Latest CVE Feed
-
5.5
MEDIUMCVE-2025-15314
Tanium addressed an arbitrary file deletion vulnerability in end-user-cx.... Read more
Affected Products : endpoint_end-user-cx- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
-
7.5
HIGHCVE-2026-25961
SumatraPDF is a multi-format reader for Windows. In 3.5.0 through 3.5.2, SumatraPDF's update mechanism disables TLS hostname verification (INTERNET_FLAG_IGNORE_CERT_CN_INVALID) and executes installers without signature checks. A network attacker with any ... Read more
Affected Products : sumatrapdf- Published: Feb. 09, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Misconfiguration
-
9.0
CRITICALCVE-2026-25881
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.31, a sandbox escape vulnerability allows sandboxed code to mutate host built-in prototypes by laundering the isGlobal protection flag through array literal intermediaries. When a global prototype... Read more
Affected Products : sandboxjs- Published: Feb. 09, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Misconfiguration
-
6.4
MEDIUMCVE-2026-1922
The The Events Calendar Shortcode & Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `ecs-list-events` shortcode `message` attribute in all versions up to, and including, 3.1.2 due to insufficient input sanitization... Read more
Affected Products :- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Cross-Site Scripting
-
7.8
HIGHCVE-2025-15319
Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools.... Read more
Affected Products : endpoint_patch- Published: Feb. 09, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authorization
-
7.8
HIGHCVE-2026-25880
SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, the PDF reader allows execution of a malicious binary (explorer.exe) located in the same directory as the opened PDF when the user clicks File → “Show in folder”. This behavior leads t... Read more
Affected Products : sumatrapdf- Published: Feb. 09, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authentication
-
5.3
MEDIUMCVE-2026-25811
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application derives the tenant identifier directly from the email domain provided by the user, without validating domain ownership or registration. This ... Read more
Affected Products : placipy- Published: Feb. 09, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authentication
-
6.5
MEDIUMCVE-2025-15317
Tanium addressed an uncontrolled resource consumption vulnerability in Tanium Server.... Read more
Affected Products : server- Published: Feb. 09, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2026-25808
Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Prior to 0.6.20 and 0.7.2, there is a security vulnerability where DMs and followers-only posts were exposed through the ActivityPub outbox endpoint with... Read more
Affected Products :- Published: Feb. 09, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authorization
-
6.7
MEDIUMCVE-2025-15316
Tanium addressed a local privilege escalation vulnerability in Tanium Server.... Read more
Affected Products : server- Published: Feb. 09, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authorization
-
10.0
CRITICALCVE-2026-25885
PolarLearn is a free and open-source learning program. In 0-PRERELEASE-16 and earlier, the group chat WebSocket at wss://polarlearn.nl/api/v1/ws can be used without logging in. An unauthenticated client can subscribe to any group chat by providing a group... Read more
Affected Products :- Published: Feb. 09, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authentication
-
9.9
CRITICALCVE-2026-0488
An authenticated attacker in SAP CRM and SAP S/4HANA (Scripting Editor) could exploit a flaw in a generic function module call and execute unauthorized critical functionalities, which includes the ability to execute an arbitrary SQL statement. This leads ... Read more
Affected Products :- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Injection
-
5.4
MEDIUMCVE-2026-2099
AgentFlow developed by Flowring has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject persistent JavaScript codes that are executed in users' browsers upon page load.... Read more
Affected Products : agentflow- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Cross-Site Scripting
-
7.5
HIGHCVE-2026-0485
SAP BusinessObjects BI Platform allows an unauthenticated attacker to send specially crafted requests that could cause the Content Management Server (CMS) to crash and automatically restart. By repeatedly submitting these requests, the attacker could indu... Read more
Affected Products :- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Denial of Service
-
7.8
HIGHCVE-2025-11547
AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a non-admin user.... Read more
Affected Products : axis_camera_station_pro- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authorization
-
8.8
HIGHCVE-2026-2094
Docpedia developed by Flowring has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.... Read more
Affected Products :- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Injection
-
5.0
MEDIUMCVE-2026-0486
In ABAP based SAP systems a remote enabled function module does not perform necessary authorization checks for an authenticated user resulting in disclosure of system information.This has low impact on confidentiality. Integrity and availability are not i... Read more
Affected Products :- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authorization
-
8.8
HIGHCVE-2025-7636
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ergosis Security Systems Computer Industry and Trade Inc. ZEUS PDKS allows SQL Injection.This issue affects ZEUS PDKS: from <1.0.5.10 through 10022026. ... Read more
Affected Products :- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Injection
-
7.1
HIGHCVE-2025-11142
The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account.... Read more
Affected Products : axis_os- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Injection
-
5.3
MEDIUMCVE-2026-1722
The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.7.0. This is due to the plugin not implementing authorization checks in the `wcfm... Read more
Affected Products :- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authorization