CVE-2025-34169 - Apache SSH Denial of Service
CVE ID : CVE-2025-34169
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34169
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34170 - Apache HTTP Server Remote Code Execution
CVE ID : CVE-2025-34170
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34170
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34171 - Apache HTTP Server Remote Code Execution
CVE ID : CVE-2025-34171
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34171
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34213 - Apache HTTP Server Denial of Service
CVE ID : CVE-2025-34213
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34213
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34214 - Apache HTTP Server Remote Code Execution
CVE ID : CVE-2025-34214
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34214
Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago
Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-69416 - Plex Media Server Device Token Information Disclosure Vulnerability
CVE ID : CVE-2025-69416
Published : Jan. 2, 2026, 5:16 p.m. | 4 hours, 15 minutes ago
Description : In the plex.tv backend for Plex Media Server (PMS) through 2025-12-31, a non-server device token can retrieve other tokens (intended for unrelated access) via clients.plex.tv/devices.xml.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-69416
Published : Jan. 2, 2026, 5:16 p.m. | 4 hours, 15 minutes ago
Description : In the plex.tv backend for Plex Media Server (PMS) through 2025-12-31, a non-server device token can retrieve other tokens (intended for unrelated access) via clients.plex.tv/devices.xml.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-69417 - Plex Media Server Unauthorized Share Token Disclosure
CVE ID : CVE-2025-69417
Published : Jan. 2, 2026, 5:16 p.m. | 4 hours, 15 minutes ago
Description : In the plex.tv backend for Plex Media Server (PMS) through 2025-12-31, a non-server device token can retrieve share tokens (intended for unrelated access) via a shared_servers endpoint.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-69417
Published : Jan. 2, 2026, 5:16 p.m. | 4 hours, 15 minutes ago
Description : In the plex.tv backend for Plex Media Server (PMS) through 2025-12-31, a non-server device token can retrieve share tokens (intended for unrelated access) via a shared_servers endpoint.
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0566 - code-projects Content Management System edit_posts.php unrestricted upload
CVE ID : CVE-2026-0566
Published : Jan. 2, 2026, 5:16 p.m. | 4 hours, 15 minutes ago
Description : A security vulnerability has been detected in code-projects Content Management System 1.0. Impacted is an unknown function of the file /admin/edit_posts.php. The manipulation of the argument image leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0566
Published : Jan. 2, 2026, 5:16 p.m. | 4 hours, 15 minutes ago
Description : A security vulnerability has been detected in code-projects Content Management System 1.0. Impacted is an unknown function of the file /admin/edit_posts.php. The manipulation of the argument image leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0567 - code-projects Content Management System pages.php sql injection
CVE ID : CVE-2026-0567
Published : Jan. 2, 2026, 6:15 p.m. | 3 hours, 16 minutes ago
Description : A vulnerability was detected in code-projects Content Management System 1.0. The affected element is an unknown function of the file /pages.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is now public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0567
Published : Jan. 2, 2026, 6:15 p.m. | 3 hours, 16 minutes ago
Description : A vulnerability was detected in code-projects Content Management System 1.0. The affected element is an unknown function of the file /pages.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is now public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0568 - code-projects Online Music Site ViewSongs.php sql injection
CVE ID : CVE-2026-0568
Published : Jan. 2, 2026, 6:15 p.m. | 3 hours, 16 minutes ago
Description : A flaw has been found in code-projects Online Music Site 1.0. The impacted element is an unknown function of the file /Frontend/ViewSongs.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0568
Published : Jan. 2, 2026, 6:15 p.m. | 3 hours, 16 minutes ago
Description : A flaw has been found in code-projects Online Music Site 1.0. The impacted element is an unknown function of the file /Frontend/ViewSongs.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21429 - Emlog has Broken Access Control (BAC)
CVE ID : CVE-2026-21429
Published : Jan. 2, 2026, 6:15 p.m. | 3 hours, 16 minutes ago
Description : Emlog is an open source website building system. In version 2.5.23, the admin can set controls which makes users unable to edit or delete their articles after publishing them. As of time of publication, no known patched versions are available.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21429
Published : Jan. 2, 2026, 6:15 p.m. | 3 hours, 16 minutes ago
Description : Emlog is an open source website building system. In version 2.5.23, the admin can set controls which makes users unable to edit or delete their articles after publishing them. As of time of publication, no known patched versions are available.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0569 - code-projects Online Music Site AlbumByCategory.php sql injection
CVE ID : CVE-2026-0569
Published : Jan. 2, 2026, 7:15 p.m. | 2 hours, 16 minutes ago
Description : A vulnerability has been found in code-projects Online Music Site 1.0. This affects an unknown function of the file /Frontend/AlbumByCategory.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0569
Published : Jan. 2, 2026, 7:15 p.m. | 2 hours, 16 minutes ago
