Latest CVE Feed
-
0.0
NACVE-2023-54282
In the Linux kernel, the following vulnerability has been resolved: media: tuners: qt1010: replace BUG_ON with a regular error BUG_ON is unnecessary here, and in addition it confuses smatch. Replacing this with an error return help resolve this smatch w... Read more
Affected Products : linux_kernel- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2023-54305
In the Linux kernel, the following vulnerability has been resolved: ext4: refuse to create ea block when umounted The ea block expansion need to access s_root while it is already set as NULL when umount is triggered. Refuse this request to avoid panic.... Read more
Affected Products : linux_kernel- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2026-22582
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement (MicrositeUrl module) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: befor... Read more
Affected Products :- Published: Jan. 24, 2026
- Modified: Jan. 24, 2026
- Vuln Type: Injection
-
0.0
NACVE-2025-68558
Missing Authorization vulnerability in averta Depicter Slider depicter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Depicter Slider: from n/a through <= 4.0.4.... Read more
- Published: Jan. 22, 2026
- Modified: Jan. 22, 2026
- Vuln Type: Authorization
-
0.0
NACVE-2025-68839
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Remi Corson Easy Theme Options easy-theme-options allows Reflected XSS.This issue affects Easy Theme Options: from n/a through <= 1.0.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 22, 2026
- Vuln Type: Cross-Site Scripting
-
0.0
NACVE-2025-68858
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Casey Bisson wpCAS wpcas allows Reflected XSS.This issue affects wpCAS: from n/a through <= 1.07.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 22, 2026
- Vuln Type: Cross-Site Scripting
-
0.0
NACVE-2025-68896
Missing Authorization vulnerability in vrpr WDV One Page Docs wdv-one-page-docs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WDV One Page Docs: from n/a through <= 1.2.4.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 22, 2026
- Vuln Type: Authorization
-
0.0
NACVE-2025-69070
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Tornados tornados allows PHP Local File Inclusion.This issue affects Tornados: from n/a through <= 2.1.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 22, 2026
- Vuln Type: Path Traversal
-
0.0
NACVE-2025-69074
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Pearson Specter pearsonspecter allows PHP Local File Inclusion.This issue affects Pearson Specter: from n/a through <= 1.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 22, 2026
- Vuln Type: Path Traversal
-
0.0
NACVE-2025-69097
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/a through <= 1.9.9.5.4.... Read more
Affected Products : wordpress_learning_management_system- Published: Jan. 22, 2026
- Modified: Jan. 22, 2026
- Vuln Type: Path Traversal
-
0.0
NACVE-2025-69100
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in fuelthemes North north-wp allows PHP Local File Inclusion.This issue affects North: from n/a through <= 5.7.5.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 22, 2026
- Vuln Type: Path Traversal
-
0.0
NACVE-2025-69181
Missing Authorization vulnerability in e-plugins Lawyer Directory lawyer-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lawyer Directory: from n/a through <= 1.3.4.... Read more
Affected Products : lawyer_directory- Published: Jan. 22, 2026
- Modified: Jan. 22, 2026
- Vuln Type: Authorization
-
0.0
NACVE-2025-70457
A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Modern Image Gallery App v1.0 within the gallery/upload.php component. The application fails to properly validate uploaded file contents. Additionally, the application preserves the user... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 23, 2026
- Vuln Type: Injection
-
0.0
NACVE-2025-69183
Incorrect Privilege Assignment vulnerability in e-plugins Hospital Doctor Directory hospital-doctor-directory allows Privilege Escalation.This issue affects Hospital Doctor Directory: from n/a through <= 1.3.9.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 22, 2026
- Vuln Type: Authorization
-
0.0
NACVE-2026-23978
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Softwebmedia Gyan Elements gyan-elements allows PHP Local File Inclusion.This issue affects Gyan Elements: from n/a through <= 2.2.1.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 22, 2026
- Vuln Type: Path Traversal
-
0.0
NACVE-2025-68008
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mndpsingh287 WP Mail wp-mail allows Reflected XSS.This issue affects WP Mail: from n/a through <= 1.3.... Read more
Affected Products : wp_mail- Published: Jan. 22, 2026
- Modified: Jan. 22, 2026
- Vuln Type: Cross-Site Scripting
-
0.0
NACVE-2025-68759
In the Linux kernel, the following vulnerability has been resolved: wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring() In rtl8180_init_rx_ring(), memory is allocated for skb packets and DMA allocations in a loop. When an allocation fail... Read more
Affected Products : linux_kernel- Published: Jan. 05, 2026
- Modified: Jan. 19, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-70458
A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the DomainCheckerApp class within domain/script.js of Sourcecodester Domain Availability Checker v1.0. The vulnerability occurs because the application improperly handles user-supplied data in... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 23, 2026
- Vuln Type: Cross-Site Scripting
-
0.0
NACVE-2025-52024
A vulnerability exists in the Aptsys POS Platform Web Services module thru 2025-05-28, which exposes internal API testing tools to unauthenticated users. By accessing specific URLs, an attacker is presented with a directory-style index listing all availab... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 23, 2026
- Vuln Type: Authentication
-
0.0
NACVE-2025-52023
A vulnerability in the PHP backend of gemscms.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. This occurs when specially crafted H... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 23, 2026
- Vuln Type: Information Disclosure