Latest CVE Feed
-
4.8
MEDIUMCVE-2026-2659
A vulnerability was determined in Squirrel up to 3.2. Affected by this vulnerability is the function SQFuncState::PopTarget of the file src/squirrel/squirrel/sqfuncstate.cpp. Executing a manipulation of the argument _target_stack can lead to out-of-bounds... Read more
Affected Products :- Published: Feb. 18, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Memory Corruption
-
4.8
MEDIUMCVE-2026-20055
Multiple vulnerabilities in the web-based management interface of Cisco Packaged Contact Center Enterprise (Packaged CCE) and Cisco Unified Contact Center Enterprise (Unified CCE) could allow an authenticated, remote attacker to conduct a cross-site scrip... Read more
- Published: Jan. 21, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2026-20109
Multiple vulnerabilities in the web-based management interface of Cisco Packaged Contact Center Enterprise (Packaged CCE) and Cisco Unified Contact Center Enterprise (Unified CCE) could allow an authenticated, remote attacker to conduct a cross-site scrip... Read more
- Published: Jan. 21, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-15564
A vulnerability has been found in Mapnik up to 4.2.0. This vulnerability affects the function mapnik::detail::mod<...>::operator of the file src/value.cpp. The manipulation leads to divide by zero. The attack needs to be performed locally. The exploit has... Read more
Affected Products : mapnik- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Denial of Service
-
4.8
MEDIUMCVE-2026-2662
A weakness has been identified in FascinatedBox lily up to 2.3. This vulnerability affects the function count_transforms of the file src/lily_emitter.c. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has ... Read more
Affected Products :- Published: Feb. 18, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Memory Corruption
-
4.8
MEDIUMCVE-2025-63354
Hitron HI3120 v7.2.4.5.2b1 allows stored XSS via the Parental Control option when creating a new filter. The device fails to properly handle inputs, allowing an attacker to inject and execute JavaScript.... Read more
- Published: Feb. 09, 2026
- Modified: Feb. 17, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-59905
Cross-Site Scripting (XSS) vulnerability reflected in Kubysoft, which occurs through multiple parameters within the endpoint ‘/node/kudaby/nodeFN/procedure’. This flaw allows the injection of arbitrary client-side scripts, which are immediately reflected ... Read more
Affected Products :- Published: Feb. 16, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2026-1990
A security vulnerability has been detected in oatpp up to 1.3.1. This impacts the function oatpp::data::type::ObjectWrapper::ObjectWrapper of the file src/oatpp/data/type/Type.hpp. The manipulation leads to null pointer dereference. Local access is requir... Read more
Affected Products :- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Memory Corruption
-
4.8
MEDIUMCVE-2026-25595
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting (XSS) vulnerability exists in InvoicePlane 1.7.0 via the Invoice Number field. An authenticated administrator can inject mali... Read more
Affected Products :- Published: Feb. 18, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-62183
Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access rights, impact to Confidentiality and Integrity are low.... Read more
Affected Products : infinity- Published: Feb. 17, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2026-1356
The Converter for Media – Optimize images | Convert WebP & AVIF plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.5.1 via the PassthruLoader::load_image_source function. This makes it possible for un... Read more
Affected Products : webp_converter_for_media- Published: Feb. 12, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Server-Side Request Forgery
-
4.8
MEDIUMCVE-2026-0947
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal AT Internet Piano Analytics allows Cross-Site Scripting (XSS).This issue affects AT Internet Piano Analytics: from 0.0.0 before 1.0.1, from 2.0.0 ... Read more
Affected Products : at_internet_piano_analytics- Published: Feb. 04, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2026-1444
A vulnerability has been found in iJason-Liu Books_Manager up to 298ba736387ca37810466349af13a0fdf828e99c. This affects an unknown part of the file controllers/books_center/add_book_check.php. Such manipulation of the argument mark leads to cross site scr... Read more
Affected Products :- Published: Jan. 26, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2026-2660
A vulnerability was identified in FascinatedBox lily up to 2.3. Affected by this issue is the function shorthash_for_name of the file src/lily_symtab.c. The manipulation leads to use after free. Local access is required to approach this attack. The exploi... Read more
Affected Products :- Published: Feb. 18, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Memory Corruption
-
4.8
MEDIUMCVE-2026-2246
A security vulnerability has been detected in AprilRobotics apriltag up to 3.4.5. Affected by this vulnerability is the function apriltag_detector_detect of the file apriltag.c. The manipulation leads to memory corruption. The attack must be carried out l... Read more
Affected Products :- Published: Feb. 09, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Memory Corruption
-
4.8
MEDIUMCVE-2026-2201
A security vulnerability has been detected in ZeroWdd studentmanager up to 2151560fc0a50ec00426785ec1e01a3763b380d9. This impacts the function addLeave of the file src/main/java/com/wdd/studentmanager/controller/LeaveController.java. The manipulation of t... Read more
Affected Products : studentmanager- Published: Feb. 09, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2026-1416
A security flaw has been discovered in GPAC up to 2.4.0. Affected by this vulnerability is the function DumpMovieInfo of the file applications/mp4box/filedump.c. The manipulation results in null pointer dereference. The attack must be initiated from a loc... Read more
Affected Products : gpac- Published: Jan. 26, 2026
- Modified: Jan. 28, 2026
- Vuln Type: Memory Corruption
-
4.8
MEDIUMCVE-2026-2661
A security flaw has been discovered in Squirrel up to 3.2. This affects the function SQObjectPtr::operator in the library squirrel/sqobject.h. The manipulation results in heap-based buffer overflow. The attack needs to be approached locally. The exploit h... Read more
Affected Products :- Published: Feb. 18, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Memory Corruption
-
4.8
MEDIUMCVE-2026-24325
SAP BusinessObjects Enterprise does not sufficiently encode user-controlled inputs, leading to Stored Cross-Site Scripting (XSS) vulnerability. This enables an admin user to inject malicious JavaScript into a website and the injected script gets executed ... Read more
Affected Products : businessobjects_enterprise- Published: Feb. 10, 2026
- Modified: Feb. 17, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2026-21925
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: RMI). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25... Read more
- Published: Jan. 20, 2026
- Modified: Jan. 30, 2026