CVE-2025-46494 - WordPress WidgetKit Pro plugin <= 1.13.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE ID : CVE-2025-46494
Published : Jan. 7, 2026, 1:15 p.m. | 3 hours ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themesgrove WidgetKit Pro allows Reflected XSS.This issue affects WidgetKit Pro: from n/a through 1.13.1.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46494
Published : Jan. 7, 2026, 1:15 p.m. | 3 hours ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themesgrove WidgetKit Pro allows Reflected XSS.This issue affects WidgetKit Pro: from n/a through 1.13.1.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47552 - WordPress DZS Video Gallery plugin <= 12.37 - PHP Object Injection Vulnerability
CVE ID : CVE-2025-47552
Published : Jan. 7, 2026, 1:15 p.m. | 3 hours ago
Description : Deserialization of Untrusted Data vulnerability in Digital zoom studio DZS Video Gallery allows Object Injection.This issue affects DZS Video Gallery: from n/a through 12.37.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47552
Published : Jan. 7, 2026, 1:15 p.m. | 3 hours ago
Description : Deserialization of Untrusted Data vulnerability in Digital zoom studio DZS Video Gallery allows Object Injection.This issue affects DZS Video Gallery: from n/a through 12.37.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-15479 - NGSurvey Enterprise 3.6.4 incorrect authorization exposes other users’ API keys and personal data
CVE ID : CVE-2025-15479
Published : Jan. 7, 2026, 2:15 p.m. | 2 hours ago
Description : Stored cross-site scripting (XSS, CWE-79) in the survey content and administration functionality in Data Illusion Zumbrunn NGSurvey Enterprise Edition 3.6.4 on all supported platforms ( on Windows and Linux servers ) allows authenticated remote users with survey creation or edit privileges to execute arbitrary JavaScript in other users’ browsers, steal session information and perform unauthorized actions on their behalf via crafted survey content that is rendered without proper output encoding.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-15479
Published : Jan. 7, 2026, 2:15 p.m. | 2 hours ago
Description : Stored cross-site scripting (XSS, CWE-79) in the survey content and administration functionality in Data Illusion Zumbrunn NGSurvey Enterprise Edition 3.6.4 on all supported platforms ( on Windows and Linux servers ) allows authenticated remote users with survey creation or edit privileges to execute arbitrary JavaScript in other users’ browsers, steal session information and perform unauthorized actions on their behalf via crafted survey content that is rendered without proper output encoding.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6225 - Command injection in Kieback&Peter Neutrino-GLT
CVE ID : CVE-2025-6225
Published : Jan. 7, 2026, 2:15 p.m. | 2 hours ago
Description : Kieback&Peter Neutrino-GLT product is used for building management. It's web component "SM70 PHWEB" is vulnerable to shell command injection via login form. The injected commands would execute with low privileges. The vulnerability has been fixed in version 9.40.02
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6225
Published : Jan. 7, 2026, 2:15 p.m. | 2 hours ago
Description : Kieback&Peter Neutrino-GLT product is used for building management. It's web component "SM70 PHWEB" is vulnerable to shell command injection via login form. The injected commands would execute with low privileges. The vulnerability has been fixed in version 9.40.02
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-22541 - DENIAL OF SERVICE VIA ICMP PACKETS
CVE ID : CVE-2026-22541
Published : Jan. 7, 2026, 3:12 p.m. | 1 hour, 3 minutes ago
Description : The massive sending of ICMP requests causes a denial of service on one of the boards from the EVCharger that allows control the EV interfaces. Since the board must be operating correctly for the charger to also function correctly.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-22541
Published : Jan. 7, 2026, 3:12 p.m. | 1 hour, 3 minutes ago
Description : The massive sending of ICMP requests causes a denial of service on one of the boards from the EVCharger that allows control the EV interfaces. Since the board must be operating correctly for the charger to also function correctly.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-49335 - WordPress External Media plugin <= 1.0.36 - Server Side Request Forgery (SSRF) vulnerability
CVE ID : CVE-2025-49335
Published : Jan. 7, 2026, 3:15 p.m. | 1 hour ago
Description : Server-Side Request Forgery (SSRF) vulnerability in minnur External Media allows Server Side Request Forgery.This issue affects External Media: from n/a through 1.0.36.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-49335
Published : Jan. 7, 2026, 3:15 p.m. | 1 hour ago
Description : Server-Side Request Forgery (SSRF) vulnerability in minnur External Media allows Server Side Request Forgery.This issue affects External Media: from n/a through 1.0.36.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-22540 - DENIAL OF SERVICE VIA ARP PACKETS
CVE ID : CVE-2026-22540
Published : Jan. 7, 2026, 3:15 p.m. | 1 hour ago
Description : The massive sending of ARP requests causes a denial of service on one board of the charger that allows control of the EV interfaces. Since the board must be operating correctly for the charger to also function correctly.
