CVE Brief Security Intelligence

A high-severity security flaw has been discovered in Undertow, a flexible performant web server used in many Java-based applications.

Azure Data Explorer MCP Server is a Model Context Protocol (MCP) server that enables AI assistants to execute KQL queries and explore Azure Data Explorer (ADX/Kusto) databases through standardized interfaces

Doveadm credentials are verified using direct comparison, creating a timing oracle vulnerability that allows attackers to potentially guess sensitive information.

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1

Group-Office is an enterprise customer relationship management and groupware tool

Happy DOM is a JavaScript implementation of a web browser without its graphical user interface

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1

NRSS RSS Reader 0

The Ultimate Member plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript

Happy DOM is a JavaScript implementation of a web browser without its graphical user interface

The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript

Ella Core is a 5G core designed for private networks

The Oxygen Theme theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6

Server-Side Request Forgery (SSRF) vulnerability exists in the AnnounContent of the /admin/read

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1

Flannel is a network fabric for containers, designed for Kubernetes

A security flaw has been discovered in code-projects Simple Food Order System 1

A weakness has been identified in code-projects Simple Food Order System 1

A security vulnerability has been detected in code-projects Simple Food Order System 1

A vulnerability was detected in code-projects Accounting System 1

A flaw has been found in code-projects Accounting System 1

A vulnerability has been found in code-projects Accounting System 1

WeGIA is a web manager for charitable institutions

WWBN AVideo is an open source video platform

A vulnerability was determined in Tenda AC6 15

A vulnerability was identified in Tenda AC6 15

A flaw has been found in Tenda AC7 15

A vulnerability has been found in Tenda AC15 15

A flaw has been found in Tenda F453 1

A vulnerability was found in D-Link DIR-513 1

The 'POST /api/v2/files' endpoint fails to sanitize the 'filename' parameter, allowing unauthenticated path traversal and arbitrary file writes.

Ubiquiti UniFi Network Controller prior to 5

The Twilio integration webhook handler accepts any POST request without validating Twilio's 'X-Twilio-Signature'

A path traversal vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab8251 (2026-01-19) in the Beifong AI News and Podcast Agent backend in FastAPI backend, stream-audio endpoint, in file routers/podcast_router

A security flaw has been discovered in UltraVNC up to 1

A vulnerability was found in Totolink LR350 9

A high-severity vulnerability has been identified in the Wavlink WL-WN579X3-C router, version 231124, which could allow for remote exploitation.

A vulnerability was found in Tenda 4G06 04

A technical flaw in the Undertow web server component could allow for remote exploitation, potentially impacting application stability and security.

A flaw was found in Undertow

A buffer overflow vulnerability exists in the ONVIF GetStreamUri function of the LSC Indoor Camera V7, allowing for potential remote code execution.

A high-severity vulnerability in the Notesnook note-taking application could lead to unauthorized data access or a compromise of user information.

A high-severity vulnerability has been identified in LibreChat, a ChatGPT clone, which may lead to unauthorized access or system compromise.

LinkAce is a self-hosted archive to collect website links

xwpe 1

yTree 1

Multi Emulator Super System 0

TiEmu 3

Yasr 0

TRN 3

PInfo 0

HNB Organizer 1

zFTP Client 20061220+dfsg3-4

EKG Gadu 1

iSelect 1

Mapscrn 2

Flat Assembler 1

A late-disclosure high-severity vulnerability affects SC v7, potentially leading to unauthorized system access or arbitrary code execution.

PMS 0

SIPP 3

Handlebars provides the power necessary to let users build semantic templates

Express XSS Sanitizer is Express 4

In the latest version of mlflow/mlflow, when the `basic-auth` app is enabled, tracing and assessment endpoints are not protected by permission validators

Handlebars provides the power necessary to let users build semantic templates

Handlebars provides the power necessary to let users build semantic templates

Mobile Next is an MCP server for mobile development and automation

Gematik Authenticator securely authenticates users for login to digital health applications

Substance3D - Stager versions 3

Dovecot SQL based authentication can be bypassed when auth_username_chars is cleared by admin

LibreChat, an open-source ChatGPT clone, contains a high-severity vulnerability that could impact the security of the AI interface and user data.

ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response

Attacker can send a specifically crafted message before authentication that causes managesieve to allocate large amount of memory

The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes

A blog

Netty is an asynchronous, event-driven network application framework

UniFi Network Controller before version 5

Handlebars provides the power necessary to let users build semantic templates

A weakness has been identified in mingSoft MCMS up to 5

A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1

A vulnerability was detected in Shenzhen Ruiming Technology Streamax Crocus 1

A vulnerability was found in OpenBMB XAgent 1

A vulnerability was detected in letta-ai letta 0

A security vulnerability has been detected in chatwoot up to 4

The eswifi socket offload driver copies user-provided payloads into a fixed buffer without checking available space; oversized sends overflow `eswifi->buf`, corrupting kernel memory (CWE-120)

A vulnerability was identified in Sinaptik AI PandasAI up to 0

A weakness has been identified in Sinaptik AI PandasAI up to 3

A vulnerability was detected in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054

A flaw has been found in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054

A vulnerability has been found in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054

A flaw has been found in elecV2 elecV2P up to 3

A vulnerability was identified in elecV2 elecV2P up to 3