Latest CVE Feed
-
5.3
MEDIUMCVE-2026-22693
HarfBuzz is a text shaping engine. Prior to version 12.3.0, a null pointer dereference vulnerability exists in the SubtableUnicodesCache::create function located in src/hb-ot-cmap-table.hh. The function fails to check if hb_malloc returns NULL before usin... Read more
Affected Products : harfbuzz- Published: Jan. 10, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Memory Corruption
-
4.8
MEDIUMCVE-2025-15505
A vulnerability was found in Luxul XWR-600 up to 4.0.1. The affected element is an unknown function of the component Web Administration Interface. The manipulation of the argument Guest Network/Wireless Profile SSID results in cross site scripting. The at... Read more
Affected Products :- Published: Jan. 11, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Cross-Site Scripting
-
7.3
HIGHCVE-2026-22786
Gin-vue-admin is a backstage management system based on vue and gin. Gin-vue-admin <= v2.8.7 has a path traversal vulnerability in the breakpoint resume upload functionality. Attacker can upload any files on any directory. In the breakpoint_continue.go fi... Read more
Affected Products : gin-vue-admin- Published: Jan. 12, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Path Traversal
-
8.7
HIGHCVE-2025-41005
Imaster's MEMS Events CRM contains an SQL injection vulnerability in‘keyword’ parameter in ‘/memsdemo/exchange_offers.php’.... Read more
Affected Products :- Published: Jan. 12, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-67147
Multiple SQL Injection vulnerabilities exist in amansuryawanshi Gym-Management-System-PHP 1.0 via the 'name', 'email', and 'comment' parameters in (1) submit_contact.php, the 'username' and 'pass_key' parameters in (2) secure_login.php, and the 'login_id'... Read more
Affected Products :- Published: Jan. 12, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Injection