CVE-2025-47369 - Information Exposure in Computer Vision
CVE ID : CVE-2025-47369
Published : Jan. 6, 2026, 10:48 p.m. | 1 hour, 24 minutes ago
Description : Information disclosure when a weak hashed value is returned to userland code in response to a IOCTL call to obtain a session ID.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47369
Published : Jan. 6, 2026, 10:48 p.m. | 1 hour, 24 minutes ago
Description : Information disclosure when a weak hashed value is returned to userland code in response to a IOCTL call to obtain a session ID.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47380 - Untrusted Pointer Dereference in Camera
CVE ID : CVE-2025-47380
Published : Jan. 6, 2026, 10:48 p.m. | 1 hour, 24 minutes ago
Description : Memory corruption while preprocessing IOCTLs in sensors.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47380
Published : Jan. 6, 2026, 10:48 p.m. | 1 hour, 24 minutes ago
Description : Memory corruption while preprocessing IOCTLs in sensors.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47388 - Buffer Copy without Checking Size of Input in DSP Service
CVE ID : CVE-2025-47388
Published : Jan. 6, 2026, 10:48 p.m. | 1 hour, 24 minutes ago
Description : Memory corruption while passing pages to DSP with an unaligned starting address.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47388
Published : Jan. 6, 2026, 10:48 p.m. | 1 hour, 24 minutes ago
Description : Memory corruption while passing pages to DSP with an unaligned starting address.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47393 - Improper Validation of Array Index in Automotive Linux OS
CVE ID : CVE-2025-47393
Published : Jan. 6, 2026, 10:48 p.m. | 1 hour, 24 minutes ago
Description : Memory corruption when accessing resources in kernel driver.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47393
Published : Jan. 6, 2026, 10:48 p.m. | 1 hour, 24 minutes ago
Description : Memory corruption when accessing resources in kernel driver.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47394 - Buffer Copy Without Checking Size of Input in DSP Service
CVE ID : CVE-2025-47394
Published : Jan. 6, 2026, 10:48 p.m. | 1 hour, 23 minutes ago
Description : Memory corruption when copying overlapping buffers during memory operations due to incorrect offset calculations.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47394
Published : Jan. 6, 2026, 10:48 p.m. | 1 hour, 23 minutes ago
Description : Memory corruption when copying overlapping buffers during memory operations due to incorrect offset calculations.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47395 - Buffer Over-read in WLAN Firmware
CVE ID : CVE-2025-47395
Published : Jan. 6, 2026, 10:48 p.m. | 1 hour, 23 minutes ago
Description : Transient DOS while parsing a WLAN management frame with a Vendor Specific Information Element.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47395
Published : Jan. 6, 2026, 10:48 p.m. | 1 hour, 23 minutes ago
Description : Transient DOS while parsing a WLAN management frame with a Vendor Specific Information Element.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47396 - Double Free in Graphics
CVE ID : CVE-2025-47396
Published : Jan. 6, 2026, 10:48 p.m. | 1 hour, 23 minutes ago
Description : Memory corruption occurs when a secure application is launched on a device with insufficient memory.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47396
Published : Jan. 6, 2026, 10:48 p.m. | 1 hour, 23 minutes ago
Description : Memory corruption occurs when a secure application is launched on a device with insufficient memory.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0643 - projectworlds House Rental and Property Listing Signup register.php unrestricted upload
CVE ID : CVE-2026-0643
Published : Jan. 6, 2026, 11:32 p.m. | 40 minutes ago
Description : A flaw has been found in projectworlds House Rental and Property Listing 1.0. Impacted is an unknown function of the file /app/register.php?action=reg of the component Signup. This manipulation of the argument image causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0643
Published : Jan. 6, 2026, 11:32 p.m. | 40 minutes ago
Description : A flaw has been found in projectworlds House Rental and Property Listing 1.0. Impacted is an unknown function of the file /app/register.php?action=reg of the component Signup. This manipulation of the argument image causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0628 - Google Chrome WebView Policy Enforcement Bypass
CVE ID : CVE-2026-0628
Published : Jan. 6, 2026, 11:57 p.m. | 15 minutes ago
Description : Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0628
Published : Jan. 6, 2026, 11:57 p.m. | 15 minutes ago
Description : Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-14020 - carboneio carbone Formatter input.js prototype pollution
CVE ID : CVE-2024-14020
Published : Jan. 7, 2026, 12:02 a.m. | 4 hours, 11 minutes ago
Description : A weakness has been identified in carboneio carbone up to fbcd349077ad0e8748be73eab2a82ea92b6f8a7e. This impacts an unknown function of the file lib/input.js of the component Formatter Handler. Executing a manipulation can lead to improperly controlled modification of object prototype attributes. The attack can be launched remotely. This attack is characterized by high complexity. The exploitability is said to be difficult. Upgrading to version 3.5.6 will fix this issue. This patch is called 04f9feb24bfca23567706392f9ad2c53bbe4134e. You should upgrade the affected component. A successful exploitation can "only occur if the parent NodeJS application has the same security issue".
