01-05 | 6.3 | CVE-2026-0597 | VDB-339506 | Campcodes Supplier Management System edit_profile.php sql injection VDB-339506 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #731433 | campcodes Supplier Management System 1.0 SQL Injection https://github.com/dhy-spec/cve/issues/1 https://www.campcodes.com/ |
| carboneio–carbone | A weakness has been identified in carboneio carbone up to fbcd349077ad0e8748be73eab2a82ea92b6f8a7e. This impacts an unknown function of the file lib/input.js of the component Formatter Handler. Executing a manipulation can lead to improperly controlled modification of object prototype attributes. The attack can be launched remotely. This attack is characterized by high complexity. The exploitability is said to be difficult. Upgrading to version 3.5.6 will fix this issue. This patch is called 04f9feb24bfca23567706392f9ad2c53bbe4134e. You should upgrade the affected component. A successful exploitation can “only occur if the parent NodeJS application has the same security issue”. | 2026-01-07 | 5 | CVE-2024-14020 | VDB-339503 | carboneio carbone Formatter input.js prototype pollution VDB-339503 | CTI Indicators (IOB, IOC, TTP, IOA) https://github.com/carboneio/carbone/commit/04f9feb24bfca23567706392f9ad2c53bbe4134e https://github.com/carboneio/carbone/releases/tag/3.5.6 |
| cbutlerjr–WP-Members Membership Plugin | The WP-Members Membership Plugin for WordPress is vulnerable to unauthorized file access in versions up to, and including, 3.5.4.4. This is due to storing user-uploaded files in predictable directories (wp-content/uploads/wpmembers/user_files/<user_id>/) without implementing proper access controls beyond basic directory listing protection (.htaccess with Options -Indexes). This makes it possible for unauthenticated attackers to directly access and download sensitive documents uploaded by site users via direct URL access, granted they can guess or enumerate user IDs and filenames. | 2026-01-07 | 5.3 | CVE-2025-12648 | https://www.wordfence.com/threat-intel/vulnerabilities/id/9d0154fd-0cab-4445-a92e-c44ae9931479?source=cve https://plugins.trac.wordpress.org/browser/wp-members/trunk/includes/class-wp-members-forms.php#L604 https://plugins.trac.wordpress.org/browser/wp-members/trunk/includes/admin/class-wp-members-admin-api.php#L707 https://plugins.trac.wordpress.org/changeset/3427043/wp-members/trunk/includes/class-wp-members-forms.php |
| Centreon–Infra Monitoring | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Centreon Infra Monitoring (DSM extenstio configuration modules) allows Stored XSS to user with elevated privileges. This issue affects Infra Monitoring: from 25.10.0 before 25.10.1, from 24.10.0 before 24.10.4, from 24.04.0 before 24.04.8. | 2026-01-05 | 6.8 | CVE-2025-12511 | https://github.com/centreon/centreon/releases https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-12511-centreon-dsm-medium-severity-5361 |
| Centreon–Infra Monitoring | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Centreon Infra Monitoring (Hosts configuration form modules) allows Stored XSS to users with high privileges. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19. | 2026-01-05 | 6.8 | CVE-2025-12513 | https://github.com/centreon/centreon/releases https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-12513-centreon-web-medium-severity-5360 |
| Centreon–Infra Monitoring | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Centreon Infra Monitoring (Administration ACL menu configuration modules) allows Stored XSS to users with high privileges. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19. | 2026-01-05 | 6.8 | CVE-2025-13056 | https://github.com/centreon/centreon/releases https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-13056-centreon-web-medium-severity-5358 |
| Centreon–Infra Monitoring | Missing Authorization vulnerability in Centreon Infra Monitoring (Administration parameters API endpoint modules) allows Accessing Functionality Not Properly Constrained by ACLs, resulting in Information Disclosure like downtime or acknowledgement configurations. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.15, from 24.04.0 before 24.04.19. | 2026-01-05 | 5.3 | CVE-2025-12519 | https://github.com/centreon/centreon/releases https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-12519-centreon-web-medium-severity-5359 |
| charmbracelet–soft-serve | Soft Serve is a self-hostable Git server for the command line. Prior to version 0.11.2, an authorization bypass in the LFS lock deletion endpoint allows any authenticated user with repository write access to delete locks owned by other users by setting the force flag. The vulnerable code path processes force deletions before retrieving user context, bypassing ownership validation entirely. This issue has been patched in version 0.11.2. | 2026-01-08 | 5.4 | CVE-2026-22253 | https://github.com/charmbracelet/soft-serve/security/advisories/GHSA-6jm8-x3g6-r33j https://github.com/charmbracelet/soft-serve/commit/000ab5164f0be68cf1ea6b6e7227f11c0e388a42 |
| chrisblackwell–1180px Shortcodes | The 1180px Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class’ shortcode attribute in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2026-01-07 | 6.4 | CVE-2025-14114 | https://www.wordfence.com/threat-intel/vulnerabilities/id/ddf2ca43-a1d5-4809-b8ad-916b23f71a7d?source=cve https://plugins.trac.wordpress.org/browser/1180px-shortcodes/trunk/1180px.php#L115 https://plugins.trac.wordpress.org/browser/1180px-shortcodes/tags/1.1.1/1180px.php#L115 |
| Cisco–Cisco Identity Services Engine Software | A vulnerability in the licensing features of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker with administrative privileges to gain access to sensitive information. This vulnerability is due to improper parsing of XML that is processed by the web-based management interface of Cisco ISE and Cisco ISE-PIC. An attacker could exploit this vulnerability by uploading a malicious file to the application. A successful exploit could allow the attacker to read arbitrary files from the underlying operating system that could include sensitive data that should otherwise be inaccessible even to administrators. To exploit this vulnerability, the attacker must have valid administrative credentials. | 2026-01-07 | 4.9 | CVE-2026-20029 | cisco-sa-ise-xxe-jWSbSDKt |
| Cisco–Cisco Secure Firewall Threat Defense (FTD) Software | Multiple Cisco products are affected by a vulnerability in the processing of DCE/RPC requests that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to leak sensitive information or to restart, resulting in an interruption of packet inspection. This vulnerability is due to an error in buffer handling logic when processing DCE/RPC requests, which can result in a buffer use-after-free read. An attacker could exploit this vulnerability by sending a large number of DCE/RPC requests through an established connection that is inspected by Snort 3. A successful exploit could allow the attacker to unexpectedly restart the Snort 3 Detection Engine, which could cause a denial of service (DoS). | 2026-01-07 | 5.8 | CVE-2026-20026 | cisco-sa-snort3-dcerpc-vulns-J9HNF4tH |
| Cisco–Cisco Secure Firewall Threat Defense (FTD) Software | Multiple Cisco products are affected by a vulnerability in the processing of DCE/RPC requests that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to leak sensitive information or to restart, resulting in an interruption of packet inspection. This vulnerability is due to an error in buffer handling logic when processing DCE/RPC requests, which can result in a buffer out-of-bounds read. An attacker could exploit this vulnerability by sending a large number of DCE/RPC requests through an established connection that is inspected by Snort 3. A successful exploit could allow the attacker to obtain sensitive information in the Snort 3 data stream. | 2026-01-07 | 5.3 | CVE-2026-20027 | cisco-sa-snort3-dcerpc-vulns-J9HNF4tH |
| cld378632668–JavaMall | A vulnerability was found in cld378632668 JavaMall up to 994f1e2b019378ec9444cdf3fce2d5b5f72d28f0. This impacts the function Upload of the file src/main/java/com/macro/mall/controller/MinioController.java. The manipulation results in unrestricted upload. It is possible to launch the attack remotely. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way. | 2026-01-05 | 6.3 | CVE-2025-15448 | VDB-339481 | cld378632668 JavaMall MinioController.java upload unrestricted upload VDB-339481 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #721997 | https://github.com/cld378632668/JavaMall JavaMall 1.0 Upload any file https://github.com/zyhzheng500-maker/cve/blob/main/javamall%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0.md |
| cld378632668–JavaMall | A vulnerability was determined in cld378632668 JavaMall up to 994f1e2b019378ec9444cdf3fce2d5b5f72d28f0. Affected is the function delete of the file src/main/java/com/macro/mall/controller/MinioController.java. This manipulation of the argument objectName causes path traversal. The attack can be initiated remotely. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way. | 2026-01-05 | 5.4 | CVE-2025-15449 | VDB-339482 | cld378632668 JavaMall MinioController.java delete path traversal VDB-339482 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #722000 | https://github.com/cld378632668/JavaMall JavaMall 1.0 Delete any file https://github.com/zyhzheng500-maker/cve/blob/main/JavaMall%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E5%88%A0%E9%99%A4.md |
| clevelandwebdeveloper–Smart App Banners | The Smart App Banners plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘size’ and ‘verticalalign’ parameters of the ‘app-store-download’ shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2026-01-07 | 6.4 | CVE-2025-13841 | https://www.wordfence.com/threat-intel/vulnerabilities/id/add85b9b-3a4d-4c46-a90f-10c9645e249d?source=cve https://plugins.trac.wordpress.org/browser/smart-app-banners/trunk/index.php#L321 https://plugins.trac.wordpress.org/browser/smart-app-banners/tags/1.2/index.php#L321 |
| code-projects–Intern Membership Management System | A flaw has been found in code-projects Intern Membership Management System 1.0. The impacted element is an unknown function of the file /intern/admin/edit_admin.php. This manipulation of the argument admin_id causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used. | 2026-01-08 | 4.7 | CVE-2026-0697 | VDB-339974 | code-projects Intern Membership Management System edit_admin.php sql injection VDB-339974 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #732998 | code-projects Intern Membership Management System 1.0 SQL injection https://github.com/xkalami-Tta0/CVE/blob/main/Intern%20Membership%20Management%20System/Intern%20Membership%20Management%20System%20admin.php%20sql%20injection1.md https://code-projects.org/ |
| code-projects–Intern Membership Management System | A vulnerability has been found in code-projects Intern Membership Management System 1.0. This affects an unknown function of the file /intern/admin/edit_students.php. Such manipulation of the argument admin_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2026-01-08 | 4.7 | CVE-2026-0698 | VDB-339975 | code-projects Intern Membership Management System edit_students.php sql injection VDB-339975 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #732999 | code-projects Intern Membership Management System 1.0 SQL injection https://github.com/xkalami-Tta0/CVE/blob/main/Intern%20Membership%20Management%20System/Intern%20Membership%20Management%20System%20students_details.php%20sql%20injection.md https://code-projects.org/ |
| code-projects–Intern Membership Management System | A vulnerability was found in code-projects Intern Membership Management System 1.0. This impacts an unknown function of the file /intern/admin/edit_activity.php. Performing a manipulation of the argument activity_id results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used. | 2026-01-08 | 4.7 | CVE-2026-0699 | VDB-339976 | code-projects Intern Membership Management System edit_activity.php sql injection VDB-339976 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #733000 | code-projects Intern Membership Management System activity.php 1.0 SQL injection https://github.com/xkalami-Tta0/CVE/blob/main/Intern%20Membership%20Management%20System/Intern%20Membership%20Management%20System%20activity.php%20sql%20injection.md https://code-projects.org/ |
| code-projects–Intern Membership Management System | A vulnerability was identified in code-projects Intern Membership Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /intern/admin/add_admin.php. The manipulation of the argument Username leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. | 2026-01-08 | 4.7 | CVE-2026-0701 | VDB-339978 | code-projects Intern Membership Management System add_admin.php sql injection VDB-339978 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #733002 | code-projects Intern Membership Management System add_admin.php v1.0 sql injection https://github.com/xkalami-Tta0/CVE/blob/main/Intern%20Membership%20Management%20System/Intern%20Membership%20Management%20System%20add_admin.php%20sql%20injection.md https://code-projects.org/ |
| code-projects–Intern Membership Management System | A security vulnerability has been detected in code-projects Intern Membership Management System 1.0. This issue affects some unknown processing of the file /intern/admin/delete_admin.php. Such manipulation of the argument admin_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. | 2026-01-08 | 4.7 | CVE-2026-0728 | VDB-340125 | code-projects Intern Membership Management System delete_admin.php sql injection VDB-340125 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #733003 | code-projects Intern Membership Management System delete_admin.php v1.0 SQL injection https://github.com/xkalami-Tta0/CVE/blob/main/Intern%20Membership%20Management%20System/Intern%20Membership%20Management%20System%20delete_admin.php%20sql%20injection.md https://code-projects.org/ |
| code-projects–Intern Membership Management System | A vulnerability was detected in code-projects Intern Membership Management System 1.0. Impacted is an unknown function of the file /intern/admin/add_activity.php. Performing a manipulation of the argument Title results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. | 2026-01-08 | 4.7 | CVE-2026-0729 | VDB-340126 | code-projects Intern Membership Management System add_activity.php sql injection VDB-340126 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #733004 | code-projects Intern Membership Management System add_activity.php v1.0 SQL injection https://github.com/xkalami-Tta0/CVE/blob/main/Intern%20Membership%20Management%20System/Intern%20Membership%20Management%20System%20add_activity.php%20sql%20injection.md https://code-projects.org/ |
| code-projects–Intern Membership Management System | A vulnerability was determined in code-projects Intern Membership Management System 1.0. Impacted is an unknown function of the file /admin/delete_activity.php. Executing a manipulation of the argument activity_id can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. | 2026-01-11 | 4.7 | CVE-2026-0850 | VDB-340445 | code-projects Intern Membership Management System delete_activity.php sql injection VDB-340445 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #733486 | code-projects Intern Membership Management System delete_activity.php v1.0 SQL injection https://github.com/xkalami-Tta0/CVE/blob/main/Intern%20Membership%20Management%20System/Intern%20Membership%20Management%20System%20delete_activity.php%20sql%20injection.md https://code-projects.org/ |
| code-projects–Online Product Reservation System | A weakness has been identified in code-projects Online Product Reservation System 1.0. This issue affects some unknown processing of the file app/products/left_cart.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. | 2026-01-05 | 6.3 | CVE-2026-0584 | VDB-339476 | code-projects Online Product Reservation System left_cart.php sql injection VDB-339476 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #731095 | code-projects Online Product Reservation system in PHP with source code V1.0 SQL Injection https://github.com/foeCat/CVE/blob/main/OnlineProductReservation_PHP/sqli_left_cart.php.md https://github.com/foeCat/CVE/blob/main/OnlineProductReservation_PHP/sqli_left_cart.php.md#poc https://code-projects.org/ |
| code-projects–Online Product Reservation System | A vulnerability was determined in code-projects Online Product Reservation System 1.0. The affected element is an unknown function of the file /app/checkout/delete.php of the component POST Parameter Handler. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. | 2026-01-05 | 6.3 | CVE-2026-0590 | VDB-339500 | code-projects Online Product Reservation System POST Parameter delete.php sql injection VDB-339500 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #731128 | code-projects Online Product Reservation System V1.0 SQL Injection https://github.com/foeCat/CVE/blob/main/OnlineProductReservation_PHP/sqli_checkout_delete.php.md https://github.com/foeCat/CVE/blob/main/OnlineProductReservation_PHP/sqli_checkout_delete.php.md#poc https://code-projects.org/ |
| code-projects–Online Product Reservation System | A vulnerability was identified in code-projects Online Product Reservation System 1.0. The impacted element is an unknown function of the file /app/checkout/update.php of the component Cart Update Handler. Such manipulation of the argument id/qty leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used. | 2026-01-05 | 6.3 | CVE-2026-0591 | VDB-339501 | code-projects Online Product Reservation System Cart Update update.php sql injection VDB-339501 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #731129 | code-projects Online Product Reservation System V1.0 SQL Injection https://github.com/foeCat/CVE/blob/main/OnlineProductReservation_PHP/sqli_checkout_update.php.md https://github.com/foeCat/CVE/blob/main/OnlineProductReservation_PHP/sqli_checkout_update.php.md#poc https://code-projects.org/ |
| code-projects–Online Product Reservation System | A vulnerability was detected in code-projects Online Product Reservation System 1.0. The affected element is an unknown function of the file handgunner-administrator/prod.php. Performing a manipulation of the argument cat results in cross site scripting. The attack is possible to be carried out remotely. The exploit is now public and may be used. | 2026-01-05 | 4.3 | CVE-2026-0586 | VDB-339478 | code-projects Online Product Reservation System prod.php cross site scripting VDB-339478 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #731098 | code-projects Online Product Reservation system in PHP with source code V1.0 Improper Neutralization of Alternate XSS Syntax https://github.com/foeCat/CVE/blob/main/OnlineProductReservation_PHP/xss_prod.php.md https://github.com/foeCat/CVE/blob/main/OnlineProductReservation_PHP/xss_prod.php.md#poc https://code-projects.org/ |
| codeclouds–Unify | The Unify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘init’ action in all versions up to, and including, 3.4.9. This makes it possible for unauthenticated attackers to delete specific plugin options via the ‘unify_plugin_downgrade’ parameter. | 2026-01-07 | 5.3 | CVE-2025-13529 | https://www.wordfence.com/threat-intel/vulnerabilities/id/b5fd4a47-0549-4d03-b81a-ad97d3d5d390?source=cve https://plugins.trac.wordpress.org/browser/unify/trunk/Services/Hooks.php#L154 https://plugins.trac.wordpress.org/browser/unify/tags/3.4.9/Services/Hooks.php#L154 |
| Columbia Weather Systems–MicroServer | MicroServer copies parts of the system firmware to an unencrypted external SD card on boot, which contains user and vendor secrets. An attacker can utilize these plaintext secrets to modify the vendor firmware, or gain admin access to the web portal. | 2026-01-07 | 6.5 | CVE-2025-64305 | https://www.cisa.gov/news-events/ics-advisories/icsa-26-006-01 https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-006-01.json |
| coreshop–CoreShop | CoreShop is a Pimcore enhanced eCommerce solution. Prior to version 4.1.8, a blind SQL injection vulnerability exists in the application that allows an authenticated administrator-level user to extract database contents using boolean-based or time-based techniques. The database account used by the application is read-only and non-DBA, limiting impact to confidential data disclosure only. No data modification or service disruption is possible. This issue has been patched in version 4.1.8. | 2026-01-08 | 4.9 | CVE-2026-22242 | https://github.com/coreshop/CoreShop/security/advisories/GHSA-ch7p-mpv4-4vg4 https://github.com/coreshop/CoreShop/commit/59e84fec59d113952b6d28a9b30c6317f9e6e5dd |
| corsonr–Easy GitHub Gist Shortcodes | The Easy GitHub Gist Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter of the gist shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2026-01-07 | 6.4 | CVE-2025-14147 | https://www.wordfence.com/threat-intel/vulnerabilities/id/b117d77b-2c11-451c-b236-b55e8af68a9a?source=cve https://plugins.trac.wordpress.org/browser/easy-github-gist-shortcodes/trunk/easy-github-gist-shortcodes.php#L24 https://plugins.trac.wordpress.org/browser/easy-github-gist-shortcodes/tags/1.0/easy-github-gist-shortcodes.php#L24 |
| creativemotion–Clearfy Cache WordPress optimization plugin, Minify HTML, CSS & JS, Defer | The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.0. This is due to missing nonce validation on the “wbcr_upm_change_flag” function. This makes it possible for unauthenticated attackers to disable plugin/theme update notifications via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2026-01-09 | 4.3 | CVE-2025-13749 | https://www.wordfence.com/threat-intel/vulnerabilities/id/55750dcf-c6ec-4be6-967f-60bf940fa30e?source=cve https://research.cleantalk.org/cve-2025-13749/ https://plugins.trac.wordpress.org/changeset/3421009/clearfy |
| Crocoblock–JetEngine | Missing Authorization vulnerability in Crocoblock JetEngine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetEngine: from n/a through 3.8.1.1. | 2026-01-07 | 4.3 | CVE-2025-69333 | https://patchstack.com/database/wordpress/plugin/jet-engine/vulnerability/wordpress-jetengine-plugin-3-8-1-1-broken-access-control-vulnerability?_s_id=cve |
| croixhaug–Appointment Booking Calendar Simply Schedule Appointments Booking Plugin | The Appointment Booking Calendar – Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.9.5 via the hash() function due to use of a hardcoded fall-back salt. This makes it possible for unauthenticated attackers to generate a valid token across sites running the plugin that have not manually set a salt in the wp-config.php file and access booking information that will allow them to make modifications. | 2026-01-06 | 6.5 | CVE-2025-11723 | https://www.wordfence.com/threat-intel/vulnerabilities/id/a5f3fbd2-6152-4a89-8fe9-982120d1a640?source=cve https://plugins.trac.wordpress.org/changeset/3393919/ |
| ctietze–PullQuote | The PullQuote plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘pullquote’ shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2026-01-09 | 6.4 | CVE-2025-13903 | https://www.wordfence.com/threat-intel/vulnerabilities/id/0a0ee752-7fc4-46d3-9e0f-8b9317b0ea72?source=cve https://plugins.trac.wordpress.org/browser/pullquote/trunk/includes/core.php#L12 https://plugins.trac.wordpress.org/browser/pullquote/tags/1.0/includes/core.php#L12 |
| cuvixsystem–Post Like Dislike | The Post Like Dislike plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER[‘PHP_SELF’]` variable in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2026-01-07 | 6.1 | CVE-2025-14130 | https://www.wordfence.com/threat-intel/vulnerabilities/id/598529d2-16c7-4bbd-9321-aa338c94eb36?source=cve https://plugins.trac.wordpress.org/browser/post-like-dislike/trunk/post-like-dislike.php#L106 https://plugins.trac.wordpress.org/browser/post-like-dislike/tags/1.0/post-like-dislike.php#L106 |
| cyberlord92–miniOrange OTP Verification and SMS Notification for WooCommerce | The miniOrange OTP Verification and SMS Notification for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `enable_wc_sms_notification` AJAX action in all versions up to, and including, 4.3.8. This makes it possible for unauthenticated attackers to enable or disable SMS notification settings for WooCommerce orders. | 2026-01-10 | 5.3 | CVE-2025-14948 | https://www.wordfence.com/threat-intel/vulnerabilities/id/f84ddc83-2079-45b9-8354-51094581b1f8?source=cve https://plugins.trac.wordpress.org/browser/miniorange-sms-order-notification-otp-verification/tags/4.3.8/notifications/wcsmsnotification/handler/class-woocommercenotifications.php#L138 https://plugins.trac.wordpress.org/browser/miniorange-sms-order-notification-otp-verification?rev=3423647 |
| D-Link–DI-8200G | A vulnerability was found in D-Link DI-8200G 17.12.20A1. This affects an unknown function of the file /upgrade_filter.asp. The manipulation of the argument path results in command injection. The attack may be performed from remote. The exploit has been made public and could be used. | 2026-01-08 | 6.3 | CVE-2026-0732 | VDB-340129 | D-Link DI-8200G upgrade_filter.asp command injection VDB-340129 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #733275 | D-Link DI_8200G Router V17.12.20A1 Command Execution https://github.com/DavCloudz/cve/blob/main/D-link/DI_8200G/DI_8200G%20V17.12.20A1%20Command%20Execution%20Vulnerability/readme.md https://github.com/DavCloudz/cve/blob/main/D-link/DI_8200G/DI_8200G%20V17.12.20A1%20Command%20Execution%20Vulnerability/readme.md#poc https://www.dlink.com/ |
| damienoh–WP Widget Changer | The WP Widget Changer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER[‘PHP_SELF’]` variable in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2026-01-07 | 6.1 | CVE-2025-14131 | https://www.wordfence.com/threat-intel/vulnerabilities/id/699392b4-8270-47b5-90c1-5280d1389586?source=cve https://wordpress.org/plugins/wp-widget-changer/ https://plugins.trac.wordpress.org/browser/wp-widget-changer/trunk/widget_changer.php#L162 https://plugins.trac.wordpress.org/browser/wp-widget-changer/tags/1.2.5/widget_changer.php#L162 |
| danny-avila–LibreChat | LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control when querying agent permissions. An authenticated attacker can read the permissions of arbitrary agents, even if they have no permissions for this agent. LibreChat allows the configuration of agents that have a predefined set of instructions and context. Private agents are not visible to other users. However, if an attacker knows the agent ID, they can read the permissions of the agent including the permissions individually assigned to other users. This issue is fixed in version 0.8.2-rc2. | 2026-01-07 | 4.3 | CVE-2025-69221 | https://github.com/danny-avila/LibreChat/security/advisories/GHSA-5ccx-4r3h-9qc7 https://github.com/danny-avila/LibreChat/commit/06ba025bd95574c815ac6968454be7d3b024391c https://github.com/danny-avila/LibreChat/releases/tag/v0.8.2-rc2 |
| davidangel–PhotoFade | The PhotoFade plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘time’ parameter in all versions up to, and including, 0.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2026-01-07 | 6.4 | CVE-2025-13847 | https://www.wordfence.com/threat-intel/vulnerabilities/id/00145a6b-26fd-4cba-a446-8236438075d8?source=cve https://plugins.trac.wordpress.org/browser/photofade/trunk/photo-fade.php#L96 https://plugins.trac.wordpress.org/browser/photofade/tags/0.2.1/photo-fade.php#L96 |
| debtcom–Debt.com Business in a Box | The Debt.com Business in a Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘configuration’ parameter of the lead_form shortcode in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2026-01-09 | 6.4 | CVE-2025-13852 | https://www.wordfence.com/threat-intel/vulnerabilities/id/1bb58556-29be-4272-85fc-bb2b7c72abf4?source=cve https://plugins.trac.wordpress.org/browser/debtcom-business-in-a-box/trunk/inc/bib_form.php#L256 https://plugins.trac.wordpress.org/browser/debtcom-business-in-a-box/tags/4.1.0/inc/bib_form.php#L256 |
| Dell–PowerProtect Data Domain with Data Domain Operating System (DD OS) Feature Release | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS2023 release versions 7.10.1.0 through 7.10.1.70, contain an Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution. | 2026-01-09 | 6 | CVE-2025-46644 | https://www.dell.com/support/kbdoc/en-us/000405813/dsa-2025-415-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities |
| Dell–PowerProtect Data Domain with Data Domain Operating System (DD OS) Feature Release | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS 2023 release versions 7.10.1.0 through 7.10.1.70, contain an Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. | 2026-01-09 | 6.5 | CVE-2025-46645 | https://www.dell.com/support/kbdoc/en-us/000405813/dsa-2025-415-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities |
| Dell–Secure Connect Gateway (SCG) Appliance | Dell Secure Connect Gateway (SCG) 5.0 Appliance and Application, version(s) versions 5.26 to 5.30, contain(s) an Execution with Unnecessary Privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. | 2026-01-06 | 6.4 | CVE-2025-46696 | https://www.dell.com/support/kbdoc/en-us/000385230/dsa-2025-390-dell-secure-connect-gateway-security-update-for-multiple-vulnerabilities |
| directus–directus | Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11.14.0, an open redirect vulnerability exists in the Directus SAML authentication callback endpoint. During SAML authentication, the `RelayState` parameter is intended to preserve the user’s original destination. However, while the login initiation flow validates redirect targets against allowed domains, this validation is not applied to the callback endpoint. This allows an attacker to craft a malicious authentication request that redirects users to an arbitrary external URL upon completion. The vulnerability is present in both the success and error handling paths of the callback. This vulnerability can be exploited without authentication. Version 11.14.0 contains a patch. | 2026-01-08 | 4.3 | CVE-2026-22032 | https://github.com/directus/directus/security/advisories/GHSA-3573-4c68-g8cc https://github.com/directus/directus/commit/dad9576ea9362905cc4de8028d3877caff36dc23 |
| djrowling–Niche Hero | Beautifully-designed blocks in seconds | The Niche Hero | Beautifully-designed blocks in seconds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘spacing’ parameter of the nh_row shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2026-01-07 | 6.4 | CVE-2025-14145 | https://www.wordfence.com/threat-intel/vulnerabilities/id/52368b7d-5fe2-444c-bd7f-e4385dffa8a9?source=cve https://plugins.trac.wordpress.org/browser/niche-hero/trunk/niche-hero.php#L302 https://plugins.trac.wordpress.org/browser/niche-hero/tags/1.0.5/niche-hero.php#L302 |
| Dokan–Dokan Pro | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Dokan Dokan Pro allows Stored XSS.This issue affects Dokan Pro: from n/a through 3.14.5. | 2026-01-05 | 6.5 | CVE-2025-39497 | https://vdp.patchstack.com/database/wordpress/plugin/dokan-pro/vulnerability/wordpress-dokan-pro-plugin-3-14-5-cross-site-scripting-xss-vulnerability?_s_id=cve |
| enartia–Piraeus Bank WooCommerce Payment Gateway | The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to unauthorized order status modification in all versions up to, and including, 3.1.4. This is due to missing authorization checks on the payment callback endpoint handler when processing the ‘fail’ callback from the payment gateway. This makes it possible for unauthenticated attackers to change any order’s status to ‘failed’ via the publicly accessible WooCommerce API endpoint by providing only the order ID (MerchantReference parameter), which can be easily enumerated as order IDs are sequential integers. This can cause significant business disruption including canceled shipments, inventory issues, and loss of revenue. | 2026-01-07 | 5.3 | CVE-2025-14460 | https://www.wordfence.com/threat-intel/vulnerabilities/id/d7b15198-8f44-4390-862b-35d41eb8a854?source=cve https://plugins.trac.wordpress.org/browser/woo-payment-gateway-for-piraeus-bank/trunk/classes/WC_Piraeusbank_Gateway.php#L821 https://plugins.trac.wordpress.org/browser/woo-payment-gateway-for-piraeus-bank/tags/3.1.4/classes/WC_Piraeusbank_Gateway.php#L821 |
| EngoTheme–Plant – Gardening & Houseplants WordPress Theme | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in EngoTheme Plant – Gardening & Houseplants WordPress Theme allows Retrieve Embedded Sensitive Data.This issue affects Plant – Gardening & Houseplants WordPress Theme: from n/a through 1.0.0. | 2026-01-06 | 5.3 | CVE-2025-31051 | https://patchstack.com/database/wordpress/theme/plant/vulnerability/wordpress-plant-gardening-houseplants-wordpress-theme-1-0-0-sensitive-data-exposure-vulnerability?_s_id=cve |
| expresstech–Quiz and Survey Master (QSM) Easy Quiz and Survey Maker | The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ‘is_linking’ parameter in all versions up to, and including, 10.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2026-01-06 | 6.5 | CVE-2025-9318 | https://www.wordfence.com/threat-intel/vulnerabilities/id/e6524e66-5bd1-4616-8185-c0501a09893e?source=cve https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/10.2.6/php/rest-api.php#L533 |
| expresstech–Quiz and Survey Master (QSM) Easy Quiz and Survey Maker | The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability and status checks on multiple functions in all versions up to, and including, 10.3.1. This makes it possible for unauthenticated attackers to view the details of unpublished, private, or password-protected quizzes, as well as submit file responses to questions from those quizzes, which allow file upload. | 2026-01-06 | 6.5 | CVE-2025-9637 | https://www.wordfence.com/threat-intel/vulnerabilities/id/88a9abf4-62a9-4695-87e7-18ff0b0075e9?source=cve https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/10.2.6/php/classes/class-qmn-quiz-manager.php#L281 https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/10.2.6/php/classes/class-qmn-quiz-manager.php#L1987 https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/10.2.6/php/rest-api.php |
| expresstech–Quiz and Survey Master (QSM) Easy Quiz and Survey Maker | The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the qsm_dashboard_delete_result function in all versions up to, and including, 10.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete quiz results. | 2026-01-06 | 4.3 | CVE-2025-9294 | https://www.wordfence.com/threat-intel/vulnerabilities/id/55895508-d0ef-4855-8d15-b8a45ba0dcb2?source=cve https://plugins.trac.wordpress.org/browser/quiz-master-next/tags/10.2.6/php/admin/options-page-questions-tab.php#L1116 |
| FLIR Systems, Inc.–FLIR Thermal Camera F/FC/PT/D | FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains an information disclosure vulnerability that allows unauthenticated attackers to read arbitrary files through unverified input parameters. Attackers can exploit the /var/www/data/controllers/api/xml.php readFile() function to access local system files without authentication. | 2026-01-07 | 6.2 | CVE-2017-20212 | Zero Science Lab Vulnerability Advisory Exploit Database Entry 42786 Packet Storm Security Exploit Archive CXSecurity Vulnerability Listing Archived FLIR Security Advisory |
| Flycatcher Toys–smART Sketcher | A flaw has been found in Flycatcher Toys smART Sketcher up to 2.0. This affects an unknown part of the component Bluetooth Low Energy Interface. This manipulation causes missing authentication. The attack can only be done within the local network. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2026-01-11 | 6.3 | CVE-2026-0842 | VDB-340442 | Flycatcher Toys smART Sketcher Bluetooth Low Energy missing authentication VDB-340442 | CTI Indicators (IOB, IOC) Submit #729134 | Flycatcher Toys smART Sketcher 2.0 0/1/2 Missing Authentication for Critical Function https://github.com/davidrxchester/smart-sketcher-upload/blob/main/smartsketch-upload.py |
| fpcorso–Testimonial Master | The Testimonial Master plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER[‘PHP_SELF’]` variable in all versions up to, and including, 0.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2026-01-07 | 6.1 | CVE-2025-14127 | https://www.wordfence.com/threat-intel/vulnerabilities/id/15e65a86-db8e-4a4a-b9c6-c688021a514f?source=cve https://wordpress.org/plugins/testimonial-master/ https://plugins.trac.wordpress.org/browser/testimonial-master/trunk/php/tm_help_page.php#L190 https://plugins.trac.wordpress.org/browser/testimonial-master/tags/0.2.1/php/tm_help_page.php#L190 |
| fulippo–WP Status Notifier | The WP Status Notifier plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update the plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2026-01-07 | 4.3 | CVE-2025-13521 | https://www.wordfence.com/threat-intel/vulnerabilities/id/fbffc404-9ea9-4025-8241-2c374b760ca3?source=cve https://plugins.trac.wordpress.org/browser/wp-change-status-notifier/trunk/options-page.php#L2 https://plugins.trac.wordpress.org/browser/wp-change-status-notifier/tags/1.0/options-page.php#L2 |
| furqan-khanzada–Menu Card | The Menu Card plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `category` parameter in all versions up to, and including, 0.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2026-01-09 | 6.4 | CVE-2025-13862 | https://www.wordfence.com/threat-intel/vulnerabilities/id/cec428cd-0fa1-4bc4-b7f6-faf90c31f306?source=cve https://plugins.trac.wordpress.org/browser/menu-card/trunk/menu-card.php#L102 https://plugins.trac.wordpress.org/browser/menu-card/tags/0.8.0/menu-card.php#L102 |
| galdub–Folders Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager | The Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin for WordPress is vulnerable to Unauthorized Arbitrary Media Replacement in all versions up to, and including, 3.1.5. This is due to missing object-level authorization checks in the handle_folders_file_upload() function. This makes it possible for authenticated attackers, with Author-level access and above, to replace arbitrary media files from the WordPress Media Library. | 2026-01-08 | 4.3 | CVE-2025-12640 | https://www.wordfence.com/threat-intel/vulnerabilities/id/ac6432a4-6597-4d1e-b63d-c007a301d1b2?source=cve https://plugins.trac.wordpress.org/changeset/3402986/folders/tags/3.1.6/includes/media.replace.php |
| ghera74–ilGhera Support System for WooCommerce | The ilGhera Support System for WooCommerce plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the ‘delete_single_ticket_callback’ and ‘change_ticket_status_callback’ functions in all versions up to, and including, 1.2.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary support tickets and modify their status. | 2026-01-06 | 5.3 | CVE-2025-14034 | https://www.wordfence.com/threat-intel/vulnerabilities/id/e74fb552-3ef4-47cd-8fe6-8cc1e74b8377?source=cve https://plugins.trac.wordpress.org/browser/wc-support-system/trunk/includes/class-wc-support-system.php#L1331 https://plugins.trac.wordpress.org/browser/wc-support-system/tags/1.2.6/includes/class-wc-support-system.php#L1331 https://plugins.trac.wordpress.org/browser/wc-support-system/trunk/includes/class-wc-support-system.php#L865 https://plugins.trac.wordpress.org/browser/wc-support-system/tags/1.2.6/includes/class-wc-support-system.php#L865 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3426161%40wc-support-system&new=3426161%40wc-support-system&sfp_email=&sfph_mail= |
| GitLab–GitLab | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to create a denial of service condition by providing crafted responses to external API calls. | 2026-01-09 | 6.5 | CVE-2025-10569 | GitLab Issue #570528 HackerOne Bug Bounty Report #3284689 https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/ |
| GitLab–GitLab | GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to modify instance-wide AI feature provider settings by exploiting missing authorization checks in GraphQL mutations. | 2026-01-09 | 6.5 | CVE-2025-13781 | GitLab Issue #578756 HackerOne Bug Bounty Report #3400940 https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/ |
| GitLab–GitLab | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user with specific permissions to remove all project runners from unrelated projects by manipulating GraphQL runner associations. | 2026-01-09 | 5.4 | CVE-2025-11246 | GitLab Issue #573728 HackerOne Bug Bounty Report #3292475 https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/ |
| glenwpcoder–Drag and Drop Multiple File Upload for Contact Form 7 | The Drag and Drop Multiple File Upload – Contact Form 7 plugin for WordPress is vulnerable to limited upload of files with a dangerous type in all versions up to, and including, 1.3.9.2. This is due to the plugin not blocking .phar and .svg files. This makes it possible for unauthenticated attackers to upload arbitrary .phar or .svg files containing malicious PHP or JavaScript code. Malicious PHP code can be used to achieve remote code execution on the server via direct file access, if the server is configured to execute .phar files as PHP. The upload of .svg files allows for Stored Cross-Site Scripting under certain circumstances. | 2026-01-07 | 6.1 | CVE-2025-14842 | https://www.wordfence.com/threat-intel/vulnerabilities/id/c78a0325-5bbf-4550-8477-94247f085e40?source=cve https://plugins.trac.wordpress.org/browser/drag-and-drop-multiple-file-upload-contact-form-7/trunk/inc/dnd-upload-cf7.php#L1116 https://plugins.trac.wordpress.org/browser/drag-and-drop-multiple-file-upload-contact-form-7/trunk/inc/dnd-upload-cf7.php#L108 https://plugins.trac.wordpress.org/browser/contact-form-7/trunk/includes/formatting.php#L310 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3428236%40drag-and-drop-multiple-file-upload-contact-form-7%2Ftrunk&old=3415946%40drag-and-drop-multiple-file-upload-contact-form-7%2Ftrunk&sfp_email=&sfph_mail= |
| greenshady–Entry Views | The Entry Views plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘entry-views’ shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2026-01-09 | 6.4 | CVE-2025-13729 | https://www.wordfence.com/threat-intel/vulnerabilities/id/0e7e9fcc-804a-46a8-95cd-b358ba7681ec?source=cve https://plugins.trac.wordpress.org/browser/entry-views/tags/1.0.0/inc/shortcodes.php#L25 https://plugins.trac.wordpress.org/browser/entry-views/tags/1.0.0/inc/shortcodes.php#L36 https://plugins.trac.wordpress.org/browser/entry-views/tags/1.0.0/inc/template.php#L35 |
| Guangzhou V–V-SOL GPON/EPON OLT Platform | V-SOL GPON/EPON OLT Platform v2.03 contains multiple reflected cross-site scripting vulnerabilities due to improper input sanitization in various script parameters. Attackers can exploit these vulnerabilities by injecting malicious HTML and script code to execute arbitrary scripts in a victim’s browser session. | 2026-01-07 | 6.1 | CVE-2019-25284 | Zero Science Lab Vulnerability Advisory Packet Storm Security Exploit Entry IBM X-Force Vulnerability Exchange CXSecurity Vulnerability Database VSOL Vendor Homepage |
| guchengwuyue–yshopmall | A vulnerability was determined in guchengwuyue yshopmall up to 1.9.1. Affected is the function getPage of the file /api/jobs. This manipulation of the argument sort causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet. | 2026-01-09 | 6.3 | CVE-2025-15496 | VDB-340274 | guchengwuyue yshopmall jobs getPage sql injection VDB-340274 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #726464 | https://github.com/guchengwuyue/yshopmall yshopmall V1.9.1 SQL Injection https://github.com/guchengwuyue/yshopmall/issues/39 https://github.com/guchengwuyue/yshopmall/issues/39#issue-3769727898 |
| Hakob–Re Gallery & Responsive Photo Gallery Plugin | Missing Authorization vulnerability in Hakob Re Gallery & Responsive Photo Gallery Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Re Gallery & Responsive Photo Gallery Plugin: from n/a through 1.17.18. | 2026-01-08 | 5.3 | CVE-2026-22486 | https://patchstack.com/database/wordpress/plugin/regallery/vulnerability/wordpress-re-gallery-responsive-photo-gallery-plugin-plugin-1-17-17-broken-access-control-vulnerability?_s_id=cve |
| harfbuzz–harfbuzz | HarfBuzz is a text shaping engine. Prior to version 12.3.0, a null pointer dereference vulnerability exists in the SubtableUnicodesCache::create function located in src/hb-ot-cmap-table.hh. The function fails to check if hb_malloc returns NULL before using placement new to construct an object at the returned pointer address. When hb_malloc fails to allocate memory (which can occur in low-memory conditions or when using custom allocators that simulate allocation failures), it returns NULL. The code then attempts to call the constructor on this null pointer using placement new syntax, resulting in undefined behavior and a Segmentation Fault. This issue has been patched in version 12.3.0. | 2026-01-10 | 5.3 | CVE-2026-22693 | https://github.com/harfbuzz/harfbuzz/security/advisories/GHSA-xvjr-f2r9-c7ww https://github.com/harfbuzz/harfbuzz/commit/1265ff8d990284f04d8768f35b0e20ae5f60daae |
| hayyatapps–Stylish Order Form Builder | The Stylish Order Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘product_name’ parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2026-01-07 | 6.4 | CVE-2025-13531 | https://www.wordfence.com/threat-intel/vulnerabilities/id/2d9c4d9d-5d4c-4ea9-bf8d-0ee634f9ca7c?source=cve https://plugins.trac.wordpress.org/browser/stylish-order-form-builder/trunk/functions-admin.php#L74 https://plugins.trac.wordpress.org/browser/stylish-order-form-builder/tags/1.0/functions-admin.php#L74 https://plugins.trac.wordpress.org/browser/stylish-order-form-builder/trunk/Pages/manage-forms/includes/all-products.php#L9 https://plugins.trac.wordpress.org/browser/stylish-order-form-builder/tags/1.0/Pages/manage-forms/includes/all-products.php#L9 |
| hblpay–HBLPAY Payment Gateway for WooCommerce | The HBLPAY Payment Gateway for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘cusdata’ parameter in all versions up to, and including, 5.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2026-01-07 | 6.1 | CVE-2025-14875 | https://www.wordfence.com/threat-intel/vulnerabilities/id/06362518-f2ee-485f-9e0e-1b1ada9c72db?source=cve https://plugins.trac.wordpress.org/browser/hblpay-payment-gateway-for-woocommerce/trunk/hblpay-paymentgateway-woocommerce.php#L248 |
| HCLSoftware–DevOps Deploy | In HCL DevOps Deploy 8.1.2.0 through 8.1.2.3, a user with LLM configuration privileges may be able to recover a credential previously saved for performing authenticated LLM Queries. | 2026-01-07 | 4.9 | CVE-2025-62327 | https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0127336 |
| helpdeskcom–HelpDesk contact form plugin | The HelpDesk contact form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.5. This is due to missing or incorrect nonce validation on the handle_query_args() function. This makes it possible for unauthenticated attackers to update the plugin’s license ID and contact form ID settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2026-01-07 | 4.3 | CVE-2025-13657 | https://www.wordfence.com/threat-intel/vulnerabilities/id/342ece60-faf1-4fee-bf1e-6f6107f32861?source=cve https://plugins.trac.wordpress.org/browser/helpdesk-contact-form/trunk/includes/class-admin-page.php#L63 https://plugins.trac.wordpress.org/browser/helpdesk-contact-form/tags/1.1.5/includes/class-admin-page.php#L63 |
| IdeaBox Creations–Dashboard Welcome for Beaver Builder | Missing Authorization vulnerability in IdeaBox Creations Dashboard Welcome for Beaver Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dashboard Welcome for Beaver Builder: from n/a through 1.0.8. | 2026-01-08 | 5.3 | CVE-2026-22488 | https://patchstack.com/database/wordpress/plugin/dashboard-welcome-for-beaver-builder/vulnerability/wordpress-dashboard-welcome-for-beaver-builder-plugin-1-0-8-broken-access-control-vulnerability?_s_id=cve |
| Ideagen–DevonWay | Ideagen DevonWay contains a stored cross site scripting vulnerability. A remote, authenticated attacker could craft a payload in the ‘Reports’ page that executes when another user views the report. Fixed in 2.62.4 and 2.62 LTS. | 2026-01-08 | 5.5 | CVE-2026-22587 | url url |
| imtiazrayhan–ConvertForce Popup Builder | The ConvertForce Popup Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Gutenberg block’s `entrance_animation` attribute in all versions up to, and including, 0.0.7. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2026-01-10 | 6.4 | CVE-2025-14506 | https://www.wordfence.com/threat-intel/vulnerabilities/id/c57b9a78-53f4-40bb-ae6a-c5242b41329f?source=cve https://plugins.trac.wordpress.org/browser/convertforce-popup-builder/trunk/inc/Blocks/Conversion.php#L47 https://plugins.trac.wordpress.org/browser/convertforce-popup-builder/trunk/inc/Blocks/Conversion.php#L66 https://plugins.trac.wordpress.org/changeset/3419678/ |
| indieweb–IndieWeb | The IndieWeb plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Telephone’ parameter in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2026-01-09 | 6.4 | CVE-2025-14893 | https://www.wordfence.com/threat-intel/vulnerabilities/id/b29f0fea-a2db-4b2e-b7b8-d15b2395e9e6?source=cve https://plugins.trac.wordpress.org/changeset/3423983/ |
| infosatech–WP Page Permalink Extension | The WP Page Permalink Extension plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5.4. This is due to missing authorization checks on the `cwpp_trigger_flush_rewrite_rules` function hooked to `wp_ajax_cwpp_trigger_flush_rewrite_rules`. This makes it possible for authenticated attackers, with Subscriber-level access and above, to flush the site’s rewrite rules via the `action` parameter. | 2026-01-09 | 6.5 | CVE-2025-14172 | https://www.wordfence.com/threat-intel/vulnerabilities/id/c5ba37d7-8fde-4ee3-93db-d2459da34bc4?source=cve https://plugins.trac.wordpress.org/browser/change-wp-page-permalinks/trunk/change-wp-page-permalinks.php#L188 https://plugins.trac.wordpress.org/browser/change-wp-page-permalinks/tags/1.5.4/change-wp-page-permalinks.php#L188 |
| INIM Electronics s.r.l.–Smartliving SmartLAN/G/SI | Smartliving SmartLAN/G/SI <=6.x contains an unauthenticated server-side request forgery vulnerability in the GetImage functionality through the ‘host’ parameter. Attackers can exploit the onvif.cgi endpoint by specifying external domains to bypass firewalls and perform network enumeration through arbitrary HTTP requests. | 2026-01-07 | 5.3 | CVE-2019-25290 | Zero Science Lab Vulnerability Advisory Exploit Database Entry 47764 Packet Storm Security Exploit File IBM X-Force Vulnerability Exchange Entry INIM Vendor Homepage |
