Latest CVE Feed
-
5.5
MEDIUMCVE-2026-1532
A vulnerability was identified in D-Link DCS-700L 1.03.09. The affected element is the function uploadmusic of the file /setUploadMusic of the component Music File Upload Service. The manipulation of the argument UploadMusic leads to path traversal. The a... Read more
- Published: Jan. 28, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Path Traversal
-
5.5
MEDIUMCVE-2026-2327
Versions of the package markdown-it from 13.0.0 and before 14.1.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the use of the regex /\*+$/ in the linkify function. An attacker can supply a long sequence of * characters followed by... Read more
Affected Products : markdown-it- Published: Feb. 12, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2025-54151
An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a local attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerab... Read more
Affected Products : qsync_central- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2026-20630
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.3. An app may be able to access protected user data.... Read more
Affected Products : macos- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Authorization
-
5.5
MEDIUMCVE-2025-14876
A flaw was found in the virtio-crypto device of QEMU. A malicious guest operating system can exploit a missing length limit in the AKCIPHER path, leading to uncontrolled memory allocation. This can result in a denial of service (DoS) on the host system by... Read more
Affected Products : qemu- Published: Feb. 18, 2026
- Modified: Feb. 19, 2026
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2026-21355
DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue re... Read more
Affected Products : dng_software_development_kit- Published: Feb. 10, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2026-21354
DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to cause the application to crash or become unresponsive... Read more
Affected Products : dng_software_development_kit- Published: Feb. 10, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2025-43417
A path handling issue was addressed with improved logic. This issue is fixed in macOS Sonoma 14.8.4. An app may be able to access user-sensitive data.... Read more
Affected Products : macos- Published: Feb. 11, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Path Traversal
-
5.5
MEDIUMCVE-2025-15572
A vulnerability has been found in wasm3 up to 0.5.0. The affected element is the function NewCodePage. The manipulation leads to memory leak. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. Unfortunate... Read more
Affected Products : wasm3- Published: Feb. 10, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2024-56807
An out-of-bounds read vulnerability has been reported to affect Media Streaming add-on. If an attacker gains local network access, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following ver... Read more
Affected Products : media_streaming_add-on- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Information Disclosure
-
5.5
MEDIUMCVE-2026-20625
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3, macOS Sonoma 14.8.4, visionOS 26.3. An app may be able to access sensitive user data.... Read more
- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Path Traversal
-
5.5
MEDIUMCVE-2025-28164
Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via png_create_read_struct() function.... Read more
Affected Products : libpng- Published: Jan. 27, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2025-50537
Stack overflow vulnerability in eslint before 9.26.0 when serializing objects with circular references in eslint/lib/shared/serialization.js. The exploit is triggered via the RuleTester.run() method, which validates test cases and checks for duplicates. D... Read more
Affected Products : eslint- Published: Jan. 26, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2026-21261
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.... Read more
Affected Products : office 365_apps excel office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 +1 more products- Published: Feb. 10, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Information Disclosure
-
5.5
MEDIUMCVE-2026-27171
zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.... Read more
Affected Products : zlib- Published: Feb. 18, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2026-21870
BACnet Protocol Stack library provides a BACnet application layer, network layer and media access (MAC) layer communications services. In 1.4.2, 1.5.0.rc2, and earlier, an off-by-one stack-based buffer overflow in the ubasic interpreter causes a crash (SI... Read more
Affected Products : bacnet_stack- Published: Feb. 13, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2026-2657
A vulnerability has been found in wren-lang wren up to 0.4.0. This impacts the function printError of the file src/vm/wren_compiler.c of the component Error Message Handler. Such manipulation leads to stack-based buffer overflow. An attack has to be appro... Read more
Affected Products : wren- Published: Feb. 18, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Memory Corruption
-
5.4
MEDIUMCVE-2026-24576
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in COP UX Flat ux-flat allows Stored XSS.This issue affects UX Flat: from n/a through <= 5.4.0.... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-70368
Worklenz version 2.1.5 contains a Stored Cross-Site Scripting (XSS) vulnerability in the Project Updates feature. An attacker can submit a malicious payload in the Updates text field which is then rendered in the reporting view without proper sanitization... Read more
Affected Products : worklenz- Published: Jan. 26, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2026-24476
Shaarli is a personal bookmarking service. Prior to version 0.16.0, crafting a malicious tag which starting with `"` prematurely ends the `<input>` tag on the start page and allows an attacker to add arbitrary html leading to a possible XSS attack. Versio... Read more
Affected Products : shaarli- Published: Jan. 26, 2026
- Modified: Feb. 17, 2026
- Vuln Type: Cross-Site Scripting