{
"Source": "CVE FEED",
"Title": "CVE-2025-67160 - Vatilon Directory Traversal Vulnerability",
"Content": "CVE ID : CVE-2025-67160
Published : Jan. 2, 2026, 5:16 p.m. | 47 minutes ago
Description : An issue in Vatilon v1.12.37-20240124 allows attackers to access sensitive directories and files via a directory traversal.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-67160 - Vatilon Directory Traversal Vulnerability",
"Content": "CVE ID : CVE-2025-67160
Published : Jan. 2, 2026, 5:16 p.m. | 47 minutes ago
Description : An issue in Vatilon v1.12.37-20240124 allows attackers to access sensitive directories and files via a directory traversal.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-69414 - Plex Media Server Permanent Access Token Exposure",
"Content": "CVE ID : CVE-2025-69414
Published : Jan. 2, 2026, 5:16 p.m. | 47 minutes ago
Description : Plex Media Server (PMS) through 1.42.2.10156 allows retrieval of a permanent access token via a /myplex/account call with a transient access token.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-69414 - Plex Media Server Permanent Access Token Exposure",
"Content": "CVE ID : CVE-2025-69414
Published : Jan. 2, 2026, 5:16 p.m. | 47 minutes ago
Description : Plex Media Server (PMS) through 1.42.2.10156 allows retrieval of a permanent access token via a /myplex/account call with a transient access token.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-69415 - Plex Media Server Unauthenticated Account Information Disclosure",
"Content": "CVE ID : CVE-2025-69415
Published : Jan. 2, 2026, 5:16 p.m. | 47 minutes ago
Description : In Plex Media Server (PMS) through 1.42.2.10156, ability to access /myplex/account with a device token is not properly aligned with whether the device is currently associated with an account.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-69415 - Plex Media Server Unauthenticated Account Information Disclosure",
"Content": "CVE ID : CVE-2025-69415
Published : Jan. 2, 2026, 5:16 p.m. | 47 minutes ago
Description : In Plex Media Server (PMS) through 1.42.2.10156, ability to access /myplex/account with a device token is not properly aligned with whether the device is currently associated with an account.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-67158 - RevoTech I6032W-FHW Authentication Bypass Vulnerability",
"Content": "CVE ID : CVE-2025-67158
Published : Jan. 2, 2026, 5:16 p.m. | 47 minutes ago
Description : An authentication bypass in the /cgi-bin/jvsweb.cgi endpoint of Revotech I6032W-FHW v1.0.0014 - 20210517 allows attackers to access sensitive information and escalate privileges via a crafted HTTP request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-67158 - RevoTech I6032W-FHW Authentication Bypass Vulnerability",
"Content": "CVE ID : CVE-2025-67158
Published : Jan. 2, 2026, 5:16 p.m. | 47 minutes ago
Description : An authentication bypass in the /cgi-bin/jvsweb.cgi endpoint of Revotech I6032W-FHW v1.0.0014 - 20210517 allows attackers to access sensitive information and escalate privileges via a crafted HTTP request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-34995 - Apache HTTP Server Cross-Site Scripting",
"Content": "CVE ID : CVE-2025-34995
Published : Jan. 2, 2026, 5:16 p.m. | 47 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-34995 - Apache HTTP Server Cross-Site Scripting",
"Content": "CVE ID : CVE-2025-34995
Published : Jan. 2, 2026, 5:16 p.m. | 47 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-34994 - Apache HTTP Server Remote Code Execution",
"Content": "CVE ID : CVE-2025-34994
Published : Jan. 2, 2026, 5:16 p.m. | 47 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-34994 - Apache HTTP Server Remote Code Execution",
"Content": "CVE ID : CVE-2025-34994
Published : Jan. 2, 2026, 5:16 p.m. | 47 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-34997 - Apache HTTP Server Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-34997
Published : Jan. 2, 2026, 5:16 p.m. | 47 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-34997 - Apache HTTP Server Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-34997
Published : Jan. 2, 2026, 5:16 p.m. | 47 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-34996 - Apache HTTP Server Command Injection",
"Content": "CVE ID : CVE-2025-34996
Published : Jan. 2, 2026, 5:16 p.m. | 47 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-34996 - Apache HTTP Server Command Injection",
"Content": "CVE ID : CVE-2025-34996
Published : Jan. 2, 2026, 5:16 p.m. | 47 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-34998 - Apache HTTP Server HTTP Request Smuggling",
"Content": "CVE ID : CVE-2025-34998
Published : Jan. 2, 2026, 5:16 p.m. | 47 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-34998 - Apache HTTP Server HTTP Request Smuggling",
"Content": "CVE ID : CVE-2025-34998
Published : Jan. 2, 2026, 5:16 p.m. | 47 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-34999 - Apache HTTP Server Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-34999
Published : Jan. 2, 2026, 5:16 p.m. | 47 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-34999 - Apache HTTP Server Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-34999
Published : Jan. 2, 2026, 5:16 p.m. | 47 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-34993 - Apache HTTP Server Cross-Site Scripting",
"Content": "CVE ID : CVE-2025-34993
Published : Jan. 2, 2026, 5:16 p.m. | 47 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-34993 - Apache HTTP Server Cross-Site Scripting",
"Content": "CVE ID : CVE-2025-34993
Published : Jan. 2, 2026, 5:16 p.m. | 47 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-34989 - Apache HTTP Server Unvalidated HTTP Request Parameter",
