Latest CVE Feed
-
7.0
HIGHCVE-2025-10279
In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions (0o777). This vulnerability allows an attacker with write access to the `/tmp` directory to exploit a race cond... Read more
Affected Products : mlflow- Published: Feb. 02, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Race Condition
-
7.0
HIGHCVE-2026-1498
An LDAP Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from a connected LDAP authentication server through an exposed authentication or management web interface. This vulnera... Read more
Affected Products : fireware_os- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Injection
-
7.0
HIGHCVE-2026-0715
Moxa Arm-based industrial computers running Moxa Industrial Linux Secure use a device-unique bootloader password provided on the device. An attacker with physical access to the device could use this information to access the bootloader menu via a serial i... Read more
- Published: Feb. 05, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Authentication
-
7.0
HIGHCVE-2026-1227
CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause unauthorized disclosure of local files, interaction within the EBO system, or denial of service conditions when a local user uploads a specially crafted T... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 11, 2026
- Vuln Type: XML External Entity
-
7.0
HIGHCVE-2026-21508
Improper authentication in Windows Storage allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 +6 more products- Published: Feb. 10, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Authentication
-
6.9
MEDIUMCVE-2026-1332
MeetingHub developed by HAMASTAR Technology has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access specific API functions and obtain meeting-related information.... Read more
Affected Products : meetinghub_paperless_meetings- Published: Jan. 22, 2026
- Modified: Feb. 17, 2026
- Vuln Type: Authentication
-
6.9
MEDIUMCVE-2025-13651
Exposure of Sensitive System Information to an Unauthorized Actor vulnerability in Microcom ZeusWeb allows Web Application Fingerprinting of sensitive data. This issue affects ZeusWeb: 6.1.31.... Read more
Affected Products : zeusweb- Published: Feb. 11, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Information Disclosure
-
6.9
MEDIUMCVE-2026-27024
pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires accessing the children of a TreeObject, for example as part of outlines. This v... Read more
Affected Products :- Published: Feb. 20, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Denial of Service
-
6.9
MEDIUMCVE-2026-1664
Summary An Insecure Direct Object Reference has been found to exist in `createHeaderBasedEmailResolver()` function within the Cloudflare Agents SDK. The issue occurs because the `Message-ID` and `References` headers are parsed to derive the target agentN... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Authorization
-
6.9
MEDIUMCVE-2024-9432
Cleartext Storage of Sensitive Information vulnerability in OpenText™ Vertica allows Retrieve Embedded Sensitive Data. The vulnerability could read Vertica agent plaintext apikey.This issue affects Vertica versions: 23.X, 24.X, 25.X.... Read more
Affected Products : vertica- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Information Disclosure
-
6.9
MEDIUMCVE-2026-24797
Out-of-bounds Write vulnerability in neka-nat cupoch (third_party/libjpeg-turbo/libjpeg-turbo modules). This vulnerability is associated with program files tjbench.C. This issue affects cupoch.... Read more
Affected Products :- Published: Jan. 27, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Memory Corruption
-
6.9
MEDIUMCVE-2026-1469
Stored Cross-Site Scripting (XSS) in RLE NOVA's PlanManager. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting malicious payload through the ‘comment’ and ‘brand’ parameters in ‘/index.php’. The payload ... Read more
Affected Products :- Published: Jan. 29, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Cross-Site Scripting
-
6.9
MEDIUMCVE-2025-68663
Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a vulnerability was found in Outline's WebSocket authentication mechanism that allows suspended users to maintain or establish real-time WebSocket connections and continue r... Read more
Affected Products : outline- Published: Feb. 11, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Authentication
-
6.9
MEDIUMCVE-2026-27003
OpenClaw is a personal AI assistant. Telegram bot tokens can appear in error messages and stack traces (for example, when request URLs include `https://api.telegram.org/bot<token>/...`). Prior to version 2026.2.15, OpenClaw logged these strings without re... Read more
Affected Products : openclaw- Published: Feb. 20, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Information Disclosure
-
6.9
MEDIUMCVE-2026-24922
Buffer overflow vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability may affect availability.... Read more
Affected Products : harmonyos- Published: Feb. 06, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Memory Corruption
-
6.9
MEDIUMCVE-2026-24796
Out-of-bounds Read vulnerability in CloverHackyColor CloverBootloader (MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma modules). This vulnerability is associated with program files regparse.C. This issue affects CloverBootloader: before 5162.... Read more
Affected Products :- Published: Jan. 27, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Memory Corruption
-
6.9
MEDIUMCVE-2026-25996
Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. String fields from eBPF events in columns output mode are rendered to the terminal without any sanitization of co... Read more
Affected Products :- Published: Feb. 12, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Information Disclosure
-
6.9
MEDIUMCVE-2026-27026
pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires a malformed /FlateDecode stream, where the byte-by-byte decompression is used. Thi... Read more
Affected Products :- Published: Feb. 20, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Denial of Service
-
6.9
MEDIUMCVE-2026-24824
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in yacy yacy_search_server (source/net/yacy/http/servlets modules). This vulnerability is associated with program files YaCyDefaultServlet.Java. Thi... Read more
Affected Products :- Published: Jan. 27, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Cross-Site Scripting
-
6.9
MEDIUMCVE-2025-65079
A heap-based buffer overflow vulnerability has been identified in the Postscript interpreter in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user.... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Memory Corruption