Latest CVE Feed
-
5.4
MEDIUMCVE-2025-36094
IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 007 could allow an authenticated user to cause a denial of service or corrupt existing data due to th... Read more
Affected Products : cloud_pak_for_business_automation- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Denial of Service
-
5.4
MEDIUMCVE-2026-25388
Missing Authorization vulnerability in scripteo Ads Pro ap-plugin-scripteo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ads Pro: from n/a through <= 5.0.... Read more
Affected Products :- Published: Feb. 19, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Authorization
-
5.4
MEDIUMCVE-2026-25322
Cross-Site Request Forgery (CSRF) vulnerability in PublishPress PublishPress Revisions revisionary allows Cross Site Request Forgery.This issue affects PublishPress Revisions: from n/a through <= 3.7.22.... Read more
Affected Products :- Published: Feb. 19, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Cross-Site Request Forgery
-
5.4
MEDIUMCVE-2025-14289
IBM webMethods Integration Server 12.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.... Read more
Affected Products : webmethods_integration_server- Published: Feb. 17, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2026-0632
The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.1.12 via the 'saveDataSource' function. This makes it possible for authenticated attackers, with Subscriber-level ac... Read more
Affected Products :- Published: Feb. 09, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Server-Side Request Forgery
-
5.4
MEDIUMCVE-2026-25828
grub-btrfs through 2026-01-31 (on Arch Linux and derivative distributions) allows initramfs OS command injection because it does not sanitize the $root parameter to resolve_device().... Read more
Affected Products :- Published: Feb. 12, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Injection
-
5.4
MEDIUMCVE-2026-24601
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Pay Writer penci-pay-writer allows Stored XSS.This issue affects Penci Pay Writer: from n/a through <= 1.5.... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2026-24551
Missing Authorization vulnerability in monetagwp Monetag Official Plugin monetag-official allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Monetag Official Plugin: from n/a through <= 1.1.3.... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authorization
-
5.4
MEDIUMCVE-2026-23607
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Anti-Spam Whitelist management interface. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$txtDescription paramete... Read more
Affected Products : mailessentials- Published: Feb. 19, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2026-23617
GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Spam Keyword Checking (Body) conditions interface. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pvGeneral$TXB_Cond... Read more
Affected Products : mailessentials- Published: Feb. 19, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2026-25739
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Versions prior to 3.3.10 are vulnerable to cross-site scripting when uploading certain file types as materials. Users should upgrade to versio... Read more
Affected Products : indico- Published: Feb. 19, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-71240
SPIP before 4.2.15 allows Cross-Site Scripting (XSS) via crafted content in HTML code tags. The application does not properly verify JavaScript within code tags, allowing an attacker to inject malicious scripts that execute in a victim's browser.... Read more
Affected Products : spip- Published: Feb. 19, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-14778
A flaw was found in Keycloak. A significant Broken Access Control vulnerability exists in the UserManagedPermissionService (UMA Protection API). When updating or deleting a UMA policy associated with multiple resources, the authorization check only verifi... Read more
Affected Products : keycloak- Published: Feb. 09, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authorization
-
5.4
MEDIUMCVE-2026-26357
Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, l... Read more
Affected Products :- Published: Feb. 17, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2026-25028
Missing Authorization vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ElementInvader Addons for Elementor: ... Read more
Affected Products : elementinvader_addons_for_elementor- Published: Feb. 03, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Authorization
-
5.4
MEDIUMCVE-2026-26952
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. Versions 6.4 and below are vulnerable to stored HTML injection through the local DNS records configuration page, which allows an... Read more
Affected Products : web_interface- Published: Feb. 19, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2026-24560
Missing Authorization vulnerability in Cloudinary Cloudinary cloudinary-image-management-and-manipulation-in-the-cloud-cdn allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cloudinary: from n/a through <= 3.3.0.... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authorization
-
5.4
MEDIUMCVE-2026-24576
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in COP UX Flat ux-flat allows Stored XSS.This issue affects UX Flat: from n/a through <= 5.4.0.... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2026-24561
Missing Authorization vulnerability in Mahmudul Hasan Arif FluentBoards fluent-boards allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentBoards: from n/a through <= 1.91.1.... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authorization
-
5.4
MEDIUMCVE-2026-24550
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kaira Blockons blockons allows Stored XSS.This issue affects Blockons: from n/a through <= 1.2.15.... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting