Forum: Too Lazy BBS

Vulnerability Summary for the Week of February 2, 2026

From CISA@cisa@messages.cisa.gov to cisa@toolazy.synchro.net on Mon Feb 9 19:17:11 2026

--===============7159767842078463374==
Content-Type: multipart/alternative; boundary="===============3080814400787859564=="
MIME-Version: 1.0

--===============3080814400787859564==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

Cybersecurity and Infrastructure Security Agency (CISA)

You are subscribed to Vulnerability Bulletins for Cybersecurity and Infrast= ructure Security Agency. This information has recently been updated and is = now available.

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities t= hat have been recorded in the past week. In some cases, the vulnerabilities=
in the bulletin may not yet have assigned CVSS scores.

Vulnerabilities are based on the=C2=A0Common Vulnerabilities and Exposures =
[ https://www.cve.org/ ]=C2=A0(CVE) vulnerability naming standard and are o= rganized according to severity, determined by the=C2=A0Common Vulnerability=
Scoring System [ https://www.cve.org/about/relatedefforts ]=C2=A0(CVSS) st= andard. The division of high, medium, and low severities correspond to the = following scores:

* *High*: vulnerabilities with a CVSS base score of 7.0=E2=80=9310.0=20
* *Medium*: vulnerabilities with a CVSS base score of 4.0=E2=80=936.9=20
* *Low*: vulnerabilities with a CVSS base score of 0.0=E2=80=933.9=20

Entries may include additional information provided by organizations and ef= forts sponsored by CISA. This information may include identifying informati= on, values, definitions, and related links. Patch information is provided w= hen available. Please note that some of the information in the bulletin is = compiled from external, open-source reports and is not a direct result of C= ISA analysis.

Vulnerability Summary for the Week of February 2, 2026 [ https://www.cisa.g= ov/news-events/bulletins/sb26-040 ] 02/09/2026 02:00 PM EST=20
High Vulnerabilities

Primary
Vendor -- Product Description Published CVSS Score Source Info Patch Info I= nsaat--Fikir Odalari AdminPando A SQL injection vulnerability exists in the=
login functionality of Fikir Odalari AdminPando 1.0.1 before 2026-01-26. T=
he username and password parameters are vulnerable to SQL injection, allowi=
ng unauthenticated attackers to bypass authentication completely. Successfu=
l exploitation grants full administrative access to the application, includ= ing the ability to manipulate the public-facing website content (HTML/DOM m= anipulation). 2026-02-03 10 CVE-2025-10878 [ https://www.cve.org/CVERecord?= id=3DCVE-2025-10878 ] https://onurcangenc.com.tr/posts/cve-2025-10878-sql-a= uthentication-bypass-in-fikir-odalar%C4%B1-adminpando/ https://github.com/onurcangnc/CVE-2025-10878-AdminPandov1.0.1-SQLi
=C2=A0 Zenitel--TCIS-3+ This vulnerability allows authenticated attackers t=
o execute arbitrary commands on the underlying system using the file name o=
f an uploaded file. 2026-02-04 10 CVE-2025-59818 [ https://www.cve.org/CVER= ecord?id=3DCVE-2025-59818 ] Zenitel Release Notes Turbine [ https://wiki.ze= nitel.com/wiki/Turbine_9.3_-_Release_notes ]
Zenitel Security Advisory [ https://www.zenitel.com/sites/default/files/202= 5-12/A100K12333%20Zenitel%20Security%20Advisory.pdf ]
Zenitel Release Notes Fortitude8 [ https://wiki.zenitel.com/wiki/VSF-Fortit= ude8_9.3_Release_Notes ]
Zenitel Release Notes ZIPS [ https://wiki.zenitel.com/wiki/ZIPS_9.3_-_Relea= se_notes ]
Zenitel Release Notes Fortitude6 [ https://wiki.zenitel.com/wiki/VSF-Fortit= ude6_9.3_Release_Notes ]
Zenitel Release Notes Display Series [ https://wiki.zenitel.com/wiki/VSF-Di= splay_Series_9.3_Release_Notes ]
=C2=A0 n/a--Docan[.]co Dokans Multi-Tenancy Based eCommerce Platform SaaS 3= .9.2 allows unauthenticated remote attackers to obtain sensitive applicatio=
n configuration data via direct request to /script/.env file. The exposed f= ile contains Laravel application encryption key (APP_KEY), database credent= ials, SMTP/SendGrid API credentials, and internal configuration parameters,=
enabling complete system compromise including authentication bypass via se= ssion token forgery, direct database access to all tenant data, and email i= nfrastructure takeover. Due to the multi-tenancy architecture, this vulnera= bility affects all tenants in the system. 2026-02-03 10 CVE-2025-70841 [ ht= tps://www.cve.org/CVERecord?id=3DCVE-2025-70841 ] https://codecanyon.net/it= em/dokans-multitenancy-based-ecommerce-platform-saas/31122915 https://github.com/cod3rLucas/security-advisories/blob/main/CVE-2025-70841.=
md
=C2=A0 Synectix--LAN 232 TRIO The Synectix LAN 232 TRIO 3-Port serial to et= hernet adapter exposes its web management interface without requiring authe= ntication, allowing unauthenticated users to modify critical device setting=
s or factory reset the device. 2026-02-03 10 CVE-2026-1633 [ https://www.cv= e.org/CVERecord?id=3DCVE-2026-1633 ] https://www.cisa.gov/news-events/ics-a= dvisories/icsa-26-034-04 https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-= 26-034-04.json
=C2=A0 SignalK--signalk-server Signal K Server is a server application that=
runs on a central hub in a boat. Prior to 1.5.0, a command injection vulne= rability allows authenticated users with write permissions to execute arbit= rary shell commands on the Signal K server when the set-system-time plugin =
is enabled. Unauthenticated users can also exploit this vulnerability if se= curity is disabled on the Signal K server. This occurs due to unsafe constr= uction of shell commands when processing navigation.datetime values receive=
d via WebSocket delta messages. This vulnerability is fixed in 1.5.0. 2026-= 02-02 10 CVE-2026-23515 [ https://www.cve.org/CVERecord?id=3DCVE-2026-23515=
] https://github.com/SignalK/signalk-server/security/advisories/GHSA-p8gp-= 2w28-mhwg https://github.com/SignalK/set-system-time/commit/75b11eae2de528bf89ede3fb1= f7ed057ddbb4d24
=C2=A0 nyariv--SandboxJS SandboxJS is a JavaScript sandboxing library. Prio=
r to 0.8.27, SanboxJS does not properly restrict __lookupGetter__ which can=
be used to obtain prototypes, which can be used for escaping the sandbox /=
remote code execution. This vulnerability is fixed in 0.8.27. 2026-02-02 1=
0 CVE-2026-25142 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25142 ] http= s://github.com/nyariv/SandboxJS/security/advisories/GHSA-9p4w-fq8m-2hp7 https://github.com/nyariv/SandboxJS/commit/75c8009db32e6829b0ad92ca13bf4581= 78442bd3 https://github.com/nyariv/SandboxJS/blob/f212a38fb5a6d4bc2bc2e2466c0c011ce8= d41072/src/executor.ts#L368-L398
=C2=A0 ci4-cms-erp--ci4ms CI4MS is a CodeIgniter 4-based CMS skeleton that = delivers a production-ready, modular architecture with RBAC authorization a=
nd theme support. Prior to version 0.28.5.0, an authenticated user with fil=
e editor permissions can achieve Remote Code Execution (RCE) by leveraging = the file creation and save endpoints, an attacker can upload and execute ar= bitrary PHP code on the server. This issue has been patched in version 0.28= .5.0. 2026-02-03 10 CVE-2026-25510 [ https://www.cve.org/CVERecord?id=3DCVE= -2026-25510 ] https://github.com/ci4-cms-erp/ci4ms/security/advisories/GHSA= -gp56-f67f-m4px https://github.com/ci4-cms-erp/ci4ms/commit/86be2930d1c54eb7575102563302b2f= 3bafcb653
=C2=A0 nyariv--SandboxJS SandboxJS is a JavaScript sandboxing library. Prio=
r to 0.8.29, The return values of functions aren't wrapped. Object.values/O= bject.entries can be used to get an Array containing the host's Function co= nstructor, by using Array.prototype.at you can obtain the hosts Function co= nstructor, which can be used to execute arbitrary code outside of the sandb= ox. This vulnerability is fixed in 0.8.29. 2026-02-06 10 CVE-2026-25520 [ h= ttps://www.cve.org/CVERecord?id=3DCVE-2026-25520 ] https://github.com/nyari= v/SandboxJS/security/advisories/GHSA-58jh-xv4v-pcx4 https://github.com/nyariv/SandboxJS/commit/67cb186c41c78c51464f70405504e8ef= 0a6e43c3
=C2=A0 nyariv--SandboxJS SandboxJS is a JavaScript sandboxing library. Prio=
r to 0.8.29, a sandbox escape is possible by shadowing hasOwnProperty on a = sandbox object, which disables prototype whitelist enforcement in the prope= rty-access path. This permits direct access to __proto__ and other blocked = prototype properties, enabling host Object.prototype pollution and persiste=
nt cross-sandbox impact. This vulnerability is fixed in 0.8.29. 2026-02-06 =
10 CVE-2026-25586 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25586 ] htt= ps://github.com/nyariv/SandboxJS/security/advisories/GHSA-jjpw-65fv-8g48 https://github.com/nyariv/SandboxJS/commit/67cb186c41c78c51464f70405504e8ef= 0a6e43c3
=C2=A0 nyariv--SandboxJS SandboxJS is a JavaScript sandboxing library. Prio=
r to 0.8.29, as Map is in SAFE_PROTOYPES, it's prototype can be obtained vi=
a Map.prototype. By overwriting Map.prototype.has the sandbox can be escape=
d. This vulnerability is fixed in 0.8.29. 2026-02-06 10 CVE-2026-25587 [ ht= tps://www.cve.org/CVERecord?id=3DCVE-2026-25587 ] https://github.com/nyariv= /SandboxJS/security/advisories/GHSA-66h4-qj4x-38xp https://github.com/nyariv/SandboxJS/commit/67cb186c41c78c51464f70405504e8ef= 0a6e43c3
=C2=A0 microsoft--semantic-kernel Semantic Kernel is an SDK used to build, = orchestrate, and deploy AI agents and multi-agent systems. Prior to 1.70.0,=
an Arbitrary File Write vulnerability has been identified in Microsoft's S= emantic Kernel=E2=80=AF.NET SDK, specifically within the=E2=80=AFSessionsPy= thonPlugin. The problem has been fixed in Microsoft.SemanticKernel.Core ver= sion 1.70.0. As a mitigation, users can create a Function Invocation Filter=
which checks the arguments being passed to any calls to DownloadFileAsync= =E2=80=AF or UploadFileAsync and ensures the provided localFilePath is allo=
w listed. 2026-02-06 10 CVE-2026-25592 [ https://www.cve.org/CVERecord?id= =3DCVE-2026-25592 ] https://github.com/microsoft/semantic-kernel/security/a= dvisories/GHSA-2ww3-72rp-wpp4 https://github.com/microsoft/semantic-kernel/pull/13478/changes#diff-88d3ca= cba2bfa84eef8f2aa171b34f9940338cbb784a3ffc49f5fe3af1b8943d https://github.com/microsoft/semantic-kernel/blob/main/dotnet/samples/Demos= /CodeInterpreterPlugin/Program.cs#L61-L64
=C2=A0 WaterFutures--EPyT-Flow EPyT-Flow is a Python package designed for t=
he easy generation of hydraulic and water quality scenario data of water di= stribution networks. Prior to 0.16.1, EPyT-Flow's REST API parses attacker-= controlled JSON request bodies using a custom deserializer (my_load_from_js= on) that supports a type field. When type is present, the deserializer dyna= mically imports an attacker-specified module/class and instantiates it with=
attacker-supplied arguments. This allows invoking dangerous classes such a=
s subprocess.Popen, which can lead to OS command execution during JSON pars= ing. This also affects the loading of JSON files. This vulnerability is fix=
ed in 0.16.1. 2026-02-06 10 CVE-2026-25632 [ https://www.cve.org/CVERecord?= id=3DCVE-2026-25632 ] https://github.com/WaterFutures/EPyT-Flow/security/ad= visories/GHSA-74vm-8frp-7w68 https://github.com/WaterFutures/EPyT-Flow/commit/3fff9151494c7dbc72073830b7= 34f0a7e550e385
https://github.com/WaterFutures/EPyT-Flow/releases/tag/v0.16.1
=C2=A0 nyariv--SandboxJS SandboxJS is a JavaScript sandboxing library. Prio=
r to 0.8.29, there is a sandbox escape vulnerability due to a mismatch betw= een the key on which the validation is performed and the key used for acces= sing properties. Even though the key used in property accesses is annotated=
as string, this is never enforced. So, attackers can pass malicious object=
s that coerce to different string values when used, e.g., one for the time = the key is sanitized using hasOwnProperty(key) and a different one for when=
the key is used for the actual property access. This vulnerability is fixe=
d in 0.8.29. 2026-02-06 10 CVE-2026-25641 [ https://www.cve.org/CVERecord?i= d=3DCVE-2026-25641 ] https://github.com/nyariv/SandboxJS/security/advisorie= s/GHSA-7x3h-rm86-3342 https://github.com/nyariv/SandboxJS/commit/67cb186c41c78c51464f70405504e8ef= 0a6e43c3 https://github.com/nyariv/SandboxJS/blob/6103d7147c4666fe48cfda58a4d5f37005= b43754/src/executor.ts#L304-L304
=C2=A0 StreamRipper--StreamRipper32 StreamRipper32 version 2.6 contains a b= uffer overflow vulnerability in the Station/Song Section that allows attack= ers to overwrite memory by manipulating the SongPattern input. Attackers ca=
n craft a malicious payload exceeding 256 bytes to potentially execute arbi= trary code and compromise the application. 2026-02-03 9.8 CVE-2020-37065 [ = https://www.cve.org/CVERecord?id=3DCVE-2020-37065 ] ExploitDB-48517 [ https= ://www.exploit-db.com/exploits/48517 ]
StreamRipper Vendor Homepage [ http://streamripper.sourceforge.net/ ]
VulnCheck Advisory: StreamRipper32 2.6 - Buffer Overflow [ https://www.vuln= check.com/advisories/streamripper-buffer-overflow ]
=C2=A0 GoldWave--GoldWave GoldWave 5.70 contains a buffer overflow vulnerab= ility that allows attackers to execute arbitrary code by crafting malicious=
input in the File Open URL dialog. Attackers can generate a specially craf= ted text file with Unicode-encoded shellcode to trigger a stack-based overf= low and execute commands when the file is opened. 2026-02-03 9.8 CVE-2020-3= 7066 [ https://www.cve.org/CVERecord?id=3DCVE-2020-37066 ] ExploitDB-48510 =
[ https://www.exploit-db.com/exploits/48510 ]
Official Vendor Homepage [ https://www.goldwave.com/ ]
VulnCheck Advisory: GoldWave 5.70 =E2=80=93 Buffer Overflow (SEH Unicode) [=
https://www.vulncheck.com/advisories/goldwave-buffer-overflow-seh-unicode ] =C2=A0 Utillyty--Filetto Filetto 1.0 FTP server contains a denial of servic=
e vulnerability in the FEAT command processing that allows attackers to cra=
sh the service. Attackers can send an oversized FEAT command with 11,008 by= tes of repeated characters to trigger a buffer overflow and terminate the F=
TP service. 2026-02-03 9.8 CVE-2020-37067 [ https://www.cve.org/CVERecord?i= d=3DCVE-2020-37067 ] ExploitDB-48503 [ https://www.exploit-db.com/exploits/= 48503 ]
Vendor Homepage [ http://www.utillyty.eu ]
Software Project Repository [ https://sourceforge.net/projects/filetto ] VulnCheck Advisory: Filetto 1.0 - 'FEAT' Denial of Service [ https://www.vu= lncheck.com/advisories/filetto-feat-denial-of-service ]
=C2=A0 Konica Minolta--FTP Utility Konica Minolta FTP Utility 1.0 contains =
a buffer overflow vulnerability in the LIST command that allows attackers t=
o overwrite system registers. Attackers can send an oversized buffer of 150=
0 'A' characters to crash the FTP server and potentially execute unauthoriz=
ed code. 2026-02-03 9.8 CVE-2020-37068 [ https://www.cve.org/CVERecord?id= =3DCVE-2020-37068 ] ExploitDB-48501 [ https://www.exploit-db.com/exploits/4= 8501 ]
Konica Minolta FTP Utility Download Page [ https://konica-minolta-ftp-utili= ty.software.informer.com/download/ ]
Konica Minolta Vendor Homepage [ https://www.konicaminolta.us/ ]
VulnCheck Advisory: Konica Minolta FTP Utility 1.0 - 'LIST' Denial of Servi=
ce [ https://www.vulncheck.com/advisories/konica-minolta-ftp-utility-list-d= enial-of-service ]
=C2=A0 Konica Minolta--FTP Utility Konica Minolta FTP Utility 1.0 contains =
a buffer overflow vulnerability in the NLST command that allows attackers t=
o overwrite system registers. Attackers can send an oversized buffer of 150=
0 'A' characters to crash the FTP server and potentially execute unauthoriz=
ed code. 2026-02-03 9.8 CVE-2020-37069 [ https://www.cve.org/CVERecord?id= =3DCVE-2020-37069 ] ExploitDB-48502 [ https://www.exploit-db.com/exploits/4= 8502 ]
Konica Minolta FTP Utility Download Page [ https://konica-minolta-ftp-utili= ty.software.informer.com/download/ ]
Konica Minolta Vendor Homepage [ https://www.konicaminolta.us/ ]
VulnCheck Advisory: Konica Minolta FTP Utility 1.0 - 'NLST' Denial of Servi=
ce [ https://www.vulncheck.com/advisories/konica-minolta-ftp-utility-nlst-d= enial-of-service ]
=C2=A0 CloudMe--CloudMe CloudMe 1.11.2 contains a buffer overflow vulnerabi= lity that allows remote attackers to execute arbitrary code through crafted=
network packets. Attackers can exploit the vulnerability by sending a spec= ially crafted payload to the CloudMe service running on port 8888, enabling=
remote code execution. 2026-02-03 9.8 CVE-2020-37070 [ https://www.cve.org= /CVERecord?id=3DCVE-2020-37070 ] ExploitDB-48499 [ https://www.exploit-db.c= om/exploits/48499 ]
CloudMe Official Homepage [ https://www.cloudme.com/en ]
VulnCheck Advisory: CloudMe 1.11.2 - Buffer Overflow (SEH,DEP,ASLR) [ https= ://www.vulncheck.com/advisories/cloudme-buffer-overflow-sehdepaslr ]
=C2=A0 CraftCMS--CraftCMS CraftCMS 3 vCard Plugin 1.0.0 contains a deserial= ization vulnerability that allows unauthenticated attackers to execute arbi= trary PHP code through a crafted payload. Attackers can generate a maliciou=
s serialized payload that triggers remote code execution by exploiting the = plugin's vCard download functionality with a specially crafted request. 202= 6-02-03 9.8 CVE-2020-37071 [ https://www.cve.org/CVERecord?id=3DCVE-2020-37= 071 ] ExploitDB-48492 [ https://www.exploit-db.com/exploits/48492 ]
Official CraftCMS Vendor Homepage [ https://craftcms.com/ ]
CraftCMS vCard Plugin Page [ https://plugins.craftcms.com/vcard ]
Researcher Exploit Disclosure [ https://gitlab.com/wguest/craftcms-vcard-ex= ploit ]
VulnCheck Advisory: CraftCMS 3 vCard Plugin 1.0.0 - Remote Code Execution [=
https://www.vulncheck.com/advisories/craftcms-vcard-plugin-remote-code-exe= cution ]
=C2=A0 LizardSystems--Remote Desktop Audit Remote Desktop Audit 2.3.0.157 c= ontains a buffer overflow vulnerability that allows attackers to execute ar= bitrary code during the Add Computers Wizard file import process. Attackers=
can craft a malicious payload file to trigger a structured exception handl=
er (SEH) bypass and execute shellcode when importing computer lists. 2026-0= 2-03 9.8 CVE-2020-37074 [ https://www.cve.org/CVERecord?id=3DCVE-2020-37074=
] ExploitDB-48465 [ https://www.exploit-db.com/exploits/48465 ]
Remote Desktop Audit Product Webpage [ https://lizardsystems.com/remote-des= ktop-audit/ ]
VulnCheck Advisory: Remote Desktop Audit 2.3.0.157 - Buffer Overflow (SEH) =
[ https://www.vulncheck.com/advisories/remote-desktop-audit-buffer-overflow= -seh ]
=C2=A0 LizardSystems--LanSend LanSend 3.2 contains a buffer overflow vulner= ability in the Add Computers Wizard file import functionality that allows r= emote attackers to execute arbitrary code. Attackers can craft a malicious = payload file to trigger a structured exception handler (SEH) overwrite and = execute shellcode when importing computers from a file. 2026-02-03 9.8 CVE-= 2020-37075 [ https://www.cve.org/CVERecord?id=3DCVE-2020-37075 ] ExploitDB-= 48461 [ https://www.exploit-db.com/exploits/48461 ]
LanSend Product Webpage [ https://lizardsystems.com/lansend/ ]
VulnCheck Advisory: LanSend 3.2 - Buffer Overflow (SEH) [ https://www.vulnc= heck.com/advisories/lansend-buffer-overflow-seh ]
=C2=A0 luiswang--webTareas webTareas 2.0.p8 contains a file deletion vulner= ability in the print_layout.php administration component that allows authen= ticated attackers to delete arbitrary files. Attackers can exploit the vuln= erability by manipulating the 'atttmp1' parameter to specify and delete fil=
es on the server through an unauthenticated file deletion mechanism. 2026-0= 2-03 9.8 CVE-2020-37080 [ https://www.cve.org/CVERecord?id=3DCVE-2020-37080=
] ExploitDB-48430 [ https://www.exploit-db.com/exploits/48430 ]
webTareas Project Homepage [ https://sourceforge.net/projects/webtareas/ ] VulnCheck Advisory: webTareas 2.0.p8 - Arbitrary File Deletion [ https://ww= w.vulncheck.com/advisories/webtareas-p-arbitrary-file-deletion ]
=C2=A0 Weberp--webERP webERP 4.15.1 contains an unauthenticated file access=
vulnerability that allows remote attackers to download database backup fil=
es without authentication. Attackers can directly access generated backup f= iles in the companies/weberp/ directory by requesting the Backup_[timestamp= ].sql.gz file. 2026-02-03 9.8 CVE-2020-37082 [ https://www.cve.org/CVERecor= d?id=3DCVE-2020-37082 ] ExploitDB-48420 [ https://www.exploit-db.com/exploi= ts/48420 ]
Official webERP Vendor Homepage [ http://www.weberp.org ]
webERP SourceForge Project Page [ https://sourceforge.net/projects/web-erp/=
]
VulnCheck Advisory: webERP 4.15.1 - Unauthenticated Backup File Access [ ht= tps://www.vulncheck.com/advisories/weberp-unauthenticated-backup-file-acces=
s ]
=C2=A0 Arox--School ERP Pro School ERP Pro 1.0 contains a file upload vulne= rability that allows students to upload arbitrary PHP files to the messagin=
g system. Attackers can upload malicious PHP scripts through the message at= tachment feature, enabling remote code execution on the server. 2026-02-03 = 9.8 CVE-2020-37090 [ https://www.cve.org/CVERecord?id=3DCVE-2020-37090 ] Ex= ploitDB-48392 [ https://www.exploit-db.com/exploits/48392 ]
Archived Vendor Homepage [ https://web.archive.org/web/20200129123503/http:= //arox.in/ ]
Archived SourceForge Product Page [ https://web.archive.org/web/20190612111= 732/https://sourceforge.net/projects/school-erp-ultimate/ ]
VulnCheck Advisory: School ERP Pro 1.0 - Remote Code Execution [ https://ww= w.vulncheck.com/advisories/school-erp-pro-remote-code-execution ]
=C2=A0 EspoCRM--EspoCRM EspoCRM 5.8.5 contains an authentication vulnerabil= ity that allows attackers to access other user accounts by manipulating aut= horization headers. Attackers can decode and modify Basic Authorization and=
Espo-Authorization tokens to gain unauthorized access to administrative us=
er information and privileges. 2026-02-03 9.8 CVE-2020-37094 [ https://www.= cve.org/CVERecord?id=3DCVE-2020-37094 ] ExploitDB-48376 [ https://www.explo= it-db.com/exploits/48376 ]
EspoCRM Official Vendor Homepage [ https://www.espocrm.com ]
VulnCheck Advisory: EspoCRM 5.8.5 - Privilege Escalation [ https://www.vuln= check.com/advisories/espocrm-privilege-escalation ]
=C2=A0 Cyberoam--Cyberoam Authentication Client Cyberoam Authentication Cli= ent 2.1.2.7 contains a buffer overflow vulnerability that allows remote att= ackers to execute arbitrary code by overwriting Structured Exception Handle=
r (SEH) memory. Attackers can craft a malicious input in the 'Cyberoam Serv=
er Address' field to trigger a bind TCP shell on port 1337 with system-leve=
l access. 2026-02-06 9.8 CVE-2020-37095 [ https://www.cve.org/CVERecord?id= =3DCVE-2020-37095 ] ExploitDB-48148 [ https://www.exploit-db.com/exploits/4= 8148 ]
Archived Cyberoam Authentication Client Software [ https://cyberoam-general= -authentication-client.software.informer.com/2.1/ ]
VulnCheck Advisory: Cyberoam Authentication Client 2.1.2.7 - Buffer Overflo=
w (SEH) [ https://www.vulncheck.com/advisories/cyberoam-authentication-clie= nt-buffer-overflow-seh ]
=C2=A0 Nsasoft--Nsauditor Nsauditor 3.0.28 and 3.2.1.0 contains a buffer ov= erflow vulnerability in the DNS Lookup tool that allows attackers to execut=
e arbitrary code by overwriting memory. Attackers can craft a malicious DNS=
query payload to trigger a three-byte overwrite, bypass ASLR, and execute = shellcode through a carefully constructed exploit. 2026-02-05 9.8 CVE-2020-= 37119 [ https://www.cve.org/CVERecord?id=3DCVE-2020-37119 ] ExploitDB-48350=
[ https://www.exploit-db.com/exploits/48350 ]
Nsauditor Homepage [ https://www.nsauditor.com/ ]
VulnCheck Advisory: Nsauditor 3.2.1.0 - Buffer Overflow (SEH+ASLR bypass (3=
bytes overwrite)) [ https://www.vulncheck.com/advisories/nsauditor-buffer-= overflow-sehaslr-bypass-bytes-overwrite ]
=C2=A0 Rubo Medical Imaging--Rubo DICOM Viewer Rubo DICOM Viewer 2.0 contai=
ns a buffer overflow vulnerability in the DICOM server name input field tha=
t allows attackers to overwrite Structured Exception Handler (SEH). Attacke=
rs can craft a malicious text file with carefully constructed payload to ex= ecute arbitrary code by overwriting SEH and triggering remote code executio=
n. 2026-02-05 9.8 CVE-2020-37120 [ https://www.cve.org/CVERecord?id=3DCVE-2= 020-37120 ] ExploitDB-48351 [ https://www.exploit-db.com/exploits/48351 ] Archived Rubo DICOM Viewer Product Page [ https://web.archive.org/web/20200= 109194722/http://www.rubomedical.com/dicom_viewer.html ]
VulnCheck Advisory: Rubo DICOM Viewer 2.0 - Buffer Overflow (SEH) [ https:/= /www.vulncheck.com/advisories/rubo-dicom-viewer-buffer-overflow-seh ]
=C2=A0 wcchandler--Pinger Pinger 1.0 contains a remote code execution vulne= rability that allows attackers to inject shell commands through the ping an=
d socket parameters. Attackers can exploit the unsanitized input in ping.ph=
p to write arbitrary PHP files and execute system commands by appending she=
ll metacharacters. 2026-02-05 9.8 CVE-2020-37123 [ https://www.cve.org/CVER= ecord?id=3DCVE-2020-37123 ] ExploitDB-48323 [ https://www.exploit-db.com/ex= ploits/48323 ]
Pinger GitHub Repository [ https://github.com/wcchandler/pinger ]
VulnCheck Advisory: Pinger 1.0 - Remote Code Execution [ https://www.vulnch= eck.com/advisories/pinger-remote-code-execution ]
=C2=A0 4Mhz--B64dec B64dec 1.1.2 contains a buffer overflow vulnerability t= hat allows attackers to execute arbitrary code by overwriting Structured Ex= ception Handler (SEH) with crafted input. Attackers can leverage an egg hun= ter technique and carefully constructed payload to inject and execute malic= ious code during base64 decoding process. 2026-02-05 9.8 CVE-2020-37124 [ h= ttps://www.cve.org/CVERecord?id=3DCVE-2020-37124 ] ExploitDB-48317 [ https:= //www.exploit-db.com/exploits/48317 ]
Product Webpage [ http://4mhz.de/b64dec.html ]
VulnCheck Advisory: B64dec 1.1.2 - Buffer Overflow (SEH Overflow + Egg Hunt= er) [ https://www.vulncheck.com/advisories/bdec-buffer-overflow-seh-overflo= w-egg-hunter ]
=C2=A0 EDIMAX Technology--EW-7438RPn Mini Edimax EW-7438RPn-v3 Mini 1.27 co= ntains a remote code execution vulnerability that allows unauthenticated at= tackers to execute arbitrary commands through the /goform/mp endpoint. Atta= ckers can exploit the vulnerability by sending crafted POST requests with c= ommand injection payloads to download and execute malicious scripts on the = device. 2026-02-05 9.8 CVE-2020-37125 [ https://www.cve.org/CVERecord?id=3D= CVE-2020-37125 ] ExploitDB-48318 [ https://www.exploit-db.com/exploits/4831=
8 ]
Edimax EW-7438RPn Mini Product Page [ https://www.edimax.com/edimax/merchan= dise/merchandise_detail/data/edimax/global/wi-fi_range_extenders_n300/ew-74= 38rpn_mini/ ]
VulnCheck Advisory: Edimax Technology EW-7438RPn-v3 Mini 1.27 - Remote Code=
Execution [ https://www.vulncheck.com/advisories/edimax-technology-ew-rpn-= mini-remote-code-execution ]
=C2=A0 Drive Software Company--Free Desktop Clock Free Desktop Clock 3.0 co= ntains a stack overflow vulnerability in the Time Zones display name input = that allows attackers to overwrite Structured Exception Handler (SEH) regis= ters. Attackers can exploit the vulnerability by crafting a malicious Unico=
de input that triggers an access violation and potentially execute arbitrar=
y code. 2026-02-05 9.8 CVE-2020-37126 [ https://www.cve.org/CVERecord?id=3D= CVE-2020-37126 ] ExploitDB-48314 [ https://www.exploit-db.com/exploits/4831=
4 ]
Vendor Homepage [ http://www.drive-software.com ]
VulnCheck Advisory: Free Desktop Clock x86 Venetian Blinds Zipper 3.0 - Uni= code Stack Overflow (SEH) [ https://www.vulncheck.com/advisories/free-deskt= op-clock-x-venetian-blinds-zipper-unicode-stack-overflow-seh ]
=C2=A0 Microvirt--Memu Play Memu Play 7.1.3 contains an insecure folder per= missions vulnerability that allows low-privileged users to modify the MemuS= ervice.exe executable. Attackers can replace the service executable with a = malicious file during system restart to gain SYSTEM-level privileges by exp= loiting unrestricted file modification permissions. 2026-02-05 9.8 CVE-2020= -37129 [ https://www.cve.org/CVERecord?id=3DCVE-2020-37129 ] ExploitDB-4828=
3 [ https://www.exploit-db.com/exploits/48283 ]
Memu Play Official Homepage [ https://www.memuplay.com/ ]
VulnCheck Advisory: Memu Play 7.1.3 - Insecure Folder Permissions [ https:/= /www.vulncheck.com/advisories/memu-play-insecure-folder-permissions ]
=C2=A0 10-Strike Software--Network Inventory Explorer 10-Strike Network Inv= entory Explorer 9.03 contains a buffer overflow vulnerability in the file i= mport functionality that allows remote attackers to execute arbitrary code.=
Attackers can craft a malicious text file with carefully constructed paylo=
ad to trigger a stack-based buffer overflow and bypass data execution preve= ntion through a ROP chain. 2026-02-05 9.8 CVE-2020-37138 [ https://www.cve.= org/CVERecord?id=3DCVE-2020-37138 ] ExploitDB-48264 [ https://www.exploit-d= b.com/exploits/48264 ]
10-Strike Software Homepage [ https://www.10-strike.com ]
10-Strike Network Inventory Explorer Product Page [ https://www.10-strike.c= om/networkinventoryexplorer/ ]
VulnCheck Advisory: 10-Strike Network Inventory Explorer 9.03 - 'Read from = File' Buffer Overflow (SEH)(ROP) [ https://www.vulncheck.com/advisories/str= ike-network-inventory-explorer-read-from-file-buffer-overflow-sehrop ]
=C2=A0 Parallaxis--Cuckoo Clock Parallaxis Cuckoo Clock 5.0 contains a buff=
er overflow vulnerability that allows attackers to execute arbitrary code b=
y overwriting memory registers in the alarm scheduling feature. Attackers c=
an craft a malicious payload exceeding 260 bytes to overwrite EIP and EBP, = enabling shellcode execution with potential remote code execution. 2026-02-=
06 9.8 CVE-2020-37159 [ https://www.cve.org/CVERecord?id=3DCVE-2020-37159 ]=
ExploitDB-48087 [ https://www.exploit-db.com/exploits/48087 ]
Vendor Homepage [ https://en.softonic.com/author/pxcompany ]
VulnCheck Advisory: Cuckoo Clock 5.0 - Buffer Overflow [ https://www.vulnch= eck.com/advisories/cuckoo-clock-buffer-overflow ]
=C2=A0 Wedding Slideshow Studio--Wedding Slideshow Studio Wedding Slideshow=
Studio 1.36 contains a buffer overflow vulnerability that allows attackers=
to execute arbitrary code by overwriting the registration name field with = malicious payload. Attackers can craft a specially designed payload to trig= ger remote code execution, demonstrating the ability to run system commands=
like launching the calculator. 2026-02-06 9.8 CVE-2020-37161 [ https://www= .cve.org/CVERecord?id=3DCVE-2020-37161 ] ExploitDB-48050 [ https://www.expl= oit-db.com/exploits/48050 ]
Wedding Slideshow Studio Official Homepage [ http://www.wedding-slideshow-s= tudio.com/ ]
VulnCheck Advisory: Wedding Slideshow Studio 1.36 - 'Name' Buffer Overflow =
[ https://www.vulncheck.com/advisories/wedding-slideshow-studio-name-buffer= -overflow ]
=C2=A0 Wedding Slideshow Studio--Wedding Slideshow Studio Wedding Slideshow=
Studio 1.36 contains a buffer overflow vulnerability in the registration k=
ey input that allows attackers to execute arbitrary code by overwriting mem= ory. Attackers can craft a malicious payload of 1608 bytes to trigger a sta= ck-based buffer overflow and execute commands through the registration key = field. 2026-02-06 9.8 CVE-2020-37162 [ https://www.cve.org/CVERecord?id=3DC= VE-2020-37162 ] ExploitDB-48028 [ https://www.exploit-db.com/exploits/48028=
]
Archived Wedding Slideshow Studio Webpage [ https://web.archive.org/web/202= 00126071857/http://www.wedding-slideshow-studio.com/ ]
VulnCheck Advisory: Wedding Slideshow Studio 1.36 - 'Key' Buffer Overflow [=
https://www.vulncheck.com/advisories/wedding-slideshow-studio-key-buffer-o= verflow ]
=C2=A0 Innomic--VibroLine VLX1 HD 5.0 An unauthenticated remote attacker ca=
n gain full access on the affected devices as they are shipped without a pa= ssword by default and setting one is not enforced. 2026-02-02 9.8 CVE-2022-= 50981 [ https://www.cve.org/CVERecord?id=3DCVE-2022-50981 ] https://www.inn= omic.com/.well-known/csaf/white/2026/ids-2026-0001.html https://www.innomic.com/.well-known/csaf/white/2026/ids-2026-0001.json
=C2=A0 IBM--Common Cryptographic Architecture IBM Common Cryptographic Arch= itecture (CCA)=C2=A07.5.52 and=C2=A08.4.82 could allow an unauthenticated u= ser to execute arbitrary commands with elevated privileges on the system. 2= 026-02-04 9.8 CVE-2025-13375 [ https://www.cve.org/CVERecord?id=3DCVE-2025-= 13375 ] https://www.ibm.com/support/pages/node/7259625
=C2=A0 jayarsiech--JAY Login & Register The JAY Login & Register plugin for=
WordPress is vulnerable to Privilege Escalation in all versions up to, and=
including, 2.6.03. This is due to the plugin allowing a user to update arb= itrary user meta through the 'jay_login_register_ajax_create_final_user' fu= nction. This makes it possible for unauthenticated attackers to elevate the=
ir privileges to that of an administrator. 2026-02-08 9.8 CVE-2025-15027 [ = https://www.cve.org/CVERecord?id=3DCVE-2025-15027 ] https://www.wordfence.c= om/threat-intel/vulnerabilities/id/b08198a6-10e8-44ca-a1c5-8d987d85c469?sou= rce=3Dcve https://plugins.trac.wordpress.org/browser/jay-login-register/tags/2.5.01/i= ncludes/jay-login-register-ajax-handler.php#L788
=C2=A0 Emit Informatics and Communication Technologies Industry and Trade L= td. Co.--DIGITA Efficiency Management System Improper Neutralization of Spe= cial Elements used in an SQL Command ('SQL Injection') vulnerability in Emi=
t Informatics and Communication Technologies Industry and Trade Ltd. Co. DI= GITA Efficiency Management System allows SQL Injection. This issue affects = DIGITA Efficiency Management System: through 03022026.=C2=A0 NOTE: The vend=
or was contacted early about this disclosure but did not respond in any way=
. 2026-02-03 9.8 CVE-2025-5319 [ https://www.cve.org/CVERecord?id=3DCVE-202= 5-5319 ] https://www.usom.gov.tr/bildirim/tr-26-0016
=C2=A0 Martcode Software Inc.--Delta Course Automation Improper Neutralizat= ion of Special Elements used in an SQL Command ('SQL Injection') vulnerabil= ity in Martcode Software Inc. Delta Course Automation allows SQL Injection.=
This issue affects Delta Course Automation: through 04022026. NOTE: The ve= ndor was contacted early about this disclosure but did not respond in any w= ay. 2026-02-04 9.8 CVE-2025-5329 [ https://www.cve.org/CVERecord?id=3DCVE-2= 025-5329 ] https://www.usom.gov.tr/bildirim/tr-26-0018
=C2=A0 Unstructured-IO--unstructured The unstructured library provides open= -source components for ingesting and pre-processing images and text documen= ts, such as PDFs, HTML, Word docs, and many more. Prior to version 0.18.18,=
a path traversal vulnerability in the partition_msg function allows an att= acker to write or overwrite arbitrary files on the filesystem when processi=
ng malicious MSG files with attachments. This issue has been patched in ver= sion 0.18.18. 2026-02-04 9.8 CVE-2025-64712 [ https://www.cve.org/CVERecord= ?id=3DCVE-2025-64712 ] https://github.com/Unstructured-IO/unstructured/secu= rity/advisories/GHSA-gm8q-m8mv-jj5m https://github.com/Unstructured-IO/unstructured/commit/b01d35b2373fd087d2e1= 5162b9c021663c97155d
=C2=A0 wildfirechat--im-server Wildfire IM is an instant messaging and real= -time audio/video solution. Prior to 1.4.3, a critical vulnerability exists=
in the im-server component related to the file upload functionality found =
in com.xiaoleilu.loServer.action.UploadFileAction. The application exposes =
an endpoint (/fs) that handles multipart file uploads but fails to properly=
sanitize the filename provided by the user. Specifically, the writeFileUpl= oadData method directly concatenates the configured storage directory with = the filename extracted from the upload request without stripping directory = traversal sequences (e.g., ../../). This vulnerability allows an attacker t=
o write arbitrary files to any location on the server's filesystem where th=
e application process has write permissions. By uploading malicious files (= such as scripts, executables, or overwriting configuration files like autho= rized_keys or cron jobs), an attacker can achieve Remote Code Execution (RC=
E) and completely compromise the server. This vulnerability is fixed in 1.4= .3. 2026-02-02 9.8 CVE-2025-66480 [ https://www.cve.org/CVERecord?id=3DCVE-= 2025-66480 ] https://github.com/wildfirechat/im-server/security/advisories/= GHSA-74hq-jhx2-fq6c https://github.com/wildfirechat/im-server/commit/2f9c4e028c01c64913cab32e72= 48bcca183a5230
https://github.com/wildfirechat/im-server/releases/tag/1.4.3
=C2=A0 revmakx--WP Duplicate WordPress Migration Plugin The WP Duplicate pl= ugin for WordPress is vulnerable to Missing Authorization leading to Arbitr= ary File Upload in all versions up to and including 1.1.8. This is due to a=
missing capability check on the `process_add_site()` AJAX action combined = with path traversal in the file upload functionality. This makes it possibl=
e for authenticated (subscriber-level) attackers to set the internal `prod_= key_random_id` option, which can then be used by an unauthenticated attacke=
r to bypass authentication checks and write arbitrary files to the server v=
ia the `handle_upload_single_big_file()` function, ultimately leading to re= mote code execution. 2026-02-06 9.8 CVE-2026-1499 [ https://www.cve.org/CVE= Record?id=3DCVE-2026-1499 ] https://www.wordfence.com/threat-intel/vulnerab= ilities/id/11bb7190-023b-45e1-99a5-7313c489ef45?source=3Dcve https://cwe.mitre.org/data/definitions/862.html https://plugins.trac.wordpress.org/browser/local-sync/trunk/admin/class-loc= al-sync-admin.php#L422 https://plugins.trac.wordpress.org/browser/local-sync/tags/1.1.8/admin/clas= s-local-sync-admin.php#L422 https://plugins.trac.wordpress.org/browser/local-sync/trunk/includes/class-= local-sync-handle-server-requests.php#L389 https://plugins.trac.wordpress.org/browser/local-sync/tags/1.1.8/includes/c= lass-local-sync-handle-server-requests.php#L389 https://plugins.trac.wordpress.org/browser/local-sync/trunk/admin/class-loc= al-sync-files-op.php#L843 https://plugins.trac.wordpress.org/browser/local-sync/tags/1.1.8/admin/clas= s-local-sync-files-op.php#L843 https://plugins.trac.wordpress.org/changeset?sfp_email=3D&sfph_mail=3D&repo= name=3D&new=3D3452904%40local-sync&old=3D3400317%40local-sync&sfp_email=3D&= sfph_mail=3D
=C2=A0 Rapid7--Vulnerability Management Rapid7 InsightVM versions before=C2= =A08.34.0 contain a signature verification issue on the=C2=A0Assertion Cons= umer Service (ACS) cloud endpoint that could allow an attacker to gain unau= thorized access to InsightVM accounts setup via "Security Console" installa= tions, resulting in full account takeover. The issue occurs due to the appl= ication processing these unsigned assertions and issuing session cookies th=
at granted access to the targeted user accounts. This has been fixed in ver= sion 8.34.0 of InsightVM. 2026-02-03 9.6 CVE-2026-1568 [ https://www.cve.or= g/CVERecord?id=3DCVE-2026-1568 ] https://docs.rapid7.com/insight/command-pl= atform-release-notes/
=C2=A0 RISS SRL--MOMA Seismic Station MOMA Seismic Station Version v2.4.252=
0 and prior exposes its web management interface without requiring authenti= cation, which could allow an unauthenticated attacker to modify configurati=
on settings, acquire device data or remotely reset the device. 2026-02-03 9=
.1 CVE-2026-1632 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1632 ] https= ://www.cisa.gov/news-events/ics-advisories/icsa-26-034-03 https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-= 26-034-03.json
=C2=A0 Red Hat--Red Hat Enterprise Linux 10 A flaw was found in Keylime. Th=
e Keylime registrar, since version 7.12.0, does not enforce client-side Tra= nsport Layer Security (TLS) authentication. This authentication bypass vuln= erability allows unauthenticated clients with network access to perform adm= inistrative operations, including listing agents, retrieving public Trusted=
Platform Module (TPM) data, and deleting agents, by connecting without pre= senting a client certificate. 2026-02-06 9.4 CVE-2026-1709 [ https://www.cv= e.org/CVERecord?id=3DCVE-2026-1709 ] RHSA-2026:2224 [ https://access.redhat= .com/errata/RHSA-2026:2224 ]
RHSA-2026:2225 [ https://access.redhat.com/errata/RHSA-2026:2225 ] RHSA-2026:2298 [ https://access.redhat.com/errata/RHSA-2026:2298 ] https://access.redhat.com/security/cve/CVE-2026-1709
RHBZ#2435514 [ https://bugzilla.redhat.com/show_bug.cgi?id=3D2435514 ]
=C2=A0 IP-COM--W30AP A vulnerability was detected in IP-COM W30AP up to 1.0= .0.11(1340). Affected by this issue is the function R7WebsSecurityHandler o=
f the file /goform/wx3auth of the component POST Request Handler. The manip= ulation of the argument data results in stack-based buffer overflow. The at= tack may be performed from remote. The exploit is now public and may be use=
d. The vendor was contacted early about this disclosure but did not respond=
in any way. 2026-02-06 9.8 CVE-2026-2017 [ https://www.cve.org/CVERecord?i= d=3DCVE-2026-2017 ] VDB-344599 | IP-COM W30AP POST Request wx3auth R7WebsSe= curityHandler stack-based overflow [ https://vuldb.com/?id.344599 ]
VDB-344599 | CTI Indicators (IOB, IOC, IOA) [ https://vuldb.com/?ctiid.3445=
99 ]
Submit #744062 | IP-COM W30APv4.0 <=3D v1.0.0.11(1340) Stack-based Buffer O= verflow [ https://vuldb.com/?submit.744062 ]
Submit #744063 | IP-COM W30APv4.0 <=3D v1.0.0.11(1340) Stack-based Buffer O= verflow (Duplicate) [ https://vuldb.com/?submit.744063 ] https://gitee.com/GXB0_0/iot-vul/blob/master/IP-COM/W30AP/wx3auth-sprintf.md https://gitee.com/GXB0_0/iot-vul/blob/master/IP-COM/W30AP/wx3auth-sprintf.m= d#poc
=C2=A0 Fortinet--FortiClientEMS An improper neutralization of special eleme= nts used in an sql command ('sql injection') vulnerability in Fortinet Fort= iClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthori= zed code or commands via specifically crafted HTTP requests. 2026-02-06 9.1=
CVE-2026-21643 [ https://www.cve.org/CVERecord?id=3DCVE-2026-21643 ] https= ://fortiguard.fortinet.com/psirt/FG-IR-25-1142
=C2=A0 vllm-project--vllm vLLM is an inference and serving engine for large=
language models (LLMs). From 0.8.3 to before 0.14.1, when an invalid image=
is sent to vLLM's multimodal endpoint, PIL throws an error. vLLM returns t= his error to the client, leaking a heap address. With this leak, we reduce = ASLR from 4 billion guesses to ~8 guesses. This vulnerability can be chaine=
d a heap overflow with JPEG2000 decoder in OpenCV/FFmpeg to achieve remote = code execution. This vulnerability is fixed in 0.14.1. 2026-02-02 9.8 CVE-2= 026-22778 [ https://www.cve.org/CVERecord?id=3DCVE-2026-22778 ] https://git= hub.com/vllm-project/vllm/security/advisories/GHSA-4r2x-xpjr-7cvv https://github.com/vllm-project/vllm/pull/31987 https://github.com/vllm-project/vllm/pull/32319 https://github.com/vllm-project/vllm/releases/tag/v0.14.1
=C2=A0 Microsoft--Azure Front Door Azure Front Door Elevation of Privilege = Vulnerability 2026-02-05 9.8 CVE-2026-24300 [ https://www.cve.org/CVERecord= ?id=3DCVE-2026-24300 ] Azure Front Door Elevation of Privilege Vulnerabilit=
y [ https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-24300 ] =C2=A0 NixOS--nixpkgs The NixOs Odoo package is an open source ERP and CRM = system. From 21.11 to before 25.11 and 26.05, every NixOS based Odoo setup = publicly exposes the database manager without any authentication. This allo=
ws unauthorized actors to delete and download the entire database, includin=
g Odoos file store. Unauthorized access is evident from http requests. If k= ept, searching access logs and/or Odoos log for requests to /web/database c=
an give indicators, if this has been actively exploited. The database manag=
er is a featured intended for development and not meant to be publicly reac= hable. On other setups, a master password acts as 2nd line of defence. Howe= ver, due to the nature of NixOS, Odoo is not able to modify its own configu= ration file and thus unable to persist the auto-generated password. This al=
so applies when manually setting a master password in the web-UI. This mean=
s, the password is lost when restarting Odoo. When no password is set, the = user is prompted to set one directly via the database manager. This require=
s no authentication or action by any authorized user or the system administ= rator. Thus, the database is effectively world readable by anyone able to r= each Odoo. This vulnerability is fixed in 25.11 and 26.05. 2026-02-02 9.1 C= VE-2026-25137 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25137 ] https:/= /github.com/NixOS/nixpkgs/security/advisories/GHSA-cwmq-6wv5-f3px https://github.com/NixOS/nixpkgs/pull/485310 https://github.com/NixOS/nixpkgs/pull/485454
=C2=A0 QwikDev--qwik Qwik is a performance focused javascript framework. Pr= ior to version 1.19.0, a prototype pollution vulnerability exists in the fo= rmToObj() function within @builder.io/qwik-city middleware. The function pr= ocesses form field names with dot notation (e.g., user.name) to create nest=
ed objects, but fails to sanitize dangerous property names like __proto__, = constructor, and prototype. This allows unauthenticated attackers to pollut=
e Object.prototype by sending crafted HTTP POST requests, potentially leadi=
ng to privilege escalation, authentication bypass, or denial of service. Th=
is issue has been patched in version 1.19.0. 2026-02-03 9.3 CVE-2026-25150 =
[ https://www.cve.org/CVERecord?id=3DCVE-2026-25150 ] https://github.com/Qw= ikDev/qwik/security/advisories/GHSA-xqg6-98cw-gxhq https://github.com/QwikDev/qwik/commit/5f65bae2bc33e6ca0c21e4cfcf9eae050777= 16f7
=C2=A0 AlistGo--alist Alist is a file list program that supports multiple s= torages, powered by Gin and Solidjs. Prior to version 3.57.0, the applicati=
on disables TLS certificate verification by default for all outgoing storag=
e driver communications, making the system vulnerable to Man-in-the-Middle = (MitM) attacks. This enables the complete decryption, theft, and manipulati=
on of all data transmitted during storage operations, severely compromising=
the confidentiality and integrity of user data. This issue has been patche=
d in version 3.57.0. 2026-02-04 9.1 CVE-2026-25160 [ https://www.cve.org/CV= ERecord?id=3DCVE-2026-25160 ] https://github.com/AlistGo/alist/security/adv= isories/GHSA-8jmm-3xwx-w974 https://github.com/AlistGo/alist/commit/69629ca76a8f2c8c973ede3b616f93aa26f= f23fb
=C2=A0 Samsung Electronics--MagicINFO 9 Server A vulnerability in MagicInfo=
9 Server allows authorized users to upload HTML files without authenticatio=
n, leading to Stored XSS, which can result in account takeover This issue a= ffects MagicINFO 9 Server: less than 21.1090.1. 2026-02-02 9.8 CVE-2026-252=
00 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25200 ] https://security.s= amsungtv.com/securityUpdates
=C2=A0 Samsung Electronics--MagicINFO 9 Server The database account and pas= sword are hardcoded, allowing login with the account to manipulate the data= base in MagicInfo9 Server. This issue affects MagicINFO 9 Server: less than=
21.1090.1. 2026-02-02 9.8 CVE-2026-25202 [ https://www.cve.org/CVERecord?i= d=3DCVE-2026-25202 ] https://security.samsungtv.com/securityUpdates
=C2=A0 maziggy--bambuddy Bambuddy is a self-hosted print archive and manage= ment system for Bambu Lab 3D printers. Prior to version 0.1.7, a hardcoded = secret key used for signing JWTs is checked into source code and ManyAPI ro= utes do not check authentication. This issue has been patched in version 0.= 1.7. 2026-02-04 9.8 CVE-2026-25505 [ https://www.cve.org/CVERecord?id=3DCVE= -2026-25505 ] https://github.com/maziggy/bambuddy/security/advisories/GHSA-= gc24-px2r-5qmf
https://github.com/maziggy/bambuddy/pull/225 https://github.com/maziggy/bambuddy/commit/a82f9278d2d587b7042a0858aab79fd8= b6e3add9 https://github.com/maziggy/bambuddy/commit/c31f2968889c855f1ffacb700c2c9970= deb2a6fb https://github.com/maziggy/bambuddy/blob/a9bb8ed8239602bf08a9914f85a09eeb2b= f13d15/backend/app/core/auth.py#L28 https://github.com/maziggy/bambuddy/blob/main/CHANGELOG.md https://github.com/maziggy/bambuddy/releases/tag/v0.1.7
=C2=A0 HubSpot--jinjava JinJava is a Java-based template engine based on dj= ango template syntax, adapted to render jinja templates. Prior to versions = 2.7.6 and 2.8.3, JinJava is vulnerable to arbitrary Java execution via bypa=
ss through ForTag. This allows arbitrary Java class instantiation and file = access bypassing built-in sandbox restrictions. This issue has been patched=
in versions 2.7.6 and 2.8.3. 2026-02-04 9.8 CVE-2026-25526 [ https://www.c= ve.org/CVERecord?id=3DCVE-2026-25526 ] https://github.com/HubSpot/jinjava/s= ecurity/advisories/GHSA-gjx9-j8f8-7j74 https://github.com/HubSpot/jinjava/commit/3d02e504d8bbb13bf3fe019e9ca7b51df= ce7a998 https://github.com/HubSpot/jinjava/commit/c7328dce6030ac718f88974196035edaf= ef24441
https://github.com/HubSpot/jinjava/releases/tag/jinjava-2.7.6 https://github.com/HubSpot/jinjava/releases/tag/jinjava-2.8.3
=C2=A0 siyuan-note--siyuan SiYuan is a personal knowledge management system=
. Prior to version 3.5.5, the /api/file/copyFile endpoint does not validate=
the dest parameter, allowing authenticated users to write files to arbitra=
ry locations on the filesystem. This can lead to Remote Code Execution (RCE=
) by writing to sensitive locations such as cron jobs, SSH authorized_keys,=
or shell configuration files. This issue has been patched in version 3.5.5=
. 2026-02-04 9.1 CVE-2026-25539 [ https://www.cve.org/CVERecord?id=3DCVE-20= 26-25539 ] https://github.com/siyuan-note/siyuan/security/advisories/GHSA-c= 4jr-5q7w-f6r9 https://github.com/siyuan-note/siyuan/commit/d7f790755edf8c78d2b4176171e5a0= cdcd720feb
=C2=A0 payloadcms--payload Payload is a free and open source headless conte=
nt management system. Prior to 3.73.0, when querying JSON or richText field=
s, user input was directly embedded into SQL without escaping, enabling bli=
nd SQL injection attacks. An unauthenticated attacker could extract sensiti=
ve data (emails, password reset tokens) and achieve full account takeover w= ithout password cracking. This vulnerability is fixed in 3.73.0. 2026-02-06=
9.8 CVE-2026-25544 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25544 ] h= ttps://github.com/payloadcms/payload/security/advisories/GHSA-xx6w-jxg9-2wh8 =C2=A0 blakeblackshear--frigate Frigate is a network video recorder (NVR) w= ith realtime local object detection for IP cameras. Prior to 0.16.4, a crit= ical Remote Command Execution (RCE) vulnerability has been identified in th=
e Frigate integration with go2rtc. The application does not sanitize user i= nput in the video stream configuration (config.yaml), allowing direct injec= tion of system commands via the exec: directive. The go2rtc service execute=
s these commands without restrictions. This vulnerability is only exploitab=
le by an administrator or users who have exposed their Frigate install to t=
he open internet with no authentication which allows anyone full administra= tive control. This vulnerability is fixed in 0.16.4. 2026-02-06 9.1 CVE-202= 6-25643 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25643 ] https://githu= b.com/blakeblackshear/frigate/security/advisories/GHSA-4c97-5jmr-8f6x https://github.com/blakeblackshear/frigate/releases/tag/v0.16.4
=C2=A0 denpiligrim--3dp-manager 3DP-MANAGER is an inbound generator for 3x-= ui. In version 2.0.1 and prior, the application automatically creates an ad= ministrative account with known default credentials (admin/admin) upon the = first initialization. Attackers with network access to the application's lo= gin interface can gain full administrative control, managing VPN tunnels an=
d system settings. This issue will be patched in version 2.0.2. 2026-02-06 = 9.8 CVE-2026-25803 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25803 ] ht= tps://github.com/denpiligrim/3dp-manager/security/advisories/GHSA-5x57-h7cw= -9jmw https://github.com/denpiligrim/3dp-manager/commit/f568de41de97dd1b70a963708= a1ee18e52b9d248
=C2=A0 OXID-eSales--OXID eShop OXID eShop versions 6.x prior to 6.3.4 conta= ins a SQL injection vulnerability in the 'sorting' parameter that allows at= tackers to insert malicious database content. Attackers can exploit the vul= nerability by manipulating the sorting parameter to inject PHP code into th=
e database and execute arbitrary code through crafted URLs. 2026-02-03 8.2 = CVE-2019-25260 [ https://www.cve.org/CVERecord?id=3DCVE-2019-25260 ] Exploi= tDB-48527 [ https://www.exploit-db.com/exploits/48527 ]
Official OXID eShop Vendor Homepage [ https://www.oxid-esales.com/ ]
OXID eShop Community Edition GitHub Repository [ https://github.com/OXID-eS= ales/oxideshop_ce ]
Archived Researcher Disclosure [ https://web.archive.org/web/20201020223434= /https://www.vulnspy.com/en-oxid-eshop-6.x-sqli-to-rce/ ]
Archived RIPSTech Security Blog [ https://web.archive.org/web/2019073121163= 8/https://blog.ripstech.com/2019/oxid-esales-shop-software/ ]
OXID eShop Bug Tracking Entry [ https://bugs.oxid-esales.com/view.php?id=3D= 7002 ]
VulnCheck Advisory: OXID eShop 6.3.4 - 'sorting' SQL Injection [ https://ww= w.vulncheck.com/advisories/oxid-eshop-sorting-sql-injection ]
=C2=A0 VictorAlagwu--CMSsite Victor CMS 1.0 contains an authenticated file = upload vulnerability that allows administrators to upload PHP files with ar= bitrary content through the user_image parameter. Attackers can upload a ma= licious PHP shell to the /img/ directory and execute system commands by acc= essing the uploaded file with a 'cmd' parameter. 2026-02-03 8.8 CVE-2020-37= 073 [ https://www.cve.org/CVERecord?id=3DCVE-2020-37073 ] ExploitDB-48490 [=
https://www.exploit-db.com/exploits/48490 ]
Victor CMS Project Repository [ https://github.com/VictorAlagwu/CMSsite ] VulnCheck Advisory: Victor CMS 1.0 - Authenticated Arbitrary File Upload [ = https://www.vulncheck.com/advisories/victor-cms-authenticated-arbitrary-fil= e-upload ]
=C2=A0 VictorAlagwu--CMSsite Victor CMS version 1.0 contains a SQL injectio=
n vulnerability in the 'post' parameter on post.php that allows remote atta= ckers to manipulate database queries. Attackers can exploit this vulnerabil= ity by sending crafted UNION SELECT payloads to extract database informatio=
n through boolean-based, error-based, and time-based injection techniques. = 2026-02-03 8.2 CVE-2020-37076 [ https://www.cve.org/CVERecord?id=3DCVE-2020= -37076 ] ExploitDB-48451 [ https://www.exploit-db.com/exploits/48451 ]
Victor CMS GitHub Repository [ https://github.com/VictorAlagwu/CMSsite ] VulnCheck Advisory: Victor CMS 1.0 - 'post' SQL Injection [ https://www.vul= ncheck.com/advisories/victor-cms-post-sql-injection ]
=C2=A0 i-doit GmbH--i-doit Open Source CMDB i-doit Open Source CMDB 1.14.1 = contains a file deletion vulnerability in the import module that allows aut= henticated attackers to delete arbitrary files by manipulating the delete_i= mport parameter. Attackers can send a POST request to the import module wit=
h a crafted filename to remove files from the server's filesystem. 2026-02-=
03 8.8 CVE-2020-37078 [ https://www.cve.org/CVERecord?id=3DCVE-2020-37078 ]=
ExploitDB-48427 [ https://www.exploit-db.com/exploits/48427 ]
Official Vendor Homepage [ https://www.i-doit.org/ ]
i-doit SourceForge Project [ https://sourceforge.net/projects/i-doit/ ] VulnCheck Advisory: i-doit Open Source CMDB 1.14.1 - Arbitrary File Deletio=
n [ https://www.vulncheck.com/advisories/i-doit-open-source-cmdb-arbitrary-= file-deletion ]
=C2=A0 chatelao--PHP Address Book PHP AddressBook 9.0.0.1 contains a time-b= ased blind SQL injection vulnerability that allows remote attackers to mani= pulate database queries through the 'id' parameter. Attackers can inject cr= afted SQL statements with time delays to extract information by observing r= esponse times in the photo.php endpoint. 2026-02-03 8.2 CVE-2020-37083 [ ht= tps://www.cve.org/CVERecord?id=3DCVE-2020-37083 ] ExploitDB-48416 [ https:/= /www.exploit-db.com/exploits/48416 ]
SourceForge Product Page [ https://sourceforge.net/projects/php-addressbook=
/ ]
VulnCheck Advisory: addressbook 9.0.0.1 - 'id' SQL Injection [ https://www.= vulncheck.com/advisories/addressbook-id-sql-injection ]
=C2=A0 Arox--School ERP Pro School ERP Pro 1.0 contains a SQL injection vul= nerability in the 'es_messagesid' parameter that allows attackers to manipu= late database queries through GET requests. Attackers can exploit the vulne= rable parameter by injecting crafted SQL statements to potentially extract,=
modify, or delete database information. 2026-02-03 8.2 CVE-2020-37089 [ ht= tps://www.cve.org/CVERecord?id=3DCVE-2020-37089 ] ExploitDB-48390 [ https:/= /www.exploit-db.com/exploits/48390 ]
Archived Vendor Homepage [ https://web.archive.org/web/20200129123503/http:= //arox.in/ ]
Archived SourceForge Product Page [ https://web.archive.org/web/20190612111= 732/https://sourceforge.net/projects/school-erp-ultimate/ ]
VulnCheck Advisory: School ERP Pro 1.0 - 'es_messagesid' SQL Injection [ ht= tps://www.vulncheck.com/advisories/school-erp-pro-esmessagesid-sql-injectio=
n ]
=C2=A0 Davidvg--60CycleCMS 60CycleCMS 2.5.2 contains an SQL injection vulne= rability in news.php and common/lib.php that allows attackers to manipulate=
database queries through unvalidated user input. Attackers can exploit vul= nerable query parameters like 'title' to inject malicious SQL code and pote= ntially extract or modify database contents. This issue does not involve cr= oss-site scripting. 2026-02-03 8.2 CVE-2020-37110 [ https://www.cve.org/CVE= Record?id=3DCVE-2020-37110 ] ExploitDB-48177 [ https://www.exploit-db.com/e= xploits/48177 ]
Software Download Link [ https://www.opensourcecms.com/60cyclecms ]
VulnCheck Advisory: 60CycleCMS 2.5.2 - 'news.php' SQL Injection Vulnerabili=
ty [ https://www.vulncheck.com/advisories/cyclecms-newsphp-sql-injection-vu= lnerability ]
=C2=A0 Openeclass--GUnet OpenEclass GUnet OpenEclass 1.7.3 allows authentic= ated users to bypass file extension restrictions when uploading files. By r= enaming a PHP file to .php3 or .PhP, an attacker can upload a web shell and=
execute arbitrary code on the server. This vulnerability enables remote co=
de execution by bypassing the intended file type checks in the exercise sub= mission feature. 2026-02-03 8.8 CVE-2020-37113 [ https://www.cve.org/CVERec= ord?id=3DCVE-2020-37113 ] ExploitDB-48163 [ https://www.exploit-db.com/expl= oits/48163 ]
Official Vendor Homepage [ https://www.openeclass.org/ ]
Changelog [ https://download.openeclass.org/files/docs/1.7/CHANGES.txt ] VulnCheck Advisory: GUnet OpenEclass 1.7.3 E-learning platform - File Uploa=
d Extension Bypass [ https://www.vulncheck.com/advisories/gunet-openeclass-= e-learning-platform-file-upload-extension-bypass ]
=C2=A0 Openeclass--GUnet OpenEclass GUnet OpenEclass 1.7.3 includes phpMyAd= min 2.10.0.2 by default, which allows remote logins. Attackers with access =
to the platform can remotely access phpMyAdmin and, after uploading a shell=
, view the config.php file to obtain the MySQL password, leading to full da= tabase compromise. 2026-02-03 8.8 CVE-2020-37116 [ https://www.cve.org/CVER= ecord?id=3DCVE-2020-37116 ] ExploitDB-48163 [ https://www.exploit-db.com/ex= ploits/48163 ]
Official Vendor Homepage [ https://www.openeclass.org/ ]
Changelog [ https://download.openeclass.org/files/docs/1.7/CHANGES.txt ] VulnCheck Advisory: GUnet OpenEclass 1.7.3 E-learning platform - phpMyAdmin=
Remote Access [ https://www.vulncheck.com/advisories/gunet-openeclass-e-le= arning-platform-phpmyadmin-remote-access ]
=C2=A0 jizhiCMS--jizhiCMS jizhiCMS 1.6.7 contains a file download vulnerabi= lity in the admin plugins update endpoint that allows authenticated adminis= trators to download arbitrary files. Attackers can exploit the vulnerabilit=
y by sending crafted POST requests with malicious filepath and download_url=
parameters to trigger unauthorized file downloads. 2026-02-05 8.8 CVE-2020= -37117 [ https://www.cve.org/CVERecord?id=3DCVE-2020-37117 ] ExploitDB-4836=
1 [ https://www.exploit-db.com/exploits/48361 ]
Official Vendor Homepage [ https://www.jizhicms.cn/ ]
VulnCheck Advisory: jizhiCMS 1.6.7 - Arbitrary File Download [ https://www.= vulncheck.com/advisories/jizhicms-arbitrary-file-download ]
=C2=A0 Odin-Secure-Ftp-Expert--Odin Secure FTP Expert Odin Secure FTP Exper=
t 7.6.3 contains a local denial of service vulnerability that allows attack= ers to crash the application by manipulating site information fields. Attac= kers can generate a buffer overflow by pasting 108 bytes of repeated charac= ters into connection fields, causing the application to crash. 2026-02-05 8=
.4 CVE-2020-37139 [ https://www.cve.org/CVERecord?id=3DCVE-2020-37139 ] Exp= loitDB-48262 [ https://www.exploit-db.com/exploits/48262 ]
Archived Software Download [ http://tr.oldversion.com/windows/odin-secure-f= tp-expert-7-6-3 ]
VulnCheck Advisory: Odin Secure FTP Expert 7.6.3 - 'Site Info' Denial of Se= rvice [ https://www.vulncheck.com/advisories/odin-secure-ftp-expert-site-in= fo-denial-of-service ]
=C2=A0 AMSS++--AMSS++ AMSS++ version 4.31 contains a SQL injection vulnerab= ility in the mail module's maildetail.php script through the 'id' parameter=
. Attackers can manipulate the 'id' parameter in /modules/mail/main/maildet= ail.php to inject malicious SQL queries and potentially access or modify da= tabase contents. 2026-02-06 8.2 CVE-2020-37141 [ https://www.cve.org/CVERec= ord?id=3DCVE-2020-37141 ] ExploitDB-48109 [ https://www.exploit-db.com/expl= oits/48109 ]
VulnCheck Advisory: AMSS++ v 4.31 - 'id' SQL Injection [ https://www.vulnch= eck.com/advisories/amss-v-id-sql-injection ]
=C2=A0 10-Strike Software--Network Inventory Explorer 10-Strike Network Inv= entory Explorer 8.54 contains a structured exception handler buffer overflo=
w vulnerability that allows attackers to execute arbitrary code by overwrit= ing SEH records. Attackers can craft a malicious payload targeting the 'Com= puter' parameter during the 'Add' function to trigger remote code execution=
. 2026-02-05 8.4 CVE-2020-37142 [ https://www.cve.org/CVERecord?id=3DCVE-20= 20-37142 ] ExploitDB-48253 [ https://www.exploit-db.com/exploits/48253 ] 10-Strike Software Homepage [ https://www.10-strike.com/ ]
Archived Researcher Blog [ https://web.archive.org/web/20210105222137/https= ://whitecr0wz.github.io/posts/Strike-Network-Inventory-Explorer-Structered-= Exception-Handling-Overwrite/ ]
VulnCheck Advisory: 10-Strike Network Inventory Explorer 8.54 - 'Add' Local=
Buffer Overflow (SEH) [ https://www.vulncheck.com/advisories/strike-networ= k-inventory-explorer-add-local-buffer-overflow-seh ]
=C2=A0 EDIMAX Technology--EW-7438RPn Mini Edimax EW-7438RPn-v3 Mini 1.27 is=
vulnerable to cross-site request forgery (CSRF) that can lead to command e= xecution. An attacker can trick an authenticated user into submitting a cra= fted form to the /goform/mp endpoint, resulting in arbitrary command execut= ion on the device with the user's privileges. 2026-02-05 8.1 CVE-2020-37149=
[ https://www.cve.org/CVERecord?id=3DCVE-2020-37149 ] ExploitDB-48318 [ ht= tps://www.exploit-db.com/exploits/48318 ]
Edimax EW-7438RPn Mini Product Page [ https://www.edimax.com/edimax/merchan= dise/merchandise_detail/data/edimax/global/wi-fi_range_extenders_n300/ew-74= 38rpn_mini/ ]
VulnCheck Advisory: Edimax Technology EW-7438RPn-v3 Mini 1.27 - Cross-Site = Request Forgery (CSRF) to Command Execution [ https://www.vulncheck.com/adv= isories/edimax-technology-ew-rpn-mini-cross-site-request-forgery-csrf-to-co= mmand-execution ]
=C2=A0 Ciprianmp--phpMyChat Plus phpMyChat Plus 1.98 contains a SQL injecti=
on vulnerability in the deluser.php page through the pmc_username parameter=
that allows attackers to manipulate database queries. Attackers can exploi=
t boolean-based, error-based, and time-based blind SQL injection techniques=
to extract sensitive database information by crafting malicious payloads i=
n the username field. 2026-02-05 8.2 CVE-2020-37151 [ https://www.cve.org/C= VERecord?id=3DCVE-2020-37151 ] ExploitDB-48066 [ https://www.exploit-db.com= /exploits/48066 ]
Vendor Homepage [ http://ciprianmp.com/latest/ ]
VulnCheck Advisory: phpMyChat Plus 1.98 'deluser.php' SQL Injection [ https= ://www.vulncheck.com/advisories/phpmychat-plus-deluserphp-sql-injection ] =C2=A0 QuickDate--QuickDate QuickDate 1.3.2 contains a SQL injection vulner= ability that allows remote attackers to manipulate database queries through=
the '_located' parameter in the find_matches endpoint. Attackers can injec=
t UNION-based SQL statements to extract database information including user=
credentials, database name, and system version. 2026-02-06 8.2 CVE-2020-37= 163 [ https://www.cve.org/CVERecord?id=3DCVE-2020-37163 ] ExploitDB-48022 [=
https://www.exploit-db.com/exploits/48022 ]
Archived QuickDate Script Webpage [ https://web.archive.org/web/20200112151= 117/https://quickdatescript.com/ ]
VulnCheck Advisory: QuickDate 1.3.2 - SQL Injection [ https://www.vulncheck= .com/advisories/quickdate-sql-injection ]
=C2=A0 Innomic--VibroLine VLX1 HD 5.0 An unauthenticated remote attacker is=
able to use an existing session id of a logged in user and gain full acces=
s to the device if configuration via ethernet is enabled. 2026-02-02 8.8 CV= E-2022-50975 [ https://www.cve.org/CVERecord?id=3DCVE-2022-50975 ] https://= www.innomic.com/.well-known/csaf/white/2026/ids-2026-0001.html https://www.innomic.com/.well-known/csaf/white/2026/ids-2026-0001.json
=C2=A0 Mitsubishi Electric Corporation--FREQSHIP-mini for Windows Incorrect=
Default Permissions vulnerability in Mitsubishi Electric Corporation FREQS= HIP-mini for Windows versions 8.0.0 to 8.0.2 allows a local attacker to exe= cute arbitrary code with system privileges by replacing service executable = files (EXE) or DLLs in the installation directory with specially crafted fi= les. As a result, the attacker may be able to disclose, tamper with, delete=
, or destroy information stored on the PC where the affected product is ins= talled, or cause a Denial of Service (DoS) condition on the affected system=
. 2026-02-05 8.8 CVE-2025-10314 [ https://www.cve.org/CVERecord?id=3DCVE-20= 25-10314 ] https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-= 019_en.pdf
https://jvn.jp/jp/JVN64883963/ https://www.cisa.gov/news-events/ics-advisories/icsa-26-034-01
=C2=A0 roxnor--Popup builder with Gamification, Multi-Step Popups, Page-Lev=
el Targeting, and WooCommerce Triggers The Popup builder with Gamification,=
Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers plugin f=
or WordPress is vulnerable to generic SQL Injection via the multiple REST A=
PI endpoints in all versions up to, and including, 2.2.0 due to insufficien=
t escaping on the user supplied parameter and lack of sufficient preparatio=
n on the existing SQL query. This makes it possible for unauthenticated att= ackers to append additional SQL queries into already existing queries that = can be used to extract sensitive information from the database. Vulnerabili=
ty was patched in version 2.2.1 for unauthenticated users, and fully patche=
d in version 2.2.3 for Administrator+ level users. 2026-02-04 8.2 CVE-2025-= 13192 [ https://www.cve.org/CVERecord?id=3DCVE-2025-13192 ] https://www.wor= dfence.com/threat-intel/vulnerabilities/id/9db1dfde-0cba-41b2-ab7a-a1640e5f= d96b?source=3Dcve https://plugins.trac.wordpress.org/browser/popup-builder-block/tags/2.1.5/i= ncludes/Routes/Popup.php#L50 https://plugins.trac.wordpress.org/browser/popup-builder-block/tags/2.1.5/i= ncludes/Routes/Popup.php#L133 https://plugins.trac.wordpress.org/browser/popup-builder-block/tags/2.1.5/i= ncludes/Helpers/DataBase.php#L382 https://plugins.trac.wordpress.org/browser/popup-builder-block/tags/2.1.5/i= ncludes/Helpers/DataBase.php#L413 https://plugins.trac.wordpress.org/browser/popup-builder-block/tags/2.1.5/i= ncludes/Routes/Subscribers.php#L99 https://plugins.trac.wordpress.org/browser/popup-builder-block/tags/2.1.5/i= ncludes/Routes/Subscribers.php#L133
=C2=A0 IBM--Aspera Console IBM Aspera Console 3.4.0 through 3.4.8 is vulner= able to SQL injection. A remote attacker could send specially crafted SQL s= tatements, which could allow the attacker to view, add, modify, or delete i= nformation in the back-end database. 2026-02-05 8.6 CVE-2025-13379 [ https:= //www.cve.org/CVERecord?id=3DCVE-2025-13379 ] https://www.ibm.com/support/p= ages/node/7259448
=C2=A0 jayarsiech--JAY Login & Register The JAY Login & Register plugin for=
WordPress is vulnerable to Privilege Escalation in all versions up to, and=
including, 2.6.03. This is due to the plugin allowing a user to update arb= itrary user meta through the 'jay_panel_ajax_update_profile' function. This=
makes it possible for authenticated attackers, with Subscriber-level acces=
s and above, to elevate their privileges to that of an administrator. 2026-= 02-08 8.8 CVE-2025-15100 [ https://www.cve.org/CVERecord?id=3DCVE-2025-1510=
0 ] https://www.wordfence.com/threat-intel/vulnerabilities/id/fb900810-23a2= -4920-a5e8-4388c4474de0?source=3Dcve https://plugins.trac.wordpress.org/browser/jay-login-register/tags/2.6.01/i= ncludes/user-panel/jay-login-register-ajax-handler-user-panel.php#L624
=C2=A0 Tanium--Deploy Tanium addressed an improper input validation vulnera= bility in Deploy. 2026-02-05 8.8 CVE-2025-15330 [ https://www.cve.org/CVERe= cord?id=3DCVE-2025-15330 ] TAN-2025-012 [ https://security.tanium.com/TAN-2= 025-012 ]
=C2=A0 themeboy--SportsPress Sports Club & League Manager The SportsPress p= lugin for WordPress is vulnerable to Local File Inclusion in all versions u=
p to, and including, 2.7.26 via shortcodes 'template_name' attribute. This = makes it possible for authenticated attackers, with contributor-level and a= bove permissions, to include and execute arbitrary files on the server, all= owing the execution of any PHP code in those files. This can be used to byp= ass access controls, obtain sensitive data, or achieve code execution in ca= ses where php file type can be uploaded and included. 2026-02-04 8.8 CVE-20= 25-15368 [ https://www.cve.org/CVERecord?id=3DCVE-2025-15368 ] https://www.= wordfence.com/threat-intel/vulnerabilities/id/27e40af7-5697-4482-a96d-92168= 86c363b?source=3Dcve https://plugins.trac.wordpress.org/browser/sportspress/tags/2.7.26/includes= /class-sp-shortcodes.php#L32 https://plugins.trac.wordpress.org/browser/sportspress/tags/2.7.26/includes= /class-sp-shortcodes.php#L182 https://plugins.trac.wordpress.org/browser/sportspress/tags/2.7.26/includes= /sp-core-functions.php#L68
=C2=A0 Kubernetes--ingress-nginx A security issue was discovered in ingress= -nginx=C2=A0where the `nginx.ingress.kubernetes.io/auth-proxy-set-headers` = Ingress annotation can be used to inject configuration into nginx. This can=
lead to arbitrary code execution in the context of the ingress-nginx contr= oller, and disclosure of Secrets accessible to the controller. (Note that i=
n the default installation, the controller can access all Secrets cluster-w= ide.) 2026-02-06 8.8 CVE-2025-15566 [ https://www.cve.org/CVERecord?id=3DCV= E-2025-15566 ] https://github.com/kubernetes/kubernetes/issues/136789
=C2=A0 Ankara Hosting Website Design--Website Software Improper Neutralizat= ion of Input During Web Page Generation (XSS or 'Cross-site Scripting') vul= nerability in Ankara Hosting Website Design Website Software allows Reflect=
ed XSS. This issue affects Website Software: through 03022026.=C2=A0 NOTE: = The vendor was contacted early about this disclosure but did not respond in=
any way. 2026-02-03 8.6 CVE-2025-6397 [ https://www.cve.org/CVERecord?id= =3DCVE-2025-6397 ] https://www.usom.gov.tr/bildirim/tr-26-0014
=C2=A0 n/a--n/a An arbitrary file upload vulnerability in the AddFont() fun= ction of FPDF v1.86 and earlier allows attackers to execute arbitrary code = via uploading a crafted PHP file. 2026-02-03 8.8 CVE-2025-65875 [ https://w= ww.cve.org/CVERecord?id=3DCVE-2025-65875 ] http://www.fpdf.org https://github.com/Setasign/FPDF https://advisories.gitlab.com/pkg/composer/tecnickcom/tc-lib-pdf-font/CVE-2= 024-56520/
=C2=A0 N/A--Moodle[.]org A flaw was found in Moodle. This authentication by= pass vulnerability allows suspended users to authenticate through the Learn= ing Tools Interoperability (LTI) Provider. The issue arises from the LTI au= thentication handlers failing to enforce the user's suspension status, enab= ling unauthorized access to the system. This can lead to information disclo= sure or other unauthorized actions by users who should be restricted. 2026-= 02-03 8.1 CVE-2025-67848 [ https://www.cve.org/CVERecord?id=3DCVE-2025-6784=
8 ] https://access.redhat.com/security/cve/CVE-2025-67848
RHBZ#2423831 [ https://bugzilla.redhat.com/show_bug.cgi?id=3D2423831 ] https://moodle.org/mod/forum/discuss.php?d=3D471298
=C2=A0 AKCE Software Technology R&D Industry and Trade Inc.--SKSPro Imprope=
r Neutralization of Special Elements used in an SQL Command ('SQL Injection=
') vulnerability in AKCE Software Technology R&D Industry and Trade Inc. SK= SPro allows SQL Injection. This issue affects SKSPro: through 07012026. 202= 6-02-02 8.6 CVE-2025-8587 [ https://www.cve.org/CVERecord?id=3DCVE-2025-858=
7 ] https://www.usom.gov.tr/bildirim/tr-26-0011
=C2=A0 themeum--Tutor LMS eLearning and online course solution The Tutor LM=
S - eLearning and online course solution plugin for WordPress is vulnerable=
to Insecure Direct Object References (IDOR) in all versions up to, and inc= luding, 3.9.5. This is due to missing object-level authorization checks in = the `course_list_bulk_action()`, `bulk_delete_course()`, and `update_course= _status()` functions. This makes it possible for authenticated attackers, w= ith Tutor Instructor-level access and above, to modify or delete arbitrary = courses they do not own by manipulating course IDs in bulk action requests.=
2026-02-03 8.1 CVE-2026-1375 [ https://www.cve.org/CVERecord?id=3DCVE-2026= -1375 ] https://www.wordfence.com/threat-intel/vulnerabilities/id/4e95b32b-= c050-41eb-8fce-461257420eb6?source=3Dcve https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.5/classes/Course_= List.php#L289 https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.5/classes/Course_= List.php#L437 https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.5/classes/Course_= List.php#L463 https://plugins.trac.wordpress.org/changeset/3448615/tutor/trunk/classes/Co= urse_List.php?contextall=3D1&old=3D3339576&old_path=3D%2Ftutor%2Ftrunk%2Fcl= asses%2FCourse_List.php
=C2=A0 Red Hat--Red Hat Satellite 6 A flaw was found in fog-kubevirt. This = vulnerability allows a remote attacker to perform a Man-in-the-Middle (MITM=
) attack due to disabled certificate validation. This enables the attacker =
to intercept and potentially alter sensitive communications between Satelli=
te and OpenShift, resulting in information disclosure and data integrity co= mpromise. 2026-02-02 8.1 CVE-2026-1530 [ https://www.cve.org/CVERecord?id= =3DCVE-2026-1530 ] https://access.redhat.com/security/cve/CVE-2026-1530 RHBZ#2433784 [ https://bugzilla.redhat.com/show_bug.cgi?id=3D2433784 ]
=C2=A0 Red Hat--Red Hat Satellite 6 A flaw was found in foreman_kubevirt. W= hen configuring the connection to OpenShift, the system disables SSL verifi= cation if a Certificate Authority (CA) certificate is not explicitly set. T= his insecure default allows a remote attacker, capable of intercepting netw= ork traffic between Satellite and OpenShift, to perform a Man-in-the-Middle=
(MITM) attack. Such an attack could lead to the disclosure or alteration o=
f sensitive information. 2026-02-02 8.1 CVE-2026-1531 [ https://www.cve.org= /CVERecord?id=3DCVE-2026-1531 ] https://access.redhat.com/security/cve/CVE-= 2026-1531
RHBZ#2433786 [ https://bugzilla.redhat.com/show_bug.cgi?id=3D2433786 ]
=C2=A0 Kubernetes--ingress-nginx A security issue was discovered in ingress= -nginx=C2=A0where the `nginx.ingress.kubernetes.io/auth-method` Ingress ann= otation can be used to inject configuration into nginx. This can lead to ar= bitrary code execution in the context of the ingress-nginx controller, and = disclosure of Secrets accessible to the controller. (Note that in the defau=
lt installation, the controller can access all Secrets cluster-wide.) 2026-= 02-03 8.8 CVE-2026-1580 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1580 =
] https://github.com/kubernetes/kubernetes/issues/136677
=C2=A0 skirridsystems--OS DataHub Maps The OS DataHub Maps plugin for WordP= ress is vulnerable to arbitrary file uploads due to incorrect file type val= idation in the 'OS_DataHub_Maps_Admin::add_file_and_ext' function in all ve= rsions up to, and including, 1.8.3. This makes it possible for authenticate=
d attackers, with Author-level access and above, to upload arbitrary files =
on the affected site's server which may make remote code execution possible=
. 2026-02-03 8.8 CVE-2026-1730 [ https://www.cve.org/CVERecord?id=3DCVE-202= 6-1730 ] https://www.wordfence.com/threat-intel/vulnerabilities/id/c32ba2a0= -a9a7-4f17-8169-912cecc40b7b?source=3Dcve https://plugins.trac.wordpress.org/browser/os-datahub-maps/trunk/include/os= map-admin.php?rev=3D3449192#L67 https://plugins.trac.wordpress.org/browser/os-datahub-maps/trunk/include/os= map-admin.php?rev=3D3449192#L51 https://plugins.trac.wordpress.org/browser/os-datahub-maps/trunk/os-datahub= -maps.php?rev=3D3449192#L87 https://plugins.trac.wordpress.org/changeset/3452323/os-datahub-maps
=C2=A0 seezee--WP FOFT Loader The WP FOFT Loader plugin for WordPress is vu= lnerable to arbitrary file uploads due to incorrect file type validation in=
the 'WP_FOFT_Loader_Mimes::file_and_ext' function in all versions up to, a=
nd including, 2.1.39. This makes it possible for authenticated attackers, w= ith Author-level access and above, to upload arbitrary files on the affecte=
d site's server which may make remote code execution possible. 2026-02-04 8=
.8 CVE-2026-1756 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1756 ] https= ://www.wordfence.com/threat-intel/vulnerabilities/id/cede8ff5-f739-4eb3-967= 2-5adb5d2ae0a9?source=3Dcve https://plugins.trac.wordpress.org/browser/wp-foft-loader/trunk/includes/cl= ass-wp-foft-loader-mimes.php?rev=3D3449144#L45 https://plugins.trac.wordpress.org/browser/wp-foft-loader/trunk/includes/cl= ass-wp-foft-loader-mimes.php?rev=3D3449144#L31 https://plugins.trac.wordpress.org/changeset/3453101/wp-foft-loader/trunk/i= ncludes/class-wp-foft-loader-mimes.php
=C2=A0 Red Hat--Red Hat Enterprise Linux 10 A flaw was found in libsoup. Th=
is stack-based buffer overflow vulnerability occurs during the parsing of m= ultipart HTTP responses due to an incorrect length calculation. A remote at= tacker can exploit this by sending a specially crafted multipart HTTP respo= nse, which can lead to memory corruption. This issue may result in applicat= ion crashes or arbitrary code execution in applications that process untrus= ted server responses, and it does not require authentication or user intera= ction. 2026-02-02 8.6 CVE-2026-1761 [ https://www.cve.org/CVERecord?id=3DCV= E-2026-1761 ] RHSA-2026:1948 [ https://access.redhat.com/errata/RHSA-2026:1= 948 ]
RHSA-2026:2005 [ https://access.redhat.com/errata/RHSA-2026:2005 ] RHSA-2026:2006 [ https://access.redhat.com/errata/RHSA-2026:2006 ] RHSA-2026:2007 [ https://access.redhat.com/errata/RHSA-2026:2007 ] RHSA-2026:2008 [ https://access.redhat.com/errata/RHSA-2026:2008 ] RHSA-2026:2049 [ https://access.redhat.com/errata/RHSA-2026:2049 ] RHSA-2026:2182 [ https://access.redhat.com/errata/RHSA-2026:2182 ] RHSA-2026:2214 [ https://access.redhat.com/errata/RHSA-2026:2214 ] RHSA-2026:2215 [ https://access.redhat.com/errata/RHSA-2026:2215 ] RHSA-2026:2216 [ https://access.redhat.com/errata/RHSA-2026:2216 ] https://access.redhat.com/security/cve/CVE-2026-1761
RHBZ#2435961 [ https://bugzilla.redhat.com/show_bug.cgi?id=3D2435961 ]
=C2=A0 Ziroom--ZHOME A0101 A weakness has been identified in Ziroom ZHOME A= 0101 1.0.1.0. Impacted is an unknown function of the component Dropbear SSH=
Service. This manipulation causes use of default credentials. Remote explo= itation of the attack is possible. The complexity of an attack is rather hi= gh. The exploitability is considered difficult. The exploit has been made a= vailable to the public and could be used for attacks. The vendor was contac= ted early about this disclosure but did not respond in any way. 2026-02-03 = 8.1 CVE-2026-1803 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1803 ] VDB-= 343976 | Ziroom ZHOME A0101 Dropbear SSH Service default credentials [ http= s://vuldb.com/?id.343976 ]
VDB-343976 | CTI Indicators (IOB, IOC) [ https://vuldb.com/?ctiid.343976 ] Submit #745497 | Ziroom Smart Ziroom Smart Gateway (ZH-A0101) ZH-A0101 1.0.= 1.0 Backdoor [ https://vuldb.com/?submit.745497 ]
Submit #745529 | Ziroom Smart Smart Gateway ZH-A0101 ZH-A0101 1.0.1.0 Crede= ntials Management (Duplicate) [ https://vuldb.com/?submit.745529 ] https://github.com/Blackhole23-Lab/-/blob/main/vulns/ssh-backdoor.md https://github.com/Blackhole23-Lab/-/blob/main/vulns/ssh-backdoor.md#proof-= of-concept
=C2=A0 Karel Electronics Industry and Trade Inc.--ViPort Improper Neutraliz= ation of Input During Web Page Generation (XSS or 'Cross-site Scripting') v= ulnerability in Karel Electronics Industry and Trade Inc. ViPort allows Sto= red XSS. This issue affects ViPort: through 23012026. 2026-02-04 8.8 CVE-20= 26-1819 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1819 ] https://www.us= om.gov.tr/bildirim/tr-26-0017
=C2=A0 Cisco--Cisco Meeting Management A vulnerability in the Certificate M= anagement feature of Cisco Meeting Management could allow an authenticated,=
remote attacker to upload arbitrary files, execute arbitrary commands, and=
elevate privileges to root on an affected system. This vulnerability is du=
e to improper input validation in certain sections of the web-based managem= ent interface. An attacker could exploit this vulnerability by sending=
a crafted HTTP request to an affected system. A successful exploit could a= llow the attacker to upload arbitrary files to the affected system. The mal= icious files could overwrite system files that are processed by the ro=
ot system account and allow arbitrary command execution with root priv= ileges. To exploit this vulnerability, the attacker must have valid credent= ials for a user account with at least the role of video operator. 2026-02-0=
4 8.8 CVE-2026-20098 [ https://www.cve.org/CVERecord?id=3DCVE-2026-20098 ] = cisco-sa-cmm-file-up-kY47n8kK [ https://sec.cloudapps.cisco.com/security/ce= nter/content/CiscoSecurityAdvisory/cisco-sa-cmm-file-up-kY47n8kK ]
=C2=A0 UTT-- 520W A weakness has been identified in UTT =E8=BF=9B=E5=8F=96 = 520W 1.7.7-180627. This affects the function strcpy of the file /goform/for= mIpGroupConfig. Executing a manipulation of the argument groupName can lead=
to buffer overflow. The attack can be launched remotely. The exploit has b= een made available to the public and could be used for attacks. The vendor = was contacted early about this disclosure but did not respond in any way. 2= 026-02-06 8.8 CVE-2026-2066 [ https://www.cve.org/CVERecord?id=3DCVE-2026-2= 066 ] VDB-344633 | UTT =E8=BF=9B=E5=8F=96 520W formIpGroupConfig strcpy buf= fer overflow [ https://vuldb.com/?id.344633 ]
VDB-344633 | CTI Indicators (IOB, IOC, IOA) [ https://vuldb.com/?ctiid.3446=
33 ]
Submit #745260 | UTT =E8=BF=9B=E5=8F=96 520W v3v1.7.7-180627 Buffer Overflo=
w [ https://vuldb.com/?submit.745260 ] https://github.com/cymiao1978/cve/blob/main/new/36.md https://github.com/cymiao1978/cve/blob/main/new/36.md#poc
=C2=A0 UTT-- 520W A security vulnerability has been detected in UTT =E8=BF= =9B=E5=8F=96 520W 1.7.7-180627. This vulnerability affects the function str= cpy of the file /goform/formTimeGroupConfig. The manipulation of the argume=
nt year1 leads to buffer overflow. The attack may be initiated remotely. Th=
e exploit has been disclosed publicly and may be used. The vendor was conta= cted early about this disclosure but did not respond in any way. 2026-02-06=
8.8 CVE-2026-2067 [ https://www.cve.org/CVERecord?id=3DCVE-2026-2067 ] VDB= -344634 | UTT =E8=BF=9B=E5=8F=96 520W formTimeGroupConfig strcpy buffer ove= rflow [ https://vuldb.com/?id.344634 ]
VDB-344634 | CTI Indicators (IOB, IOC, IOA) [ https://vuldb.com/?ctiid.3446=
34 ]
Submit #745261 | UTT =E8=BF=9B=E5=8F=96 520W v3v1.7.7-180627 Buffer Overflo=
w [ https://vuldb.com/?submit.745261 ] https://github.com/cymiao1978/cve/blob/main/new/37.md https://github.com/cymiao1978/cve/blob/main/new/37.md#poc
=C2=A0 UTT-- 520W A vulnerability was detected in UTT =E8=BF=9B=E5=8F=96 52=
0W 1.7.7-180627. This issue affects the function strcpy of the file /goform= /formSyslogConf. The manipulation of the argument ServerIp results in buffe=
r overflow. The attack may be launched remotely. The exploit is now public = and may be used. The vendor was contacted early about this disclosure but d=
id not respond in any way. 2026-02-06 8.8 CVE-2026-2068 [ https://www.cve.o= rg/CVERecord?id=3DCVE-2026-2068 ] VDB-344635 | UTT =E8=BF=9B=E5=8F=96 520W = formSyslogConf strcpy buffer overflow [ https://vuldb.com/?id.344635 ] VDB-344635 | CTI Indicators (IOB, IOC, IOA) [ https://vuldb.com/?ctiid.3446=
35 ]
Submit #745262 | UTT =E8=BF=9B=E5=8F=96 520W v3v1.7.7-180627 Buffer Overflo=
w [ https://vuldb.com/?submit.745262 ] https://github.com/cymiao1978/cve/blob/main/new/38.md https://github.com/cymiao1978/cve/blob/main/new/38.md#poc
=C2=A0 UTT-- 520W A vulnerability has been found in UTT =E8=BF=9B=E5=8F=96 = 520W 1.7.7-180627. The affected element is the function strcpy of the file = /goform/formPolicyRouteConf. Such manipulation of the argument GroupName le= ads to buffer overflow. The attack can be executed remotely. The exploit ha=
s been disclosed to the public and may be used. The vendor was contacted ea= rly about this disclosure but did not respond in any way. 2026-02-06 8.8 CV= E-2026-2070 [ https://www.cve.org/CVERecord?id=3DCVE-2026-2070 ] VDB-344637=
| UTT =E8=BF=9B=E5=8F=96 520W formPolicyRouteConf strcpy buffer overflow [=
https://vuldb.com/?id.344637 ]
VDB-344637 | CTI Indicators (IOB, IOC, IOA) [ https://vuldb.com/?ctiid.3446=
37 ]
Submit #745264 | UTT =E8=BF=9B=E5=8F=96 520W v3v1.7.7-180627 Buffer Overflo=
w [ https://vuldb.com/?submit.745264 ] https://github.com/cymiao1978/cve/blob/main/new/39.md
=C2=A0 UTT-- 520W A vulnerability was found in UTT =E8=BF=9B=E5=8F=96 520W = 1.7.7-180627. The impacted element is the function strcpy of the file /gofo= rm/formP2PLimitConfig. Performing a manipulation of the argument except res= ults in buffer overflow. The attack is possible to be carried out remotely.=
The exploit has been made public and could be used. The vendor was contact=
ed early about this disclosure but did not respond in any way. 2026-02-07 8=
.8 CVE-2026-2071 [ https://www.cve.org/CVERecord?id=3DCVE-2026-2071 ] VDB-3= 44638 | UTT =E8=BF=9B=E5=8F=96 520W formP2PLimitConfig strcpy buffer overfl=
ow [ https://vuldb.com/?id.344638 ]
VDB-344638 | CTI Indicators (IOB, IOC, IOA) [ https://vuldb.com/?ctiid.3446=
38 ]
Submit #745265 | UTT =E8=BF=9B=E5=8F=96 520W v3v1.7.7-180627 Buffer Overflo=
w [ https://vuldb.com/?submit.745265 ] https://github.com/cymiao1978/cve/blob/main/new/40.md
=C2=A0 UTT--HiPER 810G A vulnerability was detected in UTT HiPER 810G up to=
1.7.7-171114. Affected by this vulnerability is the function strcpy of the=
file /goform/formFireWall of the component Management Interface. The manip= ulation of the argument GroupName results in buffer overflow. The attack ca=
n be launched remotely. The exploit is now public and may be used. The vend=
or was contacted early about this disclosure but did not respond in any way=
. 2026-02-07 8.8 CVE-2026-2086 [ https://www.cve.org/CVERecord?id=3DCVE-202= 6-2086 ] VDB-344653 | UTT HiPER 810G Management formFireWall strcpy buffer = overflow [ https://vuldb.com/?id.344653 ]
VDB-344653 | CTI Indicators (IOB, IOC, IOA) [ https://vuldb.com/?ctiid.3446=
53 ]
Submit #746502 | UTT (AiTai) HiPER 810G <=3D v3v1.7.7-171114 Buffer Overflo=
w [ https://vuldb.com/?submit.746502 ] https://github.com/alc9700jmo/CVE/issues/22 https://github.com/alc9700jmo/CVE/issues/22#issue-3851242657
=C2=A0 Tenda--TX3 A vulnerability has been found in Tenda TX3 up to 16.03.1= 3.11_multi. This impacts an unknown function of the file /goform/SetIpMacBi= nd. The manipulation of the argument list leads to buffer overflow. The att= ack can be initiated remotely. The exploit has been disclosed to the public=
and may be used. 2026-02-08 8.8 CVE-2026-2137 [ https://www.cve.org/CVERec= ord?id=3DCVE-2026-2137 ] VDB-344772 | Tenda TX3 SetIpMacBind buffer overflo=
w [ https://vuldb.com/?id.344772 ]
VDB-344772 | CTI Indicators (IOB, IOC, IOA) [ https://vuldb.com/?ctiid.3447=
72 ]
Submit #747239 | Tenda TX3 V16.03.13.11_multi Buffer Overflow [ https://vul= db.com/?submit.747239 ] https://github.com/MRAdera/IoT-Vuls/blob/main/tenda/tx3/fromSetIpMacBind.md https://github.com/MRAdera/IoT-Vuls/blob/main/tenda/tx3/fromSetIpMacBind.md= #poc
https://www.tenda.com.cn/
=C2=A0 Tenda--TX9 A vulnerability was found in Tenda TX9 up to 22.03.02.10_= multi. Affected is the function sub_42D03C of the file /goform/SetStaticRou= teCfg. The manipulation of the argument list results in buffer overflow. Th=
e attack can be launched remotely. The exploit has been made public and cou=
ld be used. 2026-02-08 8.8 CVE-2026-2138 [ https://www.cve.org/CVERecord?id= =3DCVE-2026-2138 ] VDB-344773 | Tenda TX9 SetStaticRouteCfg sub_42D03C buff=
er overflow [ https://vuldb.com/?id.344773 ]
VDB-344773 | CTI Indicators (IOB, IOC, IOA) [ https://vuldb.com/?ctiid.3447=
73 ]
Submit #747249 | Tenda TX9 V22.03.02.10_multi Buffer Overflow [ https://vul= db.com/?submit.747249 ] https://github.com/MRAdera/IoT-Vuls/blob/main/tenda/tx9%20pro/SetStaticRout= eCfg.md https://github.com/MRAdera/IoT-Vuls/blob/main/tenda/tx9%20pro/SetStaticRout= eCfg.md#poc
https://www.tenda.com.cn/
=C2=A0 Tenda--TX9 A vulnerability was determined in Tenda TX9 up to 22.03.0= 2.10_multi. Affected by this vulnerability is the function sub_432580 of th=
e file /goform/fast_setting_wifi_set. This manipulation of the argument ssi=
d causes buffer overflow. The attack may be initiated remotely. The exploit=
has been publicly disclosed and may be utilized. 2026-02-08 8.8 CVE-2026-2= 139 [ https://www.cve.org/CVERecord?id=3DCVE-2026-2139 ] VDB-344774 | Tenda=
TX9 fast_setting_wifi_set sub_432580 buffer overflow [ https://vuldb.com/?= id.344774 ]
VDB-344774 | CTI Indicators (IOB, IOC, IOA) [ https://vuldb.com/?ctiid.3447=
74 ]
Submit #747250 | Tenda TX9 V22.03.02.10_multi Buffer Overflow [ https://vul= db.com/?submit.747250 ] https://github.com/MRAdera/IoT-Vuls/blob/main/tenda/tx9%20pro/fast_setting_= wifi_set.md https://github.com/MRAdera/IoT-Vuls/blob/main/tenda/tx9%20pro/fast_setting_= wifi_set.md#poc
https://www.tenda.com.cn/
=C2=A0 Tenda--TX9 A vulnerability was identified in Tenda TX9 up to 22.03.0= 2.10_multi. Affected by this issue is the function sub_4223E0 of the file /= goform/setMacFilterCfg. Such manipulation of the argument deviceList leads =
to buffer overflow. The attack may be launched remotely. The exploit is pub= licly available and might be used. 2026-02-08 8.8 CVE-2026-2140 [ https://w= ww.cve.org/CVERecord?id=3DCVE-2026-2140 ] VDB-344775 | Tenda TX9 setMacFilt= erCfg sub_4223E0 buffer overflow [ https://vuldb.com/?id.344775 ]
VDB-344775 | CTI Indicators (IOB, IOC, IOA) [ https://vuldb.com/?ctiid.3447=
75 ]
Submit #747251 | Tenda TX9 V22.03.02.10_multi Buffer Overflow [ https://vul= db.com/?submit.747251 ]
Submit #749747 | Tenda TX9 V22.03.02.18 Stack-based Buffer Overflow (Duplic= ate) [ https://vuldb.com/?submit.749747 ] https://github.com/MRAdera/IoT-Vuls/blob/main/tenda/tx9%20pro/setMacFilterC= fg.md https://github.com/MRAdera/IoT-Vuls/blob/main/tenda/tx9%20pro/setMacFilterC= fg.md#poc
https://www.tenda.com.cn/
=C2=A0 Microsoft--Azure Functions Azure Function Information Disclosure Vul= nerability 2026-02-05 8.2 CVE-2026-21532 [ https://www.cve.org/CVERecord?id= =3DCVE-2026-21532 ] Azure Function Information Disclosure Vulnerability [ h= ttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21532 ]
=C2=A0 Tenda--RX3 A vulnerability was identified in Tenda RX3 16.03.13.11. = Affected is an unknown function of the file /goform/fast_setting_wifi_set. = Such manipulation of the argument ssid_5g leads to stack-based buffer overf= low. The attack can be launched remotely. The exploit is publicly available=
and might be used. 2026-02-08 8.8 CVE-2026-2180 [ https://www.cve.org/CVER= ecord?id=3DCVE-2026-2180 ] VDB-344883 | Tenda RX3 fast_setting_wifi_set sta= ck-based overflow [ https://vuldb.com/?id.344883 ]
VDB-344883 | CTI Indicators (IOB, IOC, IOA) [ https://vuldb.com/?ctiid.3448=
83 ]
Submit #749703 | Tenda RX3 V16.03.13.11 Stack-based Buffer Overflow [ https= ://vuldb.com/?submit.749703 ]
https://github.com/LX-66-LX/cve-new/issues/4
https://www.tenda.com.cn/
=C2=A0 Tenda--RX3 A security flaw has been discovered in Tenda RX3 16.03.13= .11. Affected by this vulnerability is an unknown functionality of the file=
/goform/openSchedWifi. Performing a manipulation of the argument schedStar= tTime/schedEndTime results in stack-based buffer overflow. The attack may b=
e initiated remotely. The exploit has been released to the public and may b=
e used for attacks. 2026-02-08 8.8 CVE-2026-2181 [ https://www.cve.org/CVER= ecord?id=3DCVE-2026-2181 ] VDB-344884 | Tenda RX3 openSchedWifi stack-based=
overflow [ https://vuldb.com/?id.344884 ]
VDB-344884 | CTI Indicators (IOB, IOC, IOA) [ https://vuldb.com/?ctiid.3448=
84 ]
Submit #749710 | Tenda RX3 V16.03.13.11 Stack-based Buffer Overflow [ https= ://vuldb.com/?submit.749710 ]
https://github.com/LX-66-LX/cve-new/issues/5
https://www.tenda.com.cn/
=C2=A0 Tenda--RX3 A flaw has been found in Tenda RX3 16.03.13.11. This issu=
e affects the function set_device_name of the file /goform/setBlackRule of = the component MAC Filtering Configuration Endpoint. This manipulation of th=
e argument devName/mac causes stack-based buffer overflow. The attack is po= ssible to be carried out remotely. The exploit has been published and may b=
e used. 2026-02-08 8.8 CVE-2026-2185 [ https://www.cve.org/CVERecord?id=3DC= VE-2026-2185 ] VDB-344888 | Tenda RX3 MAC Filtering Configuration Endpoint = setBlackRule set_device_name stack-based overflow [ https://vuldb.com/?id.3= 44888 ]
VDB-344888 | CTI Indicators (IOB, IOC, IOA) [ https://vuldb.com/?ctiid.3448=
88 ]
Submit #749715 | Tenda RX3 V16.03.13.11 Stack-based Buffer Overflow [ https= ://vuldb.com/?submit.749715 ]
https://github.com/LX-66-LX/cve-new/issues/6
https://www.tenda.com.cn/
=C2=A0 Tenda--RX3 A vulnerability has been found in Tenda RX3 16.03.13.11. = Impacted is the function fromSetIpMacBind of the file /goform/SetIpMacBind.=
Such manipulation of the argument list leads to stack-based buffer overflo=
w. The attack may be performed from remote. The exploit has been disclosed =
to the public and may be used. 2026-02-08 8.8 CVE-2026-2186 [ https://www.c= ve.org/CVERecord?id=3DCVE-2026-2186 ] VDB-344889 | Tenda RX3 SetIpMacBind f= romSetIpMacBind stack-based overflow [ https://vuldb.com/?id.344889 ] VDB-344889 | CTI Indicators (IOB, IOC, IOA) [ https://vuldb.com/?ctiid.3448=
89 ]
Submit #749718 | Tenda RX3 V16.03.13.11 Stack-based Buffer Overflow [ https= ://vuldb.com/?submit.749718 ]
https://github.com/LX-66-LX/cve-new/issues/7
https://www.tenda.com.cn/
=C2=A0 Tenda--RX3 A vulnerability was found in Tenda RX3 16.03.13.11. The a= ffected element is the function set_qosMib_list of the file /goform/formSet= QosBand. Performing a manipulation of the argument list results in stack-ba= sed buffer overflow. It is possible to initiate the attack remotely. The ex= ploit has been made public and could be used. 2026-02-08 8.8 CVE-2026-2187 =
[ https://www.cve.org/CVERecord?id=3DCVE-2026-2187 ] VDB-344890 | Tenda RX3=
formSetQosBand set_qosMib_list stack-based overflow [ https://vuldb.com/?i= d.344890 ]
VDB-344890 | CTI Indicators (IOB, IOC, IOA) [ https://vuldb.com/?ctiid.3448=
90 ]
Submit #749721 | Tenda RX3 V16.03.13.11 Stack-based Buffer Overflow [ https= ://vuldb.com/?submit.749721 ]
https://github.com/LX-66-LX/cve-new/issues/8
https://www.tenda.com.cn/
=C2=A0 Significant-Gravitas--AutoGPT AutoGPT is a platform that allows user=
s to create, deploy, and manage continuous artificial intelligence agents t= hat automate complex workflows. Prior to autogpt-platform-beta-v0.6.46, the=
AutoGPT platform's Stagehand integration blocks log API keys and authentic= ation secrets in plaintext using logger.info() statements. This occurs in t= hree separate block implementations (StagehandObserveBlock, StagehandActBlo= ck, and StagehandExtractBlock) where the code explicitly calls api_key.get_= secret_value() and logs the result. This issue has been patched in autogpt-= platform-beta-v0.6.46. 2026-02-04 8.1 CVE-2026-22038 [ https://www.cve.org/= CVERecord?id=3DCVE-2026-22038 ] https://github.com/Significant-Gravitas/Aut= oGPT/security/advisories/GHSA-rc89-6g7g-v5v7 https://github.com/Significant-Gravitas/AutoGPT/commit/1eabc604842fa876c09d= 69af43d2d1e8fb9b8eb9
=C2=A0 opencloud-eu--reva REVA is an interoperability platform. Prior to 2.= 42.3 and 2.40.3, a bug in the GRPC authorization middleware of the "Reva" c= omponent of OpenCloud allows a malicious user to bypass the scope verificat= ion of a public link. By exploiting this via the the "archiver" service thi=
s can be leveraged to create an archive (zip or tar-file) containing all re= sources that this creator of the public link has access to. This vulnerabil= ity is fixed in 2.42.3 and 2.40.3. 2026-02-06 8.2 CVE-2026-23989 [ https://= www.cve.org/CVERecord?id=3DCVE-2026-23989 ] https://github.com/opencloud-eu= /reva/security/advisories/GHSA-9j2f-3rj3-wgpg https://github.com/opencloud-eu/reva/commit/95aa2bc5d980eaf6cc134d75782b4f5= ac7b36ae1
=C2=A0 NeoRazorX--facturascripts FacturaScripts is open-source enterprise r= esource planning and accounting software. In 2025.71 and earlier, a Stored = Cross-Site Scripting (XSS) vulnerability was discovered in the Observations=
field. The flaw occurs in the History view, where historical data is rende= red without proper HTML entity encoding. This allows an attacker to execute=
arbitrary JavaScript in the browser of viewing the history by administrato= rs. 2026-02-02 8 CVE-2026-23997 [ https://www.cve.org/CVERecord?id=3DCVE-20= 26-23997 ] https://github.com/NeoRazorX/facturascripts/security/advisories/= GHSA-4v7v-7v7r-3r5h
=C2=A0 Microsoft--Azure ARC Azure Arc Elevation of Privilege Vulnerability = 2026-02-05 8.6 CVE-2026-24302 [ https://www.cve.org/CVERecord?id=3DCVE-2026= -24302 ] Azure Arc Elevation of Privilege Vulnerability [ https://msrc.micr= osoft.com/update-guide/vulnerability/CVE-2026-24302 ]
=C2=A0 Kubernetes--ingress-nginx A security issue was discovered in ingress= -nginx cthe `rules.http.paths.path` Ingress field can be used to inject con= figuration into nginx. This can lead to arbitrary code execution in the con= text of the ingress-nginx controller, and disclosure of Secrets accessible =
to the controller. (Note that in the default installation, the controller c=
an access all Secrets cluster-wide.) 2026-02-03 8.8 CVE-2026-24512 [ https:= //www.cve.org/CVERecord?id=3DCVE-2026-24512 ] https://github.com/kubernetes= /kubernetes/issues/136678
=C2=A0 gunet--openeclass The Open eClass platform (formerly known as GUnet = eClass) is a complete course management system. Prior to version 4.2, a sto= red Cross-Site Scripting (XSS) vulnerability allows authenticated students =
to inject malicious JavaScript into uploaded assignment files, which is exe= cuted when instructors view the submission. This issue has been patched in = version 4.2. 2026-02-03 8.7 CVE-2026-24665 [ https://www.cve.org/CVERecord?= id=3DCVE-2026-24665 ] https://github.com/gunet/openeclass/security/advisori= es/GHSA-2qgm-m7fm-m888
=C2=A0 parallax--jsPDF jsPDF is a library to generate PDFs in JavaScript. P= rior to 4.1.0, user control of properties and methods of the Acroform modul=
e allows users to inject arbitrary PDF objects, such as JavaScript actions.=
If given the possibility to pass unsanitized input to one of the following=
methods or properties, a user can inject arbitrary PDF objects, such as Ja= vaScript actions, which are executed when the victim opens the document. Th=
e vulnerable API members are AcroformChoiceField.addOption, AcroformChoiceF= ield.setOptions, AcroFormCheckBox.appearanceState, and AcroFormRadioButton.= appearanceState. The vulnerability has been fixed in jsPDF@4.1.0. 2026-02-0=
2 8.1 CVE-2026-24737 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24737 ] = https://github.com/parallax/jsPDF/security/advisories/GHSA-pqxr-3g65-p328 https://github.com/parallax/jsPDF/commit/da291a5f01b96282545c9391996702cdb8= 879f79
https://github.com/parallax/jsPDF/releases/tag/v4.1.0
=C2=A0 clawdbot--clawdbot OpenClaw (formerly Clawdbot) is a personal AI ass= istant you run on your own devices. Prior to 2026.1.29, a command injection=
vulnerability existed in OpenClaw's Docker sandbox execution mechanism due=
to unsafe handling of the PATH environment variable when constructing shel=
l commands. An authenticated user able to control environment variables cou=
ld influence command execution within the container context. This vulnerabi= lity is fixed in 2026.1.29. 2026-02-02 8.8 CVE-2026-24763 [ https://www.cve= .org/CVERecord?id=3DCVE-2026-24763 ] https://github.com/openclaw/openclaw/s= ecurity/advisories/GHSA-mc68-q9jw-2h3v https://github.com/openclaw/openclaw/commit/771f23d36b95ec2204cc9a0054045f5= d8439ea75
https://github.com/openclaw/openclaw/releases/tag/v2026.1.29
=C2=A0 chainguard-dev--melange melange allows users to build apk packages u= sing declarative pipelines. In version 0.11.3 to before 0.40.3, an attacker=
who can influence the tar stream from a QEMU guest VM could write files ou= tside the intended workspace directory on the host. The retrieveWorkspace f= unction extracts tar entries without validating that paths stay within the = workspace, allowing path traversal via ../ sequences. This issue has been p= atched in version 0.40.3. 2026-02-04 8.2 CVE-2026-24843 [ https://www.cve.o= rg/CVERecord?id=3DCVE-2026-24843 ] https://github.com/chainguard-dev/melang= e/security/advisories/GHSA-qxx2-7h4c-83f4 https://github.com/chainguard-dev/melange/commit/6e243d0d46699f837d7c392397= a694d2bcc7612b
=C2=A0 node-modules--compressing Compressing is a compressing and uncompres= sing lib for node. In version 2.0.0 and 1.10.3 and prior, Compressing extra= cts TAR archives while restoring symbolic links without validating their ta= rgets. By embedding symlinks that resolve outside the intended extraction d= irectory, an attacker can cause subsequent file entries to be written to ar= bitrary locations on the host file system. Depending on the extractor's han= dling of existing files, this behavior may allow overwriting sensitive file=
s or creating new files in security-critical locations. This issue has been=
patched in versions 1.10.4 and 2.0.1. 2026-02-04 8.4 CVE-2026-24884 [ http= s://www.cve.org/CVERecord?id=3DCVE-2026-24884 ] https://github.com/node-mod= ules/compressing/security/advisories/GHSA-cc8f-xg8v-72m3 https://github.com/node-modules/compressing/commit/8d16c196c7f1888fc1af957d= 9ff36117247cea6c https://github.com/node-modules/compressing/commit/ce1c0131c401c071c77d5a14= 25bf8c88cfc16361
=C2=A0 Huawei--HarmonyOS Out-of-bounds write vulnerability in the camera mo= dule. Impact: Successful exploitation of this vulnerability may affect avai= lability. 2026-02-06 8.4 CVE-2026-24926 [ https://www.cve.org/CVERecord?id= =3DCVE-2026-24926 ] https://consumer.huawei.com/en/support/bulletin/2026/2/ https://consumer.huawei.com/en/support/bulletinlaptops/2026/2/
=C2=A0 Huawei--HarmonyOS UAF concurrency vulnerability in the graphics modu= le. Impact: Successful exploitation of this vulnerability may affect availa= bility. 2026-02-06 8.4 CVE-2026-24930 [ https://www.cve.org/CVERecord?id=3D= CVE-2026-24930 ] https://consumer.huawei.com/en/support/bulletin/2026/2/ https://consumer.huawei.com/en/support/bulletinlaptops/2026/2/
=C2=A0 OpenListTeam--OpenList OpenList Frontend is a UI component for OpenL= ist. Prior to 4.1.10, the application contains path traversal vulnerability=
in multiple file operation handlers in server/handles/fsmanage.go. Filenam=
e components in req.Names are directly concatenated with validated director= ies using stdpath.Join. This allows ".." sequences to bypass path restricti= ons, enabling users to access other users' files within the same storage mo= unt and perform unauthorized actions such as deletion, renaming, or copying=
of files. An authenticated attacker can bypass directory-level authorisati=
on by injecting traversal sequences into filename components, enabling unau= thorised file removal and copying across user boundaries within the same st= orage mount. This vulnerability is fixed in 4.1.10. 2026-02-02 8.8 CVE-2026= -25059 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25059 ] https://github= .com/OpenListTeam/OpenList/security/advisories/GHSA-qmj2-8r24-xxcq https://github.com/OpenListTeam/OpenList/commit/7b78fed106382430c69ef351d43= f5d09928fff14
https://github.com/OpenListTeam/OpenList/releases/tag/v4.1.10
=C2=A0 OpenListTeam--OpenList OpenList Frontend is a UI component for OpenL= ist. Prior to 4.1.10, certificate verification is disabled by default for a=
ll storage driver communications. The TlsInsecureSkipVerify setting is defa= ult to true in the DefaultConfig() function in internal/conf/config.go. Thi=
s vulnerability enables Man-in-the-Middle (MitM) attacks by disabling TLS c= ertificate verification, allowing attackers to intercept and manipulate all=
storage communications. Attackers can exploit this through network-level a= ttacks like ARP spoofing, rogue Wi-Fi access points, or compromised interna=
l network equipment to redirect traffic to malicious endpoints. Since certi= ficate validation is skipped, the system will unknowingly establish encrypt=
ed connections with attacker-controlled servers, enabling full decryption, = data theft, and manipulation of all storage operations without triggering a=
ny security warnings. This vulnerability is fixed in 4.1.10. 2026-02-02 8.1=
CVE-2026-25060 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25060 ] https= ://github.com/OpenListTeam/OpenList/security/advisories/GHSA-wf93-3ghh-h389 https://github.com/OpenListTeam/OpenList/commit/e3c664f81d0584fbbdb86ffe664= 4be16259371c1
https://github.com/OpenListTeam/OpenList/releases/tag/v4.1.10
=C2=A0 AlistGo--alist Alist is a file list program that supports multiple s= torages, powered by Gin and Solidjs. Prior to version 3.57.0, the applicati=
on contains path traversal vulnerability in multiple file operation handler=
s. An authenticated attacker can bypass directory-level authorisation by in= jecting traversal sequences into filename components, enabling unauthorised=
file removal, movement and copying across user boundaries within the same = storage mount. This issue has been patched in version 3.57.0. 2026-02-04 8.=
8 CVE-2026-25161 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25161 ] http= s://github.com/AlistGo/alist/security/advisories/GHSA-x4q4-7phh-42j9 https://github.com/AlistGo/alist/commit/b188288525b9a35c76535139311e7c036da= b057e
=C2=A0 Samsung Electronics--MagicINFO 9 Server An unauthenticated user can = upload arbitrary files to execute remote code, leading to privilege escalat= ion in MagicInfo9 Server. This issue affects MagicINFO 9 Server: less than = 21.1090.1. 2026-02-02 8.8 CVE-2026-25201 [ https://www.cve.org/CVERecord?id= =3DCVE-2026-25201 ] https://security.samsungtv.com/securityUpdates
=C2=A0 OpenSlides--OpenSlides OpenSlides is a free, web based presentation = and assembly system for managing and projecting agenda, motions and electio=
ns of an assembly. Prior to version 4.2.29, OpenSlides supports local login=
s with username and password or an optionally configurable single sign on w= ith SAML via an external IDP. For users synced to OpenSlides via an externa=
l IDP, there is an incorrect access control regarding the local login of th= ese users. Users can successfully login using the local login form and the = OpenSlides username of a SAML user and a trivial password. This password is=
valid for all SAML users. This issue has been patched in version 4.2.29. 2= 026-02-04 8.1 CVE-2026-25519 [ https://www.cve.org/CVERecord?id=3DCVE-2026-= 25519 ] https://github.com/OpenSlides/OpenSlides/security/advisories/GHSA-v= v4h-8wfc-pf8c
https://github.com/OpenSlides/openslides-auth-service/pull/889 https://github.com/OpenSlides/openslides-auth-service/commit/70c1aa9f5e1db5= 9ec120ecce98d1c1169350a4ee https://github.com/OpenSlides/OpenSlides/releases/tag/4.2.29
=C2=A0 pydantic--pydantic-ai Pydantic AI is a Python agent framework for bu= ilding applications and workflows with Generative AI. From 0.0.26 to before=
1.56.0, aServer-Side Request Forgery (SSRF) vulnerability exists in Pydant=
ic AI's URL download functionality. When applications accept message histor=
y from untrusted sources, attackers can include malicious URLs that cause t=
he server to make HTTP requests to internal network resources, potentially = accessing internal services or cloud credentials. This vulnerability only a= ffects applications that accept message history from external users. This v= ulnerability is fixed in 1.56.0. 2026-02-06 8.6 CVE-2026-25580 [ https://ww= w.cve.org/CVERecord?id=3DCVE-2026-25580 ] https://github.com/pydantic/pydan= tic-ai/security/advisories/GHSA-2jrp-274c-jhv3 https://github.com/pydantic/pydantic-ai/commit/d398bc9d39aecca6530fa7486a41= 0d5cce936301
=C2=A0 openclaw--openclaw OpenClaw is a personal AI assistant. Prior to 202= 6.1.20, an unauthenticated local client could use the Gateway WebSocket API=
to write config via config.apply and set unsafe cliPath values that were l= ater used for command discovery, enabling command injection as the gateway = user. This vulnerability is fixed in 2026.1.20. 2026-02-06 8.4 CVE-2026-255=
93 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25593 ] https://github.com= /openclaw/openclaw/security/advisories/GHSA-g55j-c2v4-pjcg
=C2=A0 qdrant--qdrant Qdrant is a vector similarity search engine and vecto=
r database. From 1.9.3 to before 1.16.0, it is possible to append to arbitr= ary files via /logger endpoint using an attacker-controlled on_disk.log_fil=
e path. Minimal privileges are required (read-only access). This vulnerabil= ity is fixed in 1.16.0. 2026-02-06 8.6 CVE-2026-25628 [ https://www.cve.org= /CVERecord?id=3DCVE-2026-25628 ] https://github.com/qdrant/qdrant/security/= advisories/GHSA-f632-vm87-2m2f https://github.com/qdrant/qdrant/commit/32b7fdfb7f542624ecd1f7c8d3e2b13c4e3= 6a2c1 https://github.com/qdrant/qdrant/blob/48203e414e4e7f639a6d394fb6e4df695f808= e51/src/actix/api/service_api.rs#L195
=C2=A0 kovidgoyal--calibre calibre is an e-book manager. Prior to 9.2.0, Ca= libre's CHM reader contains a path traversal vulnerability that allows arbi= trary file writes anywhere the user has write permissions. On Windows (have= n't tested on other OS's), this can lead to Remote Code Execution by writin=
g a payload to the Startup folder, which executes on next login. This vulne= rability is fixed in 9.2.0. 2026-02-06 8.6 CVE-2026-25635 [ https://www.cve= .org/CVERecord?id=3DCVE-2026-25635 ] https://github.com/kovidgoyal/calibre/= security/advisories/GHSA-32vh-whvh-9fxr https://github.com/kovidgoyal/calibre/commit/9739232fcb029ac15dfe52ccd4fdb4= a07ebb6ce9
=C2=A0 kovidgoyal--calibre calibre is an e-book manager. In 9.1.0 and earli= er, a path traversal vulnerability in Calibre's EPUB conversion allows a ma= licious EPUB file to corrupt arbitrary existing files writable by the Calib=
re process. During conversion, Calibre resolves CipherReference URI from ME= TA-INF/encryption.xml to an absolute filesystem path and opens it in read-w= rite mode, even when it points outside the conversion extraction directory.=
This vulnerability is fixed in 9.2.0. 2026-02-06 8.2 CVE-2026-25636 [ http= s://www.cve.org/CVERecord?id=3DCVE-2026-25636 ] https://github.com/kovidgoy= al/calibre/security/advisories/GHSA-8r26-m7j5-hm29 https://github.com/kovidgoyal/calibre/commit/9484ea82c6ab226c18e6ca5aa000fa= 16de598726
=C2=A0 Anydesk--AnyDesk AnyDesk 5.4.0 contains an unquoted service path vul= nerability in its Windows service configuration that allows local attackers=
to potentially inject malicious executables. Attackers can exploit the unq= uoted binary path to place malicious files in service executable locations,=
potentially gaining elevated system privileges. 2026-02-03 7.8 CVE-2019-25= 261 [ https://www.cve.org/CVERecord?id=3DCVE-2019-25261 ] ExploitDB-47883 [=
https://www.exploit-db.com/exploits/47883 ]
Official Vendor Homepage [ http://anydesk.com ]
VulnCheck Advisory: AnyDesk 5.4.0 - Unquoted Service Path [ https://www.vul= ncheck.com/advisories/anydesk-unquoted-service-path ]
=C2=A0 Wondershare--Wondershare Application Framework Service Wondershare A= pplication Framework Service 2.4.3.231 contains an unquoted service path vu= lnerability that allows local attackers to potentially execute arbitrary co=
de with elevated privileges. Attackers can exploit the unquoted service pat=
h by placing malicious executables in specific directory locations to hijac=
k the service's execution context. 2026-02-06 7.8 CVE-2019-25266 [ https://= www.cve.org/CVERecord?id=3DCVE-2019-25266 ] ExploitDB-47617 [ https://www.e= xploit-db.com/exploits/47617 ]
Vendor Homepage [ https://www.wondershare.com/ ]
Software Product Page [ https://www.wondershare.com/drfone/ ]
VulnCheck Advisory: Wondershare Application Framework Service 2.4.3.231 - '= WsAppService' Unquote Service Path [ https://www.vulncheck.com/advisories/w= ondershare-application-framework-service-wsappservice-unquote-service-path ] =C2=A0 Wftpserver--Wing FTP Server Wing FTP Server 6.0.7 contains an unquot=
ed service path vulnerability that allows local attackers to potentially ex= ecute arbitrary code with elevated system privileges. Attackers can exploit=
the unquoted binary path in the service configuration to inject malicious = executables that will be launched with LocalSystem permissions. 2026-02-04 = 7.8 CVE-2019-25267 [ https://www.cve.org/CVERecord?id=3DCVE-2019-25267 ] Ex= ploitDB-47818 [ https://www.exploit-db.com/exploits/47818 ]
Wing FTP Server Official Homepage [ https://www.wftpserver.com/ ]
VulnCheck Advisory: Wing FTP Server 6.0.7 - Unquoted Service Path [ https:/= /www.vulncheck.com/advisories/wing-ftp-server-unquoted-service-path ]
=C2=A0 Netgate--Amiti Antivirus Amiti Antivirus 25.0.640 contains an unquot=
ed service path vulnerability in its Windows service configurations. Attack= ers can exploit the unquoted path to inject and execute malicious code with=
elevated LocalSystem privileges by placing executable files in specific di= rectory locations. 2026-02-04 7.8 CVE-2019-25269 [ https://www.cve.org/CVER= ecord?id=3DCVE-2019-25269 ] ExploitDB-47747 [ https://www.exploit-db.com/ex= ploits/47747 ]
Vendor Homepage [ http://www.netgate.sk/ ]
VulnCheck Advisory: Amiti Antivirus 25.0.640 - Unquoted Service Path Vulner= ability [ https://www.vulncheck.com/advisories/amiti-antivirus-unquoted-ser= vice-path-vulnerability ]
=C2=A0 NETGATE--Data Backup NETGATE Data Backup 3.0.620 contains an unquote=
d service path vulnerability in its NGDatBckpSrv Windows service configurat= ion. Attackers can exploit the unquoted path to inject and execute maliciou=
s code with LocalSystem privileges by placing executable files in specific = directory locations. 2026-02-04 7.8 CVE-2019-25271 [ https://www.cve.org/CV= ERecord?id=3DCVE-2019-25271 ] ExploitDB-47746 [ https://www.exploit-db.com/= exploits/47746 ]
Vendor Homepage [ http://www.netgate.sk/ ]
VulnCheck Advisory: NETGATE Data Backup 3.0.620 - 'NGDatBckpSrv' Unquoted S= ervice Path [ https://www.vulncheck.com/advisories/netgate-data-backup-ngda= tbckpsrv-unquoted-service-path ]
=C2=A0 Tenaxsoft--TexasSoft CyberPlanet TexasSoft CyberPlanet 6.4.131 conta= ins an unquoted service path vulnerability in the CCSrvProxy service that a= llows local attackers to execute arbitrary code. Attackers can exploit the = unquoted path in 'C:\Program Files (x86)\TenaxSoft\CyberPlanet\SrvProxy.exe=
' to inject malicious executables and gain elevated system privileges. 2026= -02-04 7.8 CVE-2019-25272 [ https://www.cve.org/CVERecord?id=3DCVE-2019-252=
72 ] ExploitDB-47724 [ https://www.exploit-db.com/exploits/47724 ]
Vendor Homepage [ https://tenaxsoft.com/index.html ]
VulnCheck Advisory: TexasSoft CyberPlanet 6.4.131 - 'CCSrvProxy' Unquoted S= ervice Path [ https://www.vulncheck.com/advisories/texassoft-cyberplanet-cc= srvproxy-unquoted-service-path ]
=C2=A0 Easy-Hide-Ip--IP Easy-Hide-IP 5.0.0.3 contains an unquoted service p= ath vulnerability in the EasyRedirect service that allows local attackers t=
o potentially execute arbitrary code. Attackers can exploit the unquoted pa=
th in 'C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe' to inject malici= ous executables and escalate privileges. 2026-02-04 7.8 CVE-2019-25273 [ ht= tps://www.cve.org/CVERecord?id=3DCVE-2019-25273 ] ExploitDB-47712 [ https:/= /www.exploit-db.com/exploits/47712 ]
Vendor Homepage [ https://easy-hide-ip.com ]
VulnCheck Advisory: Easy-Hide-IP 5.0.0.3 - 'EasyRedirect' Unquoted Service = Path [ https://www.vulncheck.com/advisories/easy-hide-ip-easyredirect-unquo= ted-service-path ]
=C2=A0 Photodex--ProShow Producer ProShow Producer 9.0.3797 contains an unq= uoted service path vulnerability in the ScsiAccess service that allows loca=
l attackers to potentially execute arbitrary code. Attackers can exploit th=
e unquoted binary path to inject malicious executables that will be run wit=
h LocalSystem privileges during service startup. 2026-02-04 7.8 CVE-2019-25= 274 [ https://www.cve.org/CVERecord?id=3DCVE-2019-25274 ] ExploitDB-47705 [=
https://www.exploit-db.com/exploits/47705 ]
Vendor Homepage [ http://www.photodex.com/ ]
VulnCheck Advisory: ProShow Producer 9.0.3797 - Unquoted Service Path [ htt= ps://www.vulncheck.com/advisories/proshow-producer-unquoted-service-path ] =C2=A0 FileHorse--BartVPN BartVPN 1.2.2 contains an unquoted service path v= ulnerability in the BartVPNService that allows local attackers to potential=
ly execute arbitrary code with elevated system privileges. Attackers can ex= ploit the unquoted binary path by placing malicious executables in specific=
file system locations to hijack the service's execution context. 2026-02-0=
4 7.8 CVE-2019-25275 [ https://www.cve.org/CVERecord?id=3DCVE-2019-25275 ] = ExploitDB-47675 [ https://www.exploit-db.com/exploits/47675 ]
Vendor Homepage [ https://www.filehorse.com/ ]
VulnCheck Advisory: BartVPN 1.2.2 - 'BartVPNService' Unquoted Service Path =
[ https://www.vulncheck.com/advisories/bartvpn-bartvpnservice-unquoted-serv= ice-path ]
=C2=A0 Rockwellautomation--Studio Studio 5000 Logix Designer 30.01.00 conta= ins an unquoted service path vulnerability in the FactoryTalk Activation Se= rvice that allows local users to potentially execute code with elevated pri= vileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\= Rockwell Software\FactoryTalk Activation\ to inject malicious code that wou=
ld execute with LocalSystem permissions. 2026-02-04 7.8 CVE-2019-25276 [ ht= tps://www.cve.org/CVERecord?id=3DCVE-2019-25276 ] ExploitDB-47676 [ https:/= /www.exploit-db.com/exploits/47676 ]
Rockwell Automation Homepage [ https://www.rockwellautomation.com/en_NA/ove= rview.page ]
VulnCheck Advisory: Studio 5000 Logix Designer 30.01.00 - 'FactoryTalk Acti= vation Service' Unquoted Service Path [ https://www.vulncheck.com/advisorie= s/studio-logix-designer-factorytalk-activation-service-unquoted-service-pat=
h ]
=C2=A0 ncp-e--NCP_Secure_Entry_Client NCP Secure Entry Client 9.2 contains =
an unquoted service path vulnerability in multiple Windows services that al= lows local users to potentially execute arbitrary code. Attackers can explo=
it the unquoted paths in services like ncprwsnt, rwsrsu, ncpclcfg, and NcpS=
ec to inject malicious code that would execute with LocalSystem privileges = during service startup. 2026-02-04 7.8 CVE-2019-25281 [ https://www.cve.org= /CVERecord?id=3DCVE-2019-25281 ] ExploitDB-47668 [ https://www.exploit-db.c= om/exploits/47668 ]
NCP Software Vendor Homepage [ http://software.ncp-e.com/ ]
VulnCheck Advisory: NCP_Secure_Entry_Client 9.2 - Unquoted Service Paths [ = https://www.vulncheck.com/advisories/ncpsecureentryclient-unquoted-service-= paths ]
=C2=A0 shrew--Shrew Soft VPN Client Shrew Soft VPN Client 2.2.2 contains an=
unquoted service path vulnerability that allows local users to execute arb= itrary code with elevated system privileges. Attackers can place malicious = executables in the unquoted service path to gain elevated access during ser= vice startup or system reboot. 2026-02-04 7.8 CVE-2019-25283 [ https://www.= cve.org/CVERecord?id=3DCVE-2019-25283 ] ExploitDB-47660 [ https://www.explo= it-db.com/exploits/47660 ]
Vendor Homepage [ https://www.shrew.net ]
VulnCheck Advisory: Shrew Soft VPN Client 2.2.2 - 'iked' Unquoted Service P= ath [ https://www.vulncheck.com/advisories/shrew-soft-vpn-client-iked-unquo= ted-service-path ]
=C2=A0 Alps--device Controller Alps Pointing-device Controller 8.1202.1711.=
04 contains an unquoted service path vulnerability in the ApHidMonitorServi=
ce that allows local attackers to execute code with elevated privileges. At= tackers can place a malicious executable in the service path and gain syste= m-level access when the service restarts or the system reboots. 2026-02-04 = 7.8 CVE-2019-25285 [ https://www.cve.org/CVERecord?id=3DCVE-2019-25285 ] Ex= ploitDB-47637 [ https://www.exploit-db.com/exploits/47637 ]
Official Alps Homepage [ https://www.alps.com/e/ ]
VulnCheck Advisory: Alps Pointing-device Controller 8.1202.1711.04 - 'ApHid= MonitorService' Unquoted Service Path [ https://www.vulncheck.com/advisorie= s/alps-pointing-device-controller-aphidmonitorservice-unquoted-service-path=
]
=C2=A0 Gcafe--_GCaf GCaf=C3=A9 3.0 contains an unquoted service path vulner= ability in the gbClientService that allows local attackers to potentially e= xecute arbitrary code with elevated privileges. Attackers can exploit the u= nquoted path in the service configuration to inject malicious executables t= hat will be run with LocalSystem permissions. 2026-02-04 7.8 CVE-2019-25286=
[ https://www.cve.org/CVERecord?id=3DCVE-2019-25286 ] ExploitDB-47604 [ ht= tps://www.exploit-db.com/exploits/47604 ]
GCaf=C3=A9 Official Vendor Homepage [ https://gcafe.vn/ ]
VulnCheck Advisory: _GCaf=C3=A9 3.0 - 'gbClienService' Unquoted Service Pat=
h [ https://www.vulncheck.com/advisories/gcafe-gbclienservice-unquoted-serv= ice-path ]
=C2=A0 Webcompanion--Adaware Web Companion version Adaware Web Companion ve= rsion 4.8.2078.3950 contains an unquoted service path vulnerability in the = WCAssistantService that allows local users to potentially execute code with=
elevated privileges. Attackers can exploit the unquoted path in C:\Program=
Files (x86)\Lavasoft\Web Companion\Application\ to inject malicious code t= hat would execute with LocalSystem privileges during service startup. 2026-= 02-04 7.8 CVE-2019-25287 [ https://www.cve.org/CVERecord?id=3DCVE-2019-2528=
7 ] ExploitDB-47597 [ https://www.exploit-db.com/exploits/47597 ]
Adaware Web Companion Official Website [ https://webcompanion.com/en/ ] VulnCheck Advisory: Adaware Web Companion version 4.8.2078.3950 - 'WCAssist= antService' Unquoted Service Path [ https://www.vulncheck.com/advisories/ad= aware-web-companion-version-wcassistantservice-unquoted-service-path ]
=C2=A0 Wacom--Wacom WTabletService Wacom WTabletService 6.6.7-3 contains an=
unquoted service path vulnerability that allows local attackers to execute=
malicious code with elevated privileges. Attackers can insert an executabl=
e file in the service path to run unauthorized code when the service restar=
ts or the system reboots. 2026-02-04 7.8 CVE-2019-25288 [ https://www.cve.o= rg/CVERecord?id=3DCVE-2019-25288 ] ExploitDB-47593 [ https://www.exploit-db= .com/exploits/47593 ]
Wacom Official Homepage [ https://www.wacom.com ]
VulnCheck Advisory: Wacom WTabletService 6.6.7-3 - 'WTabletServicePro' Unqu= oted Service Path [ https://www.vulncheck.com/advisories/wacom-wtabletservi= ce-wtabletservicepro-unquoted-service-path ]
=C2=A0 Alps--Alps HID Monitor Service Alps HID Monitor Service 8.1.0.10 con= tains an unquoted service path vulnerability that allows local attackers to=
potentially execute arbitrary code with elevated privileges. Attackers can=
exploit the unquoted path in C:\Program Files\Apoint2K\HidMonitorSvc.exe t=
o inject malicious executables and gain system-level access. 2026-02-06 7.8=
CVE-2019-25292 [ https://www.cve.org/CVERecord?id=3DCVE-2019-25292 ] Explo= itDB-47605 [ https://www.exploit-db.com/exploits/47605 ]
Official Product Homepage [ https://www.alps.com/e/ ]
VulnCheck Advisory: Alps HID Monitor Service 8.1.0.10 - 'ApHidMonitorServic=
e' Unquote Service Path [ https://www.vulncheck.com/advisories/alps-hid-mon= itor-service-aphidmonitorservice-unquote-service-path ]
=C2=A0 bluestacks--Blue Stacks App Player BlueStacks App Player 2.4.44.62.5=
7 contains an unquoted service path vulnerability in the BstHdLogRotatorSvc=
service that allows local attackers to potentially execute arbitrary code.=
Attackers can exploit the unquoted path in C:\Program Files (x86)\Bluestac= ks\HD-LogRotatorService.exe to inject malicious executables and escalate pr= ivileges. 2026-02-06 7.8 CVE-2019-25293 [ https://www.cve.org/CVERecord?id= =3DCVE-2019-25293 ] ExploitDB-47582 [ https://www.exploit-db.com/exploits/4= 7582 ]
Official Product Homepage [ https:/www.bluestacks.com ]
VulnCheck Advisory: Blue Stacks App Player 2.4.44.62.57 - "BstHdLogRotatorS= vc" Unquote Service Path [ https://www.vulncheck.com/advisories/blue-stacks= -app-player-bsthdlogrotatorsvc-unquote-service-path ]
=C2=A0 lolypop55--html5_snmp html5_snmp 1.11 contains multiple SQL injectio=
n vulnerabilities that allow attackers to manipulate database queries throu=
gh Router_ID and Router_IP parameters. Attackers can exploit error-based, t= ime-based, and union-based injection techniques to potentially extract or m= odify database information by sending crafted payloads. 2026-02-06 7.1 CVE-= 2019-25298 [ https://www.cve.org/CVERecord?id=3DCVE-2019-25298 ] ExploitDB-= 47588 [ https://www.exploit-db.com/exploits/47588 ]
Vendor Homepage [ https://github.com/lolypop55/html5_snmp ]
VulnCheck Advisory: html5_snmp 1.11 - 'Router_ID' SQL Injection [ https://w= ww.vulncheck.com/advisories/htmlsnmp-routerid-sql-injection ]
=C2=A0 rimbalinux--AhadPOS RimbaLinux AhadPOS 1.11 contains a SQL injection=
vulnerability in the 'alamatCustomer' parameter that allows attackers to m= anipulate database queries through crafted POST requests. Attackers can exp= loit time-based and boolean-based blind SQL injection techniques to extract=
information or potentially interact with the underlying database. 2026-02-=
06 7.1 CVE-2019-25299 [ https://www.cve.org/CVERecord?id=3DCVE-2019-25299 ]=
ExploitDB-47585 [ https://www.exploit-db.com/exploits/47585 ]
Vendor Homepage [ https://github.com/rimbalinux/AhadPOS ]
VulnCheck Advisory: rimbalinux AhadPOS 1.11 - 'alamatCustomer' SQL Injectio=
n [ https://www.vulncheck.com/advisories/rimbalinux-ahadpos-alamatcustomer-= sql-injection ]
