{
"Source": "CVE FEED",
"Title": "CVE-2026-21895 - rsa crate has potential panic on a prime being equal to 1",
"Content": "CVE ID : CVE-2026-21895
Published : Jan. 8, 2026, 2:15 p.m. | 36 minutes ago
Description : The `rsa` crate is an RSA implementation written in rust. Prior to version 0.9.10, when creating a RSA private key from its components, the construction panics instead of returning an error when one of the primes is `1`. Version 0.9.10 fixes the issue.
Severity: 2.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-21895 - rsa crate has potential panic on a prime being equal to 1",
"Content": "CVE ID : CVE-2026-21895
Published : Jan. 8, 2026, 2:15 p.m. | 36 minutes ago
Description : The `rsa` crate is an RSA implementation written in rust. Prior to version 0.9.10, when creating a RSA private key from its components, the construction panics instead of returning an error when one of the primes is `1`. Version 0.9.10 fixes the issue.
Severity: 2.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-14025 - Ansible-automation-platform/aap-gateway: aap-gateway: read-only personal access token (pat) bypasses write restrictions",
"Content": "CVE ID : CVE-2025-14025
Published : Jan. 8, 2026, 2:15 p.m. | 36 minutes ago
Description : A flaw was found in Ansible Automation Platform (AAP). Read-only scoped OAuth2 API Tokens in AAP, are enforced at the Gateway level for Gateway-specific operations. However, this vulnerability allows read-only tokens to perform write operations on backend services (e.g., Controller, Hub, EDA). If this flaw were exploited, an attackerโs capabilities would only be limited by role based access controls (RBAC).
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-14025 - Ansible-automation-platform/aap-gateway: aap-gateway: read-only personal access token (pat) bypasses write restrictions",
"Content": "CVE ID : CVE-2025-14025
Published : Jan. 8, 2026, 2:15 p.m. | 36 minutes ago
Description : A flaw was found in Ansible Automation Platform (AAP). Read-only scoped OAuth2 API Tokens in AAP, are enforced at the Gateway level for Gateway-specific operations. However, this vulnerability allows read-only tokens to perform write operations on backend services (e.g., Controller, Hub, EDA). If this flaw were exploited, an attackerโs capabilities would only be limited by role based access controls (RBAC).
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-8306 - Improper Access Control in Asseco Infomedica Plus",
"Content": "CVE ID : CVE-2025-8306
Published : Jan. 8, 2026, 2:15 p.m. | 36 minutes ago
Description : Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. A low privileged user is able to obtain encoded passwords of all other accounts (including main administrator) due to lack of granularity in access control.
Chained exploitation of this vulnerability and CVE-2025-8307 allows an attacker to escalate privileges. This vulnerability has been fixed in versions 4.50.1 and 5.38.0
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-8306 - Improper Access Control in Asseco Infomedica Plus",
"Content": "CVE ID : CVE-2025-8306
Published : Jan. 8, 2026, 2:15 p.m. | 36 minutes ago
Description : Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. A low privileged user is able to obtain encoded passwords of all other accounts (including main administrator) due to lack of granularity in access control.
Chained exploitation of this vulnerability and CVE-2025-8307 allows an attacker to escalate privileges. This vulnerability has been fixed in versions 4.50.1 and 5.38.0
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-8307 - Recoverable passwords in Asseco Infomedica Plus",
"Content": "CVE ID : CVE-2025-8307
Published : Jan. 8, 2026, 2:15 p.m. | 36 minutes ago
Description : Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. Passwords of all users are stored in a database in an encoded format. An attacker in possession of these encoded passwords is able to decode them by using an algorithm embedded in the client-side part of the software.
This vulnerability has been fixed in versions 4.50.1 and 5.38.0
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-8307 - Recoverable passwords in Asseco Infomedica Plus",
"Content": "CVE ID : CVE-2025-8307
Published : Jan. 8, 2026, 2:15 p.m. | 36 minutes ago
Description : Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. Passwords of all users are stored in a database in an encoded format. An attacker in possession of these encoded passwords is able to decode them by using an algorithm embedded in the client-side part of the software.
