CVE-2025-64123 - Nuvation Energy Multi-Stack Controller Proxy service allows arbitrary BMS access
CVE ID : CVE-2025-64123
Published : Jan. 2, 2026, 10:15 p.m. | 3 hours, 19 minutes ago
Description : Unintended Proxy or Intermediary vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows Network Boundary Bridging.This issue affects Multi-Stack Controller (MSC): through and including release 2.5.1.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64123
Published : Jan. 2, 2026, 10:15 p.m. | 3 hours, 19 minutes ago
Description : Unintended Proxy or Intermediary vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows Network Boundary Bridging.This issue affects Multi-Stack Controller (MSC): through and including release 2.5.1.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64124 - Nuvation Energy Multi-Stack Controller OS Command Injection
CVE ID : CVE-2025-64124
Published : Jan. 3, 2026, 1:15 a.m. | 19 minutes ago
Description : Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows OS Command Injection.This issue affects Multi-Stack Controller (MSC): before 2.5.1.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64124
Published : Jan. 3, 2026, 1:15 a.m. | 19 minutes ago
Description : Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows OS Command Injection.This issue affects Multi-Stack Controller (MSC): before 2.5.1.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64125 - Nuvation Energy nCloud Client-to-Client Communication
CVE ID : CVE-2025-64125
Published : Jan. 3, 2026, 1:15 a.m. | 19 minutes ago
Description : A vulnerability in Nuvation Energy nCloud VPN Service allowed Network Boundary Bridging.This issue affected the nCloud VPN Service and was fixed on 2025-12-1 (December, 2025). End users do not have to take any action to mitigate the issue.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64125
Published : Jan. 3, 2026, 1:15 a.m. | 19 minutes ago
Description : A vulnerability in Nuvation Energy nCloud VPN Service allowed Network Boundary Bridging.This issue affected the nCloud VPN Service and was fixed on 2025-12-1 (December, 2025). End users do not have to take any action to mitigate the issue.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21484 - AnythingLLM Vulnerable to Username Enumeration w/ Password Recovery
CVE ID : CVE-2026-21484
Published : Jan. 3, 2026, 2:15 a.m. | 5 hours, 21 minutes ago
Description : AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to commit e287fab56089cf8fcea9ba579a3ecdeca0daa313, the password recovery endpoint returns different error messages depending on whether a username exists, so enabling username enumeration. Commit e287fab56089cf8fcea9ba579a3ecdeca0daa313 fixes this issue.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21484
Published : Jan. 3, 2026, 2:15 a.m. | 5 hours, 21 minutes ago
Description : AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to commit e287fab56089cf8fcea9ba579a3ecdeca0daa313, the password recovery endpoint returns different error messages depending on whether a username exists, so enabling username enumeration. Commit e287fab56089cf8fcea9ba579a3ecdeca0daa313 fixes this issue.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21644 - Apache HTTP Server Unvalidated Redirect
CVE ID : CVE-2026-21644
Published : Jan. 3, 2026, 4:15 a.m. | 3 hours, 20 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21644
Published : Jan. 3, 2026, 4:15 a.m. | 3 hours, 20 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21645 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2026-21645
Published : Jan. 3, 2026, 4:15 a.m. | 3 hours, 20 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21645
Published : Jan. 3, 2026, 4:15 a.m. | 3 hours, 20 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21646 - Apache HTTP Server Remote Code Execution
CVE ID : CVE-2026-21646
Published : Jan. 3, 2026, 4:15 a.m. | 3 hours, 20 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21646
Published : Jan. 3, 2026, 4:15 a.m. | 3 hours, 20 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21647 - Apple iPhone Cross-Site Request Forgery
CVE ID : CVE-2026-21647
Published : Jan. 3, 2026, 4:15 a.m. | 3 hours, 20 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21647
Published : Jan. 3, 2026, 4:15 a.m. | 3 hours, 20 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21648 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2026-21648
Published : Jan. 3, 2026, 4:15 a.m. | 3 hours, 20 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21648
Published : Jan. 3, 2026, 4:15 a.m. | 3 hours, 20 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21649 - Adobe Flash Code Execution Vulnerability
CVE ID : CVE-2026-21649
Published : Jan. 3, 2026, 4:15 a.m. | 3 hours, 20 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21649
Published : Jan. 3, 2026, 4:15 a.m. | 3 hours, 20 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21650 - Apache HTTP Server Cross-Site Request Forgery