| InternationalColorConsortium–iccDEV | iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below have an Out-of-bounds Read, Use of Out-of-range Pointer Offset and have Improper Input Validation in its CIccProfile::LoadTag function. This issue is fixed in version 2.3.1.2. | 2026-01-06 | 6.1 | CVE-2026-21487 | https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-xq7x-9524-f7cp https://github.com/InternationalColorConsortium/iccDEV/issues/340 https://github.com/InternationalColorConsortium/iccDEV/commit/1516e2cafc253bb06fd3700d589a4ed0f09f7bd6 |
| InternationalColorConsortium–iccDEV | iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are vulnerable to Out-of-bounds Read, Heap-based Buffer Overflow and Improper Null Termination through its CIccTagText::Read function. This issue is fixed in version 2.3.1.2. | 2026-01-06 | 6.1 | CVE-2026-21488 | https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-4j2g-rvv4-86vg https://github.com/InternationalColorConsortium/iccDEV/commit/9daaccceb231c43db8cab312ee5bbe9d2aa6b153 |
| InternationalColorConsortium–iccDEV | iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below have Out-of-bounds Read and Integer Underflow (Wrap or Wraparound) vulnerabilities in its CIccCalculatorFunc::SequenceNeedTempReset function. This issue is fixed in version 2.3.1.2. | 2026-01-06 | 6.1 | CVE-2026-21489 | https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-ph89-6q5h-wfw5 https://github.com/InternationalColorConsortium/iccDEV/commit/cfabfe52c9c7eb0481b62c8aad56580bb11efdad |
| InternationalColorConsortium–iccDEV | iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. A vulnerability present in versions prior to 2.3.1.2 affects users of the iccDEV library who process ICC color profiles. It results in heap buffer overflow in `CIccTagLut16::Validate()`. Version 2.3.1.2 contains a patch. No known workarounds are available. | 2026-01-06 | 6.1 | CVE-2026-21490 | https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-9q9c-699q-xr2q https://github.com/InternationalColorConsortium/iccDEV/issues/397 https://github.com/InternationalColorConsortium/iccDEV/commit/7c2cb719a9de1c00844e457e070d657314383ee3 https://github.com/InternationalColorConsortium/iccDEV/commit/e91fe722ac54ce497d410153e7405090e0565d7b |
| InternationalColorConsortium–iccDEV | iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. A vulnerability present in versions prior to 2.3.1.2 affects users of the iccDEV library who process ICC color profiles. It results in unicode buffer overflow in `CIccTagTextDescription`. Version 2.3.1.2 contains a patch. No known workarounds are available. | 2026-01-06 | 6.1 | CVE-2026-21491 | https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-4pv4-4x2x-6j88 https://github.com/InternationalColorConsortium/iccDEV/issues/396 https://github.com/InternationalColorConsortium/iccDEV/commit/7c2cb719a9de1c00844e457e070d657314383ee3 https://github.com/InternationalColorConsortium/iccDEV/commit/e91fe722ac54ce497d410153e7405090e0565d7b |
| InternationalColorConsortium–iccDEV | iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are vulnerable to Type Confusion in its CIccSingleSampledeCurveXml class during XML Curve Serialization. This issue is fixed in version 2.3.1.2. | 2026-01-06 | 6.6 | CVE-2026-21493 | https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-p85g-f9q7-jmjx https://github.com/InternationalColorConsortium/iccDEV/issues/358 https://github.com/InternationalColorConsortium/iccDEV/commit/7ff76d1471077172f9659de8d9536443eac7c48f |
| InternationalColorConsortium–iccDEV | iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. A vulnerability present in versions prior to 2.3.1.2 affects users of the iccDEV library who process ICC color profiles. It results in heap buffer overflow in `CIccTagLut8::Validate()`. Version 2.3.1.2 contains a patch. No known workarounds are available. | 2026-01-06 | 6.1 | CVE-2026-21494 | https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-hjxv-xr7w-84fc https://github.com/InternationalColorConsortium/iccDEV/issues/398 https://github.com/InternationalColorConsortium/iccDEV/commit/7c2cb719a9de1c00844e457e070d657314383ee3 https://github.com/InternationalColorConsortium/iccDEV/commit/e91fe722ac54ce497d410153e7405090e0565d7b |
| InternationalColorConsortium–iccDEV | iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV has undefined behavior due to a null pointer passed to memcpy() in CIccTagSparseMatrixArray. This issue has been patched in version 2.3.1.2. | 2026-01-07 | 6.1 | CVE-2026-21503 | https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-h554-qrfh-53gx https://github.com/InternationalColorConsortium/iccDEV/issues/367 https://github.com/InternationalColorConsortium/iccDEV/pull/417 https://github.com/InternationalColorConsortium/iccDEV/commit/55259a6395c4f6124b5d0e38469c77412926bd3d |
| InternationalColorConsortium–iccDEV | iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to heap buffer overflow in the ToneMap parser. This issue has been patched in version 2.3.1.2. | 2026-01-07 | 6.6 | CVE-2026-21504 | https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-rqp9-r53c-3m9h https://github.com/InternationalColorConsortium/iccDEV/issues/366 https://github.com/InternationalColorConsortium/iccDEV/pull/415 https://github.com/InternationalColorConsortium/iccDEV/commit/14fe3785e6b1f9992375b2a24617a0d7f6a70f95 https://github.com/InternationalColorConsortium/iccDEV/commit/23a38f83f2a5874a1c4427df59ec342af3277cad https://github.com/InternationalColorConsortium/iccDEV/blob/798be59011649a26a529600cc3cd56437634d3d0/IccProfLib/IccMpeBasic.cpp#L4557 |
| InternationalColorConsortium–iccDEV | iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a NULL pointer dereference vulnerability. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available. | 2026-01-07 | 6.5 | CVE-2026-21680 | https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-mgp7-w4w3-mhx4 https://github.com/InternationalColorConsortium/iccDEV/issues/322 https://github.com/InternationalColorConsortium/iccDEV/pull/325 |
| InternationalColorConsortium–iccDEV | iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in `CIccProfileXml::ParseBasic()` at `IccXML/IccLibXML/IccProfileXml.cpp`. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available. | 2026-01-07 | 6.5 | CVE-2026-21689 | https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-5rqc-w93q-589m https://github.com/InternationalColorConsortium/iccDEV/issues/382 https://github.com/InternationalColorConsortium/iccDEV/pull/423 |
| InternationalColorConsortium–iccDEV | iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in `CIccTagXmlTagData::ToXml()`. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available. | 2026-01-07 | 6.3 | CVE-2026-21690 | https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-2f26-vh48-38g6 https://github.com/InternationalColorConsortium/iccDEV/issues/393 https://github.com/InternationalColorConsortium/iccDEV/pull/426 |
| InternationalColorConsortium–iccDEV | iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a NULL pointer member call vulnerability. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available. | 2026-01-06 | 5.5 | CVE-2026-21492 | https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-xpq3-v3jj-mgvx https://github.com/InternationalColorConsortium/iccDEV/issues/394 https://github.com/InternationalColorConsortium/iccDEV/pull/401 https://github.com/InternationalColorConsortium/iccDEV/commit/b200a629ada310137d6ae5c53fc9e6d91a4b0dae https://github.com/InternationalColorConsortium/iccDEV/commit/e72361d215351cbac0002466c4f936e94d6a99e7 |
| InternationalColorConsortium–iccDEV | iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to division by zero in the TIFF Image Reader. This issue has been patched in version 2.3.1.2. | 2026-01-07 | 5.5 | CVE-2026-21495 | https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-xhrm-79rg-5784 https://github.com/InternationalColorConsortium/iccDEV/commit/10c34179a0332a869c2b46e305a9cd23a6311dfe |
| InternationalColorConsortium–iccDEV | iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the signature parser. This issue has been patched in version 2.3.1.2. | 2026-01-07 | 5.5 | CVE-2026-21496 | https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-wj8m-6w77-r4rw https://github.com/InternationalColorConsortium/iccDEV/issues/381 https://github.com/InternationalColorConsortium/iccDEV/pull/405 https://github.com/InternationalColorConsortium/iccDEV/commit/0e51ceb427925b7e22f0465547df7506d35cda1c https://github.com/InternationalColorConsortium/iccDEV/commit/b5ad23aceece3789bdf1c47bae1ecf9d7bfcd26d |
| InternationalColorConsortium–iccDEV | iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via an unknown tag parser. This issue has been patched in version 2.3.1.2. | 2026-01-07 | 5.5 | CVE-2026-21497 | https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-7gv7-cmrv-4j85 https://github.com/InternationalColorConsortium/iccDEV/issues/374 https://github.com/InternationalColorConsortium/iccDEV/pull/403 https://github.com/InternationalColorConsortium/iccDEV/commit/9419cac7f084197941994b8b9d17def204008385 |
| InternationalColorConsortium–iccDEV | iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the XML calculator parser. This issue has been patched in version 2.3.1.2. | 2026-01-07 | 5.5 | CVE-2026-21498 | https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-6822-qvxq-m736 https://github.com/InternationalColorConsortium/iccDEV/issues/375 https://github.com/InternationalColorConsortium/iccDEV/pull/404 https://github.com/InternationalColorConsortium/iccDEV/commit/75f124f40ba45491211cb4b67f0e05b7c7d59553 https://github.com/InternationalColorConsortium/iccDEV/commit/bdfa31940726aaabb0a6f19194d9062ba0598959 |
| InternationalColorConsortium–iccDEV | iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the XML parser. This issue has been patched in version 2.3.1.2. | 2026-01-07 | 5.5 | CVE-2026-21499 | https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-c3pv-2cpf-7v2p https://github.com/InternationalColorConsortium/iccDEV/issues/372 https://github.com/InternationalColorConsortium/iccDEV/pull/412 https://github.com/InternationalColorConsortium/iccDEV/commit/00c03013e11b35ddbd7caae4368d1add185849d9 https://github.com/InternationalColorConsortium/iccDEV/commit/af299895bbcbecca6f67d6dc3d8e1dc92f1fc3fa https://github.com/InternationalColorConsortium/iccDEV/blob/8e71f0a701abcbd554725ba7b70258203e682a61/IccXML/IccLibXML/IccProfileXml.cpp#L477 |
| InternationalColorConsortium–iccDEV | iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to stack overflow in the XML calculator macro expansion. This issue has been patched in version 2.3.1.2. | 2026-01-07 | 5.5 | CVE-2026-21500 | https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-4h4j-mm9w-2cp4 https://github.com/InternationalColorConsortium/iccDEV/issues/384 https://github.com/InternationalColorConsortium/iccDEV/pull/406 https://github.com/InternationalColorConsortium/iccDEV/commit/cce5f9b68a6c067b7ef898ccd5b000770745fb14 https://github.com/InternationalColorConsortium/iccDEV/commit/f295826a6f15add90490030f23b2ddd8593bff5b |
| InternationalColorConsortium–iccDEV | iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to stack overflow in the calculator parser. This issue has been patched in version 2.3.1.2. | 2026-01-07 | 5.5 | CVE-2026-21501 | https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-x7hw-h22p-2x4w https://github.com/InternationalColorConsortium/iccDEV/issues/365 https://github.com/InternationalColorConsortium/iccDEV/pull/413 https://github.com/InternationalColorConsortium/iccDEV/commit/798be59011649a26a529600cc3cd56437634d3d0 https://github.com/InternationalColorConsortium/iccDEV/commit/f3056ed99935d479091470127ad16f8be1912bb7 https://github.com/InternationalColorConsortium/iccDEV/blob/8e71f0a701abcbd554725ba7b70258203e682a61/IccProfLib/IccMpeCalc.cpp#L4588 |
| InternationalColorConsortium–iccDEV | iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the XML tag parser. This issue has been patched in version 2.3.1.2. | 2026-01-07 | 5.5 | CVE-2026-21502 | https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-67r8-q3mh-42j6 https://github.com/InternationalColorConsortium/iccDEV/issues/368 https://github.com/InternationalColorConsortium/iccDEV/pull/407 https://github.com/InternationalColorConsortium/iccDEV/commit/d04c236775e89a029f93efcc242fdb1fbc245a1c https://github.com/InternationalColorConsortium/iccDEV/commit/d9e42a1fb2606e25e498eb94f34f6da89f522e35 |
| InternationalColorConsortium–iccDEV | iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV has undefined behavior due to an invalid enum value. This issue has been patched in version 2.3.1.2. | 2026-01-07 | 5.5 | CVE-2026-21505 | https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-j577-8285-qrf9 https://github.com/InternationalColorConsortium/iccDEV/issues/361 https://github.com/InternationalColorConsortium/iccDEV/pull/419 https://github.com/InternationalColorConsortium/iccDEV/commit/3bbe2088b2796cf0aa4f7fa19f7ccd9ad1c7aba5 https://github.com/InternationalColorConsortium/iccDEV/commit/b1bb72fc3e9442ee1355aabae7314bb7d3fc9d41 |
| InternationalColorConsortium–iccDEV | iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to Null pointer dereference in CIccProfileXml::ParseBasic(), leading to denial of service. This issue has been patched in version 2.3.1.2. | 2026-01-07 | 5.5 | CVE-2026-21506 | https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-wfm7-m548-x4vp https://github.com/InternationalColorConsortium/iccDEV/issues/371 https://github.com/InternationalColorConsortium/iccDEV/pull/418 https://github.com/InternationalColorConsortium/iccDEV/commit/f2ea32372ad3ebbd29147940229cb9c5548fe033 |
| InternationalColorConsortium–iccDEV | iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in `CIccTag:IsTypeCompressed()`. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available. | 2026-01-07 | 5.4 | CVE-2026-21691 | https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-c9q5-x498-jv92 https://github.com/InternationalColorConsortium/iccDEV/issues/392 https://github.com/InternationalColorConsortium/iccDEV/pull/426 |
| INTINITUM FORM–Geo Controller | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in INTINITUM FORM Geo Controller allows DOM-Based XSS.This issue affects Geo Controller: from n/a through 8.5.2. | 2026-01-05 | 6.5 | CVE-2023-51513 | https://vdp.patchstack.com/database/wordpress/plugin/cf-geoplugin/vulnerability/wordpress-geo-controller-plugin-8-5-2-cross-site-scripting-xss-vulnerability?_s_id=cve |
| itsourcecode–Society Management System | A vulnerability was identified in itsourcecode Society Management System 1.0. This affects an unknown part of the file /admin/edit_activity_query.php. The manipulation of the argument Title leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used. | 2026-01-05 | 6.3 | CVE-2026-0582 | VDB-339474 | itsourcecode Society Management System edit_activity_query.php sql injection VDB-339474 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #731207 | itsourcecode Society Management System V1.0 SQL Injection https://github.com/xiaotsai/tttt/issues/2 https://itsourcecode.com/ |
| ivole–Customer Reviews for WooCommerce | The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘displayName’ parameter in all versions up to, and including, 5.93.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with customer-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. While it is possible to invoke the AJAX action without authentication, the attacker would need to know a valid form ID, which requires them to place an order. This vulnerability can be exploited by unauthenticated attackers if guest checkout is enabled. However, the form ID still needs to be obtained through placing an order. | 2026-01-07 | 6.4 | CVE-2025-14891 | https://www.wordfence.com/threat-intel/vulnerabilities/id/88e4eec2-2861-4d1d-97eb-67887f59c745?source=cve https://plugins.trac.wordpress.org/browser/customer-reviews-woocommerce/trunk/includes/reminders/class-cr-local-forms-ajax.php#L76 https://plugins.trac.wordpress.org/browser/customer-reviews-woocommerce/trunk/templates/form-customer.php#L19 https://plugins.trac.wordpress.org/changeset/3424980/customer-reviews-woocommerce |
| iWT Ltd.–FaceSentry Access Control System | FaceSentry Access Control System 6.4.8 contains a cross-site scripting vulnerability in the ‘msg’ parameter of pluginInstall.php that allows attackers to inject malicious scripts. Attackers can exploit the unvalidated input to execute arbitrary JavaScript in victim browsers, potentially stealing authentication credentials and conducting phishing attacks. | 2026-01-07 | 6.1 | CVE-2019-25277 | Zero Science Lab Vulnerability Advisory Packet Storm Security Exploit Entry CXSecurity Vulnerability Listing IBM X-Force Vulnerability Exchange |
| jegstudio–Gutenverse Form Contact Form Builder, Booking, Reservation, Subscribe for Block Editor | The Gutenverse Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file upload in all versions up to, and including, 2.3.2. This is due to the plugin’s framework component adding SVG to the allowed MIME types via the upload_mimes filter without implementing any sanitization of SVG file contents. This makes it possible for authenticated attackers, with Author-level access and above, to upload SVG files containing malicious JavaScript that executes when the file is viewed, leading to arbitrary JavaScript execution in victims’ browsers. | 2026-01-08 | 6.4 | CVE-2025-14984 | https://www.wordfence.com/threat-intel/vulnerabilities/id/792fa6cb-e55a-4f68-b8a8-9039fb1ff694?source=cve https://plugins.trac.wordpress.org/browser/gutenverse-form/tags/2.3.2/lib/framework/includes/class-init.php#L837 https://plugins.trac.wordpress.org/browser/gutenverse-form/tags/2.3.2/lib/framework/includes/class-init.php#L169 https://plugins.trac.wordpress.org/changeset/3427504/gutenverse-form/trunk/lib/framework/includes/class-init.php?old=3395520&old_path=gutenverse-form%2Ftrunk%2Flib%2Fframework%2Fincludes%2Fclass-init.php |
| jegtheme–Jeg Kit for Elementor Powerful Addons for Elementor, Widgets & Templates for WordPress | The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.0.1 due to insufficient input sanitization in the countdown widget’s redirect functionality. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary JavaScript that will execute when an administrator or other user views the page containing the malicious countdown element. | 2026-01-08 | 6.4 | CVE-2025-14275 | https://www.wordfence.com/threat-intel/vulnerabilities/id/8fcb4047-5173-4d10-a4bb-72f1919b9203?source=cve https://plugins.trac.wordpress.org/browser/jeg-elementor-kit/tags/3.0.1/assets/js/elements/countdown.js#L1 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3432624%40jeg-elementor-kit%2Ftrunk&old=3379532%40jeg-elementor-kit%2Ftrunk&sfp_email=&sfph_mail= |
| jiujiujia–jjjfood | A vulnerability has been found in jiujiujia/victor123/wxw850227 jjjfood and jjjshop_food up to 20260103. This vulnerability affects unknown code of the file /index.php/api/product.category/index. Such manipulation of the argument latitude leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product is distributed under multiple different names. The vendor was contacted early about this disclosure but did not respond in any way. | 2026-01-11 | 6.3 | CVE-2026-0843 | VDB-340443 | jiujiujia/victor123/wxw850227 jjjfood/jjjshop_food index sql injection VDB-340443 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #731001 | https://www.jiujiujia.net/ PHP-based Three-Dot Ordering System Vulnerable to SQL Injection lasest SQL Injection http://101.200.76.102:38765/qwertyuiop/qwsdfvbnm/1/vuldb/JJJshop/EnglishVers%E4%B8%89%E5%8B%BE%E7%82%B9%E9%A4%90%E7%B3%BB%E7%BB%9FPHP%E7%89%88%E5%AD%98%E5%9C%A8product.category.indexSQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.pdf |
| jonua–Table Field Add-on for ACF and SCF | The Table Field Add-on for ACF and SCF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table Cell Content in all versions up to, and including, 1.3.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2026-01-06 | 6.4 | CVE-2025-12067 | https://www.wordfence.com/threat-intel/vulnerabilities/id/93f80716-a95b-49fc-805f-446d4723ca77?source=cve https://plugins.trac.wordpress.org/changeset/3386339/ |
| jseto–Travel Bucket List Wish To Go | The Wish To Go plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in all versions up to, and including, 0.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2026-01-07 | 6.4 | CVE-2025-14053 | https://www.wordfence.com/threat-intel/vulnerabilities/id/02b9450e-422f-45f1-a55b-cf401e39247c?source=cve https://plugins.trac.wordpress.org/browser/wish-to-go/trunk/wish-to-go.php#L124 https://plugins.trac.wordpress.org/browser/wish-to-go/tags/0.5.2/wish-to-go.php#L124 |
| kanboard–kanboard | Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below have an LDAP Injection vulnerability in the LDAP authentication mechanism. User-supplied input is directly substituted into LDAP search filters without proper sanitization, allowing attackers to enumerate all LDAP users, discover sensitive user attributes, and perform targeted attacks against specific accounts. This issue is fixed in version 1.2.49. | 2026-01-08 | 5.3 | CVE-2026-21880 | https://github.com/kanboard/kanboard/security/advisories/GHSA-v66r-m28r-wmq7 https://github.com/kanboard/kanboard/commit/dd374079f7c2d1dab74c1680960e684ff8668586 https://github.com/kanboard/kanboard/releases/tag/v1.2.49 |
| kanboard–kanboard | Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below are vulnerable to an Open Redirect attack that allows malicious actors to redirect authenticated users to attacker-controlled websites. By crafting URLs such as //evil.com, attackers can bypass the filter_var($url, FILTER_VALIDATE_URL) validation check. This vulnerability could be exploited to conduct phishing attacks, steal user credentials, or distribute malware. The issue is fixed in version 1.2.49. | 2026-01-08 | 4.7 | CVE-2026-21879 | https://github.com/kanboard/kanboard/security/advisories/GHSA-mhv9-7m9w-7hcq https://github.com/kanboard/kanboard/commit/93bcae03301a6d34185a8dba977417e6b3de519f https://github.com/kanboard/kanboard/releases/tag/v1.2.49 |
| kentothemes–Latest Tabs | The Latest Tabs plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the settings update handler in admin-page.php. This makes it possible for unauthenticated attackers to modify plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2026-01-07 | 4.3 | CVE-2025-14999 | https://www.wordfence.com/threat-intel/vulnerabilities/id/837f49e6-dcba-4451-bbbe-14890ab87207?source=cve https://plugins.trac.wordpress.org/browser/kento-latest-tabs/trunk/admin-page.php#L7 |
| kodezen–aBlocks WordPress Gutenberg Blocks, User Dashboard Builder, Popup Builder, Form Builder & GSAP Animation Builder | The aBlocks – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data and disclosure of sensitive information due to missing capability checks on multiple AJAX actions in all versions up to, and including, 2.4.0. This makes it possible for authenticated attackers, with subscriber level access and above, to read plugin settings including block visibility, maintenance mode configuration, and third-party email marketing API keys, as well as read sensitive configuration data including API keys for email marketing services. | 2026-01-07 | 5.4 | CVE-2025-12449 | https://www.wordfence.com/threat-intel/vulnerabilities/id/c10600ae-1ff0-4f12-ae53-39d9342640f4?source=cve https://plugins.trac.wordpress.org/browser/ablocks/tags/2.4.0/includes/ajax/settings.php#L16 https://plugins.trac.wordpress.org/browser/ablocks/tags/2.4.0/includes/classes/abstract-request-handler.php#L486 https://plugins.trac.wordpress.org/browser/ablocks/tags/2.4.0/includes/assets.php#L353 |
| kromitgmbh–titra | Titra is open source project time tracking software. Versions 0.99.49 and below have Improper Access Control, allowing users to view and edit other users’ time entries in private projects they have not been granted access to. This issue is fixed in version 0.99.50. | 2026-01-07 | 6.8 | CVE-2026-21694 | https://github.com/kromitgmbh/titra/security/advisories/GHSA-mr2r-wjf8-cj3c https://github.com/kromitgmbh/titra/commit/29e6b88eca005107729e45a6f1731cf0fa5f8938 |
| kromitgmbh–titra | Titra is open source project time tracking software. In versions 0.99.49 and below, an API has a Mass Assignment vulnerability which allows authenticated users to inject arbitrary fields into time entries, bypassing business logic controls via the customfields parameter. The affected endpoint uses the JavaScript spread operator (…customfields) to merge user-controlled input directly into the database document. While customfields is validated as an Object type, there is no validation of which keys are permitted inside that object. This allows attackers to overwrite protected fields such as userId, hours, and state. The issue is fixed in version 0.99.50. | 2026-01-07 | 4.3 | CVE-2026-21695 | https://github.com/kromitgmbh/titra/security/advisories/GHSA-gc65-vr47-jppq https://github.com/kromitgmbh/titra/commit/29e6b88eca005107729e45a6f1731cf0fa5f8938 |
| Leica Geosystems AG–Leica Geosystems GR10/GR25/GR30/GR50 GNSS | Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can trick logged-in users into executing unauthorized actions by crafting malicious web pages that submit requests to the application. | 2026-01-07 | 5.3 | CVE-2019-25259 | Zero Science Lab Vulnerability Advisory Exploit Database Entry 46090 Packet Storm Security Exploit File IBM X-Force Vulnerability Exchange Entry Leica Geosystems Vendor Homepage |
| liangshao–Flashcard Plugin for WordPress | The Flashcard plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 0.9 via the ‘source’ attribute of the ‘flashcard’ shortcode. This makes it possible for authenticated attackers, with contributor level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. | 2026-01-07 | 6.5 | CVE-2025-14867 | https://www.wordfence.com/threat-intel/vulnerabilities/id/f4fcc6e5-1f90-41e7-8d5a-2bfe8cbf46fa?source=cve https://plugins.trac.wordpress.org/browser/flashcard/tags/0.9/flashcard.php?marks=73,109#L73 |
| lnbadmin1–Nearby Now Reviews | The Nearby Now Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data_tech’ parameter of the nn-tech shortcode in all versions up to, and including, 5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2026-01-09 | 6.4 | CVE-2025-13853 | https://www.wordfence.com/threat-intel/vulnerabilities/id/8dc991ea-0d00-4734-9b9a-5af759e83540?source=cve https://plugins.trac.wordpress.org/browser/nearby-now-reviews/trunk/nn-reviews.php#L160 https://plugins.trac.wordpress.org/browser/nearby-now-reviews/tags/5.2/nn-reviews.php#L160 |
| loopus–WP Cost Estimation & Payment Forms Builder | The WP Cost Estimation plugin for WordPress is vulnerable to Upload Directory Traversal in versions before 9.660 via the uploadFormFiles function. This allows attackers to overwrite any file with a whitelisted type on an affected site. | 2026-01-08 | 6.5 | CVE-2019-25295 | https://www.wordfence.com/threat-intel/vulnerabilities/id/65a9e877-e870-4e36-985d-c0629abe3f78?source=cve https://www.wordfence.com/blog/2019/02/vulnerabilities-patched-in-wp-cost-estimation-plugin/ https://codecanyon.net/item/wp-cost-estimation-payment-forms-builder/7818230 |
| mamurjor–Mamurjor Employee Info | The Mamurjor Employee Info plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation on multiple administrative functions. This makes it possible for unauthenticated attackers to create, update, or delete employee records, departments, designations, salary grades, education records, and salary payments via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2026-01-07 | 4.3 | CVE-2025-13990 | https://www.wordfence.com/threat-intel/vulnerabilities/id/8e323b87-7b2e-4e5c-94a4-a4a0712f50ba?source=cve https://plugins.trac.wordpress.org/browser/mamurjor-employee-info/trunk/admin/admin.php#L10 https://plugins.trac.wordpress.org/browser/mamurjor-employee-info/trunk/admin/admin.php#L30 https://plugins.trac.wordpress.org/browser/mamurjor-employee-info/trunk/admin/admin.php#L47 https://plugins.trac.wordpress.org/browser/mamurjor-employee-info/tags/1.0.0/admin/admin.php#L10 https://plugins.trac.wordpress.org/browser/mamurjor-employee-info/tags/1.0.0/admin/admin.php#L30 https://plugins.trac.wordpress.org/browser/mamurjor-employee-info/tags/1.0.0/admin/admin.php#L47 |
| manchumahara–CBX Bookmark & Favorite | The CBX Bookmark & Favorite plugin for WordPress is vulnerable to generic SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 2.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2026-01-06 | 6.5 | CVE-2025-13652 | https://www.wordfence.com/threat-intel/vulnerabilities/id/a8839665-8f98-4c81-b234-9201236e0194?source=cve https://plugins.trac.wordpress.org/changeset/3413499/ |
| marceljm–Featured Image from URL (FIFU) | The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.3.1. This is due to insufficient validation of user-supplied URLs before passing them to the getimagesize() function in the Elementor widget integration. This makes it possible for authenticated attackers, with Contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services via the fifu_input_url parameter in the FIFU Elementor widget granted they have permissions to use Elementor. | 2026-01-10 | 4.3 | CVE-2025-13393 | https://www.wordfence.com/threat-intel/vulnerabilities/id/b7115070-b84d-4d69-993a-f512b9f9c081?source=cve https://plugins.trac.wordpress.org/browser/featured-image-from-url/trunk/elementor/widgets/widget.php#L94 https://plugins.trac.wordpress.org/browser/featured-image-from-url/trunk/elementor/widgets/widget.php#L121 https://research.cleantalk.org/cve-2025-13393/ https://plugins.trac.wordpress.org/changeset/3428744/ |
| Marketing Fire, LLC–LoginWP – Pro | Missing Authorization vulnerability in Marketing Fire, LLC LoginWP – Pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LoginWP – Pro: from n/a through 4.0.8.5. | 2026-01-05 | 6.5 | CVE-2025-39561 | https://vdp.patchstack.com/database/wordpress/plugin/loginwp-pro/vulnerability/wordpress-loginwp-pro-plugin-4-0-8-5-broken-access-control-vulnerability?_s_id=cve |
| mastodon–mastodon | Mastodon is a free, open-source social network server based on ActivityPub. Mastodon 4.3 added notifications of severed relationships, allowing end-users to inspect the relationships they lost as the result of a moderation action. The code allowing users to download lists of severed relationships for a particular event fails to check the owner of the list before returning the lost relationships. Any registered local user can access the list of lost followers and followed users caused by any severance event, and go through all severance events this way. The leaked information does not include the name of the account which has lost follows and followers. This has been fixed in Mastodon v4.3.17, v4.4.11 and v4.5.4. | 2026-01-08 | 6.5 | CVE-2026-22246 | https://github.com/mastodon/mastodon/security/advisories/GHSA-ww85-x9cp-5v24 https://github.com/mastodon/mastodon/commit/68e30985ca7afdb89af1b2e9dc962e1993dc8076 https://github.com/mastodon/mastodon/commit/b2bcd34486fd6681cc0f30028086ef0f47282adf https://github.com/mastodon/mastodon/commit/c1fb6893c5175d74c074f6f786d504c8bc610d57 |
| matiasanca–Cool YT Player | The Cool YT Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘videoid’ parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2026-01-07 | 6.4 | CVE-2025-13849 | https://www.wordfence.com/threat-intel/vulnerabilities/id/590bdf82-8006-4729-96e5-42b0d1552d19?source=cve https://plugins.trac.wordpress.org/browser/cool-yt-player/trunk/includes/youtube_video_wrapper.php#L58 https://plugins.trac.wordpress.org/browser/cool-yt-player/tags/1.0/includes/youtube_video_wrapper.php#L58 |
| mattiaspkallio–Snillrik Restaurant | The Snillrik Restaurant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘menu_style’ shortcode attribute in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2026-01-07 | 6.4 | CVE-2025-14112 | https://www.wordfence.com/threat-intel/vulnerabilities/id/5fb52c19-6816-423d-ab3a-6b5b2ff21e03?source=cve https://plugins.trac.wordpress.org/browser/snillrik-restaurant-menu/trunk/classes/shortcodes.php#L42 https://plugins.trac.wordpress.org/browser/snillrik-restaurant-menu/tags/2.2.1/classes/shortcodes.php#L42 |
| metodiew–Quote Comments | The Quote Comments plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.0.0. This is due to missing authorization checks in the quotecomments_add_admin function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary plugin options via the ‘action’ parameter. | 2026-01-07 | 5.3 | CVE-2025-14370 | https://www.wordfence.com/threat-intel/vulnerabilities/id/1ebe0767-db22-4995-bdf1-5ebb48f960e9?source=cve https://plugins.trac.wordpress.org/browser/quote-comments/tags/3.0.0/quote-comments.php#L309 |
| Microsoft–Microsoft Edge for Android | User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an authorized attacker to perform spoofing over a network. | 2026-01-07 | 5.5 | CVE-2025-62224 | Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability |
| miniflux–v2 | Miniflux 2 is an open source feed reader. Prior to version 2.2.16, Miniflux’s media proxy endpoint (`GET /proxy/{encodedDigest}/{encodedURL}`) can be abused to perform Server-Side Request Forgery (SSRF). An authenticated user can cause Miniflux to generate a signed proxy URL for attacker-chosen media URLs embedded in feed entry content, including internal addresses (e.g., localhost, private RFC1918 ranges, or link-local metadata endpoints). Requesting the resulting `/proxy/…` URL makes Miniflux fetch and return the internal response. Version 2.2.16 fixes the issue. | 2026-01-08 | 6.5 | CVE-2026-21885 | https://github.com/miniflux/v2/security/advisories/GHSA-xwh2-742g-w3wp |
| minnur–External Media | Server-Side Request Forgery (SSRF) vulnerability in minnur External Media allows Server Side Request Forgery.This issue affects External Media: from n/a through 1.0.36. | 2026-01-07 | 4.9 | CVE-2025-49335 | https://patchstack.com/database/wordpress/plugin/external-media/vulnerability/wordpress-external-media-plugin-1-0-36-server-side-request-forgery-ssrf-vulnerability?_s_id=cve |
| mitchoyoshitaka–Stumble! for WordPress | The Stumble! for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER[‘PHP_SELF’]` variable in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2026-01-07 | 6.1 | CVE-2025-14128 | https://www.wordfence.com/threat-intel/vulnerabilities/id/19e1421d-8cb4-44b6-a982-769539b19582?source=cve https://wordpress.org/plugins/stumble-for-wordpress/ https://plugins.trac.wordpress.org/browser/stumble-for-wordpress/trunk/stumble.php#L143 https://plugins.trac.wordpress.org/browser/stumble-for-wordpress/tags/1.1.1/stumble.php#L143 |
| mohammed_kaludi–AMP for WP Accelerated Mobile Pages | The AMP for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.1.10. This is due to insufficient sanitization of SVG file content that only removes `<script>` tags while allowing other XSS vectors such as event handlers (onload, onerror, onmouseover), foreignObject elements, and SVG animation attributes. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts via malicious SVG file uploads that will execute whenever a user views the uploaded file. | 2026-01-09 | 6.4 | CVE-2026-0627 | https://www.wordfence.com/threat-intel/vulnerabilities/id/4ed23318-3b47-4336-a3aa-6b09f3911926?source=cve https://plugins.trac.wordpress.org/browser/accelerated-mobile-pages/trunk/templates/features.php#L10373 https://plugins.trac.wordpress.org/browser/accelerated-mobile-pages/tags/1.1.10/templates/features.php#L10373 https://plugins.trac.wordpress.org/changeset/3434946/accelerated-mobile-pages/trunk/templates/features.php?old=3426181&old_path=accelerated-mobile-pages%2Ftrunk%2Ftemplates%2Ffeatures.php |
| mohammed_kaludi–AMP for WP Accelerated Mobile Pages | The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. This is due to inverted nonce verification logic in the amp_theme_ajaxcomments AJAX handler, which rejects requests with VALID nonces and accepts requests with MISSING or INVALID nonces. This makes it possible for unauthenticated attackers to submit comments on behalf of logged-in users via a forged request granted they can trick a user into performing an action such as clicking on a link, and the plugin’s template mode is enabled. | 2026-01-07 | 4.3 | CVE-2025-14468 | https://www.wordfence.com/threat-intel/vulnerabilities/id/0d195034-4617-474d-a4b1-b299c1607f89?source=cve https://plugins.trac.wordpress.org/browser/accelerated-mobile-pages/tags/1.1.9/templates/template-mode/template-mode.php#L119 https://plugins.trac.wordpress.org/browser/accelerated-mobile-pages/tags/1.1.9/templates/template-mode/template-mode.php#L50 https://plugins.trac.wordpress.org/browser/accelerated-mobile-pages/tags/1.1.9/templates/template-mode/template-mode.php#L698 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3426181%40accelerated-mobile-pages%2Ftrunk&old=3402644%40accelerated-mobile-pages%2Ftrunk&sfp_email=&sfph_mail=#file4 |
| moosend–Moosend Landing Pages | The Moosend Landing Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the moosend_landings_auth_get function in all versions up to, and including, 1.1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete the ‘moosend_landing_api_key’ option value. | 2026-01-07 | 5.3 | CVE-2025-13496 | https://www.wordfence.com/threat-intel/vulnerabilities/id/eeb4b3b1-47ae-4314-a386-832949456f81?source=cve https://plugins.trac.wordpress.org/browser/moosend-landing-pages/trunk/forms/auth-request.php#L7 https://plugins.trac.wordpress.org/browser/moosend-landing-pages/tags/1.1.6/forms/auth-request.php#L7 |
| mountaingrafix–MG AdvancedOptions | The MG AdvancedOptions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER[‘PHP_SELF’]` variable in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2026-01-09 | 6.1 | CVE-2025-13892 | https://www.wordfence.com/threat-intel/vulnerabilities/id/86358a01-bf69-4a7f-8b78-a0d42d362d96?source=cve https://plugins.trac.wordpress.org/browser/mg-advancedoptions/trunk/mg-advancedoptions/MG_AdvancedOptions.php#L96 https://plugins.trac.wordpress.org/browser/mg-advancedoptions/trunk/mg-advancedoptions/MG_AdvancedOptions.php#L58 |
| mstoic–Mstoic Shortcodes | The Mstoic Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘start’ parameter of the ms_youtube_embeds shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2026-01-07 | 6.4 | CVE-2025-14144 | https://www.wordfence.com/threat-intel/vulnerabilities/id/6e83c039-9b15-4e0c-8b07-3b906938c138?source=cve https://plugins.trac.wordpress.org/browser/mstoic-shortcodes/trunk/functions/shortcodes/youtube_embeds.php#L117 https://plugins.trac.wordpress.org/browser/mstoic-shortcodes/tags/2.0/functions/shortcodes/youtube_embeds.php#L117 |
| mtcaptcha–MTCaptcha WordPress Plugin | The MTCaptcha WordPress Plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.2. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update the plugin settings, including sensitive values like the private key, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2026-01-07 | 4.3 | CVE-2025-13520 | https://www.wordfence.com/threat-intel/vulnerabilities/id/e8c1e568-7170-40d6-b522-2c89725e0501?source=cve https://plugins.trac.wordpress.org/browser/mtcaptcha/trunk/mt-captcha.php#L410 https://plugins.trac.wordpress.org/browser/mtcaptcha/tags/2.7.2/mt-captcha.php#L410 |
| Munir Kamal–Block Slider | Missing Authorization vulnerability in Munir Kamal Block Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Block Slider: from n/a through 2.2.3. | 2026-01-08 | 6.5 | CVE-2026-22522 | https://patchstack.com/database/wordpress/plugin/block-slider/vulnerability/wordpress-block-slider-plugin-2-2-3-broken-access-control-vulnerability?_s_id=cve |
| N/A–Elliptic | The ECDSA implementation of the Elliptic package generates incorrect signatures if an interim value of ‘k’ (as computed based on step 3.2 of RFC 6979 https://datatracker.ietf.org/doc/html/rfc6979 ) has leading zeros and is susceptible to cryptanalysis, which can lead to secret key exposure. This happens, because the byte-length of ‘k’ is incorrectly computed, resulting in its getting truncated during the computation. Legitimate transactions or communications will be broken as a result. Furthermore, due to the nature of the fault, attackers could-under certain conditions-derive the secret key, if they could get their hands on both a faulty signature generated by a vulnerable version of Elliptic and a correct signature for the same inputs. This issue affects all known versions of Elliptic (at the time of writing, versions less than or equal to 6.6.1). | 2026-01-08 | 5.6 | CVE-2025-14505 | https://www.herodevs.com/vulnerability-directory/cve-2025-14505 https://github.com/indutny/elliptic/issues/321 |
| n/a–invoiceninja | A security vulnerability has been detected in invoiceninja up to 5.12.38. The affected element is the function copy of the file /app/Jobs/Util/Import.php of the component Migration Import. The manipulation of the argument company_logo leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2026-01-07 | 4.7 | CVE-2026-0649 | VDB-339720 | invoiceninja Migration Import Import.php copy server-side request forgery VDB-339720 | CTI Indicators (IOB, IOC, IOA) Submit #721323 | invoiceninja <= 5.12.38. ssrf https://note-hxlab.wetolink.com/share/fWqEpn5fX4rH |
| n/a–milvus | A security vulnerability has been detected in milvus up to 2.6.7. This vulnerability affects the function expr.Exec of the file pkg/util/expr/expr.go of the component HTTP Endpoint. The manipulation of the argument code leads to deserialization. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. A fix is planned for the next release 2.6.8. | 2026-01-05 | 6.3 | CVE-2025-15453 | VDB-339486 | milvus HTTP Endpoint expr.go expr.Exec deserialization VDB-339486 | CTI Indicators (IOB, IOC, IOA) Submit #719061 | milvus-io milvus latest Not Safe Remote Expression Execution https://github.com/milvus-io/milvus/issues/46442 https://github.com/milvus-io/milvus/issues/46442#issuecomment-3672197450 https://github.com/milvus-io/milvus/issues/46442#issue-3743414836 https://github.com/milvus-io/milvus/milestone/139 |
| n8n-io–n8n | n8n is an open source workflow automation platform. In versions from 0.150.0 to before 2.2.2, an authentication bypass vulnerability in the Stripe Trigger node allows unauthenticated parties to trigger workflows by sending forged Stripe webhook events. The Stripe Trigger creates and stores a Stripe webhook signing secret when registering the webhook endpoint, but incoming webhook requests were not verified against this secret. As a result, any HTTP client that knows the webhook URL could send a POST request containing a matching event type, causing the workflow to execute as if a legitimate Stripe event had been received. This issue affects n8n users who have active workflows using the Stripe Trigger node. An attacker could potentially fake payment or subscription events and influence downstream workflow behavior. The practical risk is reduced by the fact that the webhook URL contains a high-entropy UUID; however, authenticated n8n users with access to the workflow can view this webhook ID. This issue has been patched in version 2.2.2. A temporary workaround for this issue involves users deactivating affected workflows or restricting access to workflows containing Stripe Trigger nodes to trusted users only. | 2026-01-08 | 6.5 | CVE-2026-21894 | https://github.com/n8n-io/n8n/security/advisories/GHSA-jf52-3f2h-h9j5 https://github.com/n8n-io/n8n/pull/22764 https://github.com/n8n-io/n8n/commit/a61a5991093c41863506888336e808ac1eff8d59 |
| nahian91–Awesome Hotel Booking | The Awesome Hotel Booking plugin for WordPress is vulnerable to unauthorized modification of data due to incorrect authorization in the room-single.php shortcode handler in all versions up to, and including, 1.0. This is due to the plugin relying solely on nonce verification without capability checks. This makes it possible for unauthenticated attackers to modify arbitrary booking records by obtaining a nonce from the public booking form. | 2026-01-07 | 5.3 | CVE-2025-14352 | https://www.wordfence.com/threat-intel/vulnerabilities/id/4fe0a08e-eee2-4d48-bb38-dd58bff79118?source=cve https://plugins.trac.wordpress.org/browser/awesome-hotel-booking/trunk/admin/admin-shortcodes/inc/room-single.php#L67 https://plugins.trac.wordpress.org/browser/awesome-hotel-booking/tags/1.0/admin/admin-shortcodes/inc/room-single.php#L67 |
| nasa–CryptoLib | CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol – Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, in base64urlDecode, padding-stripping dereferences input[inputLen – 1] before checking that inputLen > 0 or that input != NULL. For inputLen == 0, this becomes an OOB read at input[-1], potentially crashing the process. If input == NULL and inputLen == 0, it dereferences NULL – 1. This issue has been patched in version 1.4.3. | 2026-01-10 | 4.7 | CVE-2026-21899 | https://github.com/nasa/CryptoLib/security/advisories/GHSA-wc29-5hw7-mpj8 https://github.com/nasa/CryptoLib/releases/tag/v1.4.3 |
| Nawawi Jamili–Docket Cache | Missing Authorization vulnerability in Nawawi Jamili Docket Cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Docket Cache: from n/a through 24.07.04. | 2026-01-08 | 4.3 | CVE-2026-22492 | https://patchstack.com/database/wordpress/plugin/docket-cache/vulnerability/wordpress-docket-cache-plugin-24-07-04-broken-access-control-vulnerability?_s_id=cve |
| niklaslindemann–Bulk Landing Page Creator for WordPress LPagery | Missing Authorization vulnerability in niklaslindemann Bulk Landing Page Creator for WordPress LPagery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk Landing Page Creator for WordPress LPagery: from n/a through 2.4.9. | 2026-01-08 | 5.4 | CVE-2026-22490 | https://patchstack.com/database/wordpress/plugin/lpagery/vulnerability/wordpress-bulk-landing-page-creator-for-wordpress-lpagery-plugin-2-4-4-broken-access-control-vulnerability?_s_id=cve |
| ninjateam–FastDup Fastest WordPress Migration & Duplicator | The FastDup – Fastest WordPress Migration & Duplicator plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.7 via the ‘dir_path’ parameter in the ‘njt-fastdup/v1/template/directory-tree’ REST API endpoint. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary directories on the server, which can contain sensitive information. | 2026-01-06 | 6.5 | CVE-2026-0604 | https://www.wordfence.com/threat-intel/vulnerabilities/id/ac97c729-4c75-429b-bbf2-27ca322be1cf?source=cve https://plugins.trac.wordpress.org/browser/fastdup/trunk/includes/Endpoint/TemplateApi.php#L219 https://plugins.trac.wordpress.org/browser/fastdup/tags/2.7/includes/Endpoint/TemplateApi.php#L219 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3432226%40fastdup&new=3432226%40fastdup&sfp_email=&sfph_mail=#file3 |
| nsthemes–NS Ie Compatibility Fixer | The NS IE Compatibility Fixer plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in all versions up to, and including, 2.1.5. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to modify the plugin’s settings via a forged request granted they can trick an administrator into performing an action such as clicking on a link. | 2026-01-07 | 4.3 | CVE-2025-14845 | https://www.wordfence.com/threat-intel/vulnerabilities/id/3c25b462-cb9e-4250-bb17-9f2a0bd7665e?source=cve https://plugins.trac.wordpress.org/browser/ns-ie-compatibility-fixer/tags/2.1.5/ns-admin-options/ns_admin_option_dashboard.php#L29 https://plugins.trac.wordpress.org/browser/ns-ie-compatibility-fixer/tags/2.1.5/ns-admin-options/ns_admin_option_dashboard.php#L30 https://plugins.trac.wordpress.org/browser/ns-ie-compatibility-fixer/tags/2.1.5/ns-admin-options/ns_settings_custom.php#L8 https://developer.wordpress.org/plugins/security/nonces/ https://developer.wordpress.org/reference/functions/wp_verify_nonce/ https://developer.wordpress.org/reference/functions/check_admin_referer/ |
| octobercms–october | October is a Content Management System (CMS) and web platform. Prior to versions 3.7.13 and 4.0.12, a cross-site scripting (XSS) vulnerability was identified in October CMS backend configuration forms. A user with the Global Editor Settings permission could inject malicious HTML/JS into the stylesheet input at Markup Styles. A specially crafted input could break out of the intended <style> context, allowing arbitrary script execution across backend pages for all users. This issue has been patched in versions 3.7.13 and 4.0.12. | 2026-01-10 | 6.1 | CVE-2025-61674 | https://github.com/octobercms/october/security/advisories/GHSA-gxxc-m74c-f48x |
| octobercms–october | October is a Content Management System (CMS) and web platform. Prior to versions 3.7.13 and 4.0.12, a cross-site scripting (XSS) vulnerabilities was identified in October CMS backend configuration forms. A user with the Customize Backend Styles permission could inject malicious HTML/JS into the stylesheet input at Styles from Branding & Appearance settings. A specially crafted input could break out of the intended <style> context, allowing arbitrary script execution across backend pages for all users. This issue has been patched in versions 3.7.13 and 4.0.12. | 2026-01-10 | 6.1 | CVE-2025-61676 | https://github.com/octobercms/october/security/advisories/GHSA-wvpq-h33f-8rp6 |
| openchamp–Simcast | The Simcast plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the settingsPage function. This makes it possible for unauthenticated attackers to modify plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2026-01-07 | 4.3 | CVE-2025-14077 | https://www.wordfence.com/threat-intel/vulnerabilities/id/e3917e1a-c230-46ad-9889-6ab233ecc4d0?source=cve https://plugins.trac.wordpress.org/browser/simcast/trunk/Simcast_OptionsManager.php#L257 https://plugins.trac.wordpress.org/browser/simcast/tags/1.0.0/Simcast_OptionsManager.php#L257 |
| OpenCTI-Platform–opencti | OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.8.3, an open redirect vulnerability exists in the OpenCTI platform’s SAML authentication endpoint (/auth/saml/callback). By manipulating the RelayState parameter, an attacker can force the server to issue a 302 redirect to any external URL, enabling phishing, credential theft, and arbitrary site redirection. This issue has been patched in version 6.8.3. | 2026-01-07 | 5.4 | CVE-2025-61782 | https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-jc3f-c62g-v7qw https://github.com/OpenCTI-Platform/opencti/commit/f755165a26888925c4a58018f7238ff92a0bd378 https://github.com/OpenCTI-Platform/opencti/releases/tag/6.8.3 |
| OPEXUS–eCASE Audit | OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment within the Document Check Out functionality. The JavaScript is executed whenever another user views the Action History Log. Fixed in OPEXUS eCASE Platform 11.14.1.0. | 2026-01-08 | 5.5 | CVE-2026-22231 | url url url |
| OPEXUS–eCASE Audit | OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript in the “A or SIC Number” field within the Project Setup functionality. The JavaScript is executed whenever another user views the project. Fixed in OPEXUS eCASE Audit 11.14.2.0. | 2026-01-08 | 5.5 | CVE-2026-22232 | url url url |