This vulnerability has been fixed in versions 4.50.1 and 5.38.0
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-0719 - Libsoup: libsoup: arbitrary code execution via stack-based buffer overflow in ntlm authentication",
"Content": "CVE ID : CVE-2026-0719
Published : Jan. 8, 2026, 1:15 p.m. | 1 hour, 36 minutes ago
Description : A flaw was found in libsoup's NTLM (NT LAN Manager) authentication module. When NTLM authentication is enabled, a local attacker can exploit a stack-based buffer overflow vulnerability in the md4sum() function. This allows the attacker to overwrite adjacent memory, which may result in arbitrary code execution with the privileges of the affected application.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-0719 - Libsoup: libsoup: arbitrary code execution via stack-based buffer overflow in ntlm authentication",
"Content": "CVE ID : CVE-2026-0719
Published : Jan. 8, 2026, 1:15 p.m. | 1 hour, 36 minutes ago
Description : A flaw was found in libsoup's NTLM (NT LAN Manager) authentication module. When NTLM authentication is enabled, a local attacker can exploit a stack-based buffer overflow vulnerability in the md4sum() function. This allows the attacker to overwrite adjacent memory, which may result in arbitrary code execution with the privileges of the affected application.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-69259 - Trend Micro Apex Central NULL Return Denial-of-Service Vulnerability",
"Content": "CVE ID : CVE-2025-69259
Published : Jan. 8, 2026, 1:15 p.m. | 1 hour, 36 minutes ago
Description : A message unchecked NULL return value vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations.
Please note: authentication is not required in order to exploit this vulnerability..
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-69259 - Trend Micro Apex Central NULL Return Denial-of-Service Vulnerability",
"Content": "CVE ID : CVE-2025-69259
Published : Jan. 8, 2026, 1:15 p.m. | 1 hour, 36 minutes ago
Description : A message unchecked NULL return value vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations.
Please note: authentication is not required in order to exploit this vulnerability..
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-69260 - Trend Micro Apex Central Denial-of-Service Out-of-Bounds Read Vulnerability",
"Content": "CVE ID : CVE-2025-69260
Published : Jan. 8, 2026, 1:15 p.m. | 1 hour, 36 minutes ago
Description : A message out-of-bounds read vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations.
Please note: authentication is not required in order to exploit this vulnerability.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-69260 - Trend Micro Apex Central Denial-of-Service Out-of-Bounds Read Vulnerability",
"Content": "CVE ID : CVE-2025-69260
Published : Jan. 8, 2026, 1:15 p.m. | 1 hour, 36 minutes ago
Description : A message out-of-bounds read vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations.
Please note: authentication is not required in order to exploit this vulnerability.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-69258 - Trend Micro Apex Central LoadLibraryEX Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-69258
Published : Jan. 8, 2026, 1:15 p.m. | 1 hour, 36 minutes ago
Description : A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-69258 - Trend Micro Apex Central LoadLibraryEX Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-69258
Published : Jan. 8, 2026, 1:15 p.m. | 1 hour, 36 minutes ago
Description : A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-22488 - WordPress Dashboard Welcome for Beaver Builder plugin <= 1.0.8 - broken access control vulnerability",
"Content": "CVE ID : CVE-2026-22488
Published : Jan. 8, 2026, 4:35 p.m. | 18 minutes ago
Description : Missing Authorization vulnerability in IdeaBox Creations Dashboard Welcome for Beaver Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dashboard Welcome for Beaver Builder: from n/a through 1.0.8.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-22488 - WordPress Dashboard Welcome for Beaver Builder plugin <= 1.0.8 - broken access control vulnerability",
"Content": "CVE ID : CVE-2026-22488
Published : Jan. 8, 2026, 4:35 p.m. | 18 minutes ago
Description : Missing Authorization vulnerability in IdeaBox Creations Dashboard Welcome for Beaver Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dashboard Welcome for Beaver Builder: from n/a through 1.0.8.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-22489 - WordPress Image Slider Slideshow plugin <= 1.8 - insecure direct object references (idor) vulnerability",
"Content": "CVE ID : CVE-2026-22489
