Latest CVE Feed
-
4.6
MEDIUMCVE-2023-20601
Improper input validation within RAS TA Driver can allow a local attacker to access out-of-bounds memory, potentially resulting in a denial-of-service condition.... Read more
Affected Products :- Published: Feb. 12, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Memory Corruption
-
4.6
MEDIUMCVE-2026-1094
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 before 18.8.4 that could have allowed an authenticated developer to hide specially crafted file changes from the WebUI.... Read more
- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Information Disclosure
-
4.6
MEDIUMCVE-2026-25230
FileRise is a self-hosted web file manager / WebDAV server. Prior to 3.3.0, an HTML Injection vulnerability allows an authenticated user to modify the DOM and add e.g. form elements that call certain endpoints or link elements that redirect the user on ac... Read more
Affected Products : filerise- Published: Feb. 09, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Cross-Site Scripting
-
4.6
MEDIUMCVE-2025-48517
Insufficient Granularity of Access Control in SEV firmware could allow a privileged user with a malicious hypervisor to create a SEV-ES guest with an ASID in the range meant for SEV-SNP guests potentially resulting in a partial loss of confidentiality.... Read more
Affected Products :- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authorization
-
4.6
MEDIUMCVE-2026-20674
A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 26.3 and iPadOS 26.3. An attacker with physical access to a locked device may be able to view sensitive user information.... Read more
- Published: Feb. 11, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Information Disclosure
-
4.6
MEDIUMCVE-2024-36311
A Time-of-check time-of-use (TOCTOU) race condition in the SMM communications buffer could allow a privileged attacker to bypass input validation and perform an out of bounds read or write, potentially resulting in loss of confidentiality, integrity, or a... Read more
Affected Products :- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Race Condition
-
4.6
MEDIUMCVE-2026-20662
An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3. An attacker with physical access to a locked device may be able to view sensitive user information.... Read more
Affected Products : macos- Published: Feb. 11, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Authorization
-
4.6
MEDIUMCVE-2026-20661
An authorization issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, iOS 18.7.5 and iPadOS 18.7.5. An attacker with physical access to a locked device may be able to view sensitive user information.... Read more
- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Authorization
-
4.6
MEDIUMCVE-2025-12774
A vulnerability in the migration script for Brocade SANnav before 3.0 could allow the collection of database sql queries in the SANnav support save file. An attacker with access to Brocade SANnav supportsave file, could open the file and then obtain sens... Read more
- Published: Feb. 03, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Information Disclosure
-
4.6
MEDIUMCVE-2025-58381
A vulnerability in Brocade Fabric OS before 9.2.1c2 could allow an authenticated attacker with admin privileges using the shell commands “source, ping6, sleep, disown, wait to modify the path variables and move upwards in the directory structure or to... Read more
Affected Products : fabric_operating_system- Published: Feb. 03, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Path Traversal
-
4.6
MEDIUMCVE-2026-1464
Integer Overflow or Wraparound vulnerability in MuntashirAkon AppManager (app/src/main/java/org/apache/commons/compress/archivers/tar modules). This vulnerability is associated with program files TarUtils.Java. This issue affects AppManager: before 4.0.4... Read more
Affected Products :- Published: Jan. 27, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Memory Corruption
-
4.6
MEDIUMCVE-2026-21981
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure wh... Read more
Affected Products : vm_virtualbox- Published: Jan. 20, 2026
- Modified: Jan. 29, 2026
-
4.6
MEDIUMCVE-2025-9226
Zohocorp ManageEngine OpManager, NetFlow Analyzer, and OpUtils versions prior to 128582 are affected by a stored cross-site scripting vulnerability in the Subnet Details.... Read more
- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Cross-Site Scripting
-
4.6
MEDIUMCVE-2026-25068
alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder. The tplg_decode_control_mixer1() function reads the num_channels field from untrusted .tplg data and... Read more
Affected Products :- Published: Jan. 29, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Memory Corruption
-
4.6
MEDIUMCVE-2025-59096
The default password for the extended admin user mode in the application U9ExosAdmin.exe ("Kaba 9300 Administration") is hard-coded in multiple locations as well as documented in the locally stored user documentation.... Read more
Affected Products :- Published: Jan. 26, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authentication
-
4.6
MEDIUMCVE-2025-58380
A vulnerability in Brocade Fabric OS before 9.2.1 could allow an authenticated attacker with admin privileges using the shell command “grep” to modify the path variables and move upwards in the directory structure or to traverse to different directories.... Read more
Affected Products : fabric_operating_system- Published: Feb. 03, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Path Traversal
-
4.6
MEDIUMCVE-2025-12757
An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are not permitted to.... Read more
- Published: Feb. 10, 2026
- Modified: Feb. 17, 2026
- Vuln Type: Authorization
-
4.6
MEDIUMCVE-2026-1735
A weakness has been identified in Yealink MeetingBar A30 133.321.0.3. This issue affects some unknown processing of the component Diagnostic Handler. This manipulation causes command injection. It is feasible to perform the attack on the physical device. ... Read more
Affected Products :- Published: Feb. 02, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Injection
-
4.6
MEDIUMCVE-2026-22625
Improper handling of filenames in certain HIKSEMI NAS products may lead to the exposure of sensitive system files.... Read more
Affected Products :- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Information Disclosure
-
4.6
MEDIUMCVE-2026-20640
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3. An attacker with physical access to iPhone may be able to take and view screenshots of sensitive data from the iPhone durin... Read more
- Published: Feb. 11, 2026
- Modified: Feb. 17, 2026
- Vuln Type: Information Disclosure