CVE-2025-67269 - GPSD Integer Underflow Vulnerability
CVE ID : CVE-2025-67269
Published : Jan. 2, 2026, 4:17 p.m. | 1 hour, 13 minutes ago
Description : An integer underflow vulnerability exists in the `nextstate()` function in `gpsd/packet.c` of gpsd versions prior to commit `ffa1d6f40bca0b035fc7f5e563160ebb67199da7`. When parsing a NAVCOM packet, the payload length is calculated using `lexer->length = (size_t)c - 4` without checking if the input byte `c` is less than 4. This results in an unsigned integer underflow, setting `lexer->length` to a very large value (near `SIZE_MAX`). The parser then enters a loop attempting to consume this massive number of bytes, causing 100% CPU utilization and a Denial of Service (DoS) condition.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67269
Published : Jan. 2, 2026, 4:17 p.m. | 1 hour, 13 minutes ago
Description : An integer underflow vulnerability exists in the `nextstate()` function in `gpsd/packet.c` of gpsd versions prior to commit `ffa1d6f40bca0b035fc7f5e563160ebb67199da7`. When parsing a NAVCOM packet, the payload length is calculated using `lexer->length = (size_t)c - 4` without checking if the input byte `c` is less than 4. This results in an unsigned integer underflow, setting `lexer->length` to a very large value (near `SIZE_MAX`). The parser then enters a loop attempting to consume this massive number of bytes, causing 100% CPU utilization and a Denial of Service (DoS) condition.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-69284 - In plane.io, a Guest User to a Workspace can still be able to see list of members
CVE ID : CVE-2025-69284
Published : Jan. 2, 2026, 4:17 p.m. | 1 hour, 13 minutes ago
Description : Plane is an an open-source project management tool. In plane.io, a guest user doesn't have a permission to access https[:]//app[.]plane[.]so/[:]slug/settings. Prior to Plane version 1.2.0, a problem occurs when the `/api/workspaces/:slug/members/` is accessible by guest and able to list of users on a specific workspace that they joined. Since the `display_name` in the response is actually the handler of the email, a malicious guest can still identify admin users' email addresses. Version 1.2.0 fixes this issue.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-69284
Published : Jan. 2, 2026, 4:17 p.m. | 1 hour, 13 minutes ago
Description : Plane is an an open-source project management tool. In plane.io, a guest user doesn't have a permission to access https[:]//app[.]plane[.]so/[:]slug/settings. Prior to Plane version 1.2.0, a problem occurs when the `/api/workspaces/:slug/members/` is accessible by guest and able to list of users on a specific workspace that they joined. Since the `display_name` in the response is actually the handler of the email, a malicious guest can still identify admin users' email addresses. Version 1.2.0 fixes this issue.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9110 - QTS, QuTS hero
CVE ID : CVE-2025-9110
Published : Jan. 2, 2026, 4:17 p.m. | 1 hour, 13 minutes ago
Description : An exposure of sensitive system information to an unauthorized control sphere vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to read application data. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3332 build 20251128 and later QuTS hero h5.2.8.3321 build 20251117 and later QuTS hero h5.3.1.3250 build 20250912 and later
Severity: 2.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9110
Published : Jan. 2, 2026, 4:17 p.m. | 1 hour, 13 minutes ago
Description : An exposure of sensitive system information to an unauthorized control sphere vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to read application data. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3332 build 20251128 and later QuTS hero h5.2.8.3321 build 20251117 and later QuTS hero h5.3.1.3250 build 20250912 and later
Severity: 2.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-15439 - Daptin SQL Injection Vulnerability
CVE ID : CVE-2025-15439
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : A vulnerability was identified in Daptin 0.10.3. Affected by this vulnerability is the function goqu.L of the file server/resource/resource_aggregate.go of the component Aggregate API. The manipulation of the argument column/group/order leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-15439
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : A vulnerability was identified in Daptin 0.10.3. Affected by this vulnerability is the function goqu.L of the file server/resource/resource_aggregate.go of the component Aggregate API. The manipulation of the argument column/group/order leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34094 - Apache HTTP Server Remote Code Execution Vulnerability
CVE ID : CVE-2025-34094
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34094
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34122 - Apache HTTP Server Remote Code Execution
CVE ID : CVE-2025-34122
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34122
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34131 - Apache HTTP Server Remote Code Execution Vulnerability
CVE ID : CVE-2025-34131
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34131
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34137 - Apache HTTP Server XML Entity Injection
CVE ID : CVE-2025-34137
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34137
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34144 - Apache HTTP Server Remote File Inclusion
CVE ID : CVE-2025-34144
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34144
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34145 - Apache HTTP Server Cross-Site Scripting
CVE ID : CVE-2025-34145
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34145
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34166 - Apache HTTP Server Path Traversal
CVE ID : CVE-2025-34166
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34166
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34167 - Apache HTTP Server Cross-Site Request Forgery
CVE ID : CVE-2025-34167
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34167
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34168 - Apache HTTP Server Remote Code Execution
CVE ID : CVE-2025-34168
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34168
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34169 - Apache SSH Denial of Service
CVE ID : CVE-2025-34169
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34169
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34170 - Apache HTTP Server Remote Code Execution
CVE ID : CVE-2025-34170
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34170
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34171 - Apache HTTP Server Remote Code Execution
CVE ID : CVE-2025-34171
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34171
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34213 - Apache HTTP Server Denial of Service
CVE ID : CVE-2025-34213
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34213
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34214 - Apache HTTP Server Remote Code Execution
CVE ID : CVE-2025-34214
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34214
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-69416 - Plex Media Server Device Token Information Disclosure Vulnerability
CVE ID : CVE-2025-69416
Published : Jan. 2, 2026, 5:16 p.m. | 4 hours, 15 minutes ago
Description : In the plex.tv backend for Plex Media Server (PMS) through 2025-12-31, a non-server device token can retrieve other tokens (intended for unrelated access) via clients.plex.tv/devices.xml.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-69416
Published : Jan. 2, 2026, 5:16 p.m. | 4 hours, 15 minutes ago
Description : In the plex.tv backend for Plex Media Server (PMS) through 2025-12-31, a non-server device token can retrieve other tokens (intended for unrelated access) via clients.plex.tv/devices.xml.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-69417 - Plex Media Server Unauthorized Share Token Disclosure
CVE ID : CVE-2025-69417
Published : Jan. 2, 2026, 5:16 p.m. | 4 hours, 15 minutes ago
Description : In the plex.tv backend for Plex Media Server (PMS) through 2025-12-31, a non-server device token can retrieve share tokens (intended for unrelated access) via a shared_servers endpoint.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-69417
Published : Jan. 2, 2026, 5:16 p.m. | 4 hours, 15 minutes ago
Description : In the plex.tv backend for Plex Media Server (PMS) through 2025-12-31, a non-server device token can retrieve share tokens (intended for unrelated access) via a shared_servers endpoint.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0566 - code-projects Content Management System edit_posts.php unrestricted upload
CVE ID : CVE-2026-0566
Published : Jan. 2, 2026, 5:16 p.m. | 4 hours, 15 minutes ago
Description : A security vulnerability has been detected in code-projects Content Management System 1.0. Impacted is an unknown function of the file /admin/edit_posts.php. The manipulation of the argument image leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0566
Published : Jan. 2, 2026, 5:16 p.m. | 4 hours, 15 minutes ago
Description : A security vulnerability has been detected in code-projects Content Management System 1.0. Impacted is an unknown function of the file /admin/edit_posts.php. The manipulation of the argument image leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...