Latest CVE Feed
-
6.3
MEDIUMCVE-2026-21690
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in `CIccTagXmlTagDa... Read more
Affected Products : iccdev- Published: Jan. 07, 2026
- Modified: Jan. 12, 2026
- Vuln Type: Memory Corruption
-
6.3
MEDIUMCVE-2025-68029
Insertion of Sensitive Information Into Sent Data vulnerability in WP Swings Wallet System for WooCommerce allows Retrieve Embedded Sensitive Data.This issue affects Wallet System for WooCommerce: from n/a through 2.7.2.... Read more
Affected Products :- Published: Jan. 05, 2026
- Modified: Jan. 20, 2026
- Vuln Type: Information Disclosure
-
6.3
MEDIUMCVE-2026-22779
BlackSheep is an asynchronous web framework to build event based web applications with Python. Prior to 2.4.6, the HTTP Client implementation in BlackSheep is vulnerable to CRLF injection. Missing headers validation makes it possible for an attacker to mo... Read more
Affected Products : blacksheep- Published: Jan. 14, 2026
- Modified: Jan. 22, 2026
- Vuln Type: Injection
-
6.3
MEDIUMCVE-2026-25222
PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, a timing attack vulnerability in the sign-in process allows unauthenticated attackers to determine if a specific email address is registered on the platform. By measuri... Read more
Affected Products :- Published: Feb. 02, 2026
- Modified: Feb. 02, 2026
- Vuln Type: Authentication
-
6.3
MEDIUMCVE-2026-23517
Fleet is open source device management software. A broken access control issue in versions prior to 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3 allowed authenticated users to access debug and profiling endpoints regardless of role. As a result, low-privile... Read more
Affected Products : fleet- Published: Jan. 21, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authorization
-
6.3
MEDIUMCVE-2025-53869
Multiple MFPs provided by Brother Industries, Ltd. does not properly validate server certificates, which may allow a man-in-the-middle attacker to replace the set of root certificates used by the product with a set of arbitrary certificates.... Read more
Affected Products :- Published: Jan. 29, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Cryptography
-
6.3
MEDIUMCVE-2025-15344
Tanium addressed a SQL injection vulnerability in Asset.... Read more
Affected Products : service_asset- Published: Jan. 29, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Injection
-
6.3
MEDIUMCVE-2026-22820
Outray openSource ngrok alternative. Prior to 0.1.5, a TOCTOU race condition vulnerability allows a user to exceed the set number of active tunnels in their subscription plan. This vulnerability is fixed in 0.1.5.... Read more
Affected Products : outray- Published: Jan. 14, 2026
- Modified: Jan. 20, 2026
- Vuln Type: Race Condition
-
6.3
MEDIUMCVE-2025-36065
IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system.... Read more
Affected Products : sterling_connectexpress_adapter_for_sterling_b2b_integrator_520- Published: Jan. 20, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authentication
-
6.3
MEDIUMCVE-2026-0842
A flaw has been found in Flycatcher Toys smART Sketcher up to 2.0. This affects an unknown part of the component Bluetooth Low Energy Interface. This manipulation causes missing authentication. The attack can only be done within the local network. The exp... Read more
Affected Products :- Published: Jan. 11, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Authentication
-
6.3
MEDIUMCVE-2026-24739
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to versions 5.4.51, 6.4.33, 7.3.11, 7.4.5, and 8.0.5, the Symfony Process component did not correctly treat some characters (notably `=`) as “special” ... Read more
Affected Products : symfony- Published: Jan. 28, 2026
- Modified: Feb. 02, 2026
- Vuln Type: Misconfiguration
-
6.2
MEDIUMCVE-2020-36994
QlikView 12.50.20000.0 contains a denial of service vulnerability in the FTP server address input field that allows local attackers to crash the application. Attackers can paste a 300-character buffer into the FTP server address field to trigger an applic... Read more
Affected Products :- Published: Jan. 29, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Denial of Service
-
6.2
MEDIUMCVE-2025-68959
Permission verification bypass vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.... Read more
- Published: Jan. 14, 2026
- Modified: Jan. 15, 2026
- Vuln Type: Authorization
-
6.2
MEDIUMCVE-2026-20851
Out-of-bounds read in Capability Access Management Service (camsvc) allows an unauthorized attacker to disclose information locally.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 15, 2026
-
6.2
MEDIUMCVE-2026-20935
Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an unauthorized attacker to disclose information locally.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 16, 2026
-
6.2
MEDIUMCVE-2025-8090
Null pointer dereference in the MsgRegisterEvent() system call could allow an attacker with local access and code execution abilities to crash the QNX Neutrino kernel.... Read more
Affected Products :- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Memory Corruption
-
6.2
MEDIUMCVE-2025-52516
An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos 1330, 1380, 1480, 2400, 1580, 2500. An invalid kernel address dereference in the issimian device driver leads to a denial of service.... Read more
Affected Products : exynos_1380_firmware exynos_1330_firmware exynos_1380 exynos_1330 exynos_2400_firmware exynos_2400 exynos_1480_firmware exynos_1480 exynos_1580_firmware exynos_1580 +2 more products- Published: Jan. 05, 2026
- Modified: Jan. 09, 2026
- Vuln Type: Memory Corruption
-
6.2
MEDIUMCVE-2026-20821
Exposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows an unauthorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 +8 more products- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
6.2
MEDIUMCVE-2022-50891
Owlfiles File Manager 12.0.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the path parameter in HTTP server endpoints. Attackers can craft URLs targeting the download and list endpoints with embed... Read more
- Published: Jan. 13, 2026
- Modified: Feb. 02, 2026
- Vuln Type: Cross-Site Scripting
-
6.2
MEDIUMCVE-2025-68964
Data verification vulnerability in the HiView module. Impact: Successful exploitation of this vulnerability may affect availability.... Read more
Affected Products : harmonyos- Published: Jan. 14, 2026
- Modified: Jan. 15, 2026
- Vuln Type: Denial of Service