Latest CVE Feed
-
6.7
MEDIUMCVE-2026-21522
Improper neutralization of special elements used in a command ('command injection') in Azure Compute Gallery allows an authorized attacker to elevate privileges locally.... Read more
- Published: Feb. 10, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Injection
-
6.6
MEDIUMCVE-2026-21419
Dell Display and Peripheral Manager (Windows) versions prior to 2.2 contain an Improper Link Resolution Before File Access ('Link Following') vulnerability in the Installer and Service. A low privileged attacker with local access could potentially exploit... Read more
Affected Products :- Published: Feb. 09, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Path Traversal
-
6.6
MEDIUMCVE-2026-20981
Improper input validation in FacAtFunction prior to SMR Feb-2026 Release 1 allows privileged physical attacker to execute arbitrary command with system privilege.... Read more
Affected Products : android- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Injection
-
6.6
MEDIUMCVE-2025-68609
A vulnerability in Palantir's Aries service allowed unauthenticated access to log viewing and management functionality on Apollo instances using default configuration. The defect resulted in both authentication and authorization checks being bypassed, pot... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authentication
-
6.6
MEDIUMCVE-2026-23885
Alchemy is an open source content management system engine written in Ruby on Rails. Prior to versions 7.4.12 and 8.0.3, the application uses the Ruby `eval()` function to dynamically execute a string provided by the `resource_handler.engine_name` attribu... Read more
Affected Products : alchemy_cms- Published: Jan. 19, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Injection
-
6.6
MEDIUMCVE-2026-0229
A denial-of-service (DoS) vulnerability in the Advanced DNS Security (ADNS) feature of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to initiate system reboots using a maliciously crafted packet. Repeated attempts to initiate a r... Read more
Affected Products : pan-os- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Denial of Service
-
6.6
MEDIUMCVE-2026-1788
: Out-of-bounds Write vulnerability in Xquic Project Xquic Server xquic on Linux (QUIC protocol implementation, packet processing module modules) allows : Buffer Manipulation.This issue affects Xquic Server: through 1.8.3.... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Memory Corruption
-
6.6
MEDIUMCVE-2026-25749
Vim is an open source, command line text editor. Prior to version 9.1.2132, a heap buffer overflow vulnerability exists in Vim's tag file resolution logic when processing the 'helpfile' option. The vulnerability is located in the get_tagfname() function i... Read more
Affected Products : vim- Published: Feb. 06, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Memory Corruption
-
6.6
MEDIUMCVE-2026-24905
Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. The `ig` binary provides a subcommand for image building, used to generate custom gadget OCI images. A part of th... Read more
Affected Products :- Published: Jan. 29, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Injection
-
6.6
MEDIUM- Published: Feb. 05, 2026
- Modified: Feb. 10, 2026
-
6.6
MEDIUMCVE-2026-25650
MCP Salesforce Connector is a Model Context Protocol (MCP) server implementation for Salesforce integration. Prior to 0.1.10, arbitrary attribute access leads to disclosure of Salesforce auth token. This vulnerability is fixed in 0.1.10.... Read more
Affected Products :- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2026-25846
In JetBrains YouTrack before 2025.3.119033 access tokens could be exposed in Mailbox logs... Read more
Affected Products : youtrack- Published: Feb. 09, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2026-23878
HotCRP is conference review software. Starting in commit aa20ef288828b04550950cf67c831af8a525f508 and prior to commit ceacd5f1476458792c44c6a993670f02c984b4a0, authors with at least one submission on a HotCRP site could use the document API to download an... Read more
Affected Products : hotcrp- Published: Jan. 19, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2026-24514
A security issue was discovered in ingress-nginx where the validating admission controller feature is subject to a denial of service condition. By sending large requests to the validating admission controller, an attacker can cause memory consumption, whi... Read more
Affected Products : ingress-nginx- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2026-24354
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Shortcodes & Performance penci-shortcodes allows DOM-Based XSS.This issue affects Penci Shortcodes & Performance: from n/a through <= 6... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2026-21949
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to ... Read more
Affected Products : mysql_server- Published: Jan. 20, 2026
- Modified: Jan. 29, 2026
-
6.5
MEDIUMCVE-2026-1504
Inappropriate implementation in Background Fetch API in Google Chrome prior to 144.0.7559.110 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)... Read more
- Published: Jan. 27, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2026-24389
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Chill Gallery PhotoBlocks photoblocks-grid-gallery allows DOM-Based XSS.This issue affects Gallery PhotoBlocks: from n/a through <= 1.3.2.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2026-1963
A vulnerability was found in WeKan up to 8.20. This affects an unknown function of the file models/attachments.js of the component Attachment Storage. The manipulation results in improper access controls. The attack may be launched remotely. Upgrading to ... Read more
Affected Products : wekan- Published: Feb. 05, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-67958
Missing Authorization vulnerability in Taxcloud TaxCloud for WooCommerce simple-sales-tax allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TaxCloud for WooCommerce: from n/a through <= 8.3.8.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Authorization