222
Total CVEs
0
KEV Entries
27
Critical
68
High
102
Medium
9
Articles
CVE Feed
222 CVEs
CVE-2025-61937
CRITICAL
10.0
The vulnerability, if exploited, could allow an unauthenticated
miscreant to achieve remote code execution under OS system privileges of
“taoimr” service, potentially resulting in complete compromis...
CVE-2026-23800
CRITICAL
10.0
Incorrect Privilege Assignment vulnerability in Modular DS modular-connector allows Privilege Escalation.This issue affects Modular DS: from 2.5.2 before 2.6.0.
CVE-2025-10484
CRITICAL
9.8
The Registration & Login with Mobile Phone Number for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.3.1. This is due to the plugin not...
CVE-2025-15403
CRITICAL
9.8
The RegistrationMagic plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.0.7.1. This is due to the 'add_menu' function is accessible via the 'rm_user_ex...
CVE-2025-62581
CRITICAL
9.8
Delta Electronics DIAView has multiple vulnerabilities.
CVE-2025-62582
CRITICAL
9.8
Delta Electronics DIAView has multiple vulnerabilities.
CVE-2026-23744
CRITICAL
9.8
MCPJam inspector is the local-first development platform for MCP servers. Versions 1.4.2 and earlier are vulnerable to remote code execution (RCE) vulnerability, which allows an attacker to send a cra...
CVE-2026-23523
CRITICAL
9.6
Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. Prior to 0.13.0, crafted deeplink can install an attacker-controlled MCP server configuration w...
CVE-2026-21623
CRITICAL
9.4
Lack of input filterung leads to a persistent XSS vulnerability in the forum post handling of the Easy Discuss component for Joomla.
CVE-2026-21624
CRITICAL
9.4
Lack of input filterung leads to a persistent XSS vulnerability in the user avatar text handling of the Easy Discuss component for Joomla.
CVE-2012-10064
CRITICAL
9.3
Omni Secure Files plugin versions prior to 0.1.14 contain an arbitrary file upload vulnerability in the bundled plupload example endpoint. The /wp-content/plugins/omni-secure-files/plupload/examples/u...
CVE-2021-47796
CRITICAL
9.3
Denver SHC-150 Smart Wifi Camera contains a hardcoded telnet credential vulnerability that allows unauthenticated attackers to access a Linux shell. Attackers can connect to port 23 using the default ...
CVE-2021-47812
CRITICAL
9.3
GravCMS 1.10.7 contains an unauthenticated vulnerability that allows remote attackers to write arbitrary YAML configuration and execute PHP code through the scheduler endpoint. Attackers can exploit t...
CVE-2025-14231
CRITICAL
9.3
Buffer overflow in print job processing by WSD on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unr...
CVE-2025-14232
CRITICAL
9.3
Buffer overflow in XML processing of XPS file in Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unre...
CVE-2025-14233
CRITICAL
9.3
Invalid free in CPCA file deletion processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unre...
CVE-2025-14234
CRITICAL
9.3
Buffer overflow in CPCA list processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsi...
CVE-2025-14235
CRITICAL
9.3
Buffer overflow in XPS font fpgm data processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being u...
CVE-2025-14236
CRITICAL
9.3
Buffer overflow in Address Book attribute tag processing on Small Office Multifunction Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive...
CVE-2025-14237
CRITICAL
9.3
Buffer overflow in XPS font parse processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unres...
CVE-2025-61943
CRITICAL
9.3
The vulnerability, if exploited, could allow an authenticated miscreant
(Process Optimization Standard User) to tamper with queries in Captive
Historian and achieve code execution under SQL Server a...
CVE-2025-64691
CRITICAL
9.3
The vulnerability, if exploited, could allow an authenticated miscreant
(OS standard user) to tamper with TCL Macro scripts and escalate
privileges to OS system, potentially resulting in complete co...
CVE-2025-65118
CRITICAL
9.3
The vulnerability, if exploited, could allow an authenticated miscreant
(OS Standard User) to trick Process Optimization services into loading
arbitrary code and escalate privileges to OS System, po...
CVE-2026-1019
CRITICAL
9.3
Police Statistics Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a spec...
CVE-2026-1021
CRITICAL
9.3
Police Statistics Database System developed by Gotac has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attacker to upload and execute web shell backdoors, thereby enabling ar...
CVE-2025-14510
CRITICAL
9.2
Incorrect Implementation of Authentication Algorithm vulnerability in ABB ABB Ability OPTIMAX.This issue affects ABB Ability OPTIMAX: 6.1, 6.2, from 6.3.0 before 6.3.1-251120, from 6.4.0 before 6.4.1-...
CVE-2026-23722
CRITICAL
9.1
WeGIA is a Web Manager for Charitable Institutions. Prior to 3.6.2, a Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the WeGIA system, specifically within the html/memorando/inse...
CVE-2021-47801
HIGH
8.8
Vianeos OctoPUS 5 contains a time-based blind SQL injection vulnerability in the 'login_user' parameter during authentication requests. Attackers can exploit this vulnerability by crafting malicious P...
CVE-2021-47811
HIGH
8.8
Grocery Crud 1.6.4 contains a SQL injection vulnerability in the order_by parameter that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through the ord...
