Latest CVE Feed
-
4.3
MEDIUMCVE-2025-68140
EVerest is an EV charging software stack. Prior to version 2025.9.0, once the validity of the received V2G message has been verified, it is checked whether the submitted session ID matches the registered one. However, if no session has been registered, th... Read more
Affected Products : everest- Published: Jan. 21, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Authentication
-
4.3
MEDIUMCVE-2026-24571
Missing Authorization vulnerability in boxnow BOX NOW Delivery box-now-delivery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BOX NOW Delivery: from n/a through <= 3.0.2.... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2026-24569
Missing Authorization vulnerability in Sully Media Library File Size media-library-file-size allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Media Library File Size: from n/a through <= 1.6.7.... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2026-24996
Missing Authorization vulnerability in wpelemento WPElemento Importer wpelemento-importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPElemento Importer: from n/a through <= 0.6.4.... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-15322
Tanium addressed an improper access controls vulnerability in Tanium Server.... Read more
Affected Products : server- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-36410
IBM ApplinX 11.1 could allow an authenticated user to perform unauthorized administrative actions on the server due to server-side enforcement of client-side security.... Read more
Affected Products : applinx- Published: Jan. 20, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-15376
The Stopwords for comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing nonce validation on the 'set_stopwords_for_comments' and 'delete_stopwords_for_comments' function... Read more
Affected Products :- Published: Jan. 14, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Cross-Site Request Forgery
-
4.3
MEDIUMCVE-2026-0497
SAP Product Designer Web UI of Business Server Pages allows authenticated non-administrative users to access non-sensitive information. This results in a low impact on confidentiality, with no impact on integrity or availability of the application.... Read more
Affected Products :- Published: Jan. 13, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Information Disclosure
-
4.3
MEDIUMCVE-2025-14853
The LEAV Last Email Address Validator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions <= 1.7.1. This is due to missing or incorrect nonce validation on the display_settings_page function. This makes it possible for unauthentic... Read more
Affected Products :- Published: Jan. 16, 2026
- Modified: Jan. 16, 2026
- Vuln Type: Cross-Site Request Forgery
-
4.3
MEDIUMCVE-2026-1003
The GetGenie plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.3.0. This is due to the plugin not properly verifying that a user is authorized to delete a specific post. This makes it possible for authentic... Read more
Affected Products :- Published: Jan. 16, 2026
- Modified: Jan. 16, 2026
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2026-20936
Out-of-bounds read in Windows NDIS allows an authorized attacker to disclose information with a physical attack.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 +8 more products- Published: Jan. 13, 2026
- Modified: Jan. 16, 2026
-
4.3
MEDIUMCVE-2026-24332
Discord through 2026-01-16 allows gathering information about whether a user's client state is Invisible (and not actually offline) because the response to a WebSocket API request includes the user in the presences array (with "status": "offline"), wherea... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Information Disclosure
-
4.3
MEDIUMCVE-2026-22764
Dell OpenManage Network Integration, versions prior to 3.9, contains an Improper Authentication vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.... Read more
Affected Products : openmanage_network_integration- Published: Jan. 29, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Authentication
-
4.3
MEDIUMCVE-2026-24388
Missing Authorization vulnerability in Ludwig You WPMasterToolKit wpmastertoolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPMasterToolKit: from n/a through <= 2.14.0.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2026-24039
Horilla is a free and open source Human Resource Management System (HRMS). Version 1.4.0 has Improper Access Control, allowing low-privileged employees to self-approve documents they have uploaded. The document-approval UI is intended to be restricted to ... Read more
Affected Products : horilla- Published: Jan. 22, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2026-24542
Cross-Site Request Forgery (CSRF) vulnerability in John James Jacoby WP Term Order wp-term-order allows Cross Site Request Forgery.This issue affects WP Term Order: from n/a through <= 2.1.0.... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Cross-Site Request Forgery
-
4.3
MEDIUMCVE-2026-24521
Cross-Site Request Forgery (CSRF) vulnerability in Timur Kamaev Kama Thumbnail kama-thumbnail allows Cross Site Request Forgery.This issue affects Kama Thumbnail: from n/a through <= 3.5.1.... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Cross-Site Request Forgery
-
4.3
MEDIUMCVE-2025-13416
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized user suspension due to a missing capability check on the pm_deactivate_user_from_group() function in all versions up to, and including, 5.9.7.2. Thi... Read more
Affected Products : profilegrid- Published: Feb. 05, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-15527
The WP Recipe Maker plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 10.2.2 via the api_get_post_summary function due to insufficient restrictions on which posts can be retrieved. This makes it possible for auth... Read more
Affected Products : wp_recipe_maker- Published: Jan. 16, 2026
- Modified: Jan. 16, 2026
- Vuln Type: Information Disclosure
-
4.3
MEDIUMCVE-2026-23683
SAP Fiori App Intercompany Balance Reconciliation does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has low impact on confidentiality, integrity and availability are not impacted.... Read more
Affected Products :- Published: Jan. 27, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Authorization