Patch Tuesday — February 2026
2026-02-10 · 959 CVEs
CVEs published or modified the week of 2026-02-10, partitioned by vendor.
Microsoft (92 CVEs)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-21531 | Critical | 9.8 | — | 2026-02-10 | Deserialization of untrusted data in Azure SDK allows an unauthorized attacker to execute code over a network. |
CVE-2026-2441 | High | 8.8 | KEV | 2026-02-13 | Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. |
CVE-2026-2321 | High | 8.8 | — | 2026-02-11 | Use after free in Ozone in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. |
CVE-2026-2315 | High | 8.8 | — | 2026-02-11 | Inappropriate implementation in WebGPU in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. |
CVE-2026-2314 | High | 8.8 | — | 2026-02-11 | Heap buffer overflow in Codecs in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
CVE-2026-2313 | High | 8.8 | — | 2026-02-11 | Use after free in CSS in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
CVE-2026-21537 | High | 8.8 | — | 2026-02-10 | Improper control of generation of code ('code injection') in Microsoft Defender for Linux allows an unauthorized attacker to execute code over an adjacent network. |
CVE-2026-21518 | High | 8.8 | — | 2026-02-10 | Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network. |
CVE-2026-21516 | High | 8.8 | — | 2026-02-10 | Improper neutralization of special elements used in a command ('command injection') in Github Copilot allows an unauthorized attacker to execute code over a network. |
CVE-2026-21513 | High | 8.8 | KEV | 2026-02-10 | Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network. |
CVE-2026-21510 | High | 8.8 | KEV | 2026-02-10 | Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network. |
CVE-2026-21256 | High | 8.8 | — | 2026-02-10 | Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network. |
CVE-2026-21255 | High | 8.8 | — | 2026-02-10 | Improper access control in Windows Hyper-V allows an authorized attacker to bypass a security feature locally. |
CVE-2026-21228 | High | 8.1 | — | 2026-02-10 | Improper certificate validation in Azure Local allows an unauthorized attacker to execute code over a network. |
CVE-2026-21523 | High | 8.0 | — | 2026-02-10 | Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network. |
CVE-2026-21257 | High | 8.0 | — | 2026-02-10 | Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an authorized attacker to elevate privileges over a network. |
CVE-2026-21229 | High | 8.0 | — | 2026-02-10 | Improper input validation in Power BI allows an authorized attacker to execute code over a network. |
CVE-2026-21347 | High | 7.8 | — | 2026-02-10 | Bridge versions 15.1.3, 16.0.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2026-21346 | High | 7.8 | — | 2026-02-10 | Bridge versions 15.1.3, 16.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2026-21345 | High | 7.8 | — | 2026-02-10 | Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. |
CVE-2026-21344 | High | 7.8 | — | 2026-02-10 | Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. |
CVE-2026-21343 | High | 7.8 | — | 2026-02-10 | Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. |
CVE-2026-21342 | High | 7.8 | — | 2026-02-10 | Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2026-21341 | High | 7.8 | — | 2026-02-10 | Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2026-21533 | High | 7.8 | KEV | 2026-02-10 | Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally. |
CVE-2026-21519 | High | 7.8 | KEV | 2026-02-10 | Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally. |
CVE-2026-21514 | High | 7.8 | KEV | 2026-02-10 | Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally. |
CVE-2026-21357 | High | 7.8 | — | 2026-02-10 | InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2026-21351 | High | 7.8 | — | 2026-02-10 | After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2026-21330 | High | 7.8 | — | 2026-02-10 | After Effects versions 25.6 and earlier are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2026-21329 | High | 7.8 | — | 2026-02-10 | After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2026-21328 | High | 7.8 | — | 2026-02-10 | After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2026-21327 | High | 7.8 | — | 2026-02-10 | After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2026-21326 | High | 7.8 | — | 2026-02-10 | After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2026-21325 | High | 7.8 | — | 2026-02-10 | After Effects versions 25.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. |
CVE-2026-21324 | High | 7.8 | — | 2026-02-10 | After Effects versions 25.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. |
CVE-2026-21323 | High | 7.8 | — | 2026-02-10 | After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2026-21322 | High | 7.8 | — | 2026-02-10 | After Effects versions 25.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. |
CVE-2026-21321 | High | 7.8 | — | 2026-02-10 | After Effects versions 25.6 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2026-21320 | High | 7.8 | — | 2026-02-10 | After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2026-21318 | High | 7.8 | — | 2026-02-10 | After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2026-21259 | High | 7.8 | — | 2026-02-10 | Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to elevate privileges locally. |
CVE-2026-21251 | High | 7.8 | — | 2026-02-10 | Use after free in Windows Cluster Client Failover allows an authorized attacker to elevate privileges locally. |
CVE-2026-21250 | High | 7.8 | — | 2026-02-10 | Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally. |
CVE-2026-21246 | High | 7.8 | — | 2026-02-10 | Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. |
CVE-2026-21245 | High | 7.8 | — | 2026-02-10 | Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. |
CVE-2026-21240 | High | 7.8 | — | 2026-02-10 | Time-of-check time-of-use (toctou) race condition in Windows HTTP.sys allows an authorized attacker to elevate privileges locally. |
CVE-2026-21239 | High | 7.8 | — | 2026-02-10 | Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. |
CVE-2026-21238 | High | 7.8 | — | 2026-02-10 | Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. |
CVE-2026-21236 | High | 7.8 | — | 2026-02-10 | Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. |
CVE-2026-21232 | High | 7.8 | — | 2026-02-10 | Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally. |
CVE-2026-21231 | High | 7.8 | — | 2026-02-10 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally. |
CVE-2026-20841 | High | 7.8 | — | 2026-02-10 | Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code locally. |
CVE-2026-2319 | High | 7.5 | — | 2026-02-11 | Race in DevTools in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures and install a malicious extension to potentially exploit object corruption via a malicious file. |
CVE-2026-21511 | High | 7.5 | — | 2026-02-10 | Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network. |
CVE-2026-21260 | High | 7.5 | — | 2026-02-10 | Exposure of sensitive information to an unauthorized actor in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network. |
CVE-2026-21243 | High | 7.5 | — | 2026-02-10 | Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network. |
CVE-2026-21218 | High | 7.5 | — | 2026-02-10 | Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network. |
CVE-2026-20846 | High | 7.5 | — | 2026-02-10 | Buffer over-read in Windows GDI+ allows an unauthorized attacker to deny service over a network. |
CVE-2026-21248 | High | 7.3 | — | 2026-02-10 | Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally. |
CVE-2026-21247 | High | 7.3 | — | 2026-02-10 | Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally. |
CVE-2026-21244 | High | 7.3 | — | 2026-02-10 | Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally. |
CVE-2026-21235 | High | 7.3 | — | 2026-02-10 | Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. |
CVE-2026-21508 | High | 7.0 | — | 2026-02-10 | Improper authentication in Windows Storage allows an authorized attacker to elevate privileges locally. |
CVE-2026-21253 | High | 7.0 | — | 2026-02-10 | Use after free in Mailslot File System allows an authorized attacker to elevate privileges locally. |
CVE-2026-21242 | High | 7.0 | — | 2026-02-10 | Use after free in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally. |
CVE-2026-21241 | High | 7.0 | — | 2026-02-10 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. |
CVE-2026-21237 | High | 7.0 | — | 2026-02-10 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally. |
CVE-2026-21234 | High | 7.0 | — | 2026-02-10 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally. |
CVE-2026-21522 | Medium | 6.7 | — | 2026-02-10 | Improper neutralization of special elements used in a command ('command injection') in Azure Compute Gallery allows an authorized attacker to elevate privileges locally. |
CVE-2026-2320 | Medium | 6.5 | — | 2026-02-11 | Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. |
CVE-2026-2318 | Medium | 6.5 | — | 2026-02-11 | Inappropriate implementation in PictureInPicture in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. |
CVE-2026-2317 | Medium | 6.5 | — | 2026-02-11 | Inappropriate implementation in Animation in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
CVE-2026-2316 | Medium | 6.5 | — | 2026-02-11 | Insufficient policy enforcement in Frames in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page. |
CVE-2026-23655 | Medium | 6.5 | — | 2026-02-10 | Cleartext storage of sensitive information in Azure Compute Gallery allows an authorized attacker to disclose information over a network. |
CVE-2026-21528 | Medium | 6.5 | — | 2026-02-10 | Binding to an unrestricted ip address in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network. |
CVE-2026-21527 | Medium | 6.5 | — | 2026-02-10 | User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. |
CVE-2026-21512 | Medium | 6.5 | — | 2026-02-10 | Server-side request forgery (ssrf) in Azure DevOps Server allows an authorized attacker to perform spoofing over a network. |
CVE-2026-21525 | Medium | 6.2 | KEV | 2026-02-10 | Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally. |
CVE-2026-2026 | Medium | 6.1 | — | 2026-02-13 | A vulnerability has been identified where weak file permissions in the Nessus Agent directory on Windows hosts could allow unauthorized access, potentially permitting Denial of Service (DoS) attacks. |
CVE-2026-21529 | Medium | 5.7 | — | 2026-02-10 | Improper neutralization of input during web page generation ('cross-site scripting') in Azure HDInsights allows an authorized attacker to perform spoofing over a network. |
CVE-2026-21358 | Medium | 5.5 | — | 2026-02-10 | InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in application denial-of-service. |
CVE-2026-21350 | Medium | 5.5 | — | 2026-02-10 | After Effects versions 25.6 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. |
CVE-2026-21332 | Medium | 5.5 | — | 2026-02-10 | InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. |
CVE-2026-21319 | Medium | 5.5 | — | 2026-02-10 | After Effects versions 25.6 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. |
CVE-2026-21261 | Medium | 5.5 | — | 2026-02-10 | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. |
CVE-2026-21258 | Medium | 5.5 | — | 2026-02-10 | Improper input validation in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. |
CVE-2026-21222 | Medium | 5.5 | — | 2026-02-10 | Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally. |
CVE-2026-2322 | Medium | 5.4 | — | 2026-02-11 | Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. |
CVE-2026-21517 | Medium | 4.7 | — | 2026-02-10 | Improper link resolution before file access ('link following') in Windows App for Mac allows an authorized attacker to elevate privileges locally. |
CVE-2026-2323 | Medium | 4.3 | — | 2026-02-11 | Inappropriate implementation in Downloads in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page. |
CVE-2026-21249 | Low | 3.3 | — | 2026-02-10 | External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing locally. |
Other vendors (867 CVEs across 292 vendors)
N/a · 77 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-69770 | Critical | 10.0 | — | 2026-02-13 | A zip slip vulnerability in the /DesignTools/SkinList.aspx endpoint of MojoPortal CMS v2.9.0.1 allows attackers to execute arbitrary commands via uploading a crafted zip file. |
CVE-2025-64075 | Critical | 10.0 | — | 2026-02-11 | A path traversal vulnerability in the check_token function of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote attackers to bypass authentication and perform administrative actions by supplying a crafted session cookie valu… |
CVE-2025-69633 | Critical | 9.8 | — | 2026-02-13 | A SQL Injection vulnerability in the Advanced Popup Creator (advancedpopupcreator) module for PrestaShop 1.1.26 through 1.2.6 (Fixed in version 1.2.7) allows remote unauthenticated attackers to execute arbitrary SQL queries via the fromCon… |
CVE-2025-70314 | Critical | 9.8 | — | 2026-02-12 | webfsd 1.21 is vulnerable to a Buffer Overflow via a crafted request. |
CVE-2025-67135 | Critical | 9.8 | — | 2026-02-11 | Weak Security in the PF-50 1.2 keyfob of PGST PG107 Alarm System 1.25.05.hf allows attackers to compromise access control via a code replay attack. |
CVE-2025-69872 | Critical | 9.8 | — | 2026-02-11 | DiskCache (python-diskcache) through 5.6.3 uses Python pickle for serialization by default. |
CVE-2025-70085 | Critical | 9.8 | — | 2026-02-11 | An issue was discovered in OpenSatKit 2.2.1. |
CVE-2025-69874 | Critical | 9.8 | — | 2026-02-11 | nanotar through 0.2.0 has a path traversal vulnerability in parseTar() and parseTarGzip() that allows remote attackers to write arbitrary files outside the intended extraction directory via a crafted tar archive containing path traversal s… |
CVE-2026-1615 | Critical | 9.8 | — | 2026-02-09 | Versions of the package jsonpath before 1.3.0 are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-supplied JSON Path expressions. |
CVE-2025-69634 | Critical | 9.0 | — | 2026-02-12 | Cross Site Request Forgery vulnerability in Dolibarr ERP & CRM v.22.0.9 allows a remote attacker to escalate privileges via the notes field in perms.php NOTE: this is disputed by a third party who indicates that exploitation can only occur… |
CVE-2026-2006 | High | 8.8 | — | 2026-02-12 | Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. |
CVE-2026-2005 | High | 8.8 | — | 2026-02-12 | Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. |
CVE-2026-2004 | High | 8.8 | — | 2026-02-12 | Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. |
CVE-2025-65480 | High | 8.8 | — | 2026-02-11 | An issue was discovered in Pacom Unison Client 5.13.1. |
CVE-2025-32008 | High | 8.6 | — | 2026-02-10 | Out-of-bounds write in the firmware for the Intel(R) AMT and Intel(R) Standard Manageability within Ring 3: User Applications may allow a denial of service. |
CVE-2026-2007 | High | 8.2 | — | 2026-02-12 | Heap buffer overflow in PostgreSQL pg_trgm allows a database user to achieve unknown impacts via a crafted input string. |
CVE-2025-25210 | High | 8.2 | — | 2026-02-10 | Improper input validation for some Server Firmware Update Utility(SysFwUpdt) before version 16.0.12 within Ring 3: User Applications may allow an escalation of privilege. |
CVE-2025-69871 | High | 8.1 | — | 2026-02-11 | A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in the registerUsage() function of the promotion module. |
CVE-2025-65128 | High | 8.1 | — | 2026-02-11 | A missing authentication mechanism in the web management API components of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows unauthenticated attackers on the local network to modify router and network configurations. |
CVE-2025-35998 | High | 7.9 | — | 2026-02-10 | Missing protection mechanism for alternate hardware interface in the Intel(R) Quick Assist Technology for some Intel(R) Platforms within Ring 0: Kernel may allow an escalation of privilege. |
CVE-2025-30513 | High | 7.9 | — | 2026-02-10 | Race condition for some TDX Module within Ring 0: Hypervisor may allow an escalation of privilege. |
CVE-2025-63421 | High | 7.8 | — | 2026-02-12 | An issue in filosoft Comerc.32 Commercial Invoicing v.16.0.0.3 allows a local attacker to execute arbitrary code via the comeinst.exe file |
CVE-2025-70083 | High | 7.8 | — | 2026-02-11 | An issue was discovered in OpenSatKit 2.2.1. |
CVE-2025-70957 | High | 7.5 | — | 2026-02-13 | A Denial of Service (DoS) vulnerability was discovered in the TON Lite Server before v2024.09. |
CVE-2025-70956 | High | 7.5 | — | 2026-02-13 | A State Pollution vulnerability was discovered in the TON Virtual Machine (TVM) before v2025.04. |
CVE-2025-70955 | High | 7.5 | — | 2026-02-13 | A Stack Overflow vulnerability was discovered in the TON Virtual Machine (TVM) before v2024.10. |
CVE-2025-70954 | High | 7.5 | — | 2026-02-13 | A Null Pointer Dereference vulnerability exists in the TON Virtual Machine (TVM) within the TON Blockchain before v2025.06. |
CVE-2025-67433 | High | 7.5 | — | 2026-02-12 | A heap buffer overflow in the processRequest function of Open TFTP Server MultiThreaded v1.7 allows attackers to cause a Denial of Service (DoS) via a crafted DATA packet. |
CVE-2025-67432 | High | 7.5 | — | 2026-02-12 | A stack overflow in the ZBarcode_Encode function of Monkeybread Software MBS DynaPDF Plugin v21.3.1.1 allows attackers to cause a Denial of Service (DoS) via a crafted input. |
CVE-2025-69807 | High | 7.5 | — | 2026-02-12 | p2r3 Bareiron commit: 8e4d4020d is vulnerable to Buffer Overflow, which allows unauthenticated remote attackers to cause a denial of service via a packet sent to the server. |
CVE-2025-69806 | High | 7.5 | — | 2026-02-12 | p2r3 bareiron commit: 8e4d4020d contains an Out-of-bounds Read, which allows unauthenticated remote attackers to get relative information leakage via a packet sent to the server |
CVE-2024-26480 | High | 7.5 | — | 2026-02-11 | An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the admin parameter. |
CVE-2024-26477 | High | 7.5 | — | 2026-02-11 | An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the api parameter of the oauth, amazon_sns, export endpoints. |
CVE-2025-70084 | High | 7.5 | — | 2026-02-11 | Directory traversal vulnerability in OpenSatKit 2.2.1 allows attackers to gain access to sensitive information or delete arbitrary files via crafted value to the FileUtil_GetFileInfo function. |
CVE-2025-70029 | High | 7.5 | — | 2026-02-11 | An issue in Sunbird-Ed SunbirdEd-portal v1.13.4 allows attackers to obtain sensitive information. |
CVE-2025-22453 | High | 7.5 | — | 2026-02-10 | Improper input validation for some Server Firmware Update Utility(SysFwUpdt) before version 16.0.12 within Ring 3: User Applications may allow an escalation of privilege. |
CVE-2025-70093 | High | 7.4 | — | 2026-02-13 | An issue in OpenSourcePOS v3.4.1 allows attackers to execute arbitrary code via returning a crafted AJAX response. |
CVE-2025-20080 | Medium | 6.8 | — | 2026-02-10 | Null pointer dereference in the firmware for some Intel(R) AMT and Intel(R) Standard Manageability within Ring 0: Kernel may allow a denial of service. |
CVE-2025-36522 | Medium | 6.7 | — | 2026-02-10 | Incorrect default permissions for some Intel(R) Chipset Software before version 10.1.20266.8668 or later. |
CVE-2025-36511 | Medium | 6.7 | — | 2026-02-10 | Incorrect default permissions for some Intel(R) Memory and Storage Tool before version 2.5.2 within Ring 3: User Applications may allow an escalation of privilege. |
CVE-2025-35999 | Medium | 6.7 | — | 2026-02-10 | Incorrect permission assignment for critical resource for some System Firmware Update Utility (SysFwUpdt) for Intel(R) Server Boards and Intel(R) Server Systems Based before version 16.0.12. |
CVE-2025-32452 | Medium | 6.7 | — | 2026-02-10 | Uncontrolled search path for some AI Playground before version 2.6.1 beta within Ring 3: User Applications may allow an escalation of privilege. |
CVE-2025-31655 | Medium | 6.7 | — | 2026-02-10 | Incorrect default permissions for some Intel(R) Battery Life Diagnostic Tool within Ring 3: User Applications may allow an escalation of privilege. |
CVE-2025-22849 | Medium | 6.7 | — | 2026-02-10 | Incorrect default permissions for the Intel(R) Optane(TM) PMem management software before versions CR_MGMT_01.00.00.3584, CR_MGMT_02.00.00.4052, CR_MGMT_03.00.00.0538 within Ring 3: User Applications may allow an escalation of privilege. |
CVE-2025-20106 | Medium | 6.7 | — | 2026-02-10 | Uncontrolled search path in some software installer for some VTune(TM) Profiler software and Intel(R) oneAPI Base Toolkits before version 2025.0. |
CVE-2025-20070 | Medium | 6.7 | — | 2026-02-10 | Improper conditions check for the Intel(R) Optane(TM) PMem management software before versions CR_MGMT_02.00.00.4052, CR_MGMT_03.00.00.0538 within Ring 3: User Applications may allow an escalation of privilege. |
