Patch Tuesday — February 2026

2026-02-10 · 959 CVEs

CVEs published or modified the week of 2026-02-10, partitioned by vendor.

Microsoft (92 CVEs)

CVESeverityCVSSKEVPublishedSummary
CVE-2026-21531Critical9.82026-02-10Deserialization of untrusted data in Azure SDK allows an unauthorized attacker to execute code over a network.
CVE-2026-2441High8.8KEV2026-02-13Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
CVE-2026-2321High8.82026-02-11Use after free in Ozone in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page.
CVE-2026-2315High8.82026-02-11Inappropriate implementation in WebGPU in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
CVE-2026-2314High8.82026-02-11Heap buffer overflow in Codecs in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2026-2313High8.82026-02-11Use after free in CSS in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2026-21537High8.82026-02-10Improper control of generation of code ('code injection') in Microsoft Defender for Linux allows an unauthorized attacker to execute code over an adjacent network.
CVE-2026-21518High8.82026-02-10Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21516High8.82026-02-10Improper neutralization of special elements used in a command ('command injection') in Github Copilot allows an unauthorized attacker to execute code over a network.
CVE-2026-21513High8.8KEV2026-02-10Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21510High8.8KEV2026-02-10Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21256High8.82026-02-10Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network.
CVE-2026-21255High8.82026-02-10Improper access control in Windows Hyper-V allows an authorized attacker to bypass a security feature locally.
CVE-2026-21228High8.12026-02-10Improper certificate validation in Azure Local allows an unauthorized attacker to execute code over a network.
CVE-2026-21523High8.02026-02-10Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network.
CVE-2026-21257High8.02026-02-10Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an authorized attacker to elevate privileges over a network.
CVE-2026-21229High8.02026-02-10Improper input validation in Power BI allows an authorized attacker to execute code over a network.
CVE-2026-21347High7.82026-02-10Bridge versions 15.1.3, 16.0.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2026-21346High7.82026-02-10Bridge versions 15.1.3, 16.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2026-21345High7.82026-02-10Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure.
CVE-2026-21344High7.82026-02-10Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure.
CVE-2026-21343High7.82026-02-10Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure.
CVE-2026-21342High7.82026-02-10Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2026-21341High7.82026-02-10Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2026-21533High7.8KEV2026-02-10Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.
CVE-2026-21519High7.8KEV2026-02-10Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-21514High7.8KEV2026-02-10Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-21357High7.82026-02-10InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2026-21351High7.82026-02-10After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2026-21330High7.82026-02-10After Effects versions 25.6 and earlier are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2026-21329High7.82026-02-10After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2026-21328High7.82026-02-10After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2026-21327High7.82026-02-10After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2026-21326High7.82026-02-10After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2026-21325High7.82026-02-10After Effects versions 25.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure.
CVE-2026-21324High7.82026-02-10After Effects versions 25.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure.
CVE-2026-21323High7.82026-02-10After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2026-21322High7.82026-02-10After Effects versions 25.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure.
CVE-2026-21321High7.82026-02-10After Effects versions 25.6 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2026-21320High7.82026-02-10After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2026-21318High7.82026-02-10After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2026-21259High7.82026-02-10Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to elevate privileges locally.
CVE-2026-21251High7.82026-02-10Use after free in Windows Cluster Client Failover allows an authorized attacker to elevate privileges locally.
CVE-2026-21250High7.82026-02-10Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.
CVE-2026-21246High7.82026-02-10Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVE-2026-21245High7.82026-02-10Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-21240High7.82026-02-10Time-of-check time-of-use (toctou) race condition in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.
CVE-2026-21239High7.82026-02-10Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-21238High7.82026-02-10Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-21236High7.82026-02-10Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-21232High7.82026-02-10Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.
CVE-2026-21231High7.82026-02-10Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-20841High7.82026-02-10Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code locally.
CVE-2026-2319High7.52026-02-11Race in DevTools in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures and install a malicious extension to potentially exploit object corruption via a malicious file.
CVE-2026-21511High7.52026-02-10Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-21260High7.52026-02-10Exposure of sensitive information to an unauthorized actor in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-21243High7.52026-02-10Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.
CVE-2026-21218High7.52026-02-10Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-20846High7.52026-02-10Buffer over-read in Windows GDI+ allows an unauthorized attacker to deny service over a network.
CVE-2026-21248High7.32026-02-10Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.
CVE-2026-21247High7.32026-02-10Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally.
CVE-2026-21244High7.32026-02-10Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.
CVE-2026-21235High7.32026-02-10Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVE-2026-21508High7.02026-02-10Improper authentication in Windows Storage allows an authorized attacker to elevate privileges locally.
CVE-2026-21253High7.02026-02-10Use after free in Mailslot File System allows an authorized attacker to elevate privileges locally.
CVE-2026-21242High7.02026-02-10Use after free in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.
CVE-2026-21241High7.02026-02-10Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-21237High7.02026-02-10Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.
CVE-2026-21234High7.02026-02-10Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.
CVE-2026-21522Medium6.72026-02-10Improper neutralization of special elements used in a command ('command injection') in Azure Compute Gallery allows an authorized attacker to elevate privileges locally.
CVE-2026-2320Medium6.52026-02-11Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page.
CVE-2026-2318Medium6.52026-02-11Inappropriate implementation in PictureInPicture in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page.
CVE-2026-2317Medium6.52026-02-11Inappropriate implementation in Animation in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2026-2316Medium6.52026-02-11Insufficient policy enforcement in Frames in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page.
CVE-2026-23655Medium6.52026-02-10Cleartext storage of sensitive information in Azure Compute Gallery allows an authorized attacker to disclose information over a network.
CVE-2026-21528Medium6.52026-02-10Binding to an unrestricted ip address in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.
CVE-2026-21527Medium6.52026-02-10User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-21512Medium6.52026-02-10Server-side request forgery (ssrf) in Azure DevOps Server allows an authorized attacker to perform spoofing over a network.
CVE-2026-21525Medium6.2KEV2026-02-10Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally.
CVE-2026-2026Medium6.12026-02-13A vulnerability has been identified where weak file permissions in the Nessus Agent directory on Windows hosts could allow unauthorized access, potentially permitting Denial of Service (DoS) attacks.
CVE-2026-21529Medium5.72026-02-10Improper neutralization of input during web page generation ('cross-site scripting') in Azure HDInsights allows an authorized attacker to perform spoofing over a network.
CVE-2026-21358Medium5.52026-02-10InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in application denial-of-service.
CVE-2026-21350Medium5.52026-02-10After Effects versions 25.6 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service.
CVE-2026-21332Medium5.52026-02-10InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure.
CVE-2026-21319Medium5.52026-02-10After Effects versions 25.6 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure.
CVE-2026-21261Medium5.52026-02-10Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-21258Medium5.52026-02-10Improper input validation in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-21222Medium5.52026-02-10Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.
CVE-2026-2322Medium5.42026-02-11Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page.
CVE-2026-21517Medium4.72026-02-10Improper link resolution before file access ('link following') in Windows App for Mac allows an authorized attacker to elevate privileges locally.
CVE-2026-2323Medium4.32026-02-11Inappropriate implementation in Downloads in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page.
CVE-2026-21249Low3.32026-02-10External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing locally.

Other vendors (867 CVEs across 292 vendors)

N/a · 77 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-69770Critical10.02026-02-13A zip slip vulnerability in the /DesignTools/SkinList.aspx endpoint of MojoPortal CMS v2.9.0.1 allows attackers to execute arbitrary commands via uploading a crafted zip file.
CVE-2025-64075Critical10.02026-02-11A path traversal vulnerability in the check_token function of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote attackers to bypass authentication and perform administrative actions by supplying a crafted session cookie valu…
CVE-2025-69633Critical9.82026-02-13A SQL Injection vulnerability in the Advanced Popup Creator (advancedpopupcreator) module for PrestaShop 1.1.26 through 1.2.6 (Fixed in version 1.2.7) allows remote unauthenticated attackers to execute arbitrary SQL queries via the fromCon…
CVE-2025-70314Critical9.82026-02-12webfsd 1.21 is vulnerable to a Buffer Overflow via a crafted request.
CVE-2025-67135Critical9.82026-02-11Weak Security in the PF-50 1.2 keyfob of PGST PG107 Alarm System 1.25.05.hf allows attackers to compromise access control via a code replay attack.
CVE-2025-69872Critical9.82026-02-11DiskCache (python-diskcache) through 5.6.3 uses Python pickle for serialization by default.
CVE-2025-70085Critical9.82026-02-11An issue was discovered in OpenSatKit 2.2.1.
CVE-2025-69874Critical9.82026-02-11nanotar through 0.2.0 has a path traversal vulnerability in parseTar() and parseTarGzip() that allows remote attackers to write arbitrary files outside the intended extraction directory via a crafted tar archive containing path traversal s…
CVE-2026-1615Critical9.82026-02-09Versions of the package jsonpath before 1.3.0 are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-supplied JSON Path expressions.
CVE-2025-69634Critical9.02026-02-12Cross Site Request Forgery vulnerability in Dolibarr ERP & CRM v.22.0.9 allows a remote attacker to escalate privileges via the notes field in perms.php NOTE: this is disputed by a third party who indicates that exploitation can only occur…
CVE-2026-2006High8.82026-02-12Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun.
CVE-2026-2005High8.82026-02-12Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database.
CVE-2026-2004High8.82026-02-12Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database.
CVE-2025-65480High8.82026-02-11An issue was discovered in Pacom Unison Client 5.13.1.
CVE-2025-32008High8.62026-02-10Out-of-bounds write in the firmware for the Intel(R) AMT and Intel(R) Standard Manageability within Ring 3: User Applications may allow a denial of service.
CVE-2026-2007High8.22026-02-12Heap buffer overflow in PostgreSQL pg_trgm allows a database user to achieve unknown impacts via a crafted input string.
CVE-2025-25210High8.22026-02-10Improper input validation for some Server Firmware Update Utility(SysFwUpdt) before version 16.0.12 within Ring 3: User Applications may allow an escalation of privilege.
CVE-2025-69871High8.12026-02-11A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in the registerUsage() function of the promotion module.
CVE-2025-65128High8.12026-02-11A missing authentication mechanism in the web management API components of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows unauthenticated attackers on the local network to modify router and network configurations.
CVE-2025-35998High7.92026-02-10Missing protection mechanism for alternate hardware interface in the Intel(R) Quick Assist Technology for some Intel(R) Platforms within Ring 0: Kernel may allow an escalation of privilege.
CVE-2025-30513High7.92026-02-10Race condition for some TDX Module within Ring 0: Hypervisor may allow an escalation of privilege.
CVE-2025-63421High7.82026-02-12An issue in filosoft Comerc.32 Commercial Invoicing v.16.0.0.3 allows a local attacker to execute arbitrary code via the comeinst.exe file
CVE-2025-70083High7.82026-02-11An issue was discovered in OpenSatKit 2.2.1.
CVE-2025-70957High7.52026-02-13A Denial of Service (DoS) vulnerability was discovered in the TON Lite Server before v2024.09.
CVE-2025-70956High7.52026-02-13A State Pollution vulnerability was discovered in the TON Virtual Machine (TVM) before v2025.04.
CVE-2025-70955High7.52026-02-13A Stack Overflow vulnerability was discovered in the TON Virtual Machine (TVM) before v2024.10.
CVE-2025-70954High7.52026-02-13A Null Pointer Dereference vulnerability exists in the TON Virtual Machine (TVM) within the TON Blockchain before v2025.06.
CVE-2025-67433High7.52026-02-12A heap buffer overflow in the processRequest function of Open TFTP Server MultiThreaded v1.7 allows attackers to cause a Denial of Service (DoS) via a crafted DATA packet.
CVE-2025-67432High7.52026-02-12A stack overflow in the ZBarcode_Encode function of Monkeybread Software MBS DynaPDF Plugin v21.3.1.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2025-69807High7.52026-02-12p2r3 Bareiron commit: 8e4d4020d is vulnerable to Buffer Overflow, which allows unauthenticated remote attackers to cause a denial of service via a packet sent to the server.
CVE-2025-69806High7.52026-02-12p2r3 bareiron commit: 8e4d4020d contains an Out-of-bounds Read, which allows unauthenticated remote attackers to get relative information leakage via a packet sent to the server
CVE-2024-26480High7.52026-02-11An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the admin parameter.
CVE-2024-26477High7.52026-02-11An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the api parameter of the oauth, amazon_sns, export endpoints.
CVE-2025-70084High7.52026-02-11Directory traversal vulnerability in OpenSatKit 2.2.1 allows attackers to gain access to sensitive information or delete arbitrary files via crafted value to the FileUtil_GetFileInfo function.
CVE-2025-70029High7.52026-02-11An issue in Sunbird-Ed SunbirdEd-portal v1.13.4 allows attackers to obtain sensitive information.
CVE-2025-22453High7.52026-02-10Improper input validation for some Server Firmware Update Utility(SysFwUpdt) before version 16.0.12 within Ring 3: User Applications may allow an escalation of privilege.
CVE-2025-70093High7.42026-02-13An issue in OpenSourcePOS v3.4.1 allows attackers to execute arbitrary code via returning a crafted AJAX response.
CVE-2025-20080Medium6.82026-02-10Null pointer dereference in the firmware for some Intel(R) AMT and Intel(R) Standard Manageability within Ring 0: Kernel may allow a denial of service.
CVE-2025-36522Medium6.72026-02-10Incorrect default permissions for some Intel(R) Chipset Software before version 10.1.20266.8668 or later.
CVE-2025-36511Medium6.72026-02-10Incorrect default permissions for some Intel(R) Memory and Storage Tool before version 2.5.2 within Ring 3: User Applications may allow an escalation of privilege.
CVE-2025-35999Medium6.72026-02-10Incorrect permission assignment for critical resource for some System Firmware Update Utility (SysFwUpdt) for Intel(R) Server Boards and Intel(R) Server Systems Based before version 16.0.12.
CVE-2025-32452Medium6.72026-02-10Uncontrolled search path for some AI Playground before version 2.6.1 beta within Ring 3: User Applications may allow an escalation of privilege.
CVE-2025-31655Medium6.72026-02-10Incorrect default permissions for some Intel(R) Battery Life Diagnostic Tool within Ring 3: User Applications may allow an escalation of privilege.
CVE-2025-22849Medium6.72026-02-10Incorrect default permissions for the Intel(R) Optane(TM) PMem management software before versions CR_MGMT_01.00.00.3584, CR_MGMT_02.00.00.4052, CR_MGMT_03.00.00.0538 within Ring 3: User Applications may allow an escalation of privilege.
CVE-2025-20106Medium6.72026-02-10Uncontrolled search path in some software installer for some VTune(TM) Profiler software and Intel(R) oneAPI Base Toolkits before version 2025.0.
CVE-2025-20070Medium6.72026-02-10Improper conditions check for the Intel(R) Optane(TM) PMem management software before versions CR_MGMT_02.00.00.4052, CR_MGMT_03.00.00.0538 within Ring 3: User Applications may allow an escalation of privilege.
CVE-2025-70095Medium6.52026-02-13A cross-site scripting (XSS) vulnerability in the item management and sales invoice function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload.
CVE-2025-70094Medium6.52026-02-13A cross-site scripting (XSS) vulnerability in the Generate Item Barcode function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Item Category parameter.
CVE-2025-70091Medium6.52026-02-13A cross-site scripting (XSS) vulnerability in the Customers function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Phone Number parameter.
CVE-2025-56647Medium6.52026-02-12npm @farmfe/core before 1.7.6 is Missing Origin Validation in WebSocket.
CVE-2025-65127Medium6.52026-02-11A lack of session validation in the web API component of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote unauthenticated attackers to access administrative information-retrieval functions intended for authenticated users.
CVE-2025-30508Medium6.52026-02-10Improper authorization in the Intel(R) Quick Assist Technology for some Intel(R) Platforms within Ring 0: Kernel may allow a denial of service.
CVE-2025-70845Medium6.12026-02-12lty628 aidigu v1.9.1 is vulnerable to Cross Site Scripting (XSS) exists in the /setting/ page where the "intro" field is not properly sanitized or escaped.
CVE-2025-27560Medium6.02026-02-10Loop with unreachable exit condition ('infinite loop') for some Intel(R) Platform within Ring 0: Kernel may allow a denial of service.
CVE-2025-70092Medium5.52026-02-12A cross-site scripting (XSS) vulnerability in the Item Kits function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Item Name parameter.
CVE-2025-32735Medium5.52026-02-10Improper conditions check in some firmware for some Intel(R) NPU Drivers within Ring 1: Device Drivers may allow a denial of service.
CVE-2025-70347Medium5.52026-02-10An issue in mquickjs before commit 74b7e (2026-01-15) allows a local attacker to cause a denial of service via a crafted file to the get_mblock_size function at mquickjs.c.
CVE-2024-54192Medium5.52026-02-10An issue inTcpreplay v4.5.1 allows a local attacker to cause a denial of service via a crafted file to the tcpedit_dlt_getplugin function at src/tcpedit/plugins/dlt_utils.c.
CVE-2026-25828Medium5.42026-02-12grub-btrfs through 2026-01-31 (on Arch Linux and derivative distributions) allows initramfs OS command injection because it does not sanitize the $root parameter to resolve_device().
CVE-2025-64074Medium5.32026-02-11A path-traversal vulnerability in the logout functionality of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote attackers to delete arbitrary files on the host by supplying a crafted session cookie value.
CVE-2024-26479Medium5.32026-02-11An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the Command execution function.
CVE-2024-26478Medium5.32026-02-11An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the /api/users endpoint.
CVE-2025-31944Medium5.32026-02-10Race condition for some TDX Module before version tdx1.5 within Ring 0: Hypervisor may allow a denial of service.
CVE-2025-35992Medium4.72026-02-10Improper conditions check in some firmware for some Intel(R) NPU Drivers within Ring 1: Device Drivers may allow a denial of service.
CVE-2025-22885Medium4.72026-02-10Improper buffer restrictions in the firmware for the TDX Module may allow an escalation of privilege.
CVE-2025-32007Medium4.42026-02-10Out-of-bounds read for some TDX before version tdx module 1.5.24 within Ring 0: Hypervisor may allow an information disclosure.
CVE-2025-69752Medium4.32026-02-12An issue in the "My Details" user profile functionality of Ideagen Q-Pulse 7.1.0.32 allows an authenticated user to view other users' profile information by modifying the objectKey HTTP parameter in the My Details page URL.
CVE-2026-2003Medium4.32026-02-12Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory.
CVE-2025-32467Medium4.12026-02-10Use of uninitialized variable for some TDX Module before version tdx1.5 within Ring 0: Hypervisor may allow an information disclosure.
CVE-2025-27940Medium4.12026-02-10Out-of-bounds read for some TDX Module before version tdx1.5 within Ring 0: Hypervisor may allow an information disclosure.
CVE-2025-27708Medium4.12026-02-10Out-of-bounds read in the firmware for some Intel(R) Converged Security and Management Engine (CSME) Firmware (FW) within Ring 0: Kernel may allow an information disclosure.
CVE-2025-27572Medium4.12026-02-10Exposure of sensitive information during transient execution for some TDX within Ring 0: Hypervisor may allow an information disclosure.
CVE-2025-31648Low3.92026-02-10Improper handling of values in the microcode flow for some Intel(R) Processor Family may allow an escalation of privilege.
CVE-2025-33030Low3.32026-02-10Improper conditions check in some firmware for some Intel(R) NPU Drivers within Ring 3: User Applications may allow an escalation of privilege.
CVE-2025-25058Low3.32026-02-10Improper initialization for some ESXi kernel mode driver for the Intel(R) Ethernet 800-Series before version 2.2.2.0 (esxi 8.0) & 2.2.3.0 (esxi 9.0) within Ring 1: Device Drivers may allow an information disclosure.
CVE-2025-15572Low3.32026-02-10A vulnerability has been found in wasm3 up to 0.5.0.
CVE-2026-2245Low3.32026-02-09A vulnerability was identified in CCExtractor up to 183.