| OPEXUS–eCASE Audit | OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment in the “Estimated Staff Hours” field. The JavaScript is executed whenever another user visits the Project Cost tab. Fixed in OPEXUS eCASE Audit 11.14.2.0. | 2026-01-08 | 5.5 | CVE-2026-22233 | url url url |
| opf–openproject | OpenProject is an open-source, web-based project management software. OpenProject versions prior to version 16.6.3, allowed users with the View Meetings permission on any project, to access meeting details of meetings that belonged to projects, the user does not have access to. This issue has been patched in version 16.6.3. | 2026-01-10 | 4.3 | CVE-2026-22605 | https://github.com/opf/openproject/security/advisories/GHSA-fq4m-pxvm-8x2j https://github.com/opf/openproject/releases/tag/v16.6.3 |
| P5–FNIP-8x16A | P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking authenticated users into loading a specially crafted form. | 2026-01-06 | 4.3 | CVE-2020-36906 | ExploitDB-48362 Official Product Homepage Zero Science Lab Disclosure (ZSL-2020-5564) Packet Storm Security Exploit Entry IBM X-Force Vulnerability Exchange 1 IBM X-Force Vulnerability Exchange 2 VulnCheck Advisory: P5 FNIP-8x16A FNIP-4xSH 1.0.20 Cross-Site Request Forgery via User Management |
| pagup–Bulk Auto Image Alt Text (Alt tag, Alt attribute) optimizer (image SEO) | The BIALTY – Bulk Image Alt Text (Alt tag, Alt Attribute) with Yoast SEO + WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘bialty_cs_alt’ post meta in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor level access and above, to inject arbitrary web scripts in pages that will execute whenever an administrator accesses the post editor. | 2026-01-09 | 6.4 | CVE-2025-15019 | https://www.wordfence.com/threat-intel/vulnerabilities/id/0af219a7-6596-47b2-ab8e-a71f20218759?source=cve https://plugins.trac.wordpress.org/changeset/3431985/bulk-image-alt-text-with-yoast/trunk/admin/views/metabox.view.php |
| pagup–WP Google Street View (with 360 virtual tour) & Google maps + Local SEO | The WP Google Street View (with 360° virtual tour) & Google maps + Local SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpgsv_map’ shortcode in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2026-01-09 | 6.4 | CVE-2026-0563 | https://www.wordfence.com/threat-intel/vulnerabilities/id/2bc8a3fb-176e-4bf0-b96e-6ccb9688254b?source=cve https://plugins.trac.wordpress.org/changeset/3432185/wp-google-street-view/trunk/includes/shortcode.php |
| Parsl–parsl | Parsl is a Python parallel scripting library. A SQL Injection vulnerability exists in the parsl-visualize component of versions prior to 2026.01.05. The application constructs SQL queries using unsafe string formatting (Python % operator) with user-supplied input (workflow_id) directly from URL routes. This allows an unauthenticated attacker with access to the visualization dashboard to inject arbitrary SQL commands, potentially leading to data exfiltration or denial of service against the monitoring database. Version 2026.01.05 fixes the issue. | 2026-01-08 | 5.3 | CVE-2026-21892 | https://github.com/Parsl/parsl/security/advisories/GHSA-f2mf-q878-gh58 https://github.com/Parsl/parsl/commit/013a928461e70f38a33258bd525a351ed828e974 |
| Passionate Brains–GA4WP: Google Analytics for WordPress | Missing Authorization vulnerability in Passionate Brains GA4WP: Google Analytics for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GA4WP: Google Analytics for WordPress: from n/a through 2.10.0. | 2026-01-08 | 5.4 | CVE-2026-22517 | https://patchstack.com/database/wordpress/plugin/ga-for-wp/vulnerability/wordpress-ga4wp-google-analytics-for-wordpress-plugin-2-10-0-broken-access-control-vulnerability?_s_id=cve |
| pencilwp–X Addons for Elementor | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in pencilwp X Addons for Elementor allows DOM-Based XSS.This issue affects X Addons for Elementor: from n/a through 1.0.23. | 2026-01-08 | 6.5 | CVE-2026-22518 | https://patchstack.com/database/wordpress/plugin/x-addons-elementor/vulnerability/wordpress-x-addons-for-elementor-plugin-1-0-23-cross-site-scripting-xss-vulnerability?_s_id=cve |
| PHPGurukul–Online Course Registration System | A vulnerability was determined in PHPGurukul Online Course Registration System up to 3.1. This impacts an unknown function of the file /onlinecourse/admin/manage-students.php. This manipulation of the argument id/cid causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. | 2026-01-08 | 6.3 | CVE-2026-0733 | VDB-340130 | PHPGurukul Online Course Registration System manage-students.php sql injection VDB-340130 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #733328 | PHPGurukul Online Course Registration System ≤ 3.1 SQL Injection Vulnerability Submit #733331 | PHPGurukul Online Course Registration System ≤ 3.1 SQL Injection (Duplicate) https://note-hxlab.wetolink.com/share/cU33RBoPPAF0 https://note-hxlab.wetolink.com/share/Tma34bofeB2L https://phpgurukul.com/ |
| PHPGurukul–Online Course Registration System | A vulnerability was found in PHPGurukul Online Course Registration System up to 3.1. This affects an unknown part of the file /enroll.php. The manipulation of the argument studentregno/Pincode/session/department/level/course/sem results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used. | 2026-01-09 | 6.3 | CVE-2026-0803 | VDB-340255 | PHPGurukul Online Course Registration System enroll.php sql injection VDB-340255 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #733344 | PHPGurukul Online Course Registration System ≤ 3.1 SQL Injection https://note-hxlab.wetolink.com/share/qX132pk8Wofk https://phpgurukul.com/ |
| pichel–WP Js List Pages Shortcodes | The WP Js List Pages Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class’ shortcode attribute in all versions up to, and including, 1.21 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2026-01-07 | 6.4 | CVE-2025-14110 | https://www.wordfence.com/threat-intel/vulnerabilities/id/3f8dced7-cbe1-4d50-9fa0-1cf441dddefa?source=cve https://plugins.trac.wordpress.org/browser/wp-js-list-pages-shortcodes/tags/1.21/js-list-pages-shortcodes.php#L58 https://plugins.trac.wordpress.org/browser/wp-js-list-pages-shortcodes/trunk/js-list-pages-shortcodes.php#L47 https://plugins.trac.wordpress.org/browser/wp-js-list-pages-shortcodes/trunk/js-list-pages-shortcodes.php#L50 https://plugins.trac.wordpress.org/browser/wp-js-list-pages-shortcodes/trunk/js-list-pages-shortcodes.php#L58 |
| POSIMYTH Innovation–The Plus Addons for Elementor Pro | Missing Authorization vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus Addons for Elementor Pro: from n/a before 6.3.7. | 2026-01-07 | 6.5 | CVE-2025-46434 | https://patchstack.com/database/wordpress/plugin/theplus_elementor_addon/vulnerability/wordpress-the-plus-addons-for-elementor-pro-plugin-6-3-7-broken-access-control-vulnerability?_s_id=cve |
| POSIMYTH–The Plus Addons for Elementor Page Builder Lite | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows DOM-Based XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 5.3.3. | 2026-01-05 | 6.5 | CVE-2024-23511 | https://vdp.patchstack.com/database/wordpress/plugin/the-plus-addons-for-elementor-page-builder/vulnerability/wordpress-the-plus-addons-for-elementor-plugin-5-3-3-cross-site-scripting-xss-vulnerability?_s_id=cve |
| pr-gateway–Blog2Social: Social Media Auto Post & Scheduler | The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 8.7.2. This is due to a misconfigured authorization check on the ‘getShipItemFullText’ function which only verifies that a user has the ‘read’ capability (Subscriber-level) and a valid nonce, but fails to verify whether the user has permission to access the specific post being requested. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract data from password-protected, private, or draft posts. | 2026-01-10 | 4.3 | CVE-2025-14943 | https://www.wordfence.com/threat-intel/vulnerabilities/id/7374db91-4e7d-4db2-9c58-bb9bdda5c85d?source=cve https://plugins.trac.wordpress.org/browser/blog2social/trunk/includes/Ajax/Get.php#L243 https://plugins.trac.wordpress.org/browser/blog2social/trunk/includes/Ajax/Get.php?rev=3423620#L252 |
| praveentamil–Sticky Action Buttons | The Sticky Action Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the sabs_options_page_form_submit() function. This makes it possible for unauthenticated attackers to update plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2026-01-07 | 4.3 | CVE-2025-14465 | https://www.wordfence.com/threat-intel/vulnerabilities/id/82b243c7-5b58-4765-9083-4660c0b479cc?source=cve https://plugins.trac.wordpress.org/browser/sticky-action-buttons/tags/1.0/sticky-action-buttons.php#L105 |
| premmerce–Premmerce WooCommerce Customers Manager | The Premmerce WooCommerce Customers Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘money_spent_from’, ‘money_spent_to’, ‘registered_from’, and ‘registered_to’ parameters in all versions up to, and including, 1.1.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick an administrator into performing an action such as clicking on a link. | 2026-01-07 | 6.1 | CVE-2025-13369 | https://www.wordfence.com/threat-intel/vulnerabilities/id/9980ec20-60ae-42eb-a2cd-146e57435398?source=cve https://plugins.trac.wordpress.org/browser/woo-customers-manager/trunk/src/Admin/Admin.php#L135 https://plugins.trac.wordpress.org/browser/woo-customers-manager/tags/1.1.14/src/Admin/Admin.php#L135 https://plugins.trac.wordpress.org/browser/woo-customers-manager/trunk/views/admin/filter.php#L43 https://plugins.trac.wordpress.org/browser/woo-customers-manager/tags/1.1.14/views/admin/filter.php#L43 |
| Project-MONAI–MONAI | MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. In versions up to and including 1.5.1, a Path Traversal (Zip Slip) vulnerability exists in MONAI’s `_download_from_ngc_private()` function. The function uses `zipfile.ZipFile.extractall()` without path validation, while other similar download functions in the same codebase properly use the existing `safe_extract_member()` function. Commit 4014c8475626f20f158921ae0cf98ed259ae4d59 fixes this issue. | 2026-01-07 | 5.3 | CVE-2026-21851 | https://github.com/Project-MONAI/MONAI/security/advisories/GHSA-9rg3-9pvr-6p27 https://github.com/Project-MONAI/MONAI/commit/4014c8475626f20f158921ae0cf98ed259ae4d59 |
| pterodactyl–panel | Pterodactyl is a free, open-source game server management panel. Versions 1.11.11 and below allow TOTP to be used multiple times during its validity window. Users with 2FA enabled are prompted to enter a token during sign-in, and afterward it is not sufficiently marked as used in the system. This allows an attacker who intercepts that token to use it in addition to a known username/password during the 60-second token validity window. The attacker must have intercepted a valid 2FA token (for example, during a screen share). This issue is fixed in version 1.12.0. | 2026-01-06 | 6.5 | CVE-2025-69197 | https://github.com/pterodactyl/panel/security/advisories/GHSA-rgmp-4873-r683 https://github.com/pterodactyl/panel/commit/032bf076d92bb2f929fa69c1bac1b89f26b8badf https://github.com/pterodactyl/panel/releases/tag/v1.12.0 |
| publishpress–Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories | The Schedule Post Changes With PublishPress Future plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.9.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with Contributor-level access and above, to create, update, delete, and publish malicious workflows that may automatically delete any post upon publication or update, including posts created by administrators. | 2026-01-09 | 5.4 | CVE-2025-14718 | https://www.wordfence.com/threat-intel/vulnerabilities/id/8198d81a-40c0-49c1-8c38-f5ef6fb911ad?source=cve https://plugins.trac.wordpress.org/changeset?old_path=/post-expirator/tags/4.9.3/src/Modules/Workflows/Rest/RestApiV1.php&new_path=/post-expirator/tags/4.9.4/src/Modules/Workflows/Rest/RestApiV1.php |
| pypa–virtualenv | virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU (Time-of-Check-Time-of-Use) vulnerabilities in virtualenv allow local attackers to perform symlink-based attacks on directory creation operations. An attacker with local access can exploit a race condition between directory existence checks and creation to redirect virtualenv’s app_data and lock file operations to attacker-controlled locations. This issue has been patched in version 20.36.1. | 2026-01-10 | 4.5 | CVE-2026-22702 | https://github.com/pypa/virtualenv/security/advisories/GHSA-597g-3phw-6986 https://github.com/pypa/virtualenv/pull/3013 https://github.com/pypa/virtualenv/commit/dec4cec5d16edaf83a00a658f32d1e032661cebc |
| Qualcomm, Inc.–Snapdragon | Information disclosure while processing a firmware event. | 2026-01-06 | 6.1 | CVE-2025-47331 | https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2026-bulletin.html |
| Qualcomm, Inc.–Snapdragon | Memory corruption while processing a config call from userspace. | 2026-01-06 | 6.7 | CVE-2025-47332 | https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2026-bulletin.html |
| Qualcomm, Inc.–Snapdragon | Memory corruption while handling buffer mapping operations in the cryptographic driver. | 2026-01-06 | 6.6 | CVE-2025-47333 | https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2026-bulletin.html |
| Qualcomm, Inc.–Snapdragon | Memory corruption while processing shared command buffer packet between camera userspace and kernel. | 2026-01-06 | 6.7 | CVE-2025-47334 | https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2026-bulletin.html |
| Qualcomm, Inc.–Snapdragon | Memory corruption while parsing clock configuration data for a specific hardware type. | 2026-01-06 | 6.7 | CVE-2025-47335 | https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2026-bulletin.html |
| Qualcomm, Inc.–Snapdragon | Memory corruption while performing sensor register read operations. | 2026-01-06 | 6.7 | CVE-2025-47336 | https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2026-bulletin.html |
| Qualcomm, Inc.–Snapdragon | Memory corruption while accessing a synchronization object during concurrent operations. | 2026-01-06 | 6.7 | CVE-2025-47337 | https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2026-bulletin.html |
| Qualcomm, Inc.–Snapdragon | Memory corruption while handling sensor utility operations. | 2026-01-06 | 6.7 | CVE-2025-47344 | https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2026-bulletin.html |
| Qualcomm, Inc.–Snapdragon | Transient DOS while parsing a WLAN management frame with a Vendor Specific Information Element. | 2026-01-06 | 6.5 | CVE-2025-47395 | https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2026-bulletin.html |
| Qualcomm, Inc.–Snapdragon | Transient DOS while parsing video packets received from the video firmware. | 2026-01-06 | 5.5 | CVE-2025-47330 | https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2026-bulletin.html |
| Qualcomm, Inc.–Snapdragon | Information disclosure when a weak hashed value is returned to userland code in response to a IOCTL call to obtain a session ID. | 2026-01-06 | 5.5 | CVE-2025-47369 | https://docs.qualcomm.com/product/publicresources/securitybulletin/january-2026-bulletin.html |
| Quanta Computer–QOCA aim AI Medical Cloud Platform | QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Missing Authorization vulnerability, allowing authenticated remote attackers to modify specific network packet parameters, enabling certain system functions to access other users’ files. | 2026-01-05 | 6.5 | CVE-2025-15235 | https://www.twcert.org.tw/tw/cp-132-10615-157a3-1.html https://www.twcert.org.tw/en/cp-139-10616-cd942-2.html |
| Quanta Computer–QOCA aim AI Medical Cloud Platform | QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents. | 2026-01-05 | 6.5 | CVE-2025-15238 | https://www.twcert.org.tw/tw/cp-132-10615-157a3-1.html https://www.twcert.org.tw/en/cp-139-10616-cd942-2.html |
| Quanta Computer–QOCA aim AI Medical Cloud Platform | QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents. | 2026-01-05 | 6.5 | CVE-2025-15239 | https://www.twcert.org.tw/tw/cp-132-10615-157a3-1.html https://www.twcert.org.tw/en/cp-139-10616-cd942-2.html |
| Quanta Computer–QOCA aim AI Medical Cloud Platform | QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Path Traversal vulnerability, allowing authenticated remote attackers to read folder names under the specified path by exploiting an Absolute Path Traversal vulnerability. | 2026-01-05 | 4.3 | CVE-2025-15236 | https://www.twcert.org.tw/tw/cp-132-10615-157a3-1.html https://www.twcert.org.tw/en/cp-139-10616-cd942-2.html |
| Quanta Computer–QOCA aim AI Medical Cloud Platform | QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Path Traversal vulnerability, allowing authenticated remote attackers to read folder names under the specified path by exploiting an Absolute Path Traversal vulnerability. | 2026-01-05 | 4.3 | CVE-2025-15237 | https://www.twcert.org.tw/tw/cp-132-10615-157a3-1.html https://www.twcert.org.tw/en/cp-139-10616-cd942-2.html |
| quarkusio–quarkus | Quarkus is a Cloud Native, (Linux) Container First framework for writing Java applications. Prior to versions 3.31.0, 3.27.2, and 3.20.5, a vulnerability exists in the HTTP layer of Quarkus REST related to response handling. When a response is being written, the framework waits for previously written response chunks to be fully transmitted before proceeding. If the client connection is dropped during this waiting period, the associated worker thread is never released and becomes permanently blocked. Under sustained or repeated occurrences, this can exhaust the available worker threads, leading to degraded performance, or complete unavailability of the application. This issue has been patched in versions 3.31.0, 3.27.2, and 3.20.5. A workaround involves implementing a health check that monitors the status and saturation of the worker thread pool to detect abnormal thread retention early. | 2026-01-07 | 5.9 | CVE-2025-66560 | https://github.com/quarkusio/quarkus/security/advisories/GHSA-5rfx-cp42-p624 |
| quickjs-ng–quickjs | A vulnerability was identified in quickjs-ng quickjs up to 0.11.0. This issue affects the function js_typed_array_sort of the file quickjs.c. The manipulation leads to heap-based buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. The identifier of the patch is 53eefbcd695165a3bd8c584813b472cb4a69fbf5. To fix this issue, it is recommended to deploy a patch. | 2026-01-10 | 6.3 | CVE-2026-0822 | VDB-340356 | quickjs-ng quickjs quickjs.c js_typed_array_sort heap-based overflow VDB-340356 | CTI Indicators (IOB, IOC, IOA) Submit #731783 | quickjs-ng quickjs v0.11.0 Heap-based Buffer Overflow https://github.com/quickjs-ng/quickjs/issues/1297 https://github.com/quickjs-ng/quickjs/pull/1298 https://github.com/quickjs-ng/quickjs/issues/1297#issue-3780006202 https://github.com/quickjs-ng/quickjs/commit/53eefbcd695165a3bd8c584813b472cb4a69fbf5 |
| RainyGao–DocSys | A vulnerability was detected in RainyGao DocSys up to 2.02.36. The affected element is an unknown function of the file src/com/DocSystem/mapping/GroupMemberMapper.xml. Performing a manipulation of the argument searchWord results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2026-01-09 | 6.3 | CVE-2025-15492 | VDB-340270 | RainyGao DocSys GroupMemberMapper.xml sql injection VDB-340270 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #725373 | https://github.com/RainyGao-GitHub/DocSys/releases/tag/DocSys_V2 RainyGao-GitHub 2.02.36 SQL injection https://github.com/xkalami-Tta0/CVE/blob/main/DocSys/SQL%E6%B3%A8%E5%85%A53.md https://github.com/xkalami-Tta0/CVE/blob/main/DocSys/SQL%E6%B3%A8%E5%85%A53.md#vulnerability-analysis-and-reproduction%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90%E5%A4%8D%E7%8E%B0 |
| RainyGao–DocSys | A flaw has been found in RainyGao DocSys up to 2.02.36. The impacted element is an unknown function of the file src/com/DocSystem/mapping/ReposAuthMapper.xml. Executing a manipulation of the argument searchWord can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2026-01-09 | 6.3 | CVE-2025-15493 | VDB-340271 | RainyGao DocSys ReposAuthMapper.xml sql injection VDB-340271 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #725374 | https://github.com/RainyGao-GitHub/DocSys/releases/tag/DocSys_V2 RainyGao-GitHub 2.02.36 SQL injection https://github.com/xkalami-Tta0/CVE/blob/main/DocSys/sql%E6%B3%A8%E5%85%A52.md https://github.com/xkalami-Tta0/CVE/blob/main/DocSys/sql%E6%B3%A8%E5%85%A52.md#vulnerability-analysis-and-reproduction%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90%E5%A4%8D%E7%8E%B0 |
| RainyGao–DocSys | A vulnerability has been found in RainyGao DocSys up to 2.02.37. This affects an unknown function of the file com/DocSystem/mapping/UserMapper.xml. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2026-01-09 | 6.3 | CVE-2025-15494 | VDB-340272 | RainyGao DocSys UserMapper.xml sql injection VDB-340272 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #725407 | https://github.com/RainyGao-GitHub/DocSys/releases/tag/DocSys_V2 RainyGao-GitHub 2.02.37 SQL injection https://github.com/xkalami-Tta0/CVE/blob/main/DocSys/SQL%E6%B3%A8%E5%85%A52.02.37.md https://github.com/xkalami-Tta0/CVE/blob/main/DocSys/SQL%E6%B3%A8%E5%85%A52.02.37.md#vulnerability-analysis-and-reproduction%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90%E5%A4%8D%E7%8E%B0 |
| Red Hat–Red Hat Build of Keycloak | A flaw was found in Keycloak. The Keycloak Authorization header parser is overly permissive regarding the formatting of the “Bearer” authentication scheme. It accepts non-standard characters (such as tabs) as separators and tolerates case variations that deviate from RFC 6750 specifications. | 2026-01-08 | 5.3 | CVE-2026-0707 | https://access.redhat.com/security/cve/CVE-2026-0707 RHBZ#2427768 |
| remix-run–react-router | React Router is a router for React. In versions 6.0.0 through 6.30.1 and 7.0.0 through 7.9.5, an attacker-supplied path can be crafted so that when a React Router application navigates to it via navigate(), <Link>, or redirect(), the app performs a navigation/redirect to an external URL. This is only an issue if you are passing untrusted content into navigation paths in your application code. This issue has been patched in versions 6.30.2 and 7.9.6. | 2026-01-10 | 6.5 | CVE-2025-68470 | https://github.com/remix-run/react-router/security/advisories/GHSA-9jcx-v3wj-wh4m |
| remix-run–react-router | React Router is a router for React. In @remix-run/server-runtime version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, React Router (or Remix v2) is vulnerable to CSRF attacks on document POST requests to UI routes when using server-side route action handlers in Framework Mode, or when using React Server Actions in the new unstable RSC modes. There is no impact if Declarative Mode (<BrowserRouter>) or Data Mode (createBrowserRouter/<RouterProvider>) is being used. This issue has been patched in @remix-run/server-runtime version 2.17.3 and react-router version 7.12.0. | 2026-01-10 | 6.5 | CVE-2026-22030 | https://github.com/remix-run/react-router/security/advisories/GHSA-h5cw-625j-3rxh |
| roxnor–EmailKit Email Customizer for WooCommerce & WP | The EmailKit plugin for WordPress is vulnerable to Arbitrary File Read via Path Traversal in all versions up to, and including, 1.6.1. This is due to missing path validation in the create_template REST API endpoint where user-controlled input from the emailkit-editor-template parameter is passed directly to file_get_contents() without sanitization. This makes it possible for authenticated attackers with Author-level permissions or higher to read arbitrary files on the server, including sensitive configuration files like /etc/passwd and wp-config.php, via the REST API. The file contents are stored in post meta and can be exfiltrated through MetForm’s email confirmation feature. | 2026-01-07 | 6.5 | CVE-2025-14059 | https://www.wordfence.com/threat-intel/vulnerabilities/id/91ebe8cb-99ec-4380-a77e-17e17144a17e?source=cve https://plugins.trac.wordpress.org/browser/emailkit/trunk/includes/Admin/Api/CheckForm.php#L163 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3419280%40emailkit%2Ftrunk&old=3373383%40emailkit%2Ftrunk&sfp_email=&sfph_mail=#file1 |
| roxnor–Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers | The Popupkit plugin for WordPress is vulnerable to arbitrary subscriber data deletion due to missing authorization on the DELETE `/subscribers` REST API endpoint in all versions up to, and including, 2.2.0. This is due to the `permission_callback` only validating wp_rest nonce without checking user capabilities. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary subscriber records. | 2026-01-06 | 5.3 | CVE-2025-14441 | https://www.wordfence.com/threat-intel/vulnerabilities/id/48f5a44d-d01f-4c41-98da-7c1f6c65c254?source=cve https://plugins.trac.wordpress.org/browser/popup-builder-block/trunk/includes/Routes/Subscribers.php#L77 https://plugins.trac.wordpress.org/browser/popup-builder-block/tags/2.2.0/includes/Routes/Subscribers.php#L77 https://plugins.trac.wordpress.org/browser/popup-builder-block/tags/2.2.0/includes/Routes/Subscribers.php#L64 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3421671%40popup-builder-block&new=3421671%40popup-builder-block&sfp_email=&sfph_mail= |
| rubengc–GamiPress Gamification plugin to reward points, achievements, badges & ranks in WordPress | The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the gamipress_ajax_get_posts and gamipress_ajax_get_users functions in all versions up to, and including, 7.6.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to enumerate users, including their email addresses and to retrieve titles of private posts. | 2026-01-06 | 4.3 | CVE-2025-13812 | https://www.wordfence.com/threat-intel/vulnerabilities/id/acfdd579-0be9-476b-90cd-07f417712691?source=cve https://plugins.trac.wordpress.org/changeset/3430697/ |
| ruhul080–My Album Gallery | The My Album Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style_css’ shortcode attribute in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2026-01-07 | 6.4 | CVE-2025-14453 | https://www.wordfence.com/threat-intel/vulnerabilities/id/64399c1c-ea82-483b-b320-3c6f2cb010b3?source=cve https://plugins.trac.wordpress.org/browser/my-album-gallery/trunk/controllers/public/class-mygallery-shortcode.php#L121 https://plugins.trac.wordpress.org/browser/my-album-gallery/tags/1.0.4/controllers/public/class-mygallery-shortcode.php#L121 |
| ruhul080–My Album Gallery | The My Album Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image titles in all versions up to, and including, 1.0.4. This is due to insufficient input sanitization and output escaping on the ‘attachment->title’ attribute. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2026-01-07 | 6.4 | CVE-2025-14796 | https://www.wordfence.com/threat-intel/vulnerabilities/id/1dd0bb5b-2eb5-46f0-8942-2885b1138b70?source=cve https://plugins.trac.wordpress.org/browser/my-album-gallery/tags/1.0.4/mygallery-single.php#L92 https://plugins.trac.wordpress.org/browser/my-album-gallery/tags/1.0.4/controllers/public/class-mygallery-shortcode.php#L143 |
| RustCrypto–signatures | RustCrypto: Signatures offers support for digital signatures, which provide authentication of data using public-key cryptography. Prior to version 0.1.0-rc.2, a timing side-channel was discovered in the Decompose algorithm which is used during ML-DSA signing to generate hints for the signature. This issue has been patched in version 0.1.0-rc.2. | 2026-01-10 | 6.4 | CVE-2026-22705 | https://github.com/RustCrypto/signatures/security/advisories/GHSA-hcp2-x6j4-29j7 https://github.com/RustCrypto/signatures/pull/1144 https://github.com/RustCrypto/signatures/commit/035d9eef98486ecd00a8bf418c7817eb14dd6558 |
| samikeijonen–EDD Download Info | The EDD Download Info plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘edd_download_info_link’ shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2026-01-07 | 6.4 | CVE-2025-14121 | https://www.wordfence.com/threat-intel/vulnerabilities/id/c0290595-d74d-404e-9d28-75abc9055031?source=cve https://plugins.trac.wordpress.org/browser/edd-download-info/trunk/includes/shortcodes.php#L43 https://plugins.trac.wordpress.org/browser/edd-download-info/tags/1.1/includes/shortcodes.php#L43 |
| Samsung Mobile–Samsung Mobile Devices | Out-of-bounds read in libimagecodec.quram.so prior to SMR Jan-2026 Release 1 allows remote attacker to access out-of-bounds memory. | 2026-01-09 | 5.3 | CVE-2026-20973 | https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=01 |
| Secure Computing–SnapGear Management Console SG560 | SnapGear Management Console SG560 3.1.5 contains a file manipulation vulnerability that allows authenticated users to read, write, and delete files using the edit_config_files CGI script. Attackers can manipulate POST request parameters in /cgi-bin/cgix/edit_config_files to access and modify files outside the intended /etc/config/ directory. | 2026-01-06 | 6.5 | CVE-2020-36909 | ExploitDB-48556 Zero Science Lab Disclosure (ZSL-2020-5568) Packet Storm Security Exploit Entry IBM X-Force Vulnerability Exchange VulnCheck Advisory: Secure Computing SnapGear Management Console SG560 3.1.5 Arbitrary File Read/Write |
| Secure Computing–SnapGear Management Console SG560 | SnapGear Management Console SG560 version 3.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft a malicious web page that automatically submits a form to create a new super user account with full administrative privileges when a logged-in user visits the page. | 2026-01-06 | 5.3 | CVE-2020-36908 | ExploitDB-48554 Zero Science Lab Disclosure (ZSL-2020-5567) Packet Storm Security Exploit Entry IBM X-Force Vulnerability Exchange VulnCheck Advisory: Secure Computing SnapGear Management Console SG560 3.1.5 Cross-Site Request Forgery via Admin Users |
| sergiotoca–STM Gallery 1.9 | The STM Gallery 1.9 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘composicion’ parameter in all versions up to, and including, 0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2026-01-07 | 6.4 | CVE-2025-13848 | https://www.wordfence.com/threat-intel/vulnerabilities/id/393d6e4a-af05-48ac-8921-f298932245a4?source=cve https://plugins.trac.wordpress.org/browser/stm-gallery/trunk/stmgallery_v.0.9.php#L121 https://plugins.trac.wordpress.org/browser/stm-gallery/tags/0.9/stmgallery_v.0.9.php#L121 |
| sfturing–hosp_order | A vulnerability was identified in sfturing hosp_order up to 627f426331da8086ce8fff2017d65b1ddef384f8. Affected by this vulnerability is the function findOrderHosNum of the file /ssm_pro/orderHos/. Such manipulation of the argument hospitalAddress/hospitalName leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way. | 2026-01-05 | 6.3 | CVE-2025-15450 | VDB-339483 | sfturing hosp_order orderHos findOrderHosNum sql injection VDB-339483 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #722925 | https://github.com/sfturing/hosp_order hosp_order latest SQL Injection https://github.com/sfturing/hosp_order/issues/111 https://github.com/sfturing/hosp_order/issues/111#issue-3760306826 |
| sharethis–ShareThis Dashboard for Google Analytics | The ShareThis Dashboard for Google Analytics plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.4. This is due to the Google Analytics client_ID and client_secret being stored in plaintext in the publicly visible plugin source. This can allow unauthenticated attackers to craft a link to the sharethis.com server, which will share an authorization token for Google Analytics with a malicious website, if the attacker can trick an administrator logged into the website and Google Analytics to click the link. | 2026-01-07 | 4.7 | CVE-2025-12540 | https://www.wordfence.com/threat-intel/vulnerabilities/id/6781dcc5-db95-43ca-9042-a3c05414b7e6?source=cve https://plugins.trac.wordpress.org/browser/googleanalytics/trunk/credentials.json?rev=3364575 |
| shoheitanaka–Japanized for WooCommerce | The Japanized for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `order` REST API endpoint in all versions up to, and including, 2.7.17. This makes it possible for unauthenticated attackers to mark any WooCommerce order as processed/completed. | 2026-01-09 | 5.3 | CVE-2025-14886 | https://www.wordfence.com/threat-intel/vulnerabilities/id/4bf3248a-f235-472c-b751-96ac9838b27f?source=cve https://plugins.trac.wordpress.org/browser/woocommerce-for-japan/tags/2.7.17/includes/gateways/paidy/class-wc-paidy-endpoint.php#L51 |
| SigmaPlugin–Advanced Database Cleaner PRO | Path Traversal: ‘…/…//’ vulnerability in SigmaPlugin Advanced Database Cleaner PRO allows Path Traversal.This issue affects Advanced Database Cleaner PRO: from n/a through 3.2.10. | 2026-01-07 | 6.4 | CVE-2025-46256 | https://patchstack.com/database/wordpress/plugin/advanced-database-cleaner-pro/vulnerability/wordpress-advanced-database-cleaner-pro-plugin-3-2-10-limited-txt-path-traversal-vulnerability?_s_id=cve |
| sigstore–cosign | Cosign provides code signing and transparency for containers and binaries. Prior to versions 2.6.2 and 3.0.4, Cosign bundle can be crafted to successfully verify an artifact even if the embedded Rekor entry does not reference the artifact’s digest, signature or public key. When verifying a Rekor entry, Cosign verifies the Rekor entry signature, and also compares the artifact’s digest, the user’s public key from either a Fulcio certificate or provided by the user, and the artifact signature to the Rekor entry contents. Without these comparisons, Cosign would accept any response from Rekor as valid. A malicious actor that has compromised a user’s identity or signing key could construct a valid Cosign bundle by including any arbitrary Rekor entry, thus preventing the user from being able to audit the signing event. This issue has been patched in versions 2.6.2 and 3.0.4. | 2026-01-10 | 5.5 | CVE-2026-22703 | https://github.com/sigstore/cosign/security/advisories/GHSA-whqx-f9j3-ch6m https://github.com/sigstore/cosign/pull/4623 https://github.com/sigstore/cosign/commit/6832fba4928c1ad69400235bbc41212de5006176 |
| smjrifle–SVG Map Plugin | The SVG Map Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on multiple AJAX actions including ‘save_data’, ‘delete_data’, and ‘add_popup’. This makes it possible for unauthenticated attackers to update the plugin’s settings, delete map data, and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2026-01-07 | 6.1 | CVE-2025-13519 | https://www.wordfence.com/threat-intel/vulnerabilities/id/5aaa97cc-4deb-43b6-957d-587834eca125?source=cve https://plugins.trac.wordpress.org/browser/svg-map-by-saedi/trunk/svg-map-by-saedi.php#L90 https://plugins.trac.wordpress.org/browser/svg-map-by-saedi/tags/1.0.0/svg-map-by-saedi.php#L90 |
| SOCA Technology Co., Ltd–SOCA Access Control System | SOCA Access Control System 180612 contains a cross-site scripting vulnerability in the ‘senddata’ POST parameter of logged_page.php that allows attackers to inject malicious scripts. Attackers can exploit this weakness by sending crafted POST requests to execute arbitrary HTML and script code in a victim’s browser session. | 2026-01-07 | 6.1 | CVE-2019-25270 | Zero Science Lab Vulnerability Entry Packet Storm Security Exploit Entry CXSecurity Vulnerability Listing IBM X-Force Vulnerability Exchange SOCA Vendor Homepage |
| soniz–Curved Text | The Curved Text plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘radius’ parameter of the arctext shortcode in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2026-01-09 | 6.4 | CVE-2025-13854 | https://www.wordfence.com/threat-intel/vulnerabilities/id/48514fdb-20c6-4a7f-8f60-e532ddd8853e?source=cve https://plugins.trac.wordpress.org/browser/curved-text/trunk/curved-text.php#L32 https://plugins.trac.wordpress.org/browser/curved-text/tags/0.1/curved-text.php#L32 |
| spree–spree | Spree is an open source e-commerce solution built with Ruby on Rails. Prior to versions 4.10.2, 5.0.7, 5.1.9, and 5.2.5, an Authenticated Insecure Direct Object Reference (IDOR) vulnerability was identified that allows an authenticated user to retrieve other users’ address information by modifying an existing order. By editing an order they legitimately own and manipulating address identifiers in the request, the backend server accepts and processes references to addresses belonging to other users, subsequently associating those addresses with the attacker’s order and returning them in the response. This issue has been patched in versions 4.10.2, 5.0.7, 5.1.9, and 5.2.5. | 2026-01-08 | 6.5 | CVE-2026-22588 | https://github.com/spree/spree/security/advisories/GHSA-g268-72p7-9j6j https://github.com/spree/spree/commit/02acabdce2c5f14fd687335b068d901a957a7e72 https://github.com/spree/spree/commit/17e78a91b736b49dbea8d1bb1223c284383ee5f3 https://github.com/spree/spree/commit/b409c0fd327e7ce37f63238894670d07079eefe8 https://github.com/spree/spree/commit/d3f961c442e0015661535cbd6eb22475f76d2dc7 |
| spwebguy–Responsive Pricing Table | The Responsive Pricing Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘plan_icons’ parameter in all versions up to, and including, 5.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2026-01-07 | 6.4 | CVE-2025-13418 | https://www.wordfence.com/threat-intel/vulnerabilities/id/5d28fd23-fa86-4353-b1b4-af61192f8482?source=cve https://wordpress.org/plugins/dk-pricr-responsive-pricing-table/ |
| spwebguy–Responsive Pricing Table | The Responsive Pricing Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘table_currency’ parameter in all versions up to, and including, 5.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2026-01-07 | 6.4 | CVE-2025-15058 | https://www.wordfence.com/threat-intel/vulnerabilities/id/e20a34e5-6c1c-4f12-b1d8-aa4b40a5dd00?source=cve https://wordpress.org/plugins/dk-pricr-responsive-pricing-table/ |
| stevejburge–TaxoPress: Tag, Category, and Taxonomy Manager AI Autotagger | The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the taxopress_ai_add_post_term function in all versions up to, and including, 3.41.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to add or remove taxonomy terms (tags, categories) on any post, including ones they do not own. | 2026-01-06 | 4.3 | CVE-2025-14371 | https://www.wordfence.com/threat-intel/vulnerabilities/id/1ef51ffb-df1e-442d-abc8-3a0308099a0b?source=cve https://plugins.trac.wordpress.org/browser/simple-tags/tags/3.40.1/modules/taxopress-ai/classes/TaxoPressAiAjax.php#L681 |
| stylemix–MasterStudy LMS WordPress Plugin for Online Courses and Education | The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to unauthorized modification and deletion of data due to a missing capability checks on multiple REST API endpoints in all versions up to, and including, 3.7.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload or delete arbitrary media files, delete or modify posts, and create/manage course templates | 2026-01-06 | 5.4 | CVE-2025-13766 | https://www.wordfence.com/threat-intel/vulnerabilities/id/2719739a-90dc-470b-9270-8578e0cead59?source=cve https://plugins.trac.wordpress.org/changeset/3422825/ |
| techjewel–Fluent Forms Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder | The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.1.7. This is due to missing capability checks on the `fluentform_ai_create_form` AJAX action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create arbitrary forms via the publicly exposed AI builder. | 2026-01-07 | 5.3 | CVE-2025-13722 | https://www.wordfence.com/threat-intel/vulnerabilities/id/f7dbf179-7099-4dfb-8dad-780f996a7005?source=cve https://plugins.trac.wordpress.org/changeset/3406804/fluentform/tags/6.1.8/app/Modules/Ai/AiFormBuilder.php |
| Tenda–AC1206 | A vulnerability was determined in Tenda AC1206 15.03.06.23. Affected by this issue is the function formBehaviorManager of the file /goform/BehaviorManager of the component httpd. Executing a manipulation of the argument modulename/option/data/switch can lead to command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. | 2026-01-05 | 6.3 | CVE-2026-0581 | VDB-339473 | Tenda AC1206 httpd BehaviorManager formBehaviorManager command injection VDB-339473 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #731193 | Tenda AC1206 AC1206V1.0RTL_V15.03.06.23 Command Injection https://github.com/ccc-iotsec/cve-/blob/Tenda/Tenda%20AC1206%E5%91%BD%E4%BB%A4%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md https://www.tenda.com.cn/ |
| tfrommen–Page Keys | The Page Keys plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘page_key’ parameter in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2026-01-07 | 4.4 | CVE-2025-15000 | https://www.wordfence.com/threat-intel/vulnerabilities/id/2d3863ec-0cc7-4128-a19e-fc1e2c31195e?source=cve https://plugins.trac.wordpress.org/browser/page-keys/tags/1.3.3/inc/ListTable.php#L260 |
| themehigh–Email Customizer for WooCommerce | Drag and Drop Email Templates Builder | The Email Customizer for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email template content in all versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in email templates that will execute when customers view transactional emails. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2026-01-07 | 4.4 | CVE-2025-13974 | https://www.wordfence.com/threat-intel/vulnerabilities/id/c6927b4f-f47e-47fc-a5bf-b7fa42c31412?source=cve https://plugins.trac.wordpress.org/browser/email-customizer-for-woocommerce/tags/2.6.7/classes/inc/class-wecmf-general-template.php#L213 https://plugins.trac.wordpress.org/browser/email-customizer-for-woocommerce/trunk/classes/inc/class-wecmf-general-template.php#L213 |
| ThemeHunk–Oneline Lite | Missing Authorization vulnerability in ThemeHunk Oneline Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Oneline Lite: from n/a through 6.6. | 2026-01-07 | 4.3 | CVE-2025-69344 | https://patchstack.com/database/wordpress/theme/oneline-lite/vulnerability/wordpress-oneline-lite-theme-6-6-broken-access-control-vulnerability?_s_id=cve |
| themelocation–WP Popup Magic | The WP Popup Magic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter of the [wppum_end] shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2026-01-09 | 6.4 | CVE-2025-13900 | https://www.wordfence.com/threat-intel/vulnerabilities/id/c11a5f07-de89-47ec-a92e-2adc75965648?source=cve https://plugins.trac.wordpress.org/browser/wppopupmagic/trunk/class-wppum-frontend.php#L622 https://plugins.trac.wordpress.org/browser/wppopupmagic/tags/1.0.0/class-wppum-frontend.php#L622 |
| themeum–Tutor LMS eLearning and online course solution | The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_order_by_id() function in all versions up to, and including, 3.9.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to enumerate order IDs and exfiltrate sensitive data (PII), such as student name, email address, phone number, and billing address. | 2026-01-08 | 6.5 | CVE-2025-13679 | https://www.wordfence.com/threat-intel/vulnerabilities/id/0830d0c3-99c0-423e-99ab-f0c1cbec52d9?source=cve https://plugins.trac.wordpress.org/changeset/3422766/tutor/tags/3.9.4/ecommerce/OrderController.php |
| themeum–Tutor LMS eLearning and online course solution | The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized modification and deletion of data due to a missing capability check on the ‘bulk_action_handler’ and ‘coupon_permanent_delete’ functions in all versions up to, and including, 3.9.3. This makes it possible for authenticated attackers, with subscriber level access and above, to delete, activate, deactivate, or trash arbitrary coupons. | 2026-01-09 | 4.3 | CVE-2025-13628 | https://www.wordfence.com/threat-intel/vulnerabilities/id/46f71f7b-7326-47b6-a23a-68a40f5bb56b?source=cve https://plugins.trac.wordpress.org/changeset/3422766/tutor/trunk/ecommerce/CouponController.php |
| themeum–Tutor LMS eLearning and online course solution | The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized course enrollment in all versions up to, and including, 3.9.3. This is due to a missing capability check and purchasability validation in the `course_enrollment()` AJAX handler. This makes it possible for authenticated attackers, with subscriber level access and above, to enroll themselves in any course without going through the proper purchase flow. | 2026-01-09 | 4.3 | CVE-2025-13934 | https://www.wordfence.com/threat-intel/vulnerabilities/id/5de212c9-5c2e-4713-b1ce-022dd84520c3?source=cve https://plugins.trac.wordpress.org/changeset/3422766/tutor/trunk/classes/Course.php |
| themeum–Tutor LMS eLearning and online course solution | The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized course completion in all versions up to, and including, 3.9.2. This is due to missing enrollment verification in the ‘mark_course_complete’ function. This makes it possible for authenticated attackers, with subscriber level access and above, to mark any course as completed. | 2026-01-09 | 4.3 | CVE-2025-13935 | https://www.wordfence.com/threat-intel/vulnerabilities/id/7b8b111a-9626-41f4-8a13-51f576af0257?source=cve https://plugins.trac.wordpress.org/changeset/3422766/tutor/trunk/classes/Course.php |
| thimpress–LearnPress WordPress LMS Plugin | The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catch_lp_ajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to modify course contents by adding/removing/updating/re-ordering sections or modifying section items. | 2026-01-06 | 5.3 | CVE-2025-13964 | https://www.wordfence.com/threat-intel/vulnerabilities/id/ae363511-8a1f-476a-9851-61f7763428c2?source=cve https://plugins.trac.wordpress.org/browser/learnpress/tags/4.3.1/inc/Ajax/EditCurriculumAjax.php#L52 https://plugins.trac.wordpress.org/browser/learnpress/tags/4.3.1/inc/Ajax/AbstractAjax.php#L18 |
| thimpress–LearnPress WordPress LMS Plugin | The LearnPress – WordPress LMS Plugin for WordPress is vulnerable to unauthorized file deletion in versions up to, and including, 4.3.2.2 via the /wp-json/lp/v1/material/{file_id} REST API endpoint. This is due to a parameter mismatch between the DELETE operation and authorization check, where the endpoint uses file_id from the URL path but the permission callback validates item_id from the request body. This makes it possible for authenticated attackers, with teacher-level access, to delete arbitrary lesson material files uploaded by other teachers via sending a DELETE request with their own item_id (to pass authorization) while targeting another teacher’s file_id. | 2026-01-07 | 5.4 | CVE-2025-14802 | https://www.wordfence.com/threat-intel/vulnerabilities/id/884c4508-1ee1-4384-9fc2-29e2c9042426?source=cve https://plugins.trac.wordpress.org/browser/learnpress/tags/4.3.2.1/inc/rest-api/v1/frontend/class-lp-rest-material-controller.php#L527 https://plugins.trac.wordpress.org/browser/learnpress/tags/4.3.2.1/inc/rest-api/v1/frontend/class-lp-rest-material-controller.php#L405 https://plugins.trac.wordpress.org/browser/learnpress/tags/4.3.2.1/inc/rest-api/v1/frontend/class-lp-rest-material-controller.php#L77 https://plugins.trac.wordpress.org/browser/learnpress/tags/4.3.2.3/inc/rest-api/v1/frontend/class-lp-rest-material-controller.php#L403 |
| ThimPress–Thim Core | Cross-Site Request Forgery (CSRF) vulnerability in ThimPress Thim Core allows Cross Site Request Forgery.This issue affects Thim Core: from n/a through 2.3.3. | 2026-01-05 | 4.3 | CVE-2025-53344 | https://vdp.patchstack.com/database/wordpress/plugin/thim-core/vulnerability/wordpress-thim-core-plugin-plugin-2-3-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve |
| tomiup–WP Recipe Manager | The WP Recipe Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Skill Level’ input field in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2026-01-07 | 6.4 | CVE-2025-13667 | https://www.wordfence.com/threat-intel/vulnerabilities/id/12b14418-28f0-4786-b8f8-a637fe007b6c?source=cve https://plugins.trac.wordpress.org/browser/wp-recipe-manager/trunk/inc/libs/class.metaboxes.php#L203 https://plugins.trac.wordpress.org/browser/wp-recipe-manager/tags/1.0.0/inc/libs/class.metaboxes.php#L203 |
| top-position–Top Position Google Finance | The Top Position Google Finance plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER[‘PHP_SELF’]` variable in all versions up to, and including, 0.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2026-01-09 | 6.1 | CVE-2025-13895 | https://www.wordfence.com/threat-intel/vulnerabilities/id/fcbf81f8-8b33-4b83-91fb-626b7b5f3bb2?source=cve https://plugins.trac.wordpress.org/browser/top-position-google-finance/trunk/top-position-google-finance.php#L78 https://plugins.trac.wordpress.org/browser/top-position-google-finance/trunk/top-position-google-finance.php#L56 |
| TOTOLINK–WA1200 | A vulnerability has been found in TOTOLINK WA1200 5.9c.2914. The impacted element is an unknown function of the file cstecgi.cgi of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. | 2026-01-08 | 5.3 | CVE-2026-0731 | VDB-340128 | TOTOLINK WA1200 HTTP Request cstecgi.cgi null pointer dereference VDB-340128 | CTI Indicators (IOB, IOC, IOA) Submit #733249 | TOTOLINK WA1200 V5.9c.2914 NULL Pointer Dereference https://github.com/JackWesleyy/CVE/blob/main/WA1200/TOTOLINK%20WA1200%20NULL%20Pointer%20Dereference%20Vulnerability.md https://github.com/JackWesleyy/CVE/blob/main/WA1200/TOTOLINK%20WA1200%20NULL%20Pointer%20Dereference%20Vulnerability.md#poc https://www.totolink.net/ |
| TOTOLINK–WA300 | A security vulnerability has been detected in TOTOLINK WA300 5.2cu.7112_B20190227. This vulnerability affects the function sub_401510 of the file cstecgi.cgi. The manipulation of the argument UPLOAD_FILENAME leads to command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. | 2026-01-06 | 6.3 | CVE-2026-0641 | VDB-339684 | TOTOLINK WA300 cstecgi.cgi sub_401510 command injection VDB-339684 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #732234 | TOTOLINK WA300 V5.2cu.7112_B20190227 Command Injection https://github.com/JackWesleyy/CVE/blob/main/WA300/TOTOLINK_WA300_RCE.md https://github.com/JackWesleyy/CVE/blob/main/WA300/TOTOLINK_WA300_RCE.md#poc https://www.totolink.net/ |
| tox-dev–filelock | filelock is a platform-independent file lock for Python. Prior to version 3.20.3, a TOCTOU race condition vulnerability exists in the SoftFileLock implementation of the filelock package. An attacker with local filesystem access and permission to create symlinks can exploit a race condition between the permission validation and file creation to cause lock operations to fail or behave unexpectedly. The vulnerability occurs in the _acquire() method between raise_on_not_writable_file() (permission check) and os.open() (file creation). During this race window, an attacker can create a symlink at the lock file path, potentially causing the lock to operate on an unintended target file or leading to denial of service. This issue has been patched in version 3.20.3. | 2026-01-10 | 5.3 | CVE-2026-22701 | https://github.com/tox-dev/filelock/security/advisories/GHSA-qmgc-5h2g-mvrw https://github.com/tox-dev/filelock/commit/255ed068bc85d1ef406e50a135e1459170dd1bf0 https://github.com/tox-dev/filelock/commit/41b42dd2c72aecf7da83dbda5903b8087dddc4d5 |
