Latest CVE Feed
-
7.1
HIGHCVE-2025-68894
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shoutoutglobal ShoutOut shoutout allows Reflected XSS.This issue affects ShoutOut: from n/a through <= 4.0.2.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2025-68884
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arevico WP Simple Redirect wp-simple-redirect allows Reflected XSS.This issue affects WP Simple Redirect: from n/a through <= 1.1.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2025-68883
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in extremeidea bidorbuy Store Integrator bidorbuystoreintegrator allows Reflected XSS.This issue affects bidorbuy Store Integrator: from n/a through <= 2.12... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Cross-Site Scripting
-
7.5
HIGHCVE-2025-68882
Missing Authorization vulnerability in Scalenut Scalenut scalenut allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Scalenut: from n/a through <= 1.1.3.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Authorization
-
9.3
CRITICALCVE-2025-68857
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ichurakov Paid Downloads paid-downloads allows Blind SQL Injection.This issue affects Paid Downloads: from n/a through <= 3.15.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Injection
-
7.1
HIGHCVE-2025-68839
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Remi Corson Easy Theme Options easy-theme-options allows Reflected XSS.This issue affects Easy Theme Options: from n/a through <= 1.0.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2025-68835
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in matiskiba Ravpage ravpage allows Reflected XSS.This issue affects Ravpage: from n/a through <= 2.33.... Read more
Affected Products : ravpage- Published: Jan. 22, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-68558
Missing Authorization vulnerability in averta Depicter Slider depicter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Depicter Slider: from n/a through <= 4.0.4.... Read more
- Published: Jan. 22, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Authorization
-
8.1
HIGHCVE-2025-68510
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeGoods Photography photography allows PHP Local File Inclusion.This issue affects Photography: from n/a through < 7.7.5.... Read more
Affected Products : photography- Published: Jan. 22, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Path Traversal
-
6.7
MEDIUMCVE-2025-47334
Memory corruption while processing shared command buffer packet between camera userspace and kernel.... Read more
Affected Products : qca6391_firmware qca6595au_firmware sd_8_gen1_5g_firmware sw5100_firmware sw5100p_firmware wcd9380_firmware wcd9385_firmware wcn3980_firmware wcn3988_firmware wsa8810_firmware +282 more products- Published: Jan. 07, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Memory Corruption
-
6.7
MEDIUMCVE-2025-47335
Memory corruption while parsing clock configuration data for a specific hardware type.... Read more
Affected Products : wcd9380_firmware wcd9385_firmware wsa8830_firmware wsa8835_firmware qca6698aq_firmware qcm6490_firmware qcs6490_firmware wcd9370_firmware wcd9375_firmware wsa8832_firmware +80 more products- Published: Jan. 07, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Memory Corruption
-
6.7
MEDIUMCVE-2025-47336
Memory corruption while performing sensor register read operations.... Read more
Affected Products : wsa8830_firmware wsa8835_firmware wsa8832_firmware fastconnect_7800_firmware wcd9395_firmware wsa8840_firmware wsa8845_firmware wsa8845h_firmware wsa8830 wsa8835 +26 more products- Published: Jan. 07, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Memory Corruption
-
6.7
MEDIUMCVE-2025-47337
Memory corruption while accessing a synchronization object during concurrent operations.... Read more
Affected Products : qca6391_firmware wcd9380_firmware wcd9385_firmware wsa8830_firmware wsa8835_firmware qca6698aq_firmware qcm6490_firmware qcn9011_firmware qcn9012_firmware qcs6490_firmware +118 more products- Published: Jan. 07, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-66518
Any client who can access to Apache Kyuubi Server via Kyuubi frontend protocols can bypass server-side config kyuubi.session.local.dir.allow.list and use local files which are not listed in the config. This issue affects Apache Kyuubi: from 1.6.0 through... Read more
Affected Products : kyuubi- Published: Jan. 05, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Misconfiguration
-
6.3
MEDIUMCVE-2025-14017
When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification ... Read more
Affected Products : curl- Published: Jan. 08, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Misconfiguration
-
7.8
HIGHCVE-2025-47339
Memory corruption while deinitializing a HDCP session.... Read more
Affected Products : qam8295p_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa6145p_firmware sa6150p_firmware sa6155p_firmware sa8145p_firmware sa8150p_firmware sa8155p_firmware +360 more products- Published: Jan. 07, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Memory Corruption
-
6.7
MEDIUMCVE-2025-47344
Memory corruption while handling sensor utility operations.... Read more
Affected Products : qca6574au_firmware qca6595au_firmware qca6696_firmware sa6155p_firmware sa8155p_firmware sa8195p_firmware wcd9380_firmware wcd9385_firmware wcn3988_firmware wsa8810_firmware +154 more products- Published: Jan. 07, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2025-47345
Cryptographic issue may occur while encrypting license data.... Read more
Affected Products : qam8295p_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa8295p_firmware wcd9380_firmware wcd9385_firmware wcn3988_firmware wsa8810_firmware wsa8815_firmware +200 more products- Published: Jan. 07, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Cryptography
-
7.8
HIGHCVE-2025-47346
Memory corruption while processing a secure logging command in the trusted application.... Read more
Affected Products : qam8295p_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa6145p_firmware sa6150p_firmware sa6155p_firmware sa8145p_firmware sa8150p_firmware sa8155p_firmware +216 more products- Published: Jan. 07, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2026-24623
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in saeros1984 Neoforum neoforum allows Reflected XSS.This issue affects Neoforum: from n/a through <= 1.0.... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Cross-Site Scripting