CVE-2025-39561 - WordPress LoginWP - Pro Plugin <= 4.0.8.5 - Broken Access Control vulnerability
CVE ID : CVE-2025-39561
Published : Jan. 5, 2026, 5:15 p.m. | 30 minutes ago
Description : Missing Authorization vulnerability in Marketing Fire, LLC LoginWP - Pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LoginWP - Pro: from n/a through 4.0.8.5.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-39561
Published : Jan. 5, 2026, 5:15 p.m. | 30 minutes ago
Description : Missing Authorization vulnerability in Marketing Fire, LLC LoginWP - Pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LoginWP - Pro: from n/a through 4.0.8.5.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46255 - WordPress LoginWP - Pro Plugin <= 4.0.8.5 - Settings Change vulnerability
CVE ID : CVE-2025-46255
Published : Jan. 5, 2026, 5:15 p.m. | 30 minutes ago
Description : Missing Authorization vulnerability in Marketing Fire LLC LoginWP - Pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LoginWP - Pro: from n/a through 4.0.8.5.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46255
Published : Jan. 5, 2026, 5:15 p.m. | 30 minutes ago
Description : Missing Authorization vulnerability in Marketing Fire LLC LoginWP - Pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LoginWP - Pro: from n/a through 4.0.8.5.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52519 - Samsung Exynos Camera Denial of Service and Information Disclosure Vulnerability
CVE ID : CVE-2025-52519
Published : Jan. 5, 2026, 5:15 p.m. | 30 minutes ago
Description : An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, W920, W930, and W1000. Improper validation of user-space input in the issimian device driver leads to information disclosure and a denial of service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52519
Published : Jan. 5, 2026, 5:15 p.m. | 30 minutes ago
Description : An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, W920, W930, and W1000. Improper validation of user-space input in the issimian device driver leads to information disclosure and a denial of service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-53344 - WordPress Thim Core Plugin <= 2.3.3 - Cross Site Request Forgery (CSRF) Vulnerability
CVE ID : CVE-2025-53344
Published : Jan. 5, 2026, 5:15 p.m. | 30 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in ThimPress Thim Core allows Cross Site Request Forgery.This issue affects Thim Core: from n/a through 2.3.3.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-53344
Published : Jan. 5, 2026, 5:15 p.m. | 30 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in ThimPress Thim Core allows Cross Site Request Forgery.This issue affects Thim Core: from n/a through 2.3.3.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57836 - Samsung Magician DLL Hijacking Vulnerability
CVE ID : CVE-2025-57836
Published : Jan. 5, 2026, 5:15 p.m. | 30 minutes ago
Description : An issue was discovered in Samsung Magician 6.3.0 through 8.3.2 on Windows. The installer creates a temporary folder with weak permissions during installation, allowing a non-admin user to perform DLL hijacking and escalate privileges.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57836
Published : Jan. 5, 2026, 5:15 p.m. | 30 minutes ago
Description : An issue was discovered in Samsung Magician 6.3.0 through 8.3.2 on Windows. The installer creates a temporary folder with weak permissions during installation, allowing a non-admin user to perform DLL hijacking and escalate privileges.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59467 - "UCRM Argentina AFIP Invoices Plugin Cross-Site Scripting Vulnerability"
CVE ID : CVE-2025-59467
Published : Jan. 5, 2026, 5:15 p.m. | 30 minutes ago
Description : A Cross-Site Scripting (XSS) vulnerability in the UCRM Argentina AFIP invoices Plugin (v1.2.0 and earlier) could allow privilege escalation if an Administrator is tricked into visiting a crafted malicious page. This plugin is disabled by default. Affected Products: UCRM Argentina AFIP invoices Plugin (Version 1.2.0 and earlier) Mitigation: Update UCRM Argentina AFIP invoices Plugin to Version 1.3.0 or later.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59467
Published : Jan. 5, 2026, 5:15 p.m. | 30 minutes ago
Description : A Cross-Site Scripting (XSS) vulnerability in the UCRM Argentina AFIP invoices Plugin (v1.2.0 and earlier) could allow privilege escalation if an Administrator is tricked into visiting a crafted malicious page. This plugin is disabled by default. Affected Products: UCRM Argentina AFIP invoices Plugin (Version 1.2.0 and earlier) Mitigation: Update UCRM Argentina AFIP invoices Plugin to Version 1.3.0 or later.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-67316 - Realme HeyTap/ColorOS Remote Code Execution Vulnerability
CVE ID : CVE-2025-67316
Published : Jan. 5, 2026, 5:15 p.m. | 30 minutes ago
Description : An issue in realme Internet browser v.45.13.4.1 allows a remote attacker to execute arbitrary code via a crafted webpage in the built-in HeyTap/ColorOS browser
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67316
Published : Jan. 5, 2026, 5:15 p.m. | 30 minutes ago
Description : An issue in realme Internet browser v.45.13.4.1 allows a remote attacker to execute arbitrary code via a crafted webpage in the built-in HeyTap/ColorOS browser
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21633 - Ubiquiti UniFi Protect Camera Discovery Protocol Authentication Bypass
