Searching...
Please wait while we search the database
| CVE ID | Severity | Description | Published | Actions |
|---|---|---|---|---|
|
CVE-2026-21432
|
MEDIUM |
Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability that can lead to account takeover, including takeover of admin accounts. As of time of publication, no known patched versions are available.
|
02 Jan 2026
|
|
|
CVE-2026-21431
|
LOW |
Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability in the `Resource media library ` function while publishing an article. As of time of publication, no known patched versions are available.
|
02 Jan 2026
|
|
|
CVE-2026-21430
|
HIGH |
Emlog is an open source website building system. In version 2.5.23, article creation functionality is vulnerable to cross-site request forgery (CSRF). This can lead to a user being forced to post an article with arbitrary, attacker-controlled content. This, when combined with stored cross-site scripting, leads to account takeover. As of time of publication, no known patched versions are available.
|
02 Jan 2026
|
|
|
CVE-2026-0569
|
MEDIUM |
A vulnerability has been found in code-projects Online Music Site 1.0. This affects an unknown function of the file /Frontend/AlbumByCategory.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
02 Jan 2026
|
|
|
CVE-2026-0568
|
MEDIUM |
A flaw has been found in code-projects Online Music Site 1.0. The impacted element is an unknown function of the file /Frontend/ViewSongs.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.
|
02 Jan 2026
|
|
|
CVE-2026-0567
|
MEDIUM |
A vulnerability was detected in code-projects Content Management System 1.0. The affected element is an unknown function of the file /pages.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is now public and may be used.
|
02 Jan 2026
|
|
|
CVE-2026-21429
|
LOW |
Emlog is an open source website building system. In version 2.5.23, the admin can set controls which makes users unable to edit or delete their articles after publishing them. As of time of publication, no known patched versions are available.
|
02 Jan 2026
|
|
|
CVE-2025-15439
|
MEDIUM |
A vulnerability was identified in Daptin 0.10.3. Affected by this vulnerability is the function goqu.L of the file server/resource/resource_aggregate.go of the component Aggregate API. The manipulation of the argument column/group/order leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
02 Jan 2026
|
|
|
CVE-2025-69417
|
MEDIUM |
In the plex.tv backend for Plex Media Server (PMS) through 2025-12-31, a non-server device token can retrieve share tokens (intended for unrelated access) via a shared_servers endpoint.
|
02 Jan 2026
|
|
|
CVE-2025-35002
|
N/A |
02 Jan 2026
|
||
|
CVE-2025-35001
|
N/A |
02 Jan 2026
|
||
|
CVE-2025-35000
|
N/A |
02 Jan 2026
|
||
|
CVE-2025-34999
|
N/A |
02 Jan 2026
|
||
|
CVE-2025-34998
|
N/A |
02 Jan 2026
|
||
|
CVE-2025-34997
|
N/A |
02 Jan 2026
|
||
|
CVE-2025-34996
|
N/A |
02 Jan 2026
|
||
|
CVE-2025-34995
|
N/A |
02 Jan 2026
|
||
|
CVE-2025-34994
|
N/A |
02 Jan 2026
|
||
|
CVE-2025-34993
|
N/A |
02 Jan 2026
|
||
|
CVE-2025-34992
|
N/A |
02 Jan 2026
|
||
|
CVE-2025-34991
|
N/A |
02 Jan 2026
|
||
|
CVE-2025-34990
|
N/A |
02 Jan 2026
|
||
|
CVE-2025-34989
|
N/A |
02 Jan 2026
|
||
|
CVE-2025-34988
|
N/A |
02 Jan 2026
|
||
|
CVE-2025-34987
|
N/A |
02 Jan 2026
|
CVE-2026-21432
MEDIUM
02 Jan 2026
Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability that can lead to account takeover, including takeover of admin accounts. As of time of publication, no known patched versions are available.
CVE-2026-21431
LOW
02 Jan 2026
Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability in the `Resource media library ` function while publishing an article. As of time of publication, no known patched versions are available.
CVE-2026-21430
HIGH
02 Jan 2026
Emlog is an open source website building system. In version 2.5.23, article creation functionality is vulnerable to cross-site request forgery (CSRF). This can lead to a user being forced to post an article with arbitrary, attacker-controlled content. This, when combined with stored cross-site scripting, leads to account takeover. As of time of publication, no known patched versions are available.
CVE-2026-0569
MEDIUM
02 Jan 2026
A vulnerability has been found in code-projects Online Music Site 1.0. This affects an unknown function of the file /Frontend/AlbumByCategory.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2026-0568
MEDIUM
02 Jan 2026
A flaw has been found in code-projects Online Music Site 1.0. The impacted element is an unknown function of the file /Frontend/ViewSongs.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.
CVE-2026-0567
MEDIUM
02 Jan 2026
A vulnerability was detected in code-projects Content Management System 1.0. The affected element is an unknown function of the file /pages.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is now public and may be used.
CVE-2026-21429
LOW
02 Jan 2026
Emlog is an open source website building system. In version 2.5.23, the admin can set controls which makes users unable to edit or delete their articles after publishing them. As of time of publication, no known patched versions are available.
CVE-2025-15439
MEDIUM
02 Jan 2026
A vulnerability was identified in Daptin 0.10.3. Affected by this vulnerability is the function goqu.L of the file server/resource/resource_aggregate.go of the component Aggregate API. The manipulation of the argument column/group/order leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-69417
MEDIUM
02 Jan 2026
In the plex.tv backend for Plex Media Server (PMS) through 2025-12-31, a non-server device token can retrieve share tokens (intended for unrelated access) via a shared_servers endpoint.
CVE-2025-35002
N/A
02 Jan 2026
CVE-2025-35001
N/A
02 Jan 2026
CVE-2025-35000
N/A
02 Jan 2026
CVE-2025-34999
N/A
02 Jan 2026
CVE-2025-34998
N/A
02 Jan 2026
CVE-2025-34997
N/A
02 Jan 2026
CVE-2025-34996
N/A
02 Jan 2026
CVE-2025-34995
N/A
02 Jan 2026
CVE-2025-34994
N/A
02 Jan 2026
CVE-2025-34993
N/A
02 Jan 2026
CVE-2025-34992
N/A
02 Jan 2026
CVE-2025-34991
N/A
02 Jan 2026
CVE-2025-34990
N/A
02 Jan 2026
CVE-2025-34989
N/A
02 Jan 2026
CVE-2025-34988
N/A
02 Jan 2026
CVE-2025-34987
N/A
02 Jan 2026
Page 47 of 626
Page 47 of 626