Latest CVE Feed
-
5.4
MEDIUMCVE-2025-66140
Missing Authorization vulnerability in merkulove Uper for Elementor uper-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uper for Elementor: from n/a through <= 1.0.5.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Authorization
-
5.9
MEDIUMCVE-2025-62077
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SEOSEON EUROPE S.L Affiliate Link Tracker affiliate-link-tracker allows Stored XSS.This issue affects Affiliate Link Tracker: from n/a through <= 0.2.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2026-1489
A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory al... Read more
Affected Products :- Published: Jan. 27, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Memory Corruption
-
9.9
CRITICALCVE-2026-1470
n8n contains a critical Remote Code Execution (RCE) vulnerability in its workflow Expression evaluation system. Expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently iso... Read more
Affected Products : n8n- Published: Jan. 27, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Injection
-
9.9
CRITICALCVE-2025-62050
Unrestricted Upload of File with Dangerous Type vulnerability in blazethemes Blogmatic blogmatic.This issue affects Blogmatic: from n/a through <= 1.0.3.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Misconfiguration
-
5.9
MEDIUMCVE-2025-59472
A denial of service vulnerability exists in Next.js versions with Partial Prerendering (PPR) enabled when running in minimal mode. The PPR resume endpoint accepts unauthenticated POST requests with the `Next-Resume: 1` header and processes attacker-contro... Read more
Affected Products : next.js- Published: Jan. 26, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Denial of Service
-
9.8
CRITICALCVE-2025-50004
Deserialization of Untrusted Data vulnerability in artbees JupiterX Core jupiterx-core allows Object Injection.This issue affects JupiterX Core: from n/a through <= 4.10.1.... Read more
Affected Products : jupiter_x_core- Published: Jan. 22, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-49050
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav WP Lead Capturing Pages wp-lead-capture allows Blind SQL Injection.This issue affects WP Lead Capturing Pages: from n/a through <= 2.5.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-49049
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ZoomIt DZS Video Gallery dzs-videogallery allows SQL Injection.This issue affects DZS Video Gallery: from n/a through <= 12.37.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Injection
-
6.9
MEDIUMCVE-2026-24818
Out-of-bounds Read vulnerability in praydog UEVR (dependencies/lua/src modules). This vulnerability is associated with program files lparser.C. This issue affects UEVR: before 1.05.... Read more
Affected Products :- Published: Jan. 27, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Memory Corruption
-
5.1
MEDIUMCVE-2025-9522
Blind Server-Side Request Forgery (SSRF) in Omada Controllers through webhook functionality, enabling crafted requests to internal services, which may lead to enumeration of information.... Read more
Affected Products :- Published: Jan. 26, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Server-Side Request Forgery
-
6.4
MEDIUMCVE-2020-36960
Forma LMS 2.3 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts into user profile first and last name fields. Attackers can craft scripts like '<script>alert(document.cookie)</script>' to execute arbitr... Read more
Affected Products :- Published: Jan. 26, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2025-14971
The Link Invoice Payment for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the createPartialPayment and cancelPartialPayment functions in all versions up to, and including, 2.8.0. ... Read more
Affected Products :- Published: Jan. 27, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2026-1213
All versions of askbot before and including 0.12.2 allow an attacker authenticated with normal user permissions to modify the profile picture of other application users.This issue affects askbot: 0.12.2.... Read more
Affected Products : askbot- Published: Jan. 27, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Authorization
-
4.0
MEDIUMCVE-2025-9820
A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer.... Read more
Affected Products :- Published: Jan. 26, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Memory Corruption
-
6.4
MEDIUMCVE-2020-36954
Xeroneit Library Management System 3.1 contains a stored cross-site scripting vulnerability in the Book Category feature that allows administrators to inject malicious scripts. Attackers can insert a payload in the Category Name field to execute arbitrary... Read more
Affected Products :- Published: Jan. 26, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Cross-Site Scripting
-
8.5
HIGHCVE-2020-36953
MiniTool ShadowMaker 3.2 contains an unquoted service path vulnerability in the MTAgentService that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\MiniTool ShadowMaker\AgentServic... Read more
Affected Products :- Published: Jan. 26, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Misconfiguration
-
4.8
MEDIUMCVE-2026-1444
A vulnerability has been found in iJason-Liu Books_Manager up to 298ba736387ca37810466349af13a0fdf828e99c. This affects an unknown part of the file controllers/books_center/add_book_check.php. Such manipulation of the argument mark leads to cross site scr... Read more
Affected Products :- Published: Jan. 26, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Cross-Site Scripting
-
4.9
MEDIUMCVE-2026-1224
Tanium addressed an uncontrolled resource consumption vulnerability in Discover.... Read more
Affected Products : service_asset- Published: Jan. 26, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Denial of Service
-
5.1
MEDIUMCVE-2026-24795
Out-of-bounds Write vulnerability in CloverHackyColor CloverBootloader (MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma modules). This vulnerability is associated with program files regcomp.C. This issue affects CloverBootloader: before 5162.... Read more
Affected Products :- Published: Jan. 27, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Memory Corruption