CVE ID : CVE-2026-21633
Published : Jan. 5, 2026, 5:15 p.m. | 30 minutes ago
Description : A malicious actor with access to the adjacent network could obtain unauthorized access to a UniFi Protect Camera by exploiting a discovery protocol vulnerability in the Unifi Protect Application (Version 6.1.79 and earlier). Affected Products: UniFi Protect Application (Version 6.1.79 and earlier). Mitigation: Update your UniFi Protect Application to Version 6.2.72 or later.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21633
Published : Jan. 5, 2026, 5:15 p.m. | 30 minutes ago
Description : A malicious actor with access to the adjacent network could obtain unauthorized access to a UniFi Protect Camera by exploiting a discovery protocol vulnerability in the Unifi Protect Application (Version 6.1.79 and earlier). Affected Products: UniFi Protect Application (Version 6.1.79 and earlier). Mitigation: Update your UniFi Protect Application to Version 6.2.72 or later.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21634 - "UniFi Protect Application Discovery Protocol Buffer Overflow Vulnerability"
CVE ID : CVE-2026-21634
Published : Jan. 5, 2026, 5:15 p.m. | 30 minutes ago
Description : A malicious actor with access to the adjacent network could overflow the UniFi Protect Application (Version 6.1.79 and earlier) discovery protocol causing it to restart. Affected Products: UniFi Protect Application (Version 6.1.79 and earlier). Mitigation: Update your UniFi Protect Application to Version 6.2.72 or later.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21634
Published : Jan. 5, 2026, 5:15 p.m. | 30 minutes ago
Description : A malicious actor with access to the adjacent network could overflow the UniFi Protect Application (Version 6.1.79 and earlier) discovery protocol causing it to restart. Affected Products: UniFi Protect Application (Version 6.1.79 and earlier). Mitigation: Update your UniFi Protect Application to Version 6.2.72 or later.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21635 - "EV Station Lite WiFi AutoLink Access Control Bypass"
CVE ID : CVE-2026-21635
Published : Jan. 5, 2026, 5:15 p.m. | 30 minutes ago
Description : An Improper Access Control could allow a malicious actor in Wi-Fi range to the EV Station Lite (v1.5.2 and earlier) to use WiFi AutoLink feature on a device that was only adopted via Ethernet.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21635
Published : Jan. 5, 2026, 5:15 p.m. | 30 minutes ago
Description : An Improper Access Control could allow a malicious actor in Wi-Fi range to the EV Station Lite (v1.5.2 and earlier) to use WiFi AutoLink feature on a device that was only adopted via Ethernet.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55204 - muffon has One-click Remote Code Execution via XSS and Custom URL Handling
CVE ID : CVE-2025-55204
Published : Jan. 5, 2026, 5:37 p.m. | 9 minutes ago
Description : muffon is a cross-platform music streaming client for desktop. Versions prior to 2.3.0 have a one-click Remote Code Execution (RCE) vulnerability in. An attacker can exploit this issue by embedding a specially crafted `muffon://` link on any website they control. When a victim visits the site or clicks the link, the browser triggers Muffon’s custom URL handler, causing the application to launch and process the URL. This leads to RCE on the victim's machine without further interaction. Version 2.3.0 patches the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55204
Published : Jan. 5, 2026, 5:37 p.m. | 9 minutes ago
Description : muffon is a cross-platform music streaming client for desktop. Versions prior to 2.3.0 have a one-click Remote Code Execution (RCE) vulnerability in. An attacker can exploit this issue by embedding a specially crafted `muffon://` link on any website they control. When a victim visits the site or clicks the link, the browser triggers Muffon’s custom URL handler, causing the application to launch and process the URL. This leads to RCE on the victim's machine without further interaction. Version 2.3.0 patches the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-27807 - Samsung Exynos Modem Out-of-Bounds Write Vulnerability
CVE ID : CVE-2025-27807
Published : Jan. 5, 2026, 7:15 p.m. | 2 hours, 35 minutes ago
Description : An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400. The lack of a length check leads to out-of-bounds writes via malformed NAS packets.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-27807
Published : Jan. 5, 2026, 7:15 p.m. | 2 hours, 35 minutes ago
Description : An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400. The lack of a length check leads to out-of-bounds writes via malformed NAS packets.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43706 - Samsung Exynos Modem RRC Packet Handling Denial of Service Vulnerability
CVE ID : CVE-2025-43706
Published : Jan. 5, 2026, 7:15 p.m. | 2 hours, 35 minutes ago
Description : An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2400, 1580, 9110, W920, W930, Modem 5123, and Modem 5400. Incorrect handling of RRC packets leads to a Denial of Service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43706
Published : Jan. 5, 2026, 7:15 p.m. | 2 hours, 35 minutes ago
