CVE-2025-11044 - Vulnerability on Automation Runtime my cause DoS Conditions
CVE ID : CVE-2025-11044
Published : Jan. 19, 2026, 4:15 p.m. | 24 minutes ago
Description : An Allocation of Resources Without Limits or Throttling vulnerability in the ANSL-Server component of B&R Automation Runtime versions prior to 6.5 and prior to R4.93 could be exploited by an unauthenti-cated attacker on the network to win a race condition, resulting in permanent denial-of-service (DoS) conditions on affected devices.
Severity: 8.9 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11044
Published : Jan. 19, 2026, 4:15 p.m. | 24 minutes ago
Description : An Allocation of Resources Without Limits or Throttling vulnerability in the ANSL-Server component of B&R Automation Runtime versions prior to 6.5 and prior to R4.93 could be exploited by an unauthenti-cated attacker on the network to win a race condition, resulting in permanent denial-of-service (DoS) conditions on affected devices.
Severity: 8.9 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61684 - Quicly has assertion failures
CVE ID : CVE-2025-61684
Published : Jan. 19, 2026, 4:15 p.m. | 24 minutes ago
Description : Quicly, an IETF QUIC protocol implementation, is susceptible to a denial-of-service attack prior to commit d9d3df6a8530a102b57d840e39b0311ce5c9e14e. A remote attacker can exploit these bugs to trigger an assertion failure that crashes process using Quicly. Commit d9d3df6a8530a102b57d840e39b0311ce5c9e14e fixes the issue.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61684
Published : Jan. 19, 2026, 4:15 p.m. | 24 minutes ago
Description : Quicly, an IETF QUIC protocol implementation, is susceptible to a denial-of-service attack prior to commit d9d3df6a8530a102b57d840e39b0311ce5c9e14e. A remote attacker can exploit these bugs to trigger an assertion failure that crashes process using Quicly. Commit d9d3df6a8530a102b57d840e39b0311ce5c9e14e fixes the issue.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-68616 - WeasyPrint Vulnerable to Server-Side Request Forgery (SSRF) Protection Bypass via HTTP Redirect
CVE ID : CVE-2025-68616
Published : Jan. 19, 2026, 4:15 p.m. | 24 minutes ago
Description : WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery (SSRF) protection bypass exists in WeasyPrint's `default_url_fetcher`. The vulnerability allows attackers to access internal network resources (such as `localhost` services or cloud metadata endpoints) even when a developer has implemented a custom `url_fetcher` to block such access. This occurs because the underlying `urllib` library follows HTTP redirects automatically without re-validating the new destination against the developer's security policy. Version 68.0 contains a patch for the issue.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-68616
Published : Jan. 19, 2026, 4:15 p.m. | 24 minutes ago
Description : WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery (SSRF) protection bypass exists in WeasyPrint's `default_url_fetcher`. The vulnerability allows attackers to access internal network resources (such as `localhost` services or cloud metadata endpoints) even when a developer has implemented a custom `url_fetcher` to block such access. This occurs because the underlying `urllib` library follows HTTP redirects automatically without re-validating the new destination against the developer's security policy. Version 68.0 contains a patch for the issue.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-1160 - PHPGurukul Directory Management System Search index.php sql injection
CVE ID : CVE-2026-1160
Published : Jan. 19, 2026, 4:15 p.m. | 23 minutes ago
Description : A security vulnerability has been detected in PHPGurukul Directory Management System 1.0. Impacted is an unknown function of the file /index.php of the component Search. The manipulation of the argument searchdata leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-1160
Published : Jan. 19, 2026, 4:15 p.m. | 23 minutes ago
Description : A security vulnerability has been detected in PHPGurukul Directory Management System 1.0. Impacted is an unknown function of the file /index.php of the component Search. The manipulation of the argument searchdata leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-1161 - pbrong hrms recruitment.go UpdateRecruitmentById cross site scripting
CVE ID : CVE-2026-1161
Published : Jan. 19, 2026, 4:15 p.m. | 23 minutes ago
Description : A vulnerability was detected in pbrong hrms 1.0.1. The affected element is the function UpdateRecruitmentById of the file /handler/recruitment.go. The manipulation results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-1161
Published : Jan. 19, 2026, 4:15 p.m. | 23 minutes ago
Description : A vulnerability was detected in pbrong hrms 1.0.1. The affected element is the function UpdateRecruitmentById of the file /handler/recruitment.go. The manipulation results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-22031 - Fastify Middie Middleware Path Bypass
CVE ID : CVE-2026-22031
Published : Jan. 19, 2026, 4:15 p.m. | 23 minutes ago
Description : @fastify/middie is the plugin that adds middleware support on steroids to Fastify. A security vulnerability exists in @fastify/middie prior to version 9.1.0 where middleware registered with a specific path prefix can be bypassed using URL-encoded characters (e.g., `/%61dmin` instead of `/admin`). While the middleware engine fails to match the encoded path and skips execution, the underlying Fastify router correctly decodes the path and matches the route handler, allowing attackers to access protected endpoints without the middleware constraints. Version 9.1.0 fixes the issue.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-22031
Published : Jan. 19, 2026, 4:15 p.m. | 23 minutes ago
Description : @fastify/middie is the plugin that adds middleware support on steroids to Fastify. A security vulnerability exists in @fastify/middie prior to version 9.1.0 where middleware registered with a specific path prefix can be bypassed using URL-encoded characters (e.g., `/%61dmin` instead of `/admin`). While the middleware engine fails to match the encoded path and skips execution, the underlying Fastify router correctly decodes the path and matches the route handler, allowing attackers to access protected endpoints without the middleware constraints. Version 9.1.0 fixes the issue.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0900 - Google Chrome V8 HTML Object Corruption Vulnerability
