Latest CVE Feed
-
6.3
MEDIUMCVE-2026-24739
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to versions 5.4.51, 6.4.33, 7.3.11, 7.4.5, and 8.0.5, the Symfony Process component did not correctly treat some characters (notably `=`) as “special” ... Read more
Affected Products : symfony- Published: Jan. 28, 2026
- Modified: Feb. 02, 2026
- Vuln Type: Misconfiguration
-
6.3
MEDIUMCVE-2026-1592
Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the Create New Layer feature. Unsanitized user input is embedded into the HTML output, allowing arbitrary JavaScript execution when the layer is referenced. This i... Read more
Affected Products : pdf_editor_cloud- Published: Feb. 03, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Cross-Site Scripting
-
6.3
MEDIUMCVE-2026-2391
### Summary The `arrayLimit` option in qs does not enforce limits for comma-separated values when `comma: true` is enabled, allowing attackers to cause denial-of-service via memory exhaustion. This is a bypass of the array limit enforcement, similar to th... Read more
Affected Products :- Published: Feb. 12, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Denial of Service
-
6.3
MEDIUMCVE-2025-66607
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The response header contains an insecure setting. Users could be redirected to malicious sites by an attacker. The affected products and versions are as follows:... Read more
Affected Products : fast\/tools- Published: Feb. 09, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Misconfiguration
-
6.3
MEDIUMCVE-2024-52334
A vulnerability has been identified in syngo.plaza VB30E (All versions < VB30E_HF07). The affected application does not encrypt the passwords properly. This could allow an attacker to recover the original passwords and might gain unauthorized access.... Read more
Affected Products :- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Cryptography
-
6.3
MEDIUMCVE-2026-24934
The DDNS function uses an insecure HTTP connection or fails to validate the SSL/TLS certificate when querying an external server for the device's WAN IP address. An unauthenticated remote attacker can perform a Man-in-the-Middle (MitM) attack to spoof the... Read more
Affected Products : data_master- Published: Feb. 03, 2026
- Modified: Feb. 19, 2026
- Vuln Type: Misconfiguration
-
6.3
MEDIUMCVE-2025-13004
Authorization Bypass Through User-Controlled Key vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Manipulating User-Controlled Variables.This issue affects E-Commerce Package: through 27112025.... Read more
Affected Products :- Published: Feb. 12, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Authorization
-
6.3
MEDIUMCVE-2025-27898
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 does not invalidate session after a timeout which could allow an authenticated user to impersonate another user on the system.... Read more
Affected Products : db2_recovery_expert_for_luw- Published: Feb. 17, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Authentication
-
6.3
MEDIUMCVE-2026-24473
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Serve static Middleware for the Cloudflare Workers adapter contains an information disclosure vulnerability that may allow attackers to read arb... Read more
Affected Products : hono- Published: Jan. 27, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Information Disclosure
-
6.3
MEDIUMCVE-2026-25508
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, an out-of-bounds read vulnerability was reported in the BLE ATT Prepare Write handling of the BLE provisioning transport (protocomm... Read more
Affected Products : esp-idf- Published: Feb. 04, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Memory Corruption
-
6.3
MEDIUMCVE-2025-15344
Tanium addressed a SQL injection vulnerability in Asset.... Read more
Affected Products : service_asset- Published: Jan. 29, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Injection
-
6.3
MEDIUMCVE-2026-2110
A security flaw has been discovered in Tasin1025 SwiftBuy up to 0f5011372e8d1d7edfd642d57d721c9fadc54ec7. Affected by this vulnerability is an unknown functionality of the file /login.php. Performing a manipulation results in improper restriction of exces... Read more
Affected Products :- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Authentication
-
6.3
MEDIUMCVE-2026-24040
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, the addJS method in the jspdf Node.js build utilizes a shared module-scoped variable (text) to store JavaScript content. When used in a concurrent environment (e.g., a Node.js web server),... Read more
Affected Products : jspdf- Published: Feb. 02, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Race Condition
-
6.3
MEDIUMCVE-2026-27113
Liquid Prompt is an adaptive prompt for Bash and Zsh. Starting in commit cf3441250bb5d8b45f6f8b389fcdf427a99ac28a and prior to commit a4f6b8d8c90b3eaa33d13dfd1093062ab9c4b30c on the master branch, arbitrary command injection can lead to code execution whe... Read more
Affected Products :- Published: Feb. 20, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Injection
-
6.3
MEDIUMCVE-2025-66601
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not specify MIME types. When an attacker performs a content sniffing attack, malicious scripts could be executed. The affected products and ver... Read more
Affected Products : fast\/tools- Published: Feb. 09, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Misconfiguration
-
6.3
MEDIUMCVE-2024-43181
IBM Concert 1.0.0 through 2.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.... Read more
Affected Products : concert- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Authentication
-
6.3
MEDIUMCVE-2025-53869
Multiple MFPs provided by Brother Industries, Ltd. does not properly validate server certificates, which may allow a man-in-the-middle attacker to replace the set of root certificates used by the product with a set of arbitrary certificates.... Read more
Affected Products :- Published: Jan. 29, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Cryptography
-
6.3
MEDIUMCVE-2026-27199
Werkzeug is a comprehensive WSGI web application library. Versions 3.1.5 and below, the safe_join function allows Windows device names as filenames if preceded by other path segments. This was previously reported as GHSA-hgf8-39gv-g3f2, but the added filt... Read more
Affected Products : werkzeug- Published: Feb. 21, 2026
- Modified: Feb. 21, 2026
- Vuln Type: Path Traversal
-
6.3
MEDIUMCVE-2026-2065
A security flaw has been discovered in Flycatcher Toys smART Pixelator 2.0. Affected by this issue is some unknown functionality of the component Bluetooth Low Energy Interface. Performing a manipulation results in missing authentication. The attack can o... Read more
Affected Products :- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Authentication
-
6.3
MEDIUMCVE-2026-25507
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, a use-after-free vulnerability was reported in the BLE provisioning transport (protocomm_ble) layer. The issue can be triggered by ... Read more
Affected Products : esp-idf- Published: Feb. 04, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Memory Corruption