Latest CVE Feed
-
8.1
HIGHCVE-2025-13691
IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used to impersonate other users in the system.... Read more
Affected Products : datastage_on_cloud_pak_for_data- Published: Feb. 17, 2026
- Modified: Feb. 17, 2026
- Vuln Type: Information Disclosure
-
7.8
HIGHCVE-2026-25731
calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection (SSTI) vulnerability in Calibre's Templite templating engine allows arbitrary code execution when a user converts an ebook using a malicious custom template file via the --temp... Read more
Affected Products : calibre- Published: Feb. 06, 2026
- Modified: Feb. 17, 2026
- Vuln Type: Injection
-
10.0
CRITICALCVE-2026-22709
vm2 is an open source vm/sandbox for Node.js. In vm2 prior to version 3.10.2, `Promise.prototype.then` `Promise.prototype.catch` callback sanitization can be bypassed. This allows attackers to escape the sandbox and run arbitrary code. In lib/setup-sandbo... Read more
Affected Products : vm2- Published: Jan. 26, 2026
- Modified: Feb. 17, 2026
- Vuln Type: Misconfiguration
-
5.3
MEDIUMCVE-2026-24003
EVerest is an EV charging software stack. In versions up to and including 2025.12.1, it is possible to bypass the sequence state verification including authentication, and send requests that transition to forbidden states relative to the current one, ther... Read more
Affected Products : everest- Published: Jan. 26, 2026
- Modified: Feb. 17, 2026
- Vuln Type: Authorization
-
5.4
MEDIUMCVE-2026-24476
Shaarli is a personal bookmarking service. Prior to version 0.16.0, crafting a malicious tag which starting with `"` prematurely ends the `<input>` tag on the start page and allows an attacker to add arbitrary html leading to a possible XSS attack. Versio... Read more
Affected Products : shaarli- Published: Jan. 26, 2026
- Modified: Feb. 17, 2026
- Vuln Type: Cross-Site Scripting
-
8.6
HIGHCVE-2026-24486
Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options `UPLOAD_DIR` and `UPLOAD_KEEP_FILENAME=True`. An attacker can write uploaded files to ... Read more
Affected Products : python-multipart- Published: Jan. 27, 2026
- Modified: Feb. 17, 2026
- Vuln Type: Path Traversal
-
7.1
HIGHCVE-2026-20628
A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An app may ... Read more
- Published: Feb. 11, 2026
- Modified: Feb. 17, 2026
- Vuln Type: Authorization
-
3.1
LOWCVE-2026-20671
A logic issue was addressed with improved checks. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An attacker in a privileg... Read more
- Published: Feb. 11, 2026
- Modified: Feb. 17, 2026
- Vuln Type: Misconfiguration
-
7.5
HIGHCVE-2020-37200
NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration key input that allows attackers to crash the application by supplying oversized input. Attackers can generate a 1000-character payload and paste it into the registration ... Read more
Affected Products : netsharewatcher- Published: Feb. 11, 2026
- Modified: Feb. 17, 2026
- Vuln Type: Memory Corruption
-
8.1
HIGHCVE-2026-24490
MobSF is a mobile application security testing tool used. Prior to version 4.4.5, a Stored Cross-site Scripting (XSS) vulnerability in MobSF's Android manifest analysis allows an attacker to execute arbitrary JavaScript in the context of a victim's browse... Read more
Affected Products : mobile_security_framework- Published: Jan. 27, 2026
- Modified: Feb. 17, 2026
- Vuln Type: Cross-Site Scripting
-
7.5
HIGHCVE-2020-37201
NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration name input that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application cr... Read more
Affected Products : netsharewatcher- Published: Feb. 11, 2026
- Modified: Feb. 17, 2026
- Vuln Type: Memory Corruption
-
9.9
CRITICALCVE-2026-2630
A Command Injection vulnerability exists where an authenticated, remote attacker could execute arbitrary code on the underlying server where Tenable Security Center is hosted.... Read more
Affected Products : security_center- Published: Feb. 17, 2026
- Modified: Feb. 17, 2026
- Vuln Type: Injection
-
7.5
HIGHCVE-2026-2620
A weakness has been identified in Huace Monitoring and Early Warning System 2.2. Affected by this issue is some unknown functionality of the file /Web/SysManage/ProjectRole.aspx. Executing a manipulation of the argument ID can lead to sql injection. It is... Read more
Affected Products :- Published: Feb. 17, 2026
- Modified: Feb. 17, 2026
- Vuln Type: Injection
-
5.4
MEDIUMCVE-2026-26357
Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, l... Read more
Affected Products :- Published: Feb. 17, 2026
- Modified: Feb. 17, 2026
- Vuln Type: Cross-Site Scripting
-
8.5
HIGHCVE-2026-23648
Glory RBG-100 recycler systems using the ISPK-08 software component contain multiple system binaries with overly permissive file permissions. Several binaries executed by the root user are writable and executable by unprivileged local users. An attacker w... Read more
Affected Products :- Published: Feb. 17, 2026
- Modified: Feb. 17, 2026
- Vuln Type: Misconfiguration
-
9.8
CRITICALCVE-2026-23647
Glory RBG-100 recycler systems using the ISPK-08 software component contain hard-coded operating system credentials that allow remote authentication to the underlying Linux system. Multiple local user accounts, including accounts with administrative privi... Read more
Affected Products :- Published: Feb. 17, 2026
- Modified: Feb. 17, 2026
- Vuln Type: Authentication
-
10.0
CRITICALCVE-2026-22769
Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of the hardcoded credential could potentially exploit thi... Read more
Affected Products : recoverpoint_for_virtual_machines- Published: Feb. 17, 2026
- Modified: Feb. 17, 2026
- Vuln Type: Authentication
-
6.5
MEDIUMCVE-2026-22762
Dell Avamar Server and Avamar Virtual Edition, versions prior to 19.10 SP1 with CHF338912, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Security. A high privileged attacker with remote acce... Read more
Affected Products :- Published: Feb. 17, 2026
- Modified: Feb. 17, 2026
- Vuln Type: Path Traversal
-
6.6
MEDIUMCVE-2026-22284
Dell SmartFabric OS10 Software, versions prior to 10.5.6.12, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulner... Read more
Affected Products : smartfabric_os10- Published: Feb. 17, 2026
- Modified: Feb. 17, 2026
- Vuln Type: Injection
-
9.6
CRITICALCVE-2026-22208
OpenS100 (the reference implementation S-100 viewer) prior to commit 753cf29 contain a remote code execution vulnerability via an unrestricted Lua interpreter. The Portrayal Engine initializes Lua using luaL_openlibs() without sandboxing or capability res... Read more
Affected Products :- Published: Feb. 17, 2026
- Modified: Feb. 17, 2026
- Vuln Type: Injection