{
"Source": "CVE FEED",
"Title": "CVE-2025-14147 - GitHub Gist Shortcodes for WordPress Stored Cross-Site Scripting",
"Content": "CVE ID : CVE-2025-14147
Published : Jan. 7, 2026, 10:20 a.m. | 1 hour, 55 minutes ago
Description : The Easy GitHub Gist Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the gist shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-14147 - GitHub Gist Shortcodes for WordPress Stored Cross-Site Scripting",
"Content": "CVE ID : CVE-2025-14147
Published : Jan. 7, 2026, 10:20 a.m. | 1 hour, 55 minutes ago
Description : The Easy GitHub Gist Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the gist shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-14053 - WordPress Wish To Go Stored Cross-Site Scripting",
"Content": "CVE ID : CVE-2025-14053
Published : Jan. 7, 2026, 10:20 a.m. | 1 hour, 55 minutes ago
Description : The Wish To Go plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in all versions up to, and including, 0.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-14053 - WordPress Wish To Go Stored Cross-Site Scripting",
"Content": "CVE ID : CVE-2025-14053
Published : Jan. 7, 2026, 10:20 a.m. | 1 hour, 55 minutes ago
Description : The Wish To Go plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in all versions up to, and including, 0.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-13519 - WordPress SVG Map Plugin CSRF Vulnerability",
"Content": "CVE ID : CVE-2025-13519
Published : Jan. 7, 2026, 10:20 a.m. | 1 hour, 55 minutes ago
Description : The SVG Map Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on multiple AJAX actions including 'save_data', 'delete_data', and 'add_popup'. This makes it possible for unauthenticated attackers to update the plugin's settings, delete map data, and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-13519 - WordPress SVG Map Plugin CSRF Vulnerability",
"Content": "CVE ID : CVE-2025-13519
Published : Jan. 7, 2026, 10:20 a.m. | 1 hour, 55 minutes ago
Description : The SVG Map Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on multiple AJAX actions including 'save_data', 'delete_data', and 'add_popup'. This makes it possible for unauthenticated attackers to update the plugin's settings, delete map data, and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-13493 - WordPress Latest Registered Users Plugin Unauthorized Data Export Vulnerability",
"Content": "CVE ID : CVE-2025-13493
Published : Jan. 7, 2026, 10:20 a.m. | 1 hour, 55 minutes ago
Description : The Latest Registered Users plugin for WordPress is vulnerable to unauthorized user data export in all versions up to, and including, 1.4. This is due to missing authorization and nonce validation in the rnd_handle_form_submit function hooked to both admin_post_my_simple_form and admin_post_nopriv_my_simple_form actions. This makes it possible for unauthenticated attackers to export complete user details (excluding passwords and sensitive tokens) in CSV format via the 'action' parameter.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-13493 - WordPress Latest Registered Users Plugin Unauthorized Data Export Vulnerability",
"Content": "CVE ID : CVE-2025-13493
Published : Jan. 7, 2026, 10:20 a.m. | 1 hour, 55 minutes ago
Description : The Latest Registered Users plugin for WordPress is vulnerable to unauthorized user data export in all versions up to, and including, 1.4. This is due to missing authorization and nonce validation in the rnd_handle_form_submit function hooked to both admin_post_my_simple_form and admin_post_nopriv_my_simple_form actions. This makes it possible for unauthenticated attackers to export complete user details (excluding passwords and sensitive tokens) in CSV format via the 'action' parameter.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-13722 - Fluent Forms Missing Authorization Vulnerability",
"Content": "CVE ID : CVE-2025-13722
Published : Jan. 7, 2026, 10:20 a.m. | 1 hour, 55 minutes ago
Description : The Fluent Forms โ Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.1.7. This is due to missing capability checks on the `fluentform_ai_create_form` AJAX action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create arbitrary forms via the publicly exposed AI builder.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-13722 - Fluent Forms Missing Authorization Vulnerability",
"Content": "CVE ID : CVE-2025-13722
Published : Jan. 7, 2026, 10:20 a.m. | 1 hour, 55 minutes ago
Description : The Fluent Forms โ Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.1.7. This is due to missing capability checks on the `fluentform_ai_create_form` AJAX action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create arbitrary forms via the publicly exposed AI builder.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-15479 - NGSurvey Enterprise 3.6.4 incorrect authorization exposes other usersโ API keys and personal data",
"Content": "CVE ID : CVE-2025-15479
Published : Jan. 7, 2026, 1:23 p.m. | 54 minutes ago
Description : Stored cross-site scripting (XSS, CWE-79) in the survey content and administration functionality in Data Illusion Zumbrunn NGSurvey Enterprise Edition 3.6.4 on all supported platforms (
