{
"Source": "CVE FEED",
"Title": "CVE-2026-0719 - Libsoup: libsoup: arbitrary code execution via stack-based buffer overflow in ntlm authentication",
"Content": "CVE ID : CVE-2026-0719
Published : Jan. 8, 2026, 1:15 p.m. | 1 hour, 36 minutes ago
Description : A flaw was found in libsoup's NTLM (NT LAN Manager) authentication module. When NTLM authentication is enabled, a local attacker can exploit a stack-based buffer overflow vulnerability in the md4sum() function. This allows the attacker to overwrite adjacent memory, which may result in arbitrary code execution with the privileges of the affected application.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-0719 - Libsoup: libsoup: arbitrary code execution via stack-based buffer overflow in ntlm authentication",
"Content": "CVE ID : CVE-2026-0719
Published : Jan. 8, 2026, 1:15 p.m. | 1 hour, 36 minutes ago
Description : A flaw was found in libsoup's NTLM (NT LAN Manager) authentication module. When NTLM authentication is enabled, a local attacker can exploit a stack-based buffer overflow vulnerability in the md4sum() function. This allows the attacker to overwrite adjacent memory, which may result in arbitrary code execution with the privileges of the affected application.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-69259 - Trend Micro Apex Central NULL Return Denial-of-Service Vulnerability",
"Content": "CVE ID : CVE-2025-69259
Published : Jan. 8, 2026, 1:15 p.m. | 1 hour, 36 minutes ago
Description : A message unchecked NULL return value vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations.
Please note: authentication is not required in order to exploit this vulnerability..
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-69259 - Trend Micro Apex Central NULL Return Denial-of-Service Vulnerability",
"Content": "CVE ID : CVE-2025-69259
Published : Jan. 8, 2026, 1:15 p.m. | 1 hour, 36 minutes ago
Description : A message unchecked NULL return value vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations.
Please note: authentication is not required in order to exploit this vulnerability..
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-69260 - Trend Micro Apex Central Denial-of-Service Out-of-Bounds Read Vulnerability",
"Content": "CVE ID : CVE-2025-69260
Published : Jan. 8, 2026, 1:15 p.m. | 1 hour, 36 minutes ago
Description : A message out-of-bounds read vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations.
Please note: authentication is not required in order to exploit this vulnerability.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-69260 - Trend Micro Apex Central Denial-of-Service Out-of-Bounds Read Vulnerability",
"Content": "CVE ID : CVE-2025-69260
Published : Jan. 8, 2026, 1:15 p.m. | 1 hour, 36 minutes ago
Description : A message out-of-bounds read vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations.
Please note: authentication is not required in order to exploit this vulnerability.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-69258 - Trend Micro Apex Central LoadLibraryEX Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-69258
Published : Jan. 8, 2026, 1:15 p.m. | 1 hour, 36 minutes ago
Description : A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-69258 - Trend Micro Apex Central LoadLibraryEX Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-69258
Published : Jan. 8, 2026, 1:15 p.m. | 1 hour, 36 minutes ago
Description : A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-22488 - WordPress Dashboard Welcome for Beaver Builder plugin <= 1.0.8 - broken access control vulnerability",
"Content": "CVE ID : CVE-2026-22488
Published : Jan. 8, 2026, 4:35 p.m. | 18 minutes ago
Description : Missing Authorization vulnerability in IdeaBox Creations Dashboard Welcome for Beaver Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dashboard Welcome for Beaver Builder: from n/a through 1.0.8.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-22488 - WordPress Dashboard Welcome for Beaver Builder plugin <= 1.0.8 - broken access control vulnerability",
"Content": "CVE ID : CVE-2026-22488
Published : Jan. 8, 2026, 4:35 p.m. | 18 minutes ago
Description : Missing Authorization vulnerability in IdeaBox Creations Dashboard Welcome for Beaver Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dashboard Welcome for Beaver Builder: from n/a through 1.0.8.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-22489 - WordPress Image Slider Slideshow plugin <= 1.8 - insecure direct object references (idor) vulnerability",
"Content": "CVE ID : CVE-2026-22489
Published : Jan. 8, 2026, 4:33 p.m. | 20 minutes ago
