Latest CVE Feed
-
6.5
MEDIUMCVE-2025-14150
IBM webMethods Integration (on prem) - Integration Server 10.15 through IS_10.15_Core_Fix2411.1 to IS_11.1_Core_Fix8 IBM webMethods Integration could disclose sensitive user information in server responses.... Read more
Affected Products : webmethods_integration_on_prem___integration_server- Published: Feb. 05, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Information Disclosure
-
9.4
CRITICALCVE-2026-25481
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.59.32, there is a bypass to the fix for CVE-2025-46724. TableChatAgent can call pandas_eval tool to evaluate the expression. There is a WAF in langroid/util... Read more
Affected Products : langroid- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Injection
-
6.4
MEDIUMCVE-2026-1319
The Robin Image Optimizer – Unlimited Image Optimization & WebP Converter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Alternative Text' field of a Media Library image in all versions up to, and including, 2.0.2 due to insuff... Read more
Affected Products :- Published: Feb. 05, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Cross-Site Scripting
-
0.0
NACVE-2026-23050
In the Linux kernel, the following vulnerability has been resolved: pNFS: Fix a deadlock when returning a delegation during open() Ben Coddington reports seeing a hang in the following stack trace: 0 [ffffd0b50e1774e0] __schedule at ffffffff9ca05415 ... Read more
Affected Products : linux_kernel- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Race Condition
-
8.5
HIGHCVE-2019-25269
Amiti Antivirus 25.0.640 contains an unquoted service path vulnerability in its Windows service configurations. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges by placing executable files i... Read more
Affected Products :- Published: Feb. 05, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Misconfiguration
-
4.7
MEDIUMCVE-2026-25616
Blesta 3.x through 5.x before 5.13.3 mishandles input validation, aka CORE-5665.... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Injection
-
7.2
HIGHCVE-2026-25615
Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-5668.... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Injection
-
7.5
HIGHCVE-2026-25614
Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-5680.... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-41717
An unauthenticated remote attacker can trick a high privileged user into uploading a malicious payload via the config-upload endpoint, leading to code injection as root. This results in a total loss of confidentiality, availability and integrity due to im... Read more
- Published: Jan. 13, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Injection
-
8.2
HIGHCVE-2026-1642
A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-middle (MITM) position on the upstream server side—along with conditions beyond the attacker's co... Read more
- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Misconfiguration
-
9.0
HIGHCVE-2026-1140
A vulnerability was found in UTT 进取 520W 1.7.7-180627. This issue affects the function strcpy of the file /goform/ConfigExceptAli. The manipulation results in buffer overflow. It is possible to launch the attack remotely. The exploit has been made public ... Read more
- Published: Jan. 19, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Memory Corruption
-
9.0
HIGHCVE-2026-1139
A vulnerability has been found in UTT 进取 520W 1.7.7-180627. This vulnerability affects the function strcpy of the file /goform/ConfigExceptMSN. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been... Read more
- Published: Jan. 19, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Memory Corruption
-
9.0
HIGHCVE-2026-1138
A flaw has been found in UTT 进取 520W 1.7.7-180627. This affects the function strcpy of the file /goform/ConfigExceptQQ. Executing a manipulation can lead to buffer overflow. The attack may be performed from remote. The exploit has been published and may b... Read more
- Published: Jan. 19, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Memory Corruption
-
9.0
HIGHCVE-2026-1137
A vulnerability was detected in UTT 进取 520W 1.7.7-180627. Affected by this issue is the function strcpy of the file /goform/formWebAuthGlobalConfig. Performing a manipulation results in buffer overflow. The attack is possible to be carried out remotely. T... Read more
- Published: Jan. 19, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2026-1118
A vulnerability was detected in itsourcecode Society Management System 1.0. Impacted is an unknown function of the file /admin/add_activity.php. Performing a manipulation of the argument Title results in sql injection. It is possible to initiate the attac... Read more
Affected Products : society_management_system- Published: Jan. 18, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2026-1119
A flaw has been found in itsourcecode Society Management System 1.0. The affected element is an unknown function of the file /admin/delete_activity.php. Executing a manipulation of the argument activity_id can lead to sql injection. It is possible to laun... Read more
Affected Products : society_management_system- Published: Jan. 18, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Injection
-
6.1
MEDIUMCVE-2026-1135
A security flaw has been discovered in itsourcecode Society Management System 1.0. This impacts an unknown function of the file /admin/activity.php. The manipulation of the argument Title results in cross site scripting. The attack may be launched remotel... Read more
Affected Products : society_management_system- Published: Jan. 19, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Cross-Site Scripting
-
7.5
HIGHCVE-2026-25027
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Unicamp unicamp allows PHP Local File Inclusion.This issue affects Unicamp: from n/a through <= 2.7.1.... Read more
Affected Products : unicamp- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Injection
-
10.0
CRITICALCVE-2025-70841
Dokans Multi-Tenancy Based eCommerce Platform SaaS 3.9.2 allows unauthenticated remote attackers to obtain sensitive application configuration data via direct request to /script/.env file. The exposed file contains Laravel application encryption key (APP_... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Information Disclosure
-
6.8
MEDIUMCVE-2026-24784
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, a content editor could inject scripts in module headers/footers that would ru... Read more
Affected Products : dotnetnuke- Published: Jan. 28, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Cross-Site Scripting