Latest CVE Feed
-
6.0
MEDIUMCVE-2025-1924
A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receive maliciously crafted packets, a DoS attack may cause Vnet/IP communication functions to stop or arbitrary programs to be exec... Read more
Affected Products :- Published: Feb. 13, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Denial of Service
-
5.9
MEDIUMCVE-2026-23684
A race condition vulnerability exists in the SAP Commerce cloud. Because of this when an attacker adds products to a cart, it may result in a cart entry being created with erroneous product value which could be checked out. This leads to high impact on da... Read more
Affected Products : commerce_cloud- Published: Feb. 10, 2026
- Modified: Feb. 17, 2026
- Vuln Type: Race Condition
-
5.9
MEDIUMCVE-2026-25556
MuPDF versions 1.23.0 through 1.27.0 contain a double-free vulnerability in fz_fill_pixmap_from_display_list() when an exception occurs during display list rendering. The function accepts a caller-owned fz_pixmap pointer but incorrectly drops the pixmap i... Read more
Affected Products :- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Memory Corruption
-
5.9
MEDIUMCVE-2024-21953
Improper input validation in IOMMU could allow a malicious hypervisor to reconfigure IOMMU registers resulting in loss of guest data integrity.... Read more
Affected Products :- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Misconfiguration
-
5.9
MEDIUMCVE-2025-27903
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows transmits data in a cleartext communication channel that could allow an attacker to obtain sensitive information using man in the middle techniques.... Read more
Affected Products : db2_recovery_expert_for_luw- Published: Feb. 17, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Information Disclosure
-
5.9
MEDIUMCVE-2025-67231
A reflected cross-site scripting (XSS) vulnerability in ToDesktop Builder v0.33.1 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload.... Read more
Affected Products : builder- Published: Jan. 23, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Cross-Site Scripting
-
5.9
MEDIUMCVE-2025-29952
Improper Initialization within the AMD Secure Encrypted Virtualization (SEV) firmware can allow an admin privileged attacker to corrupt RMP covered memory, potentially resulting in loss of guest memory integrity... Read more
Affected Products :- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Memory Corruption
-
5.9
MEDIUMCVE-2026-25918
unity-cli is a command line utility for the Unity Game Engine. Prior to 1.8.2 , the sign-package command in @rage-against-the-pixel/unity-cli logs sensitive credentials in plaintext when the --verbose flag is used. Command-line arguments including --email... Read more
Affected Products :- Published: Feb. 09, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Information Disclosure
-
5.9
MEDIUMCVE-2025-15551
The response coming from TP-Link Archer MR200 v5.2, C20 v6, TL-WR850N v3, and TL-WR845N v4 for any request is getting executed by the JavaScript function like eval directly without any check. Attackers can exploit this vulnerability via a Man-in-the-Middl... Read more
- Published: Feb. 05, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Injection
-
5.9
MEDIUMCVE-2026-24620
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PluginOps Landing Page Builder page-builder-add allows Stored XSS.This issue affects Landing Page Builder: from n/a through <= 1.5.3.3.... Read more
Affected Products : landing_page_builder- Published: Jan. 23, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Cross-Site Scripting
-
5.9
MEDIUMCVE-2026-24909
vlt before 1.0.0-rc.10 mishandles path sanitization for tar, leading to path traversal during extraction.... Read more
Affected Products :- Published: Jan. 27, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Path Traversal
-
5.9
MEDIUMCVE-2025-68686
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions may allo... Read more
Affected Products : fortios- Published: Feb. 10, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Information Disclosure
-
5.9
MEDIUMCVE-2026-25518
cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the process of obtaining, renewing and using those certificates. In versions from 1.18.0 to before 1.18.5 and from 1.19.0 to before 1.19.3, the... Read more
Affected Products :- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Denial of Service
-
5.9
MEDIUMCVE-2025-33101
IBM Concert 1.0.0 through 2.1.0 could allow an attacker to obtain sensitive information using man in the middle techniques due to improper clearing of heap memory.... Read more
Affected Products : concert- Published: Feb. 17, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Information Disclosure
-
5.9
MEDIUMCVE-2025-59472
A denial of service vulnerability exists in Next.js versions with Partial Prerendering (PPR) enabled when running in minimal mode. The PPR resume endpoint accepts unauthenticated POST requests with the `Next-Resume: 1` header and processes attacker-contro... Read more
Affected Products : next.js- Published: Jan. 26, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Denial of Service
-
5.9
MEDIUMCVE-2026-24584
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Tutor LMS BunnyNet Integration tutor-lms-bunnynet-integration allows DOM-Based XSS.This issue affects Tutor LMS BunnyNet Integration: from n/a th... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Cross-Site Scripting
-
5.9
MEDIUMCVE-2025-29948
Improper access control in AMD Secure Encrypted Virtualization (SEV) firmware could allow a malicious hypervisor to bypass RMP protections, potentially resulting in a loss of SEV-SNP guest memory integrity.... Read more
Affected Products :- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authorization
-
5.9
MEDIUMCVE-2026-25151
Qwik is a performance focused javascript framework. Prior to version 1.19.0, Qwik City’s server-side request handler inconsistently interprets HTTP request headers, which can be abused by a remote attacker to circumvent form submission CSRF protections us... Read more
Affected Products : qwik- Published: Feb. 03, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Cross-Site Request Forgery
-
5.9
MEDIUMCVE-2026-24738
gmrtd is a Go library for reading Machine Readable Travel Documents (MRTDs). Prior to version 0.17.2, ReadFile accepts TLVs with lengths that can range up to 4GB, which can cause unconstrained resource consumption in both memory and cpu cycles. ReadFile c... Read more
Affected Products :- Published: Jan. 27, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Denial of Service
-
5.9
MEDIUMCVE-2026-24929
Out-of-bounds read vulnerability in the graphics module. Impact: Successful exploitation of this vulnerability may affect availability.... Read more
Affected Products : harmonyos- Published: Feb. 06, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Memory Corruption