CVE-2026-0597 - Campcodes Supplier Management System edit_profile.php sql injection
CVE ID : CVE-2026-0597
Published : Jan. 5, 2026, 3:15 p.m. | 2 hours, 30 minutes ago
Description : A flaw has been found in Campcodes Supplier Management System 1.0. Affected by this issue is some unknown functionality of the file /retailer/edit_profile.php. This manipulation of the argument txtRetailerAddress causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0597
Published : Jan. 5, 2026, 3:15 p.m. | 2 hours, 30 minutes ago
Description : A flaw has been found in Campcodes Supplier Management System 1.0. Affected by this issue is some unknown functionality of the file /retailer/edit_profile.php. This manipulation of the argument txtRetailerAddress causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-14346 - WHILL Model C2 and F Power Chairs Bluetooth Authentication Bypass
CVE ID : CVE-2025-14346
Published : Jan. 5, 2026, 4:15 p.m. | 1 hour, 30 minutes ago
Description : WHILL Model C2 Electric Wheelchairs and Model F Power Chairs do not enforce authentication for Bluetooth connections. An attacker within range can pair with the device and issue movement commands, override speed restrictions, and manipulate configuration profiles without any credentials or user interaction.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-14346
Published : Jan. 5, 2026, 4:15 p.m. | 1 hour, 30 minutes ago
Description : WHILL Model C2 Electric Wheelchairs and Model F Power Chairs do not enforce authentication for Bluetooth connections. An attacker within range can pair with the device and issue movement commands, override speed restrictions, and manipulate configuration profiles without any credentials or user interaction.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-65328 - Mega-Fence Webgate-lib Proxy IP Spoofing Vulnerability
CVE ID : CVE-2025-65328
Published : Jan. 5, 2026, 4:15 p.m. | 1 hour, 30 minutes ago
Description : Mega-Fence (webgate-lib.*) 25.1.914 and prior trusts the first value of the X-Forwarded-For (XFF) header as the client IP without validating a trusted proxy chain. An attacker can supply an arbitrary XFF value in a remote request to spoof the client IP, which is then propagated to security-relevant state (e.g., WG_CLIENT_IP cookie). Deployments that rely on this value for IP allowlists may be bypassed.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-65328
Published : Jan. 5, 2026, 4:15 p.m. | 1 hour, 30 minutes ago
Description : Mega-Fence (webgate-lib.*) 25.1.914 and prior trusts the first value of the X-Forwarded-For (XFF) header as the client IP without validating a trusted proxy chain. An attacker can supply an arbitrary XFF value in a remote request to spoof the client IP, which is then propagated to security-relevant state (e.g., WG_CLIENT_IP cookie). Deployments that rely on this value for IP allowlists may be bypassed.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-67303 - ComfyUI-Manager Unprotected Configuration Disclosure
CVE ID : CVE-2025-67303
Published : Jan. 5, 2026, 4:15 p.m. | 1 hour, 30 minutes ago
Description : An issue in ComfyUI-Manager prior to version 3.38 allowed remote attackers to potentially manipulate its configuration and critical data. This was due to the application storing its files in an insufficiently protected location that was accessible via the web interface
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67303
Published : Jan. 5, 2026, 4:15 p.m. | 1 hour, 30 minutes ago
Description : An issue in ComfyUI-Manager prior to version 3.38 allowed remote attackers to potentially manipulate its configuration and critical data. This was due to the application storing its files in an insufficiently protected location that was accessible via the web interface
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-67315 - "Employee Leave Management System CSRF Privilege Escalation"
CVE ID : CVE-2025-67315
Published : Jan. 5, 2026, 4:15 p.m. | 1 hour, 30 minutes ago
Description : Cross Site Request Forgery vulnerability in Employee Leave Management System v.2.1 allows a remote attacker to escalate privileges via the manage-employee.php component
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67315
Published : Jan. 5, 2026, 4:15 p.m. | 1 hour, 30 minutes ago
Description : Cross Site Request Forgery vulnerability in Employee Leave Management System v.2.1 allows a remote attacker to escalate privileges via the manage-employee.php component
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-30461 - WordPress Tumult Hype Animations plugin <= 1.9.11 - CSRF to XSS vulnerability
CVE ID : CVE-2024-30461
Published : Jan. 5, 2026, 5:15 p.m. | 30 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tumult Inc Tumult Hype Animations allows DOM-Based XSS.This issue affects Tumult Hype Animations: from n/a through 1.9.11.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-30461
Published : Jan. 5, 2026, 5:15 p.m. | 30 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tumult Inc Tumult Hype Animations allows DOM-Based XSS.This issue affects Tumult Hype Animations: from n/a through 1.9.11.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-30516 - WordPress Booking Package plugin <= 1.6.27 - Price Manipulation vulnerability
CVE ID : CVE-2024-30516
Published : Jan. 5, 2026, 5:15 p.m. | 30 minutes ago
Description : Improper Validation of Specified Quantity in Input vulnerability in SaasProject Booking Package allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booking Package: from n/a through 1.6.27.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-30516
