Latest CVE Feed
-
6.1
MEDIUMCVE-2025-58089
Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL... Read more
Affected Products : pacs_server- Published: Jan. 20, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-71179
Creativeitem Academy LMS 7.0 contains reflected Cross-Site Scripting (XSS) vulnerabilities via the search parameter to the /academy/blogs endpoint, and the string parameter to the /academy/course_bundles/search/query endpoint. These vulnerabilities are di... Read more
Affected Products : academy_lms- Published: Feb. 03, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-67263
Abacre Retail Point of Sale 14.0.0.396 is affected by a stored cross-site scripting (XSS) vulnerability in the Clients module. The application fails to properly sanitize user-supplied input stored in the Name and Surname fields. An attacker can insert mal... Read more
Affected Products : retail_point_of_sale- Published: Jan. 20, 2026
- Modified: Jan. 30, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-25516
NiceGUI is a Python-based UI framework. The ui.markdown() component uses the markdown2 library to convert markdown content to HTML, which is then rendered via innerHTML. By default, markdown2 allows raw HTML to pass through unchanged. This means that if a... Read more
Affected Products : nicegui- Published: Feb. 06, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-25154
LocalSend is a free, open-source app that allows users to share files and messages with nearby devices over their local network without needing an internet connection. In versions up to and including 1.17.0, when a user initiates a "Share via Link" sessio... Read more
Affected Products : localsend- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Information Disclosure
-
6.1
MEDIUMCVE-2025-57787
A reflected cross-site scripting (xss) vulnerability exists in the modifyRoute functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to tr... Read more
Affected Products : pacs_server- Published: Jan. 20, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-67855
A flaw was found in mooodle. A remote attacker could exploit a reflected Cross-Site Scripting (XSS) vulnerability in the policy tool return URL. This vulnerability arises from insufficient sanitization of URL parameters, allowing attackers to inject malic... Read more
Affected Products : moodle- Published: Feb. 03, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-1164
The Easy Voice Mail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘message’ parameter in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for authentica... Read more
Affected Products :- Published: Feb. 14, 2026
- Modified: Feb. 14, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-21966
Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Opera). Supported versions that are affected are 5.6.19.23, 5.6.25.17, 5.6.26.10 and 5.6.27.4. Easily exploitable vulnerability allo... Read more
- Published: Jan. 20, 2026
- Modified: Jan. 29, 2026
-
6.1
MEDIUMCVE-2026-1754
The personal-authors-category plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL path in all versions up to, and including, 0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenti... Read more
Affected Products :- Published: Feb. 14, 2026
- Modified: Feb. 14, 2026
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2026-2160
A vulnerability has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /tourism/classes/Master.php?f=save_package. The manipulation of the argument Title leads to cros... Read more
- Published: Feb. 08, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Cross-Site Scripting
-
6.0
MEDIUMCVE-2025-48508
Improper Hardware reset flow logic in the GPU GFX Hardware IP block could allow a privileged attacker in a guest virtual machine to control reset operation potentially causing host or GPU crash or reset resulting in denial of service.... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Denial of Service
-
6.0
MEDIUMCVE-2026-0620
When configured as L2TP/IPSec VPN server, Archer AXE75 V1 may accept connections using L2TP without IPSec protection, even when IPSec is enabled. This allows VPN sessions without encryption, exposing data in transit and compromising confidentiality.... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Misconfiguration
-
6.0
MEDIUMCVE-2025-58379
Brocade Fabric OS before 9.2.1 has a vulnerability that could allow a local authenticated attacker to reveal command line passwords using commands that may expose higher privilege sensitive information by a lower privileged user.... Read more
Affected Products : fabric_operating_system- Published: Feb. 03, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Information Disclosure
-
6.0
MEDIUMCVE-2025-36238
IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 through FW1060.51, and FW950.00 through FW950.F0 could allow a local user with administration privileges to obtain sensitive information from a Virtual TPM through a series of PowerVM service p... Read more
Affected Products : powervm_hypervisor- Published: Feb. 02, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Information Disclosure
-
6.0
MEDIUMCVE-2025-69820
Directory Traversal vulnerability in Beam beta9 v.0.1.521 allows a remote attacker to obtain sensitive information via the joinCleanPath function.... Read more
Affected Products : beta9- Published: Jan. 22, 2026
- Modified: Feb. 02, 2026
- Vuln Type: Path Traversal
-
6.0
MEDIUMCVE-2026-23892
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up to and including 1.11.5 are affected by a (theoretical) timing attack vulnerability that allows API key extraction over the network. Due to using character base... Read more
Affected Products : octoprint- Published: Jan. 27, 2026
- Modified: Feb. 02, 2026
- Vuln Type: Authentication
-
6.0
MEDIUMCVE-2025-48019
A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. The affected products and versions are as fo... Read more
Affected Products :- Published: Feb. 13, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Denial of Service
-
6.0
MEDIUMCVE-2025-12680
Brocade SANnav before Brocade SANnav 2.4.0b logs database passwords in clear text in the standby SANnav server, after disaster recovery failover. The vulnerability could allow a remote authenticated attacker with admin privilege able to access the SANnav... Read more
- Published: Feb. 02, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Information Disclosure
-
6.0
MEDIUMCVE-2026-1386
A UNIX symbolic link following issue in the jailer component in Firecracker version v1.13.1 and earlier and 1.14.0 on Linux may allow a local host user with write access to the pre-created jailer directories to overwrite arbitrary host files via a symlin... Read more
Affected Products : firecracker- Published: Jan. 23, 2026
- Modified: Jan. 30, 2026
- Vuln Type: Path Traversal