Latest CVE Feed
-
5.8
MEDIUMCVE-2026-0566
A security vulnerability has been detected in code-projects Content Management System 1.0. Impacted is an unknown function of the file /admin/edit_posts.php. The manipulation of the argument image leads to unrestricted upload. The attack is possible to be... Read more
Affected Products : content_management_system- Published: Jan. 02, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Misconfiguration
-
5.8
MEDIUMCVE-2025-49919
Insertion of Sensitive Information Into Sent Data vulnerability in WPCenter eRoom eroom-zoom-meetings-webinar allows Retrieve Embedded Sensitive Data.This issue affects eRoom: from n/a through <= 1.5.6.... Read more
Affected Products :- Published: Dec. 18, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Information Disclosure
-
5.8
MEDIUMCVE-2025-59003
Insertion of Sensitive Information Into Sent Data vulnerability in Inkthemescom Black Rider allows Retrieve Embedded Sensitive Data.This issue affects Black Rider: from n/a through 1.2.3.... Read more
Affected Products :- Published: Dec. 31, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Information Disclosure
-
5.8
MEDIUMCVE-2025-15250
A security vulnerability has been detected in 08CMS Novel System up to 3.4. This issue affects some unknown processing of the file admina/mtpls.inc.php of the component Template Handler. The manipulation leads to code injection. It is possible to initiate... Read more
Affected Products :- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Injection
-
5.8
MEDIUMCVE-2026-22772
Fulcio is a certificate authority for issuing code signing certificates for an OpenID Connect (OIDC) identity. Prior to 1.8.5, Fulcio's metaRegex() function uses unanchored regex, allowing attackers to bypass MetaIssuer URL validation and trigger SSRF to ... Read more
Affected Products :- Published: Jan. 12, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Server-Side Request Forgery
-
5.8
MEDIUMCVE-2025-15414
A flaw has been found in go-sonic sonic up to 1.1.4. The affected element is the function FetchTheme of the file service/theme/git_fetcher.go of the component Theme Fetching API. Executing manipulation of the argument uri can lead to server-side request f... Read more
Affected Products :- Published: Jan. 01, 2026
- Modified: Jan. 02, 2026
- Vuln Type: Server-Side Request Forgery
-
5.8
MEDIUMCVE-2025-15495
A vulnerability was found in BiggiDroid Simple PHP CMS 1.0. This impacts an unknown function of the file /admin/editsite.php. The manipulation of the argument image results in unrestricted upload. The attack can be launched remotely. The exploit has been ... Read more
Affected Products : simple_php_cms- Published: Jan. 09, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Misconfiguration
-
5.8
MEDIUMCVE-2025-15438
A vulnerability was determined in PluXml up to 5.8.22. Affected is the function FileCookieJar::__destruct of the file core/admin/medias.php of the component Media Management Module. Executing manipulation of the argument File can lead to deserialization. ... Read more
Affected Products :- Published: Jan. 02, 2026
- Modified: Jan. 02, 2026
- Vuln Type: Information Disclosure
-
5.8
MEDIUMCVE-2026-21896
Kirby is an open-source content management system. From versions 5.0.0 to 5.2.1, Kirby is missing permission checks in the content changes API. This vulnerability affects all Kirby sites where user permissions are configured to prevent specific role(s) fr... Read more
Affected Products : kirby- Published: Jan. 08, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Authorization
-
5.7
MEDIUMCVE-2025-68967
Vulnerability of improper permission control in the print module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.... Read more
Affected Products : harmonyos- Published: Jan. 14, 2026
- Modified: Jan. 15, 2026
- Vuln Type: Authorization
-
5.7
MEDIUMCVE-2025-68947
NSecsoft 'NSecKrnl' is a Windows driver that allows a local, authenticated attacker to terminate processes owned by other users, including SYSTEM and Protected Processes by issuing crafted IOCTL requests to the driver.... Read more
Affected Products :- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Authorization
-
5.7
MEDIUMCVE-2025-68963
Man-in-the-middle attack vulnerability in the Clone module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.... Read more
- Published: Jan. 14, 2026
- Modified: Jan. 15, 2026
- Vuln Type: Cryptography
-
5.7
MEDIUMCVE-2025-13454
A potential vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to gain access to sensitive device information.... Read more
Affected Products :- Published: Jan. 14, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Information Disclosure
-
5.7
MEDIUMCVE-2025-68158
Authlib is a Python library which builds OAuth and OpenID Connect servers. In version 1.6.5 and prior, cache-backed state/request-token storage is not tied to the initiating user session, so CSRF is possible for any attacker that has a valid state (easily... Read more
Affected Products : authlib- Published: Jan. 08, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Cross-Site Request Forgery
-
5.7
MEDIUMCVE-2025-59955
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Coolify versions prior to and including v4.0.0-beta.420.8 have an information disclosure vulnerability in the `/api/v1/teams/{team_id}/members` and `/api/v... Read more
Affected Products : coolify- Published: Jan. 05, 2026
- Modified: Jan. 12, 2026
- Vuln Type: Information Disclosure
-
5.7
MEDIUMCVE-2025-14738
Improper authentication vulnerability in TP-Link WA850RE (httpd modules) allows unauthenticated attackers to download the configuration file.This issue affects: ≤ WA850RE V2_160527, ≤ WA850RE V3_160922.... Read more
Affected Products :- Published: Dec. 18, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Authentication
-
5.6
MEDIUMCVE-2025-68919
Fujitsu / Fsas Technologies ETERNUS SF ACM/SC/Express (DX / AF Management Software) before 16.8-16.9.1 PA 2025-12, when collected maintenance data is accessible by a principal/authority other than ETERNUS SF Admin, allows an attacker to potentially affect... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Misconfiguration
-
5.6
MEDIUMCVE-2025-14505
The ECDSA implementation of the Elliptic package generates incorrect signatures if an interim value of 'k' (as computed based on step 3.2 of RFC 6979 https://datatracker.ietf.org/doc/html/rfc6979 ) has leading zeros and is susceptible to cryptanalysis, w... Read more
- Published: Jan. 08, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Cryptography
-
5.6
MEDIUMCVE-2026-22859
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, the URBDRC client does not perform bounds checking on server‑supplied MSUSB_INTERFACE_DESCRIPTOR values and uses them as indices in libusb_udev_complete_msconfig_setup, caus... Read more
Affected Products : freerdp- Published: Jan. 14, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Memory Corruption
-
5.6
MEDIUMCVE-2026-22858
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, global-buffer-overflow was observed in FreeRDP's Base64 decoding path. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char... Read more
Affected Products : freerdp- Published: Jan. 14, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Memory Corruption