Latest CVE Feed
-
6.5
MEDIUMCVE-2026-22762
Dell Avamar Server and Avamar Virtual Edition, versions prior to 19.10 SP1 with CHF338912, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Security. A high privileged attacker with remote acce... Read more
Affected Products :- Published: Feb. 17, 2026
- Modified: Feb. 17, 2026
- Vuln Type: Path Traversal
-
6.5
MEDIUMCVE-2025-32057
The Infotainment ECU manufactured by Bosch which is installed in Nissan Leaf ZE1 – 2020 uses a Redbend service for over-the-air provisioning and updates. HTTPS is used for communication with the back-end server. Due to usage of the default configuration f... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2026-2530
A weakness has been identified in Wavlink WL-WN579A3 up to 20210219. This affects the function AddMac of the file /cgi-bin/wireless.cgi. This manipulation of the argument macAddr causes command injection. The attack is possible to be carried out remotely.... Read more
Affected Products :- Published: Feb. 16, 2026
- Modified: Feb. 16, 2026
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-36427
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a denial of service due to insufficient validation of special elements in data query logic.... Read more
Affected Products : db2- Published: Jan. 30, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2025-36424
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a denial of service due to improper neutralization of special elements in data query logic.... Read more
Affected Products : db2- Published: Jan. 30, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2025-27904
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that th... Read more
Affected Products : db2_recovery_expert_for_luw- Published: Feb. 17, 2026
- Modified: Feb. 17, 2026
- Vuln Type: Cross-Site Request Forgery
-
6.5
MEDIUMCVE-2026-2623
A flaw has been found in Blossom up to 1.17.1. This issue affects the function put of the file blossom-backend/common/common-iaas/src/main/java/com/blossom/common/iaas/blos/BLOSManager.java of the component File Upload. This manipulation causes path trave... Read more
Affected Products :- Published: Feb. 17, 2026
- Modified: Feb. 17, 2026
- Vuln Type: Path Traversal
-
6.5
MEDIUMCVE-2026-1793
The Element Pack Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 8.3.17 via the SVG widget and a lack of sufficient file validation in the 'render_svg' function. This makes it possible ... Read more
Affected Products :- Published: Feb. 15, 2026
- Modified: Feb. 15, 2026
- Vuln Type: Path Traversal
-
6.5
MEDIUMCVE-2025-70091
A cross-site scripting (XSS) vulnerability in the Customers function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Phone Number parameter.... Read more
Affected Products : open_source_point_of_sale- Published: Feb. 13, 2026
- Modified: Feb. 17, 2026
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2026-2318
Inappropriate implementation in PictureInPicture in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)... Read more
- Published: Feb. 11, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2022-50979
An unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus (RS485).... Read more
Affected Products :- Published: Feb. 02, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2025-69601
A directory traversal (Zip Slip) vulnerability exists in the “Static Sites” feature of 66biolinks v44.0.0 by AltumCode. Uploaded ZIP archives are automatically extracted without validating or sanitizing file paths. An attacker can include traversal sequen... Read more
Affected Products : 66biolinks- Published: Jan. 28, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Path Traversal
-
6.5
MEDIUMCVE-2026-21978
Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Relationship Pricing). Supported versions that are affected are 14.0.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows low privil... Read more
Affected Products : flexcube_universal_banking- Published: Jan. 20, 2026
- Modified: Feb. 02, 2026
-
6.5
MEDIUMCVE-2026-23848
MyTube is a self-hosted downloader and player for several video websites. Prior to version 1.7.71, a rate limiting bypass via `X-Forwarded-For` header spoofing allows unauthenticated attackers to bypass IP-based rate limiting on general API endpoints. Att... Read more
Affected Products : mytube- Published: Jan. 19, 2026
- Modified: Feb. 02, 2026
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2026-23964
Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.5.5, 4.4.12, and 4.3.18, an insecure direct object reference in the web push subscription update endpoint lets any authenticated user update another user's pus... Read more
Affected Products : mastodon- Published: Jan. 22, 2026
- Modified: Feb. 02, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2026-1895
A flaw has been found in WeKan up to 8.20. Affected is the function applyWipLimit of the file models/lists.js of the component Attachment Storage Handler. Executing a manipulation can lead to improper access controls. The attack can be executed remotely. ... Read more
Affected Products : wekan- Published: Feb. 04, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2026-26006
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. The autogpt before 0.6.32 is vulnerable to Regular Expression Denial of Service due to the use of regex at Cod... Read more
Affected Products : autogpt_platform- Published: Feb. 10, 2026
- Modified: Feb. 17, 2026
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2025-61728
archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.... Read more
Affected Products : go- Published: Jan. 28, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2026-23565
A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to cause the NomadBranch.exe process to terminate via crafted requests. ... Read more
- Published: Jan. 29, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2026-24421
phpMyFAQ is an open source FAQ web application. Versions 4.0.16 and below have flawed authorization logic which exposes the /api/setup/backup endpoint to any authenticated user despite their permissions. SetupController.php uses userIsAuthenticated() but ... Read more
Affected Products : phpmyfaq- Published: Jan. 24, 2026
- Modified: Jan. 30, 2026
- Vuln Type: Authorization