Latest CVE Feed
-
5.5
MEDIUMCVE-2026-25145
melange allows users to build apk packages using declarative pipelines. From version 0.14.0 to before 0.40.3, an attacker who can influence a melange configuration file (e.g., through pull request-driven CI or build-as-a-service scenarios) could read arbi... Read more
Affected Products :- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Path Traversal
-
8.3
HIGHCVE-2026-25513
FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.81, FacturaScripts contains a critical SQL injection vulnerability in the REST API that allows authenticated API users to execute arbitrary SQL queri... Read more
Affected Products : facturascripts- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Injection
-
5.9
MEDIUMCVE-2026-25518
cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the process of obtaining, renewing and using those certificates. In versions from 1.18.0 to before 1.18.5 and from 1.19.0 to before 1.19.3, the... Read more
Affected Products :- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2025-69213
OpenSTAManager is an open source management software for technical assistance and invoicing. In version 2.9.8 and prior, a SQL Injection vulnerability exists in the ajax_complete.php endpoint when handling the get_sedi operation. An authenticated attacker... Read more
Affected Products : openstamanager- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Injection
-
8.7
HIGHCVE-2025-69215
OpenSTAManager is an open source management software for technical assistance and invoicing. In version 2.9.8 and prior, there is a SQL Injection vulnerability in the Stampe Module. At time of publication, no known patch exists.... Read more
Affected Products : openstamanager- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Injection
-
0.0
NACVE-2026-23104
In the Linux kernel, the following vulnerability has been resolved: ice: fix devlink reload call trace Commit 4da71a77fc3b ("ice: read internal temperature sensor") introduced internal temperature sensor reading via HWMON. ice_hwmon_init() was added to ... Read more
Affected Products : linux_kernel- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Misconfiguration
-
7.5
HIGHCVE-2026-25121
apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.1, a path traversal vulnerability was discovered in apko's dirFS filesystem abstraction. An attacker who can supply a malicious APK pack... Read more
Affected Products :- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2026-25140
apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.1, an attacker who controls or compromises an APK repository used by apko could cause resource exhaustion on the build host. The ExpandA... Read more
Affected Products :- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Denial of Service
-
5.3
MEDIUMCVE-2023-38010
IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system.... Read more
Affected Products : cloud_pak_system- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Information Disclosure
-
4.3
MEDIUMCVE-2026-20123
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is ... Read more
- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Server-Side Request Forgery
-
5.3
MEDIUMCVE-2026-0944
Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Group invite allows Forceful Browsing.This issue affects Group invite: from 0.0.0 before 2.3.9, from 3.0.0 before 3.0.4, from 4.0.0 before 4.0.4.... Read more
Affected Products :- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2025-64712
The unstructured library provides open-source components for ingesting and pre-processing images and text documents, such as PDFs, HTML, Word docs, and many more. Prior to version 0.18.18, a path traversal vulnerability in the partition_msg function allow... Read more
Affected Products :- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Path Traversal
-
6.4
MEDIUMCVE-2026-0867
The Essential Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ew-author, ew-archive, ew-category, ew-page, and ew-menu shortcodes in all versions up to, and including, 3.0 due to insufficient input sanitization a... Read more
Affected Products : essential_widgets- Published: Feb. 05, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Cross-Site Scripting
-
9.4
CRITICALCVE-2026-21893
n8n is an open source workflow automation platform. From version 0.187.0 to before 1.120.3, a command injection vulnerability was identified in n8n’s community package installation functionality. The issue allowed authenticated users with administrative p... Read more
Affected Products : n8n- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Injection
-
5.3
MEDIUMCVE-2026-1897
A vulnerability was found in WeKan up to 8.20. Affected by this issue is some unknown functionality of the file server/methods/positionHistory.js of the component Position-History Tracking. The manipulation results in missing authorization. The attack may... Read more
Affected Products :- Published: Feb. 05, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Authorization
-
6.3
MEDIUMCVE-2026-25508
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, an out-of-bounds read vulnerability was reported in the BLE ATT Prepare Write handling of the BLE provisioning transport (protocomm... Read more
Affected Products : esp-idf- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2025-68699
NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In version 0.24.6, NanoMQ has a protocol parsing / forwarding inconsistency when handling shared subscriptions ($share/). A malformed SUBSCRIBE topic such as $share/ab (missing the seco... Read more
Affected Products : nanomq- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Injection
-
8.5
HIGHCVE-2019-25271
NETGATE Data Backup 3.0.620 contains an unquoted service path vulnerability in its NGDatBckpSrv Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable f... Read more
Affected Products :- Published: Feb. 05, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Misconfiguration
-
8.5
HIGHCVE-2019-25267
Wing FTP Server 6.0.7 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to inject ... Read more
Affected Products : wing_ftp_server- Published: Feb. 05, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Misconfiguration
-
8.7
HIGHCVE-2026-25139
RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. In version 2025.10 and prior, multiple out-of-bounds read allow any unauthenticated user, with abil... Read more
Affected Products : riot- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Memory Corruption