Latest CVE Feed
-
8.8
HIGHCVE-2026-0834
Logic vulnerability in TP-Link Archer C20 v6.0 and Archer AX53 v1.0 (TDDP module) allows unauthenticated adjacent attackers to execute administrative commands including factory reset and device reboot without credentials. Attackers on the adjacent network... Read more
- Published: Jan. 21, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authentication
-
7.1
HIGHCVE-2026-25503
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, type confusion allowed malformed ICC profiles to trigger undefined behavior when loading... Read more
Affected Products : iccdev- Published: Feb. 03, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Denial of Service
-
7.8
HIGHCVE-2026-25502
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, stack-based buffer overflow in icFixXml() function when processing malformed ICC profile... Read more
Affected Products : iccdev- Published: Feb. 03, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Memory Corruption
-
10.0
CRITICALCVE-2025-68121
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a use... Read more
Affected Products : go- Published: Feb. 05, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Cryptography
-
4.3
MEDIUMCVE-2026-24326
Due to a missing authorization check in the Disconnected Operations of the SAP S/4HANA Defense & Security, an attacker with user privileges could call remote-enabled function modules to do direct update on standard SAP database table . This results in low... Read more
Affected Products :- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authorization
-
5.5
MEDIUMCVE-2025-15318
Tanium addressed an arbitrary file deletion vulnerability in End-User Notifications Endpoint Tools.... Read more
Affected Products : endpoint_end-user-notifications- Published: Feb. 09, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Misconfiguration
-
4.4
MEDIUMCVE-2026-23685
Due to a Deserialization vulnerability in SAP NetWeaver (JMS service), an attacker authenticated as an administrator with local access could submit specially crafted content to the server. If processed by the application, this content could trigger uninte... Read more
Affected Products :- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Denial of Service
-
7.8
HIGHCVE-2025-11547
AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a non-admin user.... Read more
Affected Products : axis_camera_station_pro- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authorization
-
8.8
HIGHCVE-2026-2097
Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.... Read more
Affected Products : agentflow- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authentication
-
7.5
HIGHCVE-2026-25808
Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Prior to 0.6.20 and 0.7.2, there is a security vulnerability where DMs and followers-only posts were exposed through the ActivityPub outbox endpoint with... Read more
Affected Products :- Published: Feb. 09, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authorization
-
7.7
HIGHCVE-2026-23689
Due to an uncontrolled resource consumption (Denial of Service) vulnerability, an authenticated attacker with regular user privileges and network access can repeatedly invoke a remote-enabled function module with an excessively large loop-control paramete... Read more
Affected Products :- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Denial of Service
-
9.5
CRITICALCVE-2026-25894
FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An insecure default configuration in FUXA allows an unauthenticated, remote attacker to gain administrative access and execute arbitrary code on the server. This affects FUXA throug... Read more
Affected Products : fuxa- Published: Feb. 09, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authentication
-
9.5
CRITICALCVE-2026-25895
FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. A path traversal vulnerability in FUXA allows an unauthenticated, remote attacker to write arbitrary files to arbitrary locations on the server filesystem. This affects FUXA through... Read more
Affected Products : fuxa- Published: Feb. 09, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Path Traversal
-
7.1
HIGHCVE-2025-11142
The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account.... Read more
Affected Products : axis_os- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Injection
-
5.2
MEDIUMCVE-2026-24312
An erroneous authorization check in SAP Business Workflow leads to privilege escalation. An authenticated administrative user can bypass role restrictions by leveraging permissions from a less sensitive function to execute unauthorized, high-privilege act... Read more
Affected Products :- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authorization
-
9.5
CRITICALCVE-2026-25938
FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. From 1.2.8 through 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to execute arbitrary code on the server when the Node-RED plugin... Read more
Affected Products : fuxa- Published: Feb. 09, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authentication
-
4.3
MEDIUMCVE-2025-15147
The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.11.8 via the 'WCFMvm_Memberships_Payment_Controller::processing' due t... Read more
Affected Products : wcfm_membership- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authorization
-
10.0
CRITICALCVE-2026-25893
FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. Prior to 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to gain administrative access via the heartbeat refresh API and execute ar... Read more
Affected Products : fuxa- Published: Feb. 09, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authentication
-
5.5
MEDIUMCVE-2025-15313
Tanium addressed an arbitrary file deletion vulnerability in Tanium EUSS.... Read more
Affected Products : endpoint_euss- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Path Traversal
-
8.1
HIGHCVE-2026-25890
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to 2.57.1, an authenticated user can bypass the application's "Disallow" file path rules by modifying ... Read more
Affected Products : filebrowser- Published: Feb. 09, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authorization