Latest CVE Feed
-
8.1
HIGHCVE-2026-25060
OpenList Frontend is a UI component for OpenList. Prior to 4.1.10, certificate verification is disabled by default for all storage driver communications. The TlsInsecureSkipVerify setting is default to true in the DefaultConfig() function in internal/conf... Read more
Affected Products :- Published: Feb. 02, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Misconfiguration
-
5.3
MEDIUMCVE-2026-25144
Talishar is a fan-made Flesh and Blood project. A Stored XSS exists in the chat in-game system. The playerID parameter in SubmitChat.php and is saved without sanitization and executed whenever a user view the current page game. This vulnerability is fixed... Read more
Affected Products :- Published: Feb. 02, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Cross-Site Scripting
-
2.3
LOWCVE-2026-25221
PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, the OAuth 2.0 implementation for GitHub and Google login providers is vulnerable to Login Cross-Site Request Forgery (CSRF). The application fails to implement and veri... Read more
Affected Products :- Published: Feb. 02, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Cross-Site Request Forgery
-
0.0
NONECVE-2025-61636
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLButtonField.Php. This issue affe... Read more
Affected Products : mediawiki- Published: Feb. 03, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Cross-Site Scripting
-
0.0
NONECVE-2025-61637
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Action/mediawiki.Action.Edit.Preview.J... Read more
Affected Products : mediawiki- Published: Feb. 03, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Cross-Site Scripting
-
0.0
NONECVE-2025-61638
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid. This vulnerability is associated with program files includes/parser/Sanitizer.Php, s... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Cross-Site Scripting
-
1.2
LOWCVE-2025-61646
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/RecentChanges/EnhancedChangesList.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.... Read more
Affected Products : mediawiki- Published: Feb. 03, 2026
- Modified: Feb. 03, 2026
-
2.7
LOWCVE-2025-61652
Vulnerability in Wikimedia Foundation DiscussionTools.This issue affects DiscussionTools: from * before 1.43.4, 1.44.1.... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 03, 2026
-
0.0
NONECVE-2025-61656
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation VisualEditor. This vulnerability is associated with program files src/ce/ve.Ce.ClipboardHandler.Js. This issue affects Visua... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Cross-Site Scripting
-
0.0
NONECVE-2025-67483
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Page.Preview.Js. This issue affects M... Read more
Affected Products : mediawiki- Published: Feb. 03, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Cross-Site Scripting
-
6.3
MEDIUMCVE-2026-24934
The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate when querying an external server for the device's WAN IP address. An unauthenticated remote attacker can perform a Man-in-the-Middle (MitM) attack to spoof the... Read more
Affected Products : data_master- Published: Feb. 03, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Misconfiguration
-
5.3
MEDIUMCVE-2026-0909
The WP ULike plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.8.3.1. This is due to the `wp_ulike_delete_history_api` AJAX action not verifying that the log entry being deleted belongs to the c... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Authorization
-
6.6
MEDIUMCVE-2026-1788
: Out-of-bounds Write vulnerability in Xquic Project Xquic Server xquic on Linux (QUIC protocol implementation, packet processing module modules) allows : Buffer Manipulation.This issue affects Xquic Server: through 1.8.3.... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2026-24465
Stack-based buffer overflow vulnerability exists in ELECOM wireless LAN access point devices. A crafted packet may lead to arbitrary code execution.... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2026-1730
The OS DataHub Maps plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'OS_DataHub_Maps_Admin::add_file_and_ext' function in all versions up to, and including, 1.8.3. This makes it possible for authen... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Authentication
-
5.1
MEDIUMCVE-2025-41065
Stored Cross-Site Scripting (XSS) vulnerability type in LUNA software v7.5.5.6. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by inyecting a malicious payload through the 'Edit Batch Name' function. THe payload i... Read more
Affected Products : luna- Published: Feb. 03, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Cross-Site Scripting
-
8.5
HIGHCVE-2020-37099
Disk Savvy Enterprise 12.3.18 contains an unquoted service path vulnerability in its service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Savvy Enterpris... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Misconfiguration
-
0.0
NACVE-2026-24984
Missing Authorization vulnerability in Brecht Visual Link Preview visual-link-preview allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Visual Link Preview: from n/a through <= 2.2.9.... Read more
Affected Products : visual_link_preview- Published: Feb. 03, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2026-25014
Cross-Site Request Forgery (CSRF) vulnerability in themelooks Enter Addons enteraddons allows Cross Site Request Forgery.This issue affects Enter Addons: from n/a through <= 2.3.2.... Read more
Affected Products : enter_addons- Published: Feb. 03, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Cross-Site Request Forgery
-
4.3
MEDIUMCVE-2026-25020
Missing Authorization vulnerability in WP connect WP Sync for Notion wp-sync-for-notion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Sync for Notion: from n/a through <= 1.7.0.... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Authorization