Latest CVE Feed
-
5.5
MEDIUMCVE-2025-15417
A vulnerability was identified in Open5GS up to 2.7.6. Affected is the function sgwc_s11_handle_create_session_request of the file src/sgwc/s11-handler.c of the component GTPv2-C F-TEID Handler. Such manipulation leads to denial of service. The attack mus... Read more
Affected Products : open5gs- Published: Jan. 01, 2026
- Modified: Jan. 06, 2026
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2025-64422
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify vstarting with version 4.0.0-beta.434, the /login endpoint advertises a rate limit of 5 requests but can be trivially bypassed by rotating the X... Read more
Affected Products : coolify- Published: Jan. 05, 2026
- Modified: Jan. 12, 2026
- Vuln Type: Authentication
-
5.5
MEDIUMCVE-2026-20819
Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to disclose information locally.... Read more
Affected Products :- Published: Jan. 13, 2026
- Modified: Jan. 13, 2026
-
5.5
MEDIUMCVE-2026-21302
Substance3D - Modeler versions 1.22.4 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of thi... Read more
Affected Products :- Published: Jan. 13, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2026-21278
InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this... Read more
Affected Products :- Published: Jan. 13, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2026-21506
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to Null pointer dereference in CIccProfileXml::ParseBasic(), leadin... Read more
Affected Products : iccdev- Published: Jan. 07, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2026-21300
Substance3D - Modeler versions 1.22.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.... Read more
Affected Products :- Published: Jan. 13, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2025-69261
WasmEdge is a WebAssembly runtime. Prior to version 0.16.0-alpha.3, a multiplication in `WasmEdge/include/runtime/instance/memory.h` can wrap, causing `checkAccessBound()` to incorrectly allow the access. This leads to a segmentation fault. Version 0.16.0... Read more
Affected Products :- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2026-20823
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.... Read more
Affected Products :- Published: Jan. 13, 2026
- Modified: Jan. 13, 2026
-
5.5
MEDIUMCVE-2025-15419
A weakness has been identified in Open5GS up to 2.7.6. Affected by this issue is the function sgwc_s5c_handle_create_session_response of the file src/sgwc/s5c-handler.c of the component GTPv2-C Flow Handler. Executing a manipulation can lead to denial of ... Read more
Affected Products : open5gs- Published: Jan. 02, 2026
- Modified: Jan. 06, 2026
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2025-15418
A security flaw has been discovered in Open5GS up to 2.7.6. Affected by this vulnerability is the function ogs_gtp2_parse_bearer_qos in the library lib/gtp/v2/types.c of the component Bearer QoS IE Length Handler. Performing manipulation results in denial... Read more
Affected Products : open5gs- Published: Jan. 02, 2026
- Modified: Jan. 06, 2026
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2026-20833
Use of a broken or risky cryptographic algorithm in Windows Kerberos allows an authorized attacker to disclose information locally.... Read more
Affected Products :- Published: Jan. 13, 2026
- Modified: Jan. 13, 2026
-
5.5
MEDIUMCVE-2026-20827
Exposure of sensitive information to an unauthorized actor in Tablet Windows User Interface (TWINUI) Subsystem allows an authorized attacker to disclose information locally.... Read more
Affected Products :- Published: Jan. 13, 2026
- Modified: Jan. 13, 2026
-
5.5
MEDIUMCVE-2026-21301
Substance3D - Modeler versions 1.22.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.... Read more
Affected Products :- Published: Jan. 13, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2026-22587
Ideagen DevonWay contains a stored cross site scripting vulnerability. A remote, authenticated attacker could craft a payload in the 'Reports' page that executes when another user views the report. Fixed in 2.62.4 and 2.62 LTS.... Read more
Affected Products :- Published: Jan. 08, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Cross-Site Scripting
-
5.5
MEDIUMCVE-2025-69255
RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 to 1.0.0-alpha.77, a malformed gRPC GetMetrics request causes get_metrics to unwrap() failed deserialization of metric_type/opts, panicking the handler thread and enab... Read more
Affected Products : rustfs- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Denial of Service
-
5.4
MEDIUMCVE-2025-69353
Missing Authorization vulnerability in Proxy & VPN Blocker Proxy & VPN Blocker proxy-vpn-blocker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Proxy & VPN Blocker: from n/a through <= 3.5.3.... Read more
Affected Products :- Published: Jan. 06, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Authorization
-
5.4
MEDIUMCVE-2025-62088
Server-Side Request Forgery (SSRF) vulnerability in extendons WordPress & WooCommerce Scraper Plugin, Import Data from Any Site allows Server Side Request Forgery.This issue affects WordPress & WooCommerce Scraper Plugin, Import Data from Any Site: from n... Read more
Affected Products :- Published: Dec. 31, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Server-Side Request Forgery
-
5.4
MEDIUMCVE-2021-47737
CSZ CMS 1.2.7 contains an HTML injection vulnerability that allows authenticated users to insert malicious hyperlinks in message titles. Attackers can craft POST requests to the member messaging system with HTML-based links to potentially conduct phishing... Read more
Affected Products : csz_cms- Published: Dec. 23, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Injection
-
5.4
MEDIUMCVE-2025-66150
Missing Authorization vulnerability in merkulove Appender allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Appender: from n/a through 1.1.1.... Read more
Affected Products :- Published: Dec. 31, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Authorization