| TryGhost–Ghost | Ghost is a Node.js content management system. In versions 5.90.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s /ghost/api/admin/members/events endpoint allows users with authentication credentials for the Admin API to execute arbitrary SQL. This issue has been patched in versions 5.130.6 and 6.11.0. | 2026-01-10 | 6.7 | CVE-2026-22596 | https://github.com/TryGhost/Ghost/security/advisories/GHSA-gjrp-xgmh-x9qq https://github.com/TryGhost/Ghost/commit/cda236e455a7a30e828b6cba3c430e5796ded955 https://github.com/TryGhost/Ghost/commit/f2165f968bcdaae0e35590b38fa280ab03239391 |
| tugbucket–Multi-column Tag Map | The Multi-column Tag Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 17.0.39 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2026-01-07 | 4.4 | CVE-2025-14057 | https://www.wordfence.com/threat-intel/vulnerabilities/id/f151cb44-499e-4b08-80fb-0a573594d624?source=cve https://plugins.trac.wordpress.org/browser/multi-column-tag-map/trunk/mctagmap_functions.php#L1845 https://plugins.trac.wordpress.org/browser/multi-column-tag-map/tags/17.0.39/mctagmap_functions.php#L1845 https://plugins.trac.wordpress.org/browser/multi-column-tag-map/tags/17.0.39/mctagmap-options.php#L65 |
| Ubiquiti Inc–UniFi Connect EV Station Lite | An Improper Access Control could allow a malicious actor in Wi-Fi range to the EV Station Lite (v1.5.2 and earlier) to use WiFi AutoLink feature on a device that was only adopted via Ethernet. | 2026-01-05 | 5.3 | CVE-2026-21635 | https://community.ui.com/releases/Security-Advisory-Bulletin-059/0c0b7f7a-68b7-41b9-987e-554f4b40e0e6 |
| Ubiquiti Inc–UniFi Protect Application | A malicious actor with access to the adjacent network could overflow the UniFi Protect Application (Version 6.1.79 and earlier) discovery protocol causing it to restart. Affected Products: UniFi Protect Application (Version 6.1.79 and earlier). Mitigation: Update your UniFi Protect Application to Version 6.2.72 or later. | 2026-01-05 | 6.5 | CVE-2026-21634 | https://community.ui.com/releases/Security-Advisory-Bulletin-058-058/6922ff20-8cd7-4724-8d8c-676458a2d0f9 |
| ultimatemember–ForumWP Forum & Discussion Board | The ForumWP – Forum & Discussion Board plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the User’s Display Name in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2026-01-06 | 6.4 | CVE-2025-13746 | https://www.wordfence.com/threat-intel/vulnerabilities/id/f0eb6dc5-98e2-4d88-98f8-8a63c939b047?source=cve https://plugins.trac.wordpress.org/browser/forumwp/tags/2.1.5/assets/front/js/tooltip.js#L25 https://plugins.trac.wordpress.org/browser/forumwp/tags/2.1.5/includes/common/class-user.php#L906 https://plugins.trac.wordpress.org/browser/forumwp/tags/2.1.5/templates/user-card.php#L57 |
| viitorcloudvc–Viitor Button Shortcodes | The Viitor Button Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ shortcode attribute in all versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2026-01-07 | 6.4 | CVE-2025-14113 | https://www.wordfence.com/threat-intel/vulnerabilities/id/61488a15-b49f-4381-9a35-746c39f25967?source=cve https://plugins.trac.wordpress.org/browser/viitor-shortcodes/trunk/includes/class-ww-vcsc-shortcodes.php#L51 https://plugins.trac.wordpress.org/browser/viitor-shortcodes/tags/3.0.0/includes/class-ww-vcsc-shortcodes.php#L51 |
| vikasratudi–Page Expire Popup/Redirection for WordPress | The Page Expire Popup/Redirection for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ shortcode attribute in all versions up to, and including, 1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Author-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2026-01-06 | 6.5 | CVE-2025-14153 | https://www.wordfence.com/threat-intel/vulnerabilities/id/b0c232b2-f7c8-4a8d-b282-72f61ecfc5da?source=cve https://plugins.trac.wordpress.org/browser/page-expire-popup/trunk/inc/vfpageexpirepopupstructure.php#L8 https://plugins.trac.wordpress.org/browser/page-expire-popup/tags/1.0/inc/vfpageexpirepopupstructure.php#L8 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3427583%40page-expire-popup&new=3427583%40page-expire-popup&sfp_email=&sfph_mail= |
| vllm-project–vllm | vLLM is an inference and serving engine for large language models (LLMs). In versions from 0.6.4 to before 0.12.0, users can crash the vLLM engine serving multimodal models that use the Idefics3 vision model implementation by sending a specially crafted 1×1 pixel image. This causes a tensor dimension mismatch that results in an unhandled runtime error, leading to complete server termination. This issue has been patched in version 0.12.0. | 2026-01-10 | 6.5 | CVE-2026-22773 | https://github.com/vllm-project/vllm/security/advisories/GHSA-grg2-63fw-f2qr |
| wedevs–weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot | The weDocs plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.15 via the `/wp-json/wp/v2/docs/settings` REST API endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including third party services API keys. | 2026-01-09 | 5.3 | CVE-2025-14574 | https://www.wordfence.com/threat-intel/vulnerabilities/id/cbca3d1e-0985-43d3-855e-eee07715f670?source=cve https://plugins.trac.wordpress.org/changeset?old_path=/wedocs/tags/2.1.15&new_path=/wedocs/tags/2.1.16#file12 |
| wisdmlabs–AI BotKit AI Chatbot & Live Support for WordPress (No-Code) | The AI BotKit – AI Chatbot & Live Support for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in the `ai_botkit_widget` shortcode in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2026-01-07 | 6.4 | CVE-2025-13887 | https://www.wordfence.com/threat-intel/vulnerabilities/id/5659af1d-f248-46ff-b282-ef5397222d8d?source=cve https://plugins.trac.wordpress.org/browser/ai-botkit-for-lead-generation/trunk/includes/public/class-shortcode-handler.php#L42 https://plugins.trac.wordpress.org/browser/ai-botkit-for-lead-generation/tags/1.1.7/includes/public/class-shortcode-handler.php#L42 |
| woodpeckerleadform–Woodpecker for WordPress | The Woodpecker for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘form_name’ parameter of the [woodpecker-connector] shortcode in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2026-01-09 | 6.4 | CVE-2025-13967 | https://www.wordfence.com/threat-intel/vulnerabilities/id/1d99c8a8-daeb-402b-990d-6bacf6e9a780?source=cve https://plugins.trac.wordpress.org/browser/woodpecker/trunk/public/class-wfw-public.php#L109 https://plugins.trac.wordpress.org/browser/woodpecker/tags/3.0.4/public/class-wfw-public.php#L109 https://plugins.trac.wordpress.org/browser/woodpecker/trunk/public/partials/wfw-public-shortcode.php#L39 https://plugins.trac.wordpress.org/browser/woodpecker/tags/3.0.4/public/partials/wfw-public-shortcode.php#L39 |
| WP Swings–Wallet System for WooCommerce | Insertion of Sensitive Information Into Sent Data vulnerability in WP Swings Wallet System for WooCommerce allows Retrieve Embedded Sensitive Data.This issue affects Wallet System for WooCommerce: from n/a through 2.7.2. | 2026-01-05 | 6.3 | CVE-2025-68029 | https://vdp.patchstack.com/database/wordpress/plugin/wallet-system-for-woocommerce/vulnerability/wordpress-wallet-system-for-woocommerce-plugin-2-7-1-sensitive-data-exposure-vulnerability?_s_id=cve |
| wpcommerz–twinklesmtp Email Service Provider For WordPress | The twinklesmtp – Email Service Provider For WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin’s sender settings in all versions up to, and including, 1.03 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2026-01-07 | 4.4 | CVE-2025-14887 | https://www.wordfence.com/threat-intel/vulnerabilities/id/223d62cc-61ee-4818-9521-a772c1d57d59?source=cve https://plugins.trac.wordpress.org/browser/twinklesmtp/tags/1.0.3/backend/templates/views/settings/sender/default.php#L32 https://plugins.trac.wordpress.org/browser/twinklesmtp/tags/1.0.3/backend/templates/views/settings/sender/default.php#L46 https://plugins.trac.wordpress.org/browser/twinklesmtp/tags/1.0.3/backend/templates/views/settings/sender/default.php#L50 https://plugins.trac.wordpress.org/browser/twinklesmtp/tags/1.0.3/backend/templates/views/settings/sender/default.php#L84 https://plugins.trac.wordpress.org/browser/twinklesmtp/tags/1.0.3/backend/templates/views/settings/sender/default.php#L88 https://plugins.trac.wordpress.org/browser/twinklesmtp/tags/1.0.3/backend/templates/views/settings/sender/default.php#L36 |
| wpdevart–Countdown Timer Widget Countdown | The Countdown Timer – Widget Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘wpdevart_countdown’ shortcode in all versions up to, and including, 2.7.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2026-01-10 | 6.4 | CVE-2025-14555 | https://www.wordfence.com/threat-intel/vulnerabilities/id/ee84c720-7997-4c09-a2f9-5e1a28bd1100?source=cve https://plugins.trac.wordpress.org/browser/widget-countdown/trunk/includes/front_end.php#L167 https://plugins.trac.wordpress.org/browser/widget-countdown/trunk/includes/front_end.php#L48 https://plugins.trac.wordpress.org/browser/widget-countdown/trunk/includes/front_end.php#L30 https://plugins.trac.wordpress.org/changeset/3425959/ |
| wpdevelop–Booking Calendar | The Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 10.14.10 via the `WPBC_FLEXTIMELINE_NAV` AJAX action. This is due to the nonce verification being conditionally disabled by default (`booking_is_nonce_at_front_end` option is `’Off’` by default). When the `booking_is_show_popover_in_timeline_front_end` option is enabled (which is the default in demo installations and can be enabled by administrators), it is possible for unauthenticated attackers to extract sensitive booking data including customer names, email addresses, phone numbers, and booking details. | 2026-01-09 | 5.3 | CVE-2025-14146 | https://www.wordfence.com/threat-intel/vulnerabilities/id/281a1c0e-bbd8-4cf6-94ca-b888c7d7e3af?source=cve https://plugins.trac.wordpress.org/browser/booking/tags/10.14.8/core/lib/wpbc-ajax.php#L29 https://plugins.trac.wordpress.org/browser/booking/tags/10.14.8/includes/_functions/nonce_func.php#L33 https://plugins.trac.wordpress.org/browser/booking/tags/10.14.8/core/wpbc-activation.php#L572 https://plugins.trac.wordpress.org/browser/booking/tags/10.14.8/core/timeline/v2/wpbc-class-timeline_v2.php#L3187 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3434934%40booking%2Ftrunk&old=3432649%40booking%2Ftrunk&sfp_email=&sfph_mail=#file2 |
| wpdevteam–BetterDocs Knowledge Base Documentation & FAQ Solution for Elementor & Block Editor | The BetterDocs plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.3 via the scripts() function. This makes it possible for authenticated attackers, with contributor-level access and above, to extract sensitive data including the OpenAI API key stored in plugin settings. | 2026-01-09 | 6.5 | CVE-2025-14980 | https://www.wordfence.com/threat-intel/vulnerabilities/id/1595f231-d300-484a-a0e1-1e2bc7b82ed3?source=cve https://research.cleantalk.org/cve-2025-14980/ https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3430424%40betterdocs%2Ftags%2F4.3.4&old=3422660%40betterdocs%2Ftrunk |
| wpdevteam–Templately Elementor & Gutenberg Template Library: 6500+ Free & Pro Ready Templates And Cloud! | The Templately plugin for WordPress is vulnerable to Arbitrary File Write in all versions up to, and including, 3.4.8. This is due to inadequate input validation in the `save_template_to_file()` function where user-controlled parameters like `session_id`, `content_id`, and `ai_page_ids` are used to construct file paths without proper sanitization. This makes it possible for unauthenticated attackers to write arbitrary `.ai.json` files to locations within the uploads directory. | 2026-01-10 | 5.3 | CVE-2026-0831 | https://www.wordfence.com/threat-intel/vulnerabilities/id/778242f4-5dfa-4d72-a032-8b5521c5b8ce?source=cve https://plugins.trac.wordpress.org/browser/templately/tags/3.4.5/includes/Core/Importer/Utils/AIUtils.php#L414 https://plugins.trac.wordpress.org/browser/templately/tags/3.4.5/includes/API/AIContent.php#L38 https://plugins.trac.wordpress.org/changeset/3426051/ |
| wpeverest–User Registration & Membership Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin | The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.4.8. This is due to missing or incorrect nonce validation on the ‘process_row_actions’ function with the ‘delete’ action. This makes it possible for unauthenticated attackers to delete arbitrary post via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2026-01-10 | 5.4 | CVE-2025-14976 | https://www.wordfence.com/threat-intel/vulnerabilities/id/e5495b4c-a1ac-4860-83a7-686d9436d983?source=cve https://plugins.trac.wordpress.org/browser/user-registration/tags/4.4.8/includes/abstracts/abstract-ur-list-table.php#L290 https://plugins.trac.wordpress.org/changeset/3435099/user-registration |
| wpmudev–Forminator Forms Contact Form, Payment Form & Custom Form Builder | The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.49.1 via the ‘listen_for_csv_export’ function. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with access to the Forminator dashboard, to export sensitive form submission data including personally identifiable information. | 2026-01-09 | 5.3 | CVE-2025-14782 | https://www.wordfence.com/threat-intel/vulnerabilities/id/2b28ddeb-44f5-4d19-b866-94fc2088ee6d?source=cve https://plugins.trac.wordpress.org/changeset/3423003/forminator/trunk/library/class-export.php |
| WPShop.ru–AdsPlace’r Ad Manager, Inserter, AdSense Ads | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in WPShop.Ru AdsPlace’r – Ad Manager, Inserter, AdSense Ads allows DOM-Based XSS.This issue affects AdsPlace’r – Ad Manager, Inserter, AdSense Ads: from n/a through 1.1.5. | 2026-01-06 | 6.5 | CVE-2024-31088 | https://patchstack.com/database/wordpress/plugin/adsplacer/vulnerability/wordpress-adsplace-r-ad-manager-inserter-adsense-ads-plugin-1-1-5-cross-site-scripting-xss-vulnerability?_s_id=cve |
| wptb–WP Table Builder Drag & Drop Table Builder | The WP Table Builder – Drag & Drop Table Builder plugin for WordPress is vulnerable to unauthorized modification of data due to an incorrect authorization check on the save_table() function in all versions up to, and including, 2.0.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create new wptb-table posts. | 2026-01-09 | 4.3 | CVE-2025-13753 | https://www.wordfence.com/threat-intel/vulnerabilities/id/95f49080-2263-4f6d-9372-30137efd8e10?source=cve https://plugins.trac.wordpress.org/changeset/3432381/wp-table-builder |
| Wptexture–Image Slider Slideshow | Authorization Bypass Through User-Controlled Key vulnerability in Wptexture Image Slider Slideshow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Slider Slideshow: from n/a through 1.8. | 2026-01-08 | 4.3 | CVE-2026-22489 | https://patchstack.com/database/wordpress/plugin/image-slider-slideshow/vulnerability/wordpress-image-slider-slideshow-plugin-1-8-insecure-direct-object-references-idor-vulnerability?_s_id=cve |
| WPvibes–AnyWhere Elementor Pro | Missing Authorization vulnerability in WPvibes AnyWhere Elementor Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyWhere Elementor Pro: from n/a through 2.29. | 2026-01-05 | 4.3 | CVE-2025-31046 | https://vdp.patchstack.com/database/wordpress/theme/anywhere-elementor-pro/vulnerability/wordpress-anywhere-elementor-pro-2-29-broken-access-control-vulnerability?_s_id=cve |
| wpvibes–Form Vibes Database Manager for Forms | The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to SQL Injection via the ‘params’ parameter in all versions up to, and including, 1.4.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2026-01-06 | 4.9 | CVE-2025-13409 | https://www.wordfence.com/threat-intel/vulnerabilities/id/28eb6998-be54-4cf9-8bb1-454c07151748?source=cve https://plugins.trac.wordpress.org/browser/form-vibes/tags/1.4.13/inc/modules/analytics/module.php#L62 https://plugins.trac.wordpress.org/browser/form-vibes/tags/1.4.13/inc/modules/analytics/module.php#L51 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3425061%40form-vibes&new=3425061%40form-vibes&sfp_email=&sfph_mail= |
| www15to–QR Code for WooCommerce order emails, PDF invoices, packing slips | The QR Code for WooCommerce order emails, PDF invoices, packing slips plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode in all versions up to, and including, 1.9.42 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2026-01-07 | 6.4 | CVE-2025-14626 | https://www.wordfence.com/threat-intel/vulnerabilities/id/5b2e599c-48de-4d3a-94a3-b98badfb7a98?source=cve https://plugins.trac.wordpress.org/browser/qr-code-tag-for-wc-from-goaskle-com/tags/1.9.42/lib/qrct/QrctWp.php#L1661 https://plugins.trac.wordpress.org/browser/qr-code-tag-for-wc-from-goaskle-com/trunk/lib/qrct/QrctWp.php#L1661 |
| xagio–Xagio SEO AI Powered SEO | The Xagio SEO – AI Powered SEO plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.1.0.30 via the ‘pixabayDownloadImage’ function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | 2026-01-06 | 6.4 | CVE-2025-14438 | https://www.wordfence.com/threat-intel/vulnerabilities/id/72779dd2-04eb-445d-88a0-28a9c4d2369b?source=cve https://plugins.trac.wordpress.org/browser/xagio-seo/tags/7.1.0.29/inc/xagio_core.php#L236 https://plugins.trac.wordpress.org/browser/xagio-seo/tags/7.1.0.29/modules/seo/models/xagio_tinymce.php#L91 https://plugins.trac.wordpress.org/browser/xagio-seo/tags/7.1.0.29/modules/seo/models/xagio_tinymce.php#L135 https://plugins.trac.wordpress.org/changeset/3426300/xagio-seo#file374 |
| xwiki-contrib–macro-fullcalendar | XWiki Full Calendar Macro displays objects from the wiki on the calendar. Prior to version 2.4.6, users with the rights to view the Calendar.JSONService page (including guest users) can exploit the data leak vulnerability by accessing database info, with the exception of passwords. This issue has been patched in version 2.4.6. | 2026-01-10 | 5.3 | CVE-2025-65090 | https://github.com/xwiki-contrib/macro-fullcalendar/security/advisories/GHSA-637h-ch24-xp9m https://github.com/xwiki-contrib/macro-fullcalendar/commit/25bc14c181c9a92f493b20ac264388c7ba171884 https://jira.xwiki.org/browse/FULLCAL-82 |
| Yahei.Net–Yahei-PHP Prober | Yahei-PHP Prober 0.4.7 contains a remote HTML injection vulnerability that allows attackers to execute arbitrary HTML code through the ‘speed’ GET parameter. Attackers can inject malicious HTML code in the ‘speed’ parameter of prober.php to trigger cross-site scripting in user browser sessions. | 2026-01-07 | 6.1 | CVE-2019-25280 | Zero Science Lab Vulnerability Advisory Packet Storm Security Exploit Entry CXSecurity Vulnerability Listing IBM X-Force Vulnerability Exchange Archived Yahei-PHP Product Homepage |
| Yerootech–iDS6 DSSPro Digital Signage System | iDS6 DSSPro Digital Signage System 6.2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can craft malicious web pages to trick logged-in administrators into adding unauthorized users by exploiting the lack of CSRF protections. | 2026-01-06 | 4.3 | CVE-2020-36918 | ExploitDB-48990 Zero Science Lab Disclosure (ZSL-2020-5606) Archived Yeroo Tech Vendor Homepage Packet Storm Security Exploit Entry IBM X-Force Vulnerability Exchange CXSecurity Vulnerability Database Entry VulnCheck Advisory: iDS6 DSSPro Digital Signage System 6.2 Cross-Site Request Forgery via User Management |
| zanderz–Recras | The Recras WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘recrasname’ shortcode attribute in all versions up to, and including, 6.4.1. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2026-01-07 | 6.4 | CVE-2025-13497 | https://www.wordfence.com/threat-intel/vulnerabilities/id/ef93491a-5965-4289-b72c-d1568ff4e6e8?source=cve https://plugins.trac.wordpress.org/browser/recras/trunk/src/OnlineBooking.php#L144 https://plugins.trac.wordpress.org/browser/recras/tags/6.4.1/src/OnlineBooking.php#L144 https://plugins.trac.wordpress.org/changeset/3432851/ |
| zauberzeug–nicegui | NiceGUI is a Python-based UI framework. From versions 2.13.0 to 3.4.1, there is a XSS risk in NiceGUI when developers pass attacker-controlled strings into ui.navigate.history.push() or ui.navigate.history.replace(). These helpers are documented as History API wrappers for updating the browser URL without page reload. However, if the URL argument is embedded into generated JavaScript without proper escaping, a crafted payload can break out of the intended string context and execute arbitrary JavaScript in the victim’s browser. Applications that do not pass untrusted input into ui.navigate.history.push/replace are not affected. This issue has been patched in version 3.5.0. | 2026-01-08 | 6.1 | CVE-2026-21871 | https://github.com/zauberzeug/nicegui/security/advisories/GHSA-7grm-h62g-5m97 https://github.com/zauberzeug/nicegui/releases/tag/v3.5.0 |
| zauberzeug–nicegui | NiceGUI is a Python-based UI framework. From versions 2.22.0 to 3.4.1, an unsafe implementation in the click event listener used by ui.sub_pages, combined with attacker-controlled link rendering on the page, causes XSS when the user actively clicks on the link. This issue has been patched in version 3.5.0. | 2026-01-08 | 6.1 | CVE-2026-21872 | https://github.com/zauberzeug/nicegui/security/advisories/GHSA-m7j5-rq9j-6jj9 https://github.com/zauberzeug/nicegui/releases/tag/v3.5.0 |
| zauberzeug–nicegui | NiceGUI is a Python-based UI framework. From versions v2.10.0 to 3.4.1, an unauthenticated attacker can exhaust Redis connections by repeatedly opening and closing browser tabs on any NiceGUI application using Redis-backed storage. Connections are never released, leading to service degradation when Redis hits its connection limit. NiceGUI continues accepting new connections – errors are logged but the app stays up with broken storage functionality. This issue has been patched in version 3.5.0. | 2026-01-08 | 5.3 | CVE-2026-21874 | https://github.com/zauberzeug/nicegui/security/advisories/GHSA-mp55-g7pj-rvm2 https://github.com/zauberzeug/nicegui/commit/6c52eb2c90c4b67387c025b29646b4bc1578eb83 https://github.com/zauberzeug/nicegui/releases/tag/v3.5.0 |
| ZTE–MF258K | There is a configuration defect vulnerability in the version server of ZTE MF258K Pro products. Due to improper directory permission settings, an attacker can execute write permissions in a specific directory. | 2026-01-09 | 4.3 | CVE-2025-66315 | https://support.zte.com.cn/zte-iccp-isupport-webui/bulletin/detail/4891644183717871638 |
Low Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source Info | Patch Info |
|---|---|---|---|---|---|
| AcademySoftwareFoundation–OpenColorIO | A vulnerability was found in AcademySoftwareFoundation OpenColorIO up to 2.5.0. This issue affects the function ConvertToRegularExpression of the file src/OpenColorIO/FileRules.cpp. Performing a manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is named ebdbb75123c9d5f4643e041314e2bc988a13f20d. To fix this issue, it is recommended to deploy a patch. The fix was added to the 2.5.1 milestone. | 2026-01-11 | 3.3 | CVE-2025-15506 | VDB-340444 | AcademySoftwareFoundation OpenColorIO FileRules.cpp ConvertToRegularExpression out-of-bounds VDB-340444 | CTI Indicators (IOB, IOC, IOA) Submit #733332 | AcademySoftwareFoundation OpenColorIO 1d77ecd Out-of-Bounds Read https://github.com/AcademySoftwareFoundation/OpenColorIO/issues/2228 https://github.com/AcademySoftwareFoundation/OpenColorIO/pull/2231 https://github.com/oneafter/1225/blob/main/uaf https://github.com/cozdas/OpenColorIO/commit/ebdbb75123c9d5f4643e041314e2bc988a13f20d https://github.com/AcademySoftwareFoundation/OpenColorIO/milestone/11 |
| aws–aws-sdk-net | AWS SDK for .NET works with Amazon Web Services to help build scalable solutions with Amazon S3, Amazon DynamoDB, Amazon Glacier, and more. From versions 4.0.0 to before 4.0.3.3, Customer applications could be configured to improperly route AWS API calls to non-existent or non-AWS hosts. This notification is related to the use of specific values for the region input field when calling AWS services. An actor with access to the environment in which the SDK is used could set the region input field to an invalid value. This issue has been patched in version 4.0.3.3. | 2026-01-10 | 3.7 | CVE-2026-22611 | https://github.com/aws/aws-sdk-net/security/advisories/GHSA-9cvc-h2w8-phrp |
| Dell–PowerProtect Data Domain with Data Domain Operating System (DD OS) Feature Release | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS 2023 release versions 7.10.1.0 through 7.10.1.70, contain a Heap-based Buffer Overflow vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service. | 2026-01-09 | 2.3 | CVE-2025-46643 | https://www.dell.com/support/kbdoc/en-us/000405813/dsa-2025-415-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities |
| Dell–PowerProtect Data Domain with Data Domain Operating System (DD OS) Feature Release | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS 2023 release versions 7.10.1.0 through 7.10.1.70, contain an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure. | 2026-01-09 | 2.7 | CVE-2025-46676 | https://www.dell.com/support/kbdoc/en-us/000405813/dsa-2025-415-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities |
| GitLab–GitLab | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.3 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed a user to leak certain information by referencing specially crafted images that bypass asset proxy protection. | 2026-01-09 | 3.5 | CVE-2025-3950 | GitLab Issue #537697 HackerOne Bug Bounty Report #3106477 https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/ |
| HCLSoftware–BigFix IVR | Insufficient session expiration in the Web UI authentication component in HCL BigFix IVR version 4.2 allows an authenticated attacker to gain prolonged unauthorized access to protected API endpoints due to excessive expiration periods. | 2026-01-07 | 2 | CVE-2025-31962 | https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0127753 |
| HCLSoftware–BigFix IVR | Improper authentication and missing CSRF protection in the local setup interface component in HCL BigFix IVR version 4.2 allows a local attacker to perform unauthorized configuration changes via unauthenticated administrative configuration requests. | 2026-01-07 | 2.9 | CVE-2025-31963 | https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0127753 |
| HCLSoftware–BigFix IVR | Improper service binding configuration in internal service components in HCL BigFix IVR version 4.2 allows a privileged attacker to impact service availability via exposure of administrative services bound to external network interfaces instead of the local authentication interface. | 2026-01-07 | 2.2 | CVE-2025-31964 | https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0127753 |
| InternationalColorConsortium–iccDEV | iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below contain a memory leak vulnerability in its XML MPE Parsing Path (iccFromXml). This issue is fixed in version 2.3.1.1. | 2026-01-06 | 3.3 | CVE-2026-21674 | https://github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-xww6-v3vg-4qc7 https://github.com/InternationalColorConsortium/iccDEV/issues/241 https://github.com/InternationalColorConsortium/iccDEV/commit/d7028d8f558bb681efe2b85f02eb4ca374502cbb |
| lief-project–LIEF | A security flaw has been discovered in lief-project LIEF up to 0.17.1. Affected by this issue is the function Parser::parse_binary of the file src/ELF/Parser.tcc of the component ELF Binary Parser. The manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. Upgrading to version 0.17.2 can resolve this issue. The patch is identified as 81bd5d7ea0c390563f1c4c017c9019d154802978. It is recommended to upgrade the affected component. | 2026-01-10 | 3.3 | CVE-2025-15504 | VDB-340375 | lief-project LIEF ELF Binary Parser.tcc parse_binary null pointer dereference VDB-340375 | CTI Indicators (IOB, IOC, IOA) Submit #733329 | lief-project LIEF 9698ea6 Memory Corruption https://github.com/lief-project/LIEF/issues/1277 https://github.com/lief-project/LIEF/issues/1277#issuecomment-3693859001 https://github.com/oneafter/1210/blob/main/segv1 https://github.com/lief-project/LIEF/commit/81bd5d7ea0c390563f1c4c017c9019d154802978 https://github.com/lief-project/LIEF/releases/tag/0.17.2 |
| Luxul–XWR-600 | A vulnerability was found in Luxul XWR-600 up to 4.0.1. The affected element is an unknown function of the component Web Administration Interface. The manipulation of the argument Guest Network/Wireless Profile SSID results in cross site scripting. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond with a technical statement. | 2026-01-11 | 2.4 | CVE-2025-15505 | VDB-340435 | Luxul XWR-600 Web Administration cross site scripting VDB-340435 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #727924 | Luxul XWR-600 Router Firmware Ver: 4.0.1 Cross Site Scripting https://docs.google.com/document/d/1S2f5lT0b-KE9m6xq8BY6eSixv6SgsGL1e8QQzeOkq5c/ |
| opf–openproject | OpenProject is an open-source, web-based project management software. Prior to version 16.6.2, a low privileged logged-in user can view the full names of other users. Since user IDs are assigned sequentially and predictably (e.g., 1 to 1000), an attacker can extract a complete list of all users’ full names by iterating through these URLs. The same behavior can also be reproduced via the OpenProject API, allowing automated retrieval of full names through the API as well. This issue has been patched in version 16.6.2. Those who are unable to upgrade may apply the patch manually. | 2026-01-10 | 3.5 | CVE-2026-22602 | https://github.com/opf/openproject/security/advisories/GHSA-7fvx-9h6h-g82j https://github.com/opf/openproject/pull/21281 https://github.com/opf/openproject/commit/fb39a779f521d9b08f1e0c9e8aff2b6d4643ea37 https://github.com/opf/openproject/releases/tag/v16.6.2 |
| Palantir–com.palantir.acme:gotham-default-apps-bundle | ### Details On October 1, 2025, Palantir discovered that images uploaded through the Dossier front-end app were not being marked correctly with the proper security levels. The regression was traced back to a change in May 2025, which was meant to allow file uploads to be shared among different artifacts (e.g. other dossiers and presentations). On deployments configured with CBAC, the front-end would present a security picker dialog to set the security level on the uploads, thereby mitigating the issue. On deployments without a CBAC configuration, no security picker dialog appears, leading to a security level of CUSTOM with no markings or datasets selected. The resulting markings and groups for the file uploads thus will be only those added by the “Default authorization rules” defined in the Auth Chooser configuration. On most environments, it is expected that the “Default authorization rules” only add the Everyone group. | 2026-01-09 | 3.5 | CVE-2025-62487 | https://palantir.safebase.us/?tcuUid=c91a1b4f-72e7-4959-9e2d-3a341e5c7a1f |
| PHPGurukul–Staff Leave Management System | A flaw has been found in PHPGurukul Staff Leave Management System 1.0. The affected element is the function ADD_STAFF/UPDATE_STAFF of the file /staffleave/slms/slms/adminviews.py of the component SVG File Handler. Executing a manipulation of the argument profile_pic can lead to cross site scripting. The attack can be executed remotely. The exploit has been published and may be used. | 2026-01-08 | 2.4 | CVE-2026-0730 | VDB-340127 | PHPGurukul Staff Leave Management System SVG File adminviews.py UPDATE_STAFF cross site scripting VDB-340127 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #733160 | PHPGurukul Staff Leave Management System v1.0 Cross Site Scripting https://github.com/rsecroot/Staff-Leave-Management-System/blob/main/Cross%20Site%20Scripting.md https://phpgurukul.com/ |
| Progress–MOVEit Transfer | Unverified Password Change vulnerability in Progress MOVEit Transfer on Windows (REST API modules).This issue affects MOVEit Transfer: from 2023.1.0 before 2023.1.3, from 2023.0.0 before 2023.0.8, from 2022.1.0 before 2022.1.11, from 2022.0.0 before 2022.0.10. | 2026-01-06 | 3.7 | CVE-2025-11235 | https://docs.progress.com/bundle/moveit-transfer-release-notes-2023_1/page/Fixed-Issues-in-2023.1.3.html |
| projectworlds–House Rental and Property Listing | A vulnerability was detected in projectworlds House Rental and Property Listing 1.0. This issue affects some unknown processing of the file /app/complaint.php. The manipulation of the argument Name results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used. | 2026-01-06 | 2.4 | CVE-2026-0642 | VDB-339685 | projectworlds House Rental and Property Listing complaint.php cross site scripting VDB-339685 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #732369 | projectworlds.com House rental And Property Listing 1.0 Cross Site Scripting https://github.com/Pick-program/CVE/issues/4 |
| questdb–ui | A security flaw has been discovered in questdb ui up to 1.11.9. Impacted is an unknown function of the component Web Console. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. Upgrading to version 1.1.10 is recommended to address this issue. The patch is identified as b42fd9f18476d844ae181a10a249e003dafb823d. You should upgrade the affected component. The vendor confirmed early that the fix “is going to be released as a part of QuestDB 9.3.0” as well. | 2026-01-10 | 3.5 | CVE-2026-0824 | VDB-340357 | questdb ui Web Console cross site scripting VDB-340357 | CTI Indicators (IOB, IOC, TTP) Submit #733253 | questdb V9.2.3(latest) xss https://github.com/59lab/dbdb/blob/main/There%20is%20a%20cross-site%20scripting(XSS)%20vulnerability%20in%20the%20QuestDB%20database.md https://github.com/questdb/questdb/releases/tag/9.3.0 https://github.com/questdb/ui/pull/519#issue-3790862030 https://github.com/questdb/ui/commit/b42fd9f18476d844ae181a10a249e003dafb823d https://github.com/questdb/ui/pull/518 |
| rankology–Rankology SEO and Analytics Tool | The Rankology SEO and Analytics Tool plugin for WordPress is vulnerable to unauthorized modification of data due to an incorrect capability check on the ‘rankology_code_block’ page in all versions up to, and including, 2.0. This makes it possible for authenticated attackers, with Editor-level access and above, to add header and footer code blocks. | 2026-01-07 | 2.7 | CVE-2025-12958 | https://www.wordfence.com/threat-intel/vulnerabilities/id/c97a341c-23f5-49a9-ad05-1fb387047e3b?source=cve https://wordpress.org/plugins/rankology-seo-and-analytics-tool/ |
| SourceCodester–API Key Manager App | A vulnerability was found in SourceCodester API Key Manager App 1.0. Affected by this vulnerability is an unknown functionality of the component Import Key Handler. Performing a manipulation results in cross site scripting. The attack can be initiated remotely. | 2026-01-05 | 3.5 | CVE-2026-0580 | VDB-339472 | SourceCodester API Key Manager App Import Key cross site scripting VDB-339472 | CTI Indicators (IOB, IOC, TTP) Submit #731146 | SourceCodester API Key Manager App Using HTML, CSS and JavaScript with Source Code 0 Cross Site Scripting Submit #731290 | SourceCodester API Key Manager App Using HTML, CSS and JavaScript with Source Code 0 Basic Cross Site Scripting (Duplicate) https://www.sourcecodester.com/ |
| Xinhu–Rainrock RockOA | A security flaw has been discovered in Xinhu Rainrock RockOA up to 2.7.1. Affected is an unknown function of the file rock_page_gong.php of the component Cover Image Handler. The manipulation of the argument fengmian results in cross site scripting. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | 2026-01-05 | 3.5 | CVE-2026-0587 | VDB-339493 | Xinhu Rainrock RockOA Cover Image rock_page_gong.php cross site scripting VDB-339493 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #725384 | Xinhu Xinhu OA V2.7.1 (earlier versions may also be affected) Stored Cross-Site Scripting (XSS) |
| Xinhu–Rainrock RockOA | A weakness has been identified in Xinhu Rainrock RockOA up to 2.7.1. Affected by this vulnerability is an unknown functionality of the file rockfun.php of the component API. This manipulation of the argument callback causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | 2026-01-05 | 3.5 | CVE-2026-0588 | VDB-339494 | Xinhu Rainrock RockOA API rockfun.php cross site scripting VDB-339494 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #725397 | Xinhu Xinhu OA V2.7.1 JSONP Injection |
| xnx3–wangmarket | A security flaw has been discovered in xnx3 wangmarket up to 4.9. Affected by this issue is some unknown functionality of the file /admin/system/variableSave.do of the component System Variables Page. Performing a manipulation of the argument Description results in cross site scripting. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | 2026-01-05 | 2.4 | CVE-2025-15451 | VDB-339484 | xnx3 wangmarket System Variables variableSave.do cross site scripting VDB-339484 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #724838 | https://github.com/xnx3/wangmarket wangmarket 4.9 Improper Neutralization of Alternate XSS Syntax https://www.yuque.com/cocount-eveo/lu0220/eg6s9gropfwtoz9w?singleDoc |
| xnx3–wangmarket | A weakness has been identified in xnx3 wangmarket up to 4.9. This affects the function variableList of the file /admin/system/variableList.do of the component Backend Variable Search. Executing a manipulation of the argument Description can lead to cross site scripting. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | 2026-01-05 | 2.4 | CVE-2025-15452 | VDB-339485 | xnx3 wangmarket Backend Variable Search variableList.do variableList cross site scripting VDB-339485 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #724840 | https://github.com/xnx3/wangmarket wangmarket 4.9 Improper Neutralization of Alternate XSS Syntax https://www.yuque.com/cocount-eveo/lu0220/flbu025pfmwgudmg?singleDoc |
| zhanglun–lettura | A vulnerability was detected in zhanglun lettura up to 0.1.22. This issue affects some unknown processing of the file src/components/ArticleView/ContentRender.tsx of the component RSS Handler. The manipulation results in cross site scripting. The attack can be executed remotely. This attack is characterized by high complexity. The exploitability is assessed as difficult. The exploit is now public and may be used. The patch is identified as 67213093db9923e828a6e3fd8696a998c85da2d4. It is best practice to apply a patch to resolve this issue. | 2026-01-05 | 3.1 | CVE-2025-15454 | VDB-339487 | zhanglun lettura RSS ContentRender.tsx cross site scripting VDB-339487 | CTI Indicators (IOB, IOC, TTP, IOA) Submit #725038 | lettura v0.1.22 XSS https://gist.github.com/youremailaddress/cba7c19a4eafcb326d0e912adf132be3 https://gist.github.com/youremailaddress/cba7c19a4eafcb326d0e912adf132be3#proof-of-concept https://github.com/zhanglun/lettura/commit/67213093db9923e828a6e3fd8696a998c85da2d4 |
Severity Not Yet Assigned
| Primary Vendor — Product |
Description | Published | CVSS Score | Source Info | Patch Info |
|---|---|---|---|---|---|
| _nK–nK Themes Helper | Server-Side Request Forgery (SSRF) vulnerability in _nK nK Themes Helper nk-themes-helper allows Server Side Request Forgery.This issue affects nK Themes Helper: from n/a through <= 1.7.9. | 2026-01-08 | not yet calculated | CVE-2025-22726 | https://vdp.patchstack.com/database/Wordpress/Plugin/nk-themes-helper/vulnerability/wordpress-nk-themes-helper-plugin-1-7-9-server-side-request-forgery-ssrf-vulnerability?_s_id=cve |
| ACCESSALLY, INC.–AccessAlly | AccessAlly WordPress plugin versions prior to 3.3.2 contain an unauthenticated arbitrary PHP code execution vulnerability in the Login Widget. The plugin processes the login_error parameter as PHP code, allowing an attacker to supply and execute arbitrary PHP in the context of the WordPress web server process, resulting in remote code execution. | 2026-01-09 | not yet calculated | CVE-2020-36875 | https://accessally.com/software-release/accessally-3-3-2/ https://wpscan.com/vulnerability/c644de6d-098d-4889-b75d-53fd2b89ff4d/ https://www.vulncheck.com/advisories/accessally-unauthenticated-arbitrary-php-code-execution |
| aio-libs–aiohttp | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below of the Python HTTP parser may allow a request smuggling attack with the presence of non-ASCII characters. If a pure Python version of AIOHTTP is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. This issue is fixed in version 3.13.3. | 2026-01-05 | not yet calculated | CVE-2025-69224 | https://github.com/aio-libs/aiohttp/security/advisories/GHSA-69f9-5gxw-wvc2 https://github.com/aio-libs/aiohttp/commit/32677f2adfd907420c078dda6b79225c6f4ebce0 |
| aio-libs–aiohttp | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below contain parser logic which allows non-ASCII decimals to be present in the Range header. There is no known impact, but there is the possibility that there’s a method to exploit a request smuggling vulnerability. This issue is fixed in version 3.13.3. | 2026-01-05 | not yet calculated | CVE-2025-69225 | https://github.com/aio-libs/aiohttp/security/advisories/GHSA-mqqc-3gqh-h2x8 https://github.com/aio-libs/aiohttp/commit/c7b7a044f88c71cefda95ec75cdcfaa4792b3b96 |
| aio-libs–aiohttp | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below enable an attacker to ascertain the existence of absolute path components through the path normalization logic for static files meant to prevent path traversal. If an application uses web.static() (not recommended for production deployments), it may be possible for an attacker to ascertain the existence of path components. This issue is fixed in version 3.13.3. | 2026-01-05 | not yet calculated | CVE-2025-69226 | https://github.com/aio-libs/aiohttp/security/advisories/GHSA-54jq-c3m8-4m76 https://github.com/aio-libs/aiohttp/commit/f2a86fd5ac0383000d1715afddfa704413f0711e |
| aio-libs–aiohttp | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow for an infinite loop to occur when assert statements are bypassed, resulting in a DoS attack when processing a POST body. If optimizations are enabled (-O or PYTHONOPTIMIZE=1), and the application includes a handler that uses the Request.post() method, then an attacker may be able to execute a DoS attack with a specially crafted message. This issue is fixed in version 3.13.3. | 2026-01-05 | not yet calculated | CVE-2025-69227 | https://github.com/aio-libs/aiohttp/security/advisories/GHSA-jj3x-wxrx-4×23 https://github.com/aio-libs/aiohttp/commit/bc1319ec3cbff9438a758951a30907b072561259 |
| aio-libs–aiohttp | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a request to be crafted in such a way that an AIOHTTP server’s memory fills up uncontrollably during processing. If an application includes a handler that uses the Request.post() method, an attacker may be able to freeze the server by exhausting the memory. This issue is fixed in version 3.13.3. | 2026-01-05 | not yet calculated | CVE-2025-69228 | https://github.com/aio-libs/aiohttp/security/advisories/GHSA-6jhg-hg63-jvvf https://github.com/aio-libs/aiohttp/commit/b7dbd35375aedbcd712cbae8ad513d56d11cce60 |
| aio-libs–aiohttp | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, handling of chunked messages can result in excessive blocking CPU usage when receiving a large number of chunks. If an application makes use of the request.read() method in an endpoint, it may be possible for an attacker to cause the server to spend a moderate amount of blocking CPU time (e.g. 1 second) while processing the request. This could potentially lead to DoS as the server would be unable to handle other requests during that time. This issue is fixed in version 3.13.3. | 2026-01-05 | not yet calculated | CVE-2025-69229 | https://github.com/aio-libs/aiohttp/security/advisories/GHSA-g84x-mcqj-x9qq https://github.com/aio-libs/aiohttp/commit/4ed97a4e46eaf61bd0f05063245f613469700229 https://github.com/aio-libs/aiohttp/commit/dc3170b56904bdf814228fae70a5501a42a6c712 |
| aio-libs–aiohttp | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, reading multiple invalid cookies can lead to a logging storm. If the cookies attribute is accessed in an application, then an attacker may be able to trigger a storm of warning-level logs using a specially crafted Cookie header. This issue is fixed in 3.13.3. | 2026-01-05 | not yet calculated | CVE-2025-69230 | https://github.com/aio-libs/aiohttp/security/advisories/GHSA-fh55-r93g-j68g https://github.com/aio-libs/aiohttp/commit/64629a0834f94e46d9881f4e99c41a137e1f3326 |
| AirVPN–Eddie | AirVPN Eddie on MacOS contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root.This issue affects Eddie: 2.24.6. | 2026-01-06 | not yet calculated | CVE-2025-14979 | https://fluidattacks.com/advisories/blink182 https://eddie.website/ https://github.com/AirVPN/Eddie |
| AITpro–BulletProof Security | Insertion of Sensitive Information Into Sent Data vulnerability in AITpro BulletProof Security bulletproof-security allows Retrieve Embedded Sensitive Data.This issue affects BulletProof Security: from n/a through <= 6.9. | 2026-01-08 | not yet calculated | CVE-2025-67931 | https://vdp.patchstack.com/database/Wordpress/Plugin/bulletproof-security/vulnerability/wordpress-bulletproof-security-plugin-6-9-sensitive-data-exposure-vulnerability?_s_id=cve |
| AmentoTech–Workreap (theme’s plugin) | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in AmentoTech Workreap (theme’s plugin) workreap allows SQL Injection.This issue affects Workreap (theme’s plugin): from n/a through <= 3.3.6. | 2026-01-08 | not yet calculated | CVE-2025-22728 | https://vdp.patchstack.com/database/Wordpress/Plugin/workreap/vulnerability/wordpress-workreap-theme-s-plugin-plugin-3-3-6-sql-injection-vulnerability?_s_id=cve |
| angular–angular | Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0, a cross-site scripting (XSS) vulnerability has been identified in the Angular Template Compiler. The vulnerability exists because Angular’s internal sanitization schema fails to recognize the href and xlink:href attributes of SVG <script> elements as a Resource URL context. This issue has been patched in versions 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0. | 2026-01-10 | not yet calculated | CVE-2026-22610 | https://github.com/angular/angular/security/advisories/GHSA-jrmj-c5cx-3cw6 https://github.com/angular/angular/pull/66318 https://github.com/angular/angular/commit/91dc91bae4a1bbefc58bef6ef739d0e02ab44d56 |
| anibalwainstein–Effect Maker | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in anibalwainstein Effect Maker effect-maker allows DOM-Based XSS.This issue affects Effect Maker: from n/a through <= 1.2.1. | 2026-01-08 | not yet calculated | CVE-2025-68867 | https://vdp.patchstack.com/database/Wordpress/Plugin/effect-maker/vulnerability/wordpress-effect-maker-plugin-1-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Anthropic–MCP TypeScript SDK | Anthropic’s MCP TypeScript SDK versions up to and including 1.25.1 contain a regular expression denial of service (ReDoS) vulnerability in the UriTemplate class when processing RFC 6570 exploded array patterns. The dynamically generated regular expression used during URI matching contains nested quantifiers that can trigger catastrophic backtracking on specially crafted inputs, resulting in excessive CPU consumption. An attacker can exploit this by supplying a malicious URI that causes the Node.js process to become unresponsive, leading to a denial of service. | 2026-01-05 | not yet calculated | CVE-2026-0621 | https://github.com/modelcontextprotocol/typescript-sdk/issues/965 https://www.vulncheck.com/advisories/mcp-typescript-sdk-uritemplate-exploded-array-pattern-redos |
| Apache Software Foundation–Apache Kyuubi | Any client who can access to Apache Kyuubi Server via Kyuubi frontend protocols can bypass server-side config kyuubi.session.local.dir.allow.list and use local files which are not listed in the config. This issue affects Apache Kyuubi: from 1.6.0 through 1.10.2. Users are recommended to upgrade to version 1.10.3 or upper, which fixes the issue. | 2026-01-05 | not yet calculated | CVE-2025-66518 | https://lists.apache.org/thread/xp460bwbyzdhho34ljd4nchyt2fmhodl |
| Apache Software Foundation–Apache Mynewt NimBLE | J2EE Misconfiguration: Data Transmission Without Encryption vulnerability in Apache NimBLE. Improper handling of Pause Encryption procedure on Link Layer results in a previously encrypted connection being left in un-encrypted state allowing an eavesdropper to observe the remainder of the exchange. This issue affects Apache NimBLE: through <= 1.8.0. Users are recommended to upgrade to version 1.9.0, which fixes the issue. | 2026-01-10 | not yet calculated | CVE-2025-52435 | https://github.com/apache/mynewt-nimble/commit/164f1c23c18a290908df76ed83fe848bfe4a4903 https://github.com/apache/mynewt-nimble/commit/ec3d75e909fa6dcadf1836fefc4432794a673d18 https://lists.apache.org/thread/ow8dzpsqfh9llfclh5fzh6z237brzc0s |
| Apache Software Foundation–Apache Mynewt NimBLE | Out-of-bounds Read vulnerability in Apache NimBLE HCI H4 driver. Specially crafted HCI event could lead to invalid memory read in H4 driver. This issue affects Apache NimBLE: through 1.8. This issue requires a broken or bogus Bluetooth controller and thus severity is considered low. Users are recommended to upgrade to version 1.9, which fixes the issue. | 2026-01-10 | not yet calculated | CVE-2025-53470 | https://github.com/apache/mynewt-nimble/commit/b973df0c6cf7b30efbf8eb2cafdc1ee843464b76 https://lists.apache.org/thread/32sm0944dyod4sdql77stgyw9xb2msc0 |
| Apache Software Foundation–Apache Mynewt NimBLE | NULL Pointer Dereference vulnerability in Apache Nimble. Missing validation of HCI connection complete or HCI command TX buffer could lead to NULL pointer dereference. This issue requires disabled asserts and broken or bogus Bluetooth controller and thus severity is considered low. This issue affects Apache NimBLE: through 1.8.0. Users are recommended to upgrade to version 1.9.0, which fixes the issue. | 2026-01-10 | not yet calculated | CVE-2025-53477 | https://github.com/apache/mynewt-nimble/commit/0caf9baeb271ede85fcc5237ab87ddbf938600da https://github.com/apache/mynewt-nimble/commit/3160b8c4c7ff8db4e0f9badcdf7df684b151e077 https://lists.apache.org/thread/1dxthc132hwm2tzvjblrtnschcsbw2vo |
| Apache Software Foundation–Apache Mynewt NimBLE | Authentication Bypass by Spoofing vulnerability in Apache NimBLE. Receiving specially crafted Security Request could lead to removal of original bond and re-bond with impostor. This issue affects Apache NimBLE: through 1.8.0. Users are recommended to upgrade to version 1.9.0, which fixes the issue. | 2026-01-10 | not yet calculated | CVE-2025-62235 | https://github.com/apache/mynewt-nimble/commit/41f67e391e788c5feef9030026cc5cbc5431838a https://lists.apache.org/thread/rw2mrpfwb9d9wmq4h4b6ctcd6gpkk2ho |
