Latest CVE Feed
-
5.3
MEDIUMCVE-2026-24472
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Cache Middleware contains an information disclosure vulnerability caused by improper handling of HTTP cache control directives. The middleware d... Read more
Affected Products : hono- Published: Jan. 27, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-27899
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 discloses sensitive information in an environment variable that could aid in further attacks against the system.... Read more
Affected Products : db2_recovery_expert_for_luw- Published: Feb. 17, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2026-1733
A vulnerability was identified in Zhong Bang CRMEB up to 5.6.3. This affects the function detail/tidyOrder of the file /api/store_integral/order/detail/:uni. The manipulation of the argument order_id leads to improper authorization. The attack can be init... Read more
Affected Products : crmeb- Published: Feb. 01, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2026-1835
A vulnerability was identified in lcg0124 BootDo up to e93dd428ef6f5c881aa74d49a2099ab0cf1e0fcb. This affects an unknown part. The manipulation leads to cross-site request forgery. The attack is possible to be carried out remotely. The exploit is publicly... Read more
Affected Products :- Published: Feb. 04, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Cross-Site Request Forgery
-
5.3
MEDIUMCVE-2026-27111
Kargo manages and automates the promotion of software artifacts. From v1.9.0 to v1.9.2, Kargo's authorization model includes a promote verb -- a non-standard Kubernetes "dolphin verb" -- that gates the ability to advance Freight through a promotion pipeli... Read more
Affected Products :- Published: Feb. 20, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2026-2658
A vulnerability was found in newbee-ltd newbee-mall up to a069069b07027613bf0e7f571736be86f431faee. Affected is an unknown function of the component Multiple Endpoints. Performing a manipulation results in cross-site request forgery. Remote exploitation o... Read more
Affected Products :- Published: Feb. 18, 2026
- Modified: Feb. 19, 2026
- Vuln Type: Cross-Site Request Forgery
-
5.3
MEDIUMCVE-2026-25315
Missing Authorization vulnerability in hcaptcha hCaptcha for WP hcaptcha-for-forms-and-more allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects hCaptcha for WP: from n/a through <= 4.22.0.... Read more
Affected Products :- Published: Feb. 19, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2026-20673
A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Tahoe 26.3, macOS Sonoma 14.8.4. Turning off "Load remote content in messages” may not apply to all mail previews.... Read more
- Published: Feb. 11, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2026-1964
A vulnerability was determined in WeKan up to 8.20. This impacts an unknown function of the file models/boards.js of the component REST Endpoint. This manipulation causes improper access controls. Remote exploitation of the attack is possible. Upgrading t... Read more
Affected Products : wekan- Published: Feb. 05, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2026-25012
Missing Authorization vulnerability in gfazioli WP Bannerize Pro wp-bannerize-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Bannerize Pro: from n/a through <= 1.11.0.... Read more
Affected Products : wp_bannerize_pro- Published: Feb. 03, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2026-1298
The Easy Replace Image plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.5.2. This is due to missing capability checks on the `image_replacement_from_url` function that is hooked to the `eri_from_url` AJAX... Read more
Affected Products :- Published: Jan. 28, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-64074
A path-traversal vulnerability in the logout functionality of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote attackers to delete arbitrary files on the host by supplying a crafted session cookie value.... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Path Traversal
-
5.3
MEDIUMCVE-2026-1391
The Vzaar Media Management plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on the $_SERVER['PHP_SELF'] variable. This makes it possib... Read more
Affected Products :- Published: Jan. 28, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2025-6792
The One to one user Chat by WPGuppy plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /wp-json/guppylite/v2/channel-authorize rest endpoint in all versions up to, and including, 1.1.4. This makes it... Read more
Affected Products :- Published: Feb. 14, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2026-1801
A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling vulnerability arises from non-RFC-compliant parsing in the soup_filter_input_stream_read_line() logic, where libsoup accepts malformed chunk headers, such as lone line... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Injection
-
5.3
MEDIUMCVE-2026-24982
Missing Authorization vulnerability in Brainstorm Force Spectra ultimate-addons-for-gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through <= 2.19.17.... Read more
Affected Products : spectra- Published: Feb. 03, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2026-25729
DeepAudit is a multi-agent system for code vulnerability discovery. In 3.0.4 and earlier, there is an improper access control vulnerability in the /api/v1/users/ endpoint allows any authenticated user to enumerate all users in the system and retrieve sens... Read more
Affected Products :- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2019-25447
OrientDB 3.0.17 GA Community Edition contains cross-site request forgery vulnerabilities that allow attackers to perform unauthorized actions by crafting malicious requests to endpoints like /database/, /command/, and /document/. Attackers can create or d... Read more
Affected Products :- Published: Feb. 20, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Cross-Site Request Forgery
-
5.3
MEDIUMCVE-2026-1833
The WaMate Confirm – Order Confirmation plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it p... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2026-25384
Missing Authorization vulnerability in WP Lab WP-Lister Lite for eBay wp-lister-for-ebay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-Lister Lite for eBay: from n/a through <= 3.8.5.... Read more
Affected Products : wp-lister_lite_for_ebay- Published: Feb. 19, 2026
- Modified: Feb. 19, 2026
- Vuln Type: Authorization