Latest CVE Feed
-
5.0
MEDIUMCVE-2026-1892
A security vulnerability has been detected in WeKan up to 8.20. This affects the function setBoardOrgs of the file models/boards.js of the component REST API. Such manipulation of the argument item.cardId/item.checklistId/card.boardId leads to improper au... Read more
Affected Products :- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Authorization
-
5.0
MEDIUMCVE-2025-14793
The DK PDF – WordPress PDF Generator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.3.0 via the 'addContentToMpdf' function. This makes it possible for authenticated attackers, author level and ab... Read more
Affected Products :- Published: Jan. 16, 2026
- Modified: Jan. 16, 2026
- Vuln Type: Server-Side Request Forgery
-
5.0
MEDIUMCVE-2026-0936
An Insertion of Sensitive Information into Log File vulnerability in B&R PVI client versions prior to 6.5 may be abused by an authenticated local attacker to gather credential information which is processed by the PVI client application. The logging funct... Read more
Affected Products :- Published: Jan. 29, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Information Disclosure
-
5.0
MEDIUMCVE-2026-25228
Signal K Server is a server application that runs on a central hub in a boat. Prior to 2.20.3, a path traversal vulnerability in SignalK Server's applicationData API allows authenticated users on Windows systems to read, write, and list arbitrary files an... Read more
Affected Products : signal_k_server- Published: Feb. 02, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Path Traversal
-
5.0
MEDIUMCVE-2026-1446
There is a Cross‑Site Scripting (XSS) issue in Esri ArcGIS Pro versions 3.6.0 and earlier. ArcGIS Pro is a desktop application, and exploitation is limited to local users interacting with the application; no privileged role or elevated permissions are req... Read more
Affected Products : arcgis_pro- Published: Jan. 26, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Cross-Site Scripting
-
4.9
MEDIUMCVE-2026-21959
Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Workflow Loader). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP t... Read more
Affected Products : workflow- Published: Jan. 20, 2026
- Modified: Jan. 29, 2026
-
4.9
MEDIUMCVE-2025-15487
The Code Explorer plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.6 via the 'file' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the content... Read more
Affected Products : code_explorer- Published: Feb. 04, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Path Traversal
-
4.9
MEDIUMCVE-2026-1370
The SIBS woocommerce payment gateway plugin for WordPress is vulnerable to time-based SQL Injection via the ‘referencedId’ parameter in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied parameter and lack of suffic... Read more
Affected Products :- Published: Feb. 04, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Injection
-
4.9
MEDIUMCVE-2026-21952
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to co... Read more
Affected Products : mysql_server- Published: Jan. 20, 2026
- Modified: Jan. 29, 2026
-
4.9
MEDIUMCVE-2025-67081
An SQL injection vulnerability in Itflow through 25.06 has been identified in the "role_id" parameter when editing a profile. An attacker with admin account can exploit this issue via blind SQL injection, allowing for the extraction of arbitrary data from... Read more
Affected Products : itflow- Published: Jan. 15, 2026
- Modified: Jan. 23, 2026
- Vuln Type: Injection
-
4.9
MEDIUMCVE-2026-23795
Improper Restriction of XML External Entity Reference vulnerability in Apache Syncope Console. An administrator with adequate entitlements to create or edit Keymaster parameters via Console can construct malicious XML text to launch an XXE attack, thereby... Read more
Affected Products : syncope- Published: Feb. 03, 2026
- Modified: Feb. 06, 2026
- Vuln Type: XML External Entity
-
4.9
MEDIUMCVE-2026-22626
Due to insufficient input parameter validation on the interface, authenticated users of certain HIKSEMI NAS products can cause abnormal device behavior by crafting specific messages.... Read more
Affected Products :- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Denial of Service
-
4.9
MEDIUMCVE-2026-21941
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network a... Read more
Affected Products : mysql_server- Published: Jan. 20, 2026
- Modified: Jan. 29, 2026
-
4.9
MEDIUMCVE-2025-12984
The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 2.0.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati... Read more
Affected Products : advanced_ads_-_ad_manager_\&_adsense- Published: Jan. 17, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Injection
-
4.9
MEDIUMCVE-2026-21899
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, ... Read more
Affected Products : cryptolib- Published: Jan. 10, 2026
- Modified: Jan. 15, 2026
- Vuln Type: Memory Corruption
-
4.9
MEDIUMCVE-2026-21948
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network a... Read more
Affected Products : mysql_server- Published: Jan. 20, 2026
- Modified: Jan. 29, 2026
-
4.9
MEDIUMCVE-2026-22549
A vulnerability exists in F5 BIG-IP Container Ingress Services that may allow excessive permissions to read cluster secrets. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.... Read more
Affected Products :- Published: Feb. 04, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Authorization
-
4.9
MEDIUMCVE-2025-13925
IBM Aspera Console 3.4.7 stores potentially sensitive information in log files that could be read by a local privileged user.... Read more
Affected Products : aspera_console- Published: Jan. 20, 2026
- Modified: Jan. 30, 2026
- Vuln Type: Information Disclosure
-
4.9
MEDIUMCVE-2026-0806
The WP-ClanWars plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL ... Read more
Affected Products :- Published: Jan. 24, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Injection
-
4.9
MEDIUMCVE-2026-21964
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with netw... Read more
- Published: Jan. 20, 2026
- Modified: Jan. 29, 2026