Apple · 75 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-20677Critical9.02026-02-11A race condition was addressed with improved handling of symbolic links.
CVE-2026-20667High8.82026-02-11A logic issue was addressed with improved checks.
CVE-2026-20616High8.82026-02-11An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2026-20700High7.8KEV2026-02-11A memory corruption issue was addressed with improved state management.
CVE-2026-20658High7.82026-02-11A package validation issue was addressed by blocking the vulnerable package.
CVE-2026-20626High7.82026-02-11This issue was addressed with improved checks.
CVE-2026-20615High7.82026-02-11A path handling issue was addressed with improved validation.
CVE-2026-20614High7.82026-02-11A path handling issue was addressed with improved validation.
CVE-2026-20611High7.82026-02-11An out-of-bounds access issue was addressed with improved bounds checking.
CVE-2026-20610High7.82026-02-11This issue was addressed with improved handling of symlinks.
CVE-2026-20620High7.72026-02-11An out-of-bounds read issue was addressed with improved input validation.
CVE-2026-20660High7.52026-02-11A path handling issue was addressed with improved logic.
CVE-2026-20652High7.52026-02-11The issue was addressed with improved memory handling.
CVE-2026-20650High7.52026-02-11A denial-of-service issue was addressed with improved validation.
CVE-2026-20649High7.52026-02-11A logging issue was addressed with improved data redaction.
CVE-2025-46290High7.52026-02-11A logic issue was addressed with improved checks.
CVE-2026-20641High7.12026-02-11A privacy issue was addressed with improved checks.
CVE-2026-20628High7.12026-02-11A permissions issue was addressed with additional restrictions.
CVE-2026-20606High7.12026-02-11This issue was addressed by removing the vulnerable code.
CVE-2026-20617High7.02026-02-11A race condition was addressed with improved state handling.
CVE-2026-20680Medium6.52026-02-11The issue was addressed with additional restrictions on the observability of app states.
CVE-2026-20644Medium6.52026-02-11The issue was addressed with improved memory handling.
CVE-2026-20636Medium6.52026-02-11The issue was addressed with improved memory handling.
CVE-2025-46310Medium6.02026-02-11This issue was addressed through improved state management.
CVE-2025-46305Medium5.72026-02-11The issue was addressed with improved bounds checks.
CVE-2025-46304Medium5.72026-02-11The issue was addressed with improved bounds checks.
CVE-2025-46303Medium5.72026-02-11The issue was addressed with improved bounds checks.
CVE-2025-46302Medium5.72026-02-11The issue was addressed with improved bounds checks.
CVE-2025-46301Medium5.72026-02-11The issue was addressed with improved bounds checks.
CVE-2025-46300Medium5.72026-02-11The issue was addressed with improved bounds checks.
CVE-2026-20678Medium5.52026-02-11An authorization issue was addressed with improved state management.
CVE-2026-20675Medium5.52026-02-11The issue was addressed with improved bounds checks.
CVE-2026-20669Medium5.52026-02-11A parsing issue in the handling of directory paths was addressed with improved path validation.
CVE-2026-20666Medium5.52026-02-11An authorization issue was addressed with improved state management.
CVE-2026-20655Medium5.52026-02-11An authorization issue was addressed with improved state management.
CVE-2026-20654Medium5.52026-02-11The issue was addressed with improved memory handling.
CVE-2026-20653Medium5.52026-02-11A parsing issue in the handling of directory paths was addressed with improved path validation.
CVE-2026-20648Medium5.52026-02-11A privacy issue was addressed by moving sensitive data to a protected location.
CVE-2026-20647Medium5.52026-02-11This issue was addressed with improved data protection.
CVE-2026-20638Medium5.52026-02-11A logic issue was addressed with improved checks.
CVE-2026-20634Medium5.52026-02-11The issue was addressed with improved memory handling.
CVE-2026-20630Medium5.52026-02-11A permissions issue was addressed with additional restrictions.
CVE-2026-20629Medium5.52026-02-11A privacy issue was addressed with improved handling of temporary files.
CVE-2026-20627Medium5.52026-02-11An issue existed in the handling of environment variables.
CVE-2026-20625Medium5.52026-02-11A parsing issue in the handling of directory paths was addressed with improved path validation.
CVE-2026-20624Medium5.52026-02-11An injection issue was addressed with improved validation.
CVE-2026-20623Medium5.52026-02-11A permissions issue was addressed by removing the vulnerable code.
CVE-2026-20621Medium5.52026-02-11The issue was addressed with improved memory handling.
CVE-2026-20619Medium5.52026-02-11A logging issue was addressed with improved data redaction.
CVE-2026-20618Medium5.52026-02-11An issue was addressed with improved handling of temporary files.
CVE-2026-20612Medium5.52026-02-11A privacy issue was addressed with improved checks.
CVE-2026-20608Medium5.52026-02-11This issue was addressed through improved state management.
CVE-2026-20602Medium5.52026-02-11The issue was addressed with improved handling of caches.
CVE-2025-43537Medium5.52026-02-11A path handling issue was addressed with improved validation.
CVE-2025-43417Medium5.52026-02-11A path handling issue was addressed with improved logic.
CVE-2025-43403Medium5.52026-02-11An authorization issue was addressed with improved state management.
CVE-2026-20682Medium5.32026-02-11A logic issue was addressed with improved state management.
CVE-2026-20676Medium5.32026-02-11This issue was addressed through improved state management.
CVE-2026-20673Medium5.32026-02-11A logic issue was addressed with improved checks.
CVE-2026-20674Medium4.62026-02-11A privacy issue was addressed by removing sensitive data.
CVE-2026-20662Medium4.62026-02-11An authorization issue was addressed with improved state management.
CVE-2026-20661Medium4.62026-02-11An authorization issue was addressed with improved state management.
CVE-2026-20645Medium4.62026-02-11An inconsistent user interface issue was addressed with improved state management.
CVE-2026-20640Medium4.62026-02-11An inconsistent user interface issue was addressed with improved state management.
CVE-2026-20605Medium4.62026-02-11The issue was addressed with improved memory handling.
CVE-2026-20609Medium4.42026-02-11The issue was addressed with improved memory handling.
CVE-2026-20603Medium4.42026-02-11This issue was addressed with improved redaction of sensitive information.
CVE-2026-20635Medium4.32026-02-11The issue was addressed with improved memory handling.
CVE-2026-20681Low3.32026-02-11A privacy issue was addressed with improved private data redaction for log entries.
CVE-2026-20663Low3.32026-02-11The issue was resolved by sanitizing logging.
CVE-2026-20656Low3.32026-02-11A logic issue was addressed with improved validation.
CVE-2026-20646Low3.32026-02-11A logging issue was addressed with improved data redaction.
CVE-2026-20601Low3.32026-02-11A permissions issue was addressed with additional restrictions.
CVE-2026-20671Low3.12026-02-11A logic issue was addressed with improved checks.
CVE-2026-20642Low2.42026-02-11An input validation issue was addressed.

Qnap · 49 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-66277Critical9.82026-02-11A link following vulnerability has been reported to affect several QNAP operating system versions.
CVE-2025-57707High8.82026-02-11An improper neutralization of directives in statically saved code ('Static Code Injection') vulnerability has been reported to affect File Station 5.
CVE-2025-30276High8.82026-02-11An out-of-bounds write vulnerability has been reported to affect Qsync Central.
CVE-2025-57709High8.12026-02-11A buffer overflow vulnerability has been reported to affect Qsync Central.
CVE-2025-52870High8.12026-02-11A buffer overflow vulnerability has been reported to affect Qsync Central.
CVE-2025-52869High8.12026-02-11A buffer overflow vulnerability has been reported to affect Qsync Central.
CVE-2025-52868High8.12026-02-11A buffer overflow vulnerability has been reported to affect Qsync Central.
CVE-2025-48725High8.12026-02-11A buffer overflow vulnerability has been reported to affect several QNAP operating system versions.
CVE-2025-48724High8.12026-02-11A buffer overflow vulnerability has been reported to affect Qsync Central.
CVE-2025-48723High8.12026-02-11A buffer overflow vulnerability has been reported to affect Qsync Central.
CVE-2025-30269High8.12026-02-11A use of externally-controlled format string vulnerability has been reported to affect Qsync Central.
CVE-2024-56808High7.82026-02-11A command injection vulnerability has been reported to affect Media Streaming add-on.
CVE-2025-57713High7.52026-02-11A weak authentication vulnerability has been reported to affect File Station 5.
CVE-2026-22894Medium6.52026-02-11A path traversal vulnerability has been reported to affect File Station 6.
CVE-2025-68406Medium6.52026-02-11A path traversal vulnerability has been reported to affect Qsync Central.
CVE-2025-66278Medium6.52026-02-11A path traversal vulnerability has been reported to affect File Station 5.
CVE-2025-62854Medium6.52026-02-11An uncontrolled resource consumption vulnerability has been reported to affect File Station 5.
CVE-2025-62853Medium6.52026-02-11A path traversal vulnerability has been reported to affect File Station 5.
CVE-2025-58470Medium6.52026-02-11A path traversal vulnerability has been reported to affect Qsync Central.
CVE-2025-58467Medium6.52026-02-11A relative path traversal vulnerability has been reported to affect Qsync Central.
CVE-2025-57708Medium6.52026-02-11An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central.
CVE-2025-54170Medium6.52026-02-11An out-of-bounds read vulnerability has been reported to affect Qsync Central.
CVE-2025-54169Medium6.52026-02-11An out-of-bounds read vulnerability has been reported to affect File Station 5.
CVE-2025-54152Medium6.52026-02-11A use of out-of-range pointer offset vulnerability has been reported to affect Qsync Central.
CVE-2025-54148Medium6.52026-02-11A NULL pointer dereference vulnerability has been reported to affect Qsync Central.
CVE-2025-54147Medium6.52026-02-11A NULL pointer dereference vulnerability has been reported to affect Qsync Central.
CVE-2025-54146Medium6.52026-02-11A NULL pointer dereference vulnerability has been reported to affect Qsync Central.
CVE-2025-53598Medium6.52026-02-11A NULL pointer dereference vulnerability has been reported to affect Qsync Central.
CVE-2025-48722Medium6.52026-02-11A NULL pointer dereference vulnerability has been reported to affect Qsync Central.
CVE-2025-47209Medium6.52026-02-11A NULL pointer dereference vulnerability has been reported to affect Qsync Central.
CVE-2025-30266Medium6.52026-02-11A NULL pointer dereference vulnerability has been reported to affect Qsync Central.
CVE-2025-54151Medium5.52026-02-11An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central.
CVE-2025-54150Medium5.52026-02-11An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central.
CVE-2025-54149Medium5.52026-02-11An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central.
CVE-2024-56807Medium5.52026-02-11An out-of-bounds read vulnerability has been reported to affect Media Streaming add-on.
CVE-2025-66274Medium4.92026-02-11A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions.
CVE-2025-59386Medium4.92026-02-11A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions.
CVE-2025-58472Medium4.92026-02-11A NULL pointer dereference vulnerability has been reported to affect Qsync Central.
CVE-2025-58471Medium4.92026-02-11An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central.
CVE-2025-58466Medium4.92026-02-11A use of uninitialized variable vulnerability has been reported to affect several QNAP operating system versions.
CVE-2025-57711Medium4.92026-02-11An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central.
CVE-2025-57710Medium4.92026-02-11An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central.
CVE-2025-54163Medium4.92026-02-11A NULL pointer dereference vulnerability has been reported to affect File Station 5.
CVE-2025-54162Medium4.92026-02-11A path traversal vulnerability has been reported to affect File Station 5.
CVE-2025-54161Medium4.92026-02-11An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5.
CVE-2025-54155Medium4.92026-02-11An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5.
CVE-2025-47205Medium4.92026-02-11A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions.
CVE-2025-62856Medium4.42026-02-11A path traversal vulnerability has been reported to affect File Station 5.
CVE-2025-62855Medium4.42026-02-11A path traversal vulnerability has been reported to affect File Station 5.