Description : An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2400, 1580, 9110, W920, W930, Modem 5123, and Modem 5400. Incorrect handling of RRC packets leads to a Denial of Service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-49495 - Samsung Exynos WiFi Driver Buffer Overflow Vulnerability
CVE ID : CVE-2025-49495
Published : Jan. 5, 2026, 7:15 p.m. | 2 hours, 35 minutes ago
Description : An issue was discovered in the WiFi driver in Samsung Mobile Processor Exynos 1380, 1480, 2400, 1580. Mishandling of an NL80211 vendor command leads to a buffer overflow.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-49495
Published : Jan. 5, 2026, 7:15 p.m. | 2 hours, 35 minutes ago
Description : An issue was discovered in the WiFi driver in Samsung Mobile Processor Exynos 1380, 1480, 2400, 1580. Mishandling of an NL80211 vendor command leads to a buffer overflow.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52515 - Samsung Exynos Camera Denial of Service (DoS) Vulnerability
CVE ID : CVE-2025-52515
Published : Jan. 5, 2026, 7:15 p.m. | 2 hours, 35 minutes ago
Description : An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos 1330, 1380, 1480, 2400, 1580, 2500. A race condition in the issimian device driver results in an out-of-bounds access, leading to a denial of service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52515
Published : Jan. 5, 2026, 7:15 p.m. | 2 hours, 35 minutes ago
Description : An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos 1330, 1380, 1480, 2400, 1580, 2500. A race condition in the issimian device driver results in an out-of-bounds access, leading to a denial of service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52516 - Samsung Exynos Denial of Service (DoS) Vulnerability
CVE ID : CVE-2025-52516
Published : Jan. 5, 2026, 7:15 p.m. | 2 hours, 35 minutes ago
Description : An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos 1330, 1380, 1480, 2400, 1580, 2500. An invalid kernel address dereference in the issimian device driver leads to a denial of service.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52516
Published : Jan. 5, 2026, 7:15 p.m. | 2 hours, 35 minutes ago
Description : An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos 1330, 1380, 1480, 2400, 1580, 2500. An invalid kernel address dereference in the issimian device driver leads to a denial of service.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52517 - Samsung Exynos Camera Denial of Service (Double Free)
CVE ID : CVE-2025-52517
Published : Jan. 5, 2026, 7:15 p.m. | 2 hours, 35 minutes ago
Description : An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos 1330, 1380, 1480, 2400, 1580, 2500. A race condition in the issimian device driver results in a double free, leading to a denial of service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52517
Published : Jan. 5, 2026, 7:15 p.m. | 2 hours, 35 minutes ago
Description : An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos 1330, 1380, 1480, 2400, 1580, 2500. A race condition in the issimian device driver results in a double free, leading to a denial of service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-53966 - Samsung Exynos NL80211 Buffer Overflow Vulnerability
CVE ID : CVE-2025-53966
Published : Jan. 5, 2026, 7:15 p.m. | 2 hours, 35 minutes ago
Description : An issue was discovered in Samsung Mobile Processor Exynos 1380, 1480, 2400, and 1580. Incorrect Handling of the NL80211 vendor command leads to a buffer overflow during handling of an IOCTL message.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-53966
Published : Jan. 5, 2026, 7:15 p.m. | 2 hours, 35 minutes ago
Description : An issue was discovered in Samsung Mobile Processor Exynos 1380, 1480, 2400, and 1580. Incorrect Handling of the NL80211 vendor command leads to a buffer overflow during handling of an IOCTL message.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-67397 - Passy Remote Command Execution Vulnerability
CVE ID : CVE-2025-67397
Published : Jan. 5, 2026, 7:15 p.m. | 2 hours, 35 minutes ago
Description : An issue in Passy v.1.6.3 allows a remote authenticated attacker to execute arbitrary commands via a crafted HTTP request using a specific payload injection.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67397
Published : Jan. 5, 2026, 7:15 p.m. | 2 hours, 35 minutes ago
Description : An issue in Passy v.1.6.3 allows a remote authenticated attacker to execute arbitrary commands via a crafted HTTP request using a specific payload injection.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-69290 - Apache Unassigned Vulnerability
CVE ID : CVE-2025-69290
Published : Jan. 5, 2026, 7:15 p.m. | 2 hours, 35 minutes ago
Description : Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2025. Notes: none
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-69290
Published : Jan. 5, 2026, 7:15 p.m. | 2 hours, 35 minutes ago
Description : Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2025. Notes: none
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-69291 - Apache Unassigned Vulnerability
CVE ID : CVE-2025-69291
Published : Jan. 5, 2026, 7:15 p.m. | 2 hours, 35 minutes ago
Description : Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2025. Notes: none
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-69291
Published : Jan. 5, 2026, 7:15 p.m. | 2 hours, 35 minutes ago
Description : Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2025. Notes: none
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...