Description : A vulnerability has been found in code-projects Online Music Site 1.0. This affects an unknown function of the file /Frontend/AlbumByCategory.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0570 - code-projects Online Music Site Feedback.php sql injection
CVE ID : CVE-2026-0570
Published : Jan. 2, 2026, 7:15 p.m. | 2 hours, 16 minutes ago
Description : A vulnerability was found in code-projects Online Music Site 1.0. This impacts an unknown function of the file /Frontend/Feedback.php. Performing manipulation of the argument fname results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0570
Published : Jan. 2, 2026, 7:15 p.m. | 2 hours, 16 minutes ago
Description : A vulnerability was found in code-projects Online Music Site 1.0. This impacts an unknown function of the file /Frontend/Feedback.php. Performing manipulation of the argument fname results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21430 - Emlog: CSRF chained with stored XSS leads to ATO
CVE ID : CVE-2026-21430
Published : Jan. 2, 2026, 7:15 p.m. | 2 hours, 16 minutes ago
Description : Emlog is an open source website building system. In version 2.5.23, article creation functionality is vulnerable to cross-site request forgery (CSRF). This can lead to a user being forced to post an article with arbitrary, attacker-controlled content. This, when combined with stored cross-site scripting, leads to account takeover. As of time of publication, no known patched versions are available.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21430
Published : Jan. 2, 2026, 7:15 p.m. | 2 hours, 16 minutes ago
Description : Emlog is an open source website building system. In version 2.5.23, article creation functionality is vulnerable to cross-site request forgery (CSRF). This can lead to a user being forced to post an article with arbitrary, attacker-controlled content. This, when combined with stored cross-site scripting, leads to account takeover. As of time of publication, no known patched versions are available.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21431 - Emlog vulnerable to stored Cross-site Scripting via image name
CVE ID : CVE-2026-21431
Published : Jan. 2, 2026, 7:15 p.m. | 2 hours, 16 minutes ago
Description : Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability in the `Resource media library ` function while publishing an article. As of time of publication, no known patched versions are available.
Severity: 2.0 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21431
Published : Jan. 2, 2026, 7:15 p.m. | 2 hours, 16 minutes ago
Description : Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability in the `Resource media library ` function while publishing an article. As of time of publication, no known patched versions are available.
Severity: 2.0 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21432 - Emlog has stored Cross-site Scripting issue that can lead to admin or another account ATO
CVE ID : CVE-2026-21432
Published : Jan. 2, 2026, 7:15 p.m. | 2 hours, 16 minutes ago
Description : Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability that can lead to account takeover, including takeover of admin accounts. As of time of publication, no known patched versions are available.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21432
Published : Jan. 2, 2026, 7:15 p.m. | 2 hours, 16 minutes ago
Description : Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability that can lead to account takeover, including takeover of admin accounts. As of time of publication, no known patched versions are available.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21433 - Emlog vulnerable to Server-Side Request Forgery (SSRF)
CVE ID : CVE-2026-21433
Published : Jan. 2, 2026, 7:15 p.m. | 2 hours, 16 minutes ago
Description : Emlog is an open source website building system. Versions up to and including 2.5.19 are vulnerable to server-side Out-of-Band (OOB) requests / SSRF via uploaded SVG files. An attacker can upload a crafted SVG to http[:]//emblog/admin/media[.]php which contains external resource references. When the server processes/renders the SVG (thumbnailing, preview, or sanitization), it issues an HTTP request to the attacker-controlled host. Impact: server-side SSRF/OOB leading to internal network probing and potential metadata/credential exposure. As of time of publication, no known patched versions are available.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21433
Published : Jan. 2, 2026, 7:15 p.m. | 2 hours, 16 minutes ago
Description : Emlog is an open source website building system. Versions up to and including 2.5.19 are vulnerable to server-side Out-of-Band (OOB) requests / SSRF via uploaded SVG files. An attacker can upload a crafted SVG to http[:]//emblog/admin/media[.]php which contains external resource references. When the server processes/renders the SVG (thumbnailing, preview, or sanitization), it issues an HTTP request to the attacker-controlled host. Impact: server-side SSRF/OOB leading to internal network probing and potential metadata/credential exposure. As of time of publication, no known patched versions are available.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21440 - AdonisJS Path Traversal in Multipart File Handling
CVE ID : CVE-2026-21440
Published : Jan. 2, 2026, 7:15 p.m. | 2 hours, 16 minutes ago
Description : AdonisJS is a TypeScript-first web framework. A Path Traversal vulnerability in AdonisJS multipart file handling may allow a remote attacker to write arbitrary files to arbitrary locations on the server filesystem. This impacts @adonisjs/bodyparser through version 10.1.1 and 11.x prerelease versions prior to 11.0.0-next.6. This issue has been patched in @adonisjs/bodyparser versions 10.1.2 and 11.0.0-next.6.
