Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2026-01-16
CVE-2025-12641 - Awesome Support Plugin
The Awesome Support - WordPress HelpDesk & Support Plugin for WordPress is vulnerable to authorization bypass due to missing capability checks in all versions up to, and including, 6.3.6. This is due to the 'wpas_do_mr_activate_user' function not verifying that a user has permission to modify other users' roles, combined with a nonce reuse vulnerability where public registration nonces are valid for privileged actions because all actions share the same nonce namespace. This makes it possible for unauthenticated attackers to demote administrators to low-privilege roles via the 'wpas-do=mr_activate_user' action with a…
PLUGIN
Awesome Support
CVE-2025-12641
Risk Score
Threat Entry
Updated 2026-01-23
CVE-2026-1023 - Statistics Database System Plugin
Statistics Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly exploit a specific functionality to query database contents.
PLUGIN
Statistics Database System
CVE-2026-1023
Risk Score
Threat Entry
Updated 2026-01-23
CVE-2026-1022 - Statistics Database System Plugin
Statistics Database System developed by Gotac has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.
PLUGIN
Statistics Database System
CVE-2026-1022
Risk Score
Threat Entry
Updated 2026-01-23
CVE-2026-1021 - Police Statistics Database System Plugin
Police Statistics Database System developed by Gotac has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attacker to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
PLUGIN
Police Statistics Database System
CVE-2026-1021
Risk Score
Threat Entry
Updated 2026-01-23
CVE-2026-1019 - Police Statistics Database System Plugin
Police Statistics Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality.
PLUGIN
Police Statistics Database System
CVE-2026-1019
Risk Score
Threat Entry
Updated 2026-01-23
CVE-2026-1018 - Police Statistics Database System Plugin
Police Statistics Database System developed by Gotac has an Arbitrary File Read vulnerability, allowing Unauthenticated remote attacker to exploit Absolute Path Traversal to download arbitrary system files.
PLUGIN
Police Statistics Database System
CVE-2026-1018
Risk Score
Threat Entry
Updated 2026-01-23
CVE-2026-1020 - Police Statistics Database System Plugin
Police Statistics Database System developed by Gotac has a Absolute Path Traversal vulnerability, allowing unauthenticated remote attackers to enumerate the system file directory.
PLUGIN
Police Statistics Database System
CVE-2026-1020
Risk Score
Threat Entry
Updated 2026-01-23
CVE-2026-1011 - Altium Live Plugin
A stored cross-site scripting (XSS) vulnerability exists in the Altium Support Center AddComment endpoint due to missing server-side input sanitization. Although the client interface applies HTML escaping, the backend accepts and stores arbitrary HTML and JavaScript supplied via modified POST requests. The injected content is rendered verbatim when support cases are viewed by other users, including support staff with elevated privileges, allowing execution of arbitrary JavaScript in the victim’s browser context.
PLUGIN
Altium Live
CVE-2026-1011
Risk Score
Threat Entry
Updated 2026-01-21
CVE-2026-22863 - Deno Plugin
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Before 2.6.0, node:crypto doesn't finalize cipher. The vulnerability allows an attacker to have infinite encryptions. This can lead to naive attempts at brute forcing, as well as more refined attacks with the goal to learn the server secrets. This vulnerability is fixed in 2.6.0.
PLUGIN
Deno
CVE-2026-22863
Risk Score
Threat Entry
Updated 2026-01-23
CVE-2026-1009 - Altium Live Plugin
A stored cross-site scripting (XSS) vulnerability exists in the Altium Forum due to missing server-side input sanitization in forum post content. An authenticated attacker can inject arbitrary JavaScript into forum posts, which is stored and executed when other users view the affected post. Successful exploitation allows the attacker’s payload to execute in the context of the victim’s authenticated Altium 365 session, enabling unauthorized access to workspace data, including design files and workspace settings. Exploitation requires user interaction to view a malicious forum post.
PLUGIN
Altium Live
CVE-2026-1009
Risk Score
Threat Entry
Updated 2026-01-21
CVE-2026-22864 - Deno Plugin
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Before 2.5.6, a prior patch aimed to block spawning Windows batch/shell files by returning an error when a spawned path’s extension matched .bat or .cmd. That check performs a case-sensitive comparison against lowercase literals and therefore can be bypassed when the extension uses alternate casing (for example .BAT, .Bat, etc.). This vulnerability is fixed in 2.5.6.
PLUGIN
Deno
CVE-2026-22864
Risk Score
Threat Entry
Updated 2026-01-23
CVE-2026-1010 - Altium Enterprise Server Plugin
A stored cross-site scripting (XSS) vulnerability exists in the Altium Workflow Engine due to missing server-side input sanitization in workflow form submission APIs. A regular authenticated user can inject arbitrary JavaScript into workflow data. When an administrator views the affected workflow, the injected payload executes in the administrator’s browser context, allowing privilege escalation, including creation of new administrator accounts, session token theft, and execution of administrative actions.