CVE-2025-70095 | Medium | 6.5 | — | 2026-02-13 | A cross-site scripting (XSS) vulnerability in the item management and sales invoice function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload. |
CVE-2025-70094 | Medium | 6.5 | — | 2026-02-13 | A cross-site scripting (XSS) vulnerability in the Generate Item Barcode function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Item Category parameter. |
CVE-2025-70091 | Medium | 6.5 | — | 2026-02-13 | A cross-site scripting (XSS) vulnerability in the Customers function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Phone Number parameter. |
CVE-2025-56647 | Medium | 6.5 | — | 2026-02-12 | npm @farmfe/core before 1.7.6 is Missing Origin Validation in WebSocket. |
CVE-2025-65127 | Medium | 6.5 | — | 2026-02-11 | A lack of session validation in the web API component of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote unauthenticated attackers to access administrative information-retrieval functions intended for authenticated users. |
CVE-2025-30508 | Medium | 6.5 | — | 2026-02-10 | Improper authorization in the Intel(R) Quick Assist Technology for some Intel(R) Platforms within Ring 0: Kernel may allow a denial of service. |
CVE-2025-70845 | Medium | 6.1 | — | 2026-02-12 | lty628 aidigu v1.9.1 is vulnerable to Cross Site Scripting (XSS) exists in the /setting/ page where the "intro" field is not properly sanitized or escaped. |
CVE-2025-27560 | Medium | 6.0 | — | 2026-02-10 | Loop with unreachable exit condition ('infinite loop') for some Intel(R) Platform within Ring 0: Kernel may allow a denial of service. |
CVE-2025-70092 | Medium | 5.5 | — | 2026-02-12 | A cross-site scripting (XSS) vulnerability in the Item Kits function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Item Name parameter. |
CVE-2025-32735 | Medium | 5.5 | — | 2026-02-10 | Improper conditions check in some firmware for some Intel(R) NPU Drivers within Ring 1: Device Drivers may allow a denial of service. |
CVE-2025-70347 | Medium | 5.5 | — | 2026-02-10 | An issue in mquickjs before commit 74b7e (2026-01-15) allows a local attacker to cause a denial of service via a crafted file to the get_mblock_size function at mquickjs.c. |
CVE-2024-54192 | Medium | 5.5 | — | 2026-02-10 | An issue inTcpreplay v4.5.1 allows a local attacker to cause a denial of service via a crafted file to the tcpedit_dlt_getplugin function at src/tcpedit/plugins/dlt_utils.c. |
CVE-2026-25828 | Medium | 5.4 | — | 2026-02-12 | grub-btrfs through 2026-01-31 (on Arch Linux and derivative distributions) allows initramfs OS command injection because it does not sanitize the $root parameter to resolve_device(). |
CVE-2025-64074 | Medium | 5.3 | — | 2026-02-11 | A path-traversal vulnerability in the logout functionality of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote attackers to delete arbitrary files on the host by supplying a crafted session cookie value. |
CVE-2024-26479 | Medium | 5.3 | — | 2026-02-11 | An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the Command execution function. |
CVE-2024-26478 | Medium | 5.3 | — | 2026-02-11 | An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the /api/users endpoint. |
CVE-2025-31944 | Medium | 5.3 | — | 2026-02-10 | Race condition for some TDX Module before version tdx1.5 within Ring 0: Hypervisor may allow a denial of service. |
CVE-2025-35992 | Medium | 4.7 | — | 2026-02-10 | Improper conditions check in some firmware for some Intel(R) NPU Drivers within Ring 1: Device Drivers may allow a denial of service. |
CVE-2025-22885 | Medium | 4.7 | — | 2026-02-10 | Improper buffer restrictions in the firmware for the TDX Module may allow an escalation of privilege. |
CVE-2025-32007 | Medium | 4.4 | — | 2026-02-10 | Out-of-bounds read for some TDX before version tdx module 1.5.24 within Ring 0: Hypervisor may allow an information disclosure. |
CVE-2025-69752 | Medium | 4.3 | — | 2026-02-12 | An issue in the "My Details" user profile functionality of Ideagen Q-Pulse 7.1.0.32 allows an authenticated user to view other users' profile information by modifying the objectKey HTTP parameter in the My Details page URL. |
CVE-2026-2003 | Medium | 4.3 | — | 2026-02-12 | Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. |
CVE-2025-32467 | Medium | 4.1 | — | 2026-02-10 | Use of uninitialized variable for some TDX Module before version tdx1.5 within Ring 0: Hypervisor may allow an information disclosure. |
CVE-2025-27940 | Medium | 4.1 | — | 2026-02-10 | Out-of-bounds read for some TDX Module before version tdx1.5 within Ring 0: Hypervisor may allow an information disclosure. |
CVE-2025-27708 | Medium | 4.1 | — | 2026-02-10 | Out-of-bounds read in the firmware for some Intel(R) Converged Security and Management Engine (CSME) Firmware (FW) within Ring 0: Kernel may allow an information disclosure. |
CVE-2025-27572 | Medium | 4.1 | — | 2026-02-10 | Exposure of sensitive information during transient execution for some TDX within Ring 0: Hypervisor may allow an information disclosure. |
CVE-2025-31648 | Low | 3.9 | — | 2026-02-10 | Improper handling of values in the microcode flow for some Intel(R) Processor Family may allow an escalation of privilege. |
CVE-2025-33030 | Low | 3.3 | — | 2026-02-10 | Improper conditions check in some firmware for some Intel(R) NPU Drivers within Ring 3: User Applications may allow an escalation of privilege. |
CVE-2025-25058 | Low | 3.3 | — | 2026-02-10 | Improper initialization for some ESXi kernel mode driver for the Intel(R) Ethernet 800-Series before version 2.2.2.0 (esxi 8.0) & 2.2.3.0 (esxi 9.0) within Ring 1: Device Drivers may allow an information disclosure. |
CVE-2025-15572 | Low | 3.3 | — | 2026-02-10 | A vulnerability has been found in wasm3 up to 0.5.0. |
CVE-2026-2245 | Low | 3.3 | — | 2026-02-09 | A vulnerability was identified in CCExtractor up to 183. |
Apple · 75 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-20677 | Critical | 9.0 | — | 2026-02-11 | A race condition was addressed with improved handling of symbolic links. |
CVE-2026-20667 | High | 8.8 | — | 2026-02-11 | A logic issue was addressed with improved checks. |
CVE-2026-20616 | High | 8.8 | — | 2026-02-11 | An out-of-bounds write issue was addressed with improved bounds checking. |
CVE-2026-20700 | High | 7.8 | KEV | 2026-02-11 | A memory corruption issue was addressed with improved state management. |
CVE-2026-20658 | High | 7.8 | — | 2026-02-11 | A package validation issue was addressed by blocking the vulnerable package. |
CVE-2026-20626 | High | 7.8 | — | 2026-02-11 | This issue was addressed with improved checks. |
CVE-2026-20615 | High | 7.8 | — | 2026-02-11 | A path handling issue was addressed with improved validation. |
CVE-2026-20614 | High | 7.8 | — | 2026-02-11 | A path handling issue was addressed with improved validation. |
CVE-2026-20611 | High | 7.8 | — | 2026-02-11 | An out-of-bounds access issue was addressed with improved bounds checking. |
CVE-2026-20610 | High | 7.8 | — | 2026-02-11 | This issue was addressed with improved handling of symlinks. |
CVE-2026-20620 | High | 7.7 | — | 2026-02-11 | An out-of-bounds read issue was addressed with improved input validation. |
CVE-2026-20660 | High | 7.5 | — | 2026-02-11 | A path handling issue was addressed with improved logic. |
CVE-2026-20652 | High | 7.5 | — | 2026-02-11 | The issue was addressed with improved memory handling. |
CVE-2026-20650 | High | 7.5 | — | 2026-02-11 | A denial-of-service issue was addressed with improved validation. |
CVE-2026-20649 | High | 7.5 | — | 2026-02-11 | A logging issue was addressed with improved data redaction. |
CVE-2025-46290 | High | 7.5 | — | 2026-02-11 | A logic issue was addressed with improved checks. |
CVE-2026-20641 | High | 7.1 | — | 2026-02-11 | A privacy issue was addressed with improved checks. |
CVE-2026-20628 | High | 7.1 | — | 2026-02-11 | A permissions issue was addressed with additional restrictions. |
CVE-2026-20606 | High | 7.1 | — | 2026-02-11 | This issue was addressed by removing the vulnerable code. |
CVE-2026-20617 | High | 7.0 | — | 2026-02-11 | A race condition was addressed with improved state handling. |
CVE-2026-20680 | Medium | 6.5 | — | 2026-02-11 | The issue was addressed with additional restrictions on the observability of app states. |
CVE-2026-20644 | Medium | 6.5 | — | 2026-02-11 | The issue was addressed with improved memory handling. |
CVE-2026-20636 | Medium | 6.5 | — | 2026-02-11 | The issue was addressed with improved memory handling. |
CVE-2025-46310 | Medium | 6.0 | — | 2026-02-11 | This issue was addressed through improved state management. |
CVE-2025-46305 | Medium | 5.7 | — | 2026-02-11 | The issue was addressed with improved bounds checks. |
CVE-2025-46304 | Medium | 5.7 | — | 2026-02-11 | The issue was addressed with improved bounds checks. |
CVE-2025-46303 | Medium | 5.7 | — | 2026-02-11 | The issue was addressed with improved bounds checks. |
CVE-2025-46302 | Medium | 5.7 | — | 2026-02-11 | The issue was addressed with improved bounds checks. |
CVE-2025-46301 | Medium | 5.7 | — | 2026-02-11 | The issue was addressed with improved bounds checks. |
CVE-2025-46300 | Medium | 5.7 | — | 2026-02-11 | The issue was addressed with improved bounds checks. |
CVE-2026-20678 | Medium | 5.5 | — | 2026-02-11 | An authorization issue was addressed with improved state management. |
CVE-2026-20675 | Medium | 5.5 | — | 2026-02-11 | The issue was addressed with improved bounds checks. |
CVE-2026-20669 | Medium | 5.5 | — | 2026-02-11 | A parsing issue in the handling of directory paths was addressed with improved path validation. |
CVE-2026-20666 | Medium | 5.5 | — | 2026-02-11 | An authorization issue was addressed with improved state management. |
CVE-2026-20655 | Medium | 5.5 | — | 2026-02-11 | An authorization issue was addressed with improved state management. |
CVE-2026-20654 | Medium | 5.5 | — | 2026-02-11 | The issue was addressed with improved memory handling. |
CVE-2026-20653 | Medium | 5.5 | — | 2026-02-11 | A parsing issue in the handling of directory paths was addressed with improved path validation. |
CVE-2026-20648 | Medium | 5.5 | — | 2026-02-11 | A privacy issue was addressed by moving sensitive data to a protected location. |
CVE-2026-20647 | Medium | 5.5 | — | 2026-02-11 | This issue was addressed with improved data protection. |
CVE-2026-20638 | Medium | 5.5 | — | 2026-02-11 | A logic issue was addressed with improved checks. |
CVE-2026-20634 | Medium | 5.5 | — | 2026-02-11 | The issue was addressed with improved memory handling. |
CVE-2026-20630 | Medium | 5.5 | — | 2026-02-11 | A permissions issue was addressed with additional restrictions. |
CVE-2026-20629 | Medium | 5.5 | — | 2026-02-11 | A privacy issue was addressed with improved handling of temporary files. |
CVE-2026-20627 | Medium | 5.5 | — | 2026-02-11 | An issue existed in the handling of environment variables. |
CVE-2026-20625 | Medium | 5.5 | — | 2026-02-11 | A parsing issue in the handling of directory paths was addressed with improved path validation. |
CVE-2026-20624 | Medium | 5.5 | — | 2026-02-11 | An injection issue was addressed with improved validation. |
CVE-2026-20623 | Medium | 5.5 | — | 2026-02-11 | A permissions issue was addressed by removing the vulnerable code. |
CVE-2026-20621 | Medium | 5.5 | — | 2026-02-11 | The issue was addressed with improved memory handling. |
CVE-2026-20619 | Medium | 5.5 | — | 2026-02-11 | A logging issue was addressed with improved data redaction. |
CVE-2026-20618 | Medium | 5.5 | — | 2026-02-11 | An issue was addressed with improved handling of temporary files. |
CVE-2026-20612 | Medium | 5.5 | — | 2026-02-11 | A privacy issue was addressed with improved checks. |
CVE-2026-20608 | Medium | 5.5 | — | 2026-02-11 | This issue was addressed through improved state management. |
CVE-2026-20602 | Medium | 5.5 | — | 2026-02-11 | The issue was addressed with improved handling of caches. |
CVE-2025-43537 | Medium | 5.5 | — | 2026-02-11 | A path handling issue was addressed with improved validation. |
CVE-2025-43417 | Medium | 5.5 | — | 2026-02-11 | A path handling issue was addressed with improved logic. |
CVE-2025-43403 | Medium | 5.5 | — | 2026-02-11 | An authorization issue was addressed with improved state management. |
CVE-2026-20682 | Medium | 5.3 | — | 2026-02-11 | A logic issue was addressed with improved state management. |
CVE-2026-20676 | Medium | 5.3 | — | 2026-02-11 | This issue was addressed through improved state management. |
CVE-2026-20673 | Medium | 5.3 | — | 2026-02-11 | A logic issue was addressed with improved checks. |
CVE-2026-20674 | Medium | 4.6 | — | 2026-02-11 | A privacy issue was addressed by removing sensitive data. |
CVE-2026-20662 | Medium | 4.6 | — | 2026-02-11 | An authorization issue was addressed with improved state management. |
CVE-2026-20661 | Medium | 4.6 | — | 2026-02-11 | An authorization issue was addressed with improved state management. |
CVE-2026-20645 | Medium | 4.6 | — | 2026-02-11 | An inconsistent user interface issue was addressed with improved state management. |
CVE-2026-20640 | Medium | 4.6 | — | 2026-02-11 | An inconsistent user interface issue was addressed with improved state management. |
CVE-2026-20605 | Medium | 4.6 | — | 2026-02-11 | The issue was addressed with improved memory handling. |
CVE-2026-20609 | Medium | 4.4 | — | 2026-02-11 | The issue was addressed with improved memory handling. |
CVE-2026-20603 | Medium | 4.4 | — | 2026-02-11 | This issue was addressed with improved redaction of sensitive information. |
CVE-2026-20635 | Medium | 4.3 | — | 2026-02-11 | The issue was addressed with improved memory handling. |
CVE-2026-20681 | Low | 3.3 | — | 2026-02-11 | A privacy issue was addressed with improved private data redaction for log entries. |
CVE-2026-20663 | Low | 3.3 | — | 2026-02-11 | The issue was resolved by sanitizing logging. |
CVE-2026-20656 | Low | 3.3 | — | 2026-02-11 | A logic issue was addressed with improved validation. |
CVE-2026-20646 | Low | 3.3 | — | 2026-02-11 | A logging issue was addressed with improved data redaction. |
CVE-2026-20601 | Low | 3.3 | — | 2026-02-11 | A permissions issue was addressed with additional restrictions. |
CVE-2026-20671 | Low | 3.1 | — | 2026-02-11 | A logic issue was addressed with improved checks. |
CVE-2026-20642 | Low | 2.4 | — | 2026-02-11 | An input validation issue was addressed. |
Qnap · 49 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-66277 | Critical | 9.8 | — | 2026-02-11 | A link following vulnerability has been reported to affect several QNAP operating system versions. |
CVE-2025-57707 | High | 8.8 | — | 2026-02-11 | An improper neutralization of directives in statically saved code ('Static Code Injection') vulnerability has been reported to affect File Station 5. |
CVE-2025-30276 | High | 8.8 | — | 2026-02-11 | An out-of-bounds write vulnerability has been reported to affect Qsync Central. |
CVE-2025-57709 | High | 8.1 | — | 2026-02-11 | A buffer overflow vulnerability has been reported to affect Qsync Central. |
CVE-2025-52870 | High | 8.1 | — | 2026-02-11 | A buffer overflow vulnerability has been reported to affect Qsync Central. |
CVE-2025-52869 | High | 8.1 | — | 2026-02-11 | A buffer overflow vulnerability has been reported to affect Qsync Central. |
CVE-2025-52868 | High | 8.1 | — | 2026-02-11 | A buffer overflow vulnerability has been reported to affect Qsync Central. |
CVE-2025-48725 | High | 8.1 | — | 2026-02-11 | A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. |
CVE-2025-48724 | High | 8.1 | — | 2026-02-11 | A buffer overflow vulnerability has been reported to affect Qsync Central. |
CVE-2025-48723 | High | 8.1 | — | 2026-02-11 | A buffer overflow vulnerability has been reported to affect Qsync Central. |
CVE-2025-30269 | High | 8.1 | — | 2026-02-11 | A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. |
CVE-2024-56808 | High | 7.8 | — | 2026-02-11 | A command injection vulnerability has been reported to affect Media Streaming add-on. |
CVE-2025-57713 | High | 7.5 | — | 2026-02-11 | A weak authentication vulnerability has been reported to affect File Station 5. |
CVE-2026-22894 | Medium | 6.5 | — | 2026-02-11 | A path traversal vulnerability has been reported to affect File Station 6. |
CVE-2025-68406 | Medium | 6.5 | — | 2026-02-11 | A path traversal vulnerability has been reported to affect Qsync Central. |
CVE-2025-66278 | Medium | 6.5 | — | 2026-02-11 | A path traversal vulnerability has been reported to affect File Station 5. |
CVE-2025-62854 | Medium | 6.5 | — | 2026-02-11 | An uncontrolled resource consumption vulnerability has been reported to affect File Station 5. |
CVE-2025-62853 | Medium | 6.5 | — | 2026-02-11 | A path traversal vulnerability has been reported to affect File Station 5. |
CVE-2025-58470 | Medium | 6.5 | — | 2026-02-11 | A path traversal vulnerability has been reported to affect Qsync Central. |
CVE-2025-58467 | Medium | 6.5 | — | 2026-02-11 | A relative path traversal vulnerability has been reported to affect Qsync Central. |
CVE-2025-57708 | Medium | 6.5 | — | 2026-02-11 | An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. |
CVE-2025-54170 | Medium | 6.5 | — | 2026-02-11 | An out-of-bounds read vulnerability has been reported to affect Qsync Central. |
CVE-2025-54169 | Medium | 6.5 | — | 2026-02-11 | An out-of-bounds read vulnerability has been reported to affect File Station 5. |
CVE-2025-54152 | Medium | 6.5 | — | 2026-02-11 | A use of out-of-range pointer offset vulnerability has been reported to affect Qsync Central. |
CVE-2025-54148 | Medium | 6.5 | — | 2026-02-11 | A NULL pointer dereference vulnerability has been reported to affect Qsync Central. |
CVE-2025-54147 | Medium | 6.5 | — | 2026-02-11 | A NULL pointer dereference vulnerability has been reported to affect Qsync Central. |
CVE-2025-54146 | Medium | 6.5 | — | 2026-02-11 | A NULL pointer dereference vulnerability has been reported to affect Qsync Central. |
CVE-2025-53598 | Medium | 6.5 | — | 2026-02-11 | A NULL pointer dereference vulnerability has been reported to affect Qsync Central. |
CVE-2025-48722 | Medium | 6.5 | — | 2026-02-11 | A NULL pointer dereference vulnerability has been reported to affect Qsync Central. |
CVE-2025-47209 | Medium | 6.5 | — | 2026-02-11 | A NULL pointer dereference vulnerability has been reported to affect Qsync Central. |
CVE-2025-30266 | Medium | 6.5 | — | 2026-02-11 | A NULL pointer dereference vulnerability has been reported to affect Qsync Central. |
CVE-2025-54151 | Medium | 5.5 | — | 2026-02-11 | An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. |
CVE-2025-54150 | Medium | 5.5 | — | 2026-02-11 | An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. |
CVE-2025-54149 | Medium | 5.5 | — | 2026-02-11 | An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. |
CVE-2024-56807 | Medium | 5.5 | — | 2026-02-11 | An out-of-bounds read vulnerability has been reported to affect Media Streaming add-on. |
CVE-2025-66274 | Medium | 4.9 | — | 2026-02-11 | A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. |
CVE-2025-59386 | Medium | 4.9 | — | 2026-02-11 | A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. |
CVE-2025-58472 | Medium | 4.9 | — | 2026-02-11 | A NULL pointer dereference vulnerability has been reported to affect Qsync Central. |
CVE-2025-58471 | Medium | 4.9 | — | 2026-02-11 | An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. |
CVE-2025-58466 | Medium | 4.9 | — | 2026-02-11 | A use of uninitialized variable vulnerability has been reported to affect several QNAP operating system versions. |
CVE-2025-57711 | Medium | 4.9 | — | 2026-02-11 | An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. |
CVE-2025-57710 | Medium | 4.9 | — | 2026-02-11 | An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. |
CVE-2025-54163 | Medium | 4.9 | — | 2026-02-11 | A NULL pointer dereference vulnerability has been reported to affect File Station 5. |
CVE-2025-54162 | Medium | 4.9 | — | 2026-02-11 | A path traversal vulnerability has been reported to affect File Station 5. |
CVE-2025-54161 | Medium | 4.9 | — | 2026-02-11 | An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. |
CVE-2025-54155 | Medium | 4.9 | — | 2026-02-11 | An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. |
CVE-2025-47205 | Medium | 4.9 | — | 2026-02-11 | A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. |
CVE-2025-62856 | Medium | 4.4 | — | 2026-02-11 | A path traversal vulnerability has been reported to affect File Station 5. |
CVE-2025-62855 | Medium | 4.4 | — | 2026-02-11 | A path traversal vulnerability has been reported to affect File Station 5. |
Amd · 41 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-36324 | High | 8.8 | — | 2026-02-11 | Improper input validation in AMD Graphics Driver could allow an attacker to supply a specially crafted pointer, potentially leading to arbitrary code execution. |
CVE-2025-48503 | High | 7.8 | — | 2026-02-11 | A DLL hijacking vulnerability in the AMD Software Installer could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. |