=C2=A0 thejshen--Globitek CMS thejshen Globitek CMS 1.4 contains a SQL inje= ction vulnerability that allows attackers to manipulate database queries th= rough the 'id' GET parameter. Attackers can exploit boolean-based, time-bas= ed, and UNION-based SQL injection techniques to potentially extract or modi=
fy database information. 2026-02-06 7.1 CVE-2019-25300 [ https://www.cve.or= g/CVERecord?id=3DCVE-2019-25300 ] ExploitDB-47581 [ https://www.exploit-db.= com/exploits/47581 ]
Vendor Homepage [ https://github.com/thejshen/contentManagementSystem ] VulnCheck Advisory: thejshen Globitek CMS 1.4 - 'id' SQL Injection [ https:= //www.vulncheck.com/advisories/thejshen-globitek-cms-id-sql-injection ]
=C2=A0 Acer--Launch Manager Acer Launch Manager 6.1.7600.16385 contains an = unquoted service path vulnerability in the DsiWMIService that allows local = users to potentially execute code with elevated privileges. Attackers can e= xploit the unquoted path in C:\Program Files (x86)\Launch Manager\dsiwmis.e=
xe to insert malicious code that would execute with system-level permission=
s during service startup. 2026-02-06 7.8 CVE-2019-25302 [ https://www.cve.o= rg/CVERecord?id=3DCVE-2019-25302 ] ExploitDB-47577 [ https://www.exploit-db= .com/exploits/47577 ]
Acer Official Website [ https://www.acer.com/ ]
VulnCheck Advisory: Acer Launch Manager 6.1.7600.16385 - 'DsiWMIService' Un= quoted Service Path [ https://www.vulncheck.com/advisories/acer-launch-mana= ger-dsiwmiservice-unquoted-service-path ]
=C2=A0 thejshen--contentManagementSystem TheJshen ContentManagementSystem 1= .04 contains a SQL injection vulnerability that allows attackers to manipul= ate database queries through the 'id' GET parameter. Attackers can exploit = boolean-based, time-based, and UNION-based SQL injection techniques to extr= act or manipulate database information by crafting malicious query payloads=
. 2026-02-06 7.1 CVE-2019-25303 [ https://www.cve.org/CVERecord?id=3DCVE-20= 19-25303 ] ExploitDB-47569 [ https://www.exploit-db.com/exploits/47569 ]
Vendor Homepage [ https://github.com/thejshen/contentManagementSystem ] VulnCheck Advisory: TheJshen contentManagementSystem 1.04 - 'id' SQL Inject= ion [ https://www.vulncheck.com/advisories/thejshen-contentmanagementsystem= -id-sql-injection ]
=C2=A0 Issivs--Intelligent Security System SecurOS Enterprise SecurOS Enter= prise 10.2 contains an unquoted service path vulnerability in the SecurosCt= rlService that allows local users to potentially execute code with elevated=
privileges. Attackers can exploit the unquoted path in C:\Program Files (x= 86)\ISS\SecurOS\ to insert malicious code that would execute with system-le= vel permissions during service startup. 2026-02-06 7.8 CVE-2019-25304 [ htt= ps://www.cve.org/CVERecord?id=3DCVE-2019-25304 ] ExploitDB-47556 [ https://= www.exploit-db.com/exploits/47556 ]
Vendor Product Homepage [ https://www.issivs.com/product-detail/secure-os-e= nterprise/ ]
Company Website [ https://www.issivs.com ]
VulnCheck Advisory: Intelligent Security System SecurOS Enterprise 10.2 - '= SecurosCtrlService' Unquoted Service Path [ https://www.vulncheck.com/advis= ories/intelligent-security-system-securos-enterprise-securosctrlservice-unq= uoted-service-path ]
=C2=A0 Inforprograma--JumpStart JumpStart 0.6.0.0 contains an unquoted serv= ice path vulnerability in the jswpbapi service running with LocalSystem pri= vileges. Attackers can exploit the unquoted path containing spaces to injec=
t and execute malicious code with elevated system permissions. 2026-02-06 7=
.8 CVE-2019-25305 [ https://www.cve.org/CVERecord?id=3DCVE-2019-25305 ] Exp= loitDB-47549 [ https://www.exploit-db.com/exploits/47549 ]
Official Product Homepage [ https://www.inforprograma.net/ ]
VulnCheck Advisory: JumpStart 0.6.0.0 - 'jswpbapi' Unquoted Service Path [ = https://www.vulncheck.com/advisories/jumpstart-jswpbapi-unquoted-service-pa=
th ]
=C2=A0 VictorAlagwu--CMSsite Victor CMS 1.0 contains a stored cross-site sc= ripting vulnerability in the 'comment_author' POST parameter that allows at= tackers to inject malicious scripts. Attackers can submit crafted JavaScrip=
t payloads through the comment submission form to execute arbitrary code in=
victim browsers. 2026-02-03 7.2 CVE-2020-37072 [ https://www.cve.org/CVERe= cord?id=3DCVE-2020-37072 ] ExploitDB-48484 [ https://www.exploit-db.com/exp= loits/48484 ]
Victor CMS Project Repository [ https://github.com/VictorAlagwu/CMSsite ] VulnCheck Advisory: Victor CMS 1.0 - 'comment_author' Persistent Cross-Site=
Scripting [ https://www.vulncheck.com/advisories/victor-cms-commentauthor-= persistent-cross-site-scripting ]
=C2=A0 Fishing Reservation System--Fishing Reservation System Fishing Reser= vation System 7.5 contains multiple remote SQL injection vulnerabilities in=
admin.php, cart.php, and calendar.php that allow attackers to inject malic= ious SQL commands. Attackers can exploit vulnerable parameters like uid, pi=
d, type, m, y, and code to compromise the database management system and we=
b application without user interaction. 2026-02-03 7.1 CVE-2020-37081 [ htt= ps://www.cve.org/CVERecord?id=3DCVE-2020-37081 ] ExploitDB-48417 [ https://= www.exploit-db.com/exploits/48417 ]
Vulnerability-Lab Researcher Disclosure [ https://www.vulnerability-lab.com= /get_content.php?id=3D2243 ]
Fishing Reservation System Homepage [ https://fishingreservationsystem.com/= index.html ]
VulnCheck Advisory: Fishing Reservation System 7.5 - 'uid' SQL Injection [ = https://www.vulncheck.com/advisories/fishing-reservation-system-uid-sql-inj= ection ]
=C2=A0 SunnySideSoft--VirtualTablet Server VirtualTablet Server 3.0.2 conta= ins a denial of service vulnerability that allows attackers to crash the se= rvice by sending oversized string payloads through the Thrift protocol. Att= ackers can exploit the vulnerability by sending a long string to the send_s= ay() method, causing the server to become unresponsive. 2026-02-03 7.5 CVE-= 2020-37085 [ https://www.cve.org/CVERecord?id=3DCVE-2020-37085 ] ExploitDB-= 48402 [ https://www.exploit-db.com/exploits/48402 ]
Official Product Homepage [ http://www.sunnysidesoft.com/ ]
VulnCheck Advisory: VirtualTablet Server 3.0.2 - Denial of Service (PoC) [ = https://www.vulncheck.com/advisories/virtualtablet-server-denial-of-service= -poc ]
=C2=A0 Arox--School ERP Pro School ERP Pro 1.0 contains a file disclosure v= ulnerability that allows unauthenticated attackers to read arbitrary files =
by manipulating the 'document' parameter in download.php. Attackers can acc= ess sensitive configuration files by supplying directory traversal paths to=
retrieve system credentials and configuration information. 2026-02-03 7.5 = CVE-2020-37088 [ https://www.cve.org/CVERecord?id=3DCVE-2020-37088 ] Exploi= tDB-48394 [ https://www.exploit-db.com/exploits/48394 ]
Archived Vendor Homepage [ https://web.archive.org/web/20200129123503/http:= //arox.in/ ]
Archived SourceForge Product Page [ https://web.archive.org/web/20190612111= 732/https://sourceforge.net/projects/school-erp-ultimate/ ]
VulnCheck Advisory: School ERP Pro 1.0 - Arbitrary File Read [ https://www.= vulncheck.com/advisories/school-erp-pro-arbitrary-file-read ]
=C2=A0 Netis Systems Co., Ltd.--Netis E1+ Netis E1+ version 1.2.32533 conta= ins a hardcoded root account vulnerability that allows unauthenticated atta= ckers to access the device with predefined credentials. Attackers can lever= age the embedded root account with a crackable password to gain full admini= strative access to the network device. 2026-02-03 7.5 CVE-2020-37092 [ http= s://www.cve.org/CVERecord?id=3DCVE-2020-37092 ] ExploitDB-48382 [ https://w= ww.exploit-db.com/exploits/48382 ]
Netis Systems Official Homepage [ http://www.netis-systems.com ]
VulnCheck Advisory: Netis E1+ 1.2.32533 - Backdoor Account (root) [ https:/= /www.vulncheck.com/advisories/netis-e-backdoor-account-root ]
=C2=A0 Netis Systems Co., Ltd.--Netis E1+ Netis E1+ 1.2.32533 contains an i= nformation disclosure vulnerability that allows unauthenticated attackers t=
o retrieve WiFi passwords through the netcore_get.cgi endpoint. Attackers c=
an send a GET request to the endpoint to extract sensitive network credenti= als including SSID and WiFi passwords in plain text. 2026-02-03 7.5 CVE-202= 0-37093 [ https://www.cve.org/CVERecord?id=3DCVE-2020-37093 ] ExploitDB-483=
84 [ https://www.exploit-db.com/exploits/48384 ]
Netis Systems Official Homepage [ http://www.netis-systems.com ]
VulnCheck Advisory: Netis E1+ 1.2.32533 - Unauthenticated WiFi Password Lea=
k [ https://www.vulncheck.com/advisories/netis-e-unauthenticated-wifi-passw= ord-leak ]
=C2=A0 EDIMAX Technology Co., Ltd.--EW-7438RPn Mini Edimax EW-7438RPn 1.13 = contains an information disclosure vulnerability that exposes WiFi network = configuration details through the wlencrypt_wiz.asp file. Attackers can acc= ess the script to retrieve sensitive information including WiFi network nam=
e and plaintext password stored in device configuration variables. 2026-02-=
03 7.5 CVE-2020-37097 [ https://www.cve.org/CVERecord?id=3DCVE-2020-37097 ]=
ExploitDB-48365 [ https://www.exploit-db.com/exploits/48365 ]
Edimax EW-7438RPn Product Homepage [ https://www.edimax.com/edimax/merchand= ise/merchandise_detail/data/edimax/global/wi-fi_range_extenders_n300/ew-743= 8rpn_mini/ ]
VulnCheck Advisory: Edimax EW-7438RPn 1.13 - Information Disclosure (WiFi P= assword) [ https://www.vulncheck.com/advisories/edimax-ew-rpn-information-d= isclosure-wifi-password ]
=C2=A0 DiskSorter--Disk Sorter Enterprise Disk Sorter Enterprise 12.4.16 co= ntains an unquoted service path vulnerability that allows local attackers t=
o execute arbitrary code with elevated system privileges. Attackers can exp= loit the unquoted path in the service configuration to inject malicious exe= cutables that will be launched with LocalSystem permissions. 2026-02-03 7.8=
CVE-2020-37098 [ https://www.cve.org/CVERecord?id=3DCVE-2020-37098 ] Explo= itDB-48048 [ https://www.exploit-db.com/exploits/48048 ]
Vendor Homepage [ http://www.disksorter.com ]
VulnCheck Advisory: Disk Sorter Enterprise 12.4.16 - Unquoted Service Path =
[ https://www.vulncheck.com/advisories/disk-sorter-enterprise-unquoted-serv= ice-path ]
=C2=A0 DiskSavvy--Disk Savvy Enterprise Disk Savvy Enterprise 12.3.18 conta= ins an unquoted service path vulnerability in its service configuration tha=
t allows local attackers to potentially execute arbitrary code. Attackers c=
an exploit the unquoted path in 'C:\Program Files\Disk Savvy Enterprise\bin= \disksvs.exe' to inject malicious executables and escalate privileges. 2026= -02-03 7.8 CVE-2020-37099 [ https://www.cve.org/CVERecord?id=3DCVE-2020-370=
99 ] ExploitDB-48049 [ https://www.exploit-db.com/exploits/48049 ]
Vendor Homepage [ http://www.disksavvy.com ]
VulnCheck Advisory: Disk Savvy Enterprise 12.3.18 - 'disksvs.exe' Unquoted = Service Path [ https://www.vulncheck.com/advisories/disk-savvy-enterprise-d= isksvsexe-unquoted-service-path ]
=C2=A0 SyncBreeze--Sync Breeze Enterprise Sync Breeze Enterprise 12.4.18 co= ntains an unquoted service path vulnerability that allows local attackers t=
o execute arbitrary code with elevated system privileges. Attackers can exp= loit the unquoted binary path by placing malicious executables in specific = file system locations to hijack the service startup process. 2026-02-03 7.8=
CVE-2020-37100 [ https://www.cve.org/CVERecord?id=3DCVE-2020-37100 ] Explo= itDB-48045 [ https://www.exploit-db.com/exploits/48045 ]
Vendor Homepage [ http://www.syncbreeze.com ]
VulnCheck Advisory: Sync Breeze Enterprise 12.4.18 - Unquoted Service Path =
[ https://www.vulncheck.com/advisories/sync-breeze-enterprise-unquoted-serv= ice-path ]
=C2=A0 Vpnunlimitedapp--VPN unlimited VPN Unlimited 6.1 contains an unquote=
d service path vulnerability that allows local attackers to inject maliciou=
s executables into the service binary path. Attackers can exploit the unquo= ted path in 'C:\Program Files (x86)\VPN Unlimited to replace the service ex= ecutable and gain elevated system privileges. 2026-02-03 7.8 CVE-2020-37101=
[ https://www.cve.org/CVERecord?id=3DCVE-2020-37101 ] ExploitDB-47916 [ ht= tps://www.exploit-db.com/exploits/47916 ]
VPN Unlimited Official Homepage [ https://www.vpnunlimitedapp.com ]
VulnCheck Advisory: VPN unlimited 6.1 - Unquoted Service Path [ https://www= .vulncheck.com/advisories/vpn-unlimited-unquoted-service-path ]
=C2=A0 Lavasoft--Web Companion Adaware Web Companion 4.9.2159 contains an u= nquoted service path vulnerability in the WCAssistantService that allows lo= cal attackers to potentially execute arbitrary code. Attackers can exploit = the unquoted binary path to inject malicious executables that will be run w= ith LocalSystem privileges during service startup. 2026-02-03 7.8 CVE-2020-= 37102 [ https://www.cve.org/CVERecord?id=3DCVE-2020-37102 ] ExploitDB-47852=
[ https://www.exploit-db.com/exploits/47852 ]
Vendor Homepage [ http://webcompanion.com/ ]
Software Download Link [ http://webcompanion.com/LP-WC002/index.php?partner= =3DLU150701WEBDIRECT&campaign=3Dwww.doc2pdf.com&search=3D2&homepage=3D2&bd= =3D2 ]
VulnCheck Advisory: Adaware Web Companion 4.9.2159 - 'WCAssistantService' U= nquoted Service Path [ https://www.vulncheck.com/advisories/adaware-web-com= panion-wcassistantservice-unquoted-service-path ]
=C2=A0 redmine--PMB PMB 5.6 contains a SQL injection vulnerability in the a= dministration download script that allows authenticated attackers to execut=
e arbitrary SQL commands through the 'logid' parameter. Attackers can lever= age this vulnerability by sending crafted requests to the /admin/sauvegarde= /download.php endpoint with manipulated logid values to interact with the d= atabase. 2026-02-03 7.1 CVE-2020-37105 [ https://www.cve.org/CVERecord?id= =3DCVE-2020-37105 ] ExploitDB-48356 [ https://www.exploit-db.com/exploits/4= 8356 ]
Vendor Homepage [ http://www.sigb.net ]
Software Download Repository [ http://forge.sigb.net/redmine/projects/pmb/f= iles ]
VulnCheck Advisory: PMB 5.6 - 'logid' SQL Injection [ https://www.vulncheck= .com/advisories/pmb-logid-sql-injection ]
=C2=A0 Core FTP--Core FTP LE Core FTP LE 2.2 contains a denial of service v= ulnerability that allows attackers to crash the application by overwriting = the account field with a large buffer. Attackers can create a text file wit=
h 20,000 repeated characters and paste it into the account field to cause t=
he application to become unresponsive and require reinstallation. 2026-02-0=
6 7.5 CVE-2020-37107 [ https://www.cve.org/CVERecord?id=3DCVE-2020-37107 ] = ExploitDB-48137 [ https://www.exploit-db.com/exploits/48137 ]
Core FTP Vendor Homepage [ http://www.coreftp.com/ ]
Core FTP Download Page [ http://www.coreftp.com/download.html ]
VulnCheck Advisory: Core FTP LE 2.2 - Denial of Service [ https://www.vulnc= heck.com/advisories/core-ftp-le-denial-of-service ]
=C2=A0 AllHandsMarketing--PhpIX 2012 Professional PhpIX 2012 Professional c= ontains a SQL injection vulnerability in the 'id' parameter of product_deta= il.php that allows remote attackers to manipulate database queries. Attacke=
rs can inject malicious SQL code through the 'id' parameter to potentially = extract or modify database information. 2026-02-03 7.1 CVE-2020-37108 [ htt= ps://www.cve.org/CVERecord?id=3DCVE-2020-37108 ] ExploitDB-48138 [ https://= www.exploit-db.com/exploits/48138 ]
Vendor Homepage [ http://www.allhandsmarketing.com/ ]
Demonstration Website [ http://www.pcollectionnecktie.com/sandbox/ ]
VulnCheck Advisory: PhpIX 2012 Professional - 'id' SQL Injection [ https://= www.vulncheck.com/advisories/phpix-professional-id-sql-injection ]
=C2=A0 asc Applied Software Consultants--aSc TimeTables aSc TimeTables 2020= .11.4 contains a denial of service vulnerability that allows attackers to c= rash the application by overwriting the Subject title field with a large bu= ffer. Attackers can generate a 1000-character buffer and paste it into the = Subject title to trigger an application crash and potential instability. 20= 26-02-06 7.5 CVE-2020-37109 [ https://www.cve.org/CVERecord?id=3DCVE-2020-3= 7109 ] ExploitDB-48133 [ https://www.exploit-db.com/exploits/48133 ]
Vendor Homepage [ https://www.asctimetables.com/#!/home ]
VulnCheck Advisory: aSc TimeTables 2020.11.4 - Denial of Service [ https://= www.vulncheck.com/advisories/asc-timetables-denial-of-service ]
=C2=A0 Openeclass--GUnet OpenEclass GUnet OpenEclass 1.7.3 contains multipl=
e SQL injection vulnerabilities that allow authenticated attackers to manip= ulate database queries through unvalidated parameters. Attackers can exploi=
t the 'month' parameter in the agenda module and other endpoints to extract=
sensitive database information using error-based or time-based injection t= echniques. 2026-02-03 7.1 CVE-2020-37112 [ https://www.cve.org/CVERecord?id= =3DCVE-2020-37112 ] ExploitDB-48163 [ https://www.exploit-db.com/exploits/4= 8163 ]
Official Vendor Homepage [ https://www.openeclass.org/ ]
Changelog [ https://download.openeclass.org/files/docs/1.7/CHANGES.txt ] VulnCheck Advisory: GUnet OpenEclass 1.7.3 E-learning platform - 'month' SQ=
L Injection [ https://www.vulncheck.com/advisories/gunet-openeclass-e-learn= ing-platform-month-sql-injection ]
=C2=A0 Nsauditor--FTP Password Recover SpotFTP-FTP Password Recover 2.4.8 c= ontains a denial of service vulnerability that allows attackers to crash th=
e application by generating a large buffer overflow. Attackers can create a=
text file with 1000 'Z' characters and input it as a registration code to = trigger the application crash. 2026-02-06 7.5 CVE-2020-37122 [ https://www.= cve.org/CVERecord?id=3DCVE-2020-37122 ] ExploitDB-48132 [ https://www.explo= it-db.com/exploits/48132 ]
Vendor Homepage [ http://www.nsauditor.com/ ]
Software Download Page [ http://www.nsauditor.com/spotftp.html ]
VulnCheck Advisory: SpotFTP-FTP Password Recover 2.4.8 - Denial of Service =
[ https://www.vulncheck.com/advisories/spotftp-ftp-password-recover-denial-= of-service ]
=C2=A0 Nsauditor--Nsauditor Nsauditor 3.2.0.0 contains a denial of service = vulnerability in the registration name input field that allows attackers to=
crash the application. Attackers can create a malicious payload of 1000 by= tes of repeated characters to trigger an application crash when pasted into=
the registration name field. 2026-02-05 7.5 CVE-2020-37130 [ https://www.c= ve.org/CVERecord?id=3DCVE-2020-37130 ] ExploitDB-48286 [ https://www.exploi= t-db.com/exploits/48286 ]
Vendor Homepage [ http://www.nsauditor.com ]
VulnCheck Advisory: Nsauditor 3.2.0.0 - 'Name' Denial of Service [ https://= www.vulncheck.com/advisories/nsauditor-name-denial-of-service ]
=C2=A0 UltraVNC Team--UltraVNC Launcher UltraVNC Launcher 1.2.4.0 contains =
a denial of service vulnerability in the Repeater Host configuration field = that allows attackers to crash the application. Attackers can paste an over=
ly long string of 300 characters into the Repeater Host property to trigger=
an application crash. 2026-02-05 7.5 CVE-2020-37133 [ https://www.cve.org/= CVERecord?id=3DCVE-2020-37133 ] ExploitDB-48288 [ https://www.exploit-db.co= m/exploits/48288 ]
UltraVNC Official Homepage [ https://www.uvnc.com/ ]
VulnCheck Advisory: UltraVNC Launcher 1.2.4.0 - 'RepeaterHost' Denial of Se= rvice [ https://www.vulncheck.com/advisories/ultravnc-launcher-repeaterhost= -denial-of-service ]
=C2=A0 UltraVNC Team--UltraVNC Viewer UltraVNC Viewer 1.2.4.0 contains a de= nial of service vulnerability that allows attackers to crash the applicatio=
n by manipulating VNC Server input. Attackers can generate a malformed 256-= byte payload and paste it into the VNC Server connection dialog to trigger =
an application crash. 2026-02-05 7.5 CVE-2020-37134 [ https://www.cve.org/C= VERecord?id=3DCVE-2020-37134 ] ExploitDB-48291 [ https://www.exploit-db.com= /exploits/48291 ]
UltraVNC Official Homepage [ https://www.uvnc.com/ ]
VulnCheck Advisory: UltraVNC Viewer 1.2.4.0 - 'VNCServer' Denial of Service=
[ https://www.vulncheck.com/advisories/ultravnc-viewer-vncserver-denial-of= -service ]
=C2=A0 Amssplus--AMSS++ AMSS++ 4.7 contains an authentication bypass vulner= ability that allows attackers to access administrative accounts using hardc= oded credentials. Attackers can log in with the default admin username and = password '1234' to gain unauthorized administrative access to the system. 2= 026-02-06 7.5 CVE-2020-37135 [ https://www.cve.org/CVERecord?id=3DCVE-2020-= 37135 ] ExploitDB-48114 [ https://www.exploit-db.com/exploits/48114 ]
VulnCheck Advisory: AMSS++ 4.7 - Backdoor Admin Account [ https://www.vulnc= heck.com/advisories/amss-backdoor-admin-account ]
=C2=A0 EmTec--ZOC Terminal ZOC Terminal 7.25.5 contains a denial of service=
vulnerability in the private key file input field that allows attackers to=
crash the application. Attackers can overwrite the private key file input = with a 2000-byte buffer, causing the application to become unresponsive whe=
n attempting to create SSH key files. 2026-02-05 7.5 CVE-2020-37136 [ https= ://www.cve.org/CVERecord?id=3DCVE-2020-37136 ] ExploitDB-48292 [ https://ww= w.exploit-db.com/exploits/48292 ]
Vendor Homepage [ https://www.emtec.com ]
VulnCheck Advisory: ZOC Terminal v7.25.5 - 'Private key file' Denial of Ser= vice [ https://www.vulncheck.com/advisories/zoc-terminal-private-key-file-d= enial-of-service ]
=C2=A0 GE Intelligent Platforms, Inc.--ProficySCADA for iOS ProficySCADA fo=
r iOS 5.0.25920 contains a denial of service vulnerability that allows atta= ckers to crash the application by manipulating the password input field. At= tackers can overwrite the password field with 257 bytes of repeated charact= ers to trigger an application crash and prevent successful authentication. = 2026-02-05 7.5 CVE-2020-37143 [ https://www.cve.org/CVERecord?id=3DCVE-2020= -37143 ] ExploitDB-48236 [ https://www.exploit-db.com/exploits/48236 ]
Archived App Software [ https://download.cnet.com/proficyscada/3000-2064_4-= 75728256.html ]
VulnCheck Advisory: ProficySCADA for iOS 5.0.25920 - 'Password' Denial of S= ervice [ https://www.vulncheck.com/advisories/proficyscada-for-ios-password= -denial-of-service ]
=C2=A0 ACE SECURITY--Aptina AR0130 960P 1.3MP Camera ACE Security WiP-90113=
HD Camera contains a configuration disclosure vulnerability that allows un= authenticated attackers to retrieve sensitive configuration files. Attacker=
s can access the camera's configuration backup by sending a GET request to = the /config_backup.bin endpoint, exposing credentials and system settings. = 2026-02-06 7.5 CVE-2020-37146 [ https://www.cve.org/CVERecord?id=3DCVE-2020= -37146 ] ExploitDB-48127 [ https://www.exploit-db.com/exploits/48127 ]
Vendor Homepage [ https://acesecurity.jp ]
Product Support Page [ https://acesecurity.jp/support/top/wip_series/wip-90= 113 ]
VulnCheck Advisory: Aptina AR0130 960P 1.3MP Camera - Remote Configuration = Disclosure [ https://www.vulncheck.com/advisories/aptina-ar-p-mp-camera-rem= ote-configuration-disclosure ]
=C2=A0 Atutor--ATutor ATutor 2.2.4 contains a SQL injection vulnerability i=
n the admin user deletion page that allows authenticated attackers to manip= ulate database queries through the 'id' parameter. Attackers can exploit th=
e vulnerability by injecting malicious SQL code into the 'id' parameter of = the admin_delete.php script to potentially extract or modify database infor= mation. 2026-02-06 7.1 CVE-2020-37147 [ https://www.cve.org/CVERecord?id=3D= CVE-2020-37147 ] ExploitDB-48117 [ https://www.exploit-db.com/exploits/4811=
7 ]
ATutor Official Homepage [ https://atutor.github.io/ ]
VulnCheck Advisory: ATutor 2.2.4 - 'id' SQL Injection [ https://www.vulnche= ck.com/advisories/atutor-id-sql-injection ]
=C2=A0 EDIMAX Technology--EW-7438RPn Mini Edimax EW-7438RPn-v3 Mini 1.27 al= lows unauthenticated attackers to access the /wizard_reboot.asp page in uns= etup mode, which discloses the Wi-Fi SSID and security key. Attackers can r= etrieve the wireless password by sending a GET request to this endpoint, ex= posing sensitive information without authentication. 2026-02-05 7.5 CVE-202= 0-37150 [ https://www.cve.org/CVERecord?id=3DCVE-2020-37150 ] ExploitDB-483=
18 [ https://www.exploit-db.com/exploits/48318 ]
Edimax EW-7438RPn Mini Product Page [ https://www.edimax.com/edimax/merchan= dise/merchandise_detail/data/edimax/global/wi-fi_range_extenders_n300/ew-74= 38rpn_mini/ ]
VulnCheck Advisory: Edimax Technology EW-7438RPn-v3 Mini 1.27 - Unauthorize=
d Access: Wi-Fi Password Disclosure [ https://www.vulncheck.com/advisories/= edimax-technology-ew-rpn-mini-unauthorized-access-wi-fi-password-disclosure=
]
=C2=A0 Tripath Project--eLection eLection 2.0 contains an authenticated SQL=
injection vulnerability in the candidate management endpoint that allows a= ttackers to manipulate database queries through the 'id' parameter. Attacke=
rs can leverage SQLMap to exploit the vulnerability, potentially gaining re= mote code execution by uploading backdoor files to the web application dire= ctory. 2026-02-06 7.1 CVE-2020-37154 [ https://www.cve.org/CVERecord?id=3DC= VE-2020-37154 ] ExploitDB-48122 [ https://www.exploit-db.com/exploits/48122=
]
eLection Project Vendor Homepage [ https://sourceforge.net/projects/electio= n-by-tripath/ ]
Researcher Exploit Disclosure [ https://github.com/J3rryBl4nks/eLection-Tri= Path-/blob/master/SQLiIntoRCE.md ]
VulnCheck Advisory: eLection 2.0 - 'id' SQL Injection [ https://www.vulnche= ck.com/advisories/election-id-sql-injection ]
=C2=A0 Core FTP--Core FTP Lite Core FTP Lite 1.3 contains a buffer overflow=
vulnerability in the username input field that allows attackers to crash t=
he application by supplying oversized input. Attackers can generate a 7000-= byte payload of repeated 'A' characters to trigger an application crash wit= hout requiring additional interaction. 2026-02-06 7.5 CVE-2020-37155 [ http= s://www.cve.org/CVERecord?id=3DCVE-2020-37155 ] ExploitDB-48100 [ https://w= ww.exploit-db.com/exploits/48100 ]
Core FTP Official Homepage [ http://www.coreftp.com/ ]
VulnCheck Advisory: Core FTP Lite 1.3 - Denial of Service (PoC) [ https://w= ww.vulncheck.com/advisories/core-ftp-lite-denial-of-service-poc ]
=C2=A0 DBPower--DBPower C300 HD Camera DBPower C300 HD Camera contains a co= nfiguration disclosure vulnerability that allows unauthenticated attackers =
to retrieve sensitive credentials through an unprotected configuration back=
up endpoint. Attackers can download the configuration file and extract hard= coded username and password by accessing the /tmpfs/config_backup.bin resou= rce. 2026-02-06 7.5 CVE-2020-37157 [ https://www.cve.org/CVERecord?id=3DCVE= -2020-37157 ] ExploitDB-48095 [ https://www.exploit-db.com/exploits/48095 ] Archived Researcher Blog [ https://web.archive.org/web/20200620110617/https= ://donev.eu/blog/dbpower-c300-multiple-vulnerabilities ]
VulnCheck Advisory: DBPower C300 HD Camera - Remote Configuration Disclosur=
e [ https://www.vulncheck.com/advisories/dbpower-c-hd-camera-remote-configu= ration-disclosure ]
=C2=A0 Innomic--VibroLine Configurator 5.0 A local attacker could cause a f= ull device reset by resetting the device passwords using an invalid reset f= ile via USB. 2026-02-02 7.7 CVE-2022-50976 [ https://www.cve.org/CVERecord?= id=3DCVE-2022-50976 ] https://www.innomic.com/.well-known/csaf/white/2026/i= ds-2026-0001.html https://www.innomic.com/.well-known/csaf/white/2026/ids-2026-0001.json
=C2=A0 Innomic--VibroLine VLX1 HD 5.0 An unauthenticated remote attacker co= uld potentially disrupt operations by switching=C2=A0between multiple confi= guration presets via HTTP. 2026-02-02 7.5 CVE-2022-50977 [ https://www.cve.= org/CVERecord?id=3DCVE-2022-50977 ] https://www.innomic.com/.well-known/csa= f/white/2026/ids-2026-0001.html https://www.innomic.com/.well-known/csaf/white/2026/ids-2026-0001.json
=C2=A0 Innomic--VibroLine VLX1 HD 5.0 An unauthenticated remote attacker co= uld potentially disrupt operations by switching between multiple configurat= ion presets via Modbus (TCP). 2026-02-02 7.5 CVE-2022-50978 [ https://www.c= ve.org/CVERecord?id=3DCVE-2022-50978 ] https://www.innomic.com/.well-known/= csaf/white/2026/ids-2026-0001.html https://www.innomic.com/.well-known/csaf/white/2026/ids-2026-0001.json
=C2=A0 Talemy--Spirit Framework Improper Control of Filename for Include/Re= quire Statement in PHP Program ('PHP Remote File Inclusion') vulnerability =
in Talemy Spirit Framework allows PHP Local File Inclusion. This issue affe= cts Spirit Framework: from n/a through 1.2.13. 2026-02-02 7.5 CVE-2024-5426=
3 [ https://www.cve.org/CVERecord?id=3DCVE-2024-54263 ] https://patchstack.= com/database/wordpress/plugin/spirit-framework/vulnerability/wordpress-spir= it-framework-plugin-1-2-13-local-file-inclusion-vulnerability?_s_id=3Dcve =C2=A0 Zyxel--ATP series firmware A post=E2=80=91authentication command inj= ection vulnerability in the Dynamic DNS (DDNS) configuration CLI command in=
Zyxel ATP series firmware versions from V5.35 through V5.41, USG FLEX seri=
es firmware versions from V5.35 through V5.41, USG FLEX 50(W) series firmwa=
re versions from V5.35 through V5.41, and USG20(W)-VPN series firmware vers= ions from V5.35 through V5.41 could allow an authenticated attacker with ad= ministrator privileges to execute operating system (OS) commands on an affe= cted device by supplying a specially crafted string as an argument to the C=
LI command. 2026-02-05 7.2 CVE-2025-11730 [ https://www.cve.org/CVERecord?i= d=3DCVE-2025-11730 ] https://www.zyxel.com/global/en/support/security-advis= ories/zyxel-security-advisory-for-post-authentication-command-injection-vul= nerability-in-the-ddns-configuration-cli-command-of-zld-firewalls-02-05-2026 =C2=A0 IBM--Business Automation Workflow containers IBM Business Automation=
Workflow containers V25.0.0 through V25.0.0-IF007, V24.0.1 - V24.0.1-IF007=
, V24.0.0 - V24.0.0-IF007 and IBM Business Automation Workflow traditional = V25.0.0, V24.0.1, V24.0.0 is vulnerable to an XML external entity injection=
(XXE) attack when processing XML data. A=C2=A0remote attacker could exploi=
t this vulnerability to expose sensitive information or consume memory=C2= =A0resources. 2026-02-02 7.1 CVE-2025-13096 [ https://www.cve.org/CVERecord= ?id=3DCVE-2025-13096 ] https://www.ibm.com/support/pages/node/7259321
=C2=A0 Mattermost--Mattermost Confluence Plugin Mattermost Confluence plugi=
n version <1.7.0 fails to properly escape user-controlled display names in = HTML template rendering which allows authenticated Confluence users with ma= licious display names to execute arbitrary JavaScript in victim browsers vi=
a sending a specially crafted OAuth2 connection link that, when visited, re= nders the attacker's display name without proper sanitization. Mattermost A= dvisory ID: MMSA-2025-00557 2026-02-06 7.7 CVE-2025-13523 [ https://www.cve= .org/CVERecord?id=3DCVE-2025-13523 ] MMSA-2025-00557 [ https://mattermost.c= om/security-updates ]
=C2=A0 IBM--WebSphere Application Server Liberty IBM WebSphere Application = Server Liberty 17.0.0.3 through 26.0.0.1=C2=A0could allow a privileged user=
to upload a zip archive containing path traversal sequences resulting in a=
n overwrite of files leading to arbitrary code execution. 2026-02-02 7.6 CV= E-2025-14914 [ https://www.cve.org/CVERecord?id=3DCVE-2025-14914 ] https://= www.ibm.com/support/pages/node/7258224
=C2=A0 infility--Infility Global The Infility Global plugin for WordPress i=
s vulnerable to unauthenticated SQL Injection via the 'infility_get_data' A=
PI action in all versions up to, and including, 2.14.46. This is due to ins= ufficient escaping on the user supplied parameter and lack of sufficient pr= eparation on the existing SQL query. This makes it possible for unauthentic= ated attackers to append - with certain server configurations - additional = SQL queries into already existing queries that can be used to extract sensi= tive information from the database. 2026-02-04 7.5 CVE-2025-15268 [ https:/= /www.cve.org/CVERecord?id=3DCVE-2025-15268 ] https://www.wordfence.com/thre= at-intel/vulnerabilities/id/648941b8-d1ab-4587-bd87-f23008ac9a00?source=3Dc=
ve
https://plugins.trac.wordpress.org/browser/infility-global/trunk/include/cl= ass/db.class.php?marks=3D41#L41 https://plugins.trac.wordpress.org/browser/infility-global/trunk/infility_g= lobal.php?marks=3D626#L626 https://plugins.trac.wordpress.org/browser/infility-global/trunk/include/cl= ass/str.class.php?marks=3D21#L21
=C2=A0 lupsonline--SEO Flow by LupsOnline The SEO Flow by LupsOnline plugin=
for WordPress is vulnerable to unauthorized modification of data due to a = missing capability check on the checkBlogAuthentication() and checkCategory= Authentication() functions in all versions up to, and including, 2.2.1. The=
se authorization functions only implement basic API key authentication but = fail to implement WordPress capability checks. This makes it possible for u= nauthenticated attackers to create, modify, and delete blog posts and categ= ories. 2026-02-04 7.5 CVE-2025-15285 [ https://www.cve.org/CVERecord?id=3DC= VE-2025-15285 ] https://www.wordfence.com/threat-intel/vulnerabilities/id/5= 26837cc-ed1d-4d3d-8f75-a2098445dd1d?source=3Dcve https://plugins.trac.wordpress.org/browser/lupsonline-link-netwerk/tags/2.2= .1/includes/class-linknetwerk-api.php?marks=3D83-99,101-117#L83
=C2=A0 Tanium--Tanium Appliance Tanium addressed an unauthorized code execu= tion vulnerability in Tanium Appliance. 2026-02-05 7.8 CVE-2025-15311 [ htt= ps://www.cve.org/CVERecord?id=3DCVE-2025-15311 ] TAN-2025-002 [ https://sec= urity.tanium.com/TAN-2025-002 ]
=C2=A0 n/a--Open5GS A security flaw has been discovered in Open5GS up to 2.= 7.6. Affected by this vulnerability is the function hss_ogs_diam_cx_mar_cb =
of the file src/hss/hss-cx-path.c of the component VoLTE Cx-Test. The manip= ulation of the argument OGS_KEY_LEN results in stack-based buffer overflow.=
The attack may be launched remotely. The patch is identified as 54dda04121= 1098730221d0ae20a2f9f9173e7a21. A patch should be applied to remediate this=
issue. 2026-02-04 7.3 CVE-2025-15555 [ https://www.cve.org/CVERecord?id=3D= CVE-2025-15555 ] VDB-343795 | Open5GS VoLTE Cx-Test hss-cx-path.c hss_ogs_d= iam_cx_mar_cb stack-based overflow [ https://vuldb.com/?id.343795 ]
VDB-343795 | CTI Indicators (IOB, IOC, IOA) [ https://vuldb.com/?ctiid.3437=
95 ]
Submit #741901 | Open5GS v2.7.6 Buffer Over-read [ https://vuldb.com/?submi= t.741901 ]
https://github.com/open5gs/open5gs/issues/4177 https://github.com/open5gs/open5gs/issues/4177#event-21256395700 https://github.com/open5gs/open5gs/commit/54dda041211098730221d0ae20a2f9f91= 73e7a21
https://github.com/open5gs/open5gs/
=C2=A0 Qualcomm, Inc.--Snapdragon Memory Corruption when user space address=
is modified and passed to mem_free API, causing kernel memory to be freed = inadvertently. 2026-02-02 7.8 CVE-2025-47358 [ https://www.cve.org/CVERecor= d?id=3DCVE-2025-47358 ] https://docs.qualcomm.com/product/publicresources/s= ecuritybulletin/february-2026-bulletin.html
=C2=A0 Qualcomm, Inc.--Snapdragon Memory Corruption when multiple threads s= imultaneously access a memory free API. 2026-02-02 7.8 CVE-2025-47359 [ htt= ps://www.cve.org/CVERecord?id=3DCVE-2025-47359 ] https://docs.qualcomm.com/= product/publicresources/securitybulletin/february-2026-bulletin.html
=C2=A0 Qualcomm, Inc.--Snapdragon Cryptographic issue when a Trusted Zone w= ith outdated code is triggered by a HLOS providing incorrect input. 2026-02= -02 7.1 CVE-2025-47366 [ https://www.cve.org/CVERecord?id=3DCVE-2025-47366 =
] https://docs.qualcomm.com/product/publicresources/securitybulletin/februa= ry-2026-bulletin.html
=C2=A0 Qualcomm, Inc.--Snapdragon Memory Corruption when initiating GPU mem= ory mapping using scatter-gather lists due to unchecked IOMMU mapping error=
s. 2026-02-02 7.8 CVE-2025-47397 [ https://www.cve.org/CVERecord?id=3DCVE-2= 025-47397 ] https://docs.qualcomm.com/product/publicresources/securitybulle= tin/february-2026-bulletin.html
=C2=A0 Qualcomm, Inc.--Snapdragon Memory Corruption while deallocating grap= hics processing unit memory buffers due to improper handling of memory poin= ters. 2026-02-02 7.8 CVE-2025-47398 [ https://www.cve.org/CVERecord?id=3DCV= E-2025-47398 ] https://docs.qualcomm.com/product/publicresources/securitybu= lletin/february-2026-bulletin.html
=C2=A0 Qualcomm, Inc.--Snapdragon Memory Corruption while processing IOCTL = call to update sensor property settings with invalid input parameters. 2026= -02-02 7.8 CVE-2025-47399 [ https://www.cve.org/CVERecord?id=3DCVE-2025-473=
99 ] https://docs.qualcomm.com/product/publicresources/securitybulletin/feb= ruary-2026-bulletin.html
=C2=A0 n8n-io--n8n n8n is an open source workflow automation platform. From=
version 1.65.0 to before 1.114.3, the use of Buffer.allocUnsafe() and Buff= er.allocUnsafeSlow() in the task runner allowed untrusted code to allocate = uninitialized memory. Such uninitialized buffers could contain residual dat=
a from within the same Node.js process (for example, data from prior reques= ts, tasks, secrets, or tokens), resulting in potential information disclosu= re. This issue has been patched in version 1.114.3. 2026-02-04 7.7 CVE-2025= -61917 [ https://www.cve.org/CVERecord?id=3DCVE-2025-61917 ] https://github= .com/n8n-io/n8n/security/advisories/GHSA-49mx-fj45-q3p6 https://github.com/n8n-io/n8n/commit/2c4c2953199733c791f739a40879ae31ca129a=
ba
=C2=A0 N/A--Moodle[.]org A flaw was found in Moodle. This cross-site script= ing (XSS) vulnerability, caused by improper sanitization of AI prompt respo= nses, allows attackers to inject malicious HTML or script into web pages. W= hen other users view these compromised pages, their sessions could be stole=
n, or the user interface could be manipulated. 2026-02-03 7.3 CVE-2025-6784=
9 [ https://www.cve.org/CVERecord?id=3DCVE-2025-67849 ] https://access.redh= at.com/security/cve/CVE-2025-67849
RHBZ#2423835 [ https://bugzilla.redhat.com/show_bug.cgi?id=3D2423835 ]
=C2=A0 N/A--Moodle[.]org A flaw was found in moodle. This vulnerability, kn= own as Cross-Site Scripting (XSS), occurs due to insufficient checks on use= r-provided data in the formula editor's arithmetic expression fields. A rem= ote attacker could inject malicious code into these fields. When other user=
s view these expressions, the malicious code would execute in their web bro= wsers, potentially compromising their data or leading to unauthorized actio= ns. 2026-02-03 7.3 CVE-2025-67850 [ https://www.cve.org/CVERecord?id=3DCVE-= 2025-67850 ] https://access.redhat.com/security/cve/CVE-2025-67850
RHBZ#2423838 [ https://bugzilla.redhat.com/show_bug.cgi?id=3D2423838 ]
=C2=A0 N/A--Moodle[.]org A flaw was found in Moodle. A remote attacker coul=
d exploit a lack of proper rate limiting in the confirmation email service.=
This vulnerability allows attackers to more easily enumerate or guess user=
credentials, facilitating brute-force attacks against user accounts. 2026-= 02-03 7.5 CVE-2025-67853 [ https://www.cve.org/CVERecord?id=3DCVE-2025-6785=
3 ] https://access.redhat.com/security/cve/CVE-2025-67853
RHBZ#2423847 [ https://bugzilla.redhat.com/show_bug.cgi?id=3D2423847 ]
=C2=A0 TriliumNext--Trilium Trilium Notes is an open-source, cross-platform=
hierarchical note taking application with focus on building large personal=
knowledge bases. Prior to 0.101.0, a critical timing attack vulnerability =
in Trilium's sync authentication endpoint allows unauthenticated remote att= ackers to recover HMAC authentication hashes byte-by-byte through statistic=
al timing analysis. This enables complete authentication bypass without pas= sword knowledge, granting full read/write access to victim's knowledge base=
. This vulnerability is fixed in 0.101.0. 2026-02-06 7.4 CVE-2025-68621 [ h= ttps://www.cve.org/CVERecord?id=3DCVE-2025-68621 ] https://github.com/Trili= umNext/Trilium/security/advisories/GHSA-hxf6-58cx-qq3x https://github.com/TriliumNext/Trilium/pull/8129
=C2=A0 Ofisimo Web-Based Software Technologies--Association Web Package Flo=
ra Improper Neutralization of Input During Web Page Generation (XSS or 'Cro= ss-site Scripting') vulnerability in Ofisimo Web-Based Software Technologie=
s Association Web Package Flora allows XSS Through HTTP Headers. This issue=
affects Association Web Package Flora: from v3.0 through 03022026.=C2=A0NO= TE: The vendor was contacted early about this disclosure but did not respon=
d in any way. 2026-02-03 7.6 CVE-2025-7760 [ https://www.cve.org/CVERecord?= id=3DCVE-2025-7760 ] https://www.usom.gov.tr/bildirim/tr-26-0015
=C2=A0 Kod8 Software Technologies Trade Ltd. Co.--Kod8 Individual and SME W= ebsite Improper Neutralization of Input During Web Page Generation (XSS or = 'Cross-site Scripting') vulnerability in Kod8 Software Technologies Trade L= td. Co. Kod8 Individual and SME Website allows Reflected XSS. This issue af= fects Kod8 Individual and SME Website: through 03022026.=C2=A0 NOTE: The ve= ndor was contacted early about this disclosure but did not respond in any w= ay. 2026-02-03 7.6 CVE-2025-8456 [ https://www.cve.org/CVERecord?id=3DCVE-2= 025-8456 ] https://www.usom.gov.tr/bildirim/tr-26-0012
=C2=A0 Seres Software--syWEB Improper Neutralization of Input During Web Pa=
ge Generation (XSS or 'Cross-site Scripting') vulnerability in Seres Softwa=
re syWEB allows Reflected XSS. This issue affects syWEB: through 03022026.= =C2=A0 NOTE: The vendor was contacted early about this disclosure but did n=
ot respond in any way. 2026-02-03 7.6 CVE-2025-8461 [ https://www.cve.org/C= VERecord?id=3DCVE-2025-8461 ] https://www.usom.gov.tr/bildirim/tr-26-0013 =C2=A0 AKCE Software Technology R&D Industry and Trade Inc.--SKSPro Imprope=
r Neutralization of Input During Web Page Generation (XSS or 'Cross-site Sc= ripting') vulnerability in AKCE Software Technology R&D Industry and Trade = Inc. SKSPro allows Reflected XSS. This issue affects SKSPro: through 070120= 26. 2026-02-03 7.6 CVE-2025-8589 [ https://www.cve.org/CVERecord?id=3DCVE-2= 025-8589 ] https://www.usom.gov.tr/bildirim/tr-26-0011
=C2=A0 AKCE Software Technology R&D Industry and Trade Inc.--SKSPro Exposur=
e of Sensitive Information to an Unauthorized Actor vulnerability in AKCE S= oftware Technology R&D Industry and Trade Inc. SKSPro allows Directory Inde= xing. This issue affects SKSPro: through 07012026. 2026-02-03 7.5 CVE-2025-= 8590 [ https://www.cve.org/CVERecord?id=3DCVE-2025-8590 ] https://www.usom.= gov.tr/bildirim/tr-26-0011
=C2=A0 Autodesk--3ds Max A maliciously crafted GIF file, when parsed throug=
h Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. =
A malicious actor can leverage this vulnerability to execute arbitrary code=
in the context of the current process. 2026-02-04 7.8 CVE-2026-0536 [ http= s://www.cve.org/CVERecord?id=3DCVE-2026-0536 ] https://www.autodesk.com/pro= ducts/autodesk-access/overview https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0002
=C2=A0 Autodesk--3ds Max A maliciously crafted RGB file, when parsed throug=
h Autodesk 3ds Max, can force a Memory Corruption vulnerability. A maliciou=
s actor can leverage this vulnerability to execute arbitrary code in the co= ntext of the current process. 2026-02-04 7.8 CVE-2026-0537 [ https://www.cv= e.org/CVERecord?id=3DCVE-2026-0537 ] https://www.autodesk.com/products/auto= desk-access/overview https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0002
=C2=A0 Autodesk--3ds Max A maliciously crafted GIF file, when parsed throug=
h Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malic= ious actor can leverage this vulnerability to execute arbitrary code in the=
context of the current process. 2026-02-04 7.8 CVE-2026-0538 [ https://www= .cve.org/CVERecord?id=3DCVE-2026-0538 ] https://www.autodesk.com/products/a= utodesk-access/overview https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0002
=C2=A0 latepoint--LatePoint Calendar Booking Plugin for Appointments and Ev= ents The LatePoint - Calendar Booking Plugin for Appointments and Events pl= ugin for WordPress is vulnerable to Stored Cross-Site Scripting via the cus= tomer profile fields in all versions up to, and including, 5.2.5 due to ins= ufficient input sanitization and output escaping. This makes it possible fo=
r unauthenticated attackers to inject arbitrary web scripts in pages that w= ill execute whenever an administrator views the customer's activity history=
. 2026-02-03 7.2 CVE-2026-0617 [ https://www.cve.org/CVERecord?id=3DCVE-202= 6-0617 ] https://www.wordfence.com/threat-intel/vulnerabilities/id/22bcfd36= -ecf9-4d2c-ac94-94ffa0340c4c?source=3Dcve https://plugins.trac.wordpress.org/browser/latepoint/tags/5.2.5/lib/views/a= ctivities/view.php#L27 https://plugins.trac.wordpress.org/browser/latepoint/tags/5.2.5/lib/control= lers/activities_controller.php https://plugins.trac.wordpress.org/browser/latepoint/tags/5.2.5/lib/models/= activity_model.php https://plugins.trac.wordpress.org/changeset?sfp_email=3D&sfph_mail=3D&repo= name=3D&new=3D3449263%40latepoint%2Ftrunk&old=3D3408660%40latepoint%2Ftrunk= &sfp_email=3D&sfph_mail=3D
=C2=A0 Autodesk--USD for Arnold A maliciously crafted USD file, when loaded=
or imported into Autodesk Arnold or Autodesk 3ds Max, can force an Out-of-= Bounds Write vulnerability. A malicious actor can leverage this vulnerabili=
ty to execute arbitrary code in the context of the current process. 2026-02= -04 7.8 CVE-2026-0659 [ https://www.cve.org/CVERecord?id=3DCVE-2026-0659 ] = https://www.autodesk.com/products/autodesk-access/overview https://github.com/Autodesk/arnold-usd https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0003
=C2=A0 Autodesk--3ds Max A maliciously crafted GIF file, when parsed throug=
h Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. =
A malicious actor can leverage this vulnerability to execute arbitrary code=
in the context of the current process. 2026-02-04 7.8 CVE-2026-0660 [ http= s://www.cve.org/CVERecord?id=3DCVE-2026-0660 ] https://www.autodesk.com/pro= ducts/autodesk-access/overview https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0002
=C2=A0 Autodesk--3ds Max A maliciously crafted RGB file, when parsed throug=
h Autodesk 3ds Max, can force a Memory Corruption vulnerability. A maliciou=
s actor can leverage this vulnerability to execute arbitrary code in the co= ntext of the current process. 2026-02-04 7.8 CVE-2026-0661 [ https://www.cv= e.org/CVERecord?id=3DCVE-2026-0661 ] https://www.autodesk.com/products/auto= desk-access/overview https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0002
=C2=A0 Autodesk--3ds Max A maliciously crafted project directory, when open= ing a max file in Autodesk 3ds Max, could lead to execution of arbitrary co=
de in the context of the current process due to an Untrusted Search Path be= ing utilized. 2026-02-04 7.8 CVE-2026-0662 [ https://www.cve.org/CVERecord?= id=3DCVE-2026-0662 ] https://www.autodesk.com/products/autodesk-access/over= view
https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0002
=C2=A0 10web--Form Maker by 10Web Mobile-Friendly Drag & Drop Contact Form = Builder The Form Maker plugin for WordPress is vulnerable to Stored Cross-S= ite Scripting via hidden field values in all versions up to, and including,=
1.15.35. This is due to insufficient output escaping when displaying hidde=
n field values in the admin submissions list. The plugin uses html_entity_d= ecode() on user-supplied hidden field values without subsequent escaping be= fore output, which converts HTML entity-encoded payloads back into executab=
le JavaScript. This makes it possible for unauthenticated attackers to inje=
ct arbitrary web scripts in the admin submissions view that will execute wh= enever an administrator accesses the submissions list. 2026-02-03 7.1 CVE-2= 026-1058 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1058 ] https://www.w= ordfence.com/threat-intel/vulnerabilities/id/e0ec0027-2792-4069-b413-8fdd95= 1f5fe7?source=3Dcve https://plugins.trac.wordpress.org/browser/form-maker/tags/1.15.34/admin/vi= ews/Submissions_fm.php#L759 https://plugins.trac.wordpress.org/changeset?sfp_email=3D&sfph_mail=3D&repo= name=3D&new=3D3447011%40form-maker%2Ftrunk&old=3D3440395%40form-maker%2Ftru= nk&sfp_email=3D&sfph_mail=3D
=C2=A0 10web--Form Maker by 10Web Mobile-Friendly Drag & Drop Contact Form = Builder The Form Maker by 10Web plugin for WordPress is vulnerable to Store=
d Cross-Site Scripting in all versions up to, and including, 1.15.35. This =
is due to the plugin's default file upload allowlist including SVG files co= mbined with weak substring-based extension validation. This makes it possib=
le for unauthenticated attackers to upload malicious SVG files containing J= avaScript code that will execute when viewed by administrators or site visi= tors via file upload fields in forms granted they can submit forms. 2026-02= -03 7.2 CVE-2026-1065 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1065 ] = https://www.wordfence.com/threat-intel/vulnerabilities/id/8230d5f8-01d9-465= a-8a43-e9852248bb3d?source=3Dcve https://plugins.trac.wordpress.org/browser/form-maker/tags/1.15.34/js/add_f= ield.js#L2364 https://plugins.trac.wordpress.org/browser/form-maker/tags/1.15.34/frontend= /models/form_maker.php#L1744 https://plugins.trac.wordpress.org/browser/form-maker/tags/1.15.34/frontend= /models/form_maker.php#L1855 https://plugins.trac.wordpress.org/changeset?sfp_email=3D&sfph_mail=3D&repo= name=3D&new=3D3447011%40form-maker%2Ftrunk&old=3D3440395%40form-maker%2Ftru= nk&sfp_email=3D&sfph_mail=3D
=C2=A0 bplugins--All In One Image Viewer Block Gutenberg block to create im= age viewer with hyperlink The All In One Image Viewer Block plugin for Word= Press is vulnerable to Server-Side Request Forgery in all versions up to, a=
nd including, 1.0.2 due to missing authorization and URL validation on the = image-proxy REST API endpoint. This makes it possible for unauthenticated a= ttackers to make web requests to arbitrary locations originating from the w=
eb application and can be used to query and modify information from interna=
l services. 2026-02-05 7.2 CVE-2026-1294 [ https://www.cve.org/CVERecord?id= =3DCVE-2026-1294 ] https://www.wordfence.com/threat-intel/vulnerabilities/i= d/7c3f7108-eb32-425a-a705-4f032e7da6b0?source=3Dcve https://plugins.trac.wordpress.org/browser/image-viewer/tags/1.0.2/image-vi= ewer-block.php#L10 https://plugins.trac.wordpress.org/changeset/3449642/image-viewer/tags/1.0.= 3/image-viewer-block.php?old=3D3405983&old_path=3Dimage-viewer%2Ftags%2F1.0= .2%2Fimage-viewer-block.php
=C2=A0 pgadmin.org--pgAdmin 4 pgAdmin versions 9.11 are affected by a Resto=
re restriction bypass via key disclosure vulnerability that occurs when run= ning in server mode and performing restores from PLAIN-format dump files. A=
n attacker with access to the pgAdmin web interface can observe an active r= estore operation, extract the `\restrict` key in real time, and race the re= store process by overwriting the restore script with a payload that re-enab= les meta-commands using `\unrestrict <key>`. This results in reliable comma=
nd execution on the pgAdmin host during the restore operation. 2026-02-05 7=
.4 CVE-2026-1707 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1707 ] https= ://github.com/pgadmin-org/pgadmin4/issues/9518
=C2=A0 EFM--ipTIME A8004T A vulnerability was found in EFM ipTIME A8004T 14= .18.2. This impacts the function httpcon_check_session_url of the file /cgi= /timepro.cgi of the component Hidden Hiddenloginsetup Interface. The manipu= lation results in improper authentication. The attack may be performed from=
remote. The exploit has been made public and could be used. The vendor was=
contacted early about this disclosure but did not respond in any way. 2026= -02-02 7.3 CVE-2026-1740 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1740=
] VDB-343639 | EFM ipTIME A8004T Hidden Hiddenloginsetup timepro.cgi httpc= on_check_session_url improper authentication [ https://vuldb.com/?id.343639=
]
VDB-343639 | CTI Indicators (IOB, IOC, IOA) [ https://vuldb.com/?ctiid.3436=
39 ]
Submit #741422 | IPTIME A8004T 14.18.2 Authentication Bypass & Arbitrary Pa= ssword Reset [ https://vuldb.com/?submit.741422 ] https://github.com/LX-LX88/cve/issues/27
=C2=A0 AWS--SageMaker Python SDK The Amazon SageMaker Python SDK before v3.= 2.0 and v2.256.0 includes the ModelBuilder HMAC signing key in the cleartex=
t response elements of the DescribeTrainingJob function. A third party with=
permissions to both call this API and permissions to modify objects in the=
Training Jobs S3 output location may have the ability to upload arbitrary = artifacts which are executed the next time the Training Job is invoked. 202= 6-02-02 7.2 CVE-2026-1777 [ https://www.cve.org/CVERecord?id=3DCVE-2026-177=
7 ] https://aws.amazon.com/security/security-bulletins/2026-004-AWS/ https://github.com/aws/sagemaker-python-sdk/security/advisories/GHSA-rjrp-m= 2jw-pv9c
https://github.com/aws/sagemaker-python-sdk/releases/tag/v3.2.0 https://github.com/aws/sagemaker-python-sdk/releases/tag/v2.256.0
=C2=A0 Ziroom--ZHOME A0101 A security flaw has been discovered in Ziroom ZH= OME A0101 1.0.1.0. This issue affects the function macAddrClone of the file=
luci\controller\api\zrMacClone.lua. The manipulation of the argument macTy=
pe results in command injection. The attack may be launched remotely. The e= xploit has been released to the public and may be used for attacks. The ven= dor was contacted early about this disclosure but did not respond in any wa=
y. 2026-02-03 7.3 CVE-2026-1802 [ https://www.cve.org/CVERecord?id=3DCVE-20= 26-1802 ] VDB-343975 | Ziroom ZHOME A0101 zrMacClone.lua macAddrClone comma=
nd injection [ https://vuldb.com/?id.343975 ]
VDB-343975 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .343975 ]
Submit #741842 | https://sh.ziroom.com/ ZHOME A0101 Command Injection [ htt= ps://vuldb.com/?submit.741842 ] https://github.com/jinhao118/cve/blob/main/ziru_router_command_injection.md =C2=A0 itsourcecode--Student Management System A vulnerability was found in=
itsourcecode Student Management System 1.0. The affected element is an unk= nown function of the file /ramonsys/enrollment/controller.php. The manipula= tion of the argument ID results in sql injection. The attack can be launche=
d remotely. The exploit has been made public and could be used. 2026-02-06 = 7.3 CVE-2026-2011 [ https://www.cve.org/CVERecord?id=3DCVE-2026-2011 ] VDB-= 344593 | itsourcecode Student Management System controller.php sql injectio=
n [ https://vuldb.com/?id.344593 ]
VDB-344593 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344593 ]
Submit #743498 | itsourcecode Student Management System V1.0 SQL Injection =
[ https://vuldb.com/?submit.743498 ] https://github.com/tianrenu/CVE-Discoveries/issues/1
https://itsourcecode.com/
=C2=A0 Cisco--Cisco RoomOS Software A vulnerability in the text rendering s= ubsystem of Cisco TelePresence Collaboration Endpoint (CE) Software and Cis=
co RoomOS Software could allow an unauthenticated, remote attacker to cause=
a denial of service (DoS) condition on an affected device. This vulnerabil= ity is due to insufficient validation of input received by an affected devi= ce. An attacker could exploit this vulnerability by getting the affected de= vice to render crafted text, for example, a crafted meeting invitation. As = indicated in the CVSS score, no user interaction is required, such as accep= ting the meeting invitation. A successful exploit could allow the attacker =
to cause the affected device to reload, resulting in a DoS condition. 2026-= 02-04 7.5 CVE-2026-20119 [ https://www.cve.org/CVERecord?id=3DCVE-2026-2011=
9 ] cisco-sa-tce-roomos-dos-9V9jrC2q [ https://sec.cloudapps.cisco.com/secu= rity/center/content/CiscoSecurityAdvisory/cisco-sa-tce-roomos-dos-9V9jrC2q ] =C2=A0 itsourcecode--Student Management System A vulnerability was determin=
ed in itsourcecode Student Management System 1.0. The impacted element is a=
n unknown function of the file /ramonsys/facultyloading/index.php. This man= ipulation of the argument ID causes sql injection. The attack may be initia= ted remotely. The exploit has been publicly disclosed and may be utilized. = 2026-02-06 7.3 CVE-2026-2012 [ https://www.cve.org/CVERecord?id=3DCVE-2026-= 2012 ] VDB-344594 | itsourcecode Student Management System index.php sql in= jection [ https://vuldb.com/?id.344594 ]
VDB-344594 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344594 ]
Submit #743499 | itsourcecode Student Management System V1.0 SQL Injection =
[ https://vuldb.com/?submit.743499 ] https://github.com/tianrenu/CVE-Discoveries/issues/2
https://itsourcecode.com/
=C2=A0 itsourcecode--Student Management System A vulnerability was identifi=
ed in itsourcecode Student Management System 1.0. This affects an unknown f= unction of the file /ramonsys/soa/index.php. Such manipulation of the argum= ent ID leads to sql injection. The attack may be launched remotely. The exp= loit is publicly available and might be used. 2026-02-06 7.3 CVE-2026-2013 =
[ https://www.cve.org/CVERecord?id=3DCVE-2026-2013 ] VDB-344595 | itsourcec= ode Student Management System index.php sql injection [ https://vuldb.com/?= id.344595 ]
VDB-344595 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344595 ]
Submit #743500 | itsourcecode Student Management System V1.0 SQL Injection =
[ https://vuldb.com/?submit.743500 ] https://github.com/tianrenu/CVE-Discoveries/issues/3
https://itsourcecode.com/
=C2=A0 itsourcecode--Student Management System A security flaw has been dis= covered in itsourcecode Student Management System 1.0. This impacts an unkn= own function of the file /ramonsys/billing/index.php. Performing a manipula= tion of the argument ID results in sql injection. Remote exploitation of th=
e attack is possible. The exploit has been released to the public and may b=
e used for attacks. 2026-02-06 7.3 CVE-2026-2014 [ https://www.cve.org/CVER= ecord?id=3DCVE-2026-2014 ] VDB-344596 | itsourcecode Student Management Sys= tem index.php sql injection [ https://vuldb.com/?id.344596 ]
VDB-344596 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344596 ]
Submit #744048 | itsourcecode Student Management System V1.0 SQL Injection =
[ https://vuldb.com/?submit.744048 ] https://github.com/ltranquility/CVE/issues/35
https://itsourcecode.com/
=C2=A0 itsourcecode--School Management System A flaw has been found in itso= urcecode School Management System 1.0. This affects an unknown part of the = file /ramonsys/settings/controller.php. This manipulation of the argument I=
D causes sql injection. It is possible to initiate the attack remotely. The=
exploit has been published and may be used. 2026-02-06 7.3 CVE-2026-2018 [=
https://www.cve.org/CVERecord?id=3DCVE-2026-2018 ] VDB-344600 | itsourceco=
de School Management System controller.php sql injection [ https://vuldb.co= m/?id.344600 ]
VDB-344600 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344600 ]
Submit #744075 | itsourcecode School Management System V1.0 SQL Injection [=
https://vuldb.com/?submit.744075 ] https://github.com/ltranquility/CVE/issues/36
https://itsourcecode.com/
=C2=A0 SourceCodester--Medical Center Portal Management System A vulnerabil= ity was detected in SourceCodester Medical Center Portal Management System = 1.0. This affects an unknown function of the file /login.php. The manipulat= ion of the argument User results in sql injection. The attack can be execut=
ed remotely. The exploit is now public and may be used. 2026-02-06 7.3 CVE-= 2026-2057 [ https://www.cve.org/CVERecord?id=3DCVE-2026-2057 ] VDB-344617 |=
SourceCodester Medical Center Portal Management System login.php sql injec= tion [ https://vuldb.com/?id.344617 ]
VDB-344617 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344617 ]
Submit #744233 | SourceCodester Medical Center Portal Management System 1.0=
SQL Injection [ https://vuldb.com/?submit.744233 ] https://github.com/Roger-Adventures/CVE/issues/1 https://www.sourcecodester.com/
=C2=A0 mathurvishal--CloudClassroom-PHP-Project A flaw has been found in ma= thurvishal CloudClassroom-PHP-Project up to 5dadec098bfbbf3300d60c3494db3fb= 95b66e7be. This impacts an unknown function of the file /postquerypublic.ph=
p of the component Post Query Details Page. This manipulation of the argume=
nt gnamex causes sql injection. The attack is possible to be carried out re= motely. The exploit has been published and may be used. This product adopts=
a rolling release strategy to maintain continuous delivery. Therefore, ver= sion details for affected or updated releases cannot be specified. The vend=
or was contacted early about this disclosure but did not respond in any way=
. 2026-02-06 7.3 CVE-2026-2058 [ https://www.cve.org/CVERecord?id=3DCVE-202= 6-2058 ] VDB-344618 | mathurvishal CloudClassroom-PHP-Project Post Query De= tails postquerypublic.php sql injection [ https://vuldb.com/?id.344618 ] VDB-344618 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344618 ]
Submit #744236 | https://github.com/mathurvishal/CloudClassroom-PHP-Project=
CloudClassroom PHP Project 1.0 SQL Injection [ https://vuldb.com/?submit.7= 44236 ]
https://github.com/carlosalbertotuma/CLOUD-CLASSROOMS-php-1.0 https://github.com/carlosalbertotuma/CLOUD-CLASSROOMS-php-1.0#impact
=C2=A0 SourceCodester--Medical Center Portal Management System A vulnerabil= ity has been found in SourceCodester Medical Center Portal Management Syste=
m 1.0. Affected is an unknown function of the file /emp_edit1.php. Such man= ipulation of the argument ID leads to sql injection. The attack may be perf= ormed from remote. The exploit has been disclosed to the public and may be = used. 2026-02-06 7.3 CVE-2026-2059 [ https://www.cve.org/CVERecord?id=3DCVE= -2026-2059 ] VDB-344619 | SourceCodester Medical Center Portal Management S= ystem emp_edit1.php sql injection [ https://vuldb.com/?id.344619 ]
VDB-344619 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344619 ]
Submit #744261 | SourceCodester Medical Center Portal Management System 1.0=
SQL Injection [ https://vuldb.com/?submit.744261 ] https://github.com/Roger-Adventures/CVE/issues/2 https://www.sourcecodester.com/
=C2=A0 code-projects--Simple Blood Donor Management System A vulnerability = was found in code-projects Simple Blood Donor Management System 1.0. Affect=
ed by this vulnerability is an unknown functionality of the file /simpleblo= oddonor/editcampaignform.php. Performing a manipulation of the argument ID = results in sql injection. It is possible to initiate the attack remotely. T=
he exploit has been made public and could be used. 2026-02-06 7.3 CVE-2026-= 2060 [ https://www.cve.org/CVERecord?id=3DCVE-2026-2060 ] VDB-344620 | code= -projects Simple Blood Donor Management System editcampaignform.php sql inj= ection [ https://vuldb.com/?id.344620 ]
VDB-344620 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344620 ]
Submit #744262 | code-projects Simple Blood Donor Management System V1.0 SQ=
L Injection [ https://vuldb.com/?submit.744262 ] https://github.com/kyxh001/CVE/issues/1
https://code-projects.org/
=C2=A0 itsourcecode--School Management System A vulnerability was determine=
d in itsourcecode School Management System 1.0. This affects an unknown fun= ction of the file /ramonsys/user/index.php. Executing a manipulation of the=
argument ID can lead to sql injection. The attack may be performed from re= mote. The exploit has been publicly disclosed and may be utilized. 2026-02-=
07 7.3 CVE-2026-2073 [ https://www.cve.org/CVERecord?id=3DCVE-2026-2073 ] V= DB-344639 | itsourcecode School Management System index.php sql injection [=
https://vuldb.com/?id.344639 ]
VDB-344639 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344639 ]
Submit #745482 | itsourcecode School Management System V1.0 SQL Injection [=
https://vuldb.com/?submit.745482 ]
https://github.com/Sherlocksbs/CVE/issues/1
https://itsourcecode.com/
=C2=A0 UTT--HiPER 810 A vulnerability has been found in UTT HiPER 810 1.7.4= -141218. This issue affects the function setSysAdm of the file /goform/form= User. The manipulation of the argument passwd1 leads to command injection. = Remote exploitation of the attack is possible. The exploit has been disclos=
ed to the public and may be used. The vendor was contacted early about this=
disclosure but did not respond in any way. 2026-02-07 7.2 CVE-2026-2080 [ = https://www.cve.org/CVERecord?id=3DCVE-2026-2080 ] VDB-344646 | UTT HiPER 8=
10 formUser setSysAdm command injection [ https://vuldb.com/?id.344646 ] VDB-344646 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344646 ]
Submit #745521 | UTT HiPER 810 / nv810v4 nv810v4v1.7.4-141218 Command Injec= tion [ https://vuldb.com/?submit.745521 ] https://github.com/cha0yang1/UTT810CVE/blob/main/README.md https://github.com/cha0yang1/UTT810CVE/blob/main/README.md#reproduction-ste=
ps
=C2=A0 code-projects--Social Networking Site A security flaw has been disco= vered in code-projects Social Networking Site 1.0. This affects an unknown = function of the file /delete_post.php. Performing a manipulation of the arg= ument ID results in sql injection. It is possible to initiate the attack re= motely. The exploit has been released to the public and may be used for att= acks. 2026-02-07 7.3 CVE-2026-2083 [ https://www.cve.org/CVERecord?id=3DCVE= -2026-2083 ] VDB-344650 | code-projects Social Networking Site delete_post.= php sql injection [ https://vuldb.com/?id.344650 ]
VDB-344650 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344650 ]
Submit #745937 | code-projects Social Networking Site V1.0 SQL Injection [ = https://vuldb.com/?submit.745937 ]
https://github.com/6Justdododo6/CVE/issues/1
https://code-projects.org/
=C2=A0 D-Link--DIR-823X A weakness has been identified in D-Link DIR-823X 2= 50416. This impacts an unknown function of the file /goform/set_language. E= xecuting a manipulation of the argument langSelection can lead to os comman=
d injection. It is possible to launch the attack remotely. The exploit has = been made available to the public and could be used for attacks. 2026-02-07=
7.2 CVE-2026-2084 [ https://www.cve.org/CVERecord?id=3DCVE-2026-2084 ] VDB= -344651 | D-Link DIR-823X set_language os command injection [ https://vuldb= .com/?id.344651 ]
VDB-344651 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344651 ]
Submit #746379 | D-Link DIR 250416 OS Command Injection [ https://vuldb.com= /?submit.746379 ]
Submit #746380 | D-Link DIR-823X 250416 OS Command Injection (Duplicate) [ = https://vuldb.com/?submit.746380 ]
https://github.com/master-abc/cve/issues/24
https://www.dlink.com/
=C2=A0 D-Link--DWR-M921 A security vulnerability has been detected in D-Lin=
k DWR-M921 1.1.50. Affected is the function sub_419F20 of the file /boafrm/= formUSSDSetup of the component USSD Configuration Endpoint. The manipulatio=
n of the argument ussdValue leads to command injection. The attack can be i= nitiated remotely. The exploit has been disclosed publicly and may be used.=
2026-02-07 7.2 CVE-2026-2085 [ https://www.cve.org/CVERecord?id=3DCVE-2026= -2085 ] VDB-344652 | D-Link DWR-M921 USSD Configuration Endpoint formUSSDSe= tup sub_419F20 command injection [ https://vuldb.com/?id.344652 ]
VDB-344652 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344652 ]
Submit #746400 | D-Link DWR-M921 V1.1.50 Command Injection [ https://vuldb.= com/?submit.746400 ]
https://github.com/LX-66-LX/cve-new/issues/1 https://github.com/LX-66-LX/cve-new/issues/1#issue-3851345029 https://www.dlink.com/
=C2=A0 SourceCodester--Online Class Record System A flaw has been found in = SourceCodester Online Class Record System 1.0. Affected by this issue is so=
me unknown functionality of the file /admin/login.php. This manipulation of=
the argument user_email causes sql injection. The attack may be initiated = remotely. The exploit has been published and may be used. 2026-02-07 7.3 CV= E-2026-2087 [ https://www.cve.org/CVERecord?id=3DCVE-2026-2087 ] VDB-344654=
| SourceCodester Online Class Record System login.php sql injection [ http= s://vuldb.com/?id.344654 ]
VDB-344654 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344654 ]
Submit #746510 | SourceCodester Online Class Record System 1.0 SQL Injectio=
n [ https://vuldb.com/?submit.746510 ] https://github.com/xiaoccm07/cve/issues/1
https://www.sourcecodester.com/
=C2=A0 PHPGurukul--Beauty Parlour Management System A vulnerability has bee=
n found in PHPGurukul Beauty Parlour Management System 1.1. This affects an=
unknown part of the file /admin/accepted-appointment.php. Such manipulatio=
n of the argument delid leads to sql injection. The attack may be launched = remotely. The exploit has been disclosed to the public and may be used. 202= 6-02-07 7.3 CVE-2026-2088 [ https://www.cve.org/CVERecord?id=3DCVE-2026-208=
8 ] VDB-344655 | PHPGurukul Beauty Parlour Management System accepted-appoi= ntment.php sql injection [ https://vuldb.com/?id.344655 ]
VDB-344655 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344655 ]
Submit #746520 | PHPgurukul Beauty Parlour Management System V1.1 SQL Injec= tion [ https://vuldb.com/?submit.746520 ] https://github.com/Shaon-Xis/cve/issues/1
https://phpgurukul.com/
=C2=A0 SourceCodester--Online Class Record System A vulnerability was found=
in SourceCodester Online Class Record System 1.0. This vulnerability affec=
ts unknown code of the file /admin/subject/controller.php. Performing a man= ipulation of the argument ID results in sql injection. Remote exploitation =
of the attack is possible. The exploit has been made public and could be us= ed. 2026-02-07 7.3 CVE-2026-2089 [ https://www.cve.org/CVERecord?id=3DCVE-2= 026-2089 ] VDB-344656 | SourceCodester Online Class Record System controlle= r.php sql injection [ https://vuldb.com/?id.344656 ]
VDB-344656 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344656 ]
Submit #746550 | SourceCodester Online Class Record System 1.0 SQL Injectio=
n [ https://vuldb.com/?submit.746550 ] https://github.com/xiaoccm07/cve/issues/2
https://www.sourcecodester.com/
=C2=A0 SourceCodester--Online Class Record System A vulnerability was deter= mined in SourceCodester Online Class Record System 1.0. This issue affects = some unknown processing of the file /admin/message/search.php. Executing a = manipulation of the argument term can lead to sql injection. The attack can=
be executed remotely. The exploit has been publicly disclosed and may be u= tilized. 2026-02-07 7.3 CVE-2026-2090 [ https://www.cve.org/CVERecord?id=3D= CVE-2026-2090 ] VDB-344657 | SourceCodester Online Class Record System sear= ch.php sql injection [ https://vuldb.com/?id.344657 ]
VDB-344657 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344657 ]
Submit #746551 | SourceCodester Online Class Record System 1.0 SQL Injectio=
n [ https://vuldb.com/?submit.746551 ] https://github.com/xiaoccm07/cve/issues/3
https://www.sourcecodester.com/
=C2=A0 Infor--SyteLine ERP Infor SyteLine ERP uses hard-coded static crypto= graphic keys to encrypt stored credentials, including user passwords, datab= ase connection strings, and API keys. The encryption keys are identical acr= oss all installations. An attacker with access to the application binary an=
d database can decrypt all stored credentials. 2026-02-06 7.1 CVE-2026-2103=
[ https://www.cve.org/CVERecord?id=3DCVE-2026-2103 ] https://blog.blacklan= ternsecurity.com/p/cve-2026-2103-infor-syteline-erp
=C2=A0 yuan1994--tpadmin A security vulnerability has been detected in yuan= 1994 tpadmin up to 1.3.12. This affects an unknown part in the library /pub= lic/static/admin/lib/webuploader/0.1.5/server/preview.php of the component = WebUploader. The manipulation leads to deserialization. The attack is possi= ble to be carried out remotely. The exploit has been disclosed publicly and=
may be used. This vulnerability only affects products that are no longer s= upported by the maintainer. 2026-02-07 7.3 CVE-2026-2113 [ https://www.cve.= org/CVERecord?id=3DCVE-2026-2113 ] VDB-344688 | yuan1994 tpadmin WebUploade=
r preview.php deserialization [ https://vuldb.com/?id.344688 ]
VDB-344688 | CTI Indicators (IOB, IOC, IOA) [ https://vuldb.com/?ctiid.3446=
88 ]
Submit #746795 | https://github.com/yuan1994/tpadmin cms v1.3 RCE [ https:/= /vuldb.com/?submit.746795 ] https://github.com/sTy1H/CVE-Report/blob/main/Remote%20Code%20Execution%20V= ulnerability%20in%20Tpadmin%20System.md
=C2=A0 itsourcecode--Society Management System A vulnerability was detected=
in itsourcecode Society Management System 1.0. This vulnerability affects = unknown code of the file /admin/edit_admin.php. The manipulation of the arg= ument admin_id results in sql injection. The attack may be performed from r= emote. The exploit is now public and may be used. 2026-02-07 7.3 CVE-2026-2= 114 [ https://www.cve.org/CVERecord?id=3DCVE-2026-2114 ] VDB-344689 | itsou= rcecode Society Management System edit_admin.php sql injection [ https://vu= ldb.com/?id.344689 ]
VDB-344689 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344689 ]
Submit #746796 | itsourcecode Society Management System V1.0 SQL injection =
[ https://vuldb.com/?submit.746796 ]
https://github.com/zpf7029/oblong/issues/3
https://itsourcecode.com/
=C2=A0 itsourcecode--Society Management System A flaw has been found in its= ourcecode Society Management System 1.0. This issue affects some unknown pr= ocessing of the file /admin/delete_expenses.php. This manipulation of the a= rgument expenses_id causes sql injection. It is possible to initiate the at= tack remotely. The exploit has been published and may be used. 2026-02-07 7=
.3 CVE-2026-2115 [ https://www.cve.org/CVERecord?id=3DCVE-2026-2115 ] VDB-3= 44690 | itsourcecode Society Management System delete_expenses.php sql inje= ction [ https://vuldb.com/?id.344690 ]
VDB-344690 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344690 ]
Submit #746797 | itsourcecode Society Management System V1.0 SQL injection =
[ https://vuldb.com/?submit.746797 ]
https://github.com/zpf7029/oblong/issues/2
https://itsourcecode.com/
=C2=A0 itsourcecode--Society Management System A vulnerability has been fou=
nd in itsourcecode Society Management System 1.0. Impacted is an unknown fu= nction of the file /admin/edit_expenses.php. Such manipulation of the argum= ent expenses_id leads to sql injection. It is possible to launch the attack=
remotely. The exploit has been disclosed to the public and may be used. 20= 26-02-07 7.3 CVE-2026-2116 [ https://www.cve.org/CVERecord?id=3DCVE-2026-21=
16 ] VDB-344691 | itsourcecode Society Management System edit_expenses.php = sql injection [ https://vuldb.com/?id.344691 ]
VDB-344691 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344691 ]
Submit #746798 | itsourcecode Society Management System V1.0 SQL injection =
[ https://vuldb.com/?submit.746798 ]
https://github.com/zpf7029/oblong/issues/1
https://itsourcecode.com/
=C2=A0 itsourcecode--Society Management System A vulnerability was found in=
itsourcecode Society Management System 1.0. The affected element is an unk= nown function of the file /admin/edit_activity.php. Performing a manipulati=
on of the argument activity_id results in sql injection. The attack can be = initiated remotely. The exploit has been made public and could be used. 202= 6-02-07 7.3 CVE-2026-2117 [ https://www.cve.org/CVERecord?id=3DCVE-2026-211=
7 ] VDB-344692 | itsourcecode Society Management System edit_activity.php s=
ql injection [ https://vuldb.com/?id.344692 ]
VDB-344692 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344692 ]
Submit #746884 | itsourcecode Society Management System V1.0 SQL injection =
[ https://vuldb.com/?submit.746884 ]
https://github.com/ZooNJarway/CVE/issues/4
https://itsourcecode.com/
=C2=A0 UTT--HiPER 810 A vulnerability was determined in UTT HiPER 810 1.7.4= -141218. The impacted element is the function sub_4407D4 of the file /gofor= m/formReleaseConnect of the component rehttpd. Executing a manipulation of = the argument Isp_Name can lead to command injection. The attack can be laun= ched remotely. The exploit has been publicly disclosed and may be utilized.=
2026-02-08 7.2 CVE-2026-2118 [ https://www.cve.org/CVERecord?id=3DCVE-2026= -2118 ] VDB-344693 | UTT HiPER 810 rehttpd formReleaseConnect sub_4407D4 co= mmand injection [ https://vuldb.com/?id.344693 ]
VDB-344693 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344693 ]
Submit #746802 | UTT (=E8=89=BE=E6=B3=B0) HiPER 810 nv810v4v1.7.4-141218 Co= mmand Injection [ https://vuldb.com/?submit.746802 ] https://github.com/cha0yang1/UTT810CVE/blob/main/CVEreadme1.md https://github.com/cha0yang1/UTT810CVE/blob/main/CVEreadme1.md#poc
=C2=A0 D-Link--DIR-823X A vulnerability was identified in D-Link DIR-823X 2= 50416. This affects an unknown function of the file /goform/set_server_sett= ings of the component Configuration Parameter Handler. The manipulation of = the argument terminal_addr/server_ip/server_port leads to os command inject= ion. The attack may be initiated remotely. The exploit is publicly availabl=
e and might be used. 2026-02-08 7.2 CVE-2026-2120 [ https://www.cve.org/CVE= Record?id=3DCVE-2026-2120 ] VDB-344694 | D-Link DIR-823X Configuration Para= meter set_server_settings os command injection [ https://vuldb.com/?id.3446=
94 ]
VDB-344694 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344694 ]
Submit #746916 | D-Link DIR-823X 250416 OS Command Injection [ https://vuld= b.com/?submit.746916 ]
https://github.com/master-abc/cve/issues/26
https://www.dlink.com/
=C2=A0 D-Link--DIR-823X A vulnerability was found in D-Link DIR-823X 250416=
. Affected by this issue is some unknown functionality of the file /goform/= set_ac_status. Performing a manipulation of the argument ac_ipaddr/ac_ipsta= tus/ap_randtime results in os command injection. The attack may be initiate=
d remotely. The exploit has been made public and could be used. 2026-02-08 = 7.2 CVE-2026-2129 [ https://www.cve.org/CVERecord?id=3DCVE-2026-2129 ] VDB-= 344764 | D-Link DIR-823X set_ac_status os command injection [ https://vuldb= .com/?id.344764 ]
VDB-344764 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344764 ]
Submit #746935 | D-Link DIR-823X 250416 OS Command Injection [ https://vuld= b.com/?submit.746935 ]
https://github.com/master-abc/cve/issues/23
https://www.dlink.com/
=C2=A0 code-projects--Online Music Site A security flaw has been discovered=
in code-projects Online Music Site 1.0. This issue affects some unknown pr= ocessing of the file /Administrator/PHP/AdminUpdateCategory.php. The manipu= lation of the argument txtcat results in sql injection. The attack can be e= xecuted remotely. The exploit has been released to the public and may be us=
ed for attacks. 2026-02-08 7.3 CVE-2026-2132 [ https://www.cve.org/CVERecor= d?id=3DCVE-2026-2132 ] VDB-344767 | code-projects Online Music Site AdminUp= dateCategory.php sql injection [ https://vuldb.com/?id.344767 ]
VDB-344767 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344767 ]
Submit #747210 | code-projects ONLINE MUSIC SITE V1.0 SQL Injection [ https= ://vuldb.com/?submit.747210 ] https://github.com/Volije/AdminUpdateCategory/issues/1 https://code-projects.org/
=C2=A0 code-projects--Online Music Site A weakness has been identified in c= ode-projects Online Music Site 1.0. Impacted is an unknown function of the = file /Administrator/PHP/AdminUpdateCategory.php. This manipulation of the a= rgument txtimage causes unrestricted upload. The attack is possible to be c= arried out remotely. The exploit has been made available to the public and = could be used for attacks. 2026-02-08 7.3 CVE-2026-2133 [ https://www.cve.o= rg/CVERecord?id=3DCVE-2026-2133 ] VDB-344768 | code-projects Online Music S= ite AdminUpdateCategory.php unrestricted upload [ https://vuldb.com/?id.344= 768 ]
VDB-344768 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344768 ]
Submit #747213 | code-projects ONLINE MUSIC SITE V1.0 Arbitrary file upload=
vulnerability [ https://vuldb.com/?submit.747213 ] https://github.com/Volije/cve2/issues/1
https://code-projects.org/
=C2=A0 projectworlds--Online Food Ordering System A flaw has been found in = projectworlds Online Food Ordering System 1.0. This affects an unknown func= tion of the file /view-ticket.php. Executing a manipulation of the argument=
ID can lead to sql injection. It is possible to launch the attack remotely=
. The exploit has been published and may be used. 2026-02-08 7.3 CVE-2026-2= 136 [ https://www.cve.org/CVERecord?id=3DCVE-2026-2136 ] VDB-344771 | proje= ctworlds Online Food Ordering System view-ticket.php sql injection [ https:= //vuldb.com/?id.344771 ]
VDB-344771 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344771 ]
Submit #747230 | projectworlds Online Food Ordering System Project in PHP V= 1.0 SQL Injection [ https://vuldb.com/?submit.747230 ] https://github.com/hater-us/CVE/issues/4
=C2=A0 D-Link--DIR-823X A weakness has been identified in D-Link DIR-823X 2= 50416. This vulnerability affects the function sub_420688 of the file /gofo= rm/set_qos. Executing a manipulation can lead to os command injection. The = attack can be executed remotely. The exploit has been made available to the=
public and could be used for attacks. 2026-02-08 7.2 CVE-2026-2142 [ https= ://www.cve.org/CVERecord?id=3DCVE-2026-2142 ] VDB-344777 | D-Link DIR-823X = set_qos sub_420688 os command injection [ https://vuldb.com/?id.344777 ] VDB-344777 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344777 ]
Submit #747428 | D-Link DIR-823X 250416 OS Command Injection [ https://vuld= b.com/?submit.747428 ]
https://github.com/master-abc/cve/issues/29
https://www.dlink.com/
=C2=A0 D-Link--DIR-823X A security vulnerability has been detected in D-Lin=
k DIR-823X 250416. This issue affects some unknown processing of the file /= goform/set_ddns of the component DDNS Service. The manipulation of the argu= ment ddnsType/ddnsDomainName/ddnsUserName/ddnsPwd leads to os command injec= tion. The attack is possible to be carried out remotely. The exploit has be=
en disclosed publicly and may be used. 2026-02-08 7.2 CVE-2026-2143 [ https= ://www.cve.org/CVERecord?id=3DCVE-2026-2143 ] VDB-344778 | D-Link DIR-823X = DDNS Service set_ddns os command injection [ https://vuldb.com/?id.344778 ] VDB-344778 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344778 ]
Submit #747492 | D-Link DIR-823X 250416 OS Command Injection [ https://vuld= b.com/?submit.747492 ]
https://github.com/master-abc/cve/issues/25
https://www.dlink.com/
=C2=A0 D-Link--DIR-615 A vulnerability has been found in D-Link DIR-615 4.1=
0. This affects an unknown part of the file adv_firewall.php of the compone=
nt DMZ Host Feature. Such manipulation of the argument dmz_ipaddr=C2=A0 lea=
ds to os command injection. The attack can be launched remotely. The exploi=
t has been disclosed to the public and may be used. This vulnerability only=
affects products that are no longer supported by the maintainer. 2026-02-0=
8 7.2 CVE-2026-2151 [ https://www.cve.org/CVERecord?id=3DCVE-2026-2151 ] VD= B-344853 | D-Link DIR-615 DMZ Host Feature adv_firewall.php os command inje= ction [ https://vuldb.com/?id.344853 ]
VDB-344853 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344853 ]
Submit #748031 | Dlink DIR-615 v4.10 OS Command Injection [ https://vuldb.c= om/?submit.748031 ] https://pentagonal-time-3a7.notion.site/DIR-615-OS-Command-Injection-2f6e5d= d4c5a58053b2b4f166c2a503ba
https://www.dlink.com/
=C2=A0 D-Link--DIR-615 A vulnerability was found in D-Link DIR-615 4.10. Th=
is vulnerability affects unknown code of the file adv_routing.php of the co= mponent Web Configuration Interface. Performing a manipulation of the argum= ent dest_ip/=C2=A0submask/=C2=A0gw results in os command injection. The att= ack may be initiated remotely. The exploit has been made public and could b=
e used. This vulnerability only affects products that are no longer support=
ed by the maintainer. 2026-02-08 7.2 CVE-2026-2152 [ https://www.cve.org/CV= ERecord?id=3DCVE-2026-2152 ] VDB-344854 | D-Link DIR-615 Web Configuration = adv_routing.php os command injection [ https://vuldb.com/?id.344854 ] VDB-344854 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344854 ]
Submit #748032 | Dlink DIR-615 v4.10 OS Command Injection [ https://vuldb.c= om/?submit.748032 ] https://pentagonal-time-3a7.notion.site/DIR-615-routing-command-injection-2= f6e5dd4c5a580089587f5e78a1bbf70?pvs=3D74
https://www.dlink.com/
=C2=A0 D-Link--DIR-823X A security flaw has been discovered in D-Link DIR-8= 23X 250416. The affected element is the function sub_4208A0 of the file /go= form/set_dmz of the component Configuration Handler. The manipulation of th=
e argument dmz_host/dmz_enable results in os command injection. The attack = can be executed remotely. The exploit has been released to the public and m=
ay be used for attacks. 2026-02-08 7.2 CVE-2026-2155 [ https://www.cve.org/= CVERecord?id=3DCVE-2026-2155 ] VDB-344857 | D-Link DIR-823X Configuration s= et_dmz sub_4208A0 os command injection [ https://vuldb.com/?id.344857 ] VDB-344857 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344857 ]
Submit #748236 | D-Link DIR-823X 250416 OS Command Injection [ https://vuld= b.com/?submit.748236 ]
Submit #750038 | D-Link DIR-823X 250416 OS Command Injection (Duplicate) [ = https://vuldb.com/?submit.750038 ]
https://github.com/master-abc/cve/issues/32
https://www.dlink.com/
=C2=A0 D-Link--DIR-823X A security vulnerability has been detected in D-Lin=
k DIR-823X 250416. This affects the function sub_4175CC of the file /goform= /set_static_route_table. Such manipulation of the argument interface/destip= /netmask/gateway/metric leads to os command injection. The attack may be pe= rformed from remote. The exploit has been disclosed publicly and may be use=
d. 2026-02-08 7.2 CVE-2026-2157 [ https://www.cve.org/CVERecord?id=3DCVE-20= 26-2157 ] VDB-344859 | D-Link DIR-823X set_static_route_table sub_4175CC os=
command injection [ https://vuldb.com/?id.344859 ]
VDB-344859 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344859 ]
Submit #748376 | D-Link DIR-823X 250416 OS Command Injection [ https://vuld= b.com/?submit.748376 ]
https://github.com/master-abc/cve/issues/28
https://www.dlink.com/
=C2=A0 code-projects--Student Web Portal A vulnerability was detected in co= de-projects Student Web Portal 1.0. This impacts an unknown function of the=
file /check_user.php. Performing a manipulation of the argument Username r= esults in sql injection. It is possible to initiate the attack remotely. 20= 26-02-08 7.3 CVE-2026-2158 [ https://www.cve.org/CVERecord?id=3DCVE-2026-21=
58 ] VDB-344860 | code-projects Student Web Portal check_user.php sql injec= tion [ https://vuldb.com/?id.344860 ]
VDB-344860 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344860 ]
Submit #748816 | code-projects.org STUDENT WEB PORTAL IN PHP WITH SOURCE CO=
DE 1.0 SQL Injection [ https://vuldb.com/?submit.748816 ] https://github.com/Qing-420/cve/blob/main/sql.md
https://code-projects.org/
=C2=A0 itsourcecode--Directory Management System A vulnerability was found =
in itsourcecode Directory Management System 1.0. Affected by this issue is = some unknown functionality of the file /admin/forget-password.php. The mani= pulation of the argument email results in sql injection. The attack can be = launched remotely. The exploit has been made public and could be used. 2026= -02-08 7.3 CVE-2026-2161 [ https://www.cve.org/CVERecord?id=3DCVE-2026-2161=
] VDB-344863 | itsourcecode Directory Management System forget-password.ph=
p sql injection [ https://vuldb.com/?id.344863 ]
VDB-344863 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344863 ]
Submit #751082 | itsourcecode Directory Management System V1.0 SQL Injectio=
n [ https://vuldb.com/?submit.751082 ]
https://github.com/Wzl731/test/issues/1
https://itsourcecode.com/
=C2=A0 detronetdip--E-commerce A security flaw has been discovered in detro= netdip E-commerce 1.0.0. This issue affects some unknown processing of the = file /seller/assets/backend/profile/addadhar.php. Performing a manipulation=
of the argument File results in unrestricted upload. Remote exploitation o=
f the attack is possible. The exploit has been released to the public and m=
ay be used for attacks. The project was informed of the problem early throu=
gh an issue report but has not responded yet. 2026-02-08 7.3 CVE-2026-2164 =
[ https://www.cve.org/CVERecord?id=3DCVE-2026-2164 ] VDB-344866 | detronetd=
ip E-commerce addadhar.php unrestricted upload [ https://vuldb.com/?id.3448=
66 ]
VDB-344866 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344866 ]
Submit #751853 | detronetdip E-commerce 1.0 Remote Code Execution [ https:/= /vuldb.com/?submit.751853 ]
https://github.com/detronetdip/E-commerce/issues/23 https://github.com/Nixon-H/PHP-Unrestricted-Upload-RCE https://github.com/detronetdip/E-commerce/
=C2=A0 detronetdip--E-commerce A weakness has been identified in detronetdi=
p E-commerce 1.0.0. Impacted is an unknown function of the file /Admin/asse= ts/backend/seller/add_seller.php of the component Account Creation Endpoint=
. Executing a manipulation of the argument email can lead to missing authen= tication. The attack can be executed remotely. The exploit has been made av= ailable to the public and could be used for attacks. The project was inform=
ed of the problem early through an issue report but has not responded yet. = 2026-02-08 7.3 CVE-2026-2165 [ https://www.cve.org/CVERecord?id=3DCVE-2026-= 2165 ] VDB-344867 | detronetdip E-commerce Account Creation Endpoint add_se= ller.php missing authentication [ https://vuldb.com/?id.344867 ]
VDB-344867 | CTI Indicators (IOB, IOC, IOA) [ https://vuldb.com/?ctiid.3448=
67 ]
Submit #751857 | detronetdip E-commerce 1.0 Access Control Violation [ http= s://vuldb.com/?submit.751857 ] https://github.com/detronetdip/E-commerce/issues/23 https://github.com/Nixon-H/Unauthenticated-Admin-Account-Creation https://github.com/detronetdip/E-commerce/
=C2=A0 code-projects--Online Reviewer System A security vulnerability has b= een detected in code-projects Online Reviewer System 1.0. The affected elem= ent is an unknown function of the file /login/index.php of the component Lo= gin. The manipulation of the argument username/password leads to sql inject= ion. The attack is possible to be carried out remotely. The exploit has bee=
n disclosed publicly and may be used. 2026-02-08 7.3 CVE-2026-2166 [ https:= //www.cve.org/CVERecord?id=3DCVE-2026-2166 ] VDB-344868 | code-projects Onl= ine Reviewer System Login index.php sql injection [ https://vuldb.com/?id.3= 44868 ]
VDB-344868 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344868 ]
Submit #751858 | code-projects OnlineReviewerSystem 1.0 SQL Injection [ htt= ps://vuldb.com/?submit.751858 ]
Submit #750018 | code-projects ONLINE REVIEWER SYSTEM V1.0 SQL Injection (D= uplicate) [ https://vuldb.com/?submit.750018 ] https://github.com/liaoliao-hla/cve/issues/2
https://code-projects.org/
=C2=A0 code-projects--Online Student Management System A vulnerability was = found in code-projects Online Student Management System 1.0. Affected is an=
unknown function of the file accounts.php of the component Login. Performi=
ng a manipulation of the argument username/password results in sql injectio=
n. The attack can be initiated remotely. The exploit has been made public a=
nd could be used. 2026-02-08 7.3 CVE-2026-2171 [ https://www.cve.org/CVERec= ord?id=3DCVE-2026-2171 ] VDB-344872 | code-projects Online Student Manageme=
nt System Login accounts.php sql injection [ https://vuldb.com/?id.344872 ] VDB-344872 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344872 ]
Submit #749233 | code-projects Online Student Management System in PHP unkn= own SQL Injection [ https://vuldb.com/?submit.749233 ] https://code-projects.org/
=C2=A0 code-projects--Online Application System for Admission A vulnerabili=
ty was determined in code-projects Online Application System for Admission = 1.0. Affected by this vulnerability is an unknown functionality of the file=
enrollment/index.php of the component Login Endpoint. Executing a manipula= tion can lead to sql injection. The attack can be launched remotely. The ex= ploit has been publicly disclosed and may be utilized. 2026-02-08 7.3 CVE-2= 026-2172 [ https://www.cve.org/CVERecord?id=3DCVE-2026-2172 ] VDB-344873 | = code-projects Online Application System for Admission Login Endpoint index.= php sql injection [ https://vuldb.com/?id.344873 ]
VDB-344873 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344873 ]
Submit #749253 | code-projects Online Application System for Admission in P=
HP unknown SQL Injection [ https://vuldb.com/?submit.749253 ] https://code-projects.org/
=C2=A0 code-projects--Online Examination System A vulnerability was identif= ied in code-projects Online Examination System 1.0. Affected by this issue =
is some unknown functionality of the file login.php. The manipulation of th=
e argument username/password leads to sql injection. The attack may be init= iated remotely. 2026-02-08 7.3 CVE-2026-2173 [ https://www.cve.org/CVERecor= d?id=3DCVE-2026-2173 ] VDB-344874 | code-projects Online Examination System=
login.php sql injection [ https://vuldb.com/?id.344874 ]
VDB-344874 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344874 ]
Submit #749255 | code-projects Online Examination System in PHP unknown sql=
[ https://vuldb.com/?submit.749255 ]
https://code-projects.org/
=C2=A0 code-projects--Contact Management System A security flaw has been di= scovered in code-projects Contact Management System 1.0. This affects an un= known part of the component CRUD Endpoint. The manipulation of the argument=
ID results in improper authentication. The attack may be launched remotely=
. 2026-02-08 7.3 CVE-2026-2174 [ https://www.cve.org/CVERecord?id=3DCVE-202= 6-2174 ] VDB-344875 | code-projects Contact Management System CRUD Endpoint=
improper authentication [ https://vuldb.com/?id.344875 ]
VDB-344875 | CTI Indicators (IOB, IOC, IOA) [ https://vuldb.com/?ctiid.3448=
75 ]
Submit #749262 | code-projects Contact Management System in PHP unknown Aut= hentication Bypass Issues [ https://vuldb.com/?submit.749262 ] https://code-projects.org/
=C2=A0 D-Link--DIR-823X A weakness has been identified in D-Link DIR-823X 2= 50416. This vulnerability affects the function sub_420618 of the file /gofo= rm/set_upnp. This manipulation of the argument upnp_enable causes os comman=
d injection. Remote exploitation of the attack is possible. The exploit has=
been made available to the public and could be used for attacks. 2026-02-0=
8 7.2 CVE-2026-2175 [ https://www.cve.org/CVERecord?id=3DCVE-2026-2175 ] VD= B-344876 | D-Link DIR-823X set_upnp sub_420618 os command injection [ https= ://vuldb.com/?id.344876 ]
VDB-344876 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344876 ]
Submit #749263 | D-Link DIR-823X 250416 OS Command Injection [ https://vuld= b.com/?submit.749263 ]
https://github.com/master-abc/cve/issues/31
https://www.dlink.com/
=C2=A0 SourceCodester--Prison Management System A vulnerability has been fo= und in SourceCodester Prison Management System 1.0. The impacted element is=
an unknown function of the component Login. The manipulation leads to sess= ion fixiation. It is possible to initiate the attack remotely. The exploit = has been disclosed to the public and may be used. 2026-02-08 7.3 CVE-2026-2= 177 [ https://www.cve.org/CVERecord?id=3DCVE-2026-2177 ] VDB-344880 | Sourc= eCodester Prison Management System Login session fixiation [ https://vuldb.= com/?id.344880 ]
VDB-344880 | CTI Indicators (IOB, IOC) [ https://vuldb.com/?ctiid.344880 ] Submit #749485 | SourceCodester Prison Management System Using PHP V1.0 Ses= sion Fixiation [ https://vuldb.com/?submit.749485 ] https://github.com/hater-us/CVE/issues/10
https://www.sourcecodester.com/
=C2=A0 UTT-- 521G A weakness has been identified in UTT =E8=BF=9B=E5=8F=96 = 521G 3.1.1-190816. Affected by this issue is the function doSystem of the f= ile /goform/setSysAdm. Executing a manipulation of the argument passwd1 can=
lead to command injection. The attack may be launched remotely. The exploi=
t has been made available to the public and could be used for attacks. 2026= -02-08 7.2 CVE-2026-2182 [ https://www.cve.org/CVERecord?id=3DCVE-2026-2182=
] VDB-344885 | UTT =E8=BF=9B=E5=8F=96 521G setSysAdm doSystem command inje= ction [ https://vuldb.com/?id.344885 ]
VDB-344885 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344885 ]
Submit #749712 | UTT (=E8=89=BE=E6=B3=B0) UTT521G NV521Gv2v3.1.1-190816 Com= mand Injection [ https://vuldb.com/?submit.749712 ] https://github.com/cha0yang1/UTT521G/blob/main/RCE1.md https://github.com/cha0yang1/UTT521G/blob/main/RCE1.md#poc
=C2=A0 Great Developers--Certificate Generation System A vulnerability was = detected in Great Developers Certificate Generation System up to 97171bb0e5= e22e52eacf4e4fa81773e5f3cffb73. This vulnerability affects unknown code of = the file /restructured/csv.php. The manipulation of the argument photo resu= lts in os command injection. The attack can be executed remotely. This prod= uct implements a rolling release for ongoing delivery, which means version = information for affected or updated releases is unavailable. The code repos= itory of the project has not been active for many years. 2026-02-08 7.3 CVE= -2026-2184 [ https://www.cve.org/CVERecord?id=3DCVE-2026-2184 ] VDB-344887 =
| Great Developers Certificate Generation System csv.php os command injecti=
on [ https://vuldb.com/?id.344887 ]
VDB-344887 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344887 ]
Submit #749714 | Great Developers Certificate Generator System 1.0 Improper=
Neutralization of Special Elements [ https://vuldb.com/?submit.749714 ] https://github.com/lakshayyverma/CVE-Discovery/blob/main/Certificate2.md
=C2=A0 UTT-- 521G A vulnerability was determined in UTT =E8=BF=9B=E5=8F=96 = 521G 3.1.1-190816. The impacted element is the function sub_446B18 of the f= ile /goform/formPdbUpConfig. Executing a manipulation of the argument polic= yNames can lead to os command injection. It is possible to launch the attac=
k remotely. The exploit has been publicly disclosed and may be utilized. 20= 26-02-08 7.2 CVE-2026-2188 [ https://www.cve.org/CVERecord?id=3DCVE-2026-21=
88 ] VDB-344891 | UTT =E8=BF=9B=E5=8F=96 521G formPdbUpConfig sub_446B18 os=
command injection [ https://vuldb.com/?id.344891 ]
VDB-344891 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344891 ]
Submit #749733 | UTT (=E8=89=BE=E6=B3=B0) UTT521G NV521Gv2v3.1.1-190816 Com= mand Injection [ https://vuldb.com/?submit.749733 ] https://github.com/cha0yang1/UTT521G/blob/main/RCE2.md
=C2=A0 itsourcecode--School Management System A vulnerability was identifie=
d in itsourcecode School Management System 1.0. This affects an unknown fun= ction of the file /ramonsys/report/index.php. The manipulation of the argum= ent ay leads to sql injection. The attack can be initiated remotely. The ex= ploit is publicly available and might be used. 2026-02-08 7.3 CVE-2026-2189=
[ https://www.cve.org/CVERecord?id=3DCVE-2026-2189 ] VDB-344892 | itsource= code School Management System index.php sql injection [ https://vuldb.com/?= id.344892 ]
VDB-344892 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344892 ]
Submit #749746 | itsourcecode School Management System V1.0 SQL Injection [=
https://vuldb.com/?submit.749746 ]
https://github.com/angtas/cve/issues/1
https://itsourcecode.com/
=C2=A0 itsourcecode--School Management System A security flaw has been disc= overed in itsourcecode School Management System 1.0. This impacts an unknow=
n function of the file /ramonsys/user/controller.php. The manipulation of t=
he argument ID results in sql injection. The attack can be launched remotel=
y. The exploit has been released to the public and may be used for attacks.=
2026-02-08 7.3 CVE-2026-2190 [ https://www.cve.org/CVERecord?id=3DCVE-2026= -2190 ] VDB-344893 | itsourcecode School Management System controller.php s=
ql injection [ https://vuldb.com/?id.344893 ]
VDB-344893 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344893 ]
Submit #749783 | itsourcecode School Management System V1.0 SQL Injection [=
https://vuldb.com/?submit.749783 ]
https://github.com/yyue02/cve/issues/2
https://itsourcecode.com/
=C2=A0 Tenda--AC9 A weakness has been identified in Tenda AC9 15.03.06.42_m= ulti. Affected is the function formGetDdosDefenceList. This manipulation of=
the argument security.ddos.map causes stack-based buffer overflow. The att= ack may be initiated remotely. The exploit has been made available to the p= ublic and could be used for attacks. 2026-02-08 7.2 CVE-2026-2191 [ https:/= /www.cve.org/CVERecord?id=3DCVE-2026-2191 ] VDB-344894 | Tenda AC9 formGetD= dosDefenceList stack-based overflow [ https://vuldb.com/?id.344894 ]
VDB-344894 | CTI Indicators (IOB, IOC, IOA) [ https://vuldb.com/?ctiid.3448=
94 ]
Submit #749800 | Tenda AC9 v1.0/V3.0 V15.03.06.42_multi Stack-based Buffer = Overflow [ https://vuldb.com/?submit.749800 ] https://github.com/glkfc/IoT-Vulnerability/blob/main/Tenda/tenda3.md https://www.tenda.com.cn/
=C2=A0 Tenda--AC9 A security vulnerability has been detected in Tenda AC9 1= 5.03.06.42_multi. Affected by this vulnerability is the function formGetReb= ootTimer. Such manipulation of the argument sys.schedulereboot.start_time/s= ys.schedulereboot.end_time leads to stack-based buffer overflow. The attack=
may be launched remotely. The exploit has been disclosed publicly and may =
be used. 2026-02-08 7.2 CVE-2026-2192 [ https://www.cve.org/CVERecord?id=3D= CVE-2026-2192 ] VDB-344895 | Tenda AC9 formGetRebootTimer stack-based overf= low [ https://vuldb.com/?id.344895 ]
VDB-344895 | CTI Indicators (IOB, IOC, IOA) [ https://vuldb.com/?ctiid.3448=
95 ]
Submit #749801 | Tenda AC9 v1.0/V3.0 V15.03.06.42_multi Stack-based Buffer = Overflow [ https://vuldb.com/?submit.749801 ] https://github.com/glkfc/IoT-Vulnerability/blob/main/Tenda/tenda4.md https://www.tenda.com.cn/
=C2=A0 code-projects--Online Reviewer System A vulnerability has been found=
in code-projects Online Reviewer System 1.0. This vulnerability affects un= known code of the file /system/system/admins/assessments/pretest/questions-= view.php. The manipulation of the argument ID leads to sql injection. The a= ttack is possible to be carried out remotely. The exploit has been disclose=
d to the public and may be used. 2026-02-08 7.3 CVE-2026-2195 [ https://www= .cve.org/CVERecord?id=3DCVE-2026-2195 ] VDB-344898 | code-projects Online R= eviewer System questions-view.php sql injection [ https://vuldb.com/?id.344= 898 ]
VDB-344898 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344898 ]
Submit #750005 | code-projects Online Reviewer System V1 SQL Injection [ ht= tps://vuldb.com/?submit.750005 ]
https://github.com/tiancesec/CVE/issues/16
https://code-projects.org/
=C2=A0 TeamViewer--Remote Improper access control in=E2=80=AFthe=E2=80=AFTe= amViewer=E2=80=AFFull and Host clients=E2=80=AF(Windows,=E2=80=AFmacOS, Lin= ux)=E2=80=AFprior=E2=80=AFversion=E2=80=AF15.74.5 allows an authenticated u= ser=E2=80=AFto bypass=E2=80=AFadditional=E2=80=AFaccess controls with=E2=80= =AF"Allow after=E2=80=AFconfirmation"=E2=80=AFconfiguration=E2=80=AFin=E2= =80=AFa=E2=80=AFremote session.=E2=80=AFAn exploit could result in unauthor= ized access prior to local confirmation.=E2=80=AFThe user needs to be authe= nticated for the remote session via ID/password, Session Link, or Easy Acce=
ss as a prerequisite to exploit this vulnerability. 2026-02-05 7.2 CVE-2026= -23572 [ https://www.cve.org/CVERecord?id=3DCVE-2026-23572 ] https://www.te= amviewer.com/en/resources/trust-center/security-bulletins/tv-2026-1003/
=C2=A0 apollographql--apollo-server Apollo Server is an open-source, spec-c= ompliant GraphQL server that's compatible with any GraphQL client, includin=
g Apollo Client. In versions from 2.0.0 to 3.13.0, 4.2.0 to before 4.13.0, = and 5.0.0 to before 5.4.0, the default configuration of startStandaloneServ=
er from @apollo/server/standalone is vulnerable to denial of service (DoS) = attacks through specially crafted request bodies with exotic character set = encodings. This issue does not affect users that use @apollo/server as a de= pendency for integration packages, like @as-integrations/express5 or @as-in= tegrations/next, only direct usage of startStandaloneServer. 2026-02-04 7.5=
CVE-2026-23897 [ https://www.cve.org/CVERecord?id=3DCVE-2026-23897 ] https= ://github.com/apollographql/apollo-server/security/advisories/GHSA-mp6q-xf9= x-fwf7 https://github.com/apollographql/apollo-server/commit/d25a5bdc377826ad424fc= f7f8d1d062055911643 https://github.com/apollographql/apollo-server/commit/e9d49d163a86b8a33be56= ed27c494b9acd5400a4
=C2=A0 open-telemetry--opentelemetry-go OpenTelemetry-Go is the Go implemen= tation of OpenTelemetry. The OpenTelemetry Go SDK in version v1.20.0-1.39.0=
is vulnerable to Path Hijacking (Untrusted Search Paths) on macOS/Darwin s= ystems. The resource detection code in sdk/resource/host_id.go executes the=
ioreg system command using a search path. An attacker with the ability to = locally modify the PATH environment variable can achieve Arbitrary Code Exe= cution (ACE) within the context of the application. A fix was released with=
v1.40.0. 2026-02-02 7 CVE-2026-24051 [ https://www.cve.org/CVERecord?id=3D= CVE-2026-24051 ] https://github.com/open-telemetry/opentelemetry-go/securit= y/advisories/GHSA-9h8m-3fm2-qjrq https://github.com/open-telemetry/opentelemetry-go/commit/d45961bcda453fcbd= b6469c22d6e88a1f9970a53
=C2=A0 NVIDIA--Megatron-LM NVIDIA Megatron-LM for all platforms contains a = vulnerability in a script, where malicious data created by an attacker may = cause a code injection issue. A successful exploit of this vulnerability ma=
y lead to code execution, escalation of privileges, information disclosure,=
data tampering. 2026-02-03 7.8 CVE-2026-24149 [ https://www.cve.org/CVERec= ord?id=3DCVE-2026-24149 ] NVD [ https://nvd.nist.gov/vuln/detail/CVE-2026-2= 4149 ]
Mitre [ https://www.cve.org/CVERecord?id=3DCVE-2026-24149 ]
=C2=A0 gunet--openeclass The Open eClass platform (formerly known as GUnet = eClass) is a complete course management system. Prior to version 4.2, an in= secure password reset mechanism allows local attackers to reuse a valid pas= sword reset token after it has already been used, enabling unauthorized pas= sword changes and potential account takeover. This issue has been patched i=
n version 4.2. 2026-02-03 7.8 CVE-2026-24669 [ https://www.cve.org/CVERecor= d?id=3DCVE-2026-24669 ] https://github.com/gunet/openeclass/security/adviso= ries/GHSA-gcqq-fxw6-f866
=C2=A0 gunet--openeclass The Open eClass platform (formerly known as GUnet = eClass) is a complete course management system. Prior to version 4.2, a Sto= red Cross-Site Scripting (XSS) vulnerability allows authenticated students =
to inject malicious JavaScript into user profile fields, which is executed = when users with viewing privileges access affected application pages. This = issue has been patched in version 4.2. 2026-02-03 7.3 CVE-2026-24672 [ http= s://www.cve.org/CVERecord?id=3DCVE-2026-24672 ] https://github.com/gunet/op= eneclass/security/advisories/GHSA-3p2x-qgxw-qvxh
=C2=A0 gunet--openeclass The Open eClass platform (formerly known as GUnet = eClass) is a complete course management system. Prior to version 4.2, an In= secure Direct Object Reference (IDOR) vulnerability allows unauthenticated = remote attackers to access personal files of other users by directly reques= ting predictable user identifiers. This issue has been patched in version 4= .2. 2026-02-03 7.5 CVE-2026-24773 [ https://www.cve.org/CVERecord?id=3DCVE-= 2026-24773 ] https://github.com/gunet/openeclass/security/advisories/GHSA-6= 3pm-pff4-xc9c
=C2=A0 chainguard-dev--melange melange allows users to build apk packages u= sing declarative pipelines. From version 0.3.0 to before 0.40.3, an attacke=
r who can provide build input values, but not modify pipeline definitions, = could execute arbitrary shell commands if the pipeline uses ${{vars.*}} or = ${{inputs.*}} substitutions in working-directory. The field is embedded int=
o shell scripts without proper quote escaping. This issue has been patched =
in version 0.40.3. 2026-02-04 7.8 CVE-2026-24844 [ https://www.cve.org/CVER= ecord?id=3DCVE-2026-24844 ] https://github.com/chainguard-dev/melange/secur= ity/advisories/GHSA-vqqr-rmpc-hhg2 https://github.com/chainguard-dev/melange/commit/e51ca30cfb63178f5a86997d23= d3fff0359fa6c8
=C2=A0 Huawei--HarmonyOS Heap-based buffer overflow vulnerability in the im= age module. Impact: Successful exploitation of this vulnerability may affec=
t availability. 2026-02-06 7.3 CVE-2026-24925 [ https://www.cve.org/CVEReco= rd?id=3DCVE-2026-24925 ] https://consumer.huawei.com/en/support/bulletin/20= 26/2/
https://consumer.huawei.com/en/support/bulletinlaptops/2026/2/
=C2=A0 chainguard-dev--apko apko allows users to build and publish OCI cont= ainer images built from apk packages. From version 0.14.8 to before 1.1.1, =
a path traversal vulnerability was discovered in apko's dirFS filesystem ab= straction. An attacker who can supply a malicious APK package (e.g., via a = compromised or typosquatted repository) could create directories or symlink=
s outside the intended installation root. The MkdirAll, Mkdir, and Symlink = methods in pkg/apk/fs/rwosfs.go use filepath.Join() without validating that=
the resulting path stays within the base directory. This issue has been pa= tched in version 1.1.1. 2026-02-04 7.5 CVE-2026-25121 [ https://www.cve.org= /CVERecord?id=3DCVE-2026-25121 ] https://github.com/chainguard-dev/apko/sec= urity/advisories/GHSA-5g94-c2wx-8pxw https://github.com/chainguard-dev/apko/commit/d8b7887a968a527791b3c591ae839= 28cb49a9f14
=C2=A0 chainguard-dev--apko apko allows users to build and publish OCI cont= ainer images built from apk packages. From version 0.14.8 to before 1.1.1, =
an attacker who controls or compromises an APK repository used by apko coul=
d cause resource exhaustion on the build host. The ExpandApk function in pk= g/apk/expandapk/expandapk.go expands .apk streams without enforcing decompr= ession limits, allowing a malicious repository to serve a small, highly-com= pressed .apk that inflates into a large tar stream, consuming excessive dis=
k space and CPU time, causing build failures or denial of service. This iss=
ue has been patched in version 1.1.1. 2026-02-04 7.5 CVE-2026-25140 [ https= ://www.cve.org/CVERecord?id=3DCVE-2026-25140 ] https://github.com/chainguar= d-dev/apko/security/advisories/GHSA-f4w5-5xv9-85f6 https://github.com/chainguard-dev/apko/commit/2be3903fe194ad46351840f0569b3= 5f5ac965f09
=C2=A0 chainguard-dev--melange melange allows users to build apk packages u= sing declarative pipelines. From version 0.10.0 to before 0.40.3, an attack=
er who can influence inputs to the patch pipeline could execute arbitrary s= hell commands on the build host. The patch pipeline in pkg/build/pipelines/= patch.yaml embeds input-derived values (series paths, patch filenames, and = numeric parameters) into shell scripts without proper quoting or validation=
, allowing shell metacharacters to break out of their intended context. The=
vulnerability affects the built-in patch pipeline which can be invoked thr= ough melange build and melange license-check operations. An attacker who ca=
n control patch-related inputs (e.g., through pull request-driven CI, build= -as-a-service, or by influencing melange configurations) can inject shell m= etacharacters such as backticks, command substitutions $(=E2=80=A6), semico= lons, pipes, or redirections to execute arbitrary commands with the privile= ges of the melange build process. This issue has been patched in version 0.= 40.3. 2026-02-04 7.8 CVE-2026-25143 [ https://www.cve.org/CVERecord?id=3DCV= E-2026-25143 ] https://github.com/chainguard-dev/melange/security/advisorie= s/GHSA-rf4g-89h5-crcr https://github.com/chainguard-dev/melange/commit/bd132535cd9f57d4bd39d9ead0= 633598941af030
=C2=A0 openclaw--openclaw OpenClaw is a personal AI assistant. Prior to ver= sion 2026.1.29, there is an OS command injection vulnerability via the Proj= ect Root Path in sshNodeCommand. The sshNodeCommand function constructed a = shell script without properly escaping the user-supplied project path in an=
error message. When the cd command failed, the unescaped path was interpol= ated directly into an echo statement, allowing arbitrary command execution =
on the remote SSH host. The parseSSHTarget function did not validate that S=
SH target strings could not begin with a dash. An attacker-supplied target = like -oProxyCommand=3D... would be interpreted as an SSH configuration flag=
rather than a hostname, allowing arbitrary command execution on the local = machine. This issue has been patched in version 2026.1.29. 2026-02-04 7.8 C= VE-2026-25157 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25157 ] https:/= /github.com/openclaw/openclaw/security/advisories/GHSA-q284-4pvr-m585
=C2=A0 fastify--fastify Fastify is a fast and low overhead web framework, f=
or Node.js. Prior to version 5.7.2, a validation bypass vulnerability exist=
s in Fastify where request body validation schemas specified by Content-Typ=
e can be completely circumvented. By appending a tab character (\t) followe=
d by arbitrary content to the Content-Type header, attackers can bypass bod=
y validation while the server still processes the body as the original cont= ent type. This issue has been patched in version 5.7.2. 2026-02-03 7.5 CVE-= 2026-25223 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25223 ] https://gi= thub.com/fastify/fastify/security/advisories/GHSA-jx2c-rxcm-jvmq https://github.com/fastify/fastify/commit/32d7b6add39ddf082d92579a58bea7018= c5ac821
https://hackerone.com/reports/3464114 https://fastify.dev/docs/latest/Reference/Validation-and-Serialization https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba75= 21348/lib/content-type-parser.js#L125 https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba75= 21348/lib/validation.js#L272
=C2=A0 InternationalColorConsortium--iccDEV iccDEV provides a set of librar= ies and tools that allow for the interaction, manipulation, and application=
of ICC color management profiles. Prior to version 2.3.1.2, stack-based bu= ffer overflow in icFixXml() function when processing malformed ICC profiles=
, allows potential arbitrary code execution through crafted NamedColor2 tag=
s. This issue has been patched in version 2.3.1.2. 2026-02-03 7.8 CVE-2026-= 25502 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25502 ] https://github.= com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-c2qq-jf7w-= rm27
https://github.com/InternationalColorConsortium/iccDEV/issues/537 https://github.com/InternationalColorConsortium/iccDEV/pull/545 https://github.com/InternationalColorConsortium/iccDEV/commit/be5d7ec5cc137= c084c08006aee8cd3ed378c7ac2
=C2=A0 InternationalColorConsortium--iccDEV iccDEV provides a set of librar= ies and tools that allow for the interaction, manipulation, and application=
of ICC color management profiles. Prior to version 2.3.1.2, type confusion=
allowed malformed ICC profiles to trigger undefined behavior when loading = invalid icImageEncodingType values causing denial of service. This issue ha=
s been patched in version 2.3.1.2. 2026-02-03 7.1 CVE-2026-25503 [ https://= www.cve.org/CVERecord?id=3DCVE-2026-25503 ] https://github.com/Internationa= lColorConsortium/iccDEV/security/advisories/GHSA-pf84-4c7q-x764 https://github.com/InternationalColorConsortium/iccDEV/issues/539 https://github.com/InternationalColorConsortium/iccDEV/pull/547 https://github.com/InternationalColorConsortium/iccDEV/commit/353e6517a31cb= 6ac9fdd44ac0103bc2fadb25175
=C2=A0 modelcontextprotocol--typescript-sdk MCP TypeScript SDK is the offic= ial TypeScript SDK for Model Context Protocol servers and clients. From ver= sion 1.10.0 to 1.25.3, cross-client response data leak when a single McpSer= ver/Server and transport instance is reused across multiple client connecti= ons, most commonly in stateless StreamableHTTPServerTransport deployments. = This issue has been patched in version 1.26.0. 2026-02-04 7.1 CVE-2026-2553=
6 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25536 ] https://github.com/= modelcontextprotocol/typescript-sdk/security/advisories/GHSA-345p-7cg4-v4c7 https://github.com/modelcontextprotocol/typescript-sdk/issues/204 https://github.com/modelcontextprotocol/typescript-sdk/issues/243
=C2=A0 Coding-Solo--godot-mcp Godot MCP is a Model Context Protocol (MCP) s= erver for interacting with the Godot game engine. Prior to version 0.1.1, a=
command injection vulnerability in godot-mcp allows remote code execution.=
The executeOperation function passed user-controlled input (e.g., projectP= ath) directly to exec(), which spawns a shell. An attacker could inject she=
ll metacharacters like $(command) or &calc to execute arbitrary commands wi=
th the privileges of the MCP server process. This affects any tool that acc= epts projectPath, including create_scene, add_node, load_sprite, and others=
. This issue has been patched in version 0.1.1. 2026-02-04 7.8 CVE-2026-255=
46 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25546 ] https://github.com= /Coding-Solo/godot-mcp/security/advisories/GHSA-8jx2-rhfh-q928 https://github.com/Coding-Solo/godot-mcp/issues/64 https://github.com/Coding-Solo/godot-mcp/pull/67 https://github.com/Coding-Solo/godot-mcp/commit/21c785d923cfdb471ea60323c13= 807d62dfecc5a
=C2=A0 InternationalColorConsortium--iccDEV iccDEV provides a set of librar= ies and tools that allow for the interaction, manipulation, and application=
of ICC color management profiles. Prior to version 2.3.1.3, there is a hea=
p buffer overflow (read) vulnerability in CIccIO::WriteUInt16Float() when c= onverting malformed XML to ICC profiles via iccFromXml tool. This issue has=
been patched in version 2.3.1.3. 2026-02-04 7.8 CVE-2026-25582 [ https://w= ww.cve.org/CVERecord?id=3DCVE-2026-25582 ] https://github.com/International= ColorConsortium/iccDEV/security/advisories/GHSA-46hq-fphp-jggf https://github.com/InternationalColorConsortium/iccDEV/issues/559 https://github.com/InternationalColorConsortium/iccDEV/pull/561 https://github.com/InternationalColorConsortium/iccDEV/commit/b5e5dd238f609= ec1a4efb25674e7fa4bd29d894a
=C2=A0 InternationalColorConsortium--iccDEV iccDEV provides a set of librar= ies and tools that allow for the interaction, manipulation, and application=
of ICC color management profiles. Prior to version 2.3.1.3, there is a hea=
p buffer overflow vulnerability in CIccFileIO::Read8() when processing malf= ormed ICC profile files via unchecked fread operation. This issue has been = patched in version 2.3.1.3. 2026-02-04 7.8 CVE-2026-25583 [ https://www.cve= .org/CVERecord?id=3DCVE-2026-25583 ] https://github.com/InternationalColorC= onsortium/iccDEV/security/advisories/GHSA-5ffg-r52h-fgw3 https://github.com/InternationalColorConsortium/iccDEV/issues/558 https://github.com/InternationalColorConsortium/iccDEV/pull/562 https://github.com/InternationalColorConsortium/iccDEV/commit/8a6df2d8dac1e= 971a18be66fa36e3a0d6584f919
=C2=A0 InternationalColorConsortium--iccDEV iccDEV provides a set of librar= ies and tools that allow for the interaction, manipulation, and application=
of ICC color management profiles. Prior to version 2.3.1.3, there is a sta= ck-buffer-overflow vulnerability in CIccTagFloatNum<>::GetValues(). This is=
triggered when processing a malformed ICC profile. The vulnerability allow=
s an out-of-bounds write on the stack, potentially leading to memory corrup= tion, information disclosure, or code execution when processing specially c= rafted ICC files. This issue has been patched in version 2.3.1.3. 2026-02-0=
4 7.8 CVE-2026-25584 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25584 ] = https://github.com/InternationalColorConsortium/iccDEV/security/advisories/= GHSA-xjr3-v3vr-5794 https://github.com/InternationalColorConsortium/iccDEV/issues/551 https://github.com/InternationalColorConsortium/iccDEV/pull/565 https://github.com/InternationalColorConsortium/iccDEV/commit/c9cb108f58683= bd87afca616dea3e4cdb884c23f
=C2=A0 InternationalColorConsortium--iccDEV iccDEV provides a set of librar= ies and tools that allow for the interaction, manipulation, and application=
of ICC color management profiles. Prior to version 2.3.1.3, there is a vul= nerability IccCmm.cpp:5793 when reading through index during ICC profile pr= ocessing. The malformed ICC profile triggers improper array bounds validati=
on in the color management module, resulting in an out-of-bounds read that = can lead to memory disclosure or segmentation fault from accessing memory b= eyond the array boundary. This issue has been patched in version 2.3.1.3. 2= 026-02-04 7.8 CVE-2026-25585 [ https://www.cve.org/CVERecord?id=3DCVE-2026-= 25585 ] https://github.com/InternationalColorConsortium/iccDEV/security/adv= isories/GHSA-pmqx-q624-jg6w https://github.com/InternationalColorConsortium/iccDEV/issues/552 https://github.com/InternationalColorConsortium/iccDEV/pull/563 https://github.com/InternationalColorConsortium/iccDEV/commit/ba81cd94b9c82= b1d3905d45427badbd9d8adfa15
=C2=A0 Blesta--Blesta Blesta 3.x through 5.x before 5.13.3 allows object in= jection, aka CORE-5680. 2026-02-03 7.5 CVE-2026-25614 [ https://www.cve.org= /CVERecord?id=3DCVE-2026-25614 ] https://www.blesta.com/2026/01/28/security= -advisory/
=C2=A0 Blesta--Blesta Blesta 3.x through 5.x before 5.13.3 allows object in= jection, aka CORE-5668. 2026-02-03 7.2 CVE-2026-25615 [ https://www.cve.org= /CVERecord?id=3DCVE-2026-25615 ] https://www.blesta.com/2026/01/28/security= -advisory/
=C2=A0 InternationalColorConsortium--iccDEV iccDEV provides a set of librar= ies and tools that allow for the interaction, manipulation, and application=
of ICC color management profiles. Prior to 2.3.1.4, SrcPixel and DestPixel=
stack buffers overlap in CIccTagMultiProcessElement::Apply() int IccTagMPE= .cpp. This vulnerability is fixed in 2.3.1.4. 2026-02-06 7.8 CVE-2026-25634=
[ https://www.cve.org/CVERecord?id=3DCVE-2026-25634 ] https://github.com/I= nternationalColorConsortium/iccDEV/security/advisories/GHSA-35rg-jcmp-583h https://github.com/InternationalColorConsortium/iccDEV/issues/577 https://github.com/InternationalColorConsortium/iccDEV/pull/579 https://github.com/InternationalColorConsortium/iccDEV/commit/9206e0b8684e4= cf4186d9ae768f16760bc1af9ff https://github.com/InternationalColorConsortium/iccDEV/releases/tag/v2.3.1.4 =C2=A0 pydantic--pydantic-ai Pydantic AI is a Python agent framework for bu= ilding applications and workflows with Generative AI. From 1.34.0 to before=
1.51.0, a path traversal vulnerability in the Pydantic AI web UI allows an=
attacker to serve arbitrary JavaScript in the context of the application b=
y crafting a malicious URL. In affected versions, the CDN URL is constructe=
d using a version query parameter from the request URL. This parameter is n=
ot validated, allowing path traversal sequences that cause the server to fe= tch and serve attacker-controlled HTML/JavaScript from an arbitrary source =
on the same CDN, instead of the legitimate chat UI package. If a victim cli= cks the link or visits it via an iframe, attacker-controlled code executes =
in their browser, enabling theft of chat history and other client-side data=
. This vulnerability only affects applications that use Agent.to_web to ser=
ve a chat interface and clai web to serve a chat interface from the CLI. Th= ese are typically run locally (on localhost), but may also be deployed on a=
remote server. This vulnerability is fixed in 1.51.0. 2026-02-06 7.1 CVE-2= 026-25640 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25640 ] https://git= hub.com/pydantic/pydantic-ai/security/advisories/GHSA-wjp5-868j-wqv7 https://github.com/pydantic/pydantic-ai/releases/tag/v1.51.0
=C2=A0 datahub-project--datahub DataHub is an open-source metadata platform=
. Prior to version 1.3.1.8, the LDAP ingestion source is vulnerable to MITM=
attack through TLS downgrade. This issue has been patched in version 1.3.1= .8. 2026-02-06 7.5 CVE-2026-25644 [ https://www.cve.org/CVERecord?id=3DCVE-= 2026-25644 ] https://github.com/datahub-project/datahub/security/advisories= /GHSA-j34h-x7qg-4qw5
=C2=A0 kovidgoyal--calibre calibre is an e-book manager. Prior to 9.2.0, a = Server-Side Template Injection (SSTI) vulnerability in Calibre's Templite t= emplating engine allows arbitrary code execution when a user converts an eb= ook using a malicious custom template file via the --template-html or --tem= plate-html-index command-line options. This vulnerability is fixed in 9.2.0=
. 2026-02-06 7.8 CVE-2026-25731 [ https://www.cve.org/CVERecord?id=3DCVE-20= 26-25731 ] https://github.com/kovidgoyal/calibre/security/advisories/GHSA-x= rh9-w7qx-3gcc https://github.com/kovidgoyal/calibre/commit/f0649b27512e987b95fcab2e1e0a3b= cdafc23379
=C2=A0 zauberzeug--nicegui NiceGUI is a Python-based UI framework. Prior to=
3.7.0, NiceGUI's FileUpload.name property exposes client-supplied filename=
metadata without sanitization, enabling path traversal when developers use=
the pattern UPLOAD_DIR / file.name. Malicious filenames containing ../ seq= uences allow attackers to write files outside intended directories, with po= tential for remote code execution through application file overwrites in vu= lnerable deployment patterns. This design creates a prevalent security foot= gun affecting applications following common community patterns. Note: Explo= itation requires application code incorporating file.name into filesystem p= aths without sanitization. Applications using fixed paths, generated filena= mes, or explicit sanitization are not affected. This vulnerability is fixed=
in 3.7.0. 2026-02-06 7.5 CVE-2026-25732 [ https://www.cve.org/CVERecord?id= =3DCVE-2026-25732 ] https://github.com/zauberzeug/nicegui/security/advisori= es/GHSA-9ffm-fxg3-xrhh https://github.com/zauberzeug/nicegui/blob/main/nicegui/elements/upload_fil= es.py#L110-L115 https://github.com/zauberzeug/nicegui/blob/main/nicegui/elements/upload_fil= es.py#L79-L82
=C2=A0 adonisjs--core AdonisJS is a TypeScript-first web framework. Prior t=
o versions 10.1.3 and 11.0.0-next.9, a prototype pollution vulnerability in=
AdonisJS multipart form-data parsing may allow a remote attacker to manipu= late object prototypes at runtime. This issue has been patched in versions = 10.1.3 and 11.0.0-next.9. 2026-02-06 7.2 CVE-2026-25754 [ https://www.cve.o= rg/CVERecord?id=3DCVE-2026-25754 ] https://github.com/adonisjs/core/securit= y/advisories/GHSA-f5x2-vj4h-vg4c https://github.com/adonisjs/bodyparser/commit/40e1c71f958cffb74f6b91bed6630= dca979062ed
https://github.com/adonisjs/bodyparser/releases/tag/v11.0.0-next.9
=C2=A0 adonisjs--core AdonisJS is a TypeScript-first web framework. Prior t=
o versions 10.1.3 and 11.0.0-next.9, a denial of service (DoS) vulnerabilit=
y exists in the multipart file handling logic of @adonisjs/bodyparser. When=
processing file uploads, the multipart parser may accumulate an unbounded = amount of data in memory while attempting to detect file types, potentially=
leading to excessive memory consumption and process termination. This issu=
e has been patched in versions 10.1.3 and 11.0.0-next.9. 2026-02-06 7.5 CVE= -2026-25762 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25762 ] https://g= ithub.com/adonisjs/core/security/advisories/GHSA-xx9g-fh25-4q64 https://github.com/adonisjs/bodyparser/releases/tag/v10.1.3 https://github.com/adonisjs/bodyparser/releases/tag/v11.0.0-next.9
=C2=A0=20

