CVSS: 8.0EPSS: %CPEs: -EXPL: 0CVE-2025-4764 – SQLi in Aida Computer's Hotspot
https://notcve.org/view.php?id=CVE-2025-4764
22 Jan 2026 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aida Computer Information Technology Inc. ... NOTE: The vendor was contacted early about this disclosure but did not respond in any way. • https://www.usom.gov.tr/bildirim/tr-26-0001 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: %CPEs: -EXPL: 0CVE-2025-4763 – XSS in Aida Computer's Hotspot
https://notcve.org/view.php?id=CVE-2025-4763
22 Jan 2026 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Aida Computer Information Technology Inc. ... NOTE: The vendor was contacted early about this disclosure but did not respond in any way. • https://www.usom.gov.tr/bildirim/tr-26-0001 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.4EPSS: %CPEs: 1EXPL: 0CVE-2026-24042 – Appsmith public apps can execute unpublished actions (viewMode confusion)
https://notcve.org/view.php?id=CVE-2026-24042
22 Jan 2026 — An attack can result in sensitive data exposure, execution of edit‑mode queries and APIs, development data access, and the ability to trigger side effect behavior. • https://github.com/appsmithorg/appsmith/security/advisories/GHSA-j9qq-4fj9-9883 • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: %CPEs: 1EXPL: 0CVE-2026-23990 – Flux Operator Web UI Impersonation Bypass via Empty OIDC Claims
https://notcve.org/view.php?id=CVE-2026-23990
21 Jan 2026 — This can result in privilege escalation, data exposure, and/or information disclosure. • https://github.com/controlplaneio-fluxcd/flux-operator/commit/084540424f6de8ba5d88fb1fd1e8472ba29afd7e • CWE-269: Improper Privilege Management CWE-862: Missing Authorization •
CVSS: 8.8EPSS: %CPEs: 2EXPL: 0CVE-2025-14083 – Keycloak-server: keycloak: improper access control in admin rest api leads to information disclosure
https://notcve.org/view.php?id=CVE-2025-14083
21 Jan 2026 — A flaw was found in the Keycloak Admin REST API. This vulnerability allows the exposure of backend schema and rules, potentially leading to targeted attacks or privilege escalation via improper access control. • https://access.redhat.com/security/cve/CVE-2025-14083 • CWE-284: Improper Access Control •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-33231
https://notcve.org/view.php?id=CVE-2025-33231
20 Jan 2026 — A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service and information disclosure. • https://nvd.nist.gov/vuln/detail/CVE-2025-33231 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-33230
https://notcve.org/view.php?id=CVE-2025-33230
20 Jan 2026 — A successful exploit of this vulnerability might lead to escalation of privileges, code execution, data tampering, denial of service, and information disclosure. • https://nvd.nist.gov/vuln/detail/CVE-2025-33230 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-33229
https://notcve.org/view.php?id=CVE-2025-33229
20 Jan 2026 — A successful exploit of this vulnerability may lead to escalation of privileges, code execution, data tampering, denial of service, and information disclosure. • https://nvd.nist.gov/vuln/detail/CVE-2025-33229 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-33228
https://notcve.org/view.php?id=CVE-2025-33228
20 Jan 2026 — A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure. • https://nvd.nist.gov/vuln/detail/CVE-2025-33228 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-33233
https://notcve.org/view.php?id=CVE-2025-33233
20 Jan 2026 — A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. • https://nvd.nist.gov/vuln/detail/CVE-2025-33233 • CWE-94: Improper Control of Generation of Code ('Code Injection') •