Latest CVE Feed
-
5.5
MEDIUMCVE-2026-21315
Audition versions 25.3 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires ... Read more
Affected Products : audition- Published: Feb. 10, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2026-21514
Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.... Read more
Affected Products : 365_apps office_long_term_servicing_channel office_macos_2024 office_macos_2021 office_2024 office_2021- Actively Exploited
- Published: Feb. 10, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Authorization
-
6.2
MEDIUMCVE-2026-21525
Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 +6 more products- Actively Exploited
- Published: Feb. 10, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Denial of Service
-
9.8
CRITICALCVE-2026-24061
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.... Read more
- Actively Exploited
- Published: Jan. 21, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Authentication
-
7.8
HIGHCVE-2026-21509
Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.... Read more
Affected Products : office 365_apps office_long_term_servicing_channel office_2016 office_2024 office_2021 office_2019- Actively Exploited
- Published: Jan. 26, 2026
- Modified: Feb. 11, 2026
-
8.8
HIGHCVE-2026-21513
Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 +6 more products- Actively Exploited
- Published: Feb. 10, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Authentication
-
6.1
MEDIUMCVE-2025-70849
Arbitrary File Upload in podinfo thru 6.9.0 allows unauthenticated attackers to upload arbitrary files via crafted POST request to the /store endpoint. The application renders uploaded content without a restrictive Content-Security-Policy (CSP) or adequat... Read more
Affected Products : podinfo- Published: Feb. 03, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-52623
HCL AION is affected by an Autocomplete HTML Attribute Not Disabled for Password Field vulnerability. This can allow autocomplete on password fields may lead to unintended storage or disclosure of sensitive credentials, potentially increasing the risk of... Read more
Affected Products : aion- Published: Feb. 03, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Misconfiguration
-
6.4
MEDIUMCVE-2026-1827
The Flask Micro code-editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's codeflask shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attr... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Cross-Site Scripting
-
8.5
HIGHCVE-2019-25308
Mikogo 5.2.2.150317 contains an unquoted service path vulnerability in the Mikogo-Service Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files i... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Misconfiguration
-
6.4
MEDIUMCVE-2026-1885
The Slideshow Wp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sswpid' attribute of the 'sswp-slide' shortcode in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping on us... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Cross-Site Scripting
-
7.0
HIGHCVE-2025-61969
Incorrect permission assignment in AMD µProf may allow a local user-privileged attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2026-1571
User-controlled input is reflected into the HTML output without proper encoding on TP-Link Archer C60 v3, allowing arbitrary JavaScript execution via a crafted URL. An attacker could run script in the device web UI context, potentially enabling credential... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2026-1821
The Microtango plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'restkey' parameter of the mt_reservation shortcode in all versions up to, and including, 0.9.29 due to insufficient input sanitization and output escaping. This make... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2026-1833
The WaMate Confirm – Order Confirmation plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it p... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2026-1748
The Invoct – PDF Invoices & Billing for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions in all versions up to, and including, 1.6. This makes it possible for authenticat... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Authorization
-
6.4
MEDIUMCVE-2026-1804
The WDES Responsive Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wdes-popup-title' shortcode in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping on user suppli... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Cross-Site Scripting
-
6.9
MEDIUMCVE-2025-13651
Exposure of Sensitive System Information to an Unauthorized Actor vulnerability in Microcom ZeusWeb allows Web Application Fingerprinting of sensitive data. This issue affects ZeusWeb: 6.1.31.... Read more
Affected Products : zeusweb- Published: Feb. 11, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Information Disclosure
-
8.8
HIGHCVE-2026-1560
The Custom Block Builder – Lazy Blocks plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.0 via multiple functions in the 'LazyBlocks_Blocks' class. This makes it possible for authenticated attackers, wit... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Injection
-
8.2
HIGHCVE-2025-9986
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vadi Corporate Information Systems Ltd. Co. DIGIKENT allows Excavation.This issue affects DIGIKENT: through 13092025.... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Information Disclosure