Description : Authorization Bypass Through User-Controlled Key vulnerability in Wptexture Image Slider Slideshow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Slider Slideshow: from n/a through 1.8.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-22489 - WordPress Image Slider Slideshow plugin <= 1.8 - insecure direct object references (idor) vulnerability",
"Content": "CVE ID : CVE-2026-22489
Published : Jan. 8, 2026, 4:33 p.m. | 20 minutes ago
Description : Authorization Bypass Through User-Controlled Key vulnerability in Wptexture Image Slider Slideshow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Slider Slideshow: from n/a through 1.8.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-22490 - WordPress Bulk Landing Page Creator for WordPress LPagery plugin <= 2.4.9 - broken access control vulnerability",
"Content": "CVE ID : CVE-2026-22490
Published : Jan. 8, 2026, 4:24 p.m. | 29 minutes ago
Description : Missing Authorization vulnerability in niklaslindemann Bulk Landing Page Creator for WordPress LPagery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk Landing Page Creator for WordPress LPagery: from n/a through 2.4.9.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-22490 - WordPress Bulk Landing Page Creator for WordPress LPagery plugin <= 2.4.9 - broken access control vulnerability",
"Content": "CVE ID : CVE-2026-22490
Published : Jan. 8, 2026, 4:24 p.m. | 29 minutes ago
Description : Missing Authorization vulnerability in niklaslindemann Bulk Landing Page Creator for WordPress LPagery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk Landing Page Creator for WordPress LPagery: from n/a through 2.4.9.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-22492 - WordPress Docket Cache plugin <= 24.07.04 - broken access control vulnerability",
"Content": "CVE ID : CVE-2026-22492
Published : Jan. 8, 2026, 4:23 p.m. | 30 minutes ago
Description : Missing Authorization vulnerability in Nawawi Jamili Docket Cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Docket Cache: from n/a through 24.07.04.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-22492 - WordPress Docket Cache plugin <= 24.07.04 - broken access control vulnerability",
"Content": "CVE ID : CVE-2026-22492
Published : Jan. 8, 2026, 4:23 p.m. | 30 minutes ago
Description : Missing Authorization vulnerability in Nawawi Jamili Docket Cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Docket Cache: from n/a through 24.07.04.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-22517 - WordPress GA4WP: Google Analytics for WordPress plugin <= 2.10.0 - broken access control vulnerability",
"Content": "CVE ID : CVE-2026-22517
Published : Jan. 8, 2026, 4:22 p.m. | 31 minutes ago
Description : Missing Authorization vulnerability in Passionate Brains GA4WP: Google Analytics for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GA4WP: Google Analytics for WordPress: from n/a through 2.10.0.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-22517 - WordPress GA4WP: Google Analytics for WordPress plugin <= 2.10.0 - broken access control vulnerability",
"Content": "CVE ID : CVE-2026-22517
Published : Jan. 8, 2026, 4:22 p.m. | 31 minutes ago
Description : Missing Authorization vulnerability in Passionate Brains GA4WP: Google Analytics for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GA4WP: Google Analytics for WordPress: from n/a through 2.10.0.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-0671 - Multiple stored i18n/message-key XSSes in UploadWizard",
"Content": "CVE ID : CVE-2026-0671
Published : Jan. 8, 2026, 4:21 p.m. | 32 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki - UploadWizard extension allows Cross-Site Scripting (XSS).This issue affects MediaWiki - UploadWizard extension: 1.45, 1.44, 1.43, 1.39.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-0671 - Multiple stored i18n/message-key XSSes in UploadWizard",
"Content": "CVE ID : CVE-2026-0671
Published : Jan. 8, 2026, 4:21 p.m. | 32 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki - UploadWizard extension allows Cross-Site Scripting (XSS).This issue affects MediaWiki - UploadWizard extension: 1.45, 1.44, 1.43, 1.39.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-22518 - WordPress X Addons for Elementor plugin <= 1.0.23 - cross site scripting (xss) vulnerability",
"Content": "CVE ID : CVE-2026-22518
Published : Jan. 8, 2026, 4:21 p.m. | 32 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pencilwp X Addons for Elementor allows DOM-Based XSS.This issue affects X Addons for Elementor: from n/a through 1.0.23.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-22518 - WordPress X Addons for Elementor plugin <= 1.0.23 - cross site scripting (xss) vulnerability",