Published : Jan. 8, 2026, 4:33 p.m. | 20 minutes ago
Description : Authorization Bypass Through User-Controlled Key vulnerability in Wptexture Image Slider Slideshow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Slider Slideshow: from n/a through 1.8.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-22489 - WordPress Image Slider Slideshow plugin <= 1.8 - insecure direct object references (idor) vulnerability",
"Content": "CVE ID : CVE-2026-22489
Published : Jan. 8, 2026, 4:33 p.m. | 20 minutes ago
Description : Authorization Bypass Through User-Controlled Key vulnerability in Wptexture Image Slider Slideshow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Slider Slideshow: from n/a through 1.8.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-22490 - WordPress Bulk Landing Page Creator for WordPress LPagery plugin <= 2.4.9 - broken access control vulnerability",
"Content": "CVE ID : CVE-2026-22490
Published : Jan. 8, 2026, 4:24 p.m. | 29 minutes ago
Description : Missing Authorization vulnerability in niklaslindemann Bulk Landing Page Creator for WordPress LPagery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk Landing Page Creator for WordPress LPagery: from n/a through 2.4.9.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-22490 - WordPress Bulk Landing Page Creator for WordPress LPagery plugin <= 2.4.9 - broken access control vulnerability",
"Content": "CVE ID : CVE-2026-22490
Published : Jan. 8, 2026, 4:24 p.m. | 29 minutes ago
Description : Missing Authorization vulnerability in niklaslindemann Bulk Landing Page Creator for WordPress LPagery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk Landing Page Creator for WordPress LPagery: from n/a through 2.4.9.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-22492 - WordPress Docket Cache plugin <= 24.07.04 - broken access control vulnerability",
"Content": "CVE ID : CVE-2026-22492
Published : Jan. 8, 2026, 4:23 p.m. | 30 minutes ago
Description : Missing Authorization vulnerability in Nawawi Jamili Docket Cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Docket Cache: from n/a through 24.07.04.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-22492 - WordPress Docket Cache plugin <= 24.07.04 - broken access control vulnerability",
"Content": "CVE ID : CVE-2026-22492
Published : Jan. 8, 2026, 4:23 p.m. | 30 minutes ago
Description : Missing Authorization vulnerability in Nawawi Jamili Docket Cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Docket Cache: from n/a through 24.07.04.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-22517 - WordPress GA4WP: Google Analytics for WordPress plugin <= 2.10.0 - broken access control vulnerability",
"Content": "CVE ID : CVE-2026-22517
Published : Jan. 8, 2026, 4:22 p.m. | 31 minutes ago
Description : Missing Authorization vulnerability in Passionate Brains GA4WP: Google Analytics for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GA4WP: Google Analytics for WordPress: from n/a through 2.10.0.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-22517 - WordPress GA4WP: Google Analytics for WordPress plugin <= 2.10.0 - broken access control vulnerability",
"Content": "CVE ID : CVE-2026-22517
Published : Jan. 8, 2026, 4:22 p.m. | 31 minutes ago
Description : Missing Authorization vulnerability in Passionate Brains GA4WP: Google Analytics for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GA4WP: Google Analytics for WordPress: from n/a through 2.10.0.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-0671 - Multiple stored i18n/message-key XSSes in UploadWizard",
"Content": "CVE ID : CVE-2026-0671
Published : Jan. 8, 2026, 4:21 p.m. | 32 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki - UploadWizard extension allows Cross-Site Scripting (XSS).This issue affects MediaWiki - UploadWizard extension: 1.45, 1.44, 1.43, 1.39.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-0671 - Multiple stored i18n/message-key XSSes in UploadWizard",
"Content": "CVE ID : CVE-2026-0671
Published : Jan. 8, 2026, 4:21 p.m. | 32 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki - UploadWizard extension allows Cross-Site Scripting (XSS).This issue affects MediaWiki - UploadWizard extension: 1.45, 1.44, 1.43, 1.39.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-22518 - WordPress X Addons for Elementor plugin <= 1.0.23 - cross site scripting (xss) vulnerability",
"Content": "CVE ID : CVE-2026-22518
