Latest CVE Feed
-
5.5
MEDIUMCVE-2026-20675
The issue was addressed with improved bounds checks. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. Processing a malicious... Read more
- Published: Feb. 11, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Information Disclosure
-
5.5
MEDIUMCVE-2026-20666
An authorization issue was addressed with improved state management. This issue is fixed in macOS Tahoe 26.3. An app may be able to access sensitive user data.... Read more
Affected Products : macos- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Authorization
-
5.5
MEDIUMCVE-2025-15318
Tanium addressed an arbitrary file deletion vulnerability in End-User Notifications Endpoint Tools.... Read more
Affected Products : endpoint_end-user-notifications- Published: Feb. 09, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Misconfiguration
-
5.5
MEDIUMCVE-2026-24927
Out-of-bounds access vulnerability in the frequency modulation module. Impact: Successful exploitation of this vulnerability may affect availability.... Read more
- Published: Feb. 06, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2025-65264
The kernel driver of CPUID CPU-Z v2.17 and earlier does not validate user-supplied values passed via its IOCTL interface, allowing an attacker to access sensitive information via a crafted request.... Read more
Affected Products : cpu-z- Published: Jan. 27, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Information Disclosure
-
5.5
MEDIUMCVE-2026-25122
apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.0, expandapk.Split drains the first gzip stream of an APK archive via io.Copy(io.Discard, gzi) without explicit bounds. With an attacker... Read more
Affected Products :- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2025-4763
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Aida Computer Information Technology Inc. Hotel Guest Hotspot allows Reflected XSS.This issue affects Hotel Guest Hotspot: through 22012026. NOT... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting
-
5.5
MEDIUMCVE-2026-20627
An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in watchOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An app may be able to access... Read more
- Published: Feb. 11, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Information Disclosure
-
5.5
MEDIUMCVE-2026-1682
A flaw has been found in Free5GC SMF up to 4.1.0. Affected is the function HandlePfcpAssociationReleaseRequest of the file internal/pfcp/handler/handler.go of the component PFCP UDP Endpoint. Executing a manipulation can lead to null pointer dereference. ... Read more
Affected Products : smf- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2025-14369
dr_flac, an audio decoder within the dr_libs toolset, contains an integer overflow vulnerability flaw due to trusting the totalPCMFrameCount field from FLAC metadata before calculating buffer size, allowing an attacker with a specially crafted file to per... Read more
Affected Products :- Published: Jan. 20, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2026-21315
Audition versions 25.3 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires ... Read more
Affected Products : audition- Published: Feb. 10, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2026-2055
A weakness has been identified in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. The affected element is an unknown function of the component DHCP Client Information Handler. Executing a manipulation can lead to information disclosure. The attack may be la... Read more
- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Information Disclosure
-
5.5
MEDIUMCVE-2025-15491
The Post Slides WordPress plugin through 1.0.1 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as with contributor or higher roles to perform LFI attacks... Read more
Affected Products :- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Path Traversal
-
5.5
MEDIUMCVE-2026-2056
A security vulnerability has been detected in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. The impacted element is an unknown function of the file /wan_connection_status.asp of the component DHCP Connection Status Handler. The manipulation leads to infor... Read more
- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Information Disclosure
-
5.5
MEDIUMCVE-2026-21261
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.... Read more
Affected Products : office 365_apps excel office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 +1 more products- Published: Feb. 10, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Information Disclosure
-
5.5
MEDIUMCVE-2026-20634
The issue was addressed with improved memory handling. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. Processing a malicio... Read more
- Published: Feb. 11, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2025-54149
An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a local attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerab... Read more
Affected Products : qsync_central- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2026-21358
InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to ... Read more
- Published: Feb. 10, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2026-2108
A vulnerability was determined in jsbroks COCO Annotator up to 0.11.1. This impacts an unknown function of the file /api/info/long_task of the component Endpoint. This manipulation causes denial of service. The attack may be initiated remotely. The exploi... Read more
Affected Products : coco_annotator- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2026-25920
SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, a heap out-of-bounds read vulnerability exists in SumatraPDF's MOBI HuffDic decompressor. The bounds check in AddCdicData() only validates half the range that DecodeOne() actually acce... Read more
Affected Products : sumatrapdf- Published: Feb. 09, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Memory Corruption