Security Vulnerabilities
A stored cross-site scripting (XSS) vulnerability exists in pH7Software pH7-Social-Dating-CMS 17.9.1 in the user profile Description field.
CVSS Score
5.4
EPSS Score
0.0
Published
2026-01-14
An insecure authentication mechanism in the safe_exec.sh startup script of Blurams Flare Camera version 24.1114.151.929 and earlier allows an attacker with physical access to the device to execute arbitrary commands with root privileges, if file /opt/images/public_key.der is not present in the file system. The vulnerability can be triggered by providing a maliciously crafted auth.ini file on the device's SD card.
CVSS Score
6.8
EPSS Score
0.001
Published
2026-01-14
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the serviceName parameter of the sub_65A28 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-01-14
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the serverName parameter of the sub_65A28 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-01-14
BlackSheep is an asynchronous web framework to build event based web applications with Python. Prior to 2.4.6, the HTTP Client implementation in BlackSheep is vulnerable to CRLF injection. Missing headers validation makes it possible for an attacker to modify the HTTP requests (e.g. insert a new header) or even create a new HTTP request. Exploitation requires developers to pass unsanitized user input directly into headers.The server part is not affected because BlackSheep delegates to an underlying ASGI server handling of response headers. This vulnerability is fixed in 2.4.6.
CVSS Score
5.3
EPSS Score
0.0
Published
2026-01-14
Cursor is a code editor built for programming with AI. Prior to 2.3, hen the Cursor Agent is running in Auto-Run Mode with Allowlist mode enabled, certain shell built-ins can still be executed without appearing in the allowlist and without requiring user approval.
This allows an attacker via indirect or direct prompt injection to poison the shell environment by setting, modifying, or removing environment variables that influence trusted commands. This vulnerability is fixed in 2.3.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-01-14
Paessler PRTG Network Monitor before 25.4.114 allows XSS by an unauthenticated attacker via the tag parameter.
CVSS Score
6.1
EPSS Score
0.001
Published
2026-01-14
Paessler PRTG Network Monitor before 25.4.114 allows XSS by an unauthenticated attacker via the filter parameter.
CVSS Score
5.4
EPSS Score
0.001
Published
2026-01-14
Paessler PRTG Network Monitor before 25.4.114 allows Denial-of-Service (DoS) by an authenticated attacker via the Notification Contacts functionality.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-01-14
FreeImage 3.18.0 contains a Use After Free in PluginTARGA.cpp;loadRLE().
CVSS Score
9.8
EPSS Score
0.001
Published
2026-01-14