Latest CVE Feed
-
1.1
LOWCVE-2026-24050
Zulip is an open-source team collaboration tool. From 5.0 to before 11.5, some administrative actions on the user profile were susceptible to stored XSS in group names or channel names. Exploiting these vulnerabilities required the user explicitly interac... Read more
Affected Products : zulip- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2019-25299
RimbaLinux AhadPOS 1.11 contains a SQL injection vulnerability in the 'alamatCustomer' parameter that allows attackers to manipulate database queries through crafted POST requests. Attackers can exploit time-based and boolean-based blind SQL injection tec... Read more
Affected Products :- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Injection
-
8.2
HIGHCVE-2026-23989
REVA is an interoperability platform. Prior to 2.42.3 and 2.40.3, a bug in the GRPC authorization middleware of the "Reva" component of OpenCloud allows a malicious user to bypass the scope verification of a public link. By exploiting this via the the "ar... Read more
Affected Products :- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Authorization
-
0.0
NONECVE-2026-22254
Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Versions of Winter CMS before 1.2.10 allow users with access to the CMS Asset Manager were able to upload SVGs without automatic sanitization. To actively ex... Read more
Affected Products : winter- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Injection
-
7.1
HIGHCVE-2026-25640
Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. From 1.34.0 to before 1.51.0, a path traversal vulnerability in the Pydantic AI web UI allows an attacker to serve arbitrary JavaScript in the context of ... Read more
Affected Products :- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Path Traversal
-
6.4
MEDIUMCVE-2019-25294
html5_snmp 1.11 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through the 'Remark' parameter in add_router_operation.php. Attackers can craft a POST request with a script payload in the Remark f... Read more
Affected Products :- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Cross-Site Scripting
-
8.5
HIGHCVE-2019-25305
JumpStart 0.6.0.0 contains an unquoted service path vulnerability in the jswpbapi service running with LocalSystem privileges. Attackers can exploit the unquoted path containing spaces to inject and execute malicious code with elevated system permissions.... Read more
Affected Products :- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Misconfiguration
-
7.7
HIGHCVE-2025-13523
Mattermost Confluence plugin version <1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Confluence users with malicious display names to execute arbitrary JavaScript in victim browsers via s... Read more
Affected Products : confluence- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2019-25303
TheJshen ContentManagementSystem 1.04 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'id' GET parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to ... Read more
Affected Products :- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Injection
-
7.1
HIGHCVE-2019-25300
thejshen Globitek CMS 1.4 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'id' GET parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to potentially ... Read more
Affected Products :- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Injection
-
5.3
MEDIUMCVE-2026-1769
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Xerox CentreWare on Windows allows Stored XSS.This issue affects CentreWare: through 7.0.6. Consider upgrading Xerox® CentreWare Web® to v7.2.2... Read more
Affected Products :- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2026-24903
OrcaStatLLM Researcher is an LLM Based Research Paper Generator. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Log Message in the Session Page in OrcaStatLLM-Researcher that allows attackers to inject and execute arbitrary JavaS... Read more
Affected Products :- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Cross-Site Scripting
-
4.3
MEDIUMCVE-2026-24776
OpenProject is an open-source, web-based project management software. Prior to 17.0.2, the drag&drop handler moving an agenda item to a different section was not properly checking if the target meeting section is part of the same meeting (or is the backlo... Read more
Affected Products : openproject- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Authorization
-
3.3
LOWCVE-2025-15320
Tanium addressed a denial of service vulnerability in Tanium Client.... Read more
Affected Products : client- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Denial of Service
-
6.8
MEDIUMCVE-2026-25727
time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally de... Read more
Affected Products : time- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Denial of Service
-
10.0
CRITICALCVE-2026-25632
EPyT-Flow is a Python package designed for the easy generation of hydraulic and water quality scenario data of water distribution networks. Prior to 0.16.1, EPyT-Flow’s REST API parses attacker-controlled JSON request bodies using a custom deserializer (m... Read more
Affected Products :- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Injection
-
4.6
MEDIUMCVE-2026-25647
Lute is a structured Markdown engine supporting Go and JavaScript. Lute 1.7.6 and earlier (as used in SiYuan before) has a Stored Cross-Site Scripting (XSS) vulnerability in the Markdown rendering engine. An attacker can inject malicious JavaScript into a... Read more
Affected Products : siyuan- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Cross-Site Scripting
-
5.8
MEDIUMCVE-2026-24851
OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.5 to v1.11.2 ( openfga-0.2.22<= Helm chart <= openfga-0.2.51, v.1.8.5 <= docker <= v.1.11.2) are vulnerable to im... Read more
Affected Products : openfga- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Authorization
-
5.9
MEDIUMCVE-2026-25556
MuPDF versions 1.23.0 through 1.27.0 contain a double-free vulnerability in fz_fill_pixmap_from_display_list() when an exception occurs during display list rendering. The function accepts a caller-owned fz_pixmap pointer but incorrectly drops the pixmap i... Read more
Affected Products :- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Memory Corruption
-
8.6
HIGHCVE-2026-25580
Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. From 0.0.26 to before 1.56.0, aServer-Side Request Forgery (SSRF) vulnerability exists in Pydantic AI's URL download functionality. When applications accep... Read more
Affected Products :- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Server-Side Request Forgery