| Apache Software Foundation–Apache SIS | Improper Restriction of XML External Entity Reference vulnerability in Apache SIS. It is possible to write XML files in such a way that, when parsed by Apache SIS, an XML file reveals to the attacker the content of a local file on the server running Apache SIS. This vulnerability impacts the following SIS services: * Reading of GeoTIFF files having the GEO_METADATA tag defined by the Defense Geospatial Information Working Group (DGIWG). * Parsing of ISO 19115 metadata in XML format. * Parsing of Coordinate Reference Systems defined in the GML format. * Parsing of files in GPS Exchange Format (GPX). This issue affects Apache SIS from versions 0.4 through 1.5 inclusive. Users are recommended to upgrade to version 1.6, which will fix the issue. In the meantime, the security vulnerability can be avoided by launching Java with the javax.xml.accessExternalDTD system property sets to a comma-separated list of authorized protocols. For example: java -Djavax.xml.accessExternalDTD=”” … | 2026-01-05 | not yet calculated | CVE-2025-68280 | https://lists.apache.org/thread/s4ggy3zbtrrn93glgo2vn52lgcxk4bp4 |
| Apache Software Foundation–Apache Struts | Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue. | 2026-01-11 | not yet calculated | CVE-2025-68493 | https://cwiki.apache.org/confluence/display/WW/S2-069 |
| Apache Software Foundation–Apache Uniffle | The Uniffle HTTP client is configured to trust all SSL certificates and disables hostname verification by default. This insecure configuration exposes all REST API communication between the Uniffle CLI/client and the Uniffle Coordinator service to potential Man-in-the-Middle (MITM) attacks. This issue affects all versions from before 0.10.0. Users are recommended to upgrade to version 0.10.0, which fixes the issue. | 2026-01-07 | not yet calculated | CVE-2025-68637 | https://lists.apache.org/thread/trvdd11hmpbjno3t8rc9okr4t036ox2v |
| Apple–iOS and iPadOS | A logic issue was addressed with improved validation. This issue is fixed in iOS 26.2 and iPadOS 26.2. Restoring from a backup may prevent passcode from being required immediately after Face ID enrollment. | 2026-01-09 | not yet calculated | CVE-2025-46286 | https://support.apple.com/en-us/125884 |
| Apple–macOS | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.2. An app may be able to access protected files within an App Sandbox container. | 2026-01-09 | not yet calculated | CVE-2025-46297 | https://support.apple.com/en-us/125886 |
| Apple–tvOS | The issue was addressed with improved memory handling. This issue is fixed in tvOS 26.2, Safari 26.2, watchOS 26.2, visionOS 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. Processing maliciously crafted web content may lead to an unexpected process crash. | 2026-01-09 | not yet calculated | CVE-2025-46298 | https://support.apple.com/en-us/125889 https://support.apple.com/en-us/125892 https://support.apple.com/en-us/125884 https://support.apple.com/en-us/125891 https://support.apple.com/en-us/125886 https://support.apple.com/en-us/125890 |
| Apple–tvOS | A memory initialization issue was addressed with improved memory handling. This issue is fixed in tvOS 26.2, Safari 26.2, watchOS 26.2, visionOS 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. Processing maliciously crafted web content may disclose internal states of the app. | 2026-01-09 | not yet calculated | CVE-2025-46299 | https://support.apple.com/en-us/125889 https://support.apple.com/en-us/125892 https://support.apple.com/en-us/125884 https://support.apple.com/en-us/125891 https://support.apple.com/en-us/125886 https://support.apple.com/en-us/125890 |
| armurox–loggingredactor | Logging Redactor is a Python library designed to redact sensitive data in logs based on regex patterns and / or dictionary keys. Prior to version 0.0.6, non-string types are converted into string types, leading to type errors in %d conversions. The problem has been patched in version 0.0.6. No known workarounds are available. | 2026-01-08 | not yet calculated | CVE-2026-22041 | https://github.com/armurox/loggingredactor/security/advisories/GHSA-rvjx-cfjh-5mc9 https://github.com/armurox/loggingredactor/issues/7 https://github.com/armurox/loggingredactor/releases/tag/0.0.6 |
| Arraytics–Timetics | Authentication Bypass Using an Alternate Path or Channel vulnerability in Arraytics Timetics timetics allows Authentication Abuse.This issue affects Timetics: from n/a through <= 1.0.46. | 2026-01-08 | not yet calculated | CVE-2025-67915 | https://vdp.patchstack.com/database/Wordpress/Plugin/timetics/vulnerability/wordpress-timetics-plugin-1-0-46-broken-authentication-vulnerability?_s_id=cve |
| Aruba.it Dev–Aruba HiSpeed Cache | Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Aruba HiSpeed Cache: from n/a through < 3.0.3. | 2026-01-08 | not yet calculated | CVE-2025-67913 | https://vdp.patchstack.com/database/Wordpress/Plugin/aruba-hispeed-cache/vulnerability/wordpress-aruba-hispeed-cache-plugin-3-0-3-broken-access-control-vulnerability?_s_id=cve |
| Asseco–AMDX | Asseco ADMX system is used for processing medical records. It allows logged in users to access medical files belonging to other users through manipulation of GET arguments containing document IDs. This issue has been fixed in 6.09.01.62 version of ADMX. | 2026-01-08 | not yet calculated | CVE-2025-4596 | https://cert.pl/en/posts/2026/01/CVE-2025-4596 |
| Asseco–InfoMedica Plus | Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. A low privileged user is able to obtain encoded passwords of all other accounts (including main administrator) due to lack of granularity in access control. Chained exploitation of this vulnerability and CVE-2025-8307 allows an attacker to escalate privileges. This vulnerability has been fixed in versions 4.50.1 and 5.38.0 | 2026-01-08 | not yet calculated | CVE-2025-8306 | https://cert.pl/en/posts/2026/01/CVE-2025-8306/ |
| Asseco–InfoMedica Plus | Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. Passwords of all users are stored in a database in an encoded format. An attacker in possession of these encoded passwords is able to decode them by using an algorithm embedded in the client-side part of the software. This vulnerability has been fixed in versions 4.50.1 and 5.38.0 | 2026-01-08 | not yet calculated | CVE-2025-8307 | https://cert.pl/en/posts/2026/01/CVE-2025-8306/ |
| Astoundify–Jobify | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Astoundify Jobify jobify allows Reflected XSS.This issue affects Jobify: from n/a through <= 4.3.0. | 2026-01-08 | not yet calculated | CVE-2025-67916 | https://vdp.patchstack.com/database/Wordpress/Theme/jobify/vulnerability/wordpress-jobify-theme-4-3-0-cross-site-scripting-xss-vulnerability?_s_id=cve |
| ASUS–ASCI | An uncontrolled DLL loading path vulnerability exists in AsusSoftwareManagerAgent. A local attacker may influence the application to load a DLL from an attacker-controlled location, potentially resulting in arbitrary code execution. Refer to the ‘ Security Update for MyASUS’ section on the ASUS Security Advisory for more information. | 2026-01-06 | not yet calculated | CVE-2025-12793 | https://www.asus.com/security-advisory |
| AuntyFey–AuntyFey Smart Combination Lock | AuntyFey Smart Combination Lock firmware versions as of 2025-12-24 contain a vulnerability that allows an unauthenticated attacker within Bluetooth Low Energy (BLE) range to cause a denial of service by repeatedly initiating BLE connections. Sustained connection attempts interrupt keypad authentication input and repeatedly force the device into lockout states, preventing legitimate users from unlocking the device. | 2026-01-07 | not yet calculated | CVE-2025-15474 | https://github.com/nsm-barii/ble-smartlock-dos https://www.amazon.com/dp/B0F9L1M4XG https://www.vulncheck.com/advisories/auntyfey-smart-combination-lock-ble-connection-flood-dos |
| badkeys–badkeys | badkeys is a tool and library for checking cryptographic public keys for known vulnerabilities. In versions 0.0.15 and below, an attacker may inject content with ASCII control characters like vertical tabs, ANSI escape sequences, etc., that can create misleading output of the badkeys command-line tool. This impacts scanning DKIM keys (both –dkim and –dkim-dns), SSH keys (–ssh-lines mode), and filenames in various modes. This issue is fixed in version 0.0.16. | 2026-01-05 | not yet calculated | CVE-2026-21439 | https://github.com/badkeys/badkeys/security/advisories/GHSA-wjpc-4f29-83h3 https://github.com/badkeys/badkeys/issues/40 https://github.com/badkeys/badkeys/commit/635a2f3b1b50a895d8b09ec8629efc06189f349a https://github.com/badkeys/badkeys/commit/de631f69f040974bb5fb442cdab9a1d904c64087 |
| BBR Plugins–Better Business Reviews | Missing Authorization vulnerability in BBR Plugins Better Business Reviews better-business-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Better Business Reviews: from n/a through <= 0.1.1. | 2026-01-06 | not yet calculated | CVE-2025-69354 | https://vdp.patchstack.com/database/Wordpress/Plugin/better-business-reviews/vulnerability/wordpress-better-business-reviews-plugin-0-1-1-broken-access-control-vulnerability?_s_id=cve |
| bdthemes–Ultimate Store Kit Elementor Addons | Missing Authorization vulnerability in bdthemes Ultimate Store Kit Elementor Addons ultimate-store-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Store Kit Elementor Addons: from n/a through <= 2.9.4. | 2026-01-06 | not yet calculated | CVE-2025-69336 | https://vdp.patchstack.com/database/Wordpress/Plugin/ultimate-store-kit/vulnerability/wordpress-ultimate-store-kit-elementor-addons-plugin-2-9-4-broken-access-control-vulnerability?_s_id=cve |
| BeeS Software Solutions–BET ePortal | BeeS Software Solutions BET Portal contains an SQL injection vulnerability in the login functionality of affected sites. The vulnerability enables arbitrary SQL commands to be executed on the backend database. | 2026-01-09 | not yet calculated | CVE-2025-14598 | https://cloudilyaerp.com/ https://afnaan.me/cve/cve-2025-14598 https://github.com/Afnaan-Ahmed/CVE-2025-14598 |
| beeteam368–VidMov | Path Traversal: ‘…/…//’ vulnerability in beeteam368 VidMov vidmov allows Path Traversal.This issue affects VidMov: from n/a through <= 2.3.8. | 2026-01-08 | not yet calculated | CVE-2025-67914 | https://vdp.patchstack.com/database/Wordpress/Theme/vidmov/vulnerability/wordpress-vidmov-theme-2-3-8-path-traversal-vulnerability?_s_id=cve |
| bokeh–bokeh | Bokeh is an interactive visualization library written in Python. In versions 3.8.1 and below, if a server is configured with an allowlist (e.g., dashboard.corp), an attacker can register a domain like dashboard.corp.attacker.com (or use a subdomain if applicable) and lure a victim to visit it. The malicious site can then initiate a WebSocket connection to the vulnerable Bokeh server. Since the Origin header (e.g., http://dashboard.corp.attacker.com/) matches the allowlist according to the flawed logic, the connection is accepted. Once connected, the attacker can interact with the Bokeh server on behalf of the victim, potentially accessing sensitive data, or modifying visualizations. This issue is fixed in version 3.8.2. | 2026-01-08 | not yet calculated | CVE-2026-21883 | https://github.com/bokeh/bokeh/security/advisories/GHSA-793v-589g-574v https://github.com/bokeh/bokeh/commit/cedd113b0e271b439dce768671685cf5f861812e |
| BoldGrid–Post and Page Builder by BoldGrid | Missing Authorization vulnerability in BoldGrid Post and Page Builder by BoldGrid post-and-page-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post and Page Builder by BoldGrid: from n/a through <= 1.27.9. | 2026-01-06 | not yet calculated | CVE-2025-69345 | https://vdp.patchstack.com/database/Wordpress/Plugin/post-and-page-builder/vulnerability/wordpress-post-and-page-builder-by-boldgrid-plugin-1-27-9-broken-access-control-vulnerability?_s_id=cve |
| brandexponents–Oshine | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in brandexponents Oshine oshin allows PHP Local File Inclusion.This issue affects Oshine: from n/a through <= 7.2.7. | 2026-01-08 | not yet calculated | CVE-2025-14359 | https://vdp.patchstack.com/database/Wordpress/Theme/oshin/vulnerability/wordpress-oshine-theme-7-2-7-local-file-inclusion-vulnerability?_s_id=cve |
| BuddhaThemes–WeDesignTech Ultimate Booking Addon | Missing Authorization vulnerability in BuddhaThemes WeDesignTech Ultimate Booking Addon wedesigntech-ultimate-booking-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WeDesignTech Ultimate Booking Addon: from n/a through <= 1.0.3. | 2026-01-06 | not yet calculated | CVE-2025-69341 | https://vdp.patchstack.com/database/Wordpress/Plugin/wedesigntech-ultimate-booking-addon/vulnerability/wordpress-wedesigntech-ultimate-booking-addon-plugin-1-0-3-broken-access-control-vulnerability?_s_id=cve |
| Campaign Monitor–Campaign Monitor for WordPress | Missing Authorization vulnerability in Campaign Monitor Campaign Monitor for WordPress forms-for-campaign-monitor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Campaign Monitor for WordPress: from n/a through <= 2.9.0. | 2026-01-08 | not yet calculated | CVE-2026-0674 | https://vdp.patchstack.com/database/Wordpress/Plugin/forms-for-campaign-monitor/vulnerability/wordpress-campaign-monitor-for-wordpress-plugin-2-9-0-broken-access-control-vulnerability?_s_id=cve |
| chlodigital–PRIMER by chlodigital | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in chloédigital PRIMER by chloédigital primer-by-chloedigital allows Reflected XSS.This issue affects PRIMER by chloédigital: from n/a through <= 1.0.25. | 2026-01-08 | not yet calculated | CVE-2025-68873 | https://vdp.patchstack.com/database/Wordpress/Plugin/primer-by-chloedigital/vulnerability/wordpress-primer-by-chloedigital-plugin-1-0-25-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Cloudways–Breeze | Missing Authorization vulnerability in Cloudways Breeze breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through <= 2.2.21. | 2026-01-06 | not yet calculated | CVE-2025-69364 | https://vdp.patchstack.com/database/Wordpress/Plugin/breeze/vulnerability/wordpress-breeze-plugin-2-2-21-broken-access-control-vulnerability?_s_id=cve |
| CMSJunkie – WordPress Business Directory Plugins–WP-BusinessDirectory | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CMSJunkie – WordPress Business Directory Plugins WP-BusinessDirectory wp-businessdirectory allows Reflected XSS.This issue affects WP-BusinessDirectory: from n/a through <= 3.1.5. | 2026-01-08 | not yet calculated | CVE-2025-68887 | https://vdp.patchstack.com/database/Wordpress/Plugin/wp-businessdirectory/vulnerability/wordpress-wp-businessdirectory-plugin-3-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve |
| CodexThemes–TheGem Theme Elements (for Elementor) | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in CodexThemes TheGem Theme Elements (for Elementor) thegem-elements-elementor allows PHP Local File Inclusion.This issue affects TheGem Theme Elements (for Elementor): from n/a through <= 5.11.0. | 2026-01-06 | not yet calculated | CVE-2025-69356 | https://vdp.patchstack.com/database/Wordpress/Plugin/thegem-elements-elementor/vulnerability/wordpress-thegem-theme-elements-for-elementor-plugin-5-11-0-local-file-inclusion-vulnerability?_s_id=cve |
| CodexThemes–TheGem Theme Elements (for Elementor) | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CodexThemes TheGem Theme Elements (for Elementor) thegem-elements-elementor allows Stored XSS.This issue affects TheGem Theme Elements (for Elementor): from n/a through <= 5.11.0. | 2026-01-06 | not yet calculated | CVE-2025-69357 | https://vdp.patchstack.com/database/Wordpress/Plugin/thegem-elements-elementor/vulnerability/wordpress-thegem-theme-elements-for-elementor-plugin-5-11-0-cross-site-scripting-xss-vulnerability?_s_id=cve |
| CodexThemes–TheGem Theme Elements (for WPBakery) | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CodexThemes TheGem Theme Elements (for WPBakery) thegem-elements allows DOM-Based XSS.This issue affects TheGem Theme Elements (for WPBakery): from n/a through <= 5.11.0. | 2026-01-06 | not yet calculated | CVE-2025-69360 | https://vdp.patchstack.com/database/Wordpress/Plugin/thegem-elements/vulnerability/wordpress-thegem-theme-elements-for-wpbakery-plugin-5-11-0-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Commvault–WebConsole | The Report Builder component of the application stores user input directly in a web page and displays it to other users, which raised concerns about a possible Cross-Site Scripting (XSS) attack. Proper management of this functionality helps ensure a secure and seamless user experience. Although the user input is not validated in the report creation, these scripts are not executed when the report is run by end users. The script is executed when the report is modified through the report builder by a user with edit permissions. The Report Builder is part of the WebConsole. The WebConsole package is currently end of life, and is no longer maintained. We strongly recommend against installing or using it in any production environment. However, if you choose to install it, for example, to access functionality like the Report Builder, it must be deployed within a fully isolated network that has no access to sensitive data or internet connectivity. This is a critical security precaution, as the retired package may contain unpatched vulnerabilities and is no longer supported with updates or fixes. | 2026-01-07 | not yet calculated | CVE-2025-12776 | https://documentation.commvault.com/securityadvisories/CV_2025_06_3.html |
| contentstudio–Contentstudio | Unrestricted Upload of File with Dangerous Type vulnerability in contentstudio Contentstudio contentstudio allows Upload a Web Shell to a Web Server.This issue affects Contentstudio: from n/a through <= 1.3.7. | 2026-01-08 | not yet calculated | CVE-2025-67910 | https://vdp.patchstack.com/database/Wordpress/Plugin/contentstudio/vulnerability/wordpress-contentstudio-plugin-1-3-7-arbitrary-file-upload-vulnerability?_s_id=cve |
| CoolHappy–The Events Calendar Countdown Addon | Missing Authorization vulnerability in CoolHappy The Events Calendar Countdown Addon countdown-for-the-events-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Events Calendar Countdown Addon: from n/a through <= 1.4.15. | 2026-01-06 | not yet calculated | CVE-2025-69348 | https://vdp.patchstack.com/database/Wordpress/Plugin/countdown-for-the-events-calendar/vulnerability/wordpress-the-events-calendar-countdown-addon-plugin-1-4-15-broken-access-control-vulnerability?_s_id=cve |
| coollabsio–coolify | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.420.7, a Remote Code Execution (RCE)*vulnerability exists in Coolify’s application deployment workflow. This flaw allows a low-privileged member to inject arbitrary Docker Compose directives during project creation or updates. By defining a malicious service that mounts the host filesystem, an attacker can achieve root-level command execution on the host OS, completely bypassing container isolation. Version 4.0.0-beta.420.7 contains a patch for the issue. | 2026-01-05 | not yet calculated | CVE-2025-59156 | https://github.com/coollabsio/coolify/security/advisories/GHSA-h5xw-7xvp-xrxr |
| coollabsio–coolify | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Coolify versions prior to and including v4.0.0-beta.420.6 are vulnerable to a stored cross-site scripting (XSS) attack in the project creation workflow. An authenticated user with low privileges (e.g., member role) can create a project with a maliciously crafted name containing embedded JavaScript. When an administrator later attempts to delete the project or its associated resource, the payload automatically executes in the admin’s browser context. Version 4.0.0-beta.420.7 contains a patch for the issue. | 2026-01-05 | not yet calculated | CVE-2025-59158 | https://github.com/coollabsio/coolify/security/advisories/GHSA-h52r-jxv9-9vhf |
| coollabsio–coolify | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Coolify versions prior to and including v4.0.0-beta.420.8 have an information disclosure vulnerability in the `/api/v1/teams/{team_id}/members` and `/api/v1/teams/current/members` API endpoints allows authenticated team members to access a highly sensitive `email_change_code` from other users on the same team. This code is intended for a single-use email change verification and should be kept secret. Its exposure could enable a malicious actor to perform an unauthorized email address change on behalf of the victim. As of time of publication, no known patched versions exist. | 2026-01-05 | not yet calculated | CVE-2025-59955 | https://github.com/coollabsio/coolify/security/advisories/GHSA-927g-56xp-6427 |
| coollabsio–coolify | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-beta.434, a low privileged user (member) can invite a high privileged user. At first, the application will throw an error, but if the attacker clicks the invite button a second time, it actually works. This way, a low privileged user can invite themselves as an administrator to the Coolify instance. After the high privileged user is invited, the attacker can initiate a password reset and log in with the new admin. As of time of publication, it is unclear if a patch is available. | 2026-01-05 | not yet calculated | CVE-2025-64421 | https://github.com/coollabsio/coolify/security/advisories/GHSA-4p6r-m39m-9cm9 https://drive.google.com/file/d/1YZHFgiZv_k9p9909A63DAErsTsh8K1rc/view?usp=drive_link |
| coollabsio–coolify | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify vstarting with version 4.0.0-beta.434, the /login endpoint advertises a rate limit of 5 requests but can be trivially bypassed by rotating the X-Forwarded-For header. This enables unlimited credential stuffing and brute-force attempts against user and admin accounts. As of time of publication, it is unclear if a patch is available. | 2026-01-05 | not yet calculated | CVE-2025-64422 | https://github.com/coollabsio/coolify/security/advisories/GHSA-688j-rm43-5r8x |
| coollabsio–coolify | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-beta.434, a low privileged user (member) can see and use invitation links sent to an administrator. When they use the link before the legitimate recipient does, they are able to log in as an administrator, meaning they have successfully escalated their privileges. As of time of publication, it is unclear if a patch is available. | 2026-01-05 | not yet calculated | CVE-2025-64423 | https://github.com/coollabsio/coolify/security/advisories/GHSA-4fqm-797g-7m6j |
| coollabsio–coolify | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-beta.434, a command injection vulnerability exists in the git source input fields of a resource, allowing a low privileged user (member) to execute system commands as root on the Coolify instance. As of time of publication, it is unclear if a patch is available. | 2026-01-05 | not yet calculated | CVE-2025-64424 | https://github.com/coollabsio/coolify/security/advisories/GHSA-qx24-jhwj-8w6x https://drive.google.com/file/d/1rk7AYxNDkJUwo8uWbzX62PpBxpDYeyrZ/view?usp=drive_link |
| coollabsio–coolify | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-beta.434, an attacker can initiate a password reset for a victim, and modify the host header of the request to a malicious value. The victim will receive a password reset email, with a link to the malicious host. If the victim clicks this link, their reset token is sent to the attacker’s server, allowing the attacker to use it to change the victim’s password and takeover their account. As of time of publication, it is unclear if a patch is available. | 2026-01-05 | not yet calculated | CVE-2025-64425 | https://github.com/coollabsio/coolify/security/advisories/GHSA-f737-2p93-g2cw https://drive.google.com/file/d/1I5sJHcpetJbKlwVS2usAD7qmgH37Y4rw/view?usp=drive_link |
| coredns–coredns | CoreDNS is a DNS server that chains plugins. Prior to version 1.14.0, multiple CoreDNS server implementations (gRPC, HTTPS, and HTTP/3) lack critical resource-limiting controls. An unauthenticated remote attacker can exhaust memory and degrade or crash the server by opening many concurrent connections, streams, or sending oversized request bodies. The issue is similar in nature to CVE-2025-47950 (QUIC DoS) but affects additional server types that do not enforce connection limits, stream limits, or message size constraints. Version 1.14.0 contains a patch. | 2026-01-08 | not yet calculated | CVE-2025-68151 | https://github.com/coredns/coredns/security/advisories/GHSA-527x-5wrf-22m2 https://github.com/coredns/coredns/pull/7490 https://github.com/coredns/coredns/commit/0d8cbb1a6bcb6bc9c1a489865278b8725fa20812 |
| craftcms–cms | Craft is a platform for creating digital experiences. In versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16, authenticated users on a Craft installation could potentially expose sensitive assets via their user profile photo via maliciously crafted requests. Users should update to the patched versions (5.8.21 and 4.16.17) to mitigate the issue. | 2026-01-05 | not yet calculated | CVE-2025-68436 | https://github.com/craftcms/cms/security/advisories/GHSA-53vf-c43h-j2x9 https://github.com/craftcms/cms/commit/4bcb0db554e273b66ce3b75263a13414c2368fc9 |
| craftcms–cms | Craft is a platform for creating digital experiences. In versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16, the Craft CMS GraphQL `save_<VolumeName>_Asset` mutation is vulnerable to Server-Side Request Forgery (SSRF). This vulnerability arises because the `_file` input, specifically its `url` parameter, allows the server to fetch content from arbitrary remote locations without proper validation. Attackers can exploit this by providing internal IP addresses or cloud metadata endpoints as the `url`, forcing the server to make requests to these restricted services. The fetched content is then saved as an asset, which can subsequently be accessed and exfiltrated, leading to potential data exposure and infrastructure compromise. This exploitation requires specific GraphQL permissions for asset management within the targeted volume. Users should update to the patched 5.8.21 and 4.16.17 releases to mitigate the issue. | 2026-01-05 | not yet calculated | CVE-2025-68437 | https://github.com/craftcms/cms/security/advisories/GHSA-x27p-wfqw-hfcc https://github.com/craftcms/cms/commit/013db636fdb38f3ce5657fd196b6d952f98ebc52 https://github.com/craftcms/cms/blob/5.x/CHANGELOG.md#5821—2025-12-04 |
| craftcms–cms | Craft is a platform for creating digital experiences. Versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16 are vulnerable to potential authenticated Remote Code Execution via Twig SSTI. For this to work, users must have administrator access to the Craft Control Panel, and allowAdminChanges must be enabled, which is against Craft CMS’ recommendations for any non-dev environment. Alternatively, a non-administrator account with allowAdminChanges disabled can be used, provided access to the System Messages utility is available. It is possible to craft a malicious payload using the Twig `map` filter in text fields that accept Twig input under Settings in the Craft control panel or using the System Messages utility, which could lead to a RCE. Users should update to the patched versions (5.8.21 and 4.16.17) to mitigate the issue. | 2026-01-05 | not yet calculated | CVE-2025-68454 | https://github.com/craftcms/cms/security/advisories/GHSA-742x-x762-7383 https://github.com/craftcms/cms/commit/d82680f4a05f9576883bb83c3f6243d33ca73ebe https://github.com/craftcms/cms/blob/5.x/CHANGELOG.md#5821—2025-12-04 |
| craftcms–cms | Craft is a platform for creating digital experiences. Versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16 are vulnerable to potential authenticated Remote Code Execution via malicious attached Behavior. Note that attackers must have administrator access to the Craft Control Panel for this to work. Users should update to the patched versions (5.8.21 and 4.16.17) to mitigate the issue. | 2026-01-05 | not yet calculated | CVE-2025-68455 | https://github.com/craftcms/cms/security/advisories/GHSA-255j-qw47-wjh5 https://github.com/craftcms/cms/commit/27f55886098b56c00ddc53b69239c9c9192252c7 https://github.com/craftcms/cms/commit/6e608a1a5bfb36943f94f584b7548ca542a86fef https://github.com/craftcms/cms/commit/ec43c497edde0b2bf2e39a119cded2e55f9fe593 https://github.com/craftcms/cms/blob/5.x/CHANGELOG.md#5821—2025-12-04 |
| craftcms–cms | Craft is a platform for creating digital experiences. In versions 5.0.0-RC1 through 5.8.20 and 3.0.0 through 4.16.16, unauthenticated users can trigger database backup operations via specific admin actions, potentially leading to resource exhaustion or information disclosure. Users should update to the patched versions (5.8.21 and 4.16.17) to mitigate the issue. Craft 3 users should update to the latest Craft 4 and 5 releases, which include the fixes. | 2026-01-05 | not yet calculated | CVE-2025-68456 | https://github.com/craftcms/cms/security/advisories/GHSA-v64r-7wg9-23pr https://github.com/craftcms/cms/commit/f83d4e0c6b906743206b4747db4abf8164b8da39 https://github.com/craftcms/cms/blob/5.x/CHANGELOG.md#5821—2025-12-04 |
| curl–curl | When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `–pinnedpubkey` with the curl tool,curl should check the public key of the server certificate to verify the peer. This check was skipped in a certain condition that would then make curl allow the connection without performing the proper check, thus not noticing a possible impostor. To skip this check, the connection had to be done with QUIC with ngtcp2 built to use GnuTLS and the user had to explicitly disable the standard certificate verification. | 2026-01-08 | not yet calculated | CVE-2025-13034 | json www |
| curl–curl | When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well. | 2026-01-08 | not yet calculated | CVE-2025-14017 | json www |
| curl–curl | When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host. | 2026-01-08 | not yet calculated | CVE-2025-14524 | json www issue |
| curl–curl | When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user’s wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not. | 2026-01-08 | not yet calculated | CVE-2025-14819 | json www |
| curl–curl | When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *not present* in the specified file if they were added as recognized in the libssh *global* known_hosts file. | 2026-01-08 | not yet calculated | CVE-2025-15079 | json www issue |
| curl–curl | When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent. | 2026-01-08 | not yet calculated | CVE-2025-15224 | json www issue |
| CyberChimps–Responsive Addons for Elementor | Missing Authorization vulnerability in CyberChimps Responsive Addons for Elementor responsive-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Addons for Elementor: from n/a through <= 2.0.8. | 2026-01-06 | not yet calculated | CVE-2025-69363 | https://vdp.patchstack.com/database/Wordpress/Plugin/responsive-addons-for-elementor/vulnerability/wordpress-responsive-addons-for-elementor-plugin-2-0-8-broken-access-control-vulnerability?_s_id=cve |
| D-Link–DSL-2640B | Multiple D-Link DSL/DIR/DNS devices contain an authentication bypass and improper access control vulnerability in the dnscfg.cgi endpoint that allows an unauthenticated attacker to access DNS configuration functionality. By directly requesting this endpoint, an attacker can modify the device’s DNS settings without valid credentials, enabling DNS hijacking (“DNSChanger”) attacks that redirect user traffic to attacker-controlled infrastructure. In 2019, D-Link reported that this behavior was leveraged by the “GhostDNS” malware ecosystem targeting consumer and carrier routers. All impacted products were subsequently designated end-of-life/end-of-service, and no longer receive security updates. Exploitation evidence was observed by the Shadowserver Foundation on 2025-11-27 (UTC). | 2026-01-05 | not yet calculated | CVE-2026-0625 | https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10488 https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10068 https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10118 https://www.vulncheck.com/advisories/dlink-dsl-command-injection-via-dns-configuration-endpoint |
| Data Illusion Zumbrunn–NGSurvey | Stored cross-site scripting (XSS, CWE-79) in the survey content and administration functionality in Data Illusion Zumbrunn NGSurvey Enterprise Edition 3.6.4 on all supported platforms ( on Windows and Linux servers ) allows authenticated remote users with survey creation or edit privileges to execute arbitrary JavaScript in other users’ browsers, steal session information and perform unauthorized actions on their behalf via crafted survey content that is rendered without proper output encoding. | 2026-01-07 | not yet calculated | CVE-2025-15479 | https://docs.ngsurvey.com/installation-setup/change-log#id-3.6.17-2025-05-28 https://cds.thalesgroup.com/en/tcs-cert/CVE-2025-15479 |
| Devolutions–PowerShell Universal | Cross-site Scripting vulnerability in Devolutions PowerShell Universal.This issue affects Powershell Universal: before 4.5.6, before 5.6.13. | 2026-01-07 | not yet calculated | CVE-2026-0618 | https://devolutions.net/security/advisories/DEVO-2026-0001/ |
| Devolutions–Remote Desktop Manager | Exposure of sensitive information in the TeamViewer entry dashboard component in Devolutions Remote Desktop Manager 2025.3.24.0 through 2025.3.28.0 on Windows allows an external observer to view a password on screen via a defective masking feature, for example during physical observation or screen sharing. | 2026-01-08 | not yet calculated | CVE-2026-0747 | https://devolutions.net/security/advisories/DEVO-2026-0002/ |
| e-plugins–ListingHub | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in e-plugins ListingHub listinghub allows Reflected XSS.This issue affects ListingHub: from n/a through 1.2.6. | 2026-01-08 | not yet calculated | CVE-2025-12551 | https://vdp.patchstack.com/database/Wordpress/Plugin/listinghub/vulnerability/wordpress-listinghub-plugin-1-2-6-cross-site-scripting-xss-vulnerability?_s_id=cve |
| e-plugins–Real Estate Pro | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in e-plugins Real Estate Pro real-estate-pro allows Reflected XSS.This issue affects Real Estate Pro: from n/a through <= 2.1.4. | 2026-01-08 | not yet calculated | CVE-2025-13504 | https://vdp.patchstack.com/database/Wordpress/Plugin/real-estate-pro/vulnerability/wordpress-real-estate-pro-plugin-2-1-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve |
| EFACEC–QC 60/90/120 | An attacker with the ability to interact through the network and with access credentials, could, thanks to the unsecured (unencrypted) MQTT communications protocol, write on the server topics of the board that controls the MQTT communications | 2026-01-07 | not yet calculated | CVE-2026-22535 | https://cds.thalesgroup.com/en |
| EFACEC–QC 60/90/120 | The absence of permissions control for the user XXX allows the current configuration in the sudoers file to escalate privileges without any restrictions | 2026-01-07 | not yet calculated | CVE-2026-22536 | https://cds.thalesgroup.com/en |
| EFACEC–QC 60/90/120 | The lack of hardening of the system allows the user used to manage and maintain the charger to consult different files containing clear-text credentials or valuable information for an attacker. | 2026-01-07 | not yet calculated | CVE-2026-22537 | https://cds.thalesgroup.com/en |
| EFACEC–QC 60/90/120 | As the service interaction is performed without authentication, an attacker with some knowledge of the protocol could obtain information about the charger via OCPP v1.6. | 2026-01-07 | not yet calculated | CVE-2026-22539 | https://cds.thalesgroup.com/en |
| EFACEC–QC 60/90/120 | The massive sending of ICMP requests causes a denial of service on one of the boards from the EVCharger that allows control the EV interfaces. Since the board must be operating correctly for the charger to also function correctly. | 2026-01-07 | not yet calculated | CVE-2026-22541 | https://cds.thalesgroup.com/en |
| EFACEC–QC 60/90/120 | An attacker with access to the system’s internal network can cause a denial of service on the system by making two concurrent connections through the Telnet service. | 2026-01-07 | not yet calculated | CVE-2026-22542 | https://cds.thalesgroup.com/en |
| EFACEC–QC 60/90/120 | The credentials required to access the device’s web server are sent in base64 within the HTTP headers. Since base64 is not considered a strong cipher, an attacker could intercept the web request handling the login and obtain the credentials | 2026-01-07 | not yet calculated | CVE-2026-22543 | https://cds.thalesgroup.com/en |
| EFACEC–QC 60/90/120 | An attacker with a network connection could detect credentials in clear text. | 2026-01-07 | not yet calculated | CVE-2026-22544 | https://cds.thalesgroup.com/en |
| EFACEC–QC60/90/120 | The massive sending of ARP requests causes a denial of service on one board of the charger that allows control of the EV interfaces. Since the board must be operating correctly for the charger to also function correctly. | 2026-01-07 | not yet calculated | CVE-2026-22540 | https://cds.thalesgroup.com/en |
| Elated-Themes–Neo Ocular | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Elated-Themes Neo Ocular neoocular allows PHP Local File Inclusion.This issue affects Neo Ocular: from n/a through < 1.2. | 2026-01-08 | not yet calculated | CVE-2025-67920 | https://vdp.patchstack.com/database/Wordpress/Theme/neoocular/vulnerability/wordpress-neo-ocular-theme-1-2-local-file-inclusion-vulnerability?_s_id=cve |
| Fahad Mahmood–RSS Feed Widget | Missing Authorization vulnerability in Fahad Mahmood RSS Feed Widget rss-feed-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RSS Feed Widget: from n/a through <= 3.0.2. | 2026-01-06 | not yet calculated | CVE-2025-69349 | https://vdp.patchstack.com/database/Wordpress/Plugin/rss-feed-widget/vulnerability/wordpress-rss-feed-widget-plugin-3-0-2-broken-access-control-vulnerability?_s_id=cve |
| Forcepoint–Forcepoint One Endpoint (F1E) | Forcepoint One DLP Client, version 23.04.5642 (and possibly newer versions), includes a restricted version of Python 2.5.4 that prevents use of the ctypes library. ctypes is a foreign function interface (FFI) for Python, enabling calls to DLLs/shared libraries, memory allocation, and direct code execution. It was demonstrated that these restrictions could be bypassed. | 2026-01-06 | not yet calculated | CVE-2025-14026 | https://support.forcepoint.com/s/article/000042256 https://kb.cert.org/vuls/id/420440 |
| Fujitsu Client Computing Limited–Fujitsu Security Solution AuthConductor Client Basic V2 | Origin validation error issue exists in Fujitsu Security Solution AuthConductor Client Basic V2 2.0.25.0 and earlier. If this vulnerability is exploited, an attacker who can log in to the Windows system where the affected product is installed may execute arbitrary code with SYSTEM privilege and/or modify the registry value. | 2026-01-07 | not yet calculated | CVE-2026-20893 | https://www.fmworld.net/biz/common/info/202601acc/ https://jvn.jp/en/jp/JVN24626628/ |
| G5Theme–Zorka | Missing Authorization vulnerability in G5Theme Zorka zorka allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zorka: from n/a through <= 1.5.7. | 2026-01-08 | not yet calculated | CVE-2026-0676 | https://vdp.patchstack.com/database/Wordpress/Theme/zorka/vulnerability/wordpress-zorka-theme-1-5-7-broken-access-control-vulnerability?_s_id=cve |
| GestSup–GestSup | GestSup versions up to and including 3.2.56 contain a cross-site request forgery (CSRF) vulnerability where the application does not verify the authenticity of client requests. An attacker can induce a logged-in user to submit crafted requests that perform actions with the victim’s privileges. This can be exploited to create privileged accounts by targeting the administrative user creation endpoint. | 2026-01-09 | not yet calculated | CVE-2026-22194 | https://gestsup.fr/index.php?page=changelog https://www.vulncheck.com/advisories/gestsup-csrf-allows-privileged-actions |
| GestSup–GestSup | GestSup versions up to and including 3.2.56 contain a SQL injection vulnerability in the search bar functionality. User-controlled search input is incorporated into SQL queries without sufficient neutralization, allowing an authenticated attacker to manipulate database queries. Successful exploitation can result in unauthorized access to or modification of database contents depending on database privileges. | 2026-01-09 | not yet calculated | CVE-2026-22195 | https://gestsup.fr/index.php?page=changelog https://www.vulncheck.com/advisories/gestsup-sqli-in-search-bar |
| GestSup–GestSup | GestSup versions up to and including 3.2.56 contain a SQL injection vulnerability in ticket creation functionality. User-controlled input provided during ticket creation is incorporated into SQL queries without sufficient neutralization, allowing an authenticated attacker to manipulate database queries. Successful exploitation can result in unauthorized access to or modification of database contents depending on database privileges. | 2026-01-09 | not yet calculated | CVE-2026-22196 | https://gestsup.fr/index.php?page=changelog https://www.vulncheck.com/advisories/gestsup-sqli-in-ticket-creation |
| GestSup–GestSup | GestSup versions up to and including 3.2.56 contain multiple SQL injection vulnerabilities in the asset list functionality. Multiple request parameters used to filter, search, or sort assets are incorporated into SQL queries without sufficient neutralization, allowing an authenticated attacker to manipulate database queries. Successful exploitation can result in unauthorized access to or modification of database contents depending on database privileges. | 2026-01-09 | not yet calculated | CVE-2026-22197 | https://gestsup.fr/index.php?page=changelog https://www.vulncheck.com/advisories/gestsup-multiple-sqli-in-asset-list |
| GestSup–GestSup | GestSup versions up to and including 3.2.56 contain a pre-authentication stored cross-site scripting (XSS) vulnerability in the API error logging functionality. By sending an API request with a crafted X-API-KEY header value (for example, to /api/v1/ticket.php), an unauthenticated attacker can cause attacker-controlled HTML/JavaScript to be written to log entries. When an administrator later views the affected logs in the web interface, the injected content is rendered without proper output encoding, resulting in arbitrary script execution in the administrator’s browser session. | 2026-01-09 | not yet calculated | CVE-2026-22198 | https://gestsup.fr/index.php?page=changelog https://www.vulncheck.com/advisories/gestsup-stored-xss-in-api-error-logs |
| getkirby–kirby | Kirby is an open-source content management system. From versions 5.0.0 to 5.2.1, Kirby is missing permission checks in the content changes API. This vulnerability affects all Kirby sites where user permissions are configured to prevent specific role(s) from performing write actions, specifically by disabling the update permission with the intent to prevent modifications to site content. This vulnerability does not affect those who have not altered the deviated from default user permissions. This issue has been patched in version 5.2.2. | 2026-01-08 | not yet calculated | CVE-2026-21896 | https://github.com/getkirby/kirby/security/advisories/GHSA-4j78-4xrm-cr2f https://github.com/getkirby/kirby/commit/f5ce1347b427b819bf193acf11fd0da232f7af47 https://github.com/getkirby/kirby/releases/tag/5.2.2 |
| GitHub–Enterprise Server | An Improper Neutralization of Input During Web Page Generation vulnerability was identified in GitHub Enterprise Server that allowed attacker controlled HTML to be rendered by the Filter component (search) across GitHub that could be used to exfiltrate sensitive information. An attacker would require permissions to create or modify the names of milestones, issues, pull requests, or similar entities that are rendered in the vulnerable filter/search components. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.20 and was fixed in versions 3.19.1, and 3.18.2, 3.17.8, 3.16.11, 3.15.15, and 3.14.20. This vulnerability was reported via the GitHub Bug Bounty program. | 2026-01-06 | not yet calculated | CVE-2025-13744 | https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.20 https://docs.github.com/en/enterprise-server@3.15/admin/release-notes#3.15.15 https://docs.github.com/en/enterprise-server@3.16/admin/release-notes#3.16.11 https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.8 https://docs.github.com/en/enterprise-server@3.18/admin/release-notes#3.18.2 https://docs.github.com/en/enterprise-server@3.19/admin/release-notes#3.19.1 |
| GnuTLS–libtasn1 | Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string. | 2026-01-07 | not yet calculated | CVE-2025-13151 | Source Code Respoitory Proposed Pull Request |
| Google–Chrome | Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High) | 2026-01-06 | not yet calculated | CVE-2026-0628 | |
| gopiplus@hotmail.com–Scroll rss excerpt | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in gopiplus@hotmail.com Scroll rss excerpt scroll-rss-excerpt allows Reflected XSS.This issue affects Scroll rss excerpt: from n/a through <= 5.0. | 2026-01-08 | not yet calculated | CVE-2025-68892 | https://vdp.patchstack.com/database/Wordpress/Plugin/scroll-rss-excerpt/vulnerability/wordpress-scroll-rss-excerpt-plugin-5-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve |
| gunet–openeclass | The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, an arbitrary file upload vulnerability in the theme import functionality enables an attacker with administrative privileges to upload arbitrary files on the server’s file system. The main cause of the issue is that no validation or sanitization of the file’s present inside the zip archive. This leads to remote code execution on the web server. Version 4.2 patches the issue. | 2026-01-08 | not yet calculated | CVE-2026-22241 | https://github.com/gunet/openeclass/security/advisories/GHSA-rf6j-xgqp-wjxg https://github.com/gunet/openeclass/commit/3f9d267b79812a4dd708bb1302339e6a5abe67d9 |
| hands01–e-shops | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in hands01 e-shops e-shops-cart2 allows DOM-Based XSS.This issue affects e-shops: from n/a through <= 1.0.4. | 2026-01-08 | not yet calculated | CVE-2025-68890 | https://vdp.patchstack.com/database/Wordpress/Plugin/e-shops-cart2/vulnerability/wordpress-e-shops-plugin-1-0-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve |
| https://github.com/FoobarOy/–Foomuuri | A Improper Authorization vulnerability in Foomuuri llows arbitrary users to influence the firewall configuration.This issue affects Foomuuri: from ? before 0.31. | 2026-01-08 | not yet calculated | CVE-2025-67603 | https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-67603 https://security.opensuse.org/2026/01/07/foomuuri-lack-of-dbus-authorization.html |
| https://github.com/FoobarOy/–Foomuuri | A Improper Neutralization of Argument Delimiters vulnerability in Foomuuri can lead to integrity loss of the firewall configuration or further unspecified impact by manipulating the JSON configuration passed to `nft`. This issue affects Foomuuri: from ? before 0.31. | 2026-01-08 | not yet calculated | CVE-2025-67858 | https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-67858 https://security.opensuse.org/2026/01/07/foomuuri-lack-of-dbus-authorization.html |
| https://github.com/KDE/–smb4k | An Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’) vulnerability allows local users ton perform arbitrary unmounts via smb4k mount helper | 2026-01-08 | not yet calculated | CVE-2025-66002 | https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-66002 https://security.opensuse.org/2025/12/10/smb4k-major-issues-in-kauth-helper.html |
| https://github.com/KDE/–smb4k | An External Control of File Name or Path vulnerability in smb4k allowsl ocal users to perform a local root exploit via smb4k mounthelper if they can access and control the contents of a Samba shareThis issue affects smb4k: from ? before 4.0.5. | 2026-01-08 | not yet calculated | CVE-2025-66003 | https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-66003 https://security.opensuse.org/2025/12/10/smb4k-major-issues-in-kauth-helper.html |
| IAMB–Crypt::Sodium::XS | Crypt::Sodium::XS module versions prior to 0.000042, for Perl, include a vulnerable version of libsodium libsodium <= 1.0.20 or a version of libsodium released before December 30, 2025 contains a vulnerability documented as CVE-2025-69277 https://www.cve.org/CVERecord?id=CVE-2025-69277 . The libsodium vulnerability states: In atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren’t in the main cryptographic group. 0.000042 includes a version of libsodium updated to 1.0.20-stable, released January 3, 2026, which includes a fix for the vulnerability. | 2026-01-06 | not yet calculated | CVE-2025-15444 | https://github.com/jedisct1/libsodium/commit/ad3004ec8731730e93fcfbbc824e67eadc1c1bae https://00f.net/2025/12/30/libsodium-vulnerability/ https://metacpan.org/dist/Crypt-Sodium-XS/changes |
| jcaruso001–Flaming Password Reset | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in jcaruso001 Flaming Password Reset flaming-password-reset allows Stored XSS.This issue affects Flaming Password Reset: from n/a through <= 1.0.3. | 2026-01-08 | not yet calculated | CVE-2025-68875 | https://vdp.patchstack.com/database/Wordpress/Plugin/flaming-password-reset/vulnerability/wordpress-flaming-password-reset-plugin-1-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Jeroen Schmit–Theater for WordPress | Missing Authorization vulnerability in Jeroen Schmit Theater for WordPress theatre allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Theater for WordPress: from n/a through <= 0.19. | 2026-01-06 | not yet calculated | CVE-2025-69331 | https://vdp.patchstack.com/database/Wordpress/Plugin/theatre/vulnerability/wordpress-theater-for-wordpress-plugin-0-19-broken-access-control-vulnerability?_s_id=cve |
| Joomla! Project–Joomla! CMS | Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags. | 2026-01-06 | not yet calculated | CVE-2025-63082 | https://developer.joomla.org/security-centre/1016-20260101-core-inadequate-content-filtering-for-data-urls.html |
| Joomla! Project–Joomla! CMS | Lack of output escaping leads to a XSS vector in the pagebreak plugin. | 2026-01-06 | not yet calculated | CVE-2025-63083 | https://developer.joomla.org/security-centre/1017-20260102-core-xss-vector-in-the-pagebreak-plugin.html |