CVE ID : CVE-2026-21650
Published : Jan. 3, 2026, 4:15 a.m. | 3 hours, 20 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21650
Published : Jan. 3, 2026, 4:15 a.m. | 3 hours, 20 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21651 - NVIDIA GPU Driver Uninitialized Memory
CVE ID : CVE-2026-21651
Published : Jan. 3, 2026, 4:15 a.m. | 3 hours, 20 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21651
Published : Jan. 3, 2026, 4:15 a.m. | 3 hours, 20 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21652 - Apache HTTP Server Cross-Site Request Forgery
CVE ID : CVE-2026-21652
Published : Jan. 3, 2026, 4:15 a.m. | 3 hours, 20 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21652
Published : Jan. 3, 2026, 4:15 a.m. | 3 hours, 20 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-15115 - Petlibro Smart Pet Feeder Platform through 1.7.31 Authentication Bypass via API endpoint
CVE ID : CVE-2025-15115
Published : Jan. 4, 2026, 12:15 a.m. | 3 hours, 25 minutes ago
Description : Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an authentication bypass vulnerability that allows unauthenticated attackers to access any user account by exploiting OAuth token validation flaws in the social login system. Attackers can send requests to /member/auth/thirdLogin with arbitrary Google IDs and phoneBrand parameters to obtain full session tokens and account access without proper OAuth verification.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-15115
Published : Jan. 4, 2026, 12:15 a.m. | 3 hours, 25 minutes ago
Description : Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an authentication bypass vulnerability that allows unauthenticated attackers to access any user account by exploiting OAuth token validation flaws in the social login system. Attackers can send requests to /member/auth/thirdLogin with arbitrary Google IDs and phoneBrand parameters to obtain full session tokens and account access without proper OAuth verification.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3646 - Petlibro Smart Pet Feeder Platform through 1.7.31 Authorization Bypass via Device Share API
CVE ID : CVE-2025-3646
Published : Jan. 4, 2026, 12:15 a.m. | 3 hours, 24 minutes ago
Description : Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an authorization bypass vulnerability that allows unauthorized users to add users as shared owners to any device by exploiting missing permission checks. Attackers can send requests to the device share API to gain unauthorized access to devices and view owner information without proper authorization validation.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3646
Published : Jan. 4, 2026, 12:15 a.m. | 3 hours, 24 minutes ago
Description : Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an authorization bypass vulnerability that allows unauthorized users to add users as shared owners to any device by exploiting missing permission checks. Attackers can send requests to the device share API to gain unauthorized access to devices and view owner information without proper authorization validation.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3652 - Petlibro Smart Pet Feeder Platform through 1.7.31 Audio Information Disclosure via API endpoint
CVE ID : CVE-2025-3652
Published : Jan. 4, 2026, 12:15 a.m. | 3 hours, 24 minutes ago
Description : Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an information disclosure vulnerability that allows unauthorized access to private audio recordings by exploiting sequential audio IDs and insecure assignment endpoints. Attackers can send requests to /device/deviceAudio/use with arbitrary audio IDs to assign recordings to any device, then retrieve audio URLs to access other users' private recordings.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3652
Published : Jan. 4, 2026, 12:15 a.m. | 3 hours, 24 minutes ago
Description : Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an information disclosure vulnerability that allows unauthorized access to private audio recordings by exploiting sequential audio IDs and insecure assignment endpoints. Attackers can send requests to /device/deviceAudio/use with arbitrary audio IDs to assign recordings to any device, then retrieve audio URLs to access other users' private recordings.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3653 - Petlibro Smart Pet Feeder through 1.7.31 Platform Improper Access Control via API endpoint
CVE ID : CVE-2025-3653
Published : Jan. 4, 2026, 12:15 a.m. | 3 hours, 24 minutes ago
Description : Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an improper access control vulnerability that allows unauthorized device manipulation by accepting arbitrary serial numbers without ownership verification. Attackers can control any device by sending serial numbers to device control APIs to change feeding schedules, trigger manual feeds, access camera feeds, and modify device settings without authorization checks.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3653