on Windows and Linux servers ) allows authenticated remote users with survey creation or edit privileges to execute arbitrary JavaScript in other usersโ browsers, steal session information and perform unauthorized actions on their behalf via crafted survey content that is rendered without proper output encoding.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-15479 - NGSurvey Enterprise 3.6.4 incorrect authorization exposes other usersโ API keys and personal data",
"Content": "CVE ID : CVE-2025-15479
Published : Jan. 7, 2026, 1:23 p.m. | 54 minutes ago
Description : Stored cross-site scripting (XSS, CWE-79) in the survey content and administration functionality in Data Illusion Zumbrunn NGSurvey Enterprise Edition 3.6.4 on all supported platforms (
on Windows and Linux servers ) allows authenticated remote users with survey creation or edit privileges to execute arbitrary JavaScript in other usersโ browsers, steal session information and perform unauthorized actions on their behalf via crafted survey content that is rendered without proper output encoding.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-47552 - WordPress DZS Video Gallery plugin <= 12.37 - php object injection vulnerability",
"Content": "CVE ID : CVE-2025-47552
Published : Jan. 7, 2026, 1:15 p.m. | 1 hour, 1 minute ago
Description : Deserialization of Untrusted Data vulnerability in Digital zoom studio DZS Video Gallery allows Object Injection.This issue affects DZS Video Gallery: from n/a through 12.37.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-47552 - WordPress DZS Video Gallery plugin <= 12.37 - php object injection vulnerability",
"Content": "CVE ID : CVE-2025-47552
Published : Jan. 7, 2026, 1:15 p.m. | 1 hour, 1 minute ago
Description : Deserialization of Untrusted Data vulnerability in Digital zoom studio DZS Video Gallery allows Object Injection.This issue affects DZS Video Gallery: from n/a through 12.37.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-46256 - WordPress Advanced Database Cleaner PRO Plugin <= 3.2.10 - limited .txt path traversal vulnerability",
"Content": "CVE ID : CVE-2025-46256
Published : Jan. 7, 2026, 1:15 p.m. | 1 hour, 1 minute ago
Description : Path Traversal: '.../...//' vulnerability in SigmaPlugin Advanced Database Cleaner PRO allows Path Traversal.This issue affects Advanced Database Cleaner PRO: from n/a through 3.2.10.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-46256 - WordPress Advanced Database Cleaner PRO Plugin <= 3.2.10 - limited .txt path traversal vulnerability",
"Content": "CVE ID : CVE-2025-46256
Published : Jan. 7, 2026, 1:15 p.m. | 1 hour, 1 minute ago
Description : Path Traversal: '.../...//' vulnerability in SigmaPlugin Advanced Database Cleaner PRO allows Path Traversal.This issue affects Advanced Database Cleaner PRO: from n/a through 3.2.10.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-46434 - WordPress The Plus Addons for Elementor Pro plugin < 6.3.7 - Broken Access Control vulnerability",
"Content": "CVE ID : CVE-2025-46434
Published : Jan. 7, 2026, 1:15 p.m. | 1 hour, 1 minute ago
Description : Missing Authorization vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus Addons for Elementor Pro: from n/a before 6.3.7.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-46434 - WordPress The Plus Addons for Elementor Pro plugin < 6.3.7 - Broken Access Control vulnerability",
"Content": "CVE ID : CVE-2025-46434
Published : Jan. 7, 2026, 1:15 p.m. | 1 hour, 1 minute ago
Description : Missing Authorization vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus Addons for Elementor Pro: from n/a before 6.3.7.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-46494 - WordPress WidgetKit Pro plugin <= 1.13.1 - reflected cross site scripting (xss) vulnerability",
"Content": "CVE ID : CVE-2025-46494
Published : Jan. 7, 2026, 1:15 p.m. | 1 hour, 1 minute ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themesgrove WidgetKit Pro allows Reflected XSS.This issue affects WidgetKit Pro: from n/a through 1.13.1.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-46494 - WordPress WidgetKit Pro plugin <= 1.13.1 - reflected cross site scripting (xss) vulnerability",
"Content": "CVE ID : CVE-2025-46494
Published : Jan. 7, 2026, 1:15 p.m. | 1 hour, 1 minute ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themesgrove WidgetKit Pro allows Reflected XSS.This issue affects WidgetKit Pro: from n/a through 1.13.1.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-32303 - WordPress WPCHURCH plugin <= 2.7.0 - sql injection vulnerability",
"Content": "CVE ID : CVE-2025-32303
Published : Jan. 7, 2026, 1:15 p.m. | 1 hour, 1 minute ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mojoomla WPCHURCH allows Blind SQL Injection.This issue affects WPCHURCH: from n/a through 2.7.0.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-32303 - WordPress WPCHURCH plugin <= 2.7.0 - sql injection vulnerability",
"Content": "CVE ID : CVE-2025-32303
Published : Jan. 7, 2026, 1:15 p.m. | 1 hour, 1 minute ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mojoomla WPCHURCH allows Blind SQL Injection.This issue affects WPCHURCH: from n/a through 2.7.0.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-6225 - Command injection in Kieback&Peter Neutrino-GLT",