| jvoisin–snuffleupagus | Snuffleupagus is a module that raises the cost of attacks against website by killing bug classes and providing a virtual patching system. On deployments of Snuffleupagus prior to version 0.13.0 with the non-default upload validation feature enabled and configured to use one of the upstream validation scripts based on Vulcan Logic Disassembler (VLD) while the VLD extension is not available to the CLI SAPI, all files from multipart POST requests are evaluated as PHP code. The issue was fixed in version 0.13.0. | 2026-01-08 | not yet calculated | CVE-2026-22034 | https://github.com/jvoisin/snuffleupagus/security/advisories/GHSA-c4ch-xw5p-2mvc https://github.com/jvoisin/snuffleupagus/commit/9278dc77bab2a219e770a1b31dd6797bc9070e37 https://github.com/jvoisin/snuffleupagus/blob/9278dc77bab2a219e770a1b31dd6797bc9070e37/src/sp_upload_validation.c#L92-L100 https://github.com/jvoisin/snuffleupagus/blob/v0.12.0/scripts/upload_validation.php https://github.com/jvoisin/snuffleupagus/blob/v0.12.0/scripts/upload_validation.py https://github.com/php/php-src/blob/e4098da58a9eaee759d728d98a27d809cde37671/ext/standard/dl.c#L165-L166 https://github.com/php/php-src/blob/e4098da58a9eaee759d728d98a27d809cde37671/main/rfc1867.c#L1269-L1274 https://snuffleupagus.readthedocs.io/config.html#upload-validation |
| jwsthemes–OchaHouse | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in jwsthemes OchaHouse ochahouse allows PHP Local File Inclusion.This issue affects OchaHouse: from n/a through <= 2.2.8. | 2026-01-08 | not yet calculated | CVE-2025-12550 | https://vdp.patchstack.com/database/Wordpress/Theme/ochahouse/vulnerability/wordpress-ochahouse-theme-2-2-8-local-file-inclusion-vulnerability?_s_id=cve |
| Kaira–Blockons | Missing Authorization vulnerability in Kaira Blockons blockons allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blockons: from n/a through <= 1.2.15. | 2026-01-08 | not yet calculated | CVE-2025-14360 | https://vdp.patchstack.com/database/Wordpress/Plugin/blockons/vulnerability/wordpress-blockons-plugin-1-2-15-broken-access-control-vulnerability?_s_id=cve |
| KAON–CG3000T | The firmware in KAON CG3000TC and CG3000T routers contains hard-coded credentials in clear text (shared across all routers of this model) that an unauthenticated remote attacker could use to execute commands with root privileges. This vulnerability has been fixed in firmware version: 1.00.67 for CG3000TC and 1.00.27 for CG3000T. | 2026-01-09 | not yet calculated | CVE-2025-7072 | https://cert.pl/posts/2026/01/CVE-2025-7072/ |
| Kentico–Kentico Xperience | Kentico Xperience 13 is vulnerable to a stored cross-site scripting attack via a form component, allowing an attacker to hijack a victim user’s session and perform actions in their security context. | 2026-01-05 | not yet calculated | CVE-2025-5591 | https://www.themissinglink.com.au/security-advisories/cve-2025-5591 |
| Kieback&Peter–Neutrino-GLT | Kieback&Peter Neutrino-GLT product is used for building management. It’s web component “SM70 PHWEB” is vulnerable to shell command injection via login form. The injected commands would execute with low privileges. The vulnerability has been fixed in version 9.40.02 | 2026-01-07 | not yet calculated | CVE-2025-6225 | https://cert.pl/en/posts/2026/01/CVE-2025-6225/ |
| KnowageLabs–Knowage-Server | Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, there is a blind server-side request forgery vulnerability. The vulnerability allows attackers to send requests to arbitrary hosts/paths. Since the attacker is not able to read the response, the impact of this vulnerability is limited. However, an attacker should be able to leverage this vulnerability to scan the internal network. This issue has been patched in version 8.1.37. | 2026-01-07 | not yet calculated | CVE-2025-58441 | https://github.com/KnowageLabs/Knowage-Server/security/advisories/GHSA-m6x8-wh9v-6jxp |
| LambertGroup–CountDown With Image or Video Background | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in LambertGroup CountDown With Image or Video Background countdown-with-background allows Reflected XSS.This issue affects CountDown With Image or Video Background: from n/a through <= 1.5. | 2026-01-08 | not yet calculated | CVE-2025-27002 | https://vdp.patchstack.com/database/Wordpress/Plugin/countdown-with-background/vulnerability/wordpress-countdown-with-image-or-video-background-plugin-1-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve |
| LambertGroup–Famous – Responsive Image And Video Grid Gallery WordPress Plugin | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in LambertGroup Famous – Responsive Image And Video Grid Gallery WordPress Plugin famous_grid_image_and_video_gallery allows Reflected XSS.This issue affects Famous – Responsive Image And Video Grid Gallery WordPress Plugin: from n/a through <= 1.4. | 2026-01-08 | not yet calculated | CVE-2025-27004 | https://vdp.patchstack.com/database/Wordpress/Plugin/famous_grid_image_and_video_gallery/vulnerability/wordpress-famous-responsive-image-and-video-grid-gallery-wordpress-plugin-plugin-1-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve |
| langgenius–dify | Dify is an open-source LLM app development platform. Prior to version 1.11.0, the API key is exposed in plaintext to the frontend, allowing non-administrator users to view and reuse it. This can lead to unauthorized access to third-party services, potentially consuming limited quotas. Version 1.11.0 fixes the issue. | 2026-01-05 | not yet calculated | CVE-2025-67732 | https://github.com/langgenius/dify/security/advisories/GHSA-phpv-94hg-fv9g |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: s390/fpu: Fix false-positive kmsan report in fpu_vstl() A false-positive kmsan report is detected when running ping command. An inline assembly instruction ‘vstl’ can write varied amount of bytes depending on value of ‘index’ argument. If ‘index’ > 0, ‘vstl’ writes at least 2 bytes. clang generates kmsan write helper call depending on inline assembly constraints. Constraints are evaluated compile-time, but value of ‘index’ argument is known only at runtime. clang currently generates call to __msan_instrument_asm_store with 1 byte as size. Manually call kmsan function to indicate correct amount of bytes written and fix false-positive report. This change fixes following kmsan reports: [ 36.563119] ===================================================== [ 36.563594] BUG: KMSAN: uninit-value in virtqueue_add+0x35c6/0x7c70 [ 36.563852] virtqueue_add+0x35c6/0x7c70 [ 36.564016] virtqueue_add_outbuf+0xa0/0xb0 [ 36.564266] start_xmit+0x288c/0x4a20 [ 36.564460] dev_hard_start_xmit+0x302/0x900 [ 36.564649] sch_direct_xmit+0x340/0xea0 [ 36.564894] __dev_queue_xmit+0x2e94/0x59b0 [ 36.565058] neigh_resolve_output+0x936/0xb40 [ 36.565278] __neigh_update+0x2f66/0x3a60 [ 36.565499] neigh_update+0x52/0x60 [ 36.565683] arp_process+0x1588/0x2de0 [ 36.565916] NF_HOOK+0x1da/0x240 [ 36.566087] arp_rcv+0x3e4/0x6e0 [ 36.566306] __netif_receive_skb_list_core+0x1374/0x15a0 [ 36.566527] netif_receive_skb_list_internal+0x1116/0x17d0 [ 36.566710] napi_complete_done+0x376/0x740 [ 36.566918] virtnet_poll+0x1bae/0x2910 [ 36.567130] __napi_poll+0xf4/0x830 [ 36.567294] net_rx_action+0x97c/0x1ed0 [ 36.567556] handle_softirqs+0x306/0xe10 [ 36.567731] irq_exit_rcu+0x14c/0x2e0 [ 36.567910] do_io_irq+0xd4/0x120 [ 36.568139] io_int_handler+0xc2/0xe8 [ 36.568299] arch_cpu_idle+0xb0/0xc0 [ 36.568540] arch_cpu_idle+0x76/0xc0 [ 36.568726] default_idle_call+0x40/0x70 [ 36.568953] do_idle+0x1d6/0x390 [ 36.569486] cpu_startup_entry+0x9a/0xb0 [ 36.569745] rest_init+0x1ea/0x290 [ 36.570029] start_kernel+0x95e/0xb90 [ 36.570348] startup_continue+0x2e/0x40 [ 36.570703] [ 36.570798] Uninit was created at: [ 36.571002] kmem_cache_alloc_node_noprof+0x9e8/0x10e0 [ 36.571261] kmalloc_reserve+0x12a/0x470 [ 36.571553] __alloc_skb+0x310/0x860 [ 36.571844] __ip_append_data+0x483e/0x6a30 [ 36.572170] ip_append_data+0x11c/0x1e0 [ 36.572477] raw_sendmsg+0x1c8c/0x2180 [ 36.572818] inet_sendmsg+0xe6/0x190 [ 36.573142] __sys_sendto+0x55e/0x8e0 [ 36.573392] __s390x_sys_socketcall+0x19ae/0x2ba0 [ 36.573571] __do_syscall+0x12e/0x240 [ 36.573823] system_call+0x6e/0x90 [ 36.573976] [ 36.574017] Byte 35 of 98 is uninitialized [ 36.574082] Memory access of size 98 starts at 0000000007aa0012 [ 36.574218] [ 36.574325] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G B N 6.17.0-dirty #16 NONE [ 36.574541] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.574617] Hardware name: IBM 3931 A01 703 (KVM/Linux) [ 36.574755] ===================================================== [ 63.532541] ===================================================== [ 63.533639] BUG: KMSAN: uninit-value in virtqueue_add+0x35c6/0x7c70 [ 63.533989] virtqueue_add+0x35c6/0x7c70 [ 63.534940] virtqueue_add_outbuf+0xa0/0xb0 [ 63.535861] start_xmit+0x288c/0x4a20 [ 63.536708] dev_hard_start_xmit+0x302/0x900 [ 63.537020] sch_direct_xmit+0x340/0xea0 [ 63.537997] __dev_queue_xmit+0x2e94/0x59b0 [ 63.538819] neigh_resolve_output+0x936/0xb40 [ 63.539793] ip_finish_output2+0x1ee2/0x2200 [ 63.540784] __ip_finish_output+0x272/0x7a0 [ 63.541765] ip_finish_output+0x4e/0x5e0 [ 63.542791] ip_output+0x166/0x410 [ 63.543771] ip_push_pending_frames+0x1a2/0x470 [ 63.544753] raw_sendmsg+0x1f06/0x2180 [ 63.545033] inet_sendmsg+0xe6/0x190 [ 63.546006] __sys_sendto+0x55e/0x8e0 —truncated— | 2026-01-05 | not yet calculated | CVE-2025-68751 | https://git.kernel.org/stable/c/946357a538bb47740635c25520924351d2d91544 https://git.kernel.org/stable/c/13dcd6308cb8f67134ee5d5d762b2a66363c695b https://git.kernel.org/stable/c/14e4e4175b64dd9216b522f6ece8af6997d063b2 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: iavf: Implement settime64 with -EOPNOTSUPP ptp_clock_settime() assumes every ptp_clock has implemented settime64(). Stub it with -EOPNOTSUPP to prevent a NULL dereference. The fix is similar to commit 329d050bbe63 (“gve: Implement settime64 with -EOPNOTSUPP”). | 2026-01-05 | not yet calculated | CVE-2025-68752 | https://git.kernel.org/stable/c/9e3dbc3bb2e2aa728b49422b2e5344488f93f690 https://git.kernel.org/stable/c/6d080f810ffd6b8e002ce5bee8b9c551ca2535c2 https://git.kernel.org/stable/c/1e43ebcd5152b3e681a334cc6542fb21770c3a2e |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-motu: add bounds check in put_user loop for DSP events In the DSP event handling code, a put_user() loop copies event data. When the user buffer size is not aligned to 4 bytes, it could overwrite beyond the buffer boundary. Fix by adding a bounds check before put_user(). | 2026-01-05 | not yet calculated | CVE-2025-68753 | https://git.kernel.org/stable/c/ea2c921d9de6e32ca50cb817b9d57bb881be70de https://git.kernel.org/stable/c/6d4f17782ce4facf3197e79707df411ee3d7b30a https://git.kernel.org/stable/c/0d71b3c2ed742f1ccb3b0b7a61afb90c0251093f https://git.kernel.org/stable/c/df692cf2b601a54b34edfdb9e683d67483aa8ce1 https://git.kernel.org/stable/c/8f9e51cf2a2a43d0cd72d3dc0b5ccea3f639c187 https://git.kernel.org/stable/c/298e753880b6ea99ac30df34959a7a03b0878eed |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: rtc: amlogic-a4: fix double free caused by devm The clock obtained via devm_clk_get_enabled() is automatically managed by devres and will be disabled and freed on driver detach. Manually calling clk_disable_unprepare() in error path and remove function causes double free. Remove the redundant clk_disable_unprepare() calls from the probe error path and aml_rtc_remove(), allowing the devm framework to automatically manage the clock lifecycle. | 2026-01-05 | not yet calculated | CVE-2025-68754 | https://git.kernel.org/stable/c/9fed02c16488050cd4e33e045506336b216d7301 https://git.kernel.org/stable/c/2e1c79299036614ac32b251d145fad5391f4bcab https://git.kernel.org/stable/c/384150d7a5b60c1086790a8ee07b0629f906cca2 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: staging: most: remove broken i2c driver The MOST I2C driver has been completely broken for five years without anyone noticing so remove the driver from staging. Specifically, commit 723de0f9171e (“staging: most: remove device from interface structure”) started requiring drivers to set the interface device pointer before registration, but the I2C driver was never updated which results in a NULL pointer dereference if anyone ever tries to probe it. | 2026-01-05 | not yet calculated | CVE-2025-68755 | https://git.kernel.org/stable/c/6cbba922934805f86eece6ba7010b7201962695d https://git.kernel.org/stable/c/6059a66dba7f26b21852831432e17075f1a1c783 https://git.kernel.org/stable/c/e463548fd80e779efea1cb2d3049b8a7231e6925 https://git.kernel.org/stable/c/495df2da6944477d282d5cc0c13174d06e25b310 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: block: Use RCU in blk_mq_[un]quiesce_tagset() instead of set->tag_list_lock blk_mq_{add,del}_queue_tag_set() functions add and remove queues from tagset, the functions make sure that tagset and queues are marked as shared when two or more queues are attached to the same tagset. Initially a tagset starts as unshared and when the number of added queues reaches two, blk_mq_add_queue_tag_set() marks it as shared along with all the queues attached to it. When the number of attached queues drops to 1 blk_mq_del_queue_tag_set() need to mark both the tagset and the remaining queues as unshared. Both functions need to freeze current queues in tagset before setting on unsetting BLK_MQ_F_TAG_QUEUE_SHARED flag. While doing so, both functions hold set->tag_list_lock mutex, which makes sense as we do not want queues to be added or deleted in the process. This used to work fine until commit 98d81f0df70c (“nvme: use blk_mq_[un]quiesce_tagset”) made the nvme driver quiesce tagset instead of quiscing individual queues. blk_mq_quiesce_tagset() does the job and quiesce the queues in set->tag_list while holding set->tag_list_lock also. This results in deadlock between two threads with these stacktraces: __schedule+0x47c/0xbb0 ? timerqueue_add+0x66/0xb0 schedule+0x1c/0xa0 schedule_preempt_disabled+0xa/0x10 __mutex_lock.constprop.0+0x271/0x600 blk_mq_quiesce_tagset+0x25/0xc0 nvme_dev_disable+0x9c/0x250 nvme_timeout+0x1fc/0x520 blk_mq_handle_expired+0x5c/0x90 bt_iter+0x7e/0x90 blk_mq_queue_tag_busy_iter+0x27e/0x550 ? __blk_mq_complete_request_remote+0x10/0x10 ? __blk_mq_complete_request_remote+0x10/0x10 ? __call_rcu_common.constprop.0+0x1c0/0x210 blk_mq_timeout_work+0x12d/0x170 process_one_work+0x12e/0x2d0 worker_thread+0x288/0x3a0 ? rescuer_thread+0x480/0x480 kthread+0xb8/0xe0 ? kthread_park+0x80/0x80 ret_from_fork+0x2d/0x50 ? kthread_park+0x80/0x80 ret_from_fork_asm+0x11/0x20 __schedule+0x47c/0xbb0 ? xas_find+0x161/0x1a0 schedule+0x1c/0xa0 blk_mq_freeze_queue_wait+0x3d/0x70 ? destroy_sched_domains_rcu+0x30/0x30 blk_mq_update_tag_set_shared+0x44/0x80 blk_mq_exit_queue+0x141/0x150 del_gendisk+0x25a/0x2d0 nvme_ns_remove+0xc9/0x170 nvme_remove_namespaces+0xc7/0x100 nvme_remove+0x62/0x150 pci_device_remove+0x23/0x60 device_release_driver_internal+0x159/0x200 unbind_store+0x99/0xa0 kernfs_fop_write_iter+0x112/0x1e0 vfs_write+0x2b1/0x3d0 ksys_write+0x4e/0xb0 do_syscall_64+0x5b/0x160 entry_SYSCALL_64_after_hwframe+0x4b/0x53 The top stacktrace is showing nvme_timeout() called to handle nvme command timeout. timeout handler is trying to disable the controller and as a first step, it needs to blk_mq_quiesce_tagset() to tell blk-mq not to call queue callback handlers. The thread is stuck waiting for set->tag_list_lock as it tries to walk the queues in set->tag_list. The lock is held by the second thread in the bottom stack which is waiting for one of queues to be frozen. The queue usage counter will drop to zero after nvme_timeout() finishes, and this will not happen because the thread will wait for this mutex forever. Given that [un]quiescing queue is an operation that does not need to sleep, update blk_mq_[un]quiesce_tagset() to use RCU instead of taking set->tag_list_lock, update blk_mq_{add,del}_queue_tag_set() to use RCU safe list operations. Also, delete INIT_LIST_HEAD(&q->tag_set_list) in blk_mq_del_queue_tag_set() because we can not re-initialize it while the list is being traversed under RCU. The deleted queue will not be added/deleted to/from a tagset and it will be freed in blk_free_queue() after the end of RCU grace period. | 2026-01-05 | not yet calculated | CVE-2025-68756 | https://git.kernel.org/stable/c/ca8764c0ea1fb825f17f19704af55e9e02c9f768 https://git.kernel.org/stable/c/3baeec23a82e7ee9691f434c6ab0ab1387326108 https://git.kernel.org/stable/c/6e8d363786765a81e35083e0909e076796468edf https://git.kernel.org/stable/c/ef0cd7b694928573f6569e61c14f5f059253162e https://git.kernel.org/stable/c/59e25ef2b413c72da6686d431e7759302cfccafa |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: drm/vgem-fence: Fix potential deadlock on release A timer that expires a vgem fence automatically in 10 seconds is now released with timer_delete_sync() from fence->ops.release() called on last dma_fence_put(). In some scenarios, it can run in IRQ context, which is not safe unless TIMER_IRQSAFE is used. One potentially risky scenario was demonstrated in Intel DRM CI trybot, BAT run on machine bat-adlp-6, while working on new IGT subtests syncobj_timeline@stress-* as user space replacements of some problematic test cases of a dma-fence-chain selftest [1]. [117.004338] ================================ [117.004340] WARNING: inconsistent lock state [117.004342] 6.17.0-rc7-CI_DRM_17270-g7644974e648c+ #1 Tainted: G S U [117.004346] ——————————– [117.004347] inconsistent {HARDIRQ-ON-W} -> {IN-HARDIRQ-W} usage. [117.004349] swapper/0/0 [HC1[1]:SC1[1]:HE0:SE0] takes: [117.004352] ffff888138f86aa8 ((&fence->timer)){?.-.}-{0:0}, at: __timer_delete_sync+0x4b/0x190 [117.004361] {HARDIRQ-ON-W} state was registered at: [117.004363] lock_acquire+0xc4/0x2e0 [117.004366] call_timer_fn+0x80/0x2a0 [117.004368] __run_timers+0x231/0x310 [117.004370] run_timer_softirq+0x76/0xe0 [117.004372] handle_softirqs+0xd4/0x4d0 [117.004375] __irq_exit_rcu+0x13f/0x160 [117.004377] irq_exit_rcu+0xe/0x20 [117.004379] sysvec_apic_timer_interrupt+0xa0/0xc0 [117.004382] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [117.004385] cpuidle_enter_state+0x12b/0x8a0 [117.004388] cpuidle_enter+0x2e/0x50 [117.004393] call_cpuidle+0x22/0x60 [117.004395] do_idle+0x1fd/0x260 [117.004398] cpu_startup_entry+0x29/0x30 [117.004401] start_secondary+0x12d/0x160 [117.004404] common_startup_64+0x13e/0x141 [117.004407] irq event stamp: 2282669 [117.004409] hardirqs last enabled at (2282668): [<ffffffff8289db71>] _raw_spin_unlock_irqrestore+0x51/0x80 [117.004414] hardirqs last disabled at (2282669): [<ffffffff82882021>] sysvec_irq_work+0x11/0xc0 [117.004419] softirqs last enabled at (2254702): [<ffffffff8289fd00>] __do_softirq+0x10/0x18 [117.004423] softirqs last disabled at (2254725): [<ffffffff813d4ddf>] __irq_exit_rcu+0x13f/0x160 [117.004426] other info that might help us debug this: [117.004429] Possible unsafe locking scenario: [117.004432] CPU0 [117.004433] —- [117.004434] lock((&fence->timer)); [117.004436] <Interrupt> [117.004438] lock((&fence->timer)); [117.004440] *** DEADLOCK *** [117.004443] 1 lock held by swapper/0/0: [117.004445] #0: ffffc90000003d50 ((&fence->timer)){?.-.}-{0:0}, at: call_timer_fn+0x7a/0x2a0 [117.004450] stack backtrace: [117.004453] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G S U 6.17.0-rc7-CI_DRM_17270-g7644974e648c+ #1 PREEMPT(voluntary) [117.004455] Tainted: [S]=CPU_OUT_OF_SPEC, [U]=USER [117.004455] Hardware name: Intel Corporation Alder Lake Client Platform/AlderLake-P DDR4 RVP, BIOS RPLPFWI1.R00.4035.A00.2301200723 01/20/2023 [117.004456] Call Trace: [117.004456] <IRQ> [117.004457] dump_stack_lvl+0x91/0xf0 [117.004460] dump_stack+0x10/0x20 [117.004461] print_usage_bug.part.0+0x260/0x360 [117.004463] mark_lock+0x76e/0x9c0 [117.004465] ? register_lock_class+0x48/0x4a0 [117.004467] __lock_acquire+0xbc3/0x2860 [117.004469] lock_acquire+0xc4/0x2e0 [117.004470] ? __timer_delete_sync+0x4b/0x190 [117.004472] ? __timer_delete_sync+0x4b/0x190 [117.004473] __timer_delete_sync+0x68/0x190 [117.004474] ? __timer_delete_sync+0x4b/0x190 [117.004475] timer_delete_sync+0x10/0x20 [117.004476] vgem_fence_release+0x19/0x30 [vgem] [117.004478] dma_fence_release+0xc1/0x3b0 [117.004480] ? dma_fence_release+0xa1/0x3b0 [117.004481] dma_fence_chain_release+0xe7/0x130 [117.004483] dma_fence_release+0xc1/0x3b0 [117.004484] ? _raw_spin_unlock_irqrestore+0x27/0x80 [117.004485] dma_fence_chain_irq_work+0x59/0x80 [117.004487] irq_work_single+0x75/0xa0 [117.004490] irq_work_r —truncated— | 2026-01-05 | not yet calculated | CVE-2025-68757 | https://git.kernel.org/stable/c/1026d1b0bd55e1be7ba0f9e9b1c9f6e02448f25a https://git.kernel.org/stable/c/9dc3c78d21e16f5af1a9c3d11b4bd5276f891fe0 https://git.kernel.org/stable/c/338e388c0d80ffc04963b6b0ec702ffdfd2c4eba https://git.kernel.org/stable/c/4f335cb8fad69b2be5accf0ebac3a8b345915f4e https://git.kernel.org/stable/c/1f0ca9d3e7c38a39f1f12377c24decf0bba46e54 https://git.kernel.org/stable/c/78b4d6463e9e69e5103f98b367f8984ad12cdc6f |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: backlight: led-bl: Add devlink to supplier LEDs LED Backlight is a consumer of one or multiple LED class devices, but devlink is currently unable to create correct supplier-producer links when the supplier is a class device. It creates instead a link where the supplier is the parent of the expected device. One consequence is that removal order is not correctly enforced. Issues happen for example with the following sections in a device tree overlay: // An LED driver chip pca9632@62 { compatible = “nxp,pca9632”; reg = <0x62>; // … addon_led_pwm: led-pwm@3 { reg = <3>; label = “addon:led:pwm”; }; }; backlight-addon { compatible = “led-backlight”; leds = <&addon_led_pwm>; brightness-levels = <255>; default-brightness-level = <255>; }; In this example, the devlink should be created between the backlight-addon (consumer) and the pca9632@62 (supplier). Instead it is created between the backlight-addon (consumer) and the parent of the pca9632@62, which is typically the I2C bus adapter. On removal of the above overlay, the LED driver can be removed before the backlight device, resulting in: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010 … Call trace: led_put+0xe0/0x140 devm_led_release+0x6c/0x98 Another way to reproduce the bug without any device tree overlays is unbinding the LED class device (pca9632@62) before unbinding the consumer (backlight-addon): echo 11-0062 >/sys/bus/i2c/drivers/leds-pca963x/unbind echo …backlight-dock >/sys/bus/platform/drivers/led-backlight/unbind Fix by adding a devlink between the consuming led-backlight device and the supplying LED device, as other drivers and subsystems do as well. | 2026-01-05 | not yet calculated | CVE-2025-68758 | https://git.kernel.org/stable/c/e06df738a9ad8417f1c4c7cd6992cda320e9e7ca https://git.kernel.org/stable/c/30cbe4b642745a9488a0f0d78be43afe69d7555c https://git.kernel.org/stable/c/0e63ea4378489e09eb5e920c8a50c10caacf563a https://git.kernel.org/stable/c/60a24070392ec726ccfe6ad1ca7b0381c8d8f7c9 https://git.kernel.org/stable/c/08c9dc6b0f2c68e5e7c374ac4499e321e435d46c https://git.kernel.org/stable/c/9341d6698f4cfdfc374fb6944158d111ebe16a9d |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring() In rtl8180_init_rx_ring(), memory is allocated for skb packets and DMA allocations in a loop. When an allocation fails, the previously successful allocations are not freed on exit. Fix that by jumping to err_free_rings label on error, which calls rtl8180_free_rx_ring() to free the allocations. Remove the free of rx_ring in rtl8180_init_rx_ring() error path, and set the freed priv->rx_buf entry to null, to avoid double free. | 2026-01-05 | not yet calculated | CVE-2025-68759 | https://git.kernel.org/stable/c/a4fb7cca9837378878e6c94d9e7af019c8fdfcdb https://git.kernel.org/stable/c/bf8513dfa31ea015c9cf415796dca2113d293840 https://git.kernel.org/stable/c/ee7db11742b30641f21306105ad27a275e3c61d7 https://git.kernel.org/stable/c/a813a74570212cb5f3a7d3b05c0cb0cd00bace1d https://git.kernel.org/stable/c/c9d1c4152e6d32fa74034464854bee262a60bc43 https://git.kernel.org/stable/c/9b5b9c042b30befc5b37e4539ace95af70843473 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix potential out-of-bounds read in iommu_mmio_show In iommu_mmio_write(), it validates the user-provided offset with the check: `iommu->dbg_mmio_offset > iommu->mmio_phys_end – 4`. This assumes a 4-byte access. However, the corresponding show handler, iommu_mmio_show(), uses readq() to perform an 8-byte (64-bit) read. If a user provides an offset equal to `mmio_phys_end – 4`, the check passes, and will lead to a 4-byte out-of-bounds read. Fix this by adjusting the boundary check to use sizeof(u64), which corresponds to the size of the readq() operation. | 2026-01-05 | not yet calculated | CVE-2025-68760 | https://git.kernel.org/stable/c/b959df804c33913dbfdb90750f2d693502b3d126 https://git.kernel.org/stable/c/0ec4aaf5f3f559716a6559f3d6d9616e9470bed6 https://git.kernel.org/stable/c/a0c7005333f9a968abb058b1d77bbcd7fb7fd1e7 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: hfs: fix potential use after free in hfs_correct_next_unused_CNID() This code calls hfs_bnode_put(node) which drops the refcount and then dreferences “node” on the next line. It’s only safe to use “node” when we’re holding a reference so flip these two lines around. | 2026-01-05 | not yet calculated | CVE-2025-68761 | https://git.kernel.org/stable/c/40a1e0142096dd7dd6cb5373841222b528698588 https://git.kernel.org/stable/c/c105e76bb17cf4b55fe89c6ad4f6a0e3972b5b08 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: net: netpoll: initialize work queue before error checks Prevent a kernel warning when netconsole setup fails on devices with IFF_DISABLE_NETPOLL flag. The warning (at kernel/workqueue.c:4242 in __flush_work) occurs because the cleanup path tries to cancel an uninitialized work queue. When __netpoll_setup() encounters a device with IFF_DISABLE_NETPOLL, it fails early and calls skb_pool_flush() for cleanup. This function calls cancel_work_sync(&np->refill_wq), but refill_wq hasn’t been initialized yet, triggering the warning. Move INIT_WORK() to the beginning of __netpoll_setup(), ensuring the work queue is properly initialized before any potential failure points. This allows the cleanup path to safely cancel the work queue regardless of where the setup fails. | 2026-01-05 | not yet calculated | CVE-2025-68762 | https://git.kernel.org/stable/c/a90d0dc38a10347078cca60e7495ad0648838f18 https://git.kernel.org/stable/c/760bc6ceda8e2c273c0e2018ad2595967c3dd308 https://git.kernel.org/stable/c/e5235eb6cfe02a51256013a78f7b28779a7740d5 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: crypto: starfive – Correctly handle return of sg_nents_for_len The return value of sg_nents_for_len was assigned to an unsigned long in starfive_hash_digest, causing negative error codes to be converted to large positive integers. Add error checking for sg_nents_for_len and return immediately on failure to prevent potential buffer overflows. | 2026-01-05 | not yet calculated | CVE-2025-68763 | https://git.kernel.org/stable/c/6cd14414394b4f3d6e1ed64b8241d1fcc2271820 https://git.kernel.org/stable/c/0c3854d65cc4402cb8c52d4d773450a06efecab6 https://git.kernel.org/stable/c/1af5c973dd744e29fa22121f43e8646b7a7a71a7 https://git.kernel.org/stable/c/9b3f71cf02e04cfaa482155e3078707fe7f8aef4 https://git.kernel.org/stable/c/e9eb52037a529fbb307c290e9951a62dd728b03d |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags When a filesystem is being automounted, it needs to preserve the user-set superblock mount options, such as the “ro” flag. | 2026-01-05 | not yet calculated | CVE-2025-68764 | https://git.kernel.org/stable/c/c09070b4def1b34e473a746c6a5331ccb80902c1 https://git.kernel.org/stable/c/dce10c59211e5cd763a62ea01e79b82a629811e3 https://git.kernel.org/stable/c/612cc98698d667df804792f0c47d4e501e66da29 https://git.kernel.org/stable/c/4b296944e632cf4c6a4cc8e2585c6451eae47b1b https://git.kernel.org/stable/c/df9b003a2ecacc7218486fbb31fe008c93097d5f https://git.kernel.org/stable/c/8675c69816e4276b979ff475ee5fac4688f80125 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add() In mt7615_mcu_wtbl_sta_add(), an skb sskb is allocated. If the subsequent call to mt76_connac_mcu_alloc_wtbl_req() fails, the function returns an error without freeing sskb, leading to a memory leak. Fix this by calling dev_kfree_skb() on sskb in the error handling path to ensure it is properly released. | 2026-01-05 | not yet calculated | CVE-2025-68765 | https://git.kernel.org/stable/c/594ff8bb69e239678a8baa461827ce4bb90eff8f https://git.kernel.org/stable/c/1c3c234af9407256ed670c8752923a672eea4225 https://git.kernel.org/stable/c/278bfed4529a0c9c9119f5a52ddafe69db61a75c https://git.kernel.org/stable/c/fb905e69941b44e03fe1a24e95328d45442b6d6d https://git.kernel.org/stable/c/4d42aba0ee49c0aa015c50c4f2a07cf8fa1c3a49 https://git.kernel.org/stable/c/53d1548612670aa8b5d89745116cc33d9d172863 |
| Linux–Linux | In the Linux kernel, the following vulnerability has been resolved: irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc() If irq_domain_translate_twocell() sets “hwirq” to >= MCHP_EIC_NIRQ (2) then it results in an out of bounds access. The code checks for invalid values, but doesn’t set the error code. Return -EINVAL in that case, instead of returning success. | 2026-01-05 | not yet calculated | CVE-2025-68766 | https://git.kernel.org/stable/c/324c60a67c4b9668497940f667db14d216cc7b1b https://git.kernel.org/stable/c/c21c606ad398eeb86a0f3aaff9ba4f2665e286c6 https://git.kernel.org/stable/c/3873afcb57614c1aaa5b6715554d6d1c22cac95a https://git.kernel.org/stable/c/09efe7cfbf919c4d763bc425473fcfee0dc98356 https://git.kernel.org/stable/c/efd65e2e2fd96f7aaa5cb07d79bbbfcfc80aa552 https://git.kernel.org/stable/c/7dbc0d40d8347bd9de55c904f59ea44bcc8dedb7 |
| loopus–WP Attractive Donations System – Easy Stripe & Paypal donations | Missing Authorization vulnerability in loopus WP Attractive Donations System – Easy Stripe & Paypal donations WP_AttractiveDonationsSystem allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Attractive Donations System – Easy Stripe & Paypal donations: from n/a through <= 1.25. | 2026-01-08 | not yet calculated | CVE-2025-22715 | https://vdp.patchstack.com/database/Wordpress/Plugin/WP_AttractiveDonationsSystem/vulnerability/wordpress-wp-attractive-donations-system-easy-stripe-paypal-donations-plugin-1-25-arbitrary-content-deletion-vulnerability?_s_id=cve |
| loopus–WP Virtual Assistant | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in loopus WP Virtual Assistant VirtualAssistant allows Stored XSS.This issue affects WP Virtual Assistant: from n/a through <= 3.0. | 2026-01-08 | not yet calculated | CVE-2025-22725 | https://vdp.patchstack.com/database/Wordpress/Plugin/VirtualAssistant/vulnerability/wordpress-wp-virtual-assistant-plugin-3-0-cross-site-scripting-xss-vulnerability?_s_id=cve |
| magentech–Rozy – Flower Shop | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in magentech Rozy – Flower Shop rozy allows PHP Local File Inclusion.This issue affects Rozy – Flower Shop: from n/a through <= 1.2.25. | 2026-01-08 | not yet calculated | CVE-2025-12549 | https://vdp.patchstack.com/database/Wordpress/Theme/rozy/vulnerability/wordpress-rozy-flower-shop-theme-1-2-25-local-file-inclusion-vulnerability?_s_id=cve |
| magepeopleteam–Car Rental Manager | Missing Authorization vulnerability in magepeopleteam Car Rental Manager car-rental-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Car Rental Manager: from n/a through <= 1.0.9. | 2026-01-06 | not yet calculated | CVE-2025-69327 | https://vdp.patchstack.com/database/Wordpress/Plugin/car-rental-manager/vulnerability/wordpress-car-rental-manager-plugin-1-0-9-broken-access-control-vulnerability?_s_id=cve |
| mastodon–mastodon | Mastodon is a free, open-source social network server based on ActivityPub. By nature, Mastodon performs a lot of outbound requests to user-provided domains. Mastodon, however, has some protection mechanism to disallow requests to local IP addresses (unless specified in `ALLOWED_PRIVATE_ADDRESSES`) to avoid the “confused deputy” problem. The list of disallowed IP address ranges was lacking some IP address ranges that can be used to reach local IP addresses. An attacker can use an IP address in the affected ranges to make Mastodon perform HTTP requests against loopback or local network hosts, potentially allowing access to otherwise private resources and services. This is fixed in Mastodon v4.5.4, v4.4.11, v4.3.17 and v4.2.29. | 2026-01-08 | not yet calculated | CVE-2026-22245 | https://github.com/mastodon/mastodon/security/advisories/GHSA-xfrj-c749-jxxq https://github.com/mastodon/mastodon/commit/0f4e8a6240b5af1f2c3f34d2793d8610c6ef2aca https://github.com/mastodon/mastodon/commit/17022907866710a72a1b1fc0a5ce9538bad1b4c3 https://github.com/mastodon/mastodon/commit/71ae4cf2cf5138ccdda64b1b1d665849b688686d |
| MediaTek, Inc.–MT2718, MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT8186, MT8188, MT8195, MT8196, MT8370, MT8390, MT8391, MT8395, MT8676, MT8678, MT8696, MT8755, MT8766, MT8768, MT8781, MT8786, MT8788E, MT8791T, MT8792, MT8793, MT8796, MT8873, MT8883, MT8893 | In KeyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10276761; Issue ID: MSV-5141. | 2026-01-06 | not yet calculated | CVE-2025-20795 | https://corp.mediatek.com/product-security-bulletin/January-2026 |
| MediaTek, Inc.–MT2718, MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT8196, MT8676, MT8678, MT8796 | In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10149879; Issue ID: MSV-4658. | 2026-01-06 | not yet calculated | CVE-2025-20787 | https://corp.mediatek.com/product-security-bulletin/January-2026 |
| MediaTek, Inc.–MT2718, MT6765, MT6768, MT6781, MT6833, MT6835, MT6853, MT6855, MT6877, MT6879, MT6893, MT6985, MT6989, MT6991, MT8186, MT8188, MT8196, MT8367, MT8391, MT8676, MT8678, MT8696, MT8766, MT8768, MT8781, MT8786, MT8788E, MT8791T, MT8792, MT8793, MT8796, MT8873, MT8883, MT8893 | In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10315812; Issue ID: MSV-5534. | 2026-01-06 | not yet calculated | CVE-2025-20797 | https://corp.mediatek.com/product-security-bulletin/January-2026 |
| MediaTek, Inc.–MT2718, MT6765, MT6768, MT6781, MT6833, MT6835, MT6853, MT6855, MT6877, MT6879, MT6893, MT6985, MT6989, MT6991, MT8186, MT8188, MT8196, MT8367, MT8391, MT8676, MT8678, MT8696, MT8766, MT8768, MT8781, MT8786, MT8788E, MT8791T, MT8792, MT8793, MT8796, MT8873, MT8883, MT8893 | In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10315812; Issue ID: MSV-5533. | 2026-01-06 | not yet calculated | CVE-2025-20798 | https://corp.mediatek.com/product-security-bulletin/January-2026 |
| MediaTek, Inc.–MT2718, MT6899, MT6989, MT6991, MT8678, MT8793 | In mminfra, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10267349; Issue ID: MSV-5033. | 2026-01-06 | not yet calculated | CVE-2025-20800 | https://corp.mediatek.com/product-security-bulletin/January-2026 |
| MediaTek, Inc.–MT2735, MT2737, MT6813, MT6815, MT6833, MT6835, MT6853, MT6855, MT6873, MT6875, MT6877, MT6878, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6896, MT6897, MT6899, MT6980, MT6983, MT6985, MT6986, MT6989, MT6990, MT6991, MT6993, MT8673, MT8675, MT8676, MT8678, MT8755, MT8771, MT8791, MT8791T, MT8792, MT8793, MT8795T, MT8797, MT8798, MT8863, MT8873, MT8883, MT8893 | In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689259 / MOLY01586470; Issue ID: MSV-4847. | 2026-01-06 | not yet calculated | CVE-2025-20794 | https://corp.mediatek.com/product-security-bulletin/January-2026 |
| MediaTek, Inc.–MT2735, MT2737, MT6813, MT6815, MT6833, MT6835, MT6853, MT6855, MT6873, MT6875, MT6877, MT6878, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6896, MT6897, MT6899, MT6980, MT6983, MT6985, MT6989, MT6990, MT6991, MT6993, MT8673, MT8675, MT8676, MT8678, MT8755, MT8771, MT8791, MT8791T, MT8792, MT8793, MT8795T, MT8797, MT8798, MT8863, MT8873, MT8883, MT8893 | In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01430930; Issue ID: MSV-4836. | 2026-01-06 | not yet calculated | CVE-2025-20793 | https://corp.mediatek.com/product-security-bulletin/January-2026 |
| MediaTek, Inc.–MT2735, MT2737, MT6833, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT8673, MT8675, MT8676, MT8678, MT8755, MT8771, MT8791, MT8791T, MT8792, MT8793, MT8795T, MT8797, MT8798, MT8863, MT8873, MT8883, MT8893 | In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01311265; Issue ID: MSV-4655. | 2026-01-06 | not yet calculated | CVE-2025-20761 | https://corp.mediatek.com/product-security-bulletin/January-2026 |
| MediaTek, Inc.–MT2735, MT2737, MT6833, MT6835, MT6853, MT6855, MT6873, MT6875, MT6877, MT6878, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6896, MT6897, MT6899, MT6980, MT6983, MT6985, MT6986, MT6989, MT6990, MT6991, MT6993, MT8673, MT8675, MT8676, MT8678, MT8755, MT8771, MT8791, MT8791T, MT8792, MT8793, MT8795T, MT8797, MT8798, MT8863, MT8873, MT8883, MT8893 | In Modem, there is a possible read of uninitialized heap data due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01676750; Issue ID: MSV-4653. | 2026-01-06 | not yet calculated | CVE-2025-20760 | https://corp.mediatek.com/product-security-bulletin/January-2026 |
| MediaTek, Inc.–MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT8186, MT8188, MT8196, MT8667, MT8673, MT8676, MT8678, MT8765, MT8766, MT8768, MT8771, MT8781, MT8791T, MT8792, MT8793, MT8795T, MT8796, MT8798, MT8873, MT8883 | In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184870; Issue ID: MSV-4729. | 2026-01-06 | not yet calculated | CVE-2025-20778 | https://corp.mediatek.com/product-security-bulletin/January-2026 |
| MediaTek, Inc.–MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT8186, MT8188, MT8196, MT8667, MT8673, MT8676, MT8678, MT8765, MT8766, MT8768, MT8771, MT8781, MT8791T, MT8792, MT8793, MT8795T, MT8796, MT8798, MT8873, MT8883 | In display, there is a possible use after free due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184084; Issue ID: MSV-4720. | 2026-01-06 | not yet calculated | CVE-2025-20779 | https://corp.mediatek.com/product-security-bulletin/January-2026 |
| MediaTek, Inc.–MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT8186, MT8188, MT8196, MT8667, MT8673, MT8676, MT8678, MT8765, MT8766, MT8768, MT8771, MT8781, MT8791T, MT8792, MT8793, MT8795T, MT8796, MT8798, MT8873, MT8883 | In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184061; Issue ID: MSV-4712. | 2026-01-06 | not yet calculated | CVE-2025-20780 | https://corp.mediatek.com/product-security-bulletin/January-2026 |
| MediaTek, Inc.–MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT8186, MT8188, MT8196, MT8667, MT8673, MT8676, MT8678, MT8765, MT8766, MT8768, MT8771, MT8781, MT8791T, MT8792, MT8793, MT8795T, MT8796, MT8798, MT8873, MT8883 | In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182914; Issue ID: MSV-4699. | 2026-01-06 | not yet calculated | CVE-2025-20781 | https://corp.mediatek.com/product-security-bulletin/January-2026 |
| MediaTek, Inc.–MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT8186, MT8188, MT8196, MT8667, MT8673, MT8676, MT8678, MT8765, MT8766, MT8768, MT8771, MT8781, MT8791T, MT8792, MT8793, MT8795T, MT8796, MT8798, MT8873, MT8883 | In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182882; Issue ID: MSV-4685. | 2026-01-06 | not yet calculated | CVE-2025-20782 | https://corp.mediatek.com/product-security-bulletin/January-2026 |
| MediaTek, Inc.–MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT8186, MT8188, MT8196, MT8667, MT8673, MT8676, MT8678, MT8765, MT8766, MT8768, MT8771, MT8781, MT8791T, MT8792, MT8793, MT8795T, MT8796, MT8798, MT8873, MT8883 | In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182882; Issue ID: MSV-4684. | 2026-01-06 | not yet calculated | CVE-2025-20783 | https://corp.mediatek.com/product-security-bulletin/January-2026 |
| MediaTek, Inc.–MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT8186, MT8188, MT8196, MT8667, MT8673, MT8676, MT8678, MT8765, MT8766, MT8768, MT8771, MT8781, MT8791T, MT8792, MT8793, MT8795T, MT8796, MT8798, MT8873, MT8883 | In display, there is a possible memory corruption due to uninitialized data. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182882; Issue ID: MSV-4683. | 2026-01-06 | not yet calculated | CVE-2025-20784 | https://corp.mediatek.com/product-security-bulletin/January-2026 |
| MediaTek, Inc.–MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT8186, MT8188, MT8196, MT8667, MT8673, MT8676, MT8678, MT8765, MT8766, MT8768, MT8771, MT8781, MT8791T, MT8792, MT8793, MT8795T, MT8796, MT8798, MT8873, MT8883 | In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10149882; Issue ID: MSV-4677. | 2026-01-06 | not yet calculated | CVE-2025-20785 | https://corp.mediatek.com/product-security-bulletin/January-2026 |
| MediaTek, Inc.–MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT8186, MT8188, MT8196, MT8667, MT8673, MT8676, MT8678, MT8765, MT8766, MT8768, MT8771, MT8781, MT8791T, MT8792, MT8793, MT8795T, MT8796, MT8798, MT8873, MT8883 | In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10149882; Issue ID: MSV-4673. | 2026-01-06 | not yet calculated | CVE-2025-20786 | https://corp.mediatek.com/product-security-bulletin/January-2026 |
| MediaTek, Inc.–MT6835, MT6835T, MT6878, MT6878M, MT6897, MT6899, MT6991, MT8676, MT8678, MT8755, MT8792, MT8793, MT8863, MT8873, MT8883 | In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01685181; Issue ID: MSV-4760. | 2026-01-06 | not yet calculated | CVE-2025-20762 | https://corp.mediatek.com/product-security-bulletin/January-2026 |
| MediaTek, Inc.–MT6878, MT6897, MT6899, MT6985, MT6989, MT6991, MT6993, MT8792, MT8796, MT8798 | In seninf, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10251210; Issue ID: MSV-4926. | 2026-01-06 | not yet calculated | CVE-2025-20801 | https://corp.mediatek.com/product-security-bulletin/January-2026 |
| MediaTek, Inc.–MT6899, MT6991 | In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: ALPS10198951; Issue ID: MSV-4503. | 2026-01-06 | not yet calculated | CVE-2025-20804 | https://corp.mediatek.com/product-security-bulletin/January-2026 |
| MediaTek, Inc.–MT6899, MT6991, MT6993, MT8793 | In c2ps, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10274607; Issue ID: MSV-5049. | 2026-01-06 | not yet calculated | CVE-2025-20799 | https://corp.mediatek.com/product-security-bulletin/January-2026 |
| MediaTek, Inc.–MT6899, MT6991, MT8793 | In dpe, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: ALPS10199779; Issue ID: MSV-4504. | 2026-01-06 | not yet calculated | CVE-2025-20803 | https://corp.mediatek.com/product-security-bulletin/January-2026 |
| MediaTek, Inc.–MT6899, MT6991, MT8793 | In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10114696; Issue ID: MSV-4480. | 2026-01-06 | not yet calculated | CVE-2025-20805 | https://corp.mediatek.com/product-security-bulletin/January-2026 |
| MediaTek, Inc.–MT6899, MT6991, MT8793 | In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10114835; Issue ID: MSV-4479. | 2026-01-06 | not yet calculated | CVE-2025-20806 | https://corp.mediatek.com/product-security-bulletin/January-2026 |
| MediaTek, Inc.–MT6899, MT6991, MT8793 | In dpe, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10114841; Issue ID: MSV-4451. | 2026-01-06 | not yet calculated | CVE-2025-20807 | https://corp.mediatek.com/product-security-bulletin/January-2026 |
| MediaTek, Inc.–MT6989, MT8796, MT8893 | In imgsys, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: ALPS10314745; Issue ID: MSV-5553. | 2026-01-06 | not yet calculated | CVE-2025-20796 | https://corp.mediatek.com/product-security-bulletin/January-2026 |
| MediaTek, Inc.–MT6991, MT8196, MT8367, MT8781, MT8786, MT8793 | In geniezone, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10238968; Issue ID: MSV-4914. | 2026-01-06 | not yet calculated | CVE-2025-20802 | https://corp.mediatek.com/product-security-bulletin/January-2026 |
| Microsoft–Playwright | Microsoft Playwright MCP Server versions prior to 0.0.40 fails to validate the Origin header on incoming connections. This allows an attacker to perform a DNS rebinding attack via a victim’s web browser and send unauthorized requests to a locally running MCP server, resulting in unintended invocation of MCP tool endpoints. | 2026-01-07 | not yet calculated | CVE-2025-9611 | https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-8rgw-6xp9-2fg3 https://github.com/microsoft/playwright/commit/1313fbd https://www.vulncheck.com/advisories/microsoft-playwright-mcp-server-dns-rebinding-via-missing-origin-header-validation |
| Mikado-Themes–Curly | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Mikado-Themes Curly curly allows PHP Local File Inclusion.This issue affects Curly: from n/a through < 3.3. | 2026-01-08 | not yet calculated | CVE-2025-67936 | https://vdp.patchstack.com/database/Wordpress/Theme/curly/vulnerability/wordpress-curly-theme-3-3-local-file-inclusion-vulnerability?_s_id=cve |
| Mikado-Themes–Hendon | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Mikado-Themes Hendon hendon allows PHP Local File Inclusion.This issue affects Hendon: from n/a through < 1.7. | 2026-01-08 | not yet calculated | CVE-2025-67937 | https://vdp.patchstack.com/database/Wordpress/Theme/hendon/vulnerability/wordpress-hendon-theme-1-7-local-file-inclusion-vulnerability?_s_id=cve |
| Mikado-Themes–Optimize | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Mikado-Themes Optimize optimizewp allows PHP Local File Inclusion.This issue affects Optimize: from n/a through < 2.4. | 2026-01-08 | not yet calculated | CVE-2025-67935 | https://vdp.patchstack.com/database/Wordpress/Theme/optimizewp/vulnerability/wordpress-optimize-theme-2-4-local-file-inclusion-vulnerability?_s_id=cve |
| Mikado-Themes–Wellspring | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in Mikado-Themes Wellspring wellspring allows PHP Local File Inclusion.This issue affects Wellspring: from n/a through < 2.8. | 2026-01-08 | not yet calculated | CVE-2025-67934 | https://vdp.patchstack.com/database/Wordpress/Theme/wellspring/vulnerability/wordpress-wellspring-theme-2-8-local-file-inclusion-vulnerability?_s_id=cve |
| n/a– GL Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 | An issue in GL Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. GL.Inet AX1800 Version 4.6.4 & 4.6.8 in the GL.iNet custom opkg wrapper script located at /usr/libexec/opkg-call. The script is executed with root privileges when triggered via the LuCI web interface or authenticated API calls to manage packages. The vulnerable code uses shell redirection to create a lock file in the world-writable /tmp directory. | 2026-01-08 | not yet calculated | CVE-2025-67091 | https://www.gl-inet.com/ https://aleksazatezalo.medium.com/critical-command-injection-vulnerability-in-gl-inet-gl-axt1800-router-firmware-e6d67d81ee51?postPublishedType=repub https://aleksazatezalo.medium.com/critical-authentication-bypass-vulnerability-in-gl-inet-gl-axt1800-router-firmware-f19442ca721d |
| n/a– realme Internet browser v.45.13.4.1 | An issue in realme Internet browser v.45.13.4.1 allows a remote attacker to execute arbitrary code via a crafted webpage in the built-in HeyTap/ColorOS browser | 2026-01-05 | not yet calculated | CVE-2025-67316 | http://internet.com http://realme.com https://gist.github.com/Brucewebva/ceb365b7cea0d0b8ec0ce6755177de83 |
| n/a–@sylphxltd/filesystem-mcp v0.5.8 | @sylphxltd/filesystem-mcp v0.5.8 is an MCP server that provides file content reading functionality. Version 0.5.8 of filesystem-mcp contains a critical path traversal vulnerability in its “read_content” tool. This vulnerability arises from improper symlink handling in the path validation mechanism: the resolvePath function checks path validity before resolving symlinks, while fs.readFile resolves symlinks automatically during file access. This allows attackers to bypass directory restrictions by leveraging symlinks within the allowed directory that point to external files, enabling unauthorized access to files outside the intended operational scope. | 2026-01-07 | not yet calculated | CVE-2025-67366 | https://github.com/sylphxltd/filesystem-mcp/issues/134 https://github.com/sylphxltd/filesystem-mcp |
| n/a–AppConnector component version 10.10.0.183 and earlier of enaio 10.10, in the AppConnector component version 11.0.0.183 and earlier of enaio 11.0, and in the AppConnctor component version 11.10.0.183 and earlier of enaio 11.10 | An issue was discovered in the AppConnector component version 10.10.0.183 and earlier of enaio 10.10, in the AppConnector component version 11.0.0.183 and earlier of enaio 11.0, and in the AppConnctor component version 11.10.0.183 and earlier of enaio 11.10. The vulnerability allows authenticated remote attackers to inject arbitrary SMTP commands via crafted input to the /osrest/api/organization/sendmail endpoint | 2026-01-08 | not yet calculated | CVE-2025-56425 | https://www.optimal-systems.de/enaio https://mind-bytes.de/smtp-injection-in-enaio-component-appconnector-cve-2025-56425/ |
| n/a–Area9 Rhapsode 1.47.3 | In Area9 Rhapsode 1.47.3, an authenticated attacker can exploit the operation, url, and filename parameters via POST request to read arbitrary files from the server filesystem. Fixed in 1.47.4 (#7254) and further versions. | 2026-01-09 | not yet calculated | CVE-2025-67810 | https://area9.com https://security.area9lyceum.com/cve-2025-67810/ |
| n/a–Area9 Rhapsode 1.47.3 | Area9 Rhapsode 1.47.3 allows SQL Injection via multiple API endpoints accessible to authenticated users. Insufficient input validation allows remote attackers to inject arbitrary SQL commands, resulting in unauthorized database access and potential compromise of sensitive data. Fixed in v.1.47.4 and beyond. | 2026-01-09 | not yet calculated | CVE-2025-67811 | https://area9.com https://security.area9lyceum.com/cve-2025-67811/ |
| n/a–ARIS 10.0.23.0.3587512 | A file upload vulnerability in ARIS 10.0.23.0.3587512 allows attackers to execute arbitrary code via uploading a crafted PDF file/Malware | 2026-01-07 | not yet calculated | CVE-2025-66837 | https://www.softwareag.com/ https://github.com/saykino/CVE-2025-66837/ |
| n/a–Aris v10.0.23.0.3587512 and before | In Aris v10.0.23.0.3587512 and before, the file upload functionality does not enforce any rate limiting or throttling, allowing users to upload files at an unrestricted rate. An attacker can exploit this behavior to rapidly upload a large volume of files, potentially leading to resource exhaustion such as disk space depletion, increased server load, or degraded performance | 2026-01-07 | not yet calculated | CVE-2025-66838 | https://www.softwareag.com/ https://github.com/saykino/CVE-2025-66838/ |
| n/a–Axtion ODISSAAS ODIS v1.8.4 | A DLL hijacking vulnerability in Axtion ODISSAAS ODIS v1.8.4 allows attackers to execute arbitrary code via a crafted DLL file. | 2026-01-09 | not yet calculated | CVE-2025-66715 | https://www.axtion.nl/odis/ https://b1tsec.gitbook.io/offensive-repo/cve-repository/cve-2025-66715 |
| n/a–Blue Access Cobalt v02.000.195 | Blue Access Cobalt v02.000.195 suffers from an authentication bypass vulnerability, which allows an attacker to selectively proxy requests in order to operate functionality on the web application without the need to authenticate with legitimate credentials. | 2026-01-06 | not yet calculated | CVE-2025-60534 | http://blue.com https://github.com/PilotPatrickk/Published-CVEs/blob/main/CVE-2025-60534.md |
