Latest CVE Feed
-
5.1
MEDIUMCVE-2026-2546
A security vulnerability has been detected in LigeroSmart up to 6.1.26. The affected element is an unknown function of the file /otrs/index.pl. Such manipulation of the argument SortBy leads to cross site scripting. The attack may be launched remotely. Th... Read more
Affected Products :- Published: Feb. 16, 2026
- Modified: Feb. 16, 2026
- Vuln Type: Cross-Site Scripting
-
5.1
MEDIUMCVE-2026-2543
A vulnerability was identified in vichan-devel vichan up to 5.1.5. This vulnerability affects unknown code of the file inc/mod/pages.php of the component Password Change Handler. The manipulation of the argument Password leads to unverified password chang... Read more
Affected Products :- Published: Feb. 16, 2026
- Modified: Feb. 16, 2026
- Vuln Type: Authentication
-
5.1
MEDIUMCVE-2025-41081
Reflected Cross-Site Scripting (XSS) vulnerability in IsMyGym by Zuinq Studio. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL with '/<PATH>.php/<XSS>'. This vulnerability can be exp... Read more
Affected Products :- Published: Jan. 20, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting
-
5.1
MEDIUMCVE-2026-25517
Wagtail is an open source content management system built on Django. Prior to versions 6.3.6, 7.0.4, 7.1.3, 7.2.2, and 7.3, due to a missing permission check on the preview endpoints, a user with access to the Wagtail admin and knowledge of a model's fiel... Read more
Affected Products : wagtail- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Authorization
-
5.1
MEDIUMCVE-2026-1183
HTML injection vulnerability in multiple Botble products such as TransP, Athena, Martfury, and Homzen, consisting of an HTML injection due to a lack of proper validation of user input by sending a request to '/search' using the 'q' parameter.... Read more
Affected Products :- Published: Jan. 20, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Injection
-
5.1
MEDIUMCVE-2025-67683
Quick.Cart is vulnerable to reflected XSS via the sSort parameter. An attacker can craft a malicious URL which, when opened, results in arbitrary JavaScript execution in the victim’s browser. The vendor was notified early about this vulnerability, but di... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting
-
5.1
MEDIUMCVE-2020-37145
HRSALE 1.1.8 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized administrative users through the employee registration form. Attackers can craft a malicious HTML page with hidden form fields to trick authenticate... Read more
Affected Products : hrsale- Published: Feb. 05, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Cross-Site Request Forgery
-
5.1
MEDIUMCVE-2025-59109
The dormakaba registration units 9002 (PIN Pad Units) have an exposed UART header on the backside. The PIN pad is sending every button press to the UART interface. An attacker can use the interface to exfiltrate PINs. As the devices are explicitly built a... Read more
Affected Products :- Published: Jan. 26, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Information Disclosure
-
5.1
MEDIUMCVE-2025-13649
An attacker with access to the web application ZeusWeb of the provider Microcom (in this case, registration is not necessary, but the action must be performed) who has the vulnerable software could introduce arbitrary JavaScript by injecting an XSS payl... Read more
Affected Products : zeusweb- Published: Feb. 11, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Cross-Site Scripting
-
5.1
MEDIUMCVE-2025-59903
Stored Cross-Site Scripting (XSS) vulnerability in Kubysoft, where uploaded SVG images are not properly sanitized. This allows attackers to embed malicious scripts within SVG files as visual content, which are then stored on the server and executed in the... Read more
Affected Products :- Published: Feb. 16, 2026
- Modified: Feb. 16, 2026
- Vuln Type: Cross-Site Scripting
-
5.1
MEDIUMCVE-2021-47830
GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery (CSRF) vulnerability. Attackers can craft a malicious webpage that, when visited by an authenticated administrator, can change SMTP configuration settings in the plugin. This... Read more
Affected Products :- Published: Jan. 21, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Request Forgery
-
5.1
MEDIUMCVE-2020-37118
P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user interaction. Attackers can craft malicious web pages to add new admin users, change passwords, and modi... Read more
Affected Products :- Published: Feb. 05, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Cross-Site Request Forgery
-
5.1
MEDIUMCVE-2026-2557
A vulnerability was detected in cskefu up to 8.0.1. Impacted is the function Upload of the file com/cskefu/cc/controller/resource/MediaController.java of the component File Upload. The manipulation results in cross site scripting. The attack may be launch... Read more
Affected Products :- Published: Feb. 16, 2026
- Modified: Feb. 16, 2026
- Vuln Type: Cross-Site Scripting
-
5.1
MEDIUMCVE-2020-37087
Easy Transfer Wifi Transfer v1.7 for iOS contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts by manipulating the oldPath, newPath, and path parameters in Create Folder and Move/Edit functions. ... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Cross-Site Scripting
-
5.1
MEDIUMCVE-2026-24820
Out-of-bounds Read vulnerability in turanszkij WickedEngine (WickedEngine/LUA modules). This vulnerability is associated with program files ldebug.C. This issue affects WickedEngine: before 0.71.705.... Read more
Affected Products :- Published: Jan. 27, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Memory Corruption
-
5.1
MEDIUMCVE-2026-2547
A vulnerability was detected in LigeroSmart up to 6.1.26. The impacted element is the function AgentDashboard of the file /otrs/index.pl. Performing a manipulation of the argument Subaction results in cross site scripting. Remote exploitation of the attac... Read more
Affected Products :- Published: Feb. 16, 2026
- Modified: Feb. 16, 2026
- Vuln Type: Cross-Site Scripting
-
5.1
MEDIUMCVE-2026-20984
Improper handling of insufficient permission in Galaxy Wearable installed on non-Samsung Device prior to version 2.2.68 allows local attackers to access sensitive information.... Read more
Affected Products : galaxy_wearable- Published: Feb. 04, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Authorization
-
5.1
MEDIUMCVE-2025-47205
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have ... Read more
- Published: Feb. 11, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Denial of Service
-
5.1
MEDIUMCVE-2019-25313
FlexNet Publisher 11.12.1 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without authentication. Attackers can craft a malicious HTML form to trick authenticated users into submitting a req... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Cross-Site Request Forgery
-
5.1
MEDIUMCVE-2026-1406
A vulnerability was determined in lcg0124 BootDo up to 5ccd963c74058036b466e038cff37de4056c1600. Affected by this vulnerability is the function redirectToLogin of the file AccessControlFilter.java of the component Host Header Handler. This manipulation of... Read more
Affected Products :- Published: Jan. 25, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Misconfiguration