Latest CVE Feed
-
4.9
MEDIUMCVE-2025-54166
An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerab... Read more
- Published: Jan. 02, 2026
- Modified: Jan. 05, 2026
- Vuln Type: Information Disclosure
-
4.9
MEDIUMCVE-2025-62327
In HCL DevOps Deploy 8.1.2.0 through 8.1.2.3, a user with LLM configuration privileges may be able to recover a credential previously saved for performing authenticated LLM Queries.... Read more
Affected Products :- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Authentication
-
4.9
MEDIUMCVE-2025-14719
The Relevanssi WordPress plugin before 4.26.0, Relevanssi Premium WordPress plugin before 2.29.0 do not sanitize and escape a parameter before using it in a SQL statement, allowing contributor and above roles to perform SQL injection attacks... Read more
Affected Products : relevanssi- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Injection
-
4.9
MEDIUMCVE-2025-52431
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have ... Read more
- Published: Jan. 02, 2026
- Modified: Jan. 05, 2026
- Vuln Type: Denial of Service
-
4.9
MEDIUMCVE-2025-49335
Server-Side Request Forgery (SSRF) vulnerability in minnur External Media allows Server Side Request Forgery.This issue affects External Media: from n/a through 1.0.36.... Read more
Affected Products : external_media- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Server-Side Request Forgery
-
4.9
MEDIUMCVE-2025-14830
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in JFrog Artifactory (Workers) allows Cross-Site Scripting (XSS).This issue affects Artifactory (Workers): from >=7.94.0 through <7.117.10.... Read more
Affected Products :- Published: Jan. 04, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Cross-Site Scripting
-
4.9
MEDIUMCVE-2025-52426
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have ... Read more
- Published: Jan. 02, 2026
- Modified: Jan. 05, 2026
- Vuln Type: Memory Corruption
-
4.9
MEDIUMCVE-2026-0678
The Flat Shipping Rate by City for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the 'cities' parameter in all versions up to, and including, 1.0.3 due to insufficient escaping on the user supplied parameter and lack of su... Read more
Affected Products :- Published: Jan. 14, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Injection
-
4.9
MEDIUMCVE-2025-15121
A vulnerability has been found in JeecgBoot up to 3.9.0. The affected element is the function getDeptRoleByUserId of the file /sys/sysDepartRole/getDeptRoleByUserId. Such manipulation of the argument departId leads to information disclosure. The vendor wa... Read more
- Published: Dec. 28, 2025
- Modified: Dec. 30, 2025
- Vuln Type: Information Disclosure
-
4.8
MEDIUMCVE-2025-15200
A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. The affected element is the function getExceptionStatisticsByClient/getCommandStatisticsByClient/doIndex of the file src/main/java/com/sohu/cache/web/controller/AppClientDataShowController.jav... Read more
Affected Products : cachecloud- Published: Dec. 29, 2025
- Modified: Jan. 06, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-15146
A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. This impacts the function doUserList of the file src/main/java/com/sohu/cache/web/controller/UserManageController.java. Performing manipulation results in cross site scripting. The attack may ... Read more
Affected Products : cachecloud- Published: Dec. 28, 2025
- Modified: Jan. 07, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2026-20972
Improper Export of Android Application Components in UwbTest prior to SMR Jan-2026 Release 1 allows local attackers to enable UWB.... Read more
Affected Products :- Published: Jan. 09, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Authorization
-
4.8
MEDIUMCVE-2025-71165
Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting (XSS) vulnerability in the administrative interface within the Tools Status functionality. The path parameter is reflected into the HTML response without proper outpu... Read more
Affected Products :- Published: Jan. 14, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-15505
A vulnerability was found in Luxul XWR-600 up to 4.0.1. The affected element is an unknown function of the component Web Administration Interface. The manipulation of the argument Guest Network/Wireless Profile SSID results in cross site scripting. The at... Read more
Affected Products :- Published: Jan. 11, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2026-0404
An insufficient input validation vulnerability in NETGEAR Orbi devices' DHCPv6 functionality allows network adjacent attackers authenticated over WiFi or on LAN to execute OS command injections on the router. DHCPv6 is not enabled by default.... Read more
Affected Products :- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Injection
-
4.8
MEDIUMCVE-2026-22212
TinyOS versions up to and including 2.1.2 contain a stack-based buffer overflow vulnerability in the mcp2200gpio utility. The vulnerability is caused by unsafe use of strcpy() and strcat() functions when constructing device paths during automatic device d... Read more
Affected Products :- Published: Jan. 12, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Memory Corruption
-
4.8
MEDIUMCVE-2025-15203
A vulnerability was found in SohuTV CacheCloud up to 3.2.0. This impacts the function index of the file src/main/java/com/sohu/cache/web/controller/ResourceController.java. Performing manipulation results in cross site scripting. It is possible to initiat... Read more
Affected Products : cachecloud- Published: Dec. 29, 2025
- Modified: Jan. 06, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-15188
A vulnerability was determined in Campcodes Complete Online Beauty Parlor Management System 1.0. This vulnerability affects unknown code of the file /admin/search-invoices.php. Executing manipulation of the argument searchdata can lead to cross site scrip... Read more
- Published: Dec. 29, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-15506
A vulnerability was found in AcademySoftwareFoundation OpenColorIO up to 2.5.0. This issue affects the function ConvertToRegularExpression of the file src/OpenColorIO/FileRules.cpp. Performing a manipulation results in out-of-bounds read. The attack needs... Read more
Affected Products :- Published: Jan. 11, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Memory Corruption
-
4.8
MEDIUMCVE-2026-0642
A vulnerability was detected in projectworlds House Rental and Property Listing 1.0. This issue affects some unknown processing of the file /app/complaint.php. The manipulation of the argument Name results in cross site scripting. The attack may be launch... Read more
Affected Products : house_rental_and_property_listing- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Cross-Site Scripting