"Content": "CVE ID : CVE-2026-22518
Published : Jan. 8, 2026, 4:21 p.m. | 32 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pencilwp X Addons for Elementor allows DOM-Based XSS.This issue affects X Addons for Elementor: from n/a through 1.0.23.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-22519 - WordPress MediaPress plugin <= 1.6.2 - cross site scripting (xss) vulnerability",
"Content": "CVE ID : CVE-2026-22519
Published : Jan. 8, 2026, 4:19 p.m. | 33 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BuddyDev MediaPress allows Stored XSS.This issue affects MediaPress: from n/a through 1.6.2.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-22519 - WordPress MediaPress plugin <= 1.6.2 - cross site scripting (xss) vulnerability",
"Content": "CVE ID : CVE-2026-22519
Published : Jan. 8, 2026, 4:19 p.m. | 33 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BuddyDev MediaPress allows Stored XSS.This issue affects MediaPress: from n/a through 1.6.2.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-22521 - WordPress Handmade Framework plugin <= 3.9 - local file inclusion vulnerability",
"Content": "CVE ID : CVE-2026-22521
Published : Jan. 8, 2026, 4:18 p.m. | 35 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in G5Theme Handmade Framework allows PHP Local File Inclusion.This issue affects Handmade Framework: from n/a through 3.9.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-22521 - WordPress Handmade Framework plugin <= 3.9 - local file inclusion vulnerability",
"Content": "CVE ID : CVE-2026-22521
Published : Jan. 8, 2026, 4:18 p.m. | 35 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in G5Theme Handmade Framework allows PHP Local File Inclusion.This issue affects Handmade Framework: from n/a through 3.9.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-59469 - "HP Data Protector Root Privilege Escalation"",
"Content": "CVE ID : CVE-2025-59469
Published : Jan. 8, 2026, 4:18 p.m. | 35 minutes ago
Description : This vulnerability allows a Backup or Tape Operator to write files as root.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-59469 - "HP Data Protector Root Privilege Escalation"",
"Content": "CVE ID : CVE-2025-59469
Published : Jan. 8, 2026, 4:18 p.m. | 35 minutes ago
Description : This vulnerability allows a Backup or Tape Operator to write files as root.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-55125 - HP Data Protector Root Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-55125
Published : Jan. 8, 2026, 4:18 p.m. | 35 minutes ago
Description : This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as root by creating a malicious
backup configuration file.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-55125 - HP Data Protector Root Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-55125
Published : Jan. 8, 2026, 4:18 p.m. | 35 minutes ago
Description : This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as root by creating a malicious
backup configuration file.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-59468 - Postgres Backup Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-59468
Published : Jan. 8, 2026, 4:18 p.m. | 35 minutes ago
Description : This vulnerability allows a Backup Administrator to perform remote code execution (RCE) as the postgres user by sending a
malicious password parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-59468 - Postgres Backup Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-59468
Published : Jan. 8, 2026, 4:18 p.m. | 35 minutes ago
Description : This vulnerability allows a Backup Administrator to perform remote code execution (RCE) as the postgres user by sending a
malicious password parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-59470 - Postgres Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-59470
Published : Jan. 8, 2026, 4:18 p.m. | 35 minutes ago
Description : This vulnerability allows a Backup Operator to perform remote code execution (RCE) as the postgres user by sending a malicious interval or order parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-59470 - Postgres Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-59470
Published : Jan. 8, 2026, 4:18 p.m. | 35 minutes ago
Description : This vulnerability allows a Backup Operator to perform remote code execution (RCE) as the postgres user by sending a malicious interval or order parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-22522 - WordPress Block Slider plugin <= 2.2.3 - broken access control vulnerability",
