Latest CVE Feed
-
5.3
MEDIUMCVE-2026-24489
Gakido is a Python HTTP client focused on browser impersonation and anti-bot evasion. A vulnerability was discovered in Gakido prior to version 0.1.1 that allowed HTTP header injection through CRLF (Carriage Return Line Feed) sequences in user-supplied he... Read more
Affected Products :- Published: Jan. 27, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Injection
-
5.3
MEDIUMCVE-2026-24806
Improper Control of Generation of Code ('Code Injection') vulnerability in liuyueyi quick-media (plugins/svg-plugin/batik-codec-fix/src/main/java/org/apache/batik/ext/awt/image/codec/png modules). This vulnerability is associated with program files PNGIma... Read more
Affected Products :- Published: Jan. 27, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Injection
-
5.3
MEDIUMCVE-2026-22796
Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malforme... Read more
Affected Products : openssl- Published: Jan. 27, 2026
- Modified: Feb. 02, 2026
- Vuln Type: Denial of Service
-
5.3
MEDIUMCVE-2026-1371
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.9.5. This is due to missing authorization checks in the `ajax_coupon_details()` function, whi... Read more
Affected Products : tutor_lms- Published: Feb. 03, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2026-0825
The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the CSV export functionality in all versions up to, and including, 1.4.5. This makes it possible for u... Read more
Affected Products : database_for_contact_form_7\,_wpforms\,_elementor_forms- Published: Jan. 28, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2026-1060
The WP Adminify plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.7.7 via the /wp-json/adminify/v1/get-addons-list REST API endpoint. The endpoint is registered with permission_callback set to _... Read more
Affected Products :- Published: Jan. 28, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2026-24850
The ML-DSA crate is a Rust implementation of the Module-Lattice-Based Digital Signature Standard (ML-DSA). Starting in version 0.0.4 and prior to version 0.1.0-rc.4, the ML-DSA signature verification implementation in the RustCrypto `ml-dsa` crate incorre... Read more
Affected Products :- Published: Jan. 28, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Cryptography
-
5.3
MEDIUMCVE-2025-68659
Discourse is an open source discussion platform. Versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 have an application level denial of service vulnerabilityin the username change functionality at try.discourse.org. The vulnerability allows attac... Read more
Affected Products : discourse- Published: Jan. 28, 2026
- Modified: Jan. 30, 2026
- Vuln Type: Denial of Service
-
5.3
MEDIUMCVE-2026-22447
Missing Authorization vulnerability in Select-Themes Prowess prowess allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Prowess: from n/a through <= 1.8.1.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 28, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2026-22348
Missing Authorization vulnerability in Tasos Fel Civic Cookie Control civic-cookie-control-8 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Civic Cookie Control: from n/a through <= 1.53.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2026-21929
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 9.0.0-9.5.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to c... Read more
Affected Products : mysql_server- Published: Jan. 20, 2026
- Modified: Jan. 29, 2026
-
5.3
MEDIUMCVE-2025-52023
A vulnerability in the PHP backend of gemscms.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. This occurs when specially crafted H... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-13471
The User Activity Log WordPress plugin through 2.2 does not properly handle failed login attempts in some cases, allowing unauthenticated users to set arbitrary options to 1 (for example to enable User Registration when it has been turned off)... Read more
Affected Products : user_activity_log- Published: Jan. 28, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Authentication
-
5.3
MEDIUMCVE-2026-1389
The Document Embedder – Embed PDFs, Word, Excel, and Other Files plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.4. This is due to the plugin not verifying that a user has permission to acce... Read more
Affected Products :- Published: Jan. 28, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2026-1391
The Vzaar Media Management plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on the $_SERVER['PHP_SELF'] variable. This makes it possib... Read more
Affected Products :- Published: Jan. 28, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2026-1549
A vulnerability was identified in jishenghua jshERP up to 3.6. Affected by this vulnerability is an unknown functionality of the file /jshERP-boot/plugin/uploadPluginConfigFile of the component PluginController. Such manipulation of the argument configFil... Read more
Affected Products : jsherp- Published: Jan. 28, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Path Traversal
-
5.3
MEDIUMCVE-2026-24904
TrustTunnel is an open-source VPN protocol with a rule bypass issue in versions prior to 0.9.115. In `tls_listener.rs`, `TlsListener::listen()` peeks 1024 bytes and calls `extract_client_random(...)`. If `parse_tls_plaintext` fails (for example, a fragmen... Read more
Affected Products :- Published: Jan. 29, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Misconfiguration
-
5.3
MEDIUMCVE-2026-24889
soroban-sdk is a Rust SDK for Soroban contracts. Arithmetic overflow can be triggered in the `Bytes::slice`, `Vec::slice`, and `Prng::gen_range` (for `u64`) methods in the `soroban-sdk` in versions up to and including `25.0.1`, `23.5.1`, and `25.0.2`. Con... Read more
Affected Products :- Published: Jan. 28, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Memory Corruption
-
5.3
MEDIUMCVE-2025-13920
The WP Directory Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the wdk_public_action AJAX handler. This makes it possible for unauthenticated attackers to extract email addresses f... Read more
Affected Products : wp_directory_kit- Published: Jan. 24, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-15510
The NEX-Forms – Ultimate Forms Plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the NF5_Export_Forms class constructor in all versions up to, and including, 9.1.8. This makes it possible for unauthenti... Read more
Affected Products : nex-forms- Published: Jan. 31, 2026
- Modified: Jan. 31, 2026
- Vuln Type: Authorization