| n/a–ComfyUI-Manager prior to version 3.38 | An issue in ComfyUI-Manager prior to version 3.38 allowed remote attackers to potentially manipulate its configuration and critical data. This was due to the application storing its files in an insufficiently protected location that was accessible via the web interface | 2026-01-05 | not yet calculated | CVE-2025-67303 | https://github.com/Comfy-Org/ComfyUI-Manager/blob/main/docs/en/v3.38-userdata-security-migration.md https://github.com/Comfy-Org/ComfyUI-Manager/pull/2338/commits/e44c5cef58fb4973670b86433b9d24d077b44a26 |
| n/a–CouchCMS 2.4 | An Information Disclosure vulnerability in CouchCMS 2.4 allow an Admin user to read arbitrary files via traversing directories back after back. It can Disclosure the source code or any other confidential information if weaponize accordingly. | 2026-01-09 | not yet calculated | CVE-2025-67004 | https://www.couchcms.com/ https://github.com/CouchCMS/CouchCMS https://gist.github.com/thepiyushkumarshukla/d01f8004c43692f18c75548f4739955a |
| n/a–D-Link DIR895LA1 v102b07 | A Command Injection Vulnerability has been discovered in the DHCP daemon service of D-Link DIR895LA1 v102b07. The vulnerability exists in the lease renewal processing logic where the DHCP hostname parameter is directly concatenated into a system command without proper sanitization. When a DHCP client renews an existing lease with a malicious hostname, arbitrary commands can be executed with root privileges. | 2026-01-09 | not yet calculated | CVE-2025-69542 | https://tzh00203.notion.site/D-Link-DIR895LA1-v102b07-Command-Injection-in-DHCPd-2d4b5c52018a80a1a5ccfb317b308861?source=copy_link |
| n/a–D-Link Router DIR-605L (Hardware version F1; Firmware version: V6.02CN02) | An issue was discovered in D-Link Router DIR-605L (Hardware version F1; Firmware version: V6.02CN02) allowing an attacker with physical access to the UART pins to execute arbitrary commands due to presence of root terminal access on a serial interface without proper access control. | 2026-01-08 | not yet calculated | CVE-2025-65731 | https://www.dlink.com/en/security-bulletin/ https://www.dlink.com/uk/en/products/dir-605l-wireless-n-300-home-cloud-router https://gist.github.com/whitej3rry/f142a93bac360f9b1126f552f64957ea https://github.com/whitej3rry/CVE-2025-65731 |
| n/a–DwyerOmega Isensix Advanced Remote Monitoring System (ARMS) 1.5.7 | DwyerOmega Isensix Advanced Remote Monitoring System (ARMS) 1.5.7 allows an attacker to retrieve sensitive information from the underlying SQL database via Blind SQL Injection through the user parameter in the login page. This allows an attacker to steal credentials, which may be cleartext, from existing users (and admins) and use them to authenticate to the application. | 2026-01-06 | not yet calculated | CVE-2025-59379 | https://isensix.com/guardian/ https://info.dwyeromega.com/brands https://github.com/PilotPatrickk/Published-CVEs/blob/main/CVE-2025-59379.md |
| n/a–EDIMAX BR-6208AC V2_1.02 | EDIMAX BR-6208AC V2_1.02 is vulnerable to Command Injection. This arises because the pppUserName field is directly passed to a shell command via the system() function without proper sanitization. An attacker can exploit this by injecting malicious commands into the pppUserName field, allowing arbitrary code execution. | 2026-01-09 | not yet calculated | CVE-2025-70161 | https://tzh00203.notion.site/EDIMAX-BR-6208AC-V2_1-02-Command-Injection-Vulnerability-in-Web-setWAN-handler-2d3b5c52018a80d7ae8dce2bf5e3294c?source=copy_link |
| n/a–edu Business Solutions Print Shop Pro WebDesk version 18.34 | There is an issue on the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 that enables remote attacker to create financial discrepancies by purchasing items with a negative quantity. This vulnerability is possible due to reliance on client-side input validation controls. | 2026-01-08 | not yet calculated | CVE-2025-61546 | https://github.com/chndlrx/vulnerability-disclosures/tree/main/CVE-2025-61546 |
| n/a–edu Business Solutions Print Shop Pro WebDesk version 18.34 | Cross-Site Request Forgery (CSRF) is present on all functions in edu Business Solutions Print Shop Pro WebDesk version 18.34. The application does not implement proper CSRF tokens or other other protective measures, allowing a remote attacker to trick authenticated users into unknowingly executing unintended actions within their session. This can lead to unauthorized data modification such as credential updates. | 2026-01-08 | not yet calculated | CVE-2025-61547 | https://github.com/chndlrx/vulnerability-disclosures/tree/main/CVE-2025-61547 |
| n/a–edu Business Solutions Print Shop Pro WebDesk version 18.34 | SQL Injection is present on the hfInventoryDistFormID parameter in the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34. Unsanitized user input is incorporated directly into SQL queries without proper parameterization or escaping. This vulnerability allows remote attackers to execute arbitrary SQL commands | 2026-01-08 | not yet calculated | CVE-2025-61548 | https://github.com/chndlrx/vulnerability-disclosures/tree/main/CVE-2025-61548 |
| n/a–edu Business Solutions Print Shop Pro WebDesk version 18.34 | Cross-Site Scripting (XSS) is present on the LoginID parameter on the /PSP/app/web/reg/reg_display.asp endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34. Unsanitized user input is reflected in HTTP responses without proper HTML encoding or escaping. This allows attackers to execute arbitrary JavaScript in the context of a victim s browser session | 2026-01-08 | not yet calculated | CVE-2025-61549 | https://github.com/chndlrx/vulnerability-disclosures/tree/main/CVE-2025-61549 |
| n/a–edu Business Solutions Print Shop Pro WebDesk version 18.34 | Cross-Site Scripting (XSS) is present on the ctl00_Content01_fieldValue parameters on the /psp/appNet/TemplateOrder/TemplatePreview.aspx endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34. User-supplied input is stored and later rendered in HTML pages without proper output encoding or sanitization. This allows attackers to persistently inject arbitrary JavaScript that executes in the context of other users’ sessions | 2026-01-08 | not yet calculated | CVE-2025-61550 | https://github.com/chndlrx/vulnerability-disclosures/tree/main/CVE-2025-61550 |
| n/a–Employee Leave Management System v.2.1 | Cross Site Request Forgery vulnerability in Employee Leave Management System v.2.1 allows a remote attacker to escalate privileges via the manage-employee.php component | 2026-01-05 | not yet calculated | CVE-2025-67315 | https://phpgurukul.com/employee-leaves-management-system-elms/ https://github.com/r-pradyun/CVE-2025-67315 |
| n/a–evershop 2.1.0 | A Denial of Service (DoS) vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to exhaust the application server’s resources via the “GET /images” API. The application fails to limit the height of the use-element shadow tree or the dimensions of pattern tiles during the processing of SVG files, resulting in unbounded resource consumption and system-wide denial of service. | 2026-01-05 | not yet calculated | CVE-2025-67419 | https://github.com/evershopcommerce/evershop https://github.com/dos-m0nk3y/CVE/tree/main/CVE-2025-67419 |
| n/a–evershop 2.1.0 | A Blind Server-Side Request Forgery (SSRF) vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to force the server to initiate an HTTP request via the “GET /images” API. The vulnerability occurs due to insufficient validation of the “src” query parameter, which permits arbitrary HTTP or HTTPS URIs, resulting in unexpected requests against internal and external networks. | 2026-01-05 | not yet calculated | CVE-2025-67427 | https://github.com/evershopcommerce/evershop https://github.com/dos-m0nk3y/CVE/tree/main/CVE-2025-67427 |
| n/a–fast-filesystem-mcp version 3.4.0 | fast-filesystem-mcp version 3.4.0 contains a critical path traversal vulnerability in its file operation tools including fast_read_file. This vulnerability arises from improper path validation that fails to resolve symbolic links to their actual physical paths. The safePath and isPathAllowed functions use path.resolve() which does not handle symlinks, allowing attackers to bypass directory access restrictions by creating symlinks within allowed directories that point to restricted system paths. When these symlinks are accessed through valid path references, the validation checks are circumvented, enabling access to unauthorized files. | 2026-01-07 | not yet calculated | CVE-2025-67364 | https://github.com/efforthye/fast-filesystem-mcp/issues/10 https://github.com/efforthye/fast-filesystem-mcp |
| n/a–fluidsynth-2.4.6 and earlier versions | fluidsynth-2.4.6 and earlier versions is vulnerable to Null pointer dereference in fluid_synth_monopoly.c, that can be triggered when loading an invalid midi file. | 2026-01-09 | not yet calculated | CVE-2025-56225 | https://github.com/FluidSynth/fluidsynth/issues/1602 https://github.com/FluidSynth/fluidsynth/pull/1607 |
| n/a–Gl Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 | The LuCI web interface on Gl Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. Fix available in version 4.8.2 GL.Inet AX1800 Version 4.6.4 & 4.6.8 lacks rate limiting or account lockout mechanisms on the authentication endpoint (`/cgi-bin/luci`). An unauthenticated attacker on the local network can perform unlimited password attempts against the admin interface. | 2026-01-08 | not yet calculated | CVE-2025-67090 | https://www.gl-inet.com/security/ https://aleksazatezalo.medium.com/critical-command-injection-vulnerability-in-gl-inet-gl-axt1800-router-firmware-e6d67d81ee51?postPublishedType=repub https://aleksazatezalo.medium.com/critical-command-injection-vulnerability-in-gl-inet-gl-axt1800-router-firmware-e6d67d81ee51 |
| n/a–GL-iNet GL-AXT1800 router firmware v4.6.8 | A command injection vulnerability exists in the GL-iNet GL-AXT1800 router firmware v4.6.8. The vulnerability is present in the `plugins.install_package` RPC method, which fails to properly sanitize user input in package names. Authenticated attackers can exploit this to execute arbitrary commands with root privileges | 2026-01-08 | not yet calculated | CVE-2025-67089 | https://www.gl-inet.com/security-updates/ https://aleksazatezalo.medium.com/critical-command-injection-vulnerability-in-gl-inet-gl-axt1800-router-firmware-e6d67d81ee51?postPublishedType=repub |
| n/a–H3C M102G HM1A0V200R010 wireless controller and BA1500L SWBA1A0V100R006 wireless access point | An issue in H3C M102G HM1A0V200R010 wireless controller and BA1500L SWBA1A0V100R006 wireless access point, there is a misconfiguration vulnerability about vsftpd. Through this vulnerability, all files uploaded anonymously via the FTP protocol is automatically owned by the root user and remote attackers could gain root-level control over the devices. | 2026-01-06 | not yet calculated | CVE-2025-60262 | https://www.notion.so/23e54a1113e780d686fbe1624ee0465d https://www.notion.so/Misconfiguration-in-H3C-23e54a1113e780d686fbe1624ee0465d |
| n/a–Hero Motocorp Vida V1 Pro 2.0.7 | An issue in Hero Motocorp Vida V1 Pro 2.0.7 allows a local attacker to cause a denial of service via the BLE component | 2026-01-09 | not yet calculated | CVE-2025-67133 | http://hero.com http://vida.com https://threadpoolx.gitbook.io/docs/cve/cve-2025-67133-denial-of-service-via-unauthenticated-ble-connection |
| n/a–indieka900 online-shopping-system-php 1.0 | indieka900 online-shopping-system-php 1.0 is vulnerable to SQL Injection in master/review_action.php via the proId parameter. | 2026-01-08 | not yet calculated | CVE-2025-61246 | https://github.com/hackergovind/CVE-2025-61246 |
| n/a–Insiders Technologies GmbH e-invoice pro before release 1 | An issue in Insiders Technologies GmbH e-invoice pro before release 1 Service Pack 2 allows a remote attacker to cause a denial of service via a crafted script | 2026-01-08 | not yet calculated | CVE-2025-56424 | https://insiders-technologies.com/en/e-invoice/ https://mind-bytes.de/xml-external-entity-xxe-injection-in-e-invoice-pro-cve-2025-56424/ |
| n/a–Intelbras CFTV IP NVD 9032 R Ftd V2.800.00IB00C.0.T | A vulnerability exists in Intelbras CFTV IP NVD 9032 R Ftd V2.800.00IB00C.0.T, which allows an unauthenticated attacker to bypass the multi-factor authentication (MFA) mechanism during the password recovery process. This results in the ability to change the admin password and gain full access to the administrative panel. | 2026-01-09 | not yet calculated | CVE-2025-67070 | https://github.com/teteco/intelbras-cftv-admin-bypass |
| n/a–JimuReport thru version 2.1.3 | JimuReport thru version 2.1.3 is vulnerable to remote code execution when processing user-controlled H2 JDBC URLs. The application passes the attacker-supplied JDBC URL directly to the H2 driver, allowing the use of certain directives to execute arbitrary Java code. A different vulnerability than CVE-2025-10770. | 2026-01-08 | not yet calculated | CVE-2025-66913 | https://github.com/jeecgboot/jimureport/issues/4306 https://gist.github.com/Catherines77/f15d53e9705b24cf018e5bffed3e8234 |
| n/a–KAYSUS KS-WR1200 routers with firmware 107 | KAYSUS KS-WR1200 routers with firmware 107 expose SSH and TELNET services on the LAN interface with hardcoded root credentials (root:12345678). The administrator cannot disable these services or change the hardcoded password. (Changing the management GUI password does not affect SSH/TELNET authentication.) Any LAN-adjacent attacker can trivially log in with root privileges. | 2026-01-08 | not yet calculated | CVE-2025-68718 | https://www.kaysus.com/ks_wr3600__wifi_7_be3600_wireless_router.html https://github.com/actuator/cve/tree/main/KAYSUS https://github.com/actuator/cve/blob/main/KAYSUS/CVE-2025-68718.txt |
| n/a–KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 | KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 enable the SSH service enabled by default on the LAN interface. The root account is configured with no password, and administrators cannot disable SSH or enforce authentication via the CLI or web GUI. This allows any LAN-adjacent attacker to trivially gain root shell access and execute arbitrary commands with full privileges. | 2026-01-08 | not yet calculated | CVE-2025-68716 | https://www.kaysus.com/ks_wr3600__wifi_7_be3600_wireless_router.html https://github.com/actuator/cve/tree/main/KAYSUS https://github.com/actuator/cve/blob/main/KAYSUS/CVE-2025-68716.txt |
| n/a–KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 | KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 allow authentication bypass during session validation. If any user is logged in, endpoints such as /cgi-bin/system-tool accept unauthenticated requests with empty or invalid session values. This design flaw lets attackers piggyback on another user’s active session to retrieve sensitive configuration data or execute privileged actions without authentication. | 2026-01-08 | not yet calculated | CVE-2025-68717 | https://www.kaysus.com/ks_wr3600__wifi_7_be3600_wireless_router.html https://github.com/actuator/cve/tree/main/KAYSUS https://github.com/actuator/cve/blob/main/KAYSUS/CVE-2025-68717.txt |
| n/a–KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 | KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 mishandle configuration management. Once any user is logged in and maintains an active session, an attacker can directly query the backup endpoint and download a full configuration archive. This archive contains sensitive files such as /etc/shadow, enabling credential recovery and potential full compromise of the device. | 2026-01-08 | not yet calculated | CVE-2025-68719 | https://www.kaysus.com/ks_wr3600__wifi_7_be3600_wireless_router.html https://github.com/actuator/cve/tree/main/KAYSUS https://github.com/actuator/cve/blob/main/KAYSUS/CVE-2025-68719.txt |
| n/a–Mega-Fence (webgate-lib.*) 25.1.914 and prior | Mega-Fence (webgate-lib.*) 25.1.914 and prior trusts the first value of the X-Forwarded-For (XFF) header as the client IP without validating a trusted proxy chain. An attacker can supply an arbitrary XFF value in a remote request to spoof the client IP, which is then propagated to security-relevant state (e.g., WG_CLIENT_IP cookie). Deployments that rely on this value for IP allowlists may be bypassed. | 2026-01-05 | not yet calculated | CVE-2025-65328 | https://drive.proton.me/urls/MY05PVBFXG#xDd2Xqy98WM9 https://raw.githubusercontent.com/p1aintext/CVE/main/CVE-2025-65328.md |
| n/a–Nitro PDF Pro for Windows before 14.42.0.34. | An issue was discovered in Nitro PDF Pro for Windows before 14.42.0.34. In certain cases, it displays signer information from a non-verified PDF field rather than from the verified certificate subject. This could allow a document to present inconsistent signer details. The display logic was updated to ensure signer information consistently reflects the verified certificate identity. | 2026-01-08 | not yet calculated | CVE-2025-67825 | https://gonitro.com https://www.gonitro.com/documentation/release-notes |
| n/a–NJHYST HY511 POE core before 2.1 and plugins before 0.1. | An issue was discovered in NJHYST HY511 POE core before 2.1 and plugins before 0.1. The vulnerability stems from the device’s insufficient cookie verification, allowing an attacker to directly request the configuration file address and download the core configuration file without logging into the device management backend. By reading the corresponding username and self-decrypted MD5 password in the core configuration file, the attacker can directly log in to the backend, thereby bypassing the front-end backend login page. | 2026-01-06 | not yet calculated | CVE-2025-65212 | https://github.com/a2148001284/test1/blob/main/%E6%9C%AA%E6%8E%88%E6%9D%83%E8%AE%BF%E9%97%AE%E5%90%8E%E5%8F%B0%E6%BC%8F%E6%B4%9EEN.md https://gist.github.com/a2148001284/bcdda75fc8718454f16a7b9259463719 |
| n/a–OpenAirInterface CN5G AMF<=v2.0.1 | OpenAirInterface CN5G AMF<=v2.0.1 There is a logical error when processing JSON format requests. Unauthorized remote attackers can send malicious JSON data to AMF’s SBI interface to launch a denial-of-service attack. | 2026-01-07 | not yet calculated | CVE-2025-66786 | https://github.com/swallele/Vulnerability/blob/main/Openairinterface/Dos/Json_Dos.md |
| n/a–OpenAirInterface CN5G AMF<=v2.1.9 | OpenAirInterface CN5G AMF<=v2.1.9 has a buffer overflow vulnerability in processing NAS messages. Unauthorized remote attackers can launch a denial-of-service attack and potentially execute malicious code by accessing port N1 and sending an imsi string longer than 1000 to AMF. | 2026-01-07 | not yet calculated | CVE-2025-65805 | https://github.com/swallele/Vulnerability/blob/main/Openairinterface/Buffer_Overflow/Vulnerability_Report.md |
| n/a–Panda Wireless PWRU0 devices with firmware 2.2.9 | An issue was discovered in Panda Wireless PWRU0 devices with firmware 2.2.9 that exposes multiple HTTP endpoints (/goform/setWan, /goform/setLan, /goform/wirelessBasic) that do not enforce authentication. A remote unauthenticated attacker can modify WAN, LAN, and wireless settings directly, leading to privilege escalation and denial of service. | 2026-01-08 | not yet calculated | CVE-2025-68715 | https://github.com/actuator/cve/tree/main/PandaWireless https://github.com/actuator/cve/blob/main/PandaWireless/CVE-2025-68715.txt |
| n/a–Passy v.1.6.3 | An issue in Passy v.1.6.3 allows a remote authenticated attacker to execute arbitrary commands via a crafted HTTP request using a specific payload injection. | 2026-01-05 | not yet calculated | CVE-2025-67397 | https://www.passy.it/ https://github.com/giulioschiavone/Vulnerability-Research/tree/main/CVE-2025-67397 |
| n/a–Perch CMS version 3.2 | A stored Cross-Site Scripting (XSS) vulnerability exists in Perch CMS version 3.2. An authenticated attacker with administrative privileges can inject malicious JavaScript code into the “Help button url” setting within the admin panel. The injected payload is stored and executed when any authenticated user clicks the Help button, potentially leading to session hijacking, information disclosure, privilege escalation, and unauthorized administrative actions. | 2026-01-07 | not yet calculated | CVE-2025-66686 | https://github.com/mertdurum06/Perch-v3.2 https://github.com/mertdurum06/Perch-v3.2/blob/main/Perch%20v3.2_Poc.txt |
| n/a–phpgurukul Hostel Management System v2.1 | Cross-Site Scripting in phpgurukul Hostel Management System v2.1 user-provided complaint fields (Explain the Complaint) submitted via /register-complaint.php are stored and rendered unescaped in the admin viewer (/admin/complaint-details.php?cid=<id>). When an administrator opens the complaint, injected HTML/JavaScript executes in the admin’s browser. | 2026-01-08 | not yet calculated | CVE-2025-63611 | https://phpgurukul.com/hostel-management-system/ https://medium.com/@tanushkushtk01/cve-2025-63611-stored-cross-site-scripting-xss-in-hostel-management-system-v2-1-a23c2efc86ea |
| n/a–Plesk Obsidian versions 8.0.1 through 18.0.73 | Plesk Obsidian versions 8.0.1 through 18.0.73 are vulnerable to a Denial of Service (DoS) condition. The vulnerability exists in the get_password.php endpoint, where a crafted request containing a malicious payload can cause the affected web interface to continuously reload, rendering the service unavailable to legitimate users. An attacker can exploit this issue remotely without authentication, resulting in a persistent availability impact on the affected Plesk Obsidian instance. | 2026-01-08 | not yet calculated | CVE-2025-65518 | http://plesk.com https://github.com/Jainil-89/CVE-2025-65518/blob/main/cve.md https://docs.plesk.com/release-notes/obsidian/change-log/ |
| n/a–pss.sale.com 1.0 | SQL injection vulnerability in pss.sale.com 1.0 via the id parameter to the userfiles/php/cancel_order.php endpoint. | 2026-01-09 | not yet calculated | CVE-2025-51626 | https://gitee.com/XiaoLiuChu/pss.sale.com/tree/master https://gist.github.com/hnking-star/17d4c9c990c2324ef109fecb4fc4630c |
| n/a–QloApps versions 1.7.0 and earlier | Unrestricted file upload in the hotel review feature in QloApps versions 1.7.0 and earlier allows remote unauthenticated attackers to achieve remote code execution. | 2026-01-08 | not yet calculated | CVE-2025-67325 | https://github.com/Qloapps/QloApps https://github.com/mr7s3d0/CVE-2025-67325 |
| n/a–RuoYi-Vue-Plus versions 5.5.1 and earlier | The snailjob component in RuoYi-Vue-Plus versions 5.5.1 and earlier, interface /snail-job/workflow/check-node-expression can execute QLExpress expressions, but it does not filter user input, allowing attackers to use the File class to perform arbitrary file reading and writing. | 2026-01-08 | not yet calculated | CVE-2025-66916 | https://gitee.com/dromara/RuoYi-Vue-Plus https://github.com/Catherines77/code-au/blob/main/ruoyi-vue-plus/QLExpress.md https://gist.github.com/Catherines77/e3f06b9c4cc6298579e858088a243c3d |
| n/a–Samsung Magician 6.3.0 through 8.3.2 on Windows | An issue was discovered in Samsung Magician 6.3.0 through 8.3.2 on Windows. The installer creates a temporary folder with weak permissions during installation, allowing a non-admin user to perform DLL hijacking and escalate privileges. | 2026-01-05 | not yet calculated | CVE-2025-57836 | https://semiconductor.samsung.com/support/quality-support/product-security-updates/ https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-57836/ |
| n/a–Samsung Mobile Processor and Wearable Processor Exynos 1330, 1380, 1480, 2400, 1580, 2500 | An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos 1330, 1380, 1480, 2400, 1580, 2500. A race condition in the issimian device driver results in an out-of-bounds access, leading to a denial of service. | 2026-01-05 | not yet calculated | CVE-2025-52515 | https://semiconductor.samsung.com/support/quality-support/product-security-updates/ https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-52515/ |
| n/a–Samsung Mobile Processor and Wearable Processor Exynos 1330, 1380, 1480, 2400, 1580, 2500 | An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos 1330, 1380, 1480, 2400, 1580, 2500. An invalid kernel address dereference in the issimian device driver leads to a denial of service. | 2026-01-05 | not yet calculated | CVE-2025-52516 | https://semiconductor.samsung.com/support/quality-support/product-security-updates/ https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-52516/ |
| n/a–Samsung Mobile Processor and Wearable Processor Exynos 1330, 1380, 1480, 2400, 1580, 2500 | An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos 1330, 1380, 1480, 2400, 1580, 2500. A race condition in the issimian device driver results in a double free, leading to a denial of service. | 2026-01-05 | not yet calculated | CVE-2025-52517 | https://semiconductor.samsung.com/support/quality-support/product-security-updates/ https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-52517/ |
| n/a–Samsung Mobile Processor and Wearable Processor Exynos 1330, 1380, 1480, 2400, 1580, 2500 | An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos 1330, 1380, 1480, 2400, 1580, and 2500. Improper validation of user-space input in the issimian device driver leads to information disclosure and a denial of service. | 2026-01-05 | not yet calculated | CVE-2025-52519 | https://semiconductor.samsung.com/support/quality-support/product-security-updates/ https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-52519/ |
| n/a–Samsung Mobile Processor Exynos 1380, 1480, 2400, 1580 | An issue was discovered in the WiFi driver in Samsung Mobile Processor Exynos 1380, 1480, 2400, 1580. Mishandling of an NL80211 vendor command leads to a buffer overflow. | 2026-01-05 | not yet calculated | CVE-2025-49495 | https://semiconductor.samsung.com/support/quality-support/product-security-updates/ https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-49495/ |
| n/a–Samsung Mobile Processor Exynos 1380, 1480, 2400, and 1580 | An issue was discovered in Samsung Mobile Processor Exynos 1380, 1480, 2400, and 1580. Incorrect Handling of the NL80211 vendor command leads to a buffer overflow during handling of an IOCTL message. | 2026-01-05 | not yet calculated | CVE-2025-53966 | https://semiconductor.samsung.com/support/quality-support/product-security-updates/ https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-53966/ |
| n/a–Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400 | An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400. The lack of a length check leads to out-of-bounds writes via malformed NAS packets. | 2026-01-05 | not yet calculated | CVE-2025-27807 | https://semiconductor.samsung.com/support/quality-support/product-security-updates/ https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-27807/ |
| n/a–Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400 | An issue was discovered in L2 in c. Incorrect handling of RRC packets leads to a Denial of Service. | 2026-01-05 | not yet calculated | CVE-2025-43706 | https://semiconductor.samsung.com/support/quality-support/product-security-updates/ https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-43706/ |
| n/a–shiori v1.7.4 | A lack of rate limiting in the login page of shiori v1.7.4 and below allows attackers to bypass authentication via a brute force attack. | 2026-01-09 | not yet calculated | CVE-2025-60538 | https://github.com/go-shiori/shiori https://github.com/go-shiori/shiori/issues/1138 |
| n/a–sonirico mcp-shell v0.3.1 | A command injection vulnerability in the shell_exec function of sonirico mcp-shell v0.3.1 allows attackers to execute arbitrary commands via supplying a crafted command string. | 2026-01-07 | not yet calculated | CVE-2025-61489 | https://github.com/sonirico/mcp-shell https://github.com/sonirico/mcp-shell/issues/4 |
| n/a–Technitium DNS Server v.13.5 | An issue in Technitium DNS Server v.13.5 allows a remote attacker to cause a denial of service via the rate-limiting component | 2026-01-08 | not yet calculated | CVE-2025-50334 | https://github.com/TechnitiumSoftware/DnsServer/blob/master/CHANGELOG.md http://technitium.com https://github.com/TechnitiumSoftware/DnsServer/blob/v13.3/DnsServerCore/Dns/DnsServer.cs https://github.com/FPokerFace/Security-Advisory/tree/main/CVE-2025-50334 https://github.com/TechnitiumSoftware/DnsServer/commit/7229b217238213cc6275eea68a7e17d73df1603e |
| n/a–terminal-controller-mcp 0.1.7 | A command injection vulnerability in the execute_command function of terminal-controller-mcp 0.1.7 allows attackers to execute arbitrary commands via a crafted input. | 2026-01-07 | not yet calculated | CVE-2025-61492 | https://github.com/cfdude/super-shell-mcp/issues/19 https://github.com/GongRzhe/terminal-controller-mcp https://github.com/GongRzhe/terminal-controller-mcp/issues/7 |
| n/a–TIM BPM Suite/ TIM FLOW through 9.1.2 | In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Authorization Bypass vulnerabilities exists which allow a low privileged user to download password hashes of other user, access work items of other user, modify restricted content in workflows, modify the applications logo and manipulate the profile of other user. | 2026-01-09 | not yet calculated | CVE-2025-67282 | https://tim-doc.atlassian.net/wiki/spaces/eng/pages/230981636/Release+Notes https://www.y-security.de/news-en/tim-bpm-suite-tim-flow-multiple-vulnerabilities/ |
| n/a–TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 | An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 allows a remote attacker to escalate privileges via a crafted HTTP request | 2026-01-09 | not yet calculated | CVE-2025-67278 | https://tim-doc.atlassian.net/wiki/spaces/eng/pages/230981636/Release+Notes https://www.y-security.de/news-en/tim-bpm-suite-tim-flow-multiple-vulnerabilities/ |
| n/a–TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 | An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 allows a remote attacker to escalate privileges via the application stores password hashes in MD5 format | 2026-01-09 | not yet calculated | CVE-2025-67279 | https://tim-doc.atlassian.net/wiki/spaces/eng/pages/230981636/Release+Notes https://www.y-security.de/news-en/tim-bpm-suite-tim-flow-multiple-vulnerabilities/ |
| n/a–TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 | In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Hibernate Query Language injection vulnerabilities exist which allow a low privileged user to extract passwords of other users and access sensitive data of another user. | 2026-01-09 | not yet calculated | CVE-2025-67280 | https://tim-doc.atlassian.net/wiki/spaces/eng/pages/230981636/Release+Notes https://www.y-security.de/news-en/tim-bpm-suite-tim-flow-multiple-vulnerabilities/ |
| n/a–TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 | In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple SQL injection vulnerabilities exists which allow a low privileged and administrative user to access the database and its content. | 2026-01-09 | not yet calculated | CVE-2025-67281 | https://tim-doc.atlassian.net/wiki/spaces/eng/pages/230981636/Release+Notes https://www.y-security.de/news-en/tim-bpm-suite-tim-flow-multiple-vulnerabilities/ |
| n/a–Yonyou YonBIP v3 and before | In Yonyou YonBIP v3 and before, the LoginWithV8 interface in the series data application service system is vulnerable to path traversal, allowing unauthorized access to sensitive information within the system | 2026-01-09 | not yet calculated | CVE-2025-66744 | https://github.com/iSee857/YonYouBip-path-travel |
| nasa–CryptoLib | CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol – Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, an out-of-bounds heap read vulnerability in cryptography_encrypt() occurs when parsing JSON metadata from KMC server responses. The flawed strtok iteration pattern uses ptr + strlen(ptr) + 1 which reads one byte past allocated buffer boundaries when processing short or malformed metadata strings. This issue has been patched in version 1.4.3. | 2026-01-10 | not yet calculated | CVE-2026-21900 | https://github.com/nasa/CryptoLib/security/advisories/GHSA-4g6v-36fv-qcvw https://github.com/nasa/CryptoLib/commit/2372efd3da1ccb226b4297222e25f41ecc84821d https://github.com/nasa/CryptoLib/releases/tag/v1.4.3 |
| nasa–CryptoLib | CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol – Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, there is an out-of-bounds heap read vulnerability in cryptography_aead_encrypt(). This issue has been patched in version 1.4.3. | 2026-01-10 | not yet calculated | CVE-2026-22023 | https://github.com/nasa/CryptoLib/security/advisories/GHSA-8w3h-q8jm-3chq https://github.com/nasa/CryptoLib/commit/2372efd3da1ccb226b4297222e25f41ecc84821d https://github.com/nasa/CryptoLib/releases/tag/v1.4.3 |
| nasa–CryptoLib | CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol – Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the cryptography_encrypt() function allocates multiple buffers for HTTP requests and JSON parsing that are never freed on any code path. Each call leaks approximately 400 bytes of memory. Sustained traffic can gradually exhaust available memory. This issue has been patched in version 1.4.3. | 2026-01-10 | not yet calculated | CVE-2026-22024 | https://github.com/nasa/CryptoLib/security/advisories/GHSA-r3wg-g8xv-gxvf https://github.com/nasa/CryptoLib/commit/2372efd3da1ccb226b4297222e25f41ecc84821d https://github.com/nasa/CryptoLib/releases/tag/v1.4.3 |
| nasa–CryptoLib | CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol – Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, when the KMC server returns a non-200 HTTP status code, cryptography_encrypt() and cryptography_decrypt() return immediately without freeing previously allocated buffers. Each failed request leaks approximately 467 bytes. Repeated failures (from a malicious server or network issues) can gradually exhaust memory. This issue has been patched in version 1.4.3. | 2026-01-10 | not yet calculated | CVE-2026-22025 | https://github.com/nasa/CryptoLib/security/advisories/GHSA-h74x-vwwr-mm5g https://github.com/nasa/CryptoLib/commit/2372efd3da1ccb226b4297222e25f41ecc84821d https://github.com/nasa/CryptoLib/releases/tag/v1.4.3 |
| nasa–CryptoLib | CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol – Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the libcurl write_callback function in the KMC crypto service client allows unbounded memory growth by reallocating response buffers without any size limit or overflow check. A malicious KMC server can return arbitrarily large HTTP responses, forcing the client to allocate excessive memory until the process is terminated by the OS. This issue has been patched in version 1.4.3. | 2026-01-10 | not yet calculated | CVE-2026-22026 | https://github.com/nasa/CryptoLib/security/advisories/GHSA-w9cm-q69w-34×7 https://github.com/nasa/CryptoLib/commit/2372efd3da1ccb226b4297222e25f41ecc84821d https://github.com/nasa/CryptoLib/releases/tag/v1.4.3 |
| nasa–CryptoLib | CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol – Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the convert_hexstring_to_byte_array() function in the MariaDB SA interface writes decoded bytes into a caller-provided buffer without any capacity check. When importing SA fields from the database (e.g., IV, ARSN, ABM), a malformed or oversized hex string in the database can overflow the destination buffer, corrupting adjacent heap memory. This issue has been patched in version 1.4.3. | 2026-01-10 | not yet calculated | CVE-2026-22027 | https://github.com/nasa/CryptoLib/security/advisories/GHSA-3m35-m689-h29x https://github.com/nasa/CryptoLib/commit/2372efd3da1ccb226b4297222e25f41ecc84821d https://github.com/nasa/CryptoLib/releases/tag/v1.4.3 |
| Nokia–SR Linux | Nokia SR Linux is vulnerable to an authentication vulnerability allowing unauthorized access to the JSON-RPC service. When exploited, an invalid validation allows JSON RPC access without providing valid authentication credentials. | 2026-01-07 | not yet calculated | CVE-2025-0980 | Nokia Product Security Advisory |
| Noor Alam–Easy Media Download | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Noor Alam Easy Media Download easy-media-download allows Reflection Injection.This issue affects Easy Media Download: from n/a through <= 1.1.11. | 2026-01-08 | not yet calculated | CVE-2025-69169 | https://vdp.patchstack.com/database/Wordpress/Plugin/easy-media-download/vulnerability/wordpress-easy-media-download-plugin-1-1-11-css-injection-vulnerability?_s_id=cve |
| Open Microscopy Environment–Bio-Formats | Bio-Formats versions up to and including 8.3.0 contain an XML External Entity (XXE) vulnerability in the Leica Microsystems metadata parsing component (e.g., XLEF). The parser uses an insecurely configured DocumentBuilderFactory when processing Leica XML-based metadata files, allowing external entity expansion and external DTD loading. A crafted metadata file can trigger outbound network requests (SSRF), access local system resources where readable, or cause a denial of service during XML parsing. | 2026-01-07 | not yet calculated | CVE-2026-22186 | https://seclists.org/fulldisclosure/2026/Jan/6 https://docs.openmicroscopy.org/bio-formats/ https://www.vulncheck.com/advisories/bio-formats-xxe-in-leica-xlef-metadata-parser |
| Open Microscopy Environment–Bio-Formats | Bio-Formats versions up to and including 8.3.0 perform unsafe Java deserialization of attacker-controlled memoization cache files (.bfmemo) during image processing. The loci.formats.Memoizer class automatically loads and deserializes memo files associated with images without validation, integrity checks, or trust enforcement. An attacker who can supply a crafted .bfmemo file alongside an image can trigger deserialization of untrusted data, which may result in denial of service, logic manipulation, or potentially remote code execution in environments where suitable gadget chains are present on the classpath. | 2026-01-07 | not yet calculated | CVE-2026-22187 | https://seclists.org/fulldisclosure/2026/Jan/7 https://docs.openmicroscopy.org/bio-formats/ https://www.vulncheck.com/advisories/bio-formats-memoizer-unsafe-deserialization-via-bfmemo-cache-files |
| open-metadata–OpenMetadata | OpenMetadata is a unified metadata platform. Versions prior to 1.11.4 are vulnerable to remote code execution via Server-Side Template Injection (SSTI) in FreeMarker email templates. An attacker must have administrative privileges to exploit the vulnerability. Version 1.11.4 contains a patch. | 2026-01-08 | not yet calculated | CVE-2026-22244 | https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-5f29-2333-h9c7 https://github.com/open-metadata/OpenMetadata/commit/bffe7c45807763f9b682021d4211c478d2a08bb3 |
| OpenFlagr–Flagr | OpenFlagr versions prior to and including 1.1.18 contain an authentication bypass vulnerability in the HTTP middleware. Due to improper handling of path normalization in the whitelist logic, crafted requests can bypass authentication and access protected API endpoints without valid credentials. Unauthorized access may allow modification of feature flags and export of sensitive data. | 2026-01-07 | not yet calculated | CVE-2026-0650 | https://github.com/openflagr/flagr/releases/tag/1.1.19 https://dreyand.rs/code%20review/golang/2026/01/03/0day-speedrun-openflagr-less-1118-authentication-bypass https://www.vulncheck.com/advisories/openflagr-authentication-bypass-via-prefix-whitelist-path-normalization |
| OpenLDAP Foundation–OpenLDAP | OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition. | 2026-01-07 | not yet calculated | CVE-2026-22185 | https://seclists.org/fulldisclosure/2026/Jan/5 https://seclists.org/fulldisclosure/2026/Jan/8 https://www.openldap.org/ https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline https://bugs.openldap.org/show_bug.cgi?id=10421 |
| opf–openproject | OpenProject is an open-source, web-based project management software. For OpenProject version 16.6.1 and below, a registered administrator can execute arbitrary command by configuring sendmail binary path and sending a test email. This issue has been patched in version 16.6.2. | 2026-01-10 | not yet calculated | CVE-2026-22601 | https://github.com/opf/openproject/security/advisories/GHSA-9vrv-7h26-c7jc https://github.com/opf/openproject/releases/tag/v16.6.2 |
| opf–openproject | OpenProject is an open-source, web-based project management software. Prior to version 16.6.2, OpenProject’s unauthenticated password-change endpoint (/account/change_password) was not protected by the same brute-force safeguards that apply to the normal login form. In affected versions, an attacker who can guess or enumerate user IDs can send unlimited password-change requests for a given account without triggering lockout or other rate-limiting controls. This allows automated password-guessing (e.g., with wordlists of common passwords) against valid accounts. Successful guessing results in full account compromise for the targeted user and, depending on that user’s role, can lead to further privilege escalation inside the application. This issue has been patched in version 16.6.2. Those who are unable to upgrade may apply the patch manually. | 2026-01-10 | not yet calculated | CVE-2026-22603 | https://github.com/opf/openproject/security/advisories/GHSA-93×5-prx9-x239 https://github.com/opf/openproject/pull/21272 https://github.com/opf/openproject/commit/2b394b9ba5af1e5d96a64d7d452d4d44598a4c7f https://github.com/opf/openproject/releases/tag/v16.6.2 |
| opf–openproject | OpenProject is an open-source, web-based project management software. For OpenProject versions from 11.2.1 to before 16.6.2, when sending a POST request to the /account/change_password endpoint with an arbitrary User ID as the password_change_user_id parameter, the resulting error page would show the username for the requested user. Since this endpoint is intended to be called without being authenticated, this allows to enumerate the user names of all accounts registered in an OpenProject instance. This issue has been patched in version 16.6.2. | 2026-01-10 | not yet calculated | CVE-2026-22604 | https://github.com/opf/openproject/security/advisories/GHSA-q7qp-p3vw-j2fh https://github.com/opf/openproject/pull/3451 https://github.com/opf/openproject/commit/2cff5e98649e32a197a62659a23dd4b864b7855b https://github.com/opf/openproject/releases/tag/v16.6.2 |
| pallets–werkzeug | Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.5, Werkzeug’s safe_join function allows path segments with Windows device names that have file extensions or trailing spaces. On Windows, there are special device names such as CON, AUX, etc that are implicitly present and readable in every directory. Windows still accepts them with any file extension, such as CON.txt, or trailing spaces such as CON. This issue has been patched in version 3.1.5. | 2026-01-08 | not yet calculated | CVE-2026-21860 | https://github.com/pallets/werkzeug/security/advisories/GHSA-87hc-h4r5-73f7 https://github.com/pallets/werkzeug/commit/7ae1d254e04a0c33e241ac1cca4783ce6c875ca3 |
| Panda3D–Panda3D | Panda3D versions up to and including 1.10.16 deploy-stub contains a denial of service vulnerability due to unbounded stack allocation. The deploy-stub executable allocates argv_copy and argv_copy2 using alloca() based directly on the attacker-controlled argc value without validation. Supplying a large number of command-line arguments can exhaust stack space and propagate uninitialized stack memory into Python interpreter initialization, resulting in a reliable crash and undefined behavior. | 2026-01-07 | not yet calculated | CVE-2026-22188 | https://seclists.org/fulldisclosure/2026/Jan/9 https://www.panda3d.org/ https://github.com/panda3d/panda3d https://www.vulncheck.com/advisories/panda3d-deploy-stub-stack-exhaustion-via-unbounded-alloca |
| Panda3D–Panda3D | Panda3D versions up to and including 1.10.16 egg-mkfont contains a stack-based buffer overflow vulnerability due to use of an unbounded sprintf() call with attacker-controlled input. When constructing glyph filenames, egg-mkfont formats a user-supplied glyph pattern (-gp) into a fixed-size stack buffer without length validation. Supplying an excessively long glyph pattern string can overflow the stack buffer, resulting in memory corruption and a deterministic crash. Depending on build configuration and execution environment, the overflow may also be exploitable for arbitrary code execution. | 2026-01-07 | not yet calculated | CVE-2026-22189 | https://seclists.org/fulldisclosure/2026/Jan/10 https://www.panda3d.org/ https://github.com/panda3d/panda3d https://www.vulncheck.com/advisories/panda3d-egg-mkfont-stack-buffer-overflow |
| Panda3D–Panda3D | Panda3D versions up to and including 1.10.16 egg-mkfont contains an uncontrolled format string vulnerability. The -gp (glyph pattern) command-line option is used directly as the format string for sprintf() with only a single argument supplied. If an attacker provides additional format specifiers, egg-mkfont may read unintended stack values and write the formatted output into generated .egg and .png files, resulting in disclosure of stack-resident memory and pointer values. | 2026-01-07 | not yet calculated | CVE-2026-22190 | https://seclists.org/fulldisclosure/2026/Jan/11 https://www.panda3d.org/ https://github.com/panda3d/panda3d https://www.vulncheck.com/advisories/panda3d-egg-mkfont-format-string-information-disclosure |
| parallax–jsPDF | jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.0.0, user control of the first argument of the loadFile method in the node.js build allows local file inclusion/path traversal. If given the possibility to pass unsanitized paths to the loadFile method, a user can retrieve file contents of arbitrary files in the local file system the node process is running in. The file contents are included verbatim in the generated PDFs. Other affected methods are `addImage`, `html`, and `addFont`. Only the node.js builds of the library are affected, namely the `dist/jspdf.node.js` and `dist/jspdf.node.min.js` files. The vulnerability has been fixed in jsPDF@4.0.0. This version restricts file system access per default. This semver-major update does not introduce other breaking changes. Some workarounds areavailable. With recent node versions, jsPDF recommends using the `–permission` flag in production. The feature was introduced experimentally in v20.0.0 and is stable since v22.13.0/v23.5.0/v24.0.0. For older node versions, sanitize user-provided paths before passing them to jsPDF. | 2026-01-05 | not yet calculated | CVE-2025-68428 | https://github.com/parallax/jsPDF/security/advisories/GHSA-f8cm-6447-x5h2 https://github.com/parallax/jsPDF/commit/a688c8f479929b24a6543b1fa2d6364abb03066d https://github.com/parallax/jsPDF/releases/tag/v4.0.0 |
| Pinpoll–Pinpoll | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Pinpoll Pinpoll pinpoll allows Reflected XSS.This issue affects Pinpoll: from n/a through <= 4.0.0. | 2026-01-08 | not yet calculated | CVE-2025-68889 | https://vdp.patchstack.com/database/Wordpress/Plugin/pinpoll/vulnerability/wordpress-pinpoll-plugin-3-0-22-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve |
| PIONEER CORPORATION–USB DAC Amplifier APS-DA101JS | The installers for multiple products provided by PIONEER CORPORATION contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running installer. | 2026-01-08 | not yet calculated | CVE-2026-21427 | https://jpn.pioneer/ja/support/software/stellanova/dac_driver/ https://jvn.jp/en/jp/JVN17956874/ |
| Plat’Home Co.,Ltd.–OpenBlocks IoT DX1 (FW5.0.x) | Authentication bypass issue exists in OpenBlocks series versions prior to FW5.0.8, which may allow an attacker to bypass administrator authentication and change the password. | 2026-01-06 | not yet calculated | CVE-2026-21411 | https://www.plathome.co.jp/support/software/fw5/dx1-v5-0-8/ https://jvn.jp/en/vu/JVNVU97172240/ |
| POSIMYTH–UiChemy | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in POSIMYTH UiChemy uichemy allows Stored XSS.This issue affects UiChemy: from n/a through <= 4.4.2. | 2026-01-06 | not yet calculated | CVE-2025-69362 | https://vdp.patchstack.com/database/Wordpress/Plugin/uichemy/vulnerability/wordpress-uichemy-plugin-4-4-2-cross-site-scripting-xss-vulnerability?_s_id=cve |
| preactjs–preact | Preact, a lightweight web development framework, JSON serialization protection to prevent Virtual DOM elements from being constructed from arbitrary JSON. A regression introduced in Preact 10.26.5 caused this protection to be softened. In applications where values from JSON payloads are assumed to be strings and passed unmodified to Preact as children, a specially-crafted JSON payload could be constructed that would be incorrectly treated as a valid VNode. When this chain of failures occurs it can result in HTML injection, which can allow arbitrary script execution if not mitigated by CSP or other means. Applications using affected Preact versions are vulnerable if they meet all of the following conditions: first, pass unmodified, unsanitized values from user-modifiable data sources (APIs, databases, local storage, etc.) directly into the render tree; second assume these values are strings but the data source could return actual JavaScript objects instead of JSON strings; and third, the data source either fails to perform type sanitization AND blindly stores/returns raw objects interchangeably with strings, OR is compromised (e.g., poisoned local storage, filesystem, or database). Versions 10.26.10, 10.27.3, and 10.28.2 patch the issue. The patch versions restore the previous strict equality checks that prevent JSON-parsed objects from being treated as valid VNodes. Other mitigations are available for those who cannot immediately upgrade. Validate input types, cast or validate network data, sanitize external data, and use Content Security Policy (CSP). | 2026-01-08 | not yet calculated | CVE-2026-22028 | https://github.com/preactjs/preact/security/advisories/GHSA-36hm-qxxp-pg3m |
| Proxy & VPN Blocker–Proxy & VPN Blocker | Missing Authorization vulnerability in Proxy & VPN Blocker Proxy & VPN Blocker proxy-vpn-blocker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Proxy & VPN Blocker: from n/a through <= 3.5.3. | 2026-01-06 | not yet calculated | CVE-2025-69353 | https://vdp.patchstack.com/database/Wordpress/Plugin/proxy-vpn-blocker/vulnerability/wordpress-proxy-vpn-blocker-plugin-3-5-3-broken-access-control-vulnerability?_s_id=cve |
