Latest CVE Feed
-
5.3
MEDIUMCVE-2026-0676
Missing Authorization vulnerability in G5Theme Zorka zorka allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zorka: from n/a through <= 1.5.7.... Read more
Affected Products :- Published: Jan. 08, 2026
- Modified: Jan. 12, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2026-22041
Logging Redactor is a Python library designed to redact sensitive data in logs based on regex patterns and / or dictionary keys. Prior to version 0.0.6, non-string types are converted into string types, leading to type errors in %d conversions. The proble... Read more
Affected Products : logging_redactor- Published: Jan. 08, 2026
- Modified: Jan. 12, 2026
- Vuln Type: Misconfiguration
-
5.3
MEDIUMCVE-2024-55374
REDCap 14.3.13 allows an attacker to enumerate usernames due to an observable discrepancy between login attempts.... Read more
Affected Products : redcap- Published: Jan. 02, 2026
- Modified: Jan. 12, 2026
- Vuln Type: Authentication
-
5.3
MEDIUMCVE-2025-14782
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.49.1 via the 'listen_for_csv_export' function. This is due to the plugin not properl... Read more
Affected Products : forminator- Published: Jan. 09, 2026
- Modified: Jan. 09, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-69272
Cleartext Transmission of Sensitive Information vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 21.2.1 and earlier.... Read more
Affected Products : dx_netops_spectrum- Published: Jan. 12, 2026
- Modified: Jan. 12, 2026
- Vuln Type: Cryptography
-
5.3
MEDIUMCVE-2026-22251
wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, wlc supported providing unscoped API keys in the setting. This practice was discouraged for years, but the code was never removed. This might cause the API key to be leaked to... Read more
Affected Products :- Published: Jan. 12, 2026
- Modified: Jan. 12, 2026
- Vuln Type: Misconfiguration
-
5.3
MEDIUMCVE-2026-22701
filelock is a platform-independent file lock for Python. Prior to version 3.20.3, a TOCTOU race condition vulnerability exists in the SoftFileLock implementation of the filelock package. An attacker with local filesystem access and permission to create sy... Read more
Affected Products :- Published: Jan. 10, 2026
- Modified: Jan. 10, 2026
- Vuln Type: Race Condition
-
5.3
MEDIUMCVE-2025-14072
The Ninja Forms WordPress plugin before 3.13.3 allows unauthenticated attackers to generate valid access tokens via the REST API which can then be used to read form submissions.... Read more
Affected Products : ninja_forms- Published: Jan. 02, 2026
- Modified: Jan. 09, 2026
- Vuln Type: Authentication
-
5.3
MEDIUMCVE-2025-69093
Missing Authorization vulnerability in wpdesk ShopMagic shopmagic-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShopMagic: from n/a through <= 4.7.2.... Read more
Affected Products :- Published: Dec. 30, 2025
- Modified: Jan. 09, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-14043
The Tainacan plugin for WordPress is vulnerable to unauthorized metadata section creation due to missing authorization checks in all versions up to, and including, 1.0.1. This is due to the `create_item_permissions_check()` function unconditionally return... Read more
Affected Products : tainacan- Published: Dec. 21, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-15474
AuntyFey Smart Combination Lock firmware versions as of 2025-12-24 contain a vulnerability that allows an unauthenticated attacker within Bluetooth Low Energy (BLE) range to cause a denial of service by repeatedly initiating BLE connections. Sustained con... Read more
Affected Products :- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Denial of Service
-
5.3
MEDIUMCVE-2025-14953
A flaw has been found in Open5GS up to 2.7.5. This impacts the function ogs_pfcp_handle_create_pdr in the library lib/pfcp/handler.c of the component FAR-ID Handler. Executing manipulation can lead to null pointer dereference. The attack may be performed ... Read more
Affected Products : open5gs- Published: Dec. 19, 2025
- Modified: Dec. 24, 2025
- Vuln Type: Memory Corruption
-
5.3
MEDIUMCVE-2026-0831
The Templately plugin for WordPress is vulnerable to Arbitrary File Write in all versions up to, and including, 3.4.8. This is due to inadequate input validation in the `save_template_to_file()` function where user-controlled parameters like `session_id`,... Read more
Affected Products :- Published: Jan. 10, 2026
- Modified: Jan. 10, 2026
- Vuln Type: Path Traversal
-
5.3
MEDIUMCVE-2025-68273
Signal K Server is a server application that runs on a central hub in a boat. An unauthenticated information disclosure vulnerability in versions prior to 2.19.0 allows any user to retrieve sensitive system information, including the full SignalK data sch... Read more
Affected Products : signal_k_server- Published: Jan. 01, 2026
- Modified: Jan. 06, 2026
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-69031
Missing Authorization vulnerability in Skywarrior Arcane arcane allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Arcane: from n/a through <= 3.6.6.... Read more
Affected Products :- Published: Dec. 30, 2025
- Modified: Jan. 02, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2026-21635
An Improper Access Control could allow a malicious actor in Wi-Fi range to the EV Station Lite (v1.5.2 and earlier) to use WiFi AutoLink feature on a device that was only adopted via Ethernet.... Read more
Affected Products :- Published: Jan. 05, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-68940
In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request.... Read more
Affected Products : gitea- Published: Dec. 26, 2025
- Modified: Jan. 02, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-66908
Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an improper file type validation vulnerability in the OCR image upload functionality. The OcrController in turms-ai-serving/src/main/java/im/turms/ai/domain/ocr/controller/OcrController.java us... Read more
Affected Products : turms- Published: Dec. 19, 2025
- Modified: Jan. 02, 2026
- Vuln Type: Misconfiguration
-
5.3
MEDIUMCVE-2026-0571
A security flaw has been discovered in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this issue is the function createResponseEntity of the file warehouse\src\main\java\com\yeqifu\sys\common\AppFileUtils.java. The manipulati... Read more
Affected Products :- Published: Jan. 02, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Path Traversal
-
5.3
MEDIUMCVE-2018-25127
SOCA Access Control System 180612 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft malicious web pages that submit forged requests to create ... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Cross-Site Request Forgery