Latest CVE Feed
-
6.5
MEDIUMCVE-2026-1793
The Element Pack Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 8.3.17 via the SVG widget and a lack of sufficient file validation in the 'render_svg' function. This makes it possible ... Read more
Affected Products :- Published: Feb. 15, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Path Traversal
-
6.5
MEDIUMCVE-2026-23632
Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, the endpoint "PUT /repos/:owner/:repo/contents/*" does not require write permissions and allows access with read permission only via repoAssignment(). After passing the permissio... Read more
Affected Products : gogs- Published: Feb. 06, 2026
- Modified: Feb. 17, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2026-22592
Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, an authenticated user can cause a DOS attack. If one of the repo files is deleted before synchronization, it will cause the application to crash. This issue has been patched in v... Read more
Affected Products : gogs- Published: Feb. 06, 2026
- Modified: Feb. 17, 2026
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2026-23633
Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, there is an arbitrary file read/write via path traversal in Git hook editing. This issue has been patched in versions 0.13.4 and 0.14.0+dev.... Read more
Affected Products : gogs- Published: Feb. 06, 2026
- Modified: Feb. 17, 2026
- Vuln Type: Path Traversal
-
6.5
MEDIUMCVE-2026-21512
Server-side request forgery (ssrf) in Azure DevOps Server allows an authorized attacker to perform spoofing over a network.... Read more
- Published: Feb. 10, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Server-Side Request Forgery
-
6.5
MEDIUMCVE-2026-21528
Binding to an unrestricted ip address in Azure IoT SDK allows an unauthorized attacker to disclose information over a network.... Read more
Affected Products : azure_iot_explorer- Published: Feb. 10, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2026-23655
Cleartext storage of sensitive information in Azure Compute Gallery allows an authorized attacker to disclose information over a network.... Read more
Affected Products : microsoft_aci_confidential_containers- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2026-1942
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the b2s_curation_draft AJAX action in all versions up to, and including, 8.7.4. The curationDr... Read more
Affected Products : blog2social- Published: Feb. 18, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2026-20680
The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. A sandboxed app may be abl... Read more
- Published: Feb. 11, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2026-2531
A security vulnerability has been detected in MindsDB up to 25.14.1. This vulnerability affects the function clear_filename of the file mindsdb/utilities/security.py of the component File Upload. Such manipulation leads to server-side request forgery. The... Read more
Affected Products :- Published: Feb. 16, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Server-Side Request Forgery
-
6.5
MEDIUMCVE-2024-31118
Missing Authorization vulnerability in Smartypants SP Project & Document Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SP Project & Document Manager: from n/a through 4.70.... Read more
Affected Products : sp_project_\&_document_manager- Published: Feb. 17, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-27901
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various at... Read more
Affected Products : db2_recovery_expert_for_luw- Published: Feb. 17, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2026-2623
A flaw has been found in Blossom up to 1.17.1. This issue affects the function put of the file blossom-backend/common/common-iaas/src/main/java/com/blossom/common/iaas/blos/BLOSManager.java of the component File Upload. This manipulation causes path trave... Read more
Affected Products :- Published: Feb. 17, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Path Traversal
-
6.5
MEDIUMCVE-2026-1344
Tanium addressed an insecure file permissions vulnerability in Enforce Recovery Key Portal.... Read more
Affected Products : service_enforce_recovery-key-portal- Published: Feb. 18, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2026-2536
A vulnerability was determined in opencc JFlow up to 20260129. This affects the function Imp_Done of the file src/main/java/bp/wf/httphandler/WF_Admin_AttrFlow.java of the component Workflow Engine. This manipulation of the argument File causes xml extern... Read more
Affected Products :- Published: Feb. 16, 2026
- Modified: Feb. 18, 2026
- Vuln Type: XML External Entity
-
6.5
MEDIUMCVE-2025-14689
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic with federated objects.... Read more
Affected Products : db2- Published: Feb. 17, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2025-36018
IBM Concert 1.0.0 through 2.1.0 for Z hub component is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.... Read more
- Published: Feb. 17, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Cross-Site Request Forgery
-
6.5
MEDIUMCVE-2026-2665
A vulnerability was detected in huanzi-qch base-admin up to 57a8126bb3353a004f3c7722089e3b926ea83596. Impacted is the function Upload of the file SysFileController.java of the component JSP Parser. Performing a manipulation of the argument File results in... Read more
Affected Products :- Published: Feb. 18, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2026-25846
In JetBrains YouTrack before 2025.3.119033 access tokens could be exposed in Mailbox logs... Read more
Affected Products : youtrack- Published: Feb. 09, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2026-2676
A weakness has been identified in GoogTech sms-ssm up to e8534c766fd13f5f94c01dab475d75f286918a8d. Affected by this issue is the function preHandle of the file LoginInterceptor.java of the component API Interface. Executing a manipulation can lead to impr... Read more
Affected Products :- Published: Feb. 18, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Authorization