CVE-2025-12957
HIGH
8.8
The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 4.5.7. This is due to insufficient file type validation detecting VTT fil...
CVE-2026-23742
HIGH
8.8
Skipper is an HTTP router and reverse proxy for service composition. The default skipper configuration before 0.23.0 was -lua-sources=inline,file. The problem starts if untrusted users can create lua ...
CVE-2021-47788
HIGH
8.7
WebsiteBaker 2.13.0 contains an authenticated remote code execution vulnerability that allows users with language editing permissions to execute arbitrary code. Attackers can exploit the language inst...
CVE-2021-47794
HIGH
8.7
ZesleCP 3.1.9 contains an authenticated remote code execution vulnerability that allows attackers to create malicious FTP accounts with shell injection payloads. Attackers can exploit the FTP account ...
CVE-2021-47795
HIGH
8.7
GeoVision GeoWebServer 5.3.3 contains multiple vulnerabilities including local file inclusion, cross-site scripting, and remote code execution through improper input sanitization. Attackers can exploi...
CVE-2026-0629
HIGH
8.7
Authentication bypass in the password recovery feature of the local web interface across multiple VIGI camera models allows an attacker on the LAN to reset the admin password without verification by m...
CVE-2026-0695
HIGH
8.7
In ConnectWise PSA versions older than 2026.1, Time Entry notes stored in the Time Entry Audit Trail may be rendered without applying output encoding to certain content. Under specific conditions, thi...
CVE-2026-1018
HIGH
8.7
Police Statistics Database System developed by Gotac has an Arbitrary File Read vulnerability, allowing Unauthenticated remote attacker to exploit Absolute Path Traversal to download arbitrary system ...
CVE-2026-1022
HIGH
8.7
Statistics Database System developed by Gotac has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.
CVE-2026-1023
HIGH
8.7
Statistics Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly exploit a specific functionality to query database conte...
CVE-2026-20759
HIGH
8.7
OS Command Injection vulnerability exists in multiple Network Cameras TRIFORA 3 series provided by TOA Corporation, which may allow a logged-in user with the low("monitoring user") or higher privilege...
CVE-2026-23735
HIGH
8.7
GraphQL Modules is a toolset of libraries and guidelines dedicated to create reusable, maintainable, testable and extendable modules out of your GraphQL server. From 2.2.1 to before 2.4.1 and 3.1.1, w...
CVE-2025-64729
HIGH
8.6
The vulnerability, if exploited, could allow an authenticated miscreant
(OS Standard User) to tamper with Process Optimization project files,
embed code, and escalate their privileges to the identit...
CVE-2026-22816
HIGH
8.6
Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. When resolving dependencies in versions before 9.3.0, some exceptions were not treated as fatal ...
CVE-2026-22865
HIGH
8.6
Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. When resolving dependencies in versions before 9.3.0, some exceptions were not treated as fatal ...
CVE-2020-36927
HIGH
8.5
DiskPulse Enterprise 13.6.14 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can explo...
CVE-2020-36928
HIGH
8.5
Brother BRAgent 1.38 contains an unquoted service path vulnerability in the WBA_Agent_Client service running with LocalSystem privileges. Attackers can exploit the unquoted path in C:\Program Files (x...
CVE-2020-36929
HIGH
8.5
Brother BRPrint Auditor 3.0.7 contains an unquoted service path vulnerability in its Windows service configurations that allows local attackers to potentially execute arbitrary code. Attackers can exp...
CVE-2020-36930
HIGH
8.5
SysGauge Server 7.9.18 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unq...
CVE-2021-47780
HIGH
8.5
Macro Expert 4.7 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the improperly con...
CVE-2021-47787
HIGH
8.5
TotalAV 5.15.69 contains an unquoted service path vulnerability in multiple system services running with LocalSystem privileges. Attackers can place malicious executables in specific unquoted path seg...
CVE-2021-47790
HIGH
8.5
Active WebCam 11.5 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the misconfigured servic...
CVE-2021-47792
HIGH
8.5
Remote Mouse 4.002 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service pat...
CVE-2021-47803
HIGH
8.5
iFunbox 4.2 contains an unquoted service path vulnerability in the Apple Mobile Device Service that allows local attackers to execute code with elevated privileges. Attackers can insert a malicious ex...
CVE-2021-47804
HIGH
8.5
Wise Care 365 5.6.7.568 contains an unquoted service path vulnerability in the WiseBootAssistant service running with LocalSystem privileges. Attackers can exploit this by inserting a malicious execut...
CVE-2021-47805
HIGH
8.5
Disk Savvy 13.6.14 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unq...
CVE-2021-47806
HIGH
8.5
Dup Scout 13.5.28 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unqu...
CVE-2021-47807
HIGH
8.5
Sync Breeze 13.6.18 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the un...
CVE-2021-47809
HIGH
8.5
Disk Sorter Enterprise 13.6.12 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exp...
CVE-2021-47810
HIGH
8.5
WibuKey Runtime 6.51 contains an unquoted service path vulnerability in the WkSvW32.exe service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted pa...
CVE-2021-47822
HIGH
8.5
DiskBoss Service 12.2.18 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to execute code with elevated privileges. Attackers can exploit th...
