Latest CVE Feed
-
5.0
MEDIUMCVE-2026-21942
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystems). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Sol... Read more
- Published: Jan. 20, 2026
- Modified: Jan. 29, 2026
-
5.0
MEDIUMCVE-2026-24667
The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, failure to invalidate active user sessions after a password change allows existing session tokens to remain valid, potentially enabling... Read more
Affected Products : openeclass- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Authentication
-
5.0
MEDIUMCVE-2025-15328
Tanium addressed an improper link resolution before file access vulnerability in Enforce.... Read more
Affected Products : service_enforce- Published: Feb. 05, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Path Traversal
-
4.9
MEDIUMCVE-2026-23795
Improper Restriction of XML External Entity Reference vulnerability in Apache Syncope Console. An administrator with adequate entitlements to create or edit Keymaster parameters via Console can construct malicious XML text to launch an XXE attack, thereby... Read more
Affected Products : syncope- Published: Feb. 03, 2026
- Modified: Feb. 06, 2026
- Vuln Type: XML External Entity
-
4.9
MEDIUMCVE-2025-15329
Tanium addressed an information disclosure vulnerability in Threat Response.... Read more
Affected Products : service_threatresponse- Published: Feb. 05, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Information Disclosure
-
4.9
MEDIUMCVE-2025-15332
Tanium addressed an information disclosure vulnerability in Threat Response.... Read more
Affected Products : service_threatresponse- Published: Feb. 05, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Information Disclosure
-
4.9
MEDIUMCVE-2025-13925
IBM Aspera Console 3.4.7 stores potentially sensitive information in log files that could be read by a local privileged user.... Read more
Affected Products : aspera_console- Published: Jan. 20, 2026
- Modified: Jan. 30, 2026
- Vuln Type: Information Disclosure
-
4.9
MEDIUMCVE-2025-67081
An SQL injection vulnerability in Itflow through 25.06 has been identified in the "role_id" parameter when editing a profile. An attacker with admin account can exploit this issue via blind SQL injection, allowing for the extraction of arbitrary data from... Read more
Affected Products : itflow- Published: Jan. 15, 2026
- Modified: Jan. 23, 2026
- Vuln Type: Injection
-
4.9
MEDIUMCVE-2026-0816
The All push notification for WP plugin for WordPress is vulnerable to time-based SQL Injection via the 'delete_id' parameter in all versions up to, and including, 1.5.3 due to insufficient escaping on the user supplied parameter and lack of sufficient pr... Read more
Affected Products :- Published: Feb. 04, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Injection
-
4.9
MEDIUMCVE-2026-21899
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, ... Read more
Affected Products : cryptolib- Published: Jan. 10, 2026
- Modified: Jan. 15, 2026
- Vuln Type: Memory Corruption
-
4.9
MEDIUMCVE-2026-0806
The WP-ClanWars plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL ... Read more
Affected Products :- Published: Jan. 24, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Injection
-
4.9
MEDIUMCVE-2026-22626
Due to insufficient input parameter validation on the interface, authenticated users of certain HIKSEMI NAS products can cause abnormal device behavior by crafting specific messages.... Read more
Affected Products :- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Denial of Service
-
4.9
MEDIUMCVE-2026-1224
Tanium addressed an uncontrolled resource consumption vulnerability in Discover.... Read more
Affected Products : service_asset- Published: Jan. 26, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Denial of Service
-
4.9
MEDIUMCVE-2026-21959
Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Workflow Loader). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP t... Read more
Affected Products : workflow- Published: Jan. 20, 2026
- Modified: Jan. 29, 2026
-
4.9
MEDIUMCVE-2026-21936
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network access via m... Read more
- Published: Jan. 20, 2026
- Modified: Jan. 29, 2026
-
4.9
MEDIUMCVE-2026-23844
Whisper Money is a personal finance application. Versions prior to 0.1.5 have an insecure direct object reference vulnerability. A user can update/create account balances in other users' bank accounts. Version 0.1.5 fixes the issue.... Read more
Affected Products : whisper_money- Published: Jan. 19, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Authorization
-
4.9
MEDIUMCVE-2026-24766
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, an authenticated user with org-level-creator permissions can exploit prototype pollution in the `/api/v2/meta/connection/test` endpoint, causing all database write operat... Read more
Affected Products : nocodb- Published: Jan. 28, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Misconfiguration
-
4.9
MEDIUMCVE-2026-21964
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with netw... Read more
- Published: Jan. 20, 2026
- Modified: Jan. 29, 2026
-
4.9
MEDIUMCVE-2026-21937
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network access ... Read more
Affected Products : mysql_server- Published: Jan. 20, 2026
- Modified: Jan. 29, 2026
-
4.9
MEDIUMCVE-2026-21941
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network a... Read more
Affected Products : mysql_server- Published: Jan. 20, 2026
- Modified: Jan. 29, 2026