Severity: 9.2 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-22540
Published : Jan. 7, 2026, 3:15 p.m. | 1 hour ago
Description : The massive sending of ARP requests causes a denial of service on one board of the charger that allows control of the EV interfaces. Since the board must be operating correctly for the charger to also function correctly.
Severity: 9.2 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62327 - HCL DevOps Deploy is susceptible to insufficiently protected credentials
CVE ID : CVE-2025-62327
Published : Jan. 7, 2026, 3:17 p.m. | 59 minutes ago
Description : In HCL DevOps Deploy 8.1.2.0 through 8.1.2.3, a user with LLM configuration privileges may be able to recover a credential previously saved for performing authenticated LLM Queries.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62327
Published : Jan. 7, 2026, 3:17 p.m. | 59 minutes ago
Description : In HCL DevOps Deploy 8.1.2.0 through 8.1.2.3, a user with LLM configuration privileges may be able to recover a credential previously saved for performing authenticated LLM Queries.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-22542 - DENIAL OF SERVICE FOR CONCURRENT CONNECTIONS ON TELNET
CVE ID : CVE-2026-22542
Published : Jan. 7, 2026, 3:24 p.m. | 52 minutes ago
Description : An attacker with access to the system's internal network can cause a denial of service on the system by making two concurrent connections through the Telnet service.
Severity: 9.2 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-22542
Published : Jan. 7, 2026, 3:24 p.m. | 52 minutes ago
Description : An attacker with access to the system's internal network can cause a denial of service on the system by making two concurrent connections through the Telnet service.
Severity: 9.2 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0668 - VisualData extension: Regular Expression Denial of Service (ReDoS) via crafted user input
CVE ID : CVE-2026-0668
Published : Jan. 7, 2026, 6:15 p.m. | 2 hours, 1 minute ago
Description : Inefficient Regular Expression Complexity vulnerability in Wikimedia Foundation MediaWiki - VisualData Extension allows Regular Expression Exponential Blowup.This issue affects MediaWiki - VisualData Extension: 1.45.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0668
Published : Jan. 7, 2026, 6:15 p.m. | 2 hours, 1 minute ago
Description : Inefficient Regular Expression Complexity vulnerability in Wikimedia Foundation MediaWiki - VisualData Extension allows Regular Expression Exponential Blowup.This issue affects MediaWiki - VisualData Extension: 1.45.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0669 - Path Traversal vulnerability in CSS extension on certain web servers
CVE ID : CVE-2026-0669
Published : Jan. 7, 2026, 6:15 p.m. | 2 hours, 1 minute ago
Description : Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Wikimedia Foundation MediaWiki - CSS extension allows Path Traversal.This issue affects MediaWiki - CSS extension: 1.44, 1.43, 1.39.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0669
Published : Jan. 7, 2026, 6:15 p.m. | 2 hours, 1 minute ago
Description : Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Wikimedia Foundation MediaWiki - CSS extension allows Path Traversal.This issue affects MediaWiki - CSS extension: 1.44, 1.43, 1.39.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21495 - Division by Zero in iccDEV TIFF Image Reader
CVE ID : CVE-2026-21495
Published : Jan. 7, 2026, 6:15 p.m. | 2 hours, 1 minute ago
Description : iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to division by zero in the TIFF Image Reader. This issue has been patched in version 2.3.1.2.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21495
Published : Jan. 7, 2026, 6:15 p.m. | 2 hours, 1 minute ago
Description : iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to division by zero in the TIFF Image Reader. This issue has been patched in version 2.3.1.2.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21496 - NULL Pointer Dereference in iccDEV Signature Parser
CVE ID : CVE-2026-21496
Published : Jan. 7, 2026, 6:15 p.m. | 2 hours, 1 minute ago
Description : iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the signature parser. This issue has been patched in version 2.3.1.2.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21496
Published : Jan. 7, 2026, 6:15 p.m. | 2 hours, 1 minute ago
Description : iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the signature parser. This issue has been patched in version 2.3.1.2.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21497 - NULL Pointer Dereference in iccDEV Unknown Tag Parser
CVE ID : CVE-2026-21497
Published : Jan. 7, 2026, 6:15 p.m. | 2 hours, 1 minute ago