Amd · 41 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-36324High8.82026-02-11Improper input validation in AMD Graphics Driver could allow an attacker to supply a specially crafted pointer, potentially leading to arbitrary code execution.
CVE-2025-48503High7.82026-02-11A DLL hijacking vulnerability in the AMD Software Installer could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
CVE-2023-31324High7.82026-02-11A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to modify External Global Memory Interconnect Trusted Agent (XGMI TA) commands as they are processed potentially resulting in los…
CVE-2023-20548High7.82026-02-11A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to corrupt memory resulting in loss of integrity, confidentiality, or availability.
CVE-2025-54519High7.32026-02-12A DLL hijacking vulnerability in Doc Nav could allow a local attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
CVE-2025-52541High7.32026-02-11A DLL hijacking vulnerability in Vivado could allow a local attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
CVE-2023-31313High7.22026-02-12An unintended proxy or intermediary in the AMD power management firmware (PMFW) could allow a privileged attacker to send malformed messages to the system management unit (SMU) potentially resulting in arbitrary code execution.
CVE-2025-48508Medium6.02026-02-11Improper Hardware reset flow logic in the GPU GFX Hardware IP block could allow a privileged attacker in a guest virtual machine to control reset operation potentially causing host or GPU crash or reset resulting in denial of service.
CVE-2024-36316Medium5.52026-02-11The integer overflow vulnerability within AMD Graphics driver could allow an attacker to bypass size checks potentially resulting in a denial of service
CVE-2024-219612026-02-13Improper restriction of operations within the bounds of a memory buffer in PCIe® Link could allow an attacker with access to a guest virtual machine to potentially perform a denial of service attack against the host resulting in loss of av…
CVE-2025-525332026-02-12Improper Access Control in an on-chip debug interface could allow a privileged attacker to enable a debug interface and potentially compromise data confidentiality or integrity.
CVE-2024-363192026-02-12Debug code left active in AMD's Video Decoder Engine Firmware (VCN FW) could allow a attacker to submit a maliciously crafted command causing the VCN FW to perform read/writes HW registers, potentially impacting confidentiality, integrity…
CVE-2023-313232026-02-12Type confusion in the AMD Secure Processor (ASP) could allow an attacker to pass a malformed argument to the External Global Memory Interconnect Trusted Agent (XGMI TA) leading to a memory safety violation potentially resulting in loss of…
CVE-2023-206012026-02-12Improper input validation within RAS TA Driver can allow a local attacker to access out-of-bounds memory, potentially resulting in a denial-of-service condition.
CVE-2025-619692026-02-11Incorrect permission assignment in AMD µProf may allow a local user-privileged attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
CVE-2025-485182026-02-11Improper input validation in AMD Graphics Driver could allow a local attacker to write out of bounds, potentially resulting in loss of integrity or denial of service.
CVE-2024-363202026-02-11Integer Overflow within atihdwt6.sys can allow a local attacker to cause out of bound read/write potentially leading to loss of confidentiality, integrity and availability
CVE-2023-205142026-02-11Improper handling of parameters in the AMD Secure Processor (ASP) could allow a privileged attacker to pass an arbitrary memory value to functions in the trusted execution environment resulting in arbitrary code execution
CVE-2025-545142026-02-10Improper isolation of shared resources on a system on a chip by a malicious local attacker with high privileges could potentially lead to a partial loss of integrity.
CVE-2025-525362026-02-10Improper Prevention of Lock Bit Modification in SEV firmware could allow a privileged attacker to downgrade firmware potentially resulting in a loss of integrity.
CVE-2025-525342026-02-10Improper bound check within AMD CPU microcode can allow a malicious guest to write to host memory, potentially resulting in loss of integrity.
CVE-2025-485172026-02-10Insufficient Granularity of Access Control in SEV firmware could allow a privileged user with a malicious hypervisor to create a SEV-ES guest with an ASID in the range meant for SEV-SNP guests potentially resulting in a partial loss of con…
CVE-2025-485152026-02-10Insufficient parameter sanitization in AMD Secure Processor (ASP) Boot Loader could allow an attacker with access to SPIROM upgrade to overwrite the memory, potentially resulting in arbitrary code execution.
CVE-2025-485142026-02-10Insufficient Granularity of Access Control in SEV firmware can allow a privileged attacker to create a SEV-ES Guest to attack SNP guest, potentially resulting in a loss of confidentiality.
CVE-2025-485092026-02-10Missing Checks in certain functions related to RMP initialization can allow a local admin privileged attacker to cause misidentification of I/O memory, potentially resulting in a loss of guest memory integrity
CVE-2025-299522026-02-10Improper Initialization within the AMD Secure Encrypted Virtualization (SEV) firmware can allow an admin privileged attacker to corrupt RMP covered memory, potentially resulting in loss of guest memory integrity
CVE-2025-299512026-02-10A buffer overflow in the AMD Secure Processor (ASP) bootloader could allow an attacker to overwrite memory, potentially resulting in privilege escalation and arbitrary code execution.
CVE-2025-299502026-02-10Improper input validation in system management mode (SMM) could allow a privileged attacker to overwrite stack memory leading to arbitrary code execution.
CVE-2025-299492026-02-10Insufficient input parameter sanitization in AMD Secure Processor (ASP) Boot Loader (legacy recovery mode only) could allow an attacker to write out-of-bounds to corrupt Secure DRAM potentially resulting in denial of service.
CVE-2025-299482026-02-10Improper access control in AMD Secure Encrypted Virtualization (SEV) firmware could allow a malicious hypervisor to bypass RMP protections, potentially resulting in a loss of SEV-SNP guest memory integrity.
CVE-2025-299462026-02-10Insufficient or Incomplete Data Removal in Hardware Component in SEV firmware doesn't fully flush IOMMU.
CVE-2025-299392026-02-10Improper access control in secure encrypted virtualization (SEV) could allow a privileged attacker to write to the reverse map page (RMP) during secure nested paging (SNP) initialization, potentially resulting in a loss of guest memory con…
CVE-2025-00312026-02-10A use after free in the SEV firmware could allow a malicous hypervisor to activate a migrated guest with the SINGLE_SOCKET policy on a different socket than the migration agent potentially resulting in loss of integrity.
CVE-2025-00292026-02-10Improper handling of error condition during host-induced faults can allow a local high-privileged attack to selectively drop guest DMA writes, potentially resulting in a loss of SEV-SNP guest memory integrity
CVE-2025-00122026-02-10Improper handling of overlap between the segmented reverse map table (RMP) and system management mode (SMM) memory could allow a privileged attacker corrupt or partially infer SMM memory resulting in loss of integrity or confidentiality.
CVE-2024-363552026-02-10Improper input validation in the SMM handler could allow an attacker with Ring0 access to write to SMRAM and modify execution flow for S3 (sleep) wake up, potentially resulting in arbitrary code execution.
CVE-2024-363112026-02-10A Time-of-check time-of-use (TOCTOU) race condition in the SMM communications buffer could allow a privileged attacker to bypass input validation and perform an out of bounds read or write, potentially resulting in loss of confidentiality…
CVE-2024-363102026-02-10Improper input validation in the SMM communications buffer could allow a privileged attacker to perform an out of bounds read or write to SMRAM potentially resulting in loss of confidentiality or integrity.
CVE-2024-219532026-02-10Improper input validation in IOMMU could allow a malicious hypervisor to reconfigure IOMMU registers resulting in loss of guest data integrity.
CVE-2021-264102026-02-10Improper syscall input validation in ASP (AMD Secure Processor) may force the kernel into reading syscall parameter values from its own memory space allowing an attacker to infer the contents of the kernel memory leading to potential infor…
CVE-2021-263812026-02-10Improper system call parameter validation in the Trusted OS may allow a malicious driver to perform mapping or unmapping operations on a large number of pages, potentially resulting in kernel memory corruption.

Nsasoft · 26 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25336High8.42026-02-12SpotAuditor 5.3.2 contains a local buffer overflow vulnerability in the Base64 Encrypted Password tool that allows attackers to execute arbitrary code by crafting a malicious payload.
CVE-2019-25340High7.52026-02-12SpotAuditor 5.3.2 contains a denial of service vulnerability in its Base64 decryption feature that allows attackers to crash the application by supplying an oversized buffer.
CVE-2020-37212High7.52026-02-11SpotMSN 2.4.6 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application.
CVE-2020-37211High7.52026-02-11SpotIM 2.2 contains a denial of service vulnerability that allows attackers to crash the application by inputting a large buffer in the registration name field.
CVE-2020-37210High7.52026-02-11SpotIE 2.9.5 contains a denial of service vulnerability in the registration key input that allows attackers to crash the application.
CVE-2020-37209High7.52026-02-11SpotFTP 3.0.0.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application.
CVE-2020-37208High7.52026-02-11SpotFTP 3.0.0.0 contains a buffer overflow vulnerability in the registration key input field that allows attackers to crash the application.
CVE-2020-37207High7.52026-02-11SpotDialup 1.6.7 contains a denial of service vulnerability in the registration key input field that allows attackers to crash the application.
CVE-2020-37206High7.52026-02-11ShareAlarmPro contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key.
CVE-2020-37205High7.52026-02-11RemShutdown 2.9.0.0 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' registration field.
CVE-2020-37204High7.52026-02-11RemShutdown 2.9.0.0 contains a denial of service vulnerability in its registration key input that allows attackers to crash the application.
CVE-2020-37203High7.52026-02-11Office Product Key Finder 1.5.4 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the registration code input.
CVE-2020-37202High7.52026-02-11NetworkSleuth 3.0.0.0 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key.
CVE-2020-37201High7.52026-02-11NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration name input that allows attackers to crash the application.
CVE-2020-37200High7.52026-02-11NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration key input that allows attackers to crash the application by supplying oversized input.
CVE-2020-37199High7.52026-02-11NBMonitor 1.6.6.0 contains a denial of service vulnerability in its registration key input that allows attackers to crash the application.
CVE-2020-37197High7.52026-02-11Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field.
CVE-2020-37196High7.52026-02-11Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the application by providing an oversized registration key.
CVE-2020-37195High7.52026-02-11BlueAuditor 1.7.2.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application.
CVE-2020-37194High7.52026-02-11Backup Key Recovery 2.2.5 contains a denial of service vulnerability that allows attackers to crash the application by supplying an overly long registration key.
CVE-2020-37188High7.52026-02-11SpotOutlook 1.2.6 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application.
CVE-2020-37187High7.52026-02-11SpotDialup 1.6.7 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application.
CVE-2020-37185High7.52026-02-11Backup Key Recovery 2.2.5 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field.
CVE-2020-37180High7.52026-02-11GTalk Password Finder 2.2.1 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key.
CVE-2020-37179High7.52026-02-11APKF Product Key Finder 2.5.8.0 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field.
CVE-2019-25334Medium6.22026-02-12Product Key Explorer 4.2.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by overflowing the registration name input field.

Sap · 26 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-0488Critical9.92026-02-10An authenticated attacker in SAP CRM and SAP S/4HANA (Scripting Editor) could exploit a flaw in a generic function module call and execute unauthorized critical functionalities, which includes the ability to execute an arbitrary SQL statem…
CVE-2026-0509Critical9.62026-02-10SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated, low-privileged user to perform background Remote Function Calls without the required S_RFC authorization in certain cases.
CVE-2026-23687High8.82026-02-10SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier.
CVE-2026-24322High7.72026-02-10SAP Solution Tools Plug-In (ST-PI) contains a function module that does not perform the necessary authorization checks for authenticated users, allowing sensitive information to be disclosed.
CVE-2026-23689High7.72026-02-10Due to an uncontrolled resource consumption (Denial of Service) vulnerability, an authenticated attacker with regular user privileges and network access can repeatedly invoke a remote-enabled function module with an excessively large loop-…
CVE-2026-0490High7.52026-02-10SAP BusinessObjects BI Platform allows an unauthenticated attacker to craft a specific network request to the trusted endpoint that breaks the authentication, which prevents the legitimate users from accessing the platform.
CVE-2026-0485High7.52026-02-10SAP BusinessObjects BI Platform allows an unauthenticated attacker to send specially crafted requests that could cause the Content Management Server (CMS) to crash and automatically restart.
CVE-2026-0508High7.32026-02-10The SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker with high privileges to insert malicious URL within the application.
CVE-2026-24324Medium6.52026-02-10SAP BusinessObjects Business Intelligence Platform (AdminTools) allows an authenticated attacker with user privileges to execute a specific query in AdminTools that could cause the Content Management Server (CMS) to crash, rendering the CM…
CVE-2026-0484Medium6.52026-02-10Due to missing authorization check in SAP NetWeaver Application Server ABAP and SAP S/4HANA, an authenticated attacker could access a specific transaction code and modify the text data in the system.
CVE-2026-24328Medium6.12026-02-10SAP TAF_APPLAUNCHER within Business Server Pages allows unauthenticated attacker to craft malicious links that, when clicked by a victim, redirect them to attacker?controlled sites, potentially exposing or altering sensitive information in…
CVE-2026-24323Medium6.12026-02-10The BSP applications allow an unauthenticated user to inject malicious script content via user-controlled URL parameters that are not sufficiently sanitized.
CVE-2026-0505Medium6.12026-02-10The BSP applications allow an unauthenticated user to manipulate user-controlled URL parameters that are not sufficiently validated.
CVE-2026-23684Medium5.92026-02-10A race condition vulnerability exists in the SAP Commerce cloud.
CVE-2026-24319Medium5.82026-02-10In SAP Business One, sensitive information is written to the application�s memory dump files without obfuscation.
CVE-2026-24321Medium5.32026-02-10SAP Commerce Cloud exposes multiple API endpoints to unauthenticated users, allowing them to submit requests to these open endpoints to retrieve sensitive information that is not intended to be publicly accessible via the front-end.
CVE-2026-24312Medium5.22026-02-10An erroneous authorization check in SAP Business Workflow leads to privilege escalation.
CVE-2026-0486Medium5.02026-02-10In ABAP based SAP systems a remote enabled function module does not perform necessary authorization checks for an authenticated user resulting in disclosure of system information.This has low impact on confidentiality.
CVE-2026-24325Medium4.82026-02-10SAP BusinessObjects Enterprise does not sufficiently encode user-controlled inputs, leading to Stored Cross-Site Scripting (XSS) vulnerability.
CVE-2026-23685Medium4.42026-02-10Due to a Deserialization vulnerability in SAP NetWeaver (JMS service), an attacker authenticated as an administrator with local access could submit specially crafted content to the server.
CVE-2026-24327Medium4.32026-02-10Due to missing authorization check in SAP Strategic Enterprise Management (Balanced Scorecard in Business Server Pages), an authenticated attacker could access information that they are otherwise unauthorized to view.
CVE-2026-24326Medium4.32026-02-10Due to a missing authorization check in the Disconnected Operations of the SAP S/4HANA Defense & Security, an attacker with user privileges could call remote-enabled function modules to do direct update on standard SAP database table .
CVE-2026-23688Medium4.32026-02-10SAP Fiori App Manage Service Entry Sheets does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
CVE-2026-23681Medium4.32026-02-10Due to missing authorization check in a function module in SAP Support Tools Plug-In, an authenticated attacker could invoke specific function modules to retrieve information about the system and its configuration.
CVE-2026-23686Low3.42026-02-10Due to a CRLF Injection vulnerability in SAP NetWeaver Application Server Java, an authenticated attacker with administrative access could submit specially crafted content to the application.
CVE-2026-24320Low3.12026-02-10Due to improper memory management in SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker could exploit logical errors in memory management by supplying specially crafted input containing unique characters…

