Latest CVE Feed
-
6.5
MEDIUMCVE-2025-69198
Pterodactyl is a free, open-source game server management panel. Pterodactyl implements rate limits that are applied to the total number of resources (e.g. databases, port allocations, or backups) that can exist for an individual server. These resource li... Read more
- Published: Jan. 19, 2026
- Modified: Feb. 02, 2026
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2025-69612
A path traversal vulnerability exists in TMS Management Console (version 6.3.7.27386.20250818) from TMS Global Software. The "Download Template" function in the profile dashboard does not neutralize directory traversal sequences (../) in the filePath para... Read more
Affected Products : tms_management_console- Published: Jan. 22, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Path Traversal
-
6.5
MEDIUMCVE-2025-71006
A floating point exception (FPE) in the oneflow.reshape component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.... Read more
Affected Products : oneflow- Published: Jan. 28, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2022-50980
A unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via CAN.... Read more
Affected Products :- Published: Feb. 02, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2026-0622
Open 5GS WebUI uses a hard-coded JWT signing key (change-me) whenever the environment variable JWT_SECRET_KEY is unset... Read more
Affected Products : open5gs- Published: Jan. 20, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Authentication
-
6.5
MEDIUMCVE-2025-36065
IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system.... Read more
Affected Products : sterling_connect\ sterling_connectexpress_adapter_for_sterling_b2b_integrator_520- Published: Jan. 20, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Authentication
-
6.5
MEDIUMCVE-2026-24398
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, IP Restriction Middleware in Hono is vulnerable to an IP address validation bypass. The `IPV4_REGEX` pattern and `convertIPv4ToBinary` function ... Read more
Affected Products : hono- Published: Jan. 27, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2026-1813
A vulnerability was found in bolo-blog bolo-solo up to 2.6.4. Affected is an unknown function of the file src/main/java/org/b3log/solo/bolo/pic/PicUploadProcessor.java of the component FreeMarker Template Handler. The manipulation of the argument File res... Read more
Affected Products :- Published: Feb. 04, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2024-51451
IBM Concert 1.0.0 through 2.1.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cac... Read more
Affected Products : concert- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2026-1894
A vulnerability was detected in WeKan up to 8.20. This impacts an unknown function of the file models/checklistItems.js of the component REST API. Performing a manipulation of the argument item.cardId/item.checklistId/card.boardId results in improper auth... Read more
Affected Products : wekan- Published: Feb. 04, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-36063
IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system.... Read more
Affected Products : sterling_connect\ sterling_connectexpress_adapter_for_sterling_b2b_integrator_520- Published: Jan. 20, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Authentication
-
6.5
MEDIUMCVE-2026-22347
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in subhansanjaya Carousel Horizontal Posts Content Slider carousel-horizontal-posts-content-slider allows DOM-Based XSS.This issue affects Carousel Horizont... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-36387
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 - 11.5.9 could allow an authenticated user to cause a denial of service when given specially crafted query.... Read more
Affected Products : db2- Published: Jan. 30, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2026-24098
Apache Airflow versions before 3.1.7, has vulnerability that allows authenticated UI users with permission to one or more specific Dags to view import errors generated by other Dags they did not have access to. Users are advised to upgrade to 3.1.7 or l... Read more
Affected Products : airflow- Published: Feb. 09, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2026-0484
Due to missing authorization check in SAP NetWeaver Application Server ABAP and SAP S/4HANA, an authenticated attacker could access a specific transaction code and modify the text data in the system. This vulnerability has a high impact on integrity of th... Read more
Affected Products :- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2026-24324
SAP BusinessObjects Business Intelligence Platform (AdminTools) allows an authenticated attacker with user privileges to execute a specific query in AdminTools that could cause the Content Management Server (CMS) to crash, rendering the CMS partially or c... Read more
Affected Products :- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2026-25480
Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to 2.20.0, FileStore maps cache keys to filenames using Unicode NFKD normalization and ord() substitution without separators, creating key collisions. When FileStore is used as r... Read more
Affected Products : litestar- Published: Feb. 09, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2025-15336
Tanium addressed an incorrect default permissions vulnerability in Performance.... Read more
- Published: Feb. 05, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-15338
Tanium addressed an incorrect default permissions vulnerability in Partner Integration.... Read more
- Published: Feb. 05, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2026-2009
A flaw has been found in SourceCodester Gas Agency Management System 1.0. This issue affects some unknown processing of the file /gasmark/php_action/createUser.php. Executing a manipulation can lead to improper access controls. It is possible to launch th... Read more
Affected Products : gas_agency_management_system- Published: Feb. 06, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authorization