Published : Jan. 5, 2026, 5:15 p.m. | 30 minutes ago
Description : Improper Validation of Specified Quantity in Input vulnerability in SaasProject Booking Package allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booking Package: from n/a through 1.6.27.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-53735 - WordPress iPhone Webclip Manager plugin <= 0.5 - CSRF to Stored XSS vulnerability
CVE ID : CVE-2024-53735
Published : Jan. 5, 2026, 5:15 p.m. | 30 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Corourke iPhone Webclip Manager allows Stored XSS.This issue affects iPhone Webclip Manager: from n/a through 0.5.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-53735
Published : Jan. 5, 2026, 5:15 p.m. | 30 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Corourke iPhone Webclip Manager allows Stored XSS.This issue affects iPhone Webclip Manager: from n/a through 0.5.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10933 - Silicon Labs Z-Wave Protocol Controller Integer underflow vulnerability leads to out of bounds read
CVE ID : CVE-2025-10933
Published : Jan. 5, 2026, 5:15 p.m. | 30 minutes ago
Description : An integer underflow vulnerability in the Silicon Labs Z-Wave Protocol Controller can lead to out of bounds memory reads.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10933
Published : Jan. 5, 2026, 5:15 p.m. | 30 minutes ago
Description : An integer underflow vulnerability in the Silicon Labs Z-Wave Protocol Controller can lead to out of bounds memory reads.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-39484 - WordPress Entrada Theme <= 5.7.7 - SQL Injection vulnerability
CVE ID : CVE-2025-39484
Published : Jan. 5, 2026, 5:15 p.m. | 30 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Waituk Entrada allows SQL Injection.This issue affects Entrada: from n/a through 5.7.7.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-39484
Published : Jan. 5, 2026, 5:15 p.m. | 30 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Waituk Entrada allows SQL Injection.This issue affects Entrada: from n/a through 5.7.7.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-39497 - WordPress Dokan Pro plugin <= 3.14.5 - Cross Site Scripting (XSS) vulnerability
CVE ID : CVE-2025-39497
Published : Jan. 5, 2026, 5:15 p.m. | 30 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dokan Dokan Pro allows Stored XSS.This issue affects Dokan Pro: from n/a through 3.14.5.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-39497
Published : Jan. 5, 2026, 5:15 p.m. | 30 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dokan Dokan Pro allows Stored XSS.This issue affects Dokan Pro: from n/a through 3.14.5.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-39561 - WordPress LoginWP - Pro Plugin <= 4.0.8.5 - Broken Access Control vulnerability
CVE ID : CVE-2025-39561
Published : Jan. 5, 2026, 5:15 p.m. | 30 minutes ago
Description : Missing Authorization vulnerability in Marketing Fire, LLC LoginWP - Pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LoginWP - Pro: from n/a through 4.0.8.5.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-39561
Published : Jan. 5, 2026, 5:15 p.m. | 30 minutes ago
Description : Missing Authorization vulnerability in Marketing Fire, LLC LoginWP - Pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LoginWP - Pro: from n/a through 4.0.8.5.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46255 - WordPress LoginWP - Pro Plugin <= 4.0.8.5 - Settings Change vulnerability
CVE ID : CVE-2025-46255
Published : Jan. 5, 2026, 5:15 p.m. | 30 minutes ago
Description : Missing Authorization vulnerability in Marketing Fire LLC LoginWP - Pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LoginWP - Pro: from n/a through 4.0.8.5.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46255
Published : Jan. 5, 2026, 5:15 p.m. | 30 minutes ago
Description : Missing Authorization vulnerability in Marketing Fire LLC LoginWP - Pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LoginWP - Pro: from n/a through 4.0.8.5.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52519 - Samsung Exynos Camera Denial of Service and Information Disclosure Vulnerability
CVE ID : CVE-2025-52519
Published : Jan. 5, 2026, 5:15 p.m. | 30 minutes ago
Description : An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, W920, W930, and W1000. Improper validation of user-space input in the issimian device driver leads to information disclosure and a denial of service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52519
Published : Jan. 5, 2026, 5:15 p.m. | 30 minutes ago
Description : An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, W920, W930, and W1000. Improper validation of user-space input in the issimian device driver leads to information disclosure and a denial of service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-53344 - WordPress Thim Core Plugin <= 2.3.3 - Cross Site Request Forgery (CSRF) Vulnerability
CVE ID : CVE-2025-53344
Published : Jan. 5, 2026, 5:15 p.m. | 30 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in ThimPress Thim Core allows Cross Site Request Forgery.This issue affects Thim Core: from n/a through 2.3.3.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-53344
Published : Jan. 5, 2026, 5:15 p.m. | 30 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in ThimPress Thim Core allows Cross Site Request Forgery.This issue affects Thim Core: from n/a through 2.3.3.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57836 - Samsung Magician DLL Hijacking Vulnerability