CVE-2021-47823
HIGH
8.5
Acer ePowerSvc 6.0.3008.0 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path i...
CVE-2021-47825
HIGH
8.5
Acer Updater Service 1.2.3500.0 contains an unquoted service path vulnerability that allows local users to execute code with elevated system privileges. Attackers can exploit the unquoted path in C:\P...
CVE-2021-47826
HIGH
8.5
Acer Backup Manager 3.0.0.99 contains an unquoted service path vulnerability in the NTI IScheduleSvc service that allows local users to potentially execute arbitrary code. Attackers can exploit the un...
CVE-2021-47828
HIGH
8.5
BOOTP Turbo 2.0.0.1253 contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path to execute arbitrary code with elevated LocalSystem...
CVE-2021-47829
HIGH
8.5
DHCP Broadband 4.1.0.1503 contains an unquoted service path vulnerability in its service configuration that allows local attackers to execute code with elevated privileges. Attackers can exploit the u...
CVE-2021-47832
HIGH
8.5
Sandboxie Plus 0.7.4 contains an unquoted service path vulnerability in the SbieSvc service that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted pat...
CVE-2021-47833
HIGH
8.5
WifiHotSpot 1.0.0.0 contains an unquoted service path vulnerability in its WifiHotSpotService.exe that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquot...
CVE-2021-47845
HIGH
8.5
Spy Emergency 25.0.650 contains an unquoted service path vulnerability in its Windows service configurations that allows local attackers to execute code with elevated privileges. Attackers can exploit...
CVE-2021-47847
HIGH
8.5
Disk Sorter Server 13.6.12 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the...
CVE-2025-65117
HIGH
8.5
The vulnerability, if exploited, could allow an authenticated miscreant
(Process Optimization Designer User) to embed OLE objects into graphics,
and escalate their privileges to the identity of a vi...
CVE-2021-47756
HIGH
8.4
Laravel Valet versions 1.1.4 to 2.0.3 contain a local privilege escalation vulnerability that allows users to modify the valet command with root privileges. Attackers can edit the symlinked valet comm...
CVE-2021-47779
HIGH
8.4
Dolibarr ERP-CRM 14.0.2 contains a stored cross-site scripting vulnerability in the ticket creation module that allows low-privilege users to inject malicious scripts. Attackers can craft a specially ...
CVE-2025-14844
HIGH
8.2
The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Missing Authentication in all versions up to, and including, 3.2.16 via the 'rcp_stripe_create_setup_intent_for_saved_car...
CVE-2026-23745
HIGH
8.2
node-tar is a Tar for Node.js. The node-tar library (<= 7.5.2) fails to sanitize the linkpath of Link (hardlink) and SymbolicLink entries when preservePaths is false (the default secure behavior). Thi...
CVE-2025-62291
HIGH
8.1
In the eap-mschapv2 plugin (client-side) in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially res...
CVE-2026-20960
HIGH
8.0
Improper authorization in Microsoft Power Apps allows an authorized attacker to execute code over a network.
CVE-2026-23535
HIGH
8.0
wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.2, the multi-translation download could write to an arbitrary location when instructed by a crafted server. This vulnerabil...
CVE-2024-44238
HIGH
7.8
The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An app may be able to corrupt coprocessor memory.
CVE-2025-48647
HIGH
7.8
In cpm_fwtp_msg_handler of cpm/google/lib/tracepoint/cpm_fwtp_ipc.c, there is a possible memory overwrite due to improper input validation. This could lead to local escalation of privilege with no add...
CVE-2026-0975
HIGH
7.8
Delta Electronics DIAView has Command Injection vulnerability.
CVE-2026-23529
HIGH
7.7
Kafka Connect BigQuery Connector is an implementation of a sink connector from Apache Kafka to Google BigQuery. Prior to 2.11.0, there is an arbitrary file read in Google BigQuery Sink connector. Aive...
CVE-2025-64769
HIGH
7.6
The Process Optimization application suite leverages connection
channels/protocols that by-default are not encrypted and could become
subject to hijacking or data leakage in certain man-in-the-middl...
CVE-2025-14478
HIGH
7.5
The Demo Importer Plus plugin for WordPress is vulnerable to XML External Entity Injection (XXE) in all versions up to, and including, 2.0.9 via the SVG file upload functionality. This makes it possib...
CVE-2025-68924
HIGH
7.5
In Umbraco UmbracoForms through 8.13.16, an authenticated attacker can supply a malicious WSDL (aka Webservice) URL as a data source for remote code execution.
CVE-2026-23490
HIGH
7.5
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets. T...
CVE-2025-15032
HIGH
7.4
Missing about:blank indicator in custom-sized new windows in Dia before 1.9.0 on macOS could allow an attacker to spoof a trusted domain in the window title and mislead users about the current site.
CVE-2025-59870
HIGH
7.4
HCL MyXalytics v6.7 is affected by improper management of a static JWT signing secret in the web application, where the secret lacks rotation , introducing a security risk
CVE-2025-12006
HIGH
7.2
There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X12STW-F . An attacker can update the system firmware with a specially crafted image.