"Content": "CVE ID : CVE-2026-22522
Published : Jan. 8, 2026, 4:17 p.m. | 36 minutes ago
Description : Missing Authorization vulnerability in Munir Kamal Block Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Block Slider: from n/a through 2.2.3.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-22522 - WordPress Block Slider plugin <= 2.2.3 - broken access control vulnerability",
"Content": "CVE ID : CVE-2026-22522
Published : Jan. 8, 2026, 4:17 p.m. | 36 minutes ago
Description : Missing Authorization vulnerability in Munir Kamal Block Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Block Slider: from n/a through 2.2.3.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-22255 - iccDEV has heap-buffer-overflow in CIccCLUT::Init() at IccProfLib/IccTagLut.cpp",
"Content": "CVE ID : CVE-2026-22255
Published : Jan. 8, 2026, 4:16 p.m. | 37 minutes ago
Description : iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a heap-buffer-overflow vulnerability in `CIccCLUT::Init()` at `IccProfLib/IccTagLut.cpp`. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-22255 - iccDEV has heap-buffer-overflow in CIccCLUT::Init() at IccProfLib/IccTagLut.cpp",
"Content": "CVE ID : CVE-2026-22255
Published : Jan. 8, 2026, 4:16 p.m. | 37 minutes ago
Description : iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a heap-buffer-overflow vulnerability in `CIccCLUT::Init()` at `IccProfLib/IccTagLut.cpp`. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-22244 - OpenMetadata Server-Side Template Injection (SSTI) in FreeMarker email templates that leads to RCE",
"Content": "CVE ID : CVE-2026-22244
Published : Jan. 8, 2026, 4:16 p.m. | 37 minutes ago
Description : OpenMetadata is a unified metadata platform. Versions prior to 1.11.4 are vulnerable to remote code execution via Server-Side Template Injection (SSTI) in FreeMarker email templates. An attacker must have administrative privileges to exploit the vulnerability. Version 1.11.4 contains a patch.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-22244 - OpenMetadata Server-Side Template Injection (SSTI) in FreeMarker email templates that leads to RCE",
"Content": "CVE ID : CVE-2026-22244
Published : Jan. 8, 2026, 4:16 p.m. | 37 minutes ago
Description : OpenMetadata is a unified metadata platform. Versions prior to 1.11.4 are vulnerable to remote code execution via Server-Side Template Injection (SSTI) in FreeMarker email templates. An attacker must have administrative privileges to exploit the vulnerability. Version 1.11.4 contains a patch.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2026-22245 - Mastodon has SSRF Protection bypass",
"Content": "CVE ID : CVE-2026-22245
Published : Jan. 8, 2026, 4:16 p.m. | 37 minutes ago
Description : Mastodon is a free, open-source social network server based on ActivityPub. By nature, Mastodon performs a lot of outbound requests to user-provided domains. Mastodon, however, has some protection mechanism to disallow requests to local IP addresses (unless specified in `ALLOWED_PRIVATE_ADDRESSES`) to avoid the "confused deputy" problem. The list of disallowed IP address ranges was lacking some IP address ranges that can be used to reach local IP addresses. An attacker can use an IP address in the affected ranges to make Mastodon perform HTTP requests against loopback or local network hosts, potentially allowing access to otherwise private resources and services. This is fixed in Mastodon v4.5.4, v4.4.11, v4.3.17 and v4.2.29.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2026-22245 - Mastodon has SSRF Protection bypass",
"Content": "CVE ID : CVE-2026-22245
Published : Jan. 8, 2026, 4:16 p.m. | 37 minutes ago
Description : Mastodon is a free, open-source social network server based on ActivityPub. By nature, Mastodon performs a lot of outbound requests to user-provided domains. Mastodon, however, has some protection mechanism to disallow requests to local IP addresses (unless specified in `ALLOWED_PRIVATE_ADDRESSES`) to avoid the "confused deputy" problem. The list of disallowed IP address ranges was lacking some IP address ranges that can be used to reach local IP addresses. An attacker can use an IP address in the affected ranges to make Mastodon perform HTTP requests against loopback or local network hosts, potentially allowing access to otherwise private resources and services. This is fixed in Mastodon v4.5.4, v4.4.11, v4.3.17 and v4.2.29.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Jan 2026",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