Common Vulnerabilities and Exposures (CVE)

CVE-2025-68492

Jan 15, 2026 17:24:34 UTC

Chainlit versions prior to 2.8.5 contain an authorization bypass through user-controlled key vulnerability. If this vulnerability is exploited, threads may be viewed or thread ownership may be obtained by an attacker who can log in to the p...

CVE-2026-0739

Jan 15, 2026 17:23:06 UTC

The WMF Mobile Redirector plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible...

CVE-2026-23495

Jan 15, 2026 17:09:32 UTC

Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. Prior to 2.2.3 and 1.7.16, the API endpoint for listing Predefined Properties in the Pimcore platform lacks adequate server-side authorization checks. Predefined Properties a...

CVE-2025-70298

Jan 15, 2026 17:05:50 UTC

GPAC v2.4.0 was discovered to contain an out-of-bounds read in the oggdmx_parse_tags function.

CVE-2026-22915

Jan 15, 2026 17:03:58 UTC

An attacker with low privileges may be able to read files from specific directories on the device, potentially exposing sensitive information.

CVE-2021-47759

Jan 15, 2026 17:02:16 UTC

MTPutty 1.0.1.21 contains a sensitive information disclosure vulnerability that allows local attackers to view SSH connection passwords through Windows PowerShell process listing. Attackers can run a PowerShell command to retrieve the full ...

CVE-2025-70656

Jan 15, 2026 17:01:05 UTC

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the mac parameter of the sub_65B5C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

CVE-2025-37165

Jan 15, 2026 16:56:25 UTC

A vulnerability in the router mode configuration of HPE Instant On Access Points exposed certain network configuration details to unintended interfaces. A malicious actor could gain knowledge of internal network configuration details throug...

CVE-2026-22916

Jan 15, 2026 16:55:42 UTC

An attacker with low privileges may be able to trigger critical system functions such as reboot or factory reset without proper restrictions, potentially leading to service disruption or loss of configuration.

CVE-2021-47760

Jan 15, 2026 16:54:50 UTC

TestLink versions 1.16 through 1.19 contain an unauthenticated file download vulnerability in the attachmentdownload.php endpoint. Attackers can download arbitrary files by iterating file IDs through the 'id' parameter with 'skipCheck=1' to...

CVE-2021-47761

Jan 15, 2026 16:53:31 UTC

MilleGPG5 5.7.2 contains a local privilege escalation vulnerability that allows authenticated users to modify service executable files in the MariaDB bin directory. Attackers can replace the mysqld.exe with a malicious executable, which wil...

CVE-2021-47762

Jan 15, 2026 16:52:37 UTC

HTTPDebuggerPro 9.11 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configurat...

CVE-2021-47763

Jan 15, 2026 16:51:11 UTC

Aimeos 2021.10 LTS contains a SQL injection vulnerability in the json api 'sort' parameter that allows attackers to inject malicious database queries. Attackers can manipulate the sort parameter to reveal table and column names by sending c...

CVE-2021-47764

Jan 15, 2026 16:48:07 UTC

AbsoluteTelnet 11.24 contains a denial of service vulnerability that allows local attackers to crash the application by manipulating DialUp connection and license name fields. Attackers can generate a 1000-character payload and paste it int...

CVE-2021-47765

Jan 15, 2026 16:47:37 UTC

AbsoluteTelnet 11.24 contains a denial of service vulnerability that allows local attackers to crash the application by manipulating username and error report fields. Attackers can trigger the crash by inserting 1000 characters into the use...