Back to top [ #top ]

Medium Vulnerabilities

Primary
Vendor -- Product Description Published CVSS Score Source Info Patch Info S= weethawk--Zendesk App SweetHawk Survey Zendesk SweetHawk Survey 1.6 contain=
s a persistent cross-site scripting vulnerability that allows attackers to = inject malicious scripts through support ticket submissions. Attackers can = insert XSS payloads like script tags into ticket text that automatically ex= ecute when survey pages are loaded by other users. 2026-02-03 6.4 CVE-2019-= 25263 [ https://www.cve.org/CVERecord?id=3DCVE-2019-25263 ] ExploitDB-47781=
[ https://www.exploit-db.com/exploits/47781 ]
SweetHawk Survey App Vendor Homepage [ https://sweethawk.co/zendesk/survey-= app ]
Zendesk Survey App Software Page [ https://www.zendesk.com/apps/support/sur= vey/ ]
VulnCheck Advisory: Zendesk App SweetHawk Survey 1.6 - Persistent Cross-Sit=
e Scripting [ https://www.vulncheck.com/advisories/zendesk-app-sweethawk-su= rvey-persistent-cross-site-scripting ]
=C2=A0 Snipeitapp--IT Open Source Asset Management Snipe-IT 4.7.5 contains =
a persistent cross-site scripting vulnerability that allows authorized user=
s to upload malicious SVG files with embedded JavaScript. Attackers can cra=
ft SVG files with script tags to execute arbitrary JavaScript when the acce= ssory is viewed by other users. 2026-02-03 6.4 CVE-2019-25264 [ https://www= .cve.org/CVERecord?id=3DCVE-2019-25264 ] ExploitDB-47756 [ https://www.expl= oit-db.com/exploits/47756 ]
Official Vendor Homepage [ https://snipeitapp.com/ ]
Snipe-IT Software Release v4.7.5 [ https://github.com/snipe/snipe-it/releas= es/tag/v4.7.5 ]
VulnCheck Advisory: Snipe-IT Open Source Asset Management 4.7.5 - Persisten=
t Cross-Site Scripting [ https://www.vulncheck.com/advisories/snipe-it-open= -source-asset-management-persistent-cross-site-scripting ]
=C2=A0 Bigprof--Online Inventory Manager Online Inventory Manager 3.2 conta= ins a stored cross-site scripting vulnerability in the group description fi= eld of the admin edit groups section. Attackers can inject malicious JavaSc= ript through the description field that will execute when the groups page i=
s viewed, allowing potential cookie theft and client-side script execution.=
2026-02-03 6.4 CVE-2019-25265 [ https://www.cve.org/CVERecord?id=3DCVE-201= 9-25265 ] ExploitDB-47725 [ https://www.exploit-db.com/exploits/47725 ]
Vendor Homepage [ https://bigprof.com ]
Software Download Page [ https://bigprof.com/appgini/applications/online-in= ventory-manager ]
VulnCheck Advisory: Online Inventory Manager 3.2 - Persistent Cross-Site Sc= ripting [ https://www.vulncheck.com/advisories/online-inventory-manager-per= sistent-cross-site-scripting ]
=C2=A0 lolypop55--html5_snmp html5_snmp 1.11 contains a persistent cross-si=
te scripting vulnerability that allows attackers to inject malicious script=
s through the 'Remark' parameter in add_router_operation.php. Attackers can=
craft a POST request with a script payload in the Remark field to execute = arbitrary JavaScript in victim browsers when the page is loaded. 2026-02-06=
6.4 CVE-2019-25294 [ https://www.cve.org/CVERecord?id=3DCVE-2019-25294 ] E= xploitDB-47587 [ https://www.exploit-db.com/exploits/47587 ]
Vendor Homepage [ https://github.com/lolypop55/html5_snmp ]
VulnCheck Advisory: html5_snmp 1.11 - 'Remark' Persistent Cross-Site Script= ing [ https://www.vulncheck.com/advisories/htmlsnmp-remark-persistent-cross= -site-scripting ]
=C2=A0 thrsrossi--Millhouse Project Millhouse-Project 1.414 contains a pers= istent cross-site scripting vulnerability in the comment submission functio= nality that allows attackers to inject malicious scripts. Attackers can pos=
t comments with embedded JavaScript through the 'content' parameter in add_= comment_sql.php to execute arbitrary scripts in victim browsers. 2026-02-06=
6.4 CVE-2019-25301 [ https://www.cve.org/CVERecord?id=3DCVE-2019-25301 ] E= xploitDB-47583 [ https://www.exploit-db.com/exploits/47583 ]
Vendor Homepage [ https://github.com/thrsrossi/Millhouse-Project ]
VulnCheck Advisory: thrsrossi Millhouse-Project 1.414 - 'content' Persisten=
t Cross-Site Scripting [ https://www.vulncheck.com/advisories/thrsrossi-mil= lhouse-project-content-persistent-cross-site-scripting ]
=C2=A0 Twinkle Toes Software--Booked Scheduler Booked Scheduler 2.7.7 conta= ins a directory traversal vulnerability in the manage_email_templates.php s= cript that allows authenticated administrators to access unauthorized files=
. Attackers can exploit the vulnerable 'tn' parameter to read files outside=
the intended directory by manipulating directory path traversal techniques=
. 2026-02-03 6.5 CVE-2020-37077 [ https://www.cve.org/CVERecord?id=3DCVE-20= 20-37077 ] ExploitDB-48428 [ https://www.exploit-db.com/exploits/48428 ]
Booked Scheduler Official Website [ https://www.bookedscheduler.com ]
Archived Booked Scheduler SourceForge Page [ https://web.archive.org/web/20= 190612055926/https://sourceforge.net/projects/phpscheduleit/ ]
VulnCheck Advisory: Booked Scheduler 2.7.7 - Authenticated Directory Traver= sal [ https://www.vulncheck.com/advisories/booked-scheduler-authenticated-d= irectory-traversal ]
=C2=A0 Rubikon Teknoloji--Easy Transfer Easy Transfer 1.7 iOS mobile applic= ation contains a directory traversal vulnerability that allows remote attac= kers to access unauthorized file system paths without authentication. Attac= kers can exploit the vulnerability by manipulating path parameters in GET a=
nd POST requests to list or download sensitive system files and inject mali= cious scripts into application parameters. 2026-02-03 6.2 CVE-2020-37086 [ = https://www.cve.org/CVERecord?id=3DCVE-2020-37086 ] ExploitDB-48395 [ https= ://www.exploit-db.com/exploits/48395 ]
Vulnerability-Lab Advisory [ https://www.vulnerability-lab.com/get_content.= php?id=3D2223 ]
Official App Store Product Page [ https://apps.apple.com/us/app/easy-transf= er-wifi-transfer/id1484667078 ]
VulnCheck Advisory: Easy Transfer 1.7 for iOS - Directory Traversal [ https= ://www.vulncheck.com/advisories/easy-transfer-for-ios-directory-traversal ] =C2=A0 Dnnsoftware--DotNetNuke DotNetNuke 9.5 contains a persistent cross-s= ite scripting vulnerability that allows normal users to upload malicious XM=
L files with executable scripts through journal tools. Attackers can upload=
XML files with XHTML namespace scripts to execute arbitrary JavaScript in = users' browsers, potentially bypassing CSRF protections and performing more=
damaging attacks. 2026-02-03 6.4 CVE-2020-37103 [ https://www.cve.org/CVER= ecord?id=3DCVE-2020-37103 ] ExploitDB-48124 [ https://www.exploit-db.com/ex= ploits/48124 ]
DotNetNuke Official Vendor Homepage [ http://dnnsoftware.com/ ]
Vulnerability Analysis Blog Post [ https://medium.com/@SajjadPourali/dnn-do= tnetnuke-cms-not-as-secure-as-you-think-e8516f789175 ]
VulnCheck Advisory: DotNetNuke 9.5 - Persistent Cross-Site Scripting [ http= s://www.vulncheck.com/advisories/dotnetnuke-persistent-cross-site-scripting=
]
=C2=A0 Davidvg--60CycleCMS 60CycleCMS 2.5.2 contains a cross-site scripting=
(XSS) vulnerability in news.php that allows attackers to inject malicious = scripts through GET parameters. Attackers can craft malicious URLs with XSS=
payloads targeting the 'etsu' and 'ltsu' parameters to execute arbitrary s= cripts in victim's browsers. This issue does not involve SQL injection. 202= 6-02-03 6.1 CVE-2020-37111 [ https://www.cve.org/CVERecord?id=3DCVE-2020-37= 111 ] ExploitDB-48177 [ https://www.exploit-db.com/exploits/48177 ]
Vendor Homepage [ http://davidvg.com/ ]
Software Download Link [ https://www.opensourcecms.com/60cyclecms ]
VulnCheck Advisory: 60CycleCMS 2.5.2 - 'news.php' Cross-site Scripting (XSS=
) Vulnerability [ https://www.vulncheck.com/advisories/cyclecms-newsphp-cro= ss-site-scripting-xss-vulnerability ]
=C2=A0 Openeclass--GUnet OpenEclass GUnet OpenEclass 1.7.3 stores user cred= entials in plaintext, allowing administrators to view all registered users'=
usernames and passwords without encryption. This vulnerability exposes sen= sitive information and increases the risk of credential theft and unauthori= zed access. 2026-02-03 6.5 CVE-2020-37115 [ https://www.cve.org/CVERecord?i= d=3DCVE-2020-37115 ] ExploitDB-48163 [ https://www.exploit-db.com/exploits/= 48163 ]
Official Vendor Homepage [ https://www.openeclass.org/ ]
Changelog [ https://download.openeclass.org/files/docs/1.7/CHANGES.txt ] VulnCheck Advisory: GUnet OpenEclass 1.7.3 E-learning platform - Plaintext = Password Storage [ https://www.vulncheck.com/advisories/gunet-openeclass-e-= learning-platform-plaintext-password-storage ]
=C2=A0 EmTec--ZOC Terminal ZOC Terminal 7.25.5 contains a script processing=
vulnerability that allows local attackers to crash the application by load= ing a maliciously crafted REXX script file. Attackers can generate an overs= ized script with 20,000 repeated characters to trigger an application crash=
and cause a denial of service. 2026-02-05 6.2 CVE-2020-37128 [ https://www= .cve.org/CVERecord?id=3DCVE-2020-37128 ] ExploitDB-48302 [ https://www.expl= oit-db.com/exploits/48302 ]
Vendor Homepage [ https://www.emtec.com ]
VulnCheck Advisory: ZOC Terminal 7.25.5 - 'Script' Denial of Service [ http= s://www.vulncheck.com/advisories/zoc-terminal-script-denial-of-service ]
=C2=A0 Nsauditor--Product Key Explorer Nsauditor Product Key Explorer 4.2.2=
.0 contains a denial of service vulnerability that allows local attackers t=
o crash the application by inputting a specially crafted registration key. = Attackers can generate a payload of 1000 bytes of repeated characters and p= aste it into the 'Key' input field to trigger the application crash. 2026-0= 2-05 6.2 CVE-2020-37131 [ https://www.cve.org/CVERecord?id=3DCVE-2020-37131=
] ExploitDB-48284 [ https://www.exploit-db.com/exploits/48284 ]
Vendor Homepage [ http://www.nsauditor.com ]
VulnCheck Advisory: Product Key Explorer 4.2.2.0 - 'Key' Denial of Service =
[ https://www.vulncheck.com/advisories/product-key-explorer-key-denial-of-s= ervice ]
=C2=A0 UltraVNC Team--UltraVNC Launcher UltraVNC Launcher 1.2.4.0 contains =
a denial of service vulnerability in its password configuration properties = that allows local attackers to crash the application. Attackers can paste a=
n overly long 300-character string into the password field to trigger an ap= plication crash and prevent normal launcher functionality. 2026-02-05 6.2 C= VE-2020-37132 [ https://www.cve.org/CVERecord?id=3DCVE-2020-37132 ] Exploit= DB-48290 [ https://www.exploit-db.com/exploits/48290 ]
UltraVNC Official Homepage [ https://www.uvnc.com/ ]
VulnCheck Advisory: UltraVNC Launcher 1.2.4.0 - 'Password' Denial of Servic=
e [ https://www.vulncheck.com/advisories/ultravnc-launcher-password-denial-= of-service ]
=C2=A0 PHP Fusion--PHP Fusion PHP-Fusion 9.03.50 contains a remote code exe= cution vulnerability in the 'add_panel_form()' function that allows attacke=
rs to execute arbitrary code through an eval() function with unsanitized PO=
ST data. Attackers can exploit the vulnerability by sending crafted panel_c= ontent POST parameters to the panels.php administration endpoint to execute=
malicious code. 2026-02-05 6.1 CVE-2020-37137 [ https://www.cve.org/CVERec= ord?id=3DCVE-2020-37137 ] ExploitDB-48278 [ https://www.exploit-db.com/expl= oits/48278 ]
PHP Fusion Official Website [ https://www.php-fusion.co.uk ]
VulnCheck Advisory: PHP-Fusion 9.03.50 - 'panels.php' Eval Injection [ http= s://www.vulncheck.com/advisories/php-fusion-panelsphp-eval-injection ]
=C2=A0 Veridium--SprintWork SprintWork 2.3.1 contains multiple local privil= ege escalation vulnerabilities through insecure file, service, and folder p= ermissions on Windows systems. Local unprivileged users can exploit missing=
executable files and weak service configurations to create a new administr= ative user and gain complete system access. 2026-02-06 6.2 CVE-2020-37160 [=
https://www.cve.org/CVERecord?id=3DCVE-2020-37160 ] ExploitDB-48070 [ http= s://www.exploit-db.com/exploits/48070 ]
Vendor Homepage [ https://veridium.net ]
Product Information Page [ https://veridium.net/sprintwork/ ]
VulnCheck Advisory: SprintWork 2.3.1 - Local Privilege Escalation [ https:/= /www.vulncheck.com/advisories/sprintwork-local-privilege-escalation ]
=C2=A0 Celestial Software--AbsoluteTelnet AbsoluteTelnet 11.12 contains a d= enial of service vulnerability that allows local attackers to crash the app= lication by supplying an oversized license name. Attackers can generate a 2= 500-character payload and paste it into the license entry field to trigger =
an application crash. 2026-02-06 6.2 CVE-2020-37164 [ https://www.cve.org/C= VERecord?id=3DCVE-2020-37164 ] ExploitDB-48005 [ https://www.exploit-db.com= /exploits/48005 ]
Vendor Homepage [ https://www.celestialsoftware.net/ ]
VulnCheck Advisory: AbsoluteTelnet 11.12 - "license entry" Denial of Servic=
e [ https://www.vulncheck.com/advisories/absolutetelnet-license-entry-denia= l-of-service ]
=C2=A0 Celestial Software--AbsoluteTelnet AbsoluteTelnet 11.12 contains a d= enial of service vulnerability that allows local attackers to crash the app= lication by supplying an oversized license name. Attackers can generate a 2= 500-character payload and paste it into the license name field to trigger a=
n application crash. 2026-02-06 6.2 CVE-2020-37165 [ https://www.cve.org/CV= ERecord?id=3DCVE-2020-37165 ] ExploitDB-48006 [ https://www.exploit-db.com/= exploits/48006 ]
Vendor Homepage [ https://www.celestialsoftware.net/ ]
VulnCheck Advisory: AbsoluteTelnet 11.12 - "license name" Denial of Service=
[ https://www.vulncheck.com/advisories/absolutetelnet-license-name-denial-= of-service ]
=C2=A0 Celestial Software--AbsoluteTelnet AbsoluteTelnet 11.12 contains a d= enial of service vulnerability in the SSH2 username input field that allows=
local attackers to crash the application. Attackers can overwrite the user= name field with a 1000-byte buffer, causing the application to become unres= ponsive and terminate. 2026-02-06 6.2 CVE-2020-37166 [ https://www.cve.org/= CVERecord?id=3DCVE-2020-37166 ] ExploitDB-48010 [ https://www.exploit-db.co= m/exploits/48010 ]
Vendor Homepage [ https://www.celestialsoftware.net/ ]
VulnCheck Advisory: AbsoluteTelnet 11.12 - 'SSH2/username' Denial of Servic=
e [ https://www.vulncheck.com/advisories/absolutetelnet-sshusername-denial-= of-service ]
=C2=A0 Raimersoft--TapinRadio TapinRadio 2.12.3 contains a denial of servic=
e vulnerability in the application proxy address configuration that allows = local attackers to crash the application. Attackers can overwrite the addre=
ss field with 3000 bytes of arbitrary data to trigger an application crash = and prevent normal program functionality. 2026-02-06 6.2 CVE-2020-37170 [ h= ttps://www.cve.org/CVERecord?id=3DCVE-2020-37170 ] ExploitDB-48011 [ https:= //www.exploit-db.com/exploits/48011 ]
TapinRadio Product Webpage [ https://www.raimersoft.com/php/tapinradio.php ] VulnCheck Advisory: TapinRadio 2.12.3 - 'address' Denial of Service [ https= ://www.vulncheck.com/advisories/tapinradio-address-denial-of-service ]
=C2=A0 Raimersoft--TapinRadio TapinRadio 2.12.3 contains a denial of servic=
e vulnerability in the application proxy username configuration that allows=
local attackers to crash the application. Attackers can overwrite the user= name field with 10,000 bytes of arbitrary data to trigger an application cr= ash and prevent normal program functionality. 2026-02-06 6.2 CVE-2020-37171=
[ https://www.cve.org/CVERecord?id=3DCVE-2020-37171 ] ExploitDB-48013 [ ht= tps://www.exploit-db.com/exploits/48013 ]
TapinRadio Product Webpage [ https://www.raimersoft.com/php/tapinradio.php ] VulnCheck Advisory: TapinRadio 2.12.3 - 'username' Denial of Service [ http= s://www.vulncheck.com/advisories/tapinradio-username-denial-of-service ]
=C2=A0 Innomic--VibroLine VLX1 HD 5.0 An unauthenticated adjacent attacker = could potentially disrupt operations by switching between multiple configur= ation presets via Modbus (RS485). 2026-02-02 6.5 CVE-2022-50979 [ https://w= ww.cve.org/CVERecord?id=3DCVE-2022-50979 ] https://www.innomic.com/.well-kn= own/csaf/white/2026/ids-2026-0001.html https://www.innomic.com/.well-known/csaf/white/2026/ids-2026-0001.json
=C2=A0 Innomic--VibroLine VLX1 HD 5.0 A unauthenticated adjacent attacker c= ould potentially disrupt operations by switching between multiple configura= tion presets via CAN. 2026-02-02 6.5 CVE-2022-50980 [ https://www.cve.org/C= VERecord?id=3DCVE-2022-50980 ] https://www.innomic.com/.well-known/csaf/whi= te/2026/ids-2026-0001.html https://www.innomic.com/.well-known/csaf/white/2026/ids-2026-0001.json
=C2=A0 IBM--Concert IBM Concert 1.0.0 through 2.1.0 does not invalidate ses= sion after logout which could allow an authenticated user to impersonate an= other user on the system. 2026-02-04 6.3 CVE-2024-43181 [ https://www.cve.o= rg/CVERecord?id=3DCVE-2024-43181 ] https://www.ibm.com/support/pages/node/7= 257006
=C2=A0 IBM--Concert IBM Concert 1.0.0 through 2.1.0 is vulnerable to HTTP h= eader injection, caused by improper validation of input by the HOST headers=
. This could allow an attacker to conduct various attacks against the vulne= rable system, including cross-site scripting, cache poisoning or session hi= jacking. 2026-02-04 6.5 CVE-2024-51451 [ https://www.cve.org/CVERecord?id= =3DCVE-2024-51451 ] https://www.ibm.com/support/pages/node/7257006
=C2=A0 boldthemes--Bold Page Builder The Bold Page Builder plugin for WordP= ress is vulnerable to Stored Cross-Site Scripting via the plugin's bt_bb_ra= w_content shortcode in all versions up to, and including, 5.4.8 due to insu= fficient input sanitization and output escaping on user supplied attributes=
. This makes it possible for authenticated attackers, with contributor-leve=
l access and above, to inject arbitrary web scripts in pages that will exec= ute whenever a user accesses an injected page. 2026-02-07 6.4 CVE-2025-1215=
9 [ https://www.cve.org/CVERecord?id=3DCVE-2025-12159 ] https://www.wordfen= ce.com/threat-intel/vulnerabilities/id/f492dcb6-0aa7-476d-bb85-c81a136d02a6= ?source=3Dcve https://plugins.trac.wordpress.org/browser/bold-page-builder/tags/5.4.8/con= tent_elements/bt_bb_raw_content/bt_bb_raw_content.php#L25
=C2=A0 boldthemes--Bold Page Builder The Bold Page Builder plugin for WordP= ress is vulnerable to Stored Cross-Site Scripting via the plugin 'bt_bb_tab=
s' shortcode in all versions up to, and including, 5.5.1 due to insufficien=
t input sanitization and output escaping on user supplied attributes. This = makes it possible for authenticated attackers, with contributor-level acces=
s and above, to inject arbitrary web scripts in pages that will execute whe= never a user accesses an injected page. 2026-02-07 6.4 CVE-2025-12803 [ htt= ps://www.cve.org/CVERecord?id=3DCVE-2025-12803 ] https://www.wordfence.com/= threat-intel/vulnerabilities/id/64f30329-ecf2-4e30-bc23-9d447e239e08?source= =3Dcve https://plugins.trac.wordpress.org/browser/bold-page-builder/tags/5.4.8/con= tent_elements/bt_bb_tabs/bt_bb_tabs.php https://plugins.trac.wordpress.org/browser/bold-page-builder/tags/5.4.8/con= tent_elements/bt_bb_tabs/bt_bb_tabs.php#L65
=C2=A0 boldthemes--Bold Page Builder The Bold Page Builder plugin for WordP= ress is vulnerable to Stored Cross-Site Scripting via the Post Grid compone=
nt in all versions up to, and including, 5.5.3 due to insufficient input sa= nitization and output escaping. This makes it possible for authenticated at= tackers, with Author-level access and above, to inject arbitrary web script=
s in pages that will execute whenever a user accesses an injected page. 202= 6-02-07 6.4 CVE-2025-13463 [ https://www.cve.org/CVERecord?id=3DCVE-2025-13= 463 ] https://www.wordfence.com/threat-intel/vulnerabilities/id/865ff4bf-60= 8e-45f0-a160-35581b82cc2b?source=3Dcve https://plugins.trac.wordpress.org/browser/bold-page-builder/tags/5.5.3/con= tent_elements/bt_bb_css_post_grid/bt_bb_css_post_grid.php#L46 https://plugins.trac.wordpress.org/browser/bold-page-builder/tags/5.5.3/con= tent_elements/bt_bb_css_post_grid/bt_bb_css_post_grid.js#L8
=C2=A0 IBM--webMethods Integration (on prem) - Integration Server IBM webMe= thods Integration (on prem) - Integration Server 10.15 through IS_10.15_Cor= e_Fix2411.1 to IS_11.1_Core_Fix8 IBM webMethods Integration could disclose = sensitive user information in server responses. 2026-02-05 6.5 CVE-2025-141=
50 [ https://www.cve.org/CVERecord?id=3DCVE-2025-14150 ] https://www.ibm.co= m/support/pages/node/7259518
=C2=A0 Docker Inc.--Docker Desktop Docker Desktop for Windows contains mult= iple incorrect permission assignment vulnerabilities in the installer's han= dling of the C:\ProgramData\DockerDesktop directory. The installer creates = this directory without proper ownership verification, creating two exploita= tion scenarios: Scenario 1 (Persistent Attack): If a low-privileged attacke=
r pre-creates C:\ProgramData\DockerDesktop before Docker Desktop installati= on, the attacker retains ownership of the directory even after the installe=
r applies restrictive ACLs. At any time after installation completes, the a= ttacker can modify the directory ACL (as the owner) and tamper with critica=
l configuration files such as install-settings.json to specify a malicious = credentialHelper, causing arbitrary code execution when any user runs Docke=
r Desktop. Scenario 2 (TOCTOU Attack): During installation, there is a time= -of-check-time-of-use (TOCTOU) race condition between when the installer cr= eates C:\ProgramData\DockerDesktop and when it sets secure ACLs. A low-priv= ileged attacker actively monitoring for the installation can inject malicio=
us files (such as install-settings.json) with attacker-controlled ACLs duri=
ng this window, achieving the same code execution outcome. 2026-02-04 6.7 C= VE-2025-14740 [ https://www.cve.org/CVERecord?id=3DCVE-2025-14740 ] https:/= /docs.docker.com/security/ https://www.zerodayinitiative.com/advisories/ZDI-CAN-28542/ https://www.zerodayinitiative.com/advisories/ZDI-CAN-28190/
=C2=A0 lwsdevelopers--MyRewards Loyalty Points and Rewards for WooCommerce = Reward orders, referrals, product reviews and more The MyRewards - Loyalty = Points and Rewards for WooCommerce plugin for WordPress is vulnerable to mi= ssing authorization in all versions up to, and including, 5.6.0. This is du=
e to the plugin not properly verifying that a user is authorized to perform=
an action in the 'ajax' function. This makes it possible for authenticated=
attackers, with subscriber level access and above, to modify, add, or dele=
te loyalty program earning rules, including manipulating point multipliers =
to arbitrary values. 2026-02-04 6.5 CVE-2025-15260 [ https://www.cve.org/CV= ERecord?id=3DCVE-2025-15260 ] https://www.wordfence.com/threat-intel/vulner= abilities/id/2591f473-44ff-4319-8b17-b0f793a29d66?source=3Dcve https://plugins.trac.wordpress.org/browser/woorewards/tags/5.6.0/assets/lws= -adminpanel/include/internal/editlistcontroler.php#L76
=C2=A0 boldthemes--Bold Page Builder The Bold Page Builder plugin for WordP= ress is vulnerable to Stored Cross-Site Scripting via the plugin's bt_bb_ac= cordion_item shortcode in all versions up to, and including, 5.5.7 due to i= nsufficient input sanitization and output escaping on user supplied attribu= tes. This makes it possible for authenticated attackers, with contributor-l= evel access and above, to inject arbitrary web scripts in pages that will e= xecute whenever a user accesses an injected page. 2026-02-07 6.4 CVE-2025-1= 5267 [ https://www.cve.org/CVERecord?id=3DCVE-2025-15267 ] https://www.word= fence.com/threat-intel/vulnerabilities/id/38a3b3bf-9538-4ae8-9da4-d4b488057= 63b?source=3Dcve https://plugins.trac.wordpress.org/browser/bold-page-builder/tags/5.5.7/con= tent_elements/bt_bb_accordion_item/bt_bb_accordion_item.php?marks=3D28#L28 =C2=A0 Tanium--Tanium Appliance Tanium addressed an improper output sanitiz= ation vulnerability in Tanium Appliance. 2026-02-05 6.6 CVE-2025-15312 [ ht= tps://www.cve.org/CVERecord?id=3DCVE-2025-15312 ] TAN-2025-003 [ https://se= curity.tanium.com/TAN-2025-003 ]
=C2=A0 Tanium--Engage Tanium addressed a documentation issue in Engage. 202= 6-02-05 6.6 CVE-2025-15324 [ https://www.cve.org/CVERecord?id=3DCVE-2025-15= 324 ] TAN-2025-004 [ https://security.tanium.com/TAN-2025-004 ]
=C2=A0 Tanium--Discover Tanium addressed an improper input validation vulne= rability in Discover. 2026-02-05 6.3 CVE-2025-15325 [ https://www.cve.org/C= VERecord?id=3DCVE-2025-15325 ] TAN-2025-005 [ https://security.tanium.com/T= AN-2025-005 ]
=C2=A0 Tanium--Performance Tanium addressed an incorrect default permission=
s vulnerability in Performance. 2026-02-05 6.5 CVE-2025-15336 [ https://www= .cve.org/CVERecord?id=3DCVE-2025-15336 ] TAN-2025-029 [ https://security.ta= nium.com/TAN-2025-029 ]
=C2=A0 Tanium--Patch Tanium addressed an incorrect default permissions vuln= erability in Patch. 2026-02-05 6.5 CVE-2025-15337 [ https://www.cve.org/CVE= Record?id=3DCVE-2025-15337 ] TAN-2025-029 [ https://security.tanium.com/TAN= -2025-029 ]
=C2=A0 Tanium--Partner Integration Tanium addressed an incorrect default pe= rmissions vulnerability in Partner Integration. 2026-02-05 6.5 CVE-2025-153=
38 [ https://www.cve.org/CVERecord?id=3DCVE-2025-15338 ] TAN-2025-029 [ htt= ps://security.tanium.com/TAN-2025-029 ]
=C2=A0 Tanium--Discover Tanium addressed an incorrect default permissions v= ulnerability in Discover. 2026-02-05 6.5 CVE-2025-15339 [ https://www.cve.o= rg/CVERecord?id=3DCVE-2025-15339 ] TAN-2025-029 [ https://security.tanium.c= om/TAN-2025-029 ]
=C2=A0 Tanium--Comply Tanium addressed an incorrect default permissions vul= nerability in Comply. 2026-02-05 6.5 CVE-2025-15340 [ https://www.cve.org/C= VERecord?id=3DCVE-2025-15340 ] TAN-2025-029 [ https://security.tanium.com/T= AN-2025-029 ]
=C2=A0 Tanium--Benchmark Tanium addressed an incorrect default permissions = vulnerability in Benchmark. 2026-02-05 6.5 CVE-2025-15341 [ https://www.cve= .org/CVERecord?id=3DCVE-2025-15341 ] TAN-2025-029 [ https://security.tanium= .com/TAN-2025-029 ]
=C2=A0 Tanium--Enforce Tanium addressed an incorrect default permissions vu= lnerability in Enforce. 2026-02-05 6.5 CVE-2025-15343 [ https://www.cve.org= /CVERecord?id=3DCVE-2025-15343 ] TAN-2025-032 [ https://security.tanium.com= /TAN-2025-032 ]
=C2=A0 simonfairbairn--The Bucketlister The Bucketlister plugin for WordPre=
ss is vulnerable to SQL Injection via the plugin's shortcode `category` and=
`id` attributes in all versions up to, and including, 0.1.5 due to insuffi= cient escaping on the user supplied parameters and lack of sufficient prepa= ration on the existing SQL query. This makes it possible for authenticated = attackers, with Contributor-level access and above, to append additional SQ=
L queries into already existing queries that can be used to extract sensiti=
ve information from the database. 2026-02-07 6.5 CVE-2025-15477 [ https://w= ww.cve.org/CVERecord?id=3DCVE-2025-15477 ] https://www.wordfence.com/threat= -intel/vulnerabilities/id/fba36ebc-a396-4eb8-8cb6-afc50b9c974e?source=3Dcve https://plugins.trac.wordpress.org/browser/the-bucketlister/tags/0.1.5/buck= etlister.php#L19
=C2=A0 HCLSoftware--HCL DevOps Velocity Rate limiting for certain API calls=
is not being enforced, making HCL Velocity vulnerable to Denial of Service=
(DoS) attacks. An attacker could flood the system with a large number of r= equests, overwhelming its resources and causing it to become unresponsive t=
o legitimate users. This vulnerability is fixed in 5.1.7. 2026-02-07 6.8 CV= E-2025-31990 [ https://www.cve.org/CVERecord?id=3DCVE-2025-31990 ] https://= support.hcl-software.com/csm?id=3Dkb_article&sysparm_article=3DKB0128585
=C2=A0 IBM--PowerVM Hypervisor IBM PowerVM Hypervisor FW1110.00 through FW1= 110.03, FW1060.00 through FW1060.51, and FW950.00 through FW950.F0 could al= low a local user with administration privileges to obtain sensitive informa= tion from a Virtual TPM through a series of PowerVM service procedures. 202= 6-02-02 6 CVE-2025-36238 [ https://www.cve.org/CVERecord?id=3DCVE-2025-3623=
8 ] https://www.ibm.com/support/pages/node/7257556
=C2=A0 IBM--Cloud Pak for Business Automation IBM Cloud Pak for Business Au= tomation 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Inter=
im Fix 005, and 24.0.0 through 24.0.0 Interim Fix 007=C2=A0 is vulnerable t=
o stored cross-site scripting. This vulnerability allows an authenticated u= ser to embed arbitrary JavaScript code in the Web UI thus altering the inte= nded functionality potentially leading to credentials disclosure within a t= rusted session. 2026-02-02 6.4 CVE-2025-36436 [ https://www.cve.org/CVEReco= rd?id=3DCVE-2025-36436 ] https://www.ibm.com/support/pages/node/7259318
=C2=A0 Qualcomm, Inc.--Snapdragon Memory corruption when calculating oversi= zed partition sizes without proper checks. 2026-02-02 6.8 CVE-2025-47363 [ = https://www.cve.org/CVERecord?id=3DCVE-2025-47363 ] https://docs.qualcomm.c= om/product/publicresources/securitybulletin/february-2026-bulletin.html
=C2=A0 Qualcomm, Inc.--Snapdragon Memory corruption while calculating offse=
t from partition start point. 2026-02-02 6.8 CVE-2025-47364 [ https://www.c= ve.org/CVERecord?id=3DCVE-2025-47364 ] https://docs.qualcomm.com/product/pu= blicresources/securitybulletin/february-2026-bulletin.html
=C2=A0 Qualcomm, Inc.--Snapdragon Transient DOS when processing a received = frame with an excessively large authentication information element. 2026-02= -02 6.5 CVE-2025-47402 [ https://www.cve.org/CVERecord?id=3DCVE-2025-47402 =
] https://docs.qualcomm.com/product/publicresources/securitybulletin/februa= ry-2026-bulletin.html
=C2=A0 N/A--Moodle[.]org A flaw was found in moodle. This formula injection=
vulnerability occurs when data fields are exported without proper escaping=
. A remote attacker could exploit this by providing malicious data that, wh=
en exported and opened in a spreadsheet, allows arbitrary formulas to execu= te. This can lead to compromised data integrity and unintended operations w= ithin the spreadsheet. 2026-02-03 6.1 CVE-2025-67851 [ https://www.cve.org/= CVERecord?id=3DCVE-2025-67851 ] https://access.redhat.com/security/cve/CVE-= 2025-67851
RHBZ#2423841 [ https://bugzilla.redhat.com/show_bug.cgi?id=3D2423841 ] https://moodle.org/mod/forum/discuss.php?d=3D471301
=C2=A0 nanomq--nanomq NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Mes= saging Platform. In version 0.24.6, NanoMQ has a protocol parsing / forward= ing inconsistency when handling shared subscriptions ($share/). A malformed=
SUBSCRIBE topic such as $share/ab (missing the second /) is not strictly v= alidated during the subscription stage, so the invalid Topic Filter is stor=
ed into the subscription table. Later, when any PUBLISH matches this subscr= iption, the broker send path (nmq_pipe_send_start_v4/v5) performs a second = $share/ parsing using strchr() and increments the returned pointer without = NULL checks. If the second strchr() returns NULL, sub_topic++ turns the poi= nter into an invalid address (e.g. 0x1). This invalid pointer is then passe=
d into topic_filtern(), which triggers strlen() and crashes with SIGSEGV. T=
he crash is stable and remotely triggerable. This issue has been patched in=
version 0.24.7. 2026-02-04 6.5 CVE-2025-68699 [ https://www.cve.org/CVERec= ord?id=3DCVE-2025-68699 ] https://github.com/nanomq/nanomq/security/advisor= ies/GHSA-qv5f-c6v2-2f8h https://github.com/nanomq/nanomq/commit/89d68d678e7f841ae7baa45cba8d9bc7ddc= 9ef4b
=C2=A0 Microsoft--Microsoft Edge (Chromium-based) User interface (ui) misre= presentation of critical information in Microsoft Edge for Android allows a=
n unauthorized attacker to perform spoofing over a network. 2026-02-05 6.5 = CVE-2026-0391 [ https://www.cve.org/CVERecord?id=3DCVE-2026-0391 ] Microsof=
t Edge (Chromium-based) for Android Spoofing Vulnerability [ https://msrc.m= icrosoft.com/update-guide/vulnerability/CVE-2026-0391 ]
=C2=A0 premmerce--Premmerce The Premmerce plugin for WordPress is vulnerabl=
e to Stored Cross-Site Scripting via the 'premmerce_wizard_actions' AJAX en= dpoint in all versions up to, and including, 1.3.20. This is due to missing=
capability checks and insufficient input sanitization and output escaping =
on the `state` parameter. This makes it possible for authenticated attacker=
s, with subscriber level access and above, to inject arbitrary web scripts =
in pages that will execute whenever a user accesses an injected page (the P= remmerce Wizard admin page). 2026-02-07 6.4 CVE-2026-0555 [ https://www.cve= .org/CVERecord?id=3DCVE-2026-0555 ] https://www.wordfence.com/threat-intel/= vulnerabilities/id/90b2a644-19a0-43a1-8ff6-7486d7ef29b3?source=3Dcve https://plugins.trac.wordpress.org/browser/premmerce/tags/1.3.20/src/Admin/= Admin.php?marks=3D41#L41 https://plugins.trac.wordpress.org/browser/premmerce/tags/1.3.20/src/Admin/= Handlers/WizardHandler.php?marks=3D42,50,52#L42 https://plugins.trac.wordpress.org/browser/premmerce/tags/1.3.20/src/Api/Wi= zardApi.php?marks=3D38#L38 https://plugins.trac.wordpress.org/browser/premmerce/tags/1.3.20/views/admi= n/tabs/wizard.php?marks=3D30#L30
=C2=A0 webpurify--WebPurify Profanity Filter The WebPurify Profanity Filter=
plugin for WordPress is vulnerable to unauthorized modification of data du=
e to a missing capability check on the 'webpurify_save_options' function in=
all versions up to, and including, 4.0.2. This makes it possible for unaut= henticated attackers to change plugin settings. 2026-02-04 6.5 CVE-2026-057=
2 [ https://www.cve.org/CVERecord?id=3DCVE-2026-0572 ] https://www.wordfenc= e.com/threat-intel/vulnerabilities/id/9283f6ea-8bc4-4fdd-a0b9-05de127f34e4?= source=3Dcve https://plugins.trac.wordpress.org/browser/webpurifytextreplace/trunk/webpu= rifytextreplace-options.php?rev=3D2343695#L92
=C2=A0 zealopensource--Smart Appointment & Booking The Smart Appointment & = Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting v=
ia the saab_save_form_data AJAX action in all versions up to, and including=
, 1.0.7 due to insufficient input sanitization and output escaping on user = supplied attributes. This makes it possible for authenticated attackers, wi=
th Subscriber-level access and above, to inject arbitrary web scripts in pa= ges that will execute whenever a user accesses an injected page. 2026-02-04=
6.4 CVE-2026-0742 [ https://www.cve.org/CVERecord?id=3DCVE-2026-0742 ] htt= ps://www.wordfence.com/threat-intel/vulnerabilities/id/bf332c0d-5481-412d-b= 44a-b3de346d7b60?source=3Dcve https://plugins.trac.wordpress.org/browser/smart-appointment-booking/trunk/= inc/admin/class.saab.admin.action.php#L1203 https://plugins.trac.wordpress.org/browser/smart-appointment-booking/tags/1= .0.7/inc/admin/class.saab.admin.action.php#L1203 https://plugins.trac.wordpress.org/browser/smart-appointment-booking/trunk/= inc/front/class.saab.front.action.php#L2189 https://plugins.trac.wordpress.org/browser/smart-appointment-booking/tags/1= .0.7/inc/front/class.saab.front.action.php#L2189 https://plugins.trac.wordpress.org/changeset?sfp_email=3D&sfph_mail=3D&repo= name=3D&old=3D3450387%40smart-appointment-booking&new=3D3450387%40smart-app= ointment-booking&sfp_email=3D&sfph_mail=3D
=C2=A0 catchthemes--Essential Widgets The Essential Widgets plugin for Word= Press is vulnerable to Stored Cross-Site Scripting via the plugin's ew-auth= or, ew-archive, ew-category, ew-page, and ew-menu shortcodes in all version=
s up to, and including, 3.0 due to insufficient input sanitization and outp=
ut escaping on user supplied attributes. This makes it possible for authent= icated attackers, with contributor-level access and above, to inject arbitr= ary web scripts in pages that will execute whenever a user accesses an inje= cted page. NOTE: This vulnerability was partially fixed in version 3.0. 202= 6-02-05 6.4 CVE-2026-0867 [ https://www.cve.org/CVERecord?id=3DCVE-2026-086=
7 ] https://www.wordfence.com/threat-intel/vulnerabilities/id/08d4ed49-1338= -422f-b55f-a102f2d1d6c8?source=3Dcve https://plugins.trac.wordpress.org/changeset/3440541/essential-widgets https://plugins.trac.wordpress.org/changeset/3447282/essential-widgets
=C2=A0 thehappymonster--Happy Addons for Elementor The Happy Addons for Ele= mentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi=
a the '_elementor_data' meta field in all versions up to, and including, 3.= 20.7 due to insufficient input sanitization and output escaping. This makes=
it possible for authenticated attackers, with Contributor-level access and=
above, to inject arbitrary web scripts in pages that will execute whenever=
a user accesses an injected page. 2026-02-03 6.4 CVE-2026-1210 [ https://w= ww.cve.org/CVERecord?id=3DCVE-2026-1210 ] https://www.wordfence.com/threat-= intel/vulnerabilities/id/df4b554a-0336-404c-b06c-2bc98c99997d?source=3Dcve https://plugins.trac.wordpress.org/browser/happy-elementor-addons/trunk/wid= gets/svg-draw/widget.php#L732 https://plugins.trac.wordpress.org/browser/happy-elementor-addons/tags/3.20= .4/widgets/svg-draw/widget.php#L732 https://plugins.trac.wordpress.org/browser/happy-elementor-addons/trunk/wid= gets/age-gate/widget.php#L2055 https://plugins.trac.wordpress.org/browser/happy-elementor-addons/tags/3.20= .4/widgets/age-gate/widget.php#L2055 https://plugins.trac.wordpress.org/browser/happy-elementor-addons/trunk/wid= gets/age-gate/widget.php#L2120 https://plugins.trac.wordpress.org/browser/happy-elementor-addons/tags/3.20= .4/widgets/age-gate/widget.php#L2120 https://plugins.trac.wordpress.org/changeset/3451894/happy-elementor-addons= /trunk/widgets/svg-draw/widget.php?old=3D3312461&old_path=3Dhappy-elementor= -addons%2Ftrunk%2Fwidgets%2Fsvg-draw%2Fwidget.php
=C2=A0 jackdewey--Events Listing Widget The Events Listing Widget plugin fo=
r WordPress is vulnerable to Stored Cross-Site Scripting via the 'Event URL=
' parameter in all versions up to, and including, 1.3.4 due to insufficient=
input sanitization and output escaping. This makes it possible for authent= icated attackers, with Author-level access and above, to inject arbitrary w=
eb scripts in pages that will execute whenever a user accesses an injected = page. 2026-02-06 6.4 CVE-2026-1252 [ https://www.cve.org/CVERecord?id=3DCVE= -2026-1252 ] https://www.wordfence.com/threat-intel/vulnerabilities/id/7f3b= 13a5-0711-4ad3-b11c-f8556e1ca9f9?source=3Dcve https://plugins.trac.wordpress.org/browser/events-listing-widget/trunk/even= ts-listing-widget.php#L266 https://plugins.trac.wordpress.org/browser/events-listing-widget/tags/1.3.4= /events-listing-widget.php#L266 https://plugins.trac.wordpress.org/changeset?sfp_email=3D&sfph_mail=3D&repo= name=3D&old=3D3451446%40events-listing-widget&new=3D3451446%40events-listin= g-widget&sfp_email=3D&sfph_mail=3D
=C2=A0 brechtvds--Dynamic Widget Content The Dynamic Widget Content plugin = for WordPress is vulnerable to Stored Cross-Site Scripting via the widget c= ontent field in the Gutenberg editor sidebar in all versions up to, and inc= luding, 1.3.6 due to insufficient input sanitization and output escaping on=
user-supplied attributes. This makes it possible for authenticated attacke= rs, with Contributor-level access and above, to inject arbitrary web script=
s in pages that will execute whenever a user accesses an injected page. 202= 6-02-05 6.4 CVE-2026-1268 [ https://www.cve.org/CVERecord?id=3DCVE-2026-126=
8 ] https://www.wordfence.com/threat-intel/vulnerabilities/id/5324ca6d-37cb= -41e4-8355-80ca113f855e?source=3Dcve https://plugins.trac.wordpress.org/browser/dynamic-widget-content/tags/1.3.= 6/helpers/blocks.php#L64 https://plugins.trac.wordpress.org/browser/dynamic-widget-content/tags/1.3.= 6/helpers/blocks.php#L70 https://plugins.trac.wordpress.org/changeset?sfp_email=3D&sfph_mail=3D&repo= name=3D&old=3D3444655%40dynamic-widget-content&new=3D3444655%40dynamic-widg= et-content&sfp_email=3D&sfph_mail=3D
=C2=A0 cyberlord92--Employee Directory Staff Directory and Listing The Empl= oyee Directory plugin for WordPress is vulnerable to Stored Cross-Site Scri= pting via the 'form_title' parameter in the `search_employee_directory` sho= rtcode in all versions up to, and including, 1.2.1 due to insufficient inpu=
t sanitization and output escaping. This makes it possible for authenticate=
d attackers, with Contributor-level access and above, to inject arbitrary w=
eb scripts in pages that will execute whenever a user accesses an injected = page. 2026-02-06 6.4 CVE-2026-1279 [ https://www.cve.org/CVERecord?id=3DCVE= -2026-1279 ] https://www.wordfence.com/threat-intel/vulnerabilities/id/f0d3= b54c-6244-4776-be3c-afe3a28a2b8a?source=3Dcve https://plugins.trac.wordpress.org/browser/employee-staff-directory/trunk/h= andler/mo-empdir-search_handler.php#L29 https://wordpress.org/plugins/employee-staff-directory https://plugins.trac.wordpress.org/browser/employee-staff-directory/tags/1.= 2.1/handler/mo-empdir-search_handler.php#L29 https://plugins.trac.wordpress.org/changeset?sfp_email=3D&sfph_mail=3D&repo= name=3D&old=3D3448620%40employee-staff-directory&new=3D3448620%40employee-s= taff-directory
=C2=A0 yoast--Yoast SEO Advanced SEO with real-time guidance and built-in A=
I The Yoast SEO - Advanced SEO with real-time guidance and built-in AI plug=
in for WordPress is vulnerable to Stored Cross-Site Scripting via the the `= yoast-schema` block attribute in all versions up to, and including, 26.8 du=
e to insufficient input sanitization and output escaping. This makes it pos= sible for authenticated attackers, with Contributor-level access and above,=
to inject arbitrary web scripts in pages that will execute whenever a user=
accesses an injected page. 2026-02-06 6.4 CVE-2026-1293 [ https://www.cve.= org/CVERecord?id=3DCVE-2026-1293 ] https://www.wordfence.com/threat-intel/v= ulnerabilities/id/8b2e7c2d-ed2f-439b-9cee-f2e5d46121b6?source=3Dcve https://plugins.trac.wordpress.org/browser/wordpress-seo/tags/26.8/src/pres= enters/schema-presenter.php#L49 https://plugins.trac.wordpress.org/browser/wordpress-seo/tags/26.8/inc/clas= s-wpseo-utils.php#L915 https://plugins.trac.wordpress.org/browser/wordpress-seo/tags/26.8/src/gene= rators/schema-generator.php#L188
=C2=A0 themeisle--Robin Image Optimizer Unlimited Image Optimization & WebP=
Converter The Robin Image Optimizer - Unlimited Image Optimization & WebP = Converter plugin for WordPress is vulnerable to Stored Cross-Site Scripting=
via the 'Alternative Text' field of a Media Library image in all versions =
up to, and including, 2.0.2 due to insufficient input sanitization and outp=
ut escaping. This makes it possible for authenticated attackers, with Autho= r-level access and above, to inject arbitrary web scripts in pages that wil=
l execute whenever a user accesses an injected page. 2026-02-05 6.4 CVE-202= 6-1319 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1319 ] https://www.wor= dfence.com/threat-intel/vulnerabilities/id/288cd86b-8d13-46bf-99ef-76698cd6= 2a41?source=3Dcve https://plugins.trac.wordpress.org/changeset/3445467/robin-image-optimizer/= tags/2.0.3/libs/addons/includes/classes/webp/vendor/rosell-dk/dom-util-for-= webp/src/PictureTags.php
=C2=A0 jackdewey--Tune Library The Tune Library plugin for WordPress is vul= nerable to Stored Cross-Site Scripting via CSV import in all versions up to=
, and including, 1.6.3. This is due to insufficient input sanitization and = output escaping on user supplied attributes. This makes it possible for aut= henticated attackers, with Subscriber-level access and above, to inject arb= itrary web scripts in pages that will execute whenever a user accesses the = injected page. The vulnerability exists because the CSV import functionalit=
y lacks authorization checks and doesn't sanitize imported data, which is l= ater rendered without escaping through the [tune-library] shortcode. 2026-0= 2-06 6.4 CVE-2026-1401 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1401 ]=
https://www.wordfence.com/threat-intel/vulnerabilities/id/cd600810-b1bc-40= 25-b441-5c90da7240de?source=3Dcve https://plugins.trac.wordpress.org/browser/tune-library/tags/1.6.3/tune-lib= rary.php#L219 https://plugins.trac.wordpress.org/browser/tune-library/tags/1.6.3/tune-lib= rary.php#L235 https://plugins.trac.wordpress.org/browser/tune-library/tags/1.6.3/writeNod= es.php#L113 https://plugins.trac.wordpress.org/changeset?sfp_email=3D&sfph_mail=3D&repo= name=3D&old=3D3451457%40tune-library&new=3D3451457%40tune-library&sfp_email= =3D&sfph_mail=3D
=C2=A0 dannycarlton--Simple Bible Verse via Shortcode The Simple Bible Vers=
e via Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scr= ipting via the plugin's `verse` shortcode in all versions up to, and includ= ing, 1.1 due to insufficient input sanitization and output escaping on user=
supplied attributes. This makes it possible for authenticated attackers, w= ith contributor-level access and above, to inject arbitrary web scripts in = pages that will execute whenever a user accesses an injected page. 2026-02-=
07 6.4 CVE-2026-1570 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1570 ] h= ttps://www.wordfence.com/threat-intel/vulnerabilities/id/098b979f-337d-4fbd= -bfcc-0e8a281e6982?source=3Dcve https://plugins.trac.wordpress.org/browser/simple-bible-verse-via-shortcode= /trunk/index.php#L40
=C2=A0 omi-mexico--OMIGO The OMIGO plugin for WordPress is vulnerable to St= ored Cross-Site Scripting via the plugin's `omigo_donate_button` shortcode =
in all versions up to, and including, 3.3 due to insufficient input sanitiz= ation and output escaping on user supplied attributes. This makes it possib=
le for authenticated attackers, with contributor-level access and above, to=
inject arbitrary web scripts in pages that will execute whenever a user ac= cesses an injected page. 2026-02-07 6.4 CVE-2026-1573 [ https://www.cve.org= /CVERecord?id=3DCVE-2026-1573 ] https://www.wordfence.com/threat-intel/vuln= erabilities/id/f2cf46e6-a732-45c4-ad18-607009d7a586?source=3Dcve https://plugins.trac.wordpress.org/browser/omigo/trunk/omigo.php?rev=3D2778= 497#L386
=C2=A0 Foxit Software Inc.--pdfonline.foxit.com Foxit PDF Editor Cloud (pdf= online) contains a stored cross-site scripting vulnerability in the file up= load feature. A malicious username is embedded into the upload file list wi= thout proper escaping, allowing arbitrary JavaScript execution when the lis=
t is displayed. This issue affects pdfonline.foxit.com: before 2026=E2=80= =9102=E2=80=9103. 2026-02-03 6.3 CVE-2026-1591 [ https://www.cve.org/CVERec= ord?id=3DCVE-2026-1591 ] https://www.foxit.com/support/security-bulletins.h= tml
=C2=A0 Foxit Software Inc.--pdfonline.foxit.com Foxit PDF Editor Cloud (pdf= online) contains a stored cross-site scripting vulnerability in the Create = New Layer feature. Unsanitized user input is embedded into the HTML output,=
allowing arbitrary JavaScript execution when the layer is referenced. This=
issue affects pdfonline.foxit.com: before 2026=E2=80=9102=E2=80=9103. 2026= -02-03 6.3 CVE-2026-1592 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1592=
] https://www.foxit.com/support/security-bulletins.html
=C2=A0 tigor4eg--Video Onclick The Video Onclick plugin for WordPress is vu= lnerable to Stored Cross-Site Scripting via the plugin's `youtube` shortcod=
e in all versions up to, and including, 0.4.7 due to insufficient input san= itization and output escaping on user supplied attributes. This makes it po= ssible for authenticated attackers, with contributor-level access and above=
, to inject arbitrary web scripts in pages that will execute whenever a use=
r accesses an injected page. 2026-02-07 6.4 CVE-2026-1608 [ https://www.cve= .org/CVERecord?id=3DCVE-2026-1608 ] https://www.wordfence.com/threat-intel/= vulnerabilities/id/73ddf729-da69-4d0b-866f-34a92ec72800?source=3Dcve https://plugins.trac.wordpress.org/browser/video-onclick/tags/0.4.7/video-o= nclick.php#L109
=C2=A0 jmrukkers--Wikiloops Track Player The Wikiloops Track Player plugin = for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's=
`wikiloops` shortcode in all versions up to, and including, 1.0.1 due to i= nsufficient input sanitization and output escaping on user supplied attribu= tes. This makes it possible for authenticated attackers, with contributor-l= evel access and above, to inject arbitrary web scripts in pages that will e= xecute whenever a user accesses an injected page. 2026-02-07 6.4 CVE-2026-1= 611 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1611 ] https://www.wordfe= nce.com/threat-intel/vulnerabilities/id/cb472bdb-de35-45e4-bcea-04f27d42581= 7?source=3Dcve https://plugins.trac.wordpress.org/browser/wikiloops-track-player/tags/1.0.= 1/Wikiloops-Track-Player.php#L19
=C2=A0 mrlister1--Wonka Slide The Wonka Slide plugin for WordPress is vulne= rable to Stored Cross-Site Scripting via the plugin's `list_class` shortcod=
e in all versions up to, and including, 1.3.3 due to insufficient input san= itization and output escaping on user supplied attributes. This makes it po= ssible for authenticated attackers, with contributor-level access and above=
, to inject arbitrary web scripts in pages that will execute whenever a use=
r accesses an injected page. 2026-02-07 6.4 CVE-2026-1613 [ https://www.cve= .org/CVERecord?id=3DCVE-2026-1613 ] https://www.wordfence.com/threat-intel/= vulnerabilities/id/f15f0211-724d-45b5-bf2f-7482f77c474d?source=3Dcve https://plugins.trac.wordpress.org/browser/wonka-slide/trunk/admin/class-wo= nka-slide-build.php#L65
=C2=A0 alexdtn--Subitem AL Slider The Subitem AL Slider plugin for WordPres=
s is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SE= LF']` parameter in all versions up to, and including, 1.0.0 due to insuffic= ient input sanitization and output escaping. This makes it possible for una= uthenticated attackers to inject arbitrary web scripts in pages that execut=
e if they can successfully trick a user into performing an action such as c= licking on a link. 2026-02-07 6.1 CVE-2026-1634 [ https://www.cve.org/CVERe= cord?id=3DCVE-2026-1634 ] https://www.wordfence.com/threat-intel/vulnerabil= ities/id/4bfeff72-27de-46a9-b947-f60255b5d062?source=3Dcve https://wordpress.org/plugins/subitem-al-slider/ https://plugins.trac.wordpress.org/browser/subitem-al-slider/trunk/template= s/tab1_block1.tpl#L11 https://plugins.trac.wordpress.org/browser/subitem-al-slider/tags/1.0.0/tem= plates/tab1_block1.tpl#L11
=C2=A0 ariagle--MP-Ukagaka The MP-Ukagaka plugin for WordPress is vulnerabl=
e to Reflected Cross-Site Scripting in all versions up to, and including, 1= .5.2 due to insufficient input sanitization and output escaping. This makes=
it possible for unauthenticated attackers to inject arbitrary web scripts =
in pages that execute if they can successfully trick a user into performing=
an action such as clicking on a link. 2026-02-07 6.1 CVE-2026-1643 [ https= ://www.cve.org/CVERecord?id=3DCVE-2026-1643 ] https://www.wordfence.com/thr= eat-intel/vulnerabilities/id/14c3b53c-ba98-4e93-ba65-6da11816d7a6?source=3D= cve
https://wordpress.org/plugins/mp-ukagaka/ https://plugins.trac.wordpress.org/browser/mp-ukagaka/trunk/options.php#L160 https://plugins.trac.wordpress.org/browser/mp-ukagaka/tags/1.5.2/options.ph= p#L160
=C2=A0 pkthree--Peters Date Countdown The Peter's Date Countdown plugin for=
WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVE= R['PHP_SELF']` parameter in all versions up to, and including, 2.0.0 due to=
insufficient input sanitization and output escaping. This makes it possibl=
e for unauthenticated attackers to inject arbitrary web scripts in pages th=
at execute if they can successfully trick a user into performing an action = such as clicking on a link. 2026-02-05 6.1 CVE-2026-1654 [ https://www.cve.= org/CVERecord?id=3DCVE-2026-1654 ] https://www.wordfence.com/threat-intel/v= ulnerabilities/id/f8f8e436-2679-4ecb-831e-2b22dd99be32?source=3Dcve https://plugins.trac.wordpress.org/browser/peters-date-countdown/tags/2.0.0= /datecountdown.php#L246
https://plugins.trac.wordpress.org/changeset/3450122/
=C2=A0 EFM--ipTIME A8004T A vulnerability was determined in EFM ipTIME A800=
4T 14.18.2. Affected is the function httpcon_check_session_url of the file = /sess-bin/d.cgi of the component Debug Interface. This manipulation of the = argument cmd causes backdoor. It is possible to initiate the attack remotel=
y. The complexity of an attack is rather high. The exploitability is told t=
o be difficult. The exploit has been publicly disclosed and may be utilized=
. The vendor was contacted early about this disclosure but did not respond =
in any way. 2026-02-02 6.6 CVE-2026-1741 [ https://www.cve.org/CVERecord?id= =3DCVE-2026-1741 ] VDB-343640 | EFM ipTIME A8004T Debug d.cgi httpcon_check= _session_url backdoor [ https://vuldb.com/?id.343640 ]
VDB-343640 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .343640 ]
Submit #741423 | EFM IPTIME A8004T 14.18.2 Command Injection [ https://vuld= b.com/?submit.741423 ]
https://github.com/LX-LX88/cve/issues/28
=C2=A0 n/a--JeecgBoot A vulnerability was identified in JeecgBoot 3.9.0. Th=
is vulnerability affects unknown code of the file /JeecgBoot/sys/api/loadDi= ctItemByKeyword of the component Online Report API. Such manipulation of th=
e argument keyword leads to sql injection. The attack can be executed remot= ely. The exploit is publicly available and might be used. The vendor was co= ntacted early about this disclosure but did not respond in any way. 2026-02= -02 6.3 CVE-2026-1746 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1746 ] = VDB-343677 | JeecgBoot Online Report API loadDictItemByKeyword sql injectio=
n [ https://vuldb.com/?id.343677 ]
VDB-343677 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .343677 ]
Submit #741647 | Beijing Guoju Information Technology Co., Ltd JeecgBoot 3.= 9.0 SQL Injection [ https://vuldb.com/?submit.741647 ] https://www.yuque.com/meizhiyuwai/sks4nu/clircmda9b8q66lo?singleDoc
=C2=A0 themeisle--Menu Icons by ThemeIsle The Menu Icons by ThemeIsle plugi=
n for WordPress is vulnerable to Stored Cross-Site Scripting via the '_wp_a= ttachment_image_alt' post meta in all versions up to, and including, 0.13.2=
0 due to insufficient input sanitization and output escaping. This makes it=
possible for authenticated attackers, with Author-level access and above, =
to inject arbitrary web scripts in pages that will execute whenever a user = accesses an injected page. 2026-02-03 6.4 CVE-2026-1755 [ https://www.cve.o= rg/CVERecord?id=3DCVE-2026-1755 ] https://www.wordfence.com/threat-intel/vu= lnerabilities/id/30bfa616-c7f3-4ff0-85b3-468debc8a73e?source=3Dcve https://plugins.trac.wordpress.org/browser/menu-icons/tags/0.13.20/includes= /front.php#L497
https://plugins.trac.wordpress.org/changeset/3452685/menu-icons
=C2=A0 Red Hat--Red Hat Enterprise Linux 10 A flaw was identified in the in= teractive shell of the xmllint utility, part of the libxml2 project, where = memory allocated for user input is not properly released under certain cond= itions. When a user submits input consisting only of whitespace, the progra=
m skips command execution but fails to free the allocated buffer. Repeating=
this action causes memory to continuously accumulate. Over time, this can = exhaust system memory and terminate the xmllint process, creating a denial-= of-service condition on the local system. 2026-02-02 6.2 CVE-2026-1757 [ ht= tps://www.cve.org/CVERecord?id=3DCVE-2026-1757 ] https://access.redhat.com/= security/cve/CVE-2026-1757
RHBZ#2435940 [ https://bugzilla.redhat.com/show_bug.cgi?id=3D2435940 ]
=C2=A0 ravanh--Orange Comfort+ accessibility toolbar for WordPress The Oran=
ge Confort+ accessibility toolbar for WordPress plugin for WordPress is vul= nerable to Stored Cross-Site Scripting via the 'style' parameter of the ocp= lus_button shortcode in all versions up to, and including, 0.7 due to insuf= ficient input sanitization and output escaping. This makes it possible for = authenticated attackers, with Contributor-level access and above, to inject=
arbitrary web scripts in pages that will execute whenever a user accesses =
an injected page. 2026-02-06 6.4 CVE-2026-1808 [ https://www.cve.org/CVERec= ord?id=3DCVE-2026-1808 ] https://www.wordfence.com/threat-intel/vulnerabili= ties/id/89cb81c3-25d7-4a4e-beed-558ea8ce721d?source=3Dcve https://plugins.trac.wordpress.org/browser/orange-confort-plus/trunk/inc/cl= ass-shortcode.php#L50 https://plugins.trac.wordpress.org/browser/orange-confort-plus/tags/0.7/inc= /class-shortcode.php#L50 https://plugins.trac.wordpress.org/changeset?sfp_email=3D&sfph_mail=3D&repo= name=3D&old=3D3453313%40orange-confort-plus&new=3D3453313%40orange-confort-= plus&sfp_email=3D&sfph_mail=3D
=C2=A0 bolo-blog--bolo-solo A vulnerability was detected in bolo-blog bolo-= solo up to 2.6.4. The impacted element is the function unpackFilteredZip of=
the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the = component ZIP File Handler. Performing a manipulation of the argument File = results in path traversal. The attack is possible to be carried out remotel=
y. The exploit is now public and may be used. The project was informed of t=
he problem early through an issue report but has not responded yet. 2026-02= -03 6.3 CVE-2026-1810 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1810 ] = VDB-343978 | bolo-blog bolo-solo ZIP File BackupService.java unpackFiltered= Zip path traversal [ https://vuldb.com/?id.343978 ]
VDB-343978 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .343978 ]
Submit #742422 | https://github.com/bolo-blog/bolo-solo/ bolo-solo V2.6.4 W= rite any file [ https://vuldb.com/?submit.742422 ] https://github.com/bolo-blog/bolo-solo/issues/326 https://github.com/bolo-blog/bolo-solo/
=C2=A0 bolo-blog--bolo-solo A flaw has been found in bolo-blog bolo-solo up=
to 2.6.4. This affects the function importFromMarkdown of the file src/mai= n/java/org/b3log/solo/bolo/prop/BackupService.java of the component Filenam=
e Handler. Executing a manipulation of the argument File can lead to path t= raversal. The attack may be performed from remote. The exploit has been pub= lished and may be used. The project was informed of the problem early throu=
gh an issue report but has not responded yet. 2026-02-03 6.3 CVE-2026-1811 =
[ https://www.cve.org/CVERecord?id=3DCVE-2026-1811 ] VDB-343979 | bolo-blog=
bolo-solo Filename BackupService.java importFromMarkdown path traversal [ = https://vuldb.com/?id.343979 ]
VDB-343979 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .343979 ]
Submit #742437 | https://github.com/bolo-blog/bolo-solo bolo-solo V2.6.4 Ar= bitrary File Write and Remote Code Execution [ https://vuldb.com/?submit.74= 2437 ]
https://github.com/bolo-blog/bolo-solo/issues/327 https://github.com/bolo-blog/bolo-solo/
=C2=A0 bolo-blog--bolo-solo A vulnerability has been found in bolo-blog bol= o-solo up to 2.6.4. This impacts the function importFromCnblogs of the file=
src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component=
Filename Handler. The manipulation of the argument File leads to path trav= ersal. It is possible to initiate the attack remotely. The exploit has been=
disclosed to the public and may be used. The project was informed of the p= roblem early through an issue report but has not responded yet. 2026-02-03 = 6.3 CVE-2026-1812 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1812 ] VDB-= 343980 | bolo-blog bolo-solo Filename BackupService.java importFromCnblogs = path traversal [ https://vuldb.com/?id.343980 ]
VDB-343980 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .343980 ]
Submit #742582 | https://github.com/bolo-blog/bolo-solo bolo-solo V2.6.4 Ar= bitrary file write [ https://vuldb.com/?submit.742582 ] https://github.com/bolo-blog/bolo-solo/issues/328 https://github.com/bolo-blog/bolo-solo/
=C2=A0 bolo-blog--bolo-solo A vulnerability was found in bolo-blog bolo-sol=
o up to 2.6.4. Affected is an unknown function of the file src/main/java/or= g/b3log/solo/bolo/pic/PicUploadProcessor.java of the component FreeMarker T= emplate Handler. The manipulation of the argument File results in unrestric= ted upload. It is possible to launch the attack remotely. The exploit has b= een made public and could be used. The project was informed of the problem = early through an issue report but has not responded yet. 2026-02-03 6.3 CVE= -2026-1813 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1813 ] VDB-343981 =
| bolo-blog bolo-solo FreeMarker Template PicUploadProcessor.java unrestric= ted upload [ https://vuldb.com/?id.343981 ]
VDB-343981 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .343981 ]
Submit #743402 | https://github.com/bolo-blog/bolo-solo bolo-solo V2.6.4 Ar= bitrary File Write and RCE [ https://vuldb.com/?submit.743402 ] https://github.com/bolo-blog/bolo-solo/issues/329 https://github.com/bolo-blog/bolo-solo/
=C2=A0 htplugins--Docus YouTube Video Playlist The Docus - YouTube Video Pl= aylist plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi=
a the 'docusplaylist' shortcode in all versions up to, and including, 1.0.6=
due to insufficient input sanitization and output escaping on user supplie=
d attributes. This makes it possible for authenticated attackers, with Cont= ributor-level access and above, to inject arbitrary web scripts in pages th=
at will execute whenever a user accesses an injected page. 2026-02-06 6.4 C= VE-2026-1888 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1888 ] https://w= ww.wordfence.com/threat-intel/vulnerabilities/id/16c6fec8-81ec-477a-9942-10= fd3adb8fa4?source=3Dcve https://plugins.trac.wordpress.org/browser/docus/trunk/includes/class.short= code.php#L55 https://plugins.trac.wordpress.org/browser/docus/tags/1.0.6/includes/class.= shortcode.php#L55 https://plugins.trac.wordpress.org/changeset?sfp_email=3D&sfph_mail=3D&repo= name=3D&old=3D3454510%40docus&new=3D3454510%40docus&sfp_email=3D&sfph_mail=
=3D
=C2=A0 n/a--WeKan A vulnerability was detected in WeKan up to 8.20. This im= pacts an unknown function of the file models/checklistItems.js of the compo= nent REST API. Performing a manipulation of the argument item.cardId/item.c= hecklistId/card.boardId results in improper authorization. Remote exploitat= ion of the attack is possible. Upgrading to version 8.21 will fix this issu=
e. The patch is named 251d49eea94834cf351bb395808f4a56fb4dbb44. Upgrading t=
he affected component is recommended. 2026-02-04 6.3 CVE-2026-1894 [ https:= //www.cve.org/CVERecord?id=3DCVE-2026-1894 ] VDB-344266 | WeKan REST API ch= ecklistItems.js Checklist REST Bleed improper authorization [ https://vuldb= .com/?id.344266 ]
VDB-344266 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344266 ]
Submit #742663 | Wekan <8.21 IDOR via REST API / improper object relationsh=
ip validation [ https://vuldb.com/?submit.742663 ] https://github.com/wekan/wekan/commit/251d49eea94834cf351bb395808f4a56fb4db= b44
https://github.com/wekan/wekan/releases/tag/v8.21 https://github.com/wekan/wekan/
=C2=A0 n/a--WeKan A flaw has been found in WeKan up to 8.20. Affected is th=
e function applyWipLimit of the file models/lists.js of the component Attac= hment Storage Handler. Executing a manipulation can lead to improper access=
controls. The attack can be executed remotely. Upgrading to version 8.21 i=
s able to address this issue. This patch is called 8c0b4f79d8582932528ec2fd= f2a4487c86770fb9. It is recommended to upgrade the affected component. 2026= -02-04 6.3 CVE-2026-1895 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1895=
] VDB-344267 | WeKan Attachment Storage lists.js applyWipLimit ListWIPBlee=
d access control [ https://vuldb.com/?id.344267 ]
VDB-344267 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344267 ]
Submit #742666 | Wekan <8.21 Improper access control (CWE-284) [ https://vu= ldb.com/?submit.742666 ] https://github.com/wekan/wekan/commit/8c0b4f79d8582932528ec2fdf2a4487c86770= fb9
https://github.com/wekan/wekan/releases/tag/v8.21 https://github.com/wekan/wekan/
=C2=A0 n/a--WeKan A vulnerability has been found in WeKan up to 8.20. Affec= ted by this vulnerability is the function ComprehensiveBoardMigration of th=
e file server/migrations/comprehensiveBoardMigration.js of the component Mi= gration Operation Handler. The manipulation of the argument boardId leads t=
o improper access controls. The attack is possible to be carried out remote= ly. Upgrading to version 8.21 addresses this issue. The identifier of the p= atch is cc35dafef57ef6e44a514a523f9a8d891e74ad8f. Upgrading the affected co= mponent is advised. 2026-02-04 6.3 CVE-2026-1896 [ https://www.cve.org/CVER= ecord?id=3DCVE-2026-1896 ] VDB-344268 | WeKan Migration Operation comprehen= siveBoardMigration.js ComprehensiveBoardMigration MigrationBleed access con= trol [ https://vuldb.com/?id.344268 ]
VDB-344268 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344268 ]
Submit #742670 | Wekan <8.21 Improper access control on administrative migr= ation methods (CWE [ https://vuldb.com/?submit.742670 ] https://github.com/wekan/wekan/commit/cc35dafef57ef6e44a514a523f9a8d891e74a= d8f
https://github.com/wekan/wekan/releases/tag/v8.21 https://github.com/wekan/wekan/
=C2=A0 n/a--WeKan A vulnerability was determined in WeKan up to 8.20. This = affects an unknown part of the file packages/wekan-ldap/server/syncUser.js =
of the component LDAP User Sync. This manipulation causes improper access c= ontrols. It is possible to initiate the attack remotely. Upgrading to versi=
on 8.21 is able to mitigate this issue. Patch name: 146905a459106b5d00b4f09= 453a6554255e6965a. You should upgrade the affected component. 2026-02-05 6.=
3 CVE-2026-1898 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1898 ] VDB-34= 4270 | WeKan LDAP User Sync syncUser.js SyncLDAPBleed access control [ http= s://vuldb.com/?id.344270 ]
VDB-344270 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344270 ]
Submit #742676 | Wekan <8.21 Missing authorization on admin function (CWE-2= 84) [ https://vuldb.com/?submit.742676 ] https://github.com/wekan/wekan/commit/146905a459106b5d00b4f09453a6554255e69= 65a
https://github.com/wekan/wekan/releases/tag/v8.21 https://github.com/wekan/wekan/
=C2=A0 x-raym--WaveSurfer-WP The WaveSurfer-WP plugin for WordPress is vuln= erable to Stored Cross-Site Scripting via the plugin's audio shortcode in a=
ll versions up to, and including, 2.8.3 due to insufficient input sanitizat= ion and output escaping on the 'src' attribute. This makes it possible for = authenticated attackers, with Contributor-level access and above, to inject=
arbitrary web scripts in pages that will execute whenever a user accesses =
an injected page. 2026-02-06 6.4 CVE-2026-1909 [ https://www.cve.org/CVERec= ord?id=3DCVE-2026-1909 ] https://www.wordfence.com/threat-intel/vulnerabili= ties/id/b507462d-1ce2-4463-93bf-635ee78274f6?source=3Dcve https://plugins.trac.wordpress.org/browser/wavesurfer-wp/trunk/wavesurfer-w= p.php#L739 https://plugins.trac.wordpress.org/browser/wavesurfer-wp/tags/2.8.3/wavesur= fer-wp.php#L739 https://plugins.trac.wordpress.org/changeset?sfp_email=3D&sfph_mail=3D&repo= name=3D&old=3D3454006%40wavesurfer-wp&new=3D3454006%40wavesurfer-wp&sfp_ema= il=3D&sfph_mail=3D
=C2=A0 n/a--WeKan A vulnerability has been found in WeKan up to 8.20. The i= mpacted element is an unknown function of the file server/attachmentMigrati= on.js of the component Attachment Migration. The manipulation leads to impr= oper access controls. The attack may be initiated remotely. Upgrading to ve= rsion 8.21 is sufficient to resolve this issue. The identifier of the patch=
is 053bf1dfb76ef230db162c64a6ed50ebedf67eee. It is recommended to upgrade = the affected component. 2026-02-05 6.3 CVE-2026-1962 [ https://www.cve.org/= CVERecord?id=3DCVE-2026-1962 ] VDB-344484 | WeKan Attachment Migration atta= chmentMigration.js AttachmentMigrationBleed access control [ https://vuldb.= com/?id.344484 ]
VDB-344484 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344484 ]
Submit #742677 | Wekan <8.21 Improper access control on migration endpoints=
(CWE-284) [ https://vuldb.com/?submit.742677 ] https://github.com/wekan/wekan/commit/053bf1dfb76ef230db162c64a6ed50ebedf67= eee
https://github.com/wekan/wekan/releases/tag/v8.21 https://github.com/wekan/wekan/
=C2=A0 n/a--WeKan A vulnerability was found in WeKan up to 8.20. This affec=
ts an unknown function of the file models/attachments.js of the component A= ttachment Storage. The manipulation results in improper access controls. Th=
e attack may be launched remotely. Upgrading to version 8.21 mitigates this=
issue. The patch is identified as c413a7e860bc4d93fe2adcf82516228570bf382d=
. Upgrading the affected component is advised. 2026-02-05 6.3 CVE-2026-1963=
[ https://www.cve.org/CVERecord?id=3DCVE-2026-1963 ] VDB-344485 | WeKan At= tachment Storage attachments.js MoveStorageBleed access control [ https://v= uldb.com/?id.344485 ]
VDB-344485 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344485 ]
Submit #742678 | Wekan <8.21 Improper access control (CWE-284) [ https://vu= ldb.com/?submit.742678 ] https://github.com/wekan/wekan/commit/c413a7e860bc4d93fe2adcf82516228570bf3= 82d
https://github.com/wekan/wekan/releases/tag/v8.21 https://github.com/wekan/wekan/
=C2=A0 isaacwasserman--mcp-vegalite-server A security vulnerability has bee=
n detected in isaacwasserman mcp-vegalite-server up to 16aefed598b8cd897b78= e99b907f6e2984572c61. Affected by this vulnerability is the function eval o=
f the component visualize_data. Such manipulation of the argument vegalite_= specification leads to code injection. The attack may be performed from rem= ote. The exploit has been disclosed publicly and may be used. This product = utilizes a rolling release system for continuous delivery, and as such, ver= sion information for affected or updated releases is not disclosed. The pro= ject was informed of the problem early through an issue report but has not = responded yet. 2026-02-06 6.3 CVE-2026-1977 [ https://www.cve.org/CVERecord= ?id=3DCVE-2026-1977 ] VDB-344499 | isaacwasserman mcp-vegalite-server visua= lize_data eval code injection [ https://vuldb.com/?id.344499 ]
VDB-344499 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344499 ]
Submit #743246 | GitHub mcp-vegalite-server master Code Injection [ https:/= /vuldb.com/?submit.743246 ] https://github.com/isaacwasserman/mcp-vegalite-server/issues/9 https://github.com/isaacwasserman/mcp-vegalite-server/
=C2=A0 abhiphile--fermat-mcp A vulnerability was detected in abhiphile ferm= at-mcp up to 47f11def1cd37e45dd060f30cdce346cbdbd6f0a. This vulnerability a= ffects the function eqn_chart of the file fmcp/mpl_mcp/core/eqn_chart.py. P= erforming a manipulation of the argument equations results in code injectio=
n. It is possible to initiate the attack remotely. The exploit is now publi=
c and may be used. This product is using a rolling release to provide conti= nious delivery. Therefore, no version details for affected nor updated rele= ases are available. The project was informed of the problem early through a=
n issue report but has not responded yet. 2026-02-06 6.3 CVE-2026-2008 [ ht= tps://www.cve.org/CVERecord?id=3DCVE-2026-2008 ] VDB-344590 | abhiphile fer= mat-mcp eqn_chart.py eqn_chart code injection [ https://vuldb.com/?id.34459=
0 ]
VDB-344590 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344590 ]
Submit #743458 | GitHub fermat-mcp master Code Injection [ https://vuldb.co= m/?submit.743458 ]
https://github.com/abhiphile/fermat-mcp/issues/9 https://github.com/abhiphile/fermat-mcp/issues/9#issue-3837794397 https://github.com/abhiphile/fermat-mcp/
=C2=A0 SourceCodester--Gas Agency Management System A flaw has been found i=
n SourceCodester Gas Agency Management System 1.0. This issue affects some = unknown processing of the file /gasmark/php_action/createUser.php. Executin=
g a manipulation can lead to improper access controls. It is possible to la= unch the attack remotely. The exploit has been published and may be used. 2= 026-02-06 6.3 CVE-2026-2009 [ https://www.cve.org/CVERecord?id=3DCVE-2026-2= 009 ] VDB-344591 | SourceCodester Gas Agency Management System createUser.p=
hp access control [ https://vuldb.com/?id.344591 ]
VDB-344591 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344591 ]
Submit #743459 | SourceCodester Gas Agency Management System 1.0 Improper A= ccess Controls [ https://vuldb.com/?submit.743459 ] https://github.com/Asim-QAZi/Improper-Access-Control-in-SourceCodester-Gas-= Agency-Management-System
https://www.sourcecodester.com/
=C2=A0 Portabilis--i-Educar A weakness has been identified in Portabilis i-= Educar up to 2.10. Affected is an unknown function of the file FinalStatusI= mportService.php of the component Final Status Import. Executing a manipula= tion of the argument school_id can lead to improper authorization. The atta=
ck can be executed remotely. The exploit has been made available to the pub= lic and could be used for attacks. The vendor was contacted early about thi=
s disclosure but did not respond in any way. 2026-02-06 6.3 CVE-2026-2015 [=
https://www.cve.org/CVERecord?id=3DCVE-2026-2015 ] VDB-344597 | Portabilis=
i-Educar Final Status Import FinalStatusImportService.php improper authori= zation [ https://vuldb.com/?id.344597 ]
VDB-344597 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344597 ]
Submit #743760 | Portabilis i-Educar 2.0 2.1 2.2 2.3 2.4 2.5 2.6 2.7 2.8 2.=
9 2.10 Improper Authorization [ https://vuldb.com/?submit.743760 ] https://github.com/ViniCastro2001/Security_Reports/tree/main/i-educar/BFLA-= Final-Status-Import https://github.com/ViniCastro2001/Security_Reports/tree/main/i-educar/BFLA-= Final-Status-Import#proof-of-concept-poc
=C2=A0 Flycatcher Toys--smART Pixelator A security flaw has been discovered=
in Flycatcher Toys smART Pixelator 2.0. Affected by this issue is some unk= nown functionality of the component Bluetooth Low Energy Interface. Perform= ing a manipulation results in missing authentication. The attack can only b=
e performed from the local network. The exploit has been released to the pu= blic and may be used for attacks. The vendor was contacted early about this=
disclosure but did not respond in any way. 2026-02-06 6.3 CVE-2026-2065 [ = https://www.cve.org/CVERecord?id=3DCVE-2026-2065 ] VDB-344632 | Flycatcher = Toys smART Pixelator Bluetooth Low Energy missing authentication [ https://= vuldb.com/?id.344632 ]
VDB-344632 | CTI Indicators (IOB, IOC) [ https://vuldb.com/?ctiid.344632 ] Submit #745129 | Flycatcher Toys smART Pixelator 2.0 2.0 Missing Authentica= tion [ https://vuldb.com/?submit.745129 ] https://github.com/davidrxchester/smart-pixelator-upload https://github.com/davidrxchester/smart-pixelator-upload/blob/main/poc.py =C2=A0 n/a--O2OA A vulnerability was identified in O2OA up to 9.0.0. This i= mpacts an unknown function of the file /x_program_center/jaxrs/mpweixin/che=
ck of the component HTTP POST Request Handler. The manipulation leads to xm=
l external entity reference. It is possible to initiate the attack remotely=
. The exploit is publicly available and might be used. The vendor was conta= cted early about this disclosure but did not respond in any way. 2026-02-07=
6.3 CVE-2026-2074 [ https://www.cve.org/CVERecord?id=3DCVE-2026-2074 ] VDB= -344640 | O2OA HTTP POST Request check xml external entity reference [ http= s://vuldb.com/?id.344640 ]
VDB-344640 | CTI Indicators (IOB, IOC, IOA) [ https://vuldb.com/?ctiid.3446=
40 ]
Submit #745486 | =E6=B5=99=E6=B1=9F=E5=85=B0=E5=BE=B7=E7=BA=B5=E6=A8=AA=E7= =BD=91=E7=BB=9C=E6=8A=80=E6=9C=AF=E8=82=A1=E4=BB=BD=E6=9C=89=E9=99=90=E5=85= =AC=E5=8F=B8 O2OA v6.1.0 =E8=87=B3 v9.0.0 XML=E5=AE=9E=E4=BD=93=E6=B3=A8=E5= =85=A5=E6=BC=8F=E6=B4=9E [ https://vuldb.com/?submit.745486 ]
Submit #745489 | O2OA=E5=BC=80=E5=8F=91=E5=B9=B3=E5=8F=B0 O2OA v6.1.0 =E8= =87=B3 v9.0.0 XML=E5=AE=9E=E4=BD=93=E6=B3=A8=E5=85=A5=E6=BC=8F=E6=B4=9E (Du= plicate) [ https://vuldb.com/?submit.745489 ] https://github.com/SourByte05/SourByte-Lab/issues/7
=C2=A0 yeqifu--warehouse A security flaw has been discovered in yeqifu ware= house up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected is the funct= ion saveRolePermission of the file dataset\repos\warehouse\src\main\java\co= m\yeqifu\sys\controller\RoleController.java of the component Role-Permissio=
n Binding Handler. The manipulation results in improper access controls. It=
is possible to launch the attack remotely. The exploit has been released t=
o the public and may be used for attacks. This product takes the approach o=
f rolling releases to provide continious delivery. Therefore, version detai=
ls for affected and updated releases are not available. The project was inf= ormed of the problem early through an issue report but has not responded ye=
t. 2026-02-07 6.3 CVE-2026-2075 [ https://www.cve.org/CVERecord?id=3DCVE-20= 26-2075 ] VDB-344641 | yeqifu warehouse Role-Permission Binding RoleControl= ler.java saveRolePermission access control [ https://vuldb.com/?id.344641 ] VDB-344641 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344641 ]
Submit #745508 | yeqifu warehouse latest(git commit aaf29962ba407d22d991781= de28796ee7b4670e4) Im [ https://vuldb.com/?submit.745508 ] https://github.com/yeqifu/warehouse/issues/52 https://github.com/yeqifu/warehouse/issues/52#issue-3846645856 https://github.com/yeqifu/warehouse/
=C2=A0 yeqifu--warehouse A weakness has been identified in yeqifu warehouse=
up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this vulnerabi= lity is the function addUser/updateUser/deleteUser of the file dataset\repo= s\warehouse\src\main\java\com\yeqifu\sys\controller\UserController.java of = the component User Management Endpoint. This manipulation causes improper a= uthorization. The attack can be initiated remotely. The exploit has been ma=
de available to the public and could be used for attacks. Continious delive=
ry with rolling releases is used by this product. Therefore, no version det= ails of affected nor updated releases are available. The project was inform=
ed of the problem early through an issue report but has not responded yet. = 2026-02-07 6.3 CVE-2026-2076 [ https://www.cve.org/CVERecord?id=3DCVE-2026-= 2076 ] VDB-344642 | yeqifu warehouse User Management Endpoint UserControlle= r.java deleteUser improper authorization [ https://vuldb.com/?id.344642 ] VDB-344642 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344642 ]
Submit #745509 | yeqifu warehouse latest(git commit aaf29962ba407d22d991781= de28796ee7b4670e4) Improper Access Controls [ https://vuldb.com/?submit.745= 509 ]
https://github.com/yeqifu/warehouse/issues/53 https://github.com/yeqifu/warehouse/issues/53#issue-3846651070 https://github.com/yeqifu/warehouse/
=C2=A0 yeqifu--warehouse A security vulnerability has been detected in yeqi=
fu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by th=
is issue is the function addRole/updateRole/deleteRole of the file dataset\= repos\warehouse\src\main\java\com\yeqifu\sys\controller\RoleController.java=
of the component Role Management Handler. Such manipulation leads to impro= per authorization. The attack can be launched remotely. The exploit has bee=
n disclosed publicly and may be used. This product does not use versioning.=
This is why information about affected and unaffected releases are unavail= able. The project was informed of the problem early through an issue report=
but has not responded yet. 2026-02-07 6.3 CVE-2026-2077 [ https://www.cve.= org/CVERecord?id=3DCVE-2026-2077 ] VDB-344643 | yeqifu warehouse Role Manag= ement RoleController.java deleteRole improper authorization [ https://vuldb= .com/?id.344643 ]
VDB-344643 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344643 ]
Submit #745512 | yeqifu warehouse latest(git commit aaf29962ba407d22d991781= de28796ee7b4670e4) Improper Access Controls [ https://vuldb.com/?submit.745= 512 ]
https://github.com/yeqifu/warehouse/issues/54 https://github.com/yeqifu/warehouse/issues/54#issue-3846654129 https://github.com/yeqifu/warehouse/
=C2=A0 yeqifu--warehouse A vulnerability was detected in yeqifu warehouse u=
p to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function ad= dPermission/updatePermission/deletePermission of the file dataset\repos\war= ehouse\src\main\java\com\yeqifu\sys\controller\PermissionController.java of=
the component Permission Management. Performing a manipulation results in = improper authorization. The attack may be initiated remotely. The exploit i=
s now public and may be used. This product uses a rolling release model to = deliver continuous updates. As a result, specific version information for a= ffected or updated releases is not available. The project was informed of t=
he problem early through an issue report but has not responded yet. 2026-02= -07 6.3 CVE-2026-2078 [ https://www.cve.org/CVERecord?id=3DCVE-2026-2078 ] = VDB-344644 | yeqifu warehouse Permission Management PermissionController.ja=
va deletePermission improper authorization [ https://vuldb.com/?id.344644 ] VDB-344644 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344644 ]
Submit #745513 | yeqifu warehouse latest(git commit aaf29962ba407d22d991781= de28796ee7b4670e4) Improper Access Controls [ https://vuldb.com/?submit.745= 513 ]
https://github.com/yeqifu/warehouse/issues/55 https://github.com/yeqifu/warehouse/issues/55#issue-3846656775 https://github.com/yeqifu/warehouse/
=C2=A0 yeqifu--warehouse A flaw has been found in yeqifu warehouse up to aa= f29962ba407d22d991781de28796ee7b4670e4. This vulnerability affects the func= tion addMenu/updateMenu/deleteMenu of the file dataset\repos\warehouse\src\= main\java\com\yeqifu\sys\controller\MenuController.java of the component Me=
nu Management. Executing a manipulation can lead to improper authorization.=
The attack may be launched remotely. The exploit has been published and ma=
y be used. This product operates on a rolling release basis, ensuring conti= nuous delivery. Consequently, there are no version details for either affec= ted or updated releases. The project was informed of the problem early thro= ugh an issue report but has not responded yet. 2026-02-07 6.3 CVE-2026-2079=
[ https://www.cve.org/CVERecord?id=3DCVE-2026-2079 ] VDB-344645 | yeqifu w= arehouse Menu Management MenuController.java deleteMenu improper authorizat= ion [ https://vuldb.com/?id.344645 ]
VDB-344645 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344645 ]
Submit #745514 | yeqifu warehouse latest(git commit aaf29962ba407d22d991781= de28796ee7b4670e4) Improper Access Controls [ https://vuldb.com/?submit.745= 514 ]
https://github.com/yeqifu/warehouse/issues/56 https://github.com/yeqifu/warehouse/issues/56#issue-3846659524 https://github.com/yeqifu/warehouse/
=C2=A0 yeqifu--warehouse A flaw has been found in yeqifu warehouse up to aa= f29962ba407d22d991781de28796ee7b4670e4. The affected element is the functio=
n addDept/updateDept/deleteDept of the file dataset\repos\warehouse\src\mai= n\java\com\yeqifu\sys\controller\DeptController.java of the component Depar= tment Management. Executing a manipulation can lead to improper authorizati= on. It is possible to launch the attack remotely. The exploit has been publ= ished and may be used. This product takes the approach of rolling releases =
to provide continious delivery. Therefore, version details for affected and=
updated releases are not available. The project was informed of the proble=
m early through an issue report but has not responded yet. 2026-02-07 6.3 C= VE-2026-2105 [ https://www.cve.org/CVERecord?id=3DCVE-2026-2105 ] VDB-34468=
1 | yeqifu warehouse Department Management DeptController.java deleteDept i= mproper authorization [ https://vuldb.com/?id.344681 ]
VDB-344681 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344681 ]
Submit #745515 | yeqifu warehouse latest(git commit aaf29962ba407d22d991781= de28796ee7b4670e4) Improper Access Controls [ https://vuldb.com/?submit.745= 515 ]
https://github.com/yeqifu/warehouse/issues/57 https://github.com/yeqifu/warehouse/issues/57#issue-3846662068 https://github.com/yeqifu/warehouse/
=C2=A0 yeqifu--warehouse A vulnerability has been found in yeqifu warehouse=
up to aaf29962ba407d22d991781de28796ee7b4670e4. The impacted element is th=
e function addNotice/updateNotice/deleteNotice/batchDeleteNotice of the fil=
e dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\NoticeCon= troller.java of the component Notice Management. The manipulation leads to = improper authorization. The attack can be initiated remotely. The exploit h=
as been disclosed to the public and may be used. Continious delivery with r= olling releases is used by this product. Therefore, no version details of a= ffected nor updated releases are available. The project was informed of the=
problem early through an issue report but has not responded yet. 2026-02-0=
7 6.3 CVE-2026-2106 [ https://www.cve.org/CVERecord?id=3DCVE-2026-2106 ] VD= B-344682 | yeqifu warehouse Notice Management NoticeController.java batchDe= leteNotice improper authorization [ https://vuldb.com/?id.344682 ]
VDB-344682 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344682 ]
Submit #745516 | yeqifu warehouse latest(git commit aaf29962ba407d22d991781= de28796ee7b4670e4) Improper Access Controls [ https://vuldb.com/?submit.745= 516 ]
https://github.com/yeqifu/warehouse/issues/58 https://github.com/yeqifu/warehouse/issues/58#issue-3846664260 https://github.com/yeqifu/warehouse/
=C2=A0 yeqifu--warehouse A vulnerability was found in yeqifu warehouse up t=
o aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function loadA= llLoginfo/deleteLoginfo/batchDeleteLoginfo of the file dataset\repos\wareho= use\src\main\java\com\yeqifu\sys\controller\LoginfoController.java of the c= omponent Log Info Handler. The manipulation results in improper authorizati= on. The attack can be launched remotely. The exploit has been made public a=
nd could be used. This product does not use versioning. This is why informa= tion about affected and unaffected releases are unavailable. The project wa=
s informed of the problem early through an issue report but has not respond=
ed yet. 2026-02-07 6.3 CVE-2026-2107 [ https://www.cve.org/CVERecord?id=3DC= VE-2026-2107 ] VDB-344683 | yeqifu warehouse Log Info LoginfoController.jav=
a batchDeleteLoginfo improper authorization [ https://vuldb.com/?id.344683 ] VDB-344683 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344683 ]
Submit #745517 | yeqifu warehouse latest(git commit aaf29962ba407d22d991781= de28796ee7b4670e4) Improper Access Controls [ https://vuldb.com/?submit.745= 517 ]
https://github.com/yeqifu/warehouse/issues/59 https://github.com/yeqifu/warehouse/issues/59#issue-3846665806 https://github.com/yeqifu/warehouse/
=C2=A0 Xiaopi--Panel A security flaw has been discovered in Xiaopi Panel up=
to 20260126. This impacts an unknown function of the file /demo.php of the=
component WAF Firewall. The manipulation of the argument ID results in sql=
injection. The attack may be launched remotely. The exploit has been relea= sed to the public and may be used for attacks. The vendor was contacted ear=
ly about this disclosure but did not respond in any way. 2026-02-08 6.3 CVE= -2026-2122 [ https://www.cve.org/CVERecord?id=3DCVE-2026-2122 ] VDB-344695 =
| Xiaopi Panel WAF Firewall demo.php sql injection [ https://vuldb.com/?id.= 344695 ]
VDB-344695 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344695 ]
Submit #746917 | Xiaopi Web Application Firewall V1.0.0 Bypass [ https://vu= ldb.com/?submit.746917 ]
https://github.com/ltranquility/CVE/issues/37
=C2=A0 BurtTheCoder--mcp-maigret A vulnerability was determined in BurtTheC= oder mcp-maigret up to 1.0.12. This affects an unknown part of the file src= /index.ts of the component search_username. Executing a manipulation of the=
argument Username can lead to command injection. The attack may be launche=
d remotely. Upgrading to version 1.0.13 is able to mitigate this issue. Thi=
s patch is called b1ae073c4b3e789ab8de36dc6ca8111ae9399e7a. Upgrading the a= ffected component is advised. 2026-02-08 6.3 CVE-2026-2130 [ https://www.cv= e.org/CVERecord?id=3DCVE-2026-2130 ] VDB-344765 | BurtTheCoder mcp-maigret = search_username index.ts command injection [ https://vuldb.com/?id.344765 ] VDB-344765 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344765 ]
Submit #747171 | GitHub mcp-maigret v1.0.12 Command Injection [ https://vul= db.com/?submit.747171 ]
https://github.com/BurtTheCoder/mcp-maigret/issues/9 https://github.com/BurtTheCoder/mcp-maigret/pull/10 https://github.com/BurtTheCoder/mcp-maigret/commit/b1ae073c4b3e789ab8de36dc= 6ca8111ae9399e7a https://github.com/BurtTheCoder/mcp-maigret/releases/tag/v1.0.13 https://github.com/BurtTheCoder/mcp-maigret/
=C2=A0 XixianLiang--HarmonyOS-mcp-server A vulnerability was identified in = XixianLiang HarmonyOS-mcp-server 0.1.0. This vulnerability affects the func= tion input_text. The manipulation of the argument text leads to os command = injection. Remote exploitation of the attack is possible. The exploit is pu= blicly available and might be used. 2026-02-08 6.3 CVE-2026-2131 [ https://= www.cve.org/CVERecord?id=3DCVE-2026-2131 ] VDB-344766 | XixianLiang Harmony= OS-mcp-server input_text os command injection [ https://vuldb.com/?id.34476=
6 ]
VDB-344766 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344766 ]
Submit #747209 | GitHub HarmonyOS-mcp-server v0.1.0 Command Injection [ htt= ps://vuldb.com/?submit.747209 ] https://github.com/scanleale/MCP_sec/blob/main/HarmonyOS-mcp-server%20RCE%2= 0vulnerability.md
=C2=A0 UTT--HiPER 810 A vulnerability was detected in UTT HiPER 810 1.7.4-1= 41218. The impacted element is the function sub_43F020 of the file /goform/= formPdbUpConfig. Performing a manipulation of the argument policyNames resu= lts in command injection. It is possible to initiate the attack remotely. T=
he exploit is now public and may be used. 2026-02-08 6.3 CVE-2026-2135 [ ht= tps://www.cve.org/CVERecord?id=3DCVE-2026-2135 ] VDB-344770 | UTT HiPER 810=
formPdbUpConfig sub_43F020 command injection [ https://vuldb.com/?id.34477=
0 ]
VDB-344770 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344770 ]
Submit #747222 | UTT (=E8=89=BE=E6=B3=B0) HiPER 810 nv810v4v1.7.4-141218 Co= mmand Injection [ https://vuldb.com/?submit.747222 ] https://github.com/cha0yang1/UTT810CVE/blob/main/CVEreadme2.md
=C2=A0 WuKongOpenSource--WukongCRM A security flaw has been discovered in W= uKongOpenSource WukongCRM up to 11.3.3. This affects an unknown part of the=
file gateway/src/main/java/com/kakarote/gateway/service/impl/PermissionSer= viceImpl.java of the component URL Handler. Performing a manipulation resul=
ts in improper authorization. Remote exploitation of the attack is possible=
. The exploit has been released to the public and may be used for attacks. = The vendor was contacted early about this disclosure but did not respond in=
any way. 2026-02-08 6.3 CVE-2026-2141 [ https://www.cve.org/CVERecord?id= =3DCVE-2026-2141 ] VDB-344776 | WuKongOpenSource WukongCRM URL PermissionSe= rviceImpl.java improper authorization [ https://vuldb.com/?id.344776 ] VDB-344776 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344776 ]
Submit #747264 | =E9=83=91=E5=B7=9E=E5=8D=A1=E5=8D=A1=E7=BD=97=E7=89=B9=E8= =BD=AF=E4=BB=B6=E7=A7=91=E6=8A=80=E6=9C=89=E9=99=90=E5=85=AC=E5=8F=B8 Wukon= gCRM WukongCRM-11.x-JAVA logical flaw vulnerability [ https://vuldb.com/?su= bmit.747264 ]
https://github.com/SourByte05/SourByte-Lab/issues/8
=C2=A0 guchengwuyue--yshopmall A security flaw has been discovered in guche= ngwuyue yshopmall up to 1.9.1. This affects the function updateAvatar of th=
e file /api/users/updateAvatar of the component co.yixiang.utils.FileUtil. = Performing a manipulation of the argument File results in unrestricted uplo= ad. The attack is possible to be carried out remotely. The exploit has been=
released to the public and may be used for attacks. The project was inform=
ed of the problem early through an issue report but has not responded yet. = 2026-02-08 6.3 CVE-2026-2146 [ https://www.cve.org/CVERecord?id=3DCVE-2026-= 2146 ] VDB-344848 | guchengwuyue yshopmall co.yixiang.utils.FileUtil update= Avatar unrestricted upload [ https://vuldb.com/?id.344848 ]
VDB-344848 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344848 ]
Submit #747409 | https://github.com/guchengwuyue/yshopmall yshopmall V1.9.1=
Incomplete Identification of Uploaded File Variables [ https://vuldb.com/?= submit.747409 ]
https://github.com/guchengwuyue/yshopmall/issues/40 https://github.com/guchengwuyue/yshopmall/issues/40#issue-3860542812 https://github.com/guchengwuyue/yshopmall/
=C2=A0 Totolink--WA300 A vulnerability was detected in Totolink WA300 5.2cu= .7112_B20190227. The impacted element is the function setAPNetwork of the f= ile /cgi-bin/cstecgi.cgi. The manipulation of the argument Ipaddr results i=
n os command injection. The attack may be performed from remote. The exploi=
t is now public and may be used. 2026-02-08 6.3 CVE-2026-2167 [ https://www= .cve.org/CVERecord?id=3DCVE-2026-2167 ] VDB-344869 | Totolink WA300 cstecgi= .cgi setAPNetwork os command injection [ https://vuldb.com/?id.344869 ] VDB-344869 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344869 ]
Submit #752063 | TOTOLINK WA300 V5.2cu.7112_B20190227 OS Command Injection =
[ https://vuldb.com/?submit.752063 ] https://github.com/master-abc/cve/issues/36
https://www.totolink.net/
=C2=A0 D-Link--DWR-M921 A flaw has been found in D-Link DWR-M921 1.1.50. Th=
is affects the function sub_419920 of the file /boafrm/formLtefotaUpgradeQu= ectel. This manipulation of the argument fota_url causes command injection.=
It is possible to initiate the attack remotely. The exploit has been publi= shed and may be used. 2026-02-08 6.3 CVE-2026-2168 [ https://www.cve.org/CV= ERecord?id=3DCVE-2026-2168 ] VDB-344870 | D-Link DWR-M921 formLtefotaUpgrad= eQuectel sub_419920 command injection [ https://vuldb.com/?id.344870 ] VDB-344870 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344870 ]
Submit #748838 | D-Link DWR-M921 V1.1.50 Command Injection [ https://vuldb.= com/?submit.748838 ]
https://github.com/LX-66-LX/cve-new/issues/2
https://www.dlink.com/
=C2=A0 D-Link--DWR-M921 A vulnerability has been found in D-Link DWR-M921 1= .1.50. This impacts an unknown function of the file /boafrm/formLtefotaUpgr= adeFibocom. Such manipulation of the argument fota_url leads to command inj= ection. It is possible to launch the attack remotely. The exploit has been = disclosed to the public and may be used. 2026-02-08 6.3 CVE-2026-2169 [ htt= ps://www.cve.org/CVERecord?id=3DCVE-2026-2169 ] VDB-344871 | D-Link DWR-M92=
1 formLtefotaUpgradeFibocom command injection [ https://vuldb.com/?id.34487=
1 ]
VDB-344871 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344871 ]
Submit #748930 | D-Link DWR-M921 V1.1.50 Command Injection [ https://vuldb.= com/?submit.748930 ]
https://github.com/LX-66-LX/cve-new/issues/3
https://www.dlink.com/
=C2=A0 code-projects--Contact Management System A security vulnerability ha=
s been detected in code-projects Contact Management System 1.0. This issue = affects some unknown processing of the file index.py. Such manipulation of = the argument selecteditem[0] leads to sql injection. The attack can be exec= uted remotely. 2026-02-08 6.3 CVE-2026-2176 [ https://www.cve.org/CVERecord= ?id=3DCVE-2026-2176 ] VDB-344877 | code-projects Contact Management System = index.py sql injection [ https://vuldb.com/?id.344877 ]
VDB-344877 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344877 ]
Submit #749264 | code-projects Contact Management System in Python unknown = SQL Injection [ https://vuldb.com/?submit.749264 ]
https://code-projects.org/
=C2=A0 r-huijts--xcode-mcp-server A vulnerability was found in r-huijts xco= de-mcp-server up to f3419f00117aa9949e326f78cc940166c88f18cb. This affects = the function registerXcodeTools of the file src/tools/xcode/index.ts of the=
component run_lldb. The manipulation of the argument args results in comma=
nd injection. It is possible to launch the attack remotely. The exploit has=
been made public and could be used. This product takes the approach of rol= ling releases to provide continious delivery. Therefore, version details fo=
r affected and updated releases are not available. The patch is identified =
as 11f8d6bacadd153beee649f92a78a9dad761f56f. Applying a patch is advised to=
resolve this issue. 2026-02-08 6.3 CVE-2026-2178 [ https://www.cve.org/CVE= Record?id=3DCVE-2026-2178 ] VDB-344881 | r-huijts xcode-mcp-server run_lldb=
index.ts registerXcodeTools command injection [ https://vuldb.com/?id.3448=
81 ]
VDB-344881 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344881 ]
Submit #749569 | GitHub xcode-mcp-server master Command Injection [ https:/= /vuldb.com/?submit.749569 ] https://github.com/r-huijts/xcode-mcp-server/issues/13 https://github.com/r-huijts/xcode-mcp-server/issues/13#issue-3878065790 https://github.com/r-huijts/xcode-mcp-server/commit/11f8d6bacadd153beee649f= 92a78a9dad761f56f
https://github.com/r-huijts/xcode-mcp-server/
=C2=A0 Great Developers--Certificate Generation System A security vulnerabi= lity has been detected in Great Developers Certificate Generation System up=
to 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73. This affects an unknown part =
of the file /restructured/csv.php. The manipulation leads to unrestricted u= pload. Remote exploitation of the attack is possible. This product follows =
a rolling release approach for continuous delivery, so version details for = affected or updated releases are not provided. The code repository of the p= roject has not been active for many years. 2026-02-08 6.3 CVE-2026-2183 [ h= ttps://www.cve.org/CVERecord?id=3DCVE-2026-2183 ] VDB-344886 | Great Develo= pers Certificate Generation System csv.php unrestricted upload [ https://vu= ldb.com/?id.344886 ]
VDB-344886 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344886 ]
Submit #749713 | Great Developers Certificate Generator System 1.0 Unrestri= cted Upload [ https://vuldb.com/?submit.749713 ] https://github.com/lakshayyverma/CVE-Discovery/blob/main/Certificate.md
=C2=A0 D-Link--DI-7100G C1 A vulnerability was detected in D-Link DI-7100G =
C1 24.04.18D1. Affected by this issue is the function set_jhttpd_info. Perf= orming a manipulation of the argument usb_username results in command injec= tion. Remote exploitation of the attack is possible. 2026-02-08 6.3 CVE-202= 6-2193 [ https://www.cve.org/CVERecord?id=3DCVE-2026-2193 ] VDB-344896 | D-= Link DI-7100G C1 set_jhttpd_info command injection [ https://vuldb.com/?id.= 344896 ]
VDB-344896 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344896 ]
Submit #749803 | D-Link DI-7100G C1, 24.04.18D1 Command Injection [ https:/= /vuldb.com/?submit.749803 ] https://github.com/glkfc/IoT-Vulnerability/blob/main/D-Link/Dlink_4.md https://www.dlink.com/
=C2=A0 D-Link--DI-7100G C1 A flaw has been found in D-Link DI-7100G C1 24.0= 4.18D1. This affects the function start_proxy_client_email. Executing a man= ipulation can lead to command injection. The attack can be executed remotel=
y. The exploit has been published and may be used. 2026-02-08 6.3 CVE-2026-= 2194 [ https://www.cve.org/CVERecord?id=3DCVE-2026-2194 ] VDB-344897 | D-Li=
nk DI-7100G C1 start_proxy_client_email command injection [ https://vuldb.c= om/?id.344897 ]
VDB-344897 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344897 ]
Submit #749804 | D-Link DI-7100G C1: 2020/02/21, 24.04.18D1: 2024/04/18 Com= mand Injection [ https://vuldb.com/?submit.749804 ] https://github.com/glkfc/IoT-Vulnerability/blob/main/D-Link/Dlink_3.md https://www.dlink.com/
=C2=A0 glpi-project--glpi GLPI is a free asset and IT management software p= ackage. From version 0.85 to before 10.0.23, an authenticated user can perf= orm a SQL injection. This issue has been patched in version 10.0.23. 2026-0= 2-04 6.5 CVE-2026-22044 [ https://www.cve.org/CVERecord?id=3DCVE-2026-22044=
] https://github.com/glpi-project/glpi/security/advisories/GHSA-569q-j526-= w385
https://github.com/glpi-project/glpi/releases/tag/10.0.23
=C2=A0 n/a--WeKan A security flaw has been discovered in WeKan up to 8.20. = This vulnerability affects unknown code of the file server/methods/fixDupli= cateLists.js of the component Administrative Repair Handler. Performing a m= anipulation results in improper access controls. It is possible to initiate=
the attack remotely. Upgrading to version 8.21 is able to resolve this iss= ue. The patch is named 4ce181d17249778094f73d21515f7f863f554743. It is advi= sable to upgrade the affected component. 2026-02-08 6.3 CVE-2026-2206 [ htt= ps://www.cve.org/CVERecord?id=3DCVE-2026-2206 ] VDB-344920 | WeKan Administ= rative Repair fixDuplicateLists.js FixDuplicateBleed access control [ https= ://vuldb.com/?id.344920 ]
VDB-344920 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344920 ]
Submit #752162 | Wekan <8.21 Improper access control on administrative repa=
ir method [ https://vuldb.com/?submit.752162 ] https://github.com/wekan/wekan/commit/4ce181d17249778094f73d21515f7f863f554= 743
https://github.com/wekan/wekan/releases/tag/v8.21 https://github.com/wekan/wekan/
=C2=A0 n/a--WeKan A vulnerability was detected in WeKan up to 8.18. The aff= ected element is the function setCreateTranslation of the file client/compo= nents/settings/translationBody.js of the component Custom Translation Handl= er. The manipulation results in improper authorization. The attack can be l= aunched remotely. Upgrading to version 8.19 is sufficient to fix this issue=
. The patch is identified as f244a43771f6ebf40218b83b9f46dba6b940d7de. It i=
s suggested to upgrade the affected component. 2026-02-08 6.3 CVE-2026-2209=
[ https://www.cve.org/CVERecord?id=3DCVE-2026-2209 ] VDB-344923 | WeKan Cu= stom Translation translationBody.js setCreateTranslation improper authoriza= tion [ https://vuldb.com/?id.344923 ]
VDB-344923 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344923 ]
Submit #752269 | Wekan <8.20 IDOR in setCreateTranslation. Non-admin could = change Custom Tran [ https://vuldb.com/?submit.752269 ] https://github.com/wekan/wekan/commit/f244a43771f6ebf40218b83b9f46dba6b940d= 7de
https://github.com/wekan/wekan/releases/tag/v8.19 https://github.com/wekan/wekan/
=C2=A0 gogs--gogs Gogs is an open source self-hosted Git service. In versio=
n 0.13.3 and prior, an authenticated user can cause a DOS attack. If one of=
the repo files is deleted before synchronization, it will cause the applic= ation to crash. This issue has been patched in versions 0.13.4 and 0.14.0+d= ev. 2026-02-06 6.5 CVE-2026-22592 [ https://www.cve.org/CVERecord?id=3DCVE-= 2026-22592 ] https://github.com/gogs/gogs/security/advisories/GHSA-cr88-6mq= m-4g57
=C2=A0 gogs--gogs Gogs is an open source self-hosted Git service. In versio=
n 0.13.3 and prior, the endpoint "PUT /repos/:owner/:repo/contents/*" does = not require write permissions and allows access with read permission only v=
ia repoAssignment(). After passing the permission check, PutContents() invo= kes UpdateRepoFile(), which results in commit creation and the execution of=
git push. As a result, a token with read-only permission can be used to mo= dify repository contents. This issue has been patched in versions 0.13.4 an=
d 0.14.0+dev. 2026-02-06 6.5 CVE-2026-23632 [ https://www.cve.org/CVERecord= ?id=3DCVE-2026-23632 ] https://github.com/gogs/gogs/security/advisories/GHS= A-5qhx-gwfj-6jqr
=C2=A0 gogs--gogs Gogs is an open source self-hosted Git service. In versio=
n 0.13.3 and prior, there is an arbitrary file read/write via path traversa=
l in Git hook editing. This issue has been patched in versions 0.13.4 and 0= .14.0+dev. 2026-02-06 6.5 CVE-2026-23633 [ https://www.cve.org/CVERecord?id= =3DCVE-2026-23633 ] https://github.com/gogs/gogs/security/advisories/GHSA-m= rph-w4hh-gx3g
=C2=A0 Kubernetes--ingress-nginx A security issue was discovered in ingress= -nginx=C2=A0where the validating admission controller feature is subject to=
a denial of service condition. By sending large requests to the validating=
admission controller, an attacker can cause memory consumption, which may = result in the ingress-nginx controller pod being killed or the node running=
out of memory. 2026-02-03 6.5 CVE-2026-24514 [ https://www.cve.org/CVEReco= rd?id=3DCVE-2026-24514 ] https://github.com/kubernetes/kubernetes/issues/13= 6680
=C2=A0 gunet--openeclass The Open eClass platform (formerly known as GUnet = eClass) is a complete course management system. Prior to version 4.2, a Cro= ss-Site Request Forgery (CSRF) vulnerability in multiple teacher-restricted=
endpoints allows attackers to induce authenticated teachers to perform uni= ntended actions, such as modifying assignment grades, via crafted requests.=
This issue has been patched in version 4.2. 2026-02-03 6.5 CVE-2026-24666 =
[ https://www.cve.org/CVERecord?id=3DCVE-2026-24666 ] https://github.com/gu= net/openeclass/security/advisories/GHSA-cgmh-73qg-28fm
=C2=A0 gunet--openeclass The Open eClass platform (formerly known as GUnet = eClass) is a complete course management system. Prior to version 4.2, a bro= ken access control vulnerability allows authenticated students to add conte=
nt to existing course units, an action normally restricted to higher-privil= eged roles. This issue has been patched in version 4.2. 2026-02-03 6.5 CVE-= 2026-24668 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24668 ] https://gi= thub.com/gunet/openeclass/security/advisories/GHSA-22cq-9fr7-fq6v
=C2=A0 gunet--openeclass The Open eClass platform (formerly known as GUnet = eClass) is a complete course management system. Prior to version 4.2, a bro= ken access control vulnerability allows authenticated students to create ne=
w course units, an action normally restricted to higher-privileged roles. T= his issue has been patched in version 4.2. 2026-02-03 6.5 CVE-2026-24670 [ = https://www.cve.org/CVERecord?id=3DCVE-2026-24670 ] https://github.com/gune= t/openeclass/security/advisories/GHSA-4jf5-636r-hv9v
=C2=A0 gunet--openeclass The Open eClass platform (formerly known as GUnet = eClass) is a complete course management system. Prior to version 4.2, a Sto= red Cross-Site Scripting (XSS) vulnerability allows authenticated high-priv= ileged users (teachers or administrators) to inject malicious JavaScript in=
to multiple user-controllable input fields across the application, which is=
executed when other users access affected pages. This issue has been patch=
ed in version 4.2. 2026-02-03 6.1 CVE-2026-24671 [ https://www.cve.org/CVER= ecord?id=3DCVE-2026-24671 ] https://github.com/gunet/openeclass/security/ad= visories/GHSA-2x83-4fh2-fcw7
=C2=A0 Huawei--HarmonyOS Out-of-bounds read issue in the media subsystem. I= mpact: Successful exploitation of this vulnerability will affect availabili=
ty and confidentiality. 2026-02-06 6.2 CVE-2026-24915 [ https://www.cve.org= /CVERecord?id=3DCVE-2026-24915 ] https://consumer.huawei.com/en/support/bul= letin/2026/2/
https://consumer.huawei.com/en/support/bulletinlaptops/2026/2/ https://consumer.huawei.com/en/support/bulletinwearables/2026/2/ https://consumer.huawei.com/en/support/bulletinvision/2026/2/
=C2=A0 Huawei--HarmonyOS UAF vulnerability in the security module. Impact: = Successful exploitation of this vulnerability may affect availability. 2026= -02-06 6.5 CVE-2026-24917 [ https://www.cve.org/CVERecord?id=3DCVE-2026-249=
17 ] https://consumer.huawei.com/en/support/bulletin/2026/2/
=C2=A0 Huawei--HarmonyOS Address read vulnerability in the communication mo= dule. Impact: Successful exploitation of this vulnerability may affect avai= lability. 2026-02-06 6.8 CVE-2026-24918 [ https://www.cve.org/CVERecord?id= =3DCVE-2026-24918 ] https://consumer.huawei.com/en/support/bulletin/2026/2/ https://consumer.huawei.com/en/support/bulletinlaptops/2026/2/ https://consumer.huawei.com/en/support/bulletinwearables/2026/2/ https://consumer.huawei.com/en/support/bulletinvision/2026/2/
=C2=A0 Huawei--HarmonyOS Out-of-bounds write vulnerability in the DFX modul=
e. Impact: Successful exploitation of this vulnerability may affect availab= ility. 2026-02-06 6 CVE-2026-24919 [ https://www.cve.org/CVERecord?id=3DCVE= -2026-24919 ] https://consumer.huawei.com/en/support/bulletin/2026/2/
=C2=A0 Huawei--HarmonyOS Permission control vulnerability in the AMS module=
. Impact: Successful exploitation of this vulnerability may affect availabi= lity. 2026-02-06 6.2 CVE-2026-24920 [ https://www.cve.org/CVERecord?id=3DCV= E-2026-24920 ] https://consumer.huawei.com/en/support/bulletin/2026/2/ https://consumer.huawei.com/en/support/bulletinvision/2026/2/
=C2=A0 Huawei--HarmonyOS Buffer overflow vulnerability in the HDC module. I= mpact: Successful exploitation of this vulnerability may affect availabilit=
y. 2026-02-06 6.9 CVE-2026-24922 [ https://www.cve.org/CVERecord?id=3DCVE-2= 026-24922 ] https://consumer.huawei.com/en/support/bulletin/2026/2/ https://consumer.huawei.com/en/support/bulletinlaptops/2026/2/ https://consumer.huawei.com/en/support/bulletinwearables/2026/2/
=C2=A0 Huawei--HarmonyOS Permission control vulnerability in the HDC module=
. Impact: Successful exploitation of this vulnerability may affect service = confidentiality. 2026-02-06 6.3 CVE-2026-24923 [ https://www.cve.org/CVERec= ord?id=3DCVE-2026-24923 ] https://consumer.huawei.com/en/support/bulletin/2= 026/2/
https://consumer.huawei.com/en/support/bulletinlaptops/2026/2/ https://consumer.huawei.com/en/support/bulletinwearables/2026/2/
=C2=A0 Huawei--HarmonyOS Vulnerability of improper permission control in th=
e print module. Impact: Successful exploitation of this vulnerability may a= ffect service confidentiality. 2026-02-06 6.1 CVE-2026-24924 [ https://www.= cve.org/CVERecord?id=3DCVE-2026-24924 ] https://consumer.huawei.com/en/supp= ort/bulletin/2026/2/
=C2=A0 openclaw--openclaw OpenClaw is a personal AI assistant. Prior to ver= sion 2026.1.30, the isValidMedia() function in src/media/parse.ts allows ar= bitrary file paths including absolute paths, home directory paths, and dire= ctory traversal sequences. An agent can read any file on the system by outp= utting MEDIA:/path/to/file, exfiltrating sensitive data to the user/channel=
. This issue has been patched in version 2026.1.30. 2026-02-04 6.5 CVE-2026= -25475 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25475 ] https://github= .com/openclaw/openclaw/security/advisories/GHSA-r8g4-86fx-92mq
=C2=A0 espressif--esp-idf ESF-IDF is the Espressif Internet of Things (IOT)=
Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, =
a use-after-free vulnerability was reported in the BLE provisioning transpo=
rt (protocomm_ble) layer. The issue can be triggered by a remote BLE client=
while the device is in provisioning mode. The vulnerability occurred when = provisioning was stopped with keep_ble_on =3D true. In this configuration, = internal protocomm_ble state and GATT metadata were freed while the BLE sta=
ck and GATT services remained active. Subsequent BLE read or write callback=
s dereferenced freed memory, allowing a connected or newly connected client=
to trigger invalid memory acces. This issue has been patched in versions 5= .5.3, 5.4.4, 5.3.5, 5.2.7, and 5.1.7. 2026-02-04 6.3 CVE-2026-25507 [ https= ://www.cve.org/CVERecord?id=3DCVE-2026-25507 ] https://github.com/espressif= /esp-idf/security/advisories/GHSA-h7r3-gmg9-xjmg https://github.com/espressif/esp-idf/commit/0540c85140c2c06c0cbecc8843277ea= 676d5c4a9 https://github.com/espressif/esp-idf/commit/1ff264abf2504cade46f0ce3a03f821= 310bcf6d7 https://github.com/espressif/esp-idf/commit/47552ff4fd824caf38215468ebd2f31= fb5f36d70 https://github.com/espressif/esp-idf/commit/4c3fdcd316f780bab4ae5aa73c9626e= a9fe24ac6 https://github.com/espressif/esp-idf/commit/894c28afe3f2f8f31ff25b641918835= 17dddb5cf https://github.com/espressif/esp-idf/commit/cde7b7362adc15638c141c249681cbe= 5d23de663 https://github.com/espressif/esp-idf/commit/dba9a7dc01e4dab14c77d328f6a6f46= 369aeee63
=C2=A0 espressif--esp-idf ESF-IDF is the Espressif Internet of Things (IOT)=
Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, =
an out-of-bounds read vulnerability was reported in the BLE ATT Prepare Wri=
te handling of the BLE provisioning transport (protocomm_ble). The issue ca=
n be triggered by a remote BLE client while the device is in provisioning m= ode. The transport accumulated prepared-write fragments in a fixed-size buf= fer but incorrectly tracked the cumulative length. By sending repeated prep= are write requests with overlapping offsets, a remote client could cause th=
e reported length to exceed the allocated buffer size. This inflated length=
was then passed to provisioning handlers during execute-write processing, = resulting in an out-of-bounds read and potential memory corruption. This is= sue has been patched in versions 5.5.3, 5.4.4, 5.3.5, 5.2.7, and 5.1.7. 202= 6-02-04 6.3 CVE-2026-25508 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25= 508 ] https://github.com/espressif/esp-idf/security/advisories/GHSA-9j5x-rf= 36-54x9 https://github.com/espressif/esp-idf/commit/0540c85140c2c06c0cbecc8843277ea= 676d5c4a9 https://github.com/espressif/esp-idf/commit/1ff264abf2504cade46f0ce3a03f821= 310bcf6d7 https://github.com/espressif/esp-idf/commit/47552ff4fd824caf38215468ebd2f31= fb5f36d70 https://github.com/espressif/esp-idf/commit/4c3fdcd316f780bab4ae5aa73c9626e= a9fe24ac6 https://github.com/espressif/esp-idf/commit/894c28afe3f2f8f31ff25b641918835= 17dddb5cf https://github.com/espressif/esp-idf/commit/cde7b7362adc15638c141c249681cbe= 5d23de663 https://github.com/espressif/esp-idf/commit/dba9a7dc01e4dab14c77d328f6a6f46= 369aeee63
=C2=A0 zauberzeug--nicegui NiceGUI is a Python-based UI framework. The ui.m= arkdown() component uses the markdown2 library to convert markdown content =
to HTML, which is then rendered via innerHTML. By default, markdown2 allows=
raw HTML to pass through unchanged. This means that if an application rend= ers user-controlled content through ui.markdown(), an attacker can inject m= alicious HTML containing JavaScript event handlers. Unlike other NiceGUI co= mponents that render HTML (ui.html(), ui.chat_message(), ui.interactive_ima= ge()), the ui.markdown() component does not provide or require a sanitize p= arameter, leaving applications vulnerable to XSS attacks. This vulnerabilit=
y is fixed in 3.7.0. 2026-02-06 6.1 CVE-2026-25516 [ https://www.cve.org/CV= ERecord?id=3DCVE-2026-25516 ] https://github.com/zauberzeug/nicegui/securit= y/advisories/GHSA-v82v-c5x8-w282 https://github.com/zauberzeug/nicegui/commit/f1f7533577875af7d23f161ed3627f= 73584cb561
=C2=A0 espressif--esp-idf ESF-IDF is the Espressif Internet of Things (IOT)=
Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, =
a vulnerability exists in the WPS (Wi-Fi Protected Setup) Enrollee implemen= tation where malformed EAP-WSC packets with truncated payloads can cause in= teger underflow during fragment length calculation. When processing EAP-Exp= anded (WSC) messages, the code computes frag_len by subtracting header size=
s from the total packet length. If an attacker sends a packet where the EAP=
Length field covers only the header and flags but omits the expected paylo=
ad (such as the 2-byte Message Length field when WPS_MSG_FLAG_LEN is set), = frag_len becomes negative. This negative value is then implicitly cast to s= ize_t when passed to wpabuf_put_data(), resulting in a very large unsigned = value. This issue has been patched in versions 5.5.3, 5.4.4, 5.3.5, 5.2.7, = and 5.1.7. 2026-02-04 6.3 CVE-2026-25532 [ https://www.cve.org/CVERecord?id= =3DCVE-2026-25532 ] https://github.com/espressif/esp-idf/security/advisorie= s/GHSA-m2h2-683f-9mw7 https://github.com/espressif/esp-idf/commit/60f992a26de17bb5406f2149a2f8282= dd7ad1c59 https://github.com/espressif/esp-idf/commit/6f6766f917bc940ffbcc97eac4765a6= ab15d5f79 https://github.com/espressif/esp-idf/commit/73a587d42a57ece1962b6a4c530b574= 600650f63 https://github.com/espressif/esp-idf/commit/b209fae993d795255827ce6b2b0d694= 2a377f5d4 https://github.com/espressif/esp-idf/commit/b88befde6b5addcdd8d7373ce55c805= 2dea1e855 https://github.com/espressif/esp-idf/commit/cad36beb4cde27abcf316cd90d8d8dd= dbc6f213a https://github.com/espressif/esp-idf/commit/de28801e8ea6a736b6f0db6fc0c6827= 39363bb41
=C2=A0 mastodon--mastodon Mastodon is a free, open-source social network se= rver based on ActivityPub. Prior to versions 4.3.19, 4.4.13, 4.5.6, Mastodo=
n is vulnerable to web cache poisoning via `Rails.cache. When AUTHORIZED_FE= TCH is enabled, the ActivityPub endpoints for pinned posts and featured has= htags have contents that depend on the account that signed the HTTP request=
. However, these contents are stored in an internal cache and reused with n=
o regards to the signing actor. As a result, an empty response generated fo=
r a blocked user account may be served to requests from legitimate non-bloc= ked actors, or conversely, content intended for non-blocked actors may be r= eturned to blocked actors. This issue has been patched in versions 4.3.19, = 4.4.13, 4.5.6. 2026-02-04 6.5 CVE-2026-25540 [ https://www.cve.org/CVERecor= d?id=3DCVE-2026-25540 ] https://github.com/mastodon/mastodon/security/advis= ories/GHSA-ccpr-m53r-mfwr
=C2=A0 navidrome--navidrome Navidrome is an open source web-based music col= lection server and streamer. Prior to version 0.60.0, a cross-site scriptin=
g vulnerability in the frontend allows a malicious attacker to inject code = through the comment metadata of a song to exfiltrate user credentials. This=
issue has been patched in version 0.60.0. 2026-02-04 6.1 CVE-2026-25578 [ = https://www.cve.org/CVERecord?id=3DCVE-2026-25578 ] https://github.com/navi= drome/navidrome/security/advisories/GHSA-rh3r-8pxm-hg4w https://github.com/navidrome/navidrome/commit/d7ec7355c9036d5be659d6ac555c3= 34bb5848ba6
https://github.com/navidrome/navidrome/releases/tag/v0.60.0
=C2=A0 tgies--client-certificate-auth client-certificate-auth is middleware=
for Node.js implementing client SSL certificate authentication/authorizati= on. Versions 0.2.1 and 0.3.0 of client-certificate-auth contain an open red= irect vulnerability. The middleware unconditionally redirects HTTP requests=
to HTTPS using the unvalidated Host header, allowing an attacker to redire=
ct users to arbitrary domains. This vulnerability is fixed in 1.0.0. 2026-0= 2-06 6.1 CVE-2026-25651 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25651=
] https://github.com/tgies/client-certificate-auth/security/advisories/GHS= A-m4w9-gch5-c2g4 https://github.com/tgies/client-certificate-auth/releases/tag/v1.0.0
=C2=A0 vim--vim Vim is an open source, command line text editor. Prior to v= ersion 9.1.2132, a heap buffer overflow vulnerability exists in Vim's tag f= ile resolution logic when processing the 'helpfile' option. The vulnerabili=
ty is located in the get_tagfname() function in src/tag.c. When processing = help file tags, Vim copies the user-controlled 'helpfile' option value into=
a fixed-size heap buffer of MAXPATHL + 1 bytes (typically 4097 bytes) usin=
g an unsafe STRCPY() operation without any bounds checking. This issue has = been patched in version 9.1.2132. 2026-02-06 6.6 CVE-2026-25749 [ https://w= ww.cve.org/CVERecord?id=3DCVE-2026-25749 ] https://github.com/vim/vim/secur= ity/advisories/GHSA-5w93-4g67-mm43 https://github.com/vim/vim/commit/0714b15940b245108e6e9d7aa2260dd849a26fa9 https://github.com/vim/vim/releases/tag/v9.1.2132
=C2=A0 BishopFox--sliver Sliver is a command and control framework that use=
s a custom Wireguard netstack. Prior to 1.6.11, a path traversal in the web= site content subsystem lets an authenticated operator read arbitrary files =
on the Sliver server host. This is an authenticated path traversal / arbitr= ary file read issue, and it can expose credentials, configs, and keys. This=
vulnerability is fixed in 1.6.11. 2026-02-06 6.5 CVE-2026-25760 [ https://= www.cve.org/CVERecord?id=3DCVE-2026-25760 ] https://github.com/BishopFox/sl= iver/security/advisories/GHSA-2286-hxv5-cmp2 https://github.com/BishopFox/sliver/commit/818127349ccec812876693c4ca74ebf4= 350ec6b7
=C2=A0 Maian Media--Maian Support Helpdesk Maian Support Helpdesk 4.3 conta= ins a cross-site request forgery vulnerability that allows attackers to cre= ate administrative accounts without authentication. Attackers can craft mal= icious HTML forms to add admin users and upload PHP files with unrestricted=
file upload capabilities through the FAQ attachment system. 2026-02-03 5.3=
CVE-2020-37091 [ https://www.cve.org/CVERecord?id=3DCVE-2020-37091 ] Explo= itDB-48386 [ https://www.exploit-db.com/exploits/48386 ]
Vendor Homepage [ https://www.maiansupport.com ]
VulnCheck Advisory: Maian Support Helpdesk 4.3 - Cross-Site Request Forgery=
(Add Admin) [ https://www.vulncheck.com/advisories/maian-support-helpdesk-= cross-site-request-forgery-add-admin ]
=C2=A0 EDIMAX Technology Co., Ltd.--EW-7438RPn Mini Edimax EW-7438RPn 1.13 = contains a cross-site request forgery vulnerability in the MAC filtering co= nfiguration interface. Attackers can craft malicious web pages to trick use=
rs into adding unauthorized MAC addresses to the device's filtering rules w= ithout their consent. 2026-02-03 5.3 CVE-2020-37096 [ https://www.cve.org/C= VERecord?id=3DCVE-2020-37096 ] ExploitDB-48366 [ https://www.exploit-db.com= /exploits/48366 ]
Edimax EW-7438RPn Product Homepage [ https://www.edimax.com/edimax/merchand= ise/merchandise_detail/data/edimax/global/wi-fi_range_extenders_n300/ew-743= 8rpn_mini/ ]
VulnCheck Advisory: Edimax EW-7438RPn - Cross-Site Request Forgery (MAC Fil= tering) [ https://www.vulncheck.com/advisories/edimax-ew-rpn-cross-site-req= uest-forgery-mac-filtering ]
=C2=A0 Bdtask--Business Live Chat Software Business Live Chat Software 1.0 = contains a cross-site request forgery vulnerability that allows attackers t=
o change user account roles without authentication. Attackers can craft a m= alicious HTML form to modify user privileges by submitting a POST request t=
o the user creation endpoint with administrative access parameters. 2026-02= -06 5.3 CVE-2020-37106 [ https://www.cve.org/CVERecord?id=3DCVE-2020-37106 =
] ExploitDB-48141 [ https://www.exploit-db.com/exploits/48141 ]
Business Live Chat Software Vendor Homepage [ https://www.bdtask.com/busine= ss-live-chat-software.php ]
VulnCheck Advisory: Business Live Chat Software 1.0 - Cross-Site Request Fo= rgery (Add Admin) [ https://www.vulncheck.com/advisories/business-live-chat= -software-cross-site-request-forgery-add-admin ]
=C2=A0 Code::Blocks--Code::Blocks CODE::BLOCKS 16.01 contains a buffer over= flow vulnerability that allows attackers to execute arbitrary code by overw= riting Structured Exception Handler with crafted Unicode characters. Attack= ers can create a malicious M3U playlist file with 536 bytes of buffer and s= hellcode to trigger remote code execution. 2026-02-05 5.5 CVE-2020-37121 [ = https://www.cve.org/CVERecord?id=3DCVE-2020-37121 ] ExploitDB-48344 [ https= ://www.exploit-db.com/exploits/48344 ]
CODE::BLOCKS Product Homepage [ https://www.codeblocks.org/ ]
CODE::BLOCKS SourceForge Repository [ https://sourceforge.net/projects/code= blocks/ ]
VulnCheck Advisory: CODE::BLOCKS 16.01 - Buffer Overflow (SEH) UNICODE [ ht= tps://www.vulncheck.com/advisories/codeblocks-buffer-overflow-seh-unicode ] =C2=A0 dnsmasq--dnsmasq-utils Dnsmasq-utils 2.79-1 contains a buffer overfl=
ow vulnerability in the dhcp_release utility that allows attackers to cause=
a denial of service by supplying excessive input. Attackers can trigger a = core dump and terminate the dhcp_release process by sending a crafted input=
string longer than 16 characters. 2026-02-05 5.5 CVE-2020-37127 [ https://= www.cve.org/CVERecord?id=3DCVE-2020-37127 ] ExploitDB-48301 [ https://www.e= xploit-db.com/exploits/48301 ]
Software Link for dnsmasq 2.79-1 [ https://launchpad.net/ubuntu/+source/dns= masq/2.79-1 ]
VulnCheck Advisory: dnsmasq-utils 2.79-1 - 'dhcp_release' Denial of Service=
[ https://www.vulncheck.com/advisories/dnsmasq-utils-dhcprelease-denial-of= -service ]
=C2=A0 FinalWire--Everest Everest, later referred to as AIDA64, 5.50.2100 c= ontains a denial of service vulnerability that allows local attackers to cr= ash the application by manipulating file open functionality. Attackers can = generate a 450-byte buffer of repeated characters and paste it into the fil=
e open dialog to trigger an application crash. 2026-02-05 5.5 CVE-2020-3714=
0 [ https://www.cve.org/CVERecord?id=3DCVE-2020-37140 ] ExploitDB-48259 [ h= ttps://www.exploit-db.com/exploits/48259 ]
Archived Product Page [ https://web.archive.org/web/20191223010612/https://= www.aida64.com/ ]
VulnCheck Advisory: Everest 5.50.2100 - 'Open File' Denial of Service [ htt= ps://www.vulncheck.com/advisories/everest-open-file-denial-of-service ]
=C2=A0 Exagate--Sysguard 6001 Exagate SYSGuard 6001 contains a cross-site r= equest forgery vulnerability that allows attackers to create unauthorized a= dmin accounts through a crafted HTML form. Attackers can trick users into s= ubmitting a malicious form to /kulyon.php that adds a new user with adminis= trative privileges without the victim's consent. 2026-02-05 5.3 CVE-2020-37= 144 [ https://www.cve.org/CVERecord?id=3DCVE-2020-37144 ] ExploitDB-48234 [=
https://www.exploit-db.com/exploits/48234 ]
Exagate Vendor Homepage [ https://www.exagate.com/ ]
Archived Sysguard 6001 Product Page [ https://web.archive.org/web/201910200= 64936/https://www.exagate.com/sysguard-6001 ]
VulnCheck Advisory: Exagate Sysguard 6001 - Cross-Site Request Forgery (Add=
Admin) [ https://www.vulncheck.com/advisories/exagate-sysguard-cross-site-= request-forgery-add-admin ]
=C2=A0 IBM--Cloud Pak System IBM Cloud Pak System displays sensitive inform= ation in user messages that could aid in further attacks against the system=
. 2026-02-04 5.3 CVE-2023-38010 [ https://www.cve.org/CVERecord?id=3DCVE-20= 23-38010 ] https://www.ibm.com/support/pages/node/7254419
=C2=A0 IBM--Cloud Pak System IBM Cloud Pak System=C2=A0is vulnerable to cro= ss-site scripting. This vulnerability allows users to embed arbitrary JavaS= cript code in the Web UI thus altering the intended functionality potential=
ly leading to credentials disclosure within a trusted session. 2026-02-04 5=
.3 CVE-2023-38017 [ https://www.cve.org/CVERecord?id=3DCVE-2023-38017 ] htt= ps://www.ibm.com/support/pages/node/7254419
=C2=A0 IBM--Cloud Pak System IBM Cloud Pak System does not set the secure a= ttribute on authorization tokens or session cookies. Attackers may be able =
to get the cookie values by sending a http:// link to a user or by planting=
this link in a site the user goes to. The cookie will be sent to the insec= ure link and the attacker can then obtain the cookie value by snooping the = traffic. 2026-02-04 5.3 CVE-2023-38281 [ https://www.cve.org/CVERecord?id= =3DCVE-2023-38281 ] https://www.ibm.com/support/pages/node/7254419
=C2=A0 IBM--Db2 Big SQL on Cloud Pak for Data IBM Db2 Big SQL on Cloud Pak = for Data versions 7.6 (on CP4D 4.8), 7.7 (on CP4D 5.0), and 7.8 (on CP4D 5.=
1) do not properly limit the allocation of system resources. An authenticat=
ed user with internal knowledge of the environment could exploit this weakn= ess to cause a denial of service. 2026-02-04 5.3 CVE-2024-39724 [ https://w= ww.cve.org/CVERecord?id=3DCVE-2024-39724 ] https://www.ibm.com/support/page= s/node/7257907
=C2=A0 cyberlord92--OAuth Single Sign On SSO (OAuth Client) The OAuth Singl=
e Sign On - SSO (OAuth Client) plugin for WordPress is vulnerable to unauth= orized access in all versions up to, and including, 6.26.14. This is due to=
missing capability checks and authentication verification on the OAuth red= irect functionality accessible via the 'oauthredirect' option parameter. Th=
is makes it possible for unauthenticated attackers to set the global redire=
ct URL option via the redirect_url parameter granted they can access the si=
te directly. 2026-02-06 5.3 CVE-2025-10753 [ https://www.cve.org/CVERecord?= id=3DCVE-2025-10753 ] https://www.wordfence.com/threat-intel/vulnerabilitie= s/id/915e1a6e-ad9c-4849-8ae0-3ded18720a1f?source=3Dcve https://plugins.trac.wordpress.org/browser/miniorange-login-with-eve-online= -google-facebook/tags/6.26.12/class-mooauth-widget.php#L260 https://plugins.trac.wordpress.org/changeset?sfp_email=3D&sfph_mail=3D&repo= name=3D&old=3D3399223%40miniorange-login-with-eve-online-google-facebook&ne= w=3D3399223%40miniorange-login-with-eve-online-google-facebook&sfp_email=3D= &sfph_mail=3D
=C2=A0 IBM--App Connect Operator IBM App Connect Enterprise Certified Conta= iner=C2=A0up to 12.19.0 (Continuous Delivery) and=C2=A012.0 LTS (Long Term = Support) could allow an attacker to access sensitive files or modify config= urations due to an untrusted search path. 2026-02-05 5.1 CVE-2025-13491 [ h= ttps://www.cve.org/CVERecord?id=3DCVE-2025-13491 ] https://www.ibm.com/supp= ort/pages/node/7259746
=C2=A0 elextensions--ELEX WordPress HelpDesk & Customer Ticketing System Th=
e ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress =
is vulnerable to Missing Authorization in all versions up to, and including=
, 3.3.5. This is due to missing capability checks on the eh_crm_ticket_gene= ral function combined with a shared nonce that is exposed to low-privileged=
users. This makes it possible for authenticated attackers, with Subscriber= -level access and above, to modify global WSDesk settings via the `eh_crm_t= icket_general` AJAX action. 2026-02-05 5.3 CVE-2025-14079 [ https://www.cve= .org/CVERecord?id=3DCVE-2025-14079 ] https://www.wordfence.com/threat-intel= /vulnerabilities/id/6fd3ea16-4706-4573-b905-93dff434968d?source=3Dcve https://plugins.trac.wordpress.org/browser/elex-helpdesk-customer-support-t= icket-system/tags/3.3.4/includes/class-crm-ajax-functions-one.php#L15 https://plugins.trac.wordpress.org/changeset/3449609/
=C2=A0 unitecms--Unlimited Elements For Elementor The Unlimited Elements fo=
r Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripti=
ng via the Border Hero widget's Button Link field in versions up to 2.0.1. = This is due to insufficient input sanitization and output escaping on user-= supplied URLs. This makes it possible for authenticated attackers, with Con= tributor-level access and above, to inject arbitrary web scripts in pages t= hat will execute whenever a user accesses an injected page. 2026-02-03 5.4 = CVE-2025-14274 [ https://www.cve.org/CVERecord?id=3DCVE-2025-14274 ] https:= //www.wordfence.com/threat-intel/vulnerabilities/id/482c4986-3677-4754-992b= -ea9be7573d2e?source=3Dcve https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor= /trunk/inc_php/framework/functions.class.php#L2859 https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor= /trunk/inc_php/unitecreator_params_processor.class.php#L1518 https://plugins.trac.wordpress.org/changeset?sfp_email=3D&sfph_mail=3D&repo= name=3D&new=3D3429507%40unlimited-elements-for-elementor%2Ftrunk&old=3D3403= 331%40unlimited-elements-for-elementor%2Ftrunk&sfp_email=3D&sfph_mail=3D#fi= le15
=C2=A0 tpixendit--Xendit Payment The Xendit Payment plugin for WordPress is=
vulnerable to unauthorized order status manipulation in all versions up to=
, and including, 6.0.2. This is due to the plugin exposing a publicly acces= sible WooCommerce API callback endpoint (`wc_xendit_callback`) that process=
es payment callbacks without any authentication or cryptographic verificati=
on that the requests originate from Xendit's payment gateway. This makes it=
possible for unauthenticated attackers to mark any WooCommerce order as pa=
id by sending a crafted POST request to the callback URL with a JSON body c= ontaining an `external_id` matching the order ID pattern and a `status` of = 'PAID' or 'SETTLED', granted they can enumerate order IDs (which are sequen= tial integers). This leads to orders being fraudulently marked as completed=
without any actual payment, resulting in financial loss and inventory depl= etion. 2026-02-04 5.3 CVE-2025-14461 [ https://www.cve.org/CVERecord?id=3DC= VE-2025-14461 ] https://www.wordfence.com/threat-intel/vulnerabilities/id/2= 791bbd5-9101-4484-a352-0e4d2ce04e5d?source=3Dcve https://plugins.trac.wordpress.org/browser/woo-xendit-virtual-accounts/trun= k/woocommerce-xendit-pg.php#L252 https://plugins.trac.wordpress.org/browser/woo-xendit-virtual-accounts/tags= /6.0.2/woocommerce-xendit-pg.php#L252
=C2=A0 Tanium--Enforce Tanium addressed an improper link resolution before = file access vulnerability in Enforce. 2026-02-05 5 CVE-2025-15328 [ https:/= /www.cve.org/CVERecord?id=3DCVE-2025-15328 ] TAN-2025-007 [ https://securit= y.tanium.com/TAN-2025-007 ]
=C2=A0 chapaet--Chapa Payment Gateway Plugin for WooCommerce The Chapa Paym= ent Gateway Plugin for WooCommerce plugin for WordPress is vulnerable to Se= nsitive Information Exposure in all versions up to, and including, 1.0.3 vi=
a 'chapa_proceed' WooCommerce API endpoint. This makes it possible for unau= thenticated attackers to extract sensitive data including the merchant's Ch= apa secret API key. 2026-02-04 5.3 CVE-2025-15482 [ https://www.cve.org/CVE= Record?id=3DCVE-2025-15482 ] https://www.wordfence.com/threat-intel/vulnera= bilities/id/190492ec-5982-4dce-9e97-16a518a01a27?source=3Dcve https://plugins.trac.wordpress.org/browser/chapa-payment-gateway-for-woocom= merce/tags/1.0.3/includes/class-waf-wc-chapa-gateway.php#L418
=C2=A0 magicimport--Magic Import Document Extractor The Magic Import Docume=
nt Extractor plugin for WordPress is vulnerable to unauthorized modificatio=
n of data due to a missing capability check on the ajax_sync_usage() functi=
on in all versions up to, and including, 1.0.4. This makes it possible for = unauthenticated attackers to modify the plugin's license status and credit = balance. 2026-02-04 5.3 CVE-2025-15507 [ https://www.cve.org/CVERecord?id= =3DCVE-2025-15507 ] https://www.wordfence.com/threat-intel/vulnerabilities/= id/6854e470-26ac-4747-b72c-164e79e1a1b1?source=3Dcve https://plugins.trac.wordpress.org/browser/magic-import-document-extractor/= tags/1.0.4/public/class-public.php#L225
=C2=A0 magicimport--Magic Import Document Extractor The Magic Import Docume=
nt Extractor plugin for WordPress is vulnerable to Sensitive Information Ex= posure in all versions up to, and including, 1.0.4 via the get_frontend_set= tings() function. This makes it possible for unauthenticated attackers to e= xtract the site's magicimport.ai license key from the page source on any pa=
ge containing the plugin's shortcode. 2026-02-04 5.3 CVE-2025-15508 [ https= ://www.cve.org/CVERecord?id=3DCVE-2025-15508 ] https://www.wordfence.com/th= reat-intel/vulnerabilities/id/9ec72ac5-1851-4074-bea4-ccfd684b9c8d?source= =3Dcve https://plugins.trac.wordpress.org/browser/magic-import-document-extractor/= tags/1.0.4/public/class-public.php#L379
=C2=A0 IBM--Engineering Lifecycle Management - Global Configuration Managem= ent IBM Engineering Lifecycle Management - Global Configuration Management = 7.0.3 through 7.0.3 Interim Fix 017, and 7.1.0 through 7.1.0 Interim Fix 00=
4 IBM Global Configuration Management is vulnerable to cross-site scripting=
. This vulnerability allows an authenticated user to embed arbitrary JavaSc= ript code in the Web UI thus altering the intended functionality potentiall=
y leading to credentials disclosure within a trusted session. 2026-02-03 5.=
4 CVE-2025-36033 [ https://www.cve.org/CVERecord?id=3DCVE-2025-36033 ] http= s://www.ibm.com/support/pages/node/7258063
=C2=A0 IBM--Cloud Pak for Business Automation IBM Cloud Pak for Business Au= tomation 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Inter=
im Fix 005, and 24.0.0 through 24.0.0 Interim Fix 007 could allow an authen= ticated user to cause a denial of service or corrupt existing data due to t=
he improper validation of input length. 2026-02-03 5.4 CVE-2025-36094 [ htt= ps://www.cve.org/CVERecord?id=3DCVE-2025-36094 ] https://www.ibm.com/suppor= t/pages/node/7259318
=C2=A0 IBM--Concert IBM Concert 1.0.0 through 2.1.0 uses weaker than expect=
ed cryptographic algorithms that could allow an attacker to decrypt highly = sensitive information. 2026-02-02 5.9 CVE-2025-36253 [ https://www.cve.org/= CVERecord?id=3DCVE-2025-36253 ] https://www.ibm.com/support/pages/node/7257= 565
=C2=A0 HCL--AION Root File System Not Mounted as Read-Only configuration vu= lnerability. This can allow unintended modifications to critical system fil= es, potentially increasing the risk of system compromise or unauthorized ch= anges. This issue affects AION: 2.0. 2026-02-03 5.5 CVE-2025-52627 [ https:= //www.cve.org/CVERecord?id=3DCVE-2025-52627 ] https://support.hcl-software.= com/csm?id=3Dkb_article&sysparm_article=3DKB0127972
=C2=A0 N/A--Moodle[.]org A flaw was found in Moodle. A remote attacker coul=
d exploit a reflected Cross-Site Scripting (XSS) vulnerability in the polic=
y tool return URL. This vulnerability arises from insufficient sanitization=
of URL parameters, allowing attackers to inject malicious scripts through = specially crafted links. Successful exploitation could lead to information = disclosure or arbitrary client-side script execution within the user's brow= ser. 2026-02-03 5.4 CVE-2025-67855 [ https://www.cve.org/CVERecord?id=3DCVE= -2025-67855 ] https://access.redhat.com/security/cve/CVE-2025-67855 RHBZ#2423861 [ https://bugzilla.redhat.com/show_bug.cgi?id=3D2423861 ]
=C2=A0 N/A--Moodle[.]org A flaw was found in Moodle. An authorization logic=
flaw, specifically due to incomplete role checks during the badge awarding=
process, allowed badges to be granted without proper verification. This co= uld enable unauthorized users to obtain badges they are not entitled to, po= tentially leading to privilege escalation or unauthorized access to certain=
features. 2026-02-03 5.4 CVE-2025-67856 [ https://www.cve.org/CVERecord?id= =3DCVE-2025-67856 ] https://access.redhat.com/security/cve/CVE-2025-67856 RHBZ#2423864 [ https://bugzilla.redhat.com/show_bug.cgi?id=3D2423864 ]
=C2=A0 khoj-ai--khoj Khoj is a self-hostable artificial intelligence app. P= rior to 2.0.0-beta.23, an IDOR in the Notion OAuth callback allows an attac= ker to hijack any user's Notion integration by manipulating the state param= eter. The callback endpoint accepts any user UUID without verifying the OAu=
th flow was initiated by that user, allowing attackers to replace victims' = Notion configurations with their own, resulting in data poisoning and unaut= horized access to the victim's Khoj search index. This attack requires know= ing the user's UUID which can be leaked through shared conversations where =
an AI generated image is present. This vulnerability is fixed in 2.0.0-beta= .23. 2026-02-02 5.4 CVE-2025-69207 [ https://www.cve.org/CVERecord?id=3DCVE= -2025-69207 ] https://github.com/khoj-ai/khoj/security/advisories/GHSA-6whj= -7qmg-86qj https://github.com/khoj-ai/khoj/commit/1b7ccd141d47f365edeccc57d7316cb0913d= 748b
https://github.com/khoj-ai/khoj/releases/tag/2.0.0-beta.23
=C2=A0 fortispay--Fortis for WooCommerce The Fortis for WooCommerce plugin = for WordPress is vulnerable to authorization bypass due to an inverted nonc=
e check in the 'check_fortis_notify_response' function in all versions up t=
o, and including, 1.2.0. This makes it possible for unauthenticated attacke=
rs to update arbitrary WooCommerce order statuses to paid/processing/comple= ted, effectively allowing them to mark orders as paid without payment. 2026= -02-04 5.3 CVE-2026-0679 [ https://www.cve.org/CVERecord?id=3DCVE-2026-0679=
] https://www.wordfence.com/threat-intel/vulnerabilities/id/9f16c098-3e99-= 4506-b517-ae4b838a0925?source=3Dcve https://plugins.trac.wordpress.org/browser/fortis-for-woocommerce/trunk/cla= sses/WC_Gateway_Fortis.php#L1674 https://plugins.trac.wordpress.org/browser/fortis-for-woocommerce/tags/1.2.= 0/classes/WC_Gateway_Fortis.php#L1674
=C2=A0 alimir--WP ULike Engagement Analytics & Interactive Buttons to Under= stand Your Audience The WP ULike plugin for WordPress is vulnerable to Inse= cure Direct Object Reference in all versions up to, and including, 4.8.3.1.=
This is due to the `wp_ulike_delete_history_api` AJAX action not verifying=
that the log entry being deleted belongs to the current user. This makes i=
t possible for authenticated attackers, with Subscriber-level access and ab= ove (granted the 'stats' capability is assigned to their role), to delete a= rbitrary log entries belonging to other users via the 'id' parameter. 2026-= 02-03 5.3 CVE-2026-0909 [ https://www.cve.org/CVERecord?id=3DCVE-2026-0909 =
] https://www.wordfence.com/threat-intel/vulnerabilities/id/bee2e520-46cc-4= b54-9849-fafb9b37ba19?source=3Dcve https://plugins.trac.wordpress.org/browser/wp-ulike/trunk/admin/admin-ajax.= php#L94 https://plugins.trac.wordpress.org/browser/wp-ulike/tags/4.8.3.1/admin/admi= n-ajax.php#L94 https://plugins.trac.wordpress.org/changeset/3451296/wp-ulike/trunk/admin/a= dmin-ajax.php
=C2=A0 brainstormforce--Spectra Gutenberg Blocks Website Builder for the Bl= ock Editor The Spectra Gutenberg Blocks - Website Builder for the Block Edi= tor plugin for WordPress is vulnerable to Information Disclosure in all ver= sions up to, and including, 2.19.17. This is due to the plugin failing to c= heck `post_password_required()` before rendering post excerpts in the `rend= er_excerpt()` function and the `uagb_get_excerpt()` helper function. This m= akes it possible for unauthenticated attackers to read excerpts of password= -protected posts by simply viewing any page that contains a Spectra Post Gr= id, Post Masonry, Post Carousel, or Post Timeline block. 2026-02-03 5.3 CVE= -2026-0950 [ https://www.cve.org/CVERecord?id=3DCVE-2026-0950 ] https://www= .wordfence.com/threat-intel/vulnerabilities/id/ccaccf03-4162-4365-9f12-0363= a78e91d4?source=3Dcve https://plugins.trac.wordpress.org/browser/ultimate-addons-for-gutenberg/tr= unk/blocks-config/post/class-uagb-post.php#L1303 https://plugins.trac.wordpress.org/browser/ultimate-addons-for-gutenberg/ta= gs/2.19.17/blocks-config/post/class-uagb-post.php#L1303 https://plugins.trac.wordpress.org/browser/ultimate-addons-for-gutenberg/tr= unk/blocks-config/post/class-uagb-post.php#L1621 https://plugins.trac.wordpress.org/browser/ultimate-addons-for-gutenberg/ta= gs/2.19.17/blocks-config/post/class-uagb-post.php#L1621 https://plugins.trac.wordpress.org/browser/ultimate-addons-for-gutenberg/tr= unk/blocks-config/post/class-uagb-post.php#L2196 https://plugins.trac.wordpress.org/browser/ultimate-addons-for-gutenberg/ta= gs/2.19.17/blocks-config/post/class-uagb-post.php#L2196 https://plugins.trac.wordpress.org/browser/ultimate-addons-for-gutenberg/tr= unk/classes/class-uagb-helper.php#L1403 https://plugins.trac.wordpress.org/browser/ultimate-addons-for-gutenberg/ta= gs/2.19.17/classes/class-uagb-helper.php#L1403 https://plugins.trac.wordpress.org/changeset?sfp_email=3D&sfph_mail=3D&repo= name=3D&new=3D3443216%40ultimate-addons-for-gutenberg%2Ftrunk&old=3D3410395= %40ultimate-addons-for-gutenberg%2Ftrunk&sfp_email=3D&sfph_mail=3D
=C2=A0 metagauss--ProfileGrid User Profiles, Groups and Communities The Pro= fileGrid - User Profiles, Groups and Communities plugin for WordPress is vu= lnerable to Insecure Direct Object Reference in all versions up to, and inc= luding, 5.9.7.2 via the 'pm_upload_image' and 'pm_upload_cover_image' AJAX = actions. This is due to the update_user_meta() function being called outsid=
e of the user authorization check in public/partials/crop.php and public/pa= rtials/coverimg_crop.php. This makes it possible for authenticated attacker=
s, with Subscriber-level access and above, to change any user's profile pic= ture or cover image, including administrators. 2026-02-05 5.3 CVE-2026-1271=
[ https://www.cve.org/CVERecord?id=3DCVE-2026-1271 ] https://www.wordfence= .com/threat-intel/vulnerabilities/id/712535ce-8c38-4944-aa0a-36d9bacaeb67?s= ource=3Dcve https://plugins.trac.wordpress.org/browser/profilegrid-user-profiles-groups= -and-communities/trunk/public/partials/crop.php#L73 https://plugins.trac.wordpress.org/browser/profilegrid-user-profiles-groups= -and-communities/trunk/public/partials/coverimg_crop.php#L60 https://plugins.trac.wordpress.org/browser/profilegrid-user-profiles-groups= -and-communities/tags/5.9.6.7/public/partials/crop.php#L73 https://plugins.trac.wordpress.org/browser/profilegrid-user-profiles-groups= -and-communities/tags/5.9.6.7/public/partials/coverimg_crop.php#L60 https://plugins.trac.wordpress.org/changeset?sfp_email=3D&sfph_mail=3D&repo= name=3D&old=3D3448434%40profilegrid-user-profiles-groups-and-communities&ne= w=3D3448434%40profilegrid-user-profiles-groups-and-communities&sfp_email=3D= &sfph_mail=3D
=C2=A0 themeum--Tutor LMS eLearning and online course solution The Tutor LM=
S - eLearning and online course solution plugin for WordPress is vulnerable=
to Sensitive Information Exposure in all versions up to, and including, 3.= 9.5. This is due to missing authorization checks in the `ajax_coupon_detail= s()` function, which only validates nonces but does not verify user capabil= ities. This makes it possible for authenticated attackers, with Subscriber-= level access and above, to retrieve sensitive coupon information including = coupon codes, discount amounts, usage statistics, and course/bundle applica= tions. 2026-02-03 5.3 CVE-2026-1371 [ https://www.cve.org/CVERecord?id=3DCV= E-2026-1371 ] https://www.wordfence.com/threat-intel/vulnerabilities/id/7f5= c5f64-a864-4ce1-9080-19f7c4418307?source=3Dcve https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.5/ecommerce/Coupo= nController.php#L106 https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.5/ecommerce/Coupo= nController.php#L658 https://plugins.trac.wordpress.org/changeset/3448615/tutor/trunk/ecommerce/= CouponController.php?contextall=3D1&old=3D3422766&old_path=3D%2Ftutor%2Ftru= nk%2Fecommerce%2FCouponController.php
=C2=A0 getwpfunnels--Mail Mint Newsletters, Email Marketing, Automation, Wo= oCommerce Emails, Post Notification, and more The Mail Mint plugin for Word= Press is vulnerable to Cross-Site Request Forgery in all versions up to, an=
d including, 1.19.2. This is due to missing nonce validation on the create_= or_update_note function. This makes it possible for unauthenticated attacke=
rs to create or update contact notes via a forged request granted they can = trick a site administrator into performing an action such as clicking on a = link. Due to missing sanitization and escaping this can lead to stored Cros= s-Site Scripting. 2026-02-03 5.4 CVE-2026-1447 [ https://www.cve.org/CVERec= ord?id=3DCVE-2026-1447 ] https://www.wordfence.com/threat-intel/vulnerabili= ties/id/e67ae204-2848-4389-a78d-7b3798e4ee54?source=3Dcve https://plugins.trac.wordpress.org/browser/mail-mint/trunk/app/API/Routes/A= dmin/Contact/ContactProfileRoute.php#L105 https://plugins.trac.wordpress.org/browser/mail-mint/tags/1.19.2/app/API/Ro= utes/Admin/Contact/ContactProfileRoute.php#L105 https://plugins.trac.wordpress.org/browser/mail-mint/trunk/app/API/Actions/= Admin/Contact/ContactProfileAction.php#L85 https://plugins.trac.wordpress.org/browser/mail-mint/tags/1.19.2/app/API/Ac= tions/Admin/Contact/ContactProfileAction.php#L85 https://plugins.trac.wordpress.org/changeset/3449536/mail-mint/trunk/app/AP= I/Actions/Admin/Contact/ContactProfileAction.php?old=3D3032077&old_path=3Dm= ail-mint%2Ftrunk%2Fapp%2FAPI%2FActions%2FAdmin%2FContact%2FContactProfileAc= tion.php
=C2=A0 F5--NGINX Open Source A vulnerability exists in NGINX OSS and NGINX = Plus when configured to proxy to upstream Transport Layer Security (TLS) se= rvers. An attacker with a man-in-the-middle (MITM) position on the upstream=
server side-along with conditions beyond the attacker's control-may be abl=
e to inject plain text data into the response from an upstream proxied serv= er.=C2=A0=C2=A0Note: Software versions which have reached End of Technical = Support (EoTS) are not evaluated. 2026-02-04 5.9 CVE-2026-1642 [ https://ww= w.cve.org/CVERecord?id=3DCVE-2026-1642 ] https://my.f5.com/manage/s/article= /K000159824
=C2=A0 brstefanovic--Advanced Country Blocker The Advanced Country Blocker = plugin for WordPress is vulnerable to Authorization Bypass in all versions =
up to, and including, 2.3.1 due to the use of a predictable default value f=
or the secret bypass key created during installation without requiring user=
s to change it. This makes it possible for unauthenticated attackers to byp= ass the geolocation blocking mechanism by appending the key to any URL on s= ites where the administrator has not changed the default value. 2026-02-07 = 5.3 CVE-2026-1675 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1675 ] http= s://www.wordfence.com/threat-intel/vulnerabilities/id/30747988-83f9-41f9-9b= c5-1f533bc4cb94?source=3Dcve https://plugins.trac.wordpress.org/browser/advanced-country-blocker/tags/2.= 3.1/advanced-country-blocking.php#L278 https://plugins.trac.wordpress.org/browser/advanced-country-blocker/tags/2.= 3.1/advanced-country-blocking.php#L336 https://plugins.trac.wordpress.org/browser/advanced-country-blocker/tags/2.= 3.1/advanced-country-blocking.php#L420
=C2=A0 n/a--Open5GS A security vulnerability has been detected in Open5GS u=
p to 2.7.6. Impacted is the function sgwc_s11_handle_create_indirect_data_f= orwarding_tunnel_request of the file /src/sgwc/s11-handler.c of the compone=
nt SGWC. Such manipulation leads to reachable assertion. The attack may be = launched remotely. The exploit has been disclosed publicly and may be used.=
A patch should be applied to remediate this issue. The issue report is fla= gged as already-fixed. 2026-02-02 5.3 CVE-2026-1736 [ https://www.cve.org/C= VERecord?id=3DCVE-2026-1736 ] VDB-343635 | Open5GS SGWC s11-handler.c asser= tion [ https://vuldb.com/?id.343635 ]
VDB-343635 | CTI Indicators (IOB, IOC, IOA) [ https://vuldb.com/?ctiid.3436=
35 ]
Submit #741191 | Open5GS SGWC v2.7.6 Denial of Service [ https://vuldb.com/= ?submit.741191 ]
https://github.com/open5gs/open5gs/issues/4270 https://github.com/open5gs/open5gs/issues/4270#event-21968624624 https://github.com/open5gs/open5gs/issues/4270#issue-3795141303 https://github.com/open5gs/open5gs/
=C2=A0 n/a--Open5GS A vulnerability was detected in Open5GS up to 2.7.6. Th=
e affected element is the function sgwc_s5c_handle_create_bearer_request of=
the file /src/sgwc/s5c-handler.c of the component CreateBearerRequest Hand= ler. Performing a manipulation results in reachable assertion. Remote explo= itation of the attack is possible. The exploit is now public and may be use=
d. To fix this issue, it is recommended to deploy a patch. The issue report=
is flagged as already-fixed. 2026-02-02 5.3 CVE-2026-1737 [ https://www.cv= e.org/CVERecord?id=3DCVE-2026-1737 ] VDB-343636 | Open5GS CreateBearerReque=
st s5c-handler.c sgwc_s5c_handle_create_bearer_request assertion [ https://= vuldb.com/?id.343636 ]
VDB-343636 | CTI Indicators (IOB, IOC, IOA) [ https://vuldb.com/?ctiid.3436=
36 ]
Submit #741192 | Open5GS SGWC v2.7.6 Denial of Service [ https://vuldb.com/= ?submit.741192 ]
https://github.com/open5gs/open5gs/issues/4271 https://github.com/open5gs/open5gs/issues/4271#event-21968630023 https://github.com/open5gs/open5gs/issues/4271#issue-3795147720 https://github.com/open5gs/open5gs/
=C2=A0 n/a--Open5GS A flaw has been found in Open5GS up to 2.7.6. The impac= ted element is the function sgwc_tunnel_add of the file /src/sgwc/context.c=
of the component SGWC. Executing a manipulation of the argument pdr can le=
ad to reachable assertion. The attack can be executed remotely. The exploit=
has been published and may be used. It is advisable to implement a patch t=
o correct this issue. The issue report is flagged as already-fixed. 2026-02= -02 5.3 CVE-2026-1738 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1738 ] = VDB-343637 | Open5GS SGWC context.c sgwc_tunnel_add assertion [ https://vul= db.com/?id.343637 ]
VDB-343637 | CTI Indicators (IOB, IOC, IOA) [ https://vuldb.com/?ctiid.3436=
37 ]
Submit #741193 | Open5gs SGWC v2.7.6 Denial of Service [ https://vuldb.com/= ?submit.741193 ]
https://github.com/open5gs/open5gs/issues/4261 https://github.com/open5gs/open5gs/issues/4261#event-21968563677 https://github.com/open5gs/open5gs/issues/4261#issue-3787803578 https://github.com/open5gs/open5gs/
=C2=A0 Free5GC--pcf A vulnerability has been found in Free5GC pcf up to 1.4= .1. This affects the function HandleCreateSmPolicyRequest of the file inter= nal/sbi/processor/smpolicy.go. The manipulation leads to null pointer deref= erence. The attack is possible to be carried out remotely. The exploit has = been disclosed to the public and may be used. The identifier of the patch i=
s df535f5524314620715e842baf9723efbeb481a7. Applying a patch is the recomme= nded action to fix this issue. 2026-02-02 5.3 CVE-2026-1739 [ https://www.c= ve.org/CVERecord?id=3DCVE-2026-1739 ] VDB-343638 | Free5GC pcf smpolicy.go = HandleCreateSmPolicyRequest null pointer dereference [ https://vuldb.com/?i= d.343638 ]
VDB-343638 | CTI Indicators (IOB, IOC, IOA) [ https://vuldb.com/?ctiid.3436=
38 ]
Submit #741194 | free5gc PCF v4.1.0 Denial of Service [ https://vuldb.com/?= submit.741194 ]
https://github.com/free5gc/free5gc/issues/803 https://github.com/free5gc/pcf/pull/62 https://github.com/free5gc/free5gc/issues/803#issue-3815770007 https://github.com/free5gc/pcf/commit/df535f5524314620715e842baf9723efbeb48= 1a7
https://github.com/free5gc/pcf/
=C2=A0 Red Hat--Red Hat Enterprise Linux 10 A flaw was found in SoupServer.=
This HTTP request smuggling vulnerability occurs because SoupServer improp= erly handles requests that combine Transfer-Encoding: chunked and Connectio=
n: keep-alive headers. A remote, unauthenticated client can exploit this by=
sending specially crafted requests, causing SoupServer to fail to close th=
e connection as required by RFC 9112. This allows the attacker to smuggle a= dditional requests over the persistent connection, leading to unintended re= quest processing and potential denial-of-service (DoS) conditions. 2026-02-=
02 5.3 CVE-2026-1760 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1760 ] h= ttps://access.redhat.com/security/cve/CVE-2026-1760
RHBZ#2435951 [ https://bugzilla.redhat.com/show_bug.cgi?id=3D2435951 ]
=C2=A0 Xerox--CentreWare Improper Neutralization of Input During Web Page G= eneration (XSS or 'Cross-site Scripting') vulnerability in Xerox CentreWare=
on Windows allows Stored XSS. This issue affects CentreWare: through 7.0.6= .=C2=A0 Consider upgrading Xerox=C2=AE CentreWare Web=C2=AE to v7.2.2.25 vi=
a the software available on Xerox.com 2026-02-06 5.3 CVE-2026-1769 [ https:= //www.cve.org/CVERecord?id=3DCVE-2026-1769 ] https://securitydocs.business.= xerox.com/wp-content/uploads/2026/02/Xerox-Security-Bulletin-XRX26-003-for-= Xerox-CentreWare-Web.pdf
=C2=A0 AWS--SageMaker Python SDK Amazon SageMaker Python SDK before v3.1.1 =
or v2.256.0 disables TLS certificate verification for HTTPS connections mad=
e by the service when a Triton Python model is imported, incorrectly allowi=
ng for requests with invalid and self-signed certificates to succeed. 2026-= 02-02 5.9 CVE-2026-1778 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1778 =
] https://aws.amazon.com/security/security-bulletins/2026-004-AWS/ https://github.com/aws/sagemaker-python-sdk/security/advisories/GHSA-62rc-f= 4v9-h543
https://github.com/aws/sagemaker-python-sdk/releases/tag/v3.1.1 https://github.com/aws/sagemaker-python-sdk/releases/tag/v2.256.0
=C2=A0 Red Hat--Red Hat Enterprise Linux 10 A flaw was found in libsoup, an=
HTTP client/server library. This HTTP Request Smuggling vulnerability aris=
es from non-RFC-compliant parsing in the soup_filter_input_stream_read_line=
() logic, where libsoup accepts malformed chunk headers, such as lone line = feed (LF) characters instead of the required carriage return and line feed = (CRLF). A remote attacker can exploit this without authentication or user i= nteraction by sending specially crafted chunked requests. This allows libso=
up to parse and process multiple HTTP requests from a single network messag=
e, potentially leading to information disclosure. 2026-02-03 5.3 CVE-2026-1= 801 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1801 ] https://access.red= hat.com/security/cve/CVE-2026-1801
RHBZ#2436315 [ https://bugzilla.redhat.com/show_bug.cgi?id=3D2436315 ]
=C2=A0 n/a--WeKan A security vulnerability has been detected in WeKan up to=
8.20. This affects the function setBoardOrgs of the file models/boards.js =
of the component REST API. Such manipulation of the argument item.cardId/it= em.checklistId/card.boardId leads to improper authorization. The attack may=
be launched remotely. A high complexity level is associated with this atta= ck. The exploitability is reported as difficult. Upgrading to version 8.21 = mitigates this issue. The name of the patch is cabfeed9a68e21c469bf206d8655= 941444b9912c. It is suggested to upgrade the affected component. 2026-02-04=
5 CVE-2026-1892 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1892 ] VDB-3= 44265 | WeKan REST API boards.js setBoardOrgs improper authorization [ http= s://vuldb.com/?id.344265 ]
VDB-344265 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344265 ]
Submit #742662 | Wekan <8.21 IDOR via REST API / improper object relationsh=
ip validation [ https://vuldb.com/?submit.742662 ] https://github.com/wekan/wekan/commit/cabfeed9a68e21c469bf206d8655941444b99= 12c
https://github.com/wekan/wekan/releases/tag/v8.21 https://github.com/wekan/wekan/
=C2=A0 Edimax--BR-6208AC A vulnerability was found in Edimax BR-6208AC 2_1.= 02. The affected element is the function auth_check_userpass2. Performing a=
manipulation of the argument Username/Password results in use of default c= redentials. The attack may be initiated remotely. The exploit has been made=
public and could be used. The vendor confirms that the affected product is=
end-of-life. They confirm that they "will issue a consolidated Security Ad= visory on our official support website." This vulnerability only affects pr= oducts that are no longer supported by the maintainer. 2026-02-06 5.3 CVE-2= 026-1972 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1972 ] VDB-344494 | = Edimax BR-6208AC auth_check_userpass2 default credentials [ https://vuldb.c= om/?id.344494 ]
VDB-344494 | CTI Indicators (IOB, IOC, IOA) [ https://vuldb.com/?ctiid.3444=
94 ]
Submit #744032 | Edimax BR-6208AC V2_1.02 Weak Authentication [ https://vul= db.com/?submit.744032 ] https://tzh00203.notion.site/EDIMAX-BR-6208AC-V2_1-02-Weak-Password-Authent= ication-Vulnerability-in-auth_check_userpass2-Functi-2f0b5c52018a801c9645dd= 5261717901?source=3Dcopy_link
=C2=A0 n/a--Free5GC A vulnerability was determined in Free5GC up to 4.1.0. = The impacted element is the function establishPfcpSession of the component = SMF. Executing a manipulation can lead to null pointer dereference. The att= ack may be launched remotely. The exploit has been publicly disclosed and m=
ay be utilized. It is best practice to apply a patch to resolve this issue.=
2026-02-06 5.3 CVE-2026-1973 [ https://www.cve.org/CVERecord?id=3DCVE-2026= -1973 ] VDB-344495 | Free5GC SMF establishPfcpSession null pointer derefere= nce [ https://vuldb.com/?id.344495 ]
VDB-344495 | CTI Indicators (IOB, IOC, IOA) [ https://vuldb.com/?ctiid.3444=
95 ]
Submit #743236 | free5gc SMF v4.1.0 Denial of Service [ https://vuldb.com/?= submit.743236 ]
https://github.com/free5gc/free5gc/issues/815 https://github.com/free5gc/free5gc/issues/815#issue-3832032062 https://github.com/free5gc/smf/pull/189
https://github.com/free5gc/free5gc/
=C2=A0 n/a--Free5GC A vulnerability was identified in Free5GC up to 4.1.0. = This affects the function ResolveNodeIdToIp of the file internal/sbi/proces= sor/datapath.go of the component SMF. The manipulation leads to denial of s= ervice. Remote exploitation of the attack is possible. The exploit is publi= cly available and might be used. It is recommended to apply a patch to fix = this issue. 2026-02-06 5.3 CVE-2026-1974 [ https://www.cve.org/CVERecord?id= =3DCVE-2026-1974 ] VDB-344496 | Free5GC SMF datapath.go ResolveNodeIdToIp d= enial of service [ https://vuldb.com/?id.344496 ]
VDB-344496 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344496 ]
Submit #743237 | free5gc SMF v4.1.0 Denial of Service [ https://vuldb.com/?= submit.743237 ]
https://github.com/free5gc/free5gc/issues/816 https://github.com/free5gc/free5gc/issues/816#issue-3832055233 https://github.com/free5gc/smf/pull/189
https://github.com/free5gc/free5gc/
=C2=A0 n/a--Free5GC A security flaw has been discovered in Free5GC up to 4.= 1.0. This impacts the function identityTriggerType of the file pfcp_reports= .go. The manipulation results in null pointer dereference. The attack can b=
e executed remotely. The exploit has been released to the public and may be=
used for attacks. Applying a patch is advised to resolve this issue. 2026-= 02-06 5.3 CVE-2026-1975 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1975 =
] VDB-344497 | Free5GC pfcp_reports.go identityTriggerType null pointer der= eference [ https://vuldb.com/?id.344497 ]
VDB-344497 | CTI Indicators (IOB, IOC, IOA) [ https://vuldb.com/?ctiid.3444=
97 ]
Submit #743238 | free5gc SMF v4.1.0 Denial of Service [ https://vuldb.com/?= submit.743238 ]
https://github.com/free5gc/free5gc/issues/814 https://github.com/free5gc/free5gc/issues/814#issue-3831993593 https://github.com/free5gc/smf/pull/189
https://github.com/free5gc/free5gc/
=C2=A0 n/a--Free5GC A weakness has been identified in Free5GC up to 4.1.0. = Affected is the function SessionDeletionResponse of the component SMF. This=
manipulation causes null pointer dereference. The attack is possible to be=
carried out remotely. The exploit has been made available to the public an=
d could be used for attacks. It is suggested to install a patch to address = this issue. 2026-02-06 5.3 CVE-2026-1976 [ https://www.cve.org/CVERecord?id= =3DCVE-2026-1976 ] VDB-344498 | Free5GC SMF SessionDeletionResponse null po= inter dereference [ https://vuldb.com/?id.344498 ]
VDB-344498 | CTI Indicators (IOB, IOC, IOA) [ https://vuldb.com/?ctiid.3444=
98 ]
Submit #743239 | free5gc SMF v4.1.0 Denial of Service [ https://vuldb.com/?= submit.743239 ]
https://github.com/free5gc/free5gc/issues/817 https://github.com/free5gc/free5gc/issues/817#issue-3832188092 https://github.com/free5gc/smf/pull/189
https://github.com/free5gc/free5gc/
=C2=A0 kalyan02--NanoCMS A vulnerability was detected in kalyan02 NanoCMS u=
p to 0.4. Affected by this issue is some unknown functionality of the file = /data/pagesdata.txt of the component User Information Handler. Performing a=
manipulation results in direct request. It is possible to initiate the att= ack remotely. The exploit is now public and may be used. You should change = the configuration settings. 2026-02-06 5.3 CVE-2026-1978 [ https://www.cve.= org/CVERecord?id=3DCVE-2026-1978 ] VDB-344500 | kalyan02 NanoCMS User Infor= mation pagesdata.txt direct request [ https://vuldb.com/?id.344500 ]
VDB-344500 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344500 ]
Submit #743260 | SourceCodester NanoCMS V0.4 Sensitive document leak [ http= s://vuldb.com/?submit.743260 ] https://github.com/kalyan02/NanoCMS/blob/master/data/pagesdata.txt https://github.com/kalyan02/NanoCMS/
=C2=A0 n/a--mruby A flaw has been found in mruby up to 3.4.0. This affects = the function mrb_vm_exec of the file src/vm.c of the component JMPNOT-to-JM= PIF Optimization. Executing a manipulation can lead to use after free. The = attack needs to be launched locally. The exploit has been published and may=
be used. This patch is called e50f15c1c6e131fa7934355eb02b8173b13df415. It=
is advisable to implement a patch to correct this issue. 2026-02-06 5.3 CV= E-2026-1979 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1979 ] VDB-344501=
| mruby JMPNOT-to-JMPIF Optimization vm.c mrb_vm_exec use after free [ htt= ps://vuldb.com/?id.344501 ]
VDB-344501 | CTI Indicators (IOB, IOC, IOA) [ https://vuldb.com/?ctiid.3445=
01 ]
Submit #743377 | mruby cda2567 Use After Free [ https://vuldb.com/?submit.7= 43377 ]
https://github.com/mruby/mruby/issues/6701 https://github.com/mruby/mruby/issues/6701#issue-3802609843 https://github.com/sysfce2/mruby/commit/e50f15c1c6e131fa7934355eb02b8173b13= df415
https://github.com/mruby/mruby/
=C2=A0 happyfish100--libfastcommon A security vulnerability has been detect=
ed in happyfish100 libfastcommon up to 1.0.84. Affected by this vulnerabili=
ty is the function base64_decode of the file src/base64.c. The manipulation=
leads to stack-based buffer overflow. Local access is required to approach=
this attack. The exploit has been disclosed publicly and may be used. The = identifier of the patch is 82f66af3e252e3e137dba0c3891570f085e79adf. Applyi=
ng a patch is the recommended action to fix this issue. 2026-02-06 5.3 CVE-= 2026-2016 [ https://www.cve.org/CVERecord?id=3DCVE-2026-2016 ] VDB-344598 |=
happyfish100 libfastcommon base64.c base64_decode stack-based overflow [ h= ttps://vuldb.com/?id.344598 ]
VDB-344598 | CTI Indicators (IOB, IOC, IOA) [ https://vuldb.com/?ctiid.3445=
98 ]
Submit #743873 | happyfish100 libfastcommon V1.0.84 and earlier Heap-based = Buffer Overflow [ https://vuldb.com/?submit.743873 ] https://github.com/happyfish100/libfastcommon/issues/55 https://github.com/happyfish100/libfastcommon/issues/55#issuecomment-377675= 7848
https://github.com/happyfish100/libfastcommon/issues/55#issue-3836362577 https://github.com/happyfish100/libfastcommon/commit/82f66af3e252e3e137dba0= c3891570f085e79adf
https://github.com/happyfish100/libfastcommon/
=C2=A0 D-Link--DIR-605L A security flaw has been discovered in D-Link DIR-6= 05L and DIR-619L 2.06B01/2.13B01. Impacted is an unknown function of the co= mponent Wifi Setting Handler. Performing a manipulation results in informat= ion disclosure. The attack may be initiated remotely. The exploit has been = released to the public and may be used for attacks. This vulnerability only=
affects products that are no longer supported by the maintainer. 2026-02-0=
6 5.3 CVE-2026-2054 [ https://www.cve.org/CVERecord?id=3DCVE-2026-2054 ] VD= B-344614 | D-Link DIR-605L/DIR-619L Wifi Setting information disclosure [ h= ttps://vuldb.com/?id.344614 ]
VDB-344614 | CTI Indicators (IOB, IOC, TTP) [ https://vuldb.com/?ctiid.3446=
14 ]
Submit #744224 | D-Link DIR619L=E3=80=81DIR605L 2.06B01=E3=80=812.13B01 Imp= roper Access Controls [ https://vuldb.com/?submit.744224 ] https://github.com/wudipjq/my_vuln/blob/main/D-Link7/vuln_81/81.md https://github.com/wudipjq/my_vuln/blob/main/D-Link7/vuln_81/81.md#poc--res= ult
https://www.dlink.com/
=C2=A0 D-Link--DIR-605L A weakness has been identified in D-Link DIR-605L a=
nd DIR-619L 2.06B01/2.13B01. The affected element is an unknown function of=
the component DHCP Client Information Handler. Executing a manipulation ca=
n lead to information disclosure. The attack may be launched remotely. The = exploit has been made available to the public and could be used for attacks=
. This vulnerability only affects products that are no longer supported by = the maintainer. 2026-02-06 5.3 CVE-2026-2055 [ https://www.cve.org/CVERecor= d?id=3DCVE-2026-2055 ] VDB-344615 | D-Link DIR-605L/DIR-619L DHCP Client In= formation information disclosure [ https://vuldb.com/?id.344615 ]
VDB-344615 | CTI Indicators (IOB, IOC, TTP) [ https://vuldb.com/?ctiid.3446=
15 ]
Submit #744225 | D-Link DIR619L=E3=80=81DIR605L 2.06B01=E3=80=812.13B01 Imp= roper Access Controls [ https://vuldb.com/?submit.744225 ] https://github.com/wudipjq/my_vuln/blob/main/D-Link7/vuln_82/82.md https://github.com/wudipjq/my_vuln/blob/main/D-Link7/vuln_82/82.md#poc--res= ult
https://www.dlink.com/
=C2=A0 D-Link--DIR-605L A security vulnerability has been detected in D-Lin=
k DIR-605L and DIR-619L 2.06B01/2.13B01. The impacted element is an unknown=
function of the file /wan_connection_status.asp of the component DHCP Conn= ection Status Handler. The manipulation leads to information disclosure. Re= mote exploitation of the attack is possible. The exploit has been disclosed=
publicly and may be used. This vulnerability only affects products that ar=
e no longer supported by the maintainer. 2026-02-06 5.3 CVE-2026-2056 [ htt= ps://www.cve.org/CVERecord?id=3DCVE-2026-2056 ] VDB-344616 | D-Link DIR-605= L/DIR-619L DHCP Connection Status wan_connection_status.asp information dis= closure [ https://vuldb.com/?id.344616 ]
VDB-344616 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344616 ]
Submit #744226 | D-Link DIR619L=E3=80=81DIR605L 2.06B01=E3=80=812.13B01 Imp= roper Access Controls [ https://vuldb.com/?submit.744226 ] https://github.com/wudipjq/my_vuln/blob/main/D-Link7/vuln_83/83.md https://github.com/wudipjq/my_vuln/blob/main/D-Link7/vuln_82/82.md#poc--res= ult
https://www.dlink.com/
=C2=A0 n/a--Open5GS A vulnerability was identified in Open5GS up to 2.7.6. = This affects the function sgwc_s5c_handle_modify_bearer_response/sgwc_sxa_h= andle_session_modification_response of the component PGW S5U Address Handle=
r. The manipulation leads to null pointer dereference. The attack can be in= itiated remotely. The exploit is publicly available and might be used. The = identifier of the patch is f1bbd7b57f831e2a070780a7d8d5d4c73babdb59. Applyi=
ng a patch is the recommended action to fix this issue. 2026-02-06 5.3 CVE-= 2026-2062 [ https://www.cve.org/CVERecord?id=3DCVE-2026-2062 ] VDB-344622 |=
Open5GS PGW S5U Address sgwc_sxa_handle_session_modification_response null=
pointer dereference [ https://vuldb.com/?id.344622 ]
VDB-344622 | CTI Indicators (IOB, IOC, IOA) [ https://vuldb.com/?ctiid.3446=
22 ]
Submit #744719 | Open5GS SGWC v2.7.6 Denial of Service [ https://vuldb.com/= ?submit.744719 ]
https://github.com/open5gs/open5gs/issues/4257 https://github.com/open5gs/open5gs/issues/4257#issue-3787701521 https://github.com/open5gs/open5gs/commit/f1bbd7b57f831e2a070780a7d8d5d4c73= babdb59
https://github.com/open5gs/open5gs/
=C2=A0 jsbroks--COCO Annotator A vulnerability was determined in jsbroks CO=
CO Annotator up to 0.11.1. This impacts an unknown function of the file /ap= i/info/long_task of the component Endpoint. This manipulation causes denial=
of service. The attack may be initiated remotely. The exploit has been pub= licly disclosed and may be utilized. The vendor was contacted early about t= his disclosure but did not respond in any way. 2026-02-07 5.3 CVE-2026-2108=
[ https://www.cve.org/CVERecord?id=3DCVE-2026-2108 ] VDB-344684 | jsbroks = COCO Annotator Endpoint long_task denial of service [ https://vuldb.com/?id= .344684 ]
VDB-344684 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344684 ]
Submit #745547 | coco-annotator 0.11.1 Denial of Service [ https://vuldb.co= m/?submit.745547 ] https://github.com/nmmorette/vulnerability-research/blob/main/coco-anotator= /Unauthenticated%20Task%20Queue%20Flood%20in%20COCO%20Annotator%202f1ef09b8= 73680f99d39e3f7db9886fa.md
=C2=A0 jsbroks--COCO Annotator A vulnerability was identified in jsbroks CO=
CO Annotator up to 0.11.1. Affected is an unknown function of the file /api= /undo/ of the component Delete Category Handler. Such manipulation of the a= rgument ID leads to improper authorization. The attack may be launched remo= tely. The exploit is publicly available and might be used. The vendor was c= ontacted early about this disclosure but did not respond in any way. 2026-0= 2-07 5.4 CVE-2026-2109 [ https://www.cve.org/CVERecord?id=3DCVE-2026-2109 ]=
VDB-344685 | jsbroks COCO Annotator Delete Category undo improper authoriz= ation [ https://vuldb.com/?id.344685 ]
VDB-344685 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344685 ]
Submit #745579 | coco-annotator v0.11.1 Broken Function Level Authorization=
[ https://vuldb.com/?submit.745579 ] https://github.com/nmmorette/vulnerability-research/blob/main/BFLA%20COCO%2= 0Annotator%20in%20DELETE%20api%20undo/BFLA%20COCO%20Annotator%20in%20DELETE= %20api%20undo%202f1ef09b8736807aa1f7ede4b64fa35d.md
=C2=A0 Tenda--AC21 A weakness has been identified in Tenda AC21 16.03.08.16=
. This impacts an unknown function of the file /cgi-bin/DownloadLog of the = component Web Management Interface. Executing a manipulation can lead to in= formation disclosure. The attack may be performed from remote. The exploit = has been made available to the public and could be used for attacks. 2026-0= 2-08 5.3 CVE-2026-2147 [ https://www.cve.org/CVERecord?id=3DCVE-2026-2147 ]=
VDB-344849 | Tenda AC21 Web Management DownloadLog information disclosure =
[ https://vuldb.com/?id.344849 ]
VDB-344849 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344849 ]
Submit #747429 | Tenda AC21 V16.03.08.16 Missing Critical Step in Authentic= ation [ https://vuldb.com/?submit.747429 ] https://github.com/master-abc/cve/issues/30
https://www.tenda.com.cn/
=C2=A0 Tenda--AC21 A security vulnerability has been detected in Tenda AC21=
16.03.08.16. Affected is an unknown function of the file /cgi-bin/Download= Flash of the component Web Management Interface. The manipulation leads to = information disclosure. It is possible to initiate the attack remotely. The=
exploit has been disclosed publicly and may be used. 2026-02-08 5.3 CVE-20= 26-2148 [ https://www.cve.org/CVERecord?id=3DCVE-2026-2148 ] VDB-344850 | T= enda AC21 Web Management DownloadFlash information disclosure [ https://vul= db.com/?id.344850 ]
VDB-344850 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344850 ]
Submit #747557 | Tenda AC21 V16.03.08.16 Missing Critical Step in Authentic= ation [ https://vuldb.com/?submit.747557 ] https://github.com/master-abc/cve/issues/27
https://www.tenda.com.cn/
=C2=A0 n/a--WeKan A weakness has been identified in WeKan up to 8.20. This = issue affects some unknown processing of the file server/publications/activ= ities.js of the component Activity Publication Handler. Executing a manipul= ation can lead to information disclosure. It is possible to launch the atta=
ck remotely. Upgrading to version 8.21 is capable of addressing this issue.=
This patch is called 91a936e07d2976d4246dfe834281c3aaa87f9503. You should = upgrade the affected component. 2026-02-08 5.3 CVE-2026-2207 [ https://www.= cve.org/CVERecord?id=3DCVE-2026-2207 ] VDB-344921 | WeKan Activity Publicat= ion activities.js LinkedBoardActivitiesBleed information disclosure [ https= ://vuldb.com/?id.344921 ]
VDB-344921 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344921 ]
Submit #752163 | Wekan <8.21 Information disclosure via insufficient author= ization filtering [ https://vuldb.com/?submit.752163 ] https://github.com/wekan/wekan/commit/91a936e07d2976d4246dfe834281c3aaa87f9= 503
https://github.com/wekan/wekan/releases/tag/v8.21 https://github.com/wekan/wekan/
=C2=A0 F5--BIG-IP When a BIG-IP Advanced WAF or ASM security policy is conf= igured on a virtual server, undisclosed requests along with conditions beyo=
nd the attacker's control can cause the bd=C2=A0process to terminate.=C2=A0=
Note: Software versions which have reached End of Technical Support (EoTS)=
are not evaluated. 2026-02-04 5.9 CVE-2026-22548 [ https://www.cve.org/CVE= Record?id=3DCVE-2026-22548 ] https://my.f5.com/manage/s/article/K000158072 =C2=A0 NeoRazorX--facturascripts FacturaScripts is open-source enterprise r= esource planning and accounting software. Prior to 2025.8, there a reflecte=
d XSS bug in FacturaScripts. The problem is in how error messages get displ= ayed. Twig's | raw filter is used, which skips HTML escaping. When triggeri=
ng a database error (like passing a string where an integer is expected), t=
he error message includes the input and gets rendered without sanitization.=
This vulnerability is fixed in 2025.8. 2026-02-02 5.4 CVE-2026-23476 [ htt= ps://www.cve.org/CVERecord?id=3DCVE-2026-23476 ] https://github.com/NeoRazo= rX/facturascripts/security/advisories/GHSA-g6w2-q45f-xrp4 https://github.com/NeoRazorX/facturascripts/commit/2afd98cecd26c5f8357e0e32= 1d86063ad1012fc3 https://github.com/NeoRazorX/facturascripts/releases/tag/v2025.8
=C2=A0 CollaboraOnline--online Collabora Online is a collaborative online o= ffice suite based on LibreOffice technology. Prior to Collabora Online Deve= lopment Edition version 25.04.08.2 and prior to Collabora Online versions 2= 3.05.20.1, 24.04.17.3, and 25.04.7.5, a user with view-only rights and no d= ownload privileges can obtain a local copy of a shared file. Although there=
are no corresponding buttons in the interface, pressing Ctrl+Shift+S initi= ates the file download process. This allows the user to bypass the access r= estrictions and leads to unauthorized data retrieval. This issue has been p= atched in Collabora Online Development Edition version 25.04.08.2 and Colla= bora Online versions 23.05.20.1, 24.04.17.3, and 25.04.7.5. 2026-02-05 5.3 = CVE-2026-23623 [ https://www.cve.org/CVERecord?id=3DCVE-2026-23623 ] https:= //github.com/CollaboraOnline/online/security/advisories/GHSA-68v6-r6qq-mmq2 =C2=A0 gunet--openeclass The Open eClass platform (formerly known as GUnet = eClass) is a complete course management system. Prior to version 4.2, a use= rname enumeration vulnerability allows unauthenticated attackers to identif=
y valid user accounts by analyzing differences in the login response behavi= or. This issue has been patched in version 4.2. 2026-02-03 5.3 CVE-2026-246=
64 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24664 ] https://github.com= /gunet/openeclass/security/advisories/GHSA-c3wq-m629-5h2j
=C2=A0 gunet--openeclass The Open eClass platform (formerly known as GUnet = eClass) is a complete course management system. Prior to version 4.2, failu=
re to invalidate active user sessions after a password change allows existi=
ng session tokens to remain valid, potentially enabling unauthorized contin= ued access to user accounts. This issue has been patched in version 4.2. 20= 26-02-03 5 CVE-2026-24667 [ https://www.cve.org/CVERecord?id=3DCVE-2026-246=
67 ] https://github.com/gunet/openeclass/security/advisories/GHSA-5h73-53mh= -m224
=C2=A0 Huawei--HarmonyOS Identity authentication bypass vulnerability in th=
e window module. Impact: Successful exploitation of this vulnerability may = affect service confidentiality. 2026-02-06 5.9 CVE-2026-24916 [ https://www= .cve.org/CVERecord?id=3DCVE-2026-24916 ] https://consumer.huawei.com/en/sup= port/bulletin/2026/2/
=C2=A0 Huawei--HarmonyOS Out-of-bounds access vulnerability in the frequenc=
y modulation module. Impact: Successful exploitation of this vulnerability = may affect availability. 2026-02-06 5.5 CVE-2026-24927 [ https://www.cve.or= g/CVERecord?id=3DCVE-2026-24927 ] https://consumer.huawei.com/en/support/bu= lletin/2026/2/
=C2=A0 Huawei--HarmonyOS Out-of-bounds write vulnerability in the file syst=
em module. Impact: Successful exploitation of this vulnerability may affect=
service confidentiality. 2026-02-06 5.8 CVE-2026-24928 [ https://www.cve.o= rg/CVERecord?id=3DCVE-2026-24928 ] https://consumer.huawei.com/en/support/b= ulletin/2026/2/
=C2=A0 Huawei--HarmonyOS Out-of-bounds read vulnerability in the graphics m= odule. Impact: Successful exploitation of this vulnerability may affect ava= ilability. 2026-02-06 5.9 CVE-2026-24929 [ https://www.cve.org/CVERecord?id= =3DCVE-2026-24929 ] https://consumer.huawei.com/en/support/bulletin/2026/2/ https://consumer.huawei.com/en/support/bulletinlaptops/2026/2/
=C2=A0 Huawei--HarmonyOS Vulnerability of improper criterion security check=
in the card module. Impact: Successful exploitation of this vulnerability = may affect service confidentiality. 2026-02-06 5.9 CVE-2026-24931 [ https:/= /www.cve.org/CVERecord?id=3DCVE-2026-24931 ] https://consumer.huawei.com/en= /support/bulletin/2026/2/ https://consumer.huawei.com/en/support/bulletinlaptops/2026/2/
=C2=A0 chainguard-dev--apko apko allows users to build and publish OCI cont= ainer images built from apk packages. From version 0.14.8 to before 1.1.0, = expandapk.Split drains the first gzip stream of an APK archive via io.Copy(= io.Discard, gzi) without explicit bounds. With an attacker-controlled input=
stream, this can force large gzip inflation work and lead to resource exha= ustion (availability impact). The Split function reads the first tar header=
, then drains the remainder of the gzip stream by reading from the gzip rea= der directly without any maximum uncompressed byte limit or inflate-ratio c= ap. A caller that parses attacker-controlled APK streams may be forced to s= pend excessive CPU time inflating gzip data, leading to timeouts or process=
slowdown. This issue has been patched in version 1.1.0. 2026-02-04 5.5 CVE= -2026-25122 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25122 ] https://g= ithub.com/chainguard-dev/apko/security/advisories/GHSA-6p9p-q6wh-9j89 https://github.com/chainguard-dev/apko/commit/2be3903fe194ad46351840f0569b3= 5f5ac965f09
=C2=A0 homarr-labs--homarr Homarr is an open-source dashboard. Prior to 1.5= 2.0, a public (unauthenticated) tRPC endpoint widget.app.ping accepts an ar= bitrary url and performs a server-side request to that URL. This allows an = unauthenticated attacker to trigger outbound HTTP requests from the Homarr = server, enabling SSRF behavior and a reliable port-scanning primitive (open=
vs closed ports can be inferred from statusCode vs fetch failed and timing=
). This vulnerability is fixed in 1.52.0. 2026-02-06 5.3 CVE-2026-25123 [ h= ttps://www.cve.org/CVERecord?id=3DCVE-2026-25123 ] https://github.com/homar= r-labs/homarr/security/advisories/GHSA-c6rh-8wj4-gv74
=C2=A0 Talishar--Talishar Talishar is a fan-made Flesh and Blood project. A=
Stored XSS exists in the chat in-game system. The playerID parameter in Su= bmitChat.php and is saved without sanitization and executed whenever a user=
view the current page game. This vulnerability is fixed by 09dd00e5452e3cd= 998eb1406a88e5b0fa868e6b4. 2026-02-02 5.3 CVE-2026-25144 [ https://www.cve.= org/CVERecord?id=3DCVE-2026-25144 ] https://github.com/Talishar/Talishar/se= curity/advisories/GHSA-rrr4-h2pc-57g6 https://github.com/Talishar/Talishar/commit/09dd00e5452e3cd998eb1406a88e5b0= fa868e6b4
=C2=A0 chainguard-dev--melange melange allows users to build apk packages u= sing declarative pipelines. From version 0.14.0 to before 0.40.3, an attack=
er who can influence a melange configuration file (e.g., through pull reque= st-driven CI or build-as-a-service scenarios) could read arbitrary files fr=
om the host system. The LicensingInfos function in pkg/config/config.go rea=
ds license files specified in copyright[].license-path without validating t= hat paths remain within the workspace directory, allowing path traversal vi=
a ../ sequences. The contents of the traversed file are embedded into the g= enerated SBOM as license text, enabling exfiltration of sensitive data thro= ugh build artifacts. This issue has been patched in version 0.40.3. 2026-02= -04 5.5 CVE-2026-25145 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25145 =
] https://github.com/chainguard-dev/melange/security/advisories/GHSA-2w4f-9= fgg-q2v9 https://github.com/chainguard-dev/melange/commit/2f95c9f4355ed993f2670bf1bb= 82d88b0f65e9e4
=C2=A0 QwikDev--qwik Qwik is a performance focused javascript framework. Pr= ior to version 1.19.0, Qwik City's server-side request handler inconsistent=
ly interprets HTTP request headers, which can be abused by a remote attacke=
r to circumvent form submission CSRF protections using specially crafted or=
multi-valued Content-Type headers. This issue has been patched in version = 1.19.0. 2026-02-03 5.9 CVE-2026-25151 [ https://www.cve.org/CVERecord?id=3D= CVE-2026-25151 ] https://github.com/QwikDev/qwik/security/advisories/GHSA-r= 666-8gjf-4v5f https://github.com/QwikDev/qwik/commit/eebf610e04cc3a690f11e10191d09ff0fca1= c7ed
=C2=A0 QwikDev--qwik Qwik is a performance focused javascript framework. Pr= ior to version 1.12.0, a typo in the regular expression within isContentTyp=
e causes incorrect parsing of certain Content-Type headers. This issue has = been patched in version 1.12.0. 2026-02-03 5.9 CVE-2026-25155 [ https://www= .cve.org/CVERecord?id=3DCVE-2026-25155 ] https://github.com/QwikDev/qwik/se= curity/advisories/GHSA-vm6g-8r4h-22x8 https://github.com/QwikDev/qwik/commit/d70d7099b90b998f1aac7cedc21c67d87bac= 4c75
=C2=A0 SignalK--signalk-server Signal K Server is a server application that=
runs on a central hub in a boat. Prior to 2.20.3, a path traversal vulnera= bility in SignalK Server's applicationData API allows authenticated users o=
n Windows systems to read, write, and list arbitrary files and directories =
on the filesystem. The validateAppId() function blocks forward slashes (/) = but not backslashes (\), which are treated as directory separators by path.= join() on Windows. This enables attackers to escape the intended applicatio= nData directory. This vulnerability is fixed in 2.20.3. 2026-02-02 5 CVE-20= 26-25228 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25228 ] https://gith= ub.com/SignalK/signalk-server/security/advisories/GHSA-vrhw-v2hw-jffx https://github.com/SignalK/signalk-server/commit/9bcf61c8fe2cb8a40998b913a0= 2fb64dff9e86c7
=C2=A0 ci4-cms-erp--ci4ms CI4MS is a CodeIgniter 4-based CMS skeleton that = delivers a production-ready, modular architecture with RBAC authorization a=
nd theme support. Prior to version 0.28.5.0, the authentication implementat= ion in CI4MS is vulnerable to email enumeration. An unauthenticated attacke=
r can determine whether an email address is registered in the system by ana= lyzing the application's response during the password reset process. This i= ssue has been patched in version 0.28.5.0. 2026-02-03 5.3 CVE-2026-25509 [ = https://www.cve.org/CVERecord?id=3DCVE-2026-25509 ] https://github.com/ci4-= cms-erp/ci4ms/security/advisories/GHSA-654x-9q7r-g966 https://github.com/ci4-cms-erp/ci4ms/commit/86be2930d1c54eb7575102563302b2f= 3bafcb653
=C2=A0 cert-manager--cert-manager cert-manager adds certificates and certif= icate issuers as resource types in Kubernetes clusters, and simplifies the = process of obtaining, renewing and using those certificates. In versions fr=
om 1.18.0 to before 1.18.5 and from 1.19.0 to before 1.19.3, the cert-manag= er-controller performs DNS lookups during ACME DNS-01 processing (for zone = discovery and propagation self-checks). By default, these lookups use stand= ard unencrypted DNS. An attacker who can intercept and modify DNS traffic f= rom the cert-manager-controller pod can insert a crafted entry into cert-ma= nager's DNS cache. Accessing this entry will trigger a panic, resulting in = denial=E2=80=91of=E2=80=91service (DoS) of the cert-manager controller. The=
issue can also be exploited if the authoritative DNS server for the domain=
being validated is controlled by a malicious actor. This issue has been pa= tched in versions 1.18.5 and 1.19.3. 2026-02-04 5.9 CVE-2026-25518 [ https:= //www.cve.org/CVERecord?id=3DCVE-2026-25518 ] https://github.com/cert-manag= er/cert-manager/security/advisories/GHSA-gx3x-vq4p-mhhv https://github.com/cert-manager/cert-manager/pull/8467 https://github.com/cert-manager/cert-manager/pull/8468 https://github.com/cert-manager/cert-manager/pull/8469 https://github.com/cert-manager/cert-manager/commit/409fc24e539711a07aae45e= d45abbe03dfdad2cc https://github.com/cert-manager/cert-manager/commit/9a73a0b3853035827edd37a= c463e4803ba10327d https://github.com/cert-manager/cert-manager/commit/d4faed26ae12115cceb807c= dc12507ebc28980e2
=C2=A0 OpenMage--magento-lts Magento-lts is a long-term support alternative=
to Magento Community Edition (CE). Prior to version 20.16.1, the admin url=
can be discovered without prior knowledge of it's location by exploiting t=
he X-Original-Url header on some configurations. This issue has been patche=
d in version 20.16.1. 2026-02-04 5.3 CVE-2026-25523 [ https://www.cve.org/C= VERecord?id=3DCVE-2026-25523 ] https://github.com/OpenMage/magento-lts/secu= rity/advisories/GHSA-jg68-vhv3-9r8f https://hackerone.com/bugs?subject=3Dopenmage&report_id=3D3416312
=C2=A0 payloadcms--payload Payload is a free and open source headless conte=
nt management system. Prior to 3.74.0, a cross-collection Insecure Direct O= bject Reference (IDOR) vulnerability exists in the payload-preferences inte= rnal collection. In multi-auth collection environments using Postgres or SQ= Lite with default serial/auto-increment IDs, authenticated users from one a= uth collection can read and delete preferences belonging to users in differ= ent auth collections when their numeric IDs collide. This vulnerability has=
been patched in v3.74.0. 2026-02-06 5.4 CVE-2026-25574 [ https://www.cve.o= rg/CVERecord?id=3DCVE-2026-25574 ] https://github.com/payloadcms/payload/se= curity/advisories/GHSA-jq29-r496-r955
=C2=A0 samclarke--SCEditor SCEditor is a lightweight WYSIWYG BBCode and XHT=
ML editor. Prior to 3.2.1, if an attacker has the ability control configura= tion options passed to sceditor.create(), like emoticons, charset, etc. the=
n it's possible for them to trigger an XSS attack due to lack of sanitisati=
on of configuration options. This vulnerability is fixed in 3.2.1. 2026-02-=
06 5.4 CVE-2026-25581 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25581 ]=
https://github.com/samclarke/SCEditor/security/advisories/GHSA-25fq-6qgg-q= pj8 https://github.com/samclarke/SCEditor/commit/5733aed4f0e257cb78e1ba191715fc= 458cbd473d
=C2=A0 PrestaShop--PrestaShop PrestaShop is an open source e-commerce web a= pplication. Prior to 8.2.4 and 9.0.3, there is a time-based user enumeratio=
n vulnerability in the user authentication functionality of PrestaShop. Thi=
s vulnerability allows an attacker to determine whether a customer account = exists in the system by measuring response times. This vulnerability is fix=
ed in 8.2.4 and 9.0.3. 2026-02-06 5.3 CVE-2026-25597 [ https://www.cve.org/= CVERecord?id=3DCVE-2026-25597 ] https://github.com/PrestaShop/PrestaShop/se= curity/advisories/GHSA-67v7-3g49-mxh2 https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.4 https://github.com/PrestaShop/PrestaShop/releases/tag/9.0.3
=C2=A0 Wing FTP Server--Wing FTP Server Wing FTP Server versions prior to 6= .2.7 contain a cross-site request forgery (CSRF) vulnerability in the web a= dministration interface that allows attackers to delete admin users. Attack= ers can craft a malicious HTML page with a hidden form to submit a request = that deletes the administrative user account without proper authorization. = 2026-02-06 4.3 CVE-2020-37079 [ https://www.cve.org/CVERecord?id=3DCVE-2020= -37079 ] ExploitDB-48200 [ https://www.exploit-db.com/exploits/48200 ]
Wing FTP Server Official Homepage [ https://www.wftpserver.com ]
Wing FTP Server Version History [ https://www.wftpserver.com/serverhistory.= htm ]
VulnCheck Advisory: Wing FTP Server < 6.2.7 - Cross-site Request Forgery [ = https://www.vulncheck.com/advisories/wing-ftp-server-cross-site-request-for= gery ]
=C2=A0 Openeclass--GUnet OpenEclass GUnet OpenEclass 1.7.3 allows unauthent= icated and authenticated users to access sensitive information, including s= ystem information, application version, and other students' uploaded assess= ments, due to improper access controls and information disclosure flaws in = various modules. Attackers can retrieve system info, version info, and view=
or download other users' files without proper authorization. 2026-02-03 4.=
3 CVE-2020-37114 [ https://www.cve.org/CVERecord?id=3DCVE-2020-37114 ] Expl= oitDB-48163 [ https://www.exploit-db.com/exploits/48163 ]
Official Vendor Homepage [ https://www.openeclass.org/ ]
Changelog [ https://download.openeclass.org/files/docs/1.7/CHANGES.txt ] VulnCheck Advisory: GUnet OpenEclass 1.7.3 E-learning platform - Informatio=
n Disclosure [ https://www.vulncheck.com/advisories/gunet-openeclass-e-lear= ning-platform-information-disclosure ]
=C2=A0 HRSALE--HRSALE HRSALE 1.1.8 contains a cross-site request forgery vu= lnerability that allows attackers to add unauthorized administrative users = through the employee registration form. Attackers can craft a malicious HTM=
L page with hidden form fields to trick authenticated administrators into c= reating new user accounts with elevated privileges. 2026-02-05 4.3 CVE-2020= -37145 [ https://www.cve.org/CVERecord?id=3DCVE-2020-37145 ] ExploitDB-4820=
5 [ https://www.exploit-db.com/exploits/48205 ]
Archived Product Webpage [ https://web.archive.org/web/20200109113640/http:= //hrsale.com/ ]
VulnCheck Advisory: HRSALE 1.1.8 - Cross-Site Request Forgery (Add Admin) [=
https://www.vulncheck.com/advisories/hrsale-cross-site-request-forgery-add= -admin ]
=C2=A0 IBM--Operations Analytics - Log Analysis IBM Operations Analytics - = Log Analysis versions 1.3.5.0 through 1.3.8.3 and IBM SmartCloud Analytics =
- Log Analysis are vulnerable to a cross-site request forgery (CSRF) vulner= ability that could allow an attacker to trick a trusted user into performin=
g unauthorized actions. 2026-02-04 4.3 CVE-2024-40685 [ https://www.cve.org= /CVERecord?id=3DCVE-2024-40685 ] https://www.ibm.com/support/pages/node/725= 6429
=C2=A0 metagauss--ProfileGrid User Profiles, Groups and Communities The Pro= fileGrid - User Profiles, Groups and Communities plugin for WordPress is vu= lnerable to unauthorized user suspension due to a missing capability check =
on the pm_deactivate_user_from_group() function in all versions up to, and = including, 5.9.7.2. This makes it possible for authenticated attackers, wit=
h Subscriber-level access and above, to suspend arbitrary users from groups=
, including administrators, via the pm_deactivate_user_from_group AJAX acti= on. 2026-02-05 4.3 CVE-2025-13416 [ https://www.cve.org/CVERecord?id=3DCVE-= 2025-13416 ] https://www.wordfence.com/threat-intel/vulnerabilities/id/31c2= cd54-f258-43ea-8db2-8d98ad7014d1?source=3Dcve https://plugins.trac.wordpress.org/browser/profilegrid-user-profiles-groups= -and-communities/trunk/public/class-profile-magic-public.php#L3167 https://plugins.trac.wordpress.org/browser/profilegrid-user-profiles-groups= -and-communities/tags/5.9.6.5/public/class-profile-magic-public.php#L3167 https://plugins.trac.wordpress.org/changeset?sfp_email=3D&sfph_mail=3D&repo= name=3D&old=3D3448434%40profilegrid-user-profiles-groups-and-communities&ne= w=3D3448434%40profilegrid-user-profiles-groups-and-communities&sfp_email=3D= &sfph_mail=3D
=C2=A0 Tanium--Patch Tanium addressed an improper access controls vulnerabi= lity in Patch. 2026-02-05 4.3 CVE-2025-15326 [ https://www.cve.org/CVERecor= d?id=3DCVE-2025-15326 ] TAN-2025-006 [ https://security.tanium.com/TAN-2025= -006 ]
=C2=A0 Tanium--Deploy Tanium addressed an improper access controls vulnerab= ility in Deploy. 2026-02-05 4.3 CVE-2025-15327 [ https://www.cve.org/CVERec= ord?id=3DCVE-2025-15327 ] TAN-2025-006 [ https://security.tanium.com/TAN-20= 25-006 ]
=C2=A0 Tanium--Threat Response Tanium addressed an information disclosure v= ulnerability in Threat Response. 2026-02-05 4.9 CVE-2025-15329 [ https://ww= w.cve.org/CVERecord?id=3DCVE-2025-15329 ] TAN-2025-019 [ https://security.t= anium.com/TAN-2025-019 ]
=C2=A0 Tanium--Connect Tanium addressed an uncontrolled resource consumptio=
n vulnerability in Connect. 2026-02-05 4.3 CVE-2025-15331 [ https://www.cve= .org/CVERecord?id=3DCVE-2025-15331 ] TAN-2025-015 [ https://security.tanium= .com/TAN-2025-015 ]
=C2=A0 Tanium--Threat Response Tanium addressed an information disclosure v= ulnerability in Threat Response. 2026-02-05 4.9 CVE-2025-15332 [ https://ww= w.cve.org/CVERecord?id=3DCVE-2025-15332 ] TAN-2025-020 [ https://security.t= anium.com/TAN-2025-020 ]
=C2=A0 Tanium--Threat Response Tanium addressed an information disclosure v= ulnerability in Threat Response. 2026-02-05 4.3 CVE-2025-15333 [ https://ww= w.cve.org/CVERecord?id=3DCVE-2025-15333 ] TAN-2025-025 [ https://security.t= anium.com/TAN-2025-025 ]
=C2=A0 Tanium--Threat Response Tanium addressed an information disclosure v= ulnerability in Threat Response. 2026-02-05 4.3 CVE-2025-15334 [ https://ww= w.cve.org/CVERecord?id=3DCVE-2025-15334 ] TAN-2025-026 [ https://security.t= anium.com/TAN-2025-026 ]
=C2=A0 Tanium--Threat Response Tanium addressed an information disclosure v= ulnerability in Threat Response. 2026-02-05 4.3 CVE-2025-15335 [ https://ww= w.cve.org/CVERecord?id=3DCVE-2025-15335 ] TAN-2025-027 [ https://security.t= anium.com/TAN-2025-027 ]
=C2=A0 Tanium--Reputation Tanium addressed an improper access controls vuln= erability in Reputation. 2026-02-05 4.3 CVE-2025-15342 [ https://www.cve.or= g/CVERecord?id=3DCVE-2025-15342 ] TAN-2025-030 [ https://security.tanium.co= m/TAN-2025-030 ]
=C2=A0 IBM--Jazz Foundation IBM Jazz Foundation=C2=A07.0.3 through=C2=A07.0=
.3 iFix019 and=C2=A07.1.0 through=C2=A07.1.0 iFix005=C2=A0is vulnerable to = access control violations that allows the users to view or access/perform a= ctions beyond their expected capability. 2026-02-02 4.3 CVE-2025-15395 [ ht= tps://www.cve.org/CVERecord?id=3DCVE-2025-15395 ] https://www.ibm.com/suppo= rt/pages/node/7258304
=C2=A0 simonfairbairn--The Bucketlister The The Bucketlister plugin for Wor= dPress is vulnerable to unauthorized modification of data due to a missing = capability check on the bucketlister_do_admin_ajax() function in all versio=
ns up to, and including, 0.1.5. This makes it possible for authenticated at= tackers, with Subscriber-level access and above, to add delete or modify ar= bitrary bucket list items. 2026-02-07 4.3 CVE-2025-15476 [ https://www.cve.= org/CVERecord?id=3DCVE-2025-15476 ] https://www.wordfence.com/threat-intel/= vulnerabilities/id/fc9e6374-8f9e-4c60-a86b-46cd4122abf9?source=3Dcve https://plugins.trac.wordpress.org/browser/the-bucketlister/tags/0.1.5/buck= etlister.php#L185
=C2=A0 qriouslad--Code Explorer The Code Explorer plugin for WordPress is v= ulnerable to Path Traversal in all versions up to, and including, 1.4.6 via=
the 'file' parameter. This makes it possible for authenticated attackers, = with Administrator-level access and above, to read the contents of arbitrar=
y files on the server, which can contain sensitive information. 2026-02-04 = 4.9 CVE-2025-15487 [ https://www.cve.org/CVERecord?id=3DCVE-2025-15487 ] ht= tps://www.wordfence.com/threat-intel/vulnerabilities/id/fad8ad54-56eb-40fa-= a357-77b7d656d378?source=3Dcve https://plugins.trac.wordpress.org/browser/code-explorer/tags/1.4.6/admin/c= lass-code-explorer-admin.php#L211
=C2=A0 HCL--AION A Potential Command Injection vulnerability in HCL AION.= =C2=A0 An This can allow unintended command execution, potentially leading =
to unauthorized actions on the underlying system. This issue affects AION: = 2.0 2026-02-03 4.5 CVE-2025-52626 [ https://www.cve.org/CVERecord?id=3DCVE-= 2025-52626 ] https://support.hcl-software.com/csm?id=3Dkb_article&sysparm_a= rticle=3DKB0127972
=C2=A0 HCL--AION HCL AION is affected by a Cookie with Insecure, Improper, =
or Missing SameSite vulnerability. This can allow cookies to be sent in cro= ss-site requests, potentially increasing exposure to cross-site request for= gery and related security risks. This issue affects AION: 2.0. 2026-02-03 4=
.6 CVE-2025-52628 [ https://www.cve.org/CVERecord?id=3DCVE-2025-52628 ] htt= ps://support.hcl-software.com/csm?id=3Dkb_article&sysparm_article=3DKB01279=
72
=C2=A0 N/A--Moodle[.]org A flaw was found in Moodle. During anonymous assig= nment submissions, user identifiers were inadvertently exposed in URLs. Thi=
s data exposure allows unauthorized viewers to see internal user IDs, compr= omising the intended anonymity and potentially leading to information discl= osure. 2026-02-03 4.3 CVE-2025-67857 [ https://www.cve.org/CVERecord?id=3DC= VE-2025-67857 ] https://access.redhat.com/security/cve/CVE-2025-67857 RHBZ#2423868 [ https://bugzilla.redhat.com/show_bug.cgi?id=3D2423868 ] https://moodle.org/mod/forum/discuss.php?d=3D471307
=C2=A0 Red Hat--Red Hat Ansible Automation Platform 2 A security flaw was i= dentified in the Ansible Lightspeed API conversation endpoints that handle =
AI chat interactions. The APIs do not properly verify whether a conversatio=
n identifier belongs to the authenticated user making the request. As a res= ult, an attacker with valid credentials could access or influence conversat= ions owned by other users. This exposes sensitive conversation data and all= ows unauthorized manipulation of AI-generated outputs. 2026-02-06 4.2 CVE-2= 026-0598 [ https://www.cve.org/CVERecord?id=3DCVE-2026-0598 ] https://acces= s.redhat.com/security/cve/CVE-2026-0598
RHBZ#2427094 [ https://bugzilla.redhat.com/show_bug.cgi?id=3D2427094 ]
=C2=A0 rtddev--Extended Random Number Generator The Extended Random Number = Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting=
via the plugin settings in all versions up to, and including, 1.1 due to i= nsufficient input sanitization and output escaping. This makes it possible = for authenticated attackers, with administrator-level access, to inject arb= itrary web scripts in pages that will execute whenever a user accesses an i= njected page. This only affects multi-site installations and installations = where unfiltered_html has been disabled. 2026-02-04 4.4 CVE-2026-0681 [ htt= ps://www.cve.org/CVERecord?id=3DCVE-2026-0681 ] https://www.wordfence.com/t= hreat-intel/vulnerabilities/id/575c3329-8dbb-4d15-8e11-a86a01b96f50?source= =3Dcve https://plugins.trac.wordpress.org/browser/extended-random-number-generator= /trunk/random_number_generator.php#L187 https://plugins.trac.wordpress.org/browser/extended-random-number-generator= /tags/1.1/random_number_generator.php#L187
=C2=A0 orenhav--WP Content Permission The WP Content Permission plugin for = WordPress is vulnerable to Stored Cross-Site Scripting via the 'ohmem-messa= ge' parameter in all versions up to, and including, 1.2 due to insufficient=
input sanitization and output escaping. This makes it possible for authent= icated attackers, with Administrator-level access and above, to inject arbi= trary web scripts in pages that will execute whenever a user accesses an in= jected page. 2026-02-04 4.4 CVE-2026-0743 [ https://www.cve.org/CVERecord?i= d=3DCVE-2026-0743 ] https://www.wordfence.com/threat-intel/vulnerabilities/= id/e44403cd-1cee-43c4-aabc-3eaad433c020?source=3Dcve https://plugins.trac.wordpress.org/browser/wp-content-permission/trunk/admi= n/views/admin.php#L74 https://plugins.trac.wordpress.org/browser/wp-content-permission/tags/1.2/a= dmin/views/admin.php#L74
=C2=A0 gtlwpdev--All push notification for WP The All push notification for=
WP plugin for WordPress is vulnerable to time-based SQL Injection via the = 'delete_id' parameter in all versions up to, and including, 1.5.3 due to in= sufficient escaping on the user supplied parameter and lack of sufficient p= reparation on the existing SQL query. This makes it possible for authentica= ted attackers, with administrator-level access and above, to append additio= nal SQL queries into already existing queries that can be used to extract s= ensitive information from the database. 2026-02-04 4.9 CVE-2026-0816 [ http= s://www.cve.org/CVERecord?id=3DCVE-2026-0816 ] https://www.wordfence.com/th= reat-intel/vulnerabilities/id/fc1f36b1-cf28-472c-8a7a-f091ecb48c2d?source= =3Dcve https://plugins.trac.wordpress.org/browser/all-push-notification/tags/1.5.3= /pushnotification-admin/class-pushnotification-admin.php#L95 https://plugins.trac.wordpress.org/browser/all-push-notification/trunk/push= notification-admin/class-pushnotification-admin.php#L95
=C2=A0 arkapravamajumder--TITLE ANIMATOR The TITLE ANIMATOR plugin for Word= Press is vulnerable to Cross-Site Request Forgery in all versions up to, an=
d including, 1.0. This is due to missing nonce validation on the settings p= age form handler in `inc/settings-page.php`. This makes it possible for una= uthenticated attackers to modify plugin settings via a forged request grant=
ed they can trick a site administrator into performing an action such as cl= icking on a link. 2026-02-07 4.3 CVE-2026-1082 [ https://www.cve.org/CVERec= ord?id=3DCVE-2026-1082 ] https://www.wordfence.com/threat-intel/vulnerabili= ties/id/98736b9d-3e0a-40c0-900a-fbbaaac07958?source=3Dcve https://plugins.trac.wordpress.org/browser/title-animator/trunk/inc/setting= s-page.php#L5 https://plugins.trac.wordpress.org/browser/title-animator/tags/1.0/inc/sett= ings-page.php#L5
=C2=A0 bplugins--Timeline Block Beautiful Timeline Builder for WordPress (V= ertical & Horizontal Timelines) The Timeline Block - Beautiful Timeline Bui= lder for WordPress (Vertical & Horizontal Timelines) plugin for WordPress i=
s vulnerable to Insecure Direct Object Reference in all versions up to, and=
including, 1.3.3 via the tlgb_shortcode() function due to missing validati=
on on a user controlled key. This makes it possible for authenticated attac= kers, with Author-level access and above, to disclose private timeline cont= ent via the id attribute supplied to the 'timeline_block' shortcode. 2026-0= 2-06 4.3 CVE-2026-1228 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1228 ]=
https://www.wordfence.com/threat-intel/vulnerabilities/id/cecebfd0-c2af-41= 50-8793-299cdbeaa7b9?source=3Dcve https://plugins.trac.wordpress.org/changeset/3446078/timeline-block-block =C2=A0 shortpixel--ShortPixel Image Optimizer Optimize Images, Convert WebP=
& AVIF The ShortPixel Image Optimizer plugin for WordPress is vulnerable t=
o Arbitrary File Read via path traversal in the 'loadFile' parameter in all=
versions up to, and including, 6.4.2 due to insufficient path validation a=
nd sanitization in the 'loadLogFile' AJAX action. This makes it possible fo=
r authenticated attackers, with Editor-level access and above, to read the = contents of arbitrary files on the server, which can contain sensitive info= rmation such as database credentials and authentication keys. 2026-02-05 4.=
9 CVE-2026-1246 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1246 ] https:= //www.wordfence.com/threat-intel/vulnerabilities/id/03cb41d2-67c8-457f-8d85= -7aede8e12d44?source=3Dcve https://plugins.trac.wordpress.org/browser/shortpixel-image-optimiser/tags/= 6.4.1/class/Controller/AjaxController.php#L309 https://plugins.trac.wordpress.org/browser/shortpixel-image-optimiser/tags/= 6.4.1/class/Controller/AjaxController.php#L1686 https://plugins.trac.wordpress.org/browser/shortpixel-image-optimiser/tags/= 6.4.1/class/Controller/BulkController.php#L200 https://plugins.trac.wordpress.org/changeset?sfp_email=3D&sfph_mail=3D&repo= name=3D&old=3D3449706%40shortpixel-image-optimiser&new=3D3449706%40shortpix= el-image-optimiser&sfp_email=3D&sfph_mail=3D
=C2=A0 comprassibs--SIBS woocommerce payment gateway The SIBS woocommerce p= ayment gateway plugin for WordPress is vulnerable to time-based SQL Injecti=
on via the 'referencedId' parameter in all versions up to, and including, 2= .2.0 due to insufficient escaping on the user supplied parameter and lack o=
f sufficient preparation on the existing SQL query. This makes it possible = for authenticated attackers, with Administrator-level access and above, to = append additional SQL queries into already existing queries that can be use=
d to extract sensitive information from the database. 2026-02-04 4.9 CVE-20= 26-1370 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1370 ] https://www.wo= rdfence.com/threat-intel/vulnerabilities/id/eac8e81c-2f6f-4a4a-9678-f5d75f4= 954ae?source=3Dcve https://plugins.trac.wordpress.org/browser/sibs-woocommerce/tags/2.2.0/clas= s-sibs-payment-gateway.php#L1855
=C2=A0 n/a--iomad A vulnerability was identified in iomad up to 5.0. Affect=
ed is an unknown function of the component Company Admin Block. Such manipu= lation leads to sql injection. The attack can be executed remotely. It is b= est practice to apply a patch to resolve this issue. 2026-02-05 4.7 CVE-202= 6-1517 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1517 ] VDB-344487 | io= mad Company Admin Block sql injection [ https://vuldb.com/?id.344487 ] VDB-344487 | CTI Indicators (IOB, IOC, TTP) [ https://vuldb.com/?ctiid.3444=
87 ]
https://github.com/iomad/iomad/issues/2559 https://github.com/iomad/iomad/issues/2559#issuecomment-3841174677 https://github.com/iomad/iomad/
=C2=A0 Yealink--MeetingBar A30 A weakness has been identified in Yealink Me= etingBar A30 133.321.0.3. This issue affects some unknown processing of the=
component Diagnostic Handler. This manipulation causes command injection. =
It is feasible to perform the attack on the physical device. The exploit ha=
s been made available to the public and could be used for attacks. The vend=
or was contacted early about this disclosure but did not respond in any way=
. 2026-02-02 4.3 CVE-2026-1735 [ https://www.cve.org/CVERecord?id=3DCVE-202= 6-1735 ] VDB-343634 | Yealink MeetingBar A30 Diagnostic command injection [=
https://vuldb.com/?id.343634 ]
VDB-343634 | CTI Indicators (IOB, IOC, TTP) [ https://vuldb.com/?ctiid.3436=
34 ]
Submit #736622 | Yealink MeetingBar A30 133.321.0.3 Command Injection [ htt= ps://vuldb.com/?submit.736622 ] https://drive.google.com/file/d/1Uf46ihr8UmeXsFfkcvAeOtF1TkvGjozy/view?usp= =3Dsharing
=C2=A0 EFM--ipTIME A8004T A vulnerability was identified in EFM ipTIME A800=
4T 14.18.2. Affected by this vulnerability is the function commit_vpncli_fi= le_upload of the file /cgi/timepro.cgi of the component VPN Service. Such m= anipulation leads to unrestricted upload. It is possible to launch the atta=
ck remotely. The exploit is publicly available and might be used. The vendo=
r was contacted early about this disclosure but did not respond in any way.=
2026-02-02 4.7 CVE-2026-1742 [ https://www.cve.org/CVERecord?id=3DCVE-2026= -1742 ] VDB-343641 | EFM ipTIME A8004T VPN Service timepro.cgi commit_vpncl= i_file_upload unrestricted upload [ https://vuldb.com/?id.343641 ]
VDB-343641 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .343641 ]
Submit #741450 | EFM IPTIME A8004T 14.18.2 Authentication Bypass & Arbitrar=
y File Upload [ https://vuldb.com/?submit.741450 ] https://github.com/LX-LX88/cve/issues/29
=C2=A0 SourceCodester--Medical Certificate Generator App A vulnerability wa=
s determined in SourceCodester Medical Certificate Generator App 1.0. This = affects an unknown part. This manipulation causes cross-site request forger=
y. Remote exploitation of the attack is possible. The exploit has been publ= icly disclosed and may be utilized. 2026-02-02 4.3 CVE-2026-1745 [ https://= www.cve.org/CVERecord?id=3DCVE-2026-1745 ] VDB-343676 | SourceCodester Medi= cal Certificate Generator App cross-site request forgery [ https://vuldb.co= m/?id.343676 ]
VDB-343676 | CTI Indicators (IOB, IOC) [ https://vuldb.com/?ctiid.343676 ] Submit #742653 | SourceCodester Medical Certificate Generator App 1.0 Cross= -Site Request Forgery [ https://vuldb.com/?submit.742653 ] https://github.com/Asim-QAZi/Cross-Site-Request-Forgery-Arbitrary-Medical-C= ertificate-Deletion https://github.com/Asim-QAZi/Cross-Site-Request-Forgery-Arbitrary-Medical-C= ertificate-Deletion#proof-of-concept-csrf-exploit https://www.sourcecodester.com/
=C2=A0 codesnippetspro--Code Snippets The Code Snippets plugin for WordPres=
s is vulnerable to Cross-Site Request Forgery in all versions up to, and in= cluding, 3.9.4. This is due to missing nonce validation on the cloud snippe=
t download and update actions in the Cloud_Search_List_Table class. This ma= kes it possible for unauthenticated attackers to force logged-in administra= tors to download or update cloud snippets without their consent via a craft=
ed request, granted they can trick an administrator into visiting a malicio=
us page. 2026-02-06 4.3 CVE-2026-1785 [ https://www.cve.org/CVERecord?id=3D= CVE-2026-1785 ] https://www.wordfence.com/threat-intel/vulnerabilities/id/4= a5787f3-6a16-491a-aa01-6222f275cf0f?source=3Dcve https://plugins.trac.wordpress.org/browser/code-snippets/trunk/php/cloud/cl= ass-cloud-search-list-table.php#L105 https://plugins.trac.wordpress.org/browser/code-snippets/tags/3.9.4/php/clo= ud/class-cloud-search-list-table.php#L105 https://plugins.trac.wordpress.org/browser/code-snippets/trunk/php/cloud/li= st-table-shared-ops.php#L57 https://plugins.trac.wordpress.org/browser/code-snippets/tags/3.9.4/php/clo= ud/list-table-shared-ops.php#L57 https://github.com/codesnippetspro/code-snippets/pull/331/changes
=C2=A0 lcg0124--BootDo A vulnerability was identified in lcg0124 BootDo up =
to e93dd428ef6f5c881aa74d49a2099ab0cf1e0fcb. This affects an unknown part. = The manipulation leads to cross-site request forgery. The attack is possibl=
e to be carried out remotely. The exploit is publicly available and might b=
e used. This product adopts a rolling release strategy to maintain continuo=
us delivery. Therefore, version details for affected or updated releases ca= nnot be specified. 2026-02-04 4.3 CVE-2026-1835 [ https://www.cve.org/CVERe= cord?id=3DCVE-2026-1835 ] VDB-344028 | lcg0124 BootDo cross-site request fo= rgery [ https://vuldb.com/?id.344028 ]
VDB-344028 | CTI Indicators (IOB, IOC) [ https://vuldb.com/?ctiid.344028 ] Submit #742484 | BootDo Web V1.0 CSRF [ https://vuldb.com/?submit.742484 ] https://github.com/webzzaa/CVE-/issues/6
=C2=A0 n/a--ZenTao A weakness has been identified in ZenTao up to 21.7.6-85= 642. The impacted element is the function fetchHook of the file module/webh= ook/model. Php of the component Webhook Module. This manipulation causes se= rver-side request forgery. The attack may be initiated remotely. The exploi=
t has been made available to the public and could be used for attacks. The = vendor was contacted early about this disclosure but did not respond in any=
way. 2026-02-04 4.7 CVE-2026-1884 [ https://www.cve.org/CVERecord?id=3DCVE= -2026-1884 ] VDB-344264 | ZenTao Webhook model.php fetchHook server-side re= quest forgery [ https://vuldb.com/?id.344264 ]
VDB-344264 | CTI Indicators (IOB, IOC, IOA) [ https://vuldb.com/?ctiid.3442=
64 ]
Submit #742633 | Zentao PMS <=3D21.7.6-85642 SSRF [ https://vuldb.com/?subm= it.742633 ]
https://github.com/ez-lbz/ez-lbz.github.io/issues/9 https://github.com/ez-lbz/ez-lbz.github.io/issues/9#issue-3832844574
=C2=A0 n/a--WeKan A vulnerability was found in WeKan up to 8.20. Affected b=
y this issue is some unknown functionality of the file server/methods/posit= ionHistory.js of the component Position-History Tracking. The manipulation = results in missing authorization. The attack may be performed from remote. = Upgrading to version 8.21 can resolve this issue. The patch is identified a=
s 55576ec17722db094835470b386162c9a662fb60. It is advisable to upgrade the = affected component. 2026-02-05 4.3 CVE-2026-1897 [ https://www.cve.org/CVER= ecord?id=3DCVE-2026-1897 ] VDB-344269 | WeKan Position-History Tracking pos= itionHistory.js PositionHistoryBleed authorization [ https://vuldb.com/?id.= 344269 ]
VDB-344269 | CTI Indicators (IOB, IOC, IOA) [ https://vuldb.com/?ctiid.3442=
69 ]
Submit #742671 | Wekan <8.21 Missing authorization checks leading to inform= ation disclosure a [ https://vuldb.com/?submit.742671 ] https://github.com/wekan/wekan/commit/55576ec17722db094835470b386162c9a662f= b60
https://github.com/wekan/wekan/releases/tag/v8.21 https://github.com/wekan/wekan/
=C2=A0 wpsoul--Greenshift animation and page builder blocks The Greenshift =
- animation and page builder blocks plugin for WordPress is vulnerable to u= nauthorized access of data due to a missing capability check on the greensh= ift_app_pass_validation() function in all versions up to, and including, 12= .5.7. This makes it possible for authenticated attackers, with Subscriber-l= evel access and above, to retrieve global plugin settings including stored =
AI API keys. 2026-02-05 4.3 CVE-2026-1927 [ https://www.cve.org/CVERecord?i= d=3DCVE-2026-1927 ] https://www.wordfence.com/threat-intel/vulnerabilities/= id/6e2128db-ca9f-4211-8bc5-01a2cc1cba64?source=3Dcve https://plugins.trac.wordpress.org/changeset/3441535/greenshift-animation-a= nd-page-builder-blocks/trunk/init.php
=C2=A0 n/a--WeKan A vulnerability was determined in WeKan up to 8.20. This = impacts an unknown function of the file models/boards.js of the component R= EST Endpoint. This manipulation causes improper access controls. Remote exp= loitation of the attack is possible. Upgrading to version 8.21 will fix thi=
s issue. Patch name: 545566f5663545d16174e0f2399f231aa693ab6e. It is advisa= ble to upgrade the affected component. 2026-02-05 4.3 CVE-2026-1964 [ https= ://www.cve.org/CVERecord?id=3DCVE-2026-1964 ] VDB-344486 | WeKan REST Endpo= int boards.js BoardTitleRESTBleed access control [ https://vuldb.com/?id.34= 4486 ]
VDB-344486 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344486 ]
Submit #742680 | Wekan <8.21 Improper access control in REST endpoint (CWE-= 284) [ https://vuldb.com/?submit.742680 ] https://github.com/wekan/wekan/commit/545566f5663545d16174e0f2399f231aa693a= b6e
https://github.com/wekan/wekan/releases/tag/v8.21 https://github.com/wekan/wekan/
=C2=A0 DCN--DCME-320 A vulnerability was found in DCN DCME-320 up to 202601= 21. Impacted is the function apply_config of the file /function/system/basi= c/bridge_cfg.php of the component Web Management Backend. Performing a mani= pulation of the argument ip_list results in command injection. The attack i=
s possible to be carried out remotely. The exploit has been made public and=
could be used. The vendor was contacted early about this disclosure but di=
d not respond in any way. 2026-02-06 4.7 CVE-2026-2000 [ https://www.cve.or= g/CVERecord?id=3DCVE-2026-2000 ] VDB-344548 | DCN DCME-320 Web Management B= ackend bridge_cfg.php apply_config command injection [ https://vuldb.com/?i= d.344548 ]
VDB-344548 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344548 ]
Submit #743455 | =E5=8C=97=E4=BA=AC=E7=A5=9E=E5=B7=9E=E6=95=B0=E7=A0=81=E4= =BA=91=E7=A7=91=E4=BF=A1=E6=81=AF=E6=8A=80=E6=9C=AF=E6=9C=89=E9=99=90=E5=85= =AC=E5=8F=B8 Dcme320 latest Command Injection [ https://vuldb.com/?submit.7= 43455 ]
https://github.com/physicszq/Routers/tree/main/Dcme
=C2=A0 Cisco--Cisco Secure Web Appliance A vulnerability in the Dynamic Vec= toring and Streaming (DVS) Engine implementation of Cisco AsyncOS Software = for Cisco Secure Web Appliance could allow an unauthenticated, remote attac= ker to bypass the anti-malware scanner, allowing malicious archive files to=
be downloaded. This vulnerability is due to improper handling of certain a= rchive files. An attacker could exploit this vulnerability by sending a cra= fted archive file, which should be blocked, through an affected device. A s= uccessful exploit could allow the attacker to bypass the anti-malware scann=
er and download malware onto an end user workstation. The downloaded malwar=
e will not automatically execute unless the end user extracts and launches = the malicious file.  2026-02-04 4 CVE-2026-20056 [ https://www.cve.org= /CVERecord?id=3DCVE-2026-20056 ] cisco-sa-wsa-archive-bypass-Scx2e8zF [ htt= ps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/= cisco-sa-wsa-archive-bypass-Scx2e8zF ]
=C2=A0 Sanluan--PublicCMS A vulnerability has been found in Sanluan PublicC=
MS up to 4.0.202506.d/5.202506.d/6.202506.d. Impacted is the function Paid =
of the file publiccms-parent/publiccms-trade/src/main/java/com/publiccms/lo= gic/service/trade/TradePaymentService.java of the component Trade Payment H= andler. The manipulation of the argument paymentId leads to improper author= ization. The attack can be initiated remotely. The complexity of an attack =
is rather high. The exploitability is considered difficult. The exploit has=
been disclosed to the public and may be used. The identifier of the patch =
is 7329437e1288540336b1c66c114ed3363adcba02. It is recommended to apply a p= atch to fix this issue. 2026-02-06 4.2 CVE-2026-2010 [ https://www.cve.org/= CVERecord?id=3DCVE-2026-2010 ] VDB-344592 | Sanluan PublicCMS Trade Payment=
TradePaymentService.java paid improper authorization [ https://vuldb.com/?= id.344592 ]
VDB-344592 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344592 ]
Submit #743487 | PublicCMS 5 Improper Access Controls [ https://vuldb.com/?= submit.743487 ]
https://github.com/sanluan/PublicCMS/issues/108 https://github.com/sanluan/PublicCMS/issues/108#issue-3838143772 https://github.com/sanluan/PublicCMS/commit/7329437e1288540336b1c66c114ed33= 63adcba02
https://github.com/sanluan/PublicCMS/
=C2=A0 Cisco--Cisco Prime Infrastructure A vulnerability in the web-based m= anagement interface of Cisco Prime Infrastructure could allow an authentica= ted, remote attacker to conduct a stored cross-site scripting (XSS) attack = against users of the interface of an affected system. This vulnerability ex= ists because the web-based management interface does not properly validate = user-supplied input. An attacker could exploit this vulnerability by insert= ing malicious code into specific data fields in the interface. A successful=
exploit could allow the attacker to execute arbitrary script code in the c= ontext of the affected interface or access sensitive, browser-based informa= tion. To exploit this vulnerability, an attacker must have valid administra= tive credentials. 2026-02-04 4.8 CVE-2026-20111 [ https://www.cve.org/CVERe= cord?id=3DCVE-2026-20111 ] cisco-sa-pi-xss-bYeVKCD [ https://sec.cloudapps.= cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-xss-bYe= VKCD ]
=C2=A0 Cisco--Cisco Evolved Programmable Network Manager (EPNM) A vulnerabi= lity in the web-based management interface of Cisco Evolved Programmable Ne= twork Manager (EPNM) and Cisco Prime Infrastructure could allow an unauthen= ticated, remote attacker to redirect a user to a malicious web page. This v= ulnerability is due to improper input validation of the parameters in the H= TTP request. An attacker could exploit this vulnerability by intercepting a=
nd modifying an HTTP request from a user. A successful exploit could allow = the attacker to redirect the user to a malicious web page. 2026-02-04 4.3 C= VE-2026-20123 [ https://www.cve.org/CVERecord?id=3DCVE-2026-20123 ] cisco-s= a-epnm-pi-redirect-6sX82dN [ https://sec.cloudapps.cisco.com/security/cente= r/content/CiscoSecurityAdvisory/cisco-sa-epnm-pi-redirect-6sX82dN ]
=C2=A0 D-Link--DIR-823X A vulnerability was determined in D-Link DIR-823X 2= 50416. Affected by this issue is the function sub_424D20 of the file /gofor= m/set_ipv6. Executing a manipulation can lead to os command injection. It i=
s possible to launch the attack remotely. The exploit has been publicly dis= closed and may be utilized. 2026-02-06 4.7 CVE-2026-2061 [ https://www.cve.= org/CVERecord?id=3DCVE-2026-2061 ] VDB-344621 | D-Link DIR-823X set_ipv6 su= b_424D20 os command injection [ https://vuldb.com/?id.344621 ]
VDB-344621 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344621 ]
Submit #744286 | D-Link DIR-823X 250416 OS Command Injection [ https://vuld= b.com/?submit.744286 ]
https://github.com/master-abc/cve/issues/20
https://www.dlink.com/
=C2=A0 D-Link--DIR-823X A security flaw has been discovered in D-Link DIR-8= 23X 250416. This vulnerability affects unknown code of the file /goform/set= _ac_server of the component Web Management Interface. The manipulation of t=
he argument ac_server results in os command injection. The attack can be la= unched remotely. The exploit has been released to the public and may be use=
d for attacks. 2026-02-06 4.7 CVE-2026-2063 [ https://www.cve.org/CVERecord= ?id=3DCVE-2026-2063 ] VDB-344623 | D-Link DIR-823X Web Management set_ac_se= rver os command injection [ https://vuldb.com/?id.344623 ]
VDB-344623 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344623 ]
Submit #744720 | dlink DIR-823X 250416 OS Command Injection [ https://vuldb= .com/?submit.744720 ]
https://github.com/master-abc/cve/issues/19
https://www.dlink.com/
=C2=A0 D-Link--DIR-823X A vulnerability was determined in D-Link DIR-823X 2= 50416. The affected element is an unknown function of the file /goform/set_= password. This manipulation of the argument http_passwd causes os command i= njection. The attack is possible to be carried out remotely. The exploit ha=
s been publicly disclosed and may be utilized. 2026-02-07 4.7 CVE-2026-2081=
[ https://www.cve.org/CVERecord?id=3DCVE-2026-2081 ] VDB-344648 | D-Link D= IR-823X set_password os command injection [ https://vuldb.com/?id.344648 ] VDB-344648 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344648 ]
Submit #745553 | D-Link DIR-823X 250416 OS Command Injection [ https://vuld= b.com/?submit.745553 ]
https://github.com/master-abc/cve/issues/22 https://github.com/master-abc/cve/issues/22#issue-3847400767 https://www.dlink.com/
=C2=A0 D-Link--DIR-823X A vulnerability was identified in D-Link DIR-823X 2= 50416. The impacted element is an unknown function of the file /goform/set_= mac_clone. Such manipulation of the argument mac leads to os command inject= ion. The attack may be performed from remote. The exploit is publicly avail= able and might be used. 2026-02-07 4.7 CVE-2026-2082 [ https://www.cve.org/= CVERecord?id=3DCVE-2026-2082 ] VDB-344649 | D-Link DIR-823X set_mac_clone o=
s command injection [ https://vuldb.com/?id.344649 ]
VDB-344649 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344649 ]
Submit #745854 | dlink DIR-823X 250416 OS Command Injection [ https://vuldb= .com/?submit.745854 ]
https://github.com/master-abc/cve/issues/21 https://github.com/master-abc/cve/issues/21#issue-3847172823 https://www.dlink.com/
=C2=A0 n/a--JeecgBoot A weakness has been identified in JeecgBoot up to 3.9= .0. Affected by this issue is some unknown functionality of the file /airag= /knowledge/doc/edit of the component Retrieval-Augmented Generation Module.=
Executing a manipulation of the argument filePath can lead to path travers= al. The attack can be executed remotely. The exploit has been made availabl=
e to the public and could be used for attacks. The vendor was contacted ear=
ly about this disclosure but did not respond in any way. 2026-02-07 4.3 CVE= -2026-2111 [ https://www.cve.org/CVERecord?id=3DCVE-2026-2111 ] VDB-344687 =
| JeecgBoot Retrieval-Augmented Generation edit path traversal [ https://vu= ldb.com/?id.344687 ]
VDB-344687 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344687 ]
Submit #746789 | jeecgboot 3.9.0 Absolute Path Traversal [ https://vuldb.co= m/?submit.746789 ]
https://www.yuque.com/la12138/vxbwk9/ezodz20a26g36y8m
=C2=A0 PHPGurukul--Hospital Management System A security vulnerability has = been detected in PHPGurukul Hospital Management System 4.0. The affected el= ement is an unknown function of the file /hms/admin/manage-doctors.php. Suc=
h manipulation of the argument ID leads to sql injection. The attack may be=
performed from remote. The exploit has been disclosed publicly and may be = used. 2026-02-08 4.7 CVE-2026-2134 [ https://www.cve.org/CVERecord?id=3DCVE= -2026-2134 ] VDB-344769 | PHPGurukul Hospital Management System manage-doct= ors.php sql injection [ https://vuldb.com/?id.344769 ]
VDB-344769 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344769 ]
Submit #747214 | PHPGurukul Hospital Management System 4.0 SQL Injection [ = https://vuldb.com/?submit.747214 ] https://github.com/Shaon-Xis/PHPGurukul-HMS-SQL-Injection https://phpgurukul.com/
=C2=A0 SourceCodester--Patients Waiting Area Queue Management System A vuln= erability was detected in SourceCodester/Patrick Mvuma Patients Waiting Are=
a Queue Management System 1.0. Affected by this vulnerability is an unknown=
functionality of the file /appointments.php. The manipulation of the argum= ent patient_id results in cross site scripting. It is possible to launch th=
e attack remotely. The exploit is now public and may be used. 2026-02-08 4.=
3 CVE-2026-2149 [ https://www.cve.org/CVERecord?id=3DCVE-2026-2149 ] VDB-34= 4851 | SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management = System appointments.php cross site scripting [ https://vuldb.com/?id.344851=
]
VDB-344851 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344851 ]
Submit #747920 | Patrick Mvuma Patients Waiting Area Queue Management Syste=
m 1.0 Doubled Character XSS Manipulations [ https://vuldb.com/?submit.74792=
0 ] https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Patie= nts-Waiting-Area-Queue-Management-System-appointments-XSS.md
=C2=A0 SourceCodester--Patients Waiting Area Queue Management System A flaw=
has been found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue=
Management System 1.0. Affected by this issue is some unknown functionalit=
y of the file /checkin.php. This manipulation of the argument patient_id ca= uses cross site scripting. The attack can be initiated remotely. The exploi=
t has been published and may be used. 2026-02-08 4.3 CVE-2026-2150 [ https:= //www.cve.org/CVERecord?id=3DCVE-2026-2150 ] VDB-344852 | SourceCodester/Pa= trick Mvuma Patients Waiting Area Queue Management System checkin.php cross=
site scripting [ https://vuldb.com/?id.344852 ]
VDB-344852 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344852 ]
Submit #747921 | Patrick Mvuma Patients Waiting Area Queue Management Syste=
m 1.0 Doubled Character XSS Manipulations [ https://vuldb.com/?submit.74792=
1 ] https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Patie= nts-Waiting-Area-Queue-Management-System-checkin-php-XSS.md
=C2=A0 mwielgoszewski--doorman A vulnerability was determined in mwielgosze= wski doorman up to 0.6. This issue affects the function is_safe_url of the = file doorman/users/views.py. Executing a manipulation of the argument Next = can lead to open redirect. The attack may be launched remotely. The exploit=
has been publicly disclosed and may be utilized. 2026-02-08 4.3 CVE-2026-2= 153 [ https://www.cve.org/CVERecord?id=3DCVE-2026-2153 ] VDB-344855 | mwiel= goszewski doorman views.py is_safe_url redirect [ https://vuldb.com/?id.344= 855 ]
VDB-344855 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344855 ]
Submit #748072 | https://github.com/mwielgoszewski/doorman doorman Latest V= ersion (commit 9a9b97c8) Open Redirect [ https://vuldb.com/?submit.748072 ] https://gist.github.com/RacerZ-fighting/39f230feb0e450ae54f0a80c63c5d924
=C2=A0 SourceCodester--Patients Waiting Area Queue Management System A vuln= erability was identified in SourceCodester/Patrick Mvuma Patients Waiting A= rea Queue Management System 1.0. Impacted is an unknown function of the fil=
e /registration.php of the component Patient Registration Module. The manip= ulation of the argument First Name leads to cross site scripting. Remote ex= ploitation of the attack is possible. The exploit is publicly available and=
might be used. 2026-02-08 4.3 CVE-2026-2154 [ https://www.cve.org/CVERecor= d?id=3DCVE-2026-2154 ] VDB-344856 | SourceCodester/Patrick Mvuma Patients W= aiting Area Queue Management System Patient Registration registration.php c= ross site scripting [ https://vuldb.com/?id.344856 ]
VDB-344856 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344856 ]
Submit #748208 | SourceCodester Patients Waiting Area Queue Management Syst=
em 1 Cross Site Scripting [ https://vuldb.com/?submit.748208 ] https://medium.com/@rvpipalwa/stored-cross-site-scripting-xss-vulnerability= -report-c97788dd6ea6
=C2=A0 SourceCodester--Simple Responsive Tourism Website A flaw has been fo= und in SourceCodester Simple Responsive Tourism Website 1.0. Affected is an=
unknown function of the file /tourism/classes/Master.php?f=3Dregister of t=
he component Registration. Executing a manipulation of the argument firstna= me/lastname/username can lead to cross site scripting. It is possible to la= unch the attack remotely. The exploit has been published and may be used. 2= 026-02-08 4.3 CVE-2026-2159 [ https://www.cve.org/CVERecord?id=3DCVE-2026-2= 159 ] VDB-344861 | SourceCodester Simple Responsive Tourism Website Registr= ation Master.php cross site scripting [ https://vuldb.com/?id.344861 ] VDB-344861 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344861 ]
Submit #750995 | sourcecodester.com Simple Responsive Tourism Website 1.0 C= ross Site Scripting [ https://vuldb.com/?submit.750995 ] https://github.com/CH0ico/CVE_choco_5/blob/main/report.md https://www.sourcecodester.com/
=C2=A0 SourceCodester--Simple Responsive Tourism Website A vulnerability ha=
s been found in SourceCodester Simple Responsive Tourism Website 1.0. Affec= ted by this vulnerability is an unknown functionality of the file /tourism/= classes/Master.php?f=3Dsave_package. The manipulation of the argument Title=
leads to cross site scripting. The attack can be initiated remotely. The e= xploit has been disclosed to the public and may be used. 2026-02-08 4.3 CVE= -2026-2160 [ https://www.cve.org/CVERecord?id=3DCVE-2026-2160 ] VDB-344862 =
| SourceCodester Simple Responsive Tourism Website Master.php cross site sc= ripting [ https://vuldb.com/?id.344862 ]
VDB-344862 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344862 ]
Submit #751016 | sourcecodester.com Simple Responsive Tourism Website 1.0 C= ross Site Scripting [ https://vuldb.com/?submit.751016 ] https://github.com/CH0ico/CVE_choco_6/blob/main/report.md https://www.sourcecodester.com/
=C2=A0 itsourcecode--News Portal Project A vulnerability was determined in = itsourcecode News Portal Project 1.0. This affects an unknown part of the f= ile /admin/aboutus.php. This manipulation of the argument pagetitle causes = sql injection. The attack may be initiated remotely. The exploit has been p= ublicly disclosed and may be utilized. 2026-02-08 4.7 CVE-2026-2162 [ https= ://www.cve.org/CVERecord?id=3DCVE-2026-2162 ] VDB-344864 | itsourcecode New=
s Portal Project aboutus.php sql injection [ https://vuldb.com/?id.344864 ] VDB-344864 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344864 ]
Submit #751083 | itsourcecode News Portal Project V1.0 SQL Injection [ http= s://vuldb.com/?submit.751083 ]
https://github.com/Wzl731/test/issues/2
https://itsourcecode.com/
=C2=A0 D-Link--DIR-600 A vulnerability was identified in D-Link DIR-600 up =
to 2.15WWb02. This vulnerability affects unknown code of the file ssdp.cgi.=
Such manipulation of the argument HTTP_ST/REMOTE_ADDR/REMOTE_PORT/SERVER_I=
D leads to command injection. The attack may be launched remotely. The expl= oit is publicly available and might be used. This vulnerability only affect=
s products that are no longer supported by the maintainer. 2026-02-08 4.7 C= VE-2026-2163 [ https://www.cve.org/CVERecord?id=3DCVE-2026-2163 ] VDB-34486=
5 | D-Link DIR-600 ssdp.cgi command injection [ https://vuldb.com/?id.34486=
5 ]
VDB-344865 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344865 ]
Submit #751764 | D-Link D-Link DIR-600 v2.15WWb02 Remote Arbitrary Command = Execution [ https://vuldb.com/?submit.751764 ] https://github.com/LonTan0/CVE/blob/main/Remote%20Arbitrary%20Command%20Exe= cution%20Vulnerability%20in%20ssdpcgi%20of%20D-Link%20DIR%E2%80%91600.md https://github.com/LonTan0/CVE/blob/main/Remote%20Arbitrary%20Command%20Exe= cution%20Vulnerability%20in%20ssdpcgi%20of%20D-Link%20DIR%E2%80%91600.md#poc https://www.dlink.com/
=C2=A0 PHPGurukul--Hospital Management System A vulnerability was determine=
d in PHPGurukul Hospital Management System 4.0. This impacts an unknown fun= ction of the file /admin/manage-users.php. This manipulation of the argumen=
t ID causes sql injection. The attack can be initiated remotely. The exploi=
t has been publicly disclosed and may be utilized. 2026-02-08 4.7 CVE-2026-= 2179 [ https://www.cve.org/CVERecord?id=3DCVE-2026-2179 ] VDB-344882 | PHPG= urukul Hospital Management System manage-users.php sql injection [ https://= vuldb.com/?id.344882 ]
VDB-344882 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344882 ]
Submit #749592 | PHPGurukul Hospital Management System 4.0 SQL Injection [ = https://vuldb.com/?submit.749592 ] https://github.com/Shaon-Xis/PHPGurukul-HMS-SQLi-PoC/tree/main https://github.com/Shaon-Xis/PHPGurukul-HMS-SQLi-PoC/tree/main#4-proof-of-c= oncept-reproduction-steps
https://phpgurukul.com/
=C2=A0 n/a--WeKan A vulnerability was identified in WeKan up to 8.20. This = affects an unknown part of the file server/publications/cards.js of the com= ponent Meteor Publication Handler. Such manipulation leads to information d= isclosure. The attack may be performed from remote. Upgrading to version 8.=
21 is able to mitigate this issue. The name of the patch is 0f5a9c38778ca55= 0cbab6c5093470e1e90cb837f. Upgrading the affected component is advised. 202= 6-02-08 4.3 CVE-2026-2205 [ https://www.cve.org/CVERecord?id=3DCVE-2026-220=
5 ] VDB-344919 | WeKan Meteor Publication cards.js CardPubSubBleed informat= ion disclosure [ https://vuldb.com/?id.344919 ]
VDB-344919 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344919 ]
Submit #752161 | Wekan <8.21 Information disclosure via publish/subscribe a= uthorization bug [ https://vuldb.com/?submit.752161 ] https://github.com/wekan/wekan/commit/0f5a9c38778ca550cbab6c5093470e1e90cb8= 37f
https://github.com/wekan/wekan/releases/tag/v8.21 https://github.com/wekan/wekan/
=C2=A0 n/a--WeKan A security vulnerability has been detected in WeKan up to=
8.20. Impacted is an unknown function of the file server/publications/rule= s.js of the component Rules Handler. The manipulation leads to missing auth= orization. The attack can be initiated remotely. Upgrading to version 8.21 =
is recommended to address this issue. The identifier of the patch is a787bc= ddf33ca28afb13ff5ea9a4cb92dceac005. The affected component should be upgrad= ed. 2026-02-08 4.3 CVE-2026-2208 [ https://www.cve.org/CVERecord?id=3DCVE-2= 026-2208 ] VDB-344922 | WeKan Rules rules.js RulesBleed authorization [ htt= ps://vuldb.com/?id.344922 ]
VDB-344922 | CTI Indicators (IOB, IOC, IOA) [ https://vuldb.com/?ctiid.3449=
22 ]
Submit #752164 | Wekan <8.21 Information disclosure / missing authorization=
on admin publicat [ https://vuldb.com/?submit.752164 ] https://github.com/wekan/wekan/commit/a787bcddf33ca28afb13ff5ea9a4cb92dceac= 005
https://github.com/wekan/wekan/releases/tag/v8.21 https://github.com/wekan/wekan/
=C2=A0 glpi-project--glpi GLPI is a free asset and IT management software p= ackage. From version 11.0.0 to before 11.0.5, a GLPI administrator can perf= orm SSRF request through the Webhook feature. This issue has been patched i=
n version 11.0.5. 2026-02-04 4.1 CVE-2026-22247 [ https://www.cve.org/CVERe= cord?id=3DCVE-2026-22247 ] https://github.com/glpi-project/glpi/security/ad= visories/GHSA-f6f6-v3qr-9p5x https://github.com/glpi-project/glpi/releases/tag/11.0.5
=C2=A0 F5--F5 BIG-IP Container Ingress Services A vulnerability exists in F=
5 BIG-IP Container Ingress Services that may allow excessive permissions to=
read cluster secrets.=C2=A0 Note: Software versions which have reached End=
of Technical Support (EoTS) are not evaluated. 2026-02-04 4.9 CVE-2026-225=
49 [ https://www.cve.org/CVERecord?id=3DCVE-2026-22549 ] https://my.f5.com/= manage/s/article/K000157960
=C2=A0 rizinorg--rizin Rizin is a UNIX-like reverse engineering framework a=
nd command-line toolset. Prior to 0.8.2, a heap overflow can be exploited w= hen a malicious mach0 file, having bogus entries for the dyld chained segme= nts, is parsed by rizin. This vulnerability is fixed in 0.8.2. 2026-02-02 4=
.4 CVE-2026-22780 [ https://www.cve.org/CVERecord?id=3DCVE-2026-22780 ] htt= ps://github.com/rizinorg/rizin/security/advisories/GHSA-f3v7-xhmj-9cjj https://github.com/rizinorg/rizin/issues/5768 https://github.com/rizinorg/rizin/pull/5770 https://github.com/rizinorg/rizin/commit/41ea75d5b07d9b41b27ae80675cdda65f1= b1c989 https://github.com/rizinorg/rizin/blob/6dd0dba9ff4dc706f549d0cdcd93856b49e5= 9aa0/librz/bin/format/mach0/mach0_chained_fixups.c#L200 https://github.com/rizinorg/rizin/releases/tag/v0.8.2
=C2=A0 glpi-project--glpi GLPI is a free asset and IT management software p= ackage. In versions starting from 0.71 to before 10.0.23 and before 11.0.5,=
when remote authentication is used, based on SSO variables, a user can ste=
al a GLPI session previously opened by another user on the same machine. Th=
is issue has been patched in versions . 2026-02-04 4.3 CVE-2026-23624 [ htt= ps://www.cve.org/CVERecord?id=3DCVE-2026-23624 ] https://github.com/glpi-pr= oject/glpi/security/advisories/GHSA-5j4j-vx46-r477 https://github.com/glpi-project/glpi/releases/tag/10.0.23 https://github.com/glpi-project/glpi/releases/tag/11.0.5
=C2=A0 Enalean--tuleap Tuleap is an Open Source Suite for management of sof= tware development and collaboration. Tuleap is missing CSRF protection in t=
he Overview inconsistent items. An attacker could use this vulnerability to=
trick victims into repairing inconsistent items (creating artifact links f= rom the release). This vulnerability is fixed in Tuleap Community Edition 1= 7.0.99.1768924735 and Tuleap Enterprise Edition 17.2-5, 17.1-6, and 17.0-9.=
2026-02-02 4.6 CVE-2026-24007 [ https://www.cve.org/CVERecord?id=3DCVE-202= 6-24007 ] https://github.com/Enalean/tuleap/security/advisories/GHSA-7g48-r= wqj-ffxw https://github.com/Enalean/tuleap/commit/5ec5e81e409892fe0e41f11d5d36ee6c85= a6fbb5 https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=3Dcommit&h=3D5ec5e81e= 409892fe0e41f11d5d36ee6c85a6fbb5 https://tuleap.net/plugins/tracker/?aid=3D46389
=C2=A0 gunet--openeclass The Open eClass platform (formerly known as GUnet = eClass) is a complete course management system. Prior to version 4.2, a fil=
e upload validation bypass vulnerability allows attackers to upload files w= ith prohibited extensions by embedding them inside ZIP archives and extract= ing them using the application's built-in decompression functionality. This=
issue has been patched in version 4.2. 2026-02-03 4.3 CVE-2026-24673 [ htt= ps://www.cve.org/CVERecord?id=3DCVE-2026-24673 ] https://github.com/gunet/o= peneclass/security/advisories/GHSA-3g4j-56gp-v6wv
=C2=A0 gunet--openeclass The Open eClass platform (formerly known as GUnet = eClass) is a complete course management system. Prior to version 4.2, a Ref= lected Cross-Site Scripting (XSS) vulnerability allows remote attackers to = execute arbitrary JavaScript in the context of authenticated users by craft= ing malicious URLs and tricking victims into visiting them. This issue has = been patched in version 4.2. 2026-02-03 4.7 CVE-2026-24674 [ https://www.cv= e.org/CVERecord?id=3DCVE-2026-24674 ] https://github.com/gunet/openeclass/s= ecurity/advisories/GHSA-gqvp-w22w-w99r
=C2=A0 gunet--openeclass The Open eClass platform (formerly known as GUnet = eClass) is a complete course management system. Prior to version 4.2, a bus= iness logic vulnerability allows authenticated students to improperly mark = themselves as present in attendance activities, including activities that h= ave already expired, by directly accessing a crafted URL. This issue has be=
en patched in version 4.2. 2026-02-03 4.3 CVE-2026-24774 [ https://www.cve.= org/CVERecord?id=3DCVE-2026-24774 ] https://github.com/gunet/openeclass/sec= urity/advisories/GHSA-rv2x-4rc8-93jh
=C2=A0 opf--openproject OpenProject is an open-source, web-based project ma= nagement software. Prior to 17.0.2, the drag&drop handler moving an agenda = item to a different section was not properly checking if the target meeting=
section is part of the same meeting (or is the backlog, in case of recurri=
ng meetings). This allowed an attacker to move a meeting agenda item into a=
different meeting. The attacker did not get access to meetings, but they c= ould add arbitrary agenda items, that could cause confusions. The vulnerabi= lity is fixed in 17.0.2. 2026-02-06 4.3 CVE-2026-24776 [ https://www.cve.or= g/CVERecord?id=3DCVE-2026-24776 ] https://github.com/opf/openproject/securi= ty/advisories/GHSA-p9v8-w9ph-hqmf https://github.com/opf/openproject/releases/tag/v17.0.2
=C2=A0 Huawei--HarmonyOS Type confusion vulnerability in the camera module.=
Impact: Successful exploitation of this vulnerability may affect availabil= ity. 2026-02-06 4 CVE-2026-24914 [ https://www.cve.org/CVERecord?id=3DCVE-2= 026-24914 ] https://consumer.huawei.com/en/support/bulletin/2026/2/ https://consumer.huawei.com/en/support/bulletinlaptops/2026/2/ https://consumer.huawei.com/en/support/bulletinwearables/2026/2/
=C2=A0 Huawei--HarmonyOS Address read vulnerability in the HDC module. Impa= ct: Successful exploitation of this vulnerability will affect availability = and confidentiality. 2026-02-06 4.8 CVE-2026-24921 [ https://www.cve.org/CV= ERecord?id=3DCVE-2026-24921 ] https://consumer.huawei.com/en/support/bullet= in/2026/2/
https://consumer.huawei.com/en/support/bulletinlaptops/2026/2/ https://consumer.huawei.com/en/support/bulletinwearables/2026/2/
=C2=A0 Blesta--Blesta Blesta 3.x through 5.x before 5.13.3 mishandles input=
validation, aka CORE-5665. 2026-02-03 4.7 CVE-2026-25616 [ https://www.cve= .org/CVERecord?id=3DCVE-2026-25616 ] https://www.blesta.com/2026/01/28/secu= rity-advisory/
=C2=A0 hedgedoc--hedgedoc HedgeDoc is an open source, real-time, collaborat= ive, markdown notes application. Prior to 1.10.6, files served below the /u= ploads/ endpoint did not use a more strict security-policy. This resulted i=
n a too open Content-Security-Policy and furthermore opened the possibility=
to host malicious interactive web content (such as fake login forms) using=
SVG files. This vulnerability is fixed in 1.10.6. 2026-02-06 4.3 CVE-2026-= 25642 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25642 ] https://github.= com/hedgedoc/hedgedoc/security/advisories/GHSA-x74j-jmf9-534w https://github.com/hedgedoc/hedgedoc/commit/74daa0e7a1cbfafd9aeb255eaf064df= e47cd401c https://github.com/hedgedoc/hedgedoc/commit/b930fe04cee92cd4723044030bb59c3= 6781c7137
https://github.com/hedgedoc/hedgedoc/releases/tag/1.10.6
=C2=A0 siyuan-note--siyuan Lute is a structured Markdown engine supporting =
Go and JavaScript. Lute 1.7.6 and earlier (as used in SiYuan before) has a = Stored Cross-Site Scripting (XSS) vulnerability in the Markdown rendering e= ngine. An attacker can inject malicious JavaScript into a Markdown text/not=
e. When another user clicks the rendered content, the script executes in th=
e context of their session. 2026-02-06 4.6 CVE-2026-25647 [ https://www.cve= .org/CVERecord?id=3DCVE-2026-25647 ] https://github.com/siyuan-note/siyuan/= security/advisories/GHSA-rw25-98wq-76qv https://github.com/88250/lute/commit/0118e218916cf0cc7df639b50ce74e0c6c3d18=
68
=C2=A0=20

