Latest CVE Feed
-
7.5
HIGHCVE-2025-15268
The Infility Global plugin for WordPress is vulnerable to unauthenticated SQL Injection via the 'infility_get_data' API action in all versions up to, and including, 2.14.46. This is due to insufficient escaping on the user supplied parameter and lack of s... Read more
Affected Products : infility_global- Published: Feb. 04, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-15285
The SEO Flow by LupsOnline plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the checkBlogAuthentication() and checkCategoryAuthentication() functions in all versions up to, and including, 2.2.1. ... Read more
Affected Products : seo_flow- Published: Feb. 04, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-15508
The Magic Import Document Extractor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.4 via the get_frontend_settings() function. This makes it possible for unauthenticated attackers to extract ... Read more
Affected Products :- Published: Feb. 04, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2026-0572
The WebPurify Profanity Filter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'webpurify_save_options' function in all versions up to, and including, 4.0.2. This makes it possible for unaut... Read more
Affected Products :- Published: Feb. 04, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Authorization
-
6.9
MEDIUMCVE-2025-65081
An out-of-bounds read vulnerability has been identified in the Postscript interpreter in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user.... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Memory Corruption
-
5.3
MEDIUMCVE-2026-0679
The Fortis for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to an inverted nonce check in the 'check_fortis_notify_response' function in all versions up to, and including, 1.2.0. This makes it possible for unauthenticated att... Read more
Affected Products :- Published: Feb. 04, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Authorization
-
8.8
HIGHCVE-2026-24512
A security issue was discovered in ingress-nginx cthe `rules.http.paths.path` Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets... Read more
Affected Products : ingress-nginx- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2026-1812
A vulnerability has been found in bolo-blog bolo-solo up to 2.6.4. This impacts the function importFromCnblogs of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component Filename Handler. The manipulation of the argument File l... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Path Traversal
-
4.4
MEDIUMCVE-2026-0681
The Extended Random Number Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for... Read more
Affected Products :- Published: Feb. 04, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2026-0742
The Smart Appointment & Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the saab_save_form_data AJAX action in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping on user suppli... Read more
Affected Products :- Published: Feb. 04, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Cross-Site Scripting
-
10.0
CRITICALCVE-2026-1633
The Synectix LAN 232 TRIO 3-Port serial to ethernet adapter exposes its web management interface without requiring authentication, allowing unauthenticated users to modify critical device settings or factory reset the device.... Read more
Affected Products :- Published: Feb. 04, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Authentication
-
9.3
CRITICALCVE-2026-1632
MOMA Seismic Station Version v2.4.2520 and prior exposes its web management interface without requiring authentication, which could allow an unauthenticated attacker to modify configuration settings, acquire device data or remotely reset the device.... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2020-37094
EspoCRM 5.8.5 contains an authentication vulnerability that allows attackers to access other user accounts by manipulating authorization headers. Attackers can decode and modify Basic Authorization and Espo-Authorization tokens to gain unauthorized access... Read more
Affected Products : espocrm- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Authentication
-
8.7
HIGHCVE-2020-37093
Netis E1+ 1.2.32533 contains an information disclosure vulnerability that allows unauthenticated attackers to retrieve WiFi passwords through the netcore_get.cgi endpoint. Attackers can send a GET request to the endpoint to extract sensitive network crede... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Information Disclosure
-
9.3
CRITICALCVE-2020-37092
Netis E1+ version 1.2.32533 contains a hardcoded root account vulnerability that allows unauthenticated attackers to access the device with predefined credentials. Attackers can leverage the embedded root account with a crackable password to gain full adm... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Authentication
-
4.9
MEDIUMCVE-2026-1370
The SIBS woocommerce payment gateway plugin for WordPress is vulnerable to time-based SQL Injection via the ‘referencedId’ parameter in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied parameter and lack of suffic... Read more
Affected Products :- Published: Feb. 04, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Injection
-
5.1
MEDIUMCVE-2025-41085
Stored Cross-Site Scripting (XSS) vulnerability type in Apidog in the version 2.7.15, where SVG image uploads are not properly sanitized. This allows attackers to embed malicious scripts in SVG files by sending a POST request to '/api/v1/user-avatar', wh... Read more
Affected Products : apidog_web_platform- Published: Feb. 04, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Cross-Site Scripting
-
6.9
MEDIUMCVE-2020-37086
Easy Transfer 1.7 iOS mobile application contains a directory traversal vulnerability that allows remote attackers to access unauthorized file system paths without authentication. Attackers can exploit the vulnerability by manipulating path parameters in ... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Path Traversal
-
3.1
LOWCVE-2026-24513
A security issue was discovered in ingress-nginx where the protection afforded by the `auth-url` Ingress annotation may not be effective in the presence of a specific misconfiguration. If the ingress-nginx controller is configured with a default custom-e... Read more
Affected Products : ingress-nginx- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Misconfiguration
-
8.8
HIGHCVE-2026-1580
A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/auth-method` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controlle... Read more
Affected Products : ingress-nginx- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Injection