Latest CVE Feed
-
5.5
MEDIUMCVE-2026-21870
BACnet Protocol Stack library provides a BACnet application layer, network layer and media access (MAC) layer communications services. In 1.4.2, 1.5.0.rc2, and earlier, an off-by-one stack-based buffer overflow in the ubasic interpreter causes a crash (SI... Read more
Affected Products : bacnet_stack- Published: Feb. 13, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2026-2490
RustDesk Client for Windows Transfer File Link Following Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of RustDesk Client for Windows. An attacker must first obt... Read more
Affected Products :- Published: Feb. 20, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Information Disclosure
-
5.5
MEDIUMCVE-2026-20675
The issue was addressed with improved bounds checks. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. Processing a malicious... Read more
- Published: Feb. 11, 2026
- Modified: Feb. 17, 2026
- Vuln Type: Information Disclosure
-
5.5
MEDIUMCVE-2026-2739
This affects versions of the package bn.js before 5.2.3. Calling maskn(0) on any BN instance corrupts the internal state, causing toString(), divmod(), and other methods to enter an infinite loop, hanging the process indefinitely.... Read more
Affected Products :- Published: Feb. 20, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2026-2108
A vulnerability was determined in jsbroks COCO Annotator up to 0.11.1. This impacts an unknown function of the file /api/info/long_task of the component Endpoint. This manipulation causes denial of service. The attack may be initiated remotely. The exploi... Read more
Affected Products : coco_annotator- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2026-27014
NanaZip is an open source file archive Starting in version 5.0.1252.0 and prior to version 6.0.1630.0, circular `NextOffset` chains cause an infinite loop, and deeply nested directories cause unbounded recursion (stack overflow) in the ROMFS archive parse... Read more
Affected Products : nanazip- Published: Feb. 19, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2026-21358
InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to ... Read more
- Published: Feb. 10, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2026-25122
apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.0, expandapk.Split drains the first gzip stream of an APK archive via io.Copy(io.Discard, gzi) without explicit bounds. With an attacker... Read more
Affected Products : apko- Published: Feb. 04, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2026-21222
Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 +4 more products- Published: Feb. 10, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Information Disclosure
-
5.5
MEDIUMCVE-2026-2258
A flaw has been found in aardappel lobster up to 2025.4. Affected by this vulnerability is the function WaveFunctionCollapse in the library dev/src/lobster/wfc.h. Executing a manipulation can lead to memory corruption. The attack can only be executed loca... Read more
Affected Products : lobster- Published: Feb. 10, 2026
- Modified: Feb. 17, 2026
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2025-15469
Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when using one-shot signing algorithms and reports success instead of an error. Impact summary: A user signing or verifying files larger than 16MB with one-shot alg... Read more
Affected Products : openssl- Published: Jan. 27, 2026
- Modified: Feb. 02, 2026
- Vuln Type: Cryptography
-
5.5
MEDIUMCVE-2026-2864
A vulnerability has been found in feng_ha_ha/megagao ssm-erp and production_ssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. This affects the function pictureDelete of the file PictureController.java. Such manipulation of the argument picName leads to ... Read more
Affected Products :- Published: Feb. 21, 2026
- Modified: Feb. 21, 2026
- Vuln Type: Path Traversal
-
5.5
MEDIUMCVE-2025-54149
An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a local attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerab... Read more
Affected Products : qsync_central- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2025-15318
Tanium addressed an arbitrary file deletion vulnerability in End-User Notifications Endpoint Tools.... Read more
Affected Products : endpoint_end-user-notifications- Published: Feb. 09, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Misconfiguration
-
5.5
MEDIUMCVE-2026-2894
A vulnerability was identified in funadmin up to 7.1.0-rc4. Affected by this vulnerability is the function getMember of the file app/frontend/view/login/forget.html. Such manipulation leads to information disclosure. The attack may be launched remotely. T... Read more
Affected Products : funadmin- Published: Feb. 21, 2026
- Modified: Feb. 21, 2026
- Vuln Type: Information Disclosure
-
5.5
MEDIUMCVE-2026-2849
A vulnerability has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this issue is the function deleteCache/removeAllCache/syncCache of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\Cach... Read more
Affected Products : warehouse- Published: Feb. 20, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Authorization
-
5.5
MEDIUMCVE-2025-28164
Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via png_create_read_struct() function.... Read more
Affected Products : libpng- Published: Jan. 27, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2026-22795
Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file. Impact summary: An application processing a malformed PKCS#12 file can be caused to dereference an invalid or NULL pointer on memory r... Read more
Affected Products : openssl- Published: Jan. 27, 2026
- Modified: Feb. 02, 2026
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2026-24437
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) serve sensitive administrative content without appropriate cache-control directives. As a result, browsers may store credential-bearing responses locally, exposing them to subs... Read more
- Published: Jan. 26, 2026
- Modified: Jan. 28, 2026
- Vuln Type: Information Disclosure
-
5.5
MEDIUMCVE-2026-20621
The issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An app may be able to cause unexpected system... Read more
- Published: Feb. 11, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Memory Corruption