Back to top [ #top ]

Low Vulnerabilities

Primary
Vendor -- Product Description Published CVSS Score Source Info Patch Info P= 5--FNIP-8x16A P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request = forgery vulnerability that allows attackers to perform administrative actio=
ns without user interaction. Attackers can craft malicious web pages to add=
new admin users, change passwords, and modify system configurations by tri= cking authenticated users into loading a specially crafted page. 2026-02-05=
3.5 CVE-2020-37118 [ https://www.cve.org/CVERecord?id=3DCVE-2020-37118 ] Z= ero Science Lab Disclosure (ZSL-2020-5564) [ https://www.zeroscience.mk/en/= vulnerabilities/ZSL-2020-5564.php ]
ExploitDB-48362 [ https://www.exploit-db.com/exploits/48362 ]
Packet Storm Entry [ https://packetstorm.news/files/id/157318 ]
IBM X-Force Vulnerability Report [ https://exchange.xforce.ibmcloud.com/vul= nerabilities/180253 ]
P5 Vendor Homepage [ https://www.p5.hu/ ]
VulnCheck Advisory: P5 FNIP-8x16A FNIP-4xSH 1.0.20 - Cross-Site Request For= gery (Add Admin) [ https://www.vulncheck.com/advisories/p-fnip-xa-fnip-xsh-= cross-site-request-forgery-add-admin ]
=C2=A0 P5--FNIP-8x16A P5 FNIP-8x16A/FNIP-4xSH versions 1.0.20 and 1.0.11 su= ffer from a stored cross-site scripting vulnerability. Input passed to seve= ral GET/POST parameters is not properly sanitized before being returned to = the user, allowing attackers to execute arbitrary HTML and script code in a=
user's browser session in the context of the affected site. This can be ex= ploited by submitting crafted input to the label modification functionality=
, such as the 'lab4' parameter in config.html. 2026-02-05 3.5 CVE-2020-3714=
8 [ https://www.cve.org/CVERecord?id=3DCVE-2020-37148 ] Zero Science Lab Di= sclosure (ZSL-2020-5564) [ https://www.zeroscience.mk/en/vulnerabilities/ZS= L-2020-5564.php ]
ExploitDB-48362 [ https://www.exploit-db.com/exploits/48362 ]
Packet Storm Entry [ https://packetstormsecurity.com/files/156170/P5-FNIP-8= x16A-FNIP-4xSH-1.0.20-CSRF-XSS.html ]
IBM X-Force Vulnerability Report [ https://exchange.xforce.ibmcloud.com/vul= nerabilities/176993 ]
P5 Vendor Homepage [ https://www.p5.hu/ ]
VulnCheck Advisory: P5 FNIP-8x16A/FNIP-4xSH 1.0.20, 1.0.11 - Stored Cross-S= ite Scripting (XSS) [ https://www.vulncheck.com/advisories/p-fnip-xafnip-xs= h-stored-cross-site-scripting-xss ]
=C2=A0 Tanium--Interact Tanium addressed an improper access controls vulner= ability in Interact. 2026-02-05 3.1 CVE-2025-15289 [ https://www.cve.org/CV= ERecord?id=3DCVE-2025-15289 ] TAN-2025-033 [ https://security.tanium.com/TA= N-2025-033 ]
=C2=A0 Tanium--Tanium Client Tanium addressed a denial of service vulnerabi= lity in Tanium Client. 2026-02-06 3.3 CVE-2025-15320 [ https://www.cve.org/= CVERecord?id=3DCVE-2025-15320 ] TAN-2025-023 [ https://security.tanium.com/= TAN-2025-023 ]
=C2=A0 Tanium--Tanium Appliance Tanium addressed an improper certificate va= lidation vulnerability in Tanium Appliance. 2026-02-05 3.7 CVE-2025-15323 [=
https://www.cve.org/CVERecord?id=3DCVE-2025-15323 ] TAN-2025-031 [ https:/= /security.tanium.com/TAN-2025-031 ]
=C2=A0 n/a--Mapnik A vulnerability has been found in Mapnik up to 4.2.0. Th=
is vulnerability affects the function mapnik::detail::mod<...>::operator of=
the file src/value.cpp. The manipulation leads to divide by zero. The atta=
ck needs to be performed locally. The exploit has been disclosed to the pub= lic and may be used. The project was informed of the problem early through =
an issue report but has not responded yet. 2026-02-07 3.3 CVE-2025-15564 [ = https://www.cve.org/CVERecord?id=3DCVE-2025-15564 ] VDB-344502 | Mapnik val= ue.cpp operator divide by zero [ https://vuldb.com/?id.344502 ]
VDB-344502 | CTI Indicators (IOB, IOC, IOA) [ https://vuldb.com/?ctiid.3445=
02 ]
Submit #743386 | mapnik Mapnik v4.2.0 and master branch Divide By Zero [ ht= tps://vuldb.com/?submit.743386 ]
https://github.com/mapnik/mapnik/issues/4545 https://github.com/oneafter/1219/blob/main/repro https://github.com/mapnik/mapnik/
=C2=A0 IBM--Jazz Reporting Service IBM Jazz Reporting Service could allow a=
n authenticated user on the host network to cause a denial of service using=
specially crafted SQL query that consumes excess memory resources. 2026-02= -04 3.5 CVE-2025-1823 [ https://www.cve.org/CVERecord?id=3DCVE-2025-1823 ] = https://www.ibm.com/support/pages/node/7258083
=C2=A0 IBM--Jazz Reporting Service IBM Jazz Reporting Service could allow a=
n authenticated user on the network to affect the system's performance usin=
g complicated queries due to insufficient resource pooling. 2026-02-04 3.5 = CVE-2025-2134 [ https://www.cve.org/CVERecord?id=3DCVE-2025-2134 ] https://= www.ibm.com/support/pages/node/7258083
=C2=A0 IBM--Jazz Reporting Service IBM Jazz Reporting Service could allow a=
n authenticated user on the host network to obtain sensitive information ab= out other projects that reside on the server. 2026-02-04 3.5 CVE-2025-27550=
[ https://www.cve.org/CVERecord?id=3DCVE-2025-27550 ] https://www.ibm.com/= support/pages/node/7258083
=C2=A0 IBM--Concert IBM Concert 1.0.0 through 2.1.0 stores potentially sens= itive information in log files that could be read by a local user. 2026-02-=
03 3.3 CVE-2025-33081 [ https://www.cve.org/CVERecord?id=3DCVE-2025-33081 ]=
https://www.ibm.com/support/pages/node/7257565
=C2=A0 HCL--AION HCL AION is affected by an Autocomplete HTML Attribute Not=
Disabled for Password Field vulnerability. This can allow autocomplete on = password fields may lead to unintended storage or disclosure of sensitive c= redentials, potentially increasing the risk of unauthorized access. This is= sue affects AION: 2.0. 2026-02-03 3.7 CVE-2025-52623 [ https://www.cve.org/= CVERecord?id=3DCVE-2025-52623 ] https://support.hcl-software.com/csm?id=3Dk= b_article&sysparm_article=3DKB0127972
=C2=A0 HCL--AION HCL AION is susceptible to Missing Content-Security-Policy= .=C2=A0 An The absence of a CSP header may increase the risk of cross-site = scripting and other content injection attacks by allowing unsafe scripts or=
resources to execute. This issue affects AION: 2.0. 2026-02-03 3.7 CVE-202= 5-52629 [ https://www.cve.org/CVERecord?id=3DCVE-2025-52629 ] https://suppo= rt.hcl-software.com/csm?id=3Dkb_article&sysparm_article=3DKB0127972
=C2=A0 HCL--AION HCL AION is affected by a Missing or Insecure HTTP Strict-= Transport-Security (HSTS) Header vulnerability. This can allow insecure con= nections, potentially exposing the application to man-in-the-middle and pro= tocol downgrade attacks. This issue affects AION: 2.0. 2026-02-03 3.7 CVE-2= 025-52631 [ https://www.cve.org/CVERecord?id=3DCVE-2025-52631 ] https://sup= port.hcl-software.com/csm?id=3Dkb_article&sysparm_article=3DKB0127972
=C2=A0 HCL--AION HCL AION is affected by a Permanent Cookie Containing Sens= itive Session Information vulnerability. It is storing sensitive session da=
ta in persistent cookies may increase the risk of unauthorized access if th=
e cookies are intercepted or compromised. This issue affects AION: 2.0. 202= 6-02-03 3.1 CVE-2025-52633 [ https://www.cve.org/CVERecord?id=3DCVE-2025-52= 633 ] https://support.hcl-software.com/csm?id=3Dkb_article&sysparm_article= =3DKB0127972
=C2=A0 N/A--Moodle[.]org A flaw was found in Moodle. An open redirect vulne= rability in the OAuth login flow allows a remote attacker to redirect users=
to attacker-controlled pages after they have successfully authenticated. T= his occurs due to insufficient validation of redirect parameters, which cou=
ld lead to phishing attacks or information disclosure. 2026-02-03 3.5 CVE-2= 025-67852 [ https://www.cve.org/CVERecord?id=3DCVE-2025-67852 ] https://acc= ess.redhat.com/security/cve/CVE-2025-67852
RHBZ#2423844 [ https://bugzilla.redhat.com/show_bug.cgi?id=3D2423844 ]
=C2=A0 webpack--webpack Webpack is a module bundler. From version 5.49.0 to=
before 5.104.0, when experiments.buildHttp is enabled, webpack's HTTP(S) r= esolver (HttpUriPlugin) enforces allowedUris only for the initial URL, but = does not re-validate allowedUris after following HTTP 30x redirects. As a r= esult, an import that appears restricted to a trusted allow-list can be red= irected to HTTP(S) URLs outside the allow-list. This is a policy/allow-list=
bypass that enables build-time SSRF behavior (requests from the build mach= ine to internal-only endpoints, depending on network access) and untrusted = content inclusion in build outputs (redirected content is treated as module=
source and bundled). This issue has been patched in version 5.104.0. 2026-= 02-05 3.7 CVE-2025-68157 [ https://www.cve.org/CVERecord?id=3DCVE-2025-6815=
7 ] https://github.com/webpack/webpack/security/advisories/GHSA-38r7-794h-5= 758
=C2=A0 webpack--webpack Webpack is a module bundler. From version 5.49.0 to=
before 5.104.1, when experiments.buildHttp is enabled, webpack's HTTP(S) r= esolver (HttpUriPlugin) can be bypassed to fetch resources from hosts outsi=
de allowedUris by using crafted URLs that include userinfo (username:passwo= rd@host). If allowedUris enforcement relies on a raw string prefix check (e= .g., uri.startsWith(allowed)), a URL that looks allow-listed can pass valid= ation while the actual network request is sent to a different authority/hos=
t after URL parsing. This is a policy/allow-list bypass that enables build-= time SSRF behavior (outbound requests from the build machine to internal-on=
ly endpoints, depending on network access) and untrusted content inclusion = (the fetched response is treated as module source and bundled). This issue = has been patched in version 5.104.1. 2026-02-05 3.7 CVE-2025-68458 [ https:= //www.cve.org/CVERecord?id=3DCVE-2025-68458 ] https://github.com/webpack/we= bpack/security/advisories/GHSA-8fgc-7cc6-rx7x
=C2=A0 DJI--Mavic Mini A vulnerability has been found in DJI Mavic Mini, Ai=
r, Spark and Mini SE up to 01.00.0500. Affected by this vulnerability is an=
unknown functionality of the component Enhanced Wi-Fi Pairing. The manipul= ation leads to authentication bypass by capture-replay. The attack must be = carried out from within the local network. A high degree of complexity is n= eeded for the attack. The exploitation appears to be difficult. The exploit=
has been disclosed to the public and may be used. The vendor was contacted=
early about this disclosure but did not respond in any way. 2026-02-02 3.1=
CVE-2026-1743 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1743 ] VDB-343= 674 | DJI Mavic Mini/Air/Spark/Mini SE Enhanced Wi-Fi Pairing authenticatio=
n replay [ https://vuldb.com/?id.343674 ]
VDB-343674 | CTI Indicators (IOB, IOC, TTP) [ https://vuldb.com/?ctiid.3436=
74 ]
Submit #741323 | DJI DJI Mavic Mini, Spark, Mini SE 01.00.0500 and Below Au= thentication Bypass by Capture-replay [ https://vuldb.com/?submit.741323 ] https://github.com/ByteMe1001/DJI-CatNect https://github.com/ByteMe1001/DJI-CatNect/blob/main/exploit.c
=C2=A0 GitLab--GitLab A vulnerability has been discovered in GitLab CE/EE a= ffecting all versions starting with 16.8 before 18.5.0 that could have allo= wed unauthorized edits to merge request approval rules under certain condit= ions. 2026-02-02 3.1 CVE-2026-1751 [ https://www.cve.org/CVERecord?id=3DCVE= -2026-1751 ] GitLab Issue #519340 [ https://gitlab.com/gitlab-org/gitlab/-/= issues/519340 ]
HackerOne Bug Bounty Report #2980839 [ https://hackerone.com/reports/298083=
9 ]
=C2=A0 Edimax--BR-6258n A flaw has been found in Edimax BR-6258n up to 1.18=
. This issue affects the function formStaDrvSetup of the file /goform/formS= taDrvSetup. This manipulation of the argument submit-url causes open redire= ct. The attack can be initiated remotely. The exploit has been published an=
d may be used. The vendor confirms that the affected product is end-of-life=
. They confirm that they "will issue a consolidated Security Advisory on ou=
r official support website." This vulnerability only affects products that = are no longer supported by the maintainer. 2026-02-05 3.5 CVE-2026-1970 [ h= ttps://www.cve.org/CVERecord?id=3DCVE-2026-1970 ] VDB-344492 | Edimax BR-62= 58n formStaDrvSetup redirect [ https://vuldb.com/?id.344492 ]
VDB-344492 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344492 ]
Submit #742734 | Edimax BR-6258n v1.18 Open Redirect [ https://vuldb.com/?s= ubmit.742734 ] https://tzh00203.notion.site/EDIMAX-BR-6258n-v1-18-Open-Redirect-Vulnerabil= ity-in-Web-formStaDrvSetup-handler-2eeb5c52018a803bb958e4f80cdf2550?source= =3Dcopy_link
=C2=A0 n/a--oatpp A security vulnerability has been detected in oatpp up to=
1.3.1. This impacts the function oatpp::data::type::ObjectWrapper::ObjectW= rapper of the file src/oatpp/data/type/Type.hpp. The manipulation leads to = null pointer dereference. Local access is required to approach this attack.=
The exploit has been disclosed publicly and may be used. The project was i= nformed of the problem early through an issue report but has not responded = yet. 2026-02-06 3.3 CVE-2026-1990 [ https://www.cve.org/CVERecord?id=3DCVE-= 2026-1990 ] VDB-344508 | oatpp Type.hpp ObjectWrapper null pointer derefere= nce [ https://vuldb.com/?id.344508 ]
VDB-344508 | CTI Indicators (IOB, IOC, IOA) [ https://vuldb.com/?ctiid.3445=
08 ]
Submit #743387 | oatpp 1.3.1 and master-branch NULL Pointer Dereference [ h= ttps://vuldb.com/?submit.743387 ]
https://github.com/oatpp/oatpp/issues/1080 https://github.com/oatpp/oatpp/issues/1080#issue-3806715350 https://github.com/oatpp/oatpp/
=C2=A0 n/a--libuvc A vulnerability was detected in libuvc up to 0.0.7. Affe= cted is the function uvc_scan_streaming of the file src/device.c of the com= ponent UVC Descriptor Handler. The manipulation results in null pointer der= eference. The attack needs to be approached locally. The exploit is now pub= lic and may be used. The project was informed of the problem early through =
an issue report but has not responded yet. 2026-02-06 3.3 CVE-2026-1991 [ h= ttps://www.cve.org/CVERecord?id=3DCVE-2026-1991 ] VDB-344509 | libuvc UVC D= escriptor device.c uvc_scan_streaming null pointer dereference [ https://vu= ldb.com/?id.344509 ]
VDB-344509 | CTI Indicators (IOB, IOC, IOA) [ https://vuldb.com/?ctiid.3445=
09 ]
Submit #743388 | libuvc v0.0.7 and master-branch NULL Pointer Dereference [=
https://vuldb.com/?submit.743388 ]
https://github.com/libuvc/libuvc/issues/300 https://github.com/oneafter/0104/blob/main/repro https://github.com/libuvc/libuvc/
=C2=A0 n/a--micropython A flaw has been found in micropython up to 1.27.0. = This vulnerability affects the function mp_import_all of the file py/runtim= e.c. This manipulation causes memory corruption. The attack needs to be lau= nched locally. The exploit has been published and may be used. Patch name: = 570744d06c5ba9dba59b4c3f432ca4f0abd396b6. It is suggested to install a patc=
h to address this issue. 2026-02-06 3.3 CVE-2026-1998 [ https://www.cve.org= /CVERecord?id=3DCVE-2026-1998 ] VDB-344546 | micropython runtime.c mp_impor= t_all memory corruption [ https://vuldb.com/?id.344546 ]
VDB-344546 | CTI Indicators (IOB, IOC, IOA) [ https://vuldb.com/?ctiid.3445=
46 ]
Submit #743396 | micropython 0fd0843 Memory Corruption [ https://vuldb.com/= ?submit.743396 ]
https://github.com/micropython/micropython/issues/18639 https://github.com/micropython/micropython/pull/18671 https://github.com/micropython/micropython/issues/18639#issue-3780651410 https://github.com/dpgeorge/micropython/commit/570744d06c5ba9dba59b4c3f432c= a4f0abd396b6
https://github.com/micropython/micropython/
=C2=A0 Portabilis--i-Educar A vulnerability was identified in Portabilis i-= Educar up to 2.10. Affected by this vulnerability is an unknown functionali=
ty of the file /intranet/meusdadod.php of the component User Data Page. Suc=
h manipulation of the argument File leads to cross site scripting. It is po= ssible to launch the attack remotely. The exploit is publicly available and=
might be used. The vendor was contacted early about this disclosure but di=
d not respond in any way. 2026-02-06 3.5 CVE-2026-2064 [ https://www.cve.or= g/CVERecord?id=3DCVE-2026-2064 ] VDB-344631 | Portabilis i-Educar User Data=
meusdadod.php cross site scripting [ https://vuldb.com/?id.344631 ]
VDB-344631 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344631 ]
Submit #745108 | Portabilis i-Educar 2.10 Cross Site Scripting [ https://vu= ldb.com/?submit.745108 ] https://github.com/nmmorette/vulnerability-research/tree/main/XSS-Idiario =C2=A0 ggml-org--llama.cpp A flaw has been found in ggml-org llama.cpp up t=
o 55abc39. Impacted is the function llama_grammar_advance_stack of the file=
llama.cpp/src/llama-grammar.cpp of the component GBNF Grammar Handler. Thi=
s manipulation causes stack-based buffer overflow. The attack needs to be l= aunched locally. The exploit has been published and may be used. Patch name=
: 18993. To fix this issue, it is recommended to deploy a patch. 2026-02-06=
3.3 CVE-2026-2069 [ https://www.cve.org/CVERecord?id=3DCVE-2026-2069 ] VDB= -344636 | ggml-org llama.cpp GBNF Grammar llama-grammar.cpp llama_grammar_a= dvance_stack stack-based overflow [ https://vuldb.com/?id.344636 ]
VDB-344636 | CTI Indicators (IOB, IOC, IOA) [ https://vuldb.com/?ctiid.3446=
36 ]
Submit #745263 | llama.cpp commit 55abc39 Stack-based Buffer Overflow [ htt= ps://vuldb.com/?submit.745263 ] https://github.com/ggml-org/llama.cpp/issues/18988 https://github.com/ggml-org/llama.cpp/issues/18988#event-4426704865 https://github.com/user-attachments/files/24761101/poc.zip https://github.com/ggml-org/llama.cpp/pull/18993 https://github.com/ggml-org/llama.cpp/
=C2=A0 F5--BIG-IP Edge Client A vulnerability exists in BIG-IP Edge Client = and browser VPN clients on Windows that may allow attackers to gain access =
to sensitive information.=C2=A0=C2=A0Note: Software versions which have rea= ched End of Technical Support (EoTS) are not evaluated 2026-02-04 3.3 CVE-2= 026-20730 [ https://www.cve.org/CVERecord?id=3DCVE-2026-20730 ] https://my.= f5.com/manage/s/article/K000158931
=C2=A0 F5--BIG-IP A vulnerability exists in an undisclosed BIG-IP Configura= tion utility page that may allow an attacker to spoof error messages.=C2=A0= =C2=A0Note: Software versions which have reached End of Technical Support (= EoTS) are not evaluated. 2026-02-04 3.1 CVE-2026-20732 [ https://www.cve.or= g/CVERecord?id=3DCVE-2026-20732 ] https://my.f5.com/manage/s/article/K00015= 6644
=C2=A0 Tasin1025--SwiftBuy A security flaw has been discovered in Tasin1025=
SwiftBuy up to 0f5011372e8d1d7edfd642d57d721c9fadc54ec7. Affected by this = vulnerability is an unknown functionality of the file /login.php. Performin=
g a manipulation results in improper restriction of excessive authenticatio=
n attempts. Remote exploitation of the attack is possible. The attack's com= plexity is rated as high. The exploitation appears to be difficult. The exp= loit has been released to the public and may be used for attacks. This prod= uct follows a rolling release approach for continuous delivery, so version = details for affected or updated releases are not provided. The vendor was c= ontacted early about this disclosure but did not respond in any way. 2026-0= 2-07 3.7 CVE-2026-2110 [ https://www.cve.org/CVERecord?id=3DCVE-2026-2110 ]=
VDB-344686 | Tasin1025 SwiftBuy login.php excessive authentication [ https= ://vuldb.com/?id.344686 ]
VDB-344686 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344686 ]
Submit #746251 | Md Tasin Rahman Swiftbuy 1.0 Improper Restriction of Exces= sive Authentication Attempts [ https://vuldb.com/?submit.746251 ] https://www.websecurityinsights.my.id/2026/01/swiftbuy-v-10-loginphp-no-lim= it-to.html
=C2=A0 cym1102--nginxWebUI A vulnerability was identified in cym1102 nginxW= ebUI up to 4.3.7. The impacted element is an unknown function of the file /= adminPage/conf/check of the component Web Management Interface. Such manipu= lation of the argument nginxDir leads to cross site scripting. The attack c=
an be executed remotely. The exploit is publicly available and might be use=
d. The project was informed of the problem early through an issue report bu=
t has not responded yet. 2026-02-08 3.5 CVE-2026-2145 [ https://www.cve.org= /CVERecord?id=3DCVE-2026-2145 ] VDB-344847 | cym1102 nginxWebUI Web Managem= ent check cross site scripting [ https://vuldb.com/?id.344847 ]
VDB-344847 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344847 ]
Submit #747404 | cym1102 nginxWebUI 4.3.7 Cross Site Scripting [ https://vu= ldb.com/?submit.747404 ]
https://github.com/cym1102/nginxWebUI/issues/203 https://github.com/cym1102/nginxWebUI/issues/203#issue-3860109934 https://github.com/cym1102/nginxWebUI/
=C2=A0 asterisk--asterisk Asterisk is an open source private branch exchang=
e and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22= .8.2, and 23.2.2, user supplied/control values for Cookies and any GET vari= able query Parameter are directly interpolated into the HTML of the page us= ing ast_str_append. The endpoint at GET /httpstatus is the potential vulner= able endpoint relating to asterisk/main /http.c. This issue has been patche=
d in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2. 2026-02-06 = 3.5 CVE-2026-23738 [ https://www.cve.org/CVERecord?id=3DCVE-2026-23738 ] ht= tps://github.com/asterisk/asterisk/security/advisories/GHSA-v6hp-wh3r-cwxh =C2=A0 Kubernetes--ingress-nginx A security issue was discovered in ingress= -nginx=C2=A0where the protection afforded by the `auth-url` Ingress annotat= ion may not be effective in the presence of a specific misconfiguration. If=
the ingress-nginx controller is configured with a default custom-errors co= nfiguration that includes HTTP errors 401 or 403, and if the configured def= ault custom-errors backend is defective and fails to respect the X-Code HTT=
P header, then an Ingress with the `auth-url` annotation may be accessed ev=
en when authentication fails. Note that the built-in custom-errors backend = works correctly. To trigger this issue requires an administrator to specifi= cally configure ingress-nginx with a broken external component. 2026-02-03 = 3.1 CVE-2026-24513 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24513 ] ht= tps://github.com/kubernetes/kubernetes/issues/136679
=C2=A0 fastify--fastify Fastify is a fast and low overhead web framework, f=
or Node.js. Prior to version 5.7.3, a denial-of-service vulnerability in Fa= stify's Web Streams response handling can allow a remote client to exhaust = server memory. Applications that return a ReadableStream (or Response with =
a Web Stream body) via reply.send() are impacted. A slow or non-reading cli= ent can trigger unbounded buffering when backpressure is ignored, leading t=
o process crashes or severe degradation. This issue has been patched in ver= sion 5.7.3. 2026-02-03 3.7 CVE-2026-25224 [ https://www.cve.org/CVERecord?i= d=3DCVE-2026-25224 ] https://github.com/fastify/fastify/security/advisories= /GHSA-mrq3-vjjr-p77c https://github.com/fastify/fastify/commit/eb11156396f6a5fedaceed0140aed2b7f= 026be37
https://hackerone.com/reports/3524779
=C2=A0 opf--openproject OpenProject is an open-source, web-based project ma= nagement software. Prior to versions 16.6.7 and 17.0.3, an HTML injection v= ulnerability occurs in the time tracking function of OpenProject. The appli= cation does not escape HTML tags, an attacker with administrator privileges=
can create a work package with the name containing the HTML tags and add i=
t to the Work package section when creating time tracking. This issue has b= een patched in versions 16.6.7 and 17.0.3. 2026-02-06 3.5 CVE-2026-25764 [ = https://www.cve.org/CVERecord?id=3DCVE-2026-25764 ] https://github.com/opf/= openproject/security/advisories/GHSA-q523-c695-h3hp https://github.com/opf/openproject/releases/tag/v16.6.7 https://github.com/opf/openproject/releases/tag/v17.0.3
=C2=A0 Fortinet--FortiOS Fortinet FortiOS through 7.6.6 allows attackers to=
decrypt LDAP credentials stored in device configuration files, as exploite=
d in the wild from 2025-12-16 through 2026 (by default, the encryption key =
is the same across all customers' installations). NOTE: the Supplier's posi= tion is that the instance of CWE-1394 is not a vulnerability because custom= ers "are supposed to enable" a non-default option that eliminates the weakn= ess. However, that non-default option can disrupt functionality as shown in=
the "Managing FortiGates with private data encryption" document, and is th= erefore intentionally not a default option. 2026-02-05 3.2 CVE-2026-25815 [=
https://www.cve.org/CVERecord?id=3DCVE-2026-25815 ] https://www.cert.at/en= /blog/2026/1/threat-actors-use-forticloud-to-collect-ldap-connection-passwo= rds https://docs.fortinet.com/document/fortimanager/7.6.6/administration-guide/= 30332/managing-fortigates-with-private-data-encryption
=C2=A0 Red Hat--Red Hat Build of Keycloak A flaw was found in Keycloak Admi=
n API. This vulnerability allows an administrator with limited privileges t=
o retrieve sensitive custom attributes via the /unmanagedAttributes endpoin=
t, bypassing User Profile visibility settings. 2026-02-02 2.7 CVE-2025-1388=
1 [ https://www.cve.org/CVERecord?id=3DCVE-2025-13881 ] https://access.redh= at.com/security/cve/CVE-2025-13881
RHBZ#2418330 [ https://bugzilla.redhat.com/show_bug.cgi?id=3D2418330 ]
=C2=A0 Tanium--Tanium Appliance Tanium addressed an improper input validati=
on vulnerability in Tanium Appliance. 2026-02-05 2.7 CVE-2025-15321 [ https= ://www.cve.org/CVERecord?id=3DCVE-2025-15321 ] TAN-2025-024 [ https://secur= ity.tanium.com/TAN-2025-024 ]
=C2=A0 IBM--PowerVM Hypervisor IBM PowerVM Hypervisor FW1110.00 through FW1= 110.03, FW1060.00 through FW1060.51, and FW950.00 through FW950.F0 may expo=
se a limited amount of data to a peer partition in specific shared processo=
r configurations during certain operations. 2026-02-02 2.8 CVE-2025-36194 [=
https://www.cve.org/CVERecord?id=3DCVE-2025-36194 ] https://www.ibm.com/su= pport/pages/node/7257555
=C2=A0 Red Hat--Red Hat Build of Keycloak A flaw was found in Keycloak's CI=
BA feature where insufficient validation of client-configured backchannel n= otification endpoints could allow blind server-side requests to internal se= rvices. 2026-02-02 2.7 CVE-2026-1518 [ https://www.cve.org/CVERecord?id=3DC= VE-2026-1518 ] https://access.redhat.com/security/cve/CVE-2026-1518 RHBZ#2433727 [ https://bugzilla.redhat.com/show_bug.cgi?id=3D2433727 ]
=C2=A0 D-Link--DSL-6641K A vulnerability was found in D-Link DSL-6641K N8.T= R069.20131126. Affected by this issue is the function doSubmitPPP of the fi=
le sp_pppoe_user.js. The manipulation of the argument Username results in c= ross site scripting. The attack may be launched remotely. The exploit has b= een made public and could be used. This vulnerability only affects products=
that are no longer supported by the maintainer. 2026-02-02 2.4 CVE-2026-17=
44 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1744 ] VDB-343675 | D-Link=
DSL-6641K sp_pppoe_user.js doSubmitPPP cross site scripting [ https://vuld= b.com/?id.343675 ]
VDB-343675 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .343675 ]
Submit #742439 | D-Link DSL6641K version N8.TR069.20131126 Cross Site Scrip= ting [ https://vuldb.com/?submit.742439 ] https://tzh00203.notion.site/D-Link-DSL6641K-version-N8-TR069-20131126-XSS-= via-sp_pppoe_user-js-Configuration-2eeb5c52018a80d083aaf19efbaa9130?source= =3Dcopy_link
https://www.dlink.com/
=C2=A0 Hillstone Networks--Operation and Maintenance Security Gateway Unres= tricted Upload of File with Dangerous Type vulnerability in Hillstone Netwo= rks Operation and Maintenance Security Gateway on Linux allows Upload a Web=
Shell to a Web Server. This issue affects Operation and Maintenance Securi=
ty Gateway: V5.5ST00001B113. 2026-02-04 2.7 CVE-2026-1791 [ https://www.cve= .org/CVERecord?id=3DCVE-2026-1791 ] https://www.hillstonenet.com.cn/securit= y-notification/2025/12/08/wgscld/
=C2=A0 Edimax--BR-6288ACL A vulnerability has been found in Edimax BR-6288A=
CL up to 1.12. Impacted is the function wiz_WISP24gmanual of the file wiz_W= ISP24gmanual.asp. Such manipulation of the argument manualssid leads to cro=
ss site scripting. The attack can be launched remotely. The exploit has bee=
n disclosed to the public and may be used. The vendor confirms that the aff= ected product is end-of-life. They confirm that they "will issue a consolid= ated Security Advisory on our official support website." This vulnerability=
only affects products that are no longer supported by the maintainer. 2026= -02-06 2.4 CVE-2026-1971 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1971=
] VDB-344493 | Edimax BR-6288ACL wiz_WISP24gmanual.asp wiz_WISP24gmanual c= ross site scripting [ https://vuldb.com/?id.344493 ]
VDB-344493 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344493 ]
Submit #743318 | Edimax BR6288ACL v1.12 Cross Site Scripting [ https://vuld= b.com/?submit.743318 ] https://tzh00203.notion.site/EDIMAX-BR6288ACL-v1-12-XSS-via-wiz_WISP24gmanu= al-asp-Configuration-2eeb5c52018a802e8ed9f6d000f7a6aa?source=3Dcopy_link
=C2=A0 code-projects--Online Student Management System A weakness has been = identified in code-projects Online Student Management System 1.0. The impac= ted element is an unknown function of the file /admin/announcement/index.ph= p?view=3Dadd of the component Announcement Management Module. This manipula= tion causes cross site scripting. The attack is possible to be carried out = remotely. The exploit has been made available to the public and could be us=
ed for attacks. 2026-02-08 2.4 CVE-2026-2156 [ https://www.cve.org/CVERecor= d?id=3DCVE-2026-2156 ] VDB-344858 | code-projects Online Student Management=
System Announcement Management index.php cross site scripting [ https://vu= ldb.com/?id.344858 ]
VDB-344858 | CTI Indicators (IOB, IOC, TTP, IOA) [ https://vuldb.com/?ctiid= .344858 ]
Submit #748328 | code-projects Online Student Management System in PHP late=
st (no version specified by vendor) Cross-Site Scripting [ https://vuldb.co= m/?submit.748328 ]
https://github.com/baguette168/CVE/issues/1
https://code-projects.org/
=C2=A0 asterisk--asterisk Asterisk is an open source private branch exchang=
e and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22= .8.2, and 23.2.2, the ast_xml_open() function in xml.c parses XML documents=
using libxml with unsafe parsing options that enable entity expansion and = XInclude processing. Specifically, it invokes xmlReadFile() with the XML_PA= RSE_NOENT flag and later processes XIncludes via xmlXIncludeProcess().If an=
y untrusted or user-supplied XML file is passed to this function, it can al= low an attacker to trigger XML External Entity (XXE) or XInclude-based loca=
l file disclosure, potentially exposing sensitive files from the host syste=
m. This can also be triggered in other cases in which the user is able to s= upply input in xml format that triggers the asterisk process to parse it. T= his issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2=
, and 23.2.2. 2026-02-06 2 CVE-2026-23739 [ https://www.cve.org/CVERecord?i= d=3DCVE-2026-23739 ] https://github.com/asterisk/asterisk/security/advisori= es/GHSA-85x7-54wr-vh42
=C2=A0=20

Back to top [ #top ]