CVE-2023-31324 | High | 7.8 | — | 2026-02-11 | A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to modify External Global Memory Interconnect Trusted Agent (XGMI TA) commands as they are processed potentially resulting in los… |
CVE-2023-20548 | High | 7.8 | — | 2026-02-11 | A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to corrupt memory resulting in loss of integrity, confidentiality, or availability. |
CVE-2025-54519 | High | 7.3 | — | 2026-02-12 | A DLL hijacking vulnerability in Doc Nav could allow a local attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. |
CVE-2025-52541 | High | 7.3 | — | 2026-02-11 | A DLL hijacking vulnerability in Vivado could allow a local attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. |
CVE-2023-31313 | High | 7.2 | — | 2026-02-12 | An unintended proxy or intermediary in the AMD power management firmware (PMFW) could allow a privileged attacker to send malformed messages to the system management unit (SMU) potentially resulting in arbitrary code execution. |
CVE-2025-48508 | Medium | 6.0 | — | 2026-02-11 | Improper Hardware reset flow logic in the GPU GFX Hardware IP block could allow a privileged attacker in a guest virtual machine to control reset operation potentially causing host or GPU crash or reset resulting in denial of service. |
CVE-2024-36316 | Medium | 5.5 | — | 2026-02-11 | The integer overflow vulnerability within AMD Graphics driver could allow an attacker to bypass size checks potentially resulting in a denial of service |
CVE-2024-21961 | — | — | — | 2026-02-13 | Improper restriction of operations within the bounds of a memory buffer in PCIe® Link could allow an attacker with access to a guest virtual machine to potentially perform a denial of service attack against the host resulting in loss of av… |
CVE-2025-52533 | — | — | — | 2026-02-12 | Improper Access Control in an on-chip debug interface could allow a privileged attacker to enable a debug interface and potentially compromise data confidentiality or integrity. |
CVE-2024-36319 | — | — | — | 2026-02-12 | Debug code left active in AMD's Video Decoder Engine Firmware (VCN FW) could allow a attacker to submit a maliciously crafted command causing the VCN FW to perform read/writes HW registers, potentially impacting confidentiality, integrity… |
CVE-2023-31323 | — | — | — | 2026-02-12 | Type confusion in the AMD Secure Processor (ASP) could allow an attacker to pass a malformed argument to the External Global Memory Interconnect Trusted Agent (XGMI TA) leading to a memory safety violation potentially resulting in loss of… |
CVE-2023-20601 | — | — | — | 2026-02-12 | Improper input validation within RAS TA Driver can allow a local attacker to access out-of-bounds memory, potentially resulting in a denial-of-service condition. |
CVE-2025-61969 | — | — | — | 2026-02-11 | Incorrect permission assignment in AMD µProf may allow a local user-privileged attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. |
CVE-2025-48518 | — | — | — | 2026-02-11 | Improper input validation in AMD Graphics Driver could allow a local attacker to write out of bounds, potentially resulting in loss of integrity or denial of service. |
CVE-2024-36320 | — | — | — | 2026-02-11 | Integer Overflow within atihdwt6.sys can allow a local attacker to cause out of bound read/write potentially leading to loss of confidentiality, integrity and availability |
CVE-2023-20514 | — | — | — | 2026-02-11 | Improper handling of parameters in the AMD Secure Processor (ASP) could allow a privileged attacker to pass an arbitrary memory value to functions in the trusted execution environment resulting in arbitrary code execution |
CVE-2025-54514 | — | — | — | 2026-02-10 | Improper isolation of shared resources on a system on a chip by a malicious local attacker with high privileges could potentially lead to a partial loss of integrity. |
CVE-2025-52536 | — | — | — | 2026-02-10 | Improper Prevention of Lock Bit Modification in SEV firmware could allow a privileged attacker to downgrade firmware potentially resulting in a loss of integrity. |
CVE-2025-52534 | — | — | — | 2026-02-10 | Improper bound check within AMD CPU microcode can allow a malicious guest to write to host memory, potentially resulting in loss of integrity. |
CVE-2025-48517 | — | — | — | 2026-02-10 | Insufficient Granularity of Access Control in SEV firmware could allow a privileged user with a malicious hypervisor to create a SEV-ES guest with an ASID in the range meant for SEV-SNP guests potentially resulting in a partial loss of con… |
CVE-2025-48515 | — | — | — | 2026-02-10 | Insufficient parameter sanitization in AMD Secure Processor (ASP) Boot Loader could allow an attacker with access to SPIROM upgrade to overwrite the memory, potentially resulting in arbitrary code execution. |
CVE-2025-48514 | — | — | — | 2026-02-10 | Insufficient Granularity of Access Control in SEV firmware can allow a privileged attacker to create a SEV-ES Guest to attack SNP guest, potentially resulting in a loss of confidentiality. |
CVE-2025-48509 | — | — | — | 2026-02-10 | Missing Checks in certain functions related to RMP initialization can allow a local admin privileged attacker to cause misidentification of I/O memory, potentially resulting in a loss of guest memory integrity |
CVE-2025-29952 | — | — | — | 2026-02-10 | Improper Initialization within the AMD Secure Encrypted Virtualization (SEV) firmware can allow an admin privileged attacker to corrupt RMP covered memory, potentially resulting in loss of guest memory integrity |
CVE-2025-29951 | — | — | — | 2026-02-10 | A buffer overflow in the AMD Secure Processor (ASP) bootloader could allow an attacker to overwrite memory, potentially resulting in privilege escalation and arbitrary code execution. |
CVE-2025-29950 | — | — | — | 2026-02-10 | Improper input validation in system management mode (SMM) could allow a privileged attacker to overwrite stack memory leading to arbitrary code execution. |
CVE-2025-29949 | — | — | — | 2026-02-10 | Insufficient input parameter sanitization in AMD Secure Processor (ASP) Boot Loader (legacy recovery mode only) could allow an attacker to write out-of-bounds to corrupt Secure DRAM potentially resulting in denial of service. |
CVE-2025-29948 | — | — | — | 2026-02-10 | Improper access control in AMD Secure Encrypted Virtualization (SEV) firmware could allow a malicious hypervisor to bypass RMP protections, potentially resulting in a loss of SEV-SNP guest memory integrity. |
CVE-2025-29946 | — | — | — | 2026-02-10 | Insufficient or Incomplete Data Removal in Hardware Component in SEV firmware doesn't fully flush IOMMU. |
CVE-2025-29939 | — | — | — | 2026-02-10 | Improper access control in secure encrypted virtualization (SEV) could allow a privileged attacker to write to the reverse map page (RMP) during secure nested paging (SNP) initialization, potentially resulting in a loss of guest memory con… |
CVE-2025-0031 | — | — | — | 2026-02-10 | A use after free in the SEV firmware could allow a malicous hypervisor to activate a migrated guest with the SINGLE_SOCKET policy on a different socket than the migration agent potentially resulting in loss of integrity. |
CVE-2025-0029 | — | — | — | 2026-02-10 | Improper handling of error condition during host-induced faults can allow a local high-privileged attack to selectively drop guest DMA writes, potentially resulting in a loss of SEV-SNP guest memory integrity |
CVE-2025-0012 | — | — | — | 2026-02-10 | Improper handling of overlap between the segmented reverse map table (RMP) and system management mode (SMM) memory could allow a privileged attacker corrupt or partially infer SMM memory resulting in loss of integrity or confidentiality. |
CVE-2024-36355 | — | — | — | 2026-02-10 | Improper input validation in the SMM handler could allow an attacker with Ring0 access to write to SMRAM and modify execution flow for S3 (sleep) wake up, potentially resulting in arbitrary code execution. |
CVE-2024-36311 | — | — | — | 2026-02-10 | A Time-of-check time-of-use (TOCTOU) race condition in the SMM communications buffer could allow a privileged attacker to bypass input validation and perform an out of bounds read or write, potentially resulting in loss of confidentiality… |
CVE-2024-36310 | — | — | — | 2026-02-10 | Improper input validation in the SMM communications buffer could allow a privileged attacker to perform an out of bounds read or write to SMRAM potentially resulting in loss of confidentiality or integrity. |
CVE-2024-21953 | — | — | — | 2026-02-10 | Improper input validation in IOMMU could allow a malicious hypervisor to reconfigure IOMMU registers resulting in loss of guest data integrity. |
CVE-2021-26410 | — | — | — | 2026-02-10 | Improper syscall input validation in ASP (AMD Secure Processor) may force the kernel into reading syscall parameter values from its own memory space allowing an attacker to infer the contents of the kernel memory leading to potential infor… |
CVE-2021-26381 | — | — | — | 2026-02-10 | Improper system call parameter validation in the Trusted OS may allow a malicious driver to perform mapping or unmapping operations on a large number of pages, potentially resulting in kernel memory corruption. |
Nsasoft · 26 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25336 | High | 8.4 | — | 2026-02-12 | SpotAuditor 5.3.2 contains a local buffer overflow vulnerability in the Base64 Encrypted Password tool that allows attackers to execute arbitrary code by crafting a malicious payload. |
CVE-2019-25340 | High | 7.5 | — | 2026-02-12 | SpotAuditor 5.3.2 contains a denial of service vulnerability in its Base64 decryption feature that allows attackers to crash the application by supplying an oversized buffer. |
CVE-2020-37212 | High | 7.5 | — | 2026-02-11 | SpotMSN 2.4.6 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. |
CVE-2020-37211 | High | 7.5 | — | 2026-02-11 | SpotIM 2.2 contains a denial of service vulnerability that allows attackers to crash the application by inputting a large buffer in the registration name field. |
CVE-2020-37210 | High | 7.5 | — | 2026-02-11 | SpotIE 2.9.5 contains a denial of service vulnerability in the registration key input that allows attackers to crash the application. |
CVE-2020-37209 | High | 7.5 | — | 2026-02-11 | SpotFTP 3.0.0.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. |
CVE-2020-37208 | High | 7.5 | — | 2026-02-11 | SpotFTP 3.0.0.0 contains a buffer overflow vulnerability in the registration key input field that allows attackers to crash the application. |
CVE-2020-37207 | High | 7.5 | — | 2026-02-11 | SpotDialup 1.6.7 contains a denial of service vulnerability in the registration key input field that allows attackers to crash the application. |
CVE-2020-37206 | High | 7.5 | — | 2026-02-11 | ShareAlarmPro contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. |
CVE-2020-37205 | High | 7.5 | — | 2026-02-11 | RemShutdown 2.9.0.0 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' registration field. |
CVE-2020-37204 | High | 7.5 | — | 2026-02-11 | RemShutdown 2.9.0.0 contains a denial of service vulnerability in its registration key input that allows attackers to crash the application. |
CVE-2020-37203 | High | 7.5 | — | 2026-02-11 | Office Product Key Finder 1.5.4 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the registration code input. |
CVE-2020-37202 | High | 7.5 | — | 2026-02-11 | NetworkSleuth 3.0.0.0 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. |
CVE-2020-37201 | High | 7.5 | — | 2026-02-11 | NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration name input that allows attackers to crash the application. |
CVE-2020-37200 | High | 7.5 | — | 2026-02-11 | NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration key input that allows attackers to crash the application by supplying oversized input. |
CVE-2020-37199 | High | 7.5 | — | 2026-02-11 | NBMonitor 1.6.6.0 contains a denial of service vulnerability in its registration key input that allows attackers to crash the application. |
CVE-2020-37197 | High | 7.5 | — | 2026-02-11 | Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. |
CVE-2020-37196 | High | 7.5 | — | 2026-02-11 | Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the application by providing an oversized registration key. |
CVE-2020-37195 | High | 7.5 | — | 2026-02-11 | BlueAuditor 1.7.2.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. |
CVE-2020-37194 | High | 7.5 | — | 2026-02-11 | Backup Key Recovery 2.2.5 contains a denial of service vulnerability that allows attackers to crash the application by supplying an overly long registration key. |
CVE-2020-37188 | High | 7.5 | — | 2026-02-11 | SpotOutlook 1.2.6 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. |
CVE-2020-37187 | High | 7.5 | — | 2026-02-11 | SpotDialup 1.6.7 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. |
CVE-2020-37185 | High | 7.5 | — | 2026-02-11 | Backup Key Recovery 2.2.5 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. |
CVE-2020-37180 | High | 7.5 | — | 2026-02-11 | GTalk Password Finder 2.2.1 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. |
CVE-2020-37179 | High | 7.5 | — | 2026-02-11 | APKF Product Key Finder 2.5.8.0 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. |
CVE-2019-25334 | Medium | 6.2 | — | 2026-02-12 | Product Key Explorer 4.2.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by overflowing the registration name input field. |
Sap · 26 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-0488 | Critical | 9.9 | — | 2026-02-10 | An authenticated attacker in SAP CRM and SAP S/4HANA (Scripting Editor) could exploit a flaw in a generic function module call and execute unauthorized critical functionalities, which includes the ability to execute an arbitrary SQL statem… |
CVE-2026-0509 | Critical | 9.6 | — | 2026-02-10 | SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated, low-privileged user to perform background Remote Function Calls without the required S_RFC authorization in certain cases. |
CVE-2026-23687 | High | 8.8 | — | 2026-02-10 | SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. |
CVE-2026-24322 | High | 7.7 | — | 2026-02-10 | SAP Solution Tools Plug-In (ST-PI) contains a function module that does not perform the necessary authorization checks for authenticated users, allowing sensitive information to be disclosed. |
CVE-2026-23689 | High | 7.7 | — | 2026-02-10 | Due to an uncontrolled resource consumption (Denial of Service) vulnerability, an authenticated attacker with regular user privileges and network access can repeatedly invoke a remote-enabled function module with an excessively large loop-… |
CVE-2026-0490 | High | 7.5 | — | 2026-02-10 | SAP BusinessObjects BI Platform allows an unauthenticated attacker to craft a specific network request to the trusted endpoint that breaks the authentication, which prevents the legitimate users from accessing the platform. |
CVE-2026-0485 | High | 7.5 | — | 2026-02-10 | SAP BusinessObjects BI Platform allows an unauthenticated attacker to send specially crafted requests that could cause the Content Management Server (CMS) to crash and automatically restart. |
CVE-2026-0508 | High | 7.3 | — | 2026-02-10 | The SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker with high privileges to insert malicious URL within the application. |
CVE-2026-24324 | Medium | 6.5 | — | 2026-02-10 | SAP BusinessObjects Business Intelligence Platform (AdminTools) allows an authenticated attacker with user privileges to execute a specific query in AdminTools that could cause the Content Management Server (CMS) to crash, rendering the CM… |
CVE-2026-0484 | Medium | 6.5 | — | 2026-02-10 | Due to missing authorization check in SAP NetWeaver Application Server ABAP and SAP S/4HANA, an authenticated attacker could access a specific transaction code and modify the text data in the system. |
CVE-2026-24328 | Medium | 6.1 | — | 2026-02-10 | SAP TAF_APPLAUNCHER within Business Server Pages allows unauthenticated attacker to craft malicious links that, when clicked by a victim, redirect them to attacker?controlled sites, potentially exposing or altering sensitive information in… |
CVE-2026-24323 | Medium | 6.1 | — | 2026-02-10 | The BSP applications allow an unauthenticated user to inject malicious script content via user-controlled URL parameters that are not sufficiently sanitized. |
CVE-2026-0505 | Medium | 6.1 | — | 2026-02-10 | The BSP applications allow an unauthenticated user to manipulate user-controlled URL parameters that are not sufficiently validated. |
CVE-2026-23684 | Medium | 5.9 | — | 2026-02-10 | A race condition vulnerability exists in the SAP Commerce cloud. |
CVE-2026-24319 | Medium | 5.8 | — | 2026-02-10 | In SAP Business One, sensitive information is written to the application�s memory dump files without obfuscation. |
CVE-2026-24321 | Medium | 5.3 | — | 2026-02-10 | SAP Commerce Cloud exposes multiple API endpoints to unauthenticated users, allowing them to submit requests to these open endpoints to retrieve sensitive information that is not intended to be publicly accessible via the front-end. |
CVE-2026-24312 | Medium | 5.2 | — | 2026-02-10 | An erroneous authorization check in SAP Business Workflow leads to privilege escalation. |
CVE-2026-0486 | Medium | 5.0 | — | 2026-02-10 | In ABAP based SAP systems a remote enabled function module does not perform necessary authorization checks for an authenticated user resulting in disclosure of system information.This has low impact on confidentiality. |
CVE-2026-24325 | Medium | 4.8 | — | 2026-02-10 | SAP BusinessObjects Enterprise does not sufficiently encode user-controlled inputs, leading to Stored Cross-Site Scripting (XSS) vulnerability. |
CVE-2026-23685 | Medium | 4.4 | — | 2026-02-10 | Due to a Deserialization vulnerability in SAP NetWeaver (JMS service), an attacker authenticated as an administrator with local access could submit specially crafted content to the server. |
CVE-2026-24327 | Medium | 4.3 | — | 2026-02-10 | Due to missing authorization check in SAP Strategic Enterprise Management (Balanced Scorecard in Business Server Pages), an authenticated attacker could access information that they are otherwise unauthorized to view. |
CVE-2026-24326 | Medium | 4.3 | — | 2026-02-10 | Due to a missing authorization check in the Disconnected Operations of the SAP S/4HANA Defense & Security, an attacker with user privileges could call remote-enabled function modules to do direct update on standard SAP database table . |
CVE-2026-23688 | Medium | 4.3 | — | 2026-02-10 | SAP Fiori App Manage Service Entry Sheets does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. |
CVE-2026-23681 | Medium | 4.3 | — | 2026-02-10 | Due to missing authorization check in a function module in SAP Support Tools Plug-In, an authenticated attacker could invoke specific function modules to retrieve information about the system and its configuration. |
CVE-2026-23686 | Low | 3.4 | — | 2026-02-10 | Due to a CRLF Injection vulnerability in SAP NetWeaver Application Server Java, an authenticated attacker with administrative access could submit specially crafted content to the application. |
CVE-2026-24320 | Low | 3.1 | — | 2026-02-10 | Due to improper memory management in SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker could exploit logical errors in memory management by supplying specially crafted input containing unique characters… |
Adobe · 19 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-21349 | High | 7.8 | — | 2026-02-10 | Lightroom Desktop versions 15.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2026-21353 | High | 7.8 | — | 2026-02-10 | DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2026-21352 | High | 7.8 | — | 2026-02-10 | DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2026-21335 | High | 7.8 | — | 2026-02-10 | Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2026-21334 | High | 7.8 | — | 2026-02-10 | Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2026-21312 | High | 7.8 | — | 2026-02-10 | Audition versions 25.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. |
CVE-2026-21348 | Medium | 5.5 | — | 2026-02-10 | Substance3D - Modeler versions 1.22.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. |
CVE-2026-21355 | Medium | 5.5 | — | 2026-02-10 | DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. |
CVE-2026-21354 | Medium | 5.5 | — | 2026-02-10 | DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could lead to application denial-of-service. |
CVE-2026-21340 | Medium | 5.5 | — | 2026-02-10 | Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. |
CVE-2026-21339 | Medium | 5.5 | — | 2026-02-10 | Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. |
CVE-2026-21338 | Medium | 5.5 | — | 2026-02-10 | Substance3D - Designer versions 15.1.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. |
