Latest CVE Feed
-
6.5
MEDIUMCVE-2026-2209
A vulnerability was detected in WeKan up to 8.18. The affected element is the function setCreateTranslation of the file client/components/settings/translationBody.js of the component Custom Translation Handler. The manipulation results in improper authori... Read more
Affected Products : wekan- Published: Feb. 08, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-71002
A floating-point exception (FPE) in the flow.column_stack component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.... Read more
Affected Products : oneflow- Published: Jan. 28, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2025-71001
A segmentation violation in the flow.column_stack component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.... Read more
Affected Products : oneflow- Published: Jan. 28, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2025-70559
pdfminer.six before 20251230 contains an insecure deserialization vulnerability in the CMap loading mechanism. The library uses Python pickle to deserialize CMap cache files without validation. An attacker with the ability to place a malicious pickle file... Read more
Affected Products : pdfminer.six- Published: Feb. 03, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Authentication
-
6.5
MEDIUMCVE-2025-65887
A division-by-zero vulnerability in the flow.floor_divide() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input tensor with zero.... Read more
Affected Products : oneflow- Published: Jan. 28, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2026-24957
Missing Authorization vulnerability in WP Chill Strong Testimonials strong-testimonials allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Strong Testimonials: from n/a through <= 3.2.20.... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2026-2317
Inappropriate implementation in Animation in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)... Read more
- Published: Feb. 11, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2026-2318
Inappropriate implementation in PictureInPicture in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)... Read more
- Published: Feb. 11, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2026-24434
Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior does not implement CSRF protections for administrative functions in the web management interface. The interface does not enforce anti-CSRF tokens or robust origin validation, which can allow an... Read more
- Published: Feb. 03, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Cross-Site Request Forgery
-
6.5
MEDIUMCVE-2026-1810
A vulnerability was detected in bolo-blog bolo-solo up to 2.6.4. The impacted element is the function unpackFilteredZip of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component ZIP File Handler. Performing a manipulation of t... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Path Traversal
-
6.5
MEDIUMCVE-2026-1811
A flaw has been found in bolo-blog bolo-solo up to 2.6.4. This affects the function importFromMarkdown of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component Filename Handler. Executing a manipulation of the argument File c... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Path Traversal
-
6.5
MEDIUMCVE-2026-0622
Open 5GS WebUI uses a hard-coded JWT signing key (change-me) whenever the environment variable JWT_SECRET_KEY is unset... Read more
Affected Products : open5gs- Published: Jan. 20, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Authentication
-
6.5
MEDIUMCVE-2026-1245
A code injection vulnerability in the binary-parser library prior to version 2.3.0 allows arbitrary JavaScript code execution when untrusted values are used in parser field names or encoding parameters. The library directly interpolates these values into ... Read more
Affected Products : binary-parser- Published: Jan. 20, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-36065
IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system.... Read more
Affected Products : sterling_connect\ sterling_connectexpress_adapter_for_sterling_b2b_integrator_520- Published: Jan. 20, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Authentication
-
6.5
MEDIUMCVE-2026-1812
A vulnerability has been found in bolo-blog bolo-solo up to 2.6.4. This impacts the function importFromCnblogs of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component Filename Handler. The manipulation of the argument File l... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Path Traversal
-
6.5
MEDIUMCVE-2025-69621
An arbitrary file overwrite vulnerability in the file import process of Comic Book Reader v1.0.95 allows attackers to overwrite critical internal files, potentially leading to arbitrary code execution or exposure of sensitive information.... Read more
Affected Products :- Published: Feb. 04, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Path Traversal
-
6.5
MEDIUMCVE-2026-21968
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows low privileged attacker with network ac... Read more
Affected Products : mysql_server- Published: Jan. 20, 2026
- Modified: Jan. 29, 2026
-
6.5
MEDIUMCVE-2026-23704
A non-administrative user can upload malicious files. When an administrator or the product accesses that file, an arbitrary script may be executed on the administrator's browser. Note that Movable Type 7 series and 8.4 series, which are End-of-Life (EOL),... Read more
Affected Products :- Published: Feb. 04, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2026-24447
If a malformed data is input to the affected product, a CSV file downloaded from the affected product may contain such malformed data. When a victim user download and open such a CSV file, the embedded code may be executed in the user's environment. Note ... Read more
Affected Products :- Published: Feb. 04, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2026-0572
The WebPurify Profanity Filter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'webpurify_save_options' function in all versions up to, and including, 4.0.2. This makes it possible for unaut... Read more
Affected Products :- Published: Feb. 04, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Authorization