CVE-2025-12007
HIGH
7.2
There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X13SEM-F . An attacker can update the system firmware with a specially crafted image.
CVE-2025-31510
HIGH
7.2
In the portal in LemonLDAP::NG before 2.21.0, cross-site scripting (XSS) allows remote attackers to inject arbitrary web script or HTML (into the login page) via the tab parameter, for Choice authenti...
CVE-2026-23723
HIGH
7.2
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an authenticated SQL Injection vulnerability was identified in the Atendido_ocorrenciaControle endpoint via the id_memorando paramet...
CVE-2021-47782
HIGH
7.1
Odine Solutions GateKeeper 1.0 contains a SQL injection vulnerability in the trafficCycle API endpoint that allows remote attackers to inject malicious database queries. Attackers can exploit the vuln...
CVE-2025-24528
HIGH
7.1
In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of-bo...
CVE-2026-22876
HIGH
7.1
Path Traversal vulnerability exists in multiple Network Cameras TRIFORA 3 series provided by TOA Corporation. If this vulnerability is exploited, arbitrary files on the affected product may be retriev...
CVE-2021-47785
HIGH
7.0
Ether MP3 CD Burner 1.3.8 contains a buffer overflow vulnerability in the registration name field that allows remote code execution. Attackers can craft a malicious payload to overwrite SEH handlers a...
CVE-2020-36926
MEDIUM
6.9
SmarterTrack 7922 contains an information disclosure vulnerability in the Chat Management search form that reveals agent identification details. Attackers can access the vulnerable /Management/Chat/fr...
CVE-2021-47800
MEDIUM
6.9
b2evolution 7.2.2 contains a cross-site request forgery vulnerability that allows attackers to modify admin account details without authentication. Attackers can craft a malicious HTML form to submit ...
CVE-2025-15104
MEDIUM
6.9
Nu Html Checker (validator.nu) contains a restriction bypass that allows remote attackers to make the server perform arbitrary HTTP/HTTPS requests to internal resources, including localhost services. ...
CVE-2026-1020
MEDIUM
6.9
Police Statistics Database System developed by Gotac has a Absolute Path Traversal vulnerability, allowing unauthenticated remote attackers to enumerate the system file directory.
CVE-2021-47786
MEDIUM
6.8
Redragon Gaming Mouse driver contains a kernel-level vulnerability that allows attackers to trigger a denial of service by sending malformed IOCTL requests. Attackers can send a crafted 2000-byte buff...
CVE-2021-47789
MEDIUM
6.8
Yenkee Hornet Gaming Mouse driver GM312Fltr.sys contains a buffer overrun vulnerability that allows attackers to crash the system by sending oversized input. Attackers can exploit the driver by sendin...
CVE-2025-14435
MEDIUM
6.8
Mattermost versions 10.11.x <= 10.11.8, 11.1.x <= 11.1.1, 11.0.x <= 11.0.6 fail to prevent infinite re-renders on API errors which allows authenticated users to cause application-level DoS via trigger...
CVE-2021-47797
MEDIUM
6.7
Leawo Prof. Media 11.0.0.1 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized payload in the activation keycode field. Attackers can ge...
CVE-2021-47798
MEDIUM
6.7
NoteBurner 2.35 contains a buffer overflow vulnerability in the license code input field that allows attackers to crash the application. Attackers can generate a 6000-byte payload and paste it into th...
CVE-2021-47813
MEDIUM
6.7
Backup Key Recovery 2.2.7 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the registration code input field. Attackers can paste a large buffer...
CVE-2021-47814
MEDIUM
6.7
NBMonitor 1.6.8 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the registration code input field. Attackers can paste a 256-character buffer i...
CVE-2021-47815
MEDIUM
6.7
Nsauditor 3.2.3 contains a denial of service vulnerability in the registration code input field that allows attackers to crash the application. Attackers can paste a large buffer of 256 repeated chara...
CVE-2025-24531
MEDIUM
6.7
In OpenSC pam_pkcs11 before 0.6.13, pam_sm_authenticate() wrongly returns PAM_IGNORE in many error situations (such as an error triggered by a smartcard before login), allowing authentication bypass.
CVE-2025-13725
MEDIUM
6.5
The Gutenberg Thim Blocks – Page Builder, Gutenberg Blocks for the Block Editor plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 1.0.1. This is due to i...
CVE-2025-14450
MEDIUM
6.5
The Wallet System for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'change_wallet_fund_request_status_callback' function...
CVE-2025-12641
MEDIUM
6.5
The Awesome Support - WordPress HelpDesk & Support Plugin for WordPress is vulnerable to authorization bypass due to missing capability checks in all versions up to, and including, 6.3.6. This is due ...
CVE-2026-0696
MEDIUM
6.5
In ConnectWise PSA versions older than 2026.1, certain session cookies were not set with the HttpOnly attribute. In some scenarios, this could allow client-side scripts access to session cookie values...
CVE-2026-0949
MEDIUM
6.5
PEM versions prior to 9.8.1 are affected by a stored Cross-site Scripting (XSS) vulnerability that allows users with access to the Manage Charts menu to inject arbitrary JavaScript when creating a new...