CVE-2026-21337 | Medium | 5.5 | — | 2026-02-10 | Substance3D - Designer versions 15.1.0 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. |
CVE-2026-21336 | Medium | 5.5 | — | 2026-02-10 | Substance3D - Designer versions 15.1.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. |
CVE-2026-21317 | Medium | 5.5 | — | 2026-02-10 | Audition versions 25.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. |
CVE-2026-21316 | Medium | 5.5 | — | 2026-02-10 | Audition versions 25.3 and earlier are affected by an Access of Memory Location After End of Buffer vulnerability that could lead to application denial-of-service. |
CVE-2026-21315 | Medium | 5.5 | — | 2026-02-10 | Audition versions 25.3 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. |
CVE-2026-21314 | Medium | 5.5 | — | 2026-02-10 | Audition versions 25.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. |
CVE-2026-21313 | Medium | 5.5 | — | 2026-02-10 | Audition versions 25.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. |
Yokogawa · 19 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-66603 | Critical | 9.8 | — | 2026-02-09 | A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. |
CVE-2025-66602 | Critical | 9.8 | — | 2026-02-09 | A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. |
CVE-2025-66606 | Critical | 9.6 | — | 2026-02-09 | A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. |
CVE-2025-1924 | High | 8.2 | — | 2026-02-13 | A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. |
CVE-2025-66598 | High | 7.5 | — | 2026-02-09 | A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. |
CVE-2025-66597 | High | 7.5 | — | 2026-02-09 | A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. |
CVE-2025-66608 | High | 7.5 | — | 2026-02-09 | A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. |
CVE-2025-48023 | Medium | 6.5 | — | 2026-02-13 | A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. |
CVE-2025-48022 | Medium | 6.5 | — | 2026-02-13 | A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. |
CVE-2025-48021 | Medium | 6.5 | — | 2026-02-13 | A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. |
CVE-2025-48020 | Medium | 6.5 | — | 2026-02-13 | A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. |
CVE-2025-48019 | Medium | 6.5 | — | 2026-02-13 | A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. |
CVE-2025-66596 | Medium | 6.1 | — | 2026-02-09 | A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. |
CVE-2025-66601 | Medium | 6.1 | — | 2026-02-09 | A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. |
CVE-2025-66595 | Medium | 5.4 | — | 2026-02-09 | A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. |
CVE-2025-66594 | Medium | 5.3 | — | 2026-02-09 | A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. |
CVE-2025-66607 | Medium | 5.3 | — | 2026-02-09 | A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. |
CVE-2025-66605 | Medium | 5.3 | — | 2026-02-09 | A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. |
CVE-2025-66604 | Medium | 5.3 | — | 2026-02-09 | A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. |
Gitlab · 16 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-1868 | Critical | 9.9 | — | 2026-02-09 | GitLab has remediated a vulnerability in the Duo Workflow Service component of GitLab AI Gateway affecting all versions of the AI Gateway from 18.1.6, 18.2.6, 18.3.1 to 18.6.1, 18.7.0, and 18.8.0 in which AI Gateway was vulnerable to insec… |
CVE-2025-7659 | High | 8.0 | — | 2026-02-11 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to steal tokens and access private repositories by ab… |
CVE-2026-0958 | High | 7.5 | — | 2026-02-11 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through memory or CPU exha… |
CVE-2025-8099 | High | 7.5 | — | 2026-02-11 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.8 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an unauthenticated user to cause denial of service… |
CVE-2026-0595 | High | 7.3 | — | 2026-02-11 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.9 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to add unauthorized email add… |
CVE-2025-14560 | High | 7.3 | — | 2026-02-11 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized actio… |
CVE-2026-1458 | Medium | 6.5 | — | 2026-02-11 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an unauthenticated user to cause denial of service b… |
CVE-2026-1456 | Medium | 6.5 | — | 2026-02-11 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through CPU exhaustion by submitting specially… |
CVE-2026-1387 | Medium | 6.5 | — | 2026-02-11 | GitLab has remediated an issue in GitLab EE affecting all versions from 15.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an authenticated user to cause Denial of Service by uploading a malicious file a… |
CVE-2025-12575 | Medium | 5.4 | — | 2026-02-11 | GitLab has remediated an issue in GitLab EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user with certain permissions to make… |
CVE-2026-1094 | Medium | 4.6 | — | 2026-02-11 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 before 18.8.4 that could have allowed an authenticated developer to hide specially crafted file changes from the WebUI. |
CVE-2026-1080 | Medium | 4.3 | — | 2026-02-11 | GitLab has remediated an issue in GitLab EE affecting all versions from 16.7 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to access iteration data from pr… |
CVE-2025-12073 | Medium | 4.3 | — | 2026-02-11 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an authenticated user to perform server-side reque… |
CVE-2025-14592 | Low | 3.7 | — | 2026-02-11 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized opera… |
CVE-2026-1282 | Low | 3.5 | — | 2026-02-11 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an authenticated user to inject malicious content into project labels titles. |
CVE-2025-14594 | Low | 3.5 | — | 2026-02-11 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.11 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to view certain pipeline val… |
Code-projects · 14 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-2223 | High | 7.3 | — | 2026-02-09 | A security vulnerability has been detected in code-projects Online Reviewer System 1.0. |
CVE-2026-2221 | High | 7.3 | — | 2026-02-09 | A security flaw has been discovered in code-projects Online Reviewer System 1.0. |
CVE-2026-2220 | High | 7.3 | — | 2026-02-09 | A vulnerability was identified in code-projects Online Reviewer System 1.0. |
CVE-2026-2212 | High | 7.3 | — | 2026-02-09 | A vulnerability was identified in code-projects Online Music Site 1.0. |
CVE-2026-2211 | High | 7.3 | — | 2026-02-09 | A vulnerability was determined in code-projects Online Music Site 1.0. |
CVE-2026-2199 | High | 7.3 | — | 2026-02-09 | A security flaw has been discovered in code-projects Online Reviewer System 1.0. |
CVE-2026-2198 | High | 7.3 | — | 2026-02-09 | A vulnerability was identified in code-projects Online Reviewer System 1.0. |
CVE-2026-2197 | High | 7.3 | — | 2026-02-09 | A vulnerability was determined in code-projects Online Reviewer System 1.0. |
CVE-2026-2196 | High | 7.3 | — | 2026-02-09 | A vulnerability was found in code-projects Online Reviewer System 1.0. |
CVE-2026-2195 | High | 7.3 | — | 2026-02-09 | A vulnerability has been found in code-projects Online Reviewer System 1.0. |
CVE-2026-2213 | Medium | 4.7 | — | 2026-02-09 | A security flaw has been discovered in code-projects Online Music Site 1.0. |
CVE-2026-2224 | Low | 3.5 | — | 2026-02-09 | A vulnerability was detected in code-projects Online Reviewer System 1.0. |
CVE-2026-2222 | Low | 2.4 | — | 2026-02-09 | A weakness has been identified in code-projects Online Reviewer System 1.0. |
CVE-2026-2214 | Low | 2.4 | — | 2026-02-09 | A weakness has been identified in code-projects for Plugin 1.0. |
Freerdp · 12 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-24679 | Critical | 9.1 | — | 2026-02-09 | FreeRDP is a free implementation of the Remote Desktop Protocol. |
CVE-2026-24677 | Critical | 9.1 | — | 2026-02-09 | FreeRDP is a free implementation of the Remote Desktop Protocol. |
CVE-2026-24684 | High | 7.5 | — | 2026-02-09 | FreeRDP is a free implementation of the Remote Desktop Protocol. |
CVE-2026-24683 | High | 7.5 | — | 2026-02-09 | FreeRDP is a free implementation of the Remote Desktop Protocol. |
CVE-2026-24682 | High | 7.5 | — | 2026-02-09 | FreeRDP is a free implementation of the Remote Desktop Protocol. |
CVE-2026-24681 | High | 7.5 | — | 2026-02-09 | FreeRDP is a free implementation of the Remote Desktop Protocol. |
CVE-2026-24680 | High | 7.5 | — | 2026-02-09 | FreeRDP is a free implementation of the Remote Desktop Protocol. |
CVE-2026-24678 | High | 7.5 | — | 2026-02-09 | FreeRDP is a free implementation of the Remote Desktop Protocol. |
CVE-2026-24676 | High | 7.5 | — | 2026-02-09 | FreeRDP is a free implementation of the Remote Desktop Protocol. |
CVE-2026-24675 | High | 7.5 | — | 2026-02-09 | FreeRDP is a free implementation of the Remote Desktop Protocol. |
CVE-2026-24491 | High | 7.5 | — | 2026-02-09 | FreeRDP is a free implementation of the Remote Desktop Protocol. |
CVE-2026-23948 | High | 7.5 | — | 2026-02-09 | FreeRDP is a free implementation of the Remote Desktop Protocol. |
Siemens · 11 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25656 | High | 7.8 | — | 2026-02-10 | A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3), User Management Component (UMC) (All versions < V2.15.2.1). |
CVE-2026-25655 | High | 7.8 | — | 2026-02-10 | A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP2). |
CVE-2026-23720 | High | 7.8 | — | 2026-02-10 | A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). |
CVE-2026-23719 | High | 7.8 | — | 2026-02-10 | A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). |
CVE-2026-23718 | High | 7.8 | — | 2026-02-10 | A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). |
CVE-2026-23717 | High | 7.8 | — | 2026-02-10 | A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). |
CVE-2026-23716 | High | 7.8 | — | 2026-02-10 | A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). |
CVE-2026-23715 | High | 7.8 | — | 2026-02-10 | A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). |
CVE-2026-22923 | High | 7.8 | — | 2026-02-10 | A vulnerability has been identified in NX (All versions < V2512), NX (Managed Mode) (All versions < V2512). |
CVE-2025-40587 | High | 7.6 | — | 2026-02-10 | A vulnerability has been identified in Polarion V2404 (All versions < V2404.5), Polarion V2410 (All versions < V2410.2). |
CVE-2024-52334 | Medium | 5.3 | — | 2026-02-10 | A vulnerability has been identified in syngo.plaza VB30E (All versions < VB30E_HF07). |
Praskla-technology · 9 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25875 | Critical | 9.8 | — | 2026-02-09 | PlaciPy is a placement management system designed for educational institutions. |
CVE-2026-25814 | Critical | 9.8 | — | 2026-02-09 | PlaciPy is a placement management system designed for educational institutions. |
CVE-2026-25809 | Critical | 9.8 | — | 2026-02-09 | PlaciPy is a placement management system designed for educational institutions. |
CVE-2026-25811 | Critical | 9.1 | — | 2026-02-09 | PlaciPy is a placement management system designed for educational institutions. |
CVE-2026-25876 | Critical | 9.1 | — | 2026-02-09 | PlaciPy is a placement management system designed for educational institutions. |
CVE-2026-25810 | Critical | 9.1 | — | 2026-02-09 | PlaciPy is a placement management system designed for educational institutions. |
CVE-2026-25812 | High | 8.8 | — | 2026-02-09 | PlaciPy is a placement management system designed for educational institutions. |
CVE-2026-25813 | High | 7.5 | — | 2026-02-09 | PlaciPy is a placement management system designed for educational institutions. |
CVE-2026-25806 | Medium | 6.5 | — | 2026-02-09 | PlaciPy is a placement management system designed for educational institutions. |
Craftcms · 8 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25497 | High | 8.8 | — | 2026-02-09 | Craft is a platform for creating digital experiences. |
CVE-2026-25495 | High | 8.8 | — | 2026-02-09 | Craft is a platform for creating digital experiences. |
CVE-2026-25498 | High | 7.2 | — | 2026-02-09 | Craft is a platform for creating digital experiences. |
CVE-2026-25494 | Medium | 6.5 | — | 2026-02-09 | Craft is a platform for creating digital experiences. |
CVE-2026-25493 | Medium | 6.5 | — | 2026-02-09 | Craft is a platform for creating digital experiences. |
CVE-2026-25492 | Medium | 6.5 | — | 2026-02-09 | Craft CMS is a content management system. |
CVE-2026-25496 | Medium | 4.8 | — | 2026-02-09 | Craft is a platform for creating digital experiences. |
CVE-2026-25491 | Medium | 4.8 | — | 2026-02-09 | Craft is a platform for creating digital experiences. |
Fortinet · 8 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-52436 | High | 8.8 | — | 2026-02-10 | An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, For… |
CVE-2026-22153 | High | 8.1 | — | 2026-02-10 | An Authentication Bypass by Primary Weakness vulnerability [CWE-305] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4 may allow an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FSSO policy, when the remote… |
CVE-2026-21743 | High | 7.2 | — | 2026-02-10 | A missing authorization vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow a read-only user to make modi… |
CVE-2025-62676 | High | 7.1 | — | 2026-02-10 | An Improper Link Resolution Before File Access ('Link Following') vulnerability [CWE-59] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.4, FortiClientWindows 7.2.0 through 7.2.12, FortiClientWindows 7.0 all versions may all… |
CVE-2025-64157 | Medium | 6.7 | — | 2026-02-10 | A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0 all versions allows an authenticated admin to execute unauthorized c… |
CVE-2025-68686 | Medium | 5.9 | — | 2026-02-10 | An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all v… |
CVE-2025-55018 | Medium | 5.8 | — | 2026-02-10 | An inconsistent interpretation of http requests ('http request smuggling') vulnerability in Fortinet FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4.3 through 6.4.16 may allow an… |
CVE-2025-62439 | Medium | 4.2 | — | 2026-02-10 | An Improper Verification of Source of a Communication Channel vulnerability [CWE-940] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions may allow an authe… |
Tanium · 8 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-15310 | High | 7.8 | — | 2026-02-10 | Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools. |
CVE-2025-15319 | High | 7.8 | — | 2026-02-09 | Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools. |
CVE-2025-15316 | Medium | 6.7 | — | 2026-02-09 | Tanium addressed a local privilege escalation vulnerability in Tanium Server. |
CVE-2025-15315 | Medium | 6.7 | — | 2026-02-09 | Tanium addressed a local privilege escalation vulnerability in Tanium Module Server. |
CVE-2025-15317 | Medium | 6.5 | — | 2026-02-09 | Tanium addressed an uncontrolled resource consumption vulnerability in Tanium Server. |
CVE-2025-15314 | Medium | 5.5 | — | 2026-02-10 | Tanium addressed an arbitrary file deletion vulnerability in end-user-cx. |
CVE-2025-15313 | Medium | 5.5 | — | 2026-02-10 | Tanium addressed an arbitrary file deletion vulnerability in Tanium EUSS. |
CVE-2025-15318 | Medium | 5.5 | — | 2026-02-09 | Tanium addressed an arbitrary file deletion vulnerability in End-User Notifications Endpoint Tools. |
Apache · 7 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-23906 | Critical | 9.8 | — | 2026-02-10 | Affected Products and Versions * Apache Druid * Affected Versions: 0.17.0 through 35.x (all versions prior to 36.0.0) * Prerequisites: * druid-basic-security extension enabled * LDAP authenticator configured * Underlying L… |
CVE-2026-24343 | High | 8.8 | — | 2026-02-10 | Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in Apache HertzBeat. |
CVE-2025-33042 | High | 7.3 | — | 2026-02-13 | Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. |
CVE-2026-24098 | Medium | 6.5 | — | 2026-02-09 | Apache Airflow versions 3.0.0 - 3.1.7, has vulnerability that allows authenticated UI users with permission to one or more specific Dags to view import errors generated by other Dags they did not have access to. |
CVE-2026-22922 | Medium | 6.5 | — | 2026-02-09 | Apache Airflow versions 3.1.0 through 3.1.6 contain an authorization flaw that can allow an authenticated user with custom permissions limited to task access to view task logs without having task log access. |
CVE-2026-23903 | Medium | 5.3 | — | 2026-02-09 | Authentication Bypass by Alternate Name vulnerability in Apache Shiro. |
CVE-2026-23901 | Low | 2.5 | — | 2026-02-10 | Observable Timing Discrepancy vulnerability in Apache Shiro. |
Flowring · 7 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-2096 | Critical | 9.8 | — | 2026-02-10 | Agentflow developed by Flowring has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality. |
CVE-2026-2095 | Critical | 9.8 | — | 2026-02-10 | Agentflow developed by Flowring has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to exploit a specific functionality to obtain arbitrary user authentication token and log into the system as any user. |
CVE-2026-2097 | High | 8.8 | — | 2026-02-10 | Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server. |
CVE-2026-2094 | High | 8.8 | — | 2026-02-10 | Docpedia developed by Flowring has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. |
CVE-2026-2093 | High | 7.5 | — | 2026-02-10 | Docpedia developed by Flowring has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents. |
CVE-2026-2098 | Medium | 6.1 | — | 2026-02-10 | AgentFlow developed by Flowring has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks. |
CVE-2026-2099 | Medium | 5.4 | — | 2026-02-10 | AgentFlow developed by Flowring has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject persistent JavaScript codes that are executed in users' browsers upon page load. |
Intel · 7 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-32453 | Medium | 6.7 | — | 2026-02-10 | Incorrect default permissions for some Intel(R) Graphics Driver software within Ring 2: Privileged Process may allow an escalation of privilege. |
CVE-2025-32092 | Medium | 6.7 | — | 2026-02-10 | Insecure inherited permissions for some Intel(R) Graphics Software before version 25.30.1702.0 within Ring 3: User Applications may allow an escalation of privilege. |
CVE-2025-32003 | Medium | 6.5 | — | 2026-02-10 | Out-of-bounds read in the firmware for some 100GbE Intel(R) Ethernet Network Adapter E810 before version cvl fw 1.7.6, cpk 1.3.7 within Ring 0: Bare Metal OS may allow a denial of service. |
CVE-2025-27243 | Medium | 6.0 | — | 2026-02-10 | Out-of-bounds write in the firmware for some Intel(R) Ethernet Controller E810 before version cvl fw 1.7.8.x within Ring 0: Bare Metal OS may allow a denial of service. |
CVE-2025-24851 | Medium | 6.0 | — | 2026-02-10 | Uncaught exception in the firmware for some 100GbE Intel(R) Ethernet Controller E810 before version cvl fw 1.7.8.x within Ring 0: Bare Metal OS may allow a denial of service. |
CVE-2025-27535 | Medium | 5.3 | — | 2026-02-10 | Exposed ioctl with insufficient access control in the firmware for some Intel(R) Ethernet Connection E825-C. |
CVE-2025-32739 | Low | 2.8 | — | 2026-02-10 | Improper conditions check in some firmware for some Intel(R) Graphics Drivers and Intel LTS kernels within Ring 1: Device Drivers may allow a denial of service. |
Mongodb · 7 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-1848 | High | 7.5 | — | 2026-02-10 | Connections received from the proxy port may not count towards total accepted connections, resulting in server crashes if the total number of connections exceeds available resources. |
CVE-2026-25613 | Medium | 6.5 | — | 2026-02-10 | An authorized user may disable the MongoDB server by issuing a query against a collection that contains an invalid compound wildcard index. |
CVE-2026-25610 | Medium | 6.5 | — | 2026-02-10 | An authorized user may trigger a server crash by running a $geoNear pipeline with certain invalid index hints. |
CVE-2026-1850 | Medium | 6.5 | — | 2026-02-10 | Complex queries can cause excessive memory usage in MongoDB Query Planner resulting in an Out-Of-Memory Crash. |
CVE-2026-1849 | Medium | 6.5 | — | 2026-02-10 | MongoDB Server may experience an out-of-memory failure while evaluating expressions that produce deeply nested documents. |
CVE-2026-1847 | Medium | 6.5 | — | 2026-02-10 | Inserting certain large documents into a replica set could lead to replica set secondaries not being able to fetch the oplog from the primary. |
CVE-2026-25609 | Medium | 5.4 | — | 2026-02-10 | Incorrect validation of the profile command may result in the determination that a request altering the 'filter' is read-only. |
Red Hat · 7 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-1486 | High | 8.8 | — | 2026-02-09 | A flaw was found in Keycloak. |
