Latest CVE Feed
-
5.3
MEDIUMCVE-2025-49338
Missing Authorization vulnerability in Flowbox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flowbox: from n/a through 1.1.5.... Read more
Affected Products :- Published: Dec. 31, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-63022
Missing Authorization vulnerability in Illia Simple Like Page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Like Page: from n/a through 1.5.3.... Read more
Affected Products : simple_like_page- Published: Dec. 31, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-62139
Insertion of Sensitive Information Into Sent Data vulnerability in Vladimir Statsenko Terms descriptions allows Retrieve Embedded Sensitive Data.This issue affects Terms descriptions: from n/a through 3.4.9.... Read more
Affected Products : terms_descriptions- Published: Dec. 31, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2026-22693
HarfBuzz is a text shaping engine. Prior to version 12.3.0, a null pointer dereference vulnerability exists in the SubtableUnicodesCache::create function located in src/hb-ot-cmap-table.hh. The function fails to check if hb_malloc returns NULL before usin... Read more
Affected Products :- Published: Jan. 10, 2026
- Modified: Jan. 12, 2026
- Vuln Type: Memory Corruption
-
5.3
MEDIUMCVE-2025-12648
The WP-Members Membership Plugin for WordPress is vulnerable to unauthorized file access in versions up to, and including, 3.5.4.4. This is due to storing user-uploaded files in predictable directories (wp-content/uploads/wpmembers/user_files/<user_id>/) ... Read more
Affected Products : wp-members- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Path Traversal
-
5.3
MEDIUMCVE-2025-31051
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in EngoTheme Plant - Gardening & Houseplants WordPress Theme allows Retrieve Embedded Sensitive Data.This issue affects Plant - Gardening & Houseplants WordPress Them... Read more
Affected Products :- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-69268
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Reflected XSS.This issue affects DX NetOps Spectrum: 24.3.8 and earlier.... Read more
Affected Products : dx_netops_spectrum- Published: Jan. 12, 2026
- Modified: Jan. 12, 2026
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2025-69272
Cleartext Transmission of Sensitive Information vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 21.2.1 and earlier.... Read more
Affected Products : dx_netops_spectrum- Published: Jan. 12, 2026
- Modified: Jan. 12, 2026
- Vuln Type: Cryptography
-
5.3
MEDIUMCVE-2025-15474
AuntyFey Smart Combination Lock firmware versions as of 2025-12-24 contain a vulnerability that allows an unauthenticated attacker within Bluetooth Low Energy (BLE) range to cause a denial of service by repeatedly initiating BLE connections. Sustained con... Read more
Affected Products :- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Denial of Service
-
5.3
MEDIUMCVE-2025-14886
The Japanized for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `order` REST API endpoint in all versions up to, and including, 2.7.17. This makes it possible for unauthenticat... Read more
Affected Products : japanized_for_woocommerce- Published: Jan. 09, 2026
- Modified: Jan. 09, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-68938
Gitea before 1.25.2 mishandles authorization for deletion of releases.... Read more
Affected Products : gitea- Published: Dec. 26, 2025
- Modified: Jan. 02, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-14948
The miniOrange OTP Verification and SMS Notification for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `enable_wc_sms_notification` AJAX action in all versions up to, and inclu... Read more
Affected Products :- Published: Jan. 10, 2026
- Modified: Jan. 10, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2026-0831
The Templately plugin for WordPress is vulnerable to Arbitrary File Write in all versions up to, and including, 3.4.8. This is due to inadequate input validation in the `save_template_to_file()` function where user-controlled parameters like `session_id`,... Read more
Affected Products :- Published: Jan. 10, 2026
- Modified: Jan. 10, 2026
- Vuln Type: Path Traversal
-
5.3
MEDIUMCVE-2026-0571
A security flaw has been discovered in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this issue is the function createResponseEntity of the file warehouse\src\main\java\com\yeqifu\sys\common\AppFileUtils.java. The manipulati... Read more
Affected Products :- Published: Jan. 02, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Path Traversal
-
5.3
MEDIUMCVE-2025-69028
Missing Authorization vulnerability in BoldGrid weForms weforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects weForms: from n/a through <= 1.6.25.... Read more
Affected Products : weforms- Published: Dec. 30, 2025
- Modified: Jan. 02, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2026-0707
A flaw was found in Keycloak. The Keycloak Authorization header parser is overly permissive regarding the formatting of the "Bearer" authentication scheme. It accepts non-standard characters (such as tabs) as separators and tolerates case variations that ... Read more
Affected Products :- Published: Jan. 08, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Authentication
-
5.3
MEDIUMCVE-2025-66908
Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an improper file type validation vulnerability in the OCR image upload functionality. The OcrController in turms-ai-serving/src/main/java/im/turms/ai/domain/ocr/controller/OcrController.java us... Read more
Affected Products : turms- Published: Dec. 19, 2025
- Modified: Jan. 02, 2026
- Vuln Type: Misconfiguration
-
5.3
MEDIUMCVE-2019-25259
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can trick logged-in users into executing unauthorized acti... Read more
Affected Products :- Published: Jan. 08, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Cross-Site Request Forgery
-
5.3
MEDIUMCVE-2025-68940
In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request.... Read more
Affected Products : gitea- Published: Dec. 26, 2025
- Modified: Jan. 02, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-14460
The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to unauthorized order status modification in all versions up to, and including, 3.1.4. This is due to missing authorization checks on the payment callback endpoint handler whe... Read more
Affected Products : piraeus_bank_woocommerce_payment_gateway- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Authorization