Adobe · 19 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-21349High7.82026-02-10Lightroom Desktop versions 15.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2026-21353High7.82026-02-10DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2026-21352High7.82026-02-10DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2026-21335High7.82026-02-10Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2026-21334High7.82026-02-10Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2026-21312High7.82026-02-10Audition versions 25.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2026-21348Medium5.52026-02-10Substance3D - Modeler versions 1.22.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure.
CVE-2026-21355Medium5.52026-02-10DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure.
CVE-2026-21354Medium5.52026-02-10DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could lead to application denial-of-service.
CVE-2026-21340Medium5.52026-02-10Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure.
CVE-2026-21339Medium5.52026-02-10Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure.
CVE-2026-21338Medium5.52026-02-10Substance3D - Designer versions 15.1.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service.
CVE-2026-21337Medium5.52026-02-10Substance3D - Designer versions 15.1.0 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure.
CVE-2026-21336Medium5.52026-02-10Substance3D - Designer versions 15.1.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service.
CVE-2026-21317Medium5.52026-02-10Audition versions 25.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure.
CVE-2026-21316Medium5.52026-02-10Audition versions 25.3 and earlier are affected by an Access of Memory Location After End of Buffer vulnerability that could lead to application denial-of-service.
CVE-2026-21315Medium5.52026-02-10Audition versions 25.3 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure.
CVE-2026-21314Medium5.52026-02-10Audition versions 25.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure.
CVE-2026-21313Medium5.52026-02-10Audition versions 25.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure.

Yokogawa · 19 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-66603Critical9.82026-02-09A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
CVE-2025-66602Critical9.82026-02-09A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
CVE-2025-66606Critical9.62026-02-09A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
CVE-2025-1924High8.22026-02-13A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation.
CVE-2025-66598High7.52026-02-09A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
CVE-2025-66597High7.52026-02-09A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
CVE-2025-66608High7.52026-02-09A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
CVE-2025-48023Medium6.52026-02-13A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation.
CVE-2025-48022Medium6.52026-02-13A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation.
CVE-2025-48021Medium6.52026-02-13A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation.
CVE-2025-48020Medium6.52026-02-13A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation.
CVE-2025-48019Medium6.52026-02-13A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation.
CVE-2025-66596Medium6.12026-02-09A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
CVE-2025-66601Medium6.12026-02-09A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
CVE-2025-66595Medium5.42026-02-09A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
CVE-2025-66594Medium5.32026-02-09A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
CVE-2025-66607Medium5.32026-02-09A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
CVE-2025-66605Medium5.32026-02-09A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
CVE-2025-66604Medium5.32026-02-09A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.

Gitlab · 16 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-1868Critical9.92026-02-09GitLab has remediated a vulnerability in the Duo Workflow Service component of GitLab AI Gateway affecting all versions of the AI Gateway from 18.1.6, 18.2.6, 18.3.1 to 18.6.1, 18.7.0, and 18.8.0 in which AI Gateway was vulnerable to insec…
CVE-2025-7659High8.02026-02-11GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to steal tokens and access private repositories by ab…
CVE-2026-0958High7.52026-02-11GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through memory or CPU exha…
CVE-2025-8099High7.52026-02-11GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.8 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an unauthenticated user to cause denial of service…
CVE-2026-0595High7.32026-02-11GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.9 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to add unauthorized email add…
CVE-2025-14560High7.32026-02-11GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized actio…
CVE-2026-1458Medium6.52026-02-11GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an unauthenticated user to cause denial of service b…
CVE-2026-1456Medium6.52026-02-11GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through CPU exhaustion by submitting specially…
CVE-2026-1387Medium6.52026-02-11GitLab has remediated an issue in GitLab EE affecting all versions from 15.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an authenticated user to cause Denial of Service by uploading a malicious file a…
CVE-2025-12575Medium5.42026-02-11GitLab has remediated an issue in GitLab EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user with certain permissions to make…
CVE-2026-1094Medium4.62026-02-11GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 before 18.8.4 that could have allowed an authenticated developer to hide specially crafted file changes from the WebUI.
CVE-2026-1080Medium4.32026-02-11GitLab has remediated an issue in GitLab EE affecting all versions from 16.7 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to access iteration data from pr…
CVE-2025-12073Medium4.32026-02-11GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an authenticated user to perform server-side reque…
CVE-2025-14592Low3.72026-02-11GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized opera…
CVE-2026-1282Low3.52026-02-11GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an authenticated user to inject malicious content into project labels titles.
CVE-2025-14594Low3.52026-02-11GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.11 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to view certain pipeline val…

Code-projects · 14 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-2223High7.32026-02-09A security vulnerability has been detected in code-projects Online Reviewer System 1.0.
CVE-2026-2221High7.32026-02-09A security flaw has been discovered in code-projects Online Reviewer System 1.0.
CVE-2026-2220High7.32026-02-09A vulnerability was identified in code-projects Online Reviewer System 1.0.
CVE-2026-2212High7.32026-02-09A vulnerability was identified in code-projects Online Music Site 1.0.
CVE-2026-2211High7.32026-02-09A vulnerability was determined in code-projects Online Music Site 1.0.
CVE-2026-2199High7.32026-02-09A security flaw has been discovered in code-projects Online Reviewer System 1.0.
CVE-2026-2198High7.32026-02-09A vulnerability was identified in code-projects Online Reviewer System 1.0.
CVE-2026-2197High7.32026-02-09A vulnerability was determined in code-projects Online Reviewer System 1.0.
CVE-2026-2196High7.32026-02-09A vulnerability was found in code-projects Online Reviewer System 1.0.
CVE-2026-2195High7.32026-02-09A vulnerability has been found in code-projects Online Reviewer System 1.0.
CVE-2026-2213Medium4.72026-02-09A security flaw has been discovered in code-projects Online Music Site 1.0.
CVE-2026-2224Low3.52026-02-09A vulnerability was detected in code-projects Online Reviewer System 1.0.
CVE-2026-2222Low2.42026-02-09A weakness has been identified in code-projects Online Reviewer System 1.0.
CVE-2026-2214Low2.42026-02-09A weakness has been identified in code-projects for Plugin 1.0.

Freerdp · 12 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-24679Critical9.12026-02-09FreeRDP is a free implementation of the Remote Desktop Protocol.
CVE-2026-24677Critical9.12026-02-09FreeRDP is a free implementation of the Remote Desktop Protocol.
CVE-2026-24684High7.52026-02-09FreeRDP is a free implementation of the Remote Desktop Protocol.
CVE-2026-24683High7.52026-02-09FreeRDP is a free implementation of the Remote Desktop Protocol.
CVE-2026-24682High7.52026-02-09FreeRDP is a free implementation of the Remote Desktop Protocol.
CVE-2026-24681High7.52026-02-09FreeRDP is a free implementation of the Remote Desktop Protocol.
CVE-2026-24680High7.52026-02-09FreeRDP is a free implementation of the Remote Desktop Protocol.
CVE-2026-24678High7.52026-02-09FreeRDP is a free implementation of the Remote Desktop Protocol.
CVE-2026-24676High7.52026-02-09FreeRDP is a free implementation of the Remote Desktop Protocol.
CVE-2026-24675High7.52026-02-09FreeRDP is a free implementation of the Remote Desktop Protocol.
CVE-2026-24491High7.52026-02-09FreeRDP is a free implementation of the Remote Desktop Protocol.
CVE-2026-23948High7.52026-02-09FreeRDP is a free implementation of the Remote Desktop Protocol.

Siemens · 11 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25656High7.82026-02-10A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3), User Management Component (UMC) (All versions < V2.15.2.1).
CVE-2026-25655High7.82026-02-10A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP2).
CVE-2026-23720High7.82026-02-10A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512).
CVE-2026-23719High7.82026-02-10A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512).
CVE-2026-23718High7.82026-02-10A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512).
CVE-2026-23717High7.82026-02-10A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512).
CVE-2026-23716High7.82026-02-10A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512).
CVE-2026-23715High7.82026-02-10A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512).
CVE-2026-22923High7.82026-02-10A vulnerability has been identified in NX (All versions < V2512), NX (Managed Mode) (All versions < V2512).
CVE-2025-40587High7.62026-02-10A vulnerability has been identified in Polarion V2404 (All versions < V2404.5), Polarion V2410 (All versions < V2410.2).
CVE-2024-52334Medium5.32026-02-10A vulnerability has been identified in syngo.plaza VB30E (All versions < VB30E_HF07).

Praskla-technology · 9 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25875Critical9.82026-02-09PlaciPy is a placement management system designed for educational institutions.
CVE-2026-25814Critical9.82026-02-09PlaciPy is a placement management system designed for educational institutions.
CVE-2026-25809Critical9.82026-02-09PlaciPy is a placement management system designed for educational institutions.
CVE-2026-25811Critical9.12026-02-09PlaciPy is a placement management system designed for educational institutions.
CVE-2026-25876Critical9.12026-02-09PlaciPy is a placement management system designed for educational institutions.
CVE-2026-25810Critical9.12026-02-09PlaciPy is a placement management system designed for educational institutions.
CVE-2026-25812High8.82026-02-09PlaciPy is a placement management system designed for educational institutions.
CVE-2026-25813High7.52026-02-09PlaciPy is a placement management system designed for educational institutions.
CVE-2026-25806Medium6.52026-02-09PlaciPy is a placement management system designed for educational institutions.

Craftcms · 8 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25497High8.82026-02-09Craft is a platform for creating digital experiences.
CVE-2026-25495High8.82026-02-09Craft is a platform for creating digital experiences.
CVE-2026-25498High7.22026-02-09Craft is a platform for creating digital experiences.
CVE-2026-25494Medium6.52026-02-09Craft is a platform for creating digital experiences.
CVE-2026-25493Medium6.52026-02-09Craft is a platform for creating digital experiences.
CVE-2026-25492Medium6.52026-02-09Craft CMS is a content management system.
CVE-2026-25496Medium4.82026-02-09Craft is a platform for creating digital experiences.
CVE-2026-25491Medium4.82026-02-09Craft is a platform for creating digital experiences.

Fortinet · 8 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-52436High8.82026-02-10An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, For…
CVE-2026-22153High8.12026-02-10An Authentication Bypass by Primary Weakness vulnerability [CWE-305] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4 may allow an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FSSO policy, when the remote…
CVE-2026-21743High7.22026-02-10A missing authorization vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow a read-only user to make modi…
CVE-2025-62676High7.12026-02-10An Improper Link Resolution Before File Access ('Link Following') vulnerability [CWE-59] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.4, FortiClientWindows 7.2.0 through 7.2.12, FortiClientWindows 7.0 all versions may all…
CVE-2025-64157Medium6.72026-02-10A use of externally-controlled format string vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0 all versions allows an authenticated admin to execute unauthorized c…
CVE-2025-68686Medium5.92026-02-10An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all v…
CVE-2025-55018Medium5.82026-02-10An inconsistent interpretation of http requests ('http request smuggling') vulnerability in Fortinet FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4.3 through 6.4.16 may allow an…
CVE-2025-62439Medium4.22026-02-10An Improper Verification of Source of a Communication Channel vulnerability [CWE-940] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions may allow an authe…

Tanium · 8 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-15310High7.82026-02-10Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools.
CVE-2025-15319High7.82026-02-09Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools.
CVE-2025-15316Medium6.72026-02-09Tanium addressed a local privilege escalation vulnerability in Tanium Server.
CVE-2025-15315Medium6.72026-02-09Tanium addressed a local privilege escalation vulnerability in Tanium Module Server.
CVE-2025-15317Medium6.52026-02-09Tanium addressed an uncontrolled resource consumption vulnerability in Tanium Server.
CVE-2025-15314Medium5.52026-02-10Tanium addressed an arbitrary file deletion vulnerability in end-user-cx.
CVE-2025-15313Medium5.52026-02-10Tanium addressed an arbitrary file deletion vulnerability in Tanium EUSS.
CVE-2025-15318Medium5.52026-02-09Tanium addressed an arbitrary file deletion vulnerability in End-User Notifications Endpoint Tools.

Apache · 7 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-23906Critical9.82026-02-10Affected Products and Versions * Apache Druid * Affected Versions: 0.17.0 through 35.x (all versions prior to 36.0.0) * Prerequisites: * druid-basic-security extension enabled * LDAP authenticator configured * Underlying L…
CVE-2026-24343High8.82026-02-10Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in Apache HertzBeat.
CVE-2025-33042High7.32026-02-13Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas.
CVE-2026-24098Medium6.52026-02-09Apache Airflow versions 3.0.0 - 3.1.7, has vulnerability that allows authenticated UI users with permission to one or more specific Dags to view import errors generated by other Dags they did not have access to.
CVE-2026-22922Medium6.52026-02-09Apache Airflow versions 3.1.0 through 3.1.6 contain an authorization flaw that can allow an authenticated user with custom permissions limited to task access to view task logs without having task log access.
CVE-2026-23903Medium5.32026-02-09Authentication Bypass by Alternate Name vulnerability in Apache Shiro.
CVE-2026-23901Low2.52026-02-10Observable Timing Discrepancy vulnerability in Apache Shiro.

Flowring · 7 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-2096Critical9.82026-02-10Agentflow developed by Flowring has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality.
CVE-2026-2095Critical9.82026-02-10Agentflow developed by Flowring has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to exploit a specific functionality to obtain arbitrary user authentication token and log into the system as any user.
CVE-2026-2097High8.82026-02-10Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
CVE-2026-2094High8.82026-02-10Docpedia developed by Flowring has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
CVE-2026-2093High7.52026-02-10Docpedia developed by Flowring has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.
CVE-2026-2098Medium6.12026-02-10AgentFlow developed by Flowring has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.
CVE-2026-2099Medium5.42026-02-10AgentFlow developed by Flowring has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject persistent JavaScript codes that are executed in users' browsers upon page load.