CVE-2026-1529 | High | 8.1 | — | 2026-02-09 | A flaw was found in Keycloak. |
CVE-2026-26158 | High | 7.0 | — | 2026-02-11 | A flaw was found in BusyBox. |
CVE-2026-26157 | High | 7.0 | — | 2026-02-11 | A flaw was found in BusyBox. |
CVE-2025-14778 | Medium | 5.4 | — | 2026-02-09 | A flaw was found in Keycloak. |
CVE-2025-14831 | Medium | 5.3 | — | 2026-02-09 | A flaw was found in GnuTLS. |
CVE-2025-11537 | Medium | 5.0 | — | 2026-02-10 | A flaw was found in Keycloak. |
Frangoteam · 6 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25938 | Critical | 9.8 | — | 2026-02-09 | FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. |
CVE-2026-25895 | Critical | 9.8 | — | 2026-02-09 | FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. |
CVE-2026-25894 | Critical | 9.8 | — | 2026-02-09 | FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. |
CVE-2026-25893 | Critical | 9.8 | — | 2026-02-09 | FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. |
CVE-2026-25939 | Critical | 9.1 | — | 2026-02-09 | FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. |
CVE-2026-25951 | High | 7.2 | — | 2026-02-09 | FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. |
Tp-link · 6 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-0652 | High | 8.8 | — | 2026-02-10 | On TP-Link Tapo C260 v1, command injection vulnerability exists due to improper sanitization in certain POST parameters during configuration synchronization. |
CVE-2025-9293 | High | 8.1 | — | 2026-02-13 | A vulnerability in the certificate validation logic may allow applications to accept untrusted or improperly validated server identities during TLS communication. |
CVE-2026-0651 | High | 7.8 | — | 2026-02-10 | A path traversal vulnerability was identified TP-Link Tapo C260 v1, D235 v1 and C520WS v2.6 within the HTTP server’s handling of GET requests. |
CVE-2025-9292 | High | 7.5 | — | 2026-02-13 | A permissive web security configuration may allow cross-origin restrictions enforced by modern browsers to be bypassed under specific circumstances. |
CVE-2026-0653 | Medium | 6.5 | — | 2026-02-10 | On TP-Link Tapo C260 v1 and D235 v1, a guest‑level authenticated user can bypass intended access restrictions by sending crafted requests to a synchronization endpoint. |
CVE-2026-1571 | Medium | 6.1 | — | 2026-02-11 | User-controlled input is reflected into the HTML output without proper encoding on TP-Link Archer C60 v3, allowing arbitrary JavaScript execution via a crafted URL. An attacker could run script in the device web UI context, potentially ena… |
Axis · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-11547 | High | 7.8 | — | 2026-02-10 | AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a non-admin user. |
CVE-2025-11142 | High | 7.1 | — | 2026-02-10 | The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code execution. |
CVE-2025-12063 | Medium | 5.7 | — | 2026-02-10 | An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions. |
CVE-2025-12757 | Medium | 4.6 | — | 2026-02-10 | An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are not permitted to. |
CVE-2025-13064 | Medium | 4.5 | — | 2026-02-10 | A server-side injection was possible for a malicious admin to manipulate the application to include a malicious script which is executed by the server. |
D-link · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-2260 | High | 7.2 | — | 2026-02-10 | A vulnerability was found in D-Link DCS-931L up to 1.13.0. |
CVE-2026-2210 | High | 7.2 | — | 2026-02-09 | A vulnerability has been found in D-Link DIR-823X 250416. |
CVE-2026-2218 | Medium | 6.3 | — | 2026-02-09 | A vulnerability was determined in D-Link DCS-933L up to 1.14.11. |
CVE-2026-2194 | Medium | 6.3 | — | 2026-02-09 | A flaw has been found in D-Link DI-7100G C1 24.04.18D1. |
CVE-2026-2227 | Medium | 4.7 | — | 2026-02-09 | A vulnerability was found in D-Link DCS-931L up to 1.13.0. |
Top Password Software · 5 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2020-37215 | High | 7.5 | — | 2026-02-11 | MSN Password Recovery version 1.30 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized input in the registration code field. |
CVE-2020-37193 | High | 7.5 | — | 2026-02-11 | ZIP Password Recovery 2.30 contains a denial of service vulnerability that allows attackers to crash the application by providing maliciously crafted input. |
CVE-2020-37191 | High | 7.5 | — | 2026-02-11 | Top Password Software Dialup Password Recovery 1.30 contains a denial of service vulnerability that allows attackers to crash the application by overflowing input fields. |
CVE-2020-37190 | High | 7.5 | — | 2026-02-11 | Top Password Firefox Password Recovery 2.8 contains a denial of service vulnerability that allows attackers to crash the application by overflowing input fields. |
CVE-2020-37192 | Medium | 6.2 | — | 2026-02-11 | MSN Password Recovery 1.30 contains an XML external entity injection vulnerability that allows attackers to read local system files through crafted XML input. |
Cipplanner · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-50619 | High | 8.8 | — | 2026-02-11 | Vulnerabilities in the My Account and User Management components in CIPPlanner CIPAce before 9.17 allows attackers to escalate their access levels. |
CVE-2024-50620 | High | 8.8 | — | 2026-02-11 | Unrestricted Upload of File with Dangerous Type vulnerabilities exist in the rich text editor and document manage components in CIPPlanner CIPAce before 9.17. |
CVE-2024-50617 | High | 7.5 | — | 2026-02-11 | Vulnerabilities in the File Download and Get File handler components in CIPPlanner CIPAce before 9.17 allow attackers to download unauthorized files. |
CVE-2024-50618 | Medium | 4.3 | — | 2026-02-11 | A Use of Single-factor Authentication vulnerability in the Authentication component of CIPPlanner CIPAce before 9.17 allows attackers to bypass a protection mechanism. |
Internet-soft · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25321 | Critical | 9.8 | — | 2026-02-12 | FTP Navigator 8.03 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. |
CVE-2019-25319 | Critical | 9.8 | — | 2026-02-12 | Domain Quester Pro 6.02 contains a stack overflow vulnerability that allows remote attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. |
CVE-2019-25332 | High | 8.4 | — | 2026-02-12 | FTP Commander Pro 8.03 contains a local stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting the EIP register through a custom command input. |
CVE-2019-25329 | High | 7.5 | — | 2026-02-12 | FTP Navigator 8.03 contains a denial of service vulnerability that allows attackers to crash the application by overwriting Structured Exception Handler (SEH) with malicious input. |
Kanboard · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25924 | High | 8.4 | — | 2026-02-11 | Kanboard is project management software focused on Kanban methodology. |
CVE-2026-24885 | Medium | 5.7 | — | 2026-02-10 | Kanboard is project management software focused on Kanban methodology. |
CVE-2026-25531 | Medium | 4.3 | — | 2026-02-13 | Kanboard is project management software focused on Kanban methodology. |
CVE-2026-25530 | Medium | 4.3 | — | 2026-02-10 | Kanboard is project management software focused on Kanban methodology. |
Microcom · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-13651 | High | 7.5 | — | 2026-02-11 | Exposure of Sensitive System Information to an Unauthorized Actor vulnerability in Microcom ZeusWeb allows Web Application Fingerprinting of sensitive data. |
CVE-2025-13650 | Medium | 6.1 | — | 2026-02-11 | An attacker with access to the web application ZeusWeb of the provider Microcom (in this case, registration is not necessary, but the action must be performed) who has the vulnerable software could introduce arbitrary JavaScript by injecti… |
CVE-2025-13649 | Medium | 6.1 | — | 2026-02-11 | An attacker with access to the web application ZeusWeb of the provider Microcom (in this case, registration is not necessary, but the action must be performed) who has the vulnerable software could introduce arbitrary JavaScript by injec… |
CVE-2025-13648 | Medium | 6.1 | — | 2026-02-11 | An attacker with access to the web application ZeusWeb of the provider Microcom (in this case, registration is required) who has the vulnerable software could introduce arbitrary JavaScript by injecting an XSS payload into the ‘Name’ and… |
Mongodb Inc · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25611 | High | 7.5 | — | 2026-02-10 | A series of specifically crafted, unauthenticated messages can exhaust available memory and crash a MongoDB server. |
CVE-2026-2303 | Medium | 6.5 | — | 2026-02-10 | The mongo-go-driver repository contains CGo bindings for GSSAPI (Kerberos) authentication on Linux and macOS. |
CVE-2026-2302 | Medium | 6.5 | — | 2026-02-10 | Under specific conditions when processing a maliciously crafted value of type Hash r, Mongoid::Criteria.from_hash may allow for executing arbitrary Ruby code. |
CVE-2026-25612 | Medium | 6.5 | — | 2026-02-10 | The internal locking mechanism of the MongoDB server uses an internal encoding of the resources in order to choose what lock to take. |
Powerdns · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-59023 | High | 8.2 | — | 2026-02-09 | Crafted delegations or IP fragments can poison cached delegations in Recursor. |
CVE-2025-59024 | Medium | 6.5 | — | 2026-02-09 | Crafted delegations or IP fragments can poison cached delegations in Recursor. |
CVE-2026-24027 | Medium | 5.3 | — | 2026-02-09 | Crafted zones can lead to increased incoming network traffic. |
CVE-2026-0398 | Medium | 5.3 | — | 2026-02-09 | Crafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor. |
Unknown · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-14892 | Critical | 9.8 | — | 2026-02-12 | The Prime Listing Manager WordPress plugin through 1.1 allows an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions due to a hardcoded secret. |
CVE-2026-1235 | Medium | 6.5 | — | 2026-02-11 | The WP eCommerce WordPress plugin through 3.15.1 unserializes user input via ajax actions, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog. |
CVE-2025-15400 | Medium | 6.5 | — | 2026-02-11 | The OpenPix for WooCommerce WordPress plugin through 2.13.3 allows any authenticated user to trigger AJAX actions that reset payment gateway configuration options without capability or nonce checks. |
CVE-2025-15520 | Medium | 4.3 | — | 2026-02-13 | The RegistrationMagic WordPress plugin before 6.0.7.2 checks nonces but not capabilities, allowing for the disclosure of some sensitive data to subscribers and above. |
Wago · 4 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-22906 | Critical | 9.8 | — | 2026-02-09 | User credentials are stored using AES‑ECB encryption with a hardcoded key. |
CVE-2026-22904 | Critical | 9.8 | — | 2026-02-09 | Improper length handling when parsing multiple cookie fields (including TRACKID) allows an unauthenticated remote attacker to send oversized cookie values and trigger a stack buffer overflow, resulting in a denial‑of‑service condition and… |
CVE-2026-22903 | Critical | 9.8 | — | 2026-02-09 | An unauthenticated remote attacker can send a crafted HTTP request containing an overly long SESSIONID cookie. |
CVE-2026-22905 | High | 7.5 | — | 2026-02-09 | An unauthenticated remote attacker can bypass authentication by exploiting insufficient URI validation and using path traversal sequences (e.g., /js/../cgi-bin/post.cgi), gaining unauthorized access to protected CGI endpoints and configura… |
Albrecht Jung Gmbh & Co. Kg · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-26234 | High | 8.8 | — | 2026-02-12 | JUNG Smart Visu Server 1.1.1050 contains a request header manipulation vulnerability that allows unauthenticated attackers to override request URLs by injecting arbitrary values in the X-Forwarded-Host header. |
CVE-2026-26235 | High | 7.5 | — | 2026-02-12 | JUNG Smart Visu Server 1.1.1050 contains a denial of service vulnerability that allows unauthenticated attackers to remotely shutdown or reboot the server. |
CVE-2026-25872 | Medium | 5.3 | — | 2026-02-10 | JUNG Smart Panel KNX firmware version L1.12.22 and prior contain an unauthenticated path traversal vulnerability in the embedded web interface. |
Avideo · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2020-37173 | High | 7.5 | — | 2026-02-11 | AVideo Platform 8.1 contains an information disclosure vulnerability that allows attackers to enumerate user details through the playlistsFromUser.json.php endpoint. |
CVE-2020-37172 | Medium | 5.3 | — | 2026-02-11 | AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploiting the password recovery mechanism. |
CVE-2020-37158 | Medium | 5.3 | — | 2026-02-11 | AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploiting the password recovery mechanism. |
Bacnet-stack · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-26264 | High | 8.1 | — | 2026-02-13 | BACnet Stack is a BACnet open source protocol stack C library for embedded systems. |
CVE-2026-21878 | High | 7.5 | — | 2026-02-13 | BACnet Stack is a BACnet open source protocol stack C library for embedded systems. |
CVE-2026-21870 | Medium | 5.5 | — | 2026-02-13 | BACnet Protocol Stack library provides a BACnet application layer, network layer and media access (MAC) layer communications services. |
Birtech Information Technologies Industry And Trade Ltd. Co. · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-10465 | High | 8.8 | — | 2026-02-09 | Unrestricted Upload of File with Dangerous Type vulnerability in Birtech Information Technologies Industry and Trade Ltd. |
CVE-2025-10463 | High | 7.3 | — | 2026-02-09 | Improper Authentication vulnerability in Birtech Information Technologies Industry and Trade Ltd. |
CVE-2025-10464 | Medium | 6.5 | — | 2026-02-09 | Insecure Storage of Sensitive Information vulnerability in Birtech Information Technologies Industry and Trade Ltd. |
Calero · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-26335 | Critical | 9.8 | — | 2026-02-13 | Calero VeraSMART versions prior to 2022 R1 use static ASP.NET/IIS machineKey values configured for the VeraSMART web application and stored in C:\\Program Files (x86)\\Veramark\\VeraSMART\\WebRoot\\web.config. |
CVE-2026-26333 | Critical | 9.8 | — | 2026-02-13 | Calero VeraSMART versions prior to 2022 R1 expose an unauthenticated .NET Remoting HTTP service on TCP port 8001. |
CVE-2026-26334 | High | 7.8 | — | 2026-02-13 | Calero VeraSMART versions prior to 2026 R1 contain hardcoded static AES encryption keys within Veramark.Framework.dll (Veramark.Core.Config class). |
Dell · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-23857 | High | 8.2 | — | 2026-02-12 | Dell Update Package (DUP) Framework, versions 23.12.00 through 24.12.00, contains an Improper Handling of Insufficient Permissions or Privileges vulnerability. |
CVE-2026-23856 | High | 7.8 | — | 2026-02-12 | Dell iDRAC Service Module (iSM) for Windows, versions prior to 6.0.3.1, and Dell iDRAC Service Module (iSM) for Linux, versions prior to 5.4.1.1, contain an Improper Access Control vulnerability. |
CVE-2026-21419 | Medium | 6.6 | — | 2026-02-09 | Dell Display and Peripheral Manager (Windows) versions prior to 2.2 contain an Improper Link Resolution Before File Access ('Link Following') vulnerability in the Installer and Service. |
Digitalvolcano Software · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2020-37213 | High | 7.5 | — | 2026-02-11 | TextCrawler Pro 3.1.1 contains a denial of service vulnerability that allows attackers to crash the application by sending an oversized buffer in the license key field. |
CVE-2020-37198 | High | 7.5 | — | 2026-02-11 | Duplicate Cleaner Pro 4.1.3 contains a denial of service vulnerability that allows attackers to crash the application by injecting an oversized buffer into the license key field. |
CVE-2020-37189 | High | 7.5 | — | 2026-02-11 | TaskCanvas 1.4.0 contains a denial of service vulnerability in the registration code input field that allows attackers to crash the application. |
Farktor · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-10969 | Critical | 9.8 | — | 2026-02-12 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Farktor Software E-Commerce Services Inc. |
CVE-2025-13002 | High | 8.2 | — | 2026-02-12 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Farktor Software E-Commerce Services Inc. |
CVE-2025-13004 | Medium | 6.3 | — | 2026-02-12 | Authorization Bypass Through User-Controlled Key vulnerability in Farktor Software E-Commerce Services Inc. |
Free5gc · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-70123 | High | 7.5 | — | 2026-02-13 | An improper input validation and protocol compliance vulnerability in free5GC v4.0.1 allows remote attackers to cause a denial of service. |
CVE-2025-70122 | High | 7.5 | — | 2026-02-13 | A heap buffer overflow vulnerability in the UPF component of free5GC v4.0.1 allows remote attackers to cause a denial of service via a crafted PFCP Session Modification Request. |
CVE-2025-70121 | High | 7.5 | — | 2026-02-13 | An array index out of bounds vulnerability in the AMF component of free5GC v4.0.1 allows remote attackers to cause a denial of service via a crafted 5GS Mobile Identity in a NAS Registration Request message. |
Getoutline · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-64487 | High | 7.6 | — | 2026-02-11 | Outline is a service that allows for collaborative documentation. |
CVE-2026-25062 | Medium | 5.5 | — | 2026-02-11 | Outline is a service that allows for collaborative documentation. |
CVE-2025-68663 | Medium | 5.3 | — | 2026-02-11 | Outline is a service that allows for collaborative documentation. |
Goauthentik · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25227 | Critical | 9.1 | — | 2026-02-12 | authentik is an open-source identity provider. |
CVE-2026-25922 | High | 8.8 | — | 2026-02-12 | authentik is an open-source identity provider. |
CVE-2026-25748 | High | 8.6 | — | 2026-02-12 | authentik is an open-source identity provider. |
Google · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-1669 | High | 7.5 | — | 2026-02-11 | Arbitrary file read in the model loading mechanism (HDF5 integration) in Keras versions 3.0.0 through 3.13.1 on all supported platforms allows a remote attacker to read local files and disclose sensitive information via a crafted .keras mo… |
CVE-2026-1837 | High | 7.5 | — | 2026-02-11 | A specially-crafted file can cause libjxl's decoder to write pixel data to uninitialized unallocated memory. |
CVE-2025-12474 | Medium | 4.4 | — | 2026-02-11 | A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized (but allocated) memory. |
Hgiga · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-2234 | Critical | 9.1 | — | 2026-02-09 | C&Cm@il developed by HGiga has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read and modify any user's mail content. |
CVE-2026-2236 | High | 7.5 | — | 2026-02-09 | C&Cm@il developed by HGiga has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents. |
CVE-2026-2235 | Medium | 6.5 | — | 2026-02-09 | C&Cm@il developed by HGiga has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents. |
Janet-lang · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-2242 | Low | 3.3 | — | 2026-02-09 | A vulnerability was determined in janet-lang janet up to 1.40.1. |
CVE-2026-2241 | Low | 3.3 | — | 2026-02-09 | A vulnerability was found in janet-lang janet up to 1.40.1. |
CVE-2026-2240 | Low | 3.3 | — | 2026-02-09 | A vulnerability has been found in janet-lang janet up to 1.40.1. |
Jetbrains · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25848 | Critical | 9.1 | — | 2026-02-09 | In JetBrains Hub before 2025.3.119807 authentication bypass allowing administrative actions was possible |
CVE-2026-25847 | High | 8.2 | — | 2026-02-09 | In JetBrains PyCharm before 2025.3.2 a DOM-based XSS on Jupyter viewer page was possible |
CVE-2026-25846 | Medium | 6.5 | — | 2026-02-09 | In JetBrains YouTrack before 2025.3.119033 access tokens could be exposed in Mailbox logs |
Kostasmitroglou · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25347 | High | 7.5 | — | 2026-02-12 | thesystem App 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the username parameter. |
CVE-2019-25346 | High | 7.5 | — | 2026-02-12 | TheSystem 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the 'server_name' parameter. |
CVE-2019-25311 | Medium | 6.4 | — | 2026-02-11 | thesystem version 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple server data input fields. |
Litestar · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25478 | High | 7.4 | — | 2026-02-09 | Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. |
CVE-2026-25480 | Medium | 6.5 | — | 2026-02-09 | Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. |
CVE-2026-25479 | Medium | 6.5 | — | 2026-02-09 | Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. |
