Latest CVE Feed
-
6.5
MEDIUMCVE-2025-36424
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a denial of service due to improper neutralization of special elements in data query logic.... Read more
Affected Products : db2- Published: Jan. 30, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2025-36427
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a denial of service due to insufficient validation of special elements in data query logic.... Read more
Affected Products : db2- Published: Jan. 30, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2025-47402
Transient DOS when processing a received frame with an excessively large authentication information element.... Read more
Affected Products : qca6391_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware wcd9380_firmware wcd9385_firmware wsa8830_firmware wsa8835_firmware ar8035_firmware qca6554a_firmware +178 more products- Published: Feb. 02, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2026-24829
Out-of-bounds Write, Heap-based Buffer Overflow vulnerability in Is-Daouda is-Engine.This issue affects is-Engine: before 3.3.4.... Read more
Affected Products :- Published: Jan. 27, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2025-32057
The Infotainment ECU manufactured by Bosch which is installed in Nissan Leaf ZE1 – 2020 uses a Redbend service for over-the-air provisioning and updates. HTTPS is used for communication with the back-end server. Due to usage of the default configuration f... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2025-68039
Missing Authorization vulnerability in Chris Simmons WP BackItUp wp-backitup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP BackItUp: from n/a through <= 2.0.0.... Read more
Affected Products : backup_and_restore_wordpress- Published: Jan. 22, 2026
- Modified: Jan. 28, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-68896
Missing Authorization vulnerability in vrpr WDV One Page Docs wdv-one-page-docs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WDV One Page Docs: from n/a through <= 1.2.4.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2026-2320
Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)... Read more
- Published: Feb. 11, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2026-1062
A flaw has been found in xiweicheng TMS up to 2.28.0. This affects the function Summary of the file src/main/java/com/lhjz/portal/util/HtmlUtil.java. This manipulation of the argument url causes server-side request forgery. It is possible to initiate the ... Read more
Affected Products :- Published: Jan. 17, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Server-Side Request Forgery
-
6.5
MEDIUMCVE-2026-23888
pnpm is a package manager. Prior to version 10.28.1, a path traversal vulnerability in pnpm's binary fetcher allows malicious packages to write files outside the intended extraction directory. The vulnerability has two attack vectors: (1) Malicious ZIP en... Read more
Affected Products : pnpm- Published: Jan. 26, 2026
- Modified: Jan. 28, 2026
- Vuln Type: Path Traversal
-
6.5
MEDIUMCVE-2026-24420
phpMyFAQ is an open source FAQ web application. Versions 4.0.16 and below allow an authenticated user without the dlattachment permission to download FAQ attachments due to a incomprehensive permissions check. The presence of a right key is improperly val... Read more
Affected Products : phpmyfaq- Published: Jan. 24, 2026
- Modified: Jan. 28, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-70091
A cross-site scripting (XSS) vulnerability in the Customers function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Phone Number parameter.... Read more
Affected Products :- Published: Feb. 13, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-68016
Missing Authorization vulnerability in Onepay Sri Lanka onepay Payment Gateway For WooCommerce onepay-payment-gateway-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects onepay Payment Gateway For Woo... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 28, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-68666
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, users archives are viewable by users with moderation privileges even though moderators should not have access to the archives. Private topic/p... Read more
Affected Products : discourse- Published: Jan. 28, 2026
- Modified: Jan. 30, 2026
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2026-24742
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, non-admin moderators can view sensitive information in staff action logs that should be restricted to administrators only. The exposed informa... Read more
Affected Products : discourse- Published: Jan. 28, 2026
- Modified: Jan. 30, 2026
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2025-14450
The Wallet System for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'change_wallet_fund_request_status_callback' function in all versions up to, and including, 2.7.2. This make... Read more
Affected Products :- Published: Jan. 17, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-13725
The Gutenberg Thim Blocks – Page Builder, Gutenberg Blocks for the Block Editor plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 1.0.1. This is due to insufficient path validation in the server-side renderin... Read more
Affected Products :- Published: Jan. 17, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Path Traversal
-
6.5
MEDIUMCVE-2026-1061
A vulnerability was detected in xiweicheng TMS up to 2.28.0. Affected by this issue is the function Upload of the file src/main/java/com/lhjz/portal/controller/FileController.java. The manipulation of the argument filename results in unrestricted upload. ... Read more
Affected Products :- Published: Jan. 17, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2026-1066
A vulnerability was detected in kalcaddle kodbox up to 1.61.10. This issue affects some unknown processing of the file /?explorer/index/zip of the component Compression Handler. The manipulation results in command injection. The attack may be launched rem... Read more
Affected Products : kodbox- Published: Jan. 17, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2026-1126
A security vulnerability has been detected in lwj flow up to a3d2fe8133db9d3b50fda4f66f68634640344641. This affects the function uploadFile of the file \flow-master\flow-front-rest\src\main\java\com\dragon\flow\web\resource\flow\FormResource.java of the c... Read more
Affected Products :- Published: Jan. 18, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Misconfiguration