Severity Not Yet Assigned

Primary
Vendor -- Product Description Published CVSS Score Source Info Patch Info w= intercms--winter Winter is a free, open-source content management system (C= MS) based on the Laravel PHP framework. Versions of Winter CMS before 1.2.1=
0 allow users with access to the CMS Asset Manager were able to upload SVGs=
without automatic sanitization. To actively exploit this security issue, a=
n attacker would need access to the Backend with a user account with the fo= llowing permission: cms.manage_assets. The Winter CMS maintainers strongly = recommend that the cms.manage_assets permission only be reserved to trusted=
administrators and developers in general. This vulnerability is fixed in 1= .2.10. 2026-02-06 not yet calculated CVE-2026-22254 [ https://www.cve.org/C= VERecord?id=3DCVE-2026-22254 ] https://github.com/wintercms/winter/security= /advisories/GHSA-m7gw-rffq-rxjm https://github.com/wintercms/winter/commit/8a7f74b004fcd19721764fc63af0cdb3= 39d9fb65
https://github.com/wintercms/winter/releases/tag/v1.2.10
=C2=A0 asterisk--asterisk Asterisk is an open source private branch exchang=
e and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22= .8.2, and 23.2.2, when ast_coredumper writes its gdb init and output files =
to a directory that is world-writable (for example /tmp), an attacker with = write permission(which is all users on a linux system) to that directory ca=
n cause root to execute arbitrary commands or overwrite arbitrary files by = controlling the gdb init file and output paths. This issue has been patched=
in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2. 2026-02-06 n=
ot yet calculated CVE-2026-23740 [ https://www.cve.org/CVERecord?id=3DCVE-2= 026-23740 ] https://github.com/asterisk/asterisk/security/advisories/GHSA-x= pc6-x892-v83c
=C2=A0 asterisk--asterisk Asterisk is an open source private branch exchang=
e and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22= .8.2, and 23.2.2, the asterisk/contrib/scripts/ast_coredumper runs as root,=
as noted by the NOTES tag on line 689 of the ast_coredumper file. The scri=
pt will source the contents of /etc/asterisk/ast_debug_tools.conf, which re= sides in a folder that is writeable by the asterisk user:group. Due to the = /etc/asterisk/ast_debug_tools.conf file following bash semantics and it bei=
ng loaded; an attacker with write permissions may add or modify the file su=
ch that when the root ast_coredumper is run; it would source and thereby ex= ecute arbitrary bash code found in the /etc/asterisk/ast_debug_tools.conf. = This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.=
2, and 23.2.2. 2026-02-06 not yet calculated CVE-2026-23741 [ https://www.c= ve.org/CVERecord?id=3DCVE-2026-23741 ] https://github.com/asterisk/asterisk= /security/advisories/GHSA-rvch-3jmx-3jf3
=C2=A0 Arox--School ERP Pro School ERP Pro 1.0 contains a remote code execu= tion vulnerability that allows authenticated admin users to upload arbitrar=
y PHP files as profile photos by bypassing file extension checks. Attackers=
can exploit improper file validation in pre-editstudent.inc.php to execute=
arbitrary code on the server. 2026-02-03 not yet calculated CVE-2020-37084=
[ https://www.cve.org/CVERecord?id=3DCVE-2020-37084 ] ExploitDB-48392 [ ht= tps://www.exploit-db.com/exploits/48392 ]
Archived Vendor Homepage [ https://web.archive.org/web/20200129123503/http:= //arox.in/ ]
Archived SourceForge Product Page [ https://web.archive.org/web/20190612111= 732/https://sourceforge.net/projects/school-erp-ultimate/ ]
VulnCheck Advisory: School ERP Pro 1.0 Admin Profile Photo Upload Remote Co=
de Execution Vulnerability [ https://www.vulncheck.com/advisories/school-er= p-pro-admin-profile-photo-upload-remote-code-execution-vulnerability ]
=C2=A0 Rubikon Teknoloji--Easy Transfer Easy Transfer Wifi Transfer v1.7 fo=
r iOS contains a persistent cross-site scripting vulnerability that allows = remote attackers to inject malicious scripts by manipulating the oldPath, n= ewPath, and path parameters in Create Folder and Move/Edit functions. Attac= kers can exploit improper input validation via POST requests to execute arb= itrary JavaScript in the context of the mobile web application. 2026-02-03 = not yet calculated CVE-2020-37087 [ https://www.cve.org/CVERecord?id=3DCVE-= 2020-37087 ] ExploitDB-48395 [ https://www.exploit-db.com/exploits/48395 ] Vulnerability-Lab Advisory [ https://www.vulnerability-lab.com/get_content.= php?id=3D2223 ]
Official App Store Product Page [ https://apps.apple.com/us/app/easy-transf= er-wifi-transfer/id1484667078 ]
VulnCheck Advisory: Easy Transfer 1.7 for iOS - Persistent Cross-Site Scrip= ting [ https://www.vulncheck.com/advisories/easy-transfer-for-ios-persisten= t-cross-site-scripting ]
=C2=A0 PHP-Fusion--PHP-Fusion PHP-Fusion 9.03.50 panels.php is vulnerable t=
o cross-site scripting (XSS) via the 'panel_content' POST parameter. The ap= plication fails to properly sanitize user input before rendering it in the = browser, allowing attackers to inject arbitrary JavaScript. This can be exp= loited by submitting crafted input to the 'panel_content' field in panels.p= hp, resulting in execution of malicious scripts in the context of the affec= ted site. 2026-02-05 not yet calculated CVE-2020-37152 [ https://www.cve.or= g/CVERecord?id=3DCVE-2020-37152 ] Vendor Homepage [ https://www.php-fusion.= co.uk/ ]
ExploitDB-48299 [ https://www.exploit-db.com/exploits/48299 ]
VulnCheck Advisory: PHP-Fusion 9.03.50 panels.php - Cross-Site Scripting (X= SS) [ https://www.vulncheck.com/advisories/php-fusion-panelsphp-cross-site-= scripting-xss ]
=C2=A0 parisneo--parisneo/lollms-webui A Local File Inclusion (LFI) vulnera= bility exists in the '/reinstall_extension' endpoint of the parisneo/lollms= -webui application, specifically within the `name` parameter of the `@route= r.post("/reinstall_extension")` route. This vulnerability allows attackers =
to inject a malicious `name` parameter, leading to the server loading and e= xecuting arbitrary Python files from the upload directory for discussions. = This issue arises due to the concatenation of `data.name` directly with `lo= llmsElfServer.lollms_paths.extensions_zoo_path` and its use as an argument = for `ExtensionBuilder().build_extension()`. The server's handling of the `_= _init__.py` file in arbitrary locations, facilitated by `importlib.machiner= y.SourceFileLoader`, enables the execution of arbitrary code, such as comma=
nd execution or creating a reverse-shell connection. This vulnerability aff= ects the latest version of parisneo/lollms-webui and can lead to Remote Cod=
e Execution (RCE) when the application is exposed to an external endpoint o=
r the UI, especially when bound to `0.0.0.0` or in `headless mode`. No user=
interaction is required for exploitation. 2026-02-02 not yet calculated CV= E-2024-2356 [ https://www.cve.org/CVERecord?id=3DCVE-2024-2356 ] https://hu= ntr.com/bounties/cb9867b4-28e3-4406-9031-f66fc28553d4 https://github.com/parisneo/lollms-webui/commit/41dbb1b3f2e78ea276e5269544e= 50514252c0c25
=C2=A0 lunary-ai--lunary-ai/lunary In lunary-ai/lunary version 1.2.13, an i= nsufficient granularity of access control vulnerability allows users to del= ete prompts created in other organizations through ID manipulation. The vul= nerability stems from the application's failure to validate the ownership o=
f the prompt before deletion, only checking if the user has permissions to = delete such resources without verifying if it belongs to the user's project=
or organization. As a result, users can remove prompts not owned by their = organization or project, leading to legitimate users being unable to access=
the removed prompts and causing information inconsistencies. 2026-02-02 no=
t yet calculated CVE-2024-4147 [ https://www.cve.org/CVERecord?id=3DCVE-202= 4-4147 ] https://huntr.com/bounties/3f051943-71ea-414c-a528-cd8b5d82a7ad https://github.com/lunary-ai/lunary/commit/0755dde1afc2a74ec23b55eee03e4416= 916cf48f
=C2=A0 lunary-ai--lunary-ai/lunary In lunary-ai/lunary version 1.2.2, an ac= count hijacking vulnerability exists due to a password reset token leak. A = user with a 'viewer' role can exploit this vulnerability to hijack another = user's account by obtaining the password reset token. The vulnerability is = triggered when the 'viewer' role user sends a specific request to the serve=
r, which responds with a password reset token in the 'recoveryToken' parame= ter. This token can then be used to reset the password of another user's ac= count without authorization. The issue results from an excessive attack sur= face, allowing lower-privileged users to escalate their privileges and take=
over accounts. 2026-02-02 not yet calculated CVE-2024-5386 [ https://www.c= ve.org/CVERecord?id=3DCVE-2024-5386 ] https://huntr.com/bounties/602eb4a1-3= 05d-46d6-b975-5a5d8b040ad1 https://github.com/lunary-ai/lunary/commit/fc7ab3d5621c18992da5dab3a2a9a8d2= 27d42311
=C2=A0 h2oai--h2oai/h2o-3 A vulnerability in h2oai/h2o-3 version 3.46.0.1 a= llows remote attackers to write arbitrary data to any file on the server. T= his is achieved by exploiting the `/3/Parse` endpoint to inject attacker-co= ntrolled data as the header of an empty file, which is then exported using = the `/3/Frames/framename/export` endpoint. The impact of this vulnerability=
includes the potential for remote code execution and complete access to th=
e system running h2o-3, as attackers can overwrite critical files such as p= rivate SSH keys or script files. 2026-02-02 not yet calculated CVE-2024-598=
6 [ https://www.cve.org/CVERecord?id=3DCVE-2024-5986 ] https://huntr.com/bo= unties/64ff5319-6ac3-4447-87f7-b53495d4d5a3
=C2=A0 Nokia--Infinera DNA Infinera DNA is vulnerable to a time-based SQL i= njection vulnerability due to insufficient input validation, which may resu=
lt in leaking of sensitive information. 2026-02-05 not yet calculated CVE-2= 025-10258 [ https://www.cve.org/CVERecord?id=3DCVE-2025-10258 ] Nokia Produ=
ct Security Advisory [ https://www.nokia.com/we-are-nokia/security/product-= security-advisory/cve-2025-10258/ ]
=C2=A0 mlflow--mlflow/mlflow In mlflow version 2.20.3, the temporary direct= ory used for creating Python virtual environments is assigned insecure worl= d-writable permissions (0o777). This vulnerability allows an attacker with = write access to the `/tmp` directory to exploit a race condition and overwr= ite `.py` files in the virtual environment, leading to arbitrary code execu= tion. The issue is resolved in version 3.4.0. 2026-02-02 not yet calculated=
CVE-2025-10279 [ https://www.cve.org/CVERecord?id=3DCVE-2025-10279 ] https= ://huntr.com/bounties/01d3b81e-13d1-43aa-b91a-443aec68bdc8 https://github.com/mlflow/mlflow/commit/1d7c8d4cf0a67d407499a8a4ffac387ea4f= 8194a
=C2=A0 Wikimedia Foundation--OATHAuth Vulnerability in Wikimedia Foundation=
OATHAuth. This vulnerability is associated with program files src/Special/= OATHManage.Php. This issue affects OATHAuth: from * before 1.39.14, 1.43.4,=
1.44.1. 2026-02-03 not yet calculated CVE-2025-11173 [ https://www.cve.org= /CVERecord?id=3DCVE-2025-11173 ] https://phabricator.wikimedia.org/T401862 https://phabricator.wikimedia.org/T402094
=C2=A0 Wikimedia Foundation--MediaWiki Improper Neutralization of Input Dur= ing Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wi= kimedia Foundation MediaWiki. This vulnerability is associated with program=
files resources/src/mediawiki.Language/mediawiki.Language.Js. This issue a= ffects MediaWiki: from * before 1.39.15, 1.43.5, 1.44.2. 2026-02-03 not yet=
calculated CVE-2025-11261 [ https://www.cve.org/CVERecord?id=3DCVE-2025-11= 261 ] https://https://phabricator.wikimedia.org/T406322 https://phabricator.wikimedia.org/T402077
=C2=A0 Centralny Orodek Informatyki--mObywatel In mObywatel iOS application= =C2=A0an unauthorized user can use the App Switcher to view the account own= er's personal information in the minimized app window, even after the login=
session has ended (reopening the app would require the user to log in). Th=
e data exposed depends on the last application view displayed before the ap= plication was minimized This issue was fixed in version 4.71.0 2026-02-03 n=
ot yet calculated CVE-2025-11598 [ https://www.cve.org/CVERecord?id=3DCVE-2= 025-11598 ] https://info.mobywatel.gov.pl/ https://cert.pl/posts/2026/02/CVE-2025-11598
=C2=A0 silabs.com--Simplicity SDK A truncated 802.15.4 packet can lead to a=
n assert, resulting in a denial of service. 2026-02-05 not yet calculated C= VE-2025-12131 [ https://www.cve.org/CVERecord?id=3DCVE-2025-12131 ] https:/= /community.silabs.com/068Vm00000g8dP3
=C2=A0 Brocade--SANnav A vulnerability in Brocade SANnav before 2.4.0b prin=
ts the Password-Based Encryption (PBE) key in plaintext in the system audit=
log file. The vulnerability could allow a remote authenticated attacker wi=
th access to the audit logs to access the pbe key. Note: The vulnerability =
is only triggered during a migration and not in a new installation. The sys= tem audit logs are accessible only to a privileged user on the server. Thes=
e audit logs are the local server VM's audit logs and are not controlled by=
SANnav. These logs are only visible to the server admin of the host server=
and are not visible to the SANnav admin or any SANnav user. 2026-02-02 not=
yet calculated CVE-2025-12679 [ https://www.cve.org/CVERecord?id=3DCVE-202= 5-12679 ] https://support.broadcom.com/web/ecx/support-content-notification= /-/external/content/SecurityAdvisories/0/36845
=C2=A0 Brocade--SANnav Brocade SANnav before Brocade SANnav 2.4.0b logs dat= abase passwords in clear text in the standby SANnav server, after disaster = recovery failover. The vulnerability could allow a remote authenticated att= acker with admin privilege able to access the SANnav logs or the supportsav=
e to read the database password. 2026-02-02 not yet calculated CVE-2025-126=
80 [ https://www.cve.org/CVERecord?id=3DCVE-2025-12680 ] https://support.br= oadcom.com/web/ecx/support-content-notification/-/external/content/Security= Advisories/0/36844
=C2=A0 Brocade--SANnav Brocade SANnav before 2.4.0b logs the Brocade Fabric=
OS Switch admin password on the SANnav support save logs. When OOM occurs =
on a Brocade SANnav server, the call stack trace for the Brocade switch is = also collected in the heap dump file which contains this switch password in=
clear text. The vulnerability could allow a remote authenticated attacker = with admin privilege able to access the SANnav logs or the supportsave to r= ead the switch admin password. 2026-02-02 not yet calculated CVE-2025-12772=
[ https://www.cve.org/CVERecord?id=3DCVE-2025-12772 ] https://support.broa= dcom.com/web/ecx/support-content-notification/-/external/content/SecurityAd= visories/0/36846
=C2=A0 Brocade--SANnav A vulnerability in update-reports-purge-settings.sh = script logging for Brocade SANnav before 2.4.0a could allow the collection =
of SANnav database password in the system audit logs.=C2=A0The vulnerabilit=
y could allow a remote authenticated attacker with access to the audit logs=
to access the Brocade SANnav database password. 2026-02-03 not yet calcula= ted CVE-2025-12773 [ https://www.cve.org/CVERecord?id=3DCVE-2025-12773 ] ht= tps://support.broadcom.com/web/ecx/support-content-notification/-/external/= content/SecurityAdvisories/0/36847
=C2=A0 Brocade--SANnav A vulnerability in the migration script for Brocade = SANnav before 3.0 could allow the collection of database sql queries in the=
SANnav support save file.=C2=A0An attacker with access to Brocade SANnav s= upportsave file, could open the file and then obtain sensitive information = such as details of database tables and encrypted passwords. 2026-02-03 not = yet calculated CVE-2025-12774 [ https://www.cve.org/CVERecord?id=3DCVE-2025= -12774 ] https://support.broadcom.com/web/ecx/support-content-notification/= -/external/content/SecurityAdvisories/0/36848
=C2=A0 ASUS--ASUS Business Manager An improper access control vulnerability=
exists in ASUS Secure Delete Driver of ASUS Business Manager. This vulnera= bility can be triggered by a local user sending a specially crafted request=
, potentially leading to the creation of arbitrary files in a specified pat=
h. Refer to the "Security Update for ASUS Business Manager" section on the = ASUS Security Advisory for more information. 2026-02-02 not yet calculated = CVE-2025-13348 [ https://www.cve.org/CVERecord?id=3DCVE-2025-13348 ] https:= //www.asus.com/security-advisory/
=C2=A0 djangoproject--Django An issue was discovered in 6.0 before 6.0.2, 5=
.2 before 5.2.11, and 4.2 before 4.2.28. The `django.contrib.auth.handlers.= modwsgi.check_password()` function for authentication via `mod_wsgi` allows=
remote attackers to enumerate users via a timing attack. Earlier, unsuppor= ted Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and = may also be affected. Django would like to thank Stackered for reporting th=
is issue. 2026-02-03 not yet calculated CVE-2025-13473 [ https://www.cve.or= g/CVERecord?id=3DCVE-2025-13473 ] Django security archive [ https://docs.dj= angoproject.com/en/dev/releases/security/ ]
Django releases announcements [ https://groups.google.com/g/django-announce=
]
Django security releases issued: 6.0.2, 5.2.11, and 4.2.28 [ https://www.dj= angoproject.com/weblog/2026/feb/03/security-releases/ ]
=C2=A0 ESET spol s.r.o.--ESET Management Agent Local privilege escalation v= ulnerability via insecure temporary batch file execution in ESET Management=
Agent 2026-02-06 not yet calculated CVE-2025-13818 [ https://www.cve.org/C= VERecord?id=3DCVE-2025-13818 ] https://support.eset.com/en/ca8913-eset-cust= omer-advisory-local-privilege-escalation-via-insecure-temporary-batch-file-= execution-in-eset-management-agent-for-windows-fixed
=C2=A0 djangoproject--Django An issue was discovered in 6.0 before 6.0.2, 5=
.2 before 5.2.11, and 4.2 before 4.2.28. `ASGIRequest` allows a remote atta= cker to cause a potential denial-of-service via a crafted request with mult= iple duplicate headers. Earlier, unsupported Django series (such as 5.0.x, = 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would=
like to thank Jiyong Yang for reporting this issue. 2026-02-03 not yet cal= culated CVE-2025-14550 [ https://www.cve.org/CVERecord?id=3DCVE-2025-14550 =
] Django security archive [ https://docs.djangoproject.com/en/dev/releases/= security/ ]
Django releases announcements [ https://groups.google.com/g/django-announce=
]
Django security releases issued: 6.0.2, 5.2.11, and 4.2.28 [ https://www.dj= angoproject.com/weblog/2026/feb/03/security-releases/ ]
=C2=A0 Unknown--User Profile Builder The User Profile Builder WordPress plu= gin before 3.15.2 does not have a proper password reset process, allowing a=
few unauthenticated requests to reset the password of any user by knowing = their username, such as administrator ones, and therefore gain access to th= eir account 2026-02-02 not yet calculated CVE-2025-15030 [ https://www.cve.= org/CVERecord?id=3DCVE-2025-15030 ] https://wpscan.com/vulnerability/344cb1= b1-342e-44b2-ae4a-3bb31be56b22/
=C2=A0 Mitsubishi Electric Corporation--MELSEC iQ-R Series R08PCPU Improper=
Validation of Specified Quantity in Input vulnerability in Mitsubishi Elec= tric MELSEC iQ-R Series R08PCPU, R16PCPU, R32PCPU, and R120PCPU allows an u= nauthenticated attacker to read device data or part of a control program fr=
om the affected product, write device data in the affected product, or caus=
e a denial of service (DoS) condition on the affected product by sending a = specially crafted packet containing a specific command to the affected prod= uct. 2026-02-05 not yet calculated CVE-2025-15080 [ https://www.cve.org/CVE= Record?id=3DCVE-2025-15080 ] https://jvn.jp/vu/JVNVU95093080/ https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-020_en.pdf https://www.cisa.gov/news-events/ics-advisories/icsa-26-036-02
=C2=A0 Unknown--Library Viewer The Library Viewer WordPress plugin before 3= .2.0 does not sanitise and escape some parameters before outputting them ba=
ck in the page, leading to a Reflected Cross-Site Scripting which could be = used against high privilege users such as admin. 2026-02-02 not yet calcula= ted CVE-2025-15396 [ https://www.cve.org/CVERecord?id=3DCVE-2025-15396 ] ht= tps://wpscan.com/vulnerability/08790e11-019d-4680-a75f-ee0a937f8cc8/
=C2=A0 Unknown--Post Slides The Post Slides WordPress plugin through 1.0.1 = does not validate some shortcode attributes before using them to generate p= aths passed to include function/s, allowing any authenticated users such as=
with contributor or higher roles to perform LFI attacks 2026-02-07 not yet=
calculated CVE-2025-15491 [ https://www.cve.org/CVERecord?id=3DCVE-2025-15= 491 ] https://wpscan.com/vulnerability/eb0424cc-e60c-44a5-aa24-cd1fe042b27a/ =C2=A0 TP-Link Systems Inc.--Archer MR200 v5.2 The response coming from TP-= Link Archer MR200 v5.2, C20 v6, TL-WR850N v3, and TL-WR845N v4 for any requ= est is getting executed by the JavaScript function like eval directly witho=
ut any check.=C2=A0Attackers can exploit this vulnerability via a Man-in-th= e-Middle (MitM) attack to execute JavaScript code on the router's admin web=
portal without the user's permission or knowledge. 2026-02-05 not yet calc= ulated CVE-2025-15551 [ https://www.cve.org/CVERecord?id=3DCVE-2025-15551 ]=
https://www.tp-link.com/en/support/download/archer-mr200/v5.20/#Firmware https://www.tp-link.com/en/support/download/archer-c20/v6/#Firmware https://www.tp-link.com/in/support/download/tl-wr850n/#Firmware https://www.tp-link.com/en/support/download/tl-wr845n/#Firmware https://www.tp-link.com/in/support/download/archer-mr200/v5.20/#Firmware https://www.tp-link.com/in/support/download/archer-c20/v6/#Firmware https://www.tp-link.com/in/support/download/tl-wr845n/#Firmware https://www.tp-link.com/us/support/faq/4948/
=C2=A0 notepad-plus-plus--notepad-plus-plus Notepad++ versions prior to 8.8= .9, when using the WinGUp updater, contain an update integrity verification=
vulnerability where downloaded update metadata and installers are not cryp= tographically verified. An attacker able to intercept or redirect update tr= affic can cause the updater to download and execute an attacker-controlled = installer, resulting in arbitrary code execution with the privileges of the=
user. 2026-02-03 not yet calculated CVE-2025-15556 [ https://www.cve.org/C= VERecord?id=3DCVE-2025-15556 ] https://community.notepad-plus-plus.org/topi= c/27298/notepad-v8-8-9-vulnerability-fix https://notepad-plus-plus.org/news/hijacked-incident-info-update/ https://github.com/notepad-plus-plus/notepad-plus-plus/commit/bcf2aa68ef414= 338d717e20e059459570ed6c5ab https://github.com/notepad-plus-plus/wingup/commit/ce0037549995ed0396cc3635= 44d14b3425614fdb https://www.vulncheck.com/advisories/notepad-plus-plus-wingup-updater-lacks= -update-integrity-verification
=C2=A0 TP-Link Systems Inc.--Tapo H100 v1 An Improper Certificate Validatio=
n vulnerability in TP-Link Tapo H100 v1 and Tapo P100 v1 allows an on-path = attacker on the same network segment to intercept and modify encrypted devi= ce-cloud communications.=C2=A0 This may compromise the confidentiality and = integrity of device-to-cloud communication, enabling manipulation of device=
data or operations. 2026-02-05 not yet calculated CVE-2025-15557 [ https:/= /www.cve.org/CVERecord?id=3DCVE-2025-15557 ] https://www.tp-link.com/us/sup= port/download/tapo-h100/
https://www.tp-link.com/us/support/download/tapo-p100/ https://www.tp-link.com/en/support/download/tapo-h100/ https://www.tp-link.com/en/support/download/tapo-p100/ https://www.tp-link.com/us/support/faq/4949/
=C2=A0 Go standard library--os It was possible to improperly access the par= ent directory of an os.Root by opening a filename ending in "../". For exam= ple, Root.Open("../") would open the parent directory of the Root. This esc= ape only permits opening the parent directory itself, not ancestors of the = parent or files contained within the parent. 2026-02-04 not yet calculated = CVE-2025-22873 [ https://www.cve.org/CVERecord?id=3DCVE-2025-22873 ] https:= //go.dev/cl/670036
https://go.dev/issue/73555 https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ https://pkg.go.dev/vuln/GO-2026-4403
=C2=A0 Hancom Inc.--Hancom Office 2018 Access of Resource Using Incompatibl=
e Type ('Type Confusion') vulnerability in Hancom Inc. Hancom Office 2018, = Hancom Inc. Hancom Office 2020, Hancom Inc. Hancom Office 2022, Hancom Inc.=
Hancom Office 2024 allows File Content Injection. This issue affects Hanco=
m Office 2018: before 10.0.0.12681; Hancom Office 2020: before 11.0.0.8916;=
Hancom Office 2022: before 12.0.0.4426; Hancom Office 2024: before 13.0.0.= 3050. 2026-02-04 not yet calculated CVE-2025-29867 [ https://www.cve.org/CV= ERecord?id=3DCVE-2025-29867 ] https://www.boho.or.kr/kr/bbs/view.do?searchC= nd=3D&bbsId=3DB0000302&searchWrd=3D&menuNo=3D205023&pageIndex=3D1&categoryC= ode=3D&nttId=3D71959
https://www.hancom.com/support/downloadCenter/download
=C2=A0 Significant-Gravitas--AutoGPT AutoGPT is a platform that allows user=
s to create, deploy, and manage continuous artificial intelligence agents t= hat automate complex workflows. Prior to autogpt-platform-beta-v0.6.32, the=
re is a DoS vulnerability in ReadRSSFeedBlock. In RSSBlock, feedparser.pars=
er is called to obtain the XML file according to the URL input by the user,=
parse the XML, and finally obtain the parsed result. However, during the p= arsing process, there is no limit on the parsing time and the resources tha=
t can be allocated for parsing. When a malicious user lets RSSBlock parse a=
carefully constructed, deep XML, it will cause memory resources to be exha= usted, eventually causing DoS. This issue has been patched in autogpt-platf= orm-beta-v0.6.32. 2026-02-05 not yet calculated CVE-2025-32393 [ https://ww= w.cve.org/CVERecord?id=3DCVE-2025-32393 ] https://github.com/Significant-Gr= avitas/AutoGPT/security/advisories/GHSA-5cqw-g779-9f9x https://github.com/Significant-Gravitas/AutoGPT/commit/57a06f70883ce6be1873= 8c6ae8bb41085c71e266
=C2=A0 Luna Imaging--LUNA Stored Cross-Site Scripting (XSS) vulnerability t= ype in LUNA software v7.5.5.6. This vulnerability allows an attacker to exe= cute JavaScript code in the victim's browser by inyecting a malicious paylo=
ad through the 'Edit Batch Name' function. THe payload is stored by the app= lication and subsequently displayed without proper sanitization when other = users access it. This vulnerability can be exploited to steal sensitive use=
r data, such as session cookies, or to perform actions on behalf of the use=
r. 2026-02-03 not yet calculated CVE-2025-41065 [ https://www.cve.org/CVERe= cord?id=3DCVE-2025-41065 ] https://www.incibe.es/en/incibe-cert/notices/avi= so/stored-cross-site-scripting-xss-luna-luna-imaging
=C2=A0 Apidog--Apidog Web Platform Stored Cross-Site Scripting (XSS) vulner= ability type in Apidog in the version 2.7.15, where SVG image uploads are n=
ot properly sanitized. This allows attackers to embed malicious scripts in = SVG files by sending a POST request to '/api/v1/user-avatar', which are the=
n stored on the server and executed in the context of any user accessing th=
e compromised resource. 2026-02-04 not yet calculated CVE-2025-41085 [ http= s://www.cve.org/CVERecord?id=3DCVE-2025-41085 ] https://www.incibe.es/en/in= cibe-cert/notices/aviso/stored-cross-site-scripting-xss-apidog-web-platform =C2=A0 n/a--Tinyfilemanager 2.6 Tiny File Manager through 2.6 contains a se= rver-side request forgery (SSRF) vulnerability in the URL upload feature. D=
ue to insufficient validation of user-supplied URLs, an attacker can send c= rafted requests to localhost by using http://www.127.0.0.1.example.com/ or =
a similarly constructed domain name. This may lead to unauthorized port sca= nning or access to internal-only services. 2026-02-03 not yet calculated CV= E-2025-46651 [ https://www.cve.org/CVERecord?id=3DCVE-2025-46651 ] https://= github.com/prasathmani/tinyfilemanager/blob/master/tinyfilemanager.php#L608 https://github.com/RobertoLuzanilla/tinyfilemanager-security-advisories/blo= b/main/CVE-2025-46651.md
=C2=A0 golang.org/x/net--golang.org/x/net/html The html.Parse function in g= olang.org/x/net/html has quadratic parsing complexity when processing certa=
in inputs, which can lead to denial of service (DoS) if an attacker provide=
s specially crafted HTML content. 2026-02-05 not yet calculated CVE-2025-47= 911 [ https://www.cve.org/CVERecord?id=3DCVE-2025-47911 ] https://go.dev/cl= /709876
https://github.com/golang/vulndb/issues/4440 https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c https://pkg.go.dev/vuln/GO-2026-4440
=C2=A0 n/a--Beijing YouDataSum Tech YouDataSum CPAS Audit Management System=
<=3Dv4.9 is vulnerable to SQL Injection in /cpasList/findArchiveReportByDa=
h due to insufficient input validation. This allows remote unauthenticated = attackers to execute arbitrary SQL commands via crafted input to the parame= ter. Successful exploitation could lead to unauthorized data access 2026-02= -03 not yet calculated CVE-2025-57529 [ https://www.cve.org/CVERecord?id=3D= CVE-2025-57529 ] https://github.com/songqb-xx/CPAS-bug https://github.com/songqb-xx/CVE-2025-57529/blob/main/README.md
=C2=A0 TP-Link Systems Inc.--Archer AX53 v1.0 Heap-based Buffer Overflow vu= lnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenti= cated adjacent attackers to=C2=A0cause a segmentation fault or potentially = execute arbitrary code via a specially crafted set of network packets conta= ining an excessive number of host entries This issue affects Archer AX53 v1= .0: through 1.3.1 Build 20241120. 2026-02-03 not yet calculated CVE-2025-58= 077 [ https://www.cve.org/CVERecord?id=3DCVE-2025-58077 ] https://talosinte= lligence.com/vulnerability_reports/ https://www.tp-link.com/en/support/download/archer-ax53/v1/#Firmware https://www.tp-link.com/my/support/download/archer-ax53/v1/#Firmware https://www.tp-link.com/us/support/faq/4943/
=C2=A0 golang.org/x/net--golang.org/x/net/html The html.Parse function in g= olang.org/x/net/html has an infinite parsing loop when processing certain i= nputs, which can lead to denial of service (DoS) if an attacker provides sp= ecially crafted HTML content. 2026-02-05 not yet calculated CVE-2025-58190 =
[ https://www.cve.org/CVERecord?id=3DCVE-2025-58190 ] https://groups.google= .com/g/golang-announce/c/jnQcOYpiR2c https://github.com/golang/vulndb/issues/4441
https://go.dev/cl/709875
https://pkg.go.dev/vuln/GO-2026-4441
=C2=A0 Semiconductor[.]Samsung[.]com--Processor Exynos An issue was discove= red in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor = Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. = There is unbounded memory allocation via a large buffer in a /proc/driver/u= nifi0/send_delts write operation, leading to kernel memory exhaustion. 2026= -02-03 not yet calculated CVE-2025-58340 [ https://www.cve.org/CVERecord?id= =3DCVE-2025-58340 ] https://semiconductor.samsung.com/support/quality-suppo= rt/product-security-updates/ https://semiconductor.samsung.com/support/quality-support/product-security-= updates/cve-2025-58340/
=C2=A0 Semiconductor[.]Samsung[.]com--Processor Exynos An issue was discove= red in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor = Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. = There is unbounded memory allocation via a large buffer in a /proc/driver/u= nifi0/ap_cert_disable_ht_vht write operation, leading to kernel memory exha= ustion. 2026-02-03 not yet calculated CVE-2025-58341 [ https://www.cve.org/= CVERecord?id=3DCVE-2025-58341 ] https://semiconductor.samsung.com/support/q= uality-support/product-security-updates/ https://semiconductor.samsung.com/support/quality-support/product-security-= updates/cve-2025-58341/
=C2=A0 Semiconductor[.]Samsung[.]com--Processor Exynos An issue was discove= red in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor = Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. = There is unbounded memory allocation via a large buffer in a /proc/driver/u= nifi0/uapsd write operation, leading to kernel memory exhaustion. 2026-02-0=
3 not yet calculated CVE-2025-58342 [ https://www.cve.org/CVERecord?id=3DCV= E-2025-58342 ] https://semiconductor.samsung.com/support/quality-support/pr= oduct-security-updates/ https://semiconductor.samsung.com/support/quality-support/product-security-= updates/cve-2025-58342/
=C2=A0 Semiconductor[.]Samsung[.]com--Processor Exynos An issue was discove= red in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor = Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. = There is unbounded memory allocation via a large buffer in a /proc/driver/u= nifi0/create_tspec write operation, leading to kernel memory exhaustion. 20= 26-02-03 not yet calculated CVE-2025-58343 [ https://www.cve.org/CVERecord?= id=3DCVE-2025-58343 ] https://semiconductor.samsung.com/support/quality-sup= port/product-security-updates/ https://semiconductor.samsung.com/support/quality-support/product-security-= updates/cve-2025-58343/
=C2=A0 Semiconductor[.]Samsung[.]com--Processor Exynos An issue was discove= red in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor = Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. = There is unbounded memory allocation in a /proc/driver/unifi0/conn_log_even= t_burst_to_us write operation, leading to kernel memory exhaustion. 2026-02= -03 not yet calculated CVE-2025-58344 [ https://www.cve.org/CVERecord?id=3D= CVE-2025-58344 ] https://semiconductor.samsung.com/support/quality-support/= product-security-updates/ https://semiconductor.samsung.com/support/quality-support/product-security-= updates/cve-2025-58344/
=C2=A0 Semiconductor[.]Samsung[.]com--Processor Exynos An issue was discove= red in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor = Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. = There is unbounded memory allocation via a large buffer in a /proc/driver/u= nifi0/ap_certif_11ax_mode write operation, leading to kernel memory exhaust= ion. 2026-02-03 not yet calculated CVE-2025-58345 [ https://www.cve.org/CVE= Record?id=3DCVE-2025-58345 ] https://semiconductor.samsung.com/support/qual= ity-support/product-security-updates/ https://semiconductor.samsung.com/support/quality-support/product-security-= updates/cve-2025-58345/
=C2=A0 Semiconductor[.]Samsung[.]com--Processor Exynos An issue was discove= red in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor = Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. = There is unbounded memory allocation via a large buffer in a /proc/driver/u= nifi0/send_addts write operation, leading to kernel memory exhaustion. 2026= -02-03 not yet calculated CVE-2025-58346 [ https://www.cve.org/CVERecord?id= =3DCVE-2025-58346 ] https://semiconductor.samsung.com/support/quality-suppo= rt/product-security-updates/ https://semiconductor.samsung.com/support/quality-support/product-security-= updates/cve-2025-58346/
=C2=A0 Semiconductor[.]Samsung[.]com--Processor Exynos An issue was discove= red in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor = Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. = There is unbounded memory allocation via a large buffer in a /proc/driver/u= nifi0/p2p_certif write operation, leading to kernel memory exhaustion. 2026= -02-03 not yet calculated CVE-2025-58347 [ https://www.cve.org/CVERecord?id= =3DCVE-2025-58347 ] https://semiconductor.samsung.com/support/quality-suppo= rt/product-security-updates/ https://semiconductor.samsung.com/support/quality-support/product-security-= updates/cve-2025-58347/
=C2=A0 Semiconductor[.]Samsung[.]com--Processor Exynos An issue was discove= red in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor = Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. = There is unbounded memory allocation via a large buffer in a /proc/driver/u= nifi0/confg_tspec write operation, leading to kernel memory exhaustion. 202= 6-02-03 not yet calculated CVE-2025-58348 [ https://www.cve.org/CVERecord?i= d=3DCVE-2025-58348 ] https://semiconductor.samsung.com/support/quality-supp= ort/product-security-updates/ https://semiconductor.samsung.com/support/quality-support/product-security-= updates/cve-2025-58348
=C2=A0 Brocade--Fabric OS Brocade Fabric OS before 9.2.1 has a vulnerabilit=
y that could allow a local authenticated attacker to reveal command line pa= sswords using commands that may expose higher privilege sensitive informati=
on by a lower privileged user. 2026-02-03 not yet calculated CVE-2025-58379=
[ https://www.cve.org/CVERecord?id=3DCVE-2025-58379 ] https://support.broa= dcom.com/web/ecx/support-content-notification/-/external/content/SecurityAd= visories/0/36850
=C2=A0 Brocade--Fabric OS A vulnerability in Brocade Fabric OS before 9.2.1=
could allow an authenticated attacker with admin privileges using the shel=
l command "grep" to modify the path variables and move upwards in the direc= tory structure or to traverse to different directories. 2026-02-03 not yet = calculated CVE-2025-58380 [ https://www.cve.org/CVERecord?id=3DCVE-2025-583=
80 ] https://support.broadcom.com/web/ecx/support-content-notification/-/ex= ternal/content/SecurityAdvisories/0/36854
=C2=A0 Brocade--Fabric OS A vulnerability in Brocade Fabric OS before 9.2.1=
c2 could allow an authenticated attacker with admin privileges using the sh= ell commands "source, ping6, sleep, disown, wait to modify the path variabl=
es and move upwards in the directory structure or to traverse to different = directories. 2026-02-03 not yet calculated CVE-2025-58381 [ https://www.cve= .org/CVERecord?id=3DCVE-2025-58381 ] https://support.broadcom.com/web/ecx/s= upport-content-notification/-/external/content/SecurityAdvisories/0/36853 =C2=A0 Brocade--Fabric OS A vulnerability in the secure configuration of au= thentication and management services in Brocade Fabric OS before Fabric OS = 9.2.1c2 could allow an authenticated, remote attacker with administrative c= redentials to execute arbitrary commands as root using "supportsave", "secc= ertmgmt", "configupload" command. 2026-02-03 not yet calculated CVE-2025-58= 382 [ https://www.cve.org/CVERecord?id=3DCVE-2025-58382 ] https://support.b= roadcom.com/web/ecx/support-content-notification/-/external/content/Securit= yAdvisories/0/36849
=C2=A0 Brocade--Fabric OS A vulnerability in Brocade Fabric OS versions bef= ore 9.2.1c2 could allow an administrator-level user to execute the bind com= mand, to escalate privileges and bypass security controls allowing the exec= ution of arbitrary commands. 2026-02-03 not yet calculated CVE-2025-58383 [=
https://www.cve.org/CVERecord?id=3DCVE-2025-58383 ] https://support.broadc= om.com/web/ecx/support-content-notification/-/external/content/SecurityAdvi= sories/0/36878
=C2=A0 TP-Link Systems Inc.--Archer AX53 v1.0 Heap-based Buffer Overflow vu= lnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenti= cated adjacent attackers to cause a segmentation fault or potentially execu=
te arbitrary code via a specially crafted network packet whose length excee=
ds the maximum expected value. This issue affects Archer AX53 v1.0: through=
1.3.1 Build 20241120. 2026-02-03 not yet calculated CVE-2025-58455 [ https= ://www.cve.org/CVERecord?id=3DCVE-2025-58455 ] https://talosintelligence.co= m/vulnerability_reports/ https://www.tp-link.com/en/support/download/archer-ax53/v1/#Firmware https://www.tp-link.com/my/support/download/archer-ax53/v1/#Firmware https://www.tp-link.com/us/support/faq/4943/
=C2=A0 Semiconductor[.]Samsung[.]com--Processor Exynos An issue was discove= red in Samsung Mobile Processor, Wearable Processor and Modem Exynos 980, 9= 90, 850, 1080, 9110, W920, W930, W1000 and Modem 5123. Incorrect handling o=
f NAS Registration messages leads to a Denial of Service because of Imprope=
r Handling of Exceptional Conditions. 2026-02-03 not yet calculated CVE-202= 5-59439 [ https://www.cve.org/CVERecord?id=3DCVE-2025-59439 ] https://semic= onductor.samsung.com/support/quality-support/product-security-updates/ https://semiconductor.samsung.com/support/quality-support/product-security-= updates/cve-2025-59439/
=C2=A0 TP-Link Systems Inc.--Archer AX53 v1.0 Heap-based Buffer Overflow vu= lnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenti= cated adjacent attackers to cause a segmentation fault or potentially execu=
te arbitrary code via a specially crafted network packet containing a field=
whose length exceeds the maximum expected value. This issue affects Archer=
AX53 v1.0: through 1.3.1 Build 20241120. 2026-02-03 not yet calculated CVE= -2025-59482 [ https://www.cve.org/CVERecord?id=3DCVE-2025-59482 ] https://t= alosintelligence.com/vulnerability_reports/ https://www.tp-link.com/en/support/download/archer-ax53/v1/#Firmware https://www.tp-link.com/my/support/download/archer-ax53/v1/#Firmware https://www.tp-link.com/us/support/faq/4943/
=C2=A0 TP-Link Systems Inc.--Archer AX53 v1.0 Heap-based Buffer Overflow vu= lnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenti= cated adjacent attackers to cause a segmentation fault or potentially execu=
te arbitrary code. The vulnerability arises from improper validation of a p= acket field whose offset is used to determine the write location in memory.=
By crafting a packet with a manipulated field offset, an attacker can redi= rect writes to arbitrary memory locations. This issue affects Archer AX53 v= 1.0: through 1.3.1 Build 20241120. 2026-02-03 not yet calculated CVE-2025-5= 9487 [ https://www.cve.org/CVERecord?id=3DCVE-2025-59487 ] https://talosint= elligence.com/vulnerability_reports/ https://www.tp-link.com/en/support/download/archer-ax53/v1/#Firmware https://www.tp-link.com/my/support/download/archer-ax53/v1/#Firmware https://www.tp-link.com/us/support/faq/4943/
=C2=A0 NICE--NICE Chat HTML injection vulnerability in NICE Chat. This vuln= erability allows an attacker to inject and render arbitrary HTML content in=
email transcripts by modifying the 'firstName' and 'lastName' parameters d= uring a chat session. The injected HTML is included in the body of the emai=
l sent by the system, which could enable phishing attacks, impersonation, o=
r credential theft. 2026-02-03 not yet calculated CVE-2025-59902 [ https://= www.cve.org/CVERecord?id=3DCVE-2025-59902 ] https://www.incibe.es/en/incibe= -cert/notices/aviso/html-injection-nice-chat
=C2=A0 www[.]pchelpsoft[.]com--Avanquest Driver Updater v.9 Insecure Permis= sions vulnerability in avanquest Driver Updater v.9.1.57803.1174 allows a l= ocal attacker to escalate privileges via the Driver Updater Service windows=
component. 2026-02-03 not yet calculated CVE-2025-60865 [ https://www.cve.= org/CVERecord?id=3DCVE-2025-60865 ] https://www.pchelpsoft.com/products/dri= ver-updater/ https://github.com/parad0x1334/CVE-Disclosures/tree/50e5d2bf33b2926db2cb14d= 47d392b38ac619a41/Driver%20Updater%20-%20PCHelpsoft
=C2=A0 n/a--MediaCrush An issue was discovered in MediaCrush thru 1.0.1 all= owing remote unauthenticated attackers to upload arbitrary files of any siz=
e to the /upload endpoint. 2026-02-03 not yet calculated CVE-2025-61506 [ h= ttps://www.cve.org/CVERecord?id=3DCVE-2025-61506 ] https://gist.github.com/= pescada-dev/a046d36e8026bbaf1ee591c6dad0d7e6
=C2=A0 Wikimedia Foundation--MediaWiki Vulnerability in Wikimedia Foundatio=
n MediaWiki. This vulnerability is associated with program files includes/R= est/Handler/PageHTMLHandler.Php. This issue affects MediaWiki: from * befor=
e 1.39.14, 1.43.4, 1.44.1. 2026-02-02 not yet calculated CVE-2025-61634 [ h= ttps://www.cve.org/CVERecord?id=3DCVE-2025-61634 ] https://phabricator.wiki= media.org/T387478
=C2=A0 Wikimedia Foundation--ConfirmEdit Vulnerability in Wikimedia Foundat= ion ConfirmEdit. This vulnerability is associated with program files includ= es/FancyCaptcha/ApiFancyCaptchaReload.Php. This issue affects ConfirmEdit: =
*. 2026-02-02 not yet calculated CVE-2025-61635 [ https://www.cve.org/CVERe= cord?id=3DCVE-2025-61635 ] https://phabricator.wikimedia.org/T355073
=C2=A0 Wikimedia Foundation--MediaWiki Improper Neutralization of Input Dur= ing Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wi= kimedia Foundation MediaWiki. This vulnerability is associated with program=
files includes/htmlform/fields/HTMLButtonField.Php. This issue affects Med= iaWiki: from * before 1.39.14, 1.43.4, 1.44.1. 2026-02-02 not yet calculate=
d CVE-2025-61636 [ https://www.cve.org/CVERecord?id=3DCVE-2025-61636 ] http= s://phabricator.wikimedia.org/T394396
=C2=A0 Wikimedia Foundation--MediaWiki Improper Neutralization of Input Dur= ing Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wi= kimedia Foundation MediaWiki. This vulnerability is associated with program=
files resources/src/mediawiki.Action/mediawiki.Action.Edit.Preview.Js, res= ources/src/mediawiki.Page.Preview.Js. This issue affects MediaWiki: from * = before 1.39.14, 1.43.4, 1.44.1. 2026-02-02 not yet calculated CVE-2025-6163=
7 [ https://www.cve.org/CVERecord?id=3DCVE-2025-61637 ] https://phabricator= .wikimedia.org/T394856
=C2=A0 Wikimedia Foundation--MediaWiki Improper Neutralization of Input Dur= ing Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wi= kimedia Foundation MediaWiki, Wikimedia Foundation Parsoid. This vulnerabil= ity is associated with program files includes/parser/Sanitizer.Php, src/Cor= e/Sanitizer.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.=
4, 1.44.1; Parsoid: from * before 0.16.6, 0.20.4, 0.21.1. 2026-02-02 not ye=
t calculated CVE-2025-61638 [ https://www.cve.org/CVERecord?id=3DCVE-2025-6= 1638 ] https://phabricator.wikimedia.org/T401099
=C2=A0 Wikimedia Foundation--MediaWiki Exposure of Sensitive Information to=
an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. Thi=
s vulnerability is associated with program files includes/logging/ManualLog= Entry.Php, includes/recentchanges/RecentChangeFactory.Php, includes/recentc= hanges/RecentChangeStore.Php. This issue affects MediaWiki: from * before 1= .39.14, 1.43.4, 1.44.1. 2026-02-02 not yet calculated CVE-2025-61639 [ http= s://www.cve.org/CVERecord?id=3DCVE-2025-61639 ] https://phabricator.wikimed= ia.org/T280413
=C2=A0 Wikimedia Foundation--MediaWiki Improper Neutralization of Input Dur= ing Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wi= kimedia Foundation MediaWiki. This vulnerability is associated with program=
files resources/src/mediawiki.Rcfilters/ui/RclToOrFromWidget.Js. This issu=
e affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1. 2026-02-02 not = yet calculated CVE-2025-61640 [ https://www.cve.org/CVERecord?id=3DCVE-2025= -61640 ] https://phabricator.wikimedia.org/T402075
=C2=A0 Wikimedia Foundation--MediaWiki Vulnerability in Wikimedia Foundatio=
n MediaWiki. This vulnerability is associated with program files includes/a= pi/ApiQueryAllPages.Php. This issue affects MediaWiki: from * before 1.39.1=
4, 1.43.4, 1.44.1. 2026-02-02 not yet calculated CVE-2025-61641 [ https://w= ww.cve.org/CVERecord?id=3DCVE-2025-61641 ] https://phabricator.wikimedia.or= g/T298690
=C2=A0 Wikimedia Foundation--MediaWiki Improper Neutralization of Input Dur= ing Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wi= kimedia Foundation MediaWiki. This vulnerability is associated with program=
files includes/htmlform/CodexHTMLForm.Php, includes/htmlform/fields/HTMLBu= ttonField.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4,=
1.44.1. 2026-02-02 not yet calculated CVE-2025-61642 [ https://www.cve.org= /CVERecord?id=3DCVE-2025-61642 ] https://phabricator.wikimedia.org/T402313 =C2=A0 Wikimedia Foundation--MediaWiki Vulnerability in Wikimedia Foundatio=
n MediaWiki. This vulnerability is associated with program files includes/r= ecentchanges/RecentChangeRCFeedNotifier.Php. This issue affects MediaWiki: = from * before 1.39.14, 1.43.4, 1.44.1. 2026-02-02 not yet calculated CVE-20= 25-61643 [ https://www.cve.org/CVERecord?id=3DCVE-2025-61643 ] https://phab= ricator.wikimedia.org/T403757
=C2=A0 Wikimedia Foundation--MediaWiki Improper Neutralization of Input Dur= ing Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wi= kimedia Foundation MediaWiki. This vulnerability is associated with program=
files resources/src/mediawiki.Rcfilters/ui/WatchlistTopSectionWidget.Js. T= his issue affects MediaWiki: from * before > fb856ce9cf121e046305116852cca4= 899ecb48ca. 2026-02-02 not yet calculated CVE-2025-61644 [ https://www.cve.= org/CVERecord?id=3DCVE-2025-61644 ] https://phabricator.wikimedia.org/T4034=
11
=C2=A0 Wikimedia Foundation--MediaWiki Improper Neutralization of Input Dur= ing Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wi= kimedia Foundation MediaWiki. This vulnerability is associated with program=
files includes/pager/CodexTablePager.Php. This issue affects MediaWiki: fr=
om * before 1.44.1. 2026-02-03 not yet calculated CVE-2025-61645 [ https://= www.cve.org/CVERecord?id=3DCVE-2025-61645 ] https://phabricator.wikimedia.o= rg/T403761
=C2=A0 Wikimedia Foundation--MediaWiki Vulnerability in Wikimedia Foundatio=
n MediaWiki. This vulnerability is associated with program files includes/R= ecentChanges/EnhancedChangesList.Php. This issue affects MediaWiki: from * = before 1.39.14, 1.43.4, 1.44.1. 2026-02-03 not yet calculated CVE-2025-6164=
6 [ https://www.cve.org/CVERecord?id=3DCVE-2025-61646 ] https://phabricator= .wikimedia.org/T398706
=C2=A0 Wikimedia Foundation--CheckUser Vulnerability in Wikimedia Foundatio=
n CheckUser. This vulnerability is associated with program files src/Api/Re= st/Handler/UserInfoHandler.Php. This issue affects CheckUser: from a3dc1bbc= c33acbcca6831d6afaccbb1054c93a57, 0584eb2ad564648aa3ce9c555dd044dda02b55f4.=
2026-02-03 not yet calculated CVE-2025-61647 [ https://www.cve.org/CVEReco= rd?id=3DCVE-2025-61647 ] https://phabricator.wikimedia.org/T399093
=C2=A0 Wikimedia Foundation--CheckUser Improper Neutralization of Input Dur= ing Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wi= kimedia Foundation CheckUser. This vulnerability is associated with program=
files modules/ext.CheckUser.TempAccounts/components/ShowIPButton.Vue, modu= les/ext.CheckUser.TempAccounts/SpecialBlock.Js. This issue affects CheckUse=
r: from * before 1.44.1. 2026-02-03 not yet calculated CVE-2025-61648 [ htt= ps://www.cve.org/CVERecord?id=3DCVE-2025-61648 ] https://phabricator.wikime= dia.org/T402077
=C2=A0 Wikimedia Foundation--CheckUser Vulnerability in Wikimedia Foundatio=
n CheckUser. This vulnerability is associated with program files src/Servic= es/CheckUserUserInfoCardService.Php. This issue affects CheckUser: from 7ce= dd58781d261f110651b6af4f41d2d11ae7309. 2026-02-03 not yet calculated CVE-20= 25-61649 [ https://www.cve.org/CVERecord?id=3DCVE-2025-61649 ] https://phab= ricator.wikimedia.org/T397396
=C2=A0 Wikimedia Foundation--CheckUser Improper Neutralization of Input Dur= ing Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wi= kimedia Foundation CheckUser. This vulnerability is associated with program=
files src/Services/CheckUserUserInfoCardService.Php. This issue affects Ch= eckUser: from * before 795bf333272206a0189050d975e94b70eb7dc507. 2026-02-03=
not yet calculated CVE-2025-61650 [ https://www.cve.org/CVERecord?id=3DCVE= -2025-61650 ] https://phabricator.wikimedia.org/T403289
=C2=A0 Wikimedia Foundation--CheckUser Improper Neutralization of Input Dur= ing Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wi= kimedia Foundation CheckUser. This vulnerability is associated with program=
files modules/ext.CheckUser/checkuser/checkUserHelper/buildUserElement.Js.=
This issue affects CheckUser: from * before 1.44.1. 2026-02-03 not yet cal= culated CVE-2025-61651 [ https://www.cve.org/CVERecord?id=3DCVE-2025-61651 =
] https://phabricator.wikimedia.org/T403408
=C2=A0 Wikimedia Foundation--DiscussionTools Vulnerability in Wikimedia Fou= ndation DiscussionTools. This issue affects DiscussionTools: from * before = 1.43.4, 1.44.1. 2026-02-03 not yet calculated CVE-2025-61652 [ https://www.= cve.org/CVERecord?id=3DCVE-2025-61652 ] https://phabricator.wikimedia.org/T= 397580
=C2=A0 Wikimedia Foundation--TextExtracts Vulnerability in Wikimedia Founda= tion TextExtracts. This vulnerability is associated with program files incl= udes/ApiQueryExtracts.Php. This issue affects TextExtracts: from * before 1= .39.14, 1.43.4, 1.44.1. 2026-02-03 not yet calculated CVE-2025-61653 [ http= s://www.cve.org/CVERecord?id=3DCVE-2025-61653 ] https://phabricator.wikimed= ia.org/T397577
=C2=A0 Wikimedia Foundation--Thanks Vulnerability in Wikimedia Foundation T= hanks. This vulnerability is associated with program files includes/ThanksQ= ueryHelper.Php. This issue affects Thanks: from * before 1.43.4, 1.44.1. 20= 26-02-03 not yet calculated CVE-2025-61654 [ https://www.cve.org/CVERecord?= id=3DCVE-2025-61654 ] https://phabricator.wikimedia.org/T397497 https://nvd.nist.gov/vuln/detail/CVE-2025-62661
=C2=A0 Wikimedia Foundation--VisualEditor Improper Neutralization of Input = During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in=
Wikimedia Foundation VisualEditor. This vulnerability is associated with p= rogram files includes/ApiVisualEditorEdit.Php, modules/ve-mw/init/targets/v= e.Init.Mw.DesktopArticleTarget.Js, modules/ve-mw/ui/dialogs/ve.Ui.MWSaveDia= log.Js. This issue affects VisualEditor: from * before 1.39.14, 1.43.4, 1.4= 4.1. 2026-02-03 not yet calculated CVE-2025-61655 [ https://www.cve.org/CVE= Record?id=3DCVE-2025-61655 ] https://phabricator.wikimedia.org/T395858
=C2=A0 Wikimedia Foundation--VisualEditor Improper Neutralization of Input = During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in=
Wikimedia Foundation VisualEditor. This vulnerability is associated with p= rogram files src/ce/ve.Ce.ClipboardHandler.Js. This issue affects VisualEdi= tor: from * before 1.39.14, 1.43.4, 1.44.1. 2026-02-03 not yet calculated C= VE-2025-61656 [ https://www.cve.org/CVERecord?id=3DCVE-2025-61656 ] https:/= /phabricator.wikimedia.org/T397232
=C2=A0 Wikimedia Foundation--Vector Improper Neutralization of Input During=
Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikim= edia Foundation Vector. This vulnerability is associated with program files=
resources/skins.Vector.Js/stickyHeader.Js. This issue affects Vector: from=
* before 1.43.4, 1.44.1. 2026-02-03 not yet calculated CVE-2025-61657 [ ht= tps://www.cve.org/CVERecord?id=3DCVE-2025-61657 ] https://phabricator.wikim= edia.org/T398636
=C2=A0 Wikimedia Foundation--CheckUser Vulnerability in Wikimedia Foundatio=
n CheckUser. This vulnerability is associated with program files src/Global= Contributions/GlobalContributionsPager.Php. This issue affects CheckUser: f= rom * before 1.43.4, 1.44.1. 2026-02-03 not yet calculated CVE-2025-61658 [=
https://www.cve.org/CVERecord?id=3DCVE-2025-61658 ] https://phabricator.wi= kimedia.org/T404805
=C2=A0 Go toolchain--cmd/cgo A discrepancy between how Go and C/C++ comment=
s were parsed allowed for code smuggling into the resulting cgo binary. 202= 6-02-05 not yet calculated CVE-2025-61732 [ https://www.cve.org/CVERecord?i= d=3DCVE-2025-61732 ] https://go.dev/cl/734220
https://go.dev/issue/76697 https://groups.google.com/g/golang-announce/c/K09ubi9FQFk https://pkg.go.dev/vuln/GO-2026-4433
=C2=A0 TP-Link Systems Inc.--Archer AX53 v1.0 Heap-based Buffer Overflow vu= lnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenti= cated adjacent attackers to cause a segmentation fault or potentially execu=
te arbitrary code via a specially crafted network packet containing an exce= ssive number of fields with zero=E2=80=91length values. This issue affects = Archer AX53 v1.0: through 1.3.1 Build 20241120. 2026-02-03 not yet calculat=
ed CVE-2025-61944 [ https://www.cve.org/CVERecord?id=3DCVE-2025-61944 ] htt= ps://talosintelligence.com/vulnerability_reports/ https://www.tp-link.com/en/support/download/archer-ax53/v1/#Firmware https://www.tp-link.com/my/support/download/archer-ax53/v1/#Firmware https://www.tp-link.com/us/support/faq/4943/
=C2=A0 TP-Link Systems Inc.--Archer AX53 v1.0 Heap-based Buffer Overflow vu= lnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenti= cated adjacent attackers to cause a segmentation fault or potentially execu=
te arbitrary code via a specially crafted network packet containing an exce= ssive number of fields with zero=E2=80=91length values. This issue affects = Archer AX53 v1.0: through 1.3.1 Build 20241120. 2026-02-03 not yet calculat=
ed CVE-2025-61983 [ https://www.cve.org/CVERecord?id=3DCVE-2025-61983 ] htt= ps://talosintelligence.com/vulnerability_reports/ https://www.tp-link.com/en/support/download/archer-ax53/v1/#Firmware https://www.tp-link.com/my/support/download/archer-ax53/v1/#Firmware https://www.tp-link.com/us/support/faq/4943/
=C2=A0 run-llama--run-llama/llama_index The `SimpleDirectoryReader` compone=
nt in `llama_index.core` version 0.12.23 suffers from uncontrolled memory c= onsumption due to a resource management flaw. The vulnerability arises beca= use the user-specified file limit (`num_files_limit`) is applied after all = files in a directory are loaded into memory. This can lead to memory exhaus= tion and degraded performance, particularly in environments with limited re= sources. The issue is resolved in version 0.12.41. 2026-02-02 not yet calcu= lated CVE-2025-6208 [ https://www.cve.org/CVERecord?id=3DCVE-2025-6208 ] ht= tps://huntr.com/bounties/7d722bb6-6567-4608-8b23-f95048d7605a https://github.com/run-llama/llama_index/commit/53614e2f7913c0e86b58add9470= b3c900b6c60b2
=C2=A0 TP-Link Systems Inc.--Archer AX53 v1.0 Heap-based Buffer Overflow vu= lnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenti= cated adjacent attackers to cause a segmentation fault or potentially execu=
te arbitrary code via a specially crafted network packet whose length excee=
ds the maximum expected value. This issue affects Archer AX53 v1.0: through=
1.3.1 Build 20241120. 2026-02-03 not yet calculated CVE-2025-62404 [ https= ://www.cve.org/CVERecord?id=3DCVE-2025-62404 ] https://talosintelligence.co= m/vulnerability_reports/ https://www.tp-link.com/en/support/download/archer-ax53/v1/#Firmware https://www.tp-link.com/my/support/download/archer-ax53/v1/#Firmware https://www.tp-link.com/us/support/faq/4943/
=C2=A0 TP-Link Systems Inc.--Archer AX53 v1.0 Heap-based Buffer Overflow vu= lnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenti= cated adjacent attackers to cause a segmentation fault or potentially execu=
te arbitrary code via a specially crafted network packet containing a field=
whose length exceeds the maximum expected value. This issue affects Archer=
AX53 v1.0: through 1.3.1 Build 20241120. 2026-02-03 not yet calculated CVE= -2025-62405 [ https://www.cve.org/CVERecord?id=3DCVE-2025-62405 ] https://t= alosintelligence.com/vulnerability_reports/ https://www.tp-link.com/en/support/download/archer-ax53/v1/#Firmware https://www.tp-link.com/my/support/download/archer-ax53/v1/#Firmware https://www.tp-link.com/us/support/faq/4943/
=C2=A0 TP-Link Systems Inc.--Archer AX53 v1.0 SSH Hostkey misconfiguration = vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows attack= ers to obtain device credentials through a specially crafted man=E2=80=91in= =E2=80=91the=E2=80=91middle (MITM) attack.=C2=A0This could enable unauthori= zed access if captured credentials are reused. This issue affects Archer AX=
53 v1.0: through 1.3.1 Build 20241120. 2026-02-03 not yet calculated CVE-20= 25-62501 [ https://www.cve.org/CVERecord?id=3DCVE-2025-62501 ] https://talo= sintelligence.com/vulnerability_reports/ https://www.tp-link.com/en/support/download/archer-ax53/v1/#Firmware https://www.tp-link.com/my/support/download/archer-ax53/v1/#Firmware https://www.tp-link.com/us/support/faq/4943/
=C2=A0 eProsima--Fast-DDS Fast DDS is a C++ implementation of the DDS (Data=
Distribution Service) standard of the OMG (Object Management Group ). Prio=
r to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, = modifying the DATA Submessage within an SPDP packet sent by a publisher cau= ses an Out-Of-Memory (OOM) condition, resulting in remote termination of Fa= st-DDS. If t he fields of PID_IDENTITY_TOKEN or PID_PERMISSION_TOKEN in the=
DATA Submessage - specifically by tampering with the length field in readP= ropertySeq - are modified, an integer overflow occurs, leading to an OOM du= ring the resize operation. Versi ons 3.4.1, 3.3.1, and 2.6.11 patch the iss= ue. 2026-02-03 not yet calculated CVE-2025-62599 [ https://www.cve.org/CVER= ecord?id=3DCVE-2025-62599 ] https://security-tracker.debian.org/tracker/CVE= -2025-62599 https://github.com/eProsima/Fast-DDS/commit/354218514d32beac963ff5c306f1cf1= 59ee37c5f https://github.com/eProsima/Fast-DDS/commit/ced3b6f92d928af1eae77d5fe889878= 128ad421a https://github.com/eProsima/Fast-DDS/commit/a726e6a5daba660418d1f7c05b6f203= c17747d2b
=C2=A0 eProsima--Fast-DDS Fast DDS is a C++ implementation of the DDS (Data=
Distribution Service) standard of the OMG (Object Management Group ). Prio=
r to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, = modifying the DATA Submessage within an SPDP packet sent by a publisher cau= ses an Out-Of-Memory (OOM) condition, resulting in remote termination of Fa= st-DDS. If t he fields of PID_IDENTITY_TOKEN or PID_PERMISSION_TOKEN in the=
DATA Submessage - specifically by tampering with the length field in readB= inaryPropertySeq - are modified, an integer overflow occurs, leading to an = OOM during the resize operation. Versions 3.4.1, 3.3.1, and 2.6.11 patch th=
e issue. 2026-02-03 not yet calculated CVE-2025-62600 [ https://www.cve.org= /CVERecord?id=3DCVE-2025-62600 ] https://security-tracker.debian.org/tracke= r/CVE-2025-62600 https://github.com/eProsima/Fast-DDS/commit/354218514d32beac963ff5c306f1cf1= 59ee37c5f https://github.com/eProsima/Fast-DDS/commit/ced3b6f92d928af1eae77d5fe889878= 128ad421a https://github.com/eProsima/Fast-DDS/commit/a726e6a5daba660418d1f7c05b6f203= c17747d2b
=C2=A0 eProsima--Fast-DDS Fast DDS is a C++ implementation of the DDS (Data=
Distribution Service) standard of the OMG (Object Management Group ). Prio=
r to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, = modifying the DATA Submessage within an SPDP packet sent by a publisher cau= ses a heap buffer overflow, resulting in remote termination of Fast-DDS. If=
the fields of `PID_IDENTITY_TOKEN` or `PID_PERMISSIONS_TOKEN` in the DATA = Submessage - specifically by tampering with the `str_size` value read by `r= eadString` (called from `readBinaryProperty`) - are modified, a 32-bit inte= ger overflow can occur, causing `std::vector::resize` to use an attacker-co= ntrolled size and quickly trigger heap buffer overflow and remote process t= erm ination. Versions 3.4.1, 3.3.1, and 2.6.11 patch the issue. 2026-02-03 = not yet calculated CVE-2025-62601 [ https://www.cve.org/CVERecord?id=3DCVE-= 2025-62601 ] https://security-tracker.debian.org/tracker/CVE-2025-62601 https://github.com/eProsima/Fast-DDS/commit/354218514d32beac963ff5c306f1cf1= 59ee37c5f https://github.com/eProsima/Fast-DDS/commit/ced3b6f92d928af1eae77d5fe889878= 128ad421a https://github.com/eProsima/Fast-DDS/commit/a726e6a5daba660418d1f7c05b6f203= c17747d2b
=C2=A0 eProsima--Fast-DDS Fast DDS is a C++ implementation of the DDS (Data=
Distribution Service) standard of the OMG (Object Management Group ). Prio=
r to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, = modifying the DATA Submessage within an SPDP packet sent by a publisher cau= ses a heap buffer overflow, resulting in remote termination of Fast-DDS. If=
the fields of `PID_IDENTITY_TOKEN` or `PID_PERMISSIONS_TOKEN` in the DATA = Submessage are tampered with - specially `readOctetVector` reads an uncheck=
ed `vecsize` that is propagated unchanged into `readData` as the `length` p= arameter - the attacker-contro lled `vecsize` can trigger a 32-bit integer = overflow during the `length` calculation. That overflow can cause large all= oca tion attempt that quickly leads to OOM, enabling a remotely-triggerable=
denial-of-service and remote process termination. Versions 3.4.1, 3.3.1, a=
nd 2.6.11 patch the issue. 2026-02-03 not yet calculated CVE-2025-62602 [ h= ttps://www.cve.org/CVERecord?id=3DCVE-2025-62602 ] https://security-tracker= .debian.org/tracker/CVE-2025-62602 https://github.com/eProsima/Fast-DDS/commit/354218514d32beac963ff5c306f1cf1= 59ee37c5f https://github.com/eProsima/Fast-DDS/commit/ced3b6f92d928af1eae77d5fe889878= 128ad421a https://github.com/eProsima/Fast-DDS/commit/a726e6a5daba660418d1f7c05b6f203= c17747d2b
=C2=A0 eProsima--Fast-DDS Fast DDS is a C++ implementation of the DDS (Data=
Distribution Service) standard of the OMG (Object Management Group ). Part= icipantGenericMessage is the DDS Security control-message container that ca= rries not only the handshake but also on going security-control traffic aft=
er the handshake, such as crypto-token exchange, rekeying, re-authenticatio=
n, and token delivery for newly appearing endpoints. On receive, the CDR pa= rser is invoked first and deserializes the `message_data` (i .e., the `Data= HolderSeq`) via the `readParticipantGenericMessage =E2=86=92 readDataHolder= Seq` path. The `DataHolderSeq` is parsed sequentially: a sequence count (`u= int32`), and for each DataHolder the `class_id` string (e.g. `DDS:Auth:PKI-= DH:1.0+Req`), string properties (a sequence of key/value pairs), and binary=
properties (a name plus an octet-vector). The parser operat es at a statel= ess level and does not know higher-layer state (for example, whether the ha= ndshake has already completed), s o it fully unfolds the structure before d= istinguishing legitimate from malformed traffic. Because RTPS permits dupli= cates, delays, and retransmissions, a receiver must perform at least minima=
l structural parsing to check identity and sequence n umbers before discard= ing or processing a message; the current implementation, however, does not = "peek" only at a minimal header and instead parses the entire `DataHolderSe= q`. As a result, prior to versions 3.4.1, 3.3.1, and 2.6.11, this parsi ng = behavior can trigger an out-of-memory condition and remotely terminate the = process. Versions 3.4.1, 3.3.1, and 2.6.11 p atch the issue. 2026-02-03 not=
yet calculated CVE-2025-62603 [ https://www.cve.org/CVERecord?id=3DCVE-202= 5-62603 ] https://security-tracker.debian.org/tracker/CVE-2025-62603 https://github.com/eProsima/Fast-DDS/commit/354218514d32beac963ff5c306f1cf1= 59ee37c5f https://github.com/eProsima/Fast-DDS/commit/ced3b6f92d928af1eae77d5fe889878= 128ad421a https://github.com/eProsima/Fast-DDS/commit/a726e6a5daba660418d1f7c05b6f203= c17747d2b
=C2=A0 Significant-Gravitas--AutoGPT AutoGPT is a platform that allows user=
s to create, deploy, and manage continuous artificial intelligence agents t= hat automate complex workflows. Prior to autogpt-platform-beta-v0.6.34, in = RSSFeedBlock, the third-party library urllib.request.urlopen is used direct=
ly to access the URL, but the input URL is not filtered, which will cause S= SRF vulnerability. This issue has been patched in autogpt-platform-beta-v0.= 6.34. 2026-02-04 not yet calculated CVE-2025-62615 [ https://www.cve.org/CV= ERecord?id=3DCVE-2025-62615 ] https://github.com/Significant-Gravitas/AutoG= PT/security/advisories/GHSA-r55v-q5pc-j57f
=C2=A0 Significant-Gravitas--AutoGPT AutoGPT is a platform that allows user=
s to create, deploy, and manage continuous artificial intelligence agents t= hat automate complex workflows. Prior to autogpt-platform-beta-v0.6.34, in = SendDiscordFileBlock, the third-party library aiohttp.ClientSession().get i=
s used directly to access the URL, but the input URL is not filtered, which=
will cause SSRF vulnerability. This issue has been patched in autogpt-plat= form-beta-v0.6.34. 2026-02-04 not yet calculated CVE-2025-62616 [ https://w= ww.cve.org/CVERecord?id=3DCVE-2025-62616 ] https://github.com/Significant-G= ravitas/AutoGPT/security/advisories/GHSA-ggc4-4fmm-9hmc
=C2=A0 TP-Link Systems Inc.--Archer AX53 v1.0 Heap-based Buffer Overflow vu= lnerability in TP-Link Archer AX53 v1.0 (tdpserver modules) allows adjacent=
attackers to cause a segmentation fault or potentially execute arbitrary c= ode via a specially crafted network packet containing a maliciously formed = field. This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. 2= 026-02-03 not yet calculated CVE-2025-62673 [ https://www.cve.org/CVERecord= ?id=3DCVE-2025-62673 ] https://talosintelligence.com/vulnerability_reports/ https://www.tp-link.com/en/support/download/archer-ax53/v1/#Firmware https://www.tp-link.com/my/support/download/archer-ax53/v1/#Firmware https://www.tp-link.com/us/support/faq/4943/
=C2=A0 eProsima--Fast-DDS Fast DDS is a C++ implementation of the DDS (Data=
Distribution Service) standard of the OMG (Object Management Group ). Prio=
r to versions 3.4.1, 3.3.1, and 2.6.11, a heap buffer overflow exists in th=
e Fast-DDS DATA_FRAG receive path. An un authenticated sender can transmit =
a single malformed RTPS DATA_FRAG packet where `fragmentSize` and `sampleSi= ze` are craft ed to violate internal assumptions. Due to a 4-byte alignment=
step during fragment metadata initialization, the code write s past the en=
d of the allocated payload buffer, causing immediate crash (DoS) and potent= ially enabling memory corruption ( RCE risk). Versions 3.4.1, 3.3.1, and 2.= 6.11 patch the issue. 2026-02-03 not yet calculated CVE-2025-62799 [ https:= //www.cve.org/CVERecord?id=3DCVE-2025-62799 ] https://security-tracker.debi= an.org/tracker/CVE-2025-62799 https://github.com/eProsima/Fast-DDS/commit/d6dd58f4ecd28cd1c3bc4ef0467be91= 10fa94659 https://github.com/eProsima/Fast-DDS/commit/0c3824ef4991628de5dfba240669dc6= 172d63b46 https://github.com/eProsima/Fast-DDS/commit/955c8a15899dc6eb409e080fe7dc89e= 142d5a514
=C2=A0 Articentgroup--Zip Rar Extractor 1.3 Articentgroup Zip Rar Extractor=
Tool 1.345.93.0 is vulnerable to Directory Traversal. The vulnerability re= sides in the ZIP file processing component, specifically in the functionali=
ty responsible for extracting and handling ZIP archive contents. 2026-02-03=
not yet calculated CVE-2025-63372 [ https://www.cve.org/CVERecord?id=3DCVE= -2025-63372 ] https://articentgroup.com/zip-rar-extractor-tool/
=C2=A0 Shandong Kede Electronics--Water meter monitor v.1 SQL Injection vul= nerability in Shandong Kede Electronics Co., Ltd IoT smart water meter moni= toring platform v.1.0 allows a remote attacker to execute arbitrary code vi=
a the imei_list.aspx file. 2026-02-03 not yet calculated CVE-2025-63624 [ h= ttps://www.cve.org/CVERecord?id=3DCVE-2025-63624 ] https://github.com/songq= b-xx/Internet-of-Things-Smart-Water-Meter-Monitoring-Platform-Unauthorized-= RCE
=C2=A0 eProsima--Fast-DDS Fast DDS is a C++ implementation of the DDS (Data=
Distribution Service) standard of the OMG (Object Management Group ). Prio=
r to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, = modifying the DATA Submessage within an SPDP packet sent by a publisher cau= ses an Out-Of-Memory (OOM) condition, resulting in remote termination of Fa= st-DDS. If t he fields of `PID_IDENTITY_TOKEN` or `PID_PERMISSIONS_TOKEN` i=
n the DATA Submessage are tampered with - specifically by ta mpering with t=
he the `vecsize` value read by `readOctetVector` - a 32-bit integer overflo=
w can occur, causing `std::vector ::resize` to request an attacker-controll=
ed size and quickly trigger OOM and remote process termination. Versions 3.= 4.1, 3 .3.1, and 2.6.11 patch the issue. 2026-02-03 not yet calculated CVE-= 2025-64098 [ https://www.cve.org/CVERecord?id=3DCVE-2025-64098 ] https://se= curity-tracker.debian.org/tracker/CVE-2025-64098 https://github.com/eProsima/Fast-DDS/commit/354218514d32beac963ff5c306f1cf1= 59ee37c5f https://github.com/eProsima/Fast-DDS/commit/ced3b6f92d928af1eae77d5fe889878= 128ad421a https://github.com/eProsima/Fast-DDS/commit/a726e6a5daba660418d1f7c05b6f203= c17747d2b
=C2=A0 gogs--gogs Gogs is an open source self-hosted Git service. In versio=
n 0.13.3 and prior, due to the insufficient patch for CVE-2024-56731, it's = still possible to update files in the .git directory and achieve remote com= mand execution. This issue has been patched in versions 0.13.4 and 0.14.0+d= ev. 2026-02-06 not yet calculated CVE-2025-64111 [ https://www.cve.org/CVER= ecord?id=3DCVE-2025-64111 ] https://github.com/gogs/gogs/security/advisorie= s/GHSA-gg64-xxr9-qhjp
=C2=A0 gogs--gogs Gogs is an open source self-hosted Git service. In versio=
n 0.13.3 and prior, Gogs' 2FA recovery code validation does not scope codes=
by user, enabling cross-account bypass. If an attacker knows a victim's us= ername and password, they can use any unused recovery code (e.g., from thei=
r own account) to bypass the victim's 2FA. This enables full account takeov=
er and renders 2FA ineffective in all environments where it's enabled.. Thi=
s issue has been patched in versions 0.13.4 and 0.14.0+dev. 2026-02-06 not = yet calculated CVE-2025-64175 [ https://www.cve.org/CVERecord?id=3DCVE-2025= -64175 ] https://github.com/gogs/gogs/security/advisories/GHSA-p6x6-9mx6-26=
wj
=C2=A0 eProsima--Fast-DDS Fast DDS is a C++ implementation of the DDS (Data=
Distribution Service) standard of the OMG (Object Management Group ). Prio=
r to versions 3.4.1, 3.3.1, and 2.6.11, a remotely triggerable Out-of-Memor=
y (OOM) denial-of-service exists in Fast -DDS when processing RTPS GAP subm= essages under RELIABLE QoS. By sending a tiny GAP packet with a huge gap ra= nge (`gapList .base - gapStart`), an attacker drives `StatefulReader::proce= ssGapMsg()` into an unbounded loop that inserts millions of s equence numbe=
rs into `WriterProxy::changes_received_` (`std::set`), causing multi-GB hea=
p growth and process termination. No authentication is required beyond netw= ork reachability to the reader on the DDS domain. In environments without a=
n RSS limit (non-ASan / unlimited), memory consumption was observed to rise=
to ~64 GB. Versions 3.4.1, 3.3.1, and 2.6.11 patch t he issue. 2026-02-03 = not yet calculated CVE-2025-64438 [ https://www.cve.org/CVERecord?id=3DCVE-= 2025-64438 ] https://security-tracker.debian.org/tracker/CVE-2025-64438 https://github.com/eProsima/Fast-DDS/commit/0b0cb308eaeeb2175694aa0a0a72310= 6824ce9a7 https://github.com/eProsima/Fast-DDS/commit/71da01b4aea4d937558984f2cf0089f= 5ba3c871f https://github.com/eProsima/Fast-DDS/commit/8ca016134dac20b6e30e42b7b73466e= f7cdbc213
=C2=A0 decidim--decidim Decidim is a participatory democracy framework. In = versions from 0.30.0 to before 0.30.4 and from 0.31.0.rc1 to before 0.31.0,=
the private data exports can lead to data leaks in case the UUID generatio=
n, causing collisions for the generated UUIDs. This issue has been patched =
in versions 0.30.4 and 0.31.0. 2026-02-03 not yet calculated CVE-2025-65017=
[ https://www.cve.org/CVERecord?id=3DCVE-2025-65017 ] https://github.com/d= ecidim/decidim/security/advisories/GHSA-3cx6-j9j4-54mp https://github.com/decidim/decidim/pull/13571 https://github.com/decidim/decidim/releases/tag/v0.30.4 https://github.com/decidim/decidim/releases/tag/v0.31.0
=C2=A0 Lexmark--MXTCT, MSNGM, MSTGM, MXNGM, MXTGM, CSNGV, CSTGV, CXTGV, MSN= GW, MSTGW, MXTGW, CSTLS, CXTLS, MXTLS, CSTMM, CXTMM, CSTPC, CXTPC, MXTPM, M= SNSN, MSTSN, MXTSN, CSNZJ, CSTZJ, CXNZJ, CXTZJ A relative path traversal vu= lnerability has been identified in the Embedded Solutions Framework in vari= ous Lexmark devices. This vulnerability can be leveraged by an attacker to = execute arbitrary code as an unprivileged user. 2026-02-03 not yet calculat=
ed CVE-2025-65077 [ https://www.cve.org/CVERecord?id=3DCVE-2025-65077 ] htt= ps://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.h= tml
=C2=A0 Lexmark--MXTCT, MSNGM, MSTGM, MXNGM, MXTGM, CSNGV, CSTGV, CXTGV, MSN= GW, MSTGW, MXTGW, CSTLS, CXTLS, MXTLS, CSTMM, CXTMM, CSTPC, CXTPC, MXTPM, M= SNSN, MSTSN, MXTSN, CSNZJ, CSTZJ, CXNZJ, CXTZJ An untrusted search path vul= nerability has been identified in the Embedded Solutions Framework in vario=
us Lexmark devices. This vulnerability can be leveraged by an attacker to e= xecute arbitrary code. 2026-02-03 not yet calculated CVE-2025-65078 [ https= ://www.cve.org/CVERecord?id=3DCVE-2025-65078 ] https://www.lexmark.com/en_u= s/solutions/security/lexmark-security-advisories.html
=C2=A0 Lexmark--MXTCT, MSNGM, MSTGM, MXNGM, MXTGM, CSNGV, CSTGV, CXTGV, MSN= GW, MSTGW, MXTGW, CSTLS, CXTLS, MXTLS, CSTMM, CXTMM, CSTPC, CXTPC, MXTPM, M= SNSN, MSTSN, MXTSN, CSNZJ, CSTZJ, CXNZJ, CXTZJ A heap-based buffer overflow=
vulnerability has been identified in the Postscript interpreter in various=
Lexmark devices. This vulnerability can be leveraged by an attacker to exe= cute arbitrary code as an unprivileged user. 2026-02-03 not yet calculated = CVE-2025-65079 [ https://www.cve.org/CVERecord?id=3DCVE-2025-65079 ] https:= //www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html =C2=A0 Lexmark--MXTCT, MSNGM, MSTGM, MXNGM, MXTGM, CSNGV, CSTGV, CXTGV, MSN= GW, MSTGW, MXTGW, CSTLS, CXTLS, MXTLS, CSTMM, CXTMM, CSTPC, CXTPC, MXTPM, M= SNSN, MSTSN, MXTSN, CSNZJ, CSTZJ, CXNZJ, CXTZJ A type confusion vulnerabili=
ty has been identified in the Postscript interpreter in various Lexmark dev= ices. This vulnerability can be leveraged by an attacker to execute arbitra=
ry code as an unprivileged user. 2026-02-03 not yet calculated CVE-2025-650=
80 [ https://www.cve.org/CVERecord?id=3DCVE-2025-65080 ] https://www.lexmar= k.com/en_us/solutions/security/lexmark-security-advisories.html
=C2=A0 Lexmark--MXTCT, MSNGM, MSTGM, MXNGM, MXTGM, CSNGV, CSTGV, CXTGV, MSN= GW, MSTGW, MXTGW, CSTLS, CXTLS, MXTLS, CSTMM, CXTMM, CSTPC, CXTPC, MXTPM, M= SNSN, MSTSN, MXTSN, CSNZJ, CSTZJ, CXNZJ, CXTZJ An out-of-bounds read vulner= ability has been identified in the Postscript interpreter in various Lexmar=
k devices. This vulnerability can be leveraged by an attacker to execute ar= bitrary code as an unprivileged user. 2026-02-03 not yet calculated CVE-202= 5-65081 [ https://www.cve.org/CVERecord?id=3DCVE-2025-65081 ] https://www.l= exmark.com/en_us/solutions/security/lexmark-security-advisories.html
=C2=A0 Wikimedia Foundation--MediaWiki Vulnerability in Wikimedia Foundatio=
n MediaWiki. This vulnerability is associated with program files includes/s= pecials/pagers/BlockListPager.Php. This issue affects MediaWiki: >=3D 1.42.=
0. 2026-02-02 not yet calculated CVE-2025-6589 [ https://www.cve.org/CVERec= ord?id=3DCVE-2025-6589 ] https://phabricator.wikimedia.org/T391343
=C2=A0 Wikimedia Foundation--MediaWiki Exposure of Sensitive Information to=
an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. Thi=
s vulnerability is associated with program files includes/htmlform/fields/H= TMLUserTextField.Php. This issue affects MediaWiki: from * through 1.39.12,=
1.42.76 1.43.1, 1.44.0. 2026-02-02 not yet calculated CVE-2025-6590 [ http= s://www.cve.org/CVERecord?id=3DCVE-2025-6590 ] https://phabricator.wikimedi= a.org/T392746
=C2=A0 Wikimedia Foundation--MediaWiki Vulnerability in Wikimedia Foundatio=
n MediaWiki. This vulnerability is associated with program files includes/a= pi/ApiFeedContributions.Php. This issue affects MediaWiki: from * before 1.= 39.13, 1.42.7 1.43.2, 1.44.0. 2026-02-02 not yet calculated CVE-2025-6591 [=
https://www.cve.org/CVERecord?id=3DCVE-2025-6591 ] https://phabricator.wik= imedia.org/T392276
=C2=A0 Wikimedia Foundation--AbuseFilter Vulnerability in Wikimedia Foundat= ion AbuseFilter. This vulnerability is associated with program files includ= es/auth/AuthManager.Php. This issue affects AbuseFilter: from fe0b1cb9e9691= faf4d8d9bd80646589f6ec37615 before 1.43.2, 1.44.0. 2026-02-02 not yet calcu= lated CVE-2025-6592 [ https://www.cve.org/CVERecord?id=3DCVE-2025-6592 ] ht= tps://phabricator.wikimedia.org/T391218
=C2=A0 n/a--ERPNext A Stored Cross-Site Scripting (XSS) vulnerability was d= iscovered within the CSV import mechanism of ERPNext thru 15.88.1 when usin=
g the Update Existing Recordsoption. An attacker can embed malicious JavaSc= ript code into a CSV field, which is then stored in the database and execut=
ed whenever the affected record is viewed by a user within the ERPNext web = interface. This exposure may allow an attacker to compromise user sessions =
or perform unauthorized actions under the context of a victim's account. 20= 26-02-03 not yet calculated CVE-2025-65923 [ https://www.cve.org/CVERecord?= id=3DCVE-2025-65923 ] https://github.com/frappe/frappe_docker.git
=C2=A0 n/a--ERPNext ERPNext thru 15.88.1 does not sanitize or remove certai=
n HTML tags specifically `<a>` hyperlinks in fields that are intended for p= lain text. Although JavaScript is blocked (preventing XSS), the HTML is sti=
ll preserved in the generated PDF document. As a result, an attacker can in= ject malicious clickable links into an ERP-generated PDF. Since PDF files g= enerated by the ERP system are generally considered trustworthy, users are = highly likely to click these links, potentially enabling phishing attacks o=
r malware delivery. This issue occurs in the Add Quality Goal' function. 20= 26-02-03 not yet calculated CVE-2025-65924 [ https://www.cve.org/CVERecord?= id=3DCVE-2025-65924 ] https://github.com/frappe/frappe_docker.git
=C2=A0 Wikimedia Foundation--MediaWiki Vulnerability in Wikimedia Foundatio=
n MediaWiki. This vulnerability is associated with program files includes/u= ser/User.Php. This issue affects MediaWiki: from 1.27.0 before 1.39.13, 1.4= 2.7 1.43.2, 1.44.0. 2026-02-02 not yet calculated CVE-2025-6593 [ https://w= ww.cve.org/CVERecord?id=3DCVE-2025-6593 ] https://phabricator.wikimedia.org= /T396230
=C2=A0 Wikimedia Foundation--MediaWiki Improper Neutralization of Input Dur= ing Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wi= kimedia Foundation MediaWiki. This vulnerability is associated with program=
files resources/src/mediawiki.Special.Apisandbox/ApiSandbox.Js. This issue=
affects MediaWiki: from 1.27.0 before 1.39.13, 1.42.7 1.43.2, 1.44.0. 2026= -02-02 not yet calculated CVE-2025-6594 [ https://www.cve.org/CVERecord?id= =3DCVE-2025-6594 ] https://phabricator.wikimedia.org/T395063
=C2=A0 Wikimedia Foundation--MultimediaViewer Improper Neutralization of In= put During Web Page Generation (XSS or 'Cross-site Scripting') vulnerabilit=
y in Wikimedia Foundation MultimediaViewer. This issue affects MultimediaVi= ewer: from * before 1.39.13, 1.42.7, 1.43.2, 1.44.0. 2026-02-02 not yet cal= culated CVE-2025-6595 [ https://www.cve.org/CVERecord?id=3DCVE-2025-6595 ] = https://phabricator.wikimedia.org/T394863
=C2=A0 Wikimedia Foundation--Vector Improper Neutralization of Input During=
Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikim= edia Foundation Vector. This vulnerability is associated with program files=
resources/skins.Vector.Js/portlets.Js, resources/skins.Vector.Legacy.Js/po= rtlets.Js. This issue affects Vector: from >=3D 1.40.0 before 1.42.7, 1.43.=
2, 1.44.0. 2026-02-02 not yet calculated CVE-2025-6596 [ https://www.cve.or= g/CVERecord?id=3DCVE-2025-6596 ] https://phabricator.wikimedia.org/T396685 =C2=A0 Wikimedia Foundation--MediaWiki Vulnerability in Wikimedia Foundatio=
n MediaWiki. This vulnerability is associated with program files includes/a= uth/AuthManager.Php. This issue affects MediaWiki: from * before 1.39.13, 1= .42.7, 1.43.2, 1.44.0. 2026-02-02 not yet calculated CVE-2025-6597 [ https:= //www.cve.org/CVERecord?id=3DCVE-2025-6597 ] https://phabricator.wikimedia.= org/T389009
=C2=A0 CyberArk--CyberArk Endpoint Agent v25.10.0 CyberArk Endpoint Privile=
ge Manager Agent through 25.10.0 allows a local user to achieve privilege e= scalation through policy elevation of an Administration task. 2026-02-03 no=
t yet calculated CVE-2025-66374 [ https://www.cve.org/CVERecord?id=3DCVE-20= 25-66374 ] https://www.cyberark.com/product-security/ https://www.cyberark.com/ca26-01 https://docs.cyberark.com/epm/latest/en/content/release%20notes/rn-whatsnew= 25-12.htm#Security
=C2=A0 TOTOlink--A950RG Router TOTOLINK A950RG V4.1.2cu.5204_B20210112 cont= ains a buffer overflow vulnerability in the setUrlFilterRules interface of = /lib/cste_modules/firewall.so. The vulnerability occurs because the `url` p= arameter is not properly validated for length, allowing remote attackers to=
trigger a buffer overflow, potentially leading to arbitrary code execution=
or denial of service. 2026-02-03 not yet calculated CVE-2025-67186 [ https= ://www.cve.org/CVERecord?id=3DCVE-2025-67186 ] https://github.com/SunnyYANG= yaya/cuicuishark-sheep-fishIOT/blob/main/ToTolink/A950RG/5024-setUrlFliterR= ules-url-buffer.md
=C2=A0 TOTOlink--A950RG Router A stack-based buffer overflow vulnerability = was identified in TOTOLINK A950RG V4.1.2cu.5204_B20210112. The flaw exists =
in the setIpQosRules interface of /lib/cste_modules/firewall.so where the c= omment parameter is not properly validated for length. 2026-02-03 not yet c= alculated CVE-2025-67187 [ https://www.cve.org/CVERecord?id=3DCVE-2025-6718=
7 ] https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/main/To= Tolink/A950RG/5024-setIpQosRules-comment-buffer.md
=C2=A0 TOTOlink--A950RG Router A buffer overflow vulnerability exists in TO= TOLINK A950RG V4.1.2cu.5204_B20210112. The issue resides in the setRadvdCfg=
interface of the /lib/cste_modules/ipv6.so module. The function fails to p= roperly validate the length of the user-controlled radvdinterfacename param= eter, allowing remote attackers to trigger a stack buffer overflow. 2026-02= -03 not yet calculated CVE-2025-67188 [ https://www.cve.org/CVERecord?id=3D= CVE-2025-67188 ] https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT= /blob/main/ToTolink/A950RG/5024-ipv6-setRadvdCfg-radvdinterfacename-buffer.=
md
=C2=A0 TOTOlink--A950RG Router A buffer overflow vulnerability exists in th=
e setParentalRules interface of TOTOLINK A950RG V4.1.2cu.5204_B20210112. Th=
e urlKeyword parameter is not properly validated, and the function concaten= ates multiple user-controlled fields into a fixed-size stack buffer without=
performing boundary checks. A remote attacker can exploit this flaw to cau=
se denial of service or potentially achieve arbitrary code execution. 2026-= 02-03 not yet calculated CVE-2025-67189 [ https://www.cve.org/CVERecord?id= =3DCVE-2025-67189 ] https://github.com/SunnyYANGyaya/cuicuishark-sheep-fish= IOT/blob/main/ToTolink/A950RG/5024-setParentRules-urlKeyWord-buffer.md
=C2=A0 Wikimedia Foundation--MediaWiki Improper Neutralization of Input Dur= ing Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wi= kimedia Foundation MediaWiki. This vulnerability is associated with program=
files includes/CommentFormatter/CommentParser.Php. This issue affects Medi= aWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1. 2026-02-03 not yet ca= lculated CVE-2025-67475 [ https://www.cve.org/CVERecord?id=3DCVE-2025-67475=
] https://phabricator.wikimedia.org/T406664
=C2=A0 Wikimedia Foundation--MediaWiki Vulnerability in Wikimedia Foundatio=
n MediaWiki. This vulnerability is associated with program files includes/I= mport/ImportableOldRevisionImporter.Php. This issue affects MediaWiki: from=
* before 1.44.3, 1.45.1. 2026-02-03 not yet calculated CVE-2025-67476 [ ht= tps://www.cve.org/CVERecord?id=3DCVE-2025-67476 ] https://phabricator.wikim= edia.org/T405859
=C2=A0 Wikimedia Foundation--MediaWiki Improper Neutralization of Input Dur= ing Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wi= kimedia Foundation MediaWiki. This vulnerability is associated with program=
files resources/src/mediawiki.Special.Apisandbox/ApiSandboxLayout.Js. This=
issue affects MediaWiki: from * before 1.44.3, 1.45.1. 2026-02-03 not yet = calculated CVE-2025-67477 [ https://www.cve.org/CVERecord?id=3DCVE-2025-674=
77 ] https://phabricator.wikimedia.org/T406639
=C2=A0 Wikimedia Foundation--CheckUser Vulnerability in Wikimedia Foundatio=
n CheckUser. This vulnerability is associated with program files includes/M= ail/UserMailer.Php. This issue affects CheckUser: from * before 1.39.14, 1.= 43.4, 1.44.1. 2026-02-03 not yet calculated CVE-2025-67478 [ https://www.cv= e.org/CVERecord?id=3DCVE-2025-67478 ] https://phabricator.wikimedia.org/T38= 5403
=C2=A0 Wikimedia Foundation--MediaWiki Vulnerability in Wikimedia Foundatio=
n MediaWiki, Wikimedia Foundation Cite. This vulnerability is associated wi=
th program files includes/Parser/CoreParserFunctions.Php, includes/Parser/S= anitizer.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, = 1.44.1; Cite: from * before 1.39.14, 1.43.4, 1.44.1. 2026-02-03 not yet cal= culated CVE-2025-67479 [ https://www.cve.org/CVERecord?id=3DCVE-2025-67479 =
] https://phabricator.wikimedia.org/T407131
=C2=A0 Wikimedia Foundation--MediaWiki Vulnerability in Wikimedia Foundatio=
n MediaWiki. This vulnerability is associated with program files includes/A= pi/ApiQueryRevisionsBase.Php. This issue affects MediaWiki: from * before 1= .39.16, 1.43.6, 1.44.3, 1.45.1. 2026-02-03 not yet calculated CVE-2025-6748=
0 [ https://www.cve.org/CVERecord?id=3DCVE-2025-67480 ] https://phabricator= .wikimedia.org/T401053
=C2=A0 Wikimedia Foundation--MediaWiki Improper Neutralization of Input Dur= ing Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wi= kimedia Foundation MediaWiki. This vulnerability is associated with program=
files resources/src/mediawiki.JqueryMsg/mediawiki.JqueryMsg.Js. This issue=
affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1. 2026-02-=
03 not yet calculated CVE-2025-67481 [ https://www.cve.org/CVERecord?id=3DC= VE-2025-67481 ] https://phabricator.wikimedia.org/T251032
=C2=A0 Wikimedia Foundation--Scribunto Vulnerability in Wikimedia Foundatio=
n Scribunto, Wikimedia Foundation luasandbox. This vulnerability is associa= ted with program files includes/Engines/LuaCommon/lualib/mwInit.Lua, librar= y.C. This issue affects Scribunto: from * before 1.39.16, 1.43.6, 1.44.3, 1= .45.1; luasandbox: from * before fea2304f8f6ab30314369a612f4f5b165e68e95a. = 2026-02-03 not yet calculated CVE-2025-67482 [ https://www.cve.org/CVERecor= d?id=3DCVE-2025-67482 ] https://phabricator.wikimedia.org/T408135
=C2=A0 Wikimedia Foundation--MediaWiki Improper Neutralization of Input Dur= ing Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wi= kimedia Foundation MediaWiki. This vulnerability is associated with program=
files resources/src/mediawiki.Page.Preview.Js. This issue affects MediaWik=
i: from * before 1.43.6, 1.44.3, 1.45.1. 2026-02-03 not yet calculated CVE-= 2025-67483 [ https://www.cve.org/CVERecord?id=3DCVE-2025-67483 ] https://ph= abricator.wikimedia.org/T409226
=C2=A0 Wikimedia Foundation--MediaWiki Vulnerability in Wikimedia Foundatio=
n MediaWiki. This vulnerability is associated with program files includes/A= pi/ApiFormatXml.Php. This issue affects MediaWiki: from * before 1.39.16, 1= .43.6, 1.44.3, 1.45.1. 2026-02-03 not yet calculated CVE-2025-67484 [ https= ://www.cve.org/CVERecord?id=3DCVE-2025-67484 ] https://phabricator.wikimedi= a.org/T401995
=C2=A0 Go standard library--crypto/tls During session resumption in crypto/= tls, if the underlying Config has its ClientCAs or RootCAs fields mutated b= etween the initial handshake and the resumed handshake, the resumed handsha=
ke may succeed when it should have failed. This may happen when a user call=
s Config.Clone and mutates the returned Config, or uses Config.GetConfigFor= Client. This can cause a client to resume a session with a server that it w= ould not have resumed with during the initial handshake, or cause a server =
to resume a session with a client that it would not have resumed with durin=
g the initial handshake. 2026-02-05 not yet calculated CVE-2025-68121 [ htt= ps://www.cve.org/CVERecord?id=3DCVE-2025-68121 ] https://groups.google.com/= g/golang-announce/c/K09ubi9FQFk
https://go.dev/cl/737700
https://go.dev/issue/77217
https://pkg.go.dev/vuln/GO-2026-4337
=C2=A0 Axigen--Mail Server Axigen Mail Server before 10.5.57 allows stored = Cross-Site Scripting (XSS) in the handling of the timeFormat account prefer= ence parameter. Attackers can exploit this by deploying a multi-stage attac=
k. In the first stage, a malicious JavaScript payload is injected into the = timeFormat preference by exploiting a separate vulnerability or using compr= omised credentials. In the second stage, when the victim logs into the WebM= ail interface, the unsanitized timeFormat value is loaded from storage and = inserted into the DOM, causing the injected script to execute. 2026-02-05 n=
ot yet calculated CVE-2025-68643 [ https://www.cve.org/CVERecord?id=3DCVE-2= 025-68643 ] https://www.axigen.com/mail-server/download/ https://www.axigen.com/knowledgebase/Axigen-WebMail-Stored-XSS-Vulnerabilit= y-CVE-2025-68643-_405.html
=C2=A0 Axigen--Mail Server Axigen Mail Server before 10.5.57 contains an im= proper access control vulnerability in the WebAdmin interface. A delegated = admin account with zero permissions can bypass access control checks and ga=
in unauthorized access to the SSL Certificates management endpoint (page=3D= sslcerts). This allows the attacker to view, download, upload, and delete S=
SL certificate files, despite lacking the necessary privileges to access th=
e Security & Filtering section. 2026-02-05 not yet calculated CVE-2025-6872=
1 [ https://www.cve.org/CVERecord?id=3DCVE-2025-68721 ] https://www.axigen.= com/mail-server/download/ https://www.axigen.com/knowledgebase/Axigen-WebAdmin-Improper-Access-Contro= l-Vulnerability-CVE-2025-68721-_406.html
=C2=A0 Axigen--Mail Server Axigen Mail Server before 10.5.57 and 10.6.x bef= ore 10.6.26 contains a Cross-Site Request Forgery (CSRF) vulnerability in t=
he WebAdmin interface through improper handling of the _s (breadcrumb) para= meter. The application accepts state-changing requests via the GET method a=
nd automatically processes base64-encoded commands queued in the _s paramet=
er immediately after administrator authentication. Attackers can craft mali= cious URLs that, when clicked by administrators, execute arbitrary administ= rative actions upon login without further user interaction, including creat= ing rogue administrator accounts or modifying critical server configuration=
s. 2026-02-05 not yet calculated CVE-2025-68722 [ https://www.cve.org/CVERe= cord?id=3DCVE-2025-68722 ] https://www.axigen.com/mail-server/download/ https://www.axigen.com/knowledgebase/Axigen-WebAdmin-CSRF-Vulnerability-CVE= -2025-68722-_407.html
=C2=A0 Axigen--Mail Server Axigen Mail Server before 10.5.57 contains multi= ple stored Cross-Site Scripting (XSS) vulnerabilities in the WebAdmin inter= face. Three instances exist: (1) the log file name parameter in the Local S= ervices Log page, (2) certificate file content in the SSL Certificates View=
Usage feature, and (3) the Certificate File name parameter in the WebMail = Listeners SSL settings. Attackers can inject malicious JavaScript payloads = that execute in administrators' browsers when they access affected pages or=
features, enabling privilege escalation attacks where low-privileged admin=
s can force high-privileged admins to perform unauthorized actions. 2026-02= -05 not yet calculated CVE-2025-68723 [ https://www.cve.org/CVERecord?id=3D= CVE-2025-68723 ] https://www.axigen.com/mail-server/download/ https://www.axigen.com/knowledgebase/Axigen-WebAdmin-Stored-XSS-Vulnerabili= ties-CVE-2025-68723-_408.html
=C2=A0 devcode-it--openstamanager OpenSTAManager is an open source manageme=
nt software for technical assistance and invoicing. In 2.9.8 and earlier, a=
critical OS Command Injection vulnerability exists in the P7M (signed XML)=
file decoding functionality. An authenticated attacker can upload a ZIP fi=
le containing a .p7m file with a malicious filename to execute arbitrary sy= stem commands on the server. 2026-02-06 not yet calculated CVE-2025-69212 [=
https://www.cve.org/CVERecord?id=3DCVE-2025-69212 ] https://github.com/dev= code-it/openstamanager/security/advisories/GHSA-25fp-8w8p-mx36
=C2=A0 devcode-it--openstamanager OpenSTAManager is an open source manageme=
nt software for technical assistance and invoicing. In version 2.9.8 and pr= ior, a SQL Injection vulnerability exists in the ajax_complete.php endpoint=
when handling the get_sedi operation. An authenticated attacker can inject=
malicious SQL code through the idanagrafica parameter, leading to unauthor= ized database access. At time of publication, no known patch exists. 2026-0= 2-04 not yet calculated CVE-2025-69213 [ https://www.cve.org/CVERecord?id= =3DCVE-2025-69213 ] https://github.com/devcode-it/openstamanager/security/a= dvisories/GHSA-w995-ff8h-rppg
=C2=A0 devcode-it--openstamanager OpenSTAManager is an open source manageme=
nt software for technical assistance and invoicing. In 2.9.8 and earlier, a=
n SQL Injection vulnerability exists in the ajax_select.php endpoint when h= andling the componenti operation. An authenticated attacker can inject mali= cious SQL code through the options[matricola] parameter. 2026-02-06 not yet=
calculated CVE-2025-69214 [ https://www.cve.org/CVERecord?id=3DCVE-2025-69= 214 ] https://github.com/devcode-it/openstamanager/security/advisories/GHSA= -qjv8-63xq-gq8m
=C2=A0 devcode-it--openstamanager OpenSTAManager is an open source manageme=
nt software for technical assistance and invoicing. In version 2.9.8 and pr= ior, there is a SQL Injection vulnerability in the Stampe Module. At time o=
f publication, no known patch exists. 2026-02-04 not yet calculated CVE-202= 5-69215 [ https://www.cve.org/CVERecord?id=3DCVE-2025-69215 ] https://githu= b.com/devcode-it/openstamanager/security/advisories/GHSA-qx9p-w3vj-q24q
=C2=A0 devcode-it--openstamanager OpenSTAManager is an open source manageme=
nt software for technical assistance and invoicing. In 2.9.8 and earlier, a=
n authenticated SQL injection vulnerability in OpenSTAManager's Scadenzario=
(Payment Schedule) print template allows any authenticated user to extract=
sensitive data from the database, including admin credentials, customer in= formation, and financial records. The vulnerability exists in templates/sca= denzario/init.php, where the id_anagrafica parameter is directly concatenat=
ed into an SQL query without proper sanitization. The vulnerability enables=
complete database read access through error-based SQL injection techniques=
. 2026-02-06 not yet calculated CVE-2025-69216 [ https://www.cve.org/CVERec= ord?id=3DCVE-2025-69216 ] https://github.com/devcode-it/openstamanager/secu= rity/advisories/GHSA-q6g3-fv43-m2w6
=C2=A0 Wikimedia Foundation--MediaWiki Vulnerability in Wikimedia Foundatio=
n MediaWiki. This vulnerability is associated with program files includes/s= pecials/pagers/BlockListPager.Php, includes/api/ApiQueryBlocks.Php. This is= sue affects MediaWiki: from >=3D 1.42.0 before 1.39.13, 1.42.7 1.43.2, 1.44= .0. 2026-02-02 not yet calculated CVE-2025-6927 [ https://www.cve.org/CVERe= cord?id=3DCVE-2025-6927 ] https://phabricator.wikimedia.org/T397595
=C2=A0 ORICO--NAS CD3510 The ORICO NAS CD3510 (version V1.9.12 and below) c= ontains an Incorrect Symlink Follow vulnerability that could be exploited b=
y attackers to leak or tamper with the internal file system. Attackers can = format a USB drive to ext4, create a symbolic link to its root directory, i= nsert the drive into the NAS device's slot, then access the USB drive's sym= link directory mounted on the NAS to obtain all files within the NAS system=
and tamper with those files. 2026-02-03 not yet calculated CVE-2025-69429 =
[ https://www.cve.org/CVERecord?id=3DCVE-2025-69429 ] https://www.notion.so= /ORICO-NAS-Incorrect-Symlink-Follow-2c36cf4e528a80b7bf0be4dcac758419?source= =3Dcopy_link
=C2=A0 Yottamaster NAS-- Symlink Follow An Incorrect Symlink Follow vulnera= bility exists in multiple Yottamaster NAS devices, including DM2 (version e= qual to or prior to V1.9.12), DM3 (version equal to or prior to V1.9.12), a=
nd DM200 (version equal to or prior to V1.2.23) that could be exploited by = attackers to leak or tamper with the internal file system. Attackers can fo= rmat a USB drive to ext4, create a symbolic link to its root directory, ins= ert the drive into the NAS device's slot, then access the USB drive's symli=
nk directory mounted on the NAS to obtain all files within the NAS system a=
nd tamper with those files. 2026-02-03 not yet calculated CVE-2025-69430 [ = https://www.cve.org/CVERecord?id=3DCVE-2025-69430 ] https://www.notion.so/Y= ottamaster-Incorrect-Symlink-Follow-2c36cf4e528a8001b37cdad4be7431f8?source= =3Dcopy_link
=C2=A0 ZSPACE--Q2C NAS The ZSPACE Q2C NAS contains a vulnerability related =
to incorrect symbolic link following. Attackers can format a USB drive to e= xt4, create a symbolic link to its root directory, insert the drive into th=
e NAS device's slot, and then access the USB drive's directory mounted on t=
he NAS using the Samba protocol. This allows them to obtain all files withi=
n the NAS system and tamper with those files. 2026-02-03 not yet calculated=
CVE-2025-69431 [ https://www.cve.org/CVERecord?id=3DCVE-2025-69431 ] https= ://www.notion.so/ZSPACE-Incorrect-Symlink-Follow-2c26cf4e528a8087ba14d9b1d3= 1a5bb2?source=3Dcopy_link
=C2=A0 Coto[.]com--Tarot, Astro & Healing v11.4 An arbitrary file overwrite=
vulnerability in the file import process of Tarot, Astro & Healing v11.4.0=
allows attackers to overwrite critical internal files, potentially leading=
to arbitrary code execution or exposure of sensitive information. 2026-02-=
04 not yet calculated CVE-2025-69618 [ https://www.cve.org/CVERecord?id=3DC= VE-2025-69618 ] https://secsys.fudan.edu.cn/
http://coto.com
https://coto.world/
https://github.com/Secsys-FDU/AF_CVEs/issues/9
=C2=A0 Zipperapp[.]cafe24--Text Editor v1.6.2 A path traversal in My Text E= ditor v1.6.2 allows attackers to cause a Denial of Service (DoS) via writin=
g files to the internal storage. 2026-02-05 not yet calculated CVE-2025-696=
19 [ https://www.cve.org/CVERecord?id=3DCVE-2025-69619 ] http://my.com https://secsys.fudan.edu.cn/
http://zipperapp.cafe24.com/
https://github.com/Secsys-FDU/AF_CVEs/issues/10
=C2=A0 n/a--Moo Chan Song v4.5.7 A path traversal in Moo Chan Song v4.5.7 a= llows attackers to cause a Denial of Service (DoS) via writing files to the=
internal storage. 2026-02-04 not yet calculated CVE-2025-69620 [ https://w= ww.cve.org/CVERecord?id=3DCVE-2025-69620 ] https://secsys.fudan.edu.cn/ http://office.com
http://www.ntoolslab.com/
https://github.com/Secsys-FDU/AF_CVEs/issues/11
=C2=A0 n/a--Comic Book Reader v1.0.95 An arbitrary file overwrite vulnerabi= lity in the file import process of Comic Book Reader v1.0.95 allows attacke=
rs to overwrite critical internal files, potentially leading to arbitrary c= ode execution or exposure of sensitive information. 2026-02-04 not yet calc= ulated CVE-2025-69621 [ https://www.cve.org/CVERecord?id=3DCVE-2025-69621 ]=
https://secsys.fudan.edu.cn/
http://comic.com
https://android-tools.ru/
https://github.com/Secsys-FDU/AF_CVEs/issues/12
=C2=A0 n/a--NetBox NetBox is an open-source infrastructure resource modelin=
g and IP address management platform. A reflected cross-site scripting (XSS=
) vulnerability exists in versions 2.11.0 through 3.7.x in the ProtectedErr=
or handling logic, where object names are included in HTML error messages w= ithout proper escaping. This allows user-controlled content to be rendered =
in the web interface when a delete operation fails due to protected relatio= nships, potentially enabling execution of arbitrary client-side code in the=
context of a privileged user. 2026-02-03 not yet calculated CVE-2025-69848=
[ https://www.cve.org/CVERecord?id=3DCVE-2025-69848 ] https://github.com/n= etbox-community/netbox
=C2=A0 n/a--Quick Heal Security 23.0.0 A vulnerability exists in Quick Heal=
Total Security 23.0.0 in the quarantine management component where insuffi= cient validation of restore paths and improper permission handling allow a = low-privileged local user to restore quarantined files into protected syste=
m directories. This behavior can be abused by a local attacker to place fil=
es in high-privilege locations, potentially leading to privilege escalation=
. 2026-02-03 not yet calculated CVE-2025-69875 [ https://www.cve.org/CVERec= ord?id=3DCVE-2025-69875 ] https://github.com/mertdas/QuickHealTotalSecurity= POC https://semiconductor.samsung.com/support/quality-support/product-security-= updates/cve-2025-59439/
=C2=A0 n/a--Monstra CMS v3.0.4 Monstra CMS v3.0.4 contains an arbitrary fil=
e upload vulnerability in the Files Manager plugin. The application relies =
on blacklist-based file extension validation and stores uploaded files dire= ctly in a web-accessible directory. Under typical server configurations, th=
is can allow an attacker to upload files that are interpreted as executable=
code, resulting in remote code execution. 2026-02-05 not yet calculated CV= E-2025-69906 [ https://www.cve.org/CVERecord?id=3DCVE-2025-69906 ] https://= github.com/monstra-cms/monstra/tree/master/plugins/box/filesmanager https://github.com/cypherdavy/CVE-2025-69906-Monstra-CMS-3.0.4-Arbitrary-Fi= le-Upload-to-RCE
=C2=A0 n/a--FUXA v1.2.7 FUXA v1.2.7 contains an insecure default configurat= ion vulnerability in server/settings.default.js. The 'secureEnabled' flag i=
s commented out by default, causing the application to initialize with auth= entication disabled. This allows unauthenticated remote attackers to access=
sensitive API endpoints, modify projects, and control industrial equipment=
immediately after installation. 2026-02-03 not yet calculated CVE-2025-699=
70 [ https://www.cve.org/CVERecord?id=3DCVE-2025-69970 ] https://github.com= /frangoteam/FUXA/blob/master/server/settings.default.js
=C2=A0 n/a--FUXA v1.2.7 FUXA v1.2.7 contains a hard-coded credential vulner= ability in server/api/jwt-helper.js. The application uses a hard-coded secr=
et key to sign and verify JWT Tokens. This allows remote attackers to forge=
valid admin tokens and bypass authentication to gain full administrative a= ccess. 2026-02-03 not yet calculated CVE-2025-69971 [ https://www.cve.org/C= VERecord?id=3DCVE-2025-69971 ] https://github.com/frangoteam/FUXA/blob/mast= er/server/api/jwt-helper.js
=C2=A0 n/a--FUXA v1.2.7 FUXA v1.2.7 contains an Unrestricted File Upload vu= lnerability in the `/api/upload` API endpoint. The endpoint lacks authentic= ation mechanisms, allowing unauthenticated remote attackers to upload arbit= rary files. This can be exploited to overwrite critical system files (such =
as the SQLite user database) to gain administrative access, or to upload ma= licious scripts to execute arbitrary code. 2026-02-03 not yet calculated CV= E-2025-69981 [ https://www.cve.org/CVERecord?id=3DCVE-2025-69981 ] https://= github.com/frangoteam/FUXA/blob/master/server/api/projects/index.js#L193
=C2=A0 n/a--FUXA v1.2.7 FUXA v1.2.7 allows Remote Code Execution (RCE) via = the project import functionality. The application does not properly sanitiz=
e or sandbox user-supplied scripts within imported project files. An attack=
er can upload a malicious project containing system commands, leading to fu=
ll system compromise. 2026-02-03 not yet calculated CVE-2025-69983 [ https:= //www.cve.org/CVERecord?id=3DCVE-2025-69983 ] https://github.com/frangoteam= /FUXA/blob/master/server/api/projects/index.js
=C2=A0 n/a--ChestnutCMS v.1.5.8 An issue in ChestnutCMS v.1.5.8 and before = allows a remote attacker to execute arbitrary code via the template creatio=
n function 2026-02-05 not yet calculated CVE-2025-70073 [ https://www.cve.o= rg/CVERecord?id=3DCVE-2025-70073 ] https://github.com/liweiyi/ChestnutCMS/i= ssues/8
=C2=A0 n/a--JEEWMS 1.0=C2=A0 JEEWMS 1.0 is vulnerable to SQL Injection. Att= ackers can inject malicious SQL statements through the id1 and id2 paramete=
rs in the /systemControl.do interface for attack. 2026-02-03 not yet calcul= ated CVE-2025-70311 [ https://www.cve.org/CVERecord?id=3DCVE-2025-70311 ] h= ttps://gitee.com/erzhongxmu/JEEWMS
=C2=A0 PPC (Belden)--2K05X router firmware v1.1.9_206 A stored cross-site s= cripting (XSS) vulnerability exists in the web management interface of the = PPC (Belden) ONT 2K05X router running firmware v1.1.9_206L. The Common Gate= way Interface (CGI) component improperly handles user-supplied input, allow= ing a remote, unauthenticated attacker to inject arbitrary JavaScript that =
is persistently stored and executed when the affected interface is accessed=
. 2026-02-04 not yet calculated CVE-2025-70545 [ https://www.cve.org/CVERec= ord?id=3DCVE-2025-70545 ] http://ppc.com https://github.com/jeyabalaji711/CVE-2025-70545
=C2=A0=20

n/a--pdfminer.six

=C2=A0

pdfminer.six before 20251230 contains an insecure deserialization vulnerab= ility in the CMap loading mechanism. The library uses Python pickle to dese= rialize CMap cache files without validation. An attacker with the ability t=
o place a malicious pickle file in a location accessible to the application=
can trigger arbitrary code execution or privilege escalation when the file=
is loaded by a trusted process. This is caused by an incomplete patch to C= VE-2025-64512. 2026-02-03 not yet calculated CVE-2025-70559 [ https://www.c= ve.org/CVERecord?id=3DCVE-2025-70559 ] https://github.com/pdfminer/pdfminer= .six/security/advisories/GHSA-f83h-ghpp-7wcc https://github.com/advisories/GHSA-f83h-ghpp-7wcc
=C2=A0 n/a--Boltz 2.0 Boltz 2.0.0 contains an insecure deserialization vuln= erability in its molecule loading functionality. The application uses Pytho=
n pickle to deserialize molecule data files without validation. An attacker=
with the ability to place a malicious pickle file in a directory processed=
by boltz can achieve arbitrary code execution when the file is loaded. 202= 6-02-03 not yet calculated CVE-2025-70560 [ https://www.cve.org/CVERecord?i= d=3DCVE-2025-70560 ] https://github.com/jwohlwend/boltz/issues/600 https://github.com/jwohlwend/boltz/blob/cb04aeccdd480fd4db707f0bbafde538397= fa2ac/src/boltz/data/mol.py#L80
=C2=A0 n/a--chetans9 chetans9 core-php-admin-panel through commit a94a780d6=
contains an authentication bypass vulnerability in includes/auth_validate.= php. The application sends an HTTP redirect via header(Location:login.php) = when a user is not authenticated but fails to call exit() afterward. This a= llows remote unauthenticated attackers to access protected pages.customer d= atabase. 2026-02-03 not yet calculated CVE-2025-70758 [ https://www.cve.org= /CVERecord?id=3DCVE-2025-70758 ] https://github.com/chetans9/core-php-admin= -panel https://github.com/chetans9/core-php-admin-panel/blob/master/includes/auth_= validate.php https://github.com/XavLimSG/Vulnerability-Research/tree/main/CVE-2025-70758 =C2=A0 n/a--Microweber 2.0.19 Cross Site Scripting vulnerability in the "/a= dmin/order/abandoned" endpoint of Microweber 2.0.19. An attacker can manipu= late the "orderDirection" parameter in a crafted URL and lure a user with a= dmin privileges into visiting it, achieving JavaScript code execution in th=
e victim's browser. The issue was reported to the developers and fixed in v= ersion 2.0.20. 2026-02-05 not yet calculated CVE-2025-70791 [ https://www.c= ve.org/CVERecord?id=3DCVE-2025-70791 ] https://github.com/microweber/microw= eber/commit/aa0791fc286d785ccd33ccc706f7bb3ed05b1d7f https://gist.github.com/TimRecktenwald/9615b9915a4cacda9f57bb57f13ab6d4
=C2=A0 n/a--n/a Cross Site Scripting vulnerability in the "/admin/category/= create" endpoint of Microweber 2.0.19. An attacker can manipulate the "rel_= id" parameter in a crafted URL and lure a user with admin privileges into v= isiting it, achieving JavaScript code execution in the victim's browser. Th=
e issue was reported to the developers and fixed in version 2.0.20. 2026-02= -05 not yet calculated CVE-2025-70792 [ https://www.cve.org/CVERecord?id=3D= CVE-2025-70792 ] https://github.com/microweber/microweber/commit/aa0791fc28= 6d785ccd33ccc706f7bb3ed05b1d7f https://gist.github.com/TimRecktenwald/f4b0d1edbb87e75c17c639ca0bacba57
=C2=A0 n/a--podinfo Arbitrary File Upload in podinfo thru 6.9.0 allows unau= thenticated attackers to upload arbitrary files via crafted POST request to=
the /store endpoint. The application renders uploaded content without a re= strictive Content-Security-Policy (CSP) or adequate Content-Type validation=
, leading to Stored Cross-Site Scripting (XSS). 2026-02-03 not yet calculat=
ed CVE-2025-70849 [ https://www.cve.org/CVERecord?id=3DCVE-2025-70849 ] htt= ps://gist.github.com/kazisabu/27f3e272f474005001a9ecd2c258dbea
=C2=A0 n/a--Subrion CMS v4.2.1 Multiple reflected cross-site scripting (XSS=
) vulnerabilities in the installation module of Subrion CMS v4.2.1 allows a= ttackers to execute arbitrary Javascript in the context of the user's brows=
er via injecting a crafted payload into the dbuser, dbpwd, and dbname param= eters. 2026-02-02 not yet calculated CVE-2025-70958 [ https://www.cve.org/C= VERecord?id=3DCVE-2025-70958 ] https://github.com/emirhanyucell/Subrion-CMS= -4.2.1/blob/main/subrion-cms-exploit.txt
=C2=A0 n/a--Tendenci CMS v15.3.7 A stored cross-site scripting (XSS) vulner= ability in the Jobs module of Tendenci CMS v15.3.7 allows attackers to exec= ute arbitrary web scripts or HTML via injecting a crafted payload. 2026-02-=
02 not yet calculated CVE-2025-70959 [ https://www.cve.org/CVERecord?id=3DC= VE-2025-70959 ] https://github.com/emirhanyucelll/tendenci/blob/main/Readme= .md
=C2=A0 n/a--Tendenci CMS v15.3.7 A stored cross-site scripting (XSS) vulner= ability in the Forums module of Tendenci CMS v15.3.7 allows attackers to ex= ecute arbitrary web scripts or HTML via injecting a crafted payload. 2026-0= 2-02 not yet calculated CVE-2025-70960 [ https://www.cve.org/CVERecord?id= =3DCVE-2025-70960 ] https://github.com/emirhanyucelll/tendenci/blob/main/Re= adme.md
=C2=A0 n/a--Gophish Gophish <=3D0.12.1 is vulnerable to Incorrect Access Co= ntrol. The administrative dashboard exposes each user's long-lived API key = directly inside the rendered HTML/JavaScript of the page on every login. Th=
is makes permanent API credentials accessible to any script running in the = browser context. 2026-02-06 not yet calculated CVE-2025-70963 [ https://www= .cve.org/CVERecord?id=3DCVE-2025-70963 ] https://github.com/gophish/gophish= /issues/9366
=C2=A0 n/a--eladmin v2.7 A vulnerability has been discovered in eladmin v2.=
7 and before. This vulnerability allows for an arbitrary user password rese=
t under any user permission level. 2026-02-04 not yet calculated CVE-2025-7= 0997 [ https://www.cve.org/CVERecord?id=3DCVE-2025-70997 ] https://github.c= om/elunez/eladmin
https://github.com/fofo137/CVE/issues/1
=C2=A0 n/a--n/a Water-Melon Melon commit 9df9292 and below is vulnerable to=
Denial of Service. The HTTP component doesn't have any maximum length. As =
a result, an excessive request header could cause a denial of service by co= nsuming RAM memory. 2026-02-04 not yet calculated CVE-2025-71031 [ https://= www.cve.org/CVERecord?id=3DCVE-2025-71031 ] https://suphawith-phusanbai.git= book.io/book-of-suphawith/my-exploits/denial-of-service-in-melon-c-library https://suphawith-phusanbai.gitbook.io/book-of-suphawith/my-exploits/cve-20= 25-71031-denial-of-service-in-melon-c-library
=C2=A0 danny-avila--danny-avila/librechat A vulnerability in danny-avila/li= brechat allows attackers to exploit the unrestricted Fork Function in `/api= /convos/fork` to fork numerous contents rapidly. If the forked content incl= udes a Mermaid graph with a large number of nodes, it can lead to a JavaScr= ipt heap out of memory error upon service restart, causing a denial of serv= ice. This issue affects the latest version of the product. 2026-02-02 not y=
et calculated CVE-2025-7105 [ https://www.cve.org/CVERecord?id=3DCVE-2025-7= 105 ] https://huntr.com/bounties/e44f0740-48bd-443b-8826-528e6afe9e34 https://github.com/danny-avila/librechat/commit/97a99985fa339db0a21ad63604e= 0bb8db4442ffc
=C2=A0 n/a--Creativeitem Academy LMS 7.0 Creativeitem Academy LMS 7.0 conta= ins reflected Cross-Site Scripting (XSS) vulnerabilities via the search par= ameter to the /academy/blogs endpoint, and the string parameter to the /aca= demy/course_bundles/search/query endpoint. These vulnerabilities are distin=
ct from the patch for CVE-2023-4119, which only fixed XSS in query and sort= _by parameters to the /academy/home/courses endpoint. 2026-02-03 not yet ca= lculated CVE-2025-71179 [ https://www.cve.org/CVERecord?id=3DCVE-2025-71179=
] https://codecanyon.net/item/academy-course-based-learning-management-sys= tem/22703468 https://creativeitem.com/products/academy-learning-management-system/ https://github.com/cod3rLucas/security-advisories/blob/main/CVE-2025-71179.=
md
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: ALSA: ac97: fix a double free in snd_ac97_controller_register(=
) If ac97_add_adapter() fails, put_device() is the correct way to drop the = device reference. kfree() is not required. Add kfree() if idr_alloc() fails=
and in ac97_adapter_release() to do the cleanup. Found by code review. 202= 6-02-04 not yet calculated CVE-2025-71192 [ https://www.cve.org/CVERecord?i= d=3DCVE-2025-71192 ] https://git.kernel.org/stable/c/c80f9b3349a99a9d5b295f= 5bbc23f544c5995ad7 https://git.kernel.org/stable/c/21f8bc5179bed91c3f946adb5e55d717b891960c https://git.kernel.org/stable/c/fcc04c92cbb5497ce67c58dd2f0001bb87f40396 https://git.kernel.org/stable/c/cb73d37ac18bc1716690ff5255a0ef1952827e9e https://git.kernel.org/stable/c/830988b6cf197e6dcffdfe2008c5738e6c6c3c0f
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: phy: qcom-qusb2: Fix NULL pointer dereference on early suspend=
Enabling runtime PM before attaching the QPHY instance as driver data can = lead to a NULL pointer dereference in runtime PM callbacks that expect vali=
d driver data. There is a small window where the suspend callback may run a= fter PM runtime enabling and before runtime forbid. This causes a sporadic = crash during boot: ``` Unable to handle kernel NULL pointer dereference at = virtual address 00000000000000a1 [...] CPU: 0 UID: 0 PID: 11 Comm: kworker/= 0:1 Not tainted 6.16.7+ #116 PREEMPT Workqueue: pm pm_runtime_work pstate: = 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=3D--) pc : qusb2_phy_ru= ntime_suspend+0x14/0x1e0 [phy_qcom_qusb2] lr : pm_generic_runtime_suspend+0= x2c/0x44 [...] ``` Attach the QPHY instance as driver data before enabling = runtime PM to prevent NULL pointer dereference in runtime PM callbacks. Reo= rder pm_runtime_enable() and pm_runtime_forbid() to prevent a short window = where an unnecessary runtime suspend can occur. Use the devres-managed vers= ion to ensure PM runtime is symmetrically disabled during driver removal fo=
r proper cleanup. 2026-02-04 not yet calculated CVE-2025-71193 [ https://ww= w.cve.org/CVERecord?id=3DCVE-2025-71193 ] https://git.kernel.org/stable/c/b= eba460a299150b5d8dcbe3474a8f4bdf0205180 https://git.kernel.org/stable/c/d50a9b7fd07296a1ab81c49ceba14cae3d31df86 https://git.kernel.org/stable/c/4ac15caa27ff842b068a54f1c6a8ff8b31f658e7 https://git.kernel.org/stable/c/1ca52c0983c34fca506921791202ed5bdafd5306
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: btrfs: fix deadlock in wait_current_trans() due to ignored tra= nsaction type When wait_current_trans() is called during start_transaction(=
), it currently waits for a blocked transaction without considering whether=
the given transaction type actually needs to wait for that particular tran= saction state. The btrfs_blocked_trans_types[] array already defines which = transaction types should wait for which transaction states, but this check = was missing in wait_current_trans(). This can lead to a deadlock scenario i= nvolving two transactions and pending ordered extents: 1. Transaction A is =
in TRANS_STATE_COMMIT_DOING state 2. A worker processing an ordered extent = calls start_transaction() with TRANS_JOIN 3. join_transaction() returns -EB= USY because Transaction A is in TRANS_STATE_COMMIT_DOING 4. Transaction A m= oves to TRANS_STATE_UNBLOCKED and completes 5. A new Transaction B is creat=
ed (TRANS_STATE_RUNNING) 6. The ordered extent from step 2 is added to Tran= saction B's pending ordered extents 7. Transaction B immediately starts com= mit by another task and enters TRANS_STATE_COMMIT_START 8. The worker final=
ly reaches wait_current_trans(), sees Transaction B in TRANS_STATE_COMMIT_S= TART (a blocked state), and waits unconditionally 9. However, TRANS_JOIN sh= ould NOT wait for TRANS_STATE_COMMIT_START according to btrfs_blocked_trans= _types[] 10. Transaction B is waiting for pending ordered extents to comple=
te 11. Deadlock: Transaction B waits for ordered extent, ordered extent wai=
ts for Transaction B This can be illustrated by the following call stacks: = CPU0 CPU1 btrfs_finish_ordered_io() start_transaction(TRANS_JOIN) join_tran= saction() # -EBUSY (Transaction A is # TRANS_STATE_COMMIT_DOING) # Transact= ion A completes # Transaction B created # ordered extent added to # Transac= tion B's pending list btrfs_commit_transaction() # Transaction B enters # T= RANS_STATE_COMMIT_START # waiting for pending ordered # extents wait_curren= t_trans() # waits for Transaction B # (should not wait!) Task bstore_kv_syn=
c in btrfs_commit_transaction waiting for ordered extents: __schedule+0x2e7= /0x8a0 schedule+0x64/0xe0 btrfs_commit_transaction+0xbf7/0xda0 [btrfs] btrf= s_sync_file+0x342/0x4d0 [btrfs] __x64_sys_fdatasync+0x4b/0x80 do_syscall_64= +0x33/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Task kworker in wait_cu= rrent_trans waiting for transaction commit: Workqueue: btrfs-syno_nocow btr= fs_work_helper [btrfs] __schedule+0x2e7/0x8a0 schedule+0x64/0xe0 wait_curre= nt_trans+0xb0/0x110 [btrfs] start_transaction+0x346/0x5b0 [btrfs] btrfs_fin= ish_ordered_io.isra.0+0x49b/0x9c0 [btrfs] btrfs_work_helper+0xe8/0x350 [btr= fs] process_one_work+0x1d3/0x3c0 worker_thread+0x4d/0x3e0 kthread+0x12d/0x1=
50 ret_from_fork+0x1f/0x30 Fix this by passing the transaction type to wait= _current_trans() and checking btrfs_blocked_trans_types[cur_trans->state] a= gainst the given type before deciding to wait. This ensures that transactio=
n types which are allowed to join during certain blocked states will not un= necessarily wait and cause deadlocks. 2026-02-04 not yet calculated CVE-202= 5-71194 [ https://www.cve.org/CVERecord?id=3DCVE-2025-71194 ] https://git.k= ernel.org/stable/c/e563f59395981fcd69d130761290929806e728d6 https://git.kernel.org/stable/c/dc84036c173cff6a432d9ab926298850b1d2a659 https://git.kernel.org/stable/c/d7b04b40ac8e6d814e35202a0e1568809b818295 https://git.kernel.org/stable/c/99da896614d17e8a84aeb2b2d464ac046cc8633d https://git.kernel.org/stable/c/8b0bb145d3bc264360f525c9717653be3522e528 https://git.kernel.org/stable/c/9ac63333d600732a56b35ee1fa46836da671eb50 https://git.kernel.org/stable/c/5037b342825df7094a4906d1e2a9674baab50cb2
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: dmaengine: xilinx: xdma: Fix regmap max_register The max_regis= ter field is assigned the size of the register memory region instead of the=
offset of the last register. The result is that reading from the regmap vi=
a debugfs can cause a segmentation fault: tail /sys/kernel/debug/regmap/xdm= a.1.auto/registers Unable to handle kernel paging request at virtual addres=
s ffff800082f70000 Mem abort info: ESR =3D 0x0000000096000007 EC =3D 0x25: = DABT (current EL), IL =3D 32 bits SET =3D 0, FnV =3D 0 EA =3D 0, S1PTW =3D =
0 FSC =3D 0x07: level 3 translation fault [...] Call trace: regmap_mmio_rea= d32le+0x10/0x30 _regmap_bus_reg_read+0x74/0xc0 _regmap_read+0x68/0x198 regm= ap_read+0x54/0x88 regmap_read_debugfs+0x140/0x380 regmap_map_read_file+0x30= /0x48 full_proxy_read+0x68/0xc8 vfs_read+0xcc/0x310 ksys_read+0x7c/0x120 __= arm64_sys_read+0x24/0x40 invoke_syscall.constprop.0+0x64/0x108 do_el0_svc+0= xb0/0xd8 el0_svc+0x38/0x130 el0t_64_sync_handler+0x120/0x138 el0t_64_sync+0= x194/0x198 Code: aa1e03e9 d503201f f9400000 8b214000 (b9400000) ---[ end tr= ace 0000000000000000 ]--- note: tail[1217] exited with irqs disabled note: = tail[1217] exited with preempt_count 1 Segmentation fault 2026-02-04 not ye=
t calculated CVE-2025-71195 [ https://www.cve.org/CVERecord?id=3DCVE-2025-7= 1195 ] https://git.kernel.org/stable/c/df8a131a41ff6202d47f59452735787f2b71= dd2d
https://git.kernel.org/stable/c/606ea969e78295407f4bf06aa0e272fe59897184 https://git.kernel.org/stable/c/5e7ad329d259cf5bed7530d6d2525bcf7cb487a1 https://git.kernel.org/stable/c/c7d436a6c1a274c1ac28d5fb3b8eb8f03b6d0e10
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: phy: stm32-usphyc: Fix off by one in probe() The "index" varia= ble is used as an index into the usbphyc->phys[] array which has usbphyc->n= phys elements. So if it is equal to usbphyc->nphys then it is one element o=
ut of bounds. The "index" comes from the device tree so it's data that we t= rust and it's unlikely to be wrong, however it's obviously still worth fixi=
ng the bug. Change the > to >=3D. 2026-02-04 not yet calculated CVE-2025-71= 196 [ https://www.cve.org/CVERecord?id=3DCVE-2025-71196 ] https://git.kerne= l.org/stable/c/a9eec890879731c280697fdf1c50699e905b2fa7 https://git.kernel.org/stable/c/fb9d513cdf1614bf0f0e785816afb1faae3f81af https://git.kernel.org/stable/c/c06f13876cbad702582cd67fc77356e5524d02cd https://git.kernel.org/stable/c/76b870fdaad82171a24b8aacffe5e4d9e0d2ee2c https://git.kernel.org/stable/c/b91c9f6bfb04e430adeeac7e7ebc9d80f9d72bad https://git.kernel.org/stable/c/7c27eaf183563b86d815ff6e9cca0210b4cfa051 https://git.kernel.org/stable/c/cabd25b57216ddc132efbcc31f972baa03aad15a
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: w1: therm: Fix off-by-one buffer overflow in alarms_store The = sysfs buffer passed to alarms_store() is allocated with 'size + 1' bytes an=
d a NUL terminator is appended. However, the 'size' argument does not accou=
nt for this extra byte. The original code then allocated 'size' bytes and u= sed strcpy() to copy 'buf', which always writes one byte past the allocated=
buffer since strcpy() copies until the NUL terminator at index 'size'. Fix=
this by parsing the 'buf' parameter directly using simple_strtoll() withou=
t allocating any intermediate memory or string copying. This removes the ov= erflow while simplifying the code. 2026-02-04 not yet calculated CVE-2025-7= 1197 [ https://www.cve.org/CVERecord?id=3DCVE-2025-71197 ] https://git.kern= el.org/stable/c/49ff9b4b9deacbefa6654a0a2bcaf910c9de7e95 https://git.kernel.org/stable/c/060b08d72a38b158a7f850d4b83c17c2969e0f6b https://git.kernel.org/stable/c/b3fc3e1f04dcc7c41787bbf08a6e0d2728e022cf https://git.kernel.org/stable/c/6a5820ecfa5a76c3d3e154802c8c15f391ef442e https://git.kernel.org/stable/c/6fd6d2a8e41b7f544a4d26cbd60bedf9c67893a0 https://git.kernel.org/stable/c/e6b2609af21b5cccc9559339591b8a2cbf884169 https://git.kernel.org/stable/c/761fcf46a1bd797bd32d23f3ea0141ffd437668a
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: iio: imu: st_lsm6dsx: fix iio_chan_spec for sensors without ev= ent detection The st_lsm6dsx_acc_channels array of struct iio_chan_spec has=
a non-NULL event_spec field, indicating support for IIO events. However, e= vent detection is not supported for all sensors, and if userspace tries to = configure accelerometer wakeup events on a sensor device that does not supp= ort them (e.g. LSM6DS0), st_lsm6dsx_write_event() dereferences a NULL point=
er when trying to write to the wakeup register. Define an additional struct=
iio_chan_spec array whose members have a NULL event_spec field, and use th=
is array instead of st_lsm6dsx_acc_channels for sensors without event detec= tion capability. 2026-02-04 not yet calculated CVE-2025-71198 [ https://www= .cve.org/CVERecord?id=3DCVE-2025-71198 ] https://git.kernel.org/stable/c/76= 73167fac9323110973a3300637adba7d45de3a https://git.kernel.org/stable/c/4d60ffcdedfe2cdb68a1cde19bb292bc67451629 https://git.kernel.org/stable/c/81ed6e42d6e555dd978c9dd5e3f7c20cb121221b https://git.kernel.org/stable/c/c34e2e2d67b3bb8d5a6d09b0d6dac845cdd13fb3
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: iio: adc: at91-sama5d2_adc: Fix potential use-after-free in sa= ma5d2_adc driver at91_adc_interrupt can call at91_adc_touch_data_handler fu= nction to start the work by schedule_work(&st->touch_st.workq). If we remov=
e the module which will call at91_adc_remove to make cleanup, it will free = indio_dev through iio_device_unregister but quite a bit later. While the wo=
rk mentioned above will be used. The sequence of operations that may lead t=
o a UAF bug is as follows: CPU0 CPU1 | at91_adc_workq_handler at91_adc_remo=
ve | iio_device_unregister(indio_dev) | //free indio_dev a bit later | | ii= o_push_to_buffers(indio_dev) | //use indio_dev Fix it by ensuring that the = work is canceled before proceeding with the cleanup in at91_adc_remove. 202= 6-02-04 not yet calculated CVE-2025-71199 [ https://www.cve.org/CVERecord?i= d=3DCVE-2025-71199 ] https://git.kernel.org/stable/c/4c83dd62595ee7b7c9298a= 4d19a256b6647e7240 https://git.kernel.org/stable/c/fdc8c835c637a3473878d1e7438c77ab8928af63 https://git.kernel.org/stable/c/919d176b05776c7ede79c36744c823a07d631617 https://git.kernel.org/stable/c/9795fe80976f8c31cafda7d44edfc0f532d1f7c4 https://git.kernel.org/stable/c/d7b6fc224c7f5d6d8adcb18037138d3cfe2bbdfe https://git.kernel.org/stable/c/d890234a91570542c228a20f132ce74f9fedd904 https://git.kernel.org/stable/c/dbdb442218cd9d613adeab31a88ac973f22c4873
=C2=A0 Brocade--Fabric OS A vulnerability in Brocade Fabric OS before 9.2.1=
c3 could allow elevating the privileges of the local authenticated user to = "root" using the export option of seccertmgmt and seccryptocfg commands. 20= 26-02-03 not yet calculated CVE-2025-9711 [ https://www.cve.org/CVERecord?i= d=3DCVE-2025-9711 ] https://support.broadcom.com/web/ecx/support-content-no= tification/-/external/content/SecurityAdvisories/0/36852
=C2=A0 Nokia--Nokia ONT The unified WEBUI application of the ONT/Beacon dev= ice contains an input handling flaw that allows authenticated users to trig= ger unintended system-level command execution. Due to insufficient validati=
on of user-supplied data, a low-privileged authenticated attacker may be ab=
le to execute arbitrary commands on the underlying ONT/Beacon operating sys= tem, potentially impacting the confidentiality, integrity, and availability=
of the device. 2026-02-02 not yet calculated CVE-2025-9974 [ https://www.c= ve.org/CVERecord?id=3DCVE-2025-9974 ] Nokia Security Advisory [ https://www= .nokia.com/we-are-nokia/security/product-security-advisory/cve-2025-9974/ ] =C2=A0 Google--Android In vpu_mmap of vpu_ioctl, there is a possible arbitr= ary address mmap due to a missing bounds check. This could lead to local es= calation of privilege with no additional execution privileges needed. User = interaction is not needed for exploitation. 2026-02-05 not yet calculated C= VE-2026-0106 [ https://www.cve.org/CVERecord?id=3DCVE-2026-0106 ] https://s= ource.android.com/security/bulletin/pixel/2026-02-01
=C2=A0 Brocade--Fabric OS A vulnerability in Brocade Fabric OS could allow =
an authenticated, local attacker with privileges to access the Bash shell t=
o access insecurely stored file contents including the history command. 202= 6-02-03 not yet calculated CVE-2026-0383 [ https://www.cve.org/CVERecord?id= =3DCVE-2026-0383 ] https://support.broadcom.com/web/ecx/support-content-not= ification/-/external/content/SecurityAdvisories/0/36851
=C2=A0 TYDAC AG--MAP+ A reflected cross-site scripting (XSS) vulnerability =
in the PDF export functionality of the TYDAC AG MAP+ solution allows unauth= enticated attackers to craft a malicious URL, that if visited by a victim, = will execute arbitrary JavaScript in the victim's context. Such a URL could=
be delivered through various means, for instance, by sending a link or by = tricking victims to visit a page crafted by the attacker. This issue was ve= rified in MAP+: 3.4.0. 2026-02-06 not yet calculated CVE-2026-0521 [ https:= //www.cve.org/CVERecord?id=3DCVE-2026-0521 ] https://www.tydac.ch/en/mapplu=
s/
https://www.redguard.ch/blog/2026/02/05/advisory-tydac-mapplus/
=C2=A0 huggingface--huggingface/text-generation-inference A vulnerability i=
n huggingface/text-generation-inference version 3.3.6 allows unauthenticate=
d remote attackers to exploit unbounded external image fetching during inpu=
t validation in VLM mode. The issue arises when the router scans inputs for=
Markdown image links and performs a blocking HTTP GET request, reading the=
entire response body into memory and cloning it before decoding. This beha= vior can lead to resource exhaustion, including network bandwidth saturatio=
n, memory inflation, and CPU overutilization. The vulnerability is triggere=
d even if the request is later rejected for exceeding token limits. The def= ault deployment configuration, which lacks memory usage limits and authenti= cation, exacerbates the impact, potentially crashing the host machine. The = issue is resolved in version 3.3.7. 2026-02-02 not yet calculated CVE-2026-= 0599 [ https://www.cve.org/CVERecord?id=3DCVE-2026-0599 ] https://huntr.com= /bounties/1d3f2085-666c-4441-b265-22f6f7d8d9cd https://github.com/huggingface/text-generation-inference/commit/24ee40d143d= 8d046039f12f76940a85886cbe152
=C2=A0 TP-Link Systems Inc.--AXE75 When configured as L2TP/IPSec VPN server=
, Archer AXE75 V1 may accept connections using L2TP without IPSec protectio=
n, even when IPSec is enabled.=C2=A0=C2=A0This allows VPN sessions without = encryption, exposing data in transit and compromising confidentiality. 2026= -02-03 not yet calculated CVE-2026-0620 [ https://www.cve.org/CVERecord?id= =3DCVE-2026-0620 ] https://www.tp-link.com/en/support/download/archer-axe75= /v1/#Firmware https://www.tp-link.com/us/support/download/archer-axe75/v1/#Firmware https://www.tp-link.com/us/support/faq/4942/
=C2=A0 TP-Link Systems Inc.--Archer BE230 v1.2 An OS Command Injection vuln= erability in TP-Link Archer BE230 v1.2(web modules) allows adjacent authent= icated attacker to execute=C2=A0arbitrary code.=C2=A0Successful exploitatio=
n could allow an attacker to gain full administrative control of the device=
, resulting in severe compromise of configuration integrity, network securi= ty, and service availability. This CVE covers one of multiple distinct OS c= ommand injection issues identified across separate code paths. Although sim= ilar in nature, each instance is tracked under a unique CVE ID. This issue = affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420. 2026-02-02 not = yet calculated CVE-2026-0630 [ https://www.cve.org/CVERecord?id=3DCVE-2026-= 0630 ] https://www.tp-link.com/us/support/download/archer-be230/v1.20/#Firm= ware
https://www.tp-link.com/en/support/download/archer-be230/v1.20/#Firmware https://www.tp-link.com/sg/support/download/archer-be230/v1.20/#Firmware https://www.tp-link.com/us/support/faq/4935/
=C2=A0 TP-Link Systems Inc.--Archer BE230 v1.2 An OS Command Injection vuln= erability in TP-Link Archer BE230 v1.2(vpn modules) allows an adjacent auth= enticated attacker to=C2=A0execute arbitrary code.=C2=A0Successful exploita= tion could allow an attacker to gain full administrative control of the dev= ice, resulting in severe compromise of configuration integrity, network sec= urity, and service availability. This CVE covers one of multiple distinct O=
S command injection issues identified across separate code paths. Although = similar in nature, each instance is tracked under a unique CVE ID. This iss=
ue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420. 2026-02-02 n=
ot yet calculated CVE-2026-0631 [ https://www.cve.org/CVERecord?id=3DCVE-20= 26-0631 ] https://www.tp-link.com/us/support/download/archer-be230/v1.20/#F= irmware https://www.tp-link.com/en/support/download/archer-be230/v1.20/#Firmware https://www.tp-link.com/sg/support/download/archer-be230/v1.20/#Firmware https://www.tp-link.com/us/support/faq/4935/
=C2=A0 Unknown--Five Star Restaurant Reservations The Five Star Restaurant = Reservations WordPress plugin before 2.7.9 does not have CSRF checks in som=
e bulk actions, which could allow attackers to make logged in admins perfor=
m unwanted actions, such as deleting bookings via CSRF attacks. 2026-02-02 = not yet calculated CVE-2026-0658 [ https://www.cve.org/CVERecord?id=3DCVE-2= 026-0658 ] https://wpscan.com/vulnerability/6e39090e-a4b2-4c16-806f-e2b1c45= 6fb00/
=C2=A0 Moxa--UC-1200A Series A physical attack vulnerability exists in cert= ain Moxa industrial computers using TPM-backed LUKS full-disk encryption=C2= =A0on Moxa Industrial Linux 3, where the discrete TPM is connected to the C=
PU via an SPI bus. Exploitation requires invasive physical access, includin=
g opening the device and attaching external equipment to the SPI bus to cap= ture TPM communications. If successful, the captured data may allow offline=
decryption of eMMC contents. This attack cannot be performed through brief=
or opportunistic physical access=C2=A0and requires extended physical acces=
s, possession of the device, appropriate equipment, and sufficient time for=
signal capture and analysis. Remote exploitation is not possible. 2026-02-=
05 not yet calculated CVE-2026-0714 [ https://www.cve.org/CVERecord?id=3DCV= E-2026-0714 ] https://www.moxa.com/en/support/product-support/security-advi= sory/mpsa-255121-cve-2026-0714-cve-2026-0715-multiple-vulnerabilities-in-in= dustrial-computers
=C2=A0 Moxa--UC-1200A Series Moxa Arm-based industrial computers running Mo=
xa Industrial Linux Secure use a device-unique bootloader password provided=
on the device. An attacker with physical access=C2=A0to the device could u=
se this information to access the bootloader menu via a serial interface. = =C2=A0Access to the bootloader menu does not allow full system takeover or = privilege escalation. The bootloader enforces digital signature verificatio=
n and only permits flashing of Moxa-signed images. As a result, an attacker=
cannot install malicious firmware or execute arbitrary code. The primary i= mpact is limited to a potential temporary denial-of-service condition=C2=A0=
if a valid image is reflashed. Remote exploitation is not possible. 2026-02= -05 not yet calculated CVE-2026-0715 [ https://www.cve.org/CVERecord?id=3DC= VE-2026-0715 ] https://www.moxa.com/en/support/product-support/security-adv= isory/mpsa-255121-cve-2026-0714-cve-2026-0715-multiple-vulnerabilities-in-i= ndustrial-computers
=C2=A0 Ercom--Cryptobox On a Cryptobox platform where administrator segrega= tion based on entities is used, some vulnerabilities in Ercom Cryptobox adm= inistration console allows an authenticated entity administrator with knowl= edge to elevate his account to global administrator. 2026-02-04 not yet cal= culated CVE-2026-0873 [ https://www.cve.org/CVERecord?id=3DCVE-2026-0873 ] = https://info.cryptobox.com/doc/v4.40/4.40.en/
=C2=A0 Dr.Buho--BuhoCleaner BuhoCleaner=C2=A0contains an insecure XPC servi=
ce that allows local, unprivileged users to escalate their privileges to ro=
ot via insecure functions. This issue affects BuhoCleaner: 1.15.2. 2026-02-=
02 not yet calculated CVE-2026-0924 [ https://www.cve.org/CVERecord?id=3DCV= E-2026-0924 ] https://fluidattacks.com/advisories/solstafir https://www.drbuho.com/buhocleaner
https://www.drbuho.com/buhocleaner/download
=C2=A0 Drupal--Group invite Improper Check for Unusual or Exceptional Condi= tions vulnerability in Drupal Group invite allows Forceful Browsing. This i= ssue affects Group invite: from 0.0.0 before 2.3.9, from 3.0.0 before 3.0.4=
, from 4.0.0 before 4.0.4. 2026-02-04 not yet calculated CVE-2026-0944 [ ht= tps://www.cve.org/CVERecord?id=3DCVE-2026-0944 ] https://www.drupal.org/sa-= contrib-2026-001
=C2=A0 Drupal--Role Delegation Privilege Defined With Unsafe Actions vulner= ability in Drupal Role Delegation allows Privilege Escalation. This issue a= ffects Role Delegation: from 1.3.0 before 1.5.0. 2026-02-04 not yet calcula= ted CVE-2026-0945 [ https://www.cve.org/CVERecord?id=3DCVE-2026-0945 ] http= s://www.drupal.org/sa-contrib-2026-002
=C2=A0 Drupal--AT Internet SmartTag Improper Neutralization of Input During=
Web Page Generation ("Cross-site Scripting") vulnerability in Drupal AT In= ternet SmartTag allows Cross-Site Scripting (XSS). This issue affects AT In= ternet SmartTag: from 0.0.0 before 1.0.1. 2026-02-04 not yet calculated CVE= -2026-0946 [ https://www.cve.org/CVERecord?id=3DCVE-2026-0946 ] https://www= .drupal.org/sa-contrib-2026-003
=C2=A0 Drupal--AT Internet Piano Analytics Improper Neutralization of Input=
During Web Page Generation ("Cross-site Scripting") vulnerability in Drupa=
l AT Internet Piano Analytics allows Cross-Site Scripting (XSS). This issue=
affects AT Internet Piano Analytics: from 0.0.0 before 1.0.1, from 2.0.0 b= efore 2.3.1. 2026-02-04 not yet calculated CVE-2026-0947 [ https://www.cve.= org/CVERecord?id=3DCVE-2026-0947 ] https://www.drupal.org/sa-contrib-2026-0=
04
=C2=A0 Drupal--Microsoft Entra ID SSO Login Authentication Bypass Using an = Alternate Path or Channel vulnerability in Drupal Microsoft Entra ID SSO Lo= gin allows Privilege Escalation. This issue affects Microsoft Entra ID SSO = Login: from 0.0.0 before 1.0.4. 2026-02-04 not yet calculated CVE-2026-0948=
[ https://www.cve.org/CVERecord?id=3DCVE-2026-0948 ] https://www.drupal.or= g/sa-contrib-2026-005
=C2=A0 parisneo--parisneo/lollms A vulnerability in the `lollms_generation_= events.py` component of parisneo/lollms version 5.9.0 allows unauthenticate=
d access to sensitive Socket.IO events. The `add_events` function registers=
event handlers such as `generate_text`, `cancel_generation`, `generate_msg=
`, and `generate_msg_from` without implementing authentication or authoriza= tion checks. This allows unauthenticated clients to execute resource-intens= ive or state-altering operations, leading to potential denial of service, s= tate corruption, and race conditions. Additionally, the use of global flags=
(`lollmsElfServer.busy`, `lollmsElfServer.cancel_gen`) for state managemen=
t in a multi-client environment introduces further vulnerabilities, enablin=
g one client's actions to affect the server's state and other clients' oper= ations. The lack of proper access control and reliance on insecure global s= tate management significantly impacts the availability and integrity of the=
service. 2026-02-02 not yet calculated CVE-2026-1117 [ https://www.cve.org= /CVERecord?id=3DCVE-2026-1117 ] https://huntr.com/bounties/d2846a7f-0140-41= 05-b1bb-5ef64ec8b829 https://github.com/parisneo/lollms/commit/36a5b513dfefe9c2913bf9b618457b4fe= a603e3b
=C2=A0 ABC PRO SP. Z O.O.--EAP Legislator EAP Legislator is vulnerable to P= ath Traversal in file extraction functionality. Attacker can prepare zipx a= rchive (default file type used by the Legislator application) and choose ar= bitrary path outside the intended directory (e.x. system startup)=C2=A0wher=
e files will be extracted by the victim upon opening the file. This issue w=
as fixed in version 2.25a. 2026-02-02 not yet calculated CVE-2026-1186 [ ht= tps://www.cve.org/CVERecord?id=3DCVE-2026-1186 ] https://abcpro.pl/eap-legi= slator
https://cert.pl/posts/2026/02/CVE-2026-1186
=C2=A0 djangoproject--Django An issue was discovered in 6.0 before 6.0.2, 5=
.2 before 5.2.11, and 4.2 before 4.2.28. Raster lookups on ``RasterField`` = (only implemented on PostGIS) allows remote attackers to inject SQL via the=
band index parameter. Earlier, unsupported Django series (such as 5.0.x, 4= .1.x, and 3.2.x) were not evaluated and may also be affected. Django would = like to thank Tarek Nakkouch for reporting this issue. 2026-02-03 not yet c= alculated CVE-2026-1207 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1207 =
] Django security archive [ https://docs.djangoproject.com/en/dev/releases/= security/ ]
Django releases announcements [ https://groups.google.com/g/django-announce=
]
Django security releases issued: 6.0.2, 5.2.11, and 4.2.28 [ https://www.dj= angoproject.com/weblog/2026/feb/03/security-releases/ ]
=C2=A0 BeyondTrust--Privilege management for Windows A medium-severity vuln= erability has been identified in BeyondTrust Privilege Management for Windo=
ws versions <=3D25.7. Under certain conditions, a local authenticated user = with elevated privileges may be able to bypass the product's anti-tamper pr= otections, which could allow access to protected application components and=
the ability to modify product configuration. 2026-02-02 not yet calculated=
CVE-2026-1232 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1232 ] https:/= /www.beyondtrust.com/trust-center/security-advisories/bt26-01 https://beyondtrustcorp.service-now.com/csm?id=3Dkb_article_view&sysparm_ar= ticle=3DKB0023100
=C2=A0 djangoproject--Django An issue was discovered in 6.0 before 6.0.2, 5=
.2 before 5.2.11, and 4.2 before 4.2.28. `django.utils.text.Truncator.chars= ()` and `Truncator.words()` methods (with `html=3DTrue`) and the `truncatec= hars_html` and `truncatewords_html` template filters allow a remote attacke=
r to cause a potential denial-of-service via crafted inputs containing a la= rge number of unmatched HTML end tags. Earlier, unsupported Django series (= such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affecte=
d. Django would like to thank Seokchan Yoon for reporting this issue. 2026-= 02-03 not yet calculated CVE-2026-1285 [ https://www.cve.org/CVERecord?id= =3DCVE-2026-1285 ] Django security archive [ https://docs.djangoproject.com= /en/dev/releases/security/ ]
Django releases announcements [ https://groups.google.com/g/django-announce=
]
Django security releases issued: 6.0.2, 5.2.11, and 4.2.28 [ https://www.dj= angoproject.com/weblog/2026/feb/03/security-releases/ ]
=C2=A0 djangoproject--Django An issue was discovered in 6.0 before 6.0.2, 5=
.2 before 5.2.11, and 4.2 before 4.2.28. `FilteredRelation` is subject to S=
QL injection in column aliases via control characters, using a suitably cra= fted dictionary, with dictionary expansion, as the `**kwargs` passed to `Qu= erySet` methods `annotate()`, `aggregate()`, `extra()`, `values()`, `values= _list()`, and `alias()`. Earlier, unsupported Django series (such as 5.0.x,=
4.1.x, and 3.2.x) were not evaluated and may also be affected. Django woul=
d like to thank Solomon Kebede for reporting this issue. 2026-02-03 not yet=
calculated CVE-2026-1287 [ https://www.cve.org/CVERecord?id=3DCVE-2026-128=
7 ] Django security archive [ https://docs.djangoproject.com/en/dev/release= s/security/ ]
Django releases announcements [ https://groups.google.com/g/django-announce=
]
Django security releases issued: 6.0.2, 5.2.11, and 4.2.28 [ https://www.dj= angoproject.com/weblog/2026/feb/03/security-releases/ ]
=C2=A0 o6 Automation GmbH--Open62541 In builds with PubSub and JSON enabled=
, a crafted JSON message can cause the decoder to write beyond a heap-alloc= ated array before authentication, reliably crashing the process and corrupt= ing memory. 2026-02-05 not yet calculated CVE-2026-1301 [ https://www.cve.o= rg/CVERecord?id=3DCVE-2026-1301 ] https://www.cisa.gov/news-events/ics-advi= sories/icsa-26-036-03
=C2=A0 djangoproject--Django An issue was discovered in 6.0 before 6.0.2, 5=
.2 before 5.2.11, and 4.2 before 4.2.28. `.QuerySet.order_by()` is subject =
to SQL injection in column aliases containing periods when the same alias i=
s, using a suitably crafted dictionary, with dictionary expansion, used in = `FilteredRelation`. Earlier, unsupported Django series (such as 5.0.x, 4.1.=
x, and 3.2.x) were not evaluated and may also be affected. Django would lik=
e to thank Solomon Kebede for reporting this issue. 2026-02-03 not yet calc= ulated CVE-2026-1312 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1312 ] D= jango security archive [ https://docs.djangoproject.com/en/dev/releases/sec= urity/ ]
Django releases announcements [ https://groups.google.com/g/django-announce=
]
Django security releases issued: 6.0.2, 5.2.11, and 4.2.28 [ https://www.dj= angoproject.com/weblog/2026/feb/03/security-releases/ ]
=C2=A0 neo4j--Enterprise Edition Insufficient escaping of unicode character=
s in query log in Neo4j Enterprise and Community editions prior to 2026.01 = can lead to XSS if the user opens the logs in a tool that treats them as HT= ML. There is no security impact on Neo4j products, but this advisory is rel= eased as a precaution to treat the logs as plain text if using versions pri=
or to 2026.01. Proof of concept exploit:=C2=A0 https://github.com/JoakimBul= ow/CVE-2026-1337 2026-02-06 not yet calculated CVE-2026-1337 [ https://www.= cve.org/CVERecord?id=3DCVE-2026-1337 ] https://github.com/JoakimBulow/CVE-2= 026-1337
=C2=A0 Avation--Avation Light Engine Pro Avation Light Engine Pro exposes i=
ts configuration and control interface without any authentication or access=
control. 2026-02-03 not yet calculated CVE-2026-1341 [ https://www.cve.org= /CVERecord?id=3DCVE-2026-1341 ] https://www.cisa.gov/news-events/ics-adviso= ries/icsa-26-034-02
=C2=A0 T-Systems--Buroweb SQL injection vulnerability in the Buroweb platfo=
rm version 2505.0.12, specifically in the 'tablon' component. This vulnerab= ility is present in several parameters that do not correctly sanitize user = input in the endpoint '/sta/CarpetaPublic/doEvent?APP_CODE=3DSTA&PAGE_CODE= =3DTABLON'. Exploiting this vulnerability could allow an attacker to execut=
e queries on the database and gain access to confidential information. 2026= -02-03 not yet calculated CVE-2026-1432 [ https://www.cve.org/CVERecord?id= =3DCVE-2026-1432 ] https://www.incibe.es/en/incibe-cert/notices/aviso/sql-i= njection-sqli-buroweb-platform
=C2=A0 PRIMION DIGITEK--Digitek ADT1100 Path Traversal vulnerability in Dig= itek ADT1100 and Digitek DT950 from PRIMION DIGITEK, S.L.U (Azkoyen Group).=
This vulnerability allows an attacker to access arbitrary files in the ser= ver's file system, thet is, 'http://<host>/..%2F..% 2F..%2F..%2F..%2F..%2F.= .%2F..%2F..%2Fetc%2Fpasswd'. By manipulating the input to include URL encod=
ed directory traversal sequences (e.g., %2F representing /), an attacker ca=
n bypass the input validation mechanisms ans retrieve sensitive files outsi=
de the intended directory, which could lead to information disclosure or fu= rther system compromise. 2026-02-05 not yet calculated CVE-2026-1523 [ http= s://www.cve.org/CVERecord?id=3DCVE-2026-1523 ] https://www.incibe.es/en/inc= ibe-cert/notices/aviso/path-traversal-digitek-grupo-azkoyen
=C2=A0 Drupal--Drupal Canvas Incorrect Authorization vulnerability in Drupa=
l Drupal Canvas allows Forceful Browsing. This issue affects Drupal Canvas:=
from 0.0.0 before 1.0.4. 2026-02-04 not yet calculated CVE-2026-1553 [ htt= ps://www.cve.org/CVERecord?id=3DCVE-2026-1553 ] https://www.drupal.org/sa-c= ontrib-2026-006
=C2=A0 Drupal--Central Authentication System (CAS) Server XML Injection (ak=
a Blind XPath Injection) vulnerability in Drupal Central Authentication Sys= tem (CAS) Server allows Privilege Escalation. This issue affects Central Au= thentication System (CAS) Server: from 0.0.0 before 2.0.3, from 2.1.0 befor=
e 2.1.2. 2026-02-04 not yet calculated CVE-2026-1554 [ https://www.cve.org/= CVERecord?id=3DCVE-2026-1554 ] https://www.drupal.org/sa-contrib-2026-007 =C2=A0 neo4j--Enterprise Edition Neo4j Enterprise and Community editions ve= rsions prior to 2026.01.3 and 5.26.21 are vulnerable to a potential informa= tion disclosure by a user who has ability to access the local log files. Th=
e "obfuscate_literals" option in the query logs does not redact error infor= mation, exposing unredacted data in the query log when a customer writes a = query that fails. It can allow a user with legitimate access to the local l=
og files to obtain information they are not authorised to see. If this user=
is also in a position to run queries and trigger errors, this vulnerabilit=
y can potentially help them to infer information they are not authorised to=
see through their intended database access. We recommend=C2=A0upgrading to=
versions 2026.01.3 (or 5.26.21) where the issue is fixed, and reviewing qu= ery log files permissions to ensure restricted access. If your configuratio=
n had=C2=A0db.logs.query.obfuscate_literals=C2=A0enabled, and you wish the = obfuscation to cover the error messages as well, you need to enable the new=
configuration setting=C2=A0db.logs.query.obfuscate_errors=C2=A0once you ha=
ve upgraded Neo4j. 2026-02-04 not yet calculated CVE-2026-1622 [ https://ww= w.cve.org/CVERecord?id=3DCVE-2026-1622 ] https://neo4j.com/security/CVE-202= 6-1622
=C2=A0 N/A--N/A Summary An Insecure Direct Object Reference has been found =
to exist in `createHeaderBasedEmailResolver()` function within the Cloudfla=
re Agents SDK. The issue occurs because the `Message-ID` and `References` h= eaders are parsed to derive the target agentName and agentId without proper=
validation or origin checks, allowing an external attacker with control of=
these headers to route inbound mail to arbitrary Durable Object instances = and namespaces . Root cause The `createHeaderBasedEmailResolver()` function=
lacks cryptographic verification or origin validation for the headers used=
in the routing logic, effectively allowing external input to dictate inter= nal object routing. Impact Insecure Direct Object Reference (IDOR) in email=
routing lets an attacker steer inbound mail to arbitrary Agent instances v=
ia spoofed Message-ID. Mitigation: * PR: https://github.com/cloudflare/agen= ts/blob/main/docs/email.md ] provides the necessary architectural context f=
or coding agents to mitigate the issue by refactoring the resolver to enfor=
ce strict identity boundaries. * Agents-sdk users should upgrade to agents@= 0.3.7 2026-02-03 not yet calculated CVE-2026-1664 [ https://www.cve.org/CVE= Record?id=3DCVE-2026-1664 ] https://github.com/cloudflare/agents
=C2=A0 Python Packaging Authority--pip When pip is installing and extractin=
g a maliciously crafted wheel archive, files may be extracted outside the i= nstallation directory. The path traversal is limited to prefixes of the ins= tallation directory, thus isn't able to inject or overwrite executable file=
s in typical situations. 2026-02-02 not yet calculated CVE-2026-1703 [ http= s://www.cve.org/CVERecord?id=3DCVE-2026-1703 ] https://github.com/pypa/pip/= pull/13777 https://github.com/pypa/pip/commit/8e227a9be4faa9594e05d02ca05a413a2a4e7735 https://mail.python.org/archives/list/security-announce@python.org/thread/W= IEA34D4TABF2UNQJAOMXKCICSPBE2DJ/
=C2=A0 Google Cloud--Gemini Enterprise (formerly Agentspace) The Agentspace=
service was affected by a vulnerability that exposed sensitive information=
due to the use of predictable Google Cloud Storage bucket names. These nam=
es were utilized for error logs and temporary staging during data imports f= rom GCS and Cloud SQL. This predictability allowed an attacker to engage in=
"bucket squatting" by establishing these buckets before a victim's initial=
use. All versions after December 12th, 2025 have been updated to protect f= rom this vulnerability. No user action is required for this. 2026-02-06 not=
yet calculated CVE-2026-1727 [ https://www.cve.org/CVERecord?id=3DCVE-2026= -1727 ] https://docs.cloud.google.com/gemini/enterprise/docs/release-notes#= February_06_2026
=C2=A0 BeyondTrust--Remote Support(RS) & Privileged Remote Access(PRA) Beyo= ndTrust Remote Support (RS) and certain older versions of Privileged Remote=
Access (PRA) contain a critical pre-authentication remote code execution v= ulnerability. By sending specially crafted requests, an unauthenticated rem= ote attacker may be able to execute operating system commands in the contex=
t of the site user. 2026-02-06 not yet calculated CVE-2026-1731 [ https://w= ww.cve.org/CVERecord?id=3DCVE-2026-1731 ] https://beyondtrustcorp.service-n= ow.com/csm?id=3Dcsm_kb_article&sysparm_article=3DKB0023293 https://www.beyondtrust.com/trust-center/security-advisories/bt26-02
=C2=A0 CrafterCMS--CrafterCMS Improper Control of Dynamically-Managed Code = Resources vulnerability in Crafter Studio of Crafter CMS allows authenticat=
ed developers to execute OS commands via Groovy Sandbox Bypass. By insertin=
g malicious Groovy elements, an attacker may bypass sandbox restrictions an=
d obtain RCE (Remote Code Execution). 2026-02-02 not yet calculated CVE-202= 6-1770 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1770 ] https://docs.cr= aftercms.org/current/security/advisory.html#cv-2026020201
=C2=A0 Xquic Project--Xquic Server : Out-of-bounds Write vulnerability in X= quic Project Xquic Server xquic on Linux (QUIC protocol implementation, pac= ket processing module modules) allows : Buffer Manipulation. This issue aff= ects Xquic Server: through 1.8.3. 2026-02-03 not yet calculated CVE-2026-17=
88 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1788 ] https://github.com/= alibaba/xquic
=C2=A0 Rapid7--InsightVM/Nexpose A security vulnerability has been identifi=
ed in Rapid7 Nexpose. Remediation is in progress. 2026-02-03 not yet calcul= ated CVE-2026-1814 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1814 ] htt= ps://www.atredis.com/disclosure
=C2=A0 Google--Chrome Heap buffer overflow in libvpx in Google Chrome prior=
to 144.0.7559.132 allowed a remote attacker to potentially exploit heap co= rruption via a crafted HTML page. (Chromium security severity: High) 2026-0= 2-03 not yet calculated CVE-2026-1861 [ https://www.cve.org/CVERecord?id=3D= CVE-2026-1861 ] https://chromereleases.googleblog.com/2026/02/stable-channe= l-update-for-desktop.html
https://issues.chromium.org/issues/478942410
=C2=A0 Google--Chrome Type Confusion in V8 in Google Chrome prior to 144.0.= 7559.132 allowed a remote attacker to potentially exploit heap corruption v=
ia a crafted HTML page. (Chromium security severity: High) 2026-02-03 not y=
et calculated CVE-2026-1862 [ https://www.cve.org/CVERecord?id=3DCVE-2026-1= 862 ] https://chromereleases.googleblog.com/2026/02/stable-channel-update-f= or-desktop.html
https://issues.chromium.org/issues/479726070
=C2=A0 Nukegraphic CMS--Nukegraphic CMS Nukegraphic CMS v3.1.2 contains a s= tored cross-site scripting (XSS) vulnerability in the user profile edit fun= ctionality at /ngc-cms/user-edit-profile.php. The application fails to prop= erly sanitize user input in the name field before storing it in the databas=
e and rendering it across multiple CMS pages. An authenticated attacker wit=
h low privileges can inject malicious JavaScript payloads through the profi=
le edit request, which are then executed site-wide whenever the affected us= er's name is displayed. This allows the attacker to execute arbitrary JavaS= cript in the context of other users' sessions, potentially leading to sessi=
on hijacking, credential theft, or unauthorized actions performed on behalf=
of victims. 2026-02-05 not yet calculated CVE-2026-1953 [ https://www.cve.= org/CVERecord?id=3DCVE-2026-1953 ] https://github.com/carlosbudiman/CVE-202= 6-1953-Disclosure
=C2=A0 YugabyteDB Inc--YugabyteDB Anywhere YugabyteDB Anywhere displays LDA=
P bind passwords configured via gflags in cleartext within the web UI. An a= uthenticated user with access to the configuration view could obtain LDAP c= redentials, potentially enabling unauthorized access to external directory = services. 2026-02-05 not yet calculated CVE-2026-1966 [ https://www.cve.org= /CVERecord?id=3DCVE-2026-1966 ] https://docs.yugabyte.com/stable/secure/vul= nerability-disclosure-policy/
=C2=A0 MediaTek, Inc.--MT2735, MT6833, MT6853, MT6855, MT6873, MT6875, MT68= 77, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8675, MT8771,=
MT8791, MT8791T, MT8797 In Modem, there is a possible system crash due to =
an uncaught exception. This could lead to remote denial of service, if a UE=
has connected to a rogue base station controlled by the attacker, with no = additional execution privileges needed. User interaction is not needed for = exploitation. Patch ID: MOLY01738310; Issue ID: MSV-5933. 2026-02-02 not ye=
t calculated CVE-2026-20401 [ https://www.cve.org/CVERecord?id=3DCVE-2026-2= 0401 ] https://corp.mediatek.com/product-security-bulletin/February-2026
=C2=A0 MediaTek, Inc.--MT2735, MT6833, MT6853, MT6855, MT6873, MT6875, MT68= 77, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8675, MT8771,=
MT8791, MT8791T, MT8797 In Modem, there is a possible system crash due to = improper input validation. This could lead to remote denial of service, if =
a UE has connected to a rogue base station controlled by the attacker, with=
no additional execution privileges needed. User interaction is not needed = for exploitation. Patch ID: MOLY00693083; Issue ID: MSV-5928. 2026-02-02 no=
t yet calculated CVE-2026-20402 [ https://www.cve.org/CVERecord?id=3DCVE-20= 26-20402 ] https://corp.mediatek.com/product-security-bulletin/February-2026 =C2=A0 MediaTek, Inc.--MT2735, MT2737, MT6813, MT6815, MT6833, MT6835, MT68= 53, MT6855, MT6873, MT6875, MT6877, MT6878, MT6879, MT6880, MT6883, MT6885,=
MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6896, MT6897, MT6899, MT= 6980, MT6983, MT6985, MT6989, MT6990, MT6991, MT6993, MT8673, MT8675, MT867=
6, MT8771, MT8791, MT8791T, MT8795T, MT8797, MT8798, MT8893 In Modem, there=
is a possible system crash due to a missing bounds check. This could lead =
to remote denial of service, if a UE has connected to a rogue base station = controlled by the attacker, with no additional execution privileges needed.=
User interaction is not needed for exploitation. Patch ID: MOLY01689254 (N= ote: For N15 and NR16) / MOLY01689259 (Note: For NR17 and NR17R); Issue ID:=
MSV-4843. 2026-02-02 not yet calculated CVE-2026-20403 [ https://www.cve.o= rg/CVERecord?id=3DCVE-2026-20403 ] https://corp.mediatek.com/product-securi= ty-bulletin/February-2026
=C2=A0 MediaTek, Inc.--MT2735, MT2737, MT6813, MT6815, MT6833, MT6835, MT68= 53, MT6855, MT6858, MT6873, MT6875, MT6877, MT6878, MT6879, MT6880, MT6883,=
MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6896, MT6897, MT= 6899, MT6980, MT6983, MT6985, MT6986, MT6989, MT6990, MT6991, MT6993, MT866=
8, MT8673, MT8675, MT8676, MT8678, MT8755, MT8771, MT8791, MT8791T, MT8792,=
MT8793, MT8795T, MT8797, MT8798, MT8863, MT8873, MT8883, MT8893 In Modem, = there is a possible system crash due to improper input validation. This cou=
ld lead to remote denial of service, if a UE has connected to a rogue base = station controlled by the attacker, with no additional execution privileges=
needed. User interaction is not needed for exploitation. Patch ID: MOLY016= 89248; Issue ID: MSV-4837. 2026-02-02 not yet calculated CVE-2026-20404 [ h= ttps://www.cve.org/CVERecord?id=3DCVE-2026-20404 ] https://corp.mediatek.co= m/product-security-bulletin/February-2026
=C2=A0 MediaTek, Inc.--MT2735, MT2737, MT6813, MT6815, MT6833, MT6835, MT68= 53, MT6855, MT6858, MT6873, MT6875, MT6877, MT6878, MT6879, MT6880, MT6883,=
MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6896, MT6897, MT= 6899, MT6980, MT6983, MT6985, MT6986, MT6989, MT6990, MT6991, MT6993, MT866=
8, MT8673, MT8675, MT8676, MT8678, MT8755, MT8771, MT8791, MT8791T, MT8792,=
MT8793, MT8795T, MT8797, MT8798, MT8863, MT8873, MT8883, MT8893 In Modem, = there is a possible system crash due to a missing bounds check. This could = lead to remote denial of service, if a UE has connected to a rogue base sta= tion controlled by the attacker, with no additional execution privileges ne= eded. User interaction is not needed for exploitation. Patch ID: MOLY016884= 95; Issue ID: MSV-4818. 2026-02-02 not yet calculated CVE-2026-20405 [ http= s://www.cve.org/CVERecord?id=3DCVE-2026-20405 ] https://corp.mediatek.com/p= roduct-security-bulletin/February-2026
=C2=A0 MediaTek, Inc.--MT2735, MT2737, MT6813, MT6815, MT6833, MT6835, MT68= 53, MT6855, MT6858, MT6873, MT6875, MT6877, MT6878, MT6879, MT6880, MT6883,=
MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6896, MT6897, MT= 6899, MT6980, MT6983, MT6985, MT6986, MT6989, MT6990, MT6991, MT6993, MT866=
8, MT8673, MT8675, MT8676, MT8678, MT8755, MT8771, MT8791, MT8791T, MT8792,=
MT8793, MT8795T, MT8797, MT8798, MT8863, MT8873, MT8883, MT8893 In Modem, = there is a possible system crash due to an uncaught exception. This could l= ead to remote denial of service, if a UE has connected to a rogue base stat= ion controlled by the attacker, with no additional execution privileges nee= ded. User interaction is not needed for exploitation. Patch ID: MOLY0172663=
4; Issue ID: MSV-5728. 2026-02-02 not yet calculated CVE-2026-20406 [ https= ://www.cve.org/CVERecord?id=3DCVE-2026-20406 ] https://corp.mediatek.com/pr= oduct-security-bulletin/February-2026
=C2=A0 MediaTek, Inc.--MT7902, MT7920, MT7921, MT7922, MT7925, MT7927 In wl=
an STA driver, there is a possible escalation of privilege due to a missing=
bounds check. This could lead to local escalation of privilege with User e= xecution privileges needed. User interaction is not needed for exploitation=
. Patch ID: WCNCR00464377; Issue ID: MSV-4905. 2026-02-02 not yet calculate=
d CVE-2026-20407 [ https://www.cve.org/CVERecord?id=3DCVE-2026-20407 ] http= s://corp.mediatek.com/product-security-bulletin/February-2026
=C2=A0 MediaTek, Inc.--MT6890, MT7615, MT7915, MT7916, MT7981, MT7986 In wl= an, there is a possible out of bounds write due to a heap buffer overflow. = This could lead to remote (proximal/adjacent) escalation of privilege with =
no additional execution privileges needed. User interaction is not needed f=
or exploitation. Patch ID: WCNCR00461651; Issue ID: MSV-4758. 2026-02-02 no=
t yet calculated CVE-2026-20408 [ https://www.cve.org/CVERecord?id=3DCVE-20= 26-20408 ] https://corp.mediatek.com/product-security-bulletin/February-2026 =C2=A0 MediaTek, Inc.--MT6897, MT6989 In imgsys, there is a possible out of=
bounds write due to a missing bounds check. This could lead to local escal= ation of privilege if a malicious actor has already obtained the System pri= vilege. User interaction is not needed for exploitation. Patch ID: ALPS1036= 3246; Issue ID: MSV-5779. 2026-02-02 not yet calculated CVE-2026-20409 [ ht= tps://www.cve.org/CVERecord?id=3DCVE-2026-20409 ] https://corp.mediatek.com= /product-security-bulletin/February-2026
=C2=A0 MediaTek, Inc.--MT6897, MT6989, MT8370, MT8390, MT8395 In imgsys, th= ere is a possible out of bounds write due to a missing bounds check. This c= ould lead to local escalation of privilege if a malicious actor has already=
obtained the System privilege. User interaction is not needed for exploita= tion. Patch ID: ALPS10362552; Issue ID: MSV-5760. 2026-02-02 not yet calcul= ated CVE-2026-20410 [ https://www.cve.org/CVERecord?id=3DCVE-2026-20410 ] h= ttps://corp.mediatek.com/product-security-bulletin/February-2026
=C2=A0 MediaTek, Inc.--MT6878, MT6879, MT6881, MT6886, MT6895, MT6897, MT68= 99, MT6983, MT6985, MT6989, MT6991, MT6993, MT8168, MT8188, MT8195, MT8365,=
MT8370, MT8390, MT8395, MT8666, MT8667, MT8673, MT8676, MT8793 In camerais=
p, there is a possible escalation of privilege due to use after free. This = could lead to local denial of service if a malicious actor has already obta= ined the System privilege. User interaction is not needed for exploitation.=
Patch ID: ALPS10351676; Issue ID: MSV-5737. 2026-02-02 not yet calculated = CVE-2026-20411 [ https://www.cve.org/CVERecord?id=3DCVE-2026-20411 ] https:= //corp.mediatek.com/product-security-bulletin/February-2026
=C2=A0 MediaTek, Inc.--MT6878, MT6879, MT6881, MT6886, MT6895, MT6897, MT68= 99, MT6983, MT6985, MT6989, MT6991, MT6993, MT8168, MT8188, MT8195, MT8365,=
MT8390, MT8395, MT8666, MT8667, MT8673, MT8676, MT8696, MT8793 In camerais=
p, there is a possible out of bounds write due to a missing bounds check. T= his could lead to local escalation of privilege if a malicious actor has al= ready obtained the System privilege. User interaction is not needed for exp= loitation. Patch ID: ALPS10351676; Issue ID: MSV-5733. 2026-02-02 not yet c= alculated CVE-2026-20412 [ https://www.cve.org/CVERecord?id=3DCVE-2026-2041=
2 ] https://corp.mediatek.com/product-security-bulletin/February-2026
=C2=A0 MediaTek, Inc.--MT6899, MT6991, MT8678, MT8793 In imgsys, there is a=
possible out of bounds write due to a missing bounds check. This could lea=
d to local escalation of privilege if a malicious actor has already obtaine=
d the System privilege. User interaction is not needed for exploitation. Pa= tch ID: ALPS10362725; Issue ID: MSV-5694. 2026-02-02 not yet calculated CVE= -2026-20413 [ https://www.cve.org/CVERecord?id=3DCVE-2026-20413 ] https://c= orp.mediatek.com/product-security-bulletin/February-2026
=C2=A0 MediaTek, Inc.--MT6897, MT6989, MT8196, MT8678, MT8766, MT8768, MT87= 86, MT8796 In imgsys, there is a possible escalation of privilege due to us=
e after free. This could lead to local escalation of privilege if a malicio=
us actor has already obtained the System privilege. User interaction is not=
needed for exploitation. Patch ID: ALPS10362999; Issue ID: MSV-5625. 2026-= 02-02 not yet calculated CVE-2026-20414 [ https://www.cve.org/CVERecord?id= =3DCVE-2026-20414 ] https://corp.mediatek.com/product-security-bulletin/Feb= ruary-2026
=C2=A0 MediaTek, Inc.--MT6897, MT6989 In imgsys, there is a possible memory=
corruption due to improper locking. This could lead to local denial of ser= vice if a malicious actor has already obtained the System privilege. User i= nteraction is not needed for exploitation. Patch ID: ALPS10363254; Issue ID=
: MSV-5617. 2026-02-02 not yet calculated CVE-2026-20415 [ https://www.cve.= org/CVERecord?id=3DCVE-2026-20415 ] https://corp.mediatek.com/product-secur= ity-bulletin/February-2026
=C2=A0 MediaTek, Inc.--MT6991, MT6993, MT8678 In pcie, there is a possible = out of bounds write due to a missing bounds check. This could lead to local=
escalation of privilege if a malicious actor has already obtained the Syst=
em privilege. User interaction is not needed for exploitation. Patch ID: AL= PS10314946 / ALPS10340155; Issue ID: MSV-5154. 2026-02-02 not yet calculate=
d CVE-2026-20417 [ https://www.cve.org/CVERecord?id=3DCVE-2026-20417 ] http= s://corp.mediatek.com/product-security-bulletin/February-2026
=C2=A0 MediaTek, Inc.--MT7931, MT7933 In Thread, there is a possible out of=
bounds write due to a missing bounds check. This could lead to remote esca= lation of privilege with no additional execution privileges needed. User in= teraction is not needed for exploitation. Patch ID: WCNCR00465153; Issue ID=
: MSV-4927. 2026-02-02 not yet calculated CVE-2026-20418 [ https://www.cve.= org/CVERecord?id=3DCVE-2026-20418 ] https://corp.mediatek.com/product-secur= ity-bulletin/February-2026
=C2=A0 MediaTek, Inc.--MT6890, MT6989TB, MT7902, MT7915, MT7916, MT7920, MT= 7921, MT7922, MT7925, MT7927, MT7981, MT7986, MT8196, MT8668, MT8676, MT867=
8, MT8775, MT8791T, MT8792, MT8793, MT8796, MT8873, MT8883, MT8893, MT8910 =
In wlan AP/STA firmware, there is a possible system becoming irresponsive d=
ue to an uncaught exception. This could lead to remote (proximal/adjacent) = denial of service with no additional execution privileges needed. User inte= raction is not needed for exploitation. Patch ID: WCNCR00461663 / WCNCR0046= 3309; Issue ID: MSV-4852. 2026-02-02 not yet calculated CVE-2026-20419 [ ht= tps://www.cve.org/CVERecord?id=3DCVE-2026-20419 ] https://corp.mediatek.com= /product-security-bulletin/February-2026
=C2=A0 MediaTek, Inc.--MT2735, MT2737, MT6813, MT6815, MT6833, MT6835, MT68= 53, MT6855, MT6858, MT6873, MT6875, MT6877, MT6878, MT6879, MT6880, MT6883,=
MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6896, MT6897, MT= 6899, MT6980, MT6983, MT6985, MT6986, MT6989, MT6990, MT6991, MT6993, MT867=
6, MT8791 In Modem, there is a possible system crash due to incorrect error=
handling. This could lead to remote denial of service, if a UE has connect=
ed to a rogue base station controlled by the attacker, with no additional e= xecution privileges needed. User interaction is not needed for exploitation=
. Patch ID: MOLY01738313; Issue ID: MSV-5935. 2026-02-02 not yet calculated=
CVE-2026-20420 [ https://www.cve.org/CVERecord?id=3DCVE-2026-20420 ] https= ://corp.mediatek.com/product-security-bulletin/February-2026
=C2=A0 MediaTek, Inc.--MT2735, MT6833, MT6853, MT6855, MT6873, MT6875, MT68= 77, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8791 In Modem=
, there is a possible system crash due to improper input validation. This c= ould lead to remote denial of service, if a UE has connected to a rogue bas=
e station controlled by the attacker, with no additional execution privileg=
es needed. User interaction is not needed for exploitation. Patch ID: MOLY0= 1738293; Issue ID: MSV-5922. 2026-02-02 not yet calculated CVE-2026-20421 [=
https://www.cve.org/CVERecord?id=3DCVE-2026-20421 ] https://corp.mediatek.= com/product-security-bulletin/February-2026
=C2=A0 MediaTek, Inc.--MT2735, MT2737, MT6813, MT6815, MT6833, MT6835, MT68= 53, MT6855, MT6858, MT6873, MT6875, MT6877, MT6878, MT6879, MT6880, MT6883,=
MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6896, MT6897, MT= 6899, MT6980, MT6983, MT6985, MT6986, MT6989, MT6990, MT6991, MT6993, MT866=
8, MT8673, MT8675, MT8676, MT8678, MT8755, MT8771, MT8775, MT8791, MT8791T,=
MT8792, MT8793, MT8795T, MT8797, MT8798, MT8863, MT8873, MT8883, MT8893 In=
Modem, there is a possible system crash due to improper input validation. = This could lead to remote denial of service, if a UE has connected to a rog=
ue base station controlled by the attacker, with no additional execution pr= ivileges needed. User interaction is not needed for exploitation. Patch ID:=
MOLY00827332; Issue ID: MSV-5919. 2026-02-02 not yet calculated CVE-2026-2= 0422 [ https://www.cve.org/CVERecord?id=3DCVE-2026-20422 ] https://corp.med= iatek.com/product-security-bulletin/February-2026
=C2=A0 ELECOM CO.,LTD.--WRC-X1500GS-B Cross-site request forgery vulnerabil= ity exists in WRC-X1500GS-B and WRC-X1500GSA-B. If a user accesses a malici= ous page while logged-in to the affected product, unintended operations may=
be performed. 2026-02-03 not yet calculated CVE-2026-20704 [ https://www.c= ve.org/CVERecord?id=3DCVE-2026-20704 ] https://www.elecom.co.jp/news/securi= ty/20260203-01/
https://jvn.jp/en/jp/JVN94012927/
=C2=A0 Cybozu, Inc.--Cybozu Garoon Cross-site scripting vulnerability exist=
s in E-mail function of Cybozu Garoon 5.0.0 to 6.0.3, which may allow an at= tacker to reset arbitrary users' passwords. 2026-02-02 not yet calculated C= VE-2026-20711 [ https://www.cve.org/CVERecord?id=3DCVE-2026-20711 ] https:/= /kb.cybozu.support/article/39081/
https://jvn.jp/en/jp/JVN35265756/
=C2=A0 Samsung Mobile--Samsung Mobile Devices Improper access control in Em= ergency Sharing prior to SMR Feb-2026 Release 1 allows local attackers to i= nterrupt its functioning. 2026-02-04 not yet calculated CVE-2026-20977 [ ht= tps://www.cve.org/CVERecord?id=3DCVE-2026-20977 ] https://security.samsungm= obile.com/securityUpdate.smsb?year=3D2026&month=3D02
=C2=A0 Samsung Mobile--Samsung Mobile Devices Improper authorization in Kno= xGuardManager prior to SMR Feb-2026 Release 1 allows local attackers to byp= ass the persistence configuration of the application. 2026-02-04 not yet ca= lculated CVE-2026-20978 [ https://www.cve.org/CVERecord?id=3DCVE-2026-20978=
] https://security.samsungmobile.com/securityUpdate.smsb?year=3D2026&month= =3D02
=C2=A0 Samsung Mobile--Samsung Mobile Devices Improper privilege management=
in Settings prior to SMR Feb-2026 Release 1 allows local attackers to laun=
ch arbitrary activity with Settings privilege. 2026-02-04 not yet calculate=
d CVE-2026-20979 [ https://www.cve.org/CVERecord?id=3DCVE-2026-20979 ] http= s://security.samsungmobile.com/securityUpdate.smsb?year=3D2026&month=3D02 =C2=A0 Samsung Mobile--Samsung Mobile Devices Improper input validation in = PACM prior to SMR Feb-2026 Release 1 allows physical attacker to execute ar= bitrary commands. 2026-02-04 not yet calculated CVE-2026-20980 [ https://ww= w.cve.org/CVERecord?id=3DCVE-2026-20980 ] https://security.samsungmobile.co= m/securityUpdate.smsb?year=3D2026&month=3D02
=C2=A0 Samsung Mobile--Samsung Mobile Devices Improper input validation in = FacAtFunction prior to SMR Feb-2026 Release 1 allows privileged physical at= tacker to execute arbitrary command with system privilege. 2026-02-04 not y=
et calculated CVE-2026-20981 [ https://www.cve.org/CVERecord?id=3DCVE-2026-= 20981 ] https://security.samsungmobile.com/securityUpdate.smsb?year=3D2026&= month=3D02
=C2=A0 Samsung Mobile--Samsung Mobile Devices Path traversal in ShortcutSer= vice prior to SMR Feb-2026 Release 1 allows privileged local attacker to cr= eate file with system privilege. 2026-02-04 not yet calculated CVE-2026-209=
82 [ https://www.cve.org/CVERecord?id=3DCVE-2026-20982 ] https://security.s= amsungmobile.com/securityUpdate.smsb?year=3D2026&month=3D02
=C2=A0 Samsung Mobile--Samsung Mobile Devices Improper export of android ap= plication components in Samsung Dialer prior to SMR Feb-2026 Release 1 allo=
ws local attackers to launch arbitrary activity with Samsung Dialer privile= ge. 2026-02-04 not yet calculated CVE-2026-20983 [ https://www.cve.org/CVER= ecord?id=3DCVE-2026-20983 ] https://security.samsungmobile.com/securityUpda= te.smsb?year=3D2026&month=3D02
=C2=A0 Samsung Mobile--Galaxy Wearable Improper handling of insufficient pe= rmission in Galaxy Wearable installed on non-Samsung Device prior to versio=
n 2.2.68 allows local attackers to access sensitive information. 2026-02-04=
not yet calculated CVE-2026-20984 [ https://www.cve.org/CVERecord?id=3DCVE= -2026-20984 ] https://security.samsungmobile.com/serviceWeb.smsb?year=3D202= 6&month=3D02
=C2=A0 Samsung Mobile--Samsung Members Improper input validation in Samsung=
Members prior to version 5.6.00.11 allows remote attackers to connect arbi= trary URL and launch arbitrary activity with Samsung Members privilege. Use=
r interaction is required for triggering this vulnerability. 2026-02-04 not=
yet calculated CVE-2026-20985 [ https://www.cve.org/CVERecord?id=3DCVE-202= 6-20985 ] https://security.samsungmobile.com/serviceWeb.smsb?year=3D2026&mo= nth=3D02
=C2=A0 Samsung Mobile--Chinese Samsung Members Path traversal in Samsung Me= mbers prior to Chinese version 15.5.05.4 allows local attackers to overwrit=
e data within Samsung Members. 2026-02-04 not yet calculated CVE-2026-20986=
[ https://www.cve.org/CVERecord?id=3DCVE-2026-20986 ] https://security.sam= sungmobile.com/serviceWeb.smsb?year=3D2026&month=3D02
=C2=A0 Samsung Mobile--GalaxyDiagnostics Improper input validation in Galax= yDiagnostics prior to version 3.5.050 allows local privileged attackers to = execute privileged commands. 2026-02-04 not yet calculated CVE-2026-20987 [=
https://www.cve.org/CVERecord?id=3DCVE-2026-20987 ] https://security.samsu= ngmobile.com/serviceWeb.smsb?year=3D2026&month=3D02
=C2=A0 Six Apart Ltd.--Movable Type (Software Edition) Movable Type contain=
s a stored cross-site scripting vulnerability in Edit Comment. If crafted i= nput is stored by an attacker, arbitrary script may be executed on a logged= -in user's web browser. Note that Movable Type 7 series and 8.4 series, whi=
ch are End-of-Life (EOL), are affected by the vulnerability as well. 2026-0= 2-04 not yet calculated CVE-2026-21393 [ https://www.cve.org/CVERecord?id= =3DCVE-2026-21393 ] https://movabletype.org/news/2026/02/mt-906-released.ht=
ml
https://www.sixapart.jp/movabletype/news/2026/02/04-1100.html https://jvn.jp/en/jp/JVN45405689/
=C2=A0 Stackideas.com--EasyDiscuss extension for Joomla Access control sett= ings for forum post custom fields are not applied to the JSON output type, = leading to an ACL violation vector an information disclosure 2026-02-06 not=
yet calculated CVE-2026-21626 [ https://www.cve.org/CVERecord?id=3DCVE-202= 6-21626 ] https://stackideas.com/easydiscuss
=C2=A0 rustfs--rustfs RustFS is a distributed object storage system built i=
n Rust. Prior to version alpha.78, IP-based access control can be bypassed:=
get_condition_values trusts client-supplied X-Forwarded-For/X-Real-Ip with= out verifying a trusted proxy, so any reachable client can spoof aws:Source=
Ip and satisfy IP-allowlist policies. This issue has been patched in versio=
n alpha.78. 2026-02-03 not yet calculated CVE-2026-21862 [ https://www.cve.= org/CVERecord?id=3DCVE-2026-21862 ] https://github.com/rustfs/rustfs/securi= ty/advisories/GHSA-fc6g-2gcp-2qrq
=C2=A0 n8n-io--n8n n8n is an open source workflow automation platform. From=
version 0.187.0 to before 1.120.3, a command injection vulnerability was i= dentified in n8n's community package installation functionality. The issue = allowed authenticated users with administrative permissions to execute arbi= trary system commands on the n8n host under specific conditions. This issue=
has been patched in version 1.120.3. 2026-02-04 not yet calculated CVE-202= 6-21893 [ https://www.cve.org/CVERecord?id=3DCVE-2026-21893 ] https://githu= b.com/n8n-io/n8n/security/advisories/GHSA-7c4h-vh2m-743m https://github.com/n8n-io/n8n/commit/ae0669a736cc496beeb296e115267862727ae8=
38
=C2=A0 TP-Link Systems Inc.--Archer BE230 v1.2 A lack of proper input valid= ation in the HTTP processing path in TP-Link Archer BE230 v1.2 (web modules=
) may allow a crafted request to cause the device's web service to become u= nresponsive, resulting in a denial of service condition. A network adjacent=
attacker with high privileges could cause the device's web interface to te= mporarily stop responding until it recovers or is rebooted. This issue affe= cts Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420. 2026-02-03 not yet = calculated CVE-2026-22220 [ https://www.cve.org/CVERecord?id=3DCVE-2026-222=
20 ] https://www.tp-link.com/us/support/download/archer-be230/v1.20/#Firmwa=
re
https://www.tp-link.com/en/support/download/archer-be230/v1.20/#Firmware https://www.tp-link.com/sg/support/download/archer-be230/v1.20/#Firmware https://www.tp-link.com/us/support/faq/4941/
=C2=A0 TP-Link Systems Inc.--Archer BE230 v1.2 An OS Command Injection vuln= erability in TP-Link Archer BE230 v1.2(vpn modules) allows adjacent authent= icated attacker execute arbitrary code.=C2=A0Successful exploitation could = allow an attacker to gain full administrative control of the device, result= ing in severe compromise of configuration integrity, network security, and = service availability. This CVE covers one of multiple distinct OS command i= njection issues identified across separate code paths. Although similar in = nature, each instance is tracked under a unique CVE ID. This issue affects = Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420. 2026-02-02 not yet calc= ulated CVE-2026-22221 [ https://www.cve.org/CVERecord?id=3DCVE-2026-22221 ]=
https://www.tp-link.com/us/support/download/archer-be230/v1.20/#Firmware https://www.tp-link.com/en/support/download/archer-be230/v1.20/#Firmware https://www.tp-link.com/sg/support/download/archer-be230/v1.20/#Firmware https://www.tp-link.com/us/support/faq/4935/
=C2=A0 TP-Link Systems Inc.--Archer BE230 v1.2 An OS Command Injection vuln= erability in TP-Link Archer BE230 v1.2(web modules) allows adjacent authent= icated attacker to=C2=A0execute arbitrary code.=C2=A0Successful exploitatio=
n could allow an attacker to gain full administrative control of the device=
, resulting in severe compromise of configuration integrity, network securi= ty, and service availability. This CVE covers one of multiple distinct OS c= ommand injection issues identified across separate code paths. Although sim= ilar in nature, each instance is tracked under a unique CVE ID. This issue = affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420. 2026-02-02 not = yet calculated CVE-2026-22222 [ https://www.cve.org/CVERecord?id=3DCVE-2026= -22222 ] https://www.tp-link.com/us/support/download/archer-be230/v1.20/#Fi= rmware
https://www.tp-link.com/en/support/download/archer-be230/v1.20/#Firmware https://www.tp-link.com/sg/support/download/archer-be230/v1.20/#Firmware https://www.tp-link.com/us/support/faq/4935/
=C2=A0 TP-Link System Inc.--Archer BE230 v1.2 An OS Command Injection vulne= rability in TP-Link Archer BE230 v1.2(vpn modules) allows adjacent authenti= cated attacker execute arbitrary code.=C2=A0Successful exploitation could a= llow an attacker to gain full administrative control of the device, resulti=
ng in severe compromise of configuration integrity, network security, and s= ervice availability. This CVE covers one of multiple distinct OS command in= jection issues identified across separate code paths. Although similar in n= ature, each instance is tracked under a unique CVE ID. This issue affects A= rcher BE230 v1.2 < 1.2.4 Build 20251218 rel.70420. 2026-02-02 not yet calcu= lated CVE-2026-22223 [ https://www.cve.org/CVERecord?id=3DCVE-2026-22223 ] = https://www.tp-link.com/us/support/download/archer-be230/v1.20/#Firmware https://www.tp-link.com/en/support/download/archer-be230/v1.20/#Firmware https://www.tp-link.com/sg/support/download/archer-be230/v1.20/#Firmware https://www.tp-link.com/us/support/faq/4935/
=C2=A0 TP-Link Systems Inc.--Archer BE230 v1.2 A command injection vulnerab= ility may be exploited after the admin's authentication in the cloud commun= ication interface on the TP-Link Archer BE230 v1.2. Successful exploitation=
could allow an attacker to gain full administrative control of the device,=
resulting in severe compromise of configuration integrity, network securit=
y, and service availability. This CVE covers one of multiple distinct OS co= mmand injection issues identified across separate code paths. Although simi= lar in nature, each instance is tracked under a unique CVE ID. This issue a= ffects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420. 2026-02-02 not y=
et calculated CVE-2026-22224 [ https://www.cve.org/CVERecord?id=3DCVE-2026-= 22224 ] https://www.tp-link.com/us/support/download/archer-be230/v1.20/#Fir= mware
https://www.tp-link.com/en/support/download/archer-be230/v1.20/#Firmware https://www.tp-link.com/sg/support/download/archer-be230/v1.20/#Firmware https://www.tp-link.com/us/support/faq/4935/
=C2=A0 TP-Link Systems Inc.--Archer BE230 v1.2 A command injection vulnerab= ility may be exploited after the admin's authentication in the VPN Connecti=
on Service on the Archer BE230 v1.2. Successful exploitation could allow an=
attacker to gain full administrative control of the device, resulting in s= evere compromise of configuration integrity, network security, and service = availability. This CVE covers one of multiple distinct OS command injection=
issues identified across separate code paths. Although similar in nature, = each instance is tracked under a unique CVE ID. This issue affects Archer B= E230 v1.2 < 1.2.4 Build 20251218 rel.70420. 2026-02-02 not yet calculated C= VE-2026-22225 [ https://www.cve.org/CVERecord?id=3DCVE-2026-22225 ] https:/= /www.tp-link.com/us/support/download/archer-be230/v1.20/#Firmware https://www.tp-link.com/en/support/download/archer-be230/v1.20/#Firmware https://www.tp-link.com/sg/support/download/archer-be230/v1.20/#Firmware https://www.tp-link.com/us/support/faq/4935/
=C2=A0 TP-Link Systems Inc.--Archer BE230 v1.2 A command injection vulnerab= ility may be exploited after the admin's authentication in the VPN server c= onfiguration module on the TP-Link Archer BE230 v1.2. Successful exploitati=
on could allow an attacker to gain full administrative control of the devic=
e, resulting in severe compromise of configuration integrity, network secur= ity, and service availability. This CVE covers one of multiple distinct OS = command injection issues identified across separate code paths. Although si= milar in nature, each instance is tracked under a unique CVE ID. This issue=
affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420. 2026-02-02 not=
yet calculated CVE-2026-22226 [ https://www.cve.org/CVERecord?id=3DCVE-202= 6-22226 ] https://www.tp-link.com/us/support/download/archer-be230/v1.20/#F= irmware https://www.tp-link.com/en/support/download/archer-be230/v1.20/#Firmware https://www.tp-link.com/sg/support/download/archer-be230/v1.20/#Firmware https://www.tp-link.com/us/support/faq/4935/
=C2=A0 TP-Link Systems Inc.--Archer BE230 v1.2 A command injection vulnerab= ility may be exploited after the admin's authentication via the configurati=
on backup restoration function of the TP-Link Archer BE230 v1.2. Successful=
exploitation could allow an attacker to gain full administrative control o=
f the device, resulting in severe compromise of configuration integrity, ne= twork security, and service availability. This CVE covers one of multiple d= istinct OS command injection issues identified across separate code paths. = Although similar in nature, each instance is tracked under a unique CVE ID.=
This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420. 202= 6-02-02 not yet calculated CVE-2026-22227 [ https://www.cve.org/CVERecord?i= d=3DCVE-2026-22227 ] https://www.tp-link.com/us/support/download/archer-be2= 30/v1.20/#Firmware https://www.tp-link.com/en/support/download/archer-be230/v1.20/#Firmware https://www.tp-link.com/sg/support/download/archer-be230/v1.20/#Firmware https://www.tp-link.com/us/support/faq/4935/
=C2=A0 TP-Link Systems Inc.--Archer BE230 v1.2 An authenticated user with h= igh privileges may trigger a denial=E2=80=91of=E2=80=91service condition in=
TP-Link Archer BE230 v1.2 by restoring a crafted configuration file contai= ning an excessively long parameter. Restoring such a file can cause the dev= ice to become unresponsive, requiring a reboot to restore normal operation.=
This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420. 202= 6-02-03 not yet calculated CVE-2026-22228 [ https://www.cve.org/CVERecord?i= d=3DCVE-2026-22228 ] https://www.tp-link.com/us/support/download/archer-be2= 30/v1.20/#Firmware https://www.tp-link.com/en/support/download/archer-be230/v1.20/#Firmware https://www.tp-link.com/sg/support/download/archer-be230/v1.20/#Firmware https://www.tp-link.com/us/support/faq/4941/
=C2=A0 TP-Link Systems Inc.--Archer BE230 v1.2 A command injection vulnerab= ility may be exploited after the admin's authentication via the import of a=
crafted VPN client configuration file on the TP-Link Archer BE230 v1.2. Su= ccessful exploitation could allow an attacker to gain full administrative c= ontrol of the device, resulting in severe compromise of configuration integ= rity, network security, and service availability. This CVE covers one of mu= ltiple distinct OS command injection issues identified across separate code=
paths. Although similar in nature, each instance is tracked under a unique=
CVE ID. This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70= 420. 2026-02-02 not yet calculated CVE-2026-22229 [ https://www.cve.org/CVE= Record?id=3DCVE-2026-22229 ] https://www.tp-link.com/us/support/download/ar= cher-be230/v1.20/#Firmware https://www.tp-link.com/en/support/download/archer-be230/v1.20/#Firmware https://www.tp-link.com/sg/support/download/archer-be230/v1.20/#Firmware https://www.tp-link.com/us/support/faq/4935/
=C2=A0 ELECOM CO.,LTD.--WRC-X1500GS-B OS command injection vulnerability ex= ists in WRC-X1500GS-B and WRC-X1500GSA-B. A crafted request from a logged-i=
n user may lead to an arbitrary OS command execution. 2026-02-03 not yet ca= lculated CVE-2026-22550 [ https://www.cve.org/CVERecord?id=3DCVE-2026-22550=
] https://www.elecom.co.jp/news/security/20260203-01/ https://jvn.jp/en/jp/JVN94012927/
=C2=A0 Six Apart Ltd.--Movable Type (Software Edition) Movable Type contain=
s a stored cross-site scripting vulnerability in Export Sites. If crafted i= nput is stored by an attacker, arbitrary script may be executed on a logged= -in user's web browser. Note that Movable Type 7 series and 8.4 series, whi=
ch are End-of-Life (EOL), are affected by the vulnerability as well. 2026-0= 2-04 not yet calculated CVE-2026-22875 [ https://www.cve.org/CVERecord?id= =3DCVE-2026-22875 ] https://movabletype.org/news/2026/02/mt-906-released.ht=
ml
https://www.sixapart.jp/movabletype/news/2026/02/04-1100.html https://jvn.jp/en/jp/JVN45405689/
=C2=A0 Cybozu, Inc.--Cybozu Garoon Cross-site scripting vulnerability exist=
s in Message function of Cybozu Garoon 5.15.0 to 6.0.3, which may allow an = attacker to reset arbitrary users' passwords. 2026-02-02 not yet calculated=
CVE-2026-22881 [ https://www.cve.org/CVERecord?id=3DCVE-2026-22881 ] https= ://kb.cybozu.support/article/39084/
https://jvn.jp/en/jp/JVN35265756/
=C2=A0 Cybozu, Inc.--Cybozu Garoon Improper input verification issue exists=
in Cybozu Garoon 5.0.0 to 6.0.3, which may lead to unauthorized alteration=
of portal settings, potentially blocking access to the product. 2026-02-02=
not yet calculated CVE-2026-22888 [ https://www.cve.org/CVERecord?id=3DCVE= -2026-22888 ] https://kb.cybozu.support/article/39083/ https://jvn.jp/en/jp/JVN35265756/
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: wifi: mac80211_hwsim: fix typo in frequency notification The N=
AN notification is for 5745 MHz which corresponds to channel 149 and not 54=
75 which is not actually a valid channel. This could result in a NULL point=
er dereference in cfg80211_next_nan_dw_notif. 2026-02-04 not yet calculated=
CVE-2026-23040 [ https://www.cve.org/CVERecord?id=3DCVE-2026-23040 ] https= ://git.kernel.org/stable/c/1251bbdb8f5b2ea86ca9b4268a2e6aa34372ab33 https://git.kernel.org/stable/c/333418872bfecf4843f1ded7a4151685dfcf07d5
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: bnxt_en: Fix NULL pointer crash in bnxt_ptp_enable during erro=
r cleanup When bnxt_init_one() fails during initialization (e.g., bnxt_init= _int_mode returns -ENODEV), the error path calls bnxt_free_hwrm_resources()=
which destroys the DMA pool and sets bp->hwrm_dma_pool to NULL. Subsequent= ly, bnxt_ptp_clear() is called, which invokes ptp_clock_unregister(). Since=
commit a60fc3294a37 ("ptp: rework ptp_clock_unregister() to disable events= "), ptp_clock_unregister() now calls ptp_disable_all_events(), which in tur=
n invokes the driver's .enable() callback (bnxt_ptp_enable()) to disable PT=
P events before completing the unregistration. bnxt_ptp_enable() attempts t=
o send HWRM commands via bnxt_ptp_cfg_pin() and bnxt_ptp_cfg_event(), both =
of which call hwrm_req_init(). This function tries to allocate from bp->hwr= m_dma_pool, causing a NULL pointer dereference: bnxt_en 0000:01:00.0 (unnam=
ed net_device) (uninitialized): bnxt_init_int_mode err: ffffffed KASAN: nul= l-ptr-deref in range [0x0000000000000028-0x000000000000002f] Call Trace: __= hwrm_req_init (drivers/net/ethernet/broadcom/bnxt/bnxt_hwrm.c:72) bnxt_ptp_= enable (drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c:323 drivers/net/ether= net/broadcom/bnxt/bnxt_ptp.c:517) ptp_disable_all_events (drivers/ptp/ptp_c= hardev.c:66) ptp_clock_unregister (drivers/ptp/ptp_clock.c:518) bnxt_ptp_cl= ear (drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c:1134) bnxt_init_one (dri= vers/net/ethernet/broadcom/bnxt/bnxt.c:16889) Lines are against commit f8f9= c1f4d0c7 ("Linux 6.19-rc3") Fix this by clearing and unregistering ptp (bnx= t_ptp_clear()) before freeing HWRM resources. 2026-02-04 not yet calculated=
CVE-2026-23041 [ https://www.cve.org/CVERecord?id=3DCVE-2026-23041 ] https= ://git.kernel.org/stable/c/0174d5466caefc22f03a36c43b2a3cce7e332627 https://git.kernel.org/stable/c/3358995b1a7f9dcb52a56ec8251570d71024dad0
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: idpf: fix aux device unplugging when rdma is not supported by = vport If vport flags do not contain VIRTCHNL2_VPORT_ENABLE_RDMA, driver doe=
s not allocate vdev_info for this vport. This leads to kernel NULL pointer = dereference in idpf_idc_vport_dev_down(), which references vdev_info for ev= ery vport regardless. Check, if vdev_info was ever allocated before unplugg= ing aux device. 2026-02-04 not yet calculated CVE-2026-23042 [ https://www.= cve.org/CVERecord?id=3DCVE-2026-23042 ] https://git.kernel.org/stable/c/0ad= 6d6e50e9d8bf596cfe77a882ddc20b29f525a https://git.kernel.org/stable/c/4648fb2f2e7210c53b85220ee07d42d1e4bae3f9
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: btrfs: fix NULL pointer dereference in do_abort_log_replay() C= overity reported a NULL pointer dereference issue (CID 1666756) in do_abort= _log_replay(). When btrfs_alloc_path() fails in replay_one_buffer(), wc->su= bvol_path is NULL, but btrfs_abort_log_replay() calls do_abort_log_replay()=
which unconditionally dereferences wc->subvol_path when attempting to prin=
t debug information. Fix this by adding a NULL check before dereferencing w= c->subvol_path in do_abort_log_replay(). 2026-02-04 not yet calculated CVE-= 2026-23043 [ https://www.cve.org/CVERecord?id=3DCVE-2026-23043 ] https://gi= t.kernel.org/stable/c/6d1b61b8e1e44888c643d89225ab819b10649b2e https://git.kernel.org/stable/c/530e3d4af566ca44807d79359b90794dea24c4f3
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: PM: hibernate: Fix crash when freeing invalid crypto compresso=
r When crypto_alloc_acomp() fails, it returns an ERR_PTR value, not NULL. T=
he cleanup code in save_compressed_image() and load_compressed_image() unco= nditionally calls crypto_free_acomp() without checking for ERR_PTR, which c= auses crypto_acomp_tfm() to dereference an invalid pointer and crash the ke= rnel. This can be triggered when the compression algorithm is unavailable (= e.g., CONFIG_CRYPTO_LZO not enabled). Fix by adding IS_ERR_OR_NULL() checks=
before calling crypto_free_acomp() and acomp_request_free(), similar to th=
e existing kthread_stop() check. [ rjw: Added 2 empty code lines ] 2026-02-=
04 not yet calculated CVE-2026-23044 [ https://www.cve.org/CVERecord?id=3DC= VE-2026-23044 ] https://git.kernel.org/stable/c/b7a883b0135dbc6817e90a82942= 1c9fc8cd94bad https://git.kernel.org/stable/c/7966cf0ebe32c981bfa3db252cb5fc3bb1bf2e77
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: net/ena: fix missing lock when update devlink params Fix asser=
t lock warning while calling devl_param_driverinit_value_set() in ena. WARN= ING: net/devlink/core.c:261 at devl_assert_locked+0x62/0x90, CPU#0: kworker= /0:0/9 CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Not tainted 6.19.0-rc2+ #1 PR= EEMPT(lazy) Hardware name: Amazon EC2 m8i-flex.4xlarge/, BIOS 1.0 10/16/201=
7 Workqueue: events work_for_cpu_fn RIP: 0010:devl_assert_locked+0x62/0x90 = Call Trace: <TASK> devl_param_driverinit_value_set+0x15/0x1c0 ena_devlink_a= lloc+0x18c/0x220 [ena] ? __pfx_ena_devlink_alloc+0x10/0x10 [ena] ? trace_ha= rdirqs_on+0x18/0x140 ? lockdep_hardirqs_on+0x8c/0x130 ? __raw_spin_unlock_i= rqrestore+0x5d/0x80 ? __raw_spin_unlock_irqrestore+0x46/0x80 ? devm_ioremap= _wc+0x9a/0xd0 ena_probe+0x4d2/0x1b20 [ena] ? __lock_acquire+0x56a/0xbd0 ? _= _pfx_ena_probe+0x10/0x10 [ena] ? local_clock+0x15/0x30 ? __lock_release.isr= a.0+0x1c9/0x340 ? mark_held_locks+0x40/0x70 ? lockdep_hardirqs_on_prepare.p= art.0+0x92/0x170 ? trace_hardirqs_on+0x18/0x140 ? lockdep_hardirqs_on+0x8c/= 0x130 ? __raw_spin_unlock_irqrestore+0x5d/0x80 ? __raw_spin_unlock_irqresto= re+0x46/0x80 ? __pfx_ena_probe+0x10/0x10 [ena] ...... </TASK> 2026-02-04 no=
t yet calculated CVE-2026-23045 [ https://www.cve.org/CVERecord?id=3DCVE-20= 26-23045 ] https://git.kernel.org/stable/c/f2c4bcfa193eef1b7457a56be9c47a8d= e015f225 https://git.kernel.org/stable/c/8da901ffe497a53fa4ecc3ceed0e6d771586f88e
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: virtio_net: fix device mismatch in devm_kzalloc/devm_kfree Ini= tial rss_hdr allocation uses virtio_device->device, but virtnet_set_queues(=
) frees using net_device->device. This device mismatch causing below devres=
warning [ 3788.514041] ------------[ cut here ]------------ [ 3788.514044]=
WARNING: drivers/base/devres.c:1095 at devm_kfree+0x84/0x98, CPU#16: vdpa/= 1463 [ 3788.514054] Modules linked in: octep_vdpa virtio_net virtio_vdpa [l= ast unloaded: virtio_vdpa] [ 3788.514064] CPU: 16 UID: 0 PID: 1463 Comm: vd=
pa Tainted: G W 6.18.0 #10 PREEMPT [ 3788.514067] Tainted: [W]=3DWARN [ 378= 8.514069] Hardware name: Marvell CN106XX board (DT) [ 3788.514071] pstate: = 63400009 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=3D--) [ 3788.514074] pc=
: devm_kfree+0x84/0x98 [ 3788.514076] lr : devm_kfree+0x54/0x98 [ 3788.514= 079] sp : ffff800084e2f220 [ 3788.514080] x29: ffff800084e2f220 x28: ffff00= 03b2366000 x27: 000000000000003f [ 3788.514085] x26: 000000000000003f x25: = ffff000106f17c10 x24: 0000000000000080 [ 3788.514089] x23: ffff00045bb8ab08=
x22: ffff00045bb8a000 x21: 0000000000000018 [ 3788.514093] x20: ffff000435= 5c3080 x19: ffff00045bb8aa00 x18: 0000000000080000 [ 3788.514098] x17: 0000= 000000000040 x16: 000000000000001f x15: 000000000007ffff [ 3788.514102] x14=
: 0000000000000488 x13: 0000000000000005 x12: 00000000000fffff [ 3788.51410=
6] x11: ffffffffffffffff x10: 0000000000000005 x9 : ffff800080c8c05c [ 3788= .514110] x8 : ffff800084e2eeb8 x7 : 0000000000000000 x6 : 000000000000003f =
[ 3788.514115] x5 : ffff8000831bafe0 x4 : ffff800080c8b010 x3 : ffff0004355= c3080 [ 3788.514119] x2 : ffff0004355c3080 x1 : 0000000000000000 x0 : 00000= 00000000000 [ 3788.514123] Call trace: [ 3788.514125] devm_kfree+0x84/0x98 = (P) [ 3788.514129] virtnet_set_queues+0x134/0x2e8 [virtio_net] [ 3788.51413=
5] virtnet_probe+0x9c0/0xe00 [virtio_net] [ 3788.514139] virtio_dev_probe+0= x1e0/0x338 [ 3788.514144] really_probe+0xc8/0x3a0 [ 3788.514149] __driver_p= robe_device+0x84/0x170 [ 3788.514152] driver_probe_device+0x44/0x120 [ 3788= .514155] __device_attach_driver+0xc4/0x168 [ 3788.514158] bus_for_each_drv+= 0x8c/0xf0 [ 3788.514161] __device_attach+0xa4/0x1c0 [ 3788.514164] device_i= nitial_probe+0x1c/0x30 [ 3788.514168] bus_probe_device+0xb4/0xc0 [ 3788.514= 170] device_add+0x614/0x828 [ 3788.514173] register_virtio_device+0x214/0x2=
58 [ 3788.514175] virtio_vdpa_probe+0xa0/0x110 [virtio_vdpa] [ 3788.514179]=
vdpa_dev_probe+0xa8/0xd8 [ 3788.514183] really_probe+0xc8/0x3a0 [ 3788.514= 186] __driver_probe_device+0x84/0x170 [ 3788.514189] driver_probe_device+0x= 44/0x120 [ 3788.514192] __device_attach_driver+0xc4/0x168 [ 3788.514195] bu= s_for_each_drv+0x8c/0xf0 [ 3788.514197] __device_attach+0xa4/0x1c0 [ 3788.5= 14200] device_initial_probe+0x1c/0x30 [ 3788.514203] bus_probe_device+0xb4/= 0xc0 [ 3788.514206] device_add+0x614/0x828 [ 3788.514209] _vdpa_register_de= vice+0x58/0x88 [ 3788.514211] octep_vdpa_dev_add+0x104/0x228 [octep_vdpa] [=
3788.514215] vdpa_nl_cmd_dev_add_set_doit+0x2d0/0x3c0 [ 3788.514218] genl_= family_rcv_msg_doit+0xe4/0x158 [ 3788.514222] genl_rcv_msg+0x218/0x298 [ 37= 88.514225] netlink_rcv_skb+0x64/0x138 [ 3788.514229] genl_rcv+0x40/0x60 [ 3= 788.514233] netlink_unicast+0x32c/0x3b0 [ 3788.514237] netlink_sendmsg+0x17= 0/0x3b8 [ 3788.514241] __sys_sendto+0x12c/0x1c0 [ 3788.514246] __arm64_sys_= sendto+0x30/0x48 [ 3788.514249] invoke_syscall.constprop.0+0x58/0xf8 [ 3788= .514255] do_el0_svc+0x48/0xd0 [ 3788.514259] el0_svc+0x48/0x210 [ 3788.5142= 64] el0t_64_sync_handler+0xa0/0xe8 [ 3788.514268] el0t_64_sync+0x198/0x1a0 =
[ 3788.514271] ---[ end trace 0000000000000000 ]--- Fix by using virtio_dev= ice->device consistently for allocation and deallocation 2026-02-04 not yet=
calculated CVE-2026-23046 [ https://www.cve.org/CVERecord?id=3DCVE-2026-23= 046 ] https://git.kernel.org/stable/c/a5e2d902f64c76169c771f584559c82b58809= 0e3
https://git.kernel.org/stable/c/acb4bc6e1ba34ae1a34a9334a1ce8474c909466e
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: libceph: make calc_target() set t->paused, not just clear it C= urrently calc_target() clears t->paused if the request shouldn't be paused = anymore, but doesn't ever set t->paused even though it's able to determine = when the request should be paused. Setting t->paused is left to __submit_re= quest() which is fine for regular requests but doesn't work for linger requ= ests -- since __submit_request() doesn't operate on linger requests, there =
is nowhere for lreq->t.paused to be set. One consequence of this is that wa= tches don't get reestablished on paused -> unpaused transitions in cases wh= ere requests have been paused long enough for the (paused) unwatch request =
to time out and for the subsequent (re)watch request to enter the paused st= ate. On top of the watch not getting reestablished, rbd_reregister_watch() = gets stuck with rbd_dev->watch_mutex held: rbd_register_watch __rbd_registe= r_watch ceph_osdc_watch linger_reg_commit_wait It's waiting for lreq->reg_c= ommit_wait to be completed, but for that to happen the respective request n= eeds to end up on need_resend_linger list and be kicked when requests are u= npaused. There is no chance for that if the request in question is never ma= rked paused in the first place. The fact that rbd_dev->watch_mutex remains = taken out forever then prevents the image from getting unmapped -- "rbd unm= ap" would inevitably hang in D state on an attempt to grab the mutex. 2026-= 02-04 not yet calculated CVE-2026-23047 [ https://www.cve.org/CVERecord?id= =3DCVE-2026-23047 ] https://git.kernel.org/stable/c/2b3329b3c29d9e188e40d90= 2d5230c2d5989b940 https://git.kernel.org/stable/c/5d0dc83cb9a69c1d0bea58f1c430199b05f6b021 https://git.kernel.org/stable/c/4d3399c52e0e61720ae898f5a0b5b75d4460ae24 https://git.kernel.org/stable/c/4ebc711b738d139cabe2fc9e7e7749847676a342 https://git.kernel.org/stable/c/6f468f6ff233c6a81e0e761d9124e982903fe9a5 https://git.kernel.org/stable/c/5647d42c47b535573b63e073e91164d6a5bb058c https://git.kernel.org/stable/c/c0fe2994f9a9d0a2ec9e42441ea5ba74b6a16176
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: udp: call skb_orphan() before skb_attempt_defer_free() Standar=
d UDP receive path does not use skb->destructor. But skmsg layer does use i=
t, since it calls skb_set_owner_sk_safe() from udp_read_skb(). This then tr= iggers this warning in skb_attempt_defer_free(): DEBUG_NET_WARN_ON_ONCE(skb= ->destructor); We must call skb_orphan() to fix this issue. 2026-02-04 not = yet calculated CVE-2026-23048 [ https://www.cve.org/CVERecord?id=3DCVE-2026= -23048 ] https://git.kernel.org/stable/c/0c63d5683eae6a7b4d81382bcbecb2a19f= eff90d
https://git.kernel.org/stable/c/e5c8eda39a9fc1547d1398d707aa06c1d080abdd
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: drm/panel-simple: fix connector type for DataImage SCF0700C48G= GU18 panel The connector type for the DataImage SCF0700C48GGU18 panel is mi= ssing and devm_drm_panel_bridge_add() requires connector type to be set. Th=
is leads to a warning and a backtrace in the kernel log and panel does not = work: " WARNING: CPU: 3 PID: 38 at drivers/gpu/drm/bridge/panel.c:379 devm_= drm_of_get_bridge+0xac/0xb8 " The warning is triggered by a check for valid=
connector type in devm_drm_panel_bridge_add(). If there is no valid connec= tor type set for a panel, the warning is printed and panel is not added. Fi=
ll in the missing connector type to fix the warning and make the panel oper= ational once again. 2026-02-04 not yet calculated CVE-2026-23049 [ https://= www.cve.org/CVERecord?id=3DCVE-2026-23049 ] https://git.kernel.org/stable/c= /f4c330b4499e7334ec6fce535574e09d55843d71 https://git.kernel.org/stable/c/bb309377eece5317207d71fd833f99cca4727fbd https://git.kernel.org/stable/c/83e0d8d22e7ee3151af1951595104887eebed6ab https://git.kernel.org/stable/c/bc0b17bdba3838e9e17e7e9adc968384ac99938b https://git.kernel.org/stable/c/04218cd68d1502000823c8288f37b4f171dcdcae https://git.kernel.org/stable/c/f7940d3ec1dc6bf719eddc69d4b8e52cc2201896 https://git.kernel.org/stable/c/6ab3d4353bf75005eaa375677c9fed31148154d6
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: pNFS: Fix a deadlock when returning a delegation during open()=
Ben Coddington reports seeing a hang in the following stack trace: 0 [ffff= d0b50e1774e0] __schedule at ffffffff9ca05415 1 [ffffd0b50e177548] schedule =
at ffffffff9ca05717 2 [ffffd0b50e177558] bit_wait at ffffffff9ca061e1 3 [ff= ffd0b50e177568] __wait_on_bit at ffffffff9ca05cfb 4 [ffffd0b50e1775c8] out_= of_line_wait_on_bit at ffffffff9ca05ea5 5 [ffffd0b50e177618] pnfs_roc at ff= ffffffc154207b [nfsv4] 6 [ffffd0b50e1776b8] _nfs4_proc_delegreturn at fffff= fffc1506586 [nfsv4] 7 [ffffd0b50e177788] nfs4_proc_delegreturn at ffffffffc= 1507480 [nfsv4] 8 [ffffd0b50e1777f8] nfs_do_return_delegation at ffffffffc1= 523e41 [nfsv4] 9 [ffffd0b50e177838] nfs_inode_set_delegation at ffffffffc15= 24a75 [nfsv4] 10 [ffffd0b50e177888] nfs4_process_delegation at ffffffffc14f= 41dd [nfsv4] 11 [ffffd0b50e1778a0] _nfs4_opendata_to_nfs4_state at ffffffff= c1503edf [nfsv4] 12 [ffffd0b50e1778c0] _nfs4_open_and_get_state at ffffffff= c1504e56 [nfsv4] 13 [ffffd0b50e177978] _nfs4_do_open at ffffffffc15051b8 [n= fsv4] 14 [ffffd0b50e1779f8] nfs4_do_open at ffffffffc150559c [nfsv4] 15 [ff= ffd0b50e177a80] nfs4_atomic_open at ffffffffc15057fb [nfsv4] 16 [ffffd0b50e= 177ad0] nfs4_file_open at ffffffffc15219be [nfsv4] 17 [ffffd0b50e177b78] do= _dentry_open at ffffffff9c09e6ea 18 [ffffd0b50e177ba8] vfs_open at ffffffff= 9c0a082e 19 [ffffd0b50e177bd0] dentry_open at ffffffff9c0a0935 The issue is=
that the delegreturn is being asked to wait for a layout return that canno=
t complete because a state recovery was initiated. The state recovery canno=
t complete until the open() finishes processing the delegations it was give=
n. The solution is to propagate the existing flags that indicate a non-bloc= king call to the function pnfs_roc(), so that it knows not to wait in this = situation. 2026-02-04 not yet calculated CVE-2026-23050 [ https://www.cve.o= rg/CVERecord?id=3DCVE-2026-23050 ] https://git.kernel.org/stable/c/a316fd9d= 3065b753b03d802530004aea481512cc https://git.kernel.org/stable/c/d6c75aa9d607044d1e5c8498eff0259eed356c32 https://git.kernel.org/stable/c/857bf9056291a16785ae3be1d291026b2437fc48
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: drm/amdgpu: fix drm panic null pointer when driver not support=
atomic When driver not support atomic, fb using plane->fb rather than plan= e->state->fb. (cherry picked from commit 2f2a72de673513247cd6fae14e53f6c40c= 5841ef) 2026-02-04 not yet calculated CVE-2026-23051 [ https://www.cve.org/= CVERecord?id=3DCVE-2026-23051 ] https://git.kernel.org/stable/c/a1aedf4053a= f7dad3772b94b057a7d1f5473055f https://git.kernel.org/stable/c/9cb6278b44c38899961b36d303d7b18b38be2a6e
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: ftrace: Do not over-allocate ftrace memory The pg_remaining ca= lculation in ftrace_process_locs() assumes that ENTRIES_PER_PAGE multiplied=
by 2^order equals the actual capacity of the allocated page group. However=
, ENTRIES_PER_PAGE is PAGE_SIZE / ENTRY_SIZE (integer division). When PAGE_= SIZE is not a multiple of ENTRY_SIZE (e.g. 4096 / 24 =3D 170 with remainder=
16), high-order allocations (like 256 pages) have significantly more capac= ity than 256 * 170. This leads to pg_remaining being underestimated, which =
in turn makes skip (derived from skipped - pg_remaining) larger than expect= ed, causing the WARN(skip !=3D remaining) to trigger. Extra allocated pages=
for ftrace: 2 with 654 skipped WARNING: CPU: 0 PID: 0 at kernel/trace/ftra= ce.c:7295 ftrace_process_locs+0x5bf/0x5e0 A similar problem in ftrace_alloc= ate_records() can result in allocating too many pages. This can trigger the=
second warning in ftrace_process_locs(). Extra allocated pages for ftrace = WARNING: CPU: 0 PID: 0 at kernel/trace/ftrace.c:7276 ftrace_process_locs+0x= 548/0x580 Use the actual capacity of a page group to determine the number o=
f pages to allocate. Have ftrace_allocate_pages() return the number of allo= cated pages to avoid having to calculate it. Use the actual page group capa= city when validating the number of unused pages due to skipped entries. Dro=
p the definition of ENTRIES_PER_PAGE since it is no longer used. 2026-02-04=
not yet calculated CVE-2026-23052 [ https://www.cve.org/CVERecord?id=3DCVE= -2026-23052 ] https://git.kernel.org/stable/c/9aef476717994e96dadfb359641c4= b82b521aa36 https://git.kernel.org/stable/c/be55257fab181b93af38f8c4b1b3cb453a78d742
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: NFS: Fix a deadlock involving nfs_release_folio() Wang Zhaolon=
g reports a deadlock involving NFSv4.1 state recovery waiting on kthreadd, = which is attempting to reclaim memory by calling nfs_release_folio(). The l= atter cannot make progress due to state recovery being needed. It seems tha=
t the only safe thing to do here is to kick off a writeback of the folio, w= ithout waiting for completion, or else kicking off an asynchronous commit. = 2026-02-04 not yet calculated CVE-2026-23053 [ https://www.cve.org/CVERecor= d?id=3DCVE-2026-23053 ] https://git.kernel.org/stable/c/49d352bc263fe4a8342= 33338bfaad31b3109addf https://git.kernel.org/stable/c/19b4d9ab5e77843eac0429c019470c02f8710b55 https://git.kernel.org/stable/c/cce0be6eb4971456b703aaeafd571650d314bcca
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: net: hv_netvsc: reject RSS hash key programming without RX ind= irection table RSS configuration requires a valid RX indirection table. Whe=
n the device reports a single receive queue, rndis_filter_device_add() does=
not allocate an indirection table, accepting RSS hash key updates in this = state leads to a hang. Fix this by gating netvsc_set_rxfh() on ndc->rx_tabl= e_sz and return -EOPNOTSUPP when the table is absent. This aligns set_rxfh = with the device capabilities and prevents incorrect behavior. 2026-02-04 no=
t yet calculated CVE-2026-23054 [ https://www.cve.org/CVERecord?id=3DCVE-20= 26-23054 ] https://git.kernel.org/stable/c/8288136f508e78eb3563e7073975999c= f225a2f9 https://git.kernel.org/stable/c/82c9039c8ebb715753a40434df714f865a3aec9c https://git.kernel.org/stable/c/4cd55c609e85ae2313248ef1a33619a3eef44a16 https://git.kernel.org/stable/c/11dd9a9ef4dc4507a15a69b8511a0013c6c28fa3 https://git.kernel.org/stable/c/d23564955811da493f34412d7de60fa268c8cb50
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: i2c: riic: Move suspend handling to NOIRQ phase Commit 5332613= 5d0e0 ("i2c: riic: Add suspend/resume support") added suspend support for t=
he Renesas I2C driver and following this change on RZ/G3E the following WAR= NING is seen on entering suspend ... [ 134.275704] Freezing remaining freez= able tasks completed (elapsed 0.001 seconds) [ 134.285536] ------------[ cu=
t here ]------------ [ 134.290298] i2c i2c-2: Transfer while suspended [ 13= 4.295174] WARNING: drivers/i2c/i2c-core.h:56 at __i2c_smbus_xfer+0x1e4/0x21=
4, CPU#0: systemd-sleep/388 [ 134.365507] Tainted: [W]=3DWARN [ 134.368485]=
Hardware name: Renesas SMARC EVK version 2 based on r9a09g047e57 (DT) [ 13= 4.375961] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=3D--)=
[ 134.382935] pc : __i2c_smbus_xfer+0x1e4/0x214 [ 134.387329] lr : __i2c_s= mbus_xfer+0x1e4/0x214 [ 134.391717] sp : ffff800083f23860 [ 134.395040] x29=
: ffff800083f23860 x28: 0000000000000000 x27: ffff800082ed5d60 [ 134.402226=
] x26: 0000001f4395fd74 x25: 0000000000000007 x24: 0000000000000001 [ 134.4= 09408] x23: 0000000000000000 x22: 000000000000006f x21: ffff800083f23936 [ = 134.416589] x20: ffff0000c090e140 x19: ffff0000c090e0d0 x18: 00000000000000=
06 [ 134.423771] x17: 6f63657320313030 x16: 2e30206465737061 x15: ffff80008= 3f23280 [ 134.430953] x14: 0000000000000000 x13: ffff800082b16ce8 x12: 0000= 000000000f09 [ 134.438134] x11: 0000000000000503 x10: ffff800082b6ece8 x9 :=
ffff800082b16ce8 [ 134.445315] x8 : 00000000ffffefff x7 : ffff800082b6ece8=
x6 : 80000000fffff000 [ 134.452495] x5 : 0000000000000504 x4 : 00000000000= 00000 x3 : 0000000000000000 [ 134.459672] x2 : 0000000000000000 x1 : 000000= 0000000000 x0 : ffff0000c9ee9e80 [ 134.466851] Call trace: [ 134.469311] __= i2c_smbus_xfer+0x1e4/0x214 (P) [ 134.473715] i2c_smbus_xfer+0xbc/0x120 [ 13= 4.477507] i2c_smbus_read_byte_data+0x4c/0x84 [ 134.482077] isl1208_i2c_read= _time+0x44/0x178 [rtc_isl1208] [ 134.487703] isl1208_rtc_read_time+0x14/0x2=
0 [rtc_isl1208] [ 134.493226] __rtc_read_time+0x44/0x88 [ 134.497012] rtc_r= ead_time+0x3c/0x68 [ 134.500622] rtc_suspend+0x9c/0x170 The warning is trig= gered because I2C transfers can still be attempted while the controller is = already suspended, due to inappropriate ordering of the system sleep callba= cks. If the controller is autosuspended, there is no way to wake it up once=
runtime PM disabled (in suspend_late()). During system resume, the I2C con= troller will be available only after runtime PM is re-enabled (in resume_ea= rly()). However, this may be too late for some devices. Wake up the control= ler in the suspend() callback while runtime PM is still enabled. The I2C co= ntroller will remain available until the suspend_noirq() callback (pm_runti= me_force_suspend()) is called. During resume, the I2C controller can be res= tored by the resume_noirq() callback (pm_runtime_force_resume()). Finally, = the resume() callback re-enables autosuspend. As a result, the I2C controll=
er can remain available until the system enters suspend_noirq() and from re= sume_noirq(). 2026-02-04 not yet calculated CVE-2026-23055 [ https://www.cv= e.org/CVERecord?id=3DCVE-2026-23055 ] https://git.kernel.org/stable/c/469f8= fe4c87e43520f279e45b927c35d6fe99194 https://git.kernel.org/stable/c/0b4c0fbbe00b7de76bdaea7fa771017d7a979b0d https://git.kernel.org/stable/c/e383f0961422f983451ac4dd6aed1a3d3311f2be
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: uacce: implement mremap in uacce_vm_ops to return -EPERM The c= urrent uacce_vm_ops does not support the mremap operation of vm_operations_= struct. Implement .mremap to return -EPERM to remind users. The reason we n= eed to explicitly disable mremap is that when the driver does not implement=
.mremap, it uses the default mremap method. This could lead to a risk scen= ario: An application might first mmap address p1, then mremap to p2, follow=
ed by munmap(p1), and finally munmap(p2). Since the default mremap copies t=
he original vma's vm_private_data (i.e., q) to the new vma, both munmap ope= rations would trigger vma_close, causing q->qfr to be freed twice(qfr will =
be set to null here, so repeated release is ok). 2026-02-04 not yet calcula= ted CVE-2026-23056 [ https://www.cve.org/CVERecord?id=3DCVE-2026-23056 ] ht= tps://git.kernel.org/stable/c/78d99f062d42e3af2ca46bde1a8e46e0dfd372e3 https://git.kernel.org/stable/c/ebfa85658a39b49ec3901ceea7535b73aa0429e6 https://git.kernel.org/stable/c/75b29bdc935ff93b8e8bf6f6b4d8a4810b26e06f https://git.kernel.org/stable/c/4c042bc71474dbe417c268f4bfb8ec196f802f07 https://git.kernel.org/stable/c/a407ddd61b3e6afc5ccfcd1478797171cf5686ee https://git.kernel.org/stable/c/ba29b59d124e725e0377f09b2044909c91d657a1 https://git.kernel.org/stable/c/02695347be532b628f22488300d40c4eba48b9b7
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: vsock/virtio: Coalesce only linear skb vsock/virtio common tri=
es to coalesce buffers in rx queue: if a linear skb (with a spare tail room=
) is followed by a small skb (length limited by GOOD_COPY_LEN =3D 128), an = attempt is made to join them. Since the introduction of MSG_ZEROCOPY suppor=
t, assumption that a small skb will always be linear is incorrect. In the z= erocopy case, data is lost and the linear skb is appended with uninitialize=
d kernel memory. Of all 3 supported virtio-based transports, only loopback-= transport is affected. G2H virtio-transport rx queue operates on explicitly=
linear skbs; see virtio_vsock_alloc_linear_skb() in virtio_vsock_rx_fill()=
. H2G vhost-transport may allocate non-linear skbs, but only for sizes that=
are not considered for coalescence; see PAGE_ALLOC_COSTLY_ORDER in virtio_= vsock_alloc_skb(). Ensure only linear skbs are coalesced. Note that skb_tai= lroom(last_skb) > 0 guarantees last_skb is linear. 2026-02-04 not yet calcu= lated CVE-2026-23057 [ https://www.cve.org/CVERecord?id=3DCVE-2026-23057 ] = https://git.kernel.org/stable/c/568e9cd8ed7ca9bf748c7687ba6501f29d30e59f https://git.kernel.org/stable/c/63ef9b300bd09e24c57050c5dbe68feedce42e72 https://git.kernel.org/stable/c/0386bd321d0f95d041a7b3d7b07643411b044a96
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory lea=
k Fix similar memory leak as in commit 7352e1d5932a ("can: gs_usb: gs_usb_r= eceive_bulk_callback(): fix URB memory leak"). In ems_usb_open(), the URBs = for USB-in transfers are allocated, added to the dev->rx_submitted anchor a=
nd submitted. In the complete callback ems_usb_read_bulk_callback(), the UR=
Bs are processed and resubmitted. In ems_usb_close() the URBs are freed by = calling usb_kill_anchored_urbs(&dev->rx_submitted). However, this does not = take into account that the USB framework unanchors the URB before the compl= ete function is called. This means that once an in-URB has been completed, =
it is no longer anchored and is ultimately not released in ems_usb_close().=
Fix the memory leak by anchoring the URB in the ems_usb_read_bulk_callback=
() to the dev->rx_submitted anchor. 2026-02-04 not yet calculated CVE-2026-= 23058 [ https://www.cve.org/CVERecord?id=3DCVE-2026-23058 ] https://git.ker= nel.org/stable/c/e2c71030dc464d437110bcfb367c493fd402bddb https://git.kernel.org/stable/c/f48eabd15194b216030b32445f44230df95f5fe0 https://git.kernel.org/stable/c/61e6d3674c3d1da1475dc207b3e75c55d678d18e https://git.kernel.org/stable/c/e9410fdd4d5f7eaa6526d8c80e83029d7c86a8e8 https://git.kernel.org/stable/c/46a191ff7eeec33a2ccb2a1bfea34e18fbc5dc1a https://git.kernel.org/stable/c/68c62b3e53901846b5f68c5a8bade72a5d9c0b87 https://git.kernel.org/stable/c/0ce73a0eb5a27070957b67fd74059b6da89cc516
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: scsi: qla2xxx: Sanitize payload size to prevent member overflo=
w In qla27xx_copy_fpin_pkt() and qla27xx_copy_multiple_pkt(), the frame_siz=
e reported by firmware is used to calculate the copy length into item->iocb=
. However, the iocb member is defined as a fixed-size 64-byte array within = struct purex_item. If the reported frame_size exceeds 64 bytes, subsequent = memcpy calls will overflow the iocb member boundary. While extra memory mig=
ht be allocated, this cross-member write is unsafe and triggers warnings un= der CONFIG_FORTIFY_SOURCE. Fix this by capping total_bytes to the size of t=
he iocb member (64 bytes) before allocation and copying. This ensures all c= opies remain within the bounds of the destination structure member. 2026-02= -04 not yet calculated CVE-2026-23059 [ https://www.cve.org/CVERecord?id=3D= CVE-2026-23059 ] https://git.kernel.org/stable/c/408bfa8d70f79ac696cec1bdbd= fb3bf43a02e6d0 https://git.kernel.org/stable/c/1922468a4a80424e5a69f7ba50adcee37f4722e9 https://git.kernel.org/stable/c/aa14451fa5d5f2de919384c637e2a8c604e1a1fe https://git.kernel.org/stable/c/19bc5f2a6962dfaa0e32d0e0bc2271993d85d414
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: crypto: authencesn - reject too-short AAD (assoclen<8) to matc=
h ESP/ESN spec authencesn assumes an ESP/ESN-formatted AAD. When assoclen i=
s shorter than the minimum expected length, crypto_authenc_esn_decrypt() ca=
n advance past the end of the destination scatterlist and trigger a NULL po= inter dereference in scatterwalk_map_and_copy(), leading to a kernel panic = (DoS). Add a minimum AAD length check to fail fast on invalid inputs. 2026-= 02-04 not yet calculated CVE-2026-23060 [ https://www.cve.org/CVERecord?id= =3DCVE-2026-23060 ] https://git.kernel.org/stable/c/df22c9a65e9a9daa368a72f= ed596af9d7d5876bb https://git.kernel.org/stable/c/fee86edf5803f1d1f19e3b4f2dacac241bddfa48 https://git.kernel.org/stable/c/767e8349f7e929b7dd95c08f0b4cb353459b365e https://git.kernel.org/stable/c/b0a9609283a5c852addb513dafa655c61eebc1ef https://git.kernel.org/stable/c/161bdc90fce25bd9890adc67fa1c8563a7acbf40 https://git.kernel.org/stable/c/9532ff0d0e90ff78a214299f594ab9bac81defe4 https://git.kernel.org/stable/c/2397e9264676be7794f8f7f1e9763d90bd3c7335
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memo=
ry leak Fix similar memory leak as in commit 7352e1d5932a ("can: gs_usb: gs= _usb_receive_bulk_callback(): fix URB memory leak"). In kvaser_usb_set_{,da= ta_}bittiming() -> kvaser_usb_setup_rx_urbs(), the URBs for USB-in transfer=
s are allocated, added to the dev->rx_submitted anchor and submitted. In th=
e complete callback kvaser_usb_read_bulk_callback(), the URBs are processed=
and resubmitted. In kvaser_usb_remove_interfaces() the URBs are freed by c= alling usb_kill_anchored_urbs(&dev->rx_submitted). However, this does not t= ake into account that the USB framework unanchors the URB before the comple=
te function is called. This means that once an in-URB has been completed, i=
t is no longer anchored and is ultimately not released in usb_kill_anchored= _urbs(). Fix the memory leak by anchoring the URB in the kvaser_usb_read_bu= lk_callback() to the dev->rx_submitted anchor. 2026-02-04 not yet calculate=
d CVE-2026-23061 [ https://www.cve.org/CVERecord?id=3DCVE-2026-23061 ] http= s://git.kernel.org/stable/c/d9d824582f2ec76459ffab449e9b05c7bc49645c https://git.kernel.org/stable/c/40a3334ffda479c63e416e61ff086485e24401f7 https://git.kernel.org/stable/c/c1b39fa24c140bc616f51fef4175c1743e2bb132 https://git.kernel.org/stable/c/7c308f7530bffafa994e0aa8dc651a312f4b9ff4 https://git.kernel.org/stable/c/94a7fc42e21c7d9d1c49778cd1db52de5df52a01 https://git.kernel.org/stable/c/3b1a593eab941c3f32417896cc7df564191f2482 https://git.kernel.org/stable/c/248e8e1a125fa875158df521b30f2cc7e27eeeaa
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: platform/x86: hp-bioscfg: Fix kernel panic in GET_INSTANCE_ID = macro The GET_INSTANCE_ID macro that caused a kernel panic when accessing s= ysfs attributes: 1. Off-by-one error: The loop condition used '<=3D' instea=
d of '<', causing access beyond array bounds. Since array indices are 0-bas=
ed and go from 0 to instances_count-1, the loop should use '<'. 2. Missing = NULL check: The code dereferenced attr_name_kobj->name without checking if = attr_name_kobj was NULL, causing a null pointer dereference in min_length_s= how() and other attribute show functions. The panic occurred when fwupd tri=
ed to read BIOS configuration attributes: Oops: general protection fault [#=
1] SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000000-0x000= 0000000000007] RIP: 0010:min_length_show+0xcf/0x1d0 [hp_bioscfg] Add a NULL=
check for attr_name_kobj before dereferencing and corrects the loop bounda=
ry to match the pattern used elsewhere in the driver. 2026-02-04 not yet ca= lculated CVE-2026-23062 [ https://www.cve.org/CVERecord?id=3DCVE-2026-23062=
] https://git.kernel.org/stable/c/eb5ff1025c92117d5d1cc728bcfa294abe484da1 https://git.kernel.org/stable/c/eba49c1dee9c5e514ca18e52c545bba524e8a045 https://git.kernel.org/stable/c/193922a23d7294085a47d7719fdb7d66ad0a236f https://git.kernel.org/stable/c/25150715e0b049b99df664daf05dab12f41c3e13
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: uacce: ensure safe queue release with state management Directl=
y calling `put_queue` carries risks since it cannot guarantee that resource=
s of `uacce_queue` have been fully released beforehand. So adding a `stop_q= ueue` operation for the UACCE_CMD_PUT_Q command and leaving the `put_queue`=
operation to the final resource release ensures safety. Queue states are d= efined as follows: - UACCE_Q_ZOMBIE: Initial state - UACCE_Q_INIT: After op= ening `uacce` - UACCE_Q_STARTED: After `start` is issued via `ioctl` When e= xecuting `poweroff -f` in virt while accelerator are still working, `uacce_= fops_release` and `uacce_remove` may execute concurrently. This can cause `= uacce_put_queue` within `uacce_fops_release` to access a NULL `ops` pointer=
. Therefore, add state checks to prevent accessing freed pointers. 2026-02-=
04 not yet calculated CVE-2026-23063 [ https://www.cve.org/CVERecord?id=3DC= VE-2026-23063 ] https://git.kernel.org/stable/c/b457abeb5d962db88aaf60e2494= 02fd3073dbfab https://git.kernel.org/stable/c/8b57bf1d3b1db692f34bce694a03e41be79f6016 https://git.kernel.org/stable/c/336fb41a186e7c0415ae94fec9e23d1f04b87483 https://git.kernel.org/stable/c/43f233eb6e7b9d88536881a9bc43726d0e34800d https://git.kernel.org/stable/c/47634d70073890c9c37e39ab4ff93d4b585b028a https://git.kernel.org/stable/c/92e4f11e29b98ef424ff72d6371acac03e5d973c https://git.kernel.org/stable/c/26c08dabe5475d99a13f353d8dd70e518de45663
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: net/sched: act_ife: avoid possible NULL deref tcf_ife_encode()=
must make sure ife_encode() does not return NULL. syzbot reported: Oops: g= eneral protection fault, probably for non-canonical address 0xdffffc0000000= 000: 0000 [#1] SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000= 000000-0x0000000000000007] RIP: 0010:ife_tlv_meta_encode+0x41/0xa0 net/ife/= ife.c:166 CPU: 3 UID: 0 PID: 8990 Comm: syz.0.696 Not tainted syzkaller #0 = PREEMPT(full) Call Trace: <TASK> ife_encode_meta_u32+0x153/0x180 net/sched/= act_ife.c:101 tcf_ife_encode net/sched/act_ife.c:841 [inline] tcf_ife_act+0= x1022/0x1de0 net/sched/act_ife.c:877 tc_act include/net/tc_wrapper.h:130 [i= nline] tcf_action_exec+0x1c0/0xa20 net/sched/act_api.c:1152 tcf_exts_exec i= nclude/net/pkt_cls.h:349 [inline] mall_classify+0x1a0/0x2a0 net/sched/cls_m= atchall.c:42 tc_classify include/net/tc_wrapper.h:197 [inline] __tcf_classi=
fy net/sched/cls_api.c:1764 [inline] tcf_classify+0x7f2/0x1380 net/sched/cl= s_api.c:1860 multiq_classify net/sched/sch_multiq.c:39 [inline] multiq_enqu= eue+0xe0/0x510 net/sched/sch_multiq.c:66 dev_qdisc_enqueue+0x45/0x250 net/c= ore/dev.c:4147 __dev_xmit_skb net/core/dev.c:4262 [inline] __dev_queue_xmit= +0x2998/0x46c0 net/core/dev.c:4798 2026-02-04 not yet calculated CVE-2026-2= 3064 [ https://www.cve.org/CVERecord?id=3DCVE-2026-23064 ] https://git.kern= el.org/stable/c/4ef2c77851676b7ed106f0c47755bee9eeec9a40 https://git.kernel.org/stable/c/dd9442aedbeae87c44cc64c0ee41abd296dc008b https://git.kernel.org/stable/c/1440d749fe49c8665da6f744323b1671d25a56a0 https://git.kernel.org/stable/c/03710cebfc0bcfe247a9e04381e79ea33896e278 https://git.kernel.org/stable/c/374915dfc932adf57712df3be010667fd1190e3c https://git.kernel.org/stable/c/6c75fed55080014545f262b7055081cec4768b20 https://git.kernel.org/stable/c/27880b0b0d35ad1c98863d09788254e36f874968
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: platform/x86/amd: Fix memory leak in wbrf_record() The tmp buf= fer is allocated using kcalloc() but is not freed if acpi_evaluate_dsm() fa= ils. This causes a memory leak in the error path. Fix this by explicitly fr= eeing the tmp buffer in the error handling path of acpi_evaluate_dsm(). 202= 6-02-04 not yet calculated CVE-2026-23065 [ https://www.cve.org/CVERecord?i= d=3DCVE-2026-23065 ] https://git.kernel.org/stable/c/1152dffe01af86e42ce2b2= 08b92ef7f8c275d130 https://git.kernel.org/stable/c/1a0072bd1f1e559eda3e91a24dbc51c9eb025c54 https://git.kernel.org/stable/c/2bf1877b7094c684e1d652cac6912cfbc507ad3e
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: rxrpc: Fix recvmsg() unconditional requeue If rxrpc_recvmsg() = fails because MSG_DONTWAIT was specified but the call at the front of the r= ecvmsg queue already has its mutex locked, it requeues the call - whether o=
r not the call is already queued. The call may be on the queue because MSG_= PEEK was also passed and so the call was not dequeued or because the I/O th= read requeued it. The unconditional requeue may then corrupt the recvmsg qu= eue, leading to things like UAFs or refcount underruns. Fix this by only re= queuing the call if it isn't already on the queue - and moving it to the fr= ont if it is already queued. If we don't queue it, we have to put the ref w=
e obtained by dequeuing it. Also, MSG_PEEK doesn't dequeue the call so shou= ldn't call rxrpc_notify_socket() for the call if we didn't use up all the d= ata on the queue, so fix that also. 2026-02-04 not yet calculated CVE-2026-= 23066 [ https://www.cve.org/CVERecord?id=3DCVE-2026-23066 ] https://git.ker= nel.org/stable/c/930114425065f7ace6e0c0630fab4af75e059ea8 https://git.kernel.org/stable/c/2c28769a51deb6022d7fbd499987e237a01dd63a
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: iommu/io-pgtable-arm: fix size_t signedness bug in unmap path = __arm_lpae_unmap() returns size_t but was returning -ENOENT (negative error=
code) when encountering an unmapped PTE. Since size_t is unsigned, -ENOENT=
(typically -2) becomes a huge positive value (0xFFFFFFFFFFFFFFFE on 64-bit=
systems). This corrupted value propagates through the call chain: __arm_lp= ae_unmap() returns -ENOENT as size_t -> arm_lpae_unmap_pages() returns it -=

