CVE-2025-69360 - WordPress TheGem Theme Elements (for WPBakery) plugin <= 5.11.0 - Cross Site Scripting (XSS) vulnerability
CVE ID : CVE-2025-69360
Published : Jan. 6, 2026, 5:15 p.m. | 53 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem Theme Elements (for WPBakery) thegem-elements allows DOM-Based XSS.This issue affects TheGem Theme Elements (for WPBakery): from n/a through <= 5.11.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-69360
Published : Jan. 6, 2026, 5:15 p.m. | 53 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem Theme Elements (for WPBakery) thegem-elements allows DOM-Based XSS.This issue affects TheGem Theme Elements (for WPBakery): from n/a through <= 5.11.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-69361 - WordPress Post Expirator plugin <= 4.9.3 - Broken Access Control vulnerability
CVE ID : CVE-2025-69361
Published : Jan. 6, 2026, 5:15 p.m. | 53 minutes ago
Description : Missing Authorization vulnerability in PublishPress Post Expirator post-expirator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Expirator: from n/a through <= 4.9.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-69361
Published : Jan. 6, 2026, 5:15 p.m. | 53 minutes ago
Description : Missing Authorization vulnerability in PublishPress Post Expirator post-expirator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Expirator: from n/a through <= 4.9.3.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-69362 - WordPress UiChemy plugin <= 4.4.2 - Cross Site Scripting (XSS) vulnerability
CVE ID : CVE-2025-69362
Published : Jan. 6, 2026, 5:15 p.m. | 53 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH UiChemy uichemy allows Stored XSS.This issue affects UiChemy: from n/a through <= 4.4.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-69362
Published : Jan. 6, 2026, 5:15 p.m. | 53 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH UiChemy uichemy allows Stored XSS.This issue affects UiChemy: from n/a through <= 4.4.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-69363 - WordPress Responsive Addons for Elementor plugin <= 2.0.8 - Broken Access Control vulnerability
CVE ID : CVE-2025-69363
Published : Jan. 6, 2026, 5:15 p.m. | 53 minutes ago
Description : Missing Authorization vulnerability in CyberChimps Responsive Addons for Elementor responsive-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Addons for Elementor: from n/a through <= 2.0.8.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-69363
Published : Jan. 6, 2026, 5:15 p.m. | 53 minutes ago
Description : Missing Authorization vulnerability in CyberChimps Responsive Addons for Elementor responsive-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Addons for Elementor: from n/a through <= 2.0.8.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-69364 - WordPress Breeze plugin <= 2.2.21 - Broken Access Control vulnerability
CVE ID : CVE-2025-69364
Published : Jan. 6, 2026, 5:15 p.m. | 53 minutes ago
Description : Missing Authorization vulnerability in Cloudways Breeze breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through <= 2.2.21.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-69364
Published : Jan. 6, 2026, 5:15 p.m. | 53 minutes ago
Description : Missing Authorization vulnerability in Cloudways Breeze breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through <= 2.2.21.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-14942 - Authentication Bypass
CVE ID : CVE-2025-14942
Published : Jan. 6, 2026, 5:26 p.m. | 42 minutes ago
Description : wolfSSH’s key exchange state machine can be manipulated to leak the client’s password in the clear, trick the client to send a bogus signature, or trick the client into skipping user authentication. This affects client applications with wolfSSH version 1.4.21 and earlier. Users of wolfSSH must update or apply the fix patch and it’s recommended to update credentials used. This fix is also recommended for wolfSSH server applications. While there aren’t any specific attacks on server applications, the same defect is present. Thanks to Aina Toky Rasoamanana of Valeo and Olivier Levillain of Telecom SudParis for the report.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-14942
Published : Jan. 6, 2026, 5:26 p.m. | 42 minutes ago
Description : wolfSSH’s key exchange state machine can be manipulated to leak the client’s password in the clear, trick the client to send a bogus signature, or trick the client into skipping user authentication. This affects client applications with wolfSSH version 1.4.21 and earlier. Users of wolfSSH must update or apply the fix patch and it’s recommended to update credentials used. This fix is also recommended for wolfSSH server applications. While there aren’t any specific attacks on server applications, the same defect is present. Thanks to Aina Toky Rasoamanana of Valeo and Olivier Levillain of Telecom SudParis for the report.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-32304 - WordPress WPCHURCH plugin <= 2.7.0 - Local File Inclusion vulnerability
CVE ID : CVE-2025-32304