Description : iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via an unknown tag parser. This issue has been patched in version 2.3.1.2.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21497
Published : Jan. 7, 2026, 6:15 p.m. | 2 hours, 1 minute ago
Description : iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via an unknown tag parser. This issue has been patched in version 2.3.1.2.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21498 - NULL Pointer Dereference in iccDEV XML Calculator Parser
CVE ID : CVE-2026-21498
Published : Jan. 7, 2026, 6:15 p.m. | 2 hours, 1 minute ago
Description : iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the XML calculator parser. This issue has been patched in version 2.3.1.2.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21498
Published : Jan. 7, 2026, 6:15 p.m. | 2 hours, 1 minute ago
Description : iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the XML calculator parser. This issue has been patched in version 2.3.1.2.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21499 - NULL Pointer Dereference in iccDEV XML Parser
CVE ID : CVE-2026-21499
Published : Jan. 7, 2026, 6:15 p.m. | 2 hours, 1 minute ago
Description : iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the XML parser. This issue has been patched in version 2.3.1.2.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21499
Published : Jan. 7, 2026, 6:15 p.m. | 2 hours, 1 minute ago
Description : iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the XML parser. This issue has been patched in version 2.3.1.2.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21500 - Stack Overflow in iccDEV XML Calculator Macro Expansion
CVE ID : CVE-2026-21500
Published : Jan. 7, 2026, 6:15 p.m. | 2 hours, 1 minute ago
Description : iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to stack overflow in the XML calculator macro expansion. This issue has been patched in version 2.3.1.2.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21500
Published : Jan. 7, 2026, 6:15 p.m. | 2 hours, 1 minute ago
Description : iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to stack overflow in the XML calculator macro expansion. This issue has been patched in version 2.3.1.2.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21501 - Stack Overflow in iccDEV Calculator Parser
CVE ID : CVE-2026-21501
Published : Jan. 7, 2026, 6:15 p.m. | 2 hours, 1 minute ago
Description : iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to stack overflow in the calculator parser. This issue has been patched in version 2.3.1.2.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21501
Published : Jan. 7, 2026, 6:15 p.m. | 2 hours, 1 minute ago
Description : iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to stack overflow in the calculator parser. This issue has been patched in version 2.3.1.2.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21502 - NULL Pointer Dereference in iccDEV XML Tag Parser
CVE ID : CVE-2026-21502
Published : Jan. 7, 2026, 6:15 p.m. | 2 hours, 1 minute ago
Description : iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the XML tag parser. This issue has been patched in version 2.3.1.2.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21502
Published : Jan. 7, 2026, 6:15 p.m. | 2 hours, 1 minute ago
Description : iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the XML tag parser. This issue has been patched in version 2.3.1.2.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21503 - iccDEV has Undefined Behavior - Null Pointer Passed to memcpy() in CIccTagSparseMatrixArray
CVE ID : CVE-2026-21503
Published : Jan. 7, 2026, 6:15 p.m. | 2 hours, 1 minute ago
Description : iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV has undefined behavior due to a null pointer passed to memcpy() in CIccTagSparseMatrixArray. This issue has been patched in version 2.3.1.2.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21503
Published : Jan. 7, 2026, 6:15 p.m. | 2 hours, 1 minute ago
Description : iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV has undefined behavior due to a null pointer passed to memcpy() in CIccTagSparseMatrixArray. This issue has been patched in version 2.3.1.2.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21504 - Heap Buffer Overflow in iccDEV ToneMap Parser
CVE ID : CVE-2026-21504
Published : Jan. 7, 2026, 6:15 p.m. | 2 hours, 1 minute ago
Description : iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to heap buffer overflow in the ToneMap parser. This issue has been patched in version 2.3.1.2.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21504
Published : Jan. 7, 2026, 6:15 p.m. | 2 hours, 1 minute ago
Description : iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to heap buffer overflow in the ToneMap parser. This issue has been patched in version 2.3.1.2.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...