__iommu_unmap() adds it to iova address -> iommu_pgsize() triggers BUG_ON=

due to corrupted iova This can cause IOVA address overflow in __iommu_unma= p() loop and trigger BUG_ON in iommu_pgsize() from invalid address alignmen=
t. Fix by returning 0 instead of -ENOENT. The WARN_ON already signals the e= rror condition, and returning 0 (meaning "nothing unmapped") is the correct=
semantic for size_t return type. This matches the behavior of other io-pgt= able implementations (io-pgtable-arm-v7s, io-pgtable-dart) which return 0 o=
n error conditions. 2026-02-04 not yet calculated CVE-2026-23067 [ https://= www.cve.org/CVERecord?id=3DCVE-2026-23067 ] https://git.kernel.org/stable/c= /41ec6988547819756fb65e94fc24f3e0dddf84ac https://git.kernel.org/stable/c/374e7af67d9d9d6103c2cfc8eb32abfecf3a2fd8
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: spi: spi-sprd-adi: Fix double free in probe error path The dri= ver currently uses spi_alloc_host() to allocate the controller but register=
s it using devm_spi_register_controller(). If devm_register_restart_handler=
() fails, the code jumps to the put_ctlr label and calls spi_controller_put= (). However, since the controller was registered via a devm function, the d= evice core will automatically call spi_controller_put() again when the prob=
e fails. This results in a double-free of the spi_controller structure. Fix=
this by switching to devm_spi_alloc_host() and removing the manual spi_con= troller_put() call. 2026-02-04 not yet calculated CVE-2026-23068 [ https://= www.cve.org/CVERecord?id=3DCVE-2026-23068 ] https://git.kernel.org/stable/c= /bddd3d10d039729b81cfb0804520c8832a701a0e https://git.kernel.org/stable/c/417cdfd9b9f986e95bfcb1d68eb443e6e0a15f8c https://git.kernel.org/stable/c/346775f2b4cf839177e8e86b94aa180a06dc15b0 https://git.kernel.org/stable/c/f6d6b3f172df118db582fe5ec43ae223a55d99cf https://git.kernel.org/stable/c/383d4f5cffcc8df930d95b06518a9d25a6d74aac
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: vsock/virtio: fix potential underflow in virtio_transport_get_= credit() The credit calculation in virtio_transport_get_credit() uses unsig= ned arithmetic: ret =3D vvs->peer_buf_alloc - (vvs->tx_cnt - vvs->peer_fwd_= cnt); If the peer shrinks its advertised buffer (peer_buf_alloc) while byte=
s are in flight, the subtraction can underflow and produce a large positive=
value, potentially allowing more data to be queued than the peer can handl=
e. Reuse virtio_transport_has_space() which already handles this case and a=
dd a comment to make it clear why we are doing that. [Stefano: use virtio_t= ransport_has_space() instead of duplicating the code] [Stefano: tweak the c= ommit message] 2026-02-04 not yet calculated CVE-2026-23069 [ https://www.c= ve.org/CVERecord?id=3DCVE-2026-23069 ] https://git.kernel.org/stable/c/d96d= e882d6b99955604669d962ae14e94b66a551 https://git.kernel.org/stable/c/02f9af192b98d15883c70dd41ac76d1b0217c899 https://git.kernel.org/stable/c/d05bc313788f0684b27f0f5b60c52a844669b542 https://git.kernel.org/stable/c/ec0f1b3da8061be3173d1c39faaf9504f91942c3 https://git.kernel.org/stable/c/3ef3d52a1a9860d094395c7a3e593f3aa26ff012
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: Octeontx2-af: Add proper checks for fwdata firmware populates = MAC address, link modes (supported, advertised) and EEPROM data in shared f= irmware structure which kernel access via MAC block(CGX/RPM). Accessing fwd= ata, on boards booted with out MAC block leading to kernel panics. Internal=
error: Oops: 0000000096000005 [#1] SMP [ 10.460721] Modules linked in: [ 1= 0.463779] CPU: 0 UID: 0 PID: 174 Comm: kworker/0:3 Not tainted 6.19.0-rc5-0= 0154-g76ec646abdf7-dirty #3 PREEMPT [ 10.474045] Hardware name: Marvell Oct= eonTX CN98XX board (DT) [ 10.479793] Workqueue: events work_for_cpu_fn [ 10= .484159] pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=3D--) =
[ 10.491124] pc : rvu_sdp_init+0x18/0x114 [ 10.495051] lr : rvu_probe+0xe58= /0x1d18 2026-02-04 not yet calculated CVE-2026-23070 [ https://www.cve.org/= CVERecord?id=3DCVE-2026-23070 ] https://git.kernel.org/stable/c/e343973fab4= 3c266a40e4e0dabdc4216db6d5eff https://git.kernel.org/stable/c/4a3dba48188208e4f66822800e042686784d29d1
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: regmap: Fix race condition in hwspinlock irqsave routine Previ= ously, the address of the shared member '&map->spinlock_flags' was passed d= irectly to 'hwspin_lock_timeout_irqsave'. This creates a race condition whe=
re multiple contexts contending for the lock could overwrite the shared fla=
gs variable, potentially corrupting the state for the current lock owner. F=
ix this by using a local stack variable 'flags' to store the IRQ state temp= orarily. 2026-02-04 not yet calculated CVE-2026-23071 [ https://www.cve.org= /CVERecord?id=3DCVE-2026-23071 ] https://git.kernel.org/stable/c/e1a7072bc4= f958c9e852dc7e57e39f12b0bb44b5 https://git.kernel.org/stable/c/766e243ae8c8b27087a4cc605752c0d5ee2daeab https://git.kernel.org/stable/c/f1e2fe26a51eca95b41420af76d22c2e613efd5e https://git.kernel.org/stable/c/24f31be6ad70537fd7706269d99c92cade465a09 https://git.kernel.org/stable/c/4aab0ca0a0f7760e33edcb4e47576064d05128f5 https://git.kernel.org/stable/c/c2d2cf710dc3ee1a69e00b4ed8de607a92a07889 https://git.kernel.org/stable/c/4b58aac989c1e3fafb1c68a733811859df388250
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: l2tp: Fix memleak in l2tp_udp_encap_recv(). syzbot reported me= mleak of struct l2tp_session, l2tp_tunnel, sock, etc. [0] The cited commit = moved down the validation of the protocol version in l2tp_udp_encap_recv().=
The new place requires an extra error handling to avoid the memleak. Let's=
call l2tp_session_put() there. [0]: BUG: memory leak unreferenced object 0= xffff88810a290200 (size 512): comm "syz.0.17", pid 6086, jiffies 4294944299=
hex dump (first 32 bytes): 7d eb 04 0c 00 00 00 00 01 00 00 00 00 00 00 00=
}............... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .........= ....... backtrace (crc babb6a4f): kmemleak_alloc_recursive include/linux/km= emleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4958 [inline] slab_allo= c_node mm/slub.c:5263 [inline] __do_kmalloc_node mm/slub.c:5656 [inline] __= kmalloc_noprof+0x3e0/0x660 mm/slub.c:5669 kmalloc_noprof include/linux/slab= .h:961 [inline] kzalloc_noprof include/linux/slab.h:1094 [inline] l2tp_sess= ion_create+0x3a/0x3b0 net/l2tp/l2tp_core.c:1778 pppol2tp_connect+0x48b/0x92=
0 net/l2tp/l2tp_ppp.c:755 __sys_connect_file+0x7a/0xb0 net/socket.c:2089 __= sys_connect+0xde/0x110 net/socket.c:2108 __do_sys_connect net/socket.c:2114=
[inline] __se_sys_connect net/socket.c:2111 [inline] __x64_sys_connect+0x1= c/0x30 net/socket.c:2111 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inl= ine] do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_= 64_after_hwframe+0x77/0x7f 2026-02-04 not yet calculated CVE-2026-23072 [ h= ttps://www.cve.org/CVERecord?id=3DCVE-2026-23072 ] https://git.kernel.org/s= table/c/5cd158a88eef34e7b100cd9b963873d3b4e41b35 https://git.kernel.org/stable/c/d4ce79e6dce2a4a49eebceea7b4caf5dc0f0ef3d https://git.kernel.org/stable/c/4d10edfd1475b69dbd4c47f34b61a3772ece83ca
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: wifi: rsi: Fix memory corruption due to not set vif driver dat=
a size The struct ieee80211_vif contains trailing space for vif driver data=
, when struct ieee80211_vif is allocated, the total memory size that is all= ocated is sizeof(struct ieee80211_vif) + size of vif driver data. The size =
of vif driver data is set by each WiFi driver as needed. The RSI911x driver=
does not set vif driver data size, no trailing space for vif driver data i=
s therefore allocated past struct ieee80211_vif . The RSI911x driver does h= owever use the vif driver data to store its vif driver data structure "stru=
ct vif_priv". An access to vif->drv_priv leads to access out of struct ieee= 80211_vif bounds and corruption of some memory. In case of the failure obse= rved locally, rsi_mac80211_add_interface() would write struct vif_priv *vif= _info =3D (struct vif_priv *)vif->drv_priv; vif_info->vap_id =3D vap_idx. T= his write corrupts struct fq_tin member struct list_head new_flows . The fl=
ow =3D list_first_entry(head, struct fq_flow, flowchain); in fq_tin_reset()=
then reports non-NULL bogus address, which when accessed causes a crash. T=
he trigger is very simple, boot the machine with init=3D/bin/sh , mount dev= tmpfs, sysfs, procfs, and then do "ip link set wlan0 up", "sleep 1", "ip li=
nk set wlan0 down" and the crash occurs. Fix this by setting the correct si=
ze of vif driver data, which is the size of "struct vif_priv", so that memo=
ry is allocated and the driver can store its driver data in it, instead of = corrupting memory around it. 2026-02-04 not yet calculated CVE-2026-23073 [=
https://www.cve.org/CVERecord?id=3DCVE-2026-23073 ] https://git.kernel.org= /stable/c/49ef094fdbc3526e5db2aebb404b84f79c5603dc https://git.kernel.org/stable/c/0d7c9e793e351cbbe9e06a9ca47d77b6ad288fb0 https://git.kernel.org/stable/c/7c54d0c3e2cad4300be721ec2aecfcf8a63bc9f4 https://git.kernel.org/stable/c/7761d7801f40e61069b4df3db88b36d80d089f8a https://git.kernel.org/stable/c/99129d80a5d4989ef8566f434f3589f60f28042b https://git.kernel.org/stable/c/31efbcff90884ea5f65bf3d1de01267db51ee3d1 https://git.kernel.org/stable/c/4f431d88ea8093afc7ba55edf4652978c5a68f33
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: net/sched: Enforce that teql can only be used as root qdisc De= sign intent of teql is that it is only supposed to be used as root qdisc. W=
e need to check for that constraint. Although not important, I will describ=
e the scenario that unearthed this issue for the curious. GangMin Kim <km.k= im1503@gmail.com> managed to concot a scenario as follows: ROOT qdisc 1:0 (= QFQ) =E2=94=9C=E2=94=80=E2=94=80 class 1:1 (weight=3D15, lmax=3D16384) nete=
m with delay 6.4s =E2=94=94=E2=94=80=E2=94=80 class 1:2 (weight=3D1, lmax= =3D1514) teql GangMin sends a packet which is enqueued to 1:1 (netem). Any = invocation of dequeue by QFQ from this class will not return a packet until=
after 6.4s. In the meantime, a second packet is sent and it lands on 1:2. = teql's enqueue will return success and this will activate class 1:2. Main i= ssue is that teql only updates the parent visible qlen (sch->q.qlen) at deq= ueue. Since QFQ will only call dequeue if peek succeeds (and teql's peek al= ways returns NULL), dequeue will never be called and thus the qlen will rem= ain as 0. With that in mind, when GangMin updates 1:2's lmax value, the qfq= _change_class calls qfq_deact_rm_from_agg. Since the child qdisc's qlen was=
not incremented, qfq fails to deactivate the class, but still frees its po= inters from the aggregate. So when the first packet is rescheduled after 6.=
4 seconds (netem's delay), a dangling pointer is accessed causing GangMin's=
causing a UAF. 2026-02-04 not yet calculated CVE-2026-23074 [ https://www.= cve.org/CVERecord?id=3DCVE-2026-23074 ] https://git.kernel.org/stable/c/73d= 970ff0eddd874a84c953387c7f4464b705fc6 https://git.kernel.org/stable/c/ae810e6a8ac4fe25042e6825d2a401207a2e41fb https://git.kernel.org/stable/c/dad49a67c2d817bfec98e6e45121b351e3a0202c https://git.kernel.org/stable/c/0686bedfed34155520f3f735cbf3210cb9044380 https://git.kernel.org/stable/c/4c7e8aa71c9232cba84c289b4b56cba80b280841 https://git.kernel.org/stable/c/16ed73c1282d376b956bff23e5139add061767ba https://git.kernel.org/stable/c/50da4b9d07a7a463e2cfb738f3ad4cff6b2c9c3b
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: can: esd_usb: esd_usb_read_bulk_callback(): fix URB memory lea=
k Fix similar memory leak as in commit 7352e1d5932a ("can: gs_usb: gs_usb_r= eceive_bulk_callback(): fix URB memory leak"). In esd_usb_open(), the URBs = for USB-in transfers are allocated, added to the dev->rx_submitted anchor a=
nd submitted. In the complete callback esd_usb_read_bulk_callback(), the UR=
Bs are processed and resubmitted. In esd_usb_close() the URBs are freed by = calling usb_kill_anchored_urbs(&dev->rx_submitted). However, this does not = take into account that the USB framework unanchors the URB before the compl= ete function is called. This means that once an in-URB has been completed, =
it is no longer anchored and is ultimately not released in esd_usb_close().=
Fix the memory leak by anchoring the URB in the esd_usb_read_bulk_callback=
() to the dev->rx_submitted anchor. 2026-02-04 not yet calculated CVE-2026-= 23075 [ https://www.cve.org/CVERecord?id=3DCVE-2026-23075 ] https://git.ker= nel.org/stable/c/93b34d4ba7266030801a509c088ac77c0d7a12e9 https://git.kernel.org/stable/c/dc934d96673992af8568664c1b58e13eb164010d https://git.kernel.org/stable/c/92d26ce07ac3b7a850dc68c8d73d487b39c39b33 https://git.kernel.org/stable/c/adec5e1f9c99fe079ec4c92cca3f1109a3e257c3 https://git.kernel.org/stable/c/9d1807b442fc3286b204f8e59981b10e743533ce https://git.kernel.org/stable/c/a9503ae43256e80db5cba9d449b238607164c51d https://git.kernel.org/stable/c/5a4391bdc6c8357242f62f22069c865b792406b3
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: ALSA: ctxfi: Fix potential OOB access in audio mixer handling =
In the audio mixer handling code of ctxfi driver, the conf field is used as=
a kind of loop index, and it's referred in the index callbacks (amixer_ind= ex() and sum_index()). As spotted recently by fuzzers, the current code cau= ses OOB access at those functions. | UBSAN: array-index-out-of-bounds in /b= uild/reproducible-path/linux-6.17.8/sound/pci/ctxfi/ctamixer.c:347:48 | ind=
ex 8 is out of range for type 'unsigned char [8]' After the analysis, the c= ause was found to be the lack of the proper (re-)initialization of conj fie= ld. This patch addresses those OOB accesses by adding the proper initializa= tions of the loop indices. 2026-02-04 not yet calculated CVE-2026-23076 [ h= ttps://www.cve.org/CVERecord?id=3DCVE-2026-23076 ] https://git.kernel.org/s= table/c/6524205326e0c1a21263b5c14e48e14ef7e449ae https://git.kernel.org/stable/c/afca7ff5d5d4d63a1acb95461f55ca9a729feedf https://git.kernel.org/stable/c/8c1d09806e1441bc6a54b9a4f2818918046d5174 https://git.kernel.org/stable/c/a8c42d11b0526a89192bd2f79facb4c60c8a1f38 https://git.kernel.org/stable/c/d77ba72558cd66704f0fb7e0969f697e87c0f71c https://git.kernel.org/stable/c/873e2360d247eeee642878fcc3398babff7e387c https://git.kernel.org/stable/c/61006c540cbdedea83b05577dc7fb7fa18fe1276
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: mm/vma: fix anon_vma UAF on mremap() faulted, unfaulted merge = Patch series "mm/vma: fix anon_vma UAF on mremap() faulted, unfaulted merge=
", v2. Commit 879bca0a2c4f ("mm/vma: fix incorrectly disallowed anonymous V=
MA merges") introduced the ability to merge previously unavailable VMA merg=
e scenarios. However, it is handling merges incorrectly when it comes to mr= emap() of a faulted VMA adjacent to an unfaulted VMA. The issues arise in t= hree cases: 1. Previous VMA unfaulted: copied -----| v |-----------|.......= ......| | unfaulted |(faulted VMA)| |-----------|.............| prev 2. Nex=
t VMA unfaulted: copied -----| v |.............|-----------| |(faulted VMA)=
| unfaulted | |.............|-----------| next 3. Both adjacent VMAs unfaul= ted: copied -----| v |-----------|.............|-----------| | unfaulted |(= faulted VMA)| unfaulted | |-----------|.............|-----------| prev next=
This series fixes each of these cases, and introduces self tests to assert=
that the issues are corrected. I also test a further case which was alread=
y handled, to assert that my changes continues to correctly handle it: 4. p= rev unfaulted, next faulted: copied -----| v |-----------|.............|---= --------| | unfaulted |(faulted VMA)| faulted | |-----------|.............|= -----------| prev next This bug was discovered via a syzbot report, linked =
to in the first patch in the series, I confirmed that this series fixes the=
bug. I also discovered that we are failing to check that the faulted VMA w=
as not forked when merging a copied VMA in cases 1-3 above, an issue this s= eries also addresses. I also added self tests to assert that this is resolv=
ed (and confirmed that the tests failed prior to this). I also cleaned up v= ma_expand() as part of this work, renamed vma_had_uncowed_parents() to vma_= is_fork_child() as the previous name was unduly confusing, and simplified t=
he comments around this function. This patch (of 4): Commit 879bca0a2c4f ("= mm/vma: fix incorrectly disallowed anonymous VMA merges") introduced the ab= ility to merge previously unavailable VMA merge scenarios. The key piece of=
logic introduced was the ability to merge a faulted VMA immediately next t=
o an unfaulted VMA, which relies upon dup_anon_vma() to correctly handle an= on_vma state. In the case of the merge of an existing VMA (that is changing=
properties of a VMA and then merging if those properties are shared by adj= acent VMAs), dup_anon_vma() is invoked correctly. However in the case of th=
e merge of a new VMA, a corner case peculiar to mremap() was missed. The is= sue is that vma_expand() only performs dup_anon_vma() if the target (the VM=
A that will ultimately become the merged VMA): is not the next VMA, i.e. th=
e one that appears after the range in which the new VMA is to be establishe=
d. A key insight here is that in all other cases other than mremap(), a new=
VMA merge either expands an existing VMA, meaning that the target VMA will=
be that VMA, or would have anon_vma be NULL. Specifically: * __mmap_region=
() - no anon_vma in place, initial mapping. * do_brk_flags() - expanding an=
existing VMA. * vma_merge_extend() - expanding an existing VMA. * relocate= _vma_down() - no anon_vma in place, initial mapping. In addition, we are in=
the unique situation of needing to duplicate anon_vma state from a VMA tha=
t is neither the previous or next VMA being merged with. dup_anon_vma() dea=
ls exclusively with the target=3Dunfaulted, src=3Dfaulted case. This leaves=
four possibilities, in each case where the copied VMA is faulted: 1. Previ= ous VMA unfaulted: copied -----| ---truncated--- 2026-02-04 not yet calcula= ted CVE-2026-23077 [ https://www.cve.org/CVERecord?id=3DCVE-2026-23077 ] ht= tps://git.kernel.org/stable/c/a4d9dbfc1bab16e25fefd34b5e537a46bed8fc96 https://git.kernel.org/stable/c/61f67c230a5e7c741c352349ea80147fbe65bfae
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: ALSA: scarlett2: Fix buffer overflow in config retrieval The s= carlett2_usb_get_config() function has a logic error in the endianness conv= ersion code that can cause buffer overflows when count > 1. The code checks=
`if (size =3D=3D 2)` where `size` is the total buffer size in bytes, then = loops `count` times treating each element as u16 (2 bytes). This causes the=
loop to access `count * 2` bytes when the buffer only has `size` bytes all= ocated. Fix by checking the element size (config_item->size) instead of the=
total buffer size. This ensures the endianness conversion matches the actu=
al element type. 2026-02-04 not yet calculated CVE-2026-23078 [ https://www= .cve.org/CVERecord?id=3DCVE-2026-23078 ] https://git.kernel.org/stable/c/d5= e80d1f97ae55bcea1426f551e4419245b41b9c https://git.kernel.org/stable/c/51049f6e3f05d70660e2458ad3bb302a3721b751 https://git.kernel.org/stable/c/91a756d22f0482eac5bedb113c8922f90b254449 https://git.kernel.org/stable/c/27049f50be9f5ae3a62d272128ce0b381cb26a24 https://git.kernel.org/stable/c/31a3eba5c265a763260976674a22851e83128f6d https://git.kernel.org/stable/c/6f5c69f72e50d51be3a8c028ae7eda42c82902cb
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: gpio: cdev: Fix resource leaks on errors in lineinfo_changed_n= otify() On error handling paths, lineinfo_changed_notify() doesn't free the=
allocated resources which results leaks. Fix it. 2026-02-04 not yet calcul= ated CVE-2026-23079 [ https://www.cve.org/CVERecord?id=3DCVE-2026-23079 ] h= ttps://git.kernel.org/stable/c/16414341b0dd58b650b5df45c79115bc5977bb76 https://git.kernel.org/stable/c/70b3c280533167749a8f740acaa8ef720f78f984
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: can: mcba_usb: mcba_usb_read_bulk_callback(): fix URB memory l= eak Fix similar memory leak as in commit 7352e1d5932a ("can: gs_usb: gs_usb= _receive_bulk_callback(): fix URB memory leak"). In mcba_usb_probe() -> mcb= a_usb_start(), the URBs for USB-in transfers are allocated, added to the pr= iv->rx_submitted anchor and submitted. In the complete callback mcba_usb_re= ad_bulk_callback(), the URBs are processed and resubmitted. In mcba_usb_clo= se() -> mcba_urb_unlink() the URBs are freed by calling usb_kill_anchored_u= rbs(&priv->rx_submitted). However, this does not take into account that the=
USB framework unanchors the URB before the complete function is called. Th=
is means that once an in-URB has been completed, it is no longer anchored a=
nd is ultimately not released in usb_kill_anchored_urbs(). Fix the memory l= eak by anchoring the URB in the mcba_usb_read_bulk_callback()to the priv->r= x_submitted anchor. 2026-02-04 not yet calculated CVE-2026-23080 [ https://= www.cve.org/CVERecord?id=3DCVE-2026-23080 ] https://git.kernel.org/stable/c= /8b34c611a4feb81921bc4728c091e4e3ba0270c0 https://git.kernel.org/stable/c/b5a1ccdc63b71d93a69a6b72f7a3f3934293ea60 https://git.kernel.org/stable/c/59153b6388e05609144ad56a9b354e9100a91983 https://git.kernel.org/stable/c/179f6f0cf5ae489743273b7c1644324c0c477ea9 https://git.kernel.org/stable/c/94c9f6f7b953f6382fef4bdc48c046b861b8868f https://git.kernel.org/stable/c/d374d715e338dfc3804aaa006fa6e470ffebb264 https://git.kernel.org/stable/c/710a7529fb13c5a470258ff5508ed3c498d54729
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: net: phy: intel-xway: fix OF node refcount leakage Automated r= eview spotted am OF node reference count leakage when checking if the 'leds=
' child node exists. Call of_put_node() to correctly maintain the refcount.=
2026-02-04 not yet calculated CVE-2026-23081 [ https://www.cve.org/CVEReco= rd?id=3DCVE-2026-23081 ] https://git.kernel.org/stable/c/1f24dfd556401b75f7= 8e8d9cbd94dd9f31411c3a https://git.kernel.org/stable/c/79912b256e14054e6ba177d7e7e631485ce23dbe
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on u= sb_submit_urb() error In commit 7352e1d5932a ("can: gs_usb: gs_usb_receive_= bulk_callback(): fix URB memory leak"), the URB was re-anchored before usb_= submit_urb() in gs_usb_receive_bulk_callback() to prevent a leak of this UR=
B during cleanup. However, this patch did not take into account that usb_su= bmit_urb() could fail. The URB remains anchored and usb_kill_anchored_urbs(= &parent->rx_submitted) in gs_can_close() loops infinitely since the anchor = list never becomes empty. To fix the bug, unanchor the URB when an usb_subm= it_urb() error occurs, also print an info message. 2026-02-04 not yet calcu= lated CVE-2026-23082 [ https://www.cve.org/CVERecord?id=3DCVE-2026-23082 ] = https://git.kernel.org/stable/c/aa8a8866c533a150be4763bcb27993603bd5426c https://git.kernel.org/stable/c/ce4352057fc5a986c76ece90801b9755e7c6e56c https://git.kernel.org/stable/c/c610b550ccc0438d456dfe1df9f4f36254ccaae3 https://git.kernel.org/stable/c/c3edc14da81a8d8398682f6e4ab819f09f37c0b7 https://git.kernel.org/stable/c/79a6d1bfe1148bc921b8d7f3371a7fbce44e30f7
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: fou: Don't allow 0 for FOU_ATTR_IPPROTO. fou_udp_recv() has th=
e same problem mentioned in the previous patch. If FOU_ATTR_IPPROTO is set =
to 0, skb is not freed by fou_udp_recv() nor "resubmit"-ted in ip_protocol_= deliver_rcu(). Let's forbid 0 for FOU_ATTR_IPPROTO. 2026-02-04 not yet calc= ulated CVE-2026-23083 [ https://www.cve.org/CVERecord?id=3DCVE-2026-23083 ]=
https://git.kernel.org/stable/c/c7498f9bc390479ccfad7c7f2332237ff4945b03 https://git.kernel.org/stable/c/611ef4bd9c73d9e6d87bed57a635ff1fdd8c91ea https://git.kernel.org/stable/c/6e983789b7588ee59cbf303583546c043bad8e19 https://git.kernel.org/stable/c/1cc98b8887cabb1808d2f4a37cd10a7be7574771 https://git.kernel.org/stable/c/b7db31a52c3862a1a32202a273a4c32e7f5f4823 https://git.kernel.org/stable/c/9b75dff8446ec871030d8daf5a69e74f5fe8b956 https://git.kernel.org/stable/c/7a9bc9e3f42391e4c187e099263cf7a1c4b69ff5
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_li=
st When the parameter pmac_id_valid argument of be_cmd_get_mac_from_list() =
is set to false, the driver may request the PMAC_ID from the firmware of th=
e network card, and this function will store that PMAC_ID at the provided a= ddress pmac_id. This is the contract of this function. However, there is a = location within the driver where both pmac_id_valid =3D=3D false and pmac_i=
d =3D=3D NULL are being passed. This could result in dereferencing a NULL p= ointer. To resolve this issue, it is necessary to pass the address of a stu=
b variable to the function. 2026-02-04 not yet calculated CVE-2026-23084 [ = https://www.cve.org/CVERecord?id=3DCVE-2026-23084 ] https://git.kernel.org/= stable/c/4cba480c9b9a3861a515262225cb53a1f5978344 https://git.kernel.org/stable/c/92c6dc181a18e6e0ddb872ed35cb48a9274829e4 https://git.kernel.org/stable/c/6c3e00888dbec887125a08b51a705b9b163fcdd1 https://git.kernel.org/stable/c/e206fb415db36bad52bb90c08d46ce71ffbe8a80 https://git.kernel.org/stable/c/47ffb4dcffe336f4a7bd0f3284be7aadc6484698 https://git.kernel.org/stable/c/31410a01a86bcb98c798d01061abf1f789c4f75a https://git.kernel.org/stable/c/8215794403d264739cc676668087512950b2ff31
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: irqchip/gic-v3-its: Avoid truncating memory addresses On 32-bi=
t machines with CONFIG_ARM_LPAE, it is possible for lowmem allocations to b=
e backed by addresses physical memory above the 32-bit address limit, as fo= und while experimenting with larger VMSPLIT configurations. This caused the=
qemu virt model to crash in the GICv3 driver, which allocates the 'itt' ob= ject using GFP_KERNEL. Since all memory below the 4GB physical address limi=
t is in ZONE_DMA in this configuration, kmalloc() defaults to higher addres= ses for ZONE_NORMAL, and the ITS driver stores the physical address in a 32= -bit 'unsigned long' variable. Change the itt_addr variable to the correct = phys_addr_t type instead, along with all other variables in this driver tha=
t hold a physical address. The gicv5 driver correctly uses u64 variables, w= hile all other irqchip drivers don't call virt_to_phys or similar interface=
s. It's expected that other device drivers have similar issues, but fixing = this one is sufficient for booting a virtio based guest. 2026-02-04 not yet=
calculated CVE-2026-23085 [ https://www.cve.org/CVERecord?id=3DCVE-2026-23= 085 ] https://git.kernel.org/stable/c/e332b3b69e5b3acf07204a4b185071bab15c2= b88
https://git.kernel.org/stable/c/e2f9c751f73a2d5bb62d94ab030aec118a811f27 https://git.kernel.org/stable/c/85215d633983233809f7d4dad163b953331b8238 https://git.kernel.org/stable/c/1b323391560354d8c515de8658b057a1daa82adb https://git.kernel.org/stable/c/084ba3b99f2dfd991ce7e84fb17117319ec3cd9f https://git.kernel.org/stable/c/03faa61eb4b9ca9aa09bd91d4c3773d8e7b1ac98 https://git.kernel.org/stable/c/8d76a7d89c12d08382b66e2f21f20d0627d14859
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: vsock/virtio: cap TX credit to local buffer size The virtio tr= ansports derives its TX credit directly from peer_buf_alloc, which is set f= rom the remote endpoint's SO_VM_SOCKETS_BUFFER_SIZE value. On the host side=
this means that the amount of data we are willing to queue for a connectio=
n is scaled by a guest-chosen buffer size, rather than the host's own vsock=
configuration. A malicious guest can advertise a large buffer and read slo= wly, causing the host to allocate a correspondingly large amount of sk_buff=
memory. The same thing would happen in the guest with a malicious host, si= nce virtio transports share the same code base. Introduce a small helper, v= irtio_transport_tx_buf_size(), that returns min(peer_buf_alloc, buf_alloc),=
and use it wherever we consume peer_buf_alloc. This ensures the effective =
TX window is bounded by both the peer's advertised buffer and our own buf_a= lloc (already clamped to buffer_max_size via SO_VM_SOCKETS_BUFFER_MAX_SIZE)=
, so a remote peer cannot force the other to queue more data than allowed b=
y its own vsock settings. On an unpatched Ubuntu 22.04 host (~64 GiB RAM), = running a PoC with 32 guest vsock connections advertising 2 GiB each and re= ading slowly drove Slab/SUnreclaim from ~0.5 GiB to ~57 GiB; the system onl=
y recovered after killing the QEMU process. That said, if QEMU memory is li= mited with cgroups, the maximum memory used will be limited. With this patc=
h applied: Before: MemFree: ~61.6 GiB Slab: ~142 MiB SUnreclaim: ~117 MiB A= fter 32 high-credit connections: MemFree: ~61.5 GiB Slab: ~178 MiB SUnrecla= im: ~152 MiB Only ~35 MiB increase in Slab/SUnreclaim, no host OOM, and the=
guest remains responsive. Compatibility with non-virtio transports: - VMCI=
uses the AF_VSOCK buffer knobs to size its queue pairs per socket based on=
the local vsk->buffer_* values; the remote side cannot enlarge those queue=
s beyond what the local endpoint configured. - Hyper-V's vsock transport us=
es fixed-size VMBus ring buffers and an MTU bound; there is no peer-control= led credit field comparable to peer_buf_alloc, and the remote endpoint cann=
ot drive in-flight kernel memory above those ring sizes. - The loopback pat=
h reuses virtio_transport_common.c, so it naturally follows the same semant= ics as the virtio transport. This change is limited to virtio_transport_com= mon.c and thus affects virtio-vsock, vhost-vsock, and loopback, bringing th=
em in line with the "remote window intersected with local policy" behaviour=
that VMCI and Hyper-V already effectively have. [Stefano: small adjustment=
s after changing the previous patch] [Stefano: tweak the commit message] 20= 26-02-04 not yet calculated CVE-2026-23086 [ https://www.cve.org/CVERecord?= id=3DCVE-2026-23086 ] https://git.kernel.org/stable/c/fef7110ae5617555c792a= 2bb4d27878d84583adf https://git.kernel.org/stable/c/d9d5f222558b42f6277eafaaa6080966faf37676 https://git.kernel.org/stable/c/c0e42fb0e054c2b2ec4ee80f48ccd256ae0227ce https://git.kernel.org/stable/c/84ef86aa7120449828d1e0ce438c499014839711 https://git.kernel.org/stable/c/8ee784fdf006cbe8739cfa093f54d326cbf54037
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: scsi: xen: scsiback: Fix potential memory leak in scsiback_rem= ove() Memory allocated for struct vscsiblk_info in scsiback_probe() is not = freed in scsiback_remove() leading to potential memory leaks on remove, as = well as in the scsiback_probe() error paths. Fix that by freeing it in scsi= back_remove(). 2026-02-04 not yet calculated CVE-2026-23087 [ https://www.c= ve.org/CVERecord?id=3DCVE-2026-23087 ] https://git.kernel.org/stable/c/a8bb= 3ec8d85951a56af0a72d93ccbc2aee42eef9 https://git.kernel.org/stable/c/427b0fb30ddec3bad05dcd73b00718f98c7026d2 https://git.kernel.org/stable/c/4a975c72429b050c234405668b742cdecc11548e https://git.kernel.org/stable/c/f86264ec0e2b102fcd49bf3e4f32fee669d482fc https://git.kernel.org/stable/c/32e52b56056daf0f0881fd9254706acf25b4be97 https://git.kernel.org/stable/c/24c441f0e24da175d7912095663f526ac480dc4f https://git.kernel.org/stable/c/901a5f309daba412e2a30364d7ec1492fa11c32c
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: tracing: Fix crash on synthetic stacktrace field usage When cr= eating a synthetic event based on an existing synthetic event that had a st= acktrace field and the new synthetic event used that field a kernel crash o= ccurred: ~# cd /sys/kernel/tracing ~# echo 's:stack unsigned long stack[];'=

dynamic_events ~# echo 'hist:keys=3Dprev_pid:s0=3Dcommon_stacktrace if p=

rev_state & 3' >> events/sched/sched_switch/trigger ~# echo 'hist:keys=3Dne= xt_pid:s1=3D$s0:onmatch(sched.sched_switch).trace(stack,$s1)' >> events/sch= ed/sched_switch/trigger The above creates a synthetic event that takes a st= acktrace when a task schedules out in a non-running state and passes that s= tacktrace to the sched_switch event when that task schedules back in. It tr= iggers the "stack" synthetic event that has a stacktrace as its field (call=
ed "stack"). ~# echo 's:syscall_stack s64 id; unsigned long stack[];' >> dy= namic_events ~# echo 'hist:keys=3Dcommon_pid:s2=3Dstack' >> events/syntheti= c/stack/trigger ~# echo 'hist:keys=3Dcommon_pid:s3=3D$s2,i0=3Did:onmatch(sy= nthetic.stack).trace(syscall_stack,$i0,$s3)' >> events/raw_syscalls/sys_exi= t/trigger The above makes another synthetic event called "syscall_stack" th=
at attaches the first synthetic event (stack) to the sys_exit trace event a=
nd records the stacktrace from the stack event with the id of the system ca=
ll that is exiting. When enabling this event (or using it in a historgram):=
~# echo 1 > events/synthetic/syscall_stack/enable Produces a kernel crash!=
BUG: unable to handle page fault for address: 0000000000400010 #PF: superv= isor read access in kernel mode #PF: error_code(0x0000) - not-present page = PGD 0 P4D 0 Oops: Oops: 0000 [#1] SMP PTI CPU: 6 UID: 0 PID: 1257 Comm: bas=
h Not tainted 6.16.3+deb14-amd64 #1 PREEMPT(lazy) Debian 6.16.3-1 Hardware = name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.17.0-debian-1.17.0-1 04/0= 1/2014 RIP: 0010:trace_event_raw_event_synth+0x90/0x380 Code: c5 00 00 00 0=
0 85 d2 0f 84 e1 00 00 00 31 db eb 34 0f 1f 00 66 66 2e 0f 1f 84 00 00 00 0=
0 00 66 66 2e 0f 1f 84 00 00 00 00 00 <49> 8b 04 24 48 83 c3 01 8d 0c c5 08=
00 00 00 01 cd 41 3b 5d 40 0f RSP: 0018:ffffd2670388f958 EFLAGS: 00010202 = RAX: ffff8ba1065cc100 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000= 000000000001 RSI: fffff266ffda7b90 RDI: ffffd2670388f9b0 RBP: 0000000000000= 010 R08: ffff8ba104e76000 R09: ffffd2670388fa50 R10: ffff8ba102dd42e0 R11: = ffffffff9a908970 R12: 0000000000400010 R13: ffff8ba10a246400 R14: ffff8ba10= a710220 R15: fffff266ffda7b90 FS: 00007fa3bc63f740(0000) GS:ffff8ba2e0f4800= 0(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005= 0033 CR2: 0000000000400010 CR3: 0000000107f9e003 CR4: 0000000000172ef0 Call=
Trace: <TASK> ? __tracing_map_insert+0x208/0x3a0 action_trace+0x67/0x70 ev= ent_hist_trigger+0x633/0x6d0 event_triggers_call+0x82/0x130 trace_event_buf= fer_commit+0x19d/0x250 trace_event_raw_event_sys_exit+0x62/0xb0 syscall_exi= t_work+0x9d/0x140 do_syscall_64+0x20a/0x2f0 ? trace_event_raw_event_sched_s= witch+0x12b/0x170 ? save_fpregs_to_fpstate+0x3e/0x90 ? _raw_spin_unlock+0xe= /0x30 ? finish_task_switch.isra.0+0x97/0x2c0 ? __rseq_handle_notify_resume+= 0xad/0x4c0 ? __schedule+0x4b8/0xd00 ? restore_fpregs_from_fpstate+0x3c/0x90=
? switch_fpu_return+0x5b/0xe0 ? do_syscall_64+0x1ef/0x2f0 ? do_fault+0x2e9= /0x540 ? __handle_mm_fault+0x7d1/0xf70 ? count_memcg_events+0x167/0x1d0 ? h= andle_mm_fault+0x1d7/0x2e0 ? do_user_addr_fault+0x2c3/0x7f0 entry_SYSCALL_6= 4_after_hwframe+0x76/0x7e The reason is that the stacktrace field is not la= beled as such, and is treated as a normal field and not as a dynamic event = that it is. In trace_event_raw_event_synth() the event is field is still tr= eated as a dynamic array, but the retrieval of the data is considered a nor= mal field, and the reference is just the meta data: // Meta data is retriev=
ed instead of a dynamic array ---truncated--- 2026-02-04 not yet calculated=
CVE-2026-23088 [ https://www.cve.org/CVERecord?id=3DCVE-2026-23088 ] https= ://git.kernel.org/stable/c/98ecbfb2598c9c7ca755a29f402da9d36c057077 https://git.kernel.org/stable/c/327af07dff6ab5650b21491eb4f69694999ff3d1 https://git.kernel.org/stable/c/3b90d099efa2b67239bd3b3dc3521ec584261748 https://git.kernel.org/stable/c/90f9f5d64cae4e72defd96a2a22760173cb3c9ec
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() Wh=
en snd_usb_create_mixer() fails, snd_usb_mixer_free() frees mixer->id_elems=
but the controls already added to the card still reference the freed memor=
y. Later when snd_card_register() runs, the OSS mixer layer calls their cal= lbacks and hits a use-after-free read. Call trace: get_ctl_value+0x63f/0x82=
0 sound/usb/mixer.c:411 get_min_max_with_quirks.isra.0+0x240/0x1f40 sound/u= sb/mixer.c:1241 mixer_ctl_feature_info+0x26b/0x490 sound/usb/mixer.c:1381 s= nd_mixer_oss_build_test+0x174/0x3a0 sound/core/oss/mixer_oss.c:887 ... snd_= card_register+0x4ed/0x6d0 sound/core/init.c:923 usb_audio_probe+0x5ef/0x2a9=
0 sound/usb/card.c:1025 Fix by calling snd_ctl_remove() for all mixer contr= ols before freeing id_elems. We save the next pointer first because snd_ctl= _remove() frees the current element. 2026-02-04 not yet calculated CVE-2026= -23089 [ https://www.cve.org/CVERecord?id=3DCVE-2026-23089 ] https://git.ke= rnel.org/stable/c/51b1aa6fe7dc87356ba58df06afb9677c9b841ea https://git.kernel.org/stable/c/56fb6efd5d04caf6f14994d51ec85393b9a896c6 https://git.kernel.org/stable/c/7009daeefa945973a530b2f605fe445fc03747af https://git.kernel.org/stable/c/7bff0156d13f0ad9436e5178b979b063d59f572a https://git.kernel.org/stable/c/e6f103a22b08daf5df2f4aa158081840e5910963 https://git.kernel.org/stable/c/dc1a5dd80af1ee1f29d8375b12dd7625f6294dad https://git.kernel.org/stable/c/930e69757b74c3ae083b0c3c7419bfe7f0edc7b2
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: slimbus: core: fix device reference leak on report present Sli= mbus devices can be allocated dynamically upon reception of report-present = messages. Make sure to drop the reference taken when looking up already reg= istered devices. Note that this requires taking an extra reference in case = the device has not yet been registered and has to be allocated. 2026-02-04 = not yet calculated CVE-2026-23090 [ https://www.cve.org/CVERecord?id=3DCVE-= 2026-23090 ] https://git.kernel.org/stable/c/b1217e40705b2f6d311c197b128667= 52656217ff https://git.kernel.org/stable/c/948615429c9f2ac9d25d4e1f1a4472926b217a9a https://git.kernel.org/stable/c/02b78bbfbafe49832e508079148cb87cdfa55825 https://git.kernel.org/stable/c/2ddc09f6a0a221b1d91a7cbc8cc2cefdbd334fe6 https://git.kernel.org/stable/c/54de72a7aabc0749938d7a2833a0c1a5d3ed7ac9 https://git.kernel.org/stable/c/6602bb4d1338e92b5838e50322b87697bdbd2ee0 https://git.kernel.org/stable/c/9391380eb91ea5ac792aae9273535c8da5b9aa01
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: intel_th: fix device leak on output open() Make sure to drop t=
he reference taken when looking up the th device during output device open(=
) on errors and on close(). Note that a recent commit fixed the leak in a c= ouple of open() error paths but not all of them, and the reference is still=
leaking on successful open(). 2026-02-04 not yet calculated CVE-2026-23091=
[ https://www.cve.org/CVERecord?id=3DCVE-2026-23091 ] https://git.kernel.o= rg/stable/c/af4b9467296b9a16ebc008147238070236982b6d https://git.kernel.org/stable/c/64015cbf06e8bb75b81ae95b997e847b55280f7f https://git.kernel.org/stable/c/b71e64ef7ff9443835d1333e3e80ab1e49e5209f https://git.kernel.org/stable/c/bf7785434b5d05d940d936b78925080950bd54dd https://git.kernel.org/stable/c/0fca16c5591534cc1fec8b6181277ee3a3d0f26c https://git.kernel.org/stable/c/f9b059bda4276f2bb72cb98ec7875a747f042ea2 https://git.kernel.org/stable/c/95fc36a234da24bbc5f476f8104a5a15f99ed3e3
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: iio: dac: ad3552r-hs: fix out-of-bound write in ad3552r_hs_wri= te_data_source When simple_write_to_buffer() succeeds, it returns the numbe=
r of bytes actually copied to the buffer. The code incorrectly uses 'count'=
as the index for null termination instead of the actual bytes copied. If c= ount exceeds the buffer size, this leads to out-of-bounds write. Add a chec=
k for the count and use the return value as the index. The bug was validate=
d using a demo module that mirrors the original code and was tested under Q= EMU. Pattern of the bug: - A fixed 64-byte stack buffer is filled using cou= nt. - If count > 64, the code still does buf[count] =3D ' ', causing an - o= ut-of-bounds write on the stack. Steps for reproduce: - Opens the device no= de. - Writes 128 bytes of A to it. - This overflows the 64-byte stack buffe=
r and KASAN reports the OOB. Found via static analysis. This is similar to = the commit da9374819eb3 ("iio: backend: fix out-of-bound write") 2026-02-04=
not yet calculated CVE-2026-23092 [ https://www.cve.org/CVERecord?id=3DCVE= -2026-23092 ] https://git.kernel.org/stable/c/db16e7c52032c79156930a337ee17= 232931794ba https://git.kernel.org/stable/c/978d28136c53df38f8f0b747191930e2f95e9084
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: ksmbd: smbd: fix dma_unmap_sg() nents The dma_unmap_sg() funct= ions should be called with the same nents as the dma_map_sg(), not the valu=
e the map function returned. 2026-02-04 not yet calculated CVE-2026-23093 [=
https://www.cve.org/CVERecord?id=3DCVE-2026-23093 ] https://git.kernel.org= /stable/c/f569f5b8bfd5133defdf9c7f8a72c63aa11f54ec https://git.kernel.org/stable/c/6ececffd3e9fe93a87738625dc0671165d27bf96 https://git.kernel.org/stable/c/4d1e9a4a450aae47277763562122cc80ed703ab2 https://git.kernel.org/stable/c/70ba85e439221a5d6dda34a3004db6640f0525e6 https://git.kernel.org/stable/c/d1943bc9dc9508f5933788a76f8a35d10e43a646 https://git.kernel.org/stable/c/98e3e2b561bc88f4dd218d1c05890672874692f6
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: uacce: fix isolate sysfs check condition uacce supports the de= vice isolation feature. If the driver implements the isolate_err_threshold_= read and isolate_err_threshold_write callback functions, uacce will create = sysfs files now. Users can read and configure the isolation policy through = sysfs. Currently, sysfs files are created as long as either isolate_err_thr= eshold_read or isolate_err_threshold_write callback functions are present. = However, accessing a non-existent callback function may cause the system to=
crash. Therefore, intercept the creation of sysfs if neither read nor writ=
e exists; create sysfs if either is supported, but intercept unsupported op= erations at the call site. 2026-02-04 not yet calculated CVE-2026-23094 [ h= ttps://www.cve.org/CVERecord?id=3DCVE-2026-23094 ] https://git.kernel.org/s= table/c/9ab05cdcac354b1b1139918f49c6418b9005d042 https://git.kernel.org/stable/c/fdbbb47d15ae17bf39fafec7e2028c1f8efba15e https://git.kernel.org/stable/c/82821a681d5dcce31475a65190fc39ea8f372cc0 https://git.kernel.org/stable/c/98eec349259b1fd876f350b1c600403bcef8f85d
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: gue: Fix skb memleak with inner IP protocol 0. syzbot reported=
skb memleak below. [0] The repro generated a GUE packet with its inner pro= tocol 0. gue_udp_recv() returns -guehdr->proto_ctype for "resubmit" in ip_p= rotocol_deliver_rcu(), but this only works with non-zero protocol number. L= et's drop such packets. Note that 0 is a valid number (IPv6 Hop-by-Hop Opti= on). I think it is not practical to encap HOPOPT in GUE, so once someone st= arts to complain, we could pass down a resubmit flag pointer to distinguish=
two zeros from the upper layer: * no error * resubmit HOPOPT [0] BUG: memo=
ry leak unreferenced object 0xffff888109695a00 (size 240): comm "syz.0.17",=
pid 6088, jiffies 4294943096 hex dump (first 32 bytes): 00 00 00 00 00 00 =
00 00 00 00 00 00 00 00 00 00 ................ 00 40 c2 10 81 88 ff ff 00 0=
0 00 00 00 00 00 00 .@.............. backtrace (crc a84b336f): kmemleak_all= oc_recursive include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/s= lub.c:4958 [inline] slab_alloc_node mm/slub.c:5263 [inline] kmem_cache_allo= c_noprof+0x3b4/0x590 mm/slub.c:5270 __build_skb+0x23/0x60 net/core/skbuff.c= :474 build_skb+0x20/0x190 net/core/skbuff.c:490 __tun_build_skb drivers/net= /tun.c:1541 [inline] tun_build_skb+0x4a1/0xa40 drivers/net/tun.c:1636 tun_g= et_user+0xc12/0x2030 drivers/net/tun.c:1770 tun_chr_write_iter+0x71/0x120 d= rivers/net/tun.c:1999 new_sync_write fs/read_write.c:593 [inline] vfs_write= +0x45d/0x710 fs/read_write.c:686 ksys_write+0xa7/0x170 fs/read_write.c:738 = do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xa4/0= xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7=
f 2026-02-04 not yet calculated CVE-2026-23095 [ https://www.cve.org/CVERec= ord?id=3DCVE-2026-23095 ] https://git.kernel.org/stable/c/886f186328b718400= dbf79e1bc8cbcbd710ab766 https://git.kernel.org/stable/c/380a82d36e37db49fd41ecc378c22fd29392e96a https://git.kernel.org/stable/c/536f5bbc322eb1e175bdd1ced22b236a951c4d8f https://git.kernel.org/stable/c/f87b9b7a618c82e7465e872eb10e14c803871892 https://git.kernel.org/stable/c/ce569b389a5c78d64788a5ea94560e17fa574b35 https://git.kernel.org/stable/c/5437a279804ced8088cabb945dba88a26d828f8c https://git.kernel.org/stable/c/9a56796ad258786d3624eef5aefba394fc9bdded
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: uacce: fix cdev handling in the cleanup path When cdev_device_= add fails, it internally releases the cdev memory, and if cdev_device_del i=
s then executed, it will cause a hang error. To fix it, we check the return=
value of cdev_device_add() and clear uacce->cdev to avoid calling cdev_dev= ice_del in the uacce_remove. 2026-02-04 not yet calculated CVE-2026-23096 [=
https://www.cve.org/CVERecord?id=3DCVE-2026-23096 ] https://git.kernel.org= /stable/c/c94c7188d325bc5137d447d67a2f18f7d4f2f4a3 https://git.kernel.org/stable/c/1bc3e51367c420e6db31f41efa874c7a8e12194a https://git.kernel.org/stable/c/819d647406200d0e83e56fd2df8f451b11290559 https://git.kernel.org/stable/c/d9031575a2f8aabc53af3025dd79af313a2e046b https://git.kernel.org/stable/c/98d67a1bd6caddd0a8b8c82a0b925742cf500936 https://git.kernel.org/stable/c/bd2393ed7712513e7e2dbcb6e21464a67ff9e702 https://git.kernel.org/stable/c/a3bece3678f6c88db1f44c602b2a63e84b4040ac
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: migrate: correct lock ordering for hugetlb file folios Syzbot = has found a deadlock (analyzed by Lance Yang): 1) Task (5749): Holds folio_= lock, then tries to acquire i_mmap_rwsem(read lock). 2) Task (5754): Holds = i_mmap_rwsem(write lock), then tries to acquire folio_lock. migrate_pages()=

migrate_hugetlbs() -> unmap_and_move_huge_page() <- Takes folio_lock! -=

remove_migration_ptes() -> __rmap_walk_file() -> i_mmap_lock_read() <- Wa=

its for i_mmap_rwsem(read lock)! hugetlbfs_fallocate() -> hugetlbfs_punch_h= ole() <- Takes i_mmap_rwsem(write lock)! -> hugetlbfs_zero_partial_page() -=

filemap_lock_hugetlb_folio() -> filemap_lock_folio() -> __filemap_get_fol=

io <- Waits for folio_lock! The migration path is the one taking locks in t=
he wrong order according to the documentation at the top of mm/rmap.c. So e= xpand the scope of the existing i_mmap_lock to cover the calls to remove_mi= gration_ptes() too. This is (mostly) how it used to be after commit c0d0381= ade79. That was removed by 336bf30eb765 for both file & anon hugetlb pages = when it should only have been removed for anon hugetlb pages. 2026-02-04 no=
t yet calculated CVE-2026-23097 [ https://www.cve.org/CVERecord?id=3DCVE-20= 26-23097 ] https://git.kernel.org/stable/c/e7396d23f9d5739f56cf9ab430c3a169= f5508394 https://git.kernel.org/stable/c/ad97b9a55246eb940a26ac977f80892a395cabf9 https://git.kernel.org/stable/c/5edb9854f8df5428b40990a1c7d60507da5bd330 https://git.kernel.org/stable/c/526394af4e8ade89cacd1a9ce2b97712712fcc34 https://git.kernel.org/stable/c/b75070823b89009f5123fd0e05a8e0c3d39937c1 https://git.kernel.org/stable/c/1b68efce6dd483d22f50d0d3800c4cfda14b1305 https://git.kernel.org/stable/c/b7880cb166ab62c2409046b2347261abf701530e
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: netrom: fix double-free in nr_route_frame() In nr_route_frame(=
), old_skb is immediately freed without checking if nr_neigh->ax25 pointer =
is NULL. Therefore, if nr_neigh->ax25 is NULL, the caller function will fre=
e old_skb again, causing a double-free bug. Therefore, to prevent this, we = need to modify it to check whether nr_neigh->ax25 is NULL before freeing ol= d_skb. 2026-02-04 not yet calculated CVE-2026-23098 [ https://www.cve.org/C= VERecord?id=3DCVE-2026-23098 ] https://git.kernel.org/stable/c/25aab6bfc310= 17a7e52035b99aef5c2b6bde8ffb https://git.kernel.org/stable/c/6e0110ea90313b7c0558a0b77038274a6821caf8 https://git.kernel.org/stable/c/7c48fdf2d1349bb54815b56fb012b9d577707708 https://git.kernel.org/stable/c/bd8955337e3764f912f49b360e176d8aaecf7016 https://git.kernel.org/stable/c/94d1a8bd08af1f4cc345c5c29f5db1ea72b8bb8c https://git.kernel.org/stable/c/9f5fa78d9980fe75a69835521627ab7943cb3d67 https://git.kernel.org/stable/c/ba1096c315283ee3292765f6aea4cca15816c4f7
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: bonding: limit BOND_MODE_8023AD to Ethernet devices BOND_MODE_= 8023AD makes sense for ARPHRD_ETHER only. syzbot reported: BUG: KASAN: glob= al-out-of-bounds in __hw_addr_create net/core/dev_addr_lists.c:63 [inline] = BUG: KASAN: global-out-of-bounds in __hw_addr_add_ex+0x25d/0x760 net/core/d= ev_addr_lists.c:118 Read of size 16 at addr ffffffff8bf94040 by task syz.1.= 3580/19497 CPU: 1 UID: 0 PID: 19497 Comm: syz.1.3580 Tainted: G L syzkaller=
#0 PREEMPT(full) Tainted: [L]=3DSOFTLOCKUP Hardware name: Google Google Co= mpute Engine/Google Compute Engine, BIOS Google 10/25/2025 Call Trace: <TAS=

dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120 print_address_description=