"Content": "CVE ID : CVE-2025-34989
Published : Jan. 2, 2026, 5:16 p.m. | 47 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-34989 - Apache HTTP Server Unvalidated HTTP Request Parameter",
"Content": "CVE ID : CVE-2025-34989
Published : Jan. 2, 2026, 5:16 p.m. | 47 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-34991 - Apache HTTP Server Remote Code Execution",
"Content": "CVE ID : CVE-2025-34991
Published : Jan. 2, 2026, 5:16 p.m. | 47 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-34991 - Apache HTTP Server Remote Code Execution",
"Content": "CVE ID : CVE-2025-34991
Published : Jan. 2, 2026, 5:16 p.m. | 47 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-34992 - Apache HTTP Server Denial of Service",
"Content": "CVE ID : CVE-2025-34992
Published : Jan. 2, 2026, 5:16 p.m. | 47 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-34992 - Apache HTTP Server Denial of Service",
"Content": "CVE ID : CVE-2025-34992
Published : Jan. 2, 2026, 5:16 p.m. | 47 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-21446 - Bagisto Missing Authentication on Installer API Endpoints",
"Content": "CVE ID : CVE-2026-21446
Published : Jan. 2, 2026, 7:18 p.m. | 47 minutes ago
Description : Bagisto is an open source laravel eCommerce platform. In versions on the 2.3 branch prior to 2.3.10, API routes remain active even after initial installation is complete. The underlying API endpoints (`/install/api/*`) are directly accessible and exploitable without any authentication. An attacker can bypass the Ib installer entirely by calling the API endpoints directly. This allows any unauthenticated attacker to create admin accounts, modify application configurations, and potentially overwrite existing data. Version 2.3.10 fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-21446 - Bagisto Missing Authentication on Installer API Endpoints",
"Content": "CVE ID : CVE-2026-21446
Published : Jan. 2, 2026, 7:18 p.m. | 47 minutes ago
Description : Bagisto is an open source laravel eCommerce platform. In versions on the 2.3 branch prior to 2.3.10, API routes remain active even after initial installation is complete. The underlying API endpoints (`/install/api/*`) are directly accessible and exploitable without any authentication. An attacker can bypass the Ib installer entirely by calling the API endpoints directly. This allows any unauthenticated attacker to create admin accounts, modify application configurations, and potentially overwrite existing data. Version 2.3.10 fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-21432 - Emlog has stored Cross-site Scripting issue that can lead to admin or another account ATO",
"Content": "CVE ID : CVE-2026-21432
Published : Jan. 2, 2026, 7:15 p.m. | 50 minutes ago
Description : Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability that can lead to account takeover, including takeover of admin accounts. As of time of publication, no known patched versions are available.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-21432 - Emlog has stored Cross-site Scripting issue that can lead to admin or another account ATO",
"Content": "CVE ID : CVE-2026-21432
Published : Jan. 2, 2026, 7:15 p.m. | 50 minutes ago
Description : Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability that can lead to account takeover, including takeover of admin accounts. As of time of publication, no known patched versions are available.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-21433 - Emlog vulnerable to Server-Side Request Forgery (SSRF)",
"Content": "CVE ID : CVE-2026-21433
Published : Jan. 2, 2026, 7:15 p.m. | 50 minutes ago
Description : Emlog is an open source website building system. Versions up to and including 2.5.19 are vulnerable to server-side Out-of-Band (OOB) requests / SSRF via uploaded SVG files. An attacker can upload a crafted SVG to http[:]//emblog/admin/media[.]php which contains external resource references. When the server processes/renders the SVG (thumbnailing, preview, or sanitization), it issues an HTTP request to the attacker-controlled host. Impact: server-side SSRF/OOB leading to internal network probing and potential metadata/credential exposure. As of time of publication, no known patched versions are available.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-21433 - Emlog vulnerable to Server-Side Request Forgery (SSRF)",
"Content": "CVE ID : CVE-2026-21433
Published : Jan. 2, 2026, 7:15 p.m. | 50 minutes ago
Description : Emlog is an open source website building system. Versions up to and including 2.5.19 are vulnerable to server-side Out-of-Band (OOB) requests / SSRF via uploaded SVG files. An attacker can upload a crafted SVG to http[:]//emblog/admin/media[.]php which contains external resource references. When the server processes/renders the SVG (thumbnailing, preview, or sanitization), it issues an HTTP request to the attacker-controlled host. Impact: server-side SSRF/OOB leading to internal network probing and potential metadata/credential exposure. As of time of publication, no known patched versions are available.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-21440 - AdonisJS Path Traversal in Multipart File Handling",
"Content": "CVE ID : CVE-2026-21440
Published : Jan. 2, 2026, 7:15 p.m. | 50 minutes ago
Description : AdonisJS is a TypeScript-first web framework. A Path Traversal vulnerability in AdonisJS multipart file handling may allow a remote attacker to write arbitrary files to arbitrary locations on the server filesystem. This impacts @adonisjs/bodyparser through version 10.1.1 and 11.x prerelease versions prior to 11.0.0-next.6. This issue has been patched in @adonisjs/bodyparser versions 10.1.2 and 11.0.0-next.6.
