Latest CVE Feed
-
6.9
MEDIUMCVE-2026-24809
An issue from the component luaG_runerror in dependencies/lua/src/ldebug.c in praydog/REFramework version before 1.5.5 leads to a heap-buffer overflow when a recursive error occurs.... Read more
Affected Products :- Published: Jan. 27, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Memory Corruption
-
6.9
MEDIUMCVE-2026-20977
Improper access control in Emergency Sharing prior to SMR Feb-2026 Release 1 allows local attackers to interrupt its functioning.... Read more
Affected Products : android- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Authorization
-
6.9
MEDIUMCVE-2025-65081
An out-of-bounds read vulnerability has been identified in the Postscript interpreter in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user.... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Memory Corruption
-
6.9
MEDIUMCVE-2020-37086
Easy Transfer 1.7 iOS mobile application contains a directory traversal vulnerability that allows remote attackers to access unauthorized file system paths without authentication. Attackers can exploit the vulnerability by manipulating path parameters in ... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Path Traversal
-
6.9
MEDIUMCVE-2025-65079
A heap-based buffer overflow vulnerability has been identified in the Postscript interpreter in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user.... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Memory Corruption
-
6.9
MEDIUMCVE-2020-36944
ILIAS Learning Management System 4.3 contains a server-side request forgery vulnerability that allows attackers to read local files through portfolio PDF export functionality. Attackers can inject a script that uses XMLHttpRequest to retrieve local file c... Read more
Affected Products : ilias- Published: Jan. 28, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Server-Side Request Forgery
-
6.9
MEDIUMCVE-2026-1664
Summary An Insecure Direct Object Reference has been found to exist in `createHeaderBasedEmailResolver()` function within the Cloudflare Agents SDK. The issue occurs because the `Message-ID` and `References` headers are parsed to derive the target agentN... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Authorization
-
6.9
MEDIUMCVE-2020-37166
AbsoluteTelnet 11.12 contains a denial of service vulnerability in the SSH2 username input field that allows local attackers to crash the application. Attackers can overwrite the username field with a 1000-byte buffer, causing the application to become un... Read more
Affected Products :- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Denial of Service
-
6.9
MEDIUMCVE-2026-24818
Out-of-bounds Read vulnerability in praydog UEVR (dependencies/lua/src modules). This vulnerability is associated with program files lparser.C. This issue affects UEVR: before 1.05.... Read more
Affected Products :- Published: Jan. 27, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Memory Corruption
-
6.9
MEDIUMCVE-2025-55704
Hidden functionality issue exists in multiple MFPs provided by Brother Industries, Ltd., which may allow an attacker to obtain the logs of the affected product and obtain sensitive information within the logs.... Read more
Affected Products :- Published: Jan. 29, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Information Disclosure
-
6.9
MEDIUMCVE-2025-15541
Improper link resolution in the VX800v v1.0 SFTP service allows authenticated adjacent attackers to use crafted symbolic links to access system files, resulting in high confidentiality impact and limited integrity risk.... Read more
Affected Products :- Published: Jan. 29, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Path Traversal
-
6.9
MEDIUMCVE-2026-24043
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addMetadata function allows users to inject arbitrary XML. If given the possibility to pass unsanitized input to the addMetadata method, a user ca... Read more
Affected Products : jspdf- Published: Feb. 02, 2026
- Modified: Feb. 03, 2026
- Vuln Type: XML External Entity
-
6.9
MEDIUMCVE-2026-25878
FroshAdminer is the Adminer plugin for Shopware Platform. Prior to 2.2.1, the Adminer route (/admin/adminer) was accessible without Shopware admin authentication. The route was configured with auth_required=false and performed no session validation, expos... Read more
Affected Products :- Published: Feb. 09, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Authentication
-
6.8
MEDIUMCVE-2026-25933
Arduino App Lab is a cross-platform IDE for developing Arduino Apps. Prior to 0.4.0, a vulnerability was identified in the Terminal component of the arduino-app-lab application. The issue stems from insufficient sanitization and validation of input data r... Read more
Affected Products :- Published: Feb. 12, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Injection
-
6.8
MEDIUMCVE-2026-1741
A vulnerability was determined in EFM ipTIME A8004T 14.18.2. Affected is the function httpcon_check_session_url of the file /sess-bin/d.cgi of the component Debug Interface. This manipulation of the argument cmd causes backdoor. It is possible to initiate... Read more
Affected Products :- Published: Feb. 02, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Injection
-
6.8
MEDIUMCVE-2026-1232
A medium-severity vulnerability has been identified in BeyondTrust Privilege Management for Windows versions <=25.7. Under certain conditions, a local authenticated user with elevated privileges may be able to bypass the product’s anti-tamper protections,... Read more
Affected Products : privilege_management_for_windows- Published: Feb. 02, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Misconfiguration
-
6.8
MEDIUMCVE-2026-20982
Path traversal in ShortcutService prior to SMR Feb-2026 Release 1 allows privileged local attacker to create file with system privilege.... Read more
Affected Products : android- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Path Traversal
-
6.8
MEDIUMCVE-2026-22881
Cross-site scripting vulnerability exists in Message function of Cybozu Garoon 5.15.0 to 6.0.3, which may allow an attacker to reset arbitrary users’ passwords.... Read more
Affected Products : garoon- Published: Feb. 02, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Cross-Site Scripting
-
6.8
MEDIUMCVE-2026-1301
In builds with PubSub and JSON enabled, a crafted JSON message can cause the decoder to write beyond a heap-allocated array before authentication, reliably crashing the process and corrupting memory.... Read more
Affected Products :- Published: Feb. 05, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Memory Corruption
-
6.8
MEDIUMCVE-2026-2565
A weakness has been identified in Wavlink WL-NU516U1 20251208. Affected by this issue is the function sub_40785C of the file /cgi-bin/adm.cgi. This manipulation of the argument time_zone causes stack-based buffer overflow. The attack can be initiated remo... Read more
Affected Products : wl-nu516u1_firmware- Published: Feb. 16, 2026
- Modified: Feb. 16, 2026
- Vuln Type: Memory Corruption