mm/kasan/report.c:378 [inline] print_report+0xca/0x240 mm/kasan/report.c:4=
82 kasan_report+0x118/0x150 mm/kasan/report.c:595 check_region_inline mm/ka= san/generic.c:-1 [inline] kasan_check_range+0x2b0/0x2c0 mm/kasan/generic.c:= 200 __asan_memcpy+0x29/0x70 mm/kasan/shadow.c:105 __hw_addr_create net/core= /dev_addr_lists.c:63 [inline] __hw_addr_add_ex+0x25d/0x760 net/core/dev_add= r_lists.c:118 __dev_mc_add net/core/dev_addr_lists.c:868 [inline] dev_mc_ad= d+0xa1/0x120 net/core/dev_addr_lists.c:886 bond_enslave+0x2b8b/0x3ac0 drive= rs/net/bonding/bond_main.c:2180 do_set_master+0x533/0x6d0 net/core/rtnetlin= k.c:2963 do_setlink+0xcf0/0x41c0 net/core/rtnetlink.c:3165 rtnl_changelink = net/core/rtnetlink.c:3776 [inline] __rtnl_newlink net/core/rtnetlink.c:3935=
[inline] rtnl_newlink+0x161c/0x1c90 net/core/rtnetlink.c:4072 rtnetlink_rc= v_msg+0x7cf/0xb70 net/core/rtnetlink.c:6958 netlink_rcv_skb+0x208/0x470 net= /netlink/af_netlink.c:2550 netlink_unicast_kernel net/netlink/af_netlink.c:= 1318 [inline] netlink_unicast+0x82f/0x9e0 net/netlink/af_netlink.c:1344 net= link_sendmsg+0x805/0xb30 net/netlink/af_netlink.c:1894 sock_sendmsg_nosec n= et/socket.c:727 [inline] __sock_sendmsg+0x21c/0x270 net/socket.c:742 ____sy= s_sendmsg+0x505/0x820 net/socket.c:2592 ___sys_sendmsg+0x21f/0x2a0 net/sock= et.c:2646 __sys_sendmsg+0x164/0x220 net/socket.c:2678 do_syscall_32_irqs_on=
arch/x86/entry/syscall_32.c:83 [inline] __do_fast_syscall_32+0x1dc/0x560 a= rch/x86/entry/syscall_32.c:307 do_fast_syscall_32+0x34/0x80 arch/x86/entry/= syscall_32.c:332 entry_SYSENTER_compat_after_hwframe+0x84/0x8e </TASK> The = buggy address belongs to the variable: lacpdu_mcast_addr+0x0/0x40 2026-02-0=
4 not yet calculated CVE-2026-23099 [ https://www.cve.org/CVERecord?id=3DCV= E-2026-23099 ] https://git.kernel.org/stable/c/72925dbb0c8c7b16bf922e93c6cc= 03cbd8c955c4 https://git.kernel.org/stable/c/5063b2cd9b27d35ab788d707d7858ded0acc8f1d https://git.kernel.org/stable/c/80c881e53a4fa0a80fa4bef7bc0ead0e8e88940d https://git.kernel.org/stable/c/ef68afb1bee8d35a18896c27d7358079353d8d8a https://git.kernel.org/stable/c/43dee6f7ef1d228821de1b61c292af3744c8d7da https://git.kernel.org/stable/c/c84fcb79e5dbde0b8d5aeeaf04282d2149aebcf6
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: mm/hugetlb: fix hugetlb_pmd_shared() Patch series "mm/hugetlb:=
fixes for PMD table sharing (incl. using mmu_gather)", v3. One functional = fix, one performance regression fix, and two related comment fixes. I clean=
ed up my prototype I recently shared [1] for the performance fix, deferring=
most of the cleanups I had in the prototype to a later point. While doing = that I identified the other things. The goal of this patch set is to be bac= kported to stable trees "fairly" easily. At least patch #1 and #4. Patch #1=
fixes hugetlb_pmd_shared() not detecting any sharing Patch #2 + #3 are sim= ple comment fixes that patch #4 interacts with. Patch #4 is a fix for the r= eported performance regression due to excessive IPI broadcasts during fork(= )+exit(). The last patch is all about TLB flushes, IPIs and mmu_gather. Rea=
d: complicated There are plenty of cleanups in the future to be had + one r= easonable optimization on x86. But that's all out of scope for this series.=
Runtime tested, with a focus on fixing the performance regression using th=
e original reproducer [2] on x86. This patch (of 4): We switched from (wron= gly) using the page count to an independent shared count. Now, shared page = tables have a refcount of 1 (excluding speculative references) and instead = use ptdesc->pt_share_count to identify sharing. We didn't convert hugetlb_p= md_shared(), so right now, we would never detect a shared PMD table as such=
, because sharing/unsharing no longer touches the refcount of a PMD table. = Page migration, like mbind() or migrate_pages() would allow for migrating f= olios mapped into such shared PMD tables, even though the folios are not ex= clusive. In smaps we would account them as "private" although they are "sha= red", and we would be wrongly setting the PM_MMAP_EXCLUSIVE in the pagemap = interface. Fix it by properly using ptdesc_pmd_is_shared() in hugetlb_pmd_s= hared(). 2026-02-04 not yet calculated CVE-2026-23100 [ https://www.cve.org= /CVERecord?id=3DCVE-2026-23100 ] https://git.kernel.org/stable/c/69c4e241ff= 13545d410a8b2a688c932182a858bf https://git.kernel.org/stable/c/ca1a47cd3f5f4c46ca188b1c9a27af87d1ab2216
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: leds: led-class: Only Add LED to leds_list when it is fully re= ady Before this change the LED was added to leds_list before led_init_core(=
) gets called adding it the list before led_classdev.set_brightness_work ge=
ts initialized. This leaves a window where led_trigger_register() of a LED'=
s default trigger will call led_trigger_set() which calls led_set_brightnes= s() which in turn will end up queueing the *uninitialized* led_classdev.set= _brightness_work. This race gets hit by the lenovo-thinkpad-t14s EC driver = which registers 2 LEDs with a default trigger provided by snd_ctl_led.ko in=
quick succession. The first led_classdev_register() causes an async modpro=
be of snd_ctl_led to run and that async modprobe manages to exactly hit the=
window where the second LED is on the leds_list without led_init_core() be= ing called for it, resulting in: ------------[ cut here ]------------ WARNI= NG: CPU: 11 PID: 5608 at kernel/workqueue.c:4234 __flush_work+0x344/0x390 H= ardware name: LENOVO 21N2S01F0B/21N2S01F0B, BIOS N42ET93W (2.23 ) 09/01/202=
5 ... Call trace: __flush_work+0x344/0x390 (P) flush_work+0x2c/0x50 led_tri= gger_set+0x1c8/0x340 led_trigger_register+0x17c/0x1c0 led_trigger_register_= simple+0x84/0xe8 snd_ctl_led_init+0x40/0xf88 [snd_ctl_led] do_one_initcall+= 0x5c/0x318 do_init_module+0x9c/0x2b8 load_module+0x7e0/0x998 Close the race=
window by moving the adding of the LED to leds_list to after the led_init_= core() call. 2026-02-04 not yet calculated CVE-2026-23101 [ https://www.cve= .org/CVERecord?id=3DCVE-2026-23101 ] https://git.kernel.org/stable/c/f7a6df= 659af777058833802c29b3b7974db5e78a https://git.kernel.org/stable/c/d117fdcb21b05c0e0460261d017b92303cd9ba77 https://git.kernel.org/stable/c/e90c861411fc84629a240384b0a72830539d3386 https://git.kernel.org/stable/c/2757f7748ce2d0fa44112024907bafb37e104d6e https://git.kernel.org/stable/c/da565bf98c9ad0eabcb09fc97859e0b52f98b7c3 https://git.kernel.org/stable/c/78822628165f3d817382f67f91129161159ca234 https://git.kernel.org/stable/c/d1883cefd31752f0504b94c3bcfa1f6d511d6e87
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: arm64/fpsimd: signal: Fix restoration of SVE context When SME =
is supported, Restoring SVE signal context can go wrong in a few ways, incl= uding placing the task into an invalid state where the kernel may read from=
out-of-bounds memory (and may potentially take a fatal fault) and/or may k= ill the task with a SIGKILL. (1) Restoring a context with SVE_SIG_FLAG_SM s=
et can place the task into an invalid state where SVCR.SM is set (and sve_s= tate is non-NULL) but TIF_SME is clear, consequently resuting in out-of-bou= nds memory reads and/or killing the task with SIGKILL. This can only occur =
in unusual (but legitimate) cases where the SVE signal context has either b= een modified by userspace or was saved in the context of another task (e.g.=
as with CRIU), as otherwise the presence of an SVE signal context with SVE= _SIG_FLAG_SM implies that TIF_SME is already set. While in this state, task= _fpsimd_load() will NOT configure SMCR_ELx (leaving some arbitrary value co= nfigured in hardware) before restoring SVCR and attempting to restore the s= treaming mode SVE registers from memory via sve_load_state(). As the value =
of SMCR_ELx.LEN may be larger than the task's streaming SVE vector length, = this may read memory outside of the task's allocated sve_state, reading unr= elated data and/or triggering a fault. While this can result in secrets bei=
ng loaded into streaming SVE registers, these values are never exposed. As = TIF_SME is clear, fpsimd_bind_task_to_cpu() will configure CPACR_ELx.SMEN t=
o trap EL0 accesses to streaming mode SVE registers, so these cannot be acc= essed directly at EL0. As fpsimd_save_user_state() verifies the live vector=
length before saving (S)SVE state to memory, no secret values can be saved=
back to memory (and hence cannot be observed via ptrace, signals, etc). Wh=
en the live vector length doesn't match the expected vector length for the = task, fpsimd_save_user_state() will send a fatal SIGKILL signal to the task=
. Hence the task may be killed after executing userspace for some period of=
time. (2) Restoring a context with SVE_SIG_FLAG_SM clear does not clear th=
e task's SVCR.SM. If SVCR.SM was set prior to restoring the context, then t=
he task will be left in streaming mode unexpectedly, and some register stat=
e will be combined inconsistently, though the task will be left in legitima=
te state from the kernel's PoV. This can only occur in unusual (but legitim= ate) cases where ptrace has been used to set SVCR.SM after entry to the sig= return syscall, as syscall entry clears SVCR.SM. In these cases, the the pr= ovided SVE register data will be loaded into the task's sve_state using the=
non-streaming SVE vector length and the FPSIMD registers will be merged in=
to this using the streaming SVE vector length. Fix (1) by setting TIF_SME w= hen setting SVCR.SM. This also requires ensuring that the task's sme_state = has been allocated, but as this could contain live ZA state, it should not =
be zeroed. Fix (2) by clearing SVCR.SM when restoring a SVE signal context = with SVE_SIG_FLAG_SM clear. For consistency, I've pulled the manipulation o=
f SVCR, TIF_SVE, TIF_SME, and fp_type earlier, immediately after the alloca= tion of sve_state/sme_state, before the restore of the actual register stat=
e. This makes it easier to ensure that these are always modified consistent= ly, even if a fault is taken while reading the register data from the signa=
l context. I do not expect any software to depend on the exact state restor=
ed when a fault is taken while reading the context. 2026-02-04 not yet calc= ulated CVE-2026-23102 [ https://www.cve.org/CVERecord?id=3DCVE-2026-23102 ]=
https://git.kernel.org/stable/c/9bc3adba8c35119be80ab20217027720446742f2 https://git.kernel.org/stable/c/ce820dd4e6e2d711242dc4331713b9bb4fe06d09 https://git.kernel.org/stable/c/7b5a52cf252a0d2e89787b645290ad288878f332 https://git.kernel.org/stable/c/d2907cbe9ea0a54cbe078076f9d089240ee1e2d9
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: ipvlan: Make the addrs_lock be per port Make the addrs_lock be=
per port, not per ipvlan dev. Initial code seems to be written in the assu= mption, that any address change must occur under RTNL. But it is not so for=
the case of IPv6. So 1) Introduce per-port addrs_lock. 2) It was needed to=
fix places where it was forgotten to take lock (ipvlan_open/ipvlan_close) = This appears to be a very minor problem though. Since it's highly unlikely = that ipvlan_add_addr() will be called on 2 CPU simultaneously. But neverthe= less, this could cause: 1) False-negative of ipvlan_addr_busy(): one interf= ace iterated through all port->ipvlans + ipvlan->addrs under some ipvlan sp= inlock, and another added IP under its own lock. Though this is only possib=
le for IPv6, since looks like only ipvlan_addr6_event() can be called witho=
ut rtnl_lock. 2) Race since ipvlan_ht_addr_add(port) is called under differ= ent ipvlan->addrs_lock locks This should not affect performance, since add/= remove IP is a rare situation and spinlock is not taken on fast paths. 2026= -02-04 not yet calculated CVE-2026-23103 [ https://www.cve.org/CVERecord?id= =3DCVE-2026-23103 ] https://git.kernel.org/stable/c/3c149b662cbb202a450e81f= 938e702ba333864ad https://git.kernel.org/stable/c/70feb16e3fbfb10b15de1396557c38e99f1ab8df https://git.kernel.org/stable/c/88f83e6c9cdb46b8c8ddd0ba01393362963cf589 https://git.kernel.org/stable/c/04ba6de6eff61238e5397c14ac26a6578c7735a5 https://git.kernel.org/stable/c/1f300c10d92c547c3a7d978e1212ff52f18256ed https://git.kernel.org/stable/c/6a81e2db096913d7e43aada1c350c1282e76db39 https://git.kernel.org/stable/c/d3ba32162488283c0a4c5bedd8817aec91748802
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: ice: fix devlink reload call trace Commit 4da71a77fc3b ("ice: = read internal temperature sensor") introduced internal temperature sensor r= eading via HWMON. ice_hwmon_init() was added to ice_init_feature() and ice_= hwmon_exit() was added to ice_remove(). As a result if devlink reload is us=
ed to reinit the device and then the driver is removed, a call trace can oc= cur. BUG: unable to handle page fault for address: ffffffffc0fd4b5d Call Tr= ace: string+0x48/0xe0 vsnprintf+0x1f9/0x650 sprintf+0x62/0x80 name_show+0x1= f/0x30 dev_attr_show+0x19/0x60 The call trace repeats approximately every 1=
0 minutes when system monitoring tools (e.g., sadc) attempt to read the orp= haned hwmon sysfs attributes that reference freed module memory. The sequen=
ce is: 1. Driver load, ice_hwmon_init() gets called from ice_init_feature()=
2. Devlink reload down, flow does not call ice_remove() 3. Devlink reload = up, ice_hwmon_init() gets called from ice_init_feature() resulting in a sec= ond instance 4. Driver unload, ice_hwmon_exit() called from ice_remove() le= aving the first hwmon instance orphaned with dangling pointer Fix this by m= oving ice_hwmon_exit() from ice_remove() to ice_deinit_features() to ensure=
proper cleanup symmetry with ice_hwmon_init(). 2026-02-04 not yet calculat=
ed CVE-2026-23104 [ https://www.cve.org/CVERecord?id=3DCVE-2026-23104 ] htt= ps://git.kernel.org/stable/c/87c1dacca197cc64e06fedeb269e3dd6699bae60 https://git.kernel.org/stable/c/d3f867e7a04678640ebcbfb81893c59f4af48586
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: net/sched: qfq: Use cl_is_active to determine whether class is=
active in qfq_rm_from_ag This is more of a preventive patch to make the co=
de more consistent and to prevent possible exploits that employ child qlen = manipulations on qfq. use cl_is_active instead of relying on the child qdis= c's qlen to determine class activation. 2026-02-04 not yet calculated CVE-2= 026-23105 [ https://www.cve.org/CVERecord?id=3DCVE-2026-23105 ] https://git= .kernel.org/stable/c/fac2c67bb2bb732eae4283e45fc338af7e08c254 https://git.kernel.org/stable/c/b8c24cf5268fb3bfb8d16324c3dbb985f698c835 https://git.kernel.org/stable/c/f27047abf7cac1b6f90c3ad60de21ef9f717c26d https://git.kernel.org/stable/c/93b8635974fb050c43d07e35e5edfe6e685ca28a https://git.kernel.org/stable/c/abd9fc26ea577561a5ef6241a1b058755ffdad0c https://git.kernel.org/stable/c/77f1afd0bb4d5da95236f6114e6d0dfcde187ff6 https://git.kernel.org/stable/c/d837fbee92453fbb829f950c8e7cf76207d73f33
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: timekeeping: Adjust the leap state for the correct auxiliary t= imekeeper When __do_ajdtimex() was introduced to handle adjtimex for any ti= mekeeper, this reference to tk_core was not updated. When called on an auxi= liary timekeeper, the core timekeeper would be updated incorrectly. This ge=
ts caught by the lock debugging diagnostics because the timekeepers sequenc=
e lock gets written to without holding its associated spinlock: WARNING: in= clude/linux/seqlock.h:226 at __do_adjtimex+0x394/0x3b0, CPU#2: test/125 aux= _clock_adj (kernel/time/timekeeping.c:2979) __do_sys_clock_adjtime (kernel/= time/posix-timers.c:1161 kernel/time/posix-timers.c:1173) do_syscall_64 (ar= ch/x86/entry/syscall_64.c:63 (discriminator 1) arch/x86/entry/syscall_64.c:=
94 (discriminator 1)) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_= 64.S:131) Update the correct auxiliary timekeeper. 2026-02-04 not yet calcu= lated CVE-2026-23106 [ https://www.cve.org/CVERecord?id=3DCVE-2026-23106 ] = https://git.kernel.org/stable/c/8f7c9dbeaa0be5810e44d323735967d3dba9239d https://git.kernel.org/stable/c/e806f7dde8ba28bc72a7a0898589cac79f6362ac
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA = The code to restore a ZA context doesn't attempt to allocate the task's sve= _state before setting TIF_SME. Consequently, restoring a ZA context can pla=
ce a task into an invalid state where TIF_SME is set but the task's sve_sta=
te is NULL. In legitimate but uncommon cases where the ZA signal context wa=
s NOT created by the kernel in the context of the same task (e.g. if the ta=
sk is saved/restored with something like CRIU), we have no guarantee that s= ve_state had been allocated previously. In these cases, userspace can enter=
streaming mode without trapping while sve_state is NULL, causing a later N= ULL pointer dereference when the kernel attempts to store the register stat=
e: | # ./sigreturn-za | Unable to handle kernel NULL pointer dereference at=
virtual address 0000000000000000 | Mem abort info: | ESR =3D 0x00000000960= 00046 | EC =3D 0x25: DABT (current EL), IL =3D 32 bits | SET =3D 0, FnV =3D=
0 | EA =3D 0, S1PTW =3D 0 | FSC =3D 0x06: level 2 translation fault | Data=
abort info: | ISV =3D 0, ISS =3D 0x00000046, ISS2 =3D 0x00000000 | CM =3D =
0, WnR =3D 1, TnD =3D 0, TagAccess =3D 0 | GCS =3D 0, Overlay =3D 0, DirtyB=
it =3D 0, Xs =3D 0 | user pgtable: 4k pages, 52-bit VAs, pgdp=3D0000000101f= 47c00 | [0000000000000000] pgd=3D08000001021d8403, p4d=3D0800000102274403, = pud=3D0800000102275403, pmd=3D0000000000000000 | Internal error: Oops: 0000= 000096000046 [#1] SMP | Modules linked in: | CPU: 0 UID: 0 PID: 153 Comm: s= igreturn-za Not tainted 6.19.0-rc1 #1 PREEMPT | Hardware name: linux,dummy-= virt (DT) | pstate: 214000c9 (nzCv daIF +PAN -UAO -TCO +DIT -SSBS BTYPE=3D-=
-) | pc : sve_save_state+0x4/0xf0 | lr : fpsimd_save_user_state+0xb0/0x1c0 =
| sp : ffff80008070bcc0 | x29: ffff80008070bcc0 x28: fff00000c1ca4c40 x27: = 63cfa172fb5cf658 | x26: fff00000c1ca5228 x25: 0000000000000000 x24: 0000000= 000000000 | x23: 0000000000000000 x22: fff00000c1ca4c40 x21: fff00000c1ca4c=
40 | x20: 0000000000000020 x19: fff00000ff6900f0 x18: 0000000000000000 | x1=
7: fff05e8e0311f000 x16: 0000000000000000 x15: 028fca8f3bdaf21c | x14: 0000= 000000000212 x13: fff00000c0209f10 x12: 0000000000000020 | x11: 00000000002= 00b20 x10: 0000000000000000 x9 : fff00000ff69dcc0 | x8 : 00000000000003f2 x=
7 : 0000000000000001 x6 : fff00000c1ca5b48 | x5 : fff05e8e0311f000 x4 : 000= 0000008000000 x3 : 0000000000000000 | x2 : 0000000000000001 x1 : fff00000c1= ca5970 x0 : 0000000000000440 | Call trace: | sve_save_state+0x4/0xf0 (P) | = fpsimd_thread_switch+0x48/0x198 | __switch_to+0x20/0x1c0 | __schedule+0x36c= /0xce0 | schedule+0x34/0x11c | exit_to_user_mode_loop+0x124/0x188 | el0_int= errupt+0xc8/0xd8 | __el0_irq_handler_common+0x18/0x24 | el0t_64_irq_handler= +0x10/0x1c | el0t_64_irq+0x198/0x19c | Code: 54000040 d51b4408 d65f03c0 d50= 3245f (e5bb5800) | ---[ end trace 0000000000000000 ]--- Fix this by having = restore_za_context() ensure that the task's sve_state is allocated, matchin=
g what we do when taking an SME trap. Any live SVE/SSVE state (which is res= tored earlier from a separate signal context) must be preserved, and hence = this is not zeroed. 2026-02-04 not yet calculated CVE-2026-23107 [ https://= www.cve.org/CVERecord?id=3DCVE-2026-23107 ] https://git.kernel.org/stable/c= /c5a5b150992ebab779c1ce54f54676786e47e94c https://git.kernel.org/stable/c/19b2c3f3ca1b4b6dccd2a42aca2692d8c79c4214 https://git.kernel.org/stable/c/0af233d66eff90fb8f3e0fc09f2316bba0b72bb9 https://git.kernel.org/stable/c/70f7f54566afc23f2c71bf1411af81f5d8009e0f https://git.kernel.org/stable/c/ea8ccfddbce0bee6310da4f3fc560ad520f5e6b4
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory l= eak Fix similar memory leak as in commit 7352e1d5932a ("can: gs_usb: gs_usb= _receive_bulk_callback(): fix URB memory leak"). In usb_8dev_open() -> usb_= 8dev_start(), the URBs for USB-in transfers are allocated, added to the pri= v->rx_submitted anchor and submitted. In the complete callback usb_8dev_rea= d_bulk_callback(), the URBs are processed and resubmitted. In usb_8dev_clos= e() -> unlink_all_urbs() the URBs are freed by calling usb_kill_anchored_ur= bs(&priv->rx_submitted). However, this does not take into account that the = USB framework unanchors the URB before the complete function is called. Thi=
s means that once an in-URB has been completed, it is no longer anchored an=
d is ultimately not released in usb_kill_anchored_urbs(). Fix the memory le=
ak by anchoring the URB in the usb_8dev_read_bulk_callback() to the priv->r= x_submitted anchor. 2026-02-04 not yet calculated CVE-2026-23108 [ https://= www.cve.org/CVERecord?id=3DCVE-2026-23108 ] https://git.kernel.org/stable/c= /feb8243eaea7efd5279b19667d7189fd8654c87a https://git.kernel.org/stable/c/ef6e608e5ee71eca0cd3475c737e684cef24f240 https://git.kernel.org/stable/c/60719661b4cbd7ffbed1a0e0fa3bbc82d8bd2be9 https://git.kernel.org/stable/c/59ff56992bba28051ad67cd8cc7b0edfe7280796 https://git.kernel.org/stable/c/ea4a98e924164586066b39f29bfcc7cc9da108cd https://git.kernel.org/stable/c/07e9373739c6388af9d99797cdb2e79dbbcbe92b https://git.kernel.org/stable/c/f7a980b3b8f80fe367f679da376cf76e800f9480
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: fs/writeback: skip AS_NO_DATA_INTEGRITY mappings in wait_sb_in= odes() Above the while() loop in wait_sb_inodes(), we document that we must=
wait for all pages under writeback for data integrity. Consequently, if a = mapping, like fuse, traditionally does not have data integrity semantics, t= here is no need to wait at all; we can simply skip these inodes. This resto= res fuse back to prior behavior where syncs are no-ops. This fixes a user r= egression where if a system is running a faulty fuse server that does not r= eply to issued write requests, this causes wait_sb_inodes() to wait forever=
. 2026-02-04 not yet calculated CVE-2026-23109 [ https://www.cve.org/CVERec= ord?id=3DCVE-2026-23109 ] https://git.kernel.org/stable/c/3f4ed5e2b8f111553= 562507ad6202432c7c57731 https://git.kernel.org/stable/c/f9a49aa302a05e91ca01f69031cb79a0ea33031f
=C2=A0 Linux--Linux In the Linux kernel, the following vulnerability has be=
en resolved: scsi: core: Wake up the error handler when final completions r= ace against each other The fragile ordering between marking commands comple= ted or failed so that the error handler only wakes when the last running co= mmand completes or times out has race conditions. These race conditions can=
cause the SCSI layer to fail to wake the error handler, leaving I/O throug=
h the SCSI host stuck as the error state cannot advance. First, there is an=
memory ordering issue within scsi_dec_host_busy(). The write which clears = SCMD_STATE_INFLIGHT may be reordered with reads counting in scsi_host_busy(=
). While the local CPU will see its own write, reordering can allow other C= PUs in scsi_dec_host_busy() or scsi_eh_inc_host_failed() to see a raised bu=
sy count, causing no CPU to see a host busy equal to the host_failed count.=
This race condition can be prevented with a memory barrier on the error pa=
th to force the write to be visible before counting host busy commands. Sec= ond, there is a general ordering issue with scsi_eh_inc_host_failed(). By c= ounting busy commands before incrementing host_failed, it can race with a f= inal command in scsi_dec_host_busy(), such that scsi_dec_host_busy() does n=
ot see host_failed incremented but scsi_eh_inc_host_failed() counts busy co= mmands before SCMD_STATE_INFLIGHT is cleared by scsi_dec_host_busy(), resul= ting in neither waking the error handler task. This needs the call to scsi_= host_busy() to be moved after host_failed is incremented to close the race = condition. 2026-02-04 not yet calculated CVE-2026-23110 [ https://www.cve.o= rg/CVERecord?id=3DCVE-2026-23110 ] https://git.kernel.org/stable/c/cc872e35= c0df80062abc71268d690a2f749e542e https://git.kernel.org/stable/c/6d9a367be356101963c249ebf10ea10b32886607 https://git.kernel.org/stable/c/9fdc6f28d5e81350ab1d2cac8389062bd09e61e1 https://git.kernel.org/stable/c/64ae21b9c4f0c7e60cf47a53fa7ab68852079ef0 https://git.kernel.org/stable/c/219f009ebfd1ef3970888ee9eef4c8a06357f862 https://git.kernel.org/stable/c/fe2f8ad6f0999db3b318359a01ee0108c703a8c3
=C2=A0 Six Apart Ltd.--Movable Type (Software Edition) A non-administrative=
user can upload malicious files. When an administrator or the product acce= sses that file, an arbitrary script may be executed on the administrator's = browser. Note that Movable Type 7 series and 8.4 series, which are End-of-L= ife (EOL), are affected by the vulnerability as well. 2026-02-04 not yet ca= lculated CVE-2026-23704 [ https://www.cve.org/CVERecord?id=3DCVE-2026-23704=
] https://movabletype.org/news/2026/02/mt-906-released.html https://www.sixapart.jp/movabletype/news/2026/02/04-1100.html https://jvn.jp/en/jp/JVN45405689/
=C2=A0 Apache Software Foundation--Apache Syncope Reflected XSS in Apache S= yncope's Enduser Login page. An attacker that tricks a legitimate user into=
clicking a malicious link and logging in to Syncope Enduser could steal th=
at user's credentials. This issue affects Apache Syncope: from 3.0 through = 3.0.15, from 4.0 through 4.0.3. Users are recommended to upgrade to version=
3.0.16 / 4.0.4, which fix this issue. 2026-02-03 not yet calculated CVE-20= 26-23794 [ https://www.cve.org/CVERecord?id=3DCVE-2026-23794 ] https://list= s.apache.org/thread/7h30ghqdsf3spl3h7gdmscxofrm8ygjo
=C2=A0 Apache Software Foundation--Apache Syncope Improper Restriction of X=
ML External Entity Reference vulnerability in Apache Syncope Console. An ad= ministrator with adequate entitlements to create or edit Keymaster paramete=
rs via Console can construct malicious XML text to launch an XXE attack, th= ereby causing sensitive data leakage occurs. This issue affects Apache Sync= ope: from 3.0 through 3.0.15, from 4.0 through 4.0.3. Users are recommended=
to upgrade to version 3.0.16 / 4.0.4, which fix this issue. 2026-02-03 not=
yet calculated CVE-2026-23795 [ https://www.cve.org/CVERecord?id=3DCVE-202= 6-23795 ] https://lists.apache.org/thread/mzgbdn8hzk8vr94o660njcc7w62c2pos =C2=A0 OpenSolution--Quick.Cart Quick.Cart allows a user's session identifi=
er to be set before authentication. The value of this session ID stays the = same after authentication.=C2=A0This behaviour enables an attacker to fix a=
session ID for a victim and later hijack the authenticated session. The ve= ndor was notified early about this vulnerability, but didn't respond with t=
he details of vulnerability or vulnerable version range. Only version 6.7 w=
as tested and confirmed as vulnerable, other versions were not tested and m= ight also be vulnerable. 2026-02-05 not yet calculated CVE-2026-23796 [ htt= ps://www.cve.org/CVERecord?id=3DCVE-2026-23796 ] https://opensolution.org/s= klep-internetowy-quick-cart.html
https://cert.pl/posts/2026/02/CVE-2026-23796
=C2=A0 OpenSolution--Quick.Cart In Quick.Cart user passwords are stored in = plaintext form. An attacker with high privileges can display users' passwor=
d in user editing page. The vendor was notified early about this vulnerabil= ity, but didn't respond with the details of vulnerability or vulnerable ver= sion range. Only version 6.7 was tested and confirmed as vulnerable, other = versions were not tested and might also be vulnerable. 2026-02-05 not yet c= alculated CVE-2026-23797 [ https://www.cve.org/CVERecord?id=3DCVE-2026-2379=
7 ] https://opensolution.org/sklep-internetowy-quick-cart.html https://cert.pl/posts/2026/02/CVE-2026-23796
=C2=A0 parallax--jsPDF jsPDF is a library to generate PDFs in JavaScript. P= rior to 4.1.0, the addJS method in the jspdf Node.js build utilizes a share=
d module-scoped variable (text) to store JavaScript content. When used in a=
concurrent environment (e.g., a Node.js web server), this variable is shar=
ed across all requests. If multiple requests generate PDFs simultaneously, = the JavaScript content intended for one user may be overwritten by a subseq= uent request before the document is generated. This results in Cross-User D= ata Leakage, where the PDF generated for User A contains the JavaScript pay= load (and any embedded sensitive data) intended for User B. Typically, this=
only affects server-side environments, although the same race conditions m= ight occur if jsPDF runs client-side. The vulnerability has been fixed in j= sPDF@4.1.0. 2026-02-02 not yet calculated CVE-2026-24040 [ https://www.cve.= org/CVERecord?id=3DCVE-2026-24040 ] https://github.com/parallax/jsPDF/secur= ity/advisories/GHSA-cjw8-79x6-5cj4 https://github.com/parallax/jsPDF/commit/2863e5c26afef211a545e8c174ab4d5fce= 3b8c0e
https://github.com/parallax/jsPDF/releases/tag/v4.1.0
=C2=A0 parallax--jsPDF jsPDF is a library to generate PDFs in JavaScript. P= rior to 4.1.0, user control of the first argument of the addMetadata functi=
on allows users to inject arbitrary XML. If given the possibility to pass u= nsanitized input to the addMetadata method, a user can inject arbitrary XMP=
metadata into the generated PDF. If the generated PDF is signed, stored or=
otherwise processed after, the integrity of the PDF can no longer be guara= nteed. The vulnerability has been fixed in jsPDF@4.1.0. 2026-02-02 not yet = calculated CVE-2026-24043 [ https://www.cve.org/CVERecord?id=3DCVE-2026-240=
43 ] https://github.com/parallax/jsPDF/security/advisories/GHSA-vm32-vv63-w= 422 https://github.com/parallax/jsPDF/commit/efe54bf50f3f5e5416b2495e3c24624fc8= 0b6cff
https://github.com/parallax/jsPDF/releases/tag/v4.1.0
=C2=A0 zulip--zulip Zulip is an open-source team collaboration tool. From 5=
.0 to before 11.5, some administrative actions on the user profile were sus= ceptible to stored XSS in group names or channel names. Exploiting these vu= lnerabilities required the user explicitly interacting with the problematic=
object. This vulnerability is fixed in 11.5. 2026-02-06 not yet calculated=
CVE-2026-24050 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24050 ] https= ://github.com/zulip/zulip/security/advisories/GHSA-56qv-8823-6fq9 https://github.com/zulip/zulip/commit/e6093d9e4788f4d82236d856c5ed7b1676788= 6a7
https://github.com/zulip/zulip/releases/tag/11.5 https://zulip.readthedocs.io/en/latest/overview/changelog.html#zulip-server= -11-5
=C2=A0 anthropics--claude-code Claude Code is an agentic coding tool. Prior=
to version 1.0.111, Claude Code contained insufficient URL validation in i=
ts trusted domain verification mechanism for WebFetch requests. The applica= tion used a startsWith() function to validate trusted domains (e.g., docs.p= ython.org, modelcontextprotocol.io), this could have enabled attackers to r= egister domains like modelcontextprotocol.io.example.com that would pass va= lidation. This could enable automatic requests to attacker-controlled domai=
ns without user consent, potentially leading to data exfiltration. This iss=
ue has been patched in version 1.0.111. 2026-02-03 not yet calculated CVE-2= 026-24052 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24052 ] https://git= hub.com/anthropics/claude-code/security/advisories/GHSA-vhw5-3g5m-8ggf
=C2=A0 anthropics--claude-code Claude Code is an agentic coding tool. Prior=
to version 2.0.74, due to a Bash command validation flaw in parsing ZSH cl= obber syntax, it was possible to bypass directory restrictions and write fi= les outside the current working directory without user permission prompts. = Exploiting this required the user to use ZSH and the ability to add untrust=
ed content into a Claude Code context window. This issue has been patched i=
n version 2.0.74. 2026-02-03 not yet calculated CVE-2026-24053 [ https://ww= w.cve.org/CVERecord?id=3DCVE-2026-24053 ] https://github.com/anthropics/cla= ude-code/security/advisories/GHSA-q728-gf8j-w49r
=C2=A0 Native Instruments--Native Access During the installation of the Nat= ive Access application, a privileged helper `com.native-instruments.NativeA= ccess.Helper2`, which is used by Native Access to trigger functions via XPC=
communication like copy-file, remove or set-permissions, is deployed as we= ll. The communication with the XPC service of the privileged helper is only=
allowed if the client process is signed with the corresponding certificate=
and fulfills the following code signing requirement: "anchor trusted and c= ertificate leaf[subject.CN] =3D \"Developer ID Application: Native Instrume= nts GmbH (83K5EG6Z9V)\"" The Native Access application was found to be sign=
ed with the `com.apple.security.cs.allow-dyld-environment-variables` and `c= om.apple.security.cs.disable-library-validation` entitlements leading to DY= LIB injection and therefore command execution in the context of this applic= ation. A low privileged user can exploit the DYLIB injection to trigger fun= ctions of the privileged helper XPC service resulting in privilege escalati=
on by first deleting the /etc/sudoers file and then copying a malicious ver= sion of that file to /etc/sudoers. 2026-02-02 not yet calculated CVE-2026-2= 4070 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24070 ] https://sec-cons= ult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-native-instr= uments-native-access-macos/
=C2=A0 Native Instruments--Native Access It was found that the XPC service = offered by the privileged helper of Native Access uses the PID of the conne= cting client to verify its code signature. This is considered insecure and = can be exploited by PID reuse attacks.=C2=A0The connection handler function=
uses _xpc_connection_get_pid(arg2) as argument for the hasValidSignature f= unction. This value can not be trusted since it is vulnerable to PID reuse = attacks. 2026-02-02 not yet calculated CVE-2026-24071 [ https://www.cve.org= /CVERecord?id=3DCVE-2026-24071 ] https://sec-consult.com/vulnerability-lab/= advisory/multiple-vulnerabilities-in-native-instruments-native-access-macos/ =C2=A0 parallax--jsPDF jsPDF is a library to generate PDFs in JavaScript. P= rior to 4.1.0, user control of the first argument of the addImage method re= sults in denial of service. If given the possibility to pass unsanitized im= age data or URLs to the addImage method, a user can provide a harmful BMP f= ile that results in out of memory errors and denial of service. Harmful BMP=
files have large width and/or height entries in their headers, which lead =
to excessive memory allocation. The html method is also affected. The vulne= rability has been fixed in jsPDF@4.1.0. 2026-02-02 not yet calculated CVE-2= 026-24133 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24133 ] https://git= hub.com/parallax/jsPDF/security/advisories/GHSA-95fx-jjr5-f39c https://github.com/parallax/jsPDF/commit/ae4b93f76d8fc1baa5614bd5fdb5d174c3= b85f0d
https://github.com/parallax/jsPDF/releases/tag/v4.1.0
=C2=A0 gogs--gogs Gogs is an open source self-hosted Git service. In versio=
n 0.13.3 and prior, a path traversal vulnerability exists in the updateWiki= Page function of Gogs. The vulnerability allows an authenticated user with = write access to a repository's wiki to delete arbitrary files on the server=
by manipulating the old_title parameter in the wiki editing form. This iss=
ue has been patched in versions 0.13.4 and 0.14.0+dev. 2026-02-06 not yet c= alculated CVE-2026-24135 [ https://www.cve.org/CVERecord?id=3DCVE-2026-2413=
5 ] https://github.com/gogs/gogs/security/advisories/GHSA-jp7c-wj6q-3qf2
=C2=A0 devcode-it--openstamanager OpenSTAManager is an open source manageme=
nt software for technical assistance and invoicing. OpenSTAManager v2.9.8 a=
nd earlier contain a critical Time-Based Blind SQL Injection vulnerability =
in the article pricing completion handler. The application fails to properl=
y sanitize the idarticolo parameter before using it in SQL queries, allowin=
g attackers to inject arbitrary SQL commands and extract sensitive data thr= ough time-based Boolean inference. 2026-02-06 not yet calculated CVE-2026-2= 4416 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24416 ] https://github.c= om/devcode-it/openstamanager/security/advisories/GHSA-p864-fqgv-92q4
=C2=A0 devcode-it--openstamanager OpenSTAManager is an open source manageme=
nt software for technical assistance and invoicing. OpenSTAManager v2.9.8 a=
nd earlier contain a critical Time-Based Blind SQL Injection vulnerability =
in the global search functionality. The application fails to properly sanit= ize the term parameter before using it in SQL LIKE clauses across multiple = module-specific search handlers, allowing attackers to inject arbitrary SQL=
commands and extract sensitive data through time-based Boolean inference. = 2026-02-06 not yet calculated CVE-2026-24417 [ https://www.cve.org/CVERecor= d?id=3DCVE-2026-24417 ] https://github.com/devcode-it/openstamanager/securi= ty/advisories/GHSA-4hc4-8599-xh2h
=C2=A0 devcode-it--openstamanager OpenSTAManager is an open source manageme=
nt software for technical assistance and invoicing. OpenSTAManager v2.9.8 a=
nd earlier contain a critical Error-Based SQL Injection vulnerability in th=
e bulk operations handler for the Scadenzario (Payment Schedule) module. Th=
e application fails to validate that elements of the id_records array are i= ntegers before using them in an SQL IN() clause, allowing attackers to inje=
ct arbitrary SQL commands and extract sensitive data through XPATH error me= ssages. 2026-02-06 not yet calculated CVE-2026-24418 [ https://www.cve.org/= CVERecord?id=3DCVE-2026-24418 ] https://github.com/devcode-it/openstamanage= r/security/advisories/GHSA-4xwv-49c8-fvhq
=C2=A0 devcode-it--openstamanager OpenSTAManager is an open source manageme=
nt software for technical assistance and invoicing. OpenSTAManager v2.9.8 a=
nd earlier contain a critical Error-Based SQL Injection vulnerability in th=
e Prima Nota (Journal Entry) module's add.php file. The application fails t=
o validate that comma-separated values from the id_documenti GET parameter = are integers before using them in SQL IN() clauses, allowing attackers to i= nject arbitrary SQL commands and extract sensitive data through XPATH error=
messages. 2026-02-06 not yet calculated CVE-2026-24419 [ https://www.cve.o= rg/CVERecord?id=3DCVE-2026-24419 ] https://github.com/devcode-it/openstaman= ager/security/advisories/GHSA-4j2x-jh4m-fqv6
=C2=A0 Shenzhen Tenda Technology Co., Ltd.--Tenda AC7 Shenzhen Tenda AC7 fi= rmware version V03.03.03.01_cn and prior contain=C2=A0an improper output en= coding vulnerability in the web management interface. User-supplied input i=
s reflected in HTTP responses without adequate escaping, allowing injection=
of arbitrary HTML or JavaScript in a victim's browser context. 2026-02-03 = not yet calculated CVE-2026-24426 [ https://www.cve.org/CVERecord?id=3DCVE-= 2026-24426 ] https://www.tendacn.com/product/AC7 https://www.vulncheck.com/advisories/tenda-ac7-reflected-xss-via-web-interf= ace-output-encoding
=C2=A0 Shenzhen Tenda Technology Co., Ltd.--Tenda AC7 Shenzhen Tenda AC7 fi= rmware version V03.03.03.01_cn and prior expose sensitive information in we=
b management responses. Administrative credentials, including the router an= d/or admin panel password, are included in plaintext within configuration r= esponse bodies. In addition, responses lack appropriate Cache-Control direc= tives, which may permit web browsers to cache pages containing these creden= tials and enable subsequent disclosure to an attacker with access to the cl= ient system or browser profile. 2026-02-03 not yet calculated CVE-2026-2442=
7 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24427 ] https://www.tendacn= .com/product/AC7 https://www.vulncheck.com/advisories/tenda-ac7-exposes-admin-credentials-in= -configuration-responses
=C2=A0 Shenzhen Tenda Technology Co., Ltd.--Tenda AC7 Shenzhen Tenda AC7 fi= rmware version V03.03.03.01_cn and prior does not implement CSRF protection=
s for administrative functions in the web management interface. The interfa=
ce does not enforce anti-CSRF tokens or robust origin validation, which can=
allow an attacker to induce a logged-in administrator to perform unintende=
d state-changing requests and modify router settings. 2026-02-03 not yet ca= lculated CVE-2026-24434 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24434=
] https://www.tendacn.com/product/AC7 https://www.vulncheck.com/advisories/tenda-ac7-web-interface-lacks-csrf-pro= tections-for-admin-actions
=C2=A0 Shenzhen Tenda Technology Co., Ltd.--Tenda AC7 Shenzhen Tenda AC7 fi= rmware version V03.03.03.01_cn and prior expose account credentials in plai= ntext within HTTP responses, allowing an on-path attacker to obtain sensiti=
ve authentication material. 2026-02-03 not yet calculated CVE-2026-24441 [ = https://www.cve.org/CVERecord?id=3DCVE-2026-24441 ] https://www.tendacn.com= /product/AC7 https://www.vulncheck.com/advisories/tenda-ac7-transmits-admin-credentials-= without-https-protection
=C2=A0 Six Apart Ltd.--Movable Type (Software Edition) If a malformed data =
is input to the affected product, a CSV file downloaded from the affected p= roduct may contain such malformed data. When a victim user download and ope=
n such a CSV file, the embedded code may be executed in the user's environm= ent. Note that Movable Type 7 series and 8.4 series, which are End-of-Life = (EOL), are affected by the vulnerability as well. 2026-02-04 not yet calcul= ated CVE-2026-24447 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24447 ] h= ttps://movabletype.org/news/2026/02/mt-906-released.html https://www.sixapart.jp/movabletype/news/2026/02/04-1100.html https://jvn.jp/en/jp/JVN45405689/
=C2=A0 ELECOM CO.,LTD.--WRC-X1500GS-B For WRC-X1500GS-B and WRC-X1500GSA-B,=
the initial passwords can be calculated easily from the system information=
. 2026-02-03 not yet calculated CVE-2026-24449 [ https://www.cve.org/CVERec= ord?id=3DCVE-2026-24449 ] https://www.elecom.co.jp/news/security/20260203-0=
1/
https://jvn.jp/en/jp/JVN94012927/
=C2=A0 ELECOM CO.,LTD.--WAB-S733IW2-PD Stack-based buffer overflow vulnerab= ility exists in ELECOM wireless LAN access point devices. A crafted packet = may lead to arbitrary code execution. 2026-02-03 not yet calculated CVE-202= 6-24465 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24465 ] https://www.e= lecom.co.jp/news/security/20260203-01/ https://www.elecom.co.jp/news/security/20260203-02/ https://jvn.jp/en/jp/JVN94012927/
=C2=A0 continuwuity--continuwuity continuwuity is a Matrix homeserver writt=
en in Rust. This vulnerability allows an attacker with a malicious remote s= erver to cause the local server to sign an arbitrary event upon user intera= ction. Upon a user account leaving a room (rejecting an invite), joining a = room or knocking on a room, the victim server may ask a remote server for a= ssistance. If the victim asks the attacker server for assistance the attack=
er is able to provide an arbitrary event, which the victim will sign and re= turn to the attacker. For the /leave endpoint, this works for any event wit=
h a supported room version, where the origin and origin_server_ts is set by=
the victim. For the /join endpoint, an additionally victim-set content fie=
ld in the format of a join membership is needed. For the /knock endpoint, a=
n additional victim-set content field in the format of a knock membership a=
nd a room version not between 1 and 6 is needed. This was exploited as a pa=
rt of a larger chain against the continuwuity.org homeserver. This vulnerab= ility affects all Conduit-derived servers. This vulnerability is fixed in C= ontinuwuity 0.5.1, Conduit 0.10.11, Grapevine 0aae932b, and Tuwunel 1.4.9. = 2026-02-02 not yet calculated CVE-2026-24471 [ https://www.cve.org/CVERecor= d?id=3DCVE-2026-24471 ] https://github.com/continuwuity/continuwuity/securi= ty/advisories/GHSA-m5p2-vccg-8c9v https://forgejo.ellis.link/continuwuation/continuwuity/commit/12aecf8091722= 05436c852a1eaf268c1a2c3a900
=C2=A0 Roland Corporation--Roland Cloud Manager The installer for Roland Cl= oud Manager ver.3.1.19 and prior insecurely loads Dynamic Link Libraries (D= LLs), which could allow an attacker to execute arbitrary code with the priv= ileges of the application. 2026-02-03 not yet calculated CVE-2026-24694 [ h= ttps://www.cve.org/CVERecord?id=3DCVE-2026-24694 ] https://www.roland.com/g= lobal/products/rc_roland_cloud_manager/support/#dl-support_documents https://jvn.jp/en/jp/JVN89992160/
=C2=A0 Apache Software Foundation--Apache Answer Exposure of Private Person=
al Information to an Unauthorized Actor vulnerability in Apache Answer. Thi=
s issue affects Apache Answer: through 1.7.1. An unauthenticated API endpoi=
nt incorrectly exposes full revision history for deleted content. This allo=
ws unauthorized user to retrieve restricted or sensitive information. Users=
are recommended to upgrade to version 2.0.0, which fixes the issue. 2026-0= 2-04 not yet calculated CVE-2026-24735 [ https://www.cve.org/CVERecord?id= =3DCVE-2026-24735 ] https://lists.apache.org/thread/whxloom7mpxlyt5wzdskfls= g5mzdzd60
=C2=A0 rustfs--rustfs RustFS is a distributed object storage system built i=
n Rust. From versions alpha.13 to alpha.81, RustFS logs sensitive credentia=
l material (access key, secret key, session token) to application logs at I= NFO level. This results in credentials being recorded in plaintext in log o= utput, which may be accessible to internal or external log consumers and co= uld lead to compromise of sensitive credentials. This issue has been patche=
d in version alpha.82. 2026-02-03 not yet calculated CVE-2026-24762 [ https= ://www.cve.org/CVERecord?id=3DCVE-2026-24762 ] https://github.com/rustfs/ru= stfs/security/advisories/GHSA-r54g-49rx-98cr
=C2=A0 RaspAP--raspap-webgui RaspAP raspap-webgui versions prior to 3.3.6 c= ontain an OS command injection vulnerability. If exploited, an arbitrary OS=
command may be executed by a user who can log in to the product. 2026-02-0=
2 not yet calculated CVE-2026-24788 [ https://www.cve.org/CVERecord?id=3DCV= E-2026-24788 ] https://github.com/RaspAP/raspap-webgui/releases https://jvn.jp/en/jp/JVN27202136/
=C2=A0 openfga--openfga OpenFGA is a high-performance and flexible authoriz= ation/permission engine built for developers and inspired by Google Zanziba=
r. OpenFGA v1.8.5 to v1.11.2 ( openfga-0.2.22<=3D Helm chart <=3D openfga-0= .2.51, v.1.8.5 <=3D docker <=3D v.1.11.2) are vulnerable to improper policy=
enforcement when certain Check calls are executed. The vulnerability requi= res a model that has a a relation directly assignable by a type bound publi=
c access and assignable by type bound non-public access, a tuple assigned f=
or the relation that is a type bound public access, a tuple assigned for th=
e same object with the same relation that is not type bound public access, = and a tuple assigned for a different object that has an object ID lexicogra= phically larger with the same user and relation which is not type bound pub= lic access. This vulnerability is fixed in v1.11.3. 2026-02-06 not yet calc= ulated CVE-2026-24851 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24851 ]=
https://github.com/openfga/openfga/security/advisories/GHSA-jq9f-gm9w-rwm9 https://github.com/openfga/openfga/releases/tag/v1.11.3
=C2=A0 anthropics--claude-code Claude Code is an agentic coding tool. Prior=
to version 2.0.72, due to an error in command parsing, it was possible to = bypass the Claude Code confirmation prompt to trigger execution of untruste=
d commands through the find command. Reliably exploiting this required the = ability to add untrusted content into a Claude Code context window. This is= sue has been patched in version 2.0.72. 2026-02-03 not yet calculated CVE-2= 026-24887 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24887 ] https://git= hub.com/anthropics/claude-code/security/advisories/GHSA-qgqw-h4xq-7w8w
=C2=A0 AlgoNetLab--OrcaStatLLM-Researcher OrcaStatLLM Researcher is an LLM = Based Research Paper Generator. A Stored Cross-Site Scripting (XSS) vulnera= bility was discovered in the Log Message in the Session Page in OrcaStatLLM= -Researcher that allows attackers to inject and execute arbitrary JavaScrip=
t code in victims' browsers through malicious research topic inputs. 2026-0= 2-06 not yet calculated CVE-2026-24903 [ https://www.cve.org/CVERecord?id= =3DCVE-2026-24903 ] https://github.com/AlgoNetLab/OrcaStatLLM-Researcher/se= curity/advisories/GHSA-47wv-g894-82m4
=C2=A0 ASUSTOR--ADM The DDNS update function in ADM fails to properly valid= ate the hostname of the DDNS server's TLS/SSL certificate. Although the con= nection uses HTTPS, an improper validated TLS/SSL certificates allows a rem= ote attacker can intercept the communication to perform a Man-in-the-Middle=
(MitM) attack, which may obtain the sensitive information of DDNS updating=
process, including the user's account email, MD5 hashed password, and devi=
ce serial number. This issue affects ADM: from 4.1.0 through 4.3.3.ROF1, fr=
om 5.0.0 through 5.1.1.RCI1. 2026-02-03 not yet calculated CVE-2026-24932 [=
https://www.cve.org/CVERecord?id=3DCVE-2026-24932 ] https://www.asustor.co= m/security/security_advisory_detail?id=3D50
=C2=A0 ASUSTOR--ADM The API communication component fails to validate the S= SL/TLS certificate when sending HTTPS requests to the server. An improper c= ertificates validation vulnerability allows an unauthenticated remote attac= ker can perform a Man-in-the-Middle (MitM) attack to intercept the cleartex=
t communication, potentially leading to the exposure of sensitive user info= rmation, including account emails, MD5 hashed passwords, and device serial = numbers. Affected products and versions include: from ADM 4.1.0 through ADM=
4.3.3.ROF1 as well as from ADM 5.0.0 through ADM 5.1.1.RCI1. 2026-02-03 no=
t yet calculated CVE-2026-24933 [ https://www.cve.org/CVERecord?id=3DCVE-20= 26-24933 ] https://www.asustor.com/security/security_advisory_detail?id=3D50 =C2=A0 ASUSTOR--ADM The DDNS function uses an insecure HTTP connection or f= ails to validate the SSL/TLS certificate when querying an external server f=
or the device's WAN IP address. An unauthenticated remote attacker can perf= orm a Man-in-the-Middle (MitM) attack to spoof the response, leading the de= vice to update its DDNS record with an incorrect IP address. Affected produ= cts and versions include: from ADM 4.1.0 through ADM 4.3.3.ROF1 as well as = from ADM 5.0.0 through ADM 5.1.1.RCI1. 2026-02-03 not yet calculated CVE-20= 26-24934 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24934 ] https://www.= asustor.com/security/security_advisory_detail?id=3D50
=C2=A0 ASUSTOR--ADM A third-party NAT traversal module fails to validate SS= L/TLS certificates when connecting to the signaling server. While subsequen=
t access to device services requires additional authentication, a Man-in-th= e-Middle (MitM) attacker can intercept or redirect the NAT tunnel establish= ment. This could allow an attacker to disrupt service availability or facil= itate further targeted attacks by acting as a proxy between the user and th=
e device services. Affected products and versions include: from ADM 4.1.0 t= hrough ADM 4.3.3.ROF1 as well as from ADM 5.0.0 through ADM 5.1.1.RCI1. 202= 6-02-03 not yet calculated CVE-2026-24935 [ https://www.cve.org/CVERecord?i= d=3DCVE-2026-24935 ] https://www.asustor.com/security/security_advisory_det= ail?id=3D50
=C2=A0 ASUSTOR--ADM When a specific function is enabled while joining a AD = Domain from ADM, an improper input parameters validation vulnerability in a=
specific CGI program allowing an unauthenticated remote attacker to write = arbitrary data to any file on the system. By exploiting this vulnerability,=
attackers can overwrite critical system files, leading to a complete syste=
m compromise. Affected products and versions include: from ADM 4.1.0 throug=
h ADM 4.3.3.ROF1 as well as from ADM 5.0.0 through ADM 5.1.1.RCI1. 2026-02-=
03 not yet calculated CVE-2026-24936 [ https://www.cve.org/CVERecord?id=3DC= VE-2026-24936 ] https://www.asustor.com/security/security_advisory_detail?i= d=3D51
=C2=A0 Ajay--Better Search Improper Neutralization of Input During Web Page=
Generation ('Cross-site Scripting') vulnerability in Ajay Better Search be= tter-search allows Stored XSS. This issue affects Better Search: from n/a t= hrough <=3D 4.2.1. 2026-02-03 not yet calculated CVE-2026-24938 [ https://w= ww.cve.org/CVERecord?id=3DCVE-2026-24938 ] https://patchstack.com/database/= Wordpress/Plugin/better-search/vulnerability/wordpress-better-search-plugin= -4-2-1-cross-site-scripting-xss-vulnerability?_s_id=3Dcve
=C2=A0 WP Chill--Modula Image Gallery Missing Authorization vulnerability i=
n WP Chill Modula Image Gallery modula-best-grid-gallery allows Exploiting = Incorrectly Configured Access Control Security Levels. This issue affects M= odula Image Gallery: from n/a through <=3D 2.13.6. 2026-02-03 not yet calcu= lated CVE-2026-24939 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24939 ] = https://patchstack.com/database/Wordpress/Plugin/modula-best-grid-gallery/v= ulnerability/wordpress-modula-image-gallery-plugin-2-13-6-broken-access-con= trol-vulnerability?_s_id=3Dcve
=C2=A0 Themefic--Travelfic Toolkit Missing Authorization vulnerability in T= hemefic Travelfic Toolkit travelfic-toolkit allows Exploiting Incorrectly C= onfigured Access Control Security Levels. This issue affects Travelfic Tool= kit: from n/a through <=3D 1.3.3. 2026-02-03 not yet calculated CVE-2026-24= 940 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24940 ] https://patchstac= k.com/database/Wordpress/Plugin/travelfic-toolkit/vulnerability/wordpress-t= ravelfic-toolkit-plugin-1-3-3-broken-access-control-vulnerability?_s_id=3Dc=
ve
=C2=A0 magepeopleteam--WpEvently Cross-Site Request Forgery (CSRF) vulnerab= ility in magepeopleteam WpEvently mage-eventpress allows Cross Site Request=
Forgery. This issue affects WpEvently: from n/a through <=3D 5.1.1. 2026-0= 2-03 not yet calculated CVE-2026-24942 [ https://www.cve.org/CVERecord?id= =3DCVE-2026-24942 ] https://patchstack.com/database/Wordpress/Plugin/mage-e= ventpress/vulnerability/wordpress-wpevently-plugin-5-1-1-cross-site-request= -forgery-csrf-vulnerability?_s_id=3Dcve
=C2=A0 Themefic--Ultimate Addons for Contact Form 7 Missing Authorization v= ulnerability in Themefic Ultimate Addons for Contact Form 7 ultimate-addons= -for-contact-form-7 allows Exploiting Incorrectly Configured Access Control=
Security Levels. This issue affects Ultimate Addons for Contact Form 7: fr=
om n/a through <=3D 3.5.34. 2026-02-03 not yet calculated CVE-2026-24945 [ = https://www.cve.org/CVERecord?id=3DCVE-2026-24945 ] https://patchstack.com/= database/Wordpress/Plugin/ultimate-addons-for-contact-form-7/vulnerability/= wordpress-ultimate-addons-for-contact-form-7-plugin-3-5-34-broken-access-co= ntrol-vulnerability?_s_id=3Dcve
=C2=A0 LA-Studio--LA-Studio Element Kit for Elementor Missing Authorization=
vulnerability in LA-Studio LA-Studio Element Kit for Elementor lastudio-el= ement-kit allows Exploiting Incorrectly Configured Access Control Security = Levels. This issue affects LA-Studio Element Kit for Elementor: from n/a th= rough < 1.5.6.3. 2026-02-03 not yet calculated CVE-2026-24947 [ https://www= .cve.org/CVERecord?id=3DCVE-2026-24947 ] https://patchstack.com/database/Wo= rdpress/Plugin/lastudio-element-kit/vulnerability/wordpress-la-studio-eleme= nt-kit-for-elementor-plugin-1-5-6-3-broken-access-control-vulnerability?_s_= id=3Dcve
=C2=A0 Saad Iqbal--myCred Missing Authorization vulnerability in Saad Iqbal=
myCred mycred allows Exploiting Incorrectly Configured Access Control Secu= rity Levels. This issue affects myCred: from n/a through <=3D 2.9.7.3. 2026= -02-03 not yet calculated CVE-2026-24951 [ https://www.cve.org/CVERecord?id= =3DCVE-2026-24951 ] https://patchstack.com/database/Wordpress/Plugin/mycred= /vulnerability/wordpress-mycred-plugin-2-9-7-3-broken-access-control-vulner= ability?_s_id=3Dcve
=C2=A0 Craig Hewitt--Seriously Simple Podcasting Improper Neutralization of=
Input During Web Page Generation ('Cross-site Scripting') vulnerability in=
Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allow=
s Stored XSS. This issue affects Seriously Simple Podcasting: from n/a thro= ugh <=3D 3.14.1. 2026-02-03 not yet calculated CVE-2026-24952 [ https://www= .cve.org/CVERecord?id=3DCVE-2026-24952 ] https://patchstack.com/database/Wo= rdpress/Plugin/seriously-simple-podcasting/vulnerability/wordpress-seriousl= y-simple-podcasting-plugin-3-14-1-cross-site-scripting-xss-vulnerability?_s= _id=3Dcve
=C2=A0 magepeopleteam--WpEvently Deserialization of Untrusted Data vulnerab= ility in magepeopleteam WpEvently mage-eventpress allows Object Injection. = This issue affects WpEvently: from n/a through <=3D 5.0.8. 2026-02-03 not y=
et calculated CVE-2026-24954 [ https://www.cve.org/CVERecord?id=3DCVE-2026-= 24954 ] https://patchstack.com/database/Wordpress/Plugin/mage-eventpress/vu= lnerability/wordpress-wpevently-plugin-5-0-8-deserialization-of-untrusted-d= ata-vulnerability?_s_id=3Dcve
=C2=A0 WP Chill--Strong Testimonials Missing Authorization vulnerability in=
WP Chill Strong Testimonials strong-testimonials allows Exploiting Incorre= ctly Configured Access Control Security Levels. This issue affects Strong T= estimonials: from n/a through <=3D 3.2.20. 2026-02-03 not yet calculated CV= E-2026-24957 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24957 ] https://= patchstack.com/database/Wordpress/Plugin/strong-testimonials/vulnerability/= wordpress-strong-testimonials-plugin-3-2-20-broken-access-control-vulnerabi= lity?_s_id=3Dcve
=C2=A0 Crocoblock--JetElements For Elementor Improper Neutralization of Inp=
ut During Web Page Generation ('Cross-site Scripting') vulnerability in Cro= coblock JetElements For Elementor jet-elements allows DOM-Based XSS. This i= ssue affects JetElements For Elementor: from n/a through <=3D 2.7.12.2. 202= 6-02-03 not yet calculated CVE-2026-24958 [ https://www.cve.org/CVERecord?i= d=3DCVE-2026-24958 ] https://patchstack.com/database/Wordpress/Plugin/jet-e= lements/vulnerability/wordpress-jetelements-for-elementor-plugin-2-7-12-2-c= ross-site-scripting-xss-vulnerability?_s_id=3Dcve
=C2=A0 ThemeGoods--Grand Blog Server-Side Request Forgery (SSRF) vulnerabil= ity in ThemeGoods Grand Blog grandblog allows Server Side Request Forgery. = This issue affects Grand Blog: from n/a through < 3.1.5. 2026-02-03 not yet=
calculated CVE-2026-24961 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24= 961 ] https://patchstack.com/database/Wordpress/Theme/grandblog/vulnerabili= ty/wordpress-grand-blog-theme-3-1-5-server-side-request-forgery-ssrf-vulner= ability?_s_id=3Dcve
=C2=A0 Brainstorm Force--Sigmize Cross-Site Request Forgery (CSRF) vulnerab= ility in Brainstorm Force Sigmize sigmize allows Cross Site Request Forgery=
. This issue affects Sigmize: from n/a through <=3D 0.0.9. 2026-02-03 not y=
et calculated CVE-2026-24962 [ https://www.cve.org/CVERecord?id=3DCVE-2026-= 24962 ] https://patchstack.com/database/Wordpress/Plugin/sigmize/vulnerabil= ity/wordpress-sigmize-plugin-0-0-9-cross-site-request-forgery-csrf-vulnerab= ility?_s_id=3Dcve
=C2=A0 Wasiliy Strecker / ContestGallery developer--Contest Gallery Missing=
Authorization vulnerability in Wasiliy Strecker / ContestGallery developer=
Contest Gallery contest-gallery allows Exploiting Incorrectly Configured A= ccess Control Security Levels. This issue affects Contest Gallery: from n/a=
through <=3D 28.1.1. 2026-02-03 not yet calculated CVE-2026-24965 [ https:= //www.cve.org/CVERecord?id=3DCVE-2026-24965 ] https://patchstack.com/databa= se/Wordpress/Plugin/contest-gallery/vulnerability/wordpress-contest-gallery= -plugin-28-1-1-broken-access-control-vulnerability?_s_id=3Dcve
=C2=A0 Copyscape--Copyscape Premium Cross-Site Request Forgery (CSRF) vulne= rability in Copyscape Copyscape Premium copyscape-premium allows Cross Site=
Request Forgery. This issue affects Copyscape Premium: from n/a through <=
=3D 1.4.1. 2026-02-03 not yet calculated CVE-2026-24966 [ https://www.cve.o= rg/CVERecord?id=3DCVE-2026-24966 ] https://patchstack.com/database/Wordpres= s/Plugin/copyscape-premium/vulnerability/wordpress-copyscape-premium-plugin= -1-4-1-cross-site-request-forgery-csrf-vulnerability?_s_id=3Dcve
=C2=A0 ameliabooking--Amelia Missing Authorization vulnerability in ameliab= ooking Amelia ameliabooking allows Exploiting Incorrectly Configured Access=
Control Security Levels. This issue affects Amelia: from n/a through <=3D = 1.2.38. 2026-02-03 not yet calculated CVE-2026-24967 [ https://www.cve.org/= CVERecord?id=3DCVE-2026-24967 ] https://patchstack.com/database/Wordpress/P= lugin/ameliabooking/vulnerability/wordpress-amelia-plugin-1-2-38-broken-acc= ess-control-vulnerability?_s_id=3Dcve
=C2=A0 Brainstorm Force--Spectra Missing Authorization vulnerability in Bra= instorm Force Spectra ultimate-addons-for-gutenberg allows Exploiting Incor= rectly Configured Access Control Security Levels. This issue affects Spectr=
a: from n/a through <=3D 2.19.17. 2026-02-03 not yet calculated CVE-2026-24= 982 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24982 ] https://patchstac= k.com/database/Wordpress/Plugin/ultimate-addons-for-gutenberg/vulnerability= /wordpress-spectra-plugin-2-19-17-broken-access-control-vulnerability?_s_id= =3Dcve
=C2=A0 Brecht--Visual Link Preview Missing Authorization vulnerability in B= recht Visual Link Preview visual-link-preview allows Exploiting Incorrectly=
Configured Access Control Security Levels. This issue affects Visual Link = Preview: from n/a through <=3D 2.2.9. 2026-02-03 not yet calculated CVE-202= 6-24984 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24984 ] https://patch= stack.com/database/Wordpress/Plugin/visual-link-preview/vulnerability/wordp= ress-visual-link-preview-plugin-2-2-9-broken-access-control-vulnerability?_= s_id=3Dcve
=C2=A0 approveme--WP Forms Signature Contract Add-On Missing Authorization = vulnerability in approveme WP Forms Signature Contract Add-On wp-forms-sign= ature-contract-add-on allows Exploiting Incorrectly Configured Access Contr=
ol Security Levels. This issue affects WP Forms Signature Contract Add-On: = from n/a through <=3D 1.8.2. 2026-02-03 not yet calculated CVE-2026-24985 [=
https://www.cve.org/CVERecord?id=3DCVE-2026-24985 ] https://patchstack.com= /database/Wordpress/Plugin/wp-forms-signature-contract-add-on/vulnerability= /wordpress-wp-forms-signature-contract-add-on-plugin-1-8-2-broken-access-co= ntrol-to-notice-dismissal-vulnerability?_s_id=3Dcve
=C2=A0 wp.insider--Simple Membership WP user Import Cross-Site Request Forg= ery (CSRF) vulnerability in wp.insider Simple Membership WP user Import sim= ple-membership-wp-user-import allows Cross Site Request Forgery. This issue=
affects Simple Membership WP user Import: from n/a through <=3D 1.9.1. 202= 6-02-03 not yet calculated CVE-2026-24986 [ https://www.cve.org/CVERecord?i= d=3DCVE-2026-24986 ] https://patchstack.com/database/Wordpress/Plugin/simpl= e-membership-wp-user-import/vulnerability/wordpress-simple-membership-wp-us= er-import-plugin-1-9-1-cross-site-request-forgery-csrf-vulnerability?_s_id= =3Dcve
=C2=A0 Brian Hogg--The Events Calendar Shortcode & Block Improper Neutraliz= ation of Input During Web Page Generation ('Cross-site Scripting') vulnerab= ility in Brian Hogg The Events Calendar Shortcode & Block the-events-ca= lendar-shortcode allows Stored XSS. This issue affects The Events Calendar = Shortcode & Block: from n/a through <=3D 3.1.1. 2026-02-03 not yet calc= ulated CVE-2026-24988 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24988 ]=
https://patchstack.com/database/Wordpress/Plugin/the-events-calendar-short= code/vulnerability/wordpress-the-events-calendar-shortcode-block-plugin-3-1= -1-cross-site-scripting-xss-vulnerability?_s_id=3Dcve
=C2=A0 Fahad Mahmood--WP Docs Missing Authorization vulnerability in Fahad = Mahmood WP Docs wp-docs allows Exploiting Incorrectly Configured Access Con= trol Security Levels. This issue affects WP Docs: from n/a through <=3D 2.2= .8. 2026-02-03 not yet calculated CVE-2026-24990 [ https://www.cve.org/CVER= ecord?id=3DCVE-2026-24990 ] https://patchstack.com/database/Wordpress/Plugi= n/wp-docs/vulnerability/wordpress-wp-docs-plugin-2-2-8-broken-access-contro= l-vulnerability?_s_id=3Dcve
=C2=A0 HT Plugins--Extensions For CF7 Authorization Bypass Through User-Con= trolled Key vulnerability in HT Plugins Extensions For CF7 extensions-for-c=
f7 allows Exploiting Incorrectly Configured Access Control Security Levels.=
This issue affects Extensions For CF7: from n/a through <=3D 3.4.0. 2026-0= 2-03 not yet calculated CVE-2026-24991 [ https://www.cve.org/CVERecord?id= =3DCVE-2026-24991 ] https://patchstack.com/database/Wordpress/Plugin/extens= ions-for-cf7/vulnerability/wordpress-extensions-for-cf7-plugin-3-4-0-insecu= re-direct-object-references-idor-vulnerability?_s_id=3Dcve
=C2=A0 WPFactory--Advanced WooCommerce Product Sales Reporting Insertion of=
Sensitive Information Into Sent Data vulnerability in WPFactory Advanced W= ooCommerce Product Sales Reporting webd-woocommerce-advanced-reporting-stat= istics allows Retrieve Embedded Sensitive Data. This issue affects Advanced=
WooCommerce Product Sales Reporting: from n/a through <=3D 4.1.2. 2026-02-=
03 not yet calculated CVE-2026-24992 [ https://www.cve.org/CVERecord?id=3DC= VE-2026-24992 ] https://patchstack.com/database/Wordpress/Plugin/webd-wooco= mmerce-advanced-reporting-statistics/vulnerability/wordpress-advanced-wooco= mmerce-product-sales-reporting-plugin-4-1-2-sensitive-data-exposure-vulnera= bility?_s_id=3Dcve
=C2=A0 sunshinephotocart--Sunshine Photo Cart Missing Authorization vulnera= bility in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows = Exploiting Incorrectly Configured Access Control Security Levels. This issu=
e affects Sunshine Photo Cart: from n/a through <=3D 3.5.7.2. 2026-02-03 no=
t yet calculated CVE-2026-24994 [ https://www.cve.org/CVERecord?id=3DCVE-20= 26-24994 ] https://patchstack.com/database/Wordpress/Plugin/sunshine-photo-= cart/vulnerability/wordpress-sunshine-photo-cart-plugin-3-5-7-2-broken-acce= ss-control-vulnerability?_s_id=3Dcve
=C2=A0 Iulia Cazan--Latest Post Shortcode Missing Authorization vulnerabili=
ty in Iulia Cazan Latest Post Shortcode latest-post-shortcode allows Exploi= ting Incorrectly Configured Access Control Security Levels. This issue affe= cts Latest Post Shortcode: from n/a through <=3D 14.2.0. 2026-02-03 not yet=
calculated CVE-2026-24995 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24= 995 ] https://patchstack.com/database/Wordpress/Plugin/latest-post-shortcod= e/vulnerability/wordpress-latest-post-shortcode-plugin-14-2-0-broken-access= -control-vulnerability?_s_id=3Dcve
=C2=A0 wpelemento--WPElemento Importer Missing Authorization vulnerability =
in wpelemento WPElemento Importer wpelemento-importer allows Exploiting Inc= orrectly Configured Access Control Security Levels. This issue affects WPEl= emento Importer: from n/a through <=3D 0.6.4. 2026-02-03 not yet calculated=
CVE-2026-24996 [ https://www.cve.org/CVERecord?id=3DCVE-2026-24996 ] https= ://patchstack.com/database/Wordpress/Plugin/wpelemento-importer/vulnerabili= ty/wordpress-wpelemento-importer-plugin-0-6-4-broken-access-control-vulnera= bility?_s_id=3Dcve
=C2=A0 Wired Impact--Wired Impact Volunteer Management Missing Authorizatio=
n vulnerability in Wired Impact Wired Impact Volunteer Management wired-imp= act-volunteer-management allows Exploiting Incorrectly Configured Access Co= ntrol Security Levels. This issue affects Wired Impact Volunteer Management=
: from n/a through <=3D 2.8. 2026-02-03 not yet calculated CVE-2026-24997 [=
https://www.cve.org/CVERecord?id=3DCVE-2026-24997 ] https://patchstack.com= /database/Wordpress/Plugin/wired-impact-volunteer-management/vulnerability/= wordpress-wired-impact-volunteer-management-plugin-2-8-broken-access-contro= l-vulnerability?_s_id=3Dcve
=C2=A0 WPMU DEV - Your All-in-One WordPress Platform--Hustle Exposure of Se= nsitive System Information to an Unauthorized Control Sphere vulnerability =
in WPMU DEV - Your All-in-One WordPress Platform Hustle wordpress-popup all= ows Retrieve Embedded Sensitive Data. This issue affects Hustle: from n/a t= hrough <=3D 7.8.9.2. 2026-02-03 not yet calculated CVE-2026-24998 [ https:/= /www.cve.org/CVERecord?id=3DCVE-2026-24998 ] https://patchstack.com/databas= e/Wordpress/Plugin/wordpress-popup/vulnerability/wordpress-hustle-plugin-7-= 8-9-2-sensitive-data-exposure-vulnerability?_s_id=3Dcve
=C2=A0 ILLID--Share This Image Missing Authorization vulnerability in ILLID=
Share This Image share-this-image allows Exploiting Incorrectly Configured=
Access Control Security Levels. This issue affects Share This Image: from = n/a through <=3D 2.09. 2026-02-03 not yet calculated CVE-2026-25010 [ https= ://www.cve.org/CVERecord?id=3DCVE-2026-25010 ] https://patchstack.com/datab= ase/Wordpress/Plugin/share-this-image/vulnerability/wordpress-share-this-im= age-plugin-2-09-broken-access-control-vulnerability?_s_id=3Dcve
=C2=A0 Northern Beaches Websites--WP Custom Admin Interface Missing Authori= zation vulnerability in Northern Beaches Websites WP Custom Admin Interface=
wp-custom-admin-interface allows Exploiting Incorrectly Configured Access = Control Security Levels. This issue affects WP Custom Admin Interface: from=
n/a through <=3D 7.41. 2026-02-03 not yet calculated CVE-2026-25011 [ http= s://www.cve.org/CVERecord?id=3DCVE-2026-25011 ] https://patchstack.com/data= base/Wordpress/Plugin/wp-custom-admin-interface/vulnerability/wordpress-wp-= custom-admin-interface-plugin-7-41-broken-access-control-vulnerability?_s_i= d=3Dcve
=C2=A0 gfazioli--WP Bannerize Pro Missing Authorization vulnerability in gf= azioli WP Bannerize Pro wp-bannerize-pro allows Exploiting Incorrectly Conf= igured Access Control Security Levels. This issue affects WP Bannerize Pro:=
from n/a through <=3D 1.11.0. 2026-02-03 not yet calculated CVE-2026-25012=
[ https://www.cve.org/CVERecord?id=3DCVE-2026-25012 ] https://patchstack.c= om/database/Wordpress/Plugin/wp-bannerize-pro/vulnerability/wordpress-wp-ba= nnerize-pro-plugin-1-11-0-broken-access-control-vulnerability?_s_id=3Dcve =C2=A0 themelooks--Enter Addons Cross-Site Request Forgery (CSRF) vulnerabi= lity in themelooks Enter Addons enteraddons allows Cross Site Request Forge= ry. This issue affects Enter Addons: from n/a through <=3D 2.3.2. 2026-02-0=
3 not yet calculated CVE-2026-25014 [ https://www.cve.org/CVERecord?id=3DCV= E-2026-25014 ] https://patchstack.com/database/Wordpress/Plugin/enteraddons= /vulnerability/wordpress-enter-addons-plugin-2-3-2-cross-site-request-forge= ry-csrf-vulnerability?_s_id=3Dcve
=C2=A0 Stiofan--UsersWP Cross-Site Request Forgery (CSRF) vulnerability in = Stiofan UsersWP userswp allows Cross Site Request Forgery. This issue affec=
ts UsersWP: from n/a through <=3D 1.2.53. 2026-02-03 not yet calculated CVE= -2026-25015 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25015 ] https://p= atchstack.com/database/Wordpress/Plugin/userswp/vulnerability/wordpress-use= rswp-plugin-1-2-53-cross-site-request-forgery-csrf-vulnerability?_s_id=3Dcve =C2=A0 Nelio Software--Nelio Popups Missing Authorization vulnerability in = Nelio Software Nelio Popups nelio-popups allows Exploiting Incorrectly Conf= igured Access Control Security Levels. This issue affects Nelio Popups: fro=
m n/a through <=3D 1.3.5. 2026-02-03 not yet calculated CVE-2026-25016 [ ht= tps://www.cve.org/CVERecord?id=3DCVE-2026-25016 ] https://patchstack.com/da= tabase/Wordpress/Plugin/nelio-popups/vulnerability/wordpress-nelio-popups-p= lugin-1-3-5-broken-access-control-vulnerability?_s_id=3Dcve
=C2=A0 Vito Peleg--Atarim Missing Authorization vulnerability in Vito Peleg=
Atarim atarim-visual-collaboration allows Exploiting Incorrectly Configure=
d Access Control Security Levels. This issue affects Atarim: from n/a throu=
gh <=3D 4.3.1. 2026-02-03 not yet calculated CVE-2026-25019 [ https://www.c= ve.org/CVERecord?id=3DCVE-2026-25019 ] https://patchstack.com/database/Word= press/Plugin/atarim-visual-collaboration/vulnerability/wordpress-atarim-plu= gin-4-3-1-broken-access-control-vulnerability?_s_id=3Dcve
=C2=A0 WP connect--WP Sync for Notion Missing Authorization vulnerability i=
n WP connect WP Sync for Notion wp-sync-for-notion allows Exploiting Incorr= ectly Configured Access Control Security Levels. This issue affects WP Sync=
for Notion: from n/a through <=3D 1.7.0. 2026-02-03 not yet calculated CVE= -2026-25020 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25020 ] https://p= atchstack.com/database/Wordpress/Plugin/wp-sync-for-notion/vulnerability/wo= rdpress-wp-sync-for-notion-plugin-1-7-0-broken-access-control-vulnerability= ?_s_id=3Dcve
=C2=A0 Mizan Themes--Mizan Demo Importer Missing Authorization vulnerabilit=
y in Mizan Themes Mizan Demo Importer mizan-demo-importer allows Exploiting=
Incorrectly Configured Access Control Security Levels. This issue affects = Mizan Demo Importer: from n/a through <=3D 0.1.3. 2026-02-03 not yet calcul= ated CVE-2026-25021 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25021 ] h= ttps://patchstack.com/database/Wordpress/Plugin/mizan-demo-importer/vulnera= bility/wordpress-mizan-demo-importer-plugin-0-1-3-broken-access-control-vul= nerability?_s_id=3Dcve
=C2=A0 Iqonic Design--KiviCare Improper Neutralization of Special Elements = used in an SQL Command ('SQL Injection') vulnerability in Iqonic Design Kiv= iCare kivicare-clinic-management-system allows Blind SQL Injection. This is= sue affects KiviCare: from n/a through <=3D 3.6.16. 2026-02-03 not yet calc= ulated CVE-2026-25022 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25022 ]=
https://patchstack.com/database/Wordpress/Plugin/kivicare-clinic-managemen= t-system/vulnerability/wordpress-kivicare-plugin-3-6-16-sql-injection-vulne= rability?_s_id=3Dcve
=C2=A0 mdedev--Run Contests, Raffles, and Giveaways with ContestsWP Exposur=
e of Sensitive System Information to an Unauthorized Control Sphere vulnera= bility in mdedev Run Contests, Raffles, and Giveaways with ContestsWP conte= st-code-checker allows Retrieve Embedded Sensitive Data. This issue affects=
Run Contests, Raffles, and Giveaways with ContestsWP: from n/a through <=
=3D 2.0.7. 2026-02-03 not yet calculated CVE-2026-25023 [ https://www.cve.o= rg/CVERecord?id=3DCVE-2026-25023 ] https://patchstack.com/database/Wordpres= s/Plugin/contest-code-checker/vulnerability/wordpress-run-contests-raffles-= and-giveaways-with-contestswp-plugin-2-0-7-sensitive-data-exposure-vulnerab= ility?_s_id=3Dcve
=C2=A0 Blair Williams--ThirstyAffiliates Cross-Site Request Forgery (CSRF) = vulnerability in Blair Williams ThirstyAffiliates thirstyaffiliates allows = Cross Site Request Forgery. This issue affects ThirstyAffiliates: from n/a = through <=3D 3.11.9. 2026-02-03 not yet calculated CVE-2026-25024 [ https:/= /www.cve.org/CVERecord?id=3DCVE-2026-25024 ] https://patchstack.com/databas= e/Wordpress/Plugin/thirstyaffiliates/vulnerability/wordpress-thirstyaffilia= tes-plugin-3-11-9-cross-site-request-forgery-csrf-vulnerability?_s_id=3Dcve =C2=A0 ThemeMove--Unicamp Improper Control of Filename for Include/Require = Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in The= meMove Unicamp unicamp allows PHP Local File Inclusion. This issue affects = Unicamp: from n/a through <=3D 2.7.1. 2026-02-03 not yet calculated CVE-202= 6-25027 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25027 ] https://patch= stack.com/database/Wordpress/Theme/unicamp/vulnerability/wordpress-unicamp-= theme-2-7-1-local-file-inclusion-vulnerability?_s_id=3Dcve
=C2=A0 Element Invader--ElementInvader Addons for Elementor Missing Authori= zation vulnerability in Element Invader ElementInvader Addons for Elementor=
elementinvader-addons-for-elementor allows Exploiting Incorrectly Configur=
ed Access Control Security Levels. This issue affects ElementInvader Addons=
for Elementor: from n/a through <=3D 1.4.1. 2026-02-03 not yet calculated = CVE-2026-25028 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25028 ] https:= //patchstack.com/database/Wordpress/Plugin/elementinvader-addons-for-elemen= tor/vulnerability/wordpress-elementinvader-addons-for-elementor-plugin-1-4-= 1-broken-access-control-vulnerability?_s_id=3Dcve
=C2=A0 WP Chill--Passster Missing Authorization vulnerability in WP Chill P= assster content-protector allows Exploiting Incorrectly Configured Access C= ontrol Security Levels. This issue affects Passster: from n/a through <=3D = 4.2.25. 2026-02-03 not yet calculated CVE-2026-25036 [ https://www.cve.org/= CVERecord?id=3DCVE-2026-25036 ] https://patchstack.com/database/Wordpress/P= lugin/content-protector/vulnerability/wordpress-passster-plugin-4-2-25-brok= en-access-control-vulnerability?_s_id=3Dcve
=C2=A0 n8n-io--n8n n8n is an open source workflow automation platform. Prio=
r to versions 1.123.17 and 2.5.2, an authenticated user with permission to = create or modify workflows could abuse crafted expressions in workflow para= meters to trigger unintended system command execution on the host running n= 8n. This issue has been patched in versions 1.123.17 and 2.5.2. 2026-02-04 = not yet calculated CVE-2026-25049 [ https://www.cve.org/CVERecord?id=3DCVE-= 2026-25049 ] https://github.com/n8n-io/n8n/security/advisories/GHSA-6cqr-8c= fr-67f8 https://github.com/n8n-io/n8n/commit/7860896909b3d42993a36297f053d2b0e63323=
5d
https://github.com/n8n-io/n8n/commit/936c06cfc1ad269a89e8ef7f8ac79c104436d5=
4b
=C2=A0 n8n-io--n8n n8n is an open source workflow automation platform. Prio=
r to version 1.123.2, a Cross-Site Scripting (XSS) vulnerability has been i= dentified in the handling of webhook responses and related HTTP endpoints. = Under certain conditions, the Content Security Policy (CSP) sandbox protect= ion intended to isolate HTML responses may not be applied correctly. An aut= henticated user with permission to create or modify workflows could abuse t= his to execute malicious scripts with same-origin privileges when other use=
rs interact with the crafted workflow. This could lead to session hijacking=
and account takeover. This issue has been patched in version 1.123.2. 2026= -02-04 not yet calculated CVE-2026-25051 [ https://www.cve.org/CVERecord?id= =3DCVE-2026-25051 ] https://github.com/n8n-io/n8n/security/advisories/GHSA-= 825q-w924-xhgx https://github.com/n8n-io/n8n/commit/ced34c0f93ab4c759a56065965986094d8ef73=
23
https://github.com/n8n-io/n8n/commit/e8cf4d6bb3af94dc296cbb67bc3dd20e9b508a=
c9
=C2=A0 n8n-io--n8n n8n is an open source workflow automation platform. Prio=
r to versions 1.123.18 and 2.5.0, a vulnerability in the file access contro=
ls allows authenticated users with permission to create or modify workflows=
to read sensitive files from the n8n host system. This can be exploited to=
obtain critical configuration data and user credentials, leading to comple=
te account takeover of any user on the instance. This issue has been patche=
d in versions 1.123.18 and 2.5.0. 2026-02-04 not yet calculated CVE-2026-25= 052 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25052 ] https://github.co= m/n8n-io/n8n/security/advisories/GHSA-gfvg-qv54-r4pc
=C2=A0 n8n-io--n8n n8n is an open source workflow automation platform. Prio=
r to versions 1.123.10 and 2.5.0, vulnerabilities in the Git node allowed a= uthenticated users with permission to create or modify workflows to execute=
arbitrary system commands or read arbitrary files on the n8n host. This is= sue has been patched in versions 1.123.10 and 2.5.0. 2026-02-04 not yet cal= culated CVE-2026-25053 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25053 =
] https://github.com/n8n-io/n8n/security/advisories/GHSA-9g95-qf3f-ggrw
=C2=A0 n8n-io--n8n n8n is an open source workflow automation platform. Prio=
r to versions 1.123.9 and 2.2.1, a Cross-Site Scripting (XSS) vulnerability=
existed in a markdown rendering component used in n8n's interface, includi=
ng workflow sticky notes and other areas that support markdown content. An = authenticated user with permission to create or modify workflows could abus=
e this to execute scripts with same-origin privileges when other users inte= ract with a maliciously crafted workflow. This could lead to session hijack= ing and account takeover. This issue has been patched in versions 1.123.9 a=
nd 2.2.1. 2026-02-04 not yet calculated CVE-2026-25054 [ https://www.cve.or= g/CVERecord?id=3DCVE-2026-25054 ] https://github.com/n8n-io/n8n/security/ad= visories/GHSA-qpq4-pw7f-pp8w
=C2=A0 n8n-io--n8n n8n is an open source workflow automation platform. Prio=
r to versions 1.123.12 and 2.4.0, when workflows process uploaded files and=
transfer them to remote servers via the SSH node without validating their = metadata the vulnerability can lead to files being written to unintended lo= cations on those remote systems potentially leading to remote code executio=
n on those systems. As a prerequisites an unauthenticated attacker needs kn= owledge of such workflows existing and the endpoints for file uploads need =
to be unauthenticated. This issue has been patched in versions 1.123.12 and=
2.4.0. 2026-02-04 not yet calculated CVE-2026-25055 [ https://www.cve.org/= CVERecord?id=3DCVE-2026-25055 ] https://github.com/n8n-io/n8n/security/advi= sories/GHSA-m82q-59gv-mcr9
=C2=A0 n8n-io--n8n n8n is an open source workflow automation platform. Prio=
r to versions 1.118.0 and 2.4.0, a vulnerability in the Merge node's SQL Qu= ery mode allowed authenticated users with permission to create or modify wo= rkflows to write arbitrary files to the n8n server's filesystem potentially=
leading to remote code execution. This issue has been patched in versions = 1.118.0 and 2.4.0. 2026-02-04 not yet calculated CVE-2026-25056 [ https://w= ww.cve.org/CVERecord?id=3DCVE-2026-25056 ] https://github.com/n8n-io/n8n/se= curity/advisories/GHSA-hv53-3329-vmrm
=C2=A0 n8n-io--n8n n8n is an open source workflow automation platform. Prio=
r to version 2.4.8, a vulnerability in the Python Code node allows authenti= cated users to break out of the Python sandbox environment and execute code=
outside the intended security boundary. This issue has been patched in ver= sion 2.4.8. 2026-02-04 not yet calculated CVE-2026-25115 [ https://www.cve.= org/CVERecord?id=3DCVE-2026-25115 ] https://github.com/n8n-io/n8n/security/= advisories/GHSA-8398-gmmx-564h
=C2=A0 Intermesh--groupoffice Group-Office is an enterprise customer relati= onship management and groupware tool. Prior to 6.8.150, 25.0.82, and 26.0.5=
, the MaintenanceController exposes an action zipLanguage which takes a lan=
g parameter and passes it directly to a system zip command via exec(). This=
can be combined with uploading a crafted zip file to achieve remote code e= xecution. This vulnerability is fixed in 6.8.150, 25.0.82, and 26.0.5. 2026= -02-02 not yet calculated CVE-2026-25134 [ https://www.cve.org/CVERecord?id= =3DCVE-2026-25134 ] https://github.com/Intermesh/groupoffice/security/advis= ories/GHSA-v39j-549w-8849 https://github.com/Intermesh/groupoffice/commit/d28490a6a29936db7888aa841ab= 8ade88800540b
=C2=A0 RIOT-OS--RIOT RIOT is an open-source microcontroller operating syste=
m, designed to match the requirements of Internet of Things (IoT) devices a=
nd other embedded devices. In version 2025.10 and prior, multiple out-of-bo= unds read allow any unauthenticated user, with ability to send or manipulat=
e input packets, to read adjacent memory locations, or crash a vulnerable d= evice running the 6LoWPAN stack. The received packet is cast into a sixlowp= an_sfr_rfrag_t struct and dereferenced without validating the packet is lar=
ge enough to contain the struct object. At time of publication, no known pa= tch exists. 2026-02-04 not yet calculated CVE-2026-25139 [ https://www.cve.= org/CVERecord?id=3DCVE-2026-25139 ] https://github.com/RIOT-OS/RIOT/securit= y/advisories/GHSA-c8fh-23qr-97mc
=C2=A0 QwikDev--qwik Qwik is a performance focused javascript framework. Pr= ior to version 1.19.0, a Cross-Site Scripting vulnerability in Qwik.js' ser= ver-side rendering virtual attribute serialization allows a remote attacker=
to inject arbitrary web scripts into server-rendered pages via virtual att= ributes. Successful exploitation permits script execution in a victim's bro= wser in the context of the affected origin. This issue has been patched in = version 1.19.0. 2026-02-03 not yet calculated CVE-2026-25148 [ https://www.= cve.org/CVERecord?id=3DCVE-2026-25148 ] https://github.com/QwikDev/qwik/sec= urity/advisories/GHSA-m6jq-g7gq-5w3c https://github.com/QwikDev/qwik/commit/fe2d9232c0bcec99411d51a00dae29295871= d094
=C2=A0 QwikDev--qwik Qwik is a performance focused javascript framework. Pr= ior to version 1.19.0, an Open Redirect vulnerability in Qwik City's defaul=
t request handler middleware allows a remote attacker to redirect users to = arbitrary protocol-relative URLs. Successful exploitation permits attackers=
to craft convincing phishing links that appear to originate from the trust=
ed domain but redirect the victim to an attacker-controlled site. This issu=
e has been patched in version 1.19.0. 2026-02-03 not yet calculated CVE-202= 6-25149 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25149 ] https://githu= b.com/QwikDev/qwik/security/advisories/GHSA-92j7-wgmg-f32m https://github.com/QwikDev/qwik/commit/9959eab30a3ad9cc03689eaa080fcfbc33df= 71ed
=C2=A0 web2py--web2py web2py versions 2.27.1-stable+timestamp.2023.11.16.08= .03.57 and prior contain an open redirect vulnerability. If this vulnerabil= ity is exploited, the user may be redirected to an arbitrary website when a= ccessing a specially crafted URL. As a result, the user may become a victim=
of a phishing attack. 2026-02-05 not yet calculated CVE-2026-25198 [ https= ://www.cve.org/CVERecord?id=3DCVE-2026-25198 ] https://github.com/web2py/we= b2py/commit/b4e1ddbd6d40fb30863f6263a67bcdf411a0c6df https://github.com/web2py/web2py/releases
https://web2py.com/
https://jvn.jp/en/jp/JVN46925341/
=C2=A0 polarnl--PolarLearn PolarLearn is a free and open-source learning pr= ogram. In 0-PRERELEASE-15 and earlier, the OAuth 2.0 implementation for Git= Hub and Google login providers is vulnerable to Login Cross-Site Request Fo= rgery (CSRF). The application fails to implement and verify the state param= eter during the authentication flow. This allows an attacker to pre-authent= icate a session and trick a victim into logging into the attacker's account=
. Any data the victim then enters or academic progress they make is stored =
on the attacker's account, leading to data loss for the victim and informat= ion disclosure to the attacker. 2026-02-02 not yet calculated CVE-2026-2522=
1 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25221 ] https://github.com/= polarnl/PolarLearn/security/advisories/GHSA-fhhm-574m-7rpw https://github.com/polarnl/PolarLearn/commit/44669bbb5b647c7625f22dd82f3121= c7d7bfbe19
=C2=A0 polarnl--PolarLearn PolarLearn is a free and open-source learning pr= ogram. In 0-PRERELEASE-15 and earlier, a timing attack vulnerability in the=
sign-in process allows unauthenticated attackers to determine if a specifi=
c email address is registered on the platform. By measuring the response ti=
me of the login endpoint, an attacker can distinguish between valid and inv= alid email addresses. This occurs because the server only performs the comp= utationally expensive Argon2 password hashing if the user exists in the dat= abase. Requests for existing users take significantly longer (~650ms) than = requests for non-existent users (~160ms). 2026-02-02 not yet calculated CVE= -2026-25222 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25222 ] https://g= ithub.com/polarnl/PolarLearn/security/advisories/GHSA-wcr9-mvr9-4qh5 https://github.com/polarnl/PolarLearn/commit/6c276855172c7310cce0df996cb47f= fe0d886741
=C2=A0 pear--pearweb PEAR is a framework and distribution system for reusab=
le PHP components. Prior to version 1.33.0, logic bug in the roadmap role c= heck allows non-lead maintainers to create, update, or delete roadmaps. Thi=
s issue has been patched in version 1.33.0. 2026-02-03 not yet calculated C= VE-2026-25233 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25233 ] https:/= /github.com/pear/pearweb/security/advisories/GHSA-p92v-9j73-fxx3
=C2=A0 pear--pearweb PEAR is a framework and distribution system for reusab=
le PHP components. Prior to version 1.33.0, a SQL injection vulnerability i=
n category deletion can allow an attacker with access to the category manag=
er workflow to inject SQL via a category id. This issue has been patched in=
version 1.33.0. 2026-02-03 not yet calculated CVE-2026-25234 [ https://www= .cve.org/CVERecord?id=3DCVE-2026-25234 ] https://github.com/pear/pearweb/se= curity/advisories/GHSA-q28j-3p7r-6722
=C2=A0 pear--pearweb PEAR is a framework and distribution system for reusab=
le PHP components. Prior to version 1.33.0, predictable verification hashes=
may allow attackers to guess verification tokens and potentially verify el= ection account requests without authorization. This issue has been patched =
in version 1.33.0. 2026-02-03 not yet calculated CVE-2026-25235 [ https://w= ww.cve.org/CVERecord?id=3DCVE-2026-25235 ] https://github.com/pear/pearweb/= security/advisories/GHSA-477r-4cmw-3cgf
=C2=A0 pear--pearweb PEAR is a framework and distribution system for reusab=
le PHP components. Prior to version 1.33.0, a SQL injection risk exists in = karma queries due to unsafe literal substitution for an IN (...) list. This=
issue has been patched in version 1.33.0. 2026-02-03 not yet calculated CV= E-2026-25236 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25236 ] https://= github.com/pear/pearweb/security/advisories/GHSA-95mc-p966-c29f
=C2=A0 pear--pearweb PEAR is a framework and distribution system for reusab=
le PHP components. Prior to version 1.33.0, use of preg_replace() with the =
/e modifier in bug update email handling can enable PHP code execution if a= ttacker-controlled content reaches the evaluated replacement. This issue ha=
s been patched in version 1.33.0. 2026-02-03 not yet calculated CVE-2026-25= 237 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25237 ] https://github.co= m/pear/pearweb/security/advisories/GHSA-vhw6-hqh9-8r23
=C2=A0 pear--pearweb PEAR is a framework and distribution system for reusab=
le PHP components. Prior to version 1.33.0, a SQL injection vulnerability i=
n bug subscription deletion may allow attackers to inject SQL via a crafted=
email value. This issue has been patched in version 1.33.0. 2026-02-03 not=
yet calculated CVE-2026-25238 [ https://www.cve.org/CVERecord?id=3DCVE-202= 6-25238 ] https://github.com/pear/pearweb/security/advisories/GHSA-cv3c-27h= 5-7gmv
=C2=A0 pear--pearweb PEAR is a framework and distribution system for reusab=
le PHP components. Prior to version 1.33.0, a SQL injection vulnerability i=
n apidoc queue insertion can allow query manipulation if an attacker can in= fluence the inserted filename value. This issue has been patched in version=
1.33.0. 2026-02-03 not yet calculated CVE-2026-25239 [ https://www.cve.org= /CVERecord?id=3DCVE-2026-25239 ] https://github.com/pear/pearweb/security/a= dvisories/GHSA-f9mg-x463-3vxg
=C2=A0 pear--pearweb PEAR is a framework and distribution system for reusab=
le PHP components. Prior to version 1.33.0, a SQL injection vulnerability c=
an occur in user::maintains() when role filters are provided as an array an=
d interpolated into an IN (...) clause. This issue has been patched in vers= ion 1.33.0. 2026-02-03 not yet calculated CVE-2026-25240 [ https://www.cve.= org/CVERecord?id=3DCVE-2026-25240 ] https://github.com/pear/pearweb/securit= y/advisories/GHSA-xw9g-5gr2-c44f
=C2=A0 pear--pearweb PEAR is a framework and distribution system for reusab=
le PHP components. Prior to version 1.33.0, an unauthenticated SQL injectio=
n in the /get/<package>/<version> endpoint allows remote attackers to execu=
te arbitrary SQL via a crafted package version. This issue has been patched=
in version 1.33.0. 2026-02-03 not yet calculated CVE-2026-25241 [ https://= www.cve.org/CVERecord?id=3DCVE-2026-25241 ] https://github.com/pear/pearweb= /security/advisories/GHSA-63fv-vpq5-gv8p
=C2=A0 langroid--langroid Langroid is a framework for building large-langua= ge-model-powered applications. Prior to version 0.59.32, there is a bypass =
to the fix for CVE-2025-46724. TableChatAgent can call pandas_eval tool to = evaluate the expression. There is a WAF in langroid/utils/pandas_utils.py i= ntroduced to block code injection CVE-2025-46724. However it can be bypasse=
d due to _literal_ok() returning False instead of raising UnsafeCommandErro=
r on invalid input, combined with unrestricted access to dangerous dunder a= ttributes (__init__, __globals__, __builtins__). This allows chaining white= listed DataFrame methods to leak the eval builtin and execute arbitrary cod=
e. This issue has been patched in version 0.59.32. 2026-02-04 not yet calcu= lated CVE-2026-25481 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25481 ] = https://github.com/langroid/langroid/security/advisories/GHSA-x34r-63hx-w57f https://github.com/langroid/langroid/security/advisories/GHSA-jqq5-wc57-f8hj https://github.com/langroid/langroid/commit/30abbc1a854dee22fbd2f8b2f575dfd= abdb603ea
=C2=A0 craftcms--commerce Craft Commerce is an ecommerce platform for Craft=
CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a store=
d DOM XSS vulnerability exists in the "Recent Orders" dashboard widget. The=
Order Status Name is rendered via JavaScript string concatenation without = proper escaping, allowing script execution when any admin visits the dashbo= ard. This issue has been patched in versions 4.10.1 and 5.5.2. 2026-02-03 n=
ot yet calculated CVE-2026-25482 [ https://www.cve.org/CVERecord?id=3DCVE-2= 026-25482 ] https://github.com/craftcms/commerce/security/advisories/GHSA-f= rj9-9rwc-pw9j https://github.com/craftcms/commerce/commit/d94d1c9832a47a1c383e375ae87c46c= 13935ba65
https://github.com/craftcms/commerce/releases/tag/4.10.1 https://github.com/craftcms/commerce/releases/tag/5.5.2
=C2=A0 craftcms--commerce Craft Commerce is an ecommerce platform for Craft=
CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a store=
d XSS vulnerability exists in Craft Commerce's Order Status History Message=
. The message is rendered using the |md filter, which permits raw HTML, ena= bling malicious script execution. If a user has database backup utility per= missions (which do not require an elevated session), an attacker can exfilt= rate the entire database, including all user credentials, customer PII, ord=
er history, and 2FA recovery codes. This issue has been patched in versions=
4.10.1 and 5.5.2. 2026-02-03 not yet calculated CVE-2026-25483 [ https://w= ww.cve.org/CVERecord?id=3DCVE-2026-25483 ] https://github.com/craftcms/comm= erce/security/advisories/GHSA-8478-rmjg-mjj5 https://github.com/craftcms/commerce/commit/4665a47c0961aee311a42af2ff94a7c= 470f0ad8c
https://github.com/craftcms/commerce/releases/tag/4.10.1 https://github.com/craftcms/commerce/releases/tag/5.5.2
=C2=A0 craftcms--commerce Craft Commerce is an ecommerce platform for Craft=
CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, there i=
s a Stored XSS via Product Type names. The name is not sanitized when displ= ayed in user permissions settings. The vulnerable input (source) is in Comm= erce (Product Type settings), but the sink is in CMS user permissions setti= ngs. This issue has been patched in versions 4.10.1 and 5.5.2. 2026-02-03 n=
ot yet calculated CVE-2026-25484 [ https://www.cve.org/CVERecord?id=3DCVE-2= 026-25484 ] https://github.com/craftcms/commerce/security/advisories/GHSA-2= h2m-v2mg-656c https://github.com/craftcms/commerce/commit/7e1dedf06038c8e70dce0187b7048d4= ab8ffb75c
https://github.com/craftcms/commerce/releases/tag/4.10.1 https://github.com/craftcms/commerce/releases/tag/5.5.2
=C2=A0 craftcms--commerce Craft Commerce is an ecommerce platform for Craft=
CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a store=
d XSS vulnerability in Craft Commerce allows attackers to execute malicious=
JavaScript in an administrator's browser. This occurs because the Shipping=
Categories (Name & Description) fields in the Store Management section are=
not properly sanitized before being displayed in the admin panel. This iss=
ue has been patched in versions 4.10.1 and 5.5.2. 2026-02-03 not yet calcul= ated CVE-2026-25485 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25485 ] h= ttps://github.com/craftcms/commerce/security/advisories/GHSA-w8gw-qm8p-j9j3 https://github.com/craftcms/commerce/commit/fa273330807807d05b564d37c88654c= d772839ee
https://github.com/craftcms/commerce/releases/tag/4.10.1 https://github.com/craftcms/commerce/releases/tag/5.5.2
=C2=A0 craftcms--commerce Craft Commerce is an ecommerce platform for Craft=
CMS. From version 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Comm= erce allows attackers to execute malicious JavaScript in an administrator's=
browser. This occurs because the Shipping Methods Name field in the Store = Management section is not properly sanitized before being displayed in the = admin panel. This issue has been patched in version 5.5.2. 2026-02-03 not y=
et calculated CVE-2026-25486 [ https://www.cve.org/CVERecord?id=3DCVE-2026-= 25486 ] https://github.com/craftcms/commerce/security/advisories/GHSA-g92v-= wpv7-6w22 https://github.com/craftcms/commerce/commit/fa273330807807d05b564d37c88654c= d772839ee
https://github.com/craftcms/commerce/releases/tag/5.5.2
=C2=A0 craftcms--commerce Craft Commerce is an ecommerce platform for Craft=
CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a store=
d XSS vulnerability in Craft Commerce allows attackers to execute malicious=
JavaScript in an administrator's browser. This occurs because the Tax Rate=
s 'Name' field in the Store Management section is not properly sanitized be= fore being displayed in the admin panel. This issue has been patched in ver= sions 4.10.1 and 5.5.2. 2026-02-03 not yet calculated CVE-2026-25487 [ http= s://www.cve.org/CVERecord?id=3DCVE-2026-25487 ] https://github.com/craftcms= /commerce/security/advisories/GHSA-wqc5-485v-3hqh https://github.com/craftcms/commerce/commit/fa273330807807d05b564d37c88654c= d772839ee
https://github.com/craftcms/commerce/releases/tag/4.10.1 https://github.com/craftcms/commerce/releases/tag/5.5.2
=C2=A0 craftcms--commerce Craft Commerce is an ecommerce platform for Craft=
CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a store=
d XSS vulnerability in Craft Commerce allows attackers to execute malicious=
JavaScript in an administrator's browser. This occurs because the Tax Cate= gories (Name & Description) fields in the Store Management section are not = properly sanitized before being displayed in the admin panel. This issue ha=
s been patched in versions 4.10.1 and 5.5.2. 2026-02-03 not yet calculated = CVE-2026-25488 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25488 ] https:= //github.com/craftcms/commerce/security/advisories/GHSA-p6w8-q63m-72c8 https://github.com/craftcms/commerce/commit/fa273330807807d05b564d37c88654c= d772839ee
https://github.com/craftcms/commerce/releases/tag/4.10.1 https://github.com/craftcms/commerce/releases/tag/5.5.2
=C2=A0 craftcms--commerce Craft Commerce is an ecommerce platform for Craft=
CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a store=
d XSS vulnerability in Craft Commerce allows attackers to execute malicious=
JavaScript in an administrator's browser. This occurs because the Name & D= escription fields in Tax Zones are not properly sanitized before being disp= layed in the admin panel. This issue has been patched in versions 4.10.1 an=
d 5.5.2. 2026-02-03 not yet calculated CVE-2026-25489 [ https://www.cve.org= /CVERecord?id=3DCVE-2026-25489 ] https://github.com/craftcms/commerce/secur= ity/advisories/GHSA-v585-mf6r-rqrc https://github.com/craftcms/commerce/commit/fa273330807807d05b564d37c88654c= d772839ee
https://github.com/craftcms/commerce/releases/tag/4.10.1 https://github.com/craftcms/commerce/releases/tag/5.5.2
=C2=A0 craftcms--commerce Craft Commerce is an ecommerce platform for Craft=
CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a store=
d XSS vulnerability in Craft Commerce allows attackers to execute malicious=
JavaScript in an administrator's browser. This occurs because the 'Address=
Line 1' field in Inventory Locations is not properly sanitized before bein=
g displayed in the admin panel. This issue has been patched in versions 4.1= 0.1 and 5.5.2. 2026-02-03 not yet calculated CVE-2026-25490 [ https://www.c= ve.org/CVERecord?id=3DCVE-2026-25490 ] https://github.com/craftcms/commerce= /security/advisories/GHSA-wq2m-r96q-crrf https://github.com/craftcms/commerce/commit/fa273330807807d05b564d37c88654c= d772839ee
https://github.com/craftcms/commerce/releases/tag/4.10.1 https://github.com/craftcms/commerce/releases/tag/5.5.2
=C2=A0 bpg--terraform-provider-proxmox Terraform / OpenTofu Provider adds s= upport for Proxmox Virtual Environment. Prior to version 0.93.1, in the SSH=
configuration documentation, the sudoer line suggested is insecure and can=
result in escaping the folder using ../, allowing any files on the system =
to be edited. This issue has been patched in version 0.93.1. 2026-02-04 not=
yet calculated CVE-2026-25499 [ https://www.cve.org/CVERecord?id=3DCVE-202= 6-25499 ] https://github.com/bpg/terraform-provider-proxmox/security/adviso= ries/GHSA-gwch-7m8v-7544 https://github.com/bpg/terraform-provider-proxmox/commit/bd604c41a31e2a55dd= 6acc01b0608be3ea49c023
=C2=A0 Intermesh--groupoffice Group-Office is an enterprise customer relati= onship management and groupware tool. Prior to versions 6.8.150, 25.0.82, a=
nd 26.0.5, an authenticated user within the System Administrator group can = trigger a full SSRF via the WOPI service discovery URL, including access to=
internal hosts/ports. The SSRF response body can be exfiltrated via the bu= ilt=E2=80=91in debug system, turning it into a visible SSRF. This also allo=
ws full server-side file read. This issue has been patched in versions 6.8.= 150, 25.0.82, and 26.0.5. 2026-02-04 not yet calculated CVE-2026-25511 [ ht= tps://www.cve.org/CVERecord?id=3DCVE-2026-25511 ] https://github.com/Interm= esh/groupoffice/security/advisories/GHSA-r9v4-jm2r-r9pm https://github.com/Intermesh/groupoffice/commit/5ac199dce758e1ce0d1cdb6905d= f5da3c2af42b3
=C2=A0 Intermesh--groupoffice Group-Office is an enterprise customer relati= onship management and groupware tool. Prior to versions 6.8.150, 25.0.82, a=
nd 26.0.5, there is a remote code execution (RCE) vulnerability in Group-Of= fice. The endpoint email/message/tnefAttachmentFromTempFile directly concat= enates the user-controlled parameter tmp_file into an exec() call. By injec= ting shell metacharacters into tmp_file, an authenticated attacker can exec= ute arbitrary system commands on the server. This issue has been patched in=
versions 6.8.150, 25.0.82, and 26.0.5. 2026-02-04 not yet calculated CVE-2= 026-25512 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25512 ] https://git= hub.com/Intermesh/groupoffice/security/advisories/GHSA-579w-jvg7-frr4 http://github.com/Intermesh/groupoffice/commit/6c612deca97a6cd2a1bd4feea0ce= 7e8e9d907792
=C2=A0 NeoRazorX--facturascripts FacturaScripts is open-source enterprise r= esource planning and accounting software. Prior to version 2025.81, Factura= Scripts contains a critical SQL injection vulnerability in the REST API tha=
t allows authenticated API users to execute arbitrary SQL queries through t=
he sort parameter. The vulnerability exists in the ModelClass::getOrderBy()=
method where user-supplied sorting parameters are directly concatenated in=
to the SQL ORDER BY clause without validation or sanitization. This affects=
all API endpoints that support sorting functionality. This issue has been = patched in version 2025.81. 2026-02-04 not yet calculated CVE-2026-25513 [ = https://www.cve.org/CVERecord?id=3DCVE-2026-25513 ] https://github.com/NeoR= azorX/facturascripts/security/advisories/GHSA-cjfx-qhwm-hf99 https://github.com/NeoRazorX/facturascripts/commit/1b6cdfa9ee1bb3365ea4a4ad= 753452035a027605
=C2=A0 NeoRazorX--facturascripts FacturaScripts is open-source enterprise r= esource planning and accounting software. Prior to version 2025.81, Factura= Scripts contains a critical SQL injection vulnerability in the autocomplete=
functionality that allows authenticated attackers to extract sensitive dat=
a from the database including user credentials, configuration settings, and=
all stored business data. The vulnerability exists in the CodeModel::all()=
method where user-supplied parameters are directly concatenated into SQL q= ueries without sanitization or parameterized binding. This issue has been p= atched in version 2025.81. 2026-02-04 not yet calculated CVE-2026-25514 [ h= ttps://www.cve.org/CVERecord?id=3DCVE-2026-25514 ] https://github.com/NeoRa= zorX/facturascripts/security/advisories/GHSA-pqqg-5f4f-8952 https://github.com/NeoRazorX/facturascripts/commit/5c070f82665b98efd2f914a4= 769c6dc9415f5b0f
=C2=A0 wagtail--wagtail Wagtail is an open source content management system=
built on Django. Prior to versions 6.3.6, 7.0.4, 7.1.3, 7.2.2, and 7.3, du=
e to a missing permission check on the preview endpoints, a user with acces=
s to the Wagtail admin and knowledge of a model's fields can craft a form s= ubmission to obtain a preview rendering of any page, snippet or site settin=
g object for which previews are enabled, consisting of any data of the user=
's choosing. The existing data of the object itself is not exposed, but dep= ending on the nature of the template being rendered, this may expose other = database contents that would otherwise only be accessible to users with edi=
t access over the model. The vulnerability is not exploitable by an ordinar=
y site visitor without access to the Wagtail admin. This issue has been pat= ched in versions 6.3.6, 7.0.4, 7.1.3, 7.2.2, and 7.3. 2026-02-04 not yet ca= lculated CVE-2026-25517 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25517=
] https://github.com/wagtail/wagtail/security/advisories/GHSA-4qvv-g3vr-m3=
48
https://github.com/wagtail/wagtail/commit/01fd3477365a193e6a8270311defb76e8= 90d2719 https://github.com/wagtail/wagtail/commit/5f09b6da61e779b0e8499bdbba52bf2f7= bd3241f https://github.com/wagtail/wagtail/commit/73f070dbefbd3b39ea6649ce36bd2d2a6= eef2190 https://github.com/wagtail/wagtail/commit/7dfe8de5f8b3f112c73c87b6729197db1= 6454915 https://github.com/wagtail/wagtail/commit/dd824023a031f1b82a6b6f83a97a5c733= 91b7c03
=C2=A0 locutusjs--locutus Locutus brings stdlibs of other programming langu= ages to JavaScript for educational purposes. In versions from 2.0.12 to bef= ore 2.0.39, a prototype pollution vulnerability exists in locutus. Despite =
a previous fix that attempted to mitigate prototype pollution by checking w= hether user input contained a forbidden key, it is still possible to pollut=
e Object.prototype via a crafted input using String.prototype. This issue h=
as been patched in version 2.0.39. 2026-02-04 not yet calculated CVE-2026-2= 5521 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25521 ] https://github.c= om/locutusjs/locutus/security/advisories/GHSA-rxrv-835q-v5mh https://github.com/locutusjs/locutus/commit/042af9ca7fde2ff599120783e720a17= f335bb01c
=C2=A0 craftcms--commerce Craft Commerce is an ecommerce platform for Craft=
CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a store=
d XSS vulnerability in Craft Commerce allows attackers to execute malicious=
JavaScript in an administrator's browser. This occurs because the Shipping=
Zone (Name & Description) fields in the Store Management section are not p= roperly sanitized before being displayed in the admin panel. This issue has=
been patched in versions 4.10.1 and 5.5.2. 2026-02-03 not yet calculated C= VE-2026-25522 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25522 ] https:/= /github.com/craftcms/commerce/security/advisories/GHSA-h9r9-2pxg-cx9m https://github.com/craftcms/commerce/commit/fa273330807807d05b564d37c88654c= d772839ee
https://github.com/craftcms/commerce/releases/tag/4.10.1 https://github.com/craftcms/commerce/releases/tag/5.5.2
=C2=A0 agentfront--enclave Enclave is a secure JavaScript sandbox designed = for safe AI agent code execution. Prior to 2.10.1, the existing layers of s= ecurity in enclave-vm are insufficient: The AST sanitization can be bypasse=
d with dynamic property accesses, the hardening of the error objects does n=
ot cover the peculiar behavior or the vm module and the function constructo=
r access prevention can be side-stepped by leveraging host object reference=
s. This vulnerability is fixed in 2.10.1. 2026-02-06 not yet calculated CVE= -2026-25533 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25533 ] https://g= ithub.com/agentfront/enclave/security/advisories/GHSA-x39w-8vm5-5m3p https://github.com/agentfront/enclave/commit/2fcf5da81e7e2578ede6f94cae4f37= 9165426dca
https://www.staicu.org/publications/usenixSec2023-SandDriller.pdf
=C2=A0 Keats--jsonwebtoken jsonwebtoken is a JWT lib in rust. Prior to vers= ion 10.3.0, there is a Type Confusion vulnerability in jsonwebtoken, specif= ically, in its claim validation logic. When a standard claim (such as nbf o=
r exp) is provided with an incorrect JSON type (Like a String instead of a = Number), the library's internal parsing mechanism marks the claim as "Faile= dToParse". Crucially, the validation logic treats this "FailedToParse" stat=
e identically to "NotPresent". This means that if a check is enabled (like:=
validate_nbf =3D true), but the claim is not explicitly marked as required=
in required_spec_claims, the library will skip the validation check entire=
ly for the malformed claim, treating it as if it were not there. This allow=
s attackers to bypass critical time-based security restrictions (like "Not = Before" checks) and commit potential authentication and authorization bypas= ses. This issue has been patched in version 10.3.0. 2026-02-04 not yet calc= ulated CVE-2026-25537 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25537 ]=
https://github.com/Keats/jsonwebtoken/security/advisories/GHSA-h395-gr6q-c= pjc https://github.com/Keats/jsonwebtoken/commit/abbc3076742c4161347bc6b8bf4aa5= eb86e1dc01
=C2=A0 devtron-labs--devtron Devtron is an open source tool integration pla= tform for Kubernetes. In version 2.0.0 and prior, a vulnerability exists in=
Devtron's Attributes API interface, allowing any authenticated user (inclu= ding low-privileged CI/CD Developers) to obtain the global API Token signin=
g key by accessing the /orchestrator/attributes?key=3DapiTokenSecret endpoi= nt. After obtaining the key, attackers can forge JWT tokens for arbitrary u= ser identities offline, thereby gaining complete control over the Devtron p= latform and laterally moving to the underlying Kubernetes cluster. This iss=
ue has been patched via commit d2b0d26. 2026-02-04 not yet calculated CVE-2= 026-25538 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25538 ] https://git= hub.com/devtron-labs/devtron/security/advisories/GHSA-8wpc-j9q9-j5m2 https://github.com/devtron-labs/devtron/commit/d2b0d260d858ab1354b73a8f50f7= f078ca62706f
=C2=A0 tokio-rs--bytes Bytes is a utility library for working with bytes. F= rom version 1.2.1 to before 1.11.1, Bytes is vulnerable to integer overflow=
in BytesMut::reserve. In the unique reclaim path of BytesMut::reserve, if = the condition "v_capacity >=3D new_cap + offset" uses an unchecked addition=
. When new_cap + offset overflows usize in release builds, this condition m=
ay incorrectly pass, causing self.cap to be set to a value that exceeds the=
actual allocated capacity. Subsequent APIs such as spare_capacity_mut() th=
en trust this corrupted cap value and may create out-of-bounds slices, lead= ing to UB. This behavior is observable in release builds (integer overflow = wraps), whereas debug builds panic due to overflow checks. This issue has b= een patched in version 1.11.1. 2026-02-04 not yet calculated CVE-2026-25541=
[ https://www.cve.org/CVERecord?id=3DCVE-2026-25541 ] https://github.com/t= okio-rs/bytes/security/advisories/GHSA-434x-w66g-qw3r https://github.com/tokio-rs/bytes/commit/d0293b0e35838123c51ca5dfdf468ecafe= e4398f
https://github.com/tokio-rs/bytes/releases/tag/v1.11.1 https://rustsec.org/advisories/RUSTSEC-2026-0007.html
=C2=A0 mganss--HtmlSanitizer HtmlSanitizer is a .NET library for cleaning H= TML fragments and documents from constructs that can lead to XSS attacks. P= rior to versions 9.0.892 and 9.1.893-beta, if the template tag is allowed, = its contents are not sanitized. The template tag is a special tag that does=
not usually render its contents, unless the shadowrootmode attribute is se=
t to open or closed. This issue has been patched in versions 9.0.892 and 9.= 1.893-beta. 2026-02-04 not yet calculated CVE-2026-25543 [ https://www.cve.= org/CVERecord?id=3DCVE-2026-25543 ] https://github.com/mganss/HtmlSanitizer= /security/advisories/GHSA-j92c-7v7g-gj3f https://github.com/mganss/HtmlSanitizer/commit/0ac53dca30ddad963f2b243669a5= 066933d82b81
https://www.nuget.org/packages/HtmlSanitizer/9.0.892 https://www.nuget.org/packages/HtmlSanitizer/9.1.893-beta
=C2=A0 isaacs--brace-expansion @isaacs/brace-expansion is a hybrid CJS/ESM = TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-e= xpansion is vulnerable to a denial of service (DoS) issue caused by unbound=
ed brace range expansion. When an attacker provides a pattern containing re= peated numeric brace ranges, the library attempts to eagerly generate every=
possible combination synchronously. Because the expansion grows exponentia= lly, even a small input can consume excessive CPU and memory and may crash = the Node.js process. This issue has been patched in version 5.0.1. 2026-02-=
04 not yet calculated CVE-2026-25547 [ https://www.cve.org/CVERecord?id=3DC= VE-2026-25547 ] https://github.com/isaacs/brace-expansion/security/advisori= es/GHSA-7h2j-956f-4vf2
=C2=A0 Artifex Software--MuPDF MuPDF versions 1.23.0 through 1.27.0 contain=
a double-free vulnerability in fz_fill_pixmap_from_display_list() when an = exception occurs during display list rendering. The function accepts a call= er-owned fz_pixmap pointer but incorrectly drops the pixmap in its error ha= ndling path before rethrowing the exception. Callers (including the barcode=
decoding path in fz_decode_barcode_from_display_list) also drop the same p= ixmap in cleanup, resulting in a double-free that can corrupt the heap and = crash the process. This issue affects applications that enable and use MuPD=
F barcode decoding and can be triggered by processing crafted input that ca= uses a rendering-time error while decoding barcodes. 2026-02-06 not yet cal= culated CVE-2026-25556 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25556 =
] https://bugs.ghostscript.com/show_bug.cgi?id=3D709029 https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=3Dd4743b= 6092d513321c23c6f7fe5cff87cde043c1
https://mupdf.com/ https://www.vulncheck.com/advisories/mupdf-barcode-decoding-double-free
=C2=A0 WeKan--WeKan WeKan versions prior to 8.19 contain an LDAP filter inj= ection vulnerability in LDAP authentication. User-supplied username input i=
s incorporated into LDAP search filters and DN-related values without adequ= ate escaping, allowing an attacker to manipulate LDAP queries during authen= tication. 2026-02-07 not yet calculated CVE-2026-25560 [ https://www.cve.or= g/CVERecord?id=3DCVE-2026-25560 ] https://github.com/wekan/wekan/commit/0b0= e16c3eae28bbf453d33a81a9c58ce7db6d5bb
https://wekan.fi/ https://www.vulncheck.com/advisories/wekan-ldap-authentication-filter-injec= tion
=C2=A0 WeKan--WeKan WeKan versions prior to 8.19 contain an authorization w= eakness in the attachment upload API. The API does not fully validate that = provided identifiers (such as boardId, cardId, swimlaneId, and listId) are = consistent and refer to a coherent card/board relationship, enabling attemp=
ts to upload attachments with mismatched object relationships. 2026-02-07 n=
ot yet calculated CVE-2026-25561 [ https://www.cve.org/CVERecord?id=3DCVE-2= 026-25561 ] https://github.com/wekan/wekan/commit/1d16955b6d4f0a0282e89c2c1= b0415c7597019b8
https://wekan.fi/ https://www.vulncheck.com/advisories/wekan-attachment-upload-object-relatio= nship-validation-bypass
=C2=A0 WeKan--WeKan WeKan versions prior to 8.19 contain an information dis= closure vulnerability in the attachments publication. Attachment metadata c=
an be returned without properly scoping results to boards and cards accessi= ble to the requesting user, potentially exposing attachment metadata to una= uthorized users. 2026-02-07 not yet calculated CVE-2026-25562 [ https://www= .cve.org/CVERecord?id=3DCVE-2026-25562 ] https://github.com/wekan/wekan/com= mit/6dfa3beb2b6ab23438d0f4395b84bf0749eb4820
https://wekan.fi/ https://www.vulncheck.com/advisories/wekan-attachments-publication-informat= ion-disclosure
=C2=A0 WeKan--WeKan WeKan versions prior to 8.19 contain an insecure direct=
object reference (IDOR) in checklist creation and related checklist routes=
. The implementation does not verify that the supplied cardId belongs to th=
e supplied boardId, allowing cross-board ID tampering by manipulating ident= ifiers. 2026-02-07 not yet calculated CVE-2026-25563 [ https://www.cve.org/= CVERecord?id=3DCVE-2026-25563 ] https://github.com/wekan/wekan/commit/5cd87= 5813fdec5a3c40a0358b30a347967c85c14
https://wekan.fi/ https://www.vulncheck.com/advisories/wekan-checklist-creation-cross-board-i= dor
=C2=A0 WeKan--WeKan WeKan versions prior to 8.19 contain an insecure direct=
object reference (IDOR) in checklist creation and related checklist routes=
. The implementation does not verify that the supplied cardId belongs to th=
e supplied boardId, allowing cross-board ID tampering by manipulating ident= ifiers. 2026-02-07 not yet calculated CVE-2026-25564 [ https://www.cve.org/= CVERecord?id=3DCVE-2026-25564 ] https://github.com/wekan/wekan/commit/08a6f= 084eba09487743a7c807fb4a9000fcfa9ac
https://wekan.fi/ https://www.vulncheck.com/advisories/wekan-checklist-deletion-idor-via-miss= ing-relationship-validation
=C2=A0 WeKan--WeKan WeKan versions prior to 8.19 contain an authorization v= ulnerability where certain card update API paths validate only board read a= ccess rather than requiring write permission. This can allow users with rea= d-only roles to perform card updates that should require write access. 2026= -02-07 not yet calculated CVE-2026-25565 [ https://www.cve.org/CVERecord?id= =3DCVE-2026-25565 ] https://github.com/wekan/wekan/commit/181f837d8cbae96bd= f9dcbd31beaa3653c2c0285
https://wekan.fi/ https://www.vulncheck.com/advisories/wekan-read-only-board-roles-can-update= -cards
=C2=A0 WeKan--WeKan WeKan versions prior to 8.19 contain an authorization v= ulnerability in card move logic. A user can specify a destination board/lis= t/swimlane without adequate authorization checks for the destination and wi= thout validating that destination objects belong to the destination board, = potentially enabling unauthorized cross-board moves. 2026-02-07 not yet cal= culated CVE-2026-25566 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25566 =
] https://github.com/wekan/wekan/commit/198509e7600981400353aec6259247b3c04= e043e
https://wekan.fi/ https://www.vulncheck.com/advisories/wekan-cross-board-card-move-without-de= stination-authorization
=C2=A0 WeKan--WeKan WeKan versions prior to 8.19 contain an insecure direct=
object reference (IDOR) in the card comment creation API. The endpoint acc= epts an authorId from the request body, allowing an authenticated user to s= poof the recorded comment author by supplying another user's identifier. 20= 26-02-07 not yet calculated CVE-2026-25567 [ https://www.cve.org/CVERecord?= id=3DCVE-2026-25567 ] https://github.com/wekan/wekan/commit/67cb47173c1a152= d9eaf5469740992b2dacdf62d
https://wekan.fi/ https://www.vulncheck.com/advisories/wekan-card-comment-author-spoofing-via= -user-controlled-authorid
=C2=A0 WeKan--WeKan WeKan versions prior to 8.19 contain an authorization l= ogic vulnerability where the instance configuration setting allowPrivateOnl=
y is not sufficiently enforced at board creation time. When allowPrivateOnl=
y is enabled, users can still create public boards due to incomplete server= -side enforcement. 2026-02-07 not yet calculated CVE-2026-25568 [ https://w= ww.cve.org/CVERecord?id=3DCVE-2026-25568 ] https://github.com/wekan/wekan/c= ommit/7ed76c180ede46ab1dac6b8ad27e9128a272c2c8
https://wekan.fi/ https://www.vulncheck.com/advisories/wekan-allowprivateonly-setting-enforce= ment-bypass
=C2=A0 TUM-Dev--NavigaTUM NavigaTUM is a website and API to search for room=
s, buildings and other places. Prior to commit 86f34c7, there is a path tra= versal vulnerability in the propose_edits endpoint allows unauthenticated u= sers to overwrite files in directories writable by the application user (e.= g., /cdn). By supplying unsanitized file keys containing traversal sequence=
s (e.g., ../../) in the JSON payload, an attacker can escape the intended t= emporary directory and replace public facing images or fill the server's st= orage. This issue has been patched via commit 86f34c7. 2026-02-04 not yet c= alculated CVE-2026-25575 [ https://www.cve.org/CVERecord?id=3DCVE-2026-2557=
5 ] https://github.com/TUM-Dev/NavigaTUM/security/advisories/GHSA-59hj-f48w= -hjfm
https://github.com/TUM-Dev/NavigaTUM/pull/2650 https://github.com/TUM-Dev/NavigaTUM/commit/86f34c72886a59ec8f1e6c00f78a5ab= 889a70fd0
=C2=A0 navidrome--navidrome Navidrome is an open source web-based music col= lection server and streamer. Prior to version 0.60.0, authenticated users c=
an crash the Navidrome server by supplying an excessively large size parame= ter to /rest/getCoverArt or to a shared-image URL (/share/img/<token>). Whe=
n processing such requests, the server attempts to create an extremely larg=
e resized image, causing uncontrolled memory growth. This triggers the Linu=
x OOM killer, terminates the Navidrome process, and results in a full servi=
ce outage. If the system has sufficient memory and survives the allocation,=
Navidrome then writes these extremely large resized images into its cache = directory, allowing an attacker to rapidly exhaust server disk space as wel=
l. This issue has been patched in version 0.60.0. 2026-02-04 not yet calcul= ated CVE-2026-25579 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25579 ] h= ttps://github.com/navidrome/navidrome/security/advisories/GHSA-hrr4-3wgr-68=
x3
https://github.com/navidrome/navidrome/releases/tag/v0.60.0
=C2=A0 n8n-io--n8n n8n is an open source workflow automation platform. Prio=
r to 1.121.0, there is a vulnerability in the HTTP Request node's credentia=
l domain validation allowed an authenticated attacker to send requests with=
credentials to unintended domains, potentially leading to credential exfil= tration. This only might affect user who have credentials that use wildcard=
domain patterns (e.g., *.example.com) in the "Allowed domains" setting. Th=
is issue is fixed in version 1.121.0 and later. 2026-02-06 not yet calculat=
ed CVE-2026-25631 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25631 ] htt= ps://github.com/n8n-io/n8n/security/advisories/GHSA-2xcx-75h9-vr9h
=C2=A0 smn2gnt--MCP-Salesforce MCP Salesforce Connector is a Model Context = Protocol (MCP) server implementation for Salesforce integration. Prior to 0= .1.10, arbitrary attribute access leads to disclosure of Salesforce auth to= ken. This vulnerability is fixed in 0.1.10. 2026-02-06 not yet calculated C= VE-2026-25650 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25650 ] https:/= /github.com/smn2gnt/MCP-Salesforce/security/advisories/GHSA-vf6j-c56p-cq58 https://github.com/smn2gnt/MCP-Salesforce/commit/a1e3a5a786f48508d066b6d40b= 58201ebf9b7fd6
https://github.com/smn2gnt/MCP-Salesforce/releases/tag/v0.1.10
=C2=A0 anthropics--claude-code Claude Code is an agentic coding tool. Prior=
to version 2.0.57, Claude Code failed to properly validate directory chang=
es when combined with write operations to protected folders. By using the c=
d command to navigate into sensitive directories like .claude, it was possi= ble to bypass write protection and create or modify files without user conf= irmation. Reliably exploiting this required the ability to add untrusted co= ntent into a Claude Code context window. This issue has been patched in ver= sion 2.0.57. 2026-02-06 not yet calculated CVE-2026-25722 [ https://www.cve= .org/CVERecord?id=3DCVE-2026-25722 ] https://github.com/anthropics/claude-c= ode/security/advisories/GHSA-66q4-vfjg-2qhh
=C2=A0 anthropics--claude-code Claude Code is an agentic coding tool. Prior=
to version 2.0.55, Claude Code failed to properly validate commands using = piped sed operations with the echo command, allowing attackers to bypass fi=
le write restrictions. This vulnerability enabled writing to sensitive dire= ctories like the .claude folder and paths outside the project scope. Exploi= ting this required the ability to execute commands through Claude Code with=
the "accept edits" feature enabled. This issue has been patched in version=
2.0.55. 2026-02-06 not yet calculated CVE-2026-25723 [ https://www.cve.org= /CVERecord?id=3DCVE-2026-25723 ] https://github.com/anthropics/claude-code/= security/advisories/GHSA-mhg7-666j-cqg4
=C2=A0 anthropics--claude-code Claude Code is an agentic coding tool. Prior=
to version 2.1.7, Claude Code failed to strictly enforce deny rules config= ured in settings.json when accessing files through symbolic links. If a use=
r explicitly denied Claude Code access to a file (such as /etc/passwd) and = Claude Code had access to a symbolic link pointing to that file, it was pos= sible for Claude Code to read the restricted file through the symlink witho=
ut triggering deny rule enforcement. This issue has been patched in version=
2.1.7. 2026-02-06 not yet calculated CVE-2026-25724 [ https://www.cve.org/= CVERecord?id=3DCVE-2026-25724 ] https://github.com/anthropics/claude-code/s= ecurity/advisories/GHSA-4q92-rfm6-2cqx
=C2=A0 anthropics--claude-code Claude Code is an agentic coding tool. Prior=
to version 2.1.2, Claude Code's bubblewrap sandboxing mechanism failed to = properly protect the .claude/settings.json configuration file when it did n=
ot exist at startup. While the parent directory was mounted as writable and=
.claude/settings.local.json was explicitly protected with read-only constr= aints, settings.json was not protected if it was missing. This allowed mali= cious code running inside the sandbox to create this file and inject persis= tent hooks (such as SessionStart commands) that would execute with host pri= vileges when Claude Code was restarted. This issue has been patched in vers= ion 2.1.2. 2026-02-06 not yet calculated CVE-2026-25725 [ https://www.cve.o= rg/CVERecord?id=3DCVE-2026-25725 ] https://github.com/anthropics/claude-cod= e/security/advisories/GHSA-ff64-7w26-62rf
=C2=A0 time-rs--time time provides date and time handling in Rust. From 0.3=
.6 to before 0.3.47, when user-provided input is provided to any type that = parses with the RFC 2822 format, a denial of service attack via stack exhau= stion is possible. The attack relies on formally deprecated and rarely-used=
features that are part of the RFC 2822 format used in a malicious manner. = Ordinary, non-malicious input will never encounter this scenario. A limit t=
o the depth of recursion was added in v0.3.47. From this version, an error = will be returned rather than exhausting the stack. 2026-02-06 not yet calcu= lated CVE-2026-25727 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25727 ] = https://github.com/time-rs/time/security/advisories/GHSA-r6v5-fh4h-64xc https://github.com/time-rs/time/commit/1c63dc7985b8fa26bd8c689423cc56b7a038= 41ee
https://github.com/time-rs/time/blob/main/CHANGELOG.md#0347-2026-02-05 https://github.com/time-rs/time/releases/tag/v0.3.47
=C2=A0 lintsinghua--DeepAudit DeepAudit is a multi-agent system for code vu= lnerability discovery. In 3.0.4 and earlier, there is an improper access co= ntrol vulnerability in the /api/v1/users/ endpoint allows any authenticated=
user to enumerate all users in the system and retrieve sensitive informati=
on including email addresses, phone numbers, full names, and role informati= on. 2026-02-06 not yet calculated CVE-2026-25729 [ https://www.cve.org/CVER= ecord?id=3DCVE-2026-25729 ] https://github.com/lintsinghua/DeepAudit/securi= ty/advisories/GHSA-vmmm-48w2-q56q https://github.com/lintsinghua/DeepAudit/commit/b2a3b26579d3fdbab5236ae12ed= 67ae2313175fd
=C2=A0 frangoteam--FUXA FUXA is a web-based Process Visualization (SCADA/HM= I/Dashboard) software. An information disclosure vulnerability in FUXA allo=
ws an unauthenticated, remote attacker to retrieve sensitive administrative=
database credentials. Exploitation allows an unauthenticated, remote attac= ker to obtain the full system configuration, including administrative crede= ntials for the InfluxDB database. Possession of these credentials may allow=
an attacker to authenticate directly to the database service, enabling the=
m to read, modify, or delete all historical process data, or perform a Deni=
al of Service by corrupting the database. This affects FUXA through version=
1.2.9. This issue has been patched in FUXA version 1.2.10. 2026-02-06 not = yet calculated CVE-2026-25751 [ https://www.cve.org/CVERecord?id=3DCVE-2026= -25751 ] https://github.com/frangoteam/FUXA/security/advisories/GHSA-c5gq-4= h56-4mmx
https://github.com/frangoteam/FUXA/releases/tag/v1.2.10
=C2=A0 frangoteam--FUXA FUXA is a web-based Process Visualization (SCADA/HM= I/Dashboard) software. An authorization bypass vulnerability in FUXA allows=
an unauthenticated, remote attacker to modify device tags via WebSockets. = Exploitation allows an unauthenticated, remote attacker to bypass role-base=
d access controls and overwrite arbitrary device tags or disable communicat= ion drivers, exposing connected ICS/SCADA environments to follow-on actions=
. This may allow an attacker to manipulate physical processes and disconnec= ted devices from the HMI. This affects FUXA through version 1.2.9. This iss=
ue has been patched in FUXA version 1.2.10. 2026-02-06 not yet calculated C= VE-2026-25752 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25752 ] https:/= /github.com/frangoteam/FUXA/security/advisories/GHSA-ggxw-g3cp-mgf8 https://github.com/frangoteam/FUXA/releases/tag/v1.2.10
=C2=A0 Praskla-Technology--assessment-placipy PlaciPy is a placement manage= ment system designed for educational institutions. In version 1.0.0, the ap= plication uses a hard-coded, static default password for all newly created = student accounts. This results in mass account takeover, allowing any attac= ker to log in as any student once the password is known. 2026-02-06 not yet=
calculated CVE-2026-25753 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25= 753 ] https://github.com/Praskla-Technology/assessment-placipy/security/adv= isories/GHSA-6537-cf56-j9w2
=C2=A0 spree--spree Spree is an open source e-commerce solution built with = Ruby on Rails. Prior to versions 5.0.8, 5.1.10, 5.2.7, and 5.3.2, unauthent= icated users can view completed guest orders by Order ID. This issue may le=
ad to disclosure of PII of guest users (including names, addresses and phon=
e numbers). This issue has been patched in versions 5.0.8, 5.1.10, 5.2.7, a=
nd 5.3.2. 2026-02-06 not yet calculated CVE-2026-25757 [ https://www.cve.or= g/CVERecord?id=3DCVE-2026-25757 ] https://github.com/spree/spree/security/a= dvisories/GHSA-p6pv-q7rc-g4h9 https://github.com/spree/spree/commit/3e00be64c128ef4bd4b99731f0c3ab469509c= fab https://github.com/spree/spree/commit/6b32ed7d474aa55fa441990e6aa39740152aa= 1be https://github.com/spree/spree/commit/6f6b8a7a28a8bff24a6e20eab04b4bbbdf393= 84d https://github.com/spree/spree/commit/ea4a5db590ca753dbc986f2a4e818d9e0edfb= 1ad https://github.com/spree/spree/blob/1341623f2ae92685cdbe232885bf5808fc8f9ca= 8/storefront/app/controllers/spree/orders_controller.rb#L14 https://github.com/spree/spree/blob/1341623f2ae92685cdbe232885bf5808fc8f9ca= 8/storefront/app/controllers/spree/orders_controller.rb#L51C1-L55C8 https://github.com/spree/spree/blob/a878eb4a782ce0445d218ea86fb12075b0e3d7c= c/core/lib/spree/core/number_generator.rb#L45
=C2=A0 spree--spree Spree is an open source e-commerce solution built with = Ruby on Rails. A critical IDOR vulnerability exists in Spree Commerce's gue=
st checkout flow that allows any guest user to bind arbitrary guest address=
es to their order by manipulating address ID parameters. This enables unaut= horized access to other guests' personally identifiable information (PII) i= ncluding names, addresses and phone numbers. The vulnerability bypasses exi= sting ownership validation checks and affects all guest checkout transactio= ns. This vulnerability is fixed in 4.10.3, 5.0.8, 5.1.10, 5.2.7, and 5.3.2.=
2026-02-06 not yet calculated CVE-2026-25758 [ https://www.cve.org/CVEReco= rd?id=3DCVE-2026-25758 ] https://github.com/spree/spree/security/advisories= /GHSA-87fh-rc96-6fr6 https://github.com/spree/spree/commit/15619618e43b367617ec8d2d4aafc5e54fa7b= 734 https://github.com/spree/spree/commit/29282d1565ba4f7bc2bbc47d550e2c0c6d0ae= 59f https://github.com/spree/spree/commit/6650f96356faa0d16c05bcb516f1ffd564174= 1b8 https://github.com/spree/spree/commit/902d301ac83fd2047db1b9a3a99545162860f= 748 https://github.com/spree/spree/commit/ff7cfcfcfe0c40c60d03317e1d0ee361c6a6b= 054 https://github.com/spree/spree/blob/1341623f2ae92685cdbe232885bf5808fc8f9ca= 8/core/app/models/spree/order/address_book.rb#L16-L38 https://github.com/spree/spree/blob/1341623f2ae92685cdbe232885bf5808fc8f9ca= 8/core/app/models/spree/order/checkout.rb#L241-L254 https://github.com/spree/spree/blob/1341623f2ae92685cdbe232885bf5808fc8f9ca= 8/core/app/services/spree/checkout/update.rb#L33-L48 https://github.com/spree/spree/blob/1341623f2ae92685cdbe232885bf5808fc8f9ca= 8/core/lib/spree/permitted_attributes.rb#L92-L96
=C2=A0 opf--openproject OpenProject is an open-source, web-based project ma= nagement software. Prior to versions 16.6.7 and 17.0.3, an arbitrary file w= rite vulnerability exists in OpenProject's repository changes endpoint (/pr= ojects/:project_id/repository/changes) when rendering the "latest changes" = view via git log. By supplying a specially crafted rev value (for example, = rev=3D--output=3D/tmp/poc.txt), an attacker can inject git log command-line=
options. When OpenProject executes the SCM command, Git interprets the att= acker-controlled rev as an option and writes the output to an attacker-chos=
en path. As a result, any user with the :browse_repository permission on th=
e project can create or overwrite arbitrary files that the OpenProject proc= ess user is permitted to write. The written contents consist of git log out= put, but by crafting custom commits the attacker can still upload valid she=
ll scripts, ultimately leading to RCE. The RCE lets the attacker create a r= everse shell to the target host and view confidential files outside of Open= Project, such as /etc/passwd. This issue has been patched in versions 16.6.=
7 and 17.0.3. 2026-02-06 not yet calculated CVE-2026-25763 [ https://www.cv= e.org/CVERecord?id=3DCVE-2026-25763 ] https://github.com/opf/openproject/se= curity/advisories/GHSA-x37c-hcg5-r5m7 https://github.com/opf/openproject/releases/tag/v16.6.7 https://github.com/opf/openproject/releases/tag/v17.0.3
=C2=A0 slackhq--nebula Nebula is a scalable overlay networking tool. In ver= sions from 1.7.0 to 1.10.2, when using P256 certificates (which is not the = default configuration), it is possible to evade a blocklist entry created a= gainst the fingerprint of a certificate by using ECDSA Signature Malleabili=
ty to use a copy of the certificate with a different fingerprint. This issu=
e has been patched in version 1.10.3. 2026-02-06 not yet calculated CVE-202= 6-25793 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25793 ] https://githu= b.com/slackhq/nebula/security/advisories/GHSA-69x3-g4r3-p962 https://github.com/slackhq/nebula/commit/f573e8a26695278f9d71587390fbfe0d09= 33aa21
=C2=A0 antrea-io--antrea Antrea is a Kubernetes networking solution intende=
d to be Kubernetes native. Prior to versions 2.3.2 and 2.4.3, Antrea's netw= ork policy priority assignment system has a uint16 arithmetic overflow bug = that causes incorrect OpenFlow priority calculations when handling a large = numbers of policies with various priority values. This results in potential=
ly incorrect traffic enforcement. This issue has been patched in versions 2= .4.3. 2026-02-06 not yet calculated CVE-2026-25804 [ https://www.cve.org/CV= ERecord?id=3DCVE-2026-25804 ] https://github.com/antrea-io/antrea/security/= advisories/GHSA-86x4-wp9f-wrr9
https://github.com/antrea-io/antrea/pull/7496 https://github.com/antrea-io/antrea/commit/86c4b6010f3be536866f339b632621c2= 3d7186fa
=C2=A0 Shenzhen Tenda Technology--Tenda G300-F Tenda G300-F router firmware=
versio 16.01.14.2 and prior contain an OS command injection vulnerability =
in the WAN diagnostic functionality (formSetWanDiag). The implementation co= nstructs a shell command that invokes curl and incorporates attacker-contro= lled input into the command line without adequate neutralization. As a resu= lt, a remote attacker with access to the affected management interface can = inject additional shell syntax and execute arbitrary commands on the device=
with the privileges of the management process. 2026-02-07 not yet calculat=
ed CVE-2026-25857 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25857 ] htt= ps://blog.evan.lat/blog/cve-2026-25857/ https://www.tendacn.com/material/show/736333682028613 https://www.vulncheck.com/advisories/tenda-g300-f-command-injection-via-for= msetwandiag
=C2=A0 macrozheng--mall macrozheng mall version 1.0.3 and prior contains an=
authentication vulnerability in the mall-portal password reset workflow th=
at allows an unauthenticated attacker to reset arbitrary user account passw= ords using only a victim's telephone number. The password reset flow expose=
s the one-time password (OTP) directly in the API response and validates pa= ssword reset requests solely by comparing the provided OTP to a value store=
d by telephone number, without verifying user identity or ownership of the = telephone number. This enables remote account takeover of any user with a k= nown or guessable telephone number. 2026-02-07 not yet calculated CVE-2026-= 25858 [ https://www.cve.org/CVERecord?id=3DCVE-2026-25858 ] https://github.= com/macrozheng/mall/issues/946
https://www.macrozheng.com/ https://www.vulncheck.com/advisories/macrozheng-mall-unauthenticated-passwo= rd-reset-via-otp-disclosure
=C2=A0 WeKan--WeKan Wekan versions prior to 8.20 allow non-administrative u= sers to access migration functionality due to insufficient permission check=
s, potentially resulting in unauthorized migration operations. 2026-02-07 n=
ot yet calculated CVE-2026-25859 [ https://www.cve.org/CVERecord?id=3DCVE-2= 026-25859 ] https://github.com/wekan/wekan/commit/cbb1cd78de3e40264a5e047ac= e0ce27f8635b4e6
https://wekan.fi/ https://www.vulncheck.com/advisories/wekan-migration-functionality-insuffic= ient-permission-checks
=C2=A0=20

Back to top [ #top ]

body { font-size: 1em; font-family: Arial, Verdana, sans-serif; font-weight=
: normal; font-style: normal; color: #333333; }=20

Having trouble viewing this message?=C2=A0View it as a webpage [ https://co= ntent.govdelivery.com/accounts/USDHSCISA/bulletins/4090726 ].=C2=A0 [ https= ://content.govdelivery.com/accounts/USDHS/bulletins/292141e ]

You are subscribed to updates from the Cybersecurity and Infrastructure Sec= urity Agency [ https://www.cisa.gov ] (CISA)
Manage Subscriptions [ https://public.govdelivery.com/accounts/USDHSCISA/su= bscriber/edit?preferences=3Dtrue#tab1 ]=C2=A0=C2=A0|=C2=A0=C2=A0Privacy Pol= icy [ https://www.cisa.gov/privacy-policy ]=C2=A0=C2=A0|=C2=A0 Help [ https= ://subscriberhelp.granicus.com/s/article/Subscriber-Help-Center ] [ https:/= /insights.govdelivery.com/Communications/Subscriber_Help_Center ]

Connect with CISA:=20
Facebook [ https://www.facebook.com/CISA ]=C2=A0 |=C2=A0 Twitter [ https://= twitter.com/CISAgov ]=C2=A0 |=C2=A0 Instagram [ https://Instagram.com/cisag=
ov ]=C2=A0 |=C2=A0 LinkedIn [ https://www.linkedin.com/company/cybersecurit= y-and-infrastructure-security-agency ]=C2=A0 |=C2=A0=C2=A0 YouTube [ https:= //www.youtube.com/channel/UCxyq9roe-npgzrVwbpoAy0A ]

________________________________________________________________________

This email was sent to cisa@toolazy.synchro.net using GovDelivery Communica= tions Cloud, on behalf of: Cybersecurity and Infrastructure Security Agency=
=C2=B7 707 17th St, Suite 4000 =C2=B7 Denver, CO 80202 GovDelivery logo [ = https://subscriberhelp.granicus.com/ ]=20
body .abe-column-block { min-height: 5px; } table.gd_combo_table img {margi= n-left:10px; margin-right:10px;} table.gd_combo_table div.govd_image_displa=
y img, table.gd_combo_table td.gd_combo_image_cell img {margin-left:0px; ma= rgin-right:0px;}

--===============3080814400787859564==
Content-Type: text/html; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns=3D"http://www.w3.org/1999/xhtml" xml:lang=3D"en" lang=3D"en"> <head>
<title> Vulnerability Summary for the Week of February 2, 2026
</title>

</head>
<body style=3D"">

<table width=3D"700" border=3D"0" cellspacing=3D"0" cellpadding=3D"0"=
align=3D"center">
<tr>
<td>


<a name=3D"gd_top" id=3D"gd_top"></a>

=20

<img src=3D"https://content.govdelivery.com/attachments/fancy_images/U= SDHSCISA/2020/06/3486054/05152023-gov-delivery-banner-copy_original.png" al= t=3D"Cybersecurity and Infrastructure Security Agency (CISA)" title=3D"" wi= dth=3D"600" height=3D"100">
You are subscribed to Vulnerability Bulletins for Cybersecurity and In= frastructure Security Agency. This information has recently been updated an=
d is now available.
The CISA Vulnerability Bulletin provides a summary of new vulnerabilitie=
s that have been recorded in the past week. In some cases, the vulnerabilit= ies in the bulletin may not yet have assigned CVSS scores. Vulnerabilities are based on the=C2=A0<a href=3D"https://www.cve.org/" t= arget=3D"_blank" class=3D"ext" data-extlink=3D"" rel=3D"noopener">Common Vu= lnerabilities and Exposures</a>=C2=A0(CVE) vulnerability naming standard an=
d are organized according to severity, determined by the=C2=A0<a href=3D"ht= tps://www.cve.org/about/relatedefforts" target=3D"_blank" rel=3D"noopener">= Common Vulnerability Scoring System</a>=C2=A0(CVSS) standard. The division =
of high, medium, and low severities correspond to the following scores:

High: vulnerabilities with a CVSS base score of 7.0=E2=80= =9310.0</li>

Medium: vulnerabilities with a CVSS base score of 4.0=E2= =80=936.9</li>

Low: vulnerabilities with a CVSS base score of 0.0=E2=80= =933.9</li>
</ul>
Entries may include additional information provided by organizations and=
efforts sponsored by CISA. This information may include identifying inform= ation, values, definitions, and related links. Patch information is provide=
d when available. Please note that some of the information in the bulletin =
is compiled from external, open-source reports and is not a direct result o=
f CISA analysis.
<div class=3D"rss_item" style=3D"margin-bottom: 2em;">
<div class=3D"rss_title" style=3D"font-weight: bold; font-size: 120%; margi=
n: 0 0 0.3em; padding: 0;"><a href=3D"https://www.cisa.gov/news-events/bull= etins/sb26-040" target=3D"_blank" title=3D"Vulnerability Summary for the We=
ek of February 2, 2026" rel=3D"noopener">Vulnerability Summary for the Week=
of February 2, 2026</a></div>
<div class=3D"rss_pub_date" style=3D"font-size: 90%; font-style: italic; co= lor: #666666; margin: 0 0 0.3em; padding: 0;">02/09/2026 02:00 PM EST</div> <div class=3D"rss_description" style=3D"margin: 0 0 0.3em; padding: 0;">
<div id=3D"high_v">
<h2 id=3D"high_v_title">High Vulnerabilities</h2>
<table class=3D"table no-tablesaw" style=3D"table-layout: fixed; width: 100= %;" border=3D"1" summary=3D"High Vulnerabilities" align=3D"center">
<thead>

<th class=3D"vendor-product" style=3D"width: 24%;" scope=3D"col">
Primary Vendor -- Product</th>
<th style=3D"width: 44%;" scope=3D"col">Description</th>
<th style=3D"width: 10%;" scope=3D"col">Published</th>
<th style=3D"width: 8%;" scope=3D"col">CVSS Score</th>
<th style=3D"width: 7%;" scope=3D"col">Source Info</th>
<th style=3D"width: 7%;" scope=3D"col">Patch Info</th>
</tr>
</thead>
<tbody>

<td class=3D"vendor-product">Insaat--Fikir Odalari AdminPando</td>
<td>A SQL injection vulnerability exists in the login functionality of Fiki=
r Odalari AdminPando 1.0.1 before 2026-01-26. The username and password par= ameters are vulnerable to SQL injection, allowing unauthenticated attackers=
to bypass authentication completely. Successful exploitation grants full a= dministrative access to the application, including the ability to manipulat=
e the public-facing website content (HTML/DOM manipulation).</td> <td>2026-02-03</td>
<td>10</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-10878" target=3D= "_blank" rel=3D"noopener">CVE-2025-10878</a></td>

<a href=3D"https://onurcangenc.com.tr/posts/cve-2025-10878-sql-authenticati= on-bypass-in-fikir-odalar%C4%B1-adminpando/" target=3D"_blank" rel=3D"noope= ner">https://onurcangenc.com.tr/posts/cve-2025-10878-sql-authentication-byp= ass-in-fikir-odalar%C4%B1-adminpando/</a> <a href=3D"https://github.com/= onurcangnc/CVE-2025-10878-AdminPandov1.0.1-SQLi" target=3D"_blank" rel=3D"n= oopener">https://github.com/onurcangnc/CVE-2025-10878-AdminPandov1.0.1-SQLi= </a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Zenitel--TCIS-3+</td>
<td>This vulnerability allows authenticated attackers to execute arbitrary = commands on the underlying system using the file name of an uploaded file.<=

<td>2026-02-04</td>
<td>10</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-59818" target=3D= "_blank" rel=3D"noopener">CVE-2025-59818</a></td>

<a href=3D"https://wiki.zenitel.com/wiki/Turbine_9.3_-_Release_notes" targe= t=3D"_blank" rel=3D"noopener">Zenitel Release Notes Turbine</a> <a href= =3D"https://www.zenitel.com/sites/default/files/2025-12/A100K12333%20Zenite= l%20Security%20Advisory.pdf" target=3D"_blank" rel=3D"noopener">Zenitel Sec= urity Advisory</a> <a href=3D"https://wiki.zenitel.com/wiki/VSF-Fortitud= e8_9.3_Release_Notes" target=3D"_blank" rel=3D"noopener">Zenitel Release No= tes Fortitude8</a> <a href=3D"https://wiki.zenitel.com/wiki/ZIPS_9.3_-_R= elease_notes" target=3D"_blank" rel=3D"noopener">Zenitel Release Notes ZIPS= </a> <a href=3D"https://wiki.zenitel.com/wiki/VSF-Fortitude6_9.3_Release= _Notes" target=3D"_blank" rel=3D"noopener">Zenitel Release Notes Fortitude6= </a> <a href=3D"https://wiki.zenitel.com/wiki/VSF-Display_Series_9.3_Rel= ease_Notes" target=3D"_blank" rel=3D"noopener">Zenitel Release Notes Displa=
y Series</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">n/a--Docan[.]co</td>
<td>Dokans Multi-Tenancy Based eCommerce Platform SaaS 3.9.2 allows unauthe= nticated remote attackers to obtain sensitive application configuration dat=
a via direct request to /script/.env file. The exposed file contains Larave=
l application encryption key (APP_KEY), database credentials, SMTP/SendGrid=
API credentials, and internal configuration parameters, enabling complete = system compromise including authentication bypass via session token forgery=
, direct database access to all tenant data, and email infrastructure takeo= ver. Due to the multi-tenancy architecture, this vulnerability affects all = tenants in the system.</td>
<td>2026-02-03</td>
<td>10</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-70841" target=3D= "_blank" rel=3D"noopener">CVE-2025-70841</a></td>

<a href=3D"https://codecanyon.net/item/dokans-multitenancy-based-ecommerce-= platform-saas/31122915" target=3D"_blank" rel=3D"noopener">https://codecany= on.net/item/dokans-multitenancy-based-ecommerce-platform-saas/31122915</a><= br><a href=3D"https://github.com/cod3rLucas/security-advisories/blob/main/C= VE-2025-70841.md" target=3D"_blank" rel=3D"noopener">https://github.com/cod= 3rLucas/security-advisories/blob/main/CVE-2025-70841.md</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Synectix--LAN 232 TRIO</td>
<td>The Synectix LAN 232 TRIO 3-Port serial to ethernet adapter exposes its=
web management interface without requiring authentication, allowing unauth= enticated users to modify critical device settings or factory reset the dev= ice.</td>
<td>2026-02-03</td>
<td>10</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1633" target=3D"= _blank" rel=3D"noopener">CVE-2026-1633</a></td>

<a href=3D"https://www.cisa.gov/news-events/ics-advisories/icsa-26-034-04" = target=3D"_blank" rel=3D"noopener">https://www.cisa.gov/news-events/ics-adv= isories/icsa-26-034-04</a> <a href=3D"https://github.com/cisagov/CSAF/bl= ob/develop/csaf_files/OT/white/2026/icsa-26-034-04.json" target=3D"_blank" = rel=3D"noopener">https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT= /white/2026/icsa-26-034-04.json</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">SignalK--signalk-server</td>
<td>Signal K Server is a server application that runs on a central hub in a=
boat. Prior to 1.5.0, a command injection vulnerability allows authenticat=
ed users with write permissions to execute arbitrary shell commands on the = Signal K server when the set-system-time plugin is enabled. Unauthenticated=
users can also exploit this vulnerability if security is disabled on the S= ignal K server. This occurs due to unsafe construction of shell commands wh=
en processing navigation.datetime values received via WebSocket delta messa= ges. This vulnerability is fixed in 1.5.0.</td>
<td>2026-02-02</td>
<td>10</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23515" target=3D= "_blank" rel=3D"noopener">CVE-2026-23515</a></td>

<a href=3D"https://github.com/SignalK/signalk-server/security/advisories/GH= SA-p8gp-2w28-mhwg" target=3D"_blank" rel=3D"noopener">https://github.com/Si= gnalK/signalk-server/security/advisories/GHSA-p8gp-2w28-mhwg</a> <a href= =3D"https://github.com/SignalK/set-system-time/commit/75b11eae2de528bf89ede= 3fb1f7ed057ddbb4d24" target=3D"_blank" rel=3D"noopener">https://github.com/= SignalK/set-system-time/commit/75b11eae2de528bf89ede3fb1f7ed057ddbb4d24</a>= =C2=A0</td>
</tr>

<td class=3D"vendor-product">nyariv--SandboxJS</td>
<td>SandboxJS is a JavaScript sandboxing library. Prior to 0.8.27, SanboxJS=
does not properly restrict __lookupGetter__ which can be used to obtain pr= ototypes, which can be used for escaping the sandbox / remote code executio=
n. This vulnerability is fixed in 0.8.27.</td>
<td>2026-02-02</td>
<td>10</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25142" target=3D= "_blank" rel=3D"noopener">CVE-2026-25142</a></td>

<a href=3D"https://github.com/nyariv/SandboxJS/security/advisories/GHSA-9p4= w-fq8m-2hp7" target=3D"_blank" rel=3D"noopener">https://github.com/nyariv/S= andboxJS/security/advisories/GHSA-9p4w-fq8m-2hp7</a> <a href=3D"https://= github.com/nyariv/SandboxJS/commit/75c8009db32e6829b0ad92ca13bf458178442bd3=
" target=3D"_blank" rel=3D"noopener">https://github.com/nyariv/SandboxJS/co= mmit/75c8009db32e6829b0ad92ca13bf458178442bd3</a> <a href=3D"https://git= hub.com/nyariv/SandboxJS/blob/f212a38fb5a6d4bc2bc2e2466c0c011ce8d41072/src/= executor.ts#L368-L398" target=3D"_blank" rel=3D"noopener">https://github.co= m/nyariv/SandboxJS/blob/f212a38fb5a6d4bc2bc2e2466c0c011ce8d41072/src/execut= or.ts#L368-L398</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">ci4-cms-erp--ci4ms</td>
<td>CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-= ready, modular architecture with RBAC authorization and theme support. Prio=
r to version 0.28.5.0, an authenticated user with file editor permissions c=
an achieve Remote Code Execution (RCE) by leveraging the file creation and = save endpoints, an attacker can upload and execute arbitrary PHP code on th=
e server. This issue has been patched in version 0.28.5.0.</td> <td>2026-02-03</td>
<td>10</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25510" target=3D= "_blank" rel=3D"noopener">CVE-2026-25510</a></td>

<a href=3D"https://github.com/ci4-cms-erp/ci4ms/security/advisories/GHSA-gp= 56-f67f-m4px" target=3D"_blank" rel=3D"noopener">https://github.com/ci4-cms= -erp/ci4ms/security/advisories/GHSA-gp56-f67f-m4px</a> <a href=3D"https:= //github.com/ci4-cms-erp/ci4ms/commit/86be2930d1c54eb7575102563302b2f3bafcb= 653" target=3D"_blank" rel=3D"noopener">https://github.com/ci4-cms-erp/ci4m= s/commit/86be2930d1c54eb7575102563302b2f3bafcb653</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">nyariv--SandboxJS</td>
<td>SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, The retu=
rn values of functions aren't wrapped. Object.values/Object.entries can be = used to get an Array containing the host's Function constructor, by using A= rray.prototype.at you can obtain the hosts Function constructor, which can =
be used to execute arbitrary code outside of the sandbox. This vulnerabilit=
y is fixed in 0.8.29.</td>
<td>2026-02-06</td>
<td>10</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25520" target=3D= "_blank" rel=3D"noopener">CVE-2026-25520</a></td>

<a href=3D"https://github.com/nyariv/SandboxJS/security/advisories/GHSA-58j= h-xv4v-pcx4" target=3D"_blank" rel=3D"noopener">https://github.com/nyariv/S= andboxJS/security/advisories/GHSA-58jh-xv4v-pcx4</a> <a href=3D"https://= github.com/nyariv/SandboxJS/commit/67cb186c41c78c51464f70405504e8ef0a6e43c3=
" target=3D"_blank" rel=3D"noopener">https://github.com/nyariv/SandboxJS/co= mmit/67cb186c41c78c51464f70405504e8ef0a6e43c3</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">nyariv--SandboxJS</td>
<td>SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, a sandbo=
x escape is possible by shadowing hasOwnProperty on a sandbox object, which=
disables prototype whitelist enforcement in the property-access path. This=
permits direct access to __proto__ and other blocked prototype properties,=
enabling host Object.prototype pollution and persistent cross-sandbox impa= ct. This vulnerability is fixed in 0.8.29.</td>
<td>2026-02-06</td>
<td>10</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25586" target=3D= "_blank" rel=3D"noopener">CVE-2026-25586</a></td>

<a href=3D"https://github.com/nyariv/SandboxJS/security/advisories/GHSA-jjp= w-65fv-8g48" target=3D"_blank" rel=3D"noopener">https://github.com/nyariv/S= andboxJS/security/advisories/GHSA-jjpw-65fv-8g48</a> <a href=3D"https://= github.com/nyariv/SandboxJS/commit/67cb186c41c78c51464f70405504e8ef0a6e43c3=
" target=3D"_blank" rel=3D"noopener">https://github.com/nyariv/SandboxJS/co= mmit/67cb186c41c78c51464f70405504e8ef0a6e43c3</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">nyariv--SandboxJS</td>
<td>SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, as Map i=
s in SAFE_PROTOYPES, it's prototype can be obtained via Map.prototype. By o= verwriting Map.prototype.has the sandbox can be escaped. This vulnerability=
is fixed in 0.8.29.</td>
<td>2026-02-06</td>
<td>10</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25587" target=3D= "_blank" rel=3D"noopener">CVE-2026-25587</a></td>

<a href=3D"https://github.com/nyariv/SandboxJS/security/advisories/GHSA-66h= 4-qj4x-38xp" target=3D"_blank" rel=3D"noopener">https://github.com/nyariv/S= andboxJS/security/advisories/GHSA-66h4-qj4x-38xp</a> <a href=3D"https://= github.com/nyariv/SandboxJS/commit/67cb186c41c78c51464f70405504e8ef0a6e43c3=
" target=3D"_blank" rel=3D"noopener">https://github.com/nyariv/SandboxJS/co= mmit/67cb186c41c78c51464f70405504e8ef0a6e43c3</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">microsoft--semantic-kernel</td>
<td>Semantic Kernel is an SDK used to build, orchestrate, and deploy AI age= nts and multi-agent systems. Prior to 1.70.0, an Arbitrary File Write vulne= rability has been identified in Microsoft's Semantic Kernel=E2=80=AF.NET SD=
K, specifically within the=E2=80=AFSessionsPythonPlugin. The problem has be=
en fixed in Microsoft.SemanticKernel.Core version 1.70.0. As a mitigation, = users can create a Function Invocation Filter which checks the arguments be= ing passed to any calls to DownloadFileAsync=E2=80=AF or UploadFileAsync an=
d ensures the provided localFilePath is allow listed.</td>
<td>2026-02-06</td>
<td>10</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25592" target=3D= "_blank" rel=3D"noopener">CVE-2026-25592</a></td>

<a href=3D"https://github.com/microsoft/semantic-kernel/security/advisories= /GHSA-2ww3-72rp-wpp4" target=3D"_blank" rel=3D"noopener">https://github.com= /microsoft/semantic-kernel/security/advisories/GHSA-2ww3-72rp-wpp4</a> <=
a href=3D"https://github.com/microsoft/semantic-kernel/pull/13478/changes#d= iff-88d3cacba2bfa84eef8f2aa171b34f9940338cbb784a3ffc49f5fe3af1b8943d" targe= t=3D"_blank" rel=3D"noopener">https://github.com/microsoft/semantic-kernel/= pull/13478/changes#diff-88d3cacba2bfa84eef8f2aa171b34f9940338cbb784a3ffc49f= 5fe3af1b8943d</a> <a href=3D"https://github.com/microsoft/semantic-kerne= l/blob/main/dotnet/samples/Demos/CodeInterpreterPlugin/Program.cs#L61-L64" = target=3D"_blank" rel=3D"noopener">https://github.com/microsoft/semantic-ke= rnel/blob/main/dotnet/samples/Demos/CodeInterpreterPlugin/Program.cs#L61-L6= 4</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">WaterFutures--EPyT-Flow</td>
<td>EPyT-Flow is a Python package designed for the easy generation of hydra= ulic and water quality scenario data of water distribution networks. Prior =
to 0.16.1, EPyT-Flow's REST API parses attacker-controlled JSON request bod= ies using a custom deserializer (my_load_from_json) that supports a type fi= eld. When type is present, the deserializer dynamically imports an attacker= -specified module/class and instantiates it with attacker-supplied argument=
s. This allows invoking dangerous classes such as subprocess.Popen, which c=
an lead to OS command execution during JSON parsing. This also affects the = loading of JSON files. This vulnerability is fixed in 0.16.1.</td> <td>2026-02-06</td>
<td>10</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25632" target=3D= "_blank" rel=3D"noopener">CVE-2026-25632</a></td>

<a href=3D"https://github.com/WaterFutures/EPyT-Flow/security/advisories/GH= SA-74vm-8frp-7w68" target=3D"_blank" rel=3D"noopener">https://github.com/Wa= terFutures/EPyT-Flow/security/advisories/GHSA-74vm-8frp-7w68</a> <a href= =3D"https://github.com/WaterFutures/EPyT-Flow/commit/3fff9151494c7dbc720738= 30b734f0a7e550e385" target=3D"_blank" rel=3D"noopener">https://github.com/W= aterFutures/EPyT-Flow/commit/3fff9151494c7dbc72073830b734f0a7e550e385</a><b= r><a href=3D"https://github.com/WaterFutures/EPyT-Flow/releases/tag/v0.16.1=
" target=3D"_blank" rel=3D"noopener">https://github.com/WaterFutures/EPyT-F= low/releases/tag/v0.16.1</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">nyariv--SandboxJS</td>
<td>SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, there is=
a sandbox escape vulnerability due to a mismatch between the key on which = the validation is performed and the key used for accessing properties. Even=
though the key used in property accesses is annotated as string, this is n= ever enforced. So, attackers can pass malicious objects that coerce to diff= erent string values when used, e.g., one for the time the key is sanitized = using hasOwnProperty(key) and a different one for when the key is used for = the actual property access. This vulnerability is fixed in 0.8.29.</td> <td>2026-02-06</td>
<td>10</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25641" target=3D= "_blank" rel=3D"noopener">CVE-2026-25641</a></td>

<a href=3D"https://github.com/nyariv/SandboxJS/security/advisories/GHSA-7x3= h-rm86-3342" target=3D"_blank" rel=3D"noopener">https://github.com/nyariv/S= andboxJS/security/advisories/GHSA-7x3h-rm86-3342</a> <a href=3D"https://= github.com/nyariv/SandboxJS/commit/67cb186c41c78c51464f70405504e8ef0a6e43c3=
" target=3D"_blank" rel=3D"noopener">https://github.com/nyariv/SandboxJS/co= mmit/67cb186c41c78c51464f70405504e8ef0a6e43c3</a> <a href=3D"https://git= hub.com/nyariv/SandboxJS/blob/6103d7147c4666fe48cfda58a4d5f37005b43754/src/= executor.ts#L304-L304" target=3D"_blank" rel=3D"noopener">https://github.co= m/nyariv/SandboxJS/blob/6103d7147c4666fe48cfda58a4d5f37005b43754/src/execut= or.ts#L304-L304</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">StreamRipper--StreamRipper32</td> <td>StreamRipper32 version 2.6 contains a buffer overflow vulnerability in = the Station/Song Section that allows attackers to overwrite memory by manip= ulating the SongPattern input. Attackers can craft a malicious payload exce= eding 256 bytes to potentially execute arbitrary code and compromise the ap= plication.</td>
<td>2026-02-03</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37065" target=3D= "_blank" rel=3D"noopener">CVE-2020-37065</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48517" target=3D"_blank" rel= =3D"noopener">ExploitDB-48517</a> <a href=3D"http://streamripper.sourcef= orge.net/" target=3D"_blank" rel=3D"noopener">StreamRipper Vendor Homepage<= /a> <a href=3D"https://www.vulncheck.com/advisories/streamripper-buffer-= overflow" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: StreamRipp= er32 2.6 - Buffer Overflow</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">GoldWave--GoldWave</td>
<td>GoldWave 5.70 contains a buffer overflow vulnerability that allows atta= ckers to execute arbitrary code by crafting malicious input in the File Ope=
n URL dialog. Attackers can generate a specially crafted text file with Uni= code-encoded shellcode to trigger a stack-based overflow and execute comman=
ds when the file is opened.</td>
<td>2026-02-03</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37066" target=3D= "_blank" rel=3D"noopener">CVE-2020-37066</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48510" target=3D"_blank" rel= =3D"noopener">ExploitDB-48510</a> <a href=3D"https://www.goldwave.com/" = target=3D"_blank" rel=3D"noopener">Official Vendor Homepage</a> <a href= =3D"https://www.vulncheck.com/advisories/goldwave-buffer-overflow-seh-unico= de" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: GoldWave 5.70 = =E2=80=93 Buffer Overflow (SEH Unicode)</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Utillyty--Filetto</td>
<td>Filetto 1.0 FTP server contains a denial of service vulnerability in th=
e FEAT command processing that allows attackers to crash the service. Attac= kers can send an oversized FEAT command with 11,008 bytes of repeated chara= cters to trigger a buffer overflow and terminate the FTP service.</td> <td>2026-02-03</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37067" target=3D= "_blank" rel=3D"noopener">CVE-2020-37067</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48503" target=3D"_blank" rel= =3D"noopener">ExploitDB-48503</a> <a href=3D"http://www.utillyty.eu" tar= get=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a href=3D"https://s= ourceforge.net/projects/filetto" target=3D"_blank" rel=3D"noopener">Softwar=
e Project Repository</a> <a href=3D"https://www.vulncheck.com/advisories= /filetto-feat-denial-of-service" target=3D"_blank" rel=3D"noopener">VulnChe=
ck Advisory: Filetto 1.0 - 'FEAT' Denial of Service</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Konica Minolta--FTP Utility</td>
<td>Konica Minolta FTP Utility 1.0 contains a buffer overflow vulnerability=
in the LIST command that allows attackers to overwrite system registers. A= ttackers can send an oversized buffer of 1500 'A' characters to crash the F=
TP server and potentially execute unauthorized code.</td>
<td>2026-02-03</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37068" target=3D= "_blank" rel=3D"noopener">CVE-2020-37068</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48501" target=3D"_blank" rel= =3D"noopener">ExploitDB-48501</a> <a href=3D"https://konica-minolta-ftp-= utility.software.informer.com/download/" target=3D"_blank" rel=3D"noopener"= >Konica Minolta FTP Utility Download Page</a> <a href=3D"https://www.kon= icaminolta.us/" target=3D"_blank" rel=3D"noopener">Konica Minolta Vendor Ho= mepage</a> <a href=3D"https://www.vulncheck.com/advisories/konica-minolt= a-ftp-utility-list-denial-of-service" target=3D"_blank" rel=3D"noopener">Vu= lnCheck Advisory: Konica Minolta FTP Utility 1.0 - 'LIST' Denial of Service= </a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Konica Minolta--FTP Utility</td>
<td>Konica Minolta FTP Utility 1.0 contains a buffer overflow vulnerability=
in the NLST command that allows attackers to overwrite system registers. A= ttackers can send an oversized buffer of 1500 'A' characters to crash the F=
TP server and potentially execute unauthorized code.</td>
<td>2026-02-03</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37069" target=3D= "_blank" rel=3D"noopener">CVE-2020-37069</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48502" target=3D"_blank" rel= =3D"noopener">ExploitDB-48502</a> <a href=3D"https://konica-minolta-ftp-= utility.software.informer.com/download/" target=3D"_blank" rel=3D"noopener"= >Konica Minolta FTP Utility Download Page</a> <a href=3D"https://www.kon= icaminolta.us/" target=3D"_blank" rel=3D"noopener">Konica Minolta Vendor Ho= mepage</a> <a href=3D"https://www.vulncheck.com/advisories/konica-minolt= a-ftp-utility-nlst-denial-of-service" target=3D"_blank" rel=3D"noopener">Vu= lnCheck Advisory: Konica Minolta FTP Utility 1.0 - 'NLST' Denial of Service= </a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">CloudMe--CloudMe</td>
<td>CloudMe 1.11.2 contains a buffer overflow vulnerability that allows rem= ote attackers to execute arbitrary code through crafted network packets. At= tackers can exploit the vulnerability by sending a specially crafted payloa=
d to the CloudMe service running on port 8888, enabling remote code executi= on.</td>
<td>2026-02-03</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37070" target=3D= "_blank" rel=3D"noopener">CVE-2020-37070</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48499" target=3D"_blank" rel= =3D"noopener">ExploitDB-48499</a> <a href=3D"https://www.cloudme.com/en"=
target=3D"_blank" rel=3D"noopener">CloudMe Official Homepage</a> <a hre= f=3D"https://www.vulncheck.com/advisories/cloudme-buffer-overflow-sehdepasl=
r" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: CloudMe 1.11.2 - = Buffer Overflow (SEH,DEP,ASLR)</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">CraftCMS--CraftCMS</td>
<td>CraftCMS 3 vCard Plugin 1.0.0 contains a deserialization vulnerability = that allows unauthenticated attackers to execute arbitrary PHP code through=
a crafted payload. Attackers can generate a malicious serialized payload t= hat triggers remote code execution by exploiting the plugin's vCard downloa=
d functionality with a specially crafted request.</td>
<td>2026-02-03</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37071" target=3D= "_blank" rel=3D"noopener">CVE-2020-37071</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48492" target=3D"_blank" rel= =3D"noopener">ExploitDB-48492</a> <a href=3D"https://craftcms.com/" targ= et=3D"_blank" rel=3D"noopener">Official CraftCMS Vendor Homepage</a> <a = href=3D"https://plugins.craftcms.com/vcard" target=3D"_blank" rel=3D"noopen= er">CraftCMS vCard Plugin Page</a> <a href=3D"https://gitlab.com/wguest/= craftcms-vcard-exploit" target=3D"_blank" rel=3D"noopener">Researcher Explo=
it Disclosure</a> <a href=3D"https://www.vulncheck.com/advisories/craftc= ms-vcard-plugin-remote-code-execution" target=3D"_blank" rel=3D"noopener">V= ulnCheck Advisory: CraftCMS 3 vCard Plugin 1.0.0 - Remote Code Execution</a= > =C2=A0</td>
</tr>

<td class=3D"vendor-product">LizardSystems--Remote Desktop Audit</td> <td>Remote Desktop Audit 2.3.0.157 contains a buffer overflow vulnerability=
that allows attackers to execute arbitrary code during the Add Computers W= izard file import process. Attackers can craft a malicious payload file to = trigger a structured exception handler (SEH) bypass and execute shellcode w= hen importing computer lists.</td>
<td>2026-02-03</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37074" target=3D= "_blank" rel=3D"noopener">CVE-2020-37074</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48465" target=3D"_blank" rel= =3D"noopener">ExploitDB-48465</a> <a href=3D"https://lizardsystems.com/r= emote-desktop-audit/" target=3D"_blank" rel=3D"noopener">Remote Desktop Aud=
it Product Webpage</a> <a href=3D"https://www.vulncheck.com/advisories/r= emote-desktop-audit-buffer-overflow-seh" target=3D"_blank" rel=3D"noopener"= >VulnCheck Advisory: Remote Desktop Audit 2.3.0.157 - Buffer Overflow (SEH)= </a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">LizardSystems--LanSend</td>
<td>LanSend 3.2 contains a buffer overflow vulnerability in the Add Compute=
rs Wizard file import functionality that allows remote attackers to execute=
arbitrary code. Attackers can craft a malicious payload file to trigger a = structured exception handler (SEH) overwrite and execute shellcode when imp= orting computers from a file.</td>
<td>2026-02-03</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37075" target=3D= "_blank" rel=3D"noopener">CVE-2020-37075</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48461" target=3D"_blank" rel= =3D"noopener">ExploitDB-48461</a> <a href=3D"https://lizardsystems.com/l= ansend/" target=3D"_blank" rel=3D"noopener">LanSend Product Webpage</a> =
<a href=3D"https://www.vulncheck.com/advisories/lansend-buffer-overflow-seh=
" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: LanSend 3.2 - Buff=
er Overflow (SEH)</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">luiswang--webTareas</td>
<td>webTareas 2.0.p8 contains a file deletion vulnerability in the print_la= yout.php administration component that allows authenticated attackers to de= lete arbitrary files. Attackers can exploit the vulnerability by manipulati=
ng the 'atttmp1' parameter to specify and delete files on the server throug=
h an unauthenticated file deletion mechanism.</td>
<td>2026-02-03</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37080" target=3D= "_blank" rel=3D"noopener">CVE-2020-37080</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48430" target=3D"_blank" rel= =3D"noopener">ExploitDB-48430</a> <a href=3D"https://sourceforge.net/pro= jects/webtareas/" target=3D"_blank" rel=3D"noopener">webTareas Project Home= page</a> <a href=3D"https://www.vulncheck.com/advisories/webtareas-p-arb= itrary-file-deletion" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory=
: webTareas 2.0.p8 - Arbitrary File Deletion</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Weberp--webERP</td>
<td>webERP 4.15.1 contains an unauthenticated file access vulnerability tha=
t allows remote attackers to download database backup files without authent= ication. Attackers can directly access generated backup files in the compan= ies/weberp/ directory by requesting the Backup_[timestamp].sql.gz file.</td=

<td>2026-02-03</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37082" target=3D= "_blank" rel=3D"noopener">CVE-2020-37082</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48420" target=3D"_blank" rel= =3D"noopener">ExploitDB-48420</a> <a href=3D"http://www.weberp.org" targ= et=3D"_blank" rel=3D"noopener">Official webERP Vendor Homepage</a> <a hr= ef=3D"https://sourceforge.net/projects/web-erp/" target=3D"_blank" rel=3D"n= oopener">webERP SourceForge Project Page</a> <a href=3D"https://www.vuln= check.com/advisories/weberp-unauthenticated-backup-file-access" target=3D"_= blank" rel=3D"noopener">VulnCheck Advisory: webERP 4.15.1 - Unauthenticated=
Backup File Access</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Arox--School ERP Pro</td>
<td>School ERP Pro 1.0 contains a file upload vulnerability that allows stu= dents to upload arbitrary PHP files to the messaging system. Attackers can = upload malicious PHP scripts through the message attachment feature, enabli=
ng remote code execution on the server.</td>
<td>2026-02-03</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37090" target=3D= "_blank" rel=3D"noopener">CVE-2020-37090</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48392" target=3D"_blank" rel= =3D"noopener">ExploitDB-48392</a> <a href=3D"https://web.archive.org/web= /20200129123503/http://arox.in/" target=3D"_blank" rel=3D"noopener">Archive=
d Vendor Homepage</a> <a href=3D"https://web.archive.org/web/20190612111= 732/https://sourceforge.net/projects/school-erp-ultimate/" target=3D"_blank=
" rel=3D"noopener">Archived SourceForge Product Page</a> <a href=3D"http= s://www.vulncheck.com/advisories/school-erp-pro-remote-code-execution" targ= et=3D"_blank" rel=3D"noopener">VulnCheck Advisory: School ERP Pro 1.0 - Rem= ote Code Execution</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">EspoCRM--EspoCRM</td>
<td>EspoCRM 5.8.5 contains an authentication vulnerability that allows atta= ckers to access other user accounts by manipulating authorization headers. = Attackers can decode and modify Basic Authorization and Espo-Authorization = tokens to gain unauthorized access to administrative user information and p= rivileges.</td>
<td>2026-02-03</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37094" target=3D= "_blank" rel=3D"noopener">CVE-2020-37094</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48376" target=3D"_blank" rel= =3D"noopener">ExploitDB-48376</a> <a href=3D"https://www.espocrm.com" ta= rget=3D"_blank" rel=3D"noopener">EspoCRM Official Vendor Homepage</a> <a=
href=3D"https://www.vulncheck.com/advisories/espocrm-privilege-escalation"=
target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: EspoCRM 5.8.5 - Pri= vilege Escalation</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Cyberoam--Cyberoam Authentication Client</td> <td>Cyberoam Authentication Client 2.1.2.7 contains a buffer overflow vulne= rability that allows remote attackers to execute arbitrary code by overwrit= ing Structured Exception Handler (SEH) memory. Attackers can craft a malici= ous input in the 'Cyberoam Server Address' field to trigger a bind TCP shel=
l on port 1337 with system-level access.</td>
<td>2026-02-06</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37095" target=3D= "_blank" rel=3D"noopener">CVE-2020-37095</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48148" target=3D"_blank" rel= =3D"noopener">ExploitDB-48148</a> <a href=3D"https://cyberoam-general-au= thentication-client.software.informer.com/2.1/" target=3D"_blank" rel=3D"no= opener">Archived Cyberoam Authentication Client Software</a> <a href=3D"= https://www.vulncheck.com/advisories/cyberoam-authentication-client-buffer-= overflow-seh" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Cybero=
am Authentication Client 2.1.2.7 - Buffer Overflow (SEH)</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Nsasoft--Nsauditor</td>
<td>Nsauditor 3.0.28 and 3.2.1.0 contains a buffer overflow vulnerability i=
n the DNS Lookup tool that allows attackers to execute arbitrary code by ov= erwriting memory. Attackers can craft a malicious DNS query payload to trig= ger a three-byte overwrite, bypass ASLR, and execute shellcode through a ca= refully constructed exploit.</td>
<td>2026-02-05</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37119" target=3D= "_blank" rel=3D"noopener">CVE-2020-37119</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48350" target=3D"_blank" rel= =3D"noopener">ExploitDB-48350</a> <a href=3D"https://www.nsauditor.com/"=
target=3D"_blank" rel=3D"noopener">Nsauditor Homepage</a> <a href=3D"ht= tps://www.vulncheck.com/advisories/nsauditor-buffer-overflow-sehaslr-bypass= -bytes-overwrite" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Ns= auditor 3.2.1.0 - Buffer Overflow (SEH+ASLR bypass (3 bytes overwrite))</a>= =C2=A0</td>
</tr>

<td class=3D"vendor-product">Rubo Medical Imaging--Rubo DICOM Viewer</td> <td>Rubo DICOM Viewer 2.0 contains a buffer overflow vulnerability in the D= ICOM server name input field that allows attackers to overwrite Structured = Exception Handler (SEH). Attackers can craft a malicious text file with car= efully constructed payload to execute arbitrary code by overwriting SEH and=
triggering remote code execution.</td>
<td>2026-02-05</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37120" target=3D= "_blank" rel=3D"noopener">CVE-2020-37120</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48351" target=3D"_blank" rel= =3D"noopener">ExploitDB-48351</a> <a href=3D"https://web.archive.org/web= /20200109194722/http://www.rubomedical.com/dicom_viewer.html" target=3D"_bl= ank" rel=3D"noopener">Archived Rubo DICOM Viewer Product Page</a> <a hre= f=3D"https://www.vulncheck.com/advisories/rubo-dicom-viewer-buffer-overflow= -seh" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Rubo DICOM Vie= wer 2.0 - Buffer Overflow (SEH)</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">wcchandler--Pinger</td>
<td>Pinger 1.0 contains a remote code execution vulnerability that allows a= ttackers to inject shell commands through the ping and socket parameters. A= ttackers can exploit the unsanitized input in ping.php to write arbitrary P=
HP files and execute system commands by appending shell metacharacters.</td=

