Latest CVE Feed
-
6.5
MEDIUMCVE-2026-1126
A security vulnerability has been detected in lwj flow up to a3d2fe8133db9d3b50fda4f66f68634640344641. This affects the function uploadFile of the file \flow-master\flow-front-rest\src\main\java\com\dragon\flow\web\resource\flow\FormResource.java of the c... Read more
Affected Products :- Published: Jan. 18, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2025-15336
Tanium addressed an incorrect default permissions vulnerability in Performance.... Read more
- Published: Feb. 05, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-67942
Missing Authorization vulnerability in peachpayments Peach Payments Gateway wc-peach-payments-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Peach Payments Gateway: from n/a through <= 3.3.6.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 28, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-15338
Tanium addressed an incorrect default permissions vulnerability in Partner Integration.... Read more
- Published: Feb. 05, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2026-23646
OpenProject is an open-source, web-based project management software. Users of OpenProject versions prior to 16.6.5 and 17.0.1 have the ability to view and end their active sessions via Account Settings → Sessions. When deleting a session, it was not prop... Read more
Affected Products : openproject- Published: Jan. 19, 2026
- Modified: Feb. 02, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-68507
Missing Authorization vulnerability in Icegram Icegram icegram allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Icegram: from n/a through <= 3.1.35.... Read more
Affected Products : icegram_express- Published: Jan. 22, 2026
- Modified: Jan. 28, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-68072
Missing Authorization vulnerability in Merv Barrett Easy Property Listings easy-property-listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Property Listings: from n/a through <= 3.5.17.... Read more
Affected Products : easy_property_listings- Published: Jan. 22, 2026
- Modified: Jan. 28, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2026-24389
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Chill Gallery PhotoBlocks photoblocks-grid-gallery allows DOM-Based XSS.This issue affects Gallery PhotoBlocks: from n/a through <= 1.3.2.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2026-24514
A security issue was discovered in ingress-nginx where the validating admission controller feature is subject to a denial of service condition. By sending large requests to the validating admission controller, an attacker can cause memory consumption, whi... Read more
Affected Products : ingress-nginx- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2025-67958
Missing Authorization vulnerability in Taxcloud TaxCloud for WooCommerce simple-sales-tax allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TaxCloud for WooCommerce: from n/a through <= 8.3.8.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2026-22463
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Micro.company Form to Chat App form-to-chat allows Stored XSS.This issue affects Form to Chat App: from n/a through <= 1.2.5.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2026-24616
Missing Authorization vulnerability in Damian WP Popups wp-popups-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Popups: from n/a through <= 2.2.0.3.... Read more
Affected Products : wp_popups- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2026-2009
A flaw has been found in SourceCodester Gas Agency Management System 1.0. This issue affects some unknown processing of the file /gasmark/php_action/createUser.php. Executing a manipulation can lead to improper access controls. It is possible to launch th... Read more
Affected Products : gas_agency_management_system- Published: Feb. 06, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2026-1148
A vulnerability was determined in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. This vulnerability affects unknown code. Executing a manipulation can lead to cross-site request forgery. It is possible to launch the attack... Read more
Affected Products : patients_waiting_area_queue_management_system- Published: Jan. 19, 2026
- Modified: Jan. 30, 2026
- Vuln Type: Cross-Site Request Forgery
-
6.5
MEDIUMCVE-2026-24917
UAF vulnerability in the security module. Impact: Successful exploitation of this vulnerability may affect availability.... Read more
- Published: Feb. 06, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2026-24617
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Daniel Iser Easy Modal easy-modal allows Stored XSS.This issue affects Easy Modal: from n/a through <= 2.1.0.... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2026-24566
Missing Authorization vulnerability in iNET iNET Webkit inet-webkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iNET Webkit: from n/a through <= 1.2.4.... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2026-23878
HotCRP is conference review software. Starting in commit aa20ef288828b04550950cf67c831af8a525f508 and prior to commit ceacd5f1476458792c44c6a993670f02c984b4a0, authors with at least one submission on a HotCRP site could use the document API to download an... Read more
Affected Products : hotcrp- Published: Jan. 19, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2026-2131
A vulnerability was identified in XixianLiang HarmonyOS-mcp-server 0.1.0. This vulnerability affects the function input_text. The manipulation of the argument text leads to os command injection. Remote exploitation of the attack is possible. The exploit i... Read more
Affected Products :- Published: Feb. 08, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2026-24439
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) fail to include the X-Content-Type-Options: nosniff response header on web management interfaces. As a result, browsers that perform MIME sniffing may incorrectly interpret att... Read more
- Published: Jan. 26, 2026
- Modified: Jan. 28, 2026
- Vuln Type: Misconfiguration