Intel · 7 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-32453Medium6.72026-02-10Incorrect default permissions for some Intel(R) Graphics Driver software within Ring 2: Privileged Process may allow an escalation of privilege.
CVE-2025-32092Medium6.72026-02-10Insecure inherited permissions for some Intel(R) Graphics Software before version 25.30.1702.0 within Ring 3: User Applications may allow an escalation of privilege.
CVE-2025-32003Medium6.52026-02-10Out-of-bounds read in the firmware for some 100GbE Intel(R) Ethernet Network Adapter E810 before version cvl fw 1.7.6, cpk 1.3.7 within Ring 0: Bare Metal OS may allow a denial of service.
CVE-2025-27243Medium6.02026-02-10Out-of-bounds write in the firmware for some Intel(R) Ethernet Controller E810 before version cvl fw 1.7.8.x within Ring 0: Bare Metal OS may allow a denial of service.
CVE-2025-24851Medium6.02026-02-10Uncaught exception in the firmware for some 100GbE Intel(R) Ethernet Controller E810 before version cvl fw 1.7.8.x within Ring 0: Bare Metal OS may allow a denial of service.
CVE-2025-27535Medium5.32026-02-10Exposed ioctl with insufficient access control in the firmware for some Intel(R) Ethernet Connection E825-C.
CVE-2025-32739Low2.82026-02-10Improper conditions check in some firmware for some Intel(R) Graphics Drivers and Intel LTS kernels within Ring 1: Device Drivers may allow a denial of service.

Mongodb · 7 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-1848High7.52026-02-10Connections received from the proxy port may not count towards total accepted connections, resulting in server crashes if the total number of connections exceeds available resources.
CVE-2026-25613Medium6.52026-02-10An authorized user may disable the MongoDB server by issuing a query against a collection that contains an invalid compound wildcard index.
CVE-2026-25610Medium6.52026-02-10An authorized user may trigger a server crash by running a $geoNear pipeline with certain invalid index hints.
CVE-2026-1850Medium6.52026-02-10Complex queries can cause excessive memory usage in MongoDB Query Planner resulting in an Out-Of-Memory Crash.
CVE-2026-1849Medium6.52026-02-10MongoDB Server may experience an out-of-memory failure while evaluating expressions that produce deeply nested documents.
CVE-2026-1847Medium6.52026-02-10Inserting certain large documents into a replica set could lead to replica set secondaries not being able to fetch the oplog from the primary.
CVE-2026-25609Medium5.42026-02-10Incorrect validation of the profile command may result in the determination that a request altering the 'filter' is read-only.

Red Hat · 7 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-1486High8.82026-02-09A flaw was found in Keycloak.
CVE-2026-1529High8.12026-02-09A flaw was found in Keycloak.
CVE-2026-26158High7.02026-02-11A flaw was found in BusyBox.
CVE-2026-26157High7.02026-02-11A flaw was found in BusyBox.
CVE-2025-14778Medium5.42026-02-09A flaw was found in Keycloak.
CVE-2025-14831Medium5.32026-02-09A flaw was found in GnuTLS.
CVE-2025-11537Medium5.02026-02-10A flaw was found in Keycloak.

Frangoteam · 6 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25938Critical9.82026-02-09FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software.
CVE-2026-25895Critical9.82026-02-09FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software.
CVE-2026-25894Critical9.82026-02-09FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software.
CVE-2026-25893Critical9.82026-02-09FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software.
CVE-2026-25939Critical9.12026-02-09FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software.
CVE-2026-25951High7.22026-02-09FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software.
CVESeverityCVSSKEVPublishedSummary
CVE-2026-0652High8.82026-02-10On TP-Link Tapo C260 v1, command injection vulnerability exists due to improper sanitization in certain POST parameters during configuration synchronization.
CVE-2025-9293High8.12026-02-13A vulnerability in the certificate validation logic may allow applications to accept untrusted or improperly validated server identities during TLS communication.
CVE-2026-0651High7.82026-02-10A path traversal vulnerability was identified TP-Link Tapo C260 v1, D235 v1 and C520WS v2.6 within the HTTP server’s handling of GET requests.
CVE-2025-9292High7.52026-02-13A permissive web security configuration may allow cross-origin restrictions enforced by modern browsers to be bypassed under specific circumstances.
CVE-2026-0653Medium6.52026-02-10On TP-Link Tapo C260 v1 and D235 v1, a guest‑level authenticated user can bypass intended access restrictions by sending crafted requests to a synchronization endpoint.
CVE-2026-1571Medium6.12026-02-11User-controlled input is reflected into the HTML output without proper encoding on TP-Link Archer C60 v3, allowing arbitrary JavaScript execution via a crafted URL. An attacker could run script in the device web UI context, potentially ena…

Axis · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-11547High7.82026-02-10AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a non-admin user.
CVE-2025-11142High7.12026-02-10The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code execution.
CVE-2025-12063Medium5.72026-02-10An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions.
CVE-2025-12757Medium4.62026-02-10An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are not permitted to.
CVE-2025-13064Medium4.52026-02-10A server-side injection was possible for a malicious admin to manipulate the application to include a malicious script which is executed by the server.
CVESeverityCVSSKEVPublishedSummary
CVE-2026-2260High7.22026-02-10A vulnerability was found in D-Link DCS-931L up to 1.13.0.
CVE-2026-2210High7.22026-02-09A vulnerability has been found in D-Link DIR-823X 250416.
CVE-2026-2218Medium6.32026-02-09A vulnerability was determined in D-Link DCS-933L up to 1.14.11.
CVE-2026-2194Medium6.32026-02-09A flaw has been found in D-Link DI-7100G C1 24.04.18D1.
CVE-2026-2227Medium4.72026-02-09A vulnerability was found in D-Link DCS-931L up to 1.13.0.

Top Password Software · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2020-37215High7.52026-02-11MSN Password Recovery version 1.30 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized input in the registration code field.
CVE-2020-37193High7.52026-02-11ZIP Password Recovery 2.30 contains a denial of service vulnerability that allows attackers to crash the application by providing maliciously crafted input.
CVE-2020-37191High7.52026-02-11Top Password Software Dialup Password Recovery 1.30 contains a denial of service vulnerability that allows attackers to crash the application by overflowing input fields.
CVE-2020-37190High7.52026-02-11Top Password Firefox Password Recovery 2.8 contains a denial of service vulnerability that allows attackers to crash the application by overflowing input fields.
CVE-2020-37192Medium6.22026-02-11MSN Password Recovery 1.30 contains an XML external entity injection vulnerability that allows attackers to read local system files through crafted XML input.

Cipplanner · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-50619High8.82026-02-11Vulnerabilities in the My Account and User Management components in CIPPlanner CIPAce before 9.17 allows attackers to escalate their access levels.
CVE-2024-50620High8.82026-02-11Unrestricted Upload of File with Dangerous Type vulnerabilities exist in the rich text editor and document manage components in CIPPlanner CIPAce before 9.17.
CVE-2024-50617High7.52026-02-11Vulnerabilities in the File Download and Get File handler components in CIPPlanner CIPAce before 9.17 allow attackers to download unauthorized files.
CVE-2024-50618Medium4.32026-02-11A Use of Single-factor Authentication vulnerability in the Authentication component of CIPPlanner CIPAce before 9.17 allows attackers to bypass a protection mechanism.

Internet-soft · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25321Critical9.82026-02-12FTP Navigator 8.03 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers.
CVE-2019-25319Critical9.82026-02-12Domain Quester Pro 6.02 contains a stack overflow vulnerability that allows remote attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers.
CVE-2019-25332High8.42026-02-12FTP Commander Pro 8.03 contains a local stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting the EIP register through a custom command input.
CVE-2019-25329High7.52026-02-12FTP Navigator 8.03 contains a denial of service vulnerability that allows attackers to crash the application by overwriting Structured Exception Handler (SEH) with malicious input.

Kanboard · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25924High8.42026-02-11Kanboard is project management software focused on Kanban methodology.
CVE-2026-24885Medium5.72026-02-10Kanboard is project management software focused on Kanban methodology.
CVE-2026-25531Medium4.32026-02-13Kanboard is project management software focused on Kanban methodology.
CVE-2026-25530Medium4.32026-02-10Kanboard is project management software focused on Kanban methodology.

Microcom · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-13651High7.52026-02-11Exposure of Sensitive System Information to an Unauthorized Actor vulnerability in Microcom ZeusWeb allows Web Application Fingerprinting of sensitive data.
CVE-2025-13650Medium6.12026-02-11An attacker with access to the web application ZeusWeb of the provider Microcom (in this case, registration is not necessary, but the action must be performed) who has the vulnerable software could introduce arbitrary JavaScript by injecti…
CVE-2025-13649Medium6.12026-02-11An attacker with access to the web application ZeusWeb of the provider Microcom (in this case, registration is not necessary, but the action must be performed) who has the vulnerable software could introduce arbitrary JavaScript by injec…
CVE-2025-13648Medium6.12026-02-11An attacker with access to the web application ZeusWeb of the provider Microcom (in this case, registration is required) who has the vulnerable software could introduce arbitrary JavaScript by injecting an XSS payload into the ‘Name’ and…

Mongodb Inc · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25611High7.52026-02-10A series of specifically crafted, unauthenticated messages can exhaust available memory and crash a MongoDB server.
CVE-2026-2303Medium6.52026-02-10The mongo-go-driver repository contains CGo bindings for GSSAPI (Kerberos) authentication on Linux and macOS.
CVE-2026-2302Medium6.52026-02-10Under specific conditions when processing a maliciously crafted value of type Hash r, Mongoid::Criteria.from_hash may allow for executing arbitrary Ruby code.
CVE-2026-25612Medium6.52026-02-10The internal locking mechanism of the MongoDB server uses an internal encoding of the resources in order to choose what lock to take.

Powerdns · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-59023High8.22026-02-09Crafted delegations or IP fragments can poison cached delegations in Recursor.
CVE-2025-59024Medium6.52026-02-09Crafted delegations or IP fragments can poison cached delegations in Recursor.
CVE-2026-24027Medium5.32026-02-09Crafted zones can lead to increased incoming network traffic.
CVE-2026-0398Medium5.32026-02-09Crafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor.

Unknown · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-14892Critical9.82026-02-12The Prime Listing Manager WordPress plugin through 1.1 allows an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions due to a hardcoded secret.
CVE-2026-1235Medium6.52026-02-11The WP eCommerce WordPress plugin through 3.15.1 unserializes user input via ajax actions, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog.
CVE-2025-15400Medium6.52026-02-11The OpenPix for WooCommerce WordPress plugin through 2.13.3 allows any authenticated user to trigger AJAX actions that reset payment gateway configuration options without capability or nonce checks.
CVE-2025-15520Medium4.32026-02-13The RegistrationMagic WordPress plugin before 6.0.7.2 checks nonces but not capabilities, allowing for the disclosure of some sensitive data to subscribers and above.

Wago · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-22906Critical9.82026-02-09User credentials are stored using AES‑ECB encryption with a hardcoded key.
CVE-2026-22904Critical9.82026-02-09Improper length handling when parsing multiple cookie fields (including TRACKID) allows an unauthenticated remote attacker to send oversized cookie values and trigger a stack buffer overflow, resulting in a denial‑of‑service condition and…
CVE-2026-22903Critical9.82026-02-09An unauthenticated remote attacker can send a crafted HTTP request containing an overly long SESSIONID cookie.
CVE-2026-22905High7.52026-02-09An unauthenticated remote attacker can bypass authentication by exploiting insufficient URI validation and using path traversal sequences (e.g., /js/../cgi-bin/post.cgi), gaining unauthorized access to protected CGI endpoints and configura…

Albrecht Jung Gmbh & Co. Kg · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-26234High8.82026-02-12JUNG Smart Visu Server 1.1.1050 contains a request header manipulation vulnerability that allows unauthenticated attackers to override request URLs by injecting arbitrary values in the X-Forwarded-Host header.
CVE-2026-26235High7.52026-02-12JUNG Smart Visu Server 1.1.1050 contains a denial of service vulnerability that allows unauthenticated attackers to remotely shutdown or reboot the server.
CVE-2026-25872Medium5.32026-02-10JUNG Smart Panel KNX firmware version L1.12.22 and prior contain an unauthenticated path traversal vulnerability in the embedded web interface.

Avideo · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2020-37173High7.52026-02-11AVideo Platform 8.1 contains an information disclosure vulnerability that allows attackers to enumerate user details through the playlistsFromUser.json.php endpoint.
CVE-2020-37172Medium5.32026-02-11AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploiting the password recovery mechanism.
CVE-2020-37158Medium5.32026-02-11AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploiting the password recovery mechanism.

Bacnet-stack · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-26264High8.12026-02-13BACnet Stack is a BACnet open source protocol stack C library for embedded systems.
CVE-2026-21878High7.52026-02-13BACnet Stack is a BACnet open source protocol stack C library for embedded systems.
CVE-2026-21870Medium5.52026-02-13BACnet Protocol Stack library provides a BACnet application layer, network layer and media access (MAC) layer communications services.

Birtech Information Technologies Industry And Trade Ltd. Co. · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-10465High8.82026-02-09Unrestricted Upload of File with Dangerous Type vulnerability in Birtech Information Technologies Industry and Trade Ltd.
CVE-2025-10463High7.32026-02-09Improper Authentication vulnerability in Birtech Information Technologies Industry and Trade Ltd.
CVE-2025-10464Medium6.52026-02-09Insecure Storage of Sensitive Information vulnerability in Birtech Information Technologies Industry and Trade Ltd.

Calero · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-26335Critical9.82026-02-13Calero VeraSMART versions prior to 2022 R1 use static ASP.NET/IIS machineKey values configured for the VeraSMART web application and stored in C:\\Program Files (x86)\\Veramark\\VeraSMART\\WebRoot\\web.config.
CVE-2026-26333Critical9.82026-02-13Calero VeraSMART versions prior to 2022 R1 expose an unauthenticated .NET Remoting HTTP service on TCP port 8001.
CVE-2026-26334High7.82026-02-13Calero VeraSMART versions prior to 2026 R1 contain hardcoded static AES encryption keys within Veramark.Framework.dll (Veramark.Core.Config class).

Dell · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-23857High8.22026-02-12Dell Update Package (DUP) Framework, versions 23.12.00 through 24.12.00, contains an Improper Handling of Insufficient Permissions or Privileges vulnerability.
CVE-2026-23856High7.82026-02-12Dell iDRAC Service Module (iSM) for Windows, versions prior to 6.0.3.1, and Dell iDRAC Service Module (iSM) for Linux, versions prior to 5.4.1.1, contain an Improper Access Control vulnerability.
CVE-2026-21419Medium6.62026-02-09Dell Display and Peripheral Manager (Windows) versions prior to 2.2 contain an Improper Link Resolution Before File Access ('Link Following') vulnerability in the Installer and Service.

Digitalvolcano Software · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2020-37213High7.52026-02-11TextCrawler Pro 3.1.1 contains a denial of service vulnerability that allows attackers to crash the application by sending an oversized buffer in the license key field.
CVE-2020-37198High7.52026-02-11Duplicate Cleaner Pro 4.1.3 contains a denial of service vulnerability that allows attackers to crash the application by injecting an oversized buffer into the license key field.
CVE-2020-37189High7.52026-02-11TaskCanvas 1.4.0 contains a denial of service vulnerability in the registration code input field that allows attackers to crash the application.

