Latest CVE Feed
-
4.9
MEDIUMCVE-2025-58466
A use of uninitialized variable vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to denial of service conditions, or modify contr... Read more
- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Memory Corruption
-
4.9
MEDIUMCVE-2026-0816
The All push notification for WP plugin for WordPress is vulnerable to time-based SQL Injection via the 'delete_id' parameter in all versions up to, and including, 1.5.3 due to insufficient escaping on the user supplied parameter and lack of sufficient pr... Read more
Affected Products :- Published: Feb. 04, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Injection
-
4.9
MEDIUMCVE-2026-25310
Server-Side Request Forgery (SSRF) vulnerability in Alobaidi Extend Link extend-link allows Server Side Request Forgery.This issue affects Extend Link: from n/a through <= 2.0.0.... Read more
Affected Products :- Published: Feb. 19, 2026
- Modified: Feb. 19, 2026
- Vuln Type: Server-Side Request Forgery
-
4.9
MEDIUMCVE-2025-15487
The Code Explorer plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.6 via the 'file' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the content... Read more
Affected Products : code_explorer- Published: Feb. 04, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Path Traversal
-
4.9
MEDIUMCVE-2026-25964
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.5.1, a Path Traversal vulnerability in the RecipeImport workflow of Tandoor Recipes allows authenticated users with import permissions to read ... Read more
Affected Products : recipes- Published: Feb. 13, 2026
- Modified: Feb. 17, 2026
- Vuln Type: Path Traversal
-
4.9
MEDIUMCVE-2025-54155
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to prevent other systems, applications, or proce... Read more
Affected Products : file_station- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Denial of Service
-
4.9
MEDIUMCVE-2026-1370
The SIBS woocommerce payment gateway plugin for WordPress is vulnerable to time-based SQL Injection via the ‘referencedId’ parameter in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied parameter and lack of suffic... Read more
Affected Products :- Published: Feb. 04, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Injection
-
4.9
MEDIUMCVE-2026-24766
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, an authenticated user with org-level-creator permissions can exploit prototype pollution in the `/api/v2/meta/connection/test` endpoint, causing all database write operat... Read more
Affected Products : nocodb- Published: Jan. 28, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Misconfiguration
-
4.9
MEDIUMCVE-2026-1246
The ShortPixel Image Optimizer plugin for WordPress is vulnerable to Arbitrary File Read via path traversal in the 'loadFile' parameter in all versions up to, and including, 6.4.2 due to insufficient path validation and sanitization in the 'loadLogFile' A... Read more
Affected Products : image_optimizer- Published: Feb. 05, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Path Traversal
-
4.9
MEDIUMCVE-2026-0806
The WP-ClanWars plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL ... Read more
Affected Products :- Published: Jan. 24, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Injection
-
4.8
MEDIUMCVE-2026-1990
A security vulnerability has been detected in oatpp up to 1.3.1. This impacts the function oatpp::data::type::ObjectWrapper::ObjectWrapper of the file src/oatpp/data/type/Type.hpp. The manipulation leads to null pointer dereference. Local access is requir... Read more
Affected Products :- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Memory Corruption
-
4.8
MEDIUMCVE-2026-0947
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal AT Internet Piano Analytics allows Cross-Site Scripting (XSS).This issue affects AT Internet Piano Analytics: from 0.0.0 before 1.0.1, from 2.0.0 ... Read more
Affected Products : at_internet_piano_analytics- Published: Feb. 04, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2026-2642
A security vulnerability has been detected in ggreer the_silver_searcher up to 2.2.0. The impacted element is the function search_stream of the file src/search.c. The manipulation leads to null pointer dereference. Local access is required to approach thi... Read more
Affected Products :- Published: Feb. 18, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Memory Corruption
-
4.8
MEDIUMCVE-2026-2242
A vulnerability was determined in janet-lang janet up to 1.40.1. This impacts the function janetc_if of the file src/core/specials.c. Executing a manipulation can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been pu... Read more
Affected Products :- Published: Feb. 09, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Memory Corruption
-
4.8
MEDIUMCVE-2026-1553
Incorrect Authorization vulnerability in Drupal Drupal Canvas allows Forceful Browsing.This issue affects Drupal Canvas: from 0.0.0 before 1.0.4.... Read more
Affected Products : drupal_canvas- Published: Feb. 04, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Authorization
-
4.8
MEDIUMCVE-2026-1622
Neo4j Enterprise and Community editions versions prior to 2026.01.3 and 5.26.21 are vulnerable to a potential information disclosure by a user who has ability to access the local log files. The "obfuscate_literals" option in the query logs does not reda... Read more
Affected Products : neo4j- Published: Feb. 04, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Information Disclosure
-
4.8
MEDIUMCVE-2026-1520
A vulnerability was identified in rethinkdb up to 2.4.3. Affected by this issue is some unknown functionality of the component Secondary Index Handler. Such manipulation leads to cross site scripting. It is possible to launch the attack remotely. The expl... Read more
Affected Products :- Published: Jan. 28, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2026-24325
SAP BusinessObjects Enterprise does not sufficiently encode user-controlled inputs, leading to Stored Cross-Site Scripting (XSS) vulnerability. This enables an admin user to inject malicious JavaScript into a website and the injected script gets executed ... Read more
Affected Products : businessobjects_enterprise- Published: Feb. 10, 2026
- Modified: Feb. 17, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2026-1705
A vulnerability was detected in D-Link DSL-6641K N8.TR069.20131126. Affected by this issue is the function ad_virtual_server_vdsl of the component Web Interface. Performing a manipulation of the argument Name results in cross site scripting. It is possibl... Read more
Affected Products : dsl-6641k_firmware- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2026-1444
A vulnerability has been found in iJason-Liu Books_Manager up to 298ba736387ca37810466349af13a0fdf828e99c. This affects an unknown part of the file controllers/books_center/add_book_check.php. Such manipulation of the argument mark leads to cross site scr... Read more
Affected Products :- Published: Jan. 26, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Cross-Site Scripting