CVE-2026-1000
MEDIUM
6.5
The MailerLite - WooCommerce integration plugin for WordPress is vulnerable to unauthorized data modification and deletion in all versions up to, and including, 3.1.3. This is due to missing capabilit...
CVE-2025-8615
MEDIUM
6.4
The CubeWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cubewp_shortcode_taxonomy shortcode in all versions up to, and including, 1.1.26 due to insufficient input...
CVE-2026-0833
MEDIUM
6.4
The Team Section Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block in all versions up to, and including, 2.0.0 due to insufficient input sanitization and o...
CVE-2026-0913
MEDIUM
6.4
The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'usp_access' shortcode in all versions up ...
CVE-2026-0916
MEDIUM
6.4
The Related Posts by Taxonomy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'related_posts_by_tax' shortcode in all versions up to, and including, 2.7.6 due to ins...
CVE-2025-14375
MEDIUM
6.1
The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘className’ parameter in all versions up to, an...
CVE-2025-56451
MEDIUM
6.1
Cross site scripting vulnerability in seeyon Zhiyuan A8+ Collaborative Management Software 7.0 via the topValue parameter to the seeyon/main.do endpoint.
CVE-2026-1011
MEDIUM
6.1
A stored cross-site scripting (XSS) vulnerability exists in the Altium Support Center AddComment endpoint due to missing server-side input sanitization. Although the client interface applies HTML esca...
CVE-2026-0517
MEDIUM
6.0
CVE-2026-0517 is a denial-of-service vulnerability in versions of Secure
Access Server prior to 14.20. An attacker can send a specially crafted packet
to a server and cause the server to crash
CVE-2025-12002
MEDIUM
5.9
The Feeds for YouTube Pro plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 2.6.0 via the 'sby_check_wp_submit' AJAX action. This is due to insufficient s...
CVE-2025-12718
MEDIUM
5.8
The Quick Contact Form plugin for WordPress is vulnerable to Open Mail Relay in all versions up to, and including, 8.2.6. This is due to the 'qcf_validate_form' AJAX endpoint allowing a user controlle...
CVE-2025-15530
MEDIUM
5.5
A vulnerability was determined in Open5GS up to 2.7.6. This affects the function sgwc_s11_handle_create_indirect_data_forwarding_tunnel_request of the file /src/sgwc/s11-handler.c. Executing a manipul...
CVE-2025-15531
MEDIUM
5.5
A vulnerability was identified in Open5GS up to 2.7.5. This vulnerability affects the function sgwc_bearer_add of the file src/sgwc/context.c. The manipulation leads to reachable assertion. The attack...
CVE-2025-15532
MEDIUM
5.5
A security flaw has been discovered in Open5GS up to 2.7.5. This issue affects some unknown processing of the component Timer Handler. The manipulation results in resource consumption. The attack may ...
CVE-2025-15528
MEDIUM
5.5
A vulnerability has been found in Open5GS up to 2.7.6. Affected by this vulnerability is an unknown functionality of the component GTPv2 Bearer Response Handler. Such manipulation leads to denial of s...
CVE-2025-15529
MEDIUM
5.5
A vulnerability was found in Open5GS up to 2.7.6. Affected by this issue is the function sgwc_s5c_handle_create_session_response of the file src/sgwc/s5c-handler.c. Performing a manipulation results i...
CVE-2025-43508
MEDIUM
5.5
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data.
CVE-2026-23643
MEDIUM
5.4
CakePHP is a rapid development framework for PHP. The PaginatorHelper::limitControl() method has a cross-site-scripting vulnerability via query string parameter manipulation. This issue has been fixed...
CVE-2025-12129
MEDIUM
5.3
The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.27 via the /cubewp-posts/v1/query-new and /cubewp...
CVE-2025-12825
MEDIUM
5.3
The User Registration Using Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_cf7_form_data' function in all versions up to...
CVE-2025-14029
MEDIUM
5.3
The Community Events plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_admin_event_approval() function in all versions up to, and in...
CVE-2025-14075
MEDIUM
5.3
The WP Hotel Booking plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.7. This is due to the plugin exposing the 'hotel_booking_fetch_custo...
CVE-2025-14078
MEDIUM
5.3
The PAYGENT for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.4.6. This is due to missing authorization checks on the paygent_check_we...
CVE-2025-14463
MEDIUM
5.3
The Payment Button for PayPal plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and including, 1.2.3.41. This is due to the plugin exposing a public AJAX endpoin...
CVE-2026-0808
MEDIUM
5.3
The Spin Wheel plugin for WordPress is vulnerable to client-side prize manipulation in all versions up to, and including, 2.1.0. This is due to the plugin trusting client-supplied prize selection data...
CVE-2026-0820
MEDIUM
5.3
The RepairBuddy – Repair Shop CRM & Booking Plugin for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference due to missing capability checks on the wc_upload_and_save_signa...
CVE-2021-47783
MEDIUM
5.3
Phpwcms 1.9.30 contains a file upload vulnerability that allows authenticated attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG payloads through the mu...
CVE-2021-47816
MEDIUM
5.3
Thecus N4800Eco NAS Server Control Panel contains a command injection vulnerability that allows authenticated attackers to execute arbitrary system commands through user management endpoints. Attacker...