Farktor · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-10969Critical9.82026-02-12Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Farktor Software E-Commerce Services Inc.
CVE-2025-13002High8.22026-02-12Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Farktor Software E-Commerce Services Inc.
CVE-2025-13004Medium6.32026-02-12Authorization Bypass Through User-Controlled Key vulnerability in Farktor Software E-Commerce Services Inc.

Free5gc · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-70123High7.52026-02-13An improper input validation and protocol compliance vulnerability in free5GC v4.0.1 allows remote attackers to cause a denial of service.
CVE-2025-70122High7.52026-02-13A heap buffer overflow vulnerability in the UPF component of free5GC v4.0.1 allows remote attackers to cause a denial of service via a crafted PFCP Session Modification Request.
CVE-2025-70121High7.52026-02-13An array index out of bounds vulnerability in the AMF component of free5GC v4.0.1 allows remote attackers to cause a denial of service via a crafted 5GS Mobile Identity in a NAS Registration Request message.

Getoutline · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-64487High7.62026-02-11Outline is a service that allows for collaborative documentation.
CVE-2026-25062Medium5.52026-02-11Outline is a service that allows for collaborative documentation.
CVE-2025-68663Medium5.32026-02-11Outline is a service that allows for collaborative documentation.

Goauthentik · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25227Critical9.12026-02-12authentik is an open-source identity provider.
CVE-2026-25922High8.82026-02-12authentik is an open-source identity provider.
CVE-2026-25748High8.62026-02-12authentik is an open-source identity provider.

Google · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-1669High7.52026-02-11Arbitrary file read in the model loading mechanism (HDF5 integration) in Keras versions 3.0.0 through 3.13.1 on all supported platforms allows a remote attacker to read local files and disclose sensitive information via a crafted .keras mo…
CVE-2026-1837High7.52026-02-11A specially-crafted file can cause libjxl's decoder to write pixel data to uninitialized unallocated memory.
CVE-2025-12474Medium4.42026-02-11A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized (but allocated) memory.

Hgiga · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-2234Critical9.12026-02-09C&Cm@il developed by HGiga has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read and modify any user's mail content.
CVE-2026-2236High7.52026-02-09C&Cm@il developed by HGiga has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.
CVE-2026-2235Medium6.52026-02-09C&Cm@il developed by HGiga has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.

Janet-lang · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-2242Low3.32026-02-09A vulnerability was determined in janet-lang janet up to 1.40.1.
CVE-2026-2241Low3.32026-02-09A vulnerability was found in janet-lang janet up to 1.40.1.
CVE-2026-2240Low3.32026-02-09A vulnerability has been found in janet-lang janet up to 1.40.1.

Jetbrains · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25848Critical9.12026-02-09In JetBrains Hub before 2025.3.119807 authentication bypass allowing administrative actions was possible
CVE-2026-25847High8.22026-02-09In JetBrains PyCharm before 2025.3.2 a DOM-based XSS on Jupyter viewer page was possible
CVE-2026-25846Medium6.52026-02-09In JetBrains YouTrack before 2025.3.119033 access tokens could be exposed in Mailbox logs

Kostasmitroglou · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25347High7.52026-02-12thesystem App 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the username parameter.
CVE-2019-25346High7.52026-02-12TheSystem 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the 'server_name' parameter.
CVE-2019-25311Medium6.42026-02-11thesystem version 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple server data input fields.

Litestar · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25478High7.42026-02-09Litestar is an Asynchronous Server Gateway Interface (ASGI) framework.
CVE-2026-25480Medium6.52026-02-09Litestar is an Asynchronous Server Gateway Interface (ASGI) framework.
CVE-2026-25479Medium6.52026-02-09Litestar is an Asynchronous Server Gateway Interface (ASGI) framework.

Metis Cyberspace Technology Sa · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-2249Critical9.82026-02-11METIS DFS devices (versions <= oscore 2.1.234-r18) expose a web-based shell at the /console endpoint that does not require authentication.
CVE-2026-2248Critical9.82026-02-11METIS WIC devices (versions <= oscore 2.1.234-r18) expose a web-based shell at the /console endpoint that does not require authentication.
CVE-2026-2250High7.52026-02-11The /dbviewer/ web endpoint in METIS WIC devices is exposed without authentication.

Quic-go · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-21438Medium5.32026-02-12webtransport-go is an implementation of the WebTransport protocol.
CVE-2026-21435Medium5.32026-02-12webtransport-go is an implementation of the WebTransport protocol.
CVE-2026-21434Medium5.32026-02-12webtransport-go is an implementation of the WebTransport protocol.

Silabs.com · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-06192026-02-12A reachable infinite loop via an integer wraparound is present in Silicon Labs' Matter SDK which allows an attacker to trigger a denial of service.
CVE-2025-110042026-02-10The Simplicity Device Manager Tool has a Reflected XSS (Cross-site-scripting) vulnerability in several API endpoints.
CVE-2025-74322026-02-09DPA countermeasures in Silicon Labs' Series 2 devices are not reseeded under certain conditions.  This may allow an attacker to eventually extract secret keys through a DPA attack.

Solax Power · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-15573Critical9.42026-02-12The affected devices do not validate the server certificate when connecting to the SolaX Cloud MQTTS server hosted in the Alibaba Cloud (mqtt001.solaxcloud.com, TCP 8883).
CVE-2025-15574Medium6.52026-02-12When connecting to the Solax Cloud MQTT server the username is the "registration number", which is the 10 character string printed on the SolaX Power Pocket device / the QR code on the device.
CVE-2025-15575Medium5.32026-02-12The firmware update functionality does not verify the authenticity of the supplied firmware update files.

Sumatrapdfreader · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25880High7.82026-02-09SumatraPDF is a multi-format reader for Windows.
CVE-2026-25961High7.52026-02-09SumatraPDF is a multi-format reader for Windows.
CVE-2026-25920Medium5.52026-02-09SumatraPDF is a multi-format reader for Windows.

Unattributed · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25905Medium5.82026-02-09The Python code being run by 'runPython' or 'runPythonAsync' is not isolated from the rest of the JS code, allowing any Python code to use the Pyodide APIs to modify the JS environment.
CVE-2026-25904Medium5.82026-02-09The Pydantic-AI MCP Run Python tool configures the Deno sandbox with an overly permissive configuration that allows the underlying Python code to access the localhost interface of the host to perform SSRF attacks.
CVE-2026-17212026-02-13Summary A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the AI Playground's OAuth callback handler.

Universal Software Inc. · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-1618High8.82026-02-13Authentication Bypass Using an Alternate Path or Channel vulnerability in Universal Software Inc.
CVE-2025-14349High8.82026-02-13Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc.
CVE-2026-1619High8.32026-02-13Authorization Bypass Through User-Controlled Key vulnerability in Universal Software Inc.

Wclovers · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-0845High7.22026-02-10The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability chec…
CVE-2026-1722Medium5.32026-02-10The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.7.0.
CVE-2025-15147Medium4.32026-02-10The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.11.8 via the 'WCFMvm_Memberships_Payment_Controller::p…

84codes · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25767High8.12026-02-12LavinMQ is a high-performance message queue & streaming server.
CVE-2026-25768Medium6.52026-02-12LavinMQ is a high-performance message queue & streaming server.

Aardappel · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-2259Low3.32026-02-10A vulnerability has been found in aardappel lobster up to 2025.4.
CVE-2026-2258Low3.32026-02-10A flaw has been found in aardappel lobster up to 2025.4.

Agpt · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-26020High8.82026-02-12AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows.
CVE-2026-26006Medium6.52026-02-10AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows.

Allok Soft · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2020-37184Critical9.82026-02-11Allok Video Converter 4.6.1217 contains a stack overflow vulnerability in the License Name input field that allows attackers to execute arbitrary code.
CVE-2020-37183Critical9.82026-02-11Allok RM RMVB to AVI MPEG DVD Converter 3.6.1217 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers.

Astpp · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2020-37153Critical9.82026-02-11ASTPP 4.0.1 contains multiple vulnerabilities including cross-site scripting and command injection in SIP device configuration and plugin management interfaces.
CVE-2020-37104High7.52026-02-11ASTPP 4.0.1 contains an information disclosure vulnerability that allows unauthenticated attackers to download database backup files by predicting backup filename patterns.

Aveva · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-1507High7.52026-02-10The affected products are vulnerable to an uncaught exception that could allow an unauthenticated attacker to remotely crash core PI services resulting in a denial-of-service.
CVE-2026-1495Medium6.52026-02-10The vulnerability, if exploited, could allow an attacker with Event Log Reader (S-1-5-32-573) privileges to obtain proxy details, including URL and proxy credentials, from the PI to CONNECT event log files.

Avs4you · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25318High8.82026-02-12AVS Audio Converter 9.1.2.600 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by manipulating the output folder text input.
CVE-2019-25331High8.42026-02-12AVS Audio Converter 9.1 contains a local buffer overflow vulnerability that allows local attackers to overwrite CPU registers by manipulating the 'Exit folder' input field.

Ckolivas · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-15570Medium5.32026-02-10A vulnerability was found in ckolivas lrzip up to 0.651.
CVE-2025-15571Low3.32026-02-10A security vulnerability has been detected in ckolivas lrzip up to 0.651.

Cube · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25958High7.72026-02-09Cube is a semantic layer for building data applications.
CVE-2026-25957Medium6.52026-02-09Cube is a semantic layer for building data applications.

Dalibo · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-2361High8.02026-02-11PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code.
CVE-2026-2360High8.02026-02-11PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a custom operator in the public schema and place malicious code in that operator.

Error311 · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25231High7.52026-02-09FileRise is a self-hosted web file manager / WebDAV server.
CVE-2026-25230Medium4.62026-02-09FileRise is a self-hosted web file manager / WebDAV server.

Fastgpt · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-26075Medium5.42026-02-12FastGPT is an AI Agent building platform.
CVE-2026-26003Medium5.42026-02-10FastGPT is an AI Agent building platform.

Filebrowser · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25890High8.12026-02-09File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files.
CVE-2026-25889Medium5.42026-02-09File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files.

Frappe · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25956Medium6.12026-02-10Frappe is a full-stack web application framework.
CVE-2026-26031Medium5.32026-02-11Frappe Learning Management System (LMS) is a learning system that helps users structure their content.

Ge Vernova · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-1763Medium4.62026-02-10Vulnerability in GE Vernova Enervista UR Setup on Windows.This issue affects Enervista: 8.6 and previous versions.
CVE-2026-1762Low2.92026-02-10A vulnerability in GE Vernova Enervista UR Setup on Windows allows File Manipulation.This issue affects Enervista: 8.6 and prior versions.

Grafana · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-41117Medium6.82026-02-12Stack traces in Grafana's Explore Traces view can be rendered as raw HTML, and thus inject malicious JavaScript in the browser.
CVE-2026-21722Medium5.32026-02-12Public dashboards with annotations enabled did not limit their annotation timerange to the locked timerange of the public dashboard.

Heatmiser · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25322High7.52026-02-12Heatmiser Netmonitor 3.03 contains a hardcoded credentials vulnerability in the networkSetup.htm page with predictable admin login credentials.
CVE-2019-25323Medium6.12026-02-12Heatmiser Netmonitor v3.03 contains an HTML injection vulnerability in the outputSetup.htm page that allows attackers to inject malicious HTML code through the outputtitle parameter.

Hp · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-1997Medium5.32026-02-10Certain HP OfficeJet Pro printers may expose information if Cross‑Origin Resource Sharing (CORS) is misconfigured, potentially allowing unauthorized web origins to access device resource.
CVE-2026-1996Medium5.32026-02-10Certain HP OfficeJet Pro printers may be vulnerable to potential denial of service when the IPP requests are mishandled, failing to establish a TCP connection.

Infoblox · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-61880High8.82026-02-12In Infoblox NIOS through 9.0.7, insecure deserialization can result in remote code execution.
CVE-2025-61879High7.72026-02-12In Infoblox NIOS through 9.0.7, a High-Privileged User Can Trigger an Arbitrary File Write via the Account Creation Mechanism.

Intego · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-262252026-02-12Intego Personal Backup, a macOS backup utility that allows users to create scheduled backups and bootable system clones, contains a local privilege escalation vulnerability.
CVE-2026-262242026-02-12Intego Log Reporter, a macOS diagnostic utility bundled with Intego security products that collects system and application logs for support analysis, contains a local privilege escalation vulnerability.

Ivanti · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-1603High8.6KEV2026-02-10An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data.
CVE-2026-1602Medium6.52026-02-10SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.

Kidocode · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-26216Critical10.02026-02-12Crawl4AI versions prior to 0.8.0 contain a remote code execution vulnerability in the Docker API deployment.
CVE-2026-26217High8.62026-02-12Crawl4AI versions prior to 0.8.0 contain a local file inclusion vulnerability in the Docker API deployment.

Langchain · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-26019Medium4.12026-02-11LangChain is a framework for building LLM-powered applications.
CVE-2026-26013Low3.72026-02-10LangChain is a framework for building agents and LLM-powered applications.

Linux · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-23112Critical9.82026-02-13In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec nvmet_tcp_build_pdu_iovec() could walk past cmd->req.sg when a PDU length or offset exceeds sg_cnt and then use…
CVE-2026-23111High7.82026-02-13In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() nft_map_catchall_activate() has an inverted element activity check compared to its non-ca…

Loggro Pymes · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-19602026-02-09Stored Cross-Site Scripting (XSS) vulnerability in Loggro Pymes, via the 'Facebook' parameter in '/loggrodemo/jbrain/ConsultaTerceros' endpoint.
CVE-2026-19592026-02-09Stored Cross-Site Scripting (XSS) vulnerability in Loggro Pymes, via the 'descripción' parameter in the '/loggrodemo/jbrain/MaestraCuentasBancarias' endpoint.

Macwarrior · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25728High7.52026-02-10ClipBucket v5 is an open source video sharing platform.
CVE-2026-26005Medium5.02026-02-12ClipBucket v5 is an open source video sharing platform.

Markusproject · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25057Critical9.12026-02-09MarkUs is a web application for the submission and grading of student assignments.
CVE-2026-24900Medium6.52026-02-09MarkUs is a web application for the submission and grading of student assignments.

Mattermost · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-22892Medium4.32026-02-13Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read pos…
CVE-2026-20796Low3.12026-02-13Mattermost versions 10.11.x <= 10.11.9 fail to properly validate channel membership at the time of data retrieval which allows a deactivated user to learn team names they should not have access to via a race condition in the /common_teams…

Mealie · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-70297Medium6.12026-02-11A stored cross-site scripting (XSS) vulnerability in the recipe asset upload and media serving component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary web script or HTML via an uploaded SVG file that is served as im…
CVE-2025-70296Medium5.42026-02-11A stored HTML injection vulnerability in the Recipe Notes rendering component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary HTML, resulting in user interface redressing within the recipe view.

Minigal · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25869High7.52026-02-11MiniGal Nano versions 0.3.5 and prior contain a path traversal vulnerability in index.php via the dir parameter.
CVE-2026-25868Medium6.12026-02-11MiniGal Nano version 0.3.5 and prior contain a reflected cross-site scripting (XSS) vulnerability in index.php via the dir parameter.

