Searching...
Please wait while we search the database
| CVE ID | Severity | Description | Published | Actions |
|---|---|---|---|---|
|
CVE-2025-34276
|
N/A |
02 Jan 2026
|
||
|
CVE-2025-34275
|
N/A |
02 Jan 2026
|
||
|
CVE-2025-34268
|
N/A |
02 Jan 2026
|
||
|
CVE-2025-34250
|
N/A |
02 Jan 2026
|
||
|
CVE-2025-34219
|
N/A |
02 Jan 2026
|
||
|
CVE-2025-34214
|
N/A |
02 Jan 2026
|
||
|
CVE-2025-34213
|
N/A |
02 Jan 2026
|
||
|
CVE-2025-34170
|
N/A |
02 Jan 2026
|
||
|
CVE-2025-34169
|
N/A |
02 Jan 2026
|
||
|
CVE-2025-34168
|
N/A |
02 Jan 2026
|
||
|
CVE-2025-34167
|
N/A |
02 Jan 2026
|
||
|
CVE-2025-34166
|
N/A |
02 Jan 2026
|
||
|
CVE-2025-34145
|
N/A |
02 Jan 2026
|
||
|
CVE-2025-34144
|
N/A |
02 Jan 2026
|
||
|
CVE-2025-34137
|
N/A |
02 Jan 2026
|
||
|
CVE-2025-34131
|
N/A |
02 Jan 2026
|
||
|
CVE-2025-34122
|
N/A |
02 Jan 2026
|
||
|
CVE-2025-34094
|
N/A |
02 Jan 2026
|
||
|
CVE-2025-69414
|
HIGH |
Plex Media Server (PMS) through 1.42.2.10156 allows retrieval of a permanent access token via a /myplex/account call with a transient access token.
|
02 Jan 2026
|
|
|
CVE-2026-0566
|
MEDIUM |
A security vulnerability has been detected in code-projects Content Management System 1.0. Impacted is an unknown function of the file /admin/edit_posts.php. The manipulation of the argument image leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.
|
02 Jan 2026
|
|
|
CVE-2025-62842
|
HIGH |
An external control of file name or path vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If an attacker gains local network access, they can then exploit the vulnerability to read or modify files or directories.
We have already fixed the vulnerability in the following version:
HBS 3 Hybrid Backup Sync 26.2.0.938 and later
|
02 Jan 2026
|
|
|
CVE-2025-62840
|
HIGH |
A generation of error message containing sensitive information vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If an attacker gains local network access, they can then exploit the vulnerability to read application data.
We have already fixed the vulnerability in the following version:
HBS 3 Hybrid Backup Sync 26.2.0.938 and later
|
02 Jan 2026
|
|
|
CVE-2025-11837
|
HIGH |
An improper control of generation of code vulnerability has been reported to affect Malware Remover. The remote attackers can then exploit the vulnerability to bypass protection mechanism.
We have already fixed the vulnerability in the following version:
Malware Remover 6.6.8.20251023 and later
|
02 Jan 2026
|
|
|
CVE-2025-69284
|
MEDIUM |
Plane is an an open-source project management tool. In plane.io, a guest user doesn't have a permission to access https[:]//app[.]plane[.]so/[:]slug/settings. Prior to Plane version 1.2.0, a problem occurs when the `/api/workspaces/:slug/members/` is accessible by guest and able to list of users on a specific workspace that they joined. Since the `display_name` in the response is actually the handler of the email, a malicious guest can still identify admin users' email addresses. Version 1.2.0 fixes this issue.
|
02 Jan 2026
|
|
|
CVE-2025-62852
|
LOW |
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following version:
QTS 5.2.8.3332 build 20251128 and later
|
02 Jan 2026
|
CVE-2025-34276
N/A
02 Jan 2026
CVE-2025-34275
N/A
02 Jan 2026
CVE-2025-34268
N/A
02 Jan 2026
CVE-2025-34250
N/A
02 Jan 2026
CVE-2025-34219
N/A
02 Jan 2026
CVE-2025-34214
N/A
02 Jan 2026
CVE-2025-34213
N/A
02 Jan 2026
CVE-2025-34170
N/A
02 Jan 2026
CVE-2025-34169
N/A
02 Jan 2026
CVE-2025-34168
N/A
02 Jan 2026
CVE-2025-34167
N/A
02 Jan 2026
CVE-2025-34166
N/A
02 Jan 2026
CVE-2025-34145
N/A
02 Jan 2026
CVE-2025-34144
N/A
02 Jan 2026
CVE-2025-34137
N/A
02 Jan 2026
CVE-2025-34131
N/A
02 Jan 2026
CVE-2025-34122
N/A
02 Jan 2026
CVE-2025-34094
N/A
02 Jan 2026
CVE-2025-69414
HIGH
02 Jan 2026
Plex Media Server (PMS) through 1.42.2.10156 allows retrieval of a permanent access token via a /myplex/account call with a transient access token.
CVE-2026-0566
MEDIUM
02 Jan 2026
A security vulnerability has been detected in code-projects Content Management System 1.0. Impacted is an unknown function of the file /admin/edit_posts.php. The manipulation of the argument image leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.
CVE-2025-62842
HIGH
02 Jan 2026
An external control of file name or path vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If an attacker gains local network access, they can then exploit the vulnerability to read or modify files or directories.
We have already fixed the vulnerability in the following version:
HBS 3 Hybrid Backup Sync 26.2.0.938 and later
CVE-2025-62840
HIGH
02 Jan 2026
A generation of error message containing sensitive information vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If an attacker gains local network access, they can then exploit the vulnerability to read application data.
We have already fixed the vulnerability in the following version:
HBS 3 Hybrid Backup Sync 26.2.0.938 and later
CVE-2025-11837
HIGH
02 Jan 2026
An improper control of generation of code vulnerability has been reported to affect Malware Remover. The remote attackers can then exploit the vulnerability to bypass protection mechanism.
We have already fixed the vulnerability in the following version:
Malware Remover 6.6.8.20251023 and later
CVE-2025-69284
MEDIUM
02 Jan 2026
Plane is an an open-source project management tool. In plane.io, a guest user doesn't have a permission to access https[:]//app[.]plane[.]so/[:]slug/settings. Prior to Plane version 1.2.0, a problem occurs when the `/api/workspaces/:slug/members/` is accessible by guest and able to list of users on a specific workspace that they joined. Since the `display_name` in the response is actually the handler of the email, a malicious guest can still identify admin users' email addresses. Version 1.2.0 fixes this issue.
CVE-2025-62852
LOW
02 Jan 2026
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following version:
QTS 5.2.8.3332 build 20251128 and later
Page 95 of 660
Page 95 of 660