Metis Cyberspace Technology Sa · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-2249 | Critical | 9.8 | — | 2026-02-11 | METIS DFS devices (versions <= oscore 2.1.234-r18) expose a web-based shell at the /console endpoint that does not require authentication. |
CVE-2026-2248 | Critical | 9.8 | — | 2026-02-11 | METIS WIC devices (versions <= oscore 2.1.234-r18) expose a web-based shell at the /console endpoint that does not require authentication. |
CVE-2026-2250 | High | 7.5 | — | 2026-02-11 | The /dbviewer/ web endpoint in METIS WIC devices is exposed without authentication. |
Quic-go · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-21438 | Medium | 5.3 | — | 2026-02-12 | webtransport-go is an implementation of the WebTransport protocol. |
CVE-2026-21435 | Medium | 5.3 | — | 2026-02-12 | webtransport-go is an implementation of the WebTransport protocol. |
CVE-2026-21434 | Medium | 5.3 | — | 2026-02-12 | webtransport-go is an implementation of the WebTransport protocol. |
Silabs.com · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-0619 | — | — | — | 2026-02-12 | A reachable infinite loop via an integer wraparound is present in Silicon Labs' Matter SDK which allows an attacker to trigger a denial of service. |
CVE-2025-11004 | — | — | — | 2026-02-10 | The Simplicity Device Manager Tool has a Reflected XSS (Cross-site-scripting) vulnerability in several API endpoints. |
CVE-2025-7432 | — | — | — | 2026-02-09 | DPA countermeasures in Silicon Labs' Series 2 devices are not reseeded under certain conditions. This may allow an attacker to eventually extract secret keys through a DPA attack. |
Solax Power · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-15573 | Critical | 9.4 | — | 2026-02-12 | The affected devices do not validate the server certificate when connecting to the SolaX Cloud MQTTS server hosted in the Alibaba Cloud (mqtt001.solaxcloud.com, TCP 8883). |
CVE-2025-15574 | Medium | 6.5 | — | 2026-02-12 | When connecting to the Solax Cloud MQTT server the username is the "registration number", which is the 10 character string printed on the SolaX Power Pocket device / the QR code on the device. |
CVE-2025-15575 | Medium | 5.3 | — | 2026-02-12 | The firmware update functionality does not verify the authenticity of the supplied firmware update files. |
Sumatrapdfreader · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25880 | High | 7.8 | — | 2026-02-09 | SumatraPDF is a multi-format reader for Windows. |
CVE-2026-25961 | High | 7.5 | — | 2026-02-09 | SumatraPDF is a multi-format reader for Windows. |
CVE-2026-25920 | Medium | 5.5 | — | 2026-02-09 | SumatraPDF is a multi-format reader for Windows. |
Unattributed · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25905 | Medium | 5.8 | — | 2026-02-09 | The Python code being run by 'runPython' or 'runPythonAsync' is not isolated from the rest of the JS code, allowing any Python code to use the Pyodide APIs to modify the JS environment. |
CVE-2026-25904 | Medium | 5.8 | — | 2026-02-09 | The Pydantic-AI MCP Run Python tool configures the Deno sandbox with an overly permissive configuration that allows the underlying Python code to access the localhost interface of the host to perform SSRF attacks. |
CVE-2026-1721 | — | — | — | 2026-02-13 | Summary A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the AI Playground's OAuth callback handler. |
Universal Software Inc. · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-1618 | High | 8.8 | — | 2026-02-13 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Universal Software Inc. |
CVE-2025-14349 | High | 8.8 | — | 2026-02-13 | Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc. |
CVE-2026-1619 | High | 8.3 | — | 2026-02-13 | Authorization Bypass Through User-Controlled Key vulnerability in Universal Software Inc. |
Wclovers · 3 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-0845 | High | 7.2 | — | 2026-02-10 | The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability chec… |
CVE-2026-1722 | Medium | 5.3 | — | 2026-02-10 | The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.7.0. |
CVE-2025-15147 | Medium | 4.3 | — | 2026-02-10 | The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.11.8 via the 'WCFMvm_Memberships_Payment_Controller::p… |
84codes · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25767 | High | 8.1 | — | 2026-02-12 | LavinMQ is a high-performance message queue & streaming server. |
CVE-2026-25768 | Medium | 6.5 | — | 2026-02-12 | LavinMQ is a high-performance message queue & streaming server. |
Aardappel · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-2259 | Low | 3.3 | — | 2026-02-10 | A vulnerability has been found in aardappel lobster up to 2025.4. |
CVE-2026-2258 | Low | 3.3 | — | 2026-02-10 | A flaw has been found in aardappel lobster up to 2025.4. |
Agpt · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-26020 | High | 8.8 | — | 2026-02-12 | AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. |
CVE-2026-26006 | Medium | 6.5 | — | 2026-02-10 | AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. |
Allok Soft · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2020-37184 | Critical | 9.8 | — | 2026-02-11 | Allok Video Converter 4.6.1217 contains a stack overflow vulnerability in the License Name input field that allows attackers to execute arbitrary code. |
CVE-2020-37183 | Critical | 9.8 | — | 2026-02-11 | Allok RM RMVB to AVI MPEG DVD Converter 3.6.1217 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. |
Astpp · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2020-37153 | Critical | 9.8 | — | 2026-02-11 | ASTPP 4.0.1 contains multiple vulnerabilities including cross-site scripting and command injection in SIP device configuration and plugin management interfaces. |
CVE-2020-37104 | High | 7.5 | — | 2026-02-11 | ASTPP 4.0.1 contains an information disclosure vulnerability that allows unauthenticated attackers to download database backup files by predicting backup filename patterns. |
Aveva · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-1507 | High | 7.5 | — | 2026-02-10 | The affected products are vulnerable to an uncaught exception that could allow an unauthenticated attacker to remotely crash core PI services resulting in a denial-of-service. |
CVE-2026-1495 | Medium | 6.5 | — | 2026-02-10 | The vulnerability, if exploited, could allow an attacker with Event Log Reader (S-1-5-32-573) privileges to obtain proxy details, including URL and proxy credentials, from the PI to CONNECT event log files. |
Avs4you · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25318 | High | 8.8 | — | 2026-02-12 | AVS Audio Converter 9.1.2.600 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by manipulating the output folder text input. |
CVE-2019-25331 | High | 8.4 | — | 2026-02-12 | AVS Audio Converter 9.1 contains a local buffer overflow vulnerability that allows local attackers to overwrite CPU registers by manipulating the 'Exit folder' input field. |
Ckolivas · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-15570 | Medium | 5.3 | — | 2026-02-10 | A vulnerability was found in ckolivas lrzip up to 0.651. |
CVE-2025-15571 | Low | 3.3 | — | 2026-02-10 | A security vulnerability has been detected in ckolivas lrzip up to 0.651. |
Cube · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25958 | High | 7.7 | — | 2026-02-09 | Cube is a semantic layer for building data applications. |
CVE-2026-25957 | Medium | 6.5 | — | 2026-02-09 | Cube is a semantic layer for building data applications. |
Dalibo · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-2361 | High | 8.0 | — | 2026-02-11 | PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code. |
CVE-2026-2360 | High | 8.0 | — | 2026-02-11 | PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a custom operator in the public schema and place malicious code in that operator. |
Error311 · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25231 | High | 7.5 | — | 2026-02-09 | FileRise is a self-hosted web file manager / WebDAV server. |
CVE-2026-25230 | Medium | 4.6 | — | 2026-02-09 | FileRise is a self-hosted web file manager / WebDAV server. |
Fastgpt · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-26075 | Medium | 5.4 | — | 2026-02-12 | FastGPT is an AI Agent building platform. |
CVE-2026-26003 | Medium | 5.4 | — | 2026-02-10 | FastGPT is an AI Agent building platform. |
Filebrowser · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25890 | High | 8.1 | — | 2026-02-09 | File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. |
CVE-2026-25889 | Medium | 5.4 | — | 2026-02-09 | File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. |
Frappe · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25956 | Medium | 6.1 | — | 2026-02-10 | Frappe is a full-stack web application framework. |
CVE-2026-26031 | Medium | 5.3 | — | 2026-02-11 | Frappe Learning Management System (LMS) is a learning system that helps users structure their content. |
Ge Vernova · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-1763 | Medium | 4.6 | — | 2026-02-10 | Vulnerability in GE Vernova Enervista UR Setup on Windows.This issue affects Enervista: 8.6 and previous versions. |
CVE-2026-1762 | Low | 2.9 | — | 2026-02-10 | A vulnerability in GE Vernova Enervista UR Setup on Windows allows File Manipulation.This issue affects Enervista: 8.6 and prior versions. |
Grafana · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-41117 | Medium | 6.8 | — | 2026-02-12 | Stack traces in Grafana's Explore Traces view can be rendered as raw HTML, and thus inject malicious JavaScript in the browser. |
CVE-2026-21722 | Medium | 5.3 | — | 2026-02-12 | Public dashboards with annotations enabled did not limit their annotation timerange to the locked timerange of the public dashboard. |
Heatmiser · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25322 | High | 7.5 | — | 2026-02-12 | Heatmiser Netmonitor 3.03 contains a hardcoded credentials vulnerability in the networkSetup.htm page with predictable admin login credentials. |
CVE-2019-25323 | Medium | 6.1 | — | 2026-02-12 | Heatmiser Netmonitor v3.03 contains an HTML injection vulnerability in the outputSetup.htm page that allows attackers to inject malicious HTML code through the outputtitle parameter. |
Hp · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-1997 | Medium | 5.3 | — | 2026-02-10 | Certain HP OfficeJet Pro printers may expose information if Cross‑Origin Resource Sharing (CORS) is misconfigured, potentially allowing unauthorized web origins to access device resource. |
CVE-2026-1996 | Medium | 5.3 | — | 2026-02-10 | Certain HP OfficeJet Pro printers may be vulnerable to potential denial of service when the IPP requests are mishandled, failing to establish a TCP connection. |
Infoblox · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-61880 | High | 8.8 | — | 2026-02-12 | In Infoblox NIOS through 9.0.7, insecure deserialization can result in remote code execution. |
CVE-2025-61879 | High | 7.7 | — | 2026-02-12 | In Infoblox NIOS through 9.0.7, a High-Privileged User Can Trigger an Arbitrary File Write via the Account Creation Mechanism. |
Intego · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-26225 | — | — | — | 2026-02-12 | Intego Personal Backup, a macOS backup utility that allows users to create scheduled backups and bootable system clones, contains a local privilege escalation vulnerability. |
CVE-2026-26224 | — | — | — | 2026-02-12 | Intego Log Reporter, a macOS diagnostic utility bundled with Intego security products that collects system and application logs for support analysis, contains a local privilege escalation vulnerability. |
Ivanti · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-1603 | High | 8.6 | KEV | 2026-02-10 | An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data. |
CVE-2026-1602 | Medium | 6.5 | — | 2026-02-10 | SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. |
Kidocode · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-26216 | Critical | 10.0 | — | 2026-02-12 | Crawl4AI versions prior to 0.8.0 contain a remote code execution vulnerability in the Docker API deployment. |
CVE-2026-26217 | High | 8.6 | — | 2026-02-12 | Crawl4AI versions prior to 0.8.0 contain a local file inclusion vulnerability in the Docker API deployment. |
Langchain · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-26019 | Medium | 4.1 | — | 2026-02-11 | LangChain is a framework for building LLM-powered applications. |
CVE-2026-26013 | Low | 3.7 | — | 2026-02-10 | LangChain is a framework for building agents and LLM-powered applications. |
Linux · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-23112 | Critical | 9.8 | — | 2026-02-13 | In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec nvmet_tcp_build_pdu_iovec() could walk past cmd->req.sg when a PDU length or offset exceeds sg_cnt and then use… |
CVE-2026-23111 | High | 7.8 | — | 2026-02-13 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() nft_map_catchall_activate() has an inverted element activity check compared to its non-ca… |
Loggro Pymes · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-1960 | — | — | — | 2026-02-09 | Stored Cross-Site Scripting (XSS) vulnerability in Loggro Pymes, via the 'Facebook' parameter in '/loggrodemo/jbrain/ConsultaTerceros' endpoint. |
CVE-2026-1959 | — | — | — | 2026-02-09 | Stored Cross-Site Scripting (XSS) vulnerability in Loggro Pymes, via the 'descripción' parameter in the '/loggrodemo/jbrain/MaestraCuentasBancarias' endpoint. |
Macwarrior · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25728 | High | 7.5 | — | 2026-02-10 | ClipBucket v5 is an open source video sharing platform. |
CVE-2026-26005 | Medium | 5.0 | — | 2026-02-12 | ClipBucket v5 is an open source video sharing platform. |
Markusproject · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25057 | Critical | 9.1 | — | 2026-02-09 | MarkUs is a web application for the submission and grading of student assignments. |
CVE-2026-24900 | Medium | 6.5 | — | 2026-02-09 | MarkUs is a web application for the submission and grading of student assignments. |
Mattermost · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-22892 | Medium | 4.3 | — | 2026-02-13 | Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read pos… |
CVE-2026-20796 | Low | 3.1 | — | 2026-02-13 | Mattermost versions 10.11.x <= 10.11.9 fail to properly validate channel membership at the time of data retrieval which allows a deactivated user to learn team names they should not have access to via a race condition in the /common_teams… |
Mealie · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-70297 | Medium | 6.1 | — | 2026-02-11 | A stored cross-site scripting (XSS) vulnerability in the recipe asset upload and media serving component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary web script or HTML via an uploaded SVG file that is served as im… |
CVE-2025-70296 | Medium | 5.4 | — | 2026-02-11 | A stored HTML injection vulnerability in the Recipe Notes rendering component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary HTML, resulting in user interface redressing within the recipe view. |
Minigal · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25869 | High | 7.5 | — | 2026-02-11 | MiniGal Nano versions 0.3.5 and prior contain a path traversal vulnerability in index.php via the dir parameter. |
CVE-2026-25868 | Medium | 6.1 | — | 2026-02-11 | MiniGal Nano version 0.3.5 and prior contain a reflected cross-site scripting (XSS) vulnerability in index.php via the dir parameter. |
Newbee-ltd · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-26218 | Critical | 9.8 | — | 2026-02-12 | newbee-mall includes pre-seeded administrator accounts in its database initialization script. |
CVE-2026-26219 | Critical | 9.1 | — | 2026-02-12 | newbee-mall stores and verifies user passwords using an unsalted MD5 hashing algorithm. |
Palo Alto Networks · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-0229 | — | — | — | 2026-02-11 | A denial-of-service (DoS) vulnerability in the Advanced DNS Security (ADNS) feature of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to initiate system reboots using a maliciously crafted packet. |
CVE-2026-0228 | — | — | — | 2026-02-11 | An improper certificate validation vulnerability in PAN-OS allows users to connect Terminal Server Agents on Windows to PAN-OS using expired certificates even if the PAN-OS configuration would not normally permit them to do so. |
Php · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-24895 | Critical | 9.8 | — | 2026-02-12 | FrankenPHP is a modern application server for PHP. |
CVE-2026-24894 | High | 7.5 | — | 2026-02-12 | FrankenPHP is a modern application server for PHP. |
Pixelyoursite · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-1844 | High | 7.2 | — | 2026-02-13 | The PixelYourSite PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pysTrafficSource' parameter and the 'pys_landing_page' parameter in all versions up to, and including, 12.4.0.2 due to insufficient input sani… |
CVE-2026-1841 | High | 7.2 | — | 2026-02-13 | The PixelYourSite – Your smart PIXEL (TAG) & API Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pysTrafficSource' parameter and the 'pys_landing_page' parameter in all versions up to, and including, 11.2… |
Plunet · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-2344 | — | — | — | 2026-02-11 | A vulnerability in Plunet Plunet BusinessManager allows unauthorized actions being performed on behalf of privileged users.This issue affects Plunet BusinessManager: 10.15.1 |
CVE-2026-2337 | — | — | — | 2026-02-11 | A vulnerability in Plunet Plunet BusinessManager allows session hijacking, data theft, unauthorized actions on behalf of the user.This issue affects Plunet BusinessManager: 10.15.1. |
Rachelos · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-2216 | Medium | 4.3 | — | 2026-02-09 | A flaw has been found in rachelos WeRSS we-mp-rss up to 1.4.8. |
CVE-2026-2215 | Low | 3.7 | — | 2026-02-09 | A vulnerability was detected in rachelos WeRSS we-mp-rss up to 1.4.8. |
Roundcube · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-26079 | Medium | 4.7 | — | 2026-02-11 | Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets (CSS) injection, e.g., because comments are mishandled. |
CVE-2026-25916 | Medium | 4.3 | — | 2026-02-09 | Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when "Block remote images" is used, does not block SVG feImage. |
Saastech Cleaning And Internet Services Inc. · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-10913 | High | 8.3 | — | 2026-02-11 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saastech Cleaning and Internet Services Inc. |
CVE-2025-10912 | Medium | 5.4 | — | 2026-02-11 | Authorization Bypass Through User-Controlled Key vulnerability in Saastech Cleaning and Internet Services Inc. |
Schneider Electric · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-1227 | — | — | — | 2026-02-11 | CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause unauthorized disclosure of local files, interaction within the EBO system, or denial of service conditions when a local user uploads a spe… |
CVE-2026-1226 | — | — | — | 2026-02-11 | CWE‑94: Improper Control of Generation of Code vulnerability exists that could cause execution of untrusted or unintended code within the application when maliciously crafted design content is processed through a TGML graphics file. |
Statamic · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25759 | High | 8.7 | — | 2026-02-11 | Statmatic is a Laravel and Git powered content management system (CMS). |
CVE-2026-25633 | Medium | 4.3 | — | 2026-02-11 | Statamic is a, Laravel + Git powered CMS designed for building websites. |
Tandoor · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25991 | High | 7.7 | — | 2026-02-13 | Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. |
CVE-2026-25964 | Medium | 4.9 | — | 2026-02-13 | Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. |
Techjewel · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-0996 | Medium | 6.4 | — | 2026-02-10 | The Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AI Form Builder module in all versions up to, and including, 6.1.14 due to a combination of missing authorization checks, a leaked nonce, and insuff… |
CVE-2026-0632 | Medium | 5.4 | — | 2026-02-09 | The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.1.12 via the 'saveDataSource' function. |
Tenda · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-2203 | High | 8.8 | — | 2026-02-09 | A flaw has been found in Tenda AC8 16.03.33.05. |
CVE-2026-2202 | High | 8.8 | — | 2026-02-09 | A vulnerability was detected in Tenda AC8 16.03.33.05. |
Torrentrockyou · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2020-37181 | Critical | 9.8 | — | 2026-02-11 | Torrent FLV Converter 1.51 Build 117 contains a stack overflow vulnerability that allows attackers to overwrite Structured Exception Handler (SEH) through a malicious registration code input. |
