Latest CVE Feed
-
6.8
MEDIUMCVE-2025-41117
Stack traces in Grafana's Explore Traces view can be rendered as raw HTML, and thus inject malicious JavaScript in the browser. This would require malicious JavaScript to be entered into the stack trace field. Only datasources with the Jaeger HTTP API ap... Read more
Affected Products :- Published: Feb. 12, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Cross-Site Scripting
-
6.8
MEDIUMCVE-2025-7708
Insertion of Sensitive Information Into Sent Data vulnerability in Atlas Educational Software Industry Ltd. Co. K12net allows Communication Channel Manipulation.This issue affects k12net: through 09022026. NOTE: The vendor was contacted early about this d... Read more
Affected Products :- Published: Feb. 09, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Information Disclosure
-
6.8
MEDIUMCVE-2026-22881
Cross-site scripting vulnerability exists in Message function of Cybozu Garoon 5.15.0 to 6.0.3, which may allow an attacker to reset arbitrary users’ passwords.... Read more
Affected Products : garoon- Published: Feb. 02, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Cross-Site Scripting
-
6.8
MEDIUMCVE-2026-1232
A medium-severity vulnerability has been identified in BeyondTrust Privilege Management for Windows versions <=25.7. Under certain conditions, a local authenticated user with elevated privileges may be able to bypass the product’s anti-tamper protections,... Read more
Affected Products : privilege_management_for_windows- Published: Feb. 02, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Misconfiguration
-
6.8
MEDIUMCVE-2026-22228
An authenticated user with high privileges may trigger a denial‑of‑service condition in TP-Link Archer BE230 v1.2 by restoring a crafted configuration file containing an excessively long parameter. Restoring such a file can cause the device to become unre... Read more
- Published: Feb. 03, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Denial of Service
-
6.8
MEDIUMCVE-2025-31990
Rate limiting for certain API calls is not being enforced, making HCL Velocity vulnerable to Denial of Service (DoS) attacks. An attacker could flood the system with a large number of requests, overwhelming its resources and causing it to become unrespon... Read more
Affected Products :- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Denial of Service
-
6.8
MEDIUMCVE-2026-22220
A lack of proper input validation in the HTTP processing path in TP-Link Archer BE230 v1.2 (web modules) may allow a crafted request to cause the device’s web service to become unresponsive, resulting in a denial of service condition. A network adjacent a... Read more
- Published: Feb. 03, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Denial of Service
-
6.8
MEDIUMCVE-2026-23794
Reflected XSS in Apache Syncope's Enduser Login page. An attacker that tricks a legitimate user into clicking a malicious link and logging in to Syncope Enduser could steal that user's credentials. This issue affects Apache Syncope: from 3.0 through 3.0.... Read more
Affected Products : syncope- Published: Feb. 03, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Cross-Site Scripting
-
6.8
MEDIUMCVE-2025-30508
Improper authorization in the Intel(R) Quick Assist Technology for some Intel(R) Platforms within Ring 0: Kernel may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable den... Read more
Affected Products :- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authorization
-
6.8
MEDIUMCVE-2026-23626
Kimai is a web-based multi-user time-tracking application. Prior to version 2.46.0, Kimai's export functionality uses a Twig sandbox with an overly permissive security policy (`DefaultPolicy`) that allows arbitrary method calls on objects available in the... Read more
Affected Products : kimai- Published: Jan. 18, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Information Disclosure
-
6.8
MEDIUMCVE-2026-25933
Arduino App Lab is a cross-platform IDE for developing Arduino Apps. Prior to 0.4.0, a vulnerability was identified in the Terminal component of the arduino-app-lab application. The issue stems from insufficient sanitization and validation of input data r... Read more
Affected Products :- Published: Feb. 12, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Injection
-
6.8
MEDIUMCVE-2026-23946
Tendenci is an open source content management system built for non-profits, associations and cause-based sites. Versions 15.3.11 and below include a critical deserialization vulnerability in the Helpdesk module (which is not enabled by default). This vuln... Read more
Affected Products : tendenci- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Information Disclosure
-
6.8
MEDIUMCVE-2026-23893
openCryptoki is a PKCS#11 library and provides tooling for Linux and AIX. Versions 2.3.2 and above are vulnerable to symlink-following when running in privileged contexts. A token-group user can redirect file operations to arbitrary filesystem targets by ... Read more
Affected Products : opencryptoki- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Path Traversal
-
6.8
MEDIUMCVE-2025-27379
A stored cross-site scripting (XSS) vulnerability in the BOM Viewer in Altium AES 7.0.3 allows an authenticated attacker to inject arbitrary JavaScript into the Description field of a schematic, which is executed when the BOM Viewer renders the affected c... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting
-
6.8
MEDIUMCVE-2025-71176
pytest through 9.0.2 on UNIX relies on directories with the /tmp/pytest-of-{user} name pattern, which allows local users to cause a denial of service or possibly gain privileges.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Misconfiguration
-
6.8
MEDIUMCVE-2025-59095
The program libraries (DLL) and binaries used by exos 9300 contain multiple hard-coded secrets. One notable example is the function "EncryptAndDecrypt" in the library Kaba.EXOS.common.dll. This algorithm uses a simple XOR encryption technique combined wit... Read more
Affected Products :- Published: Jan. 26, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cryptography
-
6.8
MEDIUMCVE-2026-1741
A vulnerability was determined in EFM ipTIME A8004T 14.18.2. Affected is the function httpcon_check_session_url of the file /sess-bin/d.cgi of the component Debug Interface. This manipulation of the argument cmd causes backdoor. It is possible to initiate... Read more
Affected Products :- Published: Feb. 02, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Injection
-
6.8
MEDIUMCVE-2026-23968
Copier is a library and CLI app for rendering project templates. Prior to version 9.11.2, Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require... Read more
Affected Products : copier- Published: Jan. 21, 2026
- Modified: Feb. 02, 2026
- Vuln Type: Path Traversal
-
6.8
MEDIUMCVE-2026-23764
VB-Audio Voicemeeter, Voicemeeter Banana, and Voicemeeter Potato (versions ending in 1.1.1.9, 2.1.1.9, and 3.1.1.9 and earlier, respectively), as well as VB-Audio Matrix and Matrix Coconut (versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively)... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Memory Corruption
-
6.8
MEDIUMCVE-2026-24414
The Icinga PowerShell Framework provides configuration and check possibilities to ensure integration and monitoring of Windows environments. In versions prior to 1.13.4, 1.12.4, and 1.11.2, permissions of the Icinga for Windows `certificate` directory gra... Read more
Affected Products :- Published: Jan. 29, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Information Disclosure