Latest CVE Feed
-
4.6
MEDIUMCVE-2026-25068
alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder. The tplg_decode_control_mixer1() function reads the num_channels field from untrusted .tplg data and... Read more
Affected Products :- Published: Jan. 29, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Memory Corruption
-
4.6
MEDIUMCVE-2025-58380
A vulnerability in Brocade Fabric OS before 9.2.1 could allow an authenticated attacker with admin privileges using the shell command “grep” to modify the path variables and move upwards in the directory structure or to traverse to different directories.... Read more
Affected Products : fabric_operating_system- Published: Feb. 03, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Path Traversal
-
4.6
MEDIUMCVE-2025-58381
A vulnerability in Brocade Fabric OS before 9.2.1c2 could allow an authenticated attacker with admin privileges using the shell commands “source, ping6, sleep, disown, wait to modify the path variables and move upwards in the directory structure or to... Read more
Affected Products : fabric_operating_system- Published: Feb. 03, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Path Traversal
-
4.6
MEDIUMCVE-2026-22625
Improper handling of filenames in certain HIKSEMI NAS products may lead to the exposure of sensitive system files.... Read more
Affected Products :- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Information Disclosure
-
4.6
MEDIUMCVE-2025-12774
A vulnerability in the migration script for Brocade SANnav before 3.0 could allow the collection of database sql queries in the SANnav support save file. An attacker with access to Brocade SANnav supportsave file, could open the file and then obtain sens... Read more
- Published: Feb. 03, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Information Disclosure
-
4.6
MEDIUMCVE-2025-9226
Zohocorp ManageEngine OpManager, NetFlow Analyzer, and OpUtils versions prior to 128582 are affected by a stored cross-site scripting vulnerability in the Subnet Details.... Read more
- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Cross-Site Scripting
-
4.6
MEDIUMCVE-2025-59096
The default password for the extended admin user mode in the application U9ExosAdmin.exe ("Kaba 9300 Administration") is hard-coded in multiple locations as well as documented in the locally stored user documentation.... Read more
Affected Products :- Published: Jan. 26, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authentication
-
4.6
MEDIUMCVE-2026-24360
Server-Side Request Forgery (SSRF) vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Server Side Request Forgery.This issue affects Seriously Simple Podcasting: from n/a through <= 3.14.1.... Read more
Affected Products : seriously_simple_podcasting- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Server-Side Request Forgery
-
4.6
MEDIUMCVE-2025-6590
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLUserTextField.Php. This issue affects MediaWiki: from * through 1... Read more
Affected Products : mediawiki- Published: Feb. 02, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Information Disclosure
-
4.6
MEDIUMCVE-2026-1735
A weakness has been identified in Yealink MeetingBar A30 133.321.0.3. This issue affects some unknown processing of the component Diagnostic Handler. This manipulation causes command injection. It is feasible to perform the attack on the physical device. ... Read more
Affected Products :- Published: Feb. 02, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Injection
-
4.6
MEDIUMCVE-2026-21981
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure wh... Read more
Affected Products : vm_virtualbox- Published: Jan. 20, 2026
- Modified: Jan. 29, 2026
-
4.5
MEDIUMCVE-2025-13064
A server-side injection was possible for a malicious admin to manipulate the application to include a malicious script which is executed by the server. This attack is only possible if the admin uses a client that have been tampered with.... Read more
- Published: Feb. 10, 2026
- Modified: Feb. 17, 2026
- Vuln Type: Injection
-
4.5
MEDIUMCVE-2025-29946
Insufficient or Incomplete Data Removal in Hardware Component in SEV firmware doesn't fully flush IOMMU. This can potentially lead to a loss of confidentiality and integrity in guest memory.... Read more
Affected Products :- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Memory Corruption
-
4.5
MEDIUMCVE-2026-1770
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass sandbox ... Read more
Affected Products : craftercms- Published: Feb. 02, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Injection
-
4.5
MEDIUMCVE-2026-21975
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.29 and 21.3-21.20. Easily exploitable vulnerability allows high privileged attacker having Authenticated User privilege with network acces... Read more
- Published: Jan. 20, 2026
- Modified: Jan. 29, 2026
-
4.4
MEDIUMCVE-2026-20603
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Tahoe 26.3. An app with root privileges may be able to access private information.... Read more
Affected Products : macos- Published: Feb. 11, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Information Disclosure
-
4.4
MEDIUMCVE-2026-0724
The WPlyr Media Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_wplyr_accent_color' parameter in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attribu... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Cross-Site Scripting
-
4.4
MEDIUMCVE-2026-0815
The Category Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag-image' parameter in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticat... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Cross-Site Scripting
-
4.4
MEDIUMCVE-2026-23685
Due to a Deserialization vulnerability in SAP NetWeaver (JMS service), an attacker authenticated as an administrator with local access could submit specially crafted content to the server. If processed by the application, this content could trigger uninte... Read more
Affected Products : netweaver- Published: Feb. 10, 2026
- Modified: Feb. 17, 2026
- Vuln Type: Denial of Service
-
4.4
MEDIUMCVE-2025-67125
A signed integer overflow in docopt.cpp v0.6.2 (LeafPattern::match in docopt_private.h) when merging occurrence counters (e.g., default LONG_MAX + first user "-v/--verbose") can cause counter wrap (negative/unbounded semantics) and lead to logic/policy by... Read more
Affected Products : docopt.cpp- Published: Jan. 23, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Misconfiguration