Latest CVE Feed
-
4.9
MEDIUMCVE-2026-24767
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, a blind Server-Side Request Forgery (SSRF) vulnerability exists in the `uploadViaURL` functionality due to an unprotected `HEAD` request. While the subsequent file retrie... Read more
Affected Products : nocodb- Published: Jan. 28, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Server-Side Request Forgery
-
4.9
MEDIUMCVE-2026-21937
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network access ... Read more
Affected Products : mysql_server- Published: Jan. 20, 2026
- Modified: Jan. 29, 2026
-
4.9
MEDIUMCVE-2025-12984
The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 2.0.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati... Read more
Affected Products : advanced_ads_-_ad_manager_\&_adsense- Published: Jan. 17, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Injection
-
4.9
MEDIUMCVE-2026-21941
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network a... Read more
Affected Products : mysql_server- Published: Jan. 20, 2026
- Modified: Jan. 29, 2026
-
4.9
MEDIUMCVE-2026-21899
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, ... Read more
Affected Products : cryptolib- Published: Jan. 10, 2026
- Modified: Jan. 15, 2026
- Vuln Type: Memory Corruption
-
4.9
MEDIUMCVE-2025-49335
Server-Side Request Forgery (SSRF) vulnerability in minnur External Media allows Server Side Request Forgery.This issue affects External Media: from n/a through 1.0.36.... Read more
Affected Products : external_media- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Server-Side Request Forgery
-
4.9
MEDIUMCVE-2026-1224
Tanium addressed an uncontrolled resource consumption vulnerability in Discover.... Read more
Affected Products :- Published: Jan. 26, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Denial of Service
-
4.9
MEDIUMCVE-2025-13925
IBM Aspera Console 3.4.7 stores potentially sensitive information in log files that could be read by a local privileged user.... Read more
Affected Products : aspera_console- Published: Jan. 20, 2026
- Modified: Jan. 30, 2026
- Vuln Type: Information Disclosure
-
4.9
MEDIUMCVE-2025-13409
The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to SQL Injection via the 'params' parameter in all versions up to, and including, 1.4.13 due to insufficient escaping on the user supplied parameter and lack of sufficient prep... Read more
Affected Products : form_vibes- Published: Jan. 06, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Injection
-
4.9
MEDIUMCVE-2026-20029
A vulnerability in the licensing features of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker with administrative privileges to gain access to sensitive information.... Read more
Affected Products : identity_services_engine- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: XML External Entity
-
4.9
MEDIUMCVE-2025-62327
In HCL DevOps Deploy 8.1.2.0 through 8.1.2.3, a user with LLM configuration privileges may be able to recover a credential previously saved for performing authenticated LLM Queries.... Read more
Affected Products : hcl_devops_deploy- Published: Jan. 07, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Authentication
-
4.9
MEDIUMCVE-2026-22242
CoreShop is a Pimcore enhanced eCommerce solution. Prior to version 4.1.8, a blind SQL injection vulnerability exists in the application that allows an authenticated administrator-level user to extract database contents using boolean-based or time-based t... Read more
Affected Products : coreshop- Published: Jan. 08, 2026
- Modified: Jan. 12, 2026
- Vuln Type: Injection
-
4.9
MEDIUMCVE-2026-0806
The WP-ClanWars plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL ... Read more
Affected Products :- Published: Jan. 24, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Injection
-
4.9
MEDIUMCVE-2025-14830
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in JFrog Artifactory (Workers) allows Cross-Site Scripting (XSS).This issue affects Artifactory (Workers): from >=7.94.0 through <7.117.10.... Read more
Affected Products :- Published: Jan. 04, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Cross-Site Scripting
-
4.9
MEDIUMCVE-2025-14719
The Relevanssi WordPress plugin before 4.26.0, Relevanssi Premium WordPress plugin before 2.29.0 do not sanitize and escape a parameter before using it in a SQL statement, allowing contributor and above roles to perform SQL injection attacks... Read more
Affected Products : relevanssi- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Injection
-
4.9
MEDIUMCVE-2025-67081
An SQL injection vulnerability in Itflow through 25.06 has been identified in the "role_id" parameter when editing a profile. An attacker with admin account can exploit this issue via blind SQL injection, allowing for the extraction of arbitrary data from... Read more
Affected Products : itflow- Published: Jan. 15, 2026
- Modified: Jan. 23, 2026
- Vuln Type: Injection
-
4.8
MEDIUMCVE-2025-15505
A vulnerability was found in Luxul XWR-600 up to 4.0.1. The affected element is an unknown function of the component Web Administration Interface. The manipulation of the argument Guest Network/Wireless Profile SSID results in cross site scripting. The at... Read more
Affected Products :- Published: Jan. 11, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-15523
MacOS version of Inkscape bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary... Read more
Affected Products : inkscape- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authorization
-
4.8
MEDIUMCVE-2026-22212
TinyOS versions up to and including 2.1.2 contain a stack-based buffer overflow vulnerability in the mcp2200gpio utility. The vulnerability is caused by unsafe use of strcpy() and strcat() functions when constructing device paths during automatic device d... Read more
Affected Products :- Published: Jan. 12, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Memory Corruption
-
4.8
MEDIUMCVE-2026-1417
A weakness has been identified in GPAC up to 2.4.0. Affected by this issue is the function dump_isom_rtp of the file applications/mp4box/filedump.c. This manipulation causes null pointer dereference. The attack needs to be launched locally. The exploit ha... Read more
Affected Products : gpac- Published: Jan. 26, 2026
- Modified: Jan. 28, 2026
- Vuln Type: Memory Corruption