CVE-2020-37176 | Critical | 9.8 | — | 2026-02-11 | Torrent 3GP Converter 1.51 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. |
Yokecd · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-26056 | High | 8.8 | — | 2026-02-12 | Yoke is a Helm-inspired infrastructure-as-code (IaC) package deployer. |
CVE-2026-26055 | High | 7.5 | — | 2026-02-12 | Yoke is a Helm-inspired infrastructure-as-code (IaC) package deployer. |
Yokogawa Electric Corporation · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-66600 | — | — | — | 2026-02-09 | A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. |
CVE-2025-66599 | — | — | — | 2026-02-09 | A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. |
Zlan Information Technology Co. · 2 CVEs
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25084 | Critical | 9.8 | — | 2026-02-11 | Authentication for ZLAN5143D can be bypassed by directly accessing internal URLs. |
CVE-2026-24789 | Critical | 9.8 | — | 2026-02-11 | An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication. |
Actfax · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25310 | High | 7.8 | — | 2026-02-11 | ActiveFax Server 6.92 Build 0316 contains an unquoted service path vulnerability in the ActiveFaxServiceNT service that allows local attackers to potentially execute arbitrary code. |
Admerc · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-2217 | High | 7.3 | — | 2026-02-09 | A vulnerability was found in itsourcecode Event Management System 1.0. |
Adminer · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25892 | High | 7.5 | — | 2026-02-09 | Adminer is open-source database management software. |
Ahdinosaur · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-26021 | Critical | 9.8 | — | 2026-02-11 | set-in provides the set value of nested associative structure given array of keys. |
Airleader Gmbh · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-1358 | Critical | 9.8 | — | 2026-02-12 | Airleader Master versions 6.381 and prior allow for file uploads without restriction to multiple webpages running maximum privileges. |
Aiven · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25999 | High | 7.1 | — | 2026-02-11 | Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. |
Ajv.js · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-69873 | Low | 2.9 | — | 2026-02-11 | ajv (Another JSON Schema Validator) before 8.18.0 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled. |
Akutishevsky · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-26029 | High | 7.5 | — | 2026-02-11 | sf-mcp-server is an implementation of Salesforce MCP server for Claude for Desktop. |
Alex4ssb · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-26208 | High | 7.8 | — | 2026-02-13 | ADB Explorer is a fluent UI for ADB on Windows. |
Amitkolloldey · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25320 | Medium | 6.5 | — | 2026-02-12 | E Learning Script 1.0 contains an authentication bypass vulnerability that allows attackers to access the dashboard without valid credentials by manipulating login parameters. |
Anttiviljami · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25315 | Medium | 6.4 | — | 2026-02-11 | WordPress Server Log Viewer 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through unfiltered log file paths. |
Anysphere · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-26268 | High | 8.0 | — | 2026-02-13 | Cursor is a code editor built for programming with AI. |
Aprilrobotics · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-2246 | Low | 3.3 | — | 2026-02-09 | A security vulnerability has been detected in AprilRobotics apriltag up to 3.4.5. |
Arduino · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25933 | Medium | 6.8 | — | 2026-02-12 | Arduino App Lab is a cross-platform IDE for developing Arduino Apps. |
Artifex · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-15569 | High | 7.0 | — | 2026-02-10 | A flaw has been found in Artifex MuPDF up to 1.26.1 on Windows. |
Atlas Educational Software Industry Ltd. Co. · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-7708 | Medium | 6.8 | — | 2026-02-09 | Insertion of Sensitive Information Into Sent Data vulnerability in Atlas Educational Software Industry Ltd. |
Aumsrini · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-1885 | Medium | 6.4 | — | 2026-02-11 | The Slideshow Wp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sswpid' attribute of the 'sswp-slide' shortcode in all versions up to, and including, 1.1. |
Axios · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25639 | High | 7.5 | — | 2026-02-09 | Axios is a promise based HTTP client for the browser and Node.js. |
Ays-pro · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-1320 | High | 7.2 | — | 2026-02-12 | The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'X-Forwarded-For' HTTP header in all versions up to, and including, 4.9.8 due to insufficient input sanitizati… |
B3log · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25992 | High | 7.5 | — | 2026-02-10 | SiYuan is a personal knowledge management system. |
Badbreze · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-1786 | Medium | 6.5 | — | 2026-02-11 | The Twitter posts to Blog plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'dg_tw_options' function in all versions up to, and including, 1.11.25. |
Beaverbuilder · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-1231 | Medium | 6.4 | — | 2026-02-11 | The Beaver Builder Page Builder – Drag and Drop Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `js` Global Settings parameter in all versions up to, and including, 2.10.0.5 due to missing capabili… |
Bimesoft · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25330 | High | 7.5 | — | 2026-02-12 | SurfOffline Professional 2.2.0.103 contains a structured exception handler (SEH) overflow vulnerability that allows attackers to crash the application by manipulating the project name input. |
Bishopfox · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25791 | High | 7.5 | — | 2026-02-09 | Sliver is a command and control framework that uses a custom Wireguard netstack. |
Blackmoon · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25306 | High | 7.8 | — | 2026-02-11 | BlackMoon FTP Server 3.1.2.1731 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. |
Brianhogg · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-1922 | Medium | 6.4 | — | 2026-02-10 | The The Events Calendar Shortcode & Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `ecs-list-events` shortcode `message` attribute in all versions up to, and including, 3.1.2 due to insufficient in… |
Brightsign · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-54756 | High | 8.4 | — | 2026-02-12 | BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series 5 prior to v9.0.166 use a default password that is guessable with knowledge of the device information. |
Bullwark · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25333 | High | 7.5 | — | 2026-02-12 | Bullwark Momentum Series JAWS 1.0 contains a directory traversal vulnerability that allows unauthenticated attackers to access system files by manipulating HTTP request paths. |
Caido · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-24853 | High | 8.1 | — | 2026-02-13 | Caido is a web security auditing toolkit. |
Casl Ability · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-1774 | Critical | 9.8 | — | 2026-02-10 | CASL Ability, versions 2.4.0 through 6.7.4, contains a prototype pollution vulnerability. |
Centova Technologies Inc. · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25342 | High | 7.5 | — | 2026-02-12 | Centova Cast 3.2.12 contains a denial of service vulnerability that allows attackers to overwhelm the system by repeatedly calling the database export API endpoint. |
Checkmk Gmbh · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-24095 | — | — | — | 2026-02-09 | Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p21, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allows users with the "Use WATO" permission to access the "Analyze configuration" page by directly navigating to its URL, byp… |
Chevere Spa · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2020-37186 | Critical | 9.8 | — | 2026-02-11 | Chevereto 3.13.4 Core contains a remote code execution vulnerability that allows attackers to inject malicious code during database configuration installation. |
Clamav · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2020-37167 | High | 8.4 | — | 2026-02-12 | ClamAV versions prior to 0.103.0-rc contain a vulnerability in function name processing through the ClamBC bytecode interpreter that allows attackers to manipulate bytecode function names. |
Clive_21 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-2225 | High | 7.3 | — | 2026-02-09 | A flaw has been found in itsourcecode News Portal Project 1.0. |
Cryptography.io · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-26007 | Medium | 6.5 | — | 2026-02-10 | cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. |
Dani-garcia · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-26012 | Medium | 6.5 | — | 2026-02-11 | vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. |
Dbook · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-40905 | High | 7.3 | — | 2026-02-13 | WWW::OAuth 1.000 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. |
Debian · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25506 | High | 7.7 | — | 2026-02-10 | MUNGE is an authentication service for creating and validating user credentials. |
Dify · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-26023 | Medium | 6.1 | — | 2026-02-11 | Dify is an open-source LLM app development platform. |
Digiblogger · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-1853 | Medium | 6.4 | — | 2026-02-11 | The BuddyHolis ListSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'listsearch' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on use… |
Dinibh Puzzle Software Solutions · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-7347 | High | 8.8 | — | 2026-02-10 | Authorization Bypass Through User-Controlled Key vulnerability in Dinibh Puzzle Software Solutions Dinibh Patrol Tracking System allows Exploitation of Trusted Identifiers. |
Dinosoft Business Solutions · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8025 | Critical | 9.8 | — | 2026-02-11 | Missing Authentication for Critical Function, Improper Access Control vulnerability in Dinosoft Business Solutions Dinosoft ERP allows Accessing Functionality Not Properly Constrained by ACLs. |
Directus · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-26185 | Medium | 5.3 | — | 2026-02-12 | Directus is a real-time API and App dashboard for managing SQL database content. |
Diveshlunker · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2020-37156 | Medium | 6.5 | — | 2026-02-11 | BloodX 1.0 contains an authentication bypass vulnerability in login.php that allows attackers to access the dashboard without valid credentials. |
Docmost · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-24045 | High | 7.3 | — | 2026-02-10 | Docmost is open-source collaborative wiki and documentation software. |
Dokuwiki · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25338 | Medium | 5.3 | — | 2026-02-12 | DokuWiki 2018-04-22b contains a username enumeration vulnerability in its password reset functionality that allows attackers to identify valid user accounts. |
Doramart · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25870 | Medium | 5.8 | — | 2026-02-10 | DoraCMS version 3.1 and prior contains a server-side request forgery (SSRF) vulnerability in its UEditor remote image fetch functionality. |
Douco · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-2226 | Medium | 4.7 | — | 2026-02-09 | A vulnerability has been found in DouPHP up to 1.9. |
E-kalite Software Hardware Engineering Design And Internet Services Industry And Trade Ltd. Co. · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-8668 | Critical | 9.4 | — | 2026-02-11 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in E-Kalite Software Hardware Engineering Design and Internet Services Industry and Trade Ltd. |
Eaton · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-22613 | Medium | 5.7 | — | 2026-02-09 | The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacker to perform a Man-in-the-middle attack. |
Element-hq · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-24044 | — | — | — | 2026-02-12 | Element Server Suite Community Edition (ESS Community) deploys a Matrix stack using the provided Helm charts and Kubernetes distribution. |
Emmett-framework · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25577 | High | 7.5 | — | 2026-02-10 | Emmett is a framework designed to simplify your development process. |
Ergosis Security Systems Computer Industry And Trade Inc. · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-7636 | High | 8.8 | — | 2026-02-10 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ergosis Security Systems Computer Industry and Trade Inc. |
Evershop · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25993 | Critical | 9.8 | — | 2026-02-10 | EverShop is a TypeScript-first eCommerce platform. |
Faraday_project · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25765 | Medium | 5.8 | — | 2026-02-09 | Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. |
Fedify · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25808 | High | 7.5 | — | 2026-02-09 | Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. |
Fit2cloud · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-70981 | Critical | 9.8 | — | 2026-02-12 | CordysCRM 1.4.1 is vulnerable to SQL Injection in the employee list query interface (/user/list) via the departmentIds parameter. |
Flexera Software · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25313 | Medium | 4.0 | — | 2026-02-11 | FlexNet Publisher 11.12.1 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without authentication. |
Fooplugins · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-15524 | Medium | 4.3 | — | 2026-02-11 | The Gallery by FooGallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax_get_gallery_info() function in all versions up to, and including, 3.1.9. |
Freepbx · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-55210 | High | 7.5 | — | 2026-02-12 | FreePBX is an open-source web-based graphical user interface (GUI) that manages Asterisk. |
Friendsofshopware · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25878 | Medium | 5.3 | — | 2026-02-09 | FroshAdminer is the Adminer plugin for Shopware Platform. |
Genetec Inc. · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-1790 | — | — | — | 2026-02-13 | Local privilege escalation in Genetec Sipelia Plugin. |
Ghia-camip · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25339 | High | 7.5 | — | 2026-02-12 | GHIA CamIP 1.2 for iOS contains a denial of service vulnerability in the password input field that allows attackers to crash the application. |
Gigabyte · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-0870 | High | 7.8 | — | 2026-02-09 | MacroHub developed by GIGABYTE has a Local Privilege Escalation vulnerability. |
Glpi-project · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-22821 | Medium | 4.9 | — | 2026-02-12 | mreporting is the more reporting GLPI plugin. |
Gnome · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-2443 | Medium | 5.3 | — | 2026-02-13 | A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. |
Go-git · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25934 | Medium | 4.3 | — | 2026-02-09 | go-git is a highly extensible git implementation library written in pure Go. |
Go-vikunja · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25935 | Medium | 5.4 | — | 2026-02-11 | Vikunja is a todo-app to organize your life. |
Goautodial · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25316 | Medium | 6.4 | — | 2026-02-11 | GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the event title parameter. |
Gofiber · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-66630 | Critical | 9.4 | — | 2026-02-09 | Fiber is an Express inspired web framework written in Go. |
Halo · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-70886 | High | 7.5 | — | 2026-02-12 | An issue in halo v.2.22.4 and before allows a remote attacker to cause a denial of service via a crafted payload to the public comment submission endpoint |
Hashicorp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-0969 | High | 8.8 | — | 2026-02-12 | The serialize function used to compile MDX in next-mdx-remote is vulnerable to arbitrary code execution due to insufficient sanitization of MDX content. |
Heyewei · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-2200 | Low | 2.4 | — | 2026-02-09 | A weakness has been identified in heyewei JFinalCMS 5.0.0. |
Hitrontech · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-63354 | Medium | 4.8 | — | 2026-02-09 | Hitron HI3120 v7.2.4.5.2b1 allows stored XSS via the Parental Control option when creating a new filter. |
Hp Inc · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-1578 | — | — | — | 2026-02-13 | HP App for Android is potentially vulnerable to cross-site scripting (XSS) when using an outdated version of the application via mobile devices. |
Https://github.com/mkj/dropbear/ · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-14282 | Medium | 5.4 | — | 2026-02-12 | A flaw was found in Dropbear. |
Hyland · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-26221 | Critical | 9.8 | — | 2026-02-13 | Hyland OnBase contains an unauthenticated .NET Remoting exposure in the OnBase Workflow Timer Service (Hyland.Core.Workflow.NTService.exe). |
Idno · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-26273 | Critical | 9.8 | — | 2026-02-13 | Known is a social publishing platform. |
Inettools · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25341 | High | 7.5 | — | 2026-02-12 | iNetTools for iOS 8.20 contains a denial of service vulnerability in the Whois feature that allows attackers to crash the application by manipulating input. |
Inoideas · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25312 | Medium | 5.4 | — | 2026-02-11 | InoERP 0.7.2 contains a persistent cross-site scripting vulnerability in the comment section that allows unauthenticated attackers to inject malicious scripts. |
Inspektor-gadget · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25996 | Critical | 9.8 | — | 2026-02-12 | Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. |
Iobit · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-66676 | Medium | 6.2 | — | 2026-02-13 | An issue in IObit Unlocker v1.3.0.11 allows attackers to cause a Denial of Service (DoS) via a crafted request. |
Ione360 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-15440 | High | 7.2 | — | 2026-02-11 | The iONE360 configurator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Contact Form Parameters in all versions up to, and including, 2.0.57 due to insufficient input sanitization and output escaping. |
Ivole · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-1316 | High | 7.2 | — | 2026-02-12 | The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'media[].href' parameter in all versions up to, and including, 5.97.0 due to insufficient input sanitization and output escaping. |
Jeroenpeters1986 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-1866 | High | 7.2 | — | 2026-02-10 | The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via double HTML-entity encoding in all versions up to, and including, 1.32.0. |
Jhoylman · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-1809 | Medium | 6.4 | — | 2026-02-11 | The HTML Tag Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied att… |
Jm33-m0 · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-26068 | Critical | 9.9 | — | 2026-02-12 | emp3r0r is a stealth-focused C2 designed by Linux users for Linux environments. |
Ka Ming Cheung · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2020-37175 | High | 7.5 | — | 2026-02-11 | P2PWIFICAM2 for iOS 10.4.1 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the Camera ID input field. |
Kamleshyadav · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-15096 | High | 8.8 | — | 2026-02-11 | The 'Videospirecore Theme Plugin' plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.6. |
Karutoil · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-26009 | Critical | 9.9 | — | 2026-02-10 | Catalyst is a platform built for enterprise game server hosts, game communities, and billing panel integrations. |
Keepass · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2020-37178 | High | 7.5 | — | 2026-02-11 | KeePass Password Safe versions before 2.44 contain a denial of service vulnerability in the help system's HTML handling. |
Kevinpapst · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25317 | Medium | 6.4 | — | 2026-02-11 | Kimai 2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into timesheet descriptions. |
