Latest CVE Feed
-
5.4
MEDIUMCVE-2026-20981
Improper input validation in FacAtFunction prior to SMR Feb-2026 Release 1 allows privileged physical attacker to execute arbitrary command with system privilege.... Read more
Affected Products :- Published: Feb. 04, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Injection
-
5.3
MEDIUMCVE-2025-11065
A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed u... Read more
Affected Products :- Published: Jan. 26, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-15526
The Fancy Product Designer plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 6.4.8. This is due to improper error handling in the PDF upload functionality that exposes server filesystem paths and stack traces... Read more
Affected Products : fancy_product_designer- Published: Jan. 16, 2026
- Modified: Jan. 16, 2026
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-24089
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3. An app may be able to enumerate a user's installed apps.... Read more
- Published: Jan. 16, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2026-0788
ALGO 8180 IP Audio Alerter Web UI Persistent Cross-Site Scripting Vulnerability. This vulnerability allows remote attackers to execute web requests with a target user's privileges on affected installations of ALGO 8180 IP Audio Alerter devices. Authentica... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2026-24850
The ML-DSA crate is a Rust implementation of the Module-Lattice-Based Digital Signature Standard (ML-DSA). Starting in version 0.0.4 and prior to version 0.1.0-rc.4, the ML-DSA signature verification implementation in the RustCrypto `ml-dsa` crate incorre... Read more
Affected Products :- Published: Jan. 28, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Cryptography
-
5.3
MEDIUMCVE-2025-56226
Libsndfile <=1.2.2 contains a memory leak vulnerability in the mpeg_l3_encoder_init() function within the mpeg_l3_encode.c file.... Read more
Affected Products : libsndfile- Published: Jan. 14, 2026
- Modified: Jan. 21, 2026
- Vuln Type: Memory Corruption
-
5.3
MEDIUMCVE-2026-24366
Missing Authorization vulnerability in YITHEMES YITH WooCommerce Request A Quote yith-woocommerce-request-a-quote allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH WooCommerce Request A Quote: from n/a through... Read more
Affected Products : yith_woocommerce_request_a_quote- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2023-38017
IBM Cloud Pak System is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.... Read more
Affected Products :- Published: Feb. 04, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2026-0886
Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 22, 2026
- Vuln Type: Memory Corruption
-
5.3
MEDIUMCVE-2026-25523
Magento-lts is a long-term support alternative to Magento Community Edition (CE). Prior to version 20.16.1, the admin url can be discovered without prior knowledge of it's location by exploiting the X-Original-Url header on some configurations. This issue... Read more
Affected Products :- Published: Feb. 04, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2026-22469
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in mwtemplates DeepDigital deepdigital allows Code Injection.This issue affects DeepDigital: from n/a through <= 1.0.2.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2025-12810
Improper Authentication vulnerability in Delinea Inc. Secret Server On-Prem (RPC Password Rotation modules).This issue affects Secret Server On-Prem: 11.8.1, 11.9.6, 11.9.25. A secret with "change password on check in" enabled automatically checks in eve... Read more
Affected Products :- Published: Jan. 27, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Authentication
-
5.3
MEDIUMCVE-2023-38281
IBM Cloud Pak System does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be s... Read more
Affected Products :- Published: Feb. 04, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2026-23831
Rekor is a software supply chain transparency log. In versions 1.4.3 and below, the entry implementation can panic on attacker-controlled input when canonicalizing a proposed entry with an empty spec.message, causing nil Pointer Dereference. Function vali... Read more
Affected Products : rekor- Published: Jan. 22, 2026
- Modified: Feb. 02, 2026
- Vuln Type: Supply Chain
-
5.3
MEDIUMCVE-2020-37007
Liman 0.7 contains a cross-site request forgery vulnerability that allows attackers to manipulate user account settings without proper request validation. Attackers can craft malicious HTML forms to change user passwords or modify account information by t... Read more
Affected Products :- Published: Jan. 29, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Cross-Site Request Forgery
-
5.3
MEDIUMCVE-2026-24577
Missing Authorization vulnerability in Genetech Products Pie Register pie-register allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pie Register: from n/a through <= 3.8.4.7.... Read more
Affected Products : pie_register- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2026-0888
Information disclosure in the XML component. This vulnerability affects Firefox < 147 and Thunderbird < 147.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 22, 2026
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2026-0820
The RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference due to missing capability checks on the wc_upload_and_save_signature_handler function in all versions up to, and includ... Read more
Affected Products :- Published: Jan. 17, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-14757
The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Payment Status Bypass in all versions up to, and including, 3.6.9 only when used in combination with Cost Calculator Builder PRO. This is due to the complete_payment AJAX ac... Read more
Affected Products : cost_calculator_builder- Published: Jan. 16, 2026
- Modified: Jan. 23, 2026
- Vuln Type: Authentication