Latest CVE Feed
-
4.8
MEDIUMCVE-2025-15505
A vulnerability was found in Luxul XWR-600 up to 4.0.1. The affected element is an unknown function of the component Web Administration Interface. The manipulation of the argument Guest Network/Wireless Profile SSID results in cross site scripting. The at... Read more
Affected Products :- Published: Jan. 11, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2026-24594
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in livemesh Livemesh Addons for WPBakery Page Builder addons-for-visual-composer allows Stored XSS.This issue affects Livemesh Addons for WPBakery Page Buil... Read more
Affected Products : wpbakery_page_builder_addons- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2026-0716
A flaw was found in libsoup’s WebSocket frame processing when handling incoming messages. If a non-default configuration is used where the maximum incoming payload size is unset, the library may read memory outside the intended bounds. This can cause unin... Read more
Affected Products :- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Memory Corruption
-
4.8
MEDIUMCVE-2025-15506
A vulnerability was found in AcademySoftwareFoundation OpenColorIO up to 2.5.0. This issue affects the function ConvertToRegularExpression of the file src/OpenColorIO/FileRules.cpp. Performing a manipulation results in out-of-bounds read. The attack needs... Read more
Affected Products :- Published: Jan. 11, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Memory Corruption
-
4.8
MEDIUMCVE-2025-15451
A security flaw has been discovered in xnx3 wangmarket up to 4.9. Affected by this issue is some unknown functionality of the file /admin/system/variableSave.do of the component System Variables Page. Performing a manipulation of the argument Description ... Read more
Affected Products : wangmarket- Published: Jan. 05, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-15452
A weakness has been identified in xnx3 wangmarket up to 4.9. This affects the function variableList of the file /admin/system/variableList.do of the component Backend Variable Search. Executing a manipulation of the argument Description can lead to cross ... Read more
Affected Products : wangmarket- Published: Jan. 05, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2026-1532
A vulnerability was identified in D-Link DCS-700L 1.03.09. The affected element is the function uploadmusic of the file /setUploadMusic of the component Music File Upload Service. The manipulation of the argument UploadMusic leads to path traversal. The a... Read more
Affected Products :- Published: Jan. 28, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Path Traversal
-
4.8
MEDIUMCVE-2025-68658
Open Source Point of Sale (opensourcepos) is a web based point of sale application written in PHP using CodeIgniter framework. opensourcepos 3.4.0 and 3.4.1 has a stored XSS vulnerability exists in the Configuration (Information) functionality. An authent... Read more
Affected Products : open_source_point_of_sale- Published: Jan. 13, 2026
- Modified: Jan. 21, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-15022
Action captions in Vaadin accept HTML by default but were not sanitized, potentially allowing Cross-site Scripting (XSS) if caption content is derived from user input. In Vaadin Framework 7 and 8, the Action class is a general-purpose class that may be u... Read more
Affected Products : vaadin- Published: Jan. 05, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-14579
The Quiz Maker WordPress plugin before 6.7.0.89 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (... Read more
Affected Products : quiz_maker- Published: Jan. 12, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-14557
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Facebook Pixel facebook_pixel allows Stored XSS.This issue affects Facebook Pixel: from 7.X-1.0 through 7.X-1.1.... Read more
Affected Products : facebook_pixel- Published: Jan. 14, 2026
- Modified: Jan. 23, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-51602
mmstu.c in VideoLAN VLC media player before 3.0.22 allows an out-of-bounds read and denial of service via a crafted 0x01 response from an MMS server.... Read more
Affected Products : vlc_media_player- Published: Jan. 16, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Denial of Service
-
4.8
MEDIUMCVE-2026-24621
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vladimir Statsenko Terms descriptions terms-descriptions allows DOM-Based XSS.This issue affects Terms descriptions: from n/a through <= 3.4.9.... Read more
Affected Products : terms_descriptions- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2026-1705
A vulnerability was detected in D-Link DSL-6641K N8.TR069.20131126. Affected by this issue is the function ad_virtual_server_vdsl of the component Web Interface. Performing a manipulation of the argument Name results in cross site scripting. It is possibl... Read more
Affected Products :- Published: Jan. 30, 2026
- Modified: Jan. 30, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2026-1520
A vulnerability was identified in rethinkdb up to 2.4.3. Affected by this issue is some unknown functionality of the component Secondary Index Handler. Such manipulation leads to cross site scripting. It is possible to launch the attack remotely. The expl... Read more
Affected Products :- Published: Jan. 28, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2026-21925
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: RMI). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25... Read more
- Published: Jan. 20, 2026
- Modified: Jan. 30, 2026
-
4.8
MEDIUMCVE-2025-15523
MacOS version of Inkscape bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary... Read more
Affected Products : inkscape- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authorization
-
4.8
MEDIUMCVE-2026-1417
A weakness has been identified in GPAC up to 2.4.0. Affected by this issue is the function dump_isom_rtp of the file applications/mp4box/filedump.c. This manipulation causes null pointer dereference. The attack needs to be launched locally. The exploit ha... Read more
Affected Products : gpac- Published: Jan. 26, 2026
- Modified: Jan. 28, 2026
- Vuln Type: Memory Corruption
-
4.8
MEDIUMCVE-2026-22212
TinyOS versions up to and including 2.1.2 contain a stack-based buffer overflow vulnerability in the mcp2200gpio utility. The vulnerability is caused by unsafe use of strcpy() and strcat() functions when constructing device paths during automatic device d... Read more
Affected Products :- Published: Jan. 12, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Memory Corruption
-
4.8
MEDIUMCVE-2025-66803
Race condition in the turbo-frame element handler in Hotwired Turbo before 8.0.x causes logout operations to fail when delayed frame responses reapply session cookies after logout. This can be exploited by remote attackers via selective network delays (e.... Read more
Affected Products : turbo- Published: Jan. 20, 2026
- Modified: Jan. 30, 2026
- Vuln Type: Race Condition