Latest CVE Feed
-
9.1
CRITICALCVE-2023-50897
Unrestricted Upload of File with Dangerous Type vulnerability in Meow Apps Media File Renamer allows Using Malicious Files.This issue affects Media File Renamer: from n/a through 5.7.7.... Read more
Affected Products : media_file_renamer_-_auto_\&_manual_rename- Published: Jan. 05, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Misconfiguration
-
7.5
HIGHCVE-2025-59467
A Cross-Site Scripting (XSS) vulnerability in the UCRM Argentina AFIP invoices Plugin (v1.2.0 and earlier) could allow privilege escalation if an Administrator is tricked into visiting a crafted malicious page. This plugin is disabled by default. Affe... Read more
Affected Products :- Published: Jan. 05, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Cross-Site Scripting
-
0.0
NACVE-2025-68754
In the Linux kernel, the following vulnerability has been resolved: rtc: amlogic-a4: fix double free caused by devm The clock obtained via devm_clk_get_enabled() is automatically managed by devres and will be disabled and freed on driver detach. Manuall... Read more
Affected Products : linux_kernel- Published: Jan. 05, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-68762
In the Linux kernel, the following vulnerability has been resolved: net: netpoll: initialize work queue before error checks Prevent a kernel warning when netconsole setup fails on devices with IFF_DISABLE_NETPOLL flag. The warning (at kernel/workqueue.c... Read more
Affected Products : linux_kernel- Published: Jan. 05, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Misconfiguration
-
4.8
MEDIUMCVE-2025-15022
Action captions in Vaadin accept HTML by default but were not sanitized, potentially allowing Cross-site Scripting (XSS) if caption content is derived from user input. In Vaadin Framework 7 and 8, the Action class is a general-purpose class that may be u... Read more
Affected Products : vaadin- Published: Jan. 05, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Cross-Site Scripting
-
7.2
HIGHCVE-2025-66376
Zimbra Collaboration (ZCS) 10 before 10.0.18 and 10.1 before 10.1.13 allows Classic UI stored XSS via Cascading Style Sheets (CSS) @import directives in an HTML e-mail message.... Read more
Affected Products : collaboration- Published: Jan. 05, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Cross-Site Scripting
-
9.8
CRITICALCVE-2025-14346
WHILL Model C2 Electric Wheelchairs and Model F Power Chairs do not enforce authentication for Bluetooth connections. An attacker within range can pair with the device and issue movement commands, override speed restrictions, and manipulate configuration ... Read more
Affected Products :- Published: Jan. 05, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Authentication
-
6.5
MEDIUMCVE-2023-51513
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in INTINITUM FORM Geo Controller allows DOM-Based XSS.This issue affects Geo Controller: from n/a through 8.5.2.... Read more
Affected Products : geo_controller- Published: Jan. 05, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2025-10933
An integer underflow vulnerability in the Silicon Labs Z-Wave Protocol Controller can lead to out of bounds memory reads.... Read more
Affected Products :- Published: Jan. 05, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-68760
In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix potential out-of-bounds read in iommu_mmio_show In iommu_mmio_write(), it validates the user-provided offset with the check: `iommu->dbg_mmio_offset > iommu->mmio_phys_en... Read more
Affected Products : linux_kernel- Published: Jan. 05, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-68752
In the Linux kernel, the following vulnerability has been resolved: iavf: Implement settime64 with -EOPNOTSUPP ptp_clock_settime() assumes every ptp_clock has implemented settime64(). Stub it with -EOPNOTSUPP to prevent a NULL dereference. The fix is s... Read more
Affected Products : linux_kernel- Published: Jan. 05, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Misconfiguration
-
0.0
NACVE-2025-68751
In the Linux kernel, the following vulnerability has been resolved: s390/fpu: Fix false-positive kmsan report in fpu_vstl() A false-positive kmsan report is detected when running ping command. An inline assembly instruction 'vstl' can write varied amou... Read more
Affected Products : linux_kernel- Published: Jan. 05, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Memory Corruption
-
8.6
HIGHCVE-2025-14124
The Team WordPress plugin before 5.0.11 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.... Read more
Affected Products : team_-_wordpress_team_members_showcase- Published: Jan. 05, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-14153
The Page Expire Popup/Redirection for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'id' shortcode attribute in all versions up to, and including, 1.0 due to insufficient escaping on the user supplied parameter and lack ... Read more
Affected Products :- Published: Jan. 06, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Injection
-
5.3
MEDIUMCVE-2025-13215
The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.17.13 via the auxels_ajax_search due to insufficient restrictions on which posts can be included. This mak... Read more
Affected Products : shortcodes_and_extra_features_for_phlox_theme- Published: Jan. 06, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Information Disclosure
-
6.4
MEDIUMCVE-2025-14438
The Xagio SEO – AI Powered SEO plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.1.0.30 via the 'pixabayDownloadImage' function. This makes it possible for authenticated attackers, with Subscriber-le... Read more
Affected Products :- Published: Jan. 06, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Server-Side Request Forgery
-
8.8
HIGHCVE-2026-21411
Authentication bypass issue exists in OpenBlocks series versions prior to FW5.0.8, which may allow an attacker to bypass administrator authentication and change the password.... Read more
Affected Products :- Published: Jan. 06, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Authentication
-
8.7
HIGHCVE-2020-36907
Aerohive HiveOS contains a denial of service vulnerability in the NetConfig UI that allows unauthenticated attackers to render the web interface unusable. Attackers can send a crafted HTTP request to the action.php5 script with specific parameters to trig... Read more
Affected Products :- Published: Jan. 06, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Denial of Service
-
5.1
MEDIUMCVE-2020-36918
iDS6 DSSPro Digital Signage System 6.2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can craft malicious web pages to trick logged-in administrators into a... Read more
Affected Products :- Published: Jan. 06, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Cross-Site Request Forgery
-
9.8
CRITICALCVE-2020-36925
Arteco Web Client DVR/NVR contains a session hijacking vulnerability with insufficient session ID complexity that allows remote attackers to bypass authentication. Attackers can brute force session IDs within a specific numeric range to obtain valid sessi... Read more
Affected Products :- Published: Jan. 06, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Authentication