PLUGIN
Altium Enterprise Server
CVE-2026-1010
Risk Score
Threat Entry
Updated 2026-01-23
CVE-2026-22045 - Traefik Plugin
Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.35 and 3.6.7, there is a potential vulnerability in Traefik ACME TLS certificates' automatic generation: the ACME TLS-ALPN fast path can allow unauthenticated clients to tie up go routines and file descriptors indefinitely when the ACME TLS challenge is enabled. A malicious client can open many connections, send a minimal ClientHello with acme-tls/1, then stop responding, leading to denial of service of the entry point. The vulnerability is fixed in 2.11.35 and 3.6.7.
PLUGIN
Traefik
CVE-2026-22045
Risk Score
Threat Entry
Updated 2026-01-23
CVE-2026-1008 - Altium Live Plugin
A stored cross-site scripting (XSS) vulnerability exists in the user profile text fields of Altium 365. Insufficient server-side input sanitization allows authenticated users to inject arbitrary HTML and JavaScript payloads using whitespace-based attribute parsing bypass techniques. The injected payload is persisted and executed when other users view the affected profile page, potentially allowing session token theft, phishing attacks, or malicious redirects. Exploitation requires an authenticated account and user interaction to view the crafted profile.
PLUGIN
Altium Live
CVE-2026-1008
Risk Score
Threat Entry
Updated 2026-01-23
CVE-2026-0915 - Glibc Plugin
Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.
PLUGIN
Glibc
CVE-2026-0915
Risk Score
Threat Entry
Updated 2026-01-23
CVE-2026-21920 - Junos OS Plugin
An Unchecked Return Value vulnerability in the DNS module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If an SRX Series device configured for DNS processing, receives a specifically formatted DNS request flowd will crash and restart, which causes a service interruption until the process has recovered. This issue affects Junos OS on SRX Series: * 23.4 versions before 23.4R2-S5, * 24.2 versions before 24.2R2-S1, * 24.4 versions before 24.4R2. This issue does not affect Junos OS versions before 23.4R1.
PLUGIN
Junos OS
CVE-2026-21920
Risk Score
Threat Entry
Updated 2026-01-23
CVE-2026-21918 - Junos OS Plugin
A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX and MX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). On all SRX and MX Series platforms, when during TCP session establishment a specific sequence of packets is encountered a double free happens. This causes flowd to crash and the respective FPC to restart. This issue affects Junos OS on SRX and MX Series: * all versions before 22.4R3-S7, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2-S4, *…
PLUGIN
Junos OS
CVE-2026-21918
Risk Score
Threat Entry
Updated 2026-01-23
CVE-2026-21921 - Junos OS Evolved Plugin
A Use After Free vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based attacker authenticated with low privileges to cause a Denial-of-Service (DoS). When telemetry collectors are frequently subscribing and unsubscribing to sensors continuously over a long period of time, telemetry-capable processes like chassisd, rpd or mib2d will crash and restart, which - depending on the process - can cause a complete outage until the system has recovered. This issue affects: Junos OS: * all versions before 22.4R3-S8, * 23.2 versions…
PLUGIN
Junos OS Evolved
CVE-2026-21921
Risk Score
Threat Entry
Updated 2026-01-23
CVE-2026-21917 - Junos OS Plugin
An Improper Validation of Syntactic Correctness of Input vulnerability in the Web-Filtering module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If an SRX device configured for UTM Web-Filtering receives a specifically malformed SSL packet, this will cause an FPC crash and restart. This issue affects Junos OS on SRX Series: * 23.2 versions from 23.2R2-S2 before 23.2R2-S5, * 23.4 versions from 23.4R2-S1 before 23.4R2-S5, * 24.2 versions before 24.2R2-S2, * 24.4 versions before 24.4R1-S3, 24.4R2. Earlier versions of Junos…
PLUGIN
Junos OS
CVE-2026-21917
Risk Score
Threat Entry
Updated 2026-01-23
CVE-2026-21914 - Junos OS Plugin
An Improper Locking vulnerability in the GTP plugin of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (Dos). If an SRX Series device receives a specifically malformed GPRS Tunnelling Protocol (GTP) Modify Bearer Request message, a lock is acquired and never released. This results in other threads not being able to acquire a lock themselves, causing a watchdog timeout leading to FPC crash and restart. This issue leads to a complete traffic outage until the device has automatically recovered. This issue affects…
PLUGIN
Junos OS
CVE-2026-21914
Risk Score