Kirilkirkov · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-1748 | Medium | 4.3 | — | 2026-02-11 | The Invoct – PDF Invoices & Billing for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions in all versions up to, and including, 1.6. |
Kstover · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-2268 | High | 7.5 | — | 2026-02-10 | The Ninja Forms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.14.0. |
Lakefs · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-26187 | High | 8.1 | — | 2026-02-13 | lakeFS is an open-source tool that transforms object storage into a Git-like repositories. |
Langchain-ai · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25528 | Medium | 5.8 | — | 2026-02-09 | LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. |
Latepoint · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-1537 | Medium | 5.3 | — | 2026-02-12 | The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the load_step() function in all versions up to, and including, 5.2.6… |
Lavalite · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-70866 | High | 8.8 | — | 2026-02-13 | LavaLite CMS 10.1.0 is vulnerable to Incorrect Access Control. |
Libpng · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25646 | High | 8.1 | — | 2026-02-10 | LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. |
Litemanager Team · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25308 | High | 7.8 | — | 2026-02-11 | Mikogo 5.2.2.150317 contains an unquoted service path vulnerability in the Mikogo-Service Windows service configuration. |
Logo Software Industry And Trade Inc. · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-12059 | Critical | 9.8 | — | 2026-02-11 | Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Logo Software Industry and Trade Inc. |
Lordspace · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-1893 | Medium | 6.4 | — | 2026-02-11 | The Orbisius Random Name Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'btn_label' parameter in the 'orbisius_random_name_generator' shortcode in all versions up to, and including, 1.0.2 due to insuffi… |
Luke-alford · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-1827 | Medium | 6.4 | — | 2026-02-11 | The Flask Micro code-editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's codeflask shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on us… |
Lukilabs · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-26226 | — | — | — | 2026-02-13 | beautiful-mermaid versions prior to 0.1.3 contain an SVG attribute injection issue that can lead to cross-site scripting (XSS) when rendering attacker-controlled Mermaid diagrams. |
M-audio · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25676 | High | 7.8 | — | 2026-02-12 | The installer of M-Track Duo HD version 1.0.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. |
Markdown-it_project · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-2327 | Medium | 5.3 | — | 2026-02-12 | Versions of the package markdown-it from 13.0.0 and before 14.1.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the use of the regex /\*+$/ in the linkify function. |
Master-buldog · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-1804 | Medium | 6.4 | — | 2026-02-11 | The WDES Responsive Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wdes-popup-title' shortcode in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escapin… |
Mateuszgbiorczyk · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-1356 | Medium | 4.8 | — | 2026-02-12 | The Converter for Media – Optimize images | Convert WebP & AVIF plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.5.1 via the PassthruLoader::load_image_source function. |
Mersenne Research, Inc · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25327 | Critical | 9.8 | — | 2026-02-12 | Prime95 version 29.8 build 6 contains a buffer overflow vulnerability in the user ID input field that allows remote attackers to execute arbitrary code. |
Messagemetric · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-1215 | Medium | 4.3 | — | 2026-02-11 | The MMA Call Tracking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.15. |
Microtango · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-1821 | Medium | 6.4 | — | 2026-02-11 | The Microtango plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'restkey' parameter of the mt_reservation shortcode in all versions up to, and including, 0.9.29 due to insufficient input sanitization and output esc… |
Milvus · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-26190 | Critical | 9.8 | — | 2026-02-13 | Milvus is an open-source vector database built for generative AI applications. |
Modery · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25925 | High | 7.8 | — | 2026-02-09 | PowerDocu contains a Windows GUI executable to perform technical documentations. |
Moomoo · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-13391 | Medium | 5.8 | — | 2026-02-11 | The Product Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium) plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'uni_cpo_remove_file' function in all versions… |
Murata Machinery, Ltd. · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-24466 | Medium | 6.7 | — | 2026-02-09 | Products provided by Oki Electric Industry Co., Ltd. |
My-little-forum · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25923 | Critical | 9.1 | — | 2026-02-09 | my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view. |
Ninjateam · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-1104 | High | 8.8 | — | 2026-02-12 | The FastDup – Fastest WordPress Migration & Duplicator plugin for WordPress is vulnerable to unauthorized backup creation and download due to a missing capability check on REST API endpoints in all versions up to, and including, 2.7.1. |
Nixos · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25740 | — | — | — | 2026-02-09 | captive browser, a dedicated Chrome instance to log into captive portals without messing with DNS settings. |
Nko · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-1560 | High | 8.8 | — | 2026-02-11 | The Custom Block Builder – Lazy Blocks plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.0 via multiple functions in the 'LazyBlocks_Blocks' class. |
Ntn Information Processing Services Computer Software Hardware Industry And Trade Ltd. Co. · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-14014 | Critical | 9.8 | — | 2026-02-12 | Unrestricted Upload of File with Dangerous Type vulnerability in NTN Information Processing Services Computer Software Hardware Industry and Trade Ltd. |
Nyariv · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25881 | Critical | 9.0 | — | 2026-02-09 | SandboxJS is a JavaScript sandboxing library. |
Open-metadata · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-26010 | High | 7.6 | — | 2026-02-11 | OpenMetadata is a unified metadata platform. |
Opennav · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-26011 | Critical | 9.8 | — | 2026-02-12 | navigation2 is a ROS 2 Navigation Framework and System. |
Openpos · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-1826 | Medium | 6.4 | — | 2026-02-11 | The OpenPOS Lite – Point of Sale for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' parameter of the order_qrcode shortcode in all versions up to, and including, 3.0 due to insufficient input… |
Openproject · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-24777 | Medium | 6.7 | — | 2026-02-09 | OpenProject is an open-source, web-based project management software. |
Owncloud · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25337 | Critical | 9.8 | — | 2026-02-12 | OwnCloud 8.1.8 contains a username enumeration vulnerability that allows remote attackers to discover user accounts by manipulating the share.php endpoint. |
Pan Software & Information Technologies Ltd. · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-10174 | High | 8.3 | — | 2026-02-11 | Cleartext Transmission of Sensitive Information vulnerability in Pan Software & Information Technologies Ltd. |
Pankajanupam · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-0815 | Medium | 4.4 | — | 2026-02-11 | The Category Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag-image' parameter in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. |
Pendulum-project · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-26076 | High | 7.5 | — | 2026-02-12 | ntpd-rs is a full-featured implementation of the Network Time Protocol. |
Phraseanet · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2018-25157 | Medium | 6.4 | — | 2026-02-11 | Phraseanet 4.0.3 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through crafted file names during document uploads. |
Pion · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-26014 | Medium | 5.9 | — | 2026-02-11 | Pion DTLS is a Go implementation of Datagram Transport Layer Security. |
Pjsip · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25994 | Critical | 9.8 | — | 2026-02-11 | PJSIP is a free and open source multimedia communication library written in C. |
Polarlearn · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25885 | High | 7.5 | — | 2026-02-09 | PolarLearn is a free and open-source learning program. |
Proctorio · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-2345 | Low | 3.6 | — | 2026-02-11 | Proctorio Chrome Extension is a browser extension used for online proctoring. |
Python · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25990 | High | 7.5 | — | 2026-02-11 | Pillow is a Python imaging library. |
Qs_project · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-2391 | Low | 3.7 | — | 2026-02-12 | ### Summary The `arrayLimit` option in qs does not enforce limits for comma-separated values when `comma: true` is enabled, allowing attackers to cause denial-of-service via memory exhaustion. |
Rageagainstthepixel · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25918 | Medium | 5.5 | — | 2026-02-09 | unity-cli is a command line utility for the Unity Game Engine. |
Realtek · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25345 | High | 7.8 | — | 2026-02-12 | Realtek IIS Codec Service 6.4.10041.133 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code. |
Ricoh · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25324 | Medium | 6.1 | — | 2026-02-12 | RICOH Web Image Monitor 1.09 contains an HTML injection vulnerability in the address configuration CGI script that allows attackers to inject malicious HTML code. |
Roxnor · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-14895 | Medium | 5.4 | — | 2026-02-10 | The PopupKit plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.2.0. |
Sarman Soft Software And Technology Services Industry And Trade Ltd. Co. · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-6967 | High | 8.7 | — | 2026-02-10 | Execution After Redirect (EAR) vulnerability in Sarman Soft Software and Technology Services Industry and Trade Ltd. |
Scriptsbundle · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-1729 | Critical | 9.8 | — | 2026-02-12 | The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.0.12. |
Sm_rasmy · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-1833 | Medium | 5.3 | — | 2026-02-11 | The WaMate Confirm – Order Confirmation plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.0.1. |
Softalk · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25307 | High | 7.8 | — | 2026-02-11 | WorkgroupMail 7.5.1 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. |
Soliton · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25108 | High | 8.8 | KEV | 2026-02-13 | FileZen contains an OS command injection vulnerability. |
Solspace · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-26188 | Medium | 5.4 | — | 2026-02-12 | Solspace Freeform plugin for Craft CMS 5.x is a super flexible form-building tool. |
Starfishwp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-15157 | High | 8.8 | — | 2026-02-13 | The Starfish Review Generation & Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'srm_restore_options_defaults'… |
Step-security · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25598 | Medium | 5.3 | — | 2026-02-09 | Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. |
Streetsidesoftware · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25931 | High | 7.8 | — | 2026-02-09 | vscode-spell-checker is a basic spell checker that works well with code and documents. |
Super-linter · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25761 | High | 8.8 | — | 2026-02-09 | Super-linter is a combination of multiple linters to run as a GitHub Action or standalone. |
Switcorp · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-1671 | Medium | 6.5 | — | 2026-02-12 | The Activity Log for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the winter_activity_log_action() function in all versions up to, and including, 1.2.8. |
Taklaxbr · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25807 | High | 8.8 | — | 2026-02-09 | ZAI Shell is an autonomous SysOps agent designed to navigate, repair, and secure complex environments. |
Teknolist Computer Systems Software Publishing Industry And Trade Inc. · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-11242 | Critical | 9.8 | — | 2026-02-10 | Server-Side Request Forgery (SSRF) vulnerability in Teknolist Computer Systems Software Publishing Industry and Trade Inc. |
Thales · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-0872 | — | — | — | 2026-02-13 | Improper Certificate Validation vulnerability in Thales SafeNet Agent for Windows Logon on Windows allows Signature Spoofing by Improper Validation.This issue affects SafeNet Agent for Windows Logon: 4.0.0, 4.1.1, 4.1.2. |
The Control Group · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2020-37214 | High | 7.5 | — | 2026-02-11 | Voyager 1.3.0 contains a directory traversal vulnerability that allows attackers to access sensitive system files by manipulating the asset path parameter. |
Thecfu · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-26069 | High | 7.5 | — | 2026-02-12 | Scraparr is a Prometheus Exporter for various components of the *arr Suite. |
Thrive · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25325 | High | 8.2 | — | 2026-02-12 | Thrive Smart Home 1.1 contains an SQL injection vulnerability in the checklogin.php endpoint that allows unauthenticated attackers to bypass authentication by manipulating the 'user' POST parameter. |
Tomdever · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-0910 | High | 8.8 | — | 2026-02-11 | The wpForo Forum plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.4.13 via deserialization of untrusted input in the 'wpforo_display_array_data' function. |
Traefik · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25949 | High | 7.5 | — | 2026-02-12 | Traefik is an HTTP reverse proxy and load balancer. |
Troglobit · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2020-37182 | High | 7.5 | — | 2026-02-11 | Redir 3.3 contains a stack overflow vulnerability in the doproxyconnect() function that allows attackers to crash the application by sending oversized input. |
Vadi Corporate Information Systems Ltd. Co. · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-9986 | High | 8.2 | — | 2026-02-11 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vadi Corporate Information Systems Ltd. |
Valmet · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-15577 | High | 7.5 | — | 2026-02-12 | An unauthenticated attacker can exploit this vulnerability by manipulating URL to achieve arbitrary file read access.This issue affects Valmet DNA Web Tools: C2022 and older. |
Veronalabs · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-13431 | Medium | 6.5 | — | 2026-02-11 | The SlimStat Analytics plugin for WordPress is vulnerable to time-based SQL Injection via the ‘args’ parameter in all versions up to, and including, 5.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient p… |
Villatheme · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-14541 | High | 7.2 | — | 2026-02-11 | The Lucky Wheel Giveaway plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.22 via the conditional_tags parameter. |
Vim · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-26269 | Medium | 5.4 | — | 2026-02-13 | Vim is an open source, command line text editor. |
Vm3max · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25343 | High | 7.8 | — | 2026-02-12 | NextVPN 4.10 contains an insecure file permissions vulnerability that allows local users to modify executable files with full access rights. |
Websitem · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25335 | High | 7.5 | — | 2026-02-12 | PRO-7070 Hazır Profesyonel Web Sitesi version 1.0 contains an authentication bypass vulnerability in the administration panel login page. |
Wecodify · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-0724 | Medium | 4.4 | — | 2026-02-11 | The WPlyr Media Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_wplyr_accent_color' parameter in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user… |
Weird Solutions · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2020-37177 | High | 7.5 | — | 2026-02-11 | BOOTP Turbo 2.0 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Structured Exception Handler (SEH). |
Wix · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-2276 | — | — | — | 2026-02-12 | Reflected Cross-Site Scripting (XSS) vulnerability in the Wix web application, where the endpoint ' https://manage.wix.com/account/account-settings ', responsible for uploading SVG images, does not properly sanitize the content. |
Wondershare · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25344 | High | 7.8 | — | 2026-02-12 | Wondershare MobileGo 8.5.0 contains an insecure file permissions vulnerability that allows local users to modify executable files in the application directory. |
Worklenz · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25947 | High | 8.8 | — | 2026-02-10 | Worklenz is a project management tool. |
Wpvividplugins · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-1357 | Critical | 9.8 | — | 2026-02-11 | The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Upload in versions up to and including 0.9.123. |
Wpzoom · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-2295 | Medium | 5.3 | — | 2026-02-11 | The WPZOOM Addons for Elementor – Starter Templates & Widgets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ajax_post_grid_load_more' function in all versions up to, and includi… |
Xiaomi Technology Co., Ltd. · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-26214 | High | 7.4 | — | 2026-02-12 | Galaxy FDS Android SDK (XiaoMi/galaxy-fds-sdk-android) version 3.0.8 and prior disable TLS hostname verification when HTTPS is enabled (the default configuration). |
Xnsoft · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25328 | High | 7.5 | — | 2026-02-12 | XnConvert 1.82 contains a denial of service vulnerability in its registration code input field that allows attackers to crash the application. |
Xpoda Türkiye Information Technology Inc. · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-6830 | Critical | 9.8 | — | 2026-02-09 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xpoda Türkiye Information Technology Inc. |
Xwiki · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-26000 | Medium | 6.1 | — | 2026-02-12 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. |
Yoast · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25314 | Medium | 5.5 | — | 2026-02-11 | Yoast Duplicate-Post WordPress Plugin 3.2.3 contains a persistent cross-site scripting vulnerability in plugin settings parameters. |
Zed · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-25805 | Medium | 6.4 | — | 2026-02-10 | Zed is a multiplayer code editor. |
Zerowdd · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-2201 | Low | 2.4 | — | 2026-02-09 | A security vulnerability has been detected in ZeroWdd studentmanager up to 2151560fc0a50ec00426785ec1e01a3763b380d9. |
Zilab Software Inc · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2019-25309 | High | 7.8 | — | 2026-02-11 | Zilab Remote Console Server 3.2.9 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. |
Zirve Information Technologies Inc. · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-7799 | High | 8.6 | — | 2026-02-09 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Zirve Information Technologies Inc. |
Zoll · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-12699 | Medium | 5.5 | — | 2026-02-10 | The ZOLL ePCR IOS application reflects unsanitized user input into a WebView. |
Zyddnys · 1 CVE
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-26215 | — | — | — | 2026-02-11 | manga-image-translator version beta-0.3 and prior in shared API mode contains an unsafe deserialization vulnerability that can lead to unauthenticated remote code execution. |