Published : Jan. 4, 2026, 12:15 a.m. | 3 hours, 24 minutes ago
Description : Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an improper access control vulnerability that allows unauthorized device manipulation by accepting arbitrary serial numbers without ownership verification. Attackers can control any device by sending serial numbers to device control APIs to change feeding schedules, trigger manual feeds, access camera feeds, and modify device settings without authorization checks.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3654 - Petlibro Smart Pet Feeder Platform through 1.7.31 Information Disclosure via API endpoint
CVE ID : CVE-2025-3654
Published : Jan. 4, 2026, 12:15 a.m. | 3 hours, 24 minutes ago
Description : Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an information disclosure vulnerability that allows unauthorized access to device hardware information by exploiting insecure API endpoints. Attackers can retrieve device serial numbers and MAC addresses through /device/devicePetRelation/getBoundDevices using pet IDs, enabling full device control without proper authorization checks.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3654
Published : Jan. 4, 2026, 12:15 a.m. | 3 hours, 24 minutes ago
Description : Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an information disclosure vulnerability that allows unauthorized access to device hardware information by exploiting insecure API endpoints. Attackers can retrieve device serial numbers and MAC addresses through /device/devicePetRelation/getBoundDevices using pet IDs, enabling full device control without proper authorization checks.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3660 - Petlibro Smart Pet Feeder Platform through 1.7.31 Broken Access Control via API endpoint
CVE ID : CVE-2025-3660
Published : Jan. 4, 2026, 12:15 a.m. | 3 hours, 24 minutes ago
Description : Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains a broken access control vulnerability that allows authenticated users to access other users' pet data by exploiting missing ownership verification. Attackers can send requests to /member/pet/detailV2 with arbitrary pet IDs to retrieve sensitive information including pet details, member IDs, and avatar URLs without proper authorization checks.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3660
Published : Jan. 4, 2026, 12:15 a.m. | 3 hours, 24 minutes ago
Description : Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains a broken access control vulnerability that allows authenticated users to access other users' pet data by exploiting missing ownership verification. Attackers can send requests to /member/pet/detailV2 with arbitrary pet IDs to retrieve sensitive information including pet details, member IDs, and avatar URLs without proper authorization checks.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0574 - yeqifu warehouse Request UserController.java saveUserRole improper authorization
CVE ID : CVE-2026-0574
Published : Jan. 4, 2026, 2:15 a.m. | 1 hour, 25 minutes ago
Description : A weakness has been identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function saveUserRole of the file warehouse\src\main\java\com\yeqifu\sys\controller\UserController.java of the component Request Handler. This manipulation causes improper authorization. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0574
Published : Jan. 4, 2026, 2:15 a.m. | 1 hour, 25 minutes ago
Description : A weakness has been identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function saveUserRole of the file warehouse\src\main\java\com\yeqifu\sys\controller\UserController.java of the component Request Handler. This manipulation causes improper authorization. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0575 - code-projects Online Product Reservation System Administrator Login adminlogin.php sql injection
CVE ID : CVE-2026-0575
Published : Jan. 4, 2026, 6:15 a.m. | 1 hour, 24 minutes ago
Description : A security vulnerability has been detected in code-projects Online Product Reservation System 1.0. This impacts an unknown function of the file /handgunner-administrator/adminlogin.php of the component Administrator Login. Such manipulation of the argument emailadd/pass leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0575
Published : Jan. 4, 2026, 6:15 a.m. | 1 hour, 24 minutes ago
Description : A security vulnerability has been detected in code-projects Online Product Reservation System 1.0. This impacts an unknown function of the file /handgunner-administrator/adminlogin.php of the component Administrator Login. Such manipulation of the argument emailadd/pass leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...