Published : Jan. 6, 2026, 5:34 p.m. | 35 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mojoomla WPCHURCH allows PHP Local File Inclusion.This issue affects WPCHURCH: from n/a through 2.7.0.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-32304
Published : Jan. 6, 2026, 5:34 p.m. | 35 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mojoomla WPCHURCH allows PHP Local File Inclusion.This issue affects WPCHURCH: from n/a through 2.7.0.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-15382 - Client SCP Request Triggers Buffer Overread by 1 Byte
CVE ID : CVE-2025-15382
Published : Jan. 6, 2026, 5:43 p.m. | 25 minutes ago
Description : A heap buffer over-read vulnerability exists in the wolfSSH_CleanPath() function in wolfSSH. An authenticated remote attacker can trigger the issue via crafted SCP path input containing '/./' sequences, resulting in a heap over read by 1 byte.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-15382
Published : Jan. 6, 2026, 5:43 p.m. | 25 minutes ago
Description : A heap buffer over-read vulnerability exists in the wolfSSH_CleanPath() function in wolfSSH. An authenticated remote attacker can trigger the issue via crafted SCP path input containing '/./' sequences, resulting in a heap over read by 1 byte.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7048 - On affected platforms running Arista EOS with MACsec configuration, a specially crafted packet can cause the MACsec process to terminate unexpectedly. Continuous receipt of these packets with certain MACsec configurations can cause longer term disruption o
CVE ID : CVE-2025-7048
Published : Jan. 6, 2026, 7:15 p.m. | 56 minutes ago
Description : On affected platforms running Arista EOS with MACsec configuration, a specially crafted packet can cause the MACsec process to terminate unexpectedly. Continuous receipt of these packets with certain MACsec configurations can cause longer term disruption of dataplane traffic.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7048
Published : Jan. 6, 2026, 7:15 p.m. | 56 minutes ago
Description : On affected platforms running Arista EOS with MACsec configuration, a specially crafted packet can cause the MACsec process to terminate unexpectedly. Continuous receipt of these packets with certain MACsec configurations can cause longer term disruption of dataplane traffic.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0641 - TOTOLINK WA300 cstecgi.cgi sub_401510 command injection
CVE ID : CVE-2026-0641
Published : Jan. 6, 2026, 7:16 p.m. | 55 minutes ago
Description : A security vulnerability has been detected in TOTOLINK WA300 5.2cu.7112_B20190227. This vulnerability affects the function sub_401510 of the file cstecgi.cgi. The manipulation of the argument UPLOAD_FILENAME leads to command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0641
Published : Jan. 6, 2026, 7:16 p.m. | 55 minutes ago
Description : A security vulnerability has been detected in TOTOLINK WA300 5.2cu.7112_B20190227. This vulnerability affects the function sub_401510 of the file cstecgi.cgi. The manipulation of the argument UPLOAD_FILENAME leads to command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21490 - iccDEV has heap buffer overflow in CIccTagLut16::Validate()
CVE ID : CVE-2026-21490
Published : Jan. 6, 2026, 7:16 p.m. | 55 minutes ago
Description : iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. A vulnerability present in versions prior to 2.3.1.2 affects users of the iccDEV library who process ICC color profiles. It results in heap buffer overflow in `CIccTagLut16::Validate()`. Version 2.3.1.2 contains a patch. No known workarounds are available.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21490
Published : Jan. 6, 2026, 7:16 p.m. | 55 minutes ago
Description : iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. A vulnerability present in versions prior to 2.3.1.2 affects users of the iccDEV library who process ICC color profiles. It results in heap buffer overflow in `CIccTagLut16::Validate()`. Version 2.3.1.2 contains a patch. No known workarounds are available.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21491 - iccDEV has unicode buffer overflow in CIccTagTextDescription
CVE ID : CVE-2026-21491
Published : Jan. 6, 2026, 7:16 p.m. | 55 minutes ago
Description : iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. A vulnerability present in versions prior to 2.3.1.2 affects users of the iccDEV library who process ICC color profiles. It results in unicode buffer overflow in `CIccTagTextDescription`. Version 2.3.1.2 contains a patch. No known workarounds are available.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21491
Published : Jan. 6, 2026, 7:16 p.m. | 55 minutes ago
Description : iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. A vulnerability present in versions prior to 2.3.1.2 affects users of the iccDEV library who process ICC color profiles. It results in unicode buffer overflow in `CIccTagTextDescription`. Version 2.3.1.2 contains a patch. No known workarounds are available.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21494 - iccDEV has heap buffer overflow in CIccTagLut8::Validate()
