Latest CVE Feed
-
6.3
MEDIUMCVE-2026-21860
Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.5, Werkzeug's safe_join function allows path segments with Windows device names that have file extensions or trailing spaces. On Windows, there are special device names such as... Read more
Affected Products : werkzeug- Published: Jan. 08, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Path Traversal
-
6.3
MEDIUMCVE-2026-22779
BlackSheep is an asynchronous web framework to build event based web applications with Python. Prior to 2.4.6, the HTTP Client implementation in BlackSheep is vulnerable to CRLF injection. Missing headers validation makes it possible for an attacker to mo... Read more
Affected Products :- Published: Jan. 14, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Injection
-
6.3
MEDIUMCVE-2026-21690
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in `CIccTagXmlTagDa... Read more
Affected Products : iccdev- Published: Jan. 07, 2026
- Modified: Jan. 12, 2026
- Vuln Type: Memory Corruption
-
6.3
MEDIUMCVE-2026-0842
A flaw has been found in Flycatcher Toys smART Sketcher up to 2.0. This affects an unknown part of the component Bluetooth Low Energy Interface. This manipulation causes missing authentication. The attack can only be done within the local network. The exp... Read more
Affected Products :- Published: Jan. 11, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Authentication
-
6.3
MEDIUMCVE-2025-15153
A weakness has been identified in PbootCMS up to 3.2.12. Impacted is an unknown function of the file /data/pbootcms.db of the component SQLite Database. Executing manipulation can lead to files or directories accessible. It is possible to launch the attac... Read more
Affected Products : pbootcms- Published: Dec. 28, 2025
- Modified: Dec. 30, 2025
- Vuln Type: Path Traversal
-
6.3
MEDIUMCVE-2025-52598
Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has found a flaw that camera's client service does not perform certificate validation. The manufacturer has released patch ... Read more
Affected Products : pnm-7000vd_firmware pnm-7002vd_firmware pnm-9000vd_firmware pnm-9000vq_firmware pnm-9002vq_firmware pnm-9080vq_firmware pnm-9081vq_firmware pnm-9084qz_firmware pnm-9084qz1_firmware pnm-9084rqz_firmware +502 more products- Published: Dec. 26, 2025
- Modified: Jan. 07, 2026
- Vuln Type: Authentication
-
6.3
MEDIUMCVE-2025-69226
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below enable an attacker to ascertain the existence of absolute path components through the path normalization logic for static files meant to prevent path... Read more
Affected Products : aiohttp- Published: Jan. 05, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Path Traversal
-
6.3
MEDIUMCVE-2025-15108
A vulnerability was detected in PandaXGO PandaX up to fb8ff40f7ce5dfebdf66306c6d85625061faf7e5. This affects an unknown function of the file config.yml of the component JWT Secret Handler. The manipulation of the argument key results in use of hard-coded ... Read more
Affected Products : pandax- Published: Dec. 27, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Cryptography
-
6.2
MEDIUMCVE-2026-20818
Insertion of sensitive information into log file in Windows Kernel allows an unauthorized attacker to disclose information locally.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
6.2
MEDIUMCVE-2026-20935
Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an unauthorized attacker to disclose information locally.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
6.2
MEDIUMCVE-2025-8090
Null pointer dereference in the MsgRegisterEvent() system call could allow an attacker with local access and code execution abilities to crash the QNX Neutrino kernel.... Read more
Affected Products :- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Memory Corruption
-
6.2
MEDIUMCVE-2025-52516
An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos 1330, 1380, 1480, 2400, 1580, 2500. An invalid kernel address dereference in the issimian device driver leads to a denial of service.... Read more
Affected Products : exynos_1380_firmware exynos_1330_firmware exynos_1380 exynos_1330 exynos_2400_firmware exynos_2400 exynos_1480_firmware exynos_1480 exynos_1580_firmware exynos_1580 +2 more products- Published: Jan. 05, 2026
- Modified: Jan. 09, 2026
- Vuln Type: Memory Corruption
-
6.2
MEDIUMCVE-2025-68401
ChurchCRM is an open-source church management system. Prior to version 6.0.0, the application stores user-supplied HTML/JS without sufficient sanitization/encoding. When other users later view this content, attacker-controlled JavaScript executes in their... Read more
Affected Products : churchcrm- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Cross-Site Scripting
-
6.2
MEDIUMCVE-2025-13532
Insecure defaults in the Server Agent component of Fortra's Core Privileged Access Manager (BoKS) can result in the selection of weak password hash algorithms. This issue affects BoKS Server Agent 9.0 instances that support yescrypt and are running in a ... Read more
Affected Products :- Published: Dec. 16, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Cryptography
-
6.2
MEDIUMCVE-2025-66173
There is a privilege escalation vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected product... Read more
- Published: Dec. 19, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Authentication
-
6.2
MEDIUMCVE-2025-68959
Permission verification bypass vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.... Read more
- Published: Jan. 14, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Authorization
-
6.2
MEDIUMCVE-2024-29720
An issue in Terra Informatica Software, Inc Sciter v.4.4.7.0 allows a local attacker to obtain sensitive information via the adopt component of the Sciter video rendering function.... Read more
Affected Products : sciter- Published: Dec. 26, 2025
- Modified: Jan. 09, 2026
- Vuln Type: Information Disclosure
-
6.2
MEDIUMCVE-2026-20851
Out-of-bounds read in Capability Access Management Service (camsvc) allows an unauthorized attacker to disclose information locally.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
6.2
MEDIUMCVE-2026-20821
Exposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows an unauthorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 +8 more products- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
6.2
MEDIUMCVE-2025-65410
A stack overflow in the src/main.c component of GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service (DoS) via injecting a crafted input into the filename parameter.... Read more
Affected Products : unrtf- Published: Dec. 23, 2025
- Modified: Jan. 06, 2026
- Vuln Type: Denial of Service