Common Vulnerabilities and Exposures (CVE)

CVE-2025-68011

Jan 28, 2026 21:28:56 UTC

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GLS GLS Shipping for WooCommerce gls-shipping-for-woocommerce allows Reflected XSS.This issue affects GLS Shipping for WooCommerce: from n...

CVE-2025-68012

Jan 28, 2026 21:27:30 UTC

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dmytro Shteflyuk CodeColorer codecolorer allows Stored XSS.This issue affects CodeColorer: from n/a through <= 0.10.1.

CVE-2026-1534

Jan 28, 2026 21:25:58 UTC

A weakness has been identified in code-projects Online Music Site 1.0. This affects an unknown function of the file /Administrator/PHP/AdminEditUser.php. This manipulation of the argument ID causes sql injection. It is possible to initiate ...

CVE-2025-68859

Jan 28, 2026 21:22:22 UTC

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in agmorpheus Syntax Highlighter Compress syntax-highlighter-compress allows Reflected XSS.This issue affects Syntax Highlighter Compress: fr...

CVE-2025-68849

Jan 28, 2026 21:21:47 UTC

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Frank Corso Quote Master quote-master allows Reflected XSS.This issue affects Quote Master: from n/a through <= 7.1.1.

CVE-2026-24835

Jan 28, 2026 21:21:17 UTC

Podman Desktop is a graphical tool for developing on containers and Kubernetes. A critical authentication bypass vulnerability in Podman Desktop prior to version 1.25.1 allows any extension to completely circumvent permission checks and gai...

CVE-2025-13471

Jan 28, 2026 21:20:57 UTC

The User Activity Log WordPress plugin through 2.2 does not properly handle failed login attempts in some cases, allowing unauthenticated users to set arbitrary options to 1 (for example to enable User Registration when it has been turned o...

CVE-2020-36971

Jan 28, 2026 21:20:44 UTC

Nidesoft 3GP Video Converter 2.6.18 contains a local stack buffer overflow vulnerability in the license registration parameter. Attackers can craft a malicious payload and paste it into the 'License Code' field to execute arbitrary code on ...

CVE-2026-24910

Jan 28, 2026 21:19:54 UTC

In Bun before 1.3.5, the default trusted dependencies list (aka trust allow list) can be spoofed by a non-npm package in the case of a matching name (for file, link, git, or github).

CVE-2026-24909

Jan 28, 2026 21:18:16 UTC

vlt before 1.0.0-rc.10 mishandles path sanitization for tar, leading to path traversal during extraction.

CVE-2026-24740

Jan 28, 2026 21:16:44 UTC

Dozzle is a realtime log viewer for docker containers. Prior to version 9.0.3, a flaw in Dozzle’s agent-backed shell endpoints allows a user restricted by label filters (for example, `label=env=dev`) to obtain an interactive root shell in o...

CVE-2026-24748

Jan 28, 2026 21:15:14 UTC

Kargo manages and automates the promotion of software artifacts. Prior to versions 1.8.7, 1.7.7, and 1.6.3, a bug was found with authentication checks on the `GetConfig()` API endpoint. This allowed unauthenticated users to access this endp...

CVE-2026-24765

Jan 28, 2026 21:14:01 UTC

PHPUnit is a testing framework for PHP. A vulnerability has been discovered in versions prior to 12.5.8, 11.5.50, 10.5.62, 9.6.33, and 8.5.52 involving unsafe deserialization of code coverage data in PHPT test execution. The vulnerability e...

CVE-2020-36972

Jan 28, 2026 21:12:56 UTC

SmartBlog 2.0.1 contains a blind SQL injection vulnerability in the 'id_post' parameter of the details controller that allows attackers to extract database information. Attackers can systematically test and retrieve database contents by inj...

CVE-2020-36973

Jan 28, 2026 21:12:47 UTC

PDW File Browser 1.3 contains a remote code execution vulnerability that allows authenticated users to upload and rename webshell files to arbitrary web server locations. Attackers can upload a .txt webshell, rename it to .php, and move it ...