Latest CVE Feed
-
5.7
MEDIUMCVE-2026-24743
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting (XSS) vulnerability occurs in the upload Invoice Logo functions of InvoicePlane version 1.7.0. The Upload Invoice Logo functi... Read more
Affected Products : invoiceplane- Published: Feb. 18, 2026
- Modified: Feb. 19, 2026
- Vuln Type: Cross-Site Scripting
-
5.7
MEDIUMCVE-2025-9289
A Cross-Site Scripting (XSS) vulnerability was identified in a parameter in Omada Controllers due to improper input sanitization. Exploitation requires advanced conditions, such as network positioning or emulating a trusted entity, and user interaction by... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting
-
5.6
MEDIUMCVE-2025-27940
Out-of-bounds read for some TDX Module before version tdx1.5 within Ring 0: Hypervisor may allow an information disclosure. Software side channel adversary with a privileged user combined with a high complexity attack may enable data exposure. This result... Read more
Affected Products :- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Information Disclosure
-
5.6
MEDIUMCVE-2025-32007
Out-of-bounds read for some TDX before version tdx module 1.5.24 within Ring 0: Hypervisor may allow an information disclosure. Authorized adversary with a privileged user combined with a low complexity attack may enable data exposure. This result may pot... Read more
Affected Products :- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Information Disclosure
-
5.6
MEDIUMCVE-2025-22885
Improper buffer restrictions in the firmware for the TDX Module may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially o... Read more
Affected Products :- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Memory Corruption
-
5.6
MEDIUMCVE-2025-31944
Race condition for some TDX Module before version tdx1.5 within Ring 0: Hypervisor may allow a denial of service. Authorized adversary with a privileged user combined with a high complexity attack may enable denial of service. This result may potentially ... Read more
Affected Products :- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Race Condition
-
5.6
MEDIUMCVE-2025-27535
Exposed ioctl with insufficient access control in the firmware for some Intel(R) Ethernet Connection E825-C. before version NVM ver. 3.84 within Ring 0: Bare Metal OS may allow a denial of service. System software adversary with a privileged user combined... Read more
Affected Products :- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Denial of Service
-
5.6
MEDIUMCVE-2026-2738
Buffer overflow in ovpn‑dco‑win version 2.8.0 allows local attackers to cause a system crash by sending too large packets to the remote peer when the AEAD tag appears at the end of the encrypted packet... Read more
Affected Products :- Published: Feb. 19, 2026
- Modified: Feb. 19, 2026
- Vuln Type: Memory Corruption
-
5.6
MEDIUMCVE-2025-27708
Out-of-bounds read in the firmware for some Intel(R) Converged Security and Management Engine (CSME) Firmware (FW) within Ring 0: Kernel may allow an information disclosure. System software adversary with a privileged user combined with a low complexity a... Read more
Affected Products :- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Information Disclosure
-
5.6
MEDIUMCVE-2025-27572
Exposure of sensitive information during transient execution for some TDX within Ring 0: Hypervisor may allow an information disclosure. Authorized adversary with a privileged user combined with a high complexity attack may enable data exposure. This resu... Read more
Affected Products :- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Information Disclosure
-
5.6
MEDIUMCVE-2025-32467
Use of uninitialized variable for some TDX Module before version tdx1.5 within Ring 0: Hypervisor may allow an information disclosure. Authorized adversary with a privileged user combined with a high complexity attack may enable data exposure. This result... Read more
Affected Products :- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Information Disclosure
-
5.5
MEDIUMCVE-2026-20625
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3, macOS Sonoma 14.8.4, visionOS 26.3. An app may be able to access sensitive user data.... Read more
- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Path Traversal
-
5.5
MEDIUMCVE-2025-15469
Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when using one-shot signing algorithms and reports success instead of an error. Impact summary: A user signing or verifying files larger than 16MB with one-shot alg... Read more
Affected Products : openssl- Published: Jan. 27, 2026
- Modified: Feb. 02, 2026
- Vuln Type: Cryptography
-
5.5
MEDIUMCVE-2026-20415
In imgsys, there is a possible memory corruption due to improper locking. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10363254; I... Read more
- Published: Feb. 02, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2025-28162
Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via the pngimage with AddressSanitizer (ASan), the program leaks memory in various locations, eventually leading to high memory usage and causing th... Read more
Affected Products : libpng- Published: Jan. 27, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2025-54149
An uncontrolled resource consumption vulnerability has been reported to affect Qsync Central. If a local attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fixed the vulnerab... Read more
Affected Products : qsync_central- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2026-20648
A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Tahoe 26.3. A malicious app may be able to access notifications from other iCloud devices.... Read more
Affected Products : macos- Published: Feb. 11, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Information Disclosure
-
5.5
MEDIUMCVE-2026-21358
InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to ... Read more
- Published: Feb. 10, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2026-25541
Bytes is a utility library for working with bytes. From version 1.2.1 to before 1.11.1, Bytes is vulnerable to integer overflow in BytesMut::reserve. In the unique reclaim path of BytesMut::reserve, if the condition "v_capacity >= new_cap + offset" uses a... Read more
Affected Products :- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2026-2552
A vulnerability was identified in ZenTao up to 21.7.8. Affected by this issue is the function delete of the file editor/control.php of the component Committer. Such manipulation of the argument filePath leads to path traversal. Upgrading to version 21.7.9... Read more
Affected Products : zentao- Published: Feb. 16, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Path Traversal