CVE Brief Security Intelligence

The Gravity SMTP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2

Symantec Data Loss Prevention Windows Endpoint, prior to 25

Nginx UI is a web user interface for the Nginx web server

The Debugger & Troubleshooter plugin for WordPress was vulnerable to Unauthenticated Privilege Escalation in versions up to and including 1

HAPI FHIR, a Java-based HL7 FHIR implementation, contains a high-severity vulnerability that impacts the security of healthcare data interoperability.

Core FTP/SFTP Server 1

JOSE is a Javascript Object Signing and Encryption (JOSE) library

The Query Monitor – The developer tools panel for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘$_SERVER['REQUEST_URI']’ parameter in all versions up to, and including, 3

FastGPT, an AI Agent building platform, contains a security vulnerability that could lead to unauthorized access or manipulation of AI agent configurations.

Admidio is an open-source user management solution

WWBN AVideo is an open source video platform

A security vulnerability has been detected in code-projects Accounting System 1

A vulnerability was determined in code-projects Student Membership System 1

A security flaw has been discovered in itsourcecode Payroll Management System 1

A weakness has been identified in itsourcecode Payroll Management System 1

A flaw has been found in code-projects Simple Laundry System 1

A vulnerability has been found in code-projects Simple Laundry System 1

baserCMS is a website development framework

OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication

A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205

A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205

A vulnerability was determined in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205

WWBN AVideo is an open source video platform

Invoice Ninja v5

NVIDIA BioNeMo contains a vulnerability where a user could cause a deserialization of untrusted data

A vulnerability was detected in SourceCodester Simple Doctors Appointment System 1

A flaw has been found in SourceCodester Simple Doctors Appointment System 1

NVIDIA BioNeMo contains a vulnerability where a user could cause a deserialization of untrusted data

A vulnerability was detected in Tenda CH22 1

A vulnerability has been found in Tenda CH22 1

A vulnerability was found in Tenda CH22 1

A vulnerability was determined in Tenda CH22 1

A vulnerability was determined in Tenda CH22 1

The application's installer runs with elevated privileges but resolves system executables and DLLs using untrusted search paths that can include user-writable directories, allowing a local attacker to place malicious binaries with the same names and have them loaded or executed instead of the legitimate system files, resulting in local privilege escalation

NVIDIA Jetson for JetPack contains a vulnerability in the system initialization logic, where an unprivileged attacker could cause the initialization of a resource with an insecure default

A cross-session information disclosure vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab8251 (2026-01-19)

act is a project which allows for local running of github actions

The application's update service, when checking for updates, loads certain system libraries from a search path that includes directories writable by low‑privileged users and is not strictly restricted to trusted system locations

NVIDIA Jetson Linux has vulnerability in initrd, where an unprivileged attacker with physical access coul inject incorrect command line arguments

IBM Storage Protect Server 8

OpenClaw before 2026

Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6

FreeRDP, an open-source Remote Desktop Protocol implementation, contains a security vulnerability. This flaw could potentially allow remote attackers to compromise RDP sessions or execute unauthorized actions.

FreeRDP is affected by a security vulnerability that could lead to unauthorized access or data compromise. This issue resides within the protocol implementation and affects various versions of the software.

FreeRDP is a free implementation of the Remote Desktop Protocol

FreeRDP is a free implementation of the Remote Desktop Protocol

SQL Injection vulnerability in SchemaHero 0

SQL Injection vulnerability in SchemaHero 0

Moby is an open source container framework

XenForo before 2

XenForo before 2

XenForo before 2

baserCMS is a website development framework

A Stored Cross-site Scripting (XSS) vulnerability affecting Document Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session

A Stored Cross-site Scripting (XSS) vulnerability affecting Factory Resource Management in DELMIA Factory Resource Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session

SiYuan is a personal knowledge management system

OpenClaw before 2026

OpenClaw before 2026

SciTokens C++ is a minimal library for creating and using SciTokens from C or C++

Botan is a C++ cryptography library

SciTokens is a reference library for generating and using SciTokens

SciTokens is a reference library for generating and using SciTokens

Sereal::Decoder versions from 4

Sereal::Encoder versions from 4

OpenClaw before 2026

OpenClaw before 2026

OpenClaw before 2026

SciTokens C++ is a minimal library for creating and using SciTokens from C or C++

Impact: The fix for CVE-2021-23337 (https://github

TrueConf Client downloads application update code and applies it without performing verification

vcpkg is a free and open-source C/C++ package manager

InfCode's terminal auto-execution module contains a critical command filtering vulnerability that renders its blacklist security mechanism completely ineffective

The application's list box calculate array logic keeps stale references to page or form objects after they are deleted or re-created, which allows crafted documents to trigger a use-after-free when the calculation runs and can potentially lead to arbitrary code execution

Trino is a distributed SQL query engine for big data analytics

In KubePlus 4

Grav CMS v1

A directory traversal vulnerability in the agentic-context-engine project versions up to 0

InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates

InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates

InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates

OpenAirInterface V2

A vulnerability exists in the iconv() function of the GNU C Library (glibc) version 2. This flaw can lead to unexpected behavior or potential security bypasses during character set conversion.

A flaw in Node

LangChain is a framework for building agents and LLM-powered applications

A flaw was found in the gdk-pixbuf library

OpenClaw before 2026

mppx is a TypeScript interface for machine payments protocol

Out-of-bounds write in the streaming decoder component in aws-c-event-stream before 0

SiYuan is a personal knowledge management system

XenForo before 2

A security flaw has been discovered in YunaiV yudao-cloud up to 2026

A security flaw has been discovered in Totolink A3300R 17

A vulnerability was found in SourceCodester Teacher Record System 1

A flaw has been found in code-projects Student Membership System 1

A vulnerability was detected in SourceCodester Leave Application System 1

A vulnerability was found in Sanster IOPaint 1

baserCMS is a website development framework

A Path Traversal vulnerability affecting Factory Resource Management in DELMIA Factory Resource Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to read or write files in specific directories on the server

OpenClaw before 2026