Latest CVE Feed
-
6.5
MEDIUMCVE-2026-23848
MyTube is a self-hosted downloader and player for several video websites. Prior to version 1.7.71, a rate limiting bypass via `X-Forwarded-For` header spoofing allows unauthenticated attackers to bypass IP-based rate limiting on general API endpoints. Att... Read more
Affected Products :- Published: Jan. 19, 2026
- Modified: Jan. 19, 2026
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2025-60538
A lack of rate limiting in the login page of shiori v1.7.4 and below allows attackers to bypass authentication via a brute force attack.... Read more
Affected Products : shiori- Published: Jan. 09, 2026
- Modified: Jan. 22, 2026
- Vuln Type: Authentication
-
6.5
MEDIUMCVE-2026-21960
Vulnerability in the Oracle Applications DBA product of Oracle E-Business Suite (component: Java utils). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTT... Read more
Affected Products : applications_dba- Published: Jan. 20, 2026
- Modified: Jan. 21, 2026
-
6.5
MEDIUMCVE-2025-67278
An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 allows a remote attacker to escalate privileges via a crafted HTTP request... Read more
Affected Products : tim_flow- Published: Jan. 09, 2026
- Modified: Jan. 22, 2026
- Vuln Type: Authentication
-
6.5
MEDIUMCVE-2026-21949
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to ... Read more
Affected Products : mysql_server- Published: Jan. 20, 2026
- Modified: Jan. 21, 2026
-
6.5
MEDIUMCVE-2026-23952
ImageMagick is free and open-source software used for editing and manipulating digital images. Versions 14.10.1 and below have a NULL pointer dereference vulnerability in the MSL (Magick Scripting Language) parser when processing <comment> tags before ima... Read more
Affected Products : imagemagick- Published: Jan. 22, 2026
- Modified: Jan. 22, 2026
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2026-24361
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress LearnPress – Course Review learnpress-course-review allows Stored XSS.This issue affects LearnPress – Course Review: from n/a throu... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 22, 2026
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2026-1062
A flaw has been found in xiweicheng TMS up to 2.28.0. This affects the function Summary of the file src/main/java/com/lhjz/portal/util/HtmlUtil.java. This manipulation of the argument url causes server-side request forgery. It is possible to initiate the ... Read more
Affected Products :- Published: Jan. 17, 2026
- Modified: Jan. 17, 2026
- Vuln Type: Server-Side Request Forgery
-
6.5
MEDIUMCVE-2025-66715
A DLL hijacking vulnerability in Axtion ODISSAAS ODIS v1.8.4 allows attackers to execute arbitrary code via a crafted DLL file.... Read more
Affected Products : odis- Published: Jan. 09, 2026
- Modified: Jan. 22, 2026
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2025-58693
An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7 allows a privileged attacker to delete files from the underlying filesystem via craf... Read more
Affected Products : fortivoice- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Path Traversal
-
6.5
MEDIUMCVE-2026-0961
BLF file parser crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service... Read more
Affected Products : wireshark- Published: Jan. 14, 2026
- Modified: Jan. 21, 2026
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2026-1326
A weakness has been identified in Totolink NR1800X 9.1.0u.6279_B20210910. This vulnerability affects the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. This manipulation of the argument Hostname causes command i... Read more
Affected Products : nr1800x_firmware- Published: Jan. 22, 2026
- Modified: Jan. 22, 2026
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2026-0959
IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service... Read more
Affected Products : wireshark- Published: Jan. 14, 2026
- Modified: Jan. 21, 2026
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2026-0890
Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 22, 2026
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2026-0885
Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 22, 2026
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2026-24585
Missing Authorization vulnerability in Hyyan Abo Fakher Hyyan WooCommerce Polylang Integration woo-poly-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hyyan WooCommerce Polylang Integration: from n/a... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 23, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2026-1000
The MailerLite - WooCommerce integration plugin for WordPress is vulnerable to unauthorized data modification and deletion in all versions up to, and including, 3.1.3. This is due to missing capability checks on the resetIntegration() function. This makes... Read more
Affected Products : mailerlite- Published: Jan. 16, 2026
- Modified: Jan. 16, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2026-1150
A security flaw has been discovered in Totolink LR350 9.3.5u.6369_B20220309. Impacted is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument command results in command inje... Read more
Affected Products : lr350_firmware- Published: Jan. 19, 2026
- Modified: Jan. 19, 2026
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2026-24616
Missing Authorization vulnerability in Damian WP Popups wp-popups-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Popups: from n/a through <= 2.2.0.3.... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 23, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-69612
A path traversal vulnerability exists in TMS Management Console (version 6.3.7.27386.20250818) from TMS Global Software. The "Download Template" function in the profile dashboard does not neutralize directory traversal sequences (../) in the filePath para... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 22, 2026
- Vuln Type: Path Traversal