CVE-2025-14757
MEDIUM
5.3
The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Payment Status Bypass in all versions up to, and including, 3.6.9 only when used in combination with Cost Calculator B...
CVE-2025-15526
MEDIUM
5.3
The Fancy Product Designer plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 6.4.8. This is due to improper error handling in the PDF upload functionalit...
CVE-2026-0939
MEDIUM
5.3
The Rede Itaú for WooCommerce plugin for WordPress is vulnerable to order status manipulation due to insufficient verification of data authenticity in all versions up to, and including, 5.1.2. This is...
CVE-2026-0942
MEDIUM
5.3
The Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clearOrderLogs() fun...
CVE-2026-1004
MEDIUM
5.3
The Essential Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to and including 6.5.5 via the 'eael_product_quickview_popup' function. This ...
CVE-2026-23528
MEDIUM
5.3
Dask distributed is a distributed task scheduler for Dask. Prior to 2026.1.0, when Jupyter Lab, jupyter-server-proxy, and Dask distributed are all run together, it is possible to craft a URL which wil...
CVE-2026-23645
MEDIUM
5.3
SiYuan is self-hosted, open source personal knowledge management software. Prior to 3.5.4-dev2, a Stored Cross-Site Scripting (XSS) vulnerability exists in SiYuan Note. The application does not saniti...
CVE-2026-23725
MEDIUM
5.3
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, a Stored Cross-Site Scripting (XSS) vulnerability was identified in the html/pet/adotantes/cadastro_adotante.php and html/pet/adotan...
CVE-2026-1048
MEDIUM
5.1
A weakness has been identified in LigeroSmart up to 6.1.26. Impacted is an unknown function of the file /otrs/index.pl?Action=AgentTicketZoom. This manipulation of the argument TicketID causes cross s...
CVE-2019-25297
MEDIUM
5.1
Poll, Survey & Quiz Maker Plugin by Opinion Stage Wordpress plugin versions prior to 19.6.25 contain a stored cross-site scripting (XSS) vulnerability via multiple parameters due to insufficient input...
CVE-2021-47808
MEDIUM
5.1
Cotonti Siena 0.9.19 contains a stored cross-site scripting vulnerability in the admin configuration panel's site title parameter. Attackers can inject malicious JavaScript code through the 'maintitle...
CVE-2021-47820
MEDIUM
5.1
Ubee EVW327 contains a cross-site request forgery vulnerability that allows attackers to enable remote access without user interaction. Attackers can craft a malicious webpage that automatically submi...
CVE-2021-47834
MEDIUM
5.1
Schlix CMS 2.2.6-6 contains a persistent cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into category titles. Attackers can create a new contact categor...
CVE-2021-47835
MEDIUM
5.1
Freeter 1.2.1 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads in custom widget titles and files. Attackers can craft malicious files with emb...
CVE-2021-47836
MEDIUM
5.1
Markdown Explorer 0.1.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through file uploads and editor inputs. Attackers can upload markdown files with em...
CVE-2021-47837
MEDIUM
5.1
Markdownify 1.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload crafted markdown files with emb...
CVE-2021-47838
MEDIUM
5.1
Markright 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to embed malicious payloads in markdown files. Attackers can upload specially crafted markdown files that e...
CVE-2021-47839
MEDIUM
5.1
Marky 0.0.1 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into markdown files. Attackers can upload crafted markdown files with embedded Ja...
CVE-2021-47840
MEDIUM
5.1
Moeditor 0.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload specially crafted markdown files w...
CVE-2021-47841
MEDIUM
5.1
SnipCommand 0.1.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious payloads into command snippets. Attackers can execute arbitrary code by embedding malicious Ja...
CVE-2021-47842
MEDIUM
5.1
StudyMD 0.3.2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into markdown files. Attackers can upload crafted markdown files with embedded ...
CVE-2021-47844
MEDIUM
5.1
Xmind 2020 contains a cross-site scripting vulnerability that allows attackers to inject malicious payloads into mind mapping files or custom headers. Attackers can craft malicious files with embedded...
CVE-2026-0858
MEDIUM
5.1
Versions of the package net.sourceforge.plantuml:plantuml before 1.2026.0 are vulnerable to Stored XSS due to insufficient sanitization of interactive attributes in GraphViz diagrams. As a result, a c...
CVE-2026-21223
MEDIUM
5.1
Microsoft Edge Elevation Service exposes a privileged COM interface that inadequately validates the privileges of the calling process. A standard (non‑administrator) local user can invoke the IElevato...
CVE-2025-14793
MEDIUM
5.0
The DK PDF – WordPress PDF Generator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.3.0 via the 'addContentToMpdf' function. This makes it po...
CVE-2025-12984
MEDIUM
4.9
The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 2.0.15 due to insufficient escaping on the u...
CVE-2026-0518
MEDIUM
4.8
CVE-2026-0518 is a cross-site scripting vulnerability in versions of
Secure Access prior to 14.20. An attacker with administrative privileges
can interfere with another administrator’s use of the co...
CVE-2026-20894
MEDIUM
4.8
Cross-site scripting vulnerability exists in multiple Network Cameras TRIFORA 3 series provided by TOA Corporation. If an attacking administrator configures the affected product with some malicious in...
