Latest CVE Feed
-
5.3
MEDIUMCVE-2025-49349
Missing Authorization vulnerability in Reuters News Agency Reuters Direct allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reuters Direct: from n/a through 3.0.0.... Read more
Affected Products :- Published: Dec. 31, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2026-22486
Missing Authorization vulnerability in Hakob Re Gallery & Responsive Photo Gallery Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Re Gallery & Responsive Photo Gallery Plugin: from n/a through 1.17.18.... Read more
Affected Products :- Published: Jan. 08, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-15475
The PayHere Payment Gateway Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to an improper validation logic in the check_payhere_response function in all versions up to, and including, 2.3.9. This makes i... Read more
Affected Products :- Published: Jan. 14, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-63001
Missing Authorization vulnerability in nicdark Hotel Booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hotel Booking: from n/a through 3.8.... Read more
Affected Products :- Published: Dec. 31, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-64638
Missing Authorization vulnerability in OnPay.io OnPay.io for WooCommerce onpay-io-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OnPay.io for WooCommerce: from n/a through <= 1.0.47.... Read more
Affected Products :- Published: Dec. 16, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-14441
The Popupkit plugin for WordPress is vulnerable to arbitrary subscriber data deletion due to missing authorization on the DELETE `/subscribers` REST API endpoint in all versions up to, and including, 2.2.0. This is due to the `permission_callback` only va... Read more
Affected Products :- Published: Jan. 06, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-15086
A weakness has been identified in youlaitech youlai-mall 1.0.0/2.0.0. This impacts the function getMemberByMobile of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java. This manipulation causes improper acces... Read more
Affected Products : youlai-mall- Published: Dec. 25, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-68941
Gitea before 1.22.3 mishandles access to a private resource upon receiving an API token with scope limited to public resources.... Read more
Affected Products : gitea- Published: Dec. 26, 2025
- Modified: Jan. 02, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-13964
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catch_lp_ajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthent... Read more
Affected Products : learnpress- Published: Jan. 06, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-14823
In deployments using the ScreenConnect™ Certificate Signing Extension, encrypted configuration values including an Azure Key Vault-related key, could be returned to unauthenticated users through a client-facing endpoint under certain conditions. The value... Read more
Affected Products : screenconnect- Published: Dec. 18, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-68944
Gitea before 1.22.2 sometimes mishandles the propagation of token scope for access control within one of its own package registries.... Read more
Affected Products : gitea- Published: Dec. 26, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-15223
A vulnerability was found in Philipinho Simple-PHP-Blog up to 94b5d3e57308bce5dfbc44c3edafa9811893d958. Impacted is an unknown function of the file /login.php. Performing manipulation of the argument Username results in cross site scripting. The attack is... Read more
Affected Products :- Published: Dec. 31, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2025-15087
A security vulnerability has been detected in youlaitech youlai-mall 1.0.0/2.0.0. Affected is the function submitOrderPayment of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java. Such manipulation of the arg... Read more
Affected Products : youlai-mall- Published: Dec. 25, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-14848
Advantech WebAccess/SCADA is vulnerable to absolute directory traversal, which may allow an attacker to determine the existence of arbitrary files.... Read more
Affected Products : webaccess\/scada- Published: Dec. 18, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Path Traversal
-
5.3
MEDIUMCVE-2025-14318
Improper access checks in M-Files Server before 25.12.15491.7 allows users to download files through M-Files Web using Web Companion despite Print and Download Prevention module being enabled.... Read more
Affected Products : m-files_server- Published: Dec. 18, 2025
- Modified: Jan. 06, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-66129
Missing Authorization vulnerability in wppochipp Pochipp pochipp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pochipp: from n/a through <= 1.18.0.... Read more
Affected Products :- Published: Dec. 16, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2026-0886
Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, and Firefox ESR < 140.7.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Memory Corruption
-
5.3
MEDIUMCVE-2025-37178
Multiple out-of-bounds read vulnerabilities were identified in a system component responsible for handling certain data buffers. Due to insufficient validation of maximum buffer size values, the process may attempt to read beyond the intended memory regio... Read more
Affected Products :- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Memory Corruption
-
5.3
MEDIUMCVE-2025-14507
The EventPrime - Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.0 via the REST API. This makes it possible for unauthenticated attackers to extract sen... Read more
Affected Products : eventprime- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-14948
The miniOrange OTP Verification and SMS Notification for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `enable_wc_sms_notification` AJAX action in all versions up to, and inclu... Read more
Affected Products :- Published: Jan. 10, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Authorization