Latest CVE Feed
-
5.3
MEDIUMCVE-2025-69225
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below contain parser logic which allows non-ASCII decimals to be present in the Range header. There is no known impact, but there is the possibility that t... Read more
Affected Products : aiohttp- Published: Jan. 06, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Injection
-
5.3
MEDIUMCVE-2026-25152
Backstage is an open framework for building developer portals, and @backstage/plugin-techdocs-node provides common node.js functionalities for TechDocs. In versions of @backstage/plugin-techdocs-node prior to 1.13.11 and 1.14.1, a path traversal vulnerabi... Read more
Affected Products : backstage- Published: Jan. 30, 2026
- Modified: Jan. 30, 2026
- Vuln Type: Path Traversal
-
5.3
MEDIUMCVE-2026-22539
As the service interaction is performed without authentication, an attacker with some knowledge of the protocol could obtain information about the charger via OCPP v1.6.... Read more
Affected Products :- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Authentication
-
5.3
MEDIUMCVE-2026-23990
The Flux Operator is a Kubernetes CRD controller that manages the lifecycle of CNCF Flux CD and the ControlPlane enterprise distribution. Starting in version 0.36.0 and prior to version 0.40.0, a privilege escalation vulnerability exists in the Flux Opera... Read more
Affected Products :- Published: Jan. 21, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authentication
-
5.3
MEDIUMCVE-2026-24366
Missing Authorization vulnerability in YITHEMES YITH WooCommerce Request A Quote yith-woocommerce-request-a-quote allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH WooCommerce Request A Quote: from n/a through... Read more
Affected Products : yith_woocommerce_request_a_quote- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-15237
QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Path Traversal vulnerability, allowing authenticated remote attackers to read folder names under the specified path by exploiting an Absolute Path Traversal vulnerability.... Read more
Affected Products : qoca_aim- Published: Jan. 05, 2026
- Modified: Jan. 20, 2026
- Vuln Type: Path Traversal
-
5.3
MEDIUMCVE-2021-47820
Ubee EVW327 contains a cross-site request forgery vulnerability that allows attackers to enable remote access without user interaction. Attackers can craft a malicious webpage that automatically submits a form to change router remote access settings to po... Read more
Affected Products :- Published: Jan. 16, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Request Forgery
-
5.3
MEDIUMCVE-2023-7333
A weakness has been identified in bluelabsio records-mover up to 1.5.4. The affected element is an unknown function of the component Table Object Handler. This manipulation causes sql injection. The attack needs to be launched locally. Upgrading to versio... Read more
Affected Products :- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Injection
-
5.3
MEDIUMCVE-2026-22486
Missing Authorization vulnerability in Hakob Re Gallery & Responsive Photo Gallery Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Re Gallery & Responsive Photo Gallery Plugin: from n/a through 1.17.18.... Read more
Affected Products :- Published: Jan. 08, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-14978
The PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the ConvesioPay webhook REST endpoint... Read more
Affected Products :- Published: Jan. 20, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-14348
The weMail - Email Marketing, Lead Generation, Optin Forms, Email Newsletters, A/B Testing, and Automation plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.7. This is due to the plugin's REST API trustin... Read more
Affected Products :- Published: Jan. 20, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2026-23528
Dask distributed is a distributed task scheduler for Dask. Prior to 2026.1.0, when Jupyter Lab, jupyter-server-proxy, and Dask distributed are all run together, it is possible to craft a URL which will result in code being executed by Jupyter due to a cro... Read more
Affected Products :- Published: Jan. 16, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2026-1154
A flaw has been found in SourceCodester E-Learning System 1.0. This impacts an unknown function of the file /admin/modules/lesson/index.php of the component Lesson Module Handler. Executing a manipulation of the argument Title/Description can lead to basi... Read more
Affected Products : e-learning_system- Published: Jan. 19, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2026-24625
Missing Authorization vulnerability in Imaginate Solutions File Uploads Addon for WooCommerce woo-addon-uploads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects File Uploads Addon for WooCommerce: from n/a through... Read more
Affected Products : file_uploads_addon_for_woocommerce- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2026-24613
Missing Authorization vulnerability in Ecwid by Lightspeed Ecommerce Shopping Cart Ecwid Shopping Cart ecwid-shopping-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ecwid Shopping Cart: from n/a through <= ... Read more
Affected Products : ecwid_ecommerce_shopping_cart- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2026-24612
Missing Authorization vulnerability in themebeez Orchid Store orchid-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orchid Store: from n/a through <= 1.5.15.... Read more
Affected Products : orchid_store- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2026-22261
Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, various inefficiencies in xff handling, especially for alerts not triggered in a tx, can lead to severe slowdowns. Versions 8.0.3 and 7.0.14 contain a patch. As a workaroun... Read more
Affected Products : suricata- Published: Jan. 27, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Denial of Service
-
5.3
MEDIUMCVE-2026-1599
A vulnerability was determined in Bdtask Bhojon All-In-One Restaurant Management System up to 20260116. The affected element is an unknown function of the file /hungry/placeorder of the component Checkout. Executing a manipulation of the argument orggrand... Read more
Affected Products :- Published: Jan. 29, 2026
- Modified: Jan. 29, 2026
-
5.3
MEDIUMCVE-2026-24583
Missing Authorization vulnerability in sumup SumUp Payment Gateway For WooCommerce sumup-payment-gateway-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SumUp Payment Gateway For WooCommerce: from... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2026-24568
Missing Authorization vulnerability in WP Travel WP Travel wp-travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through <= 11.0.0.... Read more
Affected Products : wp_travel- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authorization