🛡️ CVE Intelligence Center
Common Vulnerabilities & Exposures — Security Intelligence Database
| CVE ID | Severity | CVSS | Description | Status | Published |
|---|---|---|---|---|---|
| CVE-2026-0589 | High | 7.3 |
A vulnerability was found in code-projects Online Product Reservation System 1.0. Impacted is an unknown function of the…
|
⚡ Exploit ✅ Patch | Jan 5, 2026 |
| CVE-2025-15456 | High | 7.3 |
A vulnerability has been found in bg5sbk MiniCMS up to 1.8. The affected element is an unknown function of the file /mc-…
|
⚡ Exploit ✅ Patch | Jan 5, 2026 |
| CVE-2025-68455 | High | 7.2 |
Craft is a platform for creating digital experiences. Versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16 ar…
|
⚡ Exploit ✅ Patch | Jan 5, 2026 |
| CVE-2025-3646 | High | 7.3 |
Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an authorization bypass vulnerability that allows unau…
|
✅ Patch | Jan 4, 2026 |
| CVE-2025-64124 | High | 8.8 |
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Nuvation Ene…
|
✅ Patch | Jan 3, 2026 |
| CVE-2025-15428 | High | 8.8 |
A weakness has been identified in UTT 进取 512W 1.7.7-171114. Affected is the function strcpy of the file /goform/formRemo…
|
⚡ Exploit ✅ Patch | Jan 2, 2026 |
| CVE-2025-15429 | High | 8.8 |
A security vulnerability has been detected in UTT 进取 512W 1.7.7-171114. Affected by this vulnerability is the function s…
|
⚡ Exploit ✅ Patch | Jan 2, 2026 |
| CVE-2025-64120 | High | 8.8 |
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Nuvation Ene…
|
✅ Patch | Jan 2, 2026 |
| CVE-2026-21449 | High | 8.8 |
Bagisto is an open source laravel eCommerce platform. Versions prior to 2.3.10 are vulnerable to server-side template in…
|
⚡ Exploit ✅ Patch | Jan 2, 2026 |
| CVE-2025-69414 | High | 8.5 |
Plex Media Server (PMS) through 1.42.2.10156 allows retrieval of a permanent access token via a /myplex/account call wit…
|
⚡ Exploit ✅ Patch | Jan 2, 2026 |
| CVE-2026-21451 | High | 8.4 |
Bagisto is an open source laravel eCommerce platform. A stored Cross-Site Scripting (XSS) vulnerability exists in Bagist…
|
⚡ Exploit ✅ Patch | Jan 2, 2026 |
| CVE-2025-52863 | High | 8.1 |
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker…
|
✅ Patch | Jan 2, 2026 |
| CVE-2025-52864 | High | 8.1 |
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker…
|
✅ Patch | Jan 2, 2026 |
| CVE-2025-52872 | High | 8.1 |
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker…
|
✅ Patch | Jan 2, 2026 |
| CVE-2025-62842 | High | 7.8 |
An external control of file name or path vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If an attac…
|
✅ Patch | Jan 2, 2026 |
| CVE-2025-59384 | High | 7.5 |
A path traversal vulnerability has been reported to affect Qfiling. The remote attackers can then exploit the vulnerabil…
|
✅ Patch | Jan 2, 2026 |
| CVE-2025-9110 | High | 7.5 |
An exposure of sensitive system information to an unauthorized control sphere vulnerability has been reported to affect …
|
✅ Patch | Jan 2, 2026 |
| CVE-2025-15426 | High | 7.3 |
A vulnerability was identified in jackying H-ui.admin up to 3.1. This affects an unknown function in the library /lib/we…
|
✅ Patch | Jan 2, 2026 |
| CVE-2025-69415 | High | 7.1 |
In Plex Media Server (PMS) through 1.42.2.10156, ability to access /myplex/account with a device token is not properly a…
|
⚡ Exploit ✅ Patch | Jan 2, 2026 |
| CVE-2025-66398 | Critical | 9.6 |
Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.19.0, an unauthenticate…
|
⚡ Exploit ✅ Patch | Jan 1, 2026 |