CVE ID : CVE-2025-57836
Published : Jan. 5, 2026, 5:15 p.m. | 30 minutes ago
Description : An issue was discovered in Samsung Magician 6.3.0 through 8.3.2 on Windows. The installer creates a temporary folder with weak permissions during installation, allowing a non-admin user to perform DLL hijacking and escalate privileges.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57836
Published : Jan. 5, 2026, 5:15 p.m. | 30 minutes ago
Description : An issue was discovered in Samsung Magician 6.3.0 through 8.3.2 on Windows. The installer creates a temporary folder with weak permissions during installation, allowing a non-admin user to perform DLL hijacking and escalate privileges.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59467 - "UCRM Argentina AFIP Invoices Plugin Cross-Site Scripting Vulnerability"
CVE ID : CVE-2025-59467
Published : Jan. 5, 2026, 5:15 p.m. | 30 minutes ago
Description : A Cross-Site Scripting (XSS) vulnerability in the UCRM Argentina AFIP invoices Plugin (v1.2.0 and earlier) could allow privilege escalation if an Administrator is tricked into visiting a crafted malicious page. This plugin is disabled by default. Affected Products: UCRM Argentina AFIP invoices Plugin (Version 1.2.0 and earlier) Mitigation: Update UCRM Argentina AFIP invoices Plugin to Version 1.3.0 or later.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59467
Published : Jan. 5, 2026, 5:15 p.m. | 30 minutes ago
Description : A Cross-Site Scripting (XSS) vulnerability in the UCRM Argentina AFIP invoices Plugin (v1.2.0 and earlier) could allow privilege escalation if an Administrator is tricked into visiting a crafted malicious page. This plugin is disabled by default. Affected Products: UCRM Argentina AFIP invoices Plugin (Version 1.2.0 and earlier) Mitigation: Update UCRM Argentina AFIP invoices Plugin to Version 1.3.0 or later.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-67316 - Realme HeyTap/ColorOS Remote Code Execution Vulnerability
CVE ID : CVE-2025-67316
Published : Jan. 5, 2026, 5:15 p.m. | 30 minutes ago
Description : An issue in realme Internet browser v.45.13.4.1 allows a remote attacker to execute arbitrary code via a crafted webpage in the built-in HeyTap/ColorOS browser
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67316
Published : Jan. 5, 2026, 5:15 p.m. | 30 minutes ago
Description : An issue in realme Internet browser v.45.13.4.1 allows a remote attacker to execute arbitrary code via a crafted webpage in the built-in HeyTap/ColorOS browser
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21633 - Ubiquiti UniFi Protect Camera Discovery Protocol Authentication Bypass
CVE ID : CVE-2026-21633
Published : Jan. 5, 2026, 5:15 p.m. | 30 minutes ago
Description : A malicious actor with access to the adjacent network could obtain unauthorized access to a UniFi Protect Camera by exploiting a discovery protocol vulnerability in the Unifi Protect Application (Version 6.1.79 and earlier). Affected Products: UniFi Protect Application (Version 6.1.79 and earlier). Mitigation: Update your UniFi Protect Application to Version 6.2.72 or later.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21633
Published : Jan. 5, 2026, 5:15 p.m. | 30 minutes ago
Description : A malicious actor with access to the adjacent network could obtain unauthorized access to a UniFi Protect Camera by exploiting a discovery protocol vulnerability in the Unifi Protect Application (Version 6.1.79 and earlier). Affected Products: UniFi Protect Application (Version 6.1.79 and earlier). Mitigation: Update your UniFi Protect Application to Version 6.2.72 or later.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21634 - "UniFi Protect Application Discovery Protocol Buffer Overflow Vulnerability"
CVE ID : CVE-2026-21634
Published : Jan. 5, 2026, 5:15 p.m. | 30 minutes ago
Description : A malicious actor with access to the adjacent network could overflow the UniFi Protect Application (Version 6.1.79 and earlier) discovery protocol causing it to restart. Affected Products: UniFi Protect Application (Version 6.1.79 and earlier). Mitigation: Update your UniFi Protect Application to Version 6.2.72 or later.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21634
Published : Jan. 5, 2026, 5:15 p.m. | 30 minutes ago
Description : A malicious actor with access to the adjacent network could overflow the UniFi Protect Application (Version 6.1.79 and earlier) discovery protocol causing it to restart. Affected Products: UniFi Protect Application (Version 6.1.79 and earlier). Mitigation: Update your UniFi Protect Application to Version 6.2.72 or later.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21635 - "EV Station Lite WiFi AutoLink Access Control Bypass"
CVE ID : CVE-2026-21635
Published : Jan. 5, 2026, 5:15 p.m. | 30 minutes ago
Description : An Improper Access Control could allow a malicious actor in Wi-Fi range to the EV Station Lite (v1.5.2 and earlier) to use WiFi AutoLink feature on a device that was only adopted via Ethernet.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21635
Published : Jan. 5, 2026, 5:15 p.m. | 30 minutes ago
Description : An Improper Access Control could allow a malicious actor in Wi-Fi range to the EV Station Lite (v1.5.2 and earlier) to use WiFi AutoLink feature on a device that was only adopted via Ethernet.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...