Latest CVE Feed
-
5.9
MEDIUMCVE-2026-23684
A race condition vulnerability exists in the SAP Commerce cloud. Because of this when an attacker adds products to a cart, it may result in a cart entry being created with erroneous product value which could be checked out. This leads to high impact on da... Read more
Affected Products : commerce_cloud- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Race Condition
-
4.6
MEDIUMCVE-2025-12757
An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are not permitted to.... Read more
Affected Products : axis_camera_station_pro- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authorization
-
7.8
HIGHCVE-2026-22923
A vulnerability has been identified in NX (All versions < V2512). The affected application contains a data validation vulnerability that could allow an attacker with local access to interfere with internal data during the PDF export process that could pot... Read more
Affected Products : nx- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Information Disclosure
-
8.7
HIGHCVE-2026-2093
Docpedia developed by Flowring has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.... Read more
Affected Products :- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Injection
-
5.7
MEDIUMCVE-2025-12063
An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions.... Read more
Affected Products : axis_camera_station_pro- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-15570
A vulnerability was found in ckolivas lrzip up to 0.651. This impacts the function lzma_decompress_buf of the file stream.c. Performing a manipulation results in use after free. Attacking locally is a requirement. The exploit has been made public and coul... Read more
Affected Products : lrzip- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2026-2097
Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.... Read more
Affected Products : agentflow- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2026-2096
Agentflow developed by Flowring has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality.... Read more
Affected Products : agentflow- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2026-2095
Agentflow developed by Flowring has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to exploit a specific functionality to obtain arbitrary user authentication token and log into the system as any user.... Read more
Affected Products : agentflow- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authentication
-
4.8
MEDIUMCVE-2026-2259
A vulnerability has been found in aardappel lobster up to 2025.4. Affected by this issue is the function lobster::Parser::ParseStatements in the library dev/src/lobster/parser.h of the component Parsing. The manipulation leads to memory corruption. The at... Read more
Affected Products :- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Memory Corruption
-
6.1
MEDIUMCVE-2026-24328
SAP TAF_APPLAUNCHER within Business Server Pages allows unauthenticated attacker to craft malicious links that, when clicked by a victim, redirect them to attacker?controlled sites, potentially exposing or altering sensitive information in the victim�s br... Read more
Affected Products :- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Server-Side Request Forgery
-
4.3
MEDIUMCVE-2026-24326
Due to a missing authorization check in the Disconnected Operations of the SAP S/4HANA Defense & Security, an attacker with user privileges could call remote-enabled function modules to do direct update on standard SAP database table . This results in low... Read more
Affected Products :- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authorization
-
6.7
MEDIUMCVE-2025-15315
Tanium addressed a local privilege escalation vulnerability in Tanium Module Server.... Read more
Affected Products : moduleserver- Published: Feb. 09, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authentication
-
7.7
HIGHCVE-2026-23689
Due to an uncontrolled resource consumption (Denial of Service) vulnerability, an authenticated attacker with regular user privileges and network access can repeatedly invoke a remote-enabled function module with an excessively large loop-control paramete... Read more
Affected Products :- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Denial of Service
-
4.3
MEDIUMCVE-2026-23688
SAP Fiori App Manage Service Entry Sheets does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has low impact on integrity, confidentiality and availability are not impacted.... Read more
Affected Products :- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authorization
-
8.8
HIGHCVE-2026-23687
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity inf... Read more
Affected Products : netweaver_application_server_abap- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authentication
-
9.6
CRITICALCVE-2026-0509
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated, low-privileged user to perform background Remote Function Calls without the required S_RFC authorization in certain cases. This can result in a high impact on integrity and a... Read more
Affected Products : netweaver_application_server_abap- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-15147
The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.11.8 via the 'WCFMvm_Memberships_Payment_Controller::processing' due t... Read more
Affected Products : wcfm_membership- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authorization
-
5.5
MEDIUMCVE-2025-15313
Tanium addressed an arbitrary file deletion vulnerability in Tanium EUSS.... Read more
Affected Products : endpoint_euss- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Path Traversal
-
6.5
MEDIUMCVE-2026-25957
Cube is a semantic layer for building data applications. From 1.1.17 to before 1.5.13 and 1.4.2, it is possible to make the entire Cube API unavailable by submitting a specially crafted request to a Cube API endpoint. This vulnerability is fixed in 1.5.13... Read more
Affected Products : cube.js- Published: Feb. 09, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Denial of Service