Latest CVE Feed
-
5.1
MEDIUMCVE-2025-15056
A lack of data validation vulnerability in the HTML export feature in Quill in allows Cross-Site Scripting (XSS). This issue affects Quill: 2.0.3.... Read more
Affected Products : quill- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Cross-Site Scripting
-
5.1
MEDIUMCVE-2025-71177
LavaLite CMS versions up to and including 10.1.0 contain a stored cross-site scripting vulnerability in the package creation and search functionality. Authenticated users can supply crafted HTML or JavaScript in the package Name or Description fields that... Read more
Affected Products : lavalite- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting
-
5.1
MEDIUMCVE-2025-15248
A security flaw has been discovered in sunhailin12315 product-review 商品评价系统 up to 91ead6890b4065bb45b7602d0d73348e75cb4639. This affects an unknown part of the component Write a Review. Performing manipulation of the argument content results in cross site... Read more
Affected Products :- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Cross-Site Scripting
-
5.1
MEDIUMCVE-2025-15479
Stored cross-site scripting (XSS, CWE-79) in the survey content and administration functionality in Data Illusion Zumbrunn NGSurvey Enterprise Edition 3.6.4 on all supported platforms ( on Windows and Linux servers ) allows authenticated remote users wit... Read more
Affected Products : ngsurvey- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Cross-Site Scripting
-
5.1
MEDIUMCVE-2025-59109
The dormakaba registration units 9002 (PIN Pad Units) have an exposed UART header on the backside. The PIN pad is sending every button press to the UART interface. An attacker can use the interface to exfiltrate PINs. As the devices are explicitly built a... Read more
Affected Products :- Published: Jan. 26, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Information Disclosure
-
5.1
MEDIUMCVE-2025-68961
Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability.... Read more
Affected Products : harmonyos- Published: Jan. 14, 2026
- Modified: Jan. 15, 2026
- Vuln Type: Race Condition
-
5.1
MEDIUMCVE-2026-22211
TinyOS versions up to and including 2.1.2 contain a global buffer overflow vulnerability in the printfUART formatted output implementation used within the ZigBee / IEEE 802.15.4 networking stack. The implementation formats output into a fixed-size global ... Read more
Affected Products :- Published: Jan. 14, 2026
- Modified: Jan. 14, 2026
-
5.1
MEDIUMCVE-2025-67859
A Improper Authentication vulnerability in TLP allows local users to arbitrarily control the power profile in use as well as the daemon’s log settings.This issue affects TLP: from 1.9 before 1.9.1.... Read more
Affected Products :- Published: Jan. 14, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Authentication
-
5.1
MEDIUMCVE-2021-47830
GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery (CSRF) vulnerability. Attackers can craft a malicious webpage that, when visited by an authenticated administrator, can change SMTP configuration settings in the plugin. This... Read more
Affected Products :- Published: Jan. 21, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Request Forgery
-
5.1
MEDIUMCVE-2026-1421
A vulnerability has been found in code-projects Online Examination System 1.0. Affected is an unknown function of the component Add Pages. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed... Read more
Affected Products :- Published: Jan. 26, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting
-
5.1
MEDIUMCVE-2025-15249
A weakness has been identified in zhujunliang3 work_platform up to 6bc5a50bb527ce27f7906d11ea6ec139beb79c31. This vulnerability affects unknown code of the component Content Handler. Executing manipulation can lead to cross site scripting. The attack may ... Read more
Affected Products :- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Cross-Site Scripting
-
5.1
MEDIUMCVE-2026-0601
A reflected cross-site scripting vulnerability exists in Nexus Repository 3 that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted request requiring user interaction.... Read more
Affected Products : nexus_repository_manager- Published: Jan. 14, 2026
- Modified: Jan. 16, 2026
- Vuln Type: Cross-Site Scripting
-
5.1
MEDIUMCVE-2019-25262
A security vulnerability has been detected in elinicksic Razgover up to db37dfc5c82f023a40f2f7834ded6633fb2b5262. This affects an unknown part of the file Chattify/send.php of the component Chat Message Handler. Such manipulation of the argument msg leads... Read more
Affected Products :- Published: Dec. 31, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Cross-Site Scripting
-
5.1
MEDIUMCVE-2025-67603
A Improper Authorization vulnerability in Foomuuri llows arbitrary users to influence the firewall configuration.This issue affects Foomuuri: from ? before 0.31.... Read more
Affected Products :- Published: Jan. 08, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Authorization
-
5.0
MEDIUMCVE-2025-15222
A vulnerability has been found in Dromara Sa-Token up to 1.44.0. This issue affects the function ObjectInputStream.readObject of the file SaSerializerTemplateForJdkUseBase64.java. Such manipulation leads to deserialization. The attack can be executed remo... Read more
Affected Products : sa-token- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Injection
-
5.0
MEDIUMCVE-2024-14020
A weakness has been identified in carboneio carbone up to fbcd349077ad0e8748be73eab2a82ea92b6f8a7e. This impacts an unknown function of the file lib/input.js of the component Formatter Handler. Executing a manipulation can lead to improperly controlled mo... Read more
Affected Products :- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Misconfiguration
-
5.0
MEDIUMCVE-2026-21942
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystems). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Sol... Read more
Affected Products : solaris- Published: Jan. 20, 2026
- Modified: Jan. 26, 2026
-
5.0
MEDIUMCVE-2026-1446
There is a Cross Site Scripting issue in Esri ArcGIS Pro versions 3.6.0 and earlier. A local attacker could supply malicious strings into ArcGIS Pro which may execute when a specific dialog is opened. This issue is fixed in ArcGIS Pro 3.6.1.... Read more
Affected Products : arcgis_pro- Published: Jan. 26, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Cross-Site Scripting
-
5.0
MEDIUMCVE-2025-69416
In the plex.tv backend for Plex Media Server (PMS) through 2025-12-31, a non-server device token can retrieve other tokens (intended for unrelated access) via clients.plex.tv/devices.xml.... Read more
Affected Products :- Published: Jan. 02, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Information Disclosure
-
5.0
MEDIUMCVE-2025-69417
In the plex.tv backend for Plex Media Server (PMS) through 2025-12-31, a non-server device token can retrieve share tokens (intended for unrelated access) via a shared_servers endpoint.... Read more
Affected Products :- Published: Jan. 02, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Authentication