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-14020
Published : Jan. 7, 2026, 12:02 a.m. | 4 hours, 11 minutes ago
Description : A weakness has been identified in carboneio carbone up to fbcd349077ad0e8748be73eab2a82ea92b6f8a7e. This impacts an unknown function of the file lib/input.js of the component Formatter Handler. Executing a manipulation can lead to improperly controlled modification of object prototype attributes. The attack can be launched remotely. This attack is characterized by high complexity. The exploitability is said to be difficult. Upgrading to version 3.5.6 will fix this issue. This patch is called 04f9feb24bfca23567706392f9ad2c53bbe4134e. You should upgrade the affected component. A successful exploitation can "only occur if the parent NodeJS application has the same security issue".
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0649 - invoiceninja Migration Import Import.php copy server-side request forgery
CVE ID : CVE-2026-0649
Published : Jan. 7, 2026, 12:32 a.m. | 3 hours, 41 minutes ago
Description : A security vulnerability has been detected in invoiceninja up to 5.12.38. The affected element is the function copy of the file /app/Jobs/Util/Import.php of the component Migration Import. The manipulation of the argument company_logo leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0649
Published : Jan. 7, 2026, 12:32 a.m. | 3 hours, 41 minutes ago
Description : A security vulnerability has been detected in invoiceninja up to 5.12.38. The affected element is the function copy of the file /app/Jobs/Util/Import.php of the component Migration Import. The manipulation of the argument company_logo leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-14631 - Null Pointer Dereference Vulnerability in Malformed 802.11 Frame of TP-Link Archer BE400
CVE ID : CVE-2025-14631
Published : Jan. 7, 2026, 1:04 a.m. | 3 hours, 9 minutes ago
Description : A NULL Pointer Dereference vulnerability in TP-Link Archer BE400 V1(802.11 modules) allows an adjacent attacker to cause a denial-of-service (DoS) by triggering a device reboot. This issue affects Archer BE400: xi 1.1.0 Build 20250710 rel.14914.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-14631
Published : Jan. 7, 2026, 1:04 a.m. | 3 hours, 9 minutes ago
Description : A NULL Pointer Dereference vulnerability in TP-Link Archer BE400 V1(802.11 modules) allows an adjacent attacker to cause a denial-of-service (DoS) by triggering a device reboot. This issue affects Archer BE400: xi 1.1.0 Build 20250710 rel.14914.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-14596 - Quartus Prime Pro Edition Installer Advisory
CVE ID : CVE-2025-14596
Published : Jan. 7, 2026, 2:02 a.m. | 2 hours, 10 minutes ago
Description : Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro Installer (SFX) on Windows allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 24.1 through 24.3.1.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-14596
Published : Jan. 7, 2026, 2:02 a.m. | 2 hours, 10 minutes ago
Description : Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro Installer (SFX) on Windows allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 24.1 through 24.3.1.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-14599 - Quartus® Prime Standard and Quartus® Prime Lite Security Advisory
CVE ID : CVE-2025-14599
Published : Jan. 7, 2026, 2:02 a.m. | 2 hours, 10 minutes ago
Description : Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard Installer (SFX) on Windows, Altera Quartus Prime Lite Installer (SFX) on Windows allows Search Order Hijacking.This issue affects Quartus Prime Standard: from 23.1 through 24.1; Quartus Prime Lite: from 23.1 through 24.1.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-14599
Published : Jan. 7, 2026, 2:02 a.m. | 2 hours, 10 minutes ago
Description : Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard Installer (SFX) on Windows, Altera Quartus Prime Lite Installer (SFX) on Windows allows Search Order Hijacking.This issue affects Quartus Prime Standard: from 23.1 through 24.1; Quartus Prime Lite: from 23.1 through 24.1.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-14605 - Quartus Prime Pro Edition Advisory
CVE ID : CVE-2025-14605
Published : Jan. 7, 2026, 2:02 a.m. | 2 hours, 10 minutes ago
Description : Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro on Windows (System Console modules) allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 17.0 through 25.1.1.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-14605
Published : Jan. 7, 2026, 2:02 a.m. | 2 hours, 10 minutes ago
Description : Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro on Windows (System Console modules) allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 17.0 through 25.1.1.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-14612 - Quartus Prime Pro Edition Advisory
CVE ID : CVE-2025-14612
Published : Jan. 7, 2026, 2:03 a.m. | 2 hours, 10 minutes ago
Description : Insecure Temporary File vulnerability in Altera Quartus Prime Pro Installer (SFX) on Windows allows : Use of Predictable File Names.This issue affects Quartus Prime Pro: from 24.1 through 25.1.1.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-14612
