Latest CVE Feed
-
0.0
NACVE-2025-69250
free5gc UDM provides Unified Data Management (UDM) for free5GC, an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, the service reliably leaks detailed internal error messages (e.g., strconv.ParseInt... Read more
Affected Products :- Published: Feb. 23, 2026
- Modified: Feb. 23, 2026
- Vuln Type: Information Disclosure
-
0.0
NACVE-2026-3044
A vulnerability has been found in Tenda AC8 16.03.34.06. This affects the function webCgiGetUploadFile of the file /cgi-bin/UploadCfg of the component Httpd Service. The manipulation of the argument boundary leads to stack-based buffer overflow. It is pos... Read more
Affected Products :- Published: Feb. 23, 2026
- Modified: Feb. 23, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2026-3063
Inappropriate implementation in DevTools in Google Chrome prior to 145.0.7632.116 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via DevTools. (Chromium security severity: High)... Read more
Affected Products :- Published: Feb. 23, 2026
- Modified: Feb. 23, 2026
- Vuln Type: Cross-Site Scripting
-
0.0
NACVE-2026-3062
Out of bounds read and write in Tint in Google Chrome on Mac prior to 145.0.7632.116 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)... Read more
Affected Products :- Published: Feb. 23, 2026
- Modified: Feb. 23, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2026-3061
Out of bounds read in Media in Google Chrome prior to 145.0.7632.116 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)... Read more
Affected Products :- Published: Feb. 23, 2026
- Modified: Feb. 23, 2026
- Vuln Type: Memory Corruption
-
7.7
HIGHCVE-2026-21665
The Print Service component of Fiserv Originate Loans Peripherals (formerly Velocity Services) in unsupported version 2021.2.4 (build 4.7.3155.0011) uses deprecated .NET Remoting TCP channels that allow unsafe deserialization of untrusted data. When these... Read more
Affected Products :- Published: Feb. 23, 2026
- Modified: Feb. 23, 2026
- Vuln Type: Misconfiguration
-
7.1
HIGHCVE-2025-69367
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GT3themes Oyster - Photography WordPress Theme oyster allows DOM-Based XSS.This issue affects Oyster - Photography WordPress Theme: from n/a through <= 4... Read more
Affected Products :- Published: Feb. 20, 2026
- Modified: Feb. 23, 2026
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2025-68854
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in harman79 ID Arrays id-arrays allows DOM-Based XSS.This issue affects ID Arrays: from n/a through <= 2.1.2.... Read more
Affected Products :- Published: Feb. 20, 2026
- Modified: Feb. 23, 2026
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2025-68037
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Atlas Gondal Export Media URLs export-media-urls allows Reflected XSS.This issue affects Export Media URLs: from n/a through <= 2.2.... Read more
Affected Products : export_all_urls- Published: Feb. 20, 2026
- Modified: Feb. 23, 2026
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2025-53231
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevstudio Easy Taxonomy Images easy-taxonomy-images allows Stored XSS.This issue affects Easy Taxonomy Images: from n/a through <= 1.0.1.... Read more
Affected Products :- Published: Feb. 20, 2026
- Modified: Feb. 23, 2026
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2025-53228
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jezza101 bbpress Simple Advert Units bbpress-simple-advert-units allows Reflected XSS.This issue affects bbpress Simple Advert Units: from n/a through <=... Read more
Affected Products :- Published: Feb. 20, 2026
- Modified: Feb. 23, 2026
- Vuln Type: Cross-Site Scripting
-
0.0
NACVE-2026-3043
A flaw has been found in itsourcecode Event Management System 1.0. The impacted element is an unknown function of the file /admin/navbar.php. Executing a manipulation of the argument page can lead to cross site scripting. The attack may be performed from ... Read more
Affected Products :- Published: Feb. 23, 2026
- Modified: Feb. 23, 2026
- Vuln Type: Cross-Site Scripting
-
0.0
NACVE-2026-3042
A vulnerability was detected in itsourcecode Event Management System 1.0. The affected element is an unknown function of the file /admin/index.php. Performing a manipulation of the argument ID results in sql injection. The attack is possible to be carried... Read more
Affected Products :- Published: Feb. 23, 2026
- Modified: Feb. 23, 2026
- Vuln Type: Injection
-
4.8
MEDIUMCVE-2026-3041
A security vulnerability has been detected in xingfuggz BaykeShop up to 1.3.20. Impacted is an unknown function of the file src/baykeshop/contrib/article/templates/baykeshop/sidebar/custom.html of the component Article Sidebar Module. Such manipulation of... Read more
Affected Products :- Published: Feb. 23, 2026
- Modified: Feb. 23, 2026
- Vuln Type: Cross-Site Scripting
-
5.8
MEDIUMCVE-2026-3040
A vulnerability was identified in DrayTek Vigor 300B up to 1.5.1.6. This affects the function cgiGetFile of the file /cgi-bin/mainfunction.cgi/uploadlangs of the component Web Management Interface. The manipulation of the argument File leads to os command... Read more
Affected Products :- Published: Feb. 23, 2026
- Modified: Feb. 23, 2026
- Vuln Type: Injection
-
5.3
MEDIUMCVE-2026-3028
A vulnerability was determined in erzhongxmu JEEWMS up to 3.7. This vulnerability affects the function doAdd of the file src/main/java/com/jeecg/demo/controller/JeecgListDemoController.java. This manipulation of the argument Name causes cross site scripti... Read more
Affected Products :- Published: Feb. 23, 2026
- Modified: Feb. 23, 2026
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2026-27742
Bludit version 3.16.2 contains a stored cross-site scripting (XSS) vulnerability in the post content functionality. The application performs client-side sanitation of content input but does not enforce equivalent sanitation on the server side. An authenti... Read more
Affected Products :- Published: Feb. 23, 2026
- Modified: Feb. 23, 2026
- Vuln Type: Cross-Site Scripting
-
5.1
MEDIUMCVE-2026-27741
Bludit version 3.16.1 contains a cross-site request forgery (CSRF) vulnerability in the /admin/uninstall-plugin/ and /admin/install-theme/ endpoints. The application does not implement anti-CSRF tokens or other request origin validation mechanisms for the... Read more
Affected Products :- Published: Feb. 23, 2026
- Modified: Feb. 23, 2026
- Vuln Type: Cross-Site Request Forgery
-
7.3
HIGHCVE-2026-25649
Versions of the Traccar open-source GPS tracking system up to and including 6.11.1 contain an issue in which authenticated users can steal OAuth 2.0 authorization codes by exploiting an open redirect vulnerability in two OIDC-related endpoints. The `redir... Read more
Affected Products :- Published: Feb. 23, 2026
- Modified: Feb. 23, 2026
- Vuln Type: Authentication
-
7.1
HIGHCVE-2026-24949
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods PhotoMe photome allows DOM-Based XSS.This issue affects PhotoMe: from n/a through <= 5.7.1.... Read more
Affected Products :- Published: Feb. 20, 2026
- Modified: Feb. 23, 2026
- Vuln Type: Cross-Site Scripting