Severity: 9.2 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21440
Published : Jan. 2, 2026, 7:15 p.m. | 2 hours, 16 minutes ago
Description : AdonisJS is a TypeScript-first web framework. A Path Traversal vulnerability in AdonisJS multipart file handling may allow a remote attacker to write arbitrary files to arbitrary locations on the server filesystem. This impacts @adonisjs/bodyparser through version 10.1.1 and 11.x prerelease versions prior to 11.0.0-next.6. This issue has been patched in @adonisjs/bodyparser versions 10.1.2 and 11.0.0-next.6.
Severity: 9.2 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21444 - libtpms returns wrong initialization vector when certain symmetric ciphers are used
CVE ID : CVE-2026-21444
Published : Jan. 2, 2026, 7:15 p.m. | 2 hours, 16 minutes ago
Description : libtpms, a library that provides software emulation of a Trusted Platform Module, has a flaw in versions 0.10.0 and 0.10.1. The commonly used integration of libtpms with OpenSSL 3.x contained a vulnerability related to the returned IV (initialization vector) when certain symmetric ciphers were used. Instead of returning the last IV it returned the initial IV to the caller, thus weakening the subsequent encryption and decryption steps. The highest threat from this vulnerability is to data confidentiality. Version 0.10.2 fixes the issue. No known workarounds are available.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21444
Published : Jan. 2, 2026, 7:15 p.m. | 2 hours, 16 minutes ago
Description : libtpms, a library that provides software emulation of a Trusted Platform Module, has a flaw in versions 0.10.0 and 0.10.1. The commonly used integration of libtpms with OpenSSL 3.x contained a vulnerability related to the returned IV (initialization vector) when certain symmetric ciphers were used. Instead of returning the last IV it returned the initial IV to the caller, thus weakening the subsequent encryption and decryption steps. The highest threat from this vulnerability is to data confidentiality. Version 0.10.2 fixes the issue. No known workarounds are available.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0571 - yeqifu warehouse AppFileUtils.java createResponseEntity path traversal
CVE ID : CVE-2026-0571
Published : Jan. 2, 2026, 8:16 p.m. | 1 hour, 15 minutes ago
Description : A security flaw has been discovered in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this issue is the function createResponseEntity of the file warehouse\src\main\java\com\yeqifu\sys\common\AppFileUtils.java. The manipulation of the argument path results in path traversal. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0571
Published : Jan. 2, 2026, 8:16 p.m. | 1 hour, 15 minutes ago
Description : A security flaw has been discovered in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this issue is the function createResponseEntity of the file warehouse\src\main\java\com\yeqifu\sys\common\AppFileUtils.java. The manipulation of the argument path results in path traversal. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21445 - Langflow Missing Authentication on Critical API Endpoints
CVE ID : CVE-2026-21445
Published : Jan. 2, 2026, 8:16 p.m. | 1 hour, 15 minutes ago
Description : Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0.dev45, multiple critical API endpoints in Langflow are missing authentication controls. The issue allows any unauthenticated user to access sensitive user conversation data, transaction histories, and perform destructive operations including message deletion. This affects endpoints handling personal data and system operations that should require proper authorization. Version 1.7.0.dev45 contains a patch.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21445
Published : Jan. 2, 2026, 8:16 p.m. | 1 hour, 15 minutes ago
Description : Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0.dev45, multiple critical API endpoints in Langflow are missing authentication controls. The issue allows any unauthenticated user to access sensitive user conversation data, transaction histories, and perform destructive operations including message deletion. This affects endpoints handling personal data and system operations that should require proper authorization. Version 1.7.0.dev45 contains a patch.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...