| pterodactyl–panel | Pterodactyl is a free, open-source game server management panel. Versions 1.11.11 and below do not revoke active SFTP connections when a user is removed from a server instance or has their permissions changes with respect to file access over SFTP. This allows a user that was already connected to SFTP to remain connected and access files even after their permissions are revoked. A user must have been connected to SFTP at the time of their permissions being revoked in order for this vulnerability to be exploited. This issue is fixed in version 1.12.0. | 2026-01-06 | not yet calculated | CVE-2025-68954 | https://github.com/pterodactyl/panel/security/advisories/GHSA-8c39-xppg-479c https://github.com/pterodactyl/panel/commit/2bd9d8baddb0e0606e4a9d5be402f48678ac88d5 https://github.com/pterodactyl/panel/releases/tag/v1.12.0 |
| PublishPress–Post Expirator | Missing Authorization vulnerability in PublishPress Post Expirator post-expirator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Expirator: from n/a through <= 4.9.3. | 2026-01-06 | not yet calculated | CVE-2025-69361 | https://vdp.patchstack.com/database/Wordpress/Plugin/post-expirator/vulnerability/wordpress-post-expirator-plugin-4-9-3-broken-access-control-vulnerability?_s_id=cve |
| purethemes–Listeo Core | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in purethemes Listeo Core listeo-core allows Reflected XSS.This issue affects Listeo Core: from n/a through < 2.0.19. | 2026-01-08 | not yet calculated | CVE-2025-67932 | https://vdp.patchstack.com/database/Wordpress/Plugin/listeo-core/vulnerability/wordpress-listeo-core-plugin-2-0-19-cross-site-scripting-xss-vulnerability?_s_id=cve |
| py-pdf–pypdf | pypdf is a free and open-source pure-python PDF library. Prior to version 6.6.0, pypdf has possible long runtimes for missing /Root object with large /Size values. An attacker who uses this vulnerability can craft a PDF which leads to possibly long runtimes for actually invalid files. This can be achieved by omitting the /Root entry in the trailer, while using a rather large /Size value. Only the non-strict reading mode is affected. This issue has been patched in version 6.6.0. | 2026-01-10 | not yet calculated | CVE-2026-22690 | https://github.com/py-pdf/pypdf/security/advisories/GHSA-4xc4-762w-m6cg https://github.com/py-pdf/pypdf/pull/3594 https://github.com/py-pdf/pypdf/commit/294165726b646bb7799be1cc787f593f2fdbcf45 https://github.com/py-pdf/pypdf/releases/tag/6.6.0 |
| py-pdf–pypdf | pypdf is a free and open-source pure-python PDF library. Prior to version 6.6.0, pypdf has possible long runtimes for malformed startxref. An attacker who uses this vulnerability can craft a PDF which leads to possibly long runtimes for invalid startxref entries. When rebuilding the cross-reference table, PDF files with lots of whitespace characters become problematic. Only the non-strict reading mode is affected. Only the non-strict reading mode is affected. This issue has been patched in version 6.6.0. | 2026-01-10 | not yet calculated | CVE-2026-22691 | https://github.com/py-pdf/pypdf/security/advisories/GHSA-4f6g-68pf-7vhv https://github.com/py-pdf/pypdf/pull/3594 https://github.com/py-pdf/pypdf/commit/294165726b646bb7799be1cc787f593f2fdbcf45 https://github.com/py-pdf/pypdf/releases/tag/6.6.0 |
| QantumThemes–Typify | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in QantumThemes Typify typify allows PHP Local File Inclusion.This issue affects Typify: from n/a through <= 3.0.2. | 2026-01-08 | not yet calculated | CVE-2025-22712 | https://vdp.patchstack.com/database/Wordpress/Theme/typify/vulnerability/wordpress-typify-theme-3-0-2-local-file-inclusion-vulnerability?_s_id=cve |
| redaxo–redaxo | REDAXO is a PHP-based content management system. Prior to version 5.20.2, authenticated users with backup permissions can read arbitrary files within the webroot via path traversal in the Backup addon’s file export functionality. The Backup addon does not validate the `EXPDIR` POST parameter against the UI-generated allowlist of permitted directories. An attacker can supply relative paths containing `../` sequences (or even absolute paths inside the document root) to include any readable file in the generated `.tar.gz` archive. Version 5.20.2 fixes this issue. | 2026-01-07 | not yet calculated | CVE-2026-21857 | https://github.com/redaxo/redaxo/security/advisories/GHSA-824x-88xg-cwrv https://github.com/redaxo/redaxo/releases/tag/5.20.2 |
| rezmoss–axios4go | axios4go is a Go HTTP client library. Prior to version 0.6.4, a race condition vulnerability exists in the shared HTTP client configuration. The global `defaultClient` is mutated during request execution without synchronization, directly modifying the shared `http.Client`’s `Transport`, `Timeout`, and `CheckRedirect` properties. Impacted applications include that that use axios4go with concurrent requests (multiple goroutines, `GetAsync`, `PostAsync`, etc.), those where different requests use different proxy configurations, and those that handle sensitive data (authentication credentials, tokens, API keys). Version 0.6.4 fixes this issue. | 2026-01-07 | not yet calculated | CVE-2026-21697 | https://github.com/rezmoss/axios4go/security/advisories/GHSA-cmj9-27wj-7×47 https://github.com/rezmoss/axios4go/commit/b651604c64e66a115ab90cdab358b0181d74a842 https://github.com/rezmoss/axios4go/releases/tag/v0.6.4 |
| RiceTheme–Felan Framework | Authentication Bypass Using an Alternate Path or Channel vulnerability in RiceTheme Felan Framework felan-framework allows Authentication Abuse.This issue affects Felan Framework: from n/a through <= 1.1.3. | 2026-01-08 | not yet calculated | CVE-2025-23504 | https://vdp.patchstack.com/database/Wordpress/Plugin/felan-framework/vulnerability/wordpress-felan-framework-plugin-1-1-3-account-takeover-vulnerability?_s_id=cve |
| RiceTheme–Felan Framework | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in RiceTheme Felan Framework felan-framework allows SQL Injection.This issue affects Felan Framework: from n/a through <= 1.1.3. | 2026-01-08 | not yet calculated | CVE-2025-23993 | https://vdp.patchstack.com/database/Wordpress/Plugin/felan-framework/vulnerability/wordpress-felan-framework-plugin-1-1-3-sql-injection-vulnerability?_s_id=cve |
| Ricoh Company, Ltd.–RICOH Streamline NX | Improper authorization vulnerability exists in RICOH Streamline NX 3.5.1 to 24R3. If a man-in-the-middle attack is conducted on the communication between the affected product and its user, and some crafted request is processed by the product, the user’s registration information and/or OIDC (OpenID Connect) tokens may be retrieved. | 2026-01-09 | not yet calculated | CVE-2026-21409 | https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2025-000011 https://jvn.jp/en/jp/JVN12770174/ |
| RUCKUS Networks–vRIoT IOT Controller | The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) contain hardcoded credentials for an operating system user account within an initialization script. The SSH service is network-accessible without IP-based restrictions. Although the configuration disables SCP and pseudo-TTY allocation, an attacker can authenticate using the hardcoded credentials and establish SSH local port forwarding to access the Docker socket. By mounting the host filesystem via Docker, an attacker can escape the container and execute arbitrary OS commands as root on the underlying vRIoT controller, resulting in complete system compromise. | 2026-01-09 | not yet calculated | CVE-2025-69426 | https://support.ruckuswireless.com/security_bulletins/336 https://www.vulncheck.com/advisories/ruckus-vriot-iot-controller-hardcoded-ssh-credentials-rce |
| RUCKUS Networks–vRIoT IoT Controller | The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) expose a command execution service on TCP port 2004 running with root privileges. Authentication to this service relies on a hardcoded Time-based One-Time Password (TOTP) secret and an embedded static token. An attacker who extracts these credentials from the appliance or a compromised device can generate valid authentication tokens and execute arbitrary OS commands with root privileges, resulting in complete system compromise. | 2026-01-09 | not yet calculated | CVE-2025-69425 | https://support.ruckuswireless.com/security_bulletins/336 https://www.vulncheck.com/advisories/ruckus-vriot-iot-controller-hardcoded-tokens-rce |
| RustCrypto–elliptic-curves | RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography (ECC) support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a critical vulnerability exists in the SM2 Public Key Encryption (PKE) implementation where the ephemeral nonce k is generated with severely reduced entropy. A unit mismatch error causes the nonce generation function to request only 32 bits of randomness instead of the expected 256 bits. This reduces the security of the encryption from a 128-bit level to a trivial 16-bit level, allowing a practical attack to recover the nonce k and decrypt any ciphertext given only the public key and ciphertext. This issue has been patched via commit e4f7778. | 2026-01-10 | not yet calculated | CVE-2026-22698 | https://github.com/RustCrypto/elliptic-curves/security/advisories/GHSA-w3g8-fp6j-wvqw https://github.com/RustCrypto/elliptic-curves/pull/1600 https://github.com/RustCrypto/elliptic-curves/commit/4781762f23ff22ab34763410f648128055c93731 https://github.com/RustCrypto/elliptic-curves/commit/e4f77788130d065d760e57fb109370827110a525 https://crates.io/crates/sm2/0.14.0-pre.0 https://crates.io/crates/sm2/0.14.0-rc.0 |
| RustCrypto–RSA | The `rsa` crate is an RSA implementation written in rust. Prior to version 0.9.10, when creating a RSA private key from its components, the construction panics instead of returning an error when one of the primes is `1`. Version 0.9.10 fixes the issue. | 2026-01-08 | not yet calculated | CVE-2026-21895 | https://github.com/RustCrypto/RSA/security/advisories/GHSA-9c48-w39g-hm26 https://github.com/RustCrypto/RSA/commit/2926c91bef7cb14a7ccd42220a698cf4b1b692f7 |
| rustfs–rustfs | RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 to 1.0.0-alpha.78, RustFS contains a path traversal vulnerability in the /rustfs/rpc/read_file_stream endpoint. This issue has been patched in version 1.0.0-alpha.79. | 2026-01-07 | not yet calculated | CVE-2025-68705 | https://github.com/rustfs/rustfs/security/advisories/GHSA-pq29-69jg-9mxc https://github.com/rustfs/rustfs/commit/ab752458ce431c6397175d167beee2ea00507d3e |
| rustfs–rustfs | RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 to 1.0.0-alpha.77, a malformed gRPC GetMetrics request causes get_metrics to unwrap() failed deserialization of metric_type/opts, panicking the handler thread and enabling remote denial of service of the metrics endpoint. This issue has been patched in version 1.0.0-alpha.78. | 2026-01-07 | not yet calculated | CVE-2025-69255 | https://github.com/rustfs/rustfs/security/advisories/GHSA-gw2x-q739-qhcr https://github.com/rustfs/rustfs/commit/eb33e82b56ed11fd12bb39416359d8d60737dc7a |
| rustfs–rustfs | RustFS is a distributed object storage system built in Rust. Prior to version 1.0.0-alpha.79, he `ImportIam` admin API validates permissions using `ExportIAMAction` instead of `ImportIAMAction`, allowing a principal with export-only IAM permissions to perform import operations. Since importing IAM data performs privileged write actions (creating/updating users, groups, policies, and service accounts), this can lead to unauthorized IAM modification and privilege escalation. Version 1.0.0-alpha.79 fixes the issue. | 2026-01-08 | not yet calculated | CVE-2026-22042 | https://github.com/rustfs/rustfs/security/advisories/GHSA-vcwh-pff9-64cc |
| rustfs–rustfs | RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 through 1.0.0-alpha.78, a flawed `deny_only` short-circuit in RustFS IAM allows a restricted service account or STS credential to self-issue an unrestricted service account, inheriting the parent’s full privileges. This enables privilege escalation and bypass of session/inline policy restrictions. Version 1.0.0-alpha.79 fixes the issue. | 2026-01-08 | not yet calculated | CVE-2026-22043 | https://github.com/rustfs/rustfs/security/advisories/GHSA-xgr5-qc6w-vcg9 |
| Ryan Sutana–WP App Bar | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ryan Sutana WP App Bar wp-app-bar allows Reflected XSS.This issue affects WP App Bar: from n/a through <= 1.5. | 2026-01-08 | not yet calculated | CVE-2025-68891 | https://vdp.patchstack.com/database/Wordpress/Plugin/wp-app-bar/vulnerability/wordpress-wp-app-bar-plugin-1-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Salesforce–Uni2TS | Improper Control of Generation of Code (‘Code Injection’) vulnerability in Salesforce Uni2TS on MacOS, Windows, Linux allows Leverage Executable Code in Non-Executable Files.This issue affects Uni2TS: through 1.2.0. | 2026-01-09 | not yet calculated | CVE-2026-22584 | https://help.salesforce.com/s/articleView?id=005239354&type=1 |
| Samsung Mobile–Galaxy Store | Improper input validation in Galaxy Store prior to version 4.6.02 allows local attacker to execute arbitrary script. | 2026-01-09 | not yet calculated | CVE-2026-20976 | https://security.samsungmobile.com/serviceWeb.smsb?year=2026&month=01 |
| Samsung Mobile–Samsung Cloud | Improper handling of insufficient permission in Samsung Cloud prior to version 5.6.11 allows local attackers to access specific files in arbitrary path. | 2026-01-09 | not yet calculated | CVE-2026-20975 | https://security.samsungmobile.com/serviceWeb.smsb?year=2026&month=01 |
| Samsung Mobile–Samsung Mobile Devices | Use after free in DualDAR prior to SMR Jan-2026 Release 1 allows local privileged attackers to execute arbitrary code. | 2026-01-09 | not yet calculated | CVE-2026-20968 | https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=01 |
| Samsung Mobile–Samsung Mobile Devices | Improper input validation in SecSettings prior to SMR Jan-2026 Release 1 allows local attacker to access file with system privilege. User interaction is required for triggering this vulnerability. | 2026-01-09 | not yet calculated | CVE-2026-20969 | https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=01 |
| Samsung Mobile–Samsung Mobile Devices | Improper access control in SLocation prior to SMR Jan-2026 Release 1 allows local attackers to execute the privileged APIs. | 2026-01-09 | not yet calculated | CVE-2026-20970 | https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=01 |
| Samsung Mobile–Samsung Mobile Devices | Use After Free in PROCA driver prior to SMR Jan-2026 Release 1 allows local attackers to potentially execute arbitrary code. | 2026-01-09 | not yet calculated | CVE-2026-20971 | https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=01 |
| Samsung Mobile–Samsung Mobile Devices | Improper Export of Android Application Components in UwbTest prior to SMR Jan-2026 Release 1 allows local attackers to enable UWB. | 2026-01-09 | not yet calculated | CVE-2026-20972 | https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=01 |
| Samsung Mobile–Samsung Mobile Devices | Improper input validation in data related to network restrictions prior to SMR Jan-2026 Release 1 allows physical attackers to bypass Carrier Relock. | 2026-01-09 | not yet calculated | CVE-2026-20974 | https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=01 |
| Shahjada–Visitor Stats Widget | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Shahjada Visitor Stats Widget visitor-stats-widget allows Reflected XSS.This issue affects Visitor Stats Widget: from n/a through <= 1.5.0. | 2026-01-08 | not yet calculated | CVE-2025-68874 | https://vdp.patchstack.com/database/Wordpress/Plugin/visitor-stats-widget/vulnerability/wordpress-visitor-stats-widget-plugin-1-5-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Shahjahan Jewel–Fluent Support | Missing Authorization vulnerability in Shahjahan Jewel Fluent Support fluent-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fluent Support: from n/a through <= 1.10.4. | 2026-01-08 | not yet calculated | CVE-2025-67926 | https://vdp.patchstack.com/database/Wordpress/Plugin/fluent-support/vulnerability/wordpress-fluent-support-plugin-1-10-4-broken-access-control-vulnerability?_s_id=cve |
| Shahjahan Jewel–Ninja Tables | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows Blind SQL Injection.This issue affects Ninja Tables: from n/a through <= 5.2.4. | 2026-01-06 | not yet calculated | CVE-2025-69351 | https://vdp.patchstack.com/database/Wordpress/Plugin/ninja-tables/vulnerability/wordpress-ninja-tables-plugin-5-2-4-sql-injection-vulnerability?_s_id=cve |
| shinetheme–Traveler | Missing Authorization vulnerability in shinetheme Traveler traveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Traveler: from n/a through <= 3.2.6. | 2026-01-08 | not yet calculated | CVE-2025-67917 | https://vdp.patchstack.com/database/Wordpress/Theme/traveler/vulnerability/wordpress-traveler-theme-3-2-6-broken-access-control-vulnerability-2?_s_id=cve |
| silabs.com–Z-Wave Protocol Controller | An integer underflow vulnerability in the Silicon Labs Z-Wave Protocol Controller can lead to out of bounds memory reads. | 2026-01-05 | not yet calculated | CVE-2025-10933 | https://community.silabs.com/068Vm00000a4nNI |
| sizam–REHub Framework | Missing Authorization vulnerability in sizam REHub Framework rehub-framework allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects REHub Framework: from n/a through <= 19.9.5. | 2026-01-08 | not yet calculated | CVE-2025-14358 | https://vdp.patchstack.com/database/Wordpress/Plugin/rehub-framework/vulnerability/wordpress-rehub-framework-plugin-19-9-5-broken-access-control-vulnerability?_s_id=cve |
| Spencer Haws–Link Whisper Free | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Spencer Haws Link Whisper Free link-whisper allows Reflected XSS.This issue affects Link Whisper Free: from n/a through <= 0.8.8. | 2026-01-08 | not yet calculated | CVE-2025-67927 | https://vdp.patchstack.com/database/Wordpress/Plugin/link-whisper/vulnerability/wordpress-link-whisper-free-plugin-0-8-8-cross-site-scripting-xss-vulnerability?_s_id=cve |
| StellarWP–The Events Calendar | Missing Authorization vulnerability in StellarWP The Events Calendar the-events-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Events Calendar: from n/a through <= 6.15.12.2. | 2026-01-06 | not yet calculated | CVE-2025-69352 | https://vdp.patchstack.com/database/Wordpress/Plugin/the-events-calendar/vulnerability/wordpress-the-events-calendar-plugin-6-15-12-2-broken-access-control-vulnerability?_s_id=cve |
| taskbuilder–Taskbuilder | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in taskbuilder Taskbuilder taskbuilder allows Reflected XSS.This issue affects Taskbuilder: from n/a through <= 4.0.9. | 2026-01-08 | not yet calculated | CVE-2025-67933 | https://vdp.patchstack.com/database/Wordpress/Plugin/taskbuilder/vulnerability/wordpress-taskbuilder-plugin-4-0-9-cross-site-scripting-xss-vulnerability?_s_id=cve |
| TECNO Mobile–com.afmobi.boomplayer | Insufficient Verification of Data Authenticity vulnerability in TECNO Mobile com.Afmobi.Boomplayer allows Authentication Bypass.This issue affects com.Afmobi.Boomplayer: 7.4.63. | 2026-01-06 | not yet calculated | CVE-2025-15385 | https://security.tecno.com/SRC/securityUpdates |
| Tenda–300Mbps Wireless Router F3 and N300 Easy Setup Router | This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the plaintext transmission of login credentials during the initial login or post-factory reset setup through the web-based administrative interface. An attacker on the same network could exploit this vulnerability by intercepting network traffic and capturing the credentials transmitted in plaintext. Successful exploitation of this vulnerability could allow the attacker to obtain sensitive information and gain unauthorized access to the targeted device. | 2026-01-09 | not yet calculated | CVE-2026-22079 | https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2026-0004 |
| Tenda–300Mbps Wireless Router F3 and N300 Easy Setup Router | This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the transmission of credentials encoded using reversible Base64 encoding through the web-based administrative interface. An attacker on the same network could exploit this vulnerability by intercepting network traffic and capturing the Base64-encoded credentials. Successful exploitation of this vulnerability could allow the attacker to obtain sensitive information and gain unauthorized access to the targeted device. | 2026-01-09 | not yet calculated | CVE-2026-22080 | https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2026-0004 |
| Tenda–300Mbps Wireless Router F3 and N300 Easy Setup Router | This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the missing HTTPOnly flag for session cookies associated with the web-based administrative interface. A remote at-tacker could exploit this vulnerability by capturing session cookies transmitted over an insecure HTTP connection. Successful exploitation of this vulnerability could allow the attacker to obtain sensitive information and gain unau-thorized access to the targeted device. | 2026-01-09 | not yet calculated | CVE-2026-22081 | https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2026-0004 |
| Tenda–300Mbps Wireless Router F3 and N300 Easy Setup Router | This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the use of login credentials as the session ID through its web-based administrative interface. A remote attacker could exploit this vulnerability by intercepting network traffic and capturing the session ID during insecure transmission. Successful exploitation of this vulnerability could allow the attacker to hijack an authenticated session and compromise sensitive configuration information on the targeted device. | 2026-01-09 | not yet calculated | CVE-2026-22082 | https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2026-0004 |
| The Wikimedia Foundation–Mediawiki – ApprovedRevs Extension | Improper Encoding or Escaping of Output due to magic word replacement in ParserAfterTidy vulnerability in The Wikimedia Foundation Mediawiki – ApprovedRevs Extension allows Input Data Manipulation.This issue affects Mediawiki – ApprovedRevs Extension: 1.45, 1.44, 1.43, 1.39. | 2026-01-09 | not yet calculated | CVE-2026-22712 | https://phabricator.wikimedia.org/T412068 https://gerrit.wikimedia.org/r/q/Iee1bf1cbc8a519899e7f9dde508856bd4e5a5d2a |
| The Wikimedia Foundation–Mediawiki – GrowthExperiments Extension | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in The Wikimedia Foundation Mediawiki – GrowthExperiments Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki – GrowthExperiments Extension: 1.45, 1.44, 1.43, 1.39. | 2026-01-09 | not yet calculated | CVE-2026-22713 | https://phabricator.wikimedia.org/T411144 https://gerrit.wikimedia.org/r/q/Iff01940a163ed87ec52f3a64ba6b2dbfa2759df3 |
| The Wikimedia Foundation–Mediawiki – Monaco Skin | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in The Wikimedia Foundation Mediawiki – Monaco Skin allows Cross-Site Scripting (XSS).This issue affects Mediawiki – Monaco Skin: 1.45, 1.44, 1.43, 1.39. | 2026-01-08 | not yet calculated | CVE-2026-22714 | https://phabricator.wikimedia.org/T411126 https://gerrit.wikimedia.org/r/q/I00b2e369fa189803380ca7409022a11b670d2500 |
| The Wikimedia Foundation–Mediawiki – Wikibase Extension | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in The Wikimedia Foundation Mediawiki – Wikibase Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki – Wikibase Extension: 1.45, 1.44, 1.43, 1.39. | 2026-01-08 | not yet calculated | CVE-2026-22710 | https://phabricator.wikimedia.org/T409737 https://gerrit.wikimedia.org/r/q/I39d0074b2ad022b6efe6ab3dd8c8ec0f86c6c466 |
| ThemeGoods–Grand Restaurant | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Reflected XSS.This issue affects Grand Restaurant: from n/a through < 7.0.9. | 2026-01-08 | not yet calculated | CVE-2025-67922 | https://vdp.patchstack.com/database/Wordpress/Theme/grandrestaurant/vulnerability/wordpress-grand-restaurant-theme-7-0-9-cross-site-scripting-xss-vulnerability?_s_id=cve |
| THEMELOGI–Navian | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in THEMELOGI Navian navian allows PHP Local File Inclusion.This issue affects Navian: from n/a through <= 1.5.4. | 2026-01-08 | not yet calculated | CVE-2025-14431 | https://vdp.patchstack.com/database/Wordpress/Theme/navian/vulnerability/wordpress-navian-theme-1-5-4-local-file-inclusion-vulnerability?_s_id=cve |
| ThemeMove–AeroLand | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in ThemeMove AeroLand aeroland allows PHP Local File Inclusion.This issue affects AeroLand: from n/a through <= 1.6.6. | 2026-01-08 | not yet calculated | CVE-2025-14429 | https://vdp.patchstack.com/database/Wordpress/Theme/aeroland/vulnerability/wordpress-aeroland-theme-1-6-6-local-file-inclusion-vulnerability?_s_id=cve |
| ThemeMove–Brook – Agency Business Creative | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in ThemeMove Brook – Agency Business Creative brook allows PHP Local File Inclusion.This issue affects Brook – Agency Business Creative: from n/a through <= 2.8.9. | 2026-01-08 | not yet calculated | CVE-2025-14430 | https://vdp.patchstack.com/database/Wordpress/Theme/brook/vulnerability/wordpress-brook-agency-business-creative-theme-2-8-9-local-file-inclusion-vulnerability?_s_id=cve |
| ThemeMove–Mitech | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in ThemeMove Mitech mitech allows PHP Local File Inclusion.This issue affects Mitech: from n/a through <= 2.3.4. | 2026-01-08 | not yet calculated | CVE-2025-22708 | https://vdp.patchstack.com/database/Wordpress/Theme/mitech/vulnerability/wordpress-mitech-theme-2-3-4-local-file-inclusion-vulnerability?_s_id=cve |
| ThemeMove–Moody | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in ThemeMove Moody tm-moody allows PHP Local File Inclusion.This issue affects Moody: from n/a through <= 2.7.3. | 2026-01-08 | not yet calculated | CVE-2025-22707 | https://vdp.patchstack.com/database/Wordpress/Theme/tm-moody/vulnerability/wordpress-moody-theme-2-7-3-local-file-inclusion-vulnerability?_s_id=cve |
| Themepoints–Accordion | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Themepoints Accordion accordions-wp allows Stored XSS.This issue affects Accordion: from n/a through <= 3.0.3. | 2026-01-06 | not yet calculated | CVE-2025-69350 | https://vdp.patchstack.com/database/Wordpress/Plugin/accordions-wp/vulnerability/wordpress-accordion-plugin-3-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Themepoints–Team Showcase | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Themepoints Team Showcase team-showcase allows Stored XSS.This issue affects Team Showcase: from n/a through <= 2.9. | 2026-01-06 | not yet calculated | CVE-2025-69335 | https://vdp.patchstack.com/database/Wordpress/Plugin/team-showcase/vulnerability/wordpress-team-showcase-plugin-2-9-cross-site-scripting-xss-vulnerability?_s_id=cve |
| themesuite–Automotive Listings | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in themesuite Automotive Listings automotive allows Blind SQL Injection.This issue affects Automotive Listings: from n/a through <= 18.6. | 2026-01-08 | not yet calculated | CVE-2025-67928 | https://vdp.patchstack.com/database/Wordpress/Plugin/automotive/vulnerability/wordpress-automotive-listings-plugin-18-6-sql-injection-vulnerability?_s_id=cve |
| Tickera–Tickera | Missing Authorization vulnerability in Tickera Tickera tickera-event-ticketing-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tickera: from n/a through <= 3.5.6.4. | 2026-01-06 | not yet calculated | CVE-2025-69355 | https://vdp.patchstack.com/database/Wordpress/Plugin/tickera-event-ticketing-system/vulnerability/wordpress-tickera-plugin-3-5-6-4-broken-access-control-vulnerability?_s_id=cve |
| TMRW-studio–Atlas | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in TMRW-studio Atlas atlas allows PHP Local File Inclusion.This issue affects Atlas: from n/a through <= 2.1.0. | 2026-01-08 | not yet calculated | CVE-2025-22509 | https://vdp.patchstack.com/database/Wordpress/Theme/atlas/vulnerability/wordpress-atlas-theme-2-1-0-local-file-inclusion-vulnerability?_s_id=cve |
| TP-Link Systems Inc.–Archer AXE75 v1.6 | Improper Input Validation vulnerability in TP-Link Archer AXE75 v1.6 (vpn modules) allows an authenticated adjacent attacker to delete arbitrary server file, leading to possible loss of critical system files and service interruption or degraded functionality.This issue affects Archer AXE75 v1.6: ≤ build 20250107. | 2026-01-09 | not yet calculated | CVE-2025-15035 | https://github.com/PaloAltoNetworks/u42-vulnerability-disclosures/tree/master/2025/PANW-2025-0004 https://www.tp-link.com/us/support/download/archer-axe75/v1/#Firmware https://www.tp-link.com/en/support/download/archer-axe75/v1/#Firmware https://www.tp-link.com/jp/support/download/archer-axe75/v1/#Firmware https://www.tp-link.com/phppage/preview.php?url=https://www.tp-link.com/en/support/faq/4881/ |
| TP-Link Systems Inc.–Archer BE400 | A NULL Pointer Dereference vulnerability in TP-Link Archer BE400 V1(802.11 modules) allows an adjacent attacker to cause a denial-of-service (DoS) by triggering a device reboot. This issue affects Archer BE400: xi 1.1.0 Build 20250710 rel.14914. | 2026-01-07 | not yet calculated | CVE-2025-14631 | https://www.tp-link.com/en/support/download/archer-be400/v1/#Firmware https://www.tp-link.com/us/support/download/archer-be400/#Firmware https://www.tp-link.com/us/support/faq/4871/ |
| trailofbits–fickling | Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python’s runpy module as unsafe. Because of this, a malicious pickle that uses runpy.run_path() or runpy.run_module() is classified as SUSPICIOUS instead of OVERTLY_MALICIOUS. If a user relies on Fickling’s output to decide whether a pickle is safe to deserialize, this misclassification can lead them to execute attacker-controlled code on their system. This affects any workflow or product that uses Fickling as a security gate for pickle deserialization. This issue has been patched in version 0.1.7. | 2026-01-10 | not yet calculated | CVE-2026-22606 | https://github.com/trailofbits/fickling/security/advisories/GHSA-wfq2-52f7-7qvj https://github.com/trailofbits/fickling/commit/9a2b3f89bd0598b528d62c10a64c1986fcb09f66 https://github.com/trailofbits/fickling/releases/tag/v0.1.7 |
| trailofbits–fickling | Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python’s cProfile module as unsafe. Because of this, a malicious pickle that uses cProfile.run() is classified as SUSPICIOUS instead of OVERTLY_MALICIOUS. If a user relies on Fickling’s output to decide whether a pickle is safe to deserialize, this misclassification can lead them to execute attacker-controlled code on their system. This affects any workflow or product that uses Fickling as a security gate for pickle deserialization. This issue has been patched in version 0.1.7. | 2026-01-10 | not yet calculated | CVE-2026-22607 | https://github.com/trailofbits/fickling/security/advisories/GHSA-p523-jq9w-64×9 https://github.com/trailofbits/fickling/commit/dc8ae12966edee27a78fe05c5745171a2b138d43 https://github.com/trailofbits/fickling/releases/tag/v0.1.7 |
| trailofbits–fickling | Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, both ctypes and pydoc modules aren’t explicitly blocked. Even other existing pickle scanning tools (like picklescan) do not block pydoc.locate. Chaining these two together can achieve RCE while the scanner still reports the file as LIKELY_SAFE. This issue has been patched in version 0.1.7. | 2026-01-10 | not yet calculated | CVE-2026-22608 | https://github.com/trailofbits/fickling/security/advisories/GHSA-5hvc-6wx8-mvv4 https://github.com/trailofbits/fickling/commit/b793563e60a5e039c5837b09d7f4f6b92e6040d1 https://github.com/trailofbits/fickling/releases/tag/v0.1.7 |
| trailofbits–fickling | Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, the unsafe_imports() method in Fickling’s static analyzer fails to flag several high-risk Python modules that can be used for arbitrary code execution. Malicious pickles importing these modules will not be detected as unsafe, allowing attackers to bypass Fickling’s primary static safety checks. This issue has been patched in version 0.1.7. | 2026-01-10 | not yet calculated | CVE-2026-22609 | https://github.com/trailofbits/fickling/security/advisories/GHSA-q5qq-mvfm-j35x https://github.com/trailofbits/fickling/commit/29d5545e74b07766892c1f0461b801afccee4f91 https://github.com/trailofbits/fickling/commit/9a2b3f89bd0598b528d62c10a64c1986fcb09f66 https://github.com/trailofbits/fickling/commit/b793563e60a5e039c5837b09d7f4f6b92e6040d1 https://github.com/trailofbits/fickling/commit/eb299b453342f1931c787bcb3bc33f3a03a173f9 https://github.com/trailofbits/fickling/releases/tag/v0.1.7 |
| trailofbits–fickling | Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, Fickling is vulnerable to detection bypass due to “builtins” blindness. This issue has been patched in version 0.1.7. | 2026-01-10 | not yet calculated | CVE-2026-22612 | https://github.com/trailofbits/fickling/security/advisories/GHSA-h4rm-mm56-xf63 https://github.com/trailofbits/fickling/commit/9f309ab834797f280cb5143a2f6f987579fa7cdf https://github.com/trailofbits/fickling/releases/tag/v0.1.7 |
| Tribulant Software–Newsletters | Deserialization of Untrusted Data vulnerability in Tribulant Software Newsletters newsletters-lite allows Object Injection.This issue affects Newsletters: from n/a through <= 4.11. | 2026-01-08 | not yet calculated | CVE-2025-67911 | https://vdp.patchstack.com/database/Wordpress/Plugin/newsletters-lite/vulnerability/wordpress-newsletters-plugin-4-11-php-object-injection-vulnerability?_s_id=cve |
| TryGhost–Ghost | Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a valid authentication token for the Ghost Admin API to exfiltrate data from internal systems via SSRF. This issue has been patched in versions 5.130.6 and 6.11.0. | 2026-01-10 | not yet calculated | CVE-2026-22597 | https://github.com/TryGhost/Ghost/security/advisories/GHSA-vmc4-9828-r48r https://github.com/TryGhost/Ghost/commit/15d49131ff4aac3aca8642501c793f01f2bfcbb9 https://github.com/TryGhost/Ghost/commit/93add549ccf079d8e28bdb724fbb71a76942ff51 |
| Ubiquiti Inc–airMAX AC | A malicious actor in Wi-Fi range of the affected product could leverage a vulnerability in the airMAX Wireless Protocol to achieve a remote code execution (RCE) within the affected product. Affected Products: airMAX AC (Version 8.7.20 and earlier) airMAX M (Version 6.3.22 and earlier) airFiber AF60-XG (Version 1.2.2 and earlier) airFiber AF60 (Version 2.6.7 and earlier) Mitigation: Update your airMAX AC to Version 8.7.21 or later. Update your airMAX M to Version 6.3.24 or later. Update your airFiber AF60-XG to Version 1.2.3 or later. Update your airFiber AF60 to Version 2.6.8 or later. | 2026-01-08 | not yet calculated | CVE-2026-21639 | https://community.ui.com/releases/Security-Advisory-Bulletin-061-061/1e4fe5f8-29c7-4a7d-a518-01b1537983ba |
| Unknown–FlexTable | The FlexTable WordPress plugin before 3.19.2 does not sanitise and escape the imported links from Google Sheet cells, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2026-01-05 | not yet calculated | CVE-2025-9543 | https://wpscan.com/vulnerability/6cc212f4-aa61-409a-b257-9c920956a401/ |
| Unknown–Frontend File Manager Plugin | The Frontend File Manager Plugin WordPress plugin before 23.5 did not validate a path parameter and ownership of the file, allowing any authenticated users, such as subscribers to delete arbitrary files on the server | 2026-01-07 | not yet calculated | CVE-2025-14804 | https://wpscan.com/vulnerability/c572c0ad-1b36-49ce-b254-2181e53abb46/ |
| Unknown–NEX-Forms | The NEX-Forms WordPress plugin before 9.1.8 does not sanitise and escape some of its settings. The NEX-Forms WordPress plugin before 9.1.8 can be configured in such a way that could allow subscribers to perform Stored Cross-Site Scripting. | 2026-01-09 | not yet calculated | CVE-2025-14803 | https://wpscan.com/vulnerability/219af0e7-3d8b-4405-8005-b8969a370b0b/ |
| Unknown–Relevanssi | The Relevanssi WordPress plugin before 4.26.0, Relevanssi Premium WordPress plugin before 2.29.0 do not sanitize and escape a parameter before using it in a SQL statement, allowing contributor and above roles to perform SQL injection attacks | 2026-01-07 | not yet calculated | CVE-2025-14719 | https://wpscan.com/vulnerability/bd8e27c7-8f97-4313-b16e-50ac6f0676f5/ |
| Unknown–Team | The Team WordPress plugin before 5.0.11 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. | 2026-01-05 | not yet calculated | CVE-2025-14124 | https://wpscan.com/vulnerability/fdd19027-b70e-45a4-882b-77ab1819af91/ |
| urllib3–urllib3 | urllib3 is an HTTP client library for Python. urllib3’s streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source. | 2026-01-07 | not yet calculated | CVE-2026-21441 | https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99 https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b |
| vaadin–vaadin | Action captions in Vaadin accept HTML by default but were not sanitized, potentially allowing Cross-site Scripting (XSS) if caption content is derived from user input. In Vaadin Framework 7 and 8, the Action class is a general-purpose class that may be used by multiple components. The fixed versions sanitize captions by default and provide an API to explicitly enable HTML content mode for backwards compatibility. In Vaadin 23 and newer, the Action class is only used by the Spreadsheet component. The fixed versions sanitize HTML using Jsoup with a relaxed safelist. Vaadin 14 is not affected as Spreadsheet component was not supported. Users of affected versions should apply the following mitigation or upgrade. Releases that have fixed this issue include: Product version Vaadin 7.0.0 – 7.7.49 Vaadin 8.0.0 – 8.29.1 Vaadin 23.1.0 – 23.6.5 Vaadin 24.0.0 – 24.8.13 Vaadin 24.9.0 – 24.9.6 Mitigation Upgrade to 7.7.50 Upgrade to 8.30.0 Upgrade to 23.6.6 Upgrade to 24.8.14 or 24.9.7 Upgrade to 25.0.0 or newer Artifacts Maven coordinatesVulnerable versionsFixed versioncom.vaadin:vaadin-server 7.0.0 – 7.7.49 ≥7.7.50 com.vaadin:vaadin-server 8.0.0 – 8.29.1 ≥8.30.0 com.vaadin:vaadin 23.1.0 – 23.6.5 ≥23.6.6 com.vaadin:vaadin24.0.0 – 24.8.13 ≥24.8.14 com.vaadin:vaadin24.9.0 – 24.9.6 ≥24.9.7 com.vaadin:vaadin-spreadsheet-flow 23.1.0 – 23.6.5 ≥23.6.6 com.vaadin:vaadin-spreadsheet-flow 24.0.0 – 24.8.13 ≥24.8.14 com.vaadin:vaadin-spreadsheet-flow 24.9.0 – 24.9.6 ≥24.9.7 | 2026-01-05 | not yet calculated | CVE-2025-15022 | https://vaadin.com/security/cve-2025-15022 https://github.com/vaadin/flow-components/pull/8285 |
| VanKarWai–Calafate | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in VanKarWai Calafate calafate allows PHP Local File Inclusion.This issue affects Calafate: from n/a through <= 1.7.7. | 2026-01-06 | not yet calculated | CVE-2025-69342 | https://vdp.patchstack.com/database/Wordpress/Theme/calafate/vulnerability/wordpress-calafate-theme-1-7-7-local-file-inclusion-vulnerability?_s_id=cve |
| VanKarWai–Lobo | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in VanKarWai Lobo lobo allows Blind SQL Injection.This issue affects Lobo: from n/a through < 2.8.6. | 2026-01-08 | not yet calculated | CVE-2025-67921 | https://vdp.patchstack.com/database/Wordpress/Theme/lobo/vulnerability/wordpress-lobo-theme-2-8-6-sql-injection-vulnerability?_s_id=cve |
| vanquish–WooCommerce Orders & Customers Exporter | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in vanquish WooCommerce Orders & Customers Exporter woocommerce-orders-ei allows SQL Injection.This issue affects WooCommerce Orders & Customers Exporter: from n/a through <= 5.4. | 2026-01-08 | not yet calculated | CVE-2025-22713 | https://vdp.patchstack.com/database/Wordpress/Plugin/woocommerce-orders-ei/vulnerability/wordpress-woocommerce-orders-customers-exporter-plugin-5-4-sql-injection-vulnerability?_s_id=cve |
| Vernon Systems Limited–eHive Search | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Vernon Systems Limited eHive Search ehive-search allows Reflected XSS.This issue affects eHive Search: from n/a through <= 2.5.0. | 2026-01-08 | not yet calculated | CVE-2025-67930 | https://vdp.patchstack.com/database/Wordpress/Plugin/ehive-search/vulnerability/wordpress-ehive-search-plugin-2-5-0-cross-site-scripting-xss-vulnerability?_s_id=cve |
| Vivotek–IP7137 | Vivotek IP7137 camera with firmware version 0200a is vulnerable to an information disclosure issue where live camera footage can be accessed through the RTSP protocol on port 8554 without requiring authentication. This allows unauthorized users with network access to view the camera’s feed, potentially compromising user privacy and security. The vendor has not replied to the CNA. Possibly all firmware versions are affected. Since the product has met End-Of-Life phase, a fix is not expected to be released. | 2026-01-09 | not yet calculated | CVE-2025-66049 | https://cert.pl/posts/2026/01/CVE-2025-66049 |
| Vivotek–IP7137 | Vivotek IP7137 camera with firmware version 0200a by default dos not require to provide any password when logging in as an administrator. While it is possible to set up such a password, a user is not informed about such a need. The vendor has not replied to the CNA. Possibly all firmware versions are affected. Since the product has met End-Of-Life phase, a fix is not expected to be released. | 2026-01-09 | not yet calculated | CVE-2025-66050 | https://cert.pl/posts/2026/01/CVE-2025-66049 |
| Vivotek–IP7137 | Vivotek IP7137 camera with firmware version 0200a is vulnerable to path traversal. It is possible for an authenticated attacker to access resources beyond webroot directory using a direct HTTP request. Due to CVE-2025-66050, a password for administration panel is not set by default. The vendor has not replied to the CNA. Possibly all firmware versions are affected. Since the product has met End-Of-Life phase, a fix is not expected to be released. | 2026-01-09 | not yet calculated | CVE-2025-66051 | https://cert.pl/posts/2026/01/CVE-2025-66049 |
| Vivotek–IP7137 | Vivotek IP7137 camera with firmware version 0200a is vulnerable to command injection. Parameter “system_ntpIt” used by “/cgi-bin/admin/setparam.cgi” endpoint is not sanitized properly, allowing a user with administrative privileges to perform an attack. Due to CVE-2025-66050, administrative access is not protected by default, The vendor has not replied to the CNA Possibly all firmware versions are affected. Since the product has met End-Of-Life phase, a fix is not expected to be released. | 2026-01-09 | not yet calculated | CVE-2025-66052 | https://cert.pl/posts/2026/01/CVE-2025-66049 |
| Wikimedia Foundation–MediaWiki – CampaignEvents extension | Missing Authorization vulnerability in Wikimedia Foundation MediaWiki – CampaignEvents extension allows Privilege Abuse.This issue affects MediaWiki – CampaignEvents extension: 1.45, 1.44, 1.43, 1.39. | 2026-01-09 | not yet calculated | CVE-2026-0817 | https://phabricator.wikimedia.org/T410560 https://gerrit.wikimedia.org/r/q/I7ed0049691258c8bd2555e599b9b88490fbe3358 |
| Wikimedia Foundation–MediaWiki – CSS extension | Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Wikimedia Foundation MediaWiki – CSS extension allows Path Traversal.This issue affects MediaWiki – CSS extension: 1.44, 1.43, 1.39. | 2026-01-07 | not yet calculated | CVE-2026-0669 | https://phabricator.wikimedia.org/T401526 https://gerrit.wikimedia.org/r/q/Ia15bf3f2e5a341868568492a736ac3dbf706c22e |
| Wikimedia Foundation–MediaWiki – ProofreadPage Extension | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Wikimedia Foundation MediaWiki – ProofreadPage Extension allows Cross-Site Scripting (XSS).This issue affects MediaWiki – ProofreadPage Extension: 1.45, 1.44, 1.43, 1.39. | 2026-01-07 | not yet calculated | CVE-2026-0670 | https://phabricator.wikimedia.org/T409423 https://gerrit.wikimedia.org/r/q/I7c028db5ed81843aacd596b0ee4dc2980f5b6e3c |
| Wikimedia Foundation–MediaWiki – UploadWizard extension | Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Wikimedia Foundation MediaWiki – UploadWizard extension allows Cross-Site Scripting (XSS).This issue affects MediaWiki – UploadWizard extension: 1.45, 1.44, 1.43, 1.39. | 2026-01-08 | not yet calculated | CVE-2026-0671 | https://phabricator.wikimedia.org/T407157 https://gerrit.wikimedia.org/r/q/I16de2211594ea9a686868ad7789f9879bf981fa1 |
| Wikimedia Foundation–MediaWiki – VisualData Extension | Inefficient Regular Expression Complexity vulnerability in Wikimedia Foundation MediaWiki – VisualData Extension allows Regular Expression Exponential Blowup.This issue affects MediaWiki – VisualData Extension: 1.45. | 2026-01-07 | not yet calculated | CVE-2026-0668 | https://phabricator.wikimedia.org/T387008 https://gerrit.wikimedia.org/r/q/Ie08d9a8ceb2c9a22a635cfc27964353f14072dbf https://gerrit.wikimedia.org/r/q/Ifbf9c2ade621226e14fe852f3217293772bf8bb8 https://gerrit.wikimedia.org/r/q/I893a9fca694a2613e29e149dea2d76d7f06063e5 https://gerrit.wikimedia.org/r/q/I4ff2737c9f0ba805267d1fc8296e7cff61241ee3 |
| WofficeIO–Woffice | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WofficeIO Woffice woffice allows Reflected XSS.This issue affects Woffice: from n/a through <= 5.4.30. | 2026-01-08 | not yet calculated | CVE-2025-67918 | https://vdp.patchstack.com/database/Wordpress/Theme/woffice/vulnerability/wordpress-woffice-theme-5-4-30-cross-site-scripting-xss-vulnerability?_s_id=cve |
| WofficeIO–Woffice Core | Authorization Bypass Through User-Controlled Key vulnerability in WofficeIO Woffice Core woffice-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woffice Core: from n/a through <= 5.4.30. | 2026-01-08 | not yet calculated | CVE-2025-67919 | https://vdp.patchstack.com/database/Wordpress/Plugin/woffice-core/vulnerability/wordpress-woffice-core-plugin-5-4-30-insecure-direct-object-references-idor-vulnerability?_s_id=cve |
| wolfSSL–wolfSSH | wolfSSH’s key exchange state machine can be manipulated to leak the client’s password in the clear, trick the client to send a bogus signature, or trick the client into skipping user authentication. This affects client applications with wolfSSH version 1.4.21 and earlier. Users of wolfSSH must update or apply the fix patch and it’s recommended to update credentials used. This fix is also recommended for wolfSSH server applications. While there aren’t any specific attacks on server applications, the same defect is present. Thanks to Aina Toky Rasoamanana of Valeo and Olivier Levillain of Telecom SudParis for the report. | 2026-01-06 | not yet calculated | CVE-2025-14942 | https://github.com/wolfSSL/wolfssh/pull/855 |
| wolfSSL–wolfSSH | A heap buffer over-read vulnerability exists in the wolfSSH_CleanPath() function in wolfSSH. An authenticated remote attacker can trigger the issue via crafted SCP path input containing ‘/./’ sequences, resulting in a heap over read by 1 byte. | 2026-01-06 | not yet calculated | CVE-2025-15382 | https://github.com/wolfSSL/wolfssh/pull/859 |
| wolfSSL–wolfSSL-py | A vulnerability in the handling of verify_mode = CERT_REQUIRED in the wolfssl Python package (wolfssl-py) causes client certificate requirements to not be fully enforced. Because the WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT flag was not included, the behavior effectively matched CERT_OPTIONAL: a peer certificate was verified if presented, but connections were incorrectly authenticated when no client certificate was provided. This results in improper authentication, allowing attackers to bypass mutual TLS (mTLS) client authentication by omitting a client certificate during the TLS handshake. The issue affects versions up to and including 5.8.2. | 2026-01-07 | not yet calculated | CVE-2025-15346 | https://github.com/wolfSSL/wolfssl-py/pull/62 https://github.com/wolfSSL/wolfssl-py/commit/b4517dece79f682a8f453abce5cfc0b81bae769d https://github.com/wolfSSL/wolfssl-py/releases/tag/v5.8.4-stable |
| WPCenter–AffiliateX | Missing Authorization vulnerability in WPCenter AffiliateX affiliatex allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AffiliateX: from n/a through <= 1.3.9.3. | 2026-01-06 | not yet calculated | CVE-2025-69346 | https://vdp.patchstack.com/database/Wordpress/Plugin/affiliatex/vulnerability/wordpress-affiliatex-plugin-1-3-9-3-broken-access-control-vulnerability?_s_id=cve |
| WPFactory–Wishlist for WooCommerce | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPFactory Wishlist for WooCommerce wish-list-for-woocommerce allows Stored XSS.This issue affects Wishlist for WooCommerce: from n/a through <= 3.3.0. | 2026-01-06 | not yet calculated | CVE-2025-69334 | https://vdp.patchstack.com/database/Wordpress/Plugin/wish-list-for-woocommerce/vulnerability/wordpress-wishlist-for-woocommerce-plugin-3-3-0-cross-site-scripting-xss-vulnerability?_s_id=cve |
| WPFunnels–Creator LMS | Missing Authorization vulnerability in WPFunnels Creator LMS creatorlms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Creator LMS: from n/a through <= 1.1.12. | 2026-01-06 | not yet calculated | CVE-2025-69359 | https://vdp.patchstack.com/database/Wordpress/Plugin/creatorlms/vulnerability/wordpress-creator-lms-plugin-1-1-12-broken-access-control-vulnerability?_s_id=cve |
| yintibao–Fun Print Mobile | Exported Activity allows external applications to gain application context and directly launch Gmail with inbox access, bypassing security controls. | 2026-01-08 | not yet calculated | CVE-2025-15464 | https://korelogic.com/Resources/Advisories/KL-001-2026-001.txt |
| zlib software–zlib | zlib versions up to and including 1.3.1.2 contain a global buffer overflow in the untgz utility. The TGZfname() function copies an attacker-supplied archive name from argv[] into a fixed-size 1024-byte static global buffer using an unbounded strcpy() call without length validation. Supplying an archive name longer than 1024 bytes results in an out-of-bounds write that can lead to memory corruption, denial of service, and potentially code execution depending on compiler, build flags, architecture, and memory layout. The overflow occurs prior to any archive parsing or validation. | 2026-01-07 | not yet calculated | CVE-2026-22184 | https://seclists.org/fulldisclosure/2026/Jan/3 https://zlib.net/ https://github.com/madler/zlib https://www.vulncheck.com/advisories/zlib-untgz-global-buffer-overflow-in-tgzfname |
| zozothemes–Corpkit | Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Corpkit corpkit allows Upload a Web Shell to a Web Server.This issue affects Corpkit: from n/a through <= 2.0. | 2026-01-08 | not yet calculated | CVE-2025-67924 | https://vdp.patchstack.com/database/Wordpress/Theme/corpkit/vulnerability/wordpress-corpkit-theme-2-0-arbitrary-file-upload-vulnerability?_s_id=cve |
| zozothemes–Corpkit | Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in zozothemes Corpkit corpkit allows PHP Local File Inclusion.This issue affects Corpkit: from n/a through <= 2.0. | 2026-01-08 | not yet calculated | CVE-2025-67925 | https://vdp.patchstack.com/database/Wordpress/Theme/corpkit/vulnerability/wordpress-corpkit-theme-2-0-local-file-inclusion-vulnerability?_s_id=cve |