Newbee-ltd · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-26218Critical9.82026-02-12newbee-mall includes pre-seeded administrator accounts in its database initialization script.
CVE-2026-26219Critical9.12026-02-12newbee-mall stores and verifies user passwords using an unsalted MD5 hashing algorithm.

Palo Alto Networks · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-02292026-02-11A denial-of-service (DoS) vulnerability in the Advanced DNS Security (ADNS) feature of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to initiate system reboots using a maliciously crafted packet.
CVE-2026-02282026-02-11An improper certificate validation vulnerability in PAN-OS allows users to connect Terminal Server Agents on Windows to PAN-OS using expired certificates even if the PAN-OS configuration would not normally permit them to do so.

Php · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-24895Critical9.82026-02-12FrankenPHP is a modern application server for PHP.
CVE-2026-24894High7.52026-02-12FrankenPHP is a modern application server for PHP.

Pixelyoursite · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-1844High7.22026-02-13The PixelYourSite PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pysTrafficSource' parameter and the 'pys_landing_page' parameter in all versions up to, and including, 12.4.0.2 due to insufficient input sani…
CVE-2026-1841High7.22026-02-13The PixelYourSite – Your smart PIXEL (TAG) & API Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pysTrafficSource' parameter and the 'pys_landing_page' parameter in all versions up to, and including, 11.2…

Plunet · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-23442026-02-11A vulnerability in Plunet Plunet BusinessManager allows unauthorized actions being performed on behalf of privileged users.This issue affects Plunet BusinessManager: 10.15.1
CVE-2026-23372026-02-11A vulnerability in Plunet Plunet BusinessManager allows session hijacking, data theft, unauthorized actions on behalf of the user.This issue affects Plunet BusinessManager: 10.15.1.

Rachelos · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-2216Medium4.32026-02-09A flaw has been found in rachelos WeRSS we-mp-rss up to 1.4.8.
CVE-2026-2215Low3.72026-02-09A vulnerability was detected in rachelos WeRSS we-mp-rss up to 1.4.8.

Roundcube · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-26079Medium4.72026-02-11Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets (CSS) injection, e.g., because comments are mishandled.
CVE-2026-25916Medium4.32026-02-09Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when "Block remote images" is used, does not block SVG feImage.

Saastech Cleaning And Internet Services Inc. · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-10913High8.32026-02-11Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saastech Cleaning and Internet Services Inc.
CVE-2025-10912Medium5.42026-02-11Authorization Bypass Through User-Controlled Key vulnerability in Saastech Cleaning and Internet Services Inc.

Schneider Electric · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-12272026-02-11CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause unauthorized disclosure of local files, interaction within the EBO system, or denial of service conditions when a local user uploads a spe…
CVE-2026-12262026-02-11CWE‑94: Improper Control of Generation of Code vulnerability exists that could cause execution of untrusted or unintended code within the application when maliciously crafted design content is processed through a TGML graphics file.

Statamic · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25759High8.72026-02-11Statmatic is a Laravel and Git powered content management system (CMS).
CVE-2026-25633Medium4.32026-02-11Statamic is a, Laravel + Git powered CMS designed for building websites.

Tandoor · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25991High7.72026-02-13Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists.
CVE-2026-25964Medium4.92026-02-13Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists.

Techjewel · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-0996Medium6.42026-02-10The Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AI Form Builder module in all versions up to, and including, 6.1.14 due to a combination of missing authorization checks, a leaked nonce, and insuff…
CVE-2026-0632Medium5.42026-02-09The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.1.12 via the 'saveDataSource' function.

Tenda · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-2203High8.82026-02-09A flaw has been found in Tenda AC8 16.03.33.05.
CVE-2026-2202High8.82026-02-09A vulnerability was detected in Tenda AC8 16.03.33.05.

Torrentrockyou · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2020-37181Critical9.82026-02-11Torrent FLV Converter 1.51 Build 117 contains a stack overflow vulnerability that allows attackers to overwrite Structured Exception Handler (SEH) through a malicious registration code input.
CVE-2020-37176Critical9.82026-02-11Torrent 3GP Converter 1.51 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers.

Yokecd · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-26056High8.82026-02-12Yoke is a Helm-inspired infrastructure-as-code (IaC) package deployer.
CVE-2026-26055High7.52026-02-12Yoke is a Helm-inspired infrastructure-as-code (IaC) package deployer.

Yokogawa Electric Corporation · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2025-666002026-02-09A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
CVE-2025-665992026-02-09A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.

Zlan Information Technology Co. · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25084Critical9.82026-02-11Authentication for ZLAN5143D can be bypassed by directly accessing internal URLs.
CVE-2026-24789Critical9.82026-02-11An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication.

Actfax · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25310High7.82026-02-11ActiveFax Server 6.92 Build 0316 contains an unquoted service path vulnerability in the ActiveFaxServiceNT service that allows local attackers to potentially execute arbitrary code.

Admerc · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-2217High7.32026-02-09A vulnerability was found in itsourcecode Event Management System 1.0.

Adminer · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25892High7.52026-02-09Adminer is open-source database management software.

Ahdinosaur · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-26021Critical9.82026-02-11set-in provides the set value of nested associative structure given array of keys.

Airleader Gmbh · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-1358Critical9.82026-02-12Airleader Master versions 6.381 and prior allow for file uploads without restriction to multiple webpages running maximum privileges.

Aiven · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25999High7.12026-02-11Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal.

Ajv.js · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-69873Low2.92026-02-11ajv (Another JSON Schema Validator) before 8.18.0 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled.

Akutishevsky · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-26029High7.52026-02-11sf-mcp-server is an implementation of Salesforce MCP server for Claude for Desktop.

Alex4ssb · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-26208High7.82026-02-13ADB Explorer is a fluent UI for ADB on Windows.

Amitkolloldey · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25320Medium6.52026-02-12E Learning Script 1.0 contains an authentication bypass vulnerability that allows attackers to access the dashboard without valid credentials by manipulating login parameters.

Anttiviljami · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25315Medium6.42026-02-11WordPress Server Log Viewer 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through unfiltered log file paths.

Anysphere · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-26268High8.02026-02-13Cursor is a code editor built for programming with AI.

Aprilrobotics · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-2246Low3.32026-02-09A security vulnerability has been detected in AprilRobotics apriltag up to 3.4.5.

Arduino · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25933Medium6.82026-02-12Arduino App Lab is a cross-platform IDE for developing Arduino Apps.

Artifex · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-15569High7.02026-02-10A flaw has been found in Artifex MuPDF up to 1.26.1 on Windows.

Atlas Educational Software Industry Ltd. Co. · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-7708Medium6.82026-02-09Insertion of Sensitive Information Into Sent Data vulnerability in Atlas Educational Software Industry Ltd.

Aumsrini · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-1885Medium6.42026-02-11The Slideshow Wp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sswpid' attribute of the 'sswp-slide' shortcode in all versions up to, and including, 1.1.

Axios · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25639High7.52026-02-09Axios is a promise based HTTP client for the browser and Node.js.

Ays-pro · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-1320High7.22026-02-12The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'X-Forwarded-For' HTTP header in all versions up to, and including, 4.9.8 due to insufficient input sanitizati…

B3log · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25992High7.52026-02-10SiYuan is a personal knowledge management system.

Badbreze · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-1786Medium6.52026-02-11The Twitter posts to Blog plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'dg_tw_options' function in all versions up to, and including, 1.11.25.

Beaverbuilder · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-1231Medium6.42026-02-11The Beaver Builder Page Builder – Drag and Drop Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `js` Global Settings parameter in all versions up to, and including, 2.10.0.5 due to missing capabili…

Bimesoft · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25330High7.52026-02-12SurfOffline Professional 2.2.0.103 contains a structured exception handler (SEH) overflow vulnerability that allows attackers to crash the application by manipulating the project name input.

Bishopfox · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25791High7.52026-02-09Sliver is a command and control framework that uses a custom Wireguard netstack.

Blackmoon · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25306High7.82026-02-11BlackMoon FTP Server 3.1.2.1731 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges.

Brianhogg · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-1922Medium6.42026-02-10The The Events Calendar Shortcode & Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `ecs-list-events` shortcode `message` attribute in all versions up to, and including, 3.1.2 due to insufficient in…

Brightsign · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-54756High8.42026-02-12BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series 5 prior to v9.0.166 use a default password that is guessable with knowledge of the device information.

Bullwark · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25333High7.52026-02-12Bullwark Momentum Series JAWS 1.0 contains a directory traversal vulnerability that allows unauthenticated attackers to access system files by manipulating HTTP request paths.

Caido · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-24853High8.12026-02-13Caido is a web security auditing toolkit.

Casl Ability · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-1774Critical9.82026-02-10CASL Ability, versions 2.4.0 through 6.7.4, contains a prototype pollution vulnerability.

Centova Technologies Inc. · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25342High7.52026-02-12Centova Cast 3.2.12 contains a denial of service vulnerability that allows attackers to overwhelm the system by repeatedly calling the database export API endpoint.

Checkmk Gmbh · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-240952026-02-09Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p21, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allows users with the "Use WATO" permission to access the "Analyze configuration" page by directly navigating to its URL, byp…

Chevere Spa · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2020-37186Critical9.82026-02-11Chevereto 3.13.4 Core contains a remote code execution vulnerability that allows attackers to inject malicious code during database configuration installation.

Clamav · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2020-37167High8.42026-02-12ClamAV versions prior to 0.103.0-rc contain a vulnerability in function name processing through the ClamBC bytecode interpreter that allows attackers to manipulate bytecode function names.

Clive_21 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-2225High7.32026-02-09A flaw has been found in itsourcecode News Portal Project 1.0.

Cryptography.io · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-26007Medium6.52026-02-10cryptography is a package designed to expose cryptographic primitives and recipes to Python developers.

Dani-garcia · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-26012Medium6.52026-02-11vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs.

Dbook · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-40905High7.32026-02-13WWW::OAuth 1.000 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.

Debian · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25506High7.72026-02-10MUNGE is an authentication service for creating and validating user credentials.

Dify · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-26023Medium6.12026-02-11Dify is an open-source LLM app development platform.

Digiblogger · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-1853Medium6.42026-02-11The BuddyHolis ListSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'listsearch' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on use…

Dinibh Puzzle Software Solutions · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-7347High8.82026-02-10Authorization Bypass Through User-Controlled Key vulnerability in Dinibh Puzzle Software Solutions Dinibh Patrol Tracking System allows Exploitation of Trusted Identifiers.

Dinosoft Business Solutions · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8025Critical9.82026-02-11Missing Authentication for Critical Function, Improper Access Control vulnerability in Dinosoft Business Solutions Dinosoft ERP allows Accessing Functionality Not Properly Constrained by ACLs.

Directus · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-26185Medium5.32026-02-12Directus is a real-time API and App dashboard for managing SQL database content.

Diveshlunker · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2020-37156Medium6.52026-02-11BloodX 1.0 contains an authentication bypass vulnerability in login.php that allows attackers to access the dashboard without valid credentials.

Docmost · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-24045High7.32026-02-10Docmost is open-source collaborative wiki and documentation software.

Dokuwiki · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25338Medium5.32026-02-12DokuWiki 2018-04-22b contains a username enumeration vulnerability in its password reset functionality that allows attackers to identify valid user accounts.

Doramart · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25870Medium5.82026-02-10DoraCMS version 3.1 and prior contains a server-side request forgery (SSRF) vulnerability in its UEditor remote image fetch functionality.

Douco · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-2226Medium4.72026-02-09A vulnerability has been found in DouPHP up to 1.9.

E-kalite Software Hardware Engineering Design And Internet Services Industry And Trade Ltd. Co. · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-8668Critical9.42026-02-11Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in E-Kalite Software Hardware Engineering Design and Internet Services Industry and Trade Ltd.

Eaton · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-22613Medium5.72026-02-09The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacker to perform a Man-in-the-middle attack.

Element-hq · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-240442026-02-12Element Server Suite Community Edition (ESS Community) deploys a Matrix stack using the provided Helm charts and Kubernetes distribution.

Emmett-framework · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25577High7.52026-02-10Emmett is a framework designed to simplify your development process.

Ergosis Security Systems Computer Industry And Trade Inc. · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-7636High8.82026-02-10Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ergosis Security Systems Computer Industry and Trade Inc.

Evershop · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25993Critical9.82026-02-10EverShop is a TypeScript-first eCommerce platform.

Faraday_project · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25765Medium5.82026-02-09Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters.

Fedify · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25808High7.52026-02-09Hollo is a federated single-user microblogging software designed to be federated through ActivityPub.

Fit2cloud · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-70981Critical9.82026-02-12CordysCRM 1.4.1 is vulnerable to SQL Injection in the employee list query interface (/user/list) via the departmentIds parameter.

Flexera Software · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25313Medium4.02026-02-11FlexNet Publisher 11.12.1 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without authentication.

Fooplugins · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-15524Medium4.32026-02-11The Gallery by FooGallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax_get_gallery_info() function in all versions up to, and including, 3.1.9.

Freepbx · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-55210High7.52026-02-12FreePBX is an open-source web-based graphical user interface (GUI) that manages Asterisk.

Friendsofshopware · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25878Medium5.32026-02-09FroshAdminer is the Adminer plugin for Shopware Platform.

Genetec Inc. · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-17902026-02-13Local privilege escalation in Genetec Sipelia Plugin.

Ghia-camip · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25339High7.52026-02-12GHIA CamIP 1.2 for iOS contains a denial of service vulnerability in the password input field that allows attackers to crash the application.

Gigabyte · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-0870High7.82026-02-09MacroHub developed by GIGABYTE has a Local Privilege Escalation vulnerability.

Glpi-project · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-22821Medium4.92026-02-12mreporting is the more reporting GLPI plugin.

Gnome · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-2443Medium5.32026-02-13A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems.

Go-git · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25934Medium4.32026-02-09go-git is a highly extensible git implementation library written in pure Go.

Go-vikunja · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25935Medium5.42026-02-11Vikunja is a todo-app to organize your life.

Goautodial · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25316Medium6.42026-02-11GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the event title parameter.

Gofiber · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-66630Critical9.42026-02-09Fiber is an Express inspired web framework written in Go.

Halo · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-70886High7.52026-02-12An issue in halo v.2.22.4 and before allows a remote attacker to cause a denial of service via a crafted payload to the public comment submission endpoint

Hashicorp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-0969High8.82026-02-12The serialize function used to compile MDX in next-mdx-remote is vulnerable to arbitrary code execution due to insufficient sanitization of MDX content.

Heyewei · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-2200Low2.42026-02-09A weakness has been identified in heyewei JFinalCMS 5.0.0.

Hitrontech · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-63354Medium4.82026-02-09Hitron HI3120 v7.2.4.5.2b1 allows stored XSS via the Parental Control option when creating a new filter.

Hp Inc · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-15782026-02-13HP App for Android is potentially vulnerable to cross-site scripting (XSS) when using an outdated version of the application via mobile devices.

Https://github.com/mkj/dropbear/ · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-14282Medium5.42026-02-12A flaw was found in Dropbear.

Hyland · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-26221Critical9.82026-02-13Hyland OnBase contains an unauthenticated .NET Remoting exposure in the OnBase Workflow Timer Service (Hyland.Core.Workflow.NTService.exe).

