Security Vulnerabilities
A vulnerability was detected in code-projects Content Management System 1.0. The affected element is an unknown function of the file /pages.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is now public and may be used.
CVSS Score
7.3
EPSS Score
0.0
Published
2026-01-02
A flaw has been found in code-projects Online Music Site 1.0. The impacted element is an unknown function of the file /Frontend/ViewSongs.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.
CVSS Score
7.3
EPSS Score
0.0
Published
2026-01-02
A security vulnerability has been detected in code-projects Content Management System 1.0. Impacted is an unknown function of the file /admin/edit_posts.php. The manipulation of the argument image leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.
CVSS Score
4.7
EPSS Score
0.001
Published
2026-01-02
In the plex.tv backend for Plex Media Server (PMS) through 2025-12-31, a non-server device token can retrieve other tokens (intended for unrelated access) via clients.plex.tv/devices.xml.
CVSS Score
5.0
EPSS Score
0.0
Published
2026-01-02
In the plex.tv backend for Plex Media Server (PMS) through 2025-12-31, a non-server device token can retrieve share tokens (intended for unrelated access) via a shared_servers endpoint.
CVSS Score
5.0
EPSS Score
0.0
Published
2026-01-02
An authentication bypass in the /cgi-bin/jvsweb.cgi endpoint of Revotech I6032W-FHW v1.0.0014 - 20210517 allows attackers to access sensitive information and escalate privileges via a crafted HTTP request.
CVSS Score
7.5
EPSS Score
0.001
Published
2026-01-02
Vatilon v1.12.37-20240124 was discovered to transmit user credentials in plaintext.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-01-02
An issue in Vatilon v1.12.37-20240124 allows attackers to access sensitive directories and files via a directory traversal.
CVSS Score
7.5
EPSS Score
0.002
Published
2026-01-02
Plex Media Server (PMS) through 1.42.2.10156 allows retrieval of a permanent access token via a /myplex/account call with a transient access token.
CVSS Score
8.5
EPSS Score
0.0
Published
2026-01-02
In Plex Media Server (PMS) through 1.42.2.10156, ability to access /myplex/account with a device token is not properly aligned with whether the device is currently associated with an account.
CVSS Score
7.1
EPSS Score
0.0
Published
2026-01-02