CVE ID : CVE-2026-21494
Published : Jan. 6, 2026, 7:16 p.m. | 55 minutes ago
Description : iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. A vulnerability present in versions prior to 2.3.1.2 affects users of the iccDEV library who process ICC color profiles. It results in heap buffer overflow in `CIccTagLut8::Validate()`. Version 2.3.1.2 contains a patch. No known workarounds are available.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21494
Published : Jan. 6, 2026, 7:16 p.m. | 55 minutes ago
Description : iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. A vulnerability present in versions prior to 2.3.1.2 affects users of the iccDEV library who process ICC color profiles. It results in heap buffer overflow in `CIccTagLut8::Validate()`. Version 2.3.1.2 contains a patch. No known workarounds are available.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0642 - projectworlds House Rental and Property Listing complaint.php cross site scripting
CVE ID : CVE-2026-0642
Published : Jan. 6, 2026, 10:32 p.m. | 1 hour, 40 minutes ago
Description : A vulnerability was detected in projectworlds House Rental and Property Listing 1.0. This issue affects some unknown processing of the file /app/complaint.php. The manipulation of the argument Name results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0642
Published : Jan. 6, 2026, 10:32 p.m. | 1 hour, 40 minutes ago
Description : A vulnerability was detected in projectworlds House Rental and Property Listing 1.0. This issue affects some unknown processing of the file /app/complaint.php. The manipulation of the argument Name results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47330 - Buffer Over-read in Video
CVE ID : CVE-2025-47330
Published : Jan. 6, 2026, 10:48 p.m. | 1 hour, 24 minutes ago
Description : Transient DOS while parsing video packets received from the video firmware.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47330
Published : Jan. 6, 2026, 10:48 p.m. | 1 hour, 24 minutes ago
Description : Transient DOS while parsing video packets received from the video firmware.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47331 - Buffer Over-read in Video
CVE ID : CVE-2025-47331
Published : Jan. 6, 2026, 10:48 p.m. | 1 hour, 24 minutes ago
Description : Information disclosure while processing a firmware event.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47331
Published : Jan. 6, 2026, 10:48 p.m. | 1 hour, 24 minutes ago
Description : Information disclosure while processing a firmware event.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47332 - Time-of-check Time-of-use (TOCTOU) Race Condition in Camera Driver
CVE ID : CVE-2025-47332
Published : Jan. 6, 2026, 10:48 p.m. | 1 hour, 24 minutes ago
Description : Memory corruption while processing a config call from userspace.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47332
Published : Jan. 6, 2026, 10:48 p.m. | 1 hour, 24 minutes ago
Description : Memory corruption while processing a config call from userspace.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47333 - Use After Free in HLOS
CVE ID : CVE-2025-47333
Published : Jan. 6, 2026, 10:48 p.m. | 1 hour, 24 minutes ago
Description : Memory corruption while handling buffer mapping operations in the cryptographic driver.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47333
Published : Jan. 6, 2026, 10:48 p.m. | 1 hour, 24 minutes ago
Description : Memory corruption while handling buffer mapping operations in the cryptographic driver.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47334 - Buffer Copy Without Checking Size of Input in Camera Driver
CVE ID : CVE-2025-47334
Published : Jan. 6, 2026, 10:48 p.m. | 1 hour, 24 minutes ago
Description : Memory corruption while processing shared command buffer packet between camera userspace and kernel.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47334
Published : Jan. 6, 2026, 10:48 p.m. | 1 hour, 24 minutes ago
Description : Memory corruption while processing shared command buffer packet between camera userspace and kernel.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47335 - Buffer Copy Without Checking Size of Input in Camera Driver
CVE ID : CVE-2025-47335
Published : Jan. 6, 2026, 10:48 p.m. | 1 hour, 24 minutes ago
Description : Memory corruption while parsing clock configuration data for a specific hardware type.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47335
Published : Jan. 6, 2026, 10:48 p.m. | 1 hour, 24 minutes ago
Description : Memory corruption while parsing clock configuration data for a specific hardware type.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47336 - Use After Free in Camera Driver
CVE ID : CVE-2025-47336
Published : Jan. 6, 2026, 10:48 p.m. | 1 hour, 24 minutes ago
Description : Memory corruption while performing sensor register read operations.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47336
Published : Jan. 6, 2026, 10:48 p.m. | 1 hour, 24 minutes ago
Description : Memory corruption while performing sensor register read operations.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...