Latest CVE Feed
-
6.5
MEDIUMCVE-2026-2426
The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'file' parameter in the file deletion functionality. This is due to insufficient validation of user-supplied file paths, allowin... Read more
Affected Products : wp-downloadmanager- Published: Feb. 18, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Path Traversal
-
6.5
MEDIUMCVE-2025-71002
A floating-point exception (FPE) in the flow.column_stack component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.... Read more
Affected Products : oneflow- Published: Jan. 28, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2026-24623
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in saeros1984 Neoforum neoforum allows Reflected XSS.This issue affects Neoforum: from n/a through <= 1.0.... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2026-24845
malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 0.10.0 and prior to version 1.20.3, malcontent could be made to expose Docker registry credentials if it scanned a specially crafted OCI i... Read more
Affected Products : malcontent- Published: Jan. 29, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Supply Chain
-
6.5
MEDIUMCVE-2026-25760
Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to 1.6.11, a path traversal in the website content subsystem lets an authenticated operator read arbitrary files on the Sliver server host. This is an authenticated pat... Read more
Affected Products : sliver- Published: Feb. 06, 2026
- Modified: Feb. 19, 2026
- Vuln Type: Path Traversal
-
6.5
MEDIUMCVE-2026-25631
n8n is an open source workflow automation platform. Prior to 1.121.0, there is a vulnerability in the HTTP Request node's credential domain validation allowed an authenticated attacker to send requests with credentials to unintended domains, potentially l... Read more
Affected Products : n8n- Published: Feb. 06, 2026
- Modified: Feb. 19, 2026
- Vuln Type: Server-Side Request Forgery
-
6.5
MEDIUMCVE-2026-22821
mreporting is the more reporting GLPI plugin. Prior to 1.9.4, there is a possible SQL injection on date change. This vulnerability is fixed in 1.9.4.... Read more
Affected Products : more_reporting- Published: Feb. 12, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2026-26203
PJSIP is a free and open source multimedia communication library. Versions prior to 2.17 have a critical heap buffer underflow vulnerability in PJSIP's H.264 packetizer. The bug occurs when processing malformed H.264 bitstreams without NAL unit start code... Read more
Affected Products : pjsip- Published: Feb. 19, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2026-2122
A security flaw has been discovered in Xiaopi Panel up to 20260126. This impacts an unknown function of the file /demo.php of the component WAF Firewall. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. Th... Read more
Affected Products :- Published: Feb. 08, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2026-24361
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress LearnPress – Course Review learnpress-course-review allows Stored XSS.This issue affects LearnPress – Course Review: from n/a throu... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2026-24617
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Daniel Iser Easy Modal easy-modal allows Stored XSS.This issue affects Easy Modal: from n/a through <= 2.1.0.... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2026-2693
A vulnerability was determined in CoCoTeaNet CyreneAdmin up to 1.3.0. This vulnerability affects unknown code of the file /api/system/dashboard/getCount of the component System Info Endpoint. Executing a manipulation can lead to improper authorization. Th... Read more
Affected Products : cyreneadmin- Published: Feb. 19, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2026-24616
Missing Authorization vulnerability in Damian WP Popups wp-popups-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Popups: from n/a through <= 2.2.0.3.... Read more
Affected Products : wp_popups- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-68046
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeHunk Contact Form & Lead Form Elementor Builder lead-form-builder allows Retrieve Embedded Sensitive Data.This issue affects Contact Form & Lead Form Elemento... Read more
Affected Products : contact_form_\&_lead_form_elementor_builder- Published: Jan. 22, 2026
- Modified: Jan. 28, 2026
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2026-20904
Gitea does not properly validate ownership when toggling OpenID URI visibility. An authenticated user may be able to change the visibility settings of other users' OpenID identities.... Read more
Affected Products : gitea- Published: Jan. 22, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-68072
Missing Authorization vulnerability in Merv Barrett Easy Property Listings easy-property-listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Property Listings: from n/a through <= 3.5.17.... Read more
Affected Products : easy_property_listings- Published: Jan. 22, 2026
- Modified: Jan. 28, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2026-26312
Stalwart is a mail and collaboration server. A denial-of-service vulnerability exists in Stalwart Mail Server versions 0.13.0 through 0.15.4 where accessing a specially crafted email containing malformed nested `message/rfc822` MIME parts via IMAP or JMAP... Read more
Affected Products : stalwart- Published: Feb. 19, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2025-68666
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, users archives are viewable by users with moderation privileges even though moderators should not have access to the archives. Private topic/p... Read more
Affected Products : discourse- Published: Jan. 28, 2026
- Modified: Jan. 30, 2026
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2026-24944
Missing Authorization vulnerability in weDevs Subscribe2 subscribe2 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Subscribe2: from n/a through <= 10.44.... Read more
Affected Products :- Published: Feb. 20, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-36425
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could allow an authenticated user to obtain sensitive information under specific HADR configuration.... Read more
Affected Products : db2- Published: Feb. 17, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Information Disclosure