6.9

CVSS4.0

CVE-2026-0567 - code-projects Content Management System pages.php sql injection

A vulnerability was detected in code-projects Content Management System 1.0. The affected element is an unknown function of the file /pages.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is now public and may be used.

๐Ÿ“… Published: Jan. 2, 2026, 5:32 p.m. ๐Ÿ”„ Last Modified: April 18, 2026, 8:45 a.m.

2

CVSS4.0

CVE-2026-21429 - Emlog has Broken Access Control (BAC)

Emlog is an open source website building system. In version 2.5.23, the admin can set controls which makes users unable to edit or delete their articles after publishing them. As of time of publication, no known patched versions are available.

๐Ÿ“… Published: Jan. 2, 2026, 5:23 p.m. ๐Ÿ”„ Last Modified: April 18, 2026, 8:45 a.m.

6.9

CVSS4.0

CVE-2025-34171 - CasaOS <= 0.4.15 Unauthenticated File and Debug Data Exposure

CasaOS versions up to and including 0.4.15 expose multiple unauthenticated endpoints that allow remote attackers to retrieve sensitive configuration files and system debug information. The /v1/users/image endpoint can be abused with a user-controlled path parameter to access files under /var/lib/caโ€ฆ

๐Ÿ“… Published: Jan. 2, 2026, 5:15 p.m. ๐Ÿ”„ Last Modified: March 5, 2026, 1:29 a.m.

5.3

CVSS4.0

CVE-2025-15439 - Daptin Aggregate API resource_aggregate.go goqu.L sql injection

A vulnerability was identified in Daptin 0.10.3. Affected by this vulnerability is the function goqu.L of the file server/resource/resource_aggregate.go of the component Aggregate API. The manipulation of the argument column/group/order leads to sql injection. The attack may be initiated remotely. โ€ฆ

๐Ÿ“… Published: Jan. 2, 2026, 5:02 p.m. ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

5

CVSS3.1

CVE-2025-69417 -

In the plex.tv backend for Plex Media Server (PMS) through 2025-12-31, a non-server device token can retrieve share tokens (intended for unrelated access) via a shared_servers endpoint.

๐Ÿ“… Published: Jan. 2, 2026, 4:55 p.m. ๐Ÿ”„ Last Modified: Feb. 27, 2026, 3:08 p.m.

5

CVSS3.1

CVE-2025-69416 -

In the plex.tv backend for Plex Media Server (PMS) through 2025-12-31, a non-server device token can retrieve other tokens (intended for unrelated access) via clients.plex.tv/devices.xml.

๐Ÿ“… Published: Jan. 2, 2026, 4:52 p.m. ๐Ÿ”„ Last Modified: Feb. 27, 2026, 3:08 p.m.

7.1

CVSS3.1

CVE-2025-69415 -

In Plex Media Server (PMS) through 1.42.2.10156, ability to access /myplex/account with a device token is not properly aligned with whether the device is currently associated with an account.

๐Ÿ“… Published: Jan. 2, 2026, 4:49 p.m. ๐Ÿ”„ Last Modified: Feb. 27, 2026, 3:27 p.m.

8.5

CVSS3.1

CVE-2025-69414 -

Plex Media Server (PMS) through 1.42.2.10156 allows retrieval of a permanent access token via a /myplex/account call with a transient access token.

๐Ÿ“… Published: Jan. 2, 2026, 4:43 p.m. ๐Ÿ”„ Last Modified: Feb. 27, 2026, 3:27 p.m.

5.1

CVSS4.0

CVE-2026-0566 - code-projects Content Management System edit_posts.php unrestricted upload

A security vulnerability has been detected in code-projects Content Management System 1.0. Impacted is an unknown function of the file /admin/edit_posts.php. The manipulation of the argument image leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit has been โ€ฆ

๐Ÿ“… Published: Jan. 2, 2026, 4:32 p.m. ๐Ÿ”„ Last Modified: April 18, 2026, 8:45 a.m.

8.1

CVSS4.0

CVE-2025-59389 - Hyper Data Protector

An SQL injection vulnerability has been reported to affect Hyper Data Protector. The remote attackers can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: Hyper Data Protector 2.2.4.1 and later

๐Ÿ“… Published: Jan. 2, 2026, 3:51 p.m. ๐Ÿ”„ Last Modified: Jan. 22, 2026, 6:20 p.m.
Total resulsts: 349182
Page 2302 of 34,919
ยซ previous page ยป next page
Filters