Latest CVE Feed
-
5.0
MEDIUMCVE-2024-58335
OpenXRechnungToolbox through 2024-10-05-3.0.0 before 6c50e89 allows XXE because the disallow-doctype-decl feature is not enabled in visualization/VisualizerImpl.java.... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: XML External Entity
-
5.0
MEDIUMCVE-2025-62998
Insertion of Sensitive Information Into Sent Data vulnerability in WP Messiah WP AI CoPilot allows Retrieve Embedded Sensitive Data.This issue affects WP AI CoPilot: from n/a through 1.2.7.... Read more
Affected Products :- Published: Dec. 18, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Information Disclosure
-
5.0
MEDIUMCVE-2024-14020
A weakness has been identified in carboneio carbone up to fbcd349077ad0e8748be73eab2a82ea92b6f8a7e. This impacts an unknown function of the file lib/input.js of the component Formatter Handler. Executing a manipulation can lead to improperly controlled mo... Read more
Affected Products :- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Misconfiguration
-
5.0
MEDIUMCVE-2025-69416
In the plex.tv backend for Plex Media Server (PMS) through 2025-12-31, a non-server device token can retrieve other tokens (intended for unrelated access) via clients.plex.tv/devices.xml.... Read more
Affected Products :- Published: Jan. 02, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Information Disclosure
-
5.0
MEDIUMCVE-2025-15222
A vulnerability has been found in Dromara Sa-Token up to 1.44.0. This issue affects the function ObjectInputStream.readObject of the file SaSerializerTemplateForJdkUseBase64.java. Such manipulation leads to deserialization. The attack can be executed remo... Read more
Affected Products : sa-token- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Injection
-
5.0
MEDIUMCVE-2025-67844
The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository metadata via the repository owner and name fields. It fails to validate that the repository owner and name fields provided during conf... Read more
Affected Products : mintlify- Published: Dec. 19, 2025
- Modified: Jan. 02, 2026
- Vuln Type: Information Disclosure
-
5.0
MEDIUMCVE-2025-69417
In the plex.tv backend for Plex Media Server (PMS) through 2025-12-31, a non-server device token can retrieve share tokens (intended for unrelated access) via a shared_servers endpoint.... Read more
Affected Products :- Published: Jan. 02, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Authentication
-
4.9
MEDIUMCVE-2025-14719
The Relevanssi WordPress plugin before 4.26.0, Relevanssi Premium WordPress plugin before 2.29.0 do not sanitize and escape a parameter before using it in a SQL statement, allowing contributor and above roles to perform SQL injection attacks... Read more
Affected Products : relevanssi- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Injection
-
4.9
MEDIUMCVE-2025-69014
Server-Side Request Forgery (SSRF) vulnerability in Youzify Youzify youzify allows Server Side Request Forgery.This issue affects Youzify: from n/a through <= 1.3.5.... Read more
Affected Products :- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Server-Side Request Forgery
-
4.9
MEDIUMCVE-2025-62327
In HCL DevOps Deploy 8.1.2.0 through 8.1.2.3, a user with LLM configuration privileges may be able to recover a credential previously saved for performing authenticated LLM Queries.... Read more
Affected Products :- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Authentication
-
4.9
MEDIUMCVE-2025-54164
An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerab... Read more
- Published: Jan. 02, 2026
- Modified: Jan. 05, 2026
- Vuln Type: Information Disclosure
-
4.9
MEDIUMCVE-2025-53405
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have ... Read more
- Published: Jan. 02, 2026
- Modified: Jan. 05, 2026
- Vuln Type: Denial of Service
-
4.9
MEDIUMCVE-2026-22242
CoreShop is a Pimcore enhanced eCommerce solution. Prior to version 4.1.8, a blind SQL injection vulnerability exists in the application that allows an authenticated administrator-level user to extract database contents using boolean-based or time-based t... Read more
Affected Products : coreshop- Published: Jan. 08, 2026
- Modified: Jan. 12, 2026
- Vuln Type: Injection
-
4.9
MEDIUMCVE-2025-54165
An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerab... Read more
- Published: Jan. 02, 2026
- Modified: Jan. 05, 2026
- Vuln Type: Information Disclosure
-
4.9
MEDIUMCVE-2025-59138
Server-Side Request Forgery (SSRF) vulnerability in Jthemes Genemy allows Server Side Request Forgery.This issue affects Genemy: from n/a through 1.6.6.... Read more
Affected Products :- Published: Dec. 31, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Server-Side Request Forgery
-
4.9
MEDIUMCVE-2025-54166
An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerab... Read more
- Published: Jan. 02, 2026
- Modified: Jan. 05, 2026
- Vuln Type: Information Disclosure
-
4.9
MEDIUMCVE-2025-53590
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have ... Read more
- Published: Jan. 02, 2026
- Modified: Jan. 05, 2026
- Vuln Type: Denial of Service
-
4.9
MEDIUMCVE-2026-20029
A vulnerability in the licensing features of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker with administrative privileges to gain access to sensitive information.... Read more
Affected Products : identity_services_engine- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: XML External Entity
-
4.9
MEDIUMCVE-2025-53414
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have ... Read more
- Published: Jan. 02, 2026
- Modified: Jan. 05, 2026
- Vuln Type: Memory Corruption
-
4.9
MEDIUMCVE-2025-52431
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have ... Read more
- Published: Jan. 02, 2026
- Modified: Jan. 05, 2026
- Vuln Type: Denial of Service