Security Vulnerabilities
The vulnerability exists in BLUVOYIX due to design flaws in the email sending API. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable email sending API. Successful exploitation of this vulnerability could allow the attacker to send unsolicited emails to anyone on behalf of the company.
CVSS Score
5.3
EPSS Score
0.001
Published
2026-01-14
The vulnerability exists in BLUVOYIX due to an improper password storage implementation and subsequent exposure via unauthenticated APIs. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable users API to retrieve the plaintext passwords of all user users. Successful exploitation of this vulnerability could allow the attacker to gain full access to customers' data and completely compromise the targeted platform by logging in using an exposed admin email address and password.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-01-14
Outray openSource ngrok alternative. Prior to 0.1.5, a TOCTOU race condition vulnerability allows a user to exceed the set number of active tunnels in their subscription plan. This vulnerability is fixed in 0.1.5.
CVSS Score
3.7
EPSS Score
0.0
Published
2026-01-14
The vulnerability exists in BLUVOYIX due to improper authentication in the BLUVOYIX backend APIs. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable APIs. Successful exploitation of this vulnerability could allow the attacker to gain full access to customers' data and completely compromise the targeted platform.
CVSS Score
9.8
EPSS Score
0.002
Published
2026-01-14
The vulnerability exists in BLUVOYIX due to the exposure of sensitive internal API documentation. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the APIs exposed by the documentation. Successful exploitation of this vulnerability could allow the attacker to cause damage to the targeted platform by abusing internal functionality.
CVSS Score
9.8
EPSS Score
0.005
Published
2026-01-14
Libsndfile <=1.2.2 contains a memory leak vulnerability in the mpeg_l3_encoder_init() function within the mpeg_l3_encode.c file.
CVSS Score
5.3
EPSS Score
0.0
Published
2026-01-14
Cypher Injection vulnerability in Apache Camel camel-neo4j component.
This issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.3, from 4.15.0 before 4.17.0
Users are recommended to upgrade to version 4.10.8 for 4.10.x LTS and 4.14.3 for 4.14.x LTS and 4.17.0.
CVSS Score
5.3
EPSS Score
0.001
Published
2026-01-14
In certain Arm CPUs, a CPP RCTX instruction executed on one Processing Element (PE) may inhibit TLB invalidation when a TLBI is issued to the PE, either by the same PE or another PE in the shareability domain. In this case, the PE may retain stale TLB entries which should have been invalidated by the TLBI.
CVSS Score
7.9
EPSS Score
0.0
Published
2026-01-14
Permission verification bypass vulnerability in the media library module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVSS Score
6.1
EPSS Score
0.0
Published
2026-01-14
Data verification vulnerability in the HiView module.
Impact: Successful exploitation of this vulnerability may affect availability.
CVSS Score
6.2
EPSS Score
0.0
Published
2026-01-14