CVE-2025-9110 - QTS, QuTS hero
CVE ID : CVE-2025-9110
Published : Jan. 2, 2026, 4:17 p.m. | 1 hour, 13 minutes ago
Description : An exposure of sensitive system information to an unauthorized control sphere vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to read application data. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3332 build 20251128 and later QuTS hero h5.2.8.3321 build 20251117 and later QuTS hero h5.3.1.3250 build 20250912 and later
Severity: 2.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9110
Published : Jan. 2, 2026, 4:17 p.m. | 1 hour, 13 minutes ago
Description : An exposure of sensitive system information to an unauthorized control sphere vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to read application data. We have already fixed the vulnerability in the following versions: QTS 5.2.8.3332 build 20251128 and later QuTS hero h5.2.8.3321 build 20251117 and later QuTS hero h5.3.1.3250 build 20250912 and later
Severity: 2.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-15439 - Daptin SQL Injection Vulnerability
CVE ID : CVE-2025-15439
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : A vulnerability was identified in Daptin 0.10.3. Affected by this vulnerability is the function goqu.L of the file server/resource/resource_aggregate.go of the component Aggregate API. The manipulation of the argument column/group/order leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-15439
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : A vulnerability was identified in Daptin 0.10.3. Affected by this vulnerability is the function goqu.L of the file server/resource/resource_aggregate.go of the component Aggregate API. The manipulation of the argument column/group/order leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34094 - Apache HTTP Server Remote Code Execution Vulnerability
CVE ID : CVE-2025-34094
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34094
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34122 - Apache HTTP Server Remote Code Execution
CVE ID : CVE-2025-34122
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34122
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34131 - Apache HTTP Server Remote Code Execution Vulnerability
CVE ID : CVE-2025-34131
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34131
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34137 - Apache HTTP Server XML Entity Injection
CVE ID : CVE-2025-34137
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34137
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34144 - Apache HTTP Server Remote File Inclusion
CVE ID : CVE-2025-34144
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34144
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34145 - Apache HTTP Server Cross-Site Scripting
CVE ID : CVE-2025-34145
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34145
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34166 - Apache HTTP Server Path Traversal
CVE ID : CVE-2025-34166
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34166
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34167 - Apache HTTP Server Cross-Site Request Forgery
CVE ID : CVE-2025-34167
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34167
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34168 - Apache HTTP Server Remote Code Execution
CVE ID : CVE-2025-34168
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34168
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34169 - Apache SSH Denial of Service
CVE ID : CVE-2025-34169
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34169
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34170 - Apache HTTP Server Remote Code Execution
CVE ID : CVE-2025-34170
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34170
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34171 - Apache HTTP Server Remote Code Execution
CVE ID : CVE-2025-34171
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34171
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34213 - Apache HTTP Server Denial of Service
CVE ID : CVE-2025-34213
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34213
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34214 - Apache HTTP Server Remote Code Execution
CVE ID : CVE-2025-34214
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34214
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-69416 - Plex Media Server Device Token Information Disclosure Vulnerability
CVE ID : CVE-2025-69416
Published : Jan. 2, 2026, 5:16 p.m. | 4 hours, 15 minutes ago
Description : In the plex.tv backend for Plex Media Server (PMS) through 2025-12-31, a non-server device token can retrieve other tokens (intended for unrelated access) via clients.plex.tv/devices.xml.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-69416
Published : Jan. 2, 2026, 5:16 p.m. | 4 hours, 15 minutes ago
Description : In the plex.tv backend for Plex Media Server (PMS) through 2025-12-31, a non-server device token can retrieve other tokens (intended for unrelated access) via clients.plex.tv/devices.xml.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-69417 - Plex Media Server Unauthorized Share Token Disclosure
CVE ID : CVE-2025-69417
Published : Jan. 2, 2026, 5:16 p.m. | 4 hours, 15 minutes ago
Description : In the plex.tv backend for Plex Media Server (PMS) through 2025-12-31, a non-server device token can retrieve share tokens (intended for unrelated access) via a shared_servers endpoint.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-69417
Published : Jan. 2, 2026, 5:16 p.m. | 4 hours, 15 minutes ago
Description : In the plex.tv backend for Plex Media Server (PMS) through 2025-12-31, a non-server device token can retrieve share tokens (intended for unrelated access) via a shared_servers endpoint.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0566 - code-projects Content Management System edit_posts.php unrestricted upload
CVE ID : CVE-2026-0566
Published : Jan. 2, 2026, 5:16 p.m. | 4 hours, 15 minutes ago
Description : A security vulnerability has been detected in code-projects Content Management System 1.0. Impacted is an unknown function of the file /admin/edit_posts.php. The manipulation of the argument image leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0566
Published : Jan. 2, 2026, 5:16 p.m. | 4 hours, 15 minutes ago
Description : A security vulnerability has been detected in code-projects Content Management System 1.0. Impacted is an unknown function of the file /admin/edit_posts.php. The manipulation of the argument image leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0567 - code-projects Content Management System pages.php sql injection
CVE ID : CVE-2026-0567
Published : Jan. 2, 2026, 6:15 p.m. | 3 hours, 16 minutes ago
Description : A vulnerability was detected in code-projects Content Management System 1.0. The affected element is an unknown function of the file /pages.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is now public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0567
Published : Jan. 2, 2026, 6:15 p.m. | 3 hours, 16 minutes ago
Description : A vulnerability was detected in code-projects Content Management System 1.0. The affected element is an unknown function of the file /pages.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is now public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0568 - code-projects Online Music Site ViewSongs.php sql injection
CVE ID : CVE-2026-0568
Published : Jan. 2, 2026, 6:15 p.m. | 3 hours, 16 minutes ago
Description : A flaw has been found in code-projects Online Music Site 1.0. The impacted element is an unknown function of the file /Frontend/ViewSongs.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0568
Published : Jan. 2, 2026, 6:15 p.m. | 3 hours, 16 minutes ago
Description : A flaw has been found in code-projects Online Music Site 1.0. The impacted element is an unknown function of the file /Frontend/ViewSongs.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...