Latest CVE Feed
-
5.5
MEDIUMCVE-2026-21258
Improper input validation in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.... Read more
Affected Products : office 365_apps excel office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 +1 more products- Published: Feb. 10, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Information Disclosure
-
5.5
MEDIUMCVE-2026-20648
A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Tahoe 26.3. A malicious app may be able to access notifications from other iCloud devices.... Read more
Affected Products : macos- Published: Feb. 11, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Information Disclosure
-
5.5
MEDIUMCVE-2025-70092
A cross-site scripting (XSS) vulnerability in the Item Kits function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Item Name parameter.... Read more
Affected Products : open_source_point_of_sale- Published: Feb. 12, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Cross-Site Scripting
-
5.5
MEDIUMCVE-2026-20655
An authorization issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, iOS 18.7.5 and iPadOS 18.7.5. An attacker with physical access to a locked device may be able to view sensitive user information.... Read more
- Published: Feb. 11, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Authorization
-
5.5
MEDIUMCVE-2026-20678
An authorization issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, iOS 18.7.5 and iPadOS 18.7.5. An app may be able to access sensitive user data.... Read more
- Published: Feb. 11, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Authorization
-
5.5
MEDIUMCVE-2026-22795
Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file. Impact summary: An application processing a malformed PKCS#12 file can be caused to dereference an invalid or NULL pointer on memory r... Read more
Affected Products : openssl- Published: Jan. 27, 2026
- Modified: Feb. 02, 2026
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2025-65264
The kernel driver of CPUID CPU-Z v2.17 and earlier does not validate user-supplied values passed via its IOCTL interface, allowing an attacker to access sensitive information via a crafted request.... Read more
Affected Products : cpu-z- Published: Jan. 27, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Information Disclosure
-
5.5
MEDIUMCVE-2026-21332
InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of th... Read more
- Published: Feb. 10, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2026-21319
After Effects versions 25.6 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requ... Read more
- Published: Feb. 10, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2026-1734
A security flaw has been discovered in Zhong Bang CRMEB up to 5.6.3. This vulnerability affects unknown code of the file crmeb/app/api/controller/v1/CrontabController.php of the component crontab Endpoint. The manipulation results in missing authorization... Read more
Affected Products : crmeb- Published: Feb. 02, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Authorization
-
5.5
MEDIUMCVE-2026-20638
A logic issue was addressed with improved checks. This issue is fixed in iOS 26.3 and iPadOS 26.3. A user with Live Caller ID app extensions turned off could have identifying information leaked to the extensions.... Read more
- Published: Feb. 11, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Information Disclosure
-
5.5
MEDIUMCVE-2026-1737
A vulnerability was detected in Open5GS up to 2.7.6. The affected element is the function sgwc_s5c_handle_create_bearer_request of the file /src/sgwc/s5c-handler.c of the component CreateBearerRequest Handler. Performing a manipulation results in reachabl... Read more
Affected Products : open5gs- Published: Feb. 02, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2026-20619
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3. An app may be able to access sensitive user data.... Read more
Affected Products : macos- Published: Feb. 11, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Information Disclosure
-
5.5
MEDIUMCVE-2025-43417
A path handling issue was addressed with improved logic. This issue is fixed in macOS Sonoma 14.8.4. An app may be able to access user-sensitive data.... Read more
Affected Products : macos- Published: Feb. 11, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Path Traversal
-
5.5
MEDIUMCVE-2026-2147
A weakness has been identified in Tenda AC21 16.03.08.16. This impacts an unknown function of the file /cgi-bin/DownloadLog of the component Web Management Interface. Executing a manipulation can lead to information disclosure. The attack may be performed... Read more
- Published: Feb. 08, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Information Disclosure
-
5.5
MEDIUMCVE-2025-46306
The issue was addressed with improved bounds checks. This issue is fixed in macOS Tahoe 26, Keynote 15.1, iOS 26 and iPadOS 26. Processing a maliciously crafted Keynote file may disclose memory contents.... Read more
- Published: Jan. 28, 2026
- Modified: Jan. 30, 2026
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2026-20629
A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Tahoe 26.3. An app may be able to access user-sensitive data.... Read more
Affected Products : macos- Published: Feb. 11, 2026
- Modified: Feb. 17, 2026
- Vuln Type: Information Disclosure
-
5.5
MEDIUMCVE-2026-21222
Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 +4 more products- Published: Feb. 10, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Information Disclosure
-
5.5
MEDIUMCVE-2026-24927
Out-of-bounds access vulnerability in the frequency modulation module. Impact: Successful exploitation of this vulnerability may affect availability.... Read more
- Published: Feb. 06, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2025-50537
Stack overflow vulnerability in eslint before 9.26.0 when serializing objects with circular references in eslint/lib/shared/serialization.js. The exploit is triggered via the RuleTester.run() method, which validates test cases and checks for duplicates. D... Read more
Affected Products : eslint- Published: Jan. 26, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Memory Corruption