Latest CVE Feed
-
4.8
MEDIUMCVE-2026-1971
A vulnerability has been found in Edimax BR-6288ACL up to 1.12. Impacted is the function wiz_WISP24gmanual of the file wiz_WISP24gmanual.asp. Such manipulation of the argument manualssid leads to cross site scripting. The attack can be launched remotely. ... Read more
Affected Products : br-6288acl_firmware- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2026-22281
Dell PowerScale OneFS, versions 9.5.0.0 through 9.5.1.5, versions 9.6.0.0 through 9.7.1.10, versions 9.8.0.0 through 9.10.1.3, versions starting from 9.11.0.0 and prior to 9.13.0.0, contains a Time-of-check Time-of-use (TOCTOU) race condition vulnerabilit... Read more
Affected Products : powerscale_onefs- Published: Jan. 22, 2026
- Modified: Jan. 28, 2026
- Vuln Type: Race Condition
-
4.8
MEDIUMCVE-2026-2661
A security flaw has been discovered in Squirrel up to 3.2. This affects the function SQObjectPtr::operator in the library squirrel/sqobject.h. The manipulation results in heap-based buffer overflow. The attack needs to be approached locally. The exploit h... Read more
Affected Products :- Published: Feb. 18, 2026
- Modified: Feb. 19, 2026
- Vuln Type: Memory Corruption
-
4.8
MEDIUMCVE-2026-1705
A vulnerability was detected in D-Link DSL-6641K N8.TR069.20131126. Affected by this issue is the function ad_virtual_server_vdsl of the component Web Interface. Performing a manipulation of the argument Name results in cross site scripting. It is possibl... Read more
Affected Products : dsl-6641k_firmware- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2026-2246
A security vulnerability has been detected in AprilRobotics apriltag up to 3.4.5. Affected by this vulnerability is the function apriltag_detector_detect of the file apriltag.c. The manipulation leads to memory corruption. The attack must be carried out l... Read more
Affected Products :- Published: Feb. 09, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Memory Corruption
-
4.8
MEDIUMCVE-2025-62183
Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access rights, impact to Confidentiality and Integrity are low.... Read more
Affected Products : infinity- Published: Feb. 17, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2026-1416
A security flaw has been discovered in GPAC up to 2.4.0. Affected by this vulnerability is the function DumpMovieInfo of the file applications/mp4box/filedump.c. The manipulation results in null pointer dereference. The attack must be initiated from a loc... Read more
Affected Products : gpac- Published: Jan. 26, 2026
- Modified: Jan. 28, 2026
- Vuln Type: Memory Corruption
-
4.8
MEDIUMCVE-2025-63354
Hitron HI3120 v7.2.4.5.2b1 allows stored XSS via the Parental Control option when creating a new filter. The device fails to properly handle inputs, allowing an attacker to inject and execute JavaScript.... Read more
- Published: Feb. 09, 2026
- Modified: Feb. 17, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2026-2644
A weakness has been identified in niklasso minisat up to 2.2.0. This issue affects the function Solver::value in the library core/SolverTypes.h of the component DIMACS File Parser. This manipulation of the argument variable index with the input 2147483648... Read more
Affected Products :- Published: Feb. 18, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Memory Corruption
-
4.8
MEDIUMCVE-2025-15571
A security vulnerability has been detected in ckolivas lrzip up to 0.651. This vulnerability affects the function ucompthread of the file stream.c. Such manipulation leads to null pointer dereference. The attack can only be performed from a local environm... Read more
Affected Products : lrzip- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Denial of Service
-
4.8
MEDIUMCVE-2026-25596
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting (XSS) vulnerability exists in InvoicePlane 1.7.0 via the Product Unit Name fields. An authenticated administrator can inject ... Read more
Affected Products : invoiceplane- Published: Feb. 18, 2026
- Modified: Feb. 19, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2026-25496
Craft is a platform for creating digital experiences. In Craft versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21, a stored XSS vulnerability exists in the Number field type settings. The Prefix and Suffix fields are rendered using the |md|ra... Read more
Affected Products : craft_cms- Published: Feb. 09, 2026
- Modified: Feb. 19, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2026-20111
A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of the interface of an affected system. This vulnerabi... Read more
Affected Products : prime_infrastructure- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2026-2245
A vulnerability was identified in CCExtractor up to 183. This affects the function parse_PAT/parse_PMT in the library src/lib_ccx/ts_tables.c of the component MPEG-TS File Parser. Such manipulation leads to out-of-bounds read. The attack can only be perfo... Read more
Affected Products :- Published: Feb. 09, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Memory Corruption
-
4.8
MEDIUMCVE-2026-2642
A security vulnerability has been detected in ggreer the_silver_searcher up to 2.2.0. The impacted element is the function search_stream of the file src/search.c. The manipulation leads to null pointer dereference. Local access is required to approach thi... Read more
Affected Products :- Published: Feb. 18, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Memory Corruption
-
4.8
MEDIUMCVE-2026-1417
A weakness has been identified in GPAC up to 2.4.0. Affected by this issue is the function dump_isom_rtp of the file applications/mp4box/filedump.c. This manipulation causes null pointer dereference. The attack needs to be launched locally. The exploit ha... Read more
Affected Products : gpac- Published: Jan. 26, 2026
- Modified: Jan. 28, 2026
- Vuln Type: Memory Corruption
-
4.8
MEDIUMCVE-2026-0749
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Form Builder allows Cross-Site Scripting (XSS).This issue affects Drupal: from 7.X-1.0 through 7.X-1.22.... Read more
Affected Products : drupal- Published: Jan. 28, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-54514
Improper isolation of shared resources on a system on a chip by a malicious local attacker with high privileges could potentially lead to a partial loss of integrity.... Read more
Affected Products :- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Misconfiguration
-
4.8
MEDIUMCVE-2025-15549
FluentCMS 2026 contains a stored cross-site scripting vulnerability that allows authenticated administrators to upload SVG files with embedded JavaScript via the File Management module. Attackers can upload malicious SVG files that execute JavaScript in t... Read more
Affected Products : fluentcms- Published: Jan. 29, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2026-2703
A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::decode_base64 of the file source/detail/cryptography/base64.cpp of the component Encrypted XLSX File Parser. Executing a manipulation can lead to off... Read more
Affected Products :- Published: Feb. 19, 2026
- Modified: Feb. 19, 2026
- Vuln Type: Memory Corruption