Latest CVE Feed
-
4.3
MEDIUMCVE-2026-22487
Missing Authorization vulnerability in baqend Speed Kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Speed Kit: from n/a through 2.0.2.... Read more
Affected Products :- Published: Jan. 08, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Authorization
-
5.9
MEDIUMCVE-2025-13034
When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey` with the curl tool,curl should check the public key of the server certificate to verify the peer. This check was skipped in a certain condition that would then make curl allow t... Read more
Affected Products : curl- Published: Jan. 08, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Misconfiguration
-
5.3
MEDIUMCVE-2025-4596
Asseco ADMX system is used for processing medical records. It allows logged in users to access medical files belonging to other users through manipulation of GET arguments containing document IDs. This issue has been fixed in 6.09.01.62 version of ADMX.... Read more
Affected Products :- Published: Jan. 08, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Authorization
-
9.3
CRITICALCVE-2025-15346
A vulnerability in the handling of verify_mode = CERT_REQUIRED in the wolfssl Python package (wolfssl-py) causes client certificate requirements to not be fully enforced. Because the WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT flag was not included, the behavio... Read more
Affected Products : wolfssl- Published: Jan. 08, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-23504
Authentication Bypass Using an Alternate Path or Channel vulnerability in RiceTheme Felan Framework felan-framework allows Authentication Abuse.This issue affects Felan Framework: from n/a through <= 1.1.3.... Read more
Affected Products :- Published: Jan. 08, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2019-25268
NREL BEopt 2.8.0.0 contains a DLL hijacking vulnerability that allows attackers to load arbitrary libraries by tricking users into opening application files from remote shares. Attackers can exploit insecure library loading of sdl2.dll and libegl.dll by p... Read more
Affected Products :- Published: Jan. 08, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Misconfiguration
-
9.8
CRITICALCVE-2025-22728
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AmentoTech Workreap (theme's plugin) workreap allows SQL Injection.This issue affects Workreap (theme's plugin): from n/a through <= 3.3.6.... Read more
Affected Products : workreap- Published: Jan. 08, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-67928
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in themesuite Automotive Listings automotive allows Blind SQL Injection.This issue affects Automotive Listings: from n/a through <= 18.6.... Read more
Affected Products :- Published: Jan. 08, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Injection
-
8.1
HIGHCVE-2025-67919
Authorization Bypass Through User-Controlled Key vulnerability in WofficeIO Woffice Core woffice-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woffice Core: from n/a through <= 5.4.30.... Read more
Affected Products : woffice- Published: Jan. 08, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2025-67915
Authentication Bypass Using an Alternate Path or Channel vulnerability in Arraytics Timetics timetics allows Authentication Abuse.This issue affects Timetics: from n/a through <= 1.0.46.... Read more
Affected Products : wp_timetics- Published: Jan. 08, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Authentication
-
6.1
MEDIUMCVE-2025-67922
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Reflected XSS.This issue affects Grand Restaurant: from n/a through < 7.0.9.... Read more
Affected Products : grand_restaurant- Published: Jan. 08, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Cross-Site Scripting
-
9.8
CRITICALCVE-2025-67921
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VanKarWai Lobo lobo allows Blind SQL Injection.This issue affects Lobo: from n/a through < 2.8.6.... Read more
Affected Products :- Published: Jan. 08, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Injection
-
4.3
MEDIUMCVE-2026-22492
Missing Authorization vulnerability in Nawawi Jamili Docket Cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Docket Cache: from n/a through 24.07.04.... Read more
Affected Products :- Published: Jan. 08, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2026-22486
Missing Authorization vulnerability in Hakob Re Gallery & Responsive Photo Gallery Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Re Gallery & Responsive Photo Gallery Plugin: from n/a through 1.17.18.... Read more
Affected Products :- Published: Jan. 08, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Authorization
-
8.1
HIGHCVE-2025-67917
Missing Authorization vulnerability in shinetheme Traveler traveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Traveler: from n/a through <= 3.2.6.... Read more
Affected Products :- Published: Jan. 08, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2025-67913
Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Aruba HiSpeed Cache: from n/a through < 3.0.3.... Read more
Affected Products : aruba_hispeed_cache- Published: Jan. 08, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2025-67924
Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Corpkit corpkit allows Upload a Web Shell to a Web Server.This issue affects Corpkit: from n/a through <= 2.0.... Read more
Affected Products :- Published: Jan. 08, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Misconfiguration
-
6.1
MEDIUMCVE-2025-68891
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ryan Sutana WP App Bar wp-app-bar allows Reflected XSS.This issue affects WP App Bar: from n/a through <= 1.5.... Read more
Affected Products :- Published: Jan. 08, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Cross-Site Scripting
-
9.8
CRITICALCVE-2025-14431
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in THEMELOGI Navian navian allows PHP Local File Inclusion.This issue affects Navian: from n/a through <= 1.5.4.... Read more
Affected Products :- Published: Jan. 08, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Path Traversal
-
4.3
MEDIUMCVE-2026-22489
Authorization Bypass Through User-Controlled Key vulnerability in Wptexture Image Slider Slideshow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Slider Slideshow: from n/a through 1.8.... Read more
Affected Products :- Published: Jan. 08, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Authorization