CVE ID : CVE-2026-0900
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 30 minutes ago
Description : Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0900
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 30 minutes ago
Description : Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0901 - Google Chrome Blink UI Spoofing Vulnerability
CVE ID : CVE-2026-0901
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 30 minutes ago
Description : Inappropriate implementation in Blink in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0901
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 30 minutes ago
Description : Inappropriate implementation in Blink in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0902 - Google Chrome V8 HTML Out-of-Bounds Memory Read Vulnerability
CVE ID : CVE-2026-0902
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 30 minutes ago
Description : Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0902
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 30 minutes ago
Description : Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0903 - Google Chrome Insecure File Type Bypass Vulnerability
CVE ID : CVE-2026-0903
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 30 minutes ago
Description : Inappropriate implementation in Downloads in Google Chrome on Windows prior to 144.0.7559.59 allowed a remote attacker to bypass dangerous file type protections via a malicious file. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0903
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 30 minutes ago
Description : Inappropriate implementation in Downloads in Google Chrome on Windows prior to 144.0.7559.59 allowed a remote attacker to bypass dangerous file type protections via a malicious file. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0904 - Google Chrome Domain Spoofing Vulnerability
CVE ID : CVE-2026-0904
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 30 minutes ago
Description : Incorrect security UI in Digital Credentials in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0904
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 30 minutes ago
Description : Incorrect security UI in Digital Credentials in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0905 - Google Chrome Network Policy Enforcement Information Disclosure Vulnerability
CVE ID : CVE-2026-0905
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 30 minutes ago
Description : Insufficient policy enforcement in Network in Google Chrome prior to 144.0.7559.59 allowed an attack who obtained a network log file to potentially obtain potentially sensitive information via a network log file. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0905
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 30 minutes ago
Description : Insufficient policy enforcement in Network in Google Chrome prior to 144.0.7559.59 allowed an attack who obtained a network log file to potentially obtain potentially sensitive information via a network log file. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0906 - Google Chrome Android Omnibox Spoofing Vulnerability
CVE ID : CVE-2026-0906
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 30 minutes ago
Description : Incorrect security UI in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0906
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 30 minutes ago
Description : Incorrect security UI in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0907 - Google Chrome Spoofing Vulnerability
CVE ID : CVE-2026-0907
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 30 minutes ago
Description : Incorrect security UI in Split View in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0907
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 30 minutes ago
Description : Incorrect security UI in Split View in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0908 - Google Chrome ANGLE Use-After-Free Heap Corruption Vulnerability
CVE ID : CVE-2026-0908
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 30 minutes ago
Description : Use after free in ANGLE in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0908
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 30 minutes ago
Description : Use after free in ANGLE in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-23909 - Apache HTTP Server Cross-Site Request Forgery
CVE ID : CVE-2026-23909
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 30 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-23909
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 30 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-23910 - Cisco WebEx Meeting Center Information Disclosure
CVE ID : CVE-2026-23910
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 29 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-23910
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 29 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-23911 - Adobe Flash Player Unserialize Buffer Overflow
CVE ID : CVE-2026-23911
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 29 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-23911
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 29 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-23912 - Citrix NetScaler Unvalidated Redirect
CVE ID : CVE-2026-23912
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 29 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-23912
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 29 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-23913 - Apache HTTP Server Cross-Site Request Forgery
CVE ID : CVE-2026-23913
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 29 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-23913
Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 29 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...