Latest CVE Feed
-
4.8
MEDIUMCVE-2025-15571
A security vulnerability has been detected in ckolivas lrzip up to 0.651. This vulnerability affects the function ucompthread of the file stream.c. Such manipulation leads to null pointer dereference. The attack can only be performed from a local environm... Read more
Affected Products : lrzip- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Denial of Service
-
4.8
MEDIUMCVE-2026-24594
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in livemesh Livemesh Addons for WPBakery Page Builder addons-for-visual-composer allows Stored XSS.This issue affects Livemesh Addons for WPBakery Page Buil... Read more
Affected Products : wpbakery_page_builder_addons- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2026-2222
A weakness has been identified in code-projects Online Reviewer System 1.0. Affected by this vulnerability is an unknown functionality of the file /system/system/admins/manage/users/btn_functions.php. Executing a manipulation of the argument firstname can... Read more
Affected Products : online_reviewer_system- Published: Feb. 09, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2026-1705
A vulnerability was detected in D-Link DSL-6641K N8.TR069.20131126. Affected by this issue is the function ad_virtual_server_vdsl of the component Web Interface. Performing a manipulation of the argument Name results in cross site scripting. It is possibl... Read more
Affected Products : dsl-6641k_firmware- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2026-26989
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are affected by a Stored Cross-Site Scripting (XSS) vulnerability in the Alert Rules workflow. An attacker with administrative privileges can inject m... Read more
Affected Products : librenms- Published: Feb. 20, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2026-1417
A weakness has been identified in GPAC up to 2.4.0. Affected by this issue is the function dump_isom_rtp of the file applications/mp4box/filedump.c. This manipulation causes null pointer dereference. The attack needs to be launched locally. The exploit ha... Read more
Affected Products : gpac- Published: Jan. 26, 2026
- Modified: Jan. 28, 2026
- Vuln Type: Memory Corruption
-
4.8
MEDIUMCVE-2026-2214
A weakness has been identified in code-projects for Plugin 1.0. This affects an unknown part of the file /Administrator/PHP/AdminAddAlbum.php. This manipulation of the argument txtalbum causes cross site scripting. It is possible to initiate the attack re... Read more
Affected Products : online_music_site- Published: Feb. 09, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2026-25491
Craft is a platform for creating digital experiences. From 5.0.0-RC1 to 5.8.21, Craft has a stored XSS via Entry Type names. The name is not sanitized when displayed in the Entry Types list. This vulnerability is fixed in 5.8.22.... Read more
Affected Products : craft_cms- Published: Feb. 09, 2026
- Modified: Feb. 19, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2026-2201
A security vulnerability has been detected in ZeroWdd studentmanager up to 2151560fc0a50ec00426785ec1e01a3763b380d9. This impacts the function addLeave of the file src/main/java/com/wdd/studentmanager/controller/LeaveController.java. The manipulation of t... Read more
Affected Products : studentmanager- Published: Feb. 09, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2026-25595
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting (XSS) vulnerability exists in InvoicePlane 1.7.0 via the Invoice Number field. An authenticated administrator can inject mali... Read more
Affected Products : invoiceplane- Published: Feb. 18, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2026-20111
A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of the interface of an affected system. This vulnerabi... Read more
Affected Products : prime_infrastructure- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2026-2240
A vulnerability has been found in janet-lang janet up to 1.40.1. The impacted element is the function janetc_pop_funcdef of the file src/core/compile.c. Such manipulation leads to out-of-bounds read. The attack must be carried out locally. The exploit has... Read more
Affected Products :- Published: Feb. 09, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Memory Corruption
-
4.8
MEDIUMCVE-2026-27576
OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, the ACP bridge accepts very large prompt text blocks and can assemble oversized prompt payloads before forwarding them to chat.send. Because ACP runs over local stdio, this mainly affec... Read more
Affected Products :- Published: Feb. 21, 2026
- Modified: Feb. 21, 2026
- Vuln Type: Denial of Service
-
4.8
MEDIUMCVE-2026-1744
A vulnerability was found in D-Link DSL-6641K N8.TR069.20131126. Affected by this issue is the function doSubmitPPP of the file sp_pppoe_user.js. The manipulation of the argument Username results in cross site scripting. The attack may be launched remotel... Read more
- Published: Feb. 02, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2026-25484
Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, there is a Stored XSS via Product Type names. The name is not sanitized when displayed in user permissions settings. The vulnerable input ... Read more
- Published: Feb. 03, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2026-2817
Use of insecure directory in Spring Data Geode snapshot import extracts archives into predictable, permissive directories under the system temp location. On shared hosts, a local user with basic privileges can access another user’s extracted snapshot cont... Read more
Affected Products :- Published: Feb. 19, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Information Disclosure
-
4.8
MEDIUMCVE-2026-2156
A weakness has been identified in code-projects Online Student Management System 1.0. The impacted element is an unknown function of the file /admin/announcement/index.php?view=add of the component Announcement Management Module. This manipulation causes ... Read more
Affected Products : online_student_management_system- Published: Feb. 08, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2026-1971
A vulnerability has been found in Edimax BR-6288ACL up to 1.12. Impacted is the function wiz_WISP24gmanual of the file wiz_WISP24gmanual.asp. Such manipulation of the argument manualssid leads to cross site scripting. The attack can be launched remotely. ... Read more
- Published: Feb. 06, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2026-2858
A vulnerability was identified in wren-lang wren up to 0.4.0. This affects the function peekChar of the file src/vm/wren_compiler.c of the component Source File Parser. Such manipulation leads to out-of-bounds read. The attack needs to be performed locall... Read more
Affected Products : wren- Published: Feb. 20, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Memory Corruption
-
4.8
MEDIUMCVE-2026-27007
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, `normalizeForHash` in `src/agents/sandbox/config-hash.ts` recursively sorted arrays that contained only primitive values. This made order-sensitive sandbox configuration arrays hash to the s... Read more
Affected Products : openclaw- Published: Feb. 20, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Misconfiguration