Latest CVE Feed
-
5.3
MEDIUMCVE-2025-3652
Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an information disclosure vulnerability that allows unauthorized access to private audio recordings by exploiting sequential audio IDs and insecure assignment endpoints. Attackers can send ... Read more
Affected Products :- Published: Jan. 04, 2026
- Modified: Jan. 04, 2026
- Vuln Type: Information Disclosure
-
7.3
HIGHCVE-2025-3646
Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an authorization bypass vulnerability that allows unauthorized users to add users as shared owners to any device by exploiting missing permission checks. Attackers can send requests to the ... Read more
Affected Products :- Published: Jan. 04, 2026
- Modified: Jan. 04, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-15115
Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an authentication bypass vulnerability that allows unauthenticated attackers to access any user account by exploiting OAuth token validation flaws in the social login system. Attackers can ... Read more
Affected Products :- Published: Jan. 04, 2026
- Modified: Jan. 04, 2026
- Vuln Type: Authentication
-
5.3
MEDIUMCVE-2026-21484
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to commit e287fab56089cf8fcea9ba579a3ecdeca0daa313, the password recovery endpoint returns different error messages depending... Read more
Affected Products : anythingllm- Published: Jan. 03, 2026
- Modified: Jan. 03, 2026
- Vuln Type: Information Disclosure
-
9.4
CRITICALCVE-2025-64125
A vulnerability in Nuvation Energy nCloud VPN Service allowed Network Boundary Bridging.This issue affected the nCloud VPN Service and was fixed on 2025-12-1 (December, 2025). End users do not have to take any action to mitigate the issue.... Read more
Affected Products :- Published: Jan. 03, 2026
- Modified: Jan. 03, 2026
- Vuln Type: Misconfiguration
-
8.7
HIGHCVE-2025-64124
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows OS Command Injection.This issue affects Multi-Stack Controller (MSC): before 2.5.1.... Read more
Affected Products :- Published: Jan. 03, 2026
- Modified: Jan. 03, 2026
- Vuln Type: Injection
-
9.4
CRITICALCVE-2025-64123
Unintended Proxy or Intermediary vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows Network Boundary Bridging.This issue affects Multi-Stack Controller (MSC): through and including release 2.5.1.... Read more
Affected Products :- Published: Jan. 02, 2026
- Modified: Jan. 03, 2026
- Vuln Type: Injection
-
7.2
HIGHCVE-2025-64122
Insufficiently Protected Credentials vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows Signature Spoofing by Key Theft.This issue affects Multi-Stack Controller (MSC): through 2.5.1.... Read more
Affected Products :- Published: Jan. 02, 2026
- Modified: Jan. 02, 2026
- Vuln Type: Cryptography
-
10.0
CRITICALCVE-2025-64121
Authentication Bypass Using an Alternate Path or Channel vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows Authentication Bypass.This issue affects Multi-Stack Controller (MSC): from 2.3.8 before 2.5.1.... Read more
Affected Products :- Published: Jan. 02, 2026
- Modified: Jan. 02, 2026
- Vuln Type: Authentication
-
9.4
CRITICALCVE-2025-64120
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows OS Command Injection.This issue affects Multi-Stack Controller (MSC): from 2.3.8 before 2.5.1.... Read more
Affected Products :- Published: Jan. 02, 2026
- Modified: Jan. 02, 2026
- Vuln Type: Injection
-
9.3
CRITICALCVE-2025-64119
A vulnerability in Nuvation Battery Management System allows Authentication Bypass.This issue affects Battery Management System: through 2.3.9.... Read more
Affected Products :- Published: Jan. 02, 2026
- Modified: Jan. 02, 2026
- Vuln Type: Authentication
-
5.4
MEDIUMCVE-2026-21483
listmonk is a standalone, self-hosted, newsletter and mailing list manager. Prior to version 6.0.0, lower-privileged user with campaign management permissions can inject malicious JavaScript into campaigns or templates. When a higher-privileged user (Supe... Read more
Affected Products : listmonk- Published: Jan. 02, 2026
- Modified: Jan. 02, 2026
- Vuln Type: Cross-Site Scripting
-
7.5
HIGHCVE-2026-21452
MessagePack for Java is a serializer implementation for Java. A denial-of-service vulnerability exists in versions prior to 0.9.11 when deserializing .msgpack files containing EXT32 objects with attacker-controlled payload lengths. While MessagePack-Java ... Read more
Affected Products :- Published: Jan. 02, 2026
- Modified: Jan. 02, 2026
- Vuln Type: Denial of Service
-
5.2
MEDIUMCVE-2026-21451
Bagisto is an open source laravel eCommerce platform. A stored Cross-Site Scripting (XSS) vulnerability exists in Bagisto prior to version 2.3.10 within the CMS page editor. Although the platform normally attempts to sanitize `<script>` tags, the filterin... Read more
Affected Products : bagisto- Published: Jan. 02, 2026
- Modified: Jan. 02, 2026
- Vuln Type: Cross-Site Scripting
-
7.3
HIGHCVE-2026-21450
Bagisto is an open source laravel eCommerce platform. Versions prior to 2.3.10 are vulnerable to server-side template injection via type parameter, which can lead to remote code execution or another exploitation. Version 2.3.10 fixes the issue.... Read more
Affected Products : bagisto- Published: Jan. 02, 2026
- Modified: Jan. 02, 2026
- Vuln Type: Injection
-
7.4
HIGHCVE-2026-21449
Bagisto is an open source laravel eCommerce platform. Versions prior to 2.3.10 are vulnerable to server-side template injection via first name and last name from a low-privilege user. Version 2.3.10 fixes the issue.... Read more
Affected Products : bagisto- Published: Jan. 02, 2026
- Modified: Jan. 02, 2026
- Vuln Type: Injection
-
8.9
HIGHCVE-2026-21448
Bagisto is an open source laravel eCommerce platform. Versions prior to 2.3.10 are vulnerable to server-side template injection. When a normal customer orders any product, in the `add address` step they can inject a value to run in admin view. The issue c... Read more
Affected Products : bagisto- Published: Jan. 02, 2026
- Modified: Jan. 02, 2026
- Vuln Type: Injection
-
7.1
HIGHCVE-2026-21447
Bagisto is an open source laravel eCommerce platform. Prior to version 2.3.10, an Insecure Direct Object Reference vulnerability in the customer order reorder function allows any authenticated customer to add items from another customer's order to their o... Read more
Affected Products : bagisto- Published: Jan. 02, 2026
- Modified: Jan. 02, 2026
- Vuln Type: Authorization
-
8.8
HIGHCVE-2026-21446
Bagisto is an open source laravel eCommerce platform. In versions on the 2.3 branch prior to 2.3.10, API routes remain active even after initial installation is complete. The underlying API endpoints (`/install/api/*`) are directly accessible and exploita... Read more
Affected Products : bagisto- Published: Jan. 02, 2026
- Modified: Jan. 02, 2026
- Vuln Type: Authentication
-
8.8
HIGHCVE-2026-21445
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0.dev45, multiple critical API endpoints in Langflow are missing authentication controls. The issue allows any unauthenticated user to access sensitive use... Read more
Affected Products : langflow- Published: Jan. 02, 2026
- Modified: Jan. 02, 2026
- Vuln Type: Authentication