Severity: 9.2 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-21440 - AdonisJS Path Traversal in Multipart File Handling",
"Content": "CVE ID : CVE-2026-21440
Published : Jan. 2, 2026, 7:15 p.m. | 50 minutes ago
Description : AdonisJS is a TypeScript-first web framework. A Path Traversal vulnerability in AdonisJS multipart file handling may allow a remote attacker to write arbitrary files to arbitrary locations on the server filesystem. This impacts @adonisjs/bodyparser through version 10.1.1 and 11.x prerelease versions prior to 11.0.0-next.6. This issue has been patched in @adonisjs/bodyparser versions 10.1.2 and 11.0.0-next.6.
Severity: 9.2 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-21444 - libtpms returns wrong initialization vector when certain symmetric ciphers are used",
"Content": "CVE ID : CVE-2026-21444
Published : Jan. 2, 2026, 7:15 p.m. | 50 minutes ago
Description : libtpms, a library that provides software emulation of a Trusted Platform Module, has a flaw in versions 0.10.0 and 0.10.1. The commonly used integration of libtpms with OpenSSL 3.x contained a vulnerability related to the returned IV (initialization vector) when certain symmetric ciphers were used. Instead of returning the last IV it returned the initial IV to the caller, thus weakening the subsequent encryption and decryption steps. The highest threat from this vulnerability is to data confidentiality. Version 0.10.2 fixes the issue. No known workarounds are available.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-21444 - libtpms returns wrong initialization vector when certain symmetric ciphers are used",
"Content": "CVE ID : CVE-2026-21444
Published : Jan. 2, 2026, 7:15 p.m. | 50 minutes ago
Description : libtpms, a library that provides software emulation of a Trusted Platform Module, has a flaw in versions 0.10.0 and 0.10.1. The commonly used integration of libtpms with OpenSSL 3.x contained a vulnerability related to the returned IV (initialization vector) when certain symmetric ciphers were used. Instead of returning the last IV it returned the initial IV to the caller, thus weakening the subsequent encryption and decryption steps. The highest threat from this vulnerability is to data confidentiality. Version 0.10.2 fixes the issue. No known workarounds are available.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-0569 - code-projects Online Music Site AlbumByCategory.php sql injection",
"Content": "CVE ID : CVE-2026-0569
Published : Jan. 2, 2026, 7:15 p.m. | 50 minutes ago
Description : A vulnerability has been found in code-projects Online Music Site 1.0. This affects an unknown function of the file /Frontend/AlbumByCategory.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-0569 - code-projects Online Music Site AlbumByCategory.php sql injection",
"Content": "CVE ID : CVE-2026-0569
Published : Jan. 2, 2026, 7:15 p.m. | 50 minutes ago
Description : A vulnerability has been found in code-projects Online Music Site 1.0. This affects an unknown function of the file /Frontend/AlbumByCategory.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-0570 - code-projects Online Music Site Feedback.php sql injection",
"Content": "CVE ID : CVE-2026-0570
Published : Jan. 2, 2026, 7:15 p.m. | 50 minutes ago
Description : A vulnerability was found in code-projects Online Music Site 1.0. This impacts an unknown function of the file /Frontend/Feedback.php. Performing manipulation of the argument fname results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-0570 - code-projects Online Music Site Feedback.php sql injection",
"Content": "CVE ID : CVE-2026-0570
Published : Jan. 2, 2026, 7:15 p.m. | 50 minutes ago
Description : A vulnerability was found in code-projects Online Music Site 1.0. This impacts an unknown function of the file /Frontend/Feedback.php. Performing manipulation of the argument fname results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