CVE-2026-21625
MEDIUM
4.8
User provided uploads to the Easy Discuss component for Joomla aren't properly validated. Uploads are purely checked by file extensions, no mime type checks are happening.
CVE-2026-23726
MEDIUM
4.8
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, An Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically thr...
CVE-2026-23727
MEDIUM
4.8
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically thr...
CVE-2026-23728
MEDIUM
4.8
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically thr...
CVE-2026-23729
MEDIUM
4.8
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically thr...
CVE-2026-23730
MEDIUM
4.8
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically thr...
CVE-2026-0519
MEDIUM
4.6
In Secure Access 12.70 and prior to 14.20, the logging
subsystem may write an unredacted authentication token to logs under
certain configurations. Any party with access to those logs could read
th...
CVE-2021-47791
MEDIUM
4.6
SmartFTP Client 10.0.2909.0 contains multiple denial of service vulnerabilities that allow attackers to crash the application through specific input manipulation. Attackers can trigger crashes by ente...
CVE-2021-47793
MEDIUM
4.6
Telegram Desktop 2.9.2 contains a denial of service vulnerability that allows attackers to crash the application by sending an oversized message payload. Attackers can generate a 9 million byte buffer...
CVE-2021-47818
MEDIUM
4.6
DupTerminator 1.4.5639.37199 contains a denial of service vulnerability that allows attackers to crash the application by inputting a long character string in the Excluded text box. Attackers can gene...
CVE-2021-47821
MEDIUM
4.6
RarmaRadio 2.72.8 contains a denial of service vulnerability that allows attackers to crash the application by overflowing network configuration fields with large character buffers. Attackers can gene...
CVE-2021-47824
MEDIUM
4.6
iDailyDiary 4.30 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the preferences tab name field. Attackers can paste a 2,000,000 character buff...
CVE-2021-47827
MEDIUM
4.6
WebSSH for iOS 14.16.10 contains a denial of service vulnerability in the mashREPL tool that allows attackers to crash the application by pasting malformed input. Attackers can trigger the vulnerabili...
CVE-2021-47831
MEDIUM
4.6
Sandboxie 5.49.7 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the container folder input field. Attackers can paste a large buffer of repeat...
CVE-2025-29943
MEDIUM
4.6
Write what were condition within AMD CPUs may allow an admin-privileged attacker to modify the configuration of the CPU pipeline potentially resulting in the corruption of the stack pointer inside an ...
CVE-2025-14632
MEDIUM
4.4
The Filr – Secure document library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via unrestricted file upload in all versions up to, and including, 1.2.11 due to insufficient file ...
CVE-2026-0691
MEDIUM
4.4
The CM E-Mail Blacklist – Simple email filtering for safer registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'black_email' parameter in all versions up to, and inc...
CVE-2026-0725
MEDIUM
4.4
The Integrate Dynamics 365 CRM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.1 due to insufficient input sanitization a...
CVE-2025-12168
MEDIUM
4.3
The Phrase TMS Integration for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_delete_log' AJAX endpoint in all vers...
CVE-2025-14384
MEDIUM
4.3
The All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the `/aioseo/v1...
CVE-2025-14853
MEDIUM
4.3
The LEAV Last Email Address Validator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions <= 1.7.1. This is due to missing or incorrect nonce validation on the display_setting...
CVE-2025-14982
MEDIUM
4.3
The Booking Calendar plugin for WordPress is vulnerable to Missing Authorization leading to Sensitive Information Exposure in all versions up to, and including, 10.14.11. This makes it possible for au...
CVE-2025-15370
MEDIUM
4.3
The Shield: Blocks Bots, Protects Users, and Prevents Security Breaches plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 21.0.9 via the MfaG...
CVE-2025-15527
MEDIUM
4.3
The WP Recipe Maker plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 10.2.2 via the api_get_post_summary function due to insufficient restrictions on which ...
CVE-2026-1003
MEDIUM
4.3
The GetGenie plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.3.0. This is due to the plugin not properly verifying that a user is authorized to delet...
CVE-2026-23724
MEDIUM
4.3
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, a Stored Cross-Site Scripting (XSS) vulnerability was identified in the html/atendido/cadastro_ocorrencia.php endpoint of the WeGIA ...
CVE-2026-23731
MEDIUM
4.3
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, The web application is vulnerable to clickjacking attacks. The WeGIA application does not send any defensive HTTP headers related to...
CVE-2025-43904
MEDIUM
4.2
In SchedMD Slurm before 24.11.5, 24.05.8, and 23.11.11, the accounting system can allow a Coordinator to promote a user to Administrator.
CVE-2025-14822
LOW
3.1
Mattermost versions 10.11.x <= 10.11.8 fail to validate input size before processing hashtags which allows an authenticated attacker to exhaust CPU resources via a single HTTP request containing a pos...
CVE-2026-22782
LOW
2.9
RustFS is a distributed object storage system built in Rust. From >= 1.0.0-alpha.1 to 1.0.0-alpha.79, invalid RPC signatures cause the server to log the shared HMAC secret (and expected signature), wh...
