Latest CVE Feed
-
5.3
MEDIUMCVE-2026-22701
filelock is a platform-independent file lock for Python. Prior to version 3.20.3, a TOCTOU race condition vulnerability exists in the SoftFileLock implementation of the filelock package. An attacker with local filesystem access and permission to create sy... Read more
Affected Products :- Published: Jan. 10, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Race Condition
-
5.3
MEDIUMCVE-2025-14948
The miniOrange OTP Verification and SMS Notification for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `enable_wc_sms_notification` AJAX action in all versions up to, and inclu... Read more
Affected Products :- Published: Jan. 10, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2026-0831
The Templately plugin for WordPress is vulnerable to Arbitrary File Write in all versions up to, and including, 3.4.8. This is due to inadequate input validation in the `save_template_to_file()` function where user-controlled parameters like `session_id`,... Read more
Affected Products :- Published: Jan. 10, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Path Traversal
-
5.3
MEDIUMCVE-2025-69272
Cleartext Transmission of Sensitive Information vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 21.2.1 and earlier.... Read more
Affected Products : dx_netops_spectrum- Published: Jan. 12, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Cryptography
-
5.3
MEDIUMCVE-2025-63001
Missing Authorization vulnerability in nicdark Hotel Booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hotel Booking: from n/a through 3.8.... Read more
Affected Products :- Published: Dec. 31, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-63053
Authorization Bypass Through User-Controlled Key vulnerability in Jewel Theme Master Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Master Addons for Elementor: from n/a through 2.0.9.9.4.... Read more
Affected Products : master_addons- Published: Dec. 31, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-14507
The EventPrime - Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.0 via the REST API. This makes it possible for unauthenticated attackers to extract sen... Read more
Affected Products : eventprime- Published: Jan. 13, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-68430
CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.8.1 through 2.52.0, an attacker with an account on a CVAT instance is able to retrieve the contents of any file system directory accessible to the CVAT s... Read more
Affected Products : computer_vision_annotation_tool- Published: Dec. 19, 2025
- Modified: Jan. 13, 2026
- Vuln Type: Path Traversal
-
5.3
MEDIUMCVE-2026-0883
Information disclosure in the Networking component. This vulnerability affects Firefox < 147 and Firefox ESR < 140.7.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2026-20927
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to deny service over a network.... Read more
Affected Products :- Published: Jan. 13, 2026
- Modified: Jan. 13, 2026
-
5.3
MEDIUMCVE-2025-37178
Multiple out-of-bounds read vulnerabilities were identified in a system component responsible for handling certain data buffers. Due to insufficient validation of maximum buffer size values, the process may attempt to read beyond the intended memory regio... Read more
Affected Products :- Published: Jan. 13, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Memory Corruption
-
5.3
MEDIUMCVE-2026-21892
Parsl is a Python parallel scripting library. A SQL Injection vulnerability exists in the parsl-visualize component of versions prior to 2026.01.05. The application constructs SQL queries using unsafe string formatting (Python % operator) with user-suppli... Read more
Affected Products :- Published: Jan. 08, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Injection
-
5.3
MEDIUMCVE-2025-68949
n8n is an open source workflow automation platform. From 1.36.0 to before 2.2.0, the Webhook node’s IP whitelist validation performed partial string matching instead of exact IP comparison. As a result, an incoming request could be accepted if the source ... Read more
Affected Products :- Published: Jan. 13, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Misconfiguration
-
5.3
MEDIUMCVE-2025-14460
The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to unauthorized order status modification in all versions up to, and including, 3.1.4. This is due to missing authorization checks on the payment callback endpoint handler whe... Read more
Affected Products : piraeus_bank_woocommerce_payment_gateway- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-13694
The AA Block Country plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 1.0.1. This is due to the plugin trusting user-supplied headers such as HTTP_X_FORWARDED_FOR to determine the client's IP address without prop... Read more
Affected Products :- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Misconfiguration
-
5.3
MEDIUMCVE-2025-13529
The Unify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'init' action in all versions up to, and including, 3.4.9. This makes it possible for unauthenticated attackers to delete specific p... Read more
Affected Products :- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2026-0707
A flaw was found in Keycloak. The Keycloak Authorization header parser is overly permissive regarding the formatting of the "Bearer" authentication scheme. It accepts non-standard characters (such as tabs) as separators and tolerates case variations that ... Read more
Affected Products :- Published: Jan. 08, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Authentication
-
5.3
MEDIUMCVE-2025-14352
The Awesome Hotel Booking plugin for WordPress is vulnerable to unauthorized modification of data due to incorrect authorization in the room-single.php shortcode handler in all versions up to, and including, 1.0. This is due to the plugin relying solely o... Read more
Affected Products :- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-37179
Multiple out-of-bounds read vulnerabilities were identified in a system component responsible for handling certain data buffers. Due to insufficient validation of maximum buffer size values, the process may attempt to read beyond the intended memory regio... Read more
Affected Products :- Published: Jan. 13, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Memory Corruption
-
5.3
MEDIUMCVE-2026-0668
Inefficient Regular Expression Complexity vulnerability in Wikimedia Foundation MediaWiki - VisualData Extension allows Regular Expression Exponential Blowup.This issue affects MediaWiki - VisualData Extension: 1.45.... Read more
Affected Products :- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Denial of Service