Published : Jan. 8, 2026, 4:21 p.m. | 32 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pencilwp X Addons for Elementor allows DOM-Based XSS.This issue affects X Addons for Elementor: from n/a through 1.0.23.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-22518 - WordPress X Addons for Elementor plugin <= 1.0.23 - cross site scripting (xss) vulnerability",
"Content": "CVE ID : CVE-2026-22518
Published : Jan. 8, 2026, 4:21 p.m. | 32 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pencilwp X Addons for Elementor allows DOM-Based XSS.This issue affects X Addons for Elementor: from n/a through 1.0.23.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-22519 - WordPress MediaPress plugin <= 1.6.2 - cross site scripting (xss) vulnerability",
"Content": "CVE ID : CVE-2026-22519
Published : Jan. 8, 2026, 4:19 p.m. | 33 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BuddyDev MediaPress allows Stored XSS.This issue affects MediaPress: from n/a through 1.6.2.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-22519 - WordPress MediaPress plugin <= 1.6.2 - cross site scripting (xss) vulnerability",
"Content": "CVE ID : CVE-2026-22519
Published : Jan. 8, 2026, 4:19 p.m. | 33 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BuddyDev MediaPress allows Stored XSS.This issue affects MediaPress: from n/a through 1.6.2.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-22521 - WordPress Handmade Framework plugin <= 3.9 - local file inclusion vulnerability",
"Content": "CVE ID : CVE-2026-22521
Published : Jan. 8, 2026, 4:18 p.m. | 35 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in G5Theme Handmade Framework allows PHP Local File Inclusion.This issue affects Handmade Framework: from n/a through 3.9.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-22521 - WordPress Handmade Framework plugin <= 3.9 - local file inclusion vulnerability",
"Content": "CVE ID : CVE-2026-22521
Published : Jan. 8, 2026, 4:18 p.m. | 35 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in G5Theme Handmade Framework allows PHP Local File Inclusion.This issue affects Handmade Framework: from n/a through 3.9.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-59469 - "HP Data Protector Root Privilege Escalation"",
"Content": "CVE ID : CVE-2025-59469
Published : Jan. 8, 2026, 4:18 p.m. | 35 minutes ago
Description : This vulnerability allows a Backup or Tape Operator to write files as root.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-59469 - "HP Data Protector Root Privilege Escalation"",
"Content": "CVE ID : CVE-2025-59469
Published : Jan. 8, 2026, 4:18 p.m. | 35 minutes ago
Description : This vulnerability allows a Backup or Tape Operator to write files as root.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-55125 - HP Data Protector Root Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-55125
Published : Jan. 8, 2026, 4:18 p.m. | 35 minutes ago
Description : This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as root by creating a malicious
backup configuration file.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-55125 - HP Data Protector Root Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-55125
Published : Jan. 8, 2026, 4:18 p.m. | 35 minutes ago
Description : This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as root by creating a malicious
backup configuration file.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-59468 - Postgres Backup Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-59468
Published : Jan. 8, 2026, 4:18 p.m. | 35 minutes ago
Description : This vulnerability allows a Backup Administrator to perform remote code execution (RCE) as the postgres user by sending a
malicious password parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-59468 - Postgres Backup Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-59468
Published : Jan. 8, 2026, 4:18 p.m. | 35 minutes ago
Description : This vulnerability allows a Backup Administrator to perform remote code execution (RCE) as the postgres user by sending a
malicious password parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-59470 - Postgres Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-59470
Published : Jan. 8, 2026, 4:18 p.m. | 35 minutes ago
Description : This vulnerability allows a Backup Operator to perform remote code execution (RCE) as the postgres user by sending a malicious interval or order parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-59470 - Postgres Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-59470
Published : Jan. 8, 2026, 4:18 p.m. | 35 minutes ago
Description : This vulnerability allows a Backup Operator to perform remote code execution (RCE) as the postgres user by sending a malicious interval or order parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น