"Content": "CVE ID : CVE-2025-6225
Published : Jan. 7, 2026, 1 p.m. | 1 hour, 16 minutes ago
Description : Kieback&Peter Neutrino-GLT product is used for building management. It's web component "SM70 PHWEB" is vulnerable to shell command injection via login form. The injected commands would execute with low privileges. The vulnerability has been fixed in version 9.40.02
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-6225 - Command injection in Kieback&Peter Neutrino-GLT",
"Content": "CVE ID : CVE-2025-6225
Published : Jan. 7, 2026, 1 p.m. | 1 hour, 16 minutes ago
Description : Kieback&Peter Neutrino-GLT product is used for building management. It's web component "SM70 PHWEB" is vulnerable to shell command injection via login form. The injected commands would execute with low privileges. The vulnerability has been fixed in version 9.40.02
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-22156 - Apache Apache HTTP Server Unvalidated User Input",
"Content": "CVE ID : CVE-2026-22156
Published : Jan. 7, 2026, 12:17 p.m. | 2 hours ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-22156 - Apache Apache HTTP Server Unvalidated User Input",
"Content": "CVE ID : CVE-2026-22156
Published : Jan. 7, 2026, 12:17 p.m. | 2 hours ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-22158 - Apache HTTP Server Unvalidated User Input",
"Content": "CVE ID : CVE-2026-22158
Published : Jan. 7, 2026, 12:17 p.m. | 2 hours ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-22158 - Apache HTTP Server Unvalidated User Input",
"Content": "CVE ID : CVE-2026-22158
Published : Jan. 7, 2026, 12:17 p.m. | 2 hours ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-22159 - Apache HTTP Server HTTP Request Smuggling",
"Content": "CVE ID : CVE-2026-22159
Published : Jan. 7, 2026, 12:17 p.m. | 2 hours ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-22159 - Apache HTTP Server HTTP Request Smuggling",
"Content": "CVE ID : CVE-2026-22159
Published : Jan. 7, 2026, 12:17 p.m. | 2 hours ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-22160 - Apache HTTP Server Cross-Site Request Forgery",
"Content": "CVE ID : CVE-2026-22160
Published : Jan. 7, 2026, 12:17 p.m. | 2 hours ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-22160 - Apache HTTP Server Cross-Site Request Forgery",
"Content": "CVE ID : CVE-2026-22160
Published : Jan. 7, 2026, 12:17 p.m. | 2 hours ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-22161 - Apache HTTP Server Cross-Site Request Forgery",
"Content": "CVE ID : CVE-2026-22161
Published : Jan. 7, 2026, 12:17 p.m. | 2 hours ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-22161 - Apache HTTP Server Cross-Site Request Forgery",
"Content": "CVE ID : CVE-2026-22161
Published : Jan. 7, 2026, 12:17 p.m. | 2 hours ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-22162 - Apache Struts Command Injection",
"Content": "CVE ID : CVE-2026-22162
Published : Jan. 7, 2026, 12:17 p.m. | 2 hours ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-22162 - Apache Struts Command Injection",
"Content": "CVE ID : CVE-2026-22162
Published : Jan. 7, 2026, 12:17 p.m. | 2 hours ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2026-22157 - Apache HTTP Server Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2026-22157
Published : Jan. 7, 2026, 12:17 p.m. | 2 hours ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2026-22157 - Apache HTTP Server Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2026-22157
Published : Jan. 7, 2026, 12:17 p.m. | 2 hours ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-69082 - WordPress Arlo theme <= 6.0.3 - cross site scripting (xss) vulnerability",
"Content": "CVE ID : CVE-2025-69082
Published : Jan. 7, 2026, 12:17 p.m. | 2 hours ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Frenify Arlo arlo allows Reflected XSS.This issue affects Arlo: from n/a through 6.0.3.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-69082 - WordPress Arlo theme <= 6.0.3 - cross site scripting (xss) vulnerability",
"Content": "CVE ID : CVE-2025-69082
Published : Jan. 7, 2026, 12:17 p.m. | 2 hours ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Frenify Arlo arlo allows Reflected XSS.This issue affects Arlo: from n/a through 6.0.3.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-69333 - WordPress JetEngine plugin <= 3.8.1.1 - broken access control vulnerability",
"Content": "CVE ID : CVE-2025-69333
Published : Jan. 7, 2026, 12:17 p.m. | 2 hours ago
Description : Missing Authorization vulnerability in Crocoblock JetEngine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetEngine: from n/a through 3.8.1.1.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-69333 - WordPress JetEngine plugin <= 3.8.1.1 - broken access control vulnerability",
"Content": "CVE ID : CVE-2025-69333
Published : Jan. 7, 2026, 12:17 p.m. | 2 hours ago
Description : Missing Authorization vulnerability in Crocoblock JetEngine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetEngine: from n/a through 3.8.1.1.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jan 2026",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น