Latest CVE Feed
-
6.5
MEDIUMCVE-2025-71006
A floating point exception (FPE) in the oneflow.reshape component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.... Read more
Affected Products :- Published: Jan. 28, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2026-1547
A vulnerability was detected in Totolink A7000R 4.1cu.4154. This affects the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument plugin_name results in command injection. It is possible to launch the attack remote... Read more
Affected Products : a7000r_firmware- Published: Jan. 28, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2026-24888
Maker.js is a 2D vector line drawing and shape modeling for CNC and laser cutters. In versions up to and including 0.19.1, the `makerjs.extendObject` function copies properties from source objects without proper validation, potentially exposing applicatio... Read more
Affected Products :- Published: Jan. 28, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2026-24845
malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 0.10.0 and prior to version 1.20.3, malcontent could be made to expose Docker registry credentials if it scanned a specially crafted OCI i... Read more
Affected Products :- Published: Jan. 29, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Supply Chain
-
6.5
MEDIUMCVE-2026-0767
Open WebUI Cleartext Transmission of Credentials Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Open WebUI. Authentication is not required to exploi... Read more
Affected Products : open_webui- Published: Jan. 23, 2026
- Modified: Jan. 30, 2026
-
6.5
MEDIUMCVE-2025-2668
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 is vulnerable to a denial of service as the server may crash when an authenticated user creates a specially crafted query.... Read more
Affected Products : db2- Published: Jan. 30, 2026
- Modified: Jan. 30, 2026
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2025-36009
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an unauthenticated user to cause a denial of service due to excessive use of a global variable.... Read more
Affected Products : db2- Published: Jan. 30, 2026
- Modified: Jan. 30, 2026
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2025-36070
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 is vulnerable to a denial of service as a trap may occur when selecting from certain types of tables.... Read more
Affected Products : db2- Published: Jan. 30, 2026
- Modified: Jan. 30, 2026
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2025-69198
Pterodactyl is a free, open-source game server management panel. Pterodactyl implements rate limits that are applied to the total number of resources (e.g. databases, port allocations, or backups) that can exist for an individual server. These resource li... Read more
Affected Products : panel- Published: Jan. 19, 2026
- Modified: Feb. 02, 2026
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2026-1118
A vulnerability was detected in itsourcecode Society Management System 1.0. Impacted is an unknown function of the file /admin/add_activity.php. Performing a manipulation of the argument Title results in sql injection. It is possible to initiate the attac... Read more
Affected Products : society_management_system- Published: Jan. 18, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2026-1066
A vulnerability was detected in kalcaddle kodbox up to 1.61.10. This issue affects some unknown processing of the file /?explorer/index/zip of the component Compression Handler. The manipulation results in command injection. The attack may be launched rem... Read more
Affected Products : kodbox- Published: Jan. 17, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-14450
The Wallet System for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'change_wallet_fund_request_status_callback' function in all versions up to, and including, 2.7.2. This make... Read more
Affected Products :- Published: Jan. 17, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2026-1504
Inappropriate implementation in Background Fetch API in Google Chrome prior to 144.0.7559.110 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)... Read more
- Published: Jan. 27, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2025-14172
The WP Page Permalink Extension plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5.4. This is due to missing authorization checks on the `cwpp_trigger_flush_rewrite_rules` function hooked to `wp_ajax_cwpp... Read more
Affected Products :- Published: Jan. 09, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2022-50979
An unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus (RS485).... Read more
Affected Products :- Published: Feb. 02, 2026
- Modified: Feb. 02, 2026
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2026-24616
Missing Authorization vulnerability in Damian WP Popups wp-popups-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Popups: from n/a through <= 2.2.0.3.... Read more
Affected Products : wp_popups- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2026-20847
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to perform spoofing over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 +7 more products- Published: Jan. 13, 2026
- Modified: Jan. 15, 2026
-
6.5
MEDIUMCVE-2026-21968
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows low privileged attacker with network ac... Read more
Affected Products : mysql_server- Published: Jan. 20, 2026
- Modified: Jan. 29, 2026
-
6.5
MEDIUMCVE-2026-0885
Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 22, 2026
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2026-24565
Insertion of Sensitive Information Into Sent Data vulnerability in bPlugins B Accordion b-accordion allows Retrieve Embedded Sensitive Data.This issue affects B Accordion: from n/a through <= 2.0.0.... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Information Disclosure