Published : Jan. 7, 2026, 2:03 a.m. | 2 hours, 10 minutes ago
Description : Insecure Temporary File vulnerability in Altera Quartus Prime Pro Installer (SFX) on Windows allows : Use of Predictable File Names.This issue affects Quartus Prime Pro: from 24.1 through 25.1.1.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-15471 - TRENDnet TEW-713RE formFSrvX os command injection
CVE ID : CVE-2025-15471
Published : Jan. 7, 2026, 2:03 a.m. | 2 hours, 10 minutes ago
Description : A vulnerability was detected in TRENDnet TEW-713RE 1.02. The impacted element is an unknown function of the file /goformX/formFSrvX. The manipulation of the argument SZCMD results in os command injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 10.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-15471
Published : Jan. 7, 2026, 2:03 a.m. | 2 hours, 10 minutes ago
Description : A vulnerability was detected in TRENDnet TEW-713RE 1.02. The impacted element is an unknown function of the file /goformX/formFSrvX. The manipulation of the argument SZCMD results in os command injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 10.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31051 - WordPress Plant - Gardening & Houseplants WordPress Theme <= 1.0.0 - Sensitive Data Exposure Vulnerability
CVE ID : CVE-2025-31051
Published : Jan. 7, 2026, 2:13 a.m. | 2 hours ago
Description : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in EngoTheme Plant - Gardening & Houseplants WordPress Theme allows Retrieve Embedded Sensitive Data.This issue affects Plant - Gardening & Houseplants WordPress Theme: from n/a through 1.0.0.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31051
Published : Jan. 7, 2026, 2:13 a.m. | 2 hours ago
Description : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in EngoTheme Plant - Gardening & Houseplants WordPress Theme allows Retrieve Embedded Sensitive Data.This issue affects Plant - Gardening & Houseplants WordPress Theme: from n/a through 1.0.0.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31642 - WordPress WPCHURCH plugin <= 2.7.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE ID : CVE-2025-31642
Published : Jan. 7, 2026, 2:14 a.m. | 1 hour, 59 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dasinfomedia WPCHURCH allows Reflected XSS.This issue affects WPCHURCH: from n/a through 2.7.0.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31642
Published : Jan. 7, 2026, 2:14 a.m. | 1 hour, 59 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dasinfomedia WPCHURCH allows Reflected XSS.This issue affects WPCHURCH: from n/a through 2.7.0.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12648 - WP-Members Membership Plugin <= 3.5.4.4 - Unauthenticated Information Exposure via Unprotected Files
CVE ID : CVE-2025-12648
Published : Jan. 7, 2026, 2:21 a.m. | 1 hour, 52 minutes ago
Description : The WP-Members Membership Plugin for WordPress is vulnerable to unauthorized file access in versions up to, and including, 3.5.4.4. This is due to storing user-uploaded files in predictable directories (wp-content/uploads/wpmembers/user_files//) without implementing proper access controls beyond basic directory listing protection (.htaccess with Options -Indexes). This makes it possible for unauthenticated attackers to directly access and download sensitive documents uploaded by site users via direct URL access, granted they can guess or enumerate user IDs and filenames.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12648
Published : Jan. 7, 2026, 2:21 a.m. | 1 hour, 52 minutes ago
Description : The WP-Members Membership Plugin for WordPress is vulnerable to unauthorized file access in versions up to, and including, 3.5.4.4. This is due to storing user-uploaded files in predictable directories (wp-content/uploads/wpmembers/user_files//) without implementing proper access controls beyond basic directory listing protection (.htaccess with Options -Indexes). This makes it possible for unauthenticated attackers to directly access and download sensitive documents uploaded by site users via direct URL access, granted they can guess or enumerate user IDs and filenames.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-20893 - Fujitsu Security Solution AuthConductor Client Basic Privilege Escalation RCE
CVE ID : CVE-2026-20893
Published : Jan. 7, 2026, 3:16 a.m. | 57 minutes ago
Description : Origin validation error issue exists in Fujitsu Security Solution AuthConductor Client Basic V2 2.0.25.0 and earlier. If this vulnerability is exploited, an attacker who can log in to the Windows system where the affected product is installed may execute arbitrary code with SYSTEM privilege and/or modify the registry value.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-20893
Published : Jan. 7, 2026, 3:16 a.m. | 57 minutes ago
Description : Origin validation error issue exists in Fujitsu Security Solution AuthConductor Client Basic V2 2.0.25.0 and earlier. If this vulnerability is exploited, an attacker who can log in to the Windows system where the affected product is installed may execute arbitrary code with SYSTEM privilege and/or modify the registry value.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...