CVE-2025-61873
LOW
2.6
Best Practical Request Tracker (RT) before 4.4.9, 5.0.9, and 6.0.2 allows CSV Injection via ticket values when TSV export is used.
CVE-2026-0682
LOW
2.2
The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.28 due to insufficient validation of user-supplied URLs in the 'audio_url' ...
CVE-2024-44210
UNKNOWN
This issue was addressed with improved permissions checking. This issue is fixed in macOS Sequoia 15.1. An app may be able to access user-sensitive data.
CVE-2024-54556
UNKNOWN
This issue was addressed through improved state management. This issue is fixed in iOS 18.1 and iPadOS 18.1. A user may be able to view restricted content from the lock screen.
CVE-2025-14894
UNKNOWN
Livewire Filemanager, commonly used in Laravel applications, contains LivewireFilemanagerComponent.php, which does not perform file type and MIME validation, allowing for RCE through upload of a malic...
CVE-2025-24089
UNKNOWN
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3. An app may be able to enumerate a user's installed apps.
CVE-2025-24090
UNKNOWN
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3. An app may be able to enumerate a user's installed apps.
CVE-2025-31186
UNKNOWN
A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 16.3. An app may be able to bypass Privacy preferences.
CVE-2025-51602
UNKNOWN
mmstu.c in VideoLAN VLC media player before 3.0.22 allows an out-of-bounds read and denial of service via a crafted 0x01 response from an MMS server.
CVE-2025-60021
UNKNOWN
Remote command injection vulnerability in heap profiler builtin service in Apache bRPC ((all versions < 1.15.0)) on all platforms allows attacker to inject remote command.
Root Cause: The bRPC heap...
CVE-2025-68438
UNKNOWN
In Apache Airflow versions before 3.1.6, when rendered template fields in a Dag exceed [core] max_templated_field_length, sensitive values could be exposed in cleartext in the Rendered Templates UI. T...
CVE-2025-68675
UNKNOWN
In Apache Airflow versions before 3.1.6, the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensit...
CVE-2025-68921
UNKNOWN
SteelSeries Nahimic 3 1.10.7 allows Directory traversal.
CVE-2025-69581
UNKNOWN
An issue was discovered in Chamillo LMS 1.11.2. The Social Network /personal_data endpoint exposes full sensitive user information even after logout because proper cache-control is missing. Using the ...
CVE-2025-70746
UNKNOWN
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the timeZone parameter of the fromSetSysTime function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a...
CVE-2025-71020
UNKNOWN
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the security parameter of the sub_4C408 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a craf...
CVE-2026-0612
UNKNOWN
The Librarian contains a information leakage vulnerability through the `web_fetch` tool, which can be used to retrieve arbitrary external content provided by an attacker, which can be used to proxy re...
CVE-2026-0613
UNKNOWN
The Librarian contains an internal port scanning vulnerability, facilitated by the `web_fetch` tool, which can be used with SSRF-style behavior to perform GET requests to internal IP addresses and ser...
CVE-2026-0615
UNKNOWN
The Librarian `supervisord` status page can be retrieved by the `web_fetch` tool, which can be used to retrieve running processes within TheLibrarian backend. The vendor has fixed the vulnerability i...
CVE-2026-0616
UNKNOWN
TheLibrarians web_fetch tool can be used to retrieve the Adminer interface content, which can then be used to log into the internal TheLibrarian backend system. The vendor has fixed the vulnerability ...
CVE-2026-23634
NONE
Pepr is a type safe K8s middleware. Prior to 1.0.5 , Pepr defaults to a cluster-admin RBAC configuration and does not explicitly force or enforce least-privilege guidance for module authors. The defau...
CVE-2026-23768
UNKNOWN
lucy-xss-filter before commit 7c1de6d allows an attacker to induce server-side HEAD requests to arbitrary URLs when the ObjectSecurityListener or EmbedSecurityListener option is enabled and embed or o...
CVE-2026-23769
UNKNOWN
lucy-xss-filter before commit e5826c0 allows an attacker to execute malicious JavaScript due to improper sanitization caused by misconfigured default superset rule files.
Latest Headlines
9 articles
RSS Feed Sources
The Register
Fast Pair, loose security: Bluetooth accessories open to silent hijack
2026-01-17 12:26
The Hacker News
OpenAI to Show Ads in ChatGPT for Logged-In U.S. Adults on Free and Go Plans
2026-01-17 08:34
BleepingComputer
ChatGPT Go subscription rolls out worldwide at $8, but it'll show you ads
2026-01-16 23:43
BleepingComputer
OpenAI says its new ChatGPT ads won't influence answers
2026-01-16 23:06
Dark Reading
More Problems for Fortinet: Critical FortiSIEM Flaw Exploited
2026-01-16 21:03
BleepingComputer
StealC hackers hacked as researchers hijack malware control panels
2026-01-16 21:00
BleepingComputer
Black Basta boss makes it onto Interpol's 'Red Notice' list
2026-01-16 19:00
The Record
Jordanian initial access broker pleads guilty to helping target 50 companies
2026-01-16 18:53
The Hacker News
GootLoader Malware Uses 500–1,000 Concatenated ZIP Archives to Evade Detection
2026-01-16 17:59