Idno · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-26273Critical9.82026-02-13Known is a social publishing platform.

Inettools · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25341High7.52026-02-12iNetTools for iOS 8.20 contains a denial of service vulnerability in the Whois feature that allows attackers to crash the application by manipulating input.

Inoideas · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25312Medium5.42026-02-11InoERP 0.7.2 contains a persistent cross-site scripting vulnerability in the comment section that allows unauthenticated attackers to inject malicious scripts.

Inspektor-gadget · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25996Critical9.82026-02-12Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF.

Iobit · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-66676Medium6.22026-02-13An issue in IObit Unlocker v1.3.0.11 allows attackers to cause a Denial of Service (DoS) via a crafted request.

Ione360 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-15440High7.22026-02-11The iONE360 configurator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Contact Form Parameters in all versions up to, and including, 2.0.57 due to insufficient input sanitization and output escaping.

Ivole · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-1316High7.22026-02-12The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'media[].href' parameter in all versions up to, and including, 5.97.0 due to insufficient input sanitization and output escaping.

Jeroenpeters1986 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-1866High7.22026-02-10The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via double HTML-entity encoding in all versions up to, and including, 1.32.0.

Jhoylman · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-1809Medium6.42026-02-11The HTML Tag Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied att…

Jm33-m0 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-26068Critical9.92026-02-12emp3r0r is a stealth-focused C2 designed by Linux users for Linux environments.

Ka Ming Cheung · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2020-37175High7.52026-02-11P2PWIFICAM2 for iOS 10.4.1 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the Camera ID input field.

Kamleshyadav · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-15096High8.82026-02-11The 'Videospirecore Theme Plugin' plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.6.

Karutoil · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-26009Critical9.92026-02-10Catalyst is a platform built for enterprise game server hosts, game communities, and billing panel integrations.

Keepass · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2020-37178High7.52026-02-11KeePass Password Safe versions before 2.44 contain a denial of service vulnerability in the help system's HTML handling.

Kevinpapst · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25317Medium6.42026-02-11Kimai 2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into timesheet descriptions.

Kirilkirkov · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-1748Medium4.32026-02-11The Invoct – PDF Invoices & Billing for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions in all versions up to, and including, 1.6.

Kstover · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-2268High7.52026-02-10The Ninja Forms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.14.0.

Lakefs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-26187High8.12026-02-13lakeFS is an open-source tool that transforms object storage into a Git-like repositories.

Langchain-ai · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25528Medium5.82026-02-09LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform.

Latepoint · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-1537Medium5.32026-02-12The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the load_step() function in all versions up to, and including, 5.2.6…

Lavalite · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-70866High8.82026-02-13LavaLite CMS 10.1.0 is vulnerable to Incorrect Access Control.

Libpng · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25646High8.12026-02-10LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files.

Litemanager Team · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25308High7.82026-02-11Mikogo 5.2.2.150317 contains an unquoted service path vulnerability in the Mikogo-Service Windows service configuration.

Logo Software Industry And Trade Inc. · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-12059Critical9.82026-02-11Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Logo Software Industry and Trade Inc.

Lordspace · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-1893Medium6.42026-02-11The Orbisius Random Name Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'btn_label' parameter in the 'orbisius_random_name_generator' shortcode in all versions up to, and including, 1.0.2 due to insuffi…

Luke-alford · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-1827Medium6.42026-02-11The Flask Micro code-editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's codeflask shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on us…

Lukilabs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-262262026-02-13beautiful-mermaid versions prior to 0.1.3 contain an SVG attribute injection issue that can lead to cross-site scripting (XSS) when rendering attacker-controlled Mermaid diagrams.

M-audio · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25676High7.82026-02-12The installer of M-Track Duo HD version 1.0.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries.

Markdown-it_project · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-2327Medium5.32026-02-12Versions of the package markdown-it from 13.0.0 and before 14.1.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the use of the regex /\*+$/ in the linkify function.

Master-buldog · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-1804Medium6.42026-02-11The WDES Responsive Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wdes-popup-title' shortcode in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escapin…

Mateuszgbiorczyk · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-1356Medium4.82026-02-12The Converter for Media – Optimize images | Convert WebP & AVIF plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.5.1 via the PassthruLoader::load_image_source function.

Mersenne Research, Inc · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25327Critical9.82026-02-12Prime95 version 29.8 build 6 contains a buffer overflow vulnerability in the user ID input field that allows remote attackers to execute arbitrary code.

Messagemetric · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-1215Medium4.32026-02-11The MMA Call Tracking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.15.

Microtango · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-1821Medium6.42026-02-11The Microtango plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'restkey' parameter of the mt_reservation shortcode in all versions up to, and including, 0.9.29 due to insufficient input sanitization and output esc…

Milvus · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-26190Critical9.82026-02-13Milvus is an open-source vector database built for generative AI applications.

Modery · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25925High7.82026-02-09PowerDocu contains a Windows GUI executable to perform technical documentations.

Moomoo · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-13391Medium5.82026-02-11The Product Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium) plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'uni_cpo_remove_file' function in all versions…

Murata Machinery, Ltd. · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-24466Medium6.72026-02-09Products provided by Oki Electric Industry Co., Ltd.

My-little-forum · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25923Critical9.12026-02-09my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view.

Ninjateam · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-1104High8.82026-02-12The FastDup – Fastest WordPress Migration & Duplicator plugin for WordPress is vulnerable to unauthorized backup creation and download due to a missing capability check on REST API endpoints in all versions up to, and including, 2.7.1.

Nixos · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-257402026-02-09captive browser, a dedicated Chrome instance to log into captive portals without messing with DNS settings.

Nko · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-1560High8.82026-02-11The Custom Block Builder – Lazy Blocks plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.0 via multiple functions in the 'LazyBlocks_Blocks' class.

Ntn Information Processing Services Computer Software Hardware Industry And Trade Ltd. Co. · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-14014Critical9.82026-02-12Unrestricted Upload of File with Dangerous Type vulnerability in NTN Information Processing Services Computer Software Hardware Industry and Trade Ltd.

Nyariv · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25881Critical9.02026-02-09SandboxJS is a JavaScript sandboxing library.

Open-metadata · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-26010High7.62026-02-11OpenMetadata is a unified metadata platform.

Opennav · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-26011Critical9.82026-02-12navigation2 is a ROS 2 Navigation Framework and System.

Openpos · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-1826Medium6.42026-02-11The OpenPOS Lite – Point of Sale for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' parameter of the order_qrcode shortcode in all versions up to, and including, 3.0 due to insufficient input…

Openproject · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-24777Medium6.72026-02-09OpenProject is an open-source, web-based project management software.

Owncloud · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25337Critical9.82026-02-12OwnCloud 8.1.8 contains a username enumeration vulnerability that allows remote attackers to discover user accounts by manipulating the share.php endpoint.

Pan Software & Information Technologies Ltd. · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-10174High8.32026-02-11Cleartext Transmission of Sensitive Information vulnerability in Pan Software & Information Technologies Ltd.

Pankajanupam · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-0815Medium4.42026-02-11The Category Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag-image' parameter in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping.

Pendulum-project · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-26076High7.52026-02-12ntpd-rs is a full-featured implementation of the Network Time Protocol.

Phraseanet · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2018-25157Medium6.42026-02-11Phraseanet 4.0.3 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through crafted file names during document uploads.

Pion · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-26014Medium5.92026-02-11Pion DTLS is a Go implementation of Datagram Transport Layer Security.

Pjsip · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25994Critical9.82026-02-11PJSIP is a free and open source multimedia communication library written in C.

Polarlearn · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25885High7.52026-02-09PolarLearn is a free and open-source learning program.

Proctorio · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-2345Low3.62026-02-11Proctorio Chrome Extension is a browser extension used for online proctoring.

Python · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25990High7.52026-02-11Pillow is a Python imaging library.

Qs_project · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-2391Low3.72026-02-12### Summary The `arrayLimit` option in qs does not enforce limits for comma-separated values when `comma: true` is enabled, allowing attackers to cause denial-of-service via memory exhaustion.

Rageagainstthepixel · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25918Medium5.52026-02-09unity-cli is a command line utility for the Unity Game Engine.

Realtek · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25345High7.82026-02-12Realtek IIS Codec Service 6.4.10041.133 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code.

Ricoh · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25324Medium6.12026-02-12RICOH Web Image Monitor 1.09 contains an HTML injection vulnerability in the address configuration CGI script that allows attackers to inject malicious HTML code.

Roxnor · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-14895Medium5.42026-02-10The PopupKit plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.2.0.

Sarman Soft Software And Technology Services Industry And Trade Ltd. Co. · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-6967High8.72026-02-10Execution After Redirect (EAR) vulnerability in Sarman Soft Software and Technology Services Industry and Trade Ltd.

Scriptsbundle · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-1729Critical9.82026-02-12The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.0.12.

Sm_rasmy · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-1833Medium5.32026-02-11The WaMate Confirm – Order Confirmation plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.0.1.

Softalk · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25307High7.82026-02-11WorkgroupMail 7.5.1 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code.

Soliton · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25108High8.8KEV2026-02-13FileZen contains an OS command injection vulnerability.

Solspace · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-26188Medium5.42026-02-12Solspace Freeform plugin for Craft CMS 5.x is a super flexible form-building tool.

Starfishwp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-15157High8.82026-02-13The Starfish Review Generation & Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'srm_restore_options_defaults'…

Step-security · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25598Medium5.32026-02-09Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners.

Streetsidesoftware · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25931High7.82026-02-09vscode-spell-checker is a basic spell checker that works well with code and documents.

Super-linter · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25761High8.82026-02-09Super-linter is a combination of multiple linters to run as a GitHub Action or standalone.

Switcorp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-1671Medium6.52026-02-12The Activity Log for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the winter_activity_log_action() function in all versions up to, and including, 1.2.8.

Taklaxbr · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25807High8.82026-02-09ZAI Shell is an autonomous SysOps agent designed to navigate, repair, and secure complex environments.

Teknolist Computer Systems Software Publishing Industry And Trade Inc. · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-11242Critical9.82026-02-10Server-Side Request Forgery (SSRF) vulnerability in Teknolist Computer Systems Software Publishing Industry and Trade Inc.

Thales · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-08722026-02-13Improper Certificate Validation vulnerability in Thales SafeNet Agent for Windows Logon on Windows allows Signature Spoofing by Improper Validation.This issue affects SafeNet Agent for Windows Logon: 4.0.0, 4.1.1, 4.1.2.

The Control Group · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2020-37214High7.52026-02-11Voyager 1.3.0 contains a directory traversal vulnerability that allows attackers to access sensitive system files by manipulating the asset path parameter.

Thecfu · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-26069High7.52026-02-12Scraparr is a Prometheus Exporter for various components of the *arr Suite.

Thrive · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25325High8.22026-02-12Thrive Smart Home 1.1 contains an SQL injection vulnerability in the checklogin.php endpoint that allows unauthenticated attackers to bypass authentication by manipulating the 'user' POST parameter.

Tomdever · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-0910High8.82026-02-11The wpForo Forum plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.4.13 via deserialization of untrusted input in the 'wpforo_display_array_data' function.

Traefik · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25949High7.52026-02-12Traefik is an HTTP reverse proxy and load balancer.

Troglobit · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2020-37182High7.52026-02-11Redir 3.3 contains a stack overflow vulnerability in the doproxyconnect() function that allows attackers to crash the application by sending oversized input.

Vadi Corporate Information Systems Ltd. Co. · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-9986High8.22026-02-11Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vadi Corporate Information Systems Ltd.

Valmet · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-15577High7.52026-02-12An unauthenticated attacker can exploit this vulnerability by manipulating URL to achieve arbitrary file read access.This issue affects Valmet DNA Web Tools: C2022 and older.

Veronalabs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-13431Medium6.52026-02-11The SlimStat Analytics plugin for WordPress is vulnerable to time-based SQL Injection via the ‘args’ parameter in all versions up to, and including, 5.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient p…

Villatheme · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-14541High7.22026-02-11The Lucky Wheel Giveaway plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.22 via the conditional_tags parameter.

Vim · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-26269Medium5.42026-02-13Vim is an open source, command line text editor.

Vm3max · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25343High7.82026-02-12NextVPN 4.10 contains an insecure file permissions vulnerability that allows local users to modify executable files with full access rights.

Websitem · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25335High7.52026-02-12PRO-7070 Hazır Profesyonel Web Sitesi version 1.0 contains an authentication bypass vulnerability in the administration panel login page.

Wecodify · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-0724Medium4.42026-02-11The WPlyr Media Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_wplyr_accent_color' parameter in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user…

Weird Solutions · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2020-37177High7.52026-02-11BOOTP Turbo 2.0 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Structured Exception Handler (SEH).

Wix · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-22762026-02-12Reflected Cross-Site Scripting (XSS) vulnerability in the Wix web application, where the endpoint ' https://manage.wix.com/account/account-settings ', responsible for uploading SVG images, does not properly sanitize the content.

Wondershare · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25344High7.82026-02-12Wondershare MobileGo 8.5.0 contains an insecure file permissions vulnerability that allows local users to modify executable files in the application directory.

Worklenz · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25947High8.82026-02-10Worklenz is a project management tool.

Wpvividplugins · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-1357Critical9.82026-02-11The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Upload in versions up to and including 0.9.123.

Wpzoom · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-2295Medium5.32026-02-11The WPZOOM Addons for Elementor – Starter Templates & Widgets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ajax_post_grid_load_more' function in all versions up to, and includi…

Xiaomi Technology Co., Ltd. · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-26214High7.42026-02-12Galaxy FDS Android SDK (XiaoMi/galaxy-fds-sdk-android) version 3.0.8 and prior disable TLS hostname verification when HTTPS is enabled (the default configuration).

Xnsoft · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25328High7.52026-02-12XnConvert 1.82 contains a denial of service vulnerability in its registration code input field that allows attackers to crash the application.

Xpoda Türkiye Information Technology Inc. · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-6830Critical9.82026-02-09Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xpoda Türkiye Information Technology Inc.

Xwiki · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-26000Medium6.12026-02-12XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.

Yoast · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25314Medium5.52026-02-11Yoast Duplicate-Post WordPress Plugin 3.2.3 contains a persistent cross-site scripting vulnerability in plugin settings parameters.

Zed · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-25805Medium6.42026-02-10Zed is a multiplayer code editor.

Zerowdd · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-2201Low2.42026-02-09A security vulnerability has been detected in ZeroWdd studentmanager up to 2151560fc0a50ec00426785ec1e01a3763b380d9.

Zilab Software Inc · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2019-25309High7.82026-02-11Zilab Remote Console Server 3.2.9 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges.

Zirve Information Technologies Inc. · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-7799High8.62026-02-09Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Zirve Information Technologies Inc.

Zoll · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2025-12699Medium5.52026-02-10The ZOLL ePCR IOS application reflects unsanitized user input into a WebView.

Zyddnys · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2026-262152026-02-11manga-image-translator version beta-0.3 and prior in shared API mode contains an unsafe deserialization vulnerability that can lead to unauthenticated remote code execution.