Latest CVE Feed
-
8.8
HIGHCVE-2019-25351
Centova Cast 3.2.11 contains a file download vulnerability that allows authenticated attackers to retrieve arbitrary system files through the server.copyfile API endpoint. Attackers can exploit the vulnerability by supplying crafted parameters to download... Read more
Affected Products :- Published: Feb. 18, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2019-25350
XMedia Recode 3.4.8.6 contains a denial of service vulnerability that allows attackers to crash the application by loading a specially crafted .m3u playlist file. Attackers can create a malicious .m3u file with an oversized buffer to trigger an applicatio... Read more
Affected Products :- Published: Feb. 18, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2019-25349
ScadaApp for iOS 1.1.4.0 contains a denial of service vulnerability that allows attackers to crash the application by inputting an oversized buffer in the Servername field. Attackers can paste a 257-character buffer during login to trigger an application ... Read more
Affected Products :- Published: Feb. 18, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Denial of Service
-
6.2
MEDIUMCVE-2019-25326
ipPulse 1.92 contains a denial of service vulnerability that allows local attackers to crash the application by providing an oversized input in the Enter Key field. Attackers can generate a 256-byte buffer of repeated 'A' characters to trigger an applicat... Read more
Affected Products :- Published: Feb. 18, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2026-2668
A vulnerability was found in Rongzhitong Visual Integrated Command and Dispatch Platform up to 20260206. This affects an unknown function of the file /dm/dispatch/user/add of the component User Handler. The manipulation results in improper access controls... Read more
Affected Products :- Published: Feb. 18, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Authorization
-
5.5
MEDIUMCVE-2026-2667
A vulnerability has been found in Rongzhitong Visual Integrated Command and Dispatch Platform up to 20260206. The impacted element is an unknown function of the file /dispatch/api?cmd=userinfo. The manipulation leads to improper access controls. The attac... Read more
Affected Products :- Published: Feb. 18, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Authorization
-
5.7
MEDIUMCVE-2026-24746
InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting (XSS) vulnerability occurs in the Edit Quotes functions of InvoicePlane version 1.7.0. In the Editing Quotes function, the ap... Read more
Affected Products :- Published: Feb. 18, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2026-1999
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to merge their own pull request into a repository without having push access by exploiting an authorization bypass in the enable_auto_merge mutati... Read more
Affected Products :- Published: Feb. 18, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Authorization
-
6.0
MEDIUMCVE-2026-1355
A Missing Authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to upload unauthorized content to another user’s repository migration export due to a missing authorization check in the repository migration upload ... Read more
Affected Products :- Published: Feb. 18, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Authorization
-
6.3
MEDIUMCVE-2026-1200
A flaw was found in the rgaufman/live555 fork of live555. A remote attacker could exploit a segmentation fault, in the `increaseBufferTo` function. This vulnerability can lead to memory corruption problems and potentially other consequences.... Read more
Affected Products :- Published: Feb. 18, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2026-0665
An off-by-one error was found in QEMU's KVM Xen guest support. A malicious guest could use this flaw to trigger out-of-bounds heap accesses in the QEMU process via the emulated Xen physdev hypercall interface, leading to a denial of service or potential m... Read more
Affected Products :- Published: Feb. 18, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Memory Corruption
-
7.6
HIGHCVE-2026-0573
An URL redirection vulnerability was identified in GitHub Enterprise Server that allowed attacker-controlled redirects to leak sensitive authorization tokens. The repository_pages API insecurely followed HTTP redirects when fetching artifact URLs, preserv... Read more
Affected Products :- Published: Feb. 18, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Server-Side Request Forgery
-
3.3
LOWCVE-2025-8860
A flaw was found in QEMU in the uefi-vars virtual device. When the guest writes to register UEFI_VARS_REG_BUFFER_SIZE, the .write callback `uefi_vars_write` is invoked. The function allocates a heap buffer without zeroing the memory, leaving the buffer fi... Read more
Affected Products :- Published: Feb. 18, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Information Disclosure
-
7.7
HIGHCVE-2025-1272
The Linux Kernel lockdown mode for kernel versions starting on 6.12 and above for Fedora Linux has the lockdown mode disabled without any warning. This may allow an attacker to gain access to sensitive information such kernel memory mappings, I/O ports, B... Read more
Affected Products :- Published: Feb. 18, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Misconfiguration
-
5.5
MEDIUMCVE-2025-14876
A flaw was found in the virtio-crypto device of QEMU. A malicious guest operating system can exploit a missing length limit in the AKCIPHER path, leading to uncontrolled memory allocation. This can result in a denial of service (DoS) on the host system by... Read more
Affected Products :- Published: Feb. 18, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Denial of Service
-
3.3
LOWCVE-2025-12343
A flaw was found in FFmpeg’s TensorFlow backend within the libavfilter/dnn_backend_tf.c source file. The issue occurs in the dnn_execute_model_tf() function, where a task object is freed multiple times in certain error-handling paths. This redundant memor... Read more
Affected Products :- Published: Feb. 18, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Memory Corruption
-
5.3
MEDIUMCVE-2025-10256
A NULL pointer dereference vulnerability exists in FFmpeg’s Firequalizer filter (libavfilter/af_firequalizer.c) due to a missing check on the return value of av_malloc_array() in the config_input() function. An attacker could exploit this by tricking a vi... Read more
Affected Products :- Published: Feb. 18, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Memory Corruption
-
4.8
MEDIUMCVE-2025-0577
An insufficient entropy vulnerability was found in glibc. The getrandom and arc4random family of functions may return predictable randomness if these functions are called again after the fork, which happens concurrently with a call to any of these functio... Read more
Affected Products :- Published: Feb. 18, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Cryptography
-
5.8
MEDIUMCVE-2026-2666
A flaw has been found in mingSoft MCMS 6.1.1. The affected element is an unknown function of the file /ms/file/uploadTemplate.do of the component Template Archive Handler. Executing a manipulation of the argument File can lead to unrestricted upload. The ... Read more
Affected Products :- Published: Feb. 18, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2026-2665
A vulnerability was detected in huanzi-qch base-admin up to 57a8126bb3353a004f3c7722089e3b926ea83596. Impacted is the function Upload of the file SysFileController.java of the component JSP Parser. Performing a manipulation of the argument File results in... Read more
Affected Products :- Published: Feb. 18, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Misconfiguration