Latest CVE Feed
-
6.5
MEDIUMCVE-2025-69198
Pterodactyl is a free, open-source game server management panel. Pterodactyl implements rate limits that are applied to the total number of resources (e.g. databases, port allocations, or backups) that can exist for an individual server. These resource li... Read more
- Published: Jan. 19, 2026
- Modified: Feb. 02, 2026
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2026-2317
Inappropriate implementation in Animation in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)... Read more
- Published: Feb. 11, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2025-32057
The Infotainment ECU manufactured by Bosch which is installed in Nissan Leaf ZE1 – 2020 uses a Redbend service for over-the-air provisioning and updates. HTTPS is used for communication with the back-end server. Due to usage of the default configuration f... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2025-68020
Missing Authorization vulnerability in WANotifier WANotifier notifier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WANotifier: from n/a through <= 2.7.12.... Read more
Affected Products : wanotifier- Published: Jan. 22, 2026
- Modified: Jan. 28, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2026-24383
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins B Slider b-slider allows DOM-Based XSS.This issue affects B Slider: from n/a through <= 2.0.6.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-69095
Missing Authorization vulnerability in designthemes Reservation Plugin dt-reservation-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reservation Plugin: from n/a through <= 1.7.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2026-23624
GLPI is a free asset and IT management software package. In versions starting from 0.71 to before 10.0.23 and before 11.0.5, when remote authentication is used, based on SSO variables, a user can steal a GLPI session previously opened by another user on t... Read more
Affected Products : glpi- Published: Feb. 04, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Authentication
-
6.5
MEDIUMCVE-2025-67958
Missing Authorization vulnerability in Taxcloud TaxCloud for WooCommerce simple-sales-tax allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TaxCloud for WooCommerce: from n/a through <= 8.3.8.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2026-2146
A security flaw has been discovered in guchengwuyue yshopmall up to 1.9.1. This affects the function updateAvatar of the file /api/users/updateAvatar of the component co.yixiang.utils.FileUtil. Performing a manipulation of the argument File results in unr... Read more
Affected Products : yshopmall- Published: Feb. 08, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2026-23890
pnpm is a package manager. Prior to version 10.28.1, a path traversal vulnerability in pnpm's bin linking allows malicious npm packages to create executable shims or symlinks outside of `node_modules/.bin`. Bin names starting with `@` bypass validation, a... Read more
Affected Products : pnpm- Published: Jan. 26, 2026
- Modified: Jan. 28, 2026
- Vuln Type: Path Traversal
-
6.5
MEDIUMCVE-2026-23565
A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to cause the NomadBranch.exe process to terminate via crafted requests. ... Read more
- Published: Jan. 29, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2026-0948
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Microsoft Entra ID SSO Login allows Privilege Escalation.This issue affects Microsoft Entra ID SSO Login: from 0.0.0 before 1.0.4.... Read more
Affected Products : microsoft_entra_id_sso_login- Published: Feb. 04, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Authentication
-
6.5
MEDIUMCVE-2025-14559
A flaw was found in the keycloak-services component of Keycloak. This vulnerability allows the issuance of access and refresh tokens for disabled users, leading to unauthorized use of previously revoked privileges, via a business logic vulnerability in th... Read more
Affected Products :- Published: Jan. 21, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2026-0767
Open WebUI Cleartext Transmission of Credentials Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Open WebUI. Authentication is not required to exploi... Read more
Affected Products : open_webui- Published: Jan. 23, 2026
- Modified: Jan. 30, 2026
-
6.5
MEDIUMCVE-2026-1895
A flaw has been found in WeKan up to 8.20. Affected is the function applyWipLimit of the file models/lists.js of the component Attachment Storage Handler. Executing a manipulation can lead to improper access controls. The attack can be executed remotely. ... Read more
Affected Products : wekan- Published: Feb. 04, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2026-24623
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in saeros1984 Neoforum neoforum allows Reflected XSS.This issue affects Neoforum: from n/a through <= 1.0.... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-62854
An uncontrolled resource consumption vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulner... Read more
Affected Products : file_station- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2026-2558
A flaw has been found in GeekAI up to 4.2.4. The affected element is the function Download of the file api/handler/net_handler.go. This manipulation of the argument url causes server-side request forgery. Remote exploitation of the attack is possible. The... Read more
Affected Products :- Published: Feb. 16, 2026
- Modified: Feb. 16, 2026
- Vuln Type: Server-Side Request Forgery
-
6.5
MEDIUMCVE-2026-23566
A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to inject, tamper with, or forge log entries in \Nomad Branch.log via cr... Read more
- Published: Jan. 29, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-47402
Transient DOS when processing a received frame with an excessively large authentication information element.... Read more
Affected Products : qca6391_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware wcd9380_firmware wcd9385_firmware wsa8830_firmware wsa8835_firmware ar8035_firmware qca6554a_firmware +178 more products- Published: Feb. 02, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Denial of Service