<td>2026-02-05</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37123" target=3D= "_blank" rel=3D"noopener">CVE-2020-37123</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48323" target=3D"_blank" rel= =3D"noopener">ExploitDB-48323</a> <a href=3D"https://github.com/wcchandl= er/pinger" target=3D"_blank" rel=3D"noopener">Pinger GitHub Repository</a><= br><a href=3D"https://www.vulncheck.com/advisories/pinger-remote-code-execu= tion" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Pinger 1.0 - R= emote Code Execution</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">4Mhz--B64dec</td>
<td>B64dec 1.1.2 contains a buffer overflow vulnerability that allows attac= kers to execute arbitrary code by overwriting Structured Exception Handler = (SEH) with crafted input. Attackers can leverage an egg hunter technique an=
d carefully constructed payload to inject and execute malicious code during=
base64 decoding process.</td>
<td>2026-02-05</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37124" target=3D= "_blank" rel=3D"noopener">CVE-2020-37124</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48317" target=3D"_blank" rel= =3D"noopener">ExploitDB-48317</a> <a href=3D"http://4mhz.de/b64dec.html"=
target=3D"_blank" rel=3D"noopener">Product Webpage</a> <a href=3D"https= ://www.vulncheck.com/advisories/bdec-buffer-overflow-seh-overflow-egg-hunte=
r" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: B64dec 1.1.2 - Bu= ffer Overflow (SEH Overflow + Egg Hunter)</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">EDIMAX Technology--EW-7438RPn Mini</td>
<td>Edimax EW-7438RPn-v3 Mini 1.27 contains a remote code execution vulnera= bility that allows unauthenticated attackers to execute arbitrary commands = through the /goform/mp endpoint. Attackers can exploit the vulnerability by=
sending crafted POST requests with command injection payloads to download = and execute malicious scripts on the device.</td>
<td>2026-02-05</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37125" target=3D= "_blank" rel=3D"noopener">CVE-2020-37125</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48318" target=3D"_blank" rel= =3D"noopener">ExploitDB-48318</a> <a href=3D"https://www.edimax.com/edim= ax/merchandise/merchandise_detail/data/edimax/global/wi-fi_range_extenders_= n300/ew-7438rpn_mini/" target=3D"_blank" rel=3D"noopener">Edimax EW-7438RPn=
Mini Product Page</a> <a href=3D"https://www.vulncheck.com/advisories/e= dimax-technology-ew-rpn-mini-remote-code-execution" target=3D"_blank" rel= =3D"noopener">VulnCheck Advisory: Edimax Technology EW-7438RPn-v3 Mini 1.27=
- Remote Code Execution</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Drive Software Company--Free Desktop Clock</td=

<td>Free Desktop Clock 3.0 contains a stack overflow vulnerability in the T= ime Zones display name input that allows attackers to overwrite Structured = Exception Handler (SEH) registers. Attackers can exploit the vulnerability =
by crafting a malicious Unicode input that triggers an access violation and=
potentially execute arbitrary code.</td>
<td>2026-02-05</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37126" target=3D= "_blank" rel=3D"noopener">CVE-2020-37126</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48314" target=3D"_blank" rel= =3D"noopener">ExploitDB-48314</a> <a href=3D"http://www.drive-software.c= om" target=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a href=3D"ht= tps://www.vulncheck.com/advisories/free-desktop-clock-x-venetian-blinds-zip= per-unicode-stack-overflow-seh" target=3D"_blank" rel=3D"noopener">VulnChec=
k Advisory: Free Desktop Clock x86 Venetian Blinds Zipper 3.0 - Unicode Sta=
ck Overflow (SEH)</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Microvirt--Memu Play</td>
<td>Memu Play 7.1.3 contains an insecure folder permissions vulnerability t= hat allows low-privileged users to modify the MemuService.exe executable. A= ttackers can replace the service executable with a malicious file during sy= stem restart to gain SYSTEM-level privileges by exploiting unrestricted fil=
e modification permissions.</td>
<td>2026-02-05</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37129" target=3D= "_blank" rel=3D"noopener">CVE-2020-37129</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48283" target=3D"_blank" rel= =3D"noopener">ExploitDB-48283</a> <a href=3D"https://www.memuplay.com/" = target=3D"_blank" rel=3D"noopener">Memu Play Official Homepage</a> <a hr= ef=3D"https://www.vulncheck.com/advisories/memu-play-insecure-folder-permis= sions" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Memu Play 7.1=
.3 - Insecure Folder Permissions</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">10-Strike Software--Network Inventory Explorer= </td>
<td>10-Strike Network Inventory Explorer 9.03 contains a buffer overflow vu= lnerability in the file import functionality that allows remote attackers t=
o execute arbitrary code. Attackers can craft a malicious text file with ca= refully constructed payload to trigger a stack-based buffer overflow and by= pass data execution prevention through a ROP chain.</td>
<td>2026-02-05</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37138" target=3D= "_blank" rel=3D"noopener">CVE-2020-37138</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48264" target=3D"_blank" rel= =3D"noopener">ExploitDB-48264</a> <a href=3D"https://www.10-strike.com" = target=3D"_blank" rel=3D"noopener">10-Strike Software Homepage</a> <a hr= ef=3D"https://www.10-strike.com/networkinventoryexplorer/" target=3D"_blank=
" rel=3D"noopener">10-Strike Network Inventory Explorer Product Page</a><br= ><a href=3D"https://www.vulncheck.com/advisories/strike-network-inventory-e= xplorer-read-from-file-buffer-overflow-sehrop" target=3D"_blank" rel=3D"noo= pener">VulnCheck Advisory: 10-Strike Network Inventory Explorer 9.03 - 'Rea=
d from File' Buffer Overflow (SEH)(ROP)</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Parallaxis--Cuckoo Clock</td>
<td>Parallaxis Cuckoo Clock 5.0 contains a buffer overflow vulnerability th=
at allows attackers to execute arbitrary code by overwriting memory registe=
rs in the alarm scheduling feature. Attackers can craft a malicious payload=
exceeding 260 bytes to overwrite EIP and EBP, enabling shellcode execution=
with potential remote code execution.</td>
<td>2026-02-06</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37159" target=3D= "_blank" rel=3D"noopener">CVE-2020-37159</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48087" target=3D"_blank" rel= =3D"noopener">ExploitDB-48087</a> <a href=3D"https://en.softonic.com/aut= hor/pxcompany" target=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a=
href=3D"https://www.vulncheck.com/advisories/cuckoo-clock-buffer-overflow"=
target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Cuckoo Clock 5.0 - = Buffer Overflow</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Wedding Slideshow Studio--Wedding Slideshow St= udio</td>
<td>Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability = that allows attackers to execute arbitrary code by overwriting the registra= tion name field with malicious payload. Attackers can craft a specially des= igned payload to trigger remote code execution, demonstrating the ability t=
o run system commands like launching the calculator.</td>
<td>2026-02-06</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37161" target=3D= "_blank" rel=3D"noopener">CVE-2020-37161</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48050" target=3D"_blank" rel= =3D"noopener">ExploitDB-48050</a> <a href=3D"http://www.wedding-slidesho= w-studio.com/" target=3D"_blank" rel=3D"noopener">Wedding Slideshow Studio = Official Homepage</a> <a href=3D"https://www.vulncheck.com/advisories/we= dding-slideshow-studio-name-buffer-overflow" target=3D"_blank" rel=3D"noope= ner">VulnCheck Advisory: Wedding Slideshow Studio 1.36 - 'Name' Buffer Over= flow</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Wedding Slideshow Studio--Wedding Slideshow St= udio</td>
<td>Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability =
in the registration key input that allows attackers to execute arbitrary co=
de by overwriting memory. Attackers can craft a malicious payload of 1608 b= ytes to trigger a stack-based buffer overflow and execute commands through = the registration key field.</td>
<td>2026-02-06</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37162" target=3D= "_blank" rel=3D"noopener">CVE-2020-37162</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48028" target=3D"_blank" rel= =3D"noopener">ExploitDB-48028</a> <a href=3D"https://web.archive.org/web= /20200126071857/http://www.wedding-slideshow-studio.com/" target=3D"_blank"=
rel=3D"noopener">Archived Wedding Slideshow Studio Webpage</a> <a href= =3D"https://www.vulncheck.com/advisories/wedding-slideshow-studio-key-buffe= r-overflow" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Wedding = Slideshow Studio 1.36 - 'Key' Buffer Overflow</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Innomic--VibroLine VLX1 HD 5.0</td>
<td>An unauthenticated remote attacker can gain full access on the affected=
devices as they are shipped without a password by default and setting one =
is not enforced.</td>
<td>2026-02-02</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2022-50981" target=3D= "_blank" rel=3D"noopener">CVE-2022-50981</a></td>

<a href=3D"https://www.innomic.com/.well-known/csaf/white/2026/ids-2026-000= 1.html" target=3D"_blank" rel=3D"noopener">https://www.innomic.com/.well-kn= own/csaf/white/2026/ids-2026-0001.html</a> <a href=3D"https://www.innomi= c.com/.well-known/csaf/white/2026/ids-2026-0001.json" target=3D"_blank" rel= =3D"noopener">https://www.innomic.com/.well-known/csaf/white/2026/ids-2026-= 0001.json</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">IBM--Common Cryptographic Architecture</td> <td>IBM Common Cryptographic Architecture (CCA)=C2=A07.5.52 and=C2=A08.4.82=
could allow an unauthenticated user to execute arbitrary commands with ele= vated privileges on the system.</td>
<td>2026-02-04</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-13375" target=3D= "_blank" rel=3D"noopener">CVE-2025-13375</a></td>

<a href=3D"https://www.ibm.com/support/pages/node/7259625" target=3D"_blank=
" rel=3D"noopener">https://www.ibm.com/support/pages/node/7259625</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">jayarsiech--JAY Login & Register</td>
<td>The JAY Login & Register plugin for WordPress is vulnerable to Priv= ilege Escalation in all versions up to, and including, 2.6.03. This is due =
to the plugin allowing a user to update arbitrary user meta through the 'ja= y_login_register_ajax_create_final_user' function. This makes it possible f=
or unauthenticated attackers to elevate their privileges to that of an admi= nistrator.</td>
<td>2026-02-08</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15027" target=3D= "_blank" rel=3D"noopener">CVE-2025-15027</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/b08198= a6-10e8-44ca-a1c5-8d987d85c469?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/b08198a6-10e= 8-44ca-a1c5-8d987d85c469?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/jay-login-register/tags/2.5.01/includes/jay-login-r= egister-ajax-handler.php#L788" target=3D"_blank" rel=3D"noopener">https://p= lugins.trac.wordpress.org/browser/jay-login-register/tags/2.5.01/includes/j= ay-login-register-ajax-handler.php#L788</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Emit Informatics and Communication Technologie=
s Industry and Trade Ltd. Co.--DIGITA Efficiency Management System</td> <td>Improper Neutralization of Special Elements used in an SQL Command ('SQ=
L Injection') vulnerability in Emit Informatics and Communication Technolog= ies Industry and Trade Ltd. Co. DIGITA Efficiency Management System allows = SQL Injection. This issue affects DIGITA Efficiency Management System: thro= ugh 03022026.=C2=A0 NOTE: The vendor was contacted early about this disclos= ure but did not respond in any way.</td>
<td>2026-02-03</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-5319" target=3D"= _blank" rel=3D"noopener">CVE-2025-5319</a></td>

<a href=3D"https://www.usom.gov.tr/bildirim/tr-26-0016" target=3D"_blank" r= el=3D"noopener">https://www.usom.gov.tr/bildirim/tr-26-0016</a> =C2=A0</=

</tr>

<td class=3D"vendor-product">Martcode Software Inc.--Delta Course Automatio= n</td>
<td>Improper Neutralization of Special Elements used in an SQL Command ('SQ=
L Injection') vulnerability in Martcode Software Inc. Delta Course Automati=
on allows SQL Injection. This issue affects Delta Course Automation: throug=
h 04022026. NOTE: The vendor was contacted early about this disclosure but = did not respond in any way.</td>
<td>2026-02-04</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-5329" target=3D"= _blank" rel=3D"noopener">CVE-2025-5329</a></td>

<a href=3D"https://www.usom.gov.tr/bildirim/tr-26-0018" target=3D"_blank" r= el=3D"noopener">https://www.usom.gov.tr/bildirim/tr-26-0018</a> =C2=A0</=

</tr>

<td class=3D"vendor-product">Unstructured-IO--unstructured</td>
<td>The unstructured library provides open-source components for ingesting = and pre-processing images and text documents, such as PDFs, HTML, Word docs=
, and many more. Prior to version 0.18.18, a path traversal vulnerability i=
n the partition_msg function allows an attacker to write or overwrite arbit= rary files on the filesystem when processing malicious MSG files with attac= hments. This issue has been patched in version 0.18.18.</td> <td>2026-02-04</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-64712" target=3D= "_blank" rel=3D"noopener">CVE-2025-64712</a></td>

<a href=3D"https://github.com/Unstructured-IO/unstructured/security/advisor= ies/GHSA-gm8q-m8mv-jj5m" target=3D"_blank" rel=3D"noopener">https://github.= com/Unstructured-IO/unstructured/security/advisories/GHSA-gm8q-m8mv-jj5m</a= > <a href=3D"https://github.com/Unstructured-IO/unstructured/commit/b01d= 35b2373fd087d2e15162b9c021663c97155d" target=3D"_blank" rel=3D"noopener">ht= tps://github.com/Unstructured-IO/unstructured/commit/b01d35b2373fd087d2e151= 62b9c021663c97155d</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">wildfirechat--im-server</td>
<td>Wildfire IM is an instant messaging and real-time audio/video solution.=
Prior to 1.4.3, a critical vulnerability exists in the im-server component=
related to the file upload functionality found in com.xiaoleilu.loServer.a= ction.UploadFileAction. The application exposes an endpoint (/fs) that hand= les multipart file uploads but fails to properly sanitize the filename prov= ided by the user. Specifically, the writeFileUploadData method directly con= catenates the configured storage directory with the filename extracted from=
the upload request without stripping directory traversal sequences (e.g., = ../../). This vulnerability allows an attacker to write arbitrary files to = any location on the server's filesystem where the application process has w= rite permissions. By uploading malicious files (such as scripts, executable=
s, or overwriting configuration files like authorized_keys or cron jobs), a=
n attacker can achieve Remote Code Execution (RCE) and completely compromis=
e the server. This vulnerability is fixed in 1.4.3.</td>
<td>2026-02-02</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-66480" target=3D= "_blank" rel=3D"noopener">CVE-2025-66480</a></td>

<a href=3D"https://github.com/wildfirechat/im-server/security/advisories/GH= SA-74hq-jhx2-fq6c" target=3D"_blank" rel=3D"noopener">https://github.com/wi= ldfirechat/im-server/security/advisories/GHSA-74hq-jhx2-fq6c</a> <a href= =3D"https://github.com/wildfirechat/im-server/commit/2f9c4e028c01c64913cab3= 2e7248bcca183a5230" target=3D"_blank" rel=3D"noopener">https://github.com/w= ildfirechat/im-server/commit/2f9c4e028c01c64913cab32e7248bcca183a5230</a><b= r><a href=3D"https://github.com/wildfirechat/im-server/releases/tag/1.4.3" = target=3D"_blank" rel=3D"noopener">https://github.com/wildfirechat/im-serve= r/releases/tag/1.4.3</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">revmakx--WP Duplicate WordPress Migration Plug= in</td>
<td>The WP Duplicate plugin for WordPress is vulnerable to Missing Authoriz= ation leading to Arbitrary File Upload in all versions up to and including = 1.1.8. This is due to a missing capability check on the `process_add_site()=
` AJAX action combined with path traversal in the file upload functionality=
. This makes it possible for authenticated (subscriber-level) attackers to = set the internal `prod_key_random_id` option, which can then be used by an = unauthenticated attacker to bypass authentication checks and write arbitrar=
y files to the server via the `handle_upload_single_big_file()` function, u= ltimately leading to remote code execution.</td>
<td>2026-02-06</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1499" target=3D"= _blank" rel=3D"noopener">CVE-2026-1499</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/11bb71= 90-023b-45e1-99a5-7313c489ef45?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/11bb7190-023= b-45e1-99a5-7313c489ef45?source=3Dcve</a> <a href=3D"https://cwe.mitre.o= rg/data/definitions/862.html" target=3D"_blank" rel=3D"noopener">https://cw= e.mitre.org/data/definitions/862.html</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/local-sync/trunk/admin/class-local-sync-admin.php#L= 422" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/= browser/local-sync/trunk/admin/class-local-sync-admin.php#L422</a> <a hr= ef=3D"https://plugins.trac.wordpress.org/browser/local-sync/tags/1.1.8/admi= n/class-local-sync-admin.php#L422" target=3D"_blank" rel=3D"noopener">https= ://plugins.trac.wordpress.org/browser/local-sync/tags/1.1.8/admin/class-loc= al-sync-admin.php#L422</a> <a href=3D"https://plugins.trac.wordpress.org= /browser/local-sync/trunk/includes/class-local-sync-handle-server-requests.= php#L389" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress= .org/browser/local-sync/trunk/includes/class-local-sync-handle-server-reque= sts.php#L389</a> <a href=3D"https://plugins.trac.wordpress.org/browser/l= ocal-sync/tags/1.1.8/includes/class-local-sync-handle-server-requests.php#L= 389" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/= browser/local-sync/tags/1.1.8/includes/class-local-sync-handle-server-reque= sts.php#L389</a> <a href=3D"https://plugins.trac.wordpress.org/browser/l= ocal-sync/trunk/admin/class-local-sync-files-op.php#L843" target=3D"_blank"=
rel=3D"noopener">https://plugins.trac.wordpress.org/browser/local-sync/tru= nk/admin/class-local-sync-files-op.php#L843</a> <a href=3D"https://plugi= ns.trac.wordpress.org/browser/local-sync/tags/1.1.8/admin/class-local-sync-= files-op.php#L843" target=3D"_blank" rel=3D"noopener">https://plugins.trac.= wordpress.org/browser/local-sync/tags/1.1.8/admin/class-local-sync-files-op= .php#L843</a> <a href=3D"https://plugins.trac.wordpress.org/changeset?sf= p_email=3D&sfph_mail=3D&reponame=3D&new=3D3452904%40local-sync&old=3D340031= 7%40local-sync&sfp_email=3D&sfph_mail=3D" target=3D"_blank" rel=3D"noopener= ">https://plugins.trac.wordpress.org/changeset?sfp_email=3D&sfph_mail=3D&re= poname=3D&new=3D3452904%40local-sync&old=3D3400317%40local-sync&sfp_email= =3D&sfph_mail</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Rapid7--Vulnerability Management</td>
<td>Rapid7 InsightVM versions before=C2=A08.34.0 contain a signature verifi= cation issue on the=C2=A0Assertion Consumer Service (ACS) cloud endpoint th=
at could allow an attacker to gain unauthorized access to InsightVM account=
s setup via "Security Console" installations, resulting in full account tak= eover. The issue occurs due to the application processing these unsigned as= sertions and issuing session cookies that granted access to the targeted us=
er accounts. This has been fixed in version 8.34.0 of InsightVM.</td> <td>2026-02-03</td>
<td>9.6</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1568" target=3D"= _blank" rel=3D"noopener">CVE-2026-1568</a></td>

<a href=3D"https://docs.rapid7.com/insight/command-platform-release-notes/"=
target=3D"_blank" rel=3D"noopener">https://docs.rapid7.com/insight/command= -platform-release-notes/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">RISS SRL--MOMA Seismic Station</td>
<td>MOMA Seismic Station Version v2.4.2520 and prior exposes its web manage= ment interface without requiring authentication, which could allow an unaut= henticated attacker to modify configuration settings, acquire device data o=
r remotely reset the device.</td>
<td>2026-02-03</td>
<td>9.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1632" target=3D"= _blank" rel=3D"noopener">CVE-2026-1632</a></td>

<a href=3D"https://www.cisa.gov/news-events/ics-advisories/icsa-26-034-03" = target=3D"_blank" rel=3D"noopener">https://www.cisa.gov/news-events/ics-adv= isories/icsa-26-034-03</a> <a href=3D"https://github.com/cisagov/CSAF/bl= ob/develop/csaf_files/OT/white/2026/icsa-26-034-03.json" target=3D"_blank" = rel=3D"noopener">https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT= /white/2026/icsa-26-034-03.json</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Red Hat--Red Hat Enterprise Linux 10</td>
<td>A flaw was found in Keylime. The Keylime registrar, since version 7.12.=
0, does not enforce client-side Transport Layer Security (TLS) authenticati= on. This authentication bypass vulnerability allows unauthenticated clients=
with network access to perform administrative operations, including listin=
g agents, retrieving public Trusted Platform Module (TPM) data, and deletin=
g agents, by connecting without presenting a client certificate.</td> <td>2026-02-06</td>
<td>9.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1709" target=3D"= _blank" rel=3D"noopener">CVE-2026-1709</a></td>

<a href=3D"https://access.redhat.com/errata/RHSA-2026:2224" target=3D"_blan=
k" rel=3D"noopener">RHSA-2026:2224</a> <a href=3D"https://access.redhat.= com/errata/RHSA-2026:2225" target=3D"_blank" rel=3D"noopener">RHSA-2026:222= 5</a> <a href=3D"https://access.redhat.com/errata/RHSA-2026:2298" target= =3D"_blank" rel=3D"noopener">RHSA-2026:2298</a> <a href=3D"https://acces= s.redhat.com/security/cve/CVE-2026-1709" target=3D"_blank" rel=3D"noopener"= >https://access.redhat.com/security/cve/CVE-2026-1709</a> <a href=3D"htt= ps://bugzilla.redhat.com/show_bug.cgi?id=3D2435514" target=3D"_blank" rel= =3D"noopener">RHBZ#2435514</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">IP-COM--W30AP</td>
<td>A vulnerability was detected in IP-COM W30AP up to 1.0.0.11(1340). Affe= cted by this issue is the function R7WebsSecurityHandler of the file /gofor= m/wx3auth of the component POST Request Handler. The manipulation of the ar= gument data results in stack-based buffer overflow. The attack may be perfo= rmed from remote. The exploit is now public and may be used. The vendor was=
contacted early about this disclosure but did not respond in any way.</td> <td>2026-02-06</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2017" target=3D"= _blank" rel=3D"noopener">CVE-2026-2017</a></td>

<a href=3D"https://vuldb.com/?id.344599" target=3D"_blank" rel=3D"noopener"= >VDB-344599 | IP-COM W30AP POST Request wx3auth R7WebsSecurityHandler stack= -based overflow</a> <a href=3D"https://vuldb.com/?ctiid.344599" target= =3D"_blank" rel=3D"noopener">VDB-344599 | CTI Indicators (IOB, IOC, IOA)</a= > <a href=3D"https://vuldb.com/?submit.744062" target=3D"_blank" rel=3D"= noopener">Submit #744062 | IP-COM W30APv4.0 <=3D v1.0.0.11(1340) Stack-b= ased Buffer Overflow</a> <a href=3D"https://vuldb.com/?submit.744063" ta= rget=3D"_blank" rel=3D"noopener">Submit #744063 | IP-COM W30APv4.0 <=3D = v1.0.0.11(1340) Stack-based Buffer Overflow (Duplicate)</a> <a href=3D"h= ttps://gitee.com/GXB0_0/iot-vul/blob/master/IP-COM/W30AP/wx3auth-sprintf.md=
" target=3D"_blank" rel=3D"noopener">https://gitee.com/GXB0_0/iot-vul/blob/= master/IP-COM/W30AP/wx3auth-sprintf.md</a> <a href=3D"https://gitee.com/= GXB0_0/iot-vul/blob/master/IP-COM/W30AP/wx3auth-sprintf.md#poc" target=3D"_= blank" rel=3D"noopener">https://gitee.com/GXB0_0/iot-vul/blob/master/IP-COM= /W30AP/wx3auth-sprintf.md#poc</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Fortinet--FortiClientEMS</td>
<td>An improper neutralization of special elements used in an sql command (= 'sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow a=
n unauthenticated attacker to execute unauthorized code or commands via spe= cifically crafted HTTP requests.</td>
<td>2026-02-06</td>
<td>9.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-21643" target=3D= "_blank" rel=3D"noopener">CVE-2026-21643</a></td>

<a href=3D"https://fortiguard.fortinet.com/psirt/FG-IR-25-1142" target=3D"_= blank" rel=3D"noopener">https://fortiguard.fortinet.com/psirt/FG-IR-25-1142= </a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">vllm-project--vllm</td>
<td>vLLM is an inference and serving engine for large language models (LLMs=
). From 0.8.3 to before 0.14.1, when an invalid image is sent to vLLM's mul= timodal endpoint, PIL throws an error. vLLM returns this error to the clien=
t, leaking a heap address. With this leak, we reduce ASLR from 4 billion gu= esses to ~8 guesses. This vulnerability can be chained a heap overflow with=
JPEG2000 decoder in OpenCV/FFmpeg to achieve remote code execution. This v= ulnerability is fixed in 0.14.1.</td>
<td>2026-02-02</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-22778" target=3D= "_blank" rel=3D"noopener">CVE-2026-22778</a></td>

<a href=3D"https://github.com/vllm-project/vllm/security/advisories/GHSA-4r= 2x-xpjr-7cvv" target=3D"_blank" rel=3D"noopener">https://github.com/vllm-pr= oject/vllm/security/advisories/GHSA-4r2x-xpjr-7cvv</a> <a href=3D"https:= //github.com/vllm-project/vllm/pull/31987" target=3D"_blank" rel=3D"noopene= r">https://github.com/vllm-project/vllm/pull/31987</a> <a href=3D"https:= //github.com/vllm-project/vllm/pull/32319" target=3D"_blank" rel=3D"noopene= r">https://github.com/vllm-project/vllm/pull/32319</a> <a href=3D"https:= //github.com/vllm-project/vllm/releases/tag/v0.14.1" target=3D"_blank" rel= =3D"noopener">https://github.com/vllm-project/vllm/releases/tag/v0.14.1</a>= =C2=A0</td>
</tr>

<td class=3D"vendor-product">Microsoft--Azure Front Door</td>
<td>Azure Front Door Elevation of Privilege Vulnerability</td> <td>2026-02-05</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24300" target=3D= "_blank" rel=3D"noopener">CVE-2026-24300</a></td>

<a href=3D"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-2= 4300" target=3D"_blank" rel=3D"noopener">Azure Front Door Elevation of Priv= ilege Vulnerability</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">NixOS--nixpkgs</td>
<td>The NixOs Odoo package is an open source ERP and CRM system. From 21.11=
to before 25.11 and 26.05, every NixOS based Odoo setup publicly exposes t=
he database manager without any authentication. This allows unauthorized ac= tors to delete and download the entire database, including Odoos file store=
. Unauthorized access is evident from http requests. If kept, searching acc= ess logs and/or Odoos log for requests to /web/database can give indicators=
, if this has been actively exploited. The database manager is a featured i= ntended for development and not meant to be publicly reachable. On other se= tups, a master password acts as 2nd line of defence. However, due to the na= ture of NixOS, Odoo is not able to modify its own configuration file and th=
us unable to persist the auto-generated password. This also applies when ma= nually setting a master password in the web-UI. This means, the password is=
lost when restarting Odoo. When no password is set, the user is prompted t=
o set one directly via the database manager. This requires no authenticatio=
n or action by any authorized user or the system administrator. Thus, the d= atabase is effectively world readable by anyone able to reach Odoo. This vu= lnerability is fixed in 25.11 and 26.05.</td>
<td>2026-02-02</td>
<td>9.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25137" target=3D= "_blank" rel=3D"noopener">CVE-2026-25137</a></td>

<a href=3D"https://github.com/NixOS/nixpkgs/security/advisories/GHSA-cwmq-6= wv5-f3px" target=3D"_blank" rel=3D"noopener">https://github.com/NixOS/nixpk= gs/security/advisories/GHSA-cwmq-6wv5-f3px</a> <a href=3D"https://github= .com/NixOS/nixpkgs/pull/485310" target=3D"_blank" rel=3D"noopener">https://= github.com/NixOS/nixpkgs/pull/485310</a> <a href=3D"https://github.com/N= ixOS/nixpkgs/pull/485454" target=3D"_blank" rel=3D"noopener">https://github= .com/NixOS/nixpkgs/pull/485454</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">QwikDev--qwik</td>
<td>Qwik is a performance focused javascript framework. Prior to version 1.= 19.0, a prototype pollution vulnerability exists in the formToObj() functio=
n within @builder.io/qwik-city middleware. The function processes form fiel=
d names with dot notation (e.g., user.name) to create nested objects, but f= ails to sanitize dangerous property names like __proto__, constructor, and = prototype. This allows unauthenticated attackers to pollute Object.prototyp=
e by sending crafted HTTP POST requests, potentially leading to privilege e= scalation, authentication bypass, or denial of service. This issue has been=
patched in version 1.19.0.</td>
<td>2026-02-03</td>
<td>9.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25150" target=3D= "_blank" rel=3D"noopener">CVE-2026-25150</a></td>

<a href=3D"https://github.com/QwikDev/qwik/security/advisories/GHSA-xqg6-98= cw-gxhq" target=3D"_blank" rel=3D"noopener">https://github.com/QwikDev/qwik= /security/advisories/GHSA-xqg6-98cw-gxhq</a> <a href=3D"https://github.c= om/QwikDev/qwik/commit/5f65bae2bc33e6ca0c21e4cfcf9eae05077716f7" target=3D"= _blank" rel=3D"noopener">https://github.com/QwikDev/qwik/commit/5f65bae2bc3= 3e6ca0c21e4cfcf9eae05077716f7</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">AlistGo--alist</td>
<td>Alist is a file list program that supports multiple storages, powered b=
y Gin and Solidjs. Prior to version 3.57.0, the application disables TLS ce= rtificate verification by default for all outgoing storage driver communica= tions, making the system vulnerable to Man-in-the-Middle (MitM) attacks. Th=
is enables the complete decryption, theft, and manipulation of all data tra= nsmitted during storage operations, severely compromising the confidentiali=
ty and integrity of user data. This issue has been patched in version 3.57.= 0.</td>
<td>2026-02-04</td>
<td>9.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25160" target=3D= "_blank" rel=3D"noopener">CVE-2026-25160</a></td>

<a href=3D"https://github.com/AlistGo/alist/security/advisories/GHSA-8jmm-3= xwx-w974" target=3D"_blank" rel=3D"noopener">https://github.com/AlistGo/ali= st/security/advisories/GHSA-8jmm-3xwx-w974</a> <a href=3D"https://github= .com/AlistGo/alist/commit/69629ca76a8f2c8c973ede3b616f93aa26ff23fb" target= =3D"_blank" rel=3D"noopener">https://github.com/AlistGo/alist/commit/69629c= a76a8f2c8c973ede3b616f93aa26ff23fb</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Samsung Electronics--MagicINFO 9 Server</td>
<td>A vulnerability in MagicInfo9 Server allows authorized users to upload = HTML files without authentication, leading to Stored XSS, which can result =
in account takeover This issue affects MagicINFO 9 Server: less than 21.109= 0.1.</td>
<td>2026-02-02</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25200" target=3D= "_blank" rel=3D"noopener">CVE-2026-25200</a></td>

<a href=3D"https://security.samsungtv.com/securityUpdates" target=3D"_blank=
" rel=3D"noopener">https://security.samsungtv.com/securityUpdates</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">Samsung Electronics--MagicINFO 9 Server</td> <td>The database account and password are hardcoded, allowing login with th=
e account to manipulate the database in MagicInfo9 Server. This issue affec=
ts MagicINFO 9 Server: less than 21.1090.1.</td>
<td>2026-02-02</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25202" target=3D= "_blank" rel=3D"noopener">CVE-2026-25202</a></td>

<a href=3D"https://security.samsungtv.com/securityUpdates" target=3D"_blank=
" rel=3D"noopener">https://security.samsungtv.com/securityUpdates</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">maziggy--bambuddy</td>
<td>Bambuddy is a self-hosted print archive and management system for Bambu=
Lab 3D printers. Prior to version 0.1.7, a hardcoded secret key used for s= igning JWTs is checked into source code and ManyAPI routes do not check aut= hentication. This issue has been patched in version 0.1.7.</td> <td>2026-02-04</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25505" target=3D= "_blank" rel=3D"noopener">CVE-2026-25505</a></td>

<a href=3D"https://github.com/maziggy/bambuddy/security/advisories/GHSA-gc2= 4-px2r-5qmf" target=3D"_blank" rel=3D"noopener">https://github.com/maziggy/= bambuddy/security/advisories/GHSA-gc24-px2r-5qmf</a> <a href=3D"https://= github.com/maziggy/bambuddy/pull/225" target=3D"_blank" rel=3D"noopener">ht= tps://github.com/maziggy/bambuddy/pull/225</a> <a href=3D"https://github= .com/maziggy/bambuddy/commit/a82f9278d2d587b7042a0858aab79fd8b6e3add9" targ= et=3D"_blank" rel=3D"noopener">https://github.com/maziggy/bambuddy/commit/a= 82f9278d2d587b7042a0858aab79fd8b6e3add9</a> <a href=3D"https://github.co= m/maziggy/bambuddy/commit/c31f2968889c855f1ffacb700c2c9970deb2a6fb" target= =3D"_blank" rel=3D"noopener">https://github.com/maziggy/bambuddy/commit/c31= f2968889c855f1ffacb700c2c9970deb2a6fb</a> <a href=3D"https://github.com/= maziggy/bambuddy/blob/a9bb8ed8239602bf08a9914f85a09eeb2bf13d15/backend/app/= core/auth.py#L28" target=3D"_blank" rel=3D"noopener">https://github.com/maz= iggy/bambuddy/blob/a9bb8ed8239602bf08a9914f85a09eeb2bf13d15/backend/app/cor= e/auth.py#L28</a> <a href=3D"https://github.com/maziggy/bambuddy/blob/ma= in/CHANGELOG.md" target=3D"_blank" rel=3D"noopener">https://github.com/mazi= ggy/bambuddy/blob/main/CHANGELOG.md</a> <a href=3D"https://github.com/ma= ziggy/bambuddy/releases/tag/v0.1.7" target=3D"_blank" rel=3D"noopener">http= s://github.com/maziggy/bambuddy/releases/tag/v0.1.7</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">HubSpot--jinjava</td>
<td>JinJava is a Java-based template engine based on django template syntax=
, adapted to render jinja templates. Prior to versions 2.7.6 and 2.8.3, Jin= Java is vulnerable to arbitrary Java execution via bypass through ForTag. T= his allows arbitrary Java class instantiation and file access bypassing bui= lt-in sandbox restrictions. This issue has been patched in versions 2.7.6 a=
nd 2.8.3.</td>
<td>2026-02-04</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25526" target=3D= "_blank" rel=3D"noopener">CVE-2026-25526</a></td>

<a href=3D"https://github.com/HubSpot/jinjava/security/advisories/GHSA-gjx9= -j8f8-7j74" target=3D"_blank" rel=3D"noopener">https://github.com/HubSpot/j= injava/security/advisories/GHSA-gjx9-j8f8-7j74</a> <a href=3D"https://gi= thub.com/HubSpot/jinjava/commit/3d02e504d8bbb13bf3fe019e9ca7b51dfce7a998" t= arget=3D"_blank" rel=3D"noopener">https://github.com/HubSpot/jinjava/commit= /3d02e504d8bbb13bf3fe019e9ca7b51dfce7a998</a> <a href=3D"https://github.= com/HubSpot/jinjava/commit/c7328dce6030ac718f88974196035edafef24441" target= =3D"_blank" rel=3D"noopener">https://github.com/HubSpot/jinjava/commit/c732= 8dce6030ac718f88974196035edafef24441</a> <a href=3D"https://github.com/H= ubSpot/jinjava/releases/tag/jinjava-2.7.6" target=3D"_blank" rel=3D"noopene= r">https://github.com/HubSpot/jinjava/releases/tag/jinjava-2.7.6</a> <a = href=3D"https://github.com/HubSpot/jinjava/releases/tag/jinjava-2.8.3" targ= et=3D"_blank" rel=3D"noopener">https://github.com/HubSpot/jinjava/releases/= tag/jinjava-2.8.3</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">siyuan-note--siyuan</td>
<td>SiYuan is a personal knowledge management system. Prior to version 3.5.=
5, the /api/file/copyFile endpoint does not validate the dest parameter, al= lowing authenticated users to write files to arbitrary locations on the fil= esystem. This can lead to Remote Code Execution (RCE) by writing to sensiti=
ve locations such as cron jobs, SSH authorized_keys, or shell configuration=
files. This issue has been patched in version 3.5.5.</td>
<td>2026-02-04</td>
<td>9.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25539" target=3D= "_blank" rel=3D"noopener">CVE-2026-25539</a></td>

<a href=3D"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-c= 4jr-5q7w-f6r9" target=3D"_blank" rel=3D"noopener">https://github.com/siyuan= -note/siyuan/security/advisories/GHSA-c4jr-5q7w-f6r9</a> <a href=3D"http= s://github.com/siyuan-note/siyuan/commit/d7f790755edf8c78d2b4176171e5a0cdcd= 720feb" target=3D"_blank" rel=3D"noopener">https://github.com/siyuan-note/s= iyuan/commit/d7f790755edf8c78d2b4176171e5a0cdcd720feb</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">payloadcms--payload</td>
<td>Payload is a free and open source headless content management system. P= rior to 3.73.0, when querying JSON or richText fields, user input was direc= tly embedded into SQL without escaping, enabling blind SQL injection attack=
s. An unauthenticated attacker could extract sensitive data (emails, passwo=
rd reset tokens) and achieve full account takeover without password crackin=
g. This vulnerability is fixed in 3.73.0.</td>
<td>2026-02-06</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25544" target=3D= "_blank" rel=3D"noopener">CVE-2026-25544</a></td>

<a href=3D"https://github.com/payloadcms/payload/security/advisories/GHSA-x= x6w-jxg9-2wh8" target=3D"_blank" rel=3D"noopener">https://github.com/payloa= dcms/payload/security/advisories/GHSA-xx6w-jxg9-2wh8</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">blakeblackshear--frigate</td>
<td>Frigate is a network video recorder (NVR) with realtime local object de= tection for IP cameras. Prior to 0.16.4, a critical Remote Command Executio=
n (RCE) vulnerability has been identified in the Frigate integration with g= o2rtc. The application does not sanitize user input in the video stream con= figuration (config.yaml), allowing direct injection of system commands via = the exec: directive. The go2rtc service executes these commands without res= trictions. This vulnerability is only exploitable by an administrator or us= ers who have exposed their Frigate install to the open internet with no aut= hentication which allows anyone full administrative control. This vulnerabi= lity is fixed in 0.16.4.</td>
<td>2026-02-06</td>
<td>9.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25643" target=3D= "_blank" rel=3D"noopener">CVE-2026-25643</a></td>

<a href=3D"https://github.com/blakeblackshear/frigate/security/advisories/G= HSA-4c97-5jmr-8f6x" target=3D"_blank" rel=3D"noopener">https://github.com/b= lakeblackshear/frigate/security/advisories/GHSA-4c97-5jmr-8f6x</a> <a hr= ef=3D"https://github.com/blakeblackshear/frigate/releases/tag/v0.16.4" targ= et=3D"_blank" rel=3D"noopener">https://github.com/blakeblackshear/frigate/r= eleases/tag/v0.16.4</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">denpiligrim--3dp-manager</td>
<td>3DP-MANAGER is an inbound generator for 3x-ui. In version 2.0.1 and pri= or, the application automatically creates an administrative account with kn= own default credentials (admin/admin) upon the first initialization. Attack= ers with network access to the application's login interface can gain full = administrative control, managing VPN tunnels and system settings. This issu=
e will be patched in version 2.0.2.</td>
<td>2026-02-06</td>
<td>9.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25803" target=3D= "_blank" rel=3D"noopener">CVE-2026-25803</a></td>

<a href=3D"https://github.com/denpiligrim/3dp-manager/security/advisories/G= HSA-5x57-h7cw-9jmw" target=3D"_blank" rel=3D"noopener">https://github.com/d= enpiligrim/3dp-manager/security/advisories/GHSA-5x57-h7cw-9jmw</a> <a hr= ef=3D"https://github.com/denpiligrim/3dp-manager/commit/f568de41de97dd1b70a= 963708a1ee18e52b9d248" target=3D"_blank" rel=3D"noopener">https://github.co= m/denpiligrim/3dp-manager/commit/f568de41de97dd1b70a963708a1ee18e52b9d248</= a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">OXID-eSales--OXID eShop</td>
<td>OXID eShop versions 6.x prior to 6.3.4 contains a SQL injection vulnera= bility in the 'sorting' parameter that allows attackers to insert malicious=
database content. Attackers can exploit the vulnerability by manipulating = the sorting parameter to inject PHP code into the database and execute arbi= trary code through crafted URLs.</td>
<td>2026-02-03</td>
<td>8.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2019-25260" target=3D= "_blank" rel=3D"noopener">CVE-2019-25260</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48527" target=3D"_blank" rel= =3D"noopener">ExploitDB-48527</a> <a href=3D"https://www.oxid-esales.com=
/" target=3D"_blank" rel=3D"noopener">Official OXID eShop Vendor Homepage</= a> <a href=3D"https://github.com/OXID-eSales/oxideshop_ce" target=3D"_bl= ank" rel=3D"noopener">OXID eShop Community Edition GitHub Repository</a><br= ><a href=3D"https://web.archive.org/web/20201020223434/https://www.vulnspy.= com/en-oxid-eshop-6.x-sqli-to-rce/" target=3D"_blank" rel=3D"noopener">Arch= ived Researcher Disclosure</a> <a href=3D"https://web.archive.org/web/20= 190731211638/https://blog.ripstech.com/2019/oxid-esales-shop-software/" tar= get=3D"_blank" rel=3D"noopener">Archived RIPSTech Security Blog</a> <a h= ref=3D"https://bugs.oxid-esales.com/view.php?id=3D7002" target=3D"_blank" r= el=3D"noopener">OXID eShop Bug Tracking Entry</a> <a href=3D"https://www= .vulncheck.com/advisories/oxid-eshop-sorting-sql-injection" target=3D"_blan=
k" rel=3D"noopener">VulnCheck Advisory: OXID eShop 6.3.4 - 'sorting' SQL In= jection</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">VictorAlagwu--CMSsite</td>
<td>Victor CMS 1.0 contains an authenticated file upload vulnerability that=
allows administrators to upload PHP files with arbitrary content through t=
he user_image parameter. Attackers can upload a malicious PHP shell to the = /img/ directory and execute system commands by accessing the uploaded file = with a 'cmd' parameter.</td>
<td>2026-02-03</td>
<td>8.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37073" target=3D= "_blank" rel=3D"noopener">CVE-2020-37073</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48490" target=3D"_blank" rel= =3D"noopener">ExploitDB-48490</a> <a href=3D"https://github.com/VictorAl= agwu/CMSsite" target=3D"_blank" rel=3D"noopener">Victor CMS Project Reposit= ory</a> <a href=3D"https://www.vulncheck.com/advisories/victor-cms-authe= nticated-arbitrary-file-upload" target=3D"_blank" rel=3D"noopener">VulnChec=
k Advisory: Victor CMS 1.0 - Authenticated Arbitrary File Upload</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">VictorAlagwu--CMSsite</td>
<td>Victor CMS version 1.0 contains a SQL injection vulnerability in the 'p= ost' parameter on post.php that allows remote attackers to manipulate datab= ase queries. Attackers can exploit this vulnerability by sending crafted UN= ION SELECT payloads to extract database information through boolean-based, = error-based, and time-based injection techniques.</td>
<td>2026-02-03</td>
<td>8.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37076" target=3D= "_blank" rel=3D"noopener">CVE-2020-37076</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48451" target=3D"_blank" rel= =3D"noopener">ExploitDB-48451</a> <a href=3D"https://github.com/VictorAl= agwu/CMSsite" target=3D"_blank" rel=3D"noopener">Victor CMS GitHub Reposito= ry</a> <a href=3D"https://www.vulncheck.com/advisories/victor-cms-post-s= ql-injection" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Victor=
CMS 1.0 - 'post' SQL Injection</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">i-doit GmbH--i-doit Open Source CMDB</td> <td>i-doit Open Source CMDB 1.14.1 contains a file deletion vulnerability i=
n the import module that allows authenticated attackers to delete arbitrary=
files by manipulating the delete_import parameter. Attackers can send a PO=
ST request to the import module with a crafted filename to remove files fro=
m the server's filesystem.</td>
<td>2026-02-03</td>
<td>8.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37078" target=3D= "_blank" rel=3D"noopener">CVE-2020-37078</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48427" target=3D"_blank" rel= =3D"noopener">ExploitDB-48427</a> <a href=3D"https://www.i-doit.org/" ta= rget=3D"_blank" rel=3D"noopener">Official Vendor Homepage</a> <a href=3D= "https://sourceforge.net/projects/i-doit/" target=3D"_blank" rel=3D"noopene= r">i-doit SourceForge Project</a> <a href=3D"https://www.vulncheck.com/a= dvisories/i-doit-open-source-cmdb-arbitrary-file-deletion" target=3D"_blank=
" rel=3D"noopener">VulnCheck Advisory: i-doit Open Source CMDB 1.14.1 - Arb= itrary File Deletion</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">chatelao--PHP Address Book</td>
<td>PHP AddressBook 9.0.0.1 contains a time-based blind SQL injection vulne= rability that allows remote attackers to manipulate database queries throug=
h the 'id' parameter. Attackers can inject crafted SQL statements with time=
delays to extract information by observing response times in the photo.php=
endpoint.</td>
<td>2026-02-03</td>
<td>8.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37083" target=3D= "_blank" rel=3D"noopener">CVE-2020-37083</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48416" target=3D"_blank" rel= =3D"noopener">ExploitDB-48416</a> <a href=3D"https://sourceforge.net/pro= jects/php-addressbook/" target=3D"_blank" rel=3D"noopener">SourceForge Prod= uct Page</a> <a href=3D"https://www.vulncheck.com/advisories/addressbook= -id-sql-injection" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: a= ddressbook 9.0.0.1 - 'id' SQL Injection</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Arox--School ERP Pro</td>
<td>School ERP Pro 1.0 contains a SQL injection vulnerability in the 'es_me= ssagesid' parameter that allows attackers to manipulate database queries th= rough GET requests. Attackers can exploit the vulnerable parameter by injec= ting crafted SQL statements to potentially extract, modify, or delete datab= ase information.</td>
<td>2026-02-03</td>
<td>8.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37089" target=3D= "_blank" rel=3D"noopener">CVE-2020-37089</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48390" target=3D"_blank" rel= =3D"noopener">ExploitDB-48390</a> <a href=3D"https://web.archive.org/web= /20200129123503/http://arox.in/" target=3D"_blank" rel=3D"noopener">Archive=
d Vendor Homepage</a> <a href=3D"https://web.archive.org/web/20190612111= 732/https://sourceforge.net/projects/school-erp-ultimate/" target=3D"_blank=
" rel=3D"noopener">Archived SourceForge Product Page</a> <a href=3D"http= s://www.vulncheck.com/advisories/school-erp-pro-esmessagesid-sql-injection"=
target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: School ERP Pro 1.0 =
- 'es_messagesid' SQL Injection</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Davidvg--60CycleCMS</td>
<td>60CycleCMS 2.5.2 contains an SQL injection vulnerability in news.php an=
d common/lib.php that allows attackers to manipulate database queries throu=
gh unvalidated user input. Attackers can exploit vulnerable query parameter=
s like 'title' to inject malicious SQL code and potentially extract or modi=
fy database contents. This issue does not involve cross-site scripting.</td=

<td>2026-02-03</td>
<td>8.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37110" target=3D= "_blank" rel=3D"noopener">CVE-2020-37110</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48177" target=3D"_blank" rel= =3D"noopener">ExploitDB-48177</a> <a href=3D"https://www.opensourcecms.c= om/60cyclecms" target=3D"_blank" rel=3D"noopener">Software Download Link</a= > <a href=3D"https://www.vulncheck.com/advisories/cyclecms-newsphp-sql-i= njection-vulnerability" target=3D"_blank" rel=3D"noopener">VulnCheck Adviso= ry: 60CycleCMS 2.5.2 - 'news.php' SQL Injection Vulnerability</a> =C2=A0= </td>
</tr>

<td class=3D"vendor-product">Openeclass--GUnet OpenEclass</td>
<td>GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extens= ion restrictions when uploading files. By renaming a PHP file to .php3 or .= PhP, an attacker can upload a web shell and execute arbitrary code on the s= erver. This vulnerability enables remote code execution by bypassing the in= tended file type checks in the exercise submission feature.</td> <td>2026-02-03</td>
<td>8.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37113" target=3D= "_blank" rel=3D"noopener">CVE-2020-37113</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48163" target=3D"_blank" rel= =3D"noopener">ExploitDB-48163</a> <a href=3D"https://www.openeclass.org/=
" target=3D"_blank" rel=3D"noopener">Official Vendor Homepage</a> <a hre= f=3D"https://download.openeclass.org/files/docs/1.7/CHANGES.txt" target=3D"= _blank" rel=3D"noopener">Changelog</a> <a href=3D"https://www.vulncheck.= com/advisories/gunet-openeclass-e-learning-platform-file-upload-extension-b= ypass" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: GUnet OpenEcl= ass 1.7.3 E-learning platform - File Upload Extension Bypass</a> =C2=A0<=

</tr>

<td class=3D"vendor-product">Openeclass--GUnet OpenEclass</td>
<td>GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which a= llows remote logins. Attackers with access to the platform can remotely acc= ess phpMyAdmin and, after uploading a shell, view the config.php file to ob= tain the MySQL password, leading to full database compromise.</td> <td>2026-02-03</td>
<td>8.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37116" target=3D= "_blank" rel=3D"noopener">CVE-2020-37116</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48163" target=3D"_blank" rel= =3D"noopener">ExploitDB-48163</a> <a href=3D"https://www.openeclass.org/=
" target=3D"_blank" rel=3D"noopener">Official Vendor Homepage</a> <a hre= f=3D"https://download.openeclass.org/files/docs/1.7/CHANGES.txt" target=3D"= _blank" rel=3D"noopener">Changelog</a> <a href=3D"https://www.vulncheck.= com/advisories/gunet-openeclass-e-learning-platform-phpmyadmin-remote-acces=
s" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: GUnet OpenEclass = 1.7.3 E-learning platform - phpMyAdmin Remote Access</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">jizhiCMS--jizhiCMS</td>
<td>jizhiCMS 1.6.7 contains a file download vulnerability in the admin plug= ins update endpoint that allows authenticated administrators to download ar= bitrary files. Attackers can exploit the vulnerability by sending crafted P= OST requests with malicious filepath and download_url parameters to trigger=
unauthorized file downloads.</td>
<td>2026-02-05</td>
<td>8.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37117" target=3D= "_blank" rel=3D"noopener">CVE-2020-37117</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48361" target=3D"_blank" rel= =3D"noopener">ExploitDB-48361</a> <a href=3D"https://www.jizhicms.cn/" t= arget=3D"_blank" rel=3D"noopener">Official Vendor Homepage</a> <a href= =3D"https://www.vulncheck.com/advisories/jizhicms-arbitrary-file-download" = target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: jizhiCMS 1.6.7 - Arb= itrary File Download</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Odin-Secure-Ftp-Expert--Odin Secure FTP Expert= </td>
<td>Odin Secure FTP Expert 7.6.3 contains a local denial of service vulnera= bility that allows attackers to crash the application by manipulating site = information fields. Attackers can generate a buffer overflow by pasting 108=
bytes of repeated characters into connection fields, causing the applicati=
on to crash.</td>
<td>2026-02-05</td>
<td>8.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37139" target=3D= "_blank" rel=3D"noopener">CVE-2020-37139</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48262" target=3D"_blank" rel= =3D"noopener">ExploitDB-48262</a> <a href=3D"http://tr.oldversion.com/wi= ndows/odin-secure-ftp-expert-7-6-3" target=3D"_blank" rel=3D"noopener">Arch= ived Software Download</a> <a href=3D"https://www.vulncheck.com/advisori= es/odin-secure-ftp-expert-site-info-denial-of-service" target=3D"_blank" re= l=3D"noopener">VulnCheck Advisory: Odin Secure FTP Expert 7.6.3 - 'Site Inf=
o' Denial of Service</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">AMSS++--AMSS++</td>
<td>AMSS++ version 4.31 contains a SQL injection vulnerability in the mail = module's maildetail.php script through the 'id' parameter. Attackers can ma= nipulate the 'id' parameter in /modules/mail/main/maildetail.php to inject = malicious SQL queries and potentially access or modify database contents.</=

<td>2026-02-06</td>
<td>8.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37141" target=3D= "_blank" rel=3D"noopener">CVE-2020-37141</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48109" target=3D"_blank" rel= =3D"noopener">ExploitDB-48109</a> <a href=3D"https://www.vulncheck.com/a= dvisories/amss-v-id-sql-injection" target=3D"_blank" rel=3D"noopener">VulnC= heck Advisory: AMSS++ v 4.31 - 'id' SQL Injection</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">10-Strike Software--Network Inventory Explorer= </td>
<td>10-Strike Network Inventory Explorer 8.54 contains a structured excepti=
on handler buffer overflow vulnerability that allows attackers to execute a= rbitrary code by overwriting SEH records. Attackers can craft a malicious p= ayload targeting the 'Computer' parameter during the 'Add' function to trig= ger remote code execution.</td>
<td>2026-02-05</td>
<td>8.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37142" target=3D= "_blank" rel=3D"noopener">CVE-2020-37142</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48253" target=3D"_blank" rel= =3D"noopener">ExploitDB-48253</a> <a href=3D"https://www.10-strike.com/"=
target=3D"_blank" rel=3D"noopener">10-Strike Software Homepage</a> <a h= ref=3D"https://web.archive.org/web/20210105222137/https://whitecr0wz.github= .io/posts/Strike-Network-Inventory-Explorer-Structered-Exception-Handling-O= verwrite/" target=3D"_blank" rel=3D"noopener">Archived Researcher Blog</a><= br><a href=3D"https://www.vulncheck.com/advisories/strike-network-inventory= -explorer-add-local-buffer-overflow-seh" target=3D"_blank" rel=3D"noopener"= >VulnCheck Advisory: 10-Strike Network Inventory Explorer 8.54 - 'Add' Loca=
l Buffer Overflow (SEH)</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">EDIMAX Technology--EW-7438RPn Mini</td>
<td>Edimax EW-7438RPn-v3 Mini 1.27 is vulnerable to cross-site request forg= ery (CSRF) that can lead to command execution. An attacker can trick an aut= henticated user into submitting a crafted form to the /goform/mp endpoint, = resulting in arbitrary command execution on the device with the user's priv= ileges.</td>
<td>2026-02-05</td>
<td>8.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37149" target=3D= "_blank" rel=3D"noopener">CVE-2020-37149</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48318" target=3D"_blank" rel= =3D"noopener">ExploitDB-48318</a> <a href=3D"https://www.edimax.com/edim= ax/merchandise/merchandise_detail/data/edimax/global/wi-fi_range_extenders_= n300/ew-7438rpn_mini/" target=3D"_blank" rel=3D"noopener">Edimax EW-7438RPn=
Mini Product Page</a> <a href=3D"https://www.vulncheck.com/advisories/e= dimax-technology-ew-rpn-mini-cross-site-request-forgery-csrf-to-command-exe= cution" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Edimax Techn= ology EW-7438RPn-v3 Mini 1.27 - Cross-Site Request Forgery (CSRF) to Comman=
d Execution</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Ciprianmp--phpMyChat Plus</td>
<td>phpMyChat Plus 1.98 contains a SQL injection vulnerability in the delus= er.php page through the pmc_username parameter that allows attackers to man= ipulate database queries. Attackers can exploit boolean-based, error-based,=
and time-based blind SQL injection techniques to extract sensitive databas=
e information by crafting malicious payloads in the username field.</td> <td>2026-02-05</td>
<td>8.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37151" target=3D= "_blank" rel=3D"noopener">CVE-2020-37151</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48066" target=3D"_blank" rel= =3D"noopener">ExploitDB-48066</a> <a href=3D"http://ciprianmp.com/latest=
/" target=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a href=3D"htt= ps://www.vulncheck.com/advisories/phpmychat-plus-deluserphp-sql-injection" = target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: phpMyChat Plus 1.98 = 'deluser.php' SQL Injection</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">QuickDate--QuickDate</td>
<td>QuickDate 1.3.2 contains a SQL injection vulnerability that allows remo=
te attackers to manipulate database queries through the '_located' paramete=
r in the find_matches endpoint. Attackers can inject UNION-based SQL statem= ents to extract database information including user credentials, database n= ame, and system version.</td>
<td>2026-02-06</td>
<td>8.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37163" target=3D= "_blank" rel=3D"noopener">CVE-2020-37163</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48022" target=3D"_blank" rel= =3D"noopener">ExploitDB-48022</a> <a href=3D"https://web.archive.org/web= /20200112151117/https://quickdatescript.com/" target=3D"_blank" rel=3D"noop= ener">Archived QuickDate Script Webpage</a> <a href=3D"https://www.vulnc= heck.com/advisories/quickdate-sql-injection" target=3D"_blank" rel=3D"noope= ner">VulnCheck Advisory: QuickDate 1.3.2 - SQL Injection</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Innomic--VibroLine VLX1 HD 5.0</td>
<td>An unauthenticated remote attacker is able to use an existing session i=
d of a logged in user and gain full access to the device if configuration v=
ia ethernet is enabled.</td>
<td>2026-02-02</td>
<td>8.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2022-50975" target=3D= "_blank" rel=3D"noopener">CVE-2022-50975</a></td>

<a href=3D"https://www.innomic.com/.well-known/csaf/white/2026/ids-2026-000= 1.html" target=3D"_blank" rel=3D"noopener">https://www.innomic.com/.well-kn= own/csaf/white/2026/ids-2026-0001.html</a> <a href=3D"https://www.innomi= c.com/.well-known/csaf/white/2026/ids-2026-0001.json" target=3D"_blank" rel= =3D"noopener">https://www.innomic.com/.well-known/csaf/white/2026/ids-2026-= 0001.json</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Mitsubishi Electric Corporation--FREQSHIP-mini=
for Windows</td>
<td>Incorrect Default Permissions vulnerability in Mitsubishi Electric Corp= oration FREQSHIP-mini for Windows versions 8.0.0 to 8.0.2 allows a local at= tacker to execute arbitrary code with system privileges by replacing servic=
e executable files (EXE) or DLLs in the installation directory with special=
ly crafted files. As a result, the attacker may be able to disclose, tamper=
with, delete, or destroy information stored on the PC where the affected p= roduct is installed, or cause a Denial of Service (DoS) condition on the af= fected system.</td>
<td>2026-02-05</td>
<td>8.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-10314" target=3D= "_blank" rel=3D"noopener">CVE-2025-10314</a></td>

<a href=3D"https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2025-= 019_en.pdf" target=3D"_blank" rel=3D"noopener">https://www.mitsubishielectr= ic.com/psirt/vulnerability/pdf/2025-019_en.pdf</a> <a href=3D"https://jv= n.jp/jp/JVN64883963/" target=3D"_blank" rel=3D"noopener">https://jvn.jp/jp/= JVN64883963/</a> <a href=3D"https://www.cisa.gov/news-events/ics-advisor= ies/icsa-26-034-01" target=3D"_blank" rel=3D"noopener">https://www.cisa.gov= /news-events/ics-advisories/icsa-26-034-01</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">roxnor--Popup builder with Gamification, Multi= -Step Popups, Page-Level Targeting, and WooCommerce Triggers</td>
<td>The Popup builder with Gamification, Multi-Step Popups, Page-Level Targ= eting, and WooCommerce Triggers plugin for WordPress is vulnerable to gener=
ic SQL Injection via the multiple REST API endpoints in all versions up to,=
and including, 2.2.0 due to insufficient escaping on the user supplied par= ameter and lack of sufficient preparation on the existing SQL query. This m= akes it possible for unauthenticated attackers to append additional SQL que= ries into already existing queries that can be used to extract sensitive in= formation from the database. Vulnerability was patched in version 2.2.1 for=
unauthenticated users, and fully patched in version 2.2.3 for Administrato=
r+ level users.</td>
<td>2026-02-04</td>
<td>8.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-13192" target=3D= "_blank" rel=3D"noopener">CVE-2025-13192</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/9db1df= de-0cba-41b2-ab7a-a1640e5fd96b?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/9db1dfde-0cb= a-41b2-ab7a-a1640e5fd96b?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/popup-builder-block/tags/2.1.5/includes/Routes/Popu= p.php#L50" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpres= s.org/browser/popup-builder-block/tags/2.1.5/includes/Routes/Popup.php#L50<= /a> <a href=3D"https://plugins.trac.wordpress.org/browser/popup-builder-= block/tags/2.1.5/includes/Routes/Popup.php#L133" target=3D"_blank" rel=3D"n= oopener">https://plugins.trac.wordpress.org/browser/popup-builder-block/tag= s/2.1.5/includes/Routes/Popup.php#L133</a> <a href=3D"https://plugins.tr= ac.wordpress.org/browser/popup-builder-block/tags/2.1.5/includes/Helpers/Da= taBase.php#L382" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wo= rdpress.org/browser/popup-builder-block/tags/2.1.5/includes/Helpers/DataBas= e.php#L382</a> <a href=3D"https://plugins.trac.wordpress.org/browser/pop= up-builder-block/tags/2.1.5/includes/Helpers/DataBase.php#L413" target=3D"_= blank" rel=3D"noopener">https://plugins.trac.wordpress.org/browser/popup-bu= ilder-block/tags/2.1.5/includes/Helpers/DataBase.php#L413</a> <a href=3D= "https://plugins.trac.wordpress.org/browser/popup-builder-block/tags/2.1.5/= includes/Routes/Subscribers.php#L99" target=3D"_blank" rel=3D"noopener">htt= ps://plugins.trac.wordpress.org/browser/popup-builder-block/tags/2.1.5/incl= udes/Routes/Subscribers.php#L99</a> <a href=3D"https://plugins.trac.word= press.org/browser/popup-builder-block/tags/2.1.5/includes/Routes/Subscriber= s.php#L133" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpre= ss.org/browser/popup-builder-block/tags/2.1.5/includes/Routes/Subscribers.p= hp#L133</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">IBM--Aspera Console</td>
<td>IBM Aspera Console 3.4.0 through 3.4.8 is vulnerable to SQL injection. =
A remote attacker could send specially crafted SQL statements, which could = allow the attacker to view, add, modify, or delete information in the back-= end database.</td>
<td>2026-02-05</td>
<td>8.6</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-13379" target=3D= "_blank" rel=3D"noopener">CVE-2025-13379</a></td>

<a href=3D"https://www.ibm.com/support/pages/node/7259448" target=3D"_blank=
" rel=3D"noopener">https://www.ibm.com/support/pages/node/7259448</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">jayarsiech--JAY Login & Register</td>
<td>The JAY Login & Register plugin for WordPress is vulnerable to Priv= ilege Escalation in all versions up to, and including, 2.6.03. This is due =
to the plugin allowing a user to update arbitrary user meta through the 'ja= y_panel_ajax_update_profile' function. This makes it possible for authentic= ated attackers, with Subscriber-level access and above, to elevate their pr= ivileges to that of an administrator.</td>
<td>2026-02-08</td>
<td>8.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15100" target=3D= "_blank" rel=3D"noopener">CVE-2025-15100</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/fb9008= 10-23a2-4920-a5e8-4388c4474de0?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/fb900810-23a= 2-4920-a5e8-4388c4474de0?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/jay-login-register/tags/2.6.01/includes/user-panel/= jay-login-register-ajax-handler-user-panel.php#L624" target=3D"_blank" rel= =3D"noopener">https://plugins.trac.wordpress.org/browser/jay-login-register= /tags/2.6.01/includes/user-panel/jay-login-register-ajax-handler-user-panel= .php#L624</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Tanium--Deploy</td>
<td>Tanium addressed an improper input validation vulnerability in Deploy.<=

<td>2026-02-05</td>
<td>8.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15330" target=3D= "_blank" rel=3D"noopener">CVE-2025-15330</a></td>

<a href=3D"https://security.tanium.com/TAN-2025-012" target=3D"_blank" rel= =3D"noopener">TAN-2025-012</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">themeboy--SportsPress Sports Club & League=
Manager</td>
<td>The SportsPress plugin for WordPress is vulnerable to Local File Inclus= ion in all versions up to, and including, 2.7.26 via shortcodes 'template_n= ame' attribute. This makes it possible for authenticated attackers, with co= ntributor-level and above permissions, to include and execute arbitrary fil=
es on the server, allowing the execution of any PHP code in those files. Th=
is can be used to bypass access controls, obtain sensitive data, or achieve=
code execution in cases where php file type can be uploaded and included.<=

<td>2026-02-04</td>
<td>8.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15368" target=3D= "_blank" rel=3D"noopener">CVE-2025-15368</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/27e40a= f7-5697-4482-a96d-9216886c363b?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/27e40af7-569= 7-4482-a96d-9216886c363b?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/sportspress/tags/2.7.26/includes/class-sp-shortcode= s.php#L32" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpres= s.org/browser/sportspress/tags/2.7.26/includes/class-sp-shortcodes.php#L32<= /a> <a href=3D"https://plugins.trac.wordpress.org/browser/sportspress/ta= gs/2.7.26/includes/class-sp-shortcodes.php#L182" target=3D"_blank" rel=3D"n= oopener">https://plugins.trac.wordpress.org/browser/sportspress/tags/2.7.26= /includes/class-sp-shortcodes.php#L182</a> <a href=3D"https://plugins.tr= ac.wordpress.org/browser/sportspress/tags/2.7.26/includes/sp-core-functions= .php#L68" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress= .org/browser/sportspress/tags/2.7.26/includes/sp-core-functions.php#L68</a>= =C2=A0</td>
</tr>

<td class=3D"vendor-product">Kubernetes--ingress-nginx</td>
<td>A security issue was discovered in ingress-nginx=C2=A0where the `nginx.= ingress.kubernetes.io/auth-proxy-set-headers` Ingress annotation can be use=
d to inject configuration into nginx. This can lead to arbitrary code execu= tion in the context of the ingress-nginx controller, and disclosure of Secr= ets accessible to the controller. (Note that in the default installation, t=
he controller can access all Secrets cluster-wide.)</td>
<td>2026-02-06</td>
<td>8.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15566" target=3D= "_blank" rel=3D"noopener">CVE-2025-15566</a></td>

<a href=3D"https://github.com/kubernetes/kubernetes/issues/136789" target= =3D"_blank" rel=3D"noopener">https://github.com/kubernetes/kubernetes/issue= s/136789</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Ankara Hosting Website Design--Website Softwar= e</td>
<td>Improper Neutralization of Input During Web Page Generation (XSS or 'Cr= oss-site Scripting') vulnerability in Ankara Hosting Website Design Website=
Software allows Reflected XSS. This issue affects Website Software: throug=
h 03022026.=C2=A0 NOTE: The vendor was contacted early about this disclosur=
e but did not respond in any way.</td>
<td>2026-02-03</td>
<td>8.6</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-6397" target=3D"= _blank" rel=3D"noopener">CVE-2025-6397</a></td>

<a href=3D"https://www.usom.gov.tr/bildirim/tr-26-0014" target=3D"_blank" r= el=3D"noopener">https://www.usom.gov.tr/bildirim/tr-26-0014</a> =C2=A0</=

</tr>

<td class=3D"vendor-product">n/a--n/a</td>
<td>An arbitrary file upload vulnerability in the AddFont() function of FPD=
F v1.86 and earlier allows attackers to execute arbitrary code via uploadin=
g a crafted PHP file.</td>
<td>2026-02-03</td>
<td>8.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-65875" target=3D= "_blank" rel=3D"noopener">CVE-2025-65875</a></td>

<a href=3D"http://www.fpdf.org" target=3D"_blank" rel=3D"noopener">http://w= ww.fpdf.org</a> <a href=3D"https://github.com/Setasign/FPDF" target=3D"_= blank" rel=3D"noopener">https://github.com/Setasign/FPDF</a> <a href=3D"= https://advisories.gitlab.com/pkg/composer/tecnickcom/tc-lib-pdf-font/CVE-2= 024-56520/" target=3D"_blank" rel=3D"noopener">https://advisories.gitlab.co= m/pkg/composer/tecnickcom/tc-lib-pdf-font/CVE-2024-56520/</a> =C2=A0</td=

</tr>

<td class=3D"vendor-product">N/A--Moodle[.]org</td>
<td>A flaw was found in Moodle. This authentication bypass vulnerability al= lows suspended users to authenticate through the Learning Tools Interoperab= ility (LTI) Provider. The issue arises from the LTI authentication handlers=
failing to enforce the user's suspension status, enabling unauthorized acc= ess to the system. This can lead to information disclosure or other unautho= rized actions by users who should be restricted.</td>
<td>2026-02-03</td>
<td>8.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-67848" target=3D= "_blank" rel=3D"noopener">CVE-2025-67848</a></td>

<a href=3D"https://access.redhat.com/security/cve/CVE-2025-67848" target=3D= "_blank" rel=3D"noopener">https://access.redhat.com/security/cve/CVE-2025-6= 7848</a> <a href=3D"https://bugzilla.redhat.com/show_bug.cgi?id=3D242383=
1" target=3D"_blank" rel=3D"noopener">RHBZ#2423831</a> <a href=3D"https:= //moodle.org/mod/forum/discuss.php?d=3D471298" target=3D"_blank" rel=3D"noo= pener">https://moodle.org/mod/forum/discuss.php?d=3D471298</a> =C2=A0</t=

</tr>

<td class=3D"vendor-product">AKCE Software Technology R&D Industry and = Trade Inc.--SKSPro</td>
<td>Improper Neutralization of Special Elements used in an SQL Command ('SQ=
L Injection') vulnerability in AKCE Software Technology R&D Industry an=
d Trade Inc. SKSPro allows SQL Injection. This issue affects SKSPro: throug=
h 07012026.</td>
<td>2026-02-02</td>
<td>8.6</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-8587" target=3D"= _blank" rel=3D"noopener">CVE-2025-8587</a></td>

<a href=3D"https://www.usom.gov.tr/bildirim/tr-26-0011" target=3D"_blank" r= el=3D"noopener">https://www.usom.gov.tr/bildirim/tr-26-0011</a> =C2=A0</=

</tr>

<td class=3D"vendor-product">themeum--Tutor LMS eLearning and online course=
solution</td>
<td>The Tutor LMS - eLearning and online course solution plugin for WordPre=
ss is vulnerable to Insecure Direct Object References (IDOR) in all version=
s up to, and including, 3.9.5. This is due to missing object-level authoriz= ation checks in the `course_list_bulk_action()`, `bulk_delete_course()`, an=
d `update_course_status()` functions. This makes it possible for authentica= ted attackers, with Tutor Instructor-level access and above, to modify or d= elete arbitrary courses they do not own by manipulating course IDs in bulk = action requests.</td>
<td>2026-02-03</td>
<td>8.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1375" target=3D"= _blank" rel=3D"noopener">CVE-2026-1375</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/4e95b3= 2b-c050-41eb-8fce-461257420eb6?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/4e95b32b-c05= 0-41eb-8fce-461257420eb6?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/tutor/tags/3.9.5/classes/Course_List.php#L289" targ= et=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/browser/t= utor/tags/3.9.5/classes/Course_List.php#L289</a> <a href=3D"https://plug= ins.trac.wordpress.org/browser/tutor/tags/3.9.5/classes/Course_List.php#L43=
7" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/br= owser/tutor/tags/3.9.5/classes/Course_List.php#L437</a> <a href=3D"https= ://plugins.trac.wordpress.org/browser/tutor/tags/3.9.5/classes/Course_List.= php#L463" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress= .org/browser/tutor/tags/3.9.5/classes/Course_List.php#L463</a> <a href= =3D"https://plugins.trac.wordpress.org/changeset/3448615/tutor/trunk/classe= s/Course_List.php?contextall=3D1&old=3D3339576&old_path=3D%2Ftutor%2Ftrunk%= 2Fclasses%2FCourse_List.php" target=3D"_blank" rel=3D"noopener">https://plu= gins.trac.wordpress.org/changeset/3448615/tutor/trunk/classes/Course_List.p= hp?contextall=3D1&old=3D3339576&old_path=3D%2Ftutor%2Ftrunk%2Fclasses%2FCou= rse_List.php</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Red Hat--Red Hat Satellite 6</td>
<td>A flaw was found in fog-kubevirt. This vulnerability allows a remote at= tacker to perform a Man-in-the-Middle (MITM) attack due to disabled certifi= cate validation. This enables the attacker to intercept and potentially alt=
er sensitive communications between Satellite and OpenShift, resulting in i= nformation disclosure and data integrity compromise.</td>
<td>2026-02-02</td>
<td>8.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1530" target=3D"= _blank" rel=3D"noopener">CVE-2026-1530</a></td>

<a href=3D"https://access.redhat.com/security/cve/CVE-2026-1530" target=3D"= _blank" rel=3D"noopener">https://access.redhat.com/security/cve/CVE-2026-15= 30</a> <a href=3D"https://bugzilla.redhat.com/show_bug.cgi?id=3D2433784"=
target=3D"_blank" rel=3D"noopener">RHBZ#2433784</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Red Hat--Red Hat Satellite 6</td>
<td>A flaw was found in foreman_kubevirt. When configuring the connection t=
o OpenShift, the system disables SSL verification if a Certificate Authorit=
y (CA) certificate is not explicitly set. This insecure default allows a re= mote attacker, capable of intercepting network traffic between Satellite an=
d OpenShift, to perform a Man-in-the-Middle (MITM) attack. Such an attack c= ould lead to the disclosure or alteration of sensitive information.</td> <td>2026-02-02</td>
<td>8.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1531" target=3D"= _blank" rel=3D"noopener">CVE-2026-1531</a></td>

<a href=3D"https://access.redhat.com/security/cve/CVE-2026-1531" target=3D"= _blank" rel=3D"noopener">https://access.redhat.com/security/cve/CVE-2026-15= 31</a> <a href=3D"https://bugzilla.redhat.com/show_bug.cgi?id=3D2433786"=
target=3D"_blank" rel=3D"noopener">RHBZ#2433786</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Kubernetes--ingress-nginx</td>
<td>A security issue was discovered in ingress-nginx=C2=A0where the `nginx.= ingress.kubernetes.io/auth-method` Ingress annotation can be used to inject=
configuration into nginx. This can lead to arbitrary code execution in the=
context of the ingress-nginx controller, and disclosure of Secrets accessi= ble to the controller. (Note that in the default installation, the controll=
er can access all Secrets cluster-wide.)</td>
<td>2026-02-03</td>
<td>8.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1580" target=3D"= _blank" rel=3D"noopener">CVE-2026-1580</a></td>

<a href=3D"https://github.com/kubernetes/kubernetes/issues/136677" target= =3D"_blank" rel=3D"noopener">https://github.com/kubernetes/kubernetes/issue= s/136677</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">skirridsystems--OS DataHub Maps</td>
<td>The OS DataHub Maps plugin for WordPress is vulnerable to arbitrary fil=
e uploads due to incorrect file type validation in the 'OS_DataHub_Maps_Adm= in::add_file_and_ext' function in all versions up to, and including, 1.8.3.=
This makes it possible for authenticated attackers, with Author-level acce=
ss and above, to upload arbitrary files on the affected site's server which=
may make remote code execution possible.</td>
<td>2026-02-03</td>
<td>8.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1730" target=3D"= _blank" rel=3D"noopener">CVE-2026-1730</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/c32ba2= a0-a9a7-4f17-8169-912cecc40b7b?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/c32ba2a0-a9a= 7-4f17-8169-912cecc40b7b?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/os-datahub-maps/trunk/include/osmap-admin.php?rev= =3D3449192#L67" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wor= dpress.org/browser/os-datahub-maps/trunk/include/osmap-admin.php?rev=3D3449= 192#L67</a> <a href=3D"https://plugins.trac.wordpress.org/browser/os-dat= ahub-maps/trunk/include/osmap-admin.php?rev=3D3449192#L51" target=3D"_blank=
" rel=3D"noopener">https://plugins.trac.wordpress.org/browser/os-datahub-ma= ps/trunk/include/osmap-admin.php?rev=3D3449192#L51</a> <a href=3D"https:= //plugins.trac.wordpress.org/browser/os-datahub-maps/trunk/os-datahub-maps.= php?rev=3D3449192#L87" target=3D"_blank" rel=3D"noopener">https://plugins.t= rac.wordpress.org/browser/os-datahub-maps/trunk/os-datahub-maps.php?rev=3D3= 449192#L87</a> <a href=3D"https://plugins.trac.wordpress.org/changeset/3= 452323/os-datahub-maps" target=3D"_blank" rel=3D"noopener">https://plugins.= trac.wordpress.org/changeset/3452323/os-datahub-maps</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">seezee--WP FOFT Loader</td>
<td>The WP FOFT Loader plugin for WordPress is vulnerable to arbitrary file=
uploads due to incorrect file type validation in the 'WP_FOFT_Loader_Mimes= ::file_and_ext' function in all versions up to, and including, 2.1.39. This=
makes it possible for authenticated attackers, with Author-level access an=
d above, to upload arbitrary files on the affected site's server which may = make remote code execution possible.</td>
<td>2026-02-04</td>
<td>8.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1756" target=3D"= _blank" rel=3D"noopener">CVE-2026-1756</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/cede8f= f5-f739-4eb3-9672-5adb5d2ae0a9?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/cede8ff5-f73= 9-4eb3-9672-5adb5d2ae0a9?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/wp-foft-loader/trunk/includes/class-wp-foft-loader-= mimes.php?rev=3D3449144#L45" target=3D"_blank" rel=3D"noopener">https://plu= gins.trac.wordpress.org/browser/wp-foft-loader/trunk/includes/class-wp-foft= -loader-mimes.php?rev=3D3449144#L45</a> <a href=3D"https://plugins.trac.= wordpress.org/browser/wp-foft-loader/trunk/includes/class-wp-foft-loader-mi= mes.php?rev=3D3449144#L31" target=3D"_blank" rel=3D"noopener">https://plugi= ns.trac.wordpress.org/browser/wp-foft-loader/trunk/includes/class-wp-foft-l= oader-mimes.php?rev=3D3449144#L31</a> <a href=3D"https://plugins.trac.wo= rdpress.org/changeset/3453101/wp-foft-loader/trunk/includes/class-wp-foft-l= oader-mimes.php" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wo= rdpress.org/changeset/3453101/wp-foft-loader/trunk/includes/class-wp-foft-l= oader-mimes.php</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Red Hat--Red Hat Enterprise Linux 10</td>
<td>A flaw was found in libsoup. This stack-based buffer overflow vulnerabi= lity occurs during the parsing of multipart HTTP responses due to an incorr= ect length calculation. A remote attacker can exploit this by sending a spe= cially crafted multipart HTTP response, which can lead to memory corruption=
. This issue may result in application crashes or arbitrary code execution =
in applications that process untrusted server responses, and it does not re= quire authentication or user interaction.</td>
<td>2026-02-02</td>
<td>8.6</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1761" target=3D"= _blank" rel=3D"noopener">CVE-2026-1761</a></td>

<a href=3D"https://access.redhat.com/errata/RHSA-2026:1948" target=3D"_blan=
k" rel=3D"noopener">RHSA-2026:1948</a> <a href=3D"https://access.redhat.= com/errata/RHSA-2026:2005" target=3D"_blank" rel=3D"noopener">RHSA-2026:200= 5</a> <a href=3D"https://access.redhat.com/errata/RHSA-2026:2006" target= =3D"_blank" rel=3D"noopener">RHSA-2026:2006</a> <a href=3D"https://acces= s.redhat.com/errata/RHSA-2026:2007" target=3D"_blank" rel=3D"noopener">RHSA= -2026:2007</a> <a href=3D"https://access.redhat.com/errata/RHSA-2026:200=
8" target=3D"_blank" rel=3D"noopener">RHSA-2026:2008</a> <a href=3D"http= s://access.redhat.com/errata/RHSA-2026:2049" target=3D"_blank" rel=3D"noope= ner">RHSA-2026:2049</a> <a href=3D"https://access.redhat.com/errata/RHSA= -2026:2182" target=3D"_blank" rel=3D"noopener">RHSA-2026:2182</a> <a hre= f=3D"https://access.redhat.com/errata/RHSA-2026:2214" target=3D"_blank" rel= =3D"noopener">RHSA-2026:2214</a> <a href=3D"https://access.redhat.com/er= rata/RHSA-2026:2215" target=3D"_blank" rel=3D"noopener">RHSA-2026:2215</a><= br><a href=3D"https://access.redhat.com/errata/RHSA-2026:2216" target=3D"_b= lank" rel=3D"noopener">RHSA-2026:2216</a> <a href=3D"https://access.redh= at.com/security/cve/CVE-2026-1761" target=3D"_blank" rel=3D"noopener">https= ://access.redhat.com/security/cve/CVE-2026-1761</a> <a href=3D"https://b= ugzilla.redhat.com/show_bug.cgi?id=3D2435961" target=3D"_blank" rel=3D"noop= ener">RHBZ#2435961</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Ziroom--ZHOME A0101</td>
<td>A weakness has been identified in Ziroom ZHOME A0101 1.0.1.0. Impacted =
is an unknown function of the component Dropbear SSH Service. This manipula= tion causes use of default credentials. Remote exploitation of the attack i=
s possible. The complexity of an attack is rather high. The exploitability =
is considered difficult. The exploit has been made available to the public = and could be used for attacks. The vendor was contacted early about this di= sclosure but did not respond in any way.</td>
<td>2026-02-03</td>
<td>8.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1803" target=3D"= _blank" rel=3D"noopener">CVE-2026-1803</a></td>

<a href=3D"https://vuldb.com/?id.343976" target=3D"_blank" rel=3D"noopener"= >VDB-343976 | Ziroom ZHOME A0101 Dropbear SSH Service default credentials</= a> <a href=3D"https://vuldb.com/?ctiid.343976" target=3D"_blank" rel=3D"= noopener">VDB-343976 | CTI Indicators (IOB, IOC)</a> <a href=3D"https://= vuldb.com/?submit.745497" target=3D"_blank" rel=3D"noopener">Submit #745497=
| Ziroom Smart Ziroom Smart Gateway (ZH-A0101) ZH-A0101 1.0.1.0 Backdoor</= a> <a href=3D"https://vuldb.com/?submit.745529" target=3D"_blank" rel=3D= "noopener">Submit #745529 | Ziroom Smart Smart Gateway ZH-A0101 ZH-A0101 1.= 0.1.0 Credentials Management (Duplicate)</a> <a href=3D"https://github.c= om/Blackhole23-Lab/-/blob/main/vulns/ssh-backdoor.md" target=3D"_blank" rel= =3D"noopener">https://github.com/Blackhole23-Lab/-/blob/main/vulns/ssh-back= door.md</a> <a href=3D"https://github.com/Blackhole23-Lab/-/blob/main/vu= lns/ssh-backdoor.md#proof-of-concept" target=3D"_blank" rel=3D"noopener">ht= tps://github.com/Blackhole23-Lab/-/blob/main/vulns/ssh-backdoor.md#proof-of= -concept</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Karel Electronics Industry and Trade Inc.--ViP= ort</td>
<td>Improper Neutralization of Input During Web Page Generation (XSS or 'Cr= oss-site Scripting') vulnerability in Karel Electronics Industry and Trade = Inc. ViPort allows Stored XSS. This issue affects ViPort: through 23012026.= </td>
<td>2026-02-04</td>
<td>8.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1819" target=3D"= _blank" rel=3D"noopener">CVE-2026-1819</a></td>

<a href=3D"https://www.usom.gov.tr/bildirim/tr-26-0017" target=3D"_blank" r= el=3D"noopener">https://www.usom.gov.tr/bildirim/tr-26-0017</a> =C2=A0</=

</tr>

<td class=3D"vendor-product">Cisco--Cisco Meeting Management</td>
<td>A vulnerability in the Certificate Management feature of Cisco Meeting = Management could allow an authenticated, remote attacker to upload arbitrar=
y files, execute arbitrary commands, and elevate privileges to root on an a= ffected system. This vulnerability is due to improper input validation in c= ertain sections of the web-based management interface. An attacker could ex= ploit this vulnerability&nbsp;by sending a crafted HTTP request to an a= ffected system. A successful exploit could allow the attacker to upload arb= itrary files to the affected system. The malicious files could overwrite sy= stem files that are processed by the&nbsp;root system account and allow=
arbitrary command execution with&nbsp;root privileges. To exploit this=
vulnerability, the attacker must have valid credentials for a user account=
with at least the role of video operator.</td>
<td>2026-02-04</td>
<td>8.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-20098" target=3D= "_blank" rel=3D"noopener">CVE-2026-20098</a></td>

<a href=3D"https://sec.cloudapps.cisco.com/security/center/content/CiscoSec= urityAdvisory/cisco-sa-cmm-file-up-kY47n8kK" target=3D"_blank" rel=3D"noope= ner">cisco-sa-cmm-file-up-kY47n8kK</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">UTT-- 520W</td>
<td>A weakness has been identified in UTT =E8=BF=9B=E5=8F=96 520W 1.7.7-180= 627. This affects the function strcpy of the file /goform/formIpGroupConfig=
. Executing a manipulation of the argument groupName can lead to buffer ove= rflow. The attack can be launched remotely. The exploit has been made avail= able to the public and could be used for attacks. The vendor was contacted = early about this disclosure but did not respond in any way.</td> <td>2026-02-06</td>
<td>8.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2066" target=3D"= _blank" rel=3D"noopener">CVE-2026-2066</a></td>

<a href=3D"https://vuldb.com/?id.344633" target=3D"_blank" rel=3D"noopener"= >VDB-344633 | UTT =E8=BF=9B=E5=8F=96 520W formIpGroupConfig strcpy buffer o= verflow</a> <a href=3D"https://vuldb.com/?ctiid.344633" target=3D"_blank=
" rel=3D"noopener">VDB-344633 | CTI Indicators (IOB, IOC, IOA)</a> <a hr= ef=3D"https://vuldb.com/?submit.745260" target=3D"_blank" rel=3D"noopener">= Submit #745260 | UTT =E8=BF=9B=E5=8F=96 520W v3v1.7.7-180627 Buffer Overflo= w</a> <a href=3D"https://github.com/cymiao1978/cve/blob/main/new/36.md" = target=3D"_blank" rel=3D"noopener">https://github.com/cymiao1978/cve/blob/m= ain/new/36.md</a> <a href=3D"https://github.com/cymiao1978/cve/blob/main= /new/36.md#poc" target=3D"_blank" rel=3D"noopener">https://github.com/cymia= o1978/cve/blob/main/new/36.md#poc</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">UTT-- 520W</td>
<td>A security vulnerability has been detected in UTT =E8=BF=9B=E5=8F=96 52=
0W 1.7.7-180627. This vulnerability affects the function strcpy of the file=
/goform/formTimeGroupConfig. The manipulation of the argument year1 leads =
to buffer overflow. The attack may be initiated remotely. The exploit has b= een disclosed publicly and may be used. The vendor was contacted early abou=
t this disclosure but did not respond in any way.</td>
<td>2026-02-06</td>
<td>8.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2067" target=3D"= _blank" rel=3D"noopener">CVE-2026-2067</a></td>

<a href=3D"https://vuldb.com/?id.344634" target=3D"_blank" rel=3D"noopener"= >VDB-344634 | UTT =E8=BF=9B=E5=8F=96 520W formTimeGroupConfig strcpy buffer=
overflow</a> <a href=3D"https://vuldb.com/?ctiid.344634" target=3D"_bla= nk" rel=3D"noopener">VDB-344634 | CTI Indicators (IOB, IOC, IOA)</a> <a = href=3D"https://vuldb.com/?submit.745261" target=3D"_blank" rel=3D"noopener= ">Submit #745261 | UTT =E8=BF=9B=E5=8F=96 520W v3v1.7.7-180627 Buffer Overf= low</a> <a href=3D"https://github.com/cymiao1978/cve/blob/main/new/37.md=
" target=3D"_blank" rel=3D"noopener">https://github.com/cymiao1978/cve/blob= /main/new/37.md</a> <a href=3D"https://github.com/cymiao1978/cve/blob/ma= in/new/37.md#poc" target=3D"_blank" rel=3D"noopener">https://github.com/cym= iao1978/cve/blob/main/new/37.md#poc</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">UTT-- 520W</td>
<td>A vulnerability was detected in UTT =E8=BF=9B=E5=8F=96 520W 1.7.7-18062=
7. This issue affects the function strcpy of the file /goform/formSyslogCon=
f. The manipulation of the argument ServerIp results in buffer overflow. Th=
e attack may be launched remotely. The exploit is now public and may be use=
d. The vendor was contacted early about this disclosure but did not respond=
in any way.</td>
<td>2026-02-06</td>
<td>8.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2068" target=3D"= _blank" rel=3D"noopener">CVE-2026-2068</a></td>

<a href=3D"https://vuldb.com/?id.344635" target=3D"_blank" rel=3D"noopener"= >VDB-344635 | UTT =E8=BF=9B=E5=8F=96 520W formSyslogConf strcpy buffer over= flow</a> <a href=3D"https://vuldb.com/?ctiid.344635" target=3D"_blank" r= el=3D"noopener">VDB-344635 | CTI Indicators (IOB, IOC, IOA)</a> <a href= =3D"https://vuldb.com/?submit.745262" target=3D"_blank" rel=3D"noopener">Su= bmit #745262 | UTT =E8=BF=9B=E5=8F=96 520W v3v1.7.7-180627 Buffer Overflow<= /a> <a href=3D"https://github.com/cymiao1978/cve/blob/main/new/38.md" ta= rget=3D"_blank" rel=3D"noopener">https://github.com/cymiao1978/cve/blob/mai= n/new/38.md</a> <a href=3D"https://github.com/cymiao1978/cve/blob/main/n= ew/38.md#poc" target=3D"_blank" rel=3D"noopener">https://github.com/cymiao1= 978/cve/blob/main/new/38.md#poc</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">UTT-- 520W</td>
<td>A vulnerability has been found in UTT =E8=BF=9B=E5=8F=96 520W 1.7.7-180= 627. The affected element is the function strcpy of the file /goform/formPo= licyRouteConf. Such manipulation of the argument GroupName leads to buffer = overflow. The attack can be executed remotely. The exploit has been disclos=
ed to the public and may be used. The vendor was contacted early about this=
disclosure but did not respond in any way.</td>
<td>2026-02-06</td>
<td>8.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2070" target=3D"= _blank" rel=3D"noopener">CVE-2026-2070</a></td>

<a href=3D"https://vuldb.com/?id.344637" target=3D"_blank" rel=3D"noopener"= >VDB-344637 | UTT =E8=BF=9B=E5=8F=96 520W formPolicyRouteConf strcpy buffer=
overflow</a> <a href=3D"https://vuldb.com/?ctiid.344637" target=3D"_bla= nk" rel=3D"noopener">VDB-344637 | CTI Indicators (IOB, IOC, IOA)</a> <a = href=3D"https://vuldb.com/?submit.745264" target=3D"_blank" rel=3D"noopener= ">Submit #745264 | UTT =E8=BF=9B=E5=8F=96 520W v3v1.7.7-180627 Buffer Overf= low</a> <a href=3D"https://github.com/cymiao1978/cve/blob/main/new/39.md=
" target=3D"_blank" rel=3D"noopener">https://github.com/cymiao1978/cve/blob= /main/new/39.md</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">UTT-- 520W</td>
<td>A vulnerability was found in UTT =E8=BF=9B=E5=8F=96 520W 1.7.7-180627. = The impacted element is the function strcpy of the file /goform/formP2PLimi= tConfig. Performing a manipulation of the argument except results in buffer=
overflow. The attack is possible to be carried out remotely. The exploit h=
as been made public and could be used. The vendor was contacted early about=
this disclosure but did not respond in any way.</td>
<td>2026-02-07</td>
<td>8.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2071" target=3D"= _blank" rel=3D"noopener">CVE-2026-2071</a></td>

<a href=3D"https://vuldb.com/?id.344638" target=3D"_blank" rel=3D"noopener"= >VDB-344638 | UTT =E8=BF=9B=E5=8F=96 520W formP2PLimitConfig strcpy buffer = overflow</a> <a href=3D"https://vuldb.com/?ctiid.344638" target=3D"_blan=
k" rel=3D"noopener">VDB-344638 | CTI Indicators (IOB, IOC, IOA)</a> <a h= ref=3D"https://vuldb.com/?submit.745265" target=3D"_blank" rel=3D"noopener"= >Submit #745265 | UTT =E8=BF=9B=E5=8F=96 520W v3v1.7.7-180627 Buffer Overfl= ow</a> <a href=3D"https://github.com/cymiao1978/cve/blob/main/new/40.md"=
target=3D"_blank" rel=3D"noopener">https://github.com/cymiao1978/cve/blob/= main/new/40.md</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">UTT--HiPER 810G</td>
<td>A vulnerability was detected in UTT HiPER 810G up to 1.7.7-171114. Affe= cted by this vulnerability is the function strcpy of the file /goform/formF= ireWall of the component Management Interface. The manipulation of the argu= ment GroupName results in buffer overflow. The attack can be launched remot= ely. The exploit is now public and may be used. The vendor was contacted ea= rly about this disclosure but did not respond in any way.</td> <td>2026-02-07</td>
<td>8.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2086" target=3D"= _blank" rel=3D"noopener">CVE-2026-2086</a></td>

<a href=3D"https://vuldb.com/?id.344653" target=3D"_blank" rel=3D"noopener"= >VDB-344653 | UTT HiPER 810G Management formFireWall strcpy buffer overflow= </a> <a href=3D"https://vuldb.com/?ctiid.344653" target=3D"_blank" rel= =3D"noopener">VDB-344653 | CTI Indicators (IOB, IOC, IOA)</a> <a href=3D= "https://vuldb.com/?submit.746502" target=3D"_blank" rel=3D"noopener">Submi=
t #746502 | UTT (AiTai) HiPER 810G <=3D v3v1.7.7-171114 Buffer Overflow<= /a> <a href=3D"https://github.com/alc9700jmo/CVE/issues/22" target=3D"_b= lank" rel=3D"noopener">https://github.com/alc9700jmo/CVE/issues/22</a> <=
a href=3D"https://github.com/alc9700jmo/CVE/issues/22#issue-3851242657" tar= get=3D"_blank" rel=3D"noopener">https://github.com/alc9700jmo/CVE/issues/22= #issue-3851242657</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Tenda--TX3</td>
<td>A vulnerability has been found in Tenda TX3 up to 16.03.13.11_multi. Th=
is impacts an unknown function of the file /goform/SetIpMacBind. The manipu= lation of the argument list leads to buffer overflow. The attack can be ini= tiated remotely. The exploit has been disclosed to the public and may be us= ed.</td>
<td>2026-02-08</td>
<td>8.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2137" target=3D"= _blank" rel=3D"noopener">CVE-2026-2137</a></td>

<a href=3D"https://vuldb.com/?id.344772" target=3D"_blank" rel=3D"noopener"= >VDB-344772 | Tenda TX3 SetIpMacBind buffer overflow</a> <a href=3D"http= s://vuldb.com/?ctiid.344772" target=3D"_blank" rel=3D"noopener">VDB-344772 =
| CTI Indicators (IOB, IOC, IOA)</a> <a href=3D"https://vuldb.com/?submi= t.747239" target=3D"_blank" rel=3D"noopener">Submit #747239 | Tenda TX3 V16= .03.13.11_multi Buffer Overflow</a> <a href=3D"https://github.com/MRAder= a/IoT-Vuls/blob/main/tenda/tx3/fromSetIpMacBind.md" target=3D"_blank" rel= =3D"noopener">https://github.com/MRAdera/IoT-Vuls/blob/main/tenda/tx3/fromS= etIpMacBind.md</a> <a href=3D"https://github.com/MRAdera/IoT-Vuls/blob/m= ain/tenda/tx3/fromSetIpMacBind.md#poc" target=3D"_blank" rel=3D"noopener">h= ttps://github.com/MRAdera/IoT-Vuls/blob/main/tenda/tx3/fromSetIpMacBind.md#= poc</a> <a href=3D"https://www.tenda.com.cn/" target=3D"_blank" rel=3D"n= oopener">https://www.tenda.com.cn/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Tenda--TX9</td>
<td>A vulnerability was found in Tenda TX9 up to 22.03.02.10_multi. Affecte=
d is the function sub_42D03C of the file /goform/SetStaticRouteCfg. The man= ipulation of the argument list results in buffer overflow. The attack can b=
e launched remotely. The exploit has been made public and could be used.</t=

<td>2026-02-08</td>
<td>8.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2138" target=3D"= _blank" rel=3D"noopener">CVE-2026-2138</a></td>

<a href=3D"https://vuldb.com/?id.344773" target=3D"_blank" rel=3D"noopener"= >VDB-344773 | Tenda TX9 SetStaticRouteCfg sub_42D03C buffer overflow</a><br= ><a href=3D"https://vuldb.com/?ctiid.344773" target=3D"_blank" rel=3D"noope= ner">VDB-344773 | CTI Indicators (IOB, IOC, IOA)</a> <a href=3D"https://= vuldb.com/?submit.747249" target=3D"_blank" rel=3D"noopener">Submit #747249=
| Tenda TX9 V22.03.02.10_multi Buffer Overflow</a> <a href=3D"https://g= ithub.com/MRAdera/IoT-Vuls/blob/main/tenda/tx9%20pro/SetStaticRouteCfg.md" = target=3D"_blank" rel=3D"noopener">https://github.com/MRAdera/IoT-Vuls/blob= /main/tenda/tx9%20pro/SetStaticRouteCfg.md</a> <a href=3D"https://github= .com/MRAdera/IoT-Vuls/blob/main/tenda/tx9%20pro/SetStaticRouteCfg.md#poc" t= arget=3D"_blank" rel=3D"noopener">https://github.com/MRAdera/IoT-Vuls/blob/= main/tenda/tx9%20pro/SetStaticRouteCfg.md#poc</a> <a href=3D"https://www= .tenda.com.cn/" target=3D"_blank" rel=3D"noopener">https://www.tenda.com.cn= /</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Tenda--TX9</td>
<td>A vulnerability was determined in Tenda TX9 up to 22.03.02.10_multi. Af= fected by this vulnerability is the function sub_432580 of the file /goform= /fast_setting_wifi_set. This manipulation of the argument ssid causes buffe=
r overflow. The attack may be initiated remotely. The exploit has been publ= icly disclosed and may be utilized.</td>
<td>2026-02-08</td>
<td>8.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2139" target=3D"= _blank" rel=3D"noopener">CVE-2026-2139</a></td>

<a href=3D"https://vuldb.com/?id.344774" target=3D"_blank" rel=3D"noopener"= >VDB-344774 | Tenda TX9 fast_setting_wifi_set sub_432580 buffer overflow</a= > <a href=3D"https://vuldb.com/?ctiid.344774" target=3D"_blank" rel=3D"n= oopener">VDB-344774 | CTI Indicators (IOB, IOC, IOA)</a> <a href=3D"http= s://vuldb.com/?submit.747250" target=3D"_blank" rel=3D"noopener">Submit #74= 7250 | Tenda TX9 V22.03.02.10_multi Buffer Overflow</a> <a href=3D"https= ://github.com/MRAdera/IoT-Vuls/blob/main/tenda/tx9%20pro/fast_setting_wifi_= set.md" target=3D"_blank" rel=3D"noopener">https://github.com/MRAdera/IoT-V= uls/blob/main/tenda/tx9%20pro/fast_setting_wifi_set.md</a> <a href=3D"ht= tps://github.com/MRAdera/IoT-Vuls/blob/main/tenda/tx9%20pro/fast_setting_wi= fi_set.md#poc" target=3D"_blank" rel=3D"noopener">https://github.com/MRAder= a/IoT-Vuls/blob/main/tenda/tx9%20pro/fast_setting_wifi_set.md#poc</a> <a=
href=3D"https://www.tenda.com.cn/" target=3D"_blank" rel=3D"noopener">http= s://www.tenda.com.cn/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Tenda--TX9</td>
<td>A vulnerability was identified in Tenda TX9 up to 22.03.02.10_multi. Af= fected by this issue is the function sub_4223E0 of the file /goform/setMacF= ilterCfg. Such manipulation of the argument deviceList leads to buffer over= flow. The attack may be launched remotely. The exploit is publicly availabl=
e and might be used.</td>
<td>2026-02-08</td>
<td>8.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2140" target=3D"= _blank" rel=3D"noopener">CVE-2026-2140</a></td>

<a href=3D"https://vuldb.com/?id.344775" target=3D"_blank" rel=3D"noopener"= >VDB-344775 | Tenda TX9 setMacFilterCfg sub_4223E0 buffer overflow</a> <=
a href=3D"https://vuldb.com/?ctiid.344775" target=3D"_blank" rel=3D"noopene= r">VDB-344775 | CTI Indicators (IOB, IOC, IOA)</a> <a href=3D"https://vu= ldb.com/?submit.747251" target=3D"_blank" rel=3D"noopener">Submit #747251 |=
Tenda TX9 V22.03.02.10_multi Buffer Overflow</a> <a href=3D"https://vul= db.com/?submit.749747" target=3D"_blank" rel=3D"noopener">Submit #749747 | = Tenda TX9 V22.03.02.18 Stack-based Buffer Overflow (Duplicate)</a> <a hr= ef=3D"https://github.com/MRAdera/IoT-Vuls/blob/main/tenda/tx9%20pro/setMacF= ilterCfg.md" target=3D"_blank" rel=3D"noopener">https://github.com/MRAdera/= IoT-Vuls/blob/main/tenda/tx9%20pro/setMacFilterCfg.md</a> <a href=3D"htt= ps://github.com/MRAdera/IoT-Vuls/blob/main/tenda/tx9%20pro/setMacFilterCfg.= md#poc" target=3D"_blank" rel=3D"noopener">https://github.com/MRAdera/IoT-V= uls/blob/main/tenda/tx9%20pro/setMacFilterCfg.md#poc</a> <a href=3D"http= s://www.tenda.com.cn/" target=3D"_blank" rel=3D"noopener">https://www.tenda= .com.cn/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Microsoft--Azure Functions</td>
<td>Azure Function Information Disclosure Vulnerability</td> <td>2026-02-05</td>
<td>8.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-21532" target=3D= "_blank" rel=3D"noopener">CVE-2026-21532</a></td>

<a href=3D"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-2= 1532" target=3D"_blank" rel=3D"noopener">Azure Function Information Disclos= ure Vulnerability</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Tenda--RX3</td>
<td>A vulnerability was identified in Tenda RX3 16.03.13.11. Affected is an=
unknown function of the file /goform/fast_setting_wifi_set. Such manipulat= ion of the argument ssid_5g leads to stack-based buffer overflow. The attac=
k can be launched remotely. The exploit is publicly available and might be = used.</td>
<td>2026-02-08</td>
<td>8.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2180" target=3D"= _blank" rel=3D"noopener">CVE-2026-2180</a></td>

<a href=3D"https://vuldb.com/?id.344883" target=3D"_blank" rel=3D"noopener"= >VDB-344883 | Tenda RX3 fast_setting_wifi_set stack-based overflow</a> <=
a href=3D"https://vuldb.com/?ctiid.344883" target=3D"_blank" rel=3D"noopene= r">VDB-344883 | CTI Indicators (IOB, IOC, IOA)</a> <a href=3D"https://vu= ldb.com/?submit.749703" target=3D"_blank" rel=3D"noopener">Submit #749703 |=
Tenda RX3 V16.03.13.11 Stack-based Buffer Overflow</a> <a href=3D"https= ://github.com/LX-66-LX/cve-new/issues/4" target=3D"_blank" rel=3D"noopener"= >https://github.com/LX-66-LX/cve-new/issues/4</a> <a href=3D"https://www= .tenda.com.cn/" target=3D"_blank" rel=3D"noopener">https://www.tenda.com.cn= /</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Tenda--RX3</td>
<td>A security flaw has been discovered in Tenda RX3 16.03.13.11. Affected =
by this vulnerability is an unknown functionality of the file /goform/openS= chedWifi. Performing a manipulation of the argument schedStartTime/schedEnd= Time results in stack-based buffer overflow. The attack may be initiated re= motely. The exploit has been released to the public and may be used for att= acks.</td>
<td>2026-02-08</td>
<td>8.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2181" target=3D"= _blank" rel=3D"noopener">CVE-2026-2181</a></td>

<a href=3D"https://vuldb.com/?id.344884" target=3D"_blank" rel=3D"noopener"= >VDB-344884 | Tenda RX3 openSchedWifi stack-based overflow</a> <a href= =3D"https://vuldb.com/?ctiid.344884" target=3D"_blank" rel=3D"noopener">VDB= -344884 | CTI Indicators (IOB, IOC, IOA)</a> <a href=3D"https://vuldb.co= m/?submit.749710" target=3D"_blank" rel=3D"noopener">Submit #749710 | Tenda=
RX3 V16.03.13.11 Stack-based Buffer Overflow</a> <a href=3D"https://git= hub.com/LX-66-LX/cve-new/issues/5" target=3D"_blank" rel=3D"noopener">https= ://github.com/LX-66-LX/cve-new/issues/5</a> <a href=3D"https://www.tenda= .com.cn/" target=3D"_blank" rel=3D"noopener">https://www.tenda.com.cn/</a><= br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">Tenda--RX3</td>
<td>A flaw has been found in Tenda RX3 16.03.13.11. This issue affects the = function set_device_name of the file /goform/setBlackRule of the component = MAC Filtering Configuration Endpoint. This manipulation of the argument dev= Name/mac causes stack-based buffer overflow. The attack is possible to be c= arried out remotely. The exploit has been published and may be used.</td> <td>2026-02-08</td>
<td>8.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2185" target=3D"= _blank" rel=3D"noopener">CVE-2026-2185</a></td>

<a href=3D"https://vuldb.com/?id.344888" target=3D"_blank" rel=3D"noopener"= >VDB-344888 | Tenda RX3 MAC Filtering Configuration Endpoint setBlackRule s= et_device_name stack-based overflow</a> <a href=3D"https://vuldb.com/?ct= iid.344888" target=3D"_blank" rel=3D"noopener">VDB-344888 | CTI Indicators = (IOB, IOC, IOA)</a> <a href=3D"https://vuldb.com/?submit.749715" target= =3D"_blank" rel=3D"noopener">Submit #749715 | Tenda RX3 V16.03.13.11 Stack-= based Buffer Overflow</a> <a href=3D"https://github.com/LX-66-LX/cve-new= /issues/6" target=3D"_blank" rel=3D"noopener">https://github.com/LX-66-LX/c= ve-new/issues/6</a> <a href=3D"https://www.tenda.com.cn/" target=3D"_bla= nk" rel=3D"noopener">https://www.tenda.com.cn/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Tenda--RX3</td>
<td>A vulnerability has been found in Tenda RX3 16.03.13.11. Impacted is th=
e function fromSetIpMacBind of the file /goform/SetIpMacBind. Such manipula= tion of the argument list leads to stack-based buffer overflow. The attack = may be performed from remote. The exploit has been disclosed to the public = and may be used.</td>
<td>2026-02-08</td>
<td>8.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2186" target=3D"= _blank" rel=3D"noopener">CVE-2026-2186</a></td>

<a href=3D"https://vuldb.com/?id.344889" target=3D"_blank" rel=3D"noopener"= >VDB-344889 | Tenda RX3 SetIpMacBind fromSetIpMacBind stack-based overflow<= /a> <a href=3D"https://vuldb.com/?ctiid.344889" target=3D"_blank" rel=3D= "noopener">VDB-344889 | CTI Indicators (IOB, IOC, IOA)</a> <a href=3D"ht= tps://vuldb.com/?submit.749718" target=3D"_blank" rel=3D"noopener">Submit #= 749718 | Tenda RX3 V16.03.13.11 Stack-based Buffer Overflow</a> <a href= =3D"https://github.com/LX-66-LX/cve-new/issues/7" target=3D"_blank" rel=3D"= noopener">https://github.com/LX-66-LX/cve-new/issues/7</a> <a href=3D"ht= tps://www.tenda.com.cn/" target=3D"_blank" rel=3D"noopener">https://www.ten= da.com.cn/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Tenda--RX3</td>
<td>A vulnerability was found in Tenda RX3 16.03.13.11. The affected elemen=
t is the function set_qosMib_list of the file /goform/formSetQosBand. Perfo= rming a manipulation of the argument list results in stack-based buffer ove= rflow. It is possible to initiate the attack remotely. The exploit has been=
made public and could be used.</td>
<td>2026-02-08</td>
<td>8.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2187" target=3D"= _blank" rel=3D"noopener">CVE-2026-2187</a></td>

<a href=3D"https://vuldb.com/?id.344890" target=3D"_blank" rel=3D"noopener"= >VDB-344890 | Tenda RX3 formSetQosBand set_qosMib_list stack-based overflow= </a> <a href=3D"https://vuldb.com/?ctiid.344890" target=3D"_blank" rel= =3D"noopener">VDB-344890 | CTI Indicators (IOB, IOC, IOA)</a> <a href=3D= "https://vuldb.com/?submit.749721" target=3D"_blank" rel=3D"noopener">Submi=
t #749721 | Tenda RX3 V16.03.13.11 Stack-based Buffer Overflow</a> <a hr= ef=3D"https://github.com/LX-66-LX/cve-new/issues/8" target=3D"_blank" rel= =3D"noopener">https://github.com/LX-66-LX/cve-new/issues/8</a> <a href= =3D"https://www.tenda.com.cn/" target=3D"_blank" rel=3D"noopener">https://w= ww.tenda.com.cn/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Significant-Gravitas--AutoGPT</td>
<td>AutoGPT is a platform that allows users to create, deploy, and manage c= ontinuous artificial intelligence agents that automate complex workflows. P= rior to autogpt-platform-beta-v0.6.46, the AutoGPT platform's Stagehand int= egration blocks log API keys and authentication secrets in plaintext using = logger.info() statements. This occurs in three separate block implementatio=
ns (StagehandObserveBlock, StagehandActBlock, and StagehandExtractBlock) wh= ere the code explicitly calls api_key.get_secret_value() and logs the resul=
t. This issue has been patched in autogpt-platform-beta-v0.6.46.</td> <td>2026-02-04</td>
<td>8.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-22038" target=3D= "_blank" rel=3D"noopener">CVE-2026-22038</a></td>

<a href=3D"https://github.com/Significant-Gravitas/AutoGPT/security/advisor= ies/GHSA-rc89-6g7g-v5v7" target=3D"_blank" rel=3D"noopener">https://github.= com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-rc89-6g7g-v5v7</a= > <a href=3D"https://github.com/Significant-Gravitas/AutoGPT/commit/1eab= c604842fa876c09d69af43d2d1e8fb9b8eb9" target=3D"_blank" rel=3D"noopener">ht= tps://github.com/Significant-Gravitas/AutoGPT/commit/1eabc604842fa876c09d69= af43d2d1e8fb9b8eb9</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">opencloud-eu--reva</td>
<td>REVA is an interoperability platform. Prior to 2.42.3 and 2.40.3, a bug=
in the GRPC authorization middleware of the "Reva" component of OpenCloud = allows a malicious user to bypass the scope verification of a public link. =
By exploiting this via the the "archiver" service this can be leveraged to = create an archive (zip or tar-file) containing all resources that this crea= tor of the public link has access to. This vulnerability is fixed in 2.42.3=
and 2.40.3.</td>
<td>2026-02-06</td>
<td>8.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23989" target=3D= "_blank" rel=3D"noopener">CVE-2026-23989</a></td>

<a href=3D"https://github.com/opencloud-eu/reva/security/advisories/GHSA-9j= 2f-3rj3-wgpg" target=3D"_blank" rel=3D"noopener">https://github.com/openclo= ud-eu/reva/security/advisories/GHSA-9j2f-3rj3-wgpg</a> <a href=3D"https:= //github.com/opencloud-eu/reva/commit/95aa2bc5d980eaf6cc134d75782b4f5ac7b36= ae1" target=3D"_blank" rel=3D"noopener">https://github.com/opencloud-eu/rev= a/commit/95aa2bc5d980eaf6cc134d75782b4f5ac7b36ae1</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">NeoRazorX--facturascripts</td>
<td>FacturaScripts is open-source enterprise resource planning and accounti=
ng software. In 2025.71 and earlier, a Stored Cross-Site Scripting (XSS) vu= lnerability was discovered in the Observations field. The flaw occurs in th=
e History view, where historical data is rendered without proper HTML entit=
y encoding. This allows an attacker to execute arbitrary JavaScript in the = browser of viewing the history by administrators.</td>
<td>2026-02-02</td>
<td>8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23997" target=3D= "_blank" rel=3D"noopener">CVE-2026-23997</a></td>

<a href=3D"https://github.com/NeoRazorX/facturascripts/security/advisories/= GHSA-4v7v-7v7r-3r5h" target=3D"_blank" rel=3D"noopener">https://github.com/= NeoRazorX/facturascripts/security/advisories/GHSA-4v7v-7v7r-3r5h</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">Microsoft--Azure ARC</td>
<td>Azure Arc Elevation of Privilege Vulnerability</td>
<td>2026-02-05</td>
<td>8.6</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24302" target=3D= "_blank" rel=3D"noopener">CVE-2026-24302</a></td>

<a href=3D"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-2= 4302" target=3D"_blank" rel=3D"noopener">Azure Arc Elevation of Privilege V= ulnerability</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Kubernetes--ingress-nginx</td>
<td>A security issue was discovered in ingress-nginx cthe `rules.http.paths= .path` Ingress field can be used to inject configuration into nginx. This c=
an lead to arbitrary code execution in the context of the ingress-nginx con= troller, and disclosure of Secrets accessible to the controller. (Note that=
in the default installation, the controller can access all Secrets cluster= -wide.)</td>
<td>2026-02-03</td>
<td>8.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24512" target=3D= "_blank" rel=3D"noopener">CVE-2026-24512</a></td>

<a href=3D"https://github.com/kubernetes/kubernetes/issues/136678" target= =3D"_blank" rel=3D"noopener">https://github.com/kubernetes/kubernetes/issue= s/136678</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">gunet--openeclass</td>
<td>The Open eClass platform (formerly known as GUnet eClass) is a complete=
course management system. Prior to version 4.2, a stored Cross-Site Script= ing (XSS) vulnerability allows authenticated students to inject malicious J= avaScript into uploaded assignment files, which is executed when instructor=
s view the submission. This issue has been patched in version 4.2.</td> <td>2026-02-03</td>
<td>8.7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24665" target=3D= "_blank" rel=3D"noopener">CVE-2026-24665</a></td>

<a href=3D"https://github.com/gunet/openeclass/security/advisories/GHSA-2qg= m-m7fm-m888" target=3D"_blank" rel=3D"noopener">https://github.com/gunet/op= eneclass/security/advisories/GHSA-2qgm-m7fm-m888</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">parallax--jsPDF</td>
<td>jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user=
control of properties and methods of the Acroform module allows users to i= nject arbitrary PDF objects, such as JavaScript actions. If given the possi= bility to pass unsanitized input to one of the following methods or propert= ies, a user can inject arbitrary PDF objects, such as JavaScript actions, w= hich are executed when the victim opens the document. The vulnerable API me= mbers are AcroformChoiceField.addOption, AcroformChoiceField.setOptions, Ac= roFormCheckBox.appearanceState, and AcroFormRadioButton.appearanceState. Th=
e vulnerability has been fixed in jsPDF@4.1.0.</td>
<td>2026-02-02</td>
<td>8.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24737" target=3D= "_blank" rel=3D"noopener">CVE-2026-24737</a></td>

<a href=3D"https://github.com/parallax/jsPDF/security/advisories/GHSA-pqxr-= 3g65-p328" target=3D"_blank" rel=3D"noopener">https://github.com/parallax/j= sPDF/security/advisories/GHSA-pqxr-3g65-p328</a> <a href=3D"https://gith= ub.com/parallax/jsPDF/commit/da291a5f01b96282545c9391996702cdb8879f79" targ= et=3D"_blank" rel=3D"noopener">https://github.com/parallax/jsPDF/commit/da2= 91a5f01b96282545c9391996702cdb8879f79</a> <a href=3D"https://github.com/= parallax/jsPDF/releases/tag/v4.1.0" target=3D"_blank" rel=3D"noopener">http= s://github.com/parallax/jsPDF/releases/tag/v4.1.0</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">clawdbot--clawdbot</td>
<td>OpenClaw (formerly Clawdbot) is a personal AI assistant you run on your=
own devices. Prior to 2026.1.29, a command injection vulnerability existed=
in OpenClaw's Docker sandbox execution mechanism due to unsafe handling of=
the PATH environment variable when constructing shell commands. An authent= icated user able to control environment variables could influence command e= xecution within the container context. This vulnerability is fixed in 2026.= 1.29.</td>
<td>2026-02-02</td>
<td>8.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24763" target=3D= "_blank" rel=3D"noopener">CVE-2026-24763</a></td>

<a href=3D"https://github.com/openclaw/openclaw/security/advisories/GHSA-mc= 68-q9jw-2h3v" target=3D"_blank" rel=3D"noopener">https://github.com/opencla= w/openclaw/security/advisories/GHSA-mc68-q9jw-2h3v</a> <a href=3D"https:= //github.com/openclaw/openclaw/commit/771f23d36b95ec2204cc9a0054045f5d8439e= a75" target=3D"_blank" rel=3D"noopener">https://github.com/openclaw/opencla= w/commit/771f23d36b95ec2204cc9a0054045f5d8439ea75</a> <a href=3D"https:/= /github.com/openclaw/openclaw/releases/tag/v2026.1.29" target=3D"_blank" re= l=3D"noopener">https://github.com/openclaw/openclaw/releases/tag/v2026.1.29= </a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">chainguard-dev--melange</td>
<td>melange allows users to build apk packages using declarative pipelines.=
In version 0.11.3 to before 0.40.3, an attacker who can influence the tar = stream from a QEMU guest VM could write files outside the intended workspac=
e directory on the host. The retrieveWorkspace function extracts tar entrie=
s without validating that paths stay within the workspace, allowing path tr= aversal via ../ sequences. This issue has been patched in version 0.40.3.</=

<td>2026-02-04</td>
<td>8.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24843" target=3D= "_blank" rel=3D"noopener">CVE-2026-24843</a></td>

<a href=3D"https://github.com/chainguard-dev/melange/security/advisories/GH= SA-qxx2-7h4c-83f4" target=3D"_blank" rel=3D"noopener">https://github.com/ch= ainguard-dev/melange/security/advisories/GHSA-qxx2-7h4c-83f4</a> <a href= =3D"https://github.com/chainguard-dev/melange/commit/6e243d0d46699f837d7c39= 2397a694d2bcc7612b" target=3D"_blank" rel=3D"noopener">https://github.com/c= hainguard-dev/melange/commit/6e243d0d46699f837d7c392397a694d2bcc7612b</a><b= r>=C2=A0</td>
</tr>

<td class=3D"vendor-product">node-modules--compressing</td>
<td>Compressing is a compressing and uncompressing lib for node. In version=
2.0.0 and 1.10.3 and prior, Compressing extracts TAR archives while restor= ing symbolic links without validating their targets. By embedding symlinks = that resolve outside the intended extraction directory, an attacker can cau=
se subsequent file entries to be written to arbitrary locations on the host=
file system. Depending on the extractor's handling of existing files, this=
behavior may allow overwriting sensitive files or creating new files in se= curity-critical locations. This issue has been patched in versions 1.10.4 a=
nd 2.0.1.</td>
<td>2026-02-04</td>
<td>8.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24884" target=3D= "_blank" rel=3D"noopener">CVE-2026-24884</a></td>

<a href=3D"https://github.com/node-modules/compressing/security/advisories/= GHSA-cc8f-xg8v-72m3" target=3D"_blank" rel=3D"noopener">https://github.com/= node-modules/compressing/security/advisories/GHSA-cc8f-xg8v-72m3</a> <a = href=3D"https://github.com/node-modules/compressing/commit/8d16c196c7f1888f= c1af957d9ff36117247cea6c" target=3D"_blank" rel=3D"noopener">https://github= .com/node-modules/compressing/commit/8d16c196c7f1888fc1af957d9ff36117247cea= 6c</a> <a href=3D"https://github.com/node-modules/compressing/commit/ce1= c0131c401c071c77d5a1425bf8c88cfc16361" target=3D"_blank" rel=3D"noopener">h= ttps://github.com/node-modules/compressing/commit/ce1c0131c401c071c77d5a142= 5bf8c88cfc16361</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Huawei--HarmonyOS</td>
<td>Out-of-bounds write vulnerability in the camera module. Impact: Success= ful exploitation of this vulnerability may affect availability.</td> <td>2026-02-06</td>
<td>8.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24926" target=3D= "_blank" rel=3D"noopener">CVE-2026-24926</a></td>

<a href=3D"https://consumer.huawei.com/en/support/bulletin/2026/2/" target= =3D"_blank" rel=3D"noopener">https://consumer.huawei.com/en/support/bulleti= n/2026/2/</a> <a href=3D"https://consumer.huawei.com/en/support/bulletin= laptops/2026/2/" target=3D"_blank" rel=3D"noopener">https://consumer.huawei= .com/en/support/bulletinlaptops/2026/2/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Huawei--HarmonyOS</td>
<td>UAF concurrency vulnerability in the graphics module. Impact: Successfu=
l exploitation of this vulnerability may affect availability.</td> <td>2026-02-06</td>
<td>8.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24930" target=3D= "_blank" rel=3D"noopener">CVE-2026-24930</a></td>

<a href=3D"https://consumer.huawei.com/en/support/bulletin/2026/2/" target= =3D"_blank" rel=3D"noopener">https://consumer.huawei.com/en/support/bulleti= n/2026/2/</a> <a href=3D"https://consumer.huawei.com/en/support/bulletin= laptops/2026/2/" target=3D"_blank" rel=3D"noopener">https://consumer.huawei= .com/en/support/bulletinlaptops/2026/2/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">OpenListTeam--OpenList</td>
<td>OpenList Frontend is a UI component for OpenList. Prior to 4.1.10, the = application contains path traversal vulnerability in multiple file operatio=
n handlers in server/handles/fsmanage.go. Filename components in req.Names = are directly concatenated with validated directories using stdpath.Join. Th=
is allows ".." sequences to bypass path restrictions, enabling users to acc= ess other users' files within the same storage mount and perform unauthoriz=
ed actions such as deletion, renaming, or copying of files. An authenticate=
d attacker can bypass directory-level authorisation by injecting traversal = sequences into filename components, enabling unauthorised file removal and = copying across user boundaries within the same storage mount. This vulnerab= ility is fixed in 4.1.10.</td>
<td>2026-02-02</td>
<td>8.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25059" target=3D= "_blank" rel=3D"noopener">CVE-2026-25059</a></td>

<a href=3D"https://github.com/OpenListTeam/OpenList/security/advisories/GHS= A-qmj2-8r24-xxcq" target=3D"_blank" rel=3D"noopener">https://github.com/Ope= nListTeam/OpenList/security/advisories/GHSA-qmj2-8r24-xxcq</a> <a href= =3D"https://github.com/OpenListTeam/OpenList/commit/7b78fed106382430c69ef35= 1d43f5d09928fff14" target=3D"_blank" rel=3D"noopener">https://github.com/Op= enListTeam/OpenList/commit/7b78fed106382430c69ef351d43f5d09928fff14</a> =
<a href=3D"https://github.com/OpenListTeam/OpenList/releases/tag/v4.1.10" t= arget=3D"_blank" rel=3D"noopener">https://github.com/OpenListTeam/OpenList/= releases/tag/v4.1.10</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">OpenListTeam--OpenList</td>
<td>OpenList Frontend is a UI component for OpenList. Prior to 4.1.10, cert= ificate verification is disabled by default for all storage driver communic= ations. The TlsInsecureSkipVerify setting is default to true in the Default= Config() function in internal/conf/config.go. This vulnerability enables Ma= n-in-the-Middle (MitM) attacks by disabling TLS certificate verification, a= llowing attackers to intercept and manipulate all storage communications. A= ttackers can exploit this through network-level attacks like ARP spoofing, = rogue Wi-Fi access points, or compromised internal network equipment to red= irect traffic to malicious endpoints. Since certificate validation is skipp= ed, the system will unknowingly establish encrypted connections with attack= er-controlled servers, enabling full decryption, data theft, and manipulati=
on of all storage operations without triggering any security warnings. This=
vulnerability is fixed in 4.1.10.</td>
<td>2026-02-02</td>
<td>8.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25060" target=3D= "_blank" rel=3D"noopener">CVE-2026-25060</a></td>

<a href=3D"https://github.com/OpenListTeam/OpenList/security/advisories/GHS= A-wf93-3ghh-h389" target=3D"_blank" rel=3D"noopener">https://github.com/Ope= nListTeam/OpenList/security/advisories/GHSA-wf93-3ghh-h389</a> <a href= =3D"https://github.com/OpenListTeam/OpenList/commit/e3c664f81d0584fbbdb86ff= e6644be16259371c1" target=3D"_blank" rel=3D"noopener">https://github.com/Op= enListTeam/OpenList/commit/e3c664f81d0584fbbdb86ffe6644be16259371c1</a> =
<a href=3D"https://github.com/OpenListTeam/OpenList/releases/tag/v4.1.10" t= arget=3D"_blank" rel=3D"noopener">https://github.com/OpenListTeam/OpenList/= releases/tag/v4.1.10</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">AlistGo--alist</td>
<td>Alist is a file list program that supports multiple storages, powered b=
y Gin and Solidjs. Prior to version 3.57.0, the application contains path t= raversal vulnerability in multiple file operation handlers. An authenticate=
d attacker can bypass directory-level authorisation by injecting traversal = sequences into filename components, enabling unauthorised file removal, mov= ement and copying across user boundaries within the same storage mount. Thi=
s issue has been patched in version 3.57.0.</td>
<td>2026-02-04</td>
<td>8.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25161" target=3D= "_blank" rel=3D"noopener">CVE-2026-25161</a></td>

<a href=3D"https://github.com/AlistGo/alist/security/advisories/GHSA-x4q4-7= phh-42j9" target=3D"_blank" rel=3D"noopener">https://github.com/AlistGo/ali= st/security/advisories/GHSA-x4q4-7phh-42j9</a> <a href=3D"https://github= .com/AlistGo/alist/commit/b188288525b9a35c76535139311e7c036dab057e" target= =3D"_blank" rel=3D"noopener">https://github.com/AlistGo/alist/commit/b18828= 8525b9a35c76535139311e7c036dab057e</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Samsung Electronics--MagicINFO 9 Server</td> <td>An unauthenticated user can upload arbitrary files to execute remote co= de, leading to privilege escalation in MagicInfo9 Server. This issue affect=
s MagicINFO 9 Server: less than 21.1090.1.</td>
<td>2026-02-02</td>
<td>8.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25201" target=3D= "_blank" rel=3D"noopener">CVE-2026-25201</a></td>

<a href=3D"https://security.samsungtv.com/securityUpdates" target=3D"_blank=
" rel=3D"noopener">https://security.samsungtv.com/securityUpdates</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">OpenSlides--OpenSlides</td>
<td>OpenSlides is a free, web based presentation and assembly system for ma= naging and projecting agenda, motions and elections of an assembly. Prior t=
o version 4.2.29, OpenSlides supports local logins with username and passwo=
rd or an optionally configurable single sign on with SAML via an external I= DP. For users synced to OpenSlides via an external IDP, there is an incorre=
ct access control regarding the local login of these users. Users can succe= ssfully login using the local login form and the OpenSlides username of a S= AML user and a trivial password. This password is valid for all SAML users.=
This issue has been patched in version 4.2.29.</td>
<td>2026-02-04</td>
<td>8.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25519" target=3D= "_blank" rel=3D"noopener">CVE-2026-25519</a></td>

<a href=3D"https://github.com/OpenSlides/OpenSlides/security/advisories/GHS= A-vv4h-8wfc-pf8c" target=3D"_blank" rel=3D"noopener">https://github.com/Ope= nSlides/OpenSlides/security/advisories/GHSA-vv4h-8wfc-pf8c</a> <a href= =3D"https://github.com/OpenSlides/openslides-auth-service/pull/889" target= =3D"_blank" rel=3D"noopener">https://github.com/OpenSlides/openslides-auth-= service/pull/889</a> <a href=3D"https://github.com/OpenSlides/openslides= -auth-service/commit/70c1aa9f5e1db59ec120ecce98d1c1169350a4ee" target=3D"_b= lank" rel=3D"noopener">https://github.com/OpenSlides/openslides-auth-servic= e/commit/70c1aa9f5e1db59ec120ecce98d1c1169350a4ee</a> <a href=3D"https:/= /github.com/OpenSlides/OpenSlides/releases/tag/4.2.29" target=3D"_blank" re= l=3D"noopener">https://github.com/OpenSlides/OpenSlides/releases/tag/4.2.29= </a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">pydantic--pydantic-ai</td>
<td>Pydantic AI is a Python agent framework for building applications and w= orkflows with Generative AI. From 0.0.26 to before 1.56.0, aServer-Side Req= uest Forgery (SSRF) vulnerability exists in Pydantic AI's URL download func= tionality. When applications accept message history from untrusted sources,=
attackers can include malicious URLs that cause the server to make HTTP re= quests to internal network resources, potentially accessing internal servic=
es or cloud credentials. This vulnerability only affects applications that = accept message history from external users. This vulnerability is fixed in = 1.56.0.</td>
<td>2026-02-06</td>
<td>8.6</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25580" target=3D= "_blank" rel=3D"noopener">CVE-2026-25580</a></td>

<a href=3D"https://github.com/pydantic/pydantic-ai/security/advisories/GHSA= -2jrp-274c-jhv3" target=3D"_blank" rel=3D"noopener">https://github.com/pyda= ntic/pydantic-ai/security/advisories/GHSA-2jrp-274c-jhv3</a> <a href=3D"= https://github.com/pydantic/pydantic-ai/commit/d398bc9d39aecca6530fa7486a41= 0d5cce936301" target=3D"_blank" rel=3D"noopener">https://github.com/pydanti= c/pydantic-ai/commit/d398bc9d39aecca6530fa7486a410d5cce936301</a> =C2=A0= </td>
</tr>

<td class=3D"vendor-product">openclaw--openclaw</td>
<td>OpenClaw is a personal AI assistant. Prior to 2026.1.20, an unauthentic= ated local client could use the Gateway WebSocket API to write config via c= onfig.apply and set unsafe cliPath values that were later used for command = discovery, enabling command injection as the gateway user. This vulnerabili=
ty is fixed in 2026.1.20.</td>
<td>2026-02-06</td>
<td>8.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25593" target=3D= "_blank" rel=3D"noopener">CVE-2026-25593</a></td>

<a href=3D"https://github.com/openclaw/openclaw/security/advisories/GHSA-g5= 5j-c2v4-pjcg" target=3D"_blank" rel=3D"noopener">https://github.com/opencla= w/openclaw/security/advisories/GHSA-g55j-c2v4-pjcg</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">qdrant--qdrant</td>
<td>Qdrant is a vector similarity search engine and vector database. From 1= .9.3 to before 1.16.0, it is possible to append to arbitrary files via /log= ger endpoint using an attacker-controlled on_disk.log_file path. Minimal pr= ivileges are required (read-only access). This vulnerability is fixed in 1.= 16.0.</td>
<td>2026-02-06</td>
<td>8.6</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25628" target=3D= "_blank" rel=3D"noopener">CVE-2026-25628</a></td>

<a href=3D"https://github.com/qdrant/qdrant/security/advisories/GHSA-f632-v= m87-2m2f" target=3D"_blank" rel=3D"noopener">https://github.com/qdrant/qdra= nt/security/advisories/GHSA-f632-vm87-2m2f</a> <a href=3D"https://github= .com/qdrant/qdrant/commit/32b7fdfb7f542624ecd1f7c8d3e2b13c4e36a2c1" target= =3D"_blank" rel=3D"noopener">https://github.com/qdrant/qdrant/commit/32b7fd= fb7f542624ecd1f7c8d3e2b13c4e36a2c1</a> <a href=3D"https://github.com/qdr= ant/qdrant/blob/48203e414e4e7f639a6d394fb6e4df695f808e51/src/actix/api/serv= ice_api.rs#L195" target=3D"_blank" rel=3D"noopener">https://github.com/qdra= nt/qdrant/blob/48203e414e4e7f639a6d394fb6e4df695f808e51/src/actix/api/servi= ce_api.rs#L195</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">kovidgoyal--calibre</td>
<td>calibre is an e-book manager. Prior to 9.2.0, Calibre's CHM reader cont= ains a path traversal vulnerability that allows arbitrary file writes anywh= ere the user has write permissions. On Windows (haven't tested on other OS'= s), this can lead to Remote Code Execution by writing a payload to the Star= tup folder, which executes on next login. This vulnerability is fixed in 9.= 2.0.</td>
<td>2026-02-06</td>
<td>8.6</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25635" target=3D= "_blank" rel=3D"noopener">CVE-2026-25635</a></td>

<a href=3D"https://github.com/kovidgoyal/calibre/security/advisories/GHSA-3= 2vh-whvh-9fxr" target=3D"_blank" rel=3D"noopener">https://github.com/kovidg= oyal/calibre/security/advisories/GHSA-32vh-whvh-9fxr</a> <a href=3D"http= s://github.com/kovidgoyal/calibre/commit/9739232fcb029ac15dfe52ccd4fdb4a07e= bb6ce9" target=3D"_blank" rel=3D"noopener">https://github.com/kovidgoyal/ca= libre/commit/9739232fcb029ac15dfe52ccd4fdb4a07ebb6ce9</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">kovidgoyal--calibre</td>
<td>calibre is an e-book manager. In 9.1.0 and earlier, a path traversal vu= lnerability in Calibre's EPUB conversion allows a malicious EPUB file to co= rrupt arbitrary existing files writable by the Calibre process. During conv= ersion, Calibre resolves CipherReference URI from META-INF/encryption.xml t=
o an absolute filesystem path and opens it in read-write mode, even when it=
points outside the conversion extraction directory. This vulnerability is = fixed in 9.2.0.</td>
<td>2026-02-06</td>
<td>8.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25636" target=3D= "_blank" rel=3D"noopener">CVE-2026-25636</a></td>

<a href=3D"https://github.com/kovidgoyal/calibre/security/advisories/GHSA-8= r26-m7j5-hm29" target=3D"_blank" rel=3D"noopener">https://github.com/kovidg= oyal/calibre/security/advisories/GHSA-8r26-m7j5-hm29</a> <a href=3D"http= s://github.com/kovidgoyal/calibre/commit/9484ea82c6ab226c18e6ca5aa000fa16de= 598726" target=3D"_blank" rel=3D"noopener">https://github.com/kovidgoyal/ca= libre/commit/9484ea82c6ab226c18e6ca5aa000fa16de598726</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Anydesk--AnyDesk</td>
<td>AnyDesk 5.4.0 contains an unquoted service path vulnerability in its Wi= ndows service configuration that allows local attackers to potentially inje=
ct malicious executables. Attackers can exploit the unquoted binary path to=
place malicious files in service executable locations, potentially gaining=
elevated system privileges.</td>
<td>2026-02-03</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2019-25261" target=3D= "_blank" rel=3D"noopener">CVE-2019-25261</a></td>

<a href=3D"https://www.exploit-db.com/exploits/47883" target=3D"_blank" rel= =3D"noopener">ExploitDB-47883</a> <a href=3D"http://anydesk.com" target= =3D"_blank" rel=3D"noopener">Official Vendor Homepage</a> <a href=3D"htt= ps://www.vulncheck.com/advisories/anydesk-unquoted-service-path" target=3D"= _blank" rel=3D"noopener">VulnCheck Advisory: AnyDesk 5.4.0 - Unquoted Servi=
ce Path</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Wondershare--Wondershare Application Framework=
Service</td>
<td>Wondershare Application Framework Service 2.4.3.231 contains an unquote=
d service path vulnerability that allows local attackers to potentially exe= cute arbitrary code with elevated privileges. Attackers can exploit the unq= uoted service path by placing malicious executables in specific directory l= ocations to hijack the service's execution context.</td>
<td>2026-02-06</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2019-25266" target=3D= "_blank" rel=3D"noopener">CVE-2019-25266</a></td>

<a href=3D"https://www.exploit-db.com/exploits/47617" target=3D"_blank" rel= =3D"noopener">ExploitDB-47617</a> <a href=3D"https://www.wondershare.com=
/" target=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a href=3D"htt= ps://www.wondershare.com/drfone/" target=3D"_blank" rel=3D"noopener">Softwa=
re Product Page</a> <a href=3D"https://www.vulncheck.com/advisories/wond= ershare-application-framework-service-wsappservice-unquote-service-path" ta= rget=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Wondershare Applicatio=
n Framework Service 2.4.3.231 - 'WsAppService' Unquote Service Path</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">Wftpserver--Wing FTP Server</td>
<td>Wing FTP Server 6.0.7 contains an unquoted service path vulnerability t= hat allows local attackers to potentially execute arbitrary code with eleva= ted system privileges. Attackers can exploit the unquoted binary path in th=
e service configuration to inject malicious executables that will be launch=
ed with LocalSystem permissions.</td>
<td>2026-02-04</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2019-25267" target=3D= "_blank" rel=3D"noopener">CVE-2019-25267</a></td>

<a href=3D"https://www.exploit-db.com/exploits/47818" target=3D"_blank" rel= =3D"noopener">ExploitDB-47818</a> <a href=3D"https://www.wftpserver.com/=
" target=3D"_blank" rel=3D"noopener">Wing FTP Server Official Homepage</a><= br><a href=3D"https://www.vulncheck.com/advisories/wing-ftp-server-unquoted= -service-path" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Wing = FTP Server 6.0.7 - Unquoted Service Path</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Netgate--Amiti Antivirus</td>
<td>Amiti Antivirus 25.0.640 contains an unquoted service path vulnerabilit=
y in its Windows service configurations. Attackers can exploit the unquoted=
path to inject and execute malicious code with elevated LocalSystem privil= eges by placing executable files in specific directory locations.</td> <td>2026-02-04</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2019-25269" target=3D= "_blank" rel=3D"noopener">CVE-2019-25269</a></td>

<a href=3D"https://www.exploit-db.com/exploits/47747" target=3D"_blank" rel= =3D"noopener">ExploitDB-47747</a> <a href=3D"http://www.netgate.sk/" tar= get=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a href=3D"https://w= ww.vulncheck.com/advisories/amiti-antivirus-unquoted-service-path-vulnerabi= lity" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Amiti Antiviru=
s 25.0.640 - Unquoted Service Path Vulnerability</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">NETGATE--Data Backup</td>
<td>NETGATE Data Backup 3.0.620 contains an unquoted service path vulnerabi= lity in its NGDatBckpSrv Windows service configuration. Attackers can explo=
it the unquoted path to inject and execute malicious code with LocalSystem = privileges by placing executable files in specific directory locations.</td=

<td>2026-02-04</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2019-25271" target=3D= "_blank" rel=3D"noopener">CVE-2019-25271</a></td>

<a href=3D"https://www.exploit-db.com/exploits/47746" target=3D"_blank" rel= =3D"noopener">ExploitDB-47746</a> <a href=3D"http://www.netgate.sk/" tar= get=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a href=3D"https://w= ww.vulncheck.com/advisories/netgate-data-backup-ngdatbckpsrv-unquoted-servi= ce-path" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: NETGATE Dat=
a Backup 3.0.620 - 'NGDatBckpSrv' Unquoted Service Path</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Tenaxsoft--TexasSoft CyberPlanet</td> <td>TexasSoft CyberPlanet 6.4.131 contains an unquoted service path vulnera= bility in the CCSrvProxy service that allows local attackers to execute arb= itrary code. Attackers can exploit the unquoted path in 'C:\Program Files (= x86)\TenaxSoft\CyberPlanet\SrvProxy.exe' to inject malicious executables an=
d gain elevated system privileges.</td>
<td>2026-02-04</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2019-25272" target=3D= "_blank" rel=3D"noopener">CVE-2019-25272</a></td>

<a href=3D"https://www.exploit-db.com/exploits/47724" target=3D"_blank" rel= =3D"noopener">ExploitDB-47724</a> <a href=3D"https://tenaxsoft.com/index= .html" target=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a href=3D= "https://www.vulncheck.com/advisories/texassoft-cyberplanet-ccsrvproxy-unqu= oted-service-path" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: T= exasSoft CyberPlanet 6.4.131 - 'CCSrvProxy' Unquoted Service Path</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">Easy-Hide-Ip--IP</td>
<td>Easy-Hide-IP 5.0.0.3 contains an unquoted service path vulnerability in=
the EasyRedirect service that allows local attackers to potentially execut=
e arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Fi= les\Easy-Hide-IP\rdr\EasyRedirect.exe' to inject malicious executables and = escalate privileges.</td>
<td>2026-02-04</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2019-25273" target=3D= "_blank" rel=3D"noopener">CVE-2019-25273</a></td>

<a href=3D"https://www.exploit-db.com/exploits/47712" target=3D"_blank" rel= =3D"noopener">ExploitDB-47712</a> <a href=3D"https://easy-hide-ip.com" t= arget=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a href=3D"https:/= /www.vulncheck.com/advisories/easy-hide-ip-easyredirect-unquoted-service-pa= th" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Easy-Hide-IP 5.0= .0.3 - 'EasyRedirect' Unquoted Service Path</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Photodex--ProShow Producer</td>
<td>ProShow Producer 9.0.3797 contains an unquoted service path vulnerabili=
ty in the ScsiAccess service that allows local attackers to potentially exe= cute arbitrary code. Attackers can exploit the unquoted binary path to inje=
ct malicious executables that will be run with LocalSystem privileges durin=
g service startup.</td>
<td>2026-02-04</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2019-25274" target=3D= "_blank" rel=3D"noopener">CVE-2019-25274</a></td>

<a href=3D"https://www.exploit-db.com/exploits/47705" target=3D"_blank" rel= =3D"noopener">ExploitDB-47705</a> <a href=3D"http://www.photodex.com/" t= arget=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a href=3D"https:/= /www.vulncheck.com/advisories/proshow-producer-unquoted-service-path" targe= t=3D"_blank" rel=3D"noopener">VulnCheck Advisory: ProShow Producer 9.0.3797=
- Unquoted Service Path</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">FileHorse--BartVPN</td>
<td>BartVPN 1.2.2 contains an unquoted service path vulnerability in the Ba= rtVPNService that allows local attackers to potentially execute arbitrary c= ode with elevated system privileges. Attackers can exploit the unquoted bin= ary path by placing malicious executables in specific file system locations=
to hijack the service's execution context.</td>
<td>2026-02-04</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2019-25275" target=3D= "_blank" rel=3D"noopener">CVE-2019-25275</a></td>

<a href=3D"https://www.exploit-db.com/exploits/47675" target=3D"_blank" rel= =3D"noopener">ExploitDB-47675</a> <a href=3D"https://www.filehorse.com/"=
target=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a href=3D"https= ://www.vulncheck.com/advisories/bartvpn-bartvpnservice-unquoted-service-pat=
h" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: BartVPN 1.2.2 - '= BartVPNService' Unquoted Service Path</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Rockwellautomation--Studio</td>
<td>Studio 5000 Logix Designer 30.01.00 contains an unquoted service path v= ulnerability in the FactoryTalk Activation Service that allows local users =
to potentially execute code with elevated privileges. Attackers can exploit=
the unquoted path in C:\Program Files (x86)\Rockwell Software\FactoryTalk = Activation\ to inject malicious code that would execute with LocalSystem pe= rmissions.</td>
<td>2026-02-04</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2019-25276" target=3D= "_blank" rel=3D"noopener">CVE-2019-25276</a></td>

<a href=3D"https://www.exploit-db.com/exploits/47676" target=3D"_blank" rel= =3D"noopener">ExploitDB-47676</a> <a href=3D"https://www.rockwellautomat= ion.com/en_NA/overview.page" target=3D"_blank" rel=3D"noopener">Rockwell Au= tomation Homepage</a> <a href=3D"https://www.vulncheck.com/advisories/st= udio-logix-designer-factorytalk-activation-service-unquoted-service-path" t= arget=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Studio 5000 Logix Des= igner 30.01.00 - 'FactoryTalk Activation Service' Unquoted Service Path</a>= =C2=A0</td>
</tr>

<td class=3D"vendor-product">ncp-e--NCP_Secure_Entry_Client</td>
<td>NCP Secure Entry Client 9.2 contains an unquoted service path vulnerabi= lity in multiple Windows services that allows local users to potentially ex= ecute arbitrary code. Attackers can exploit the unquoted paths in services = like ncprwsnt, rwsrsu, ncpclcfg, and NcpSec to inject malicious code that w= ould execute with LocalSystem privileges during service startup.</td> <td>2026-02-04</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2019-25281" target=3D= "_blank" rel=3D"noopener">CVE-2019-25281</a></td>

<a href=3D"https://www.exploit-db.com/exploits/47668" target=3D"_blank" rel= =3D"noopener">ExploitDB-47668</a> <a href=3D"http://software.ncp-e.com/"=
target=3D"_blank" rel=3D"noopener">NCP Software Vendor Homepage</a> <a = href=3D"https://www.vulncheck.com/advisories/ncpsecureentryclient-unquoted-= service-paths" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: NCP_S= ecure_Entry_Client 9.2 - Unquoted Service Paths</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">shrew--Shrew Soft VPN Client</td>
<td>Shrew Soft VPN Client 2.2.2 contains an unquoted service path vulnerabi= lity that allows local users to execute arbitrary code with elevated system=
privileges. Attackers can place malicious executables in the unquoted serv= ice path to gain elevated access during service startup or system reboot.</=

<td>2026-02-04</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2019-25283" target=3D= "_blank" rel=3D"noopener">CVE-2019-25283</a></td>

<a href=3D"https://www.exploit-db.com/exploits/47660" target=3D"_blank" rel= =3D"noopener">ExploitDB-47660</a> <a href=3D"https://www.shrew.net" targ= et=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a href=3D"https://ww= w.vulncheck.com/advisories/shrew-soft-vpn-client-iked-unquoted-service-path=
" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Shrew Soft VPN Cli= ent 2.2.2 - 'iked' Unquoted Service Path</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Alps--device Controller</td>
<td>Alps Pointing-device Controller 8.1202.1711.04 contains an unquoted ser= vice path vulnerability in the ApHidMonitorService that allows local attack= ers to execute code with elevated privileges. Attackers can place a malicio=
us executable in the service path and gain system-level access when the ser= vice restarts or the system reboots.</td>
<td>2026-02-04</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2019-25285" target=3D= "_blank" rel=3D"noopener">CVE-2019-25285</a></td>

<a href=3D"https://www.exploit-db.com/exploits/47637" target=3D"_blank" rel= =3D"noopener">ExploitDB-47637</a> <a href=3D"https://www.alps.com/e/" ta= rget=3D"_blank" rel=3D"noopener">Official Alps Homepage</a> <a href=3D"h= ttps://www.vulncheck.com/advisories/alps-pointing-device-controller-aphidmo= nitorservice-unquoted-service-path" target=3D"_blank" rel=3D"noopener">Vuln= Check Advisory: Alps Pointing-device Controller 8.1202.1711.04 - 'ApHidMoni= torService' Unquoted Service Path</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Gcafe--_GCaf</td>
<td>GCaf=C3=A9 3.0 contains an unquoted service path vulnerability in the g= bClientService that allows local attackers to potentially execute arbitrary=
code with elevated privileges. Attackers can exploit the unquoted path in = the service configuration to inject malicious executables that will be run = with LocalSystem permissions.</td>
<td>2026-02-04</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2019-25286" target=3D= "_blank" rel=3D"noopener">CVE-2019-25286</a></td>

<a href=3D"https://www.exploit-db.com/exploits/47604" target=3D"_blank" rel= =3D"noopener">ExploitDB-47604</a> <a href=3D"https://gcafe.vn/" target= =3D"_blank" rel=3D"noopener">GCaf=C3=A9 Official Vendor Homepage</a> <a = href=3D"https://www.vulncheck.com/advisories/gcafe-gbclienservice-unquoted-= service-path" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: _GCaf= =C3=A9 3.0 - 'gbClienService' Unquoted Service Path</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Webcompanion--Adaware Web Companion version</t=

<td>Adaware Web Companion version 4.8.2078.3950 contains an unquoted servic=
e path vulnerability in the WCAssistantService that allows local users to p= otentially execute code with elevated privileges. Attackers can exploit the=
unquoted path in C:\Program Files (x86)\Lavasoft\Web Companion\Application=
\ to inject malicious code that would execute with LocalSystem privileges d= uring service startup.</td>
<td>2026-02-04</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2019-25287" target=3D= "_blank" rel=3D"noopener">CVE-2019-25287</a></td>

<a href=3D"https://www.exploit-db.com/exploits/47597" target=3D"_blank" rel= =3D"noopener">ExploitDB-47597</a> <a href=3D"https://webcompanion.com/en=
/" target=3D"_blank" rel=3D"noopener">Adaware Web Companion Official Websit= e</a> <a href=3D"https://www.vulncheck.com/advisories/adaware-web-compan= ion-version-wcassistantservice-unquoted-service-path" target=3D"_blank" rel= =3D"noopener">VulnCheck Advisory: Adaware Web Companion version 4.8.2078.39=
50 - 'WCAssistantService' Unquoted Service Path</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Wacom--Wacom WTabletService</td>
<td>Wacom WTabletService 6.6.7-3 contains an unquoted service path vulnerab= ility that allows local attackers to execute malicious code with elevated p= rivileges. Attackers can insert an executable file in the service path to r=
un unauthorized code when the service restarts or the system reboots.</td> <td>2026-02-04</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2019-25288" target=3D= "_blank" rel=3D"noopener">CVE-2019-25288</a></td>

<a href=3D"https://www.exploit-db.com/exploits/47593" target=3D"_blank" rel= =3D"noopener">ExploitDB-47593</a> <a href=3D"https://www.wacom.com" targ= et=3D"_blank" rel=3D"noopener">Wacom Official Homepage</a> <a href=3D"ht= tps://www.vulncheck.com/advisories/wacom-wtabletservice-wtabletservicepro-u= nquoted-service-path" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory=
: Wacom WTabletService 6.6.7-3 - 'WTabletServicePro' Unquoted Service Path<= /a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Alps--Alps HID Monitor Service</td>
<td>Alps HID Monitor Service 8.1.0.10 contains an unquoted service path vul= nerability that allows local attackers to potentially execute arbitrary cod=
e with elevated privileges. Attackers can exploit the unquoted path in C:\P= rogram Files\Apoint2K\HidMonitorSvc.exe to inject malicious executables and=
gain system-level access.</td>
<td>2026-02-06</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2019-25292" target=3D= "_blank" rel=3D"noopener">CVE-2019-25292</a></td>

<a href=3D"https://www.exploit-db.com/exploits/47605" target=3D"_blank" rel= =3D"noopener">ExploitDB-47605</a> <a href=3D"https://www.alps.com/e/" ta= rget=3D"_blank" rel=3D"noopener">Official Product Homepage</a> <a href= =3D"https://www.vulncheck.com/advisories/alps-hid-monitor-service-aphidmoni= torservice-unquote-service-path" target=3D"_blank" rel=3D"noopener">VulnChe=
ck Advisory: Alps HID Monitor Service 8.1.0.10 - 'ApHidMonitorService' Unqu= ote Service Path</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">bluestacks--Blue Stacks App Player</td> <td>BlueStacks App Player 2.4.44.62.57 contains an unquoted service path vu= lnerability in the BstHdLogRotatorSvc service that allows local attackers t=
o potentially execute arbitrary code. Attackers can exploit the unquoted pa=
th in C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe to inject = malicious executables and escalate privileges.</td>
<td>2026-02-06</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2019-25293" target=3D= "_blank" rel=3D"noopener">CVE-2019-25293</a></td>

<a href=3D"https://www.exploit-db.com/exploits/47582" target=3D"_blank" rel= =3D"noopener">ExploitDB-47582</a> <a href=3D"https:/www.bluestacks.com" = target=3D"_blank" rel=3D"noopener">Official Product Homepage</a> <a href= =3D"https://www.vulncheck.com/advisories/blue-stacks-app-player-bsthdlogrot= atorsvc-unquote-service-path" target=3D"_blank" rel=3D"noopener">VulnCheck = Advisory: Blue Stacks App Player 2.4.44.62.57 - "BstHdLogRotatorSvc" Unquot=
e Service Path</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">lolypop55--html5_snmp</td>
<td>html5_snmp 1.11 contains multiple SQL injection vulnerabilities that al= low attackers to manipulate database queries through Router_ID and Router_I=
P parameters. Attackers can exploit error-based, time-based, and union-base=
d injection techniques to potentially extract or modify database informatio=
n by sending crafted payloads.</td>
<td>2026-02-06</td>
<td>7.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2019-25298" target=3D= "_blank" rel=3D"noopener">CVE-2019-25298</a></td>

<a href=3D"https://www.exploit-db.com/exploits/47588" target=3D"_blank" rel= =3D"noopener">ExploitDB-47588</a> <a href=3D"https://github.com/lolypop5= 5/html5_snmp" target=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a = href=3D"https://www.vulncheck.com/advisories/htmlsnmp-routerid-sql-injectio=
n" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: html5_snmp 1.11 -=
'Router_ID' SQL Injection</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">rimbalinux--AhadPOS</td>
<td>RimbaLinux AhadPOS 1.11 contains a SQL injection vulnerability in the '= alamatCustomer' parameter that allows attackers to manipulate database quer= ies through crafted POST requests. Attackers can exploit time-based and boo= lean-based blind SQL injection techniques to extract information or potenti= ally interact with the underlying database.</td>
<td>2026-02-06</td>
<td>7.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2019-25299" target=3D= "_blank" rel=3D"noopener">CVE-2019-25299</a></td>

<a href=3D"https://www.exploit-db.com/exploits/47585" target=3D"_blank" rel= =3D"noopener">ExploitDB-47585</a> <a href=3D"https://github.com/rimbalin= ux/AhadPOS" target=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a hr= ef=3D"https://www.vulncheck.com/advisories/rimbalinux-ahadpos-alamatcustome= r-sql-injection" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: rim= balinux AhadPOS 1.11 - 'alamatCustomer' SQL Injection</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">thejshen--Globitek CMS</td>
<td>thejshen Globitek CMS 1.4 contains a SQL injection vulnerability that a= llows attackers to manipulate database queries through the 'id' GET paramet= er. Attackers can exploit boolean-based, time-based, and UNION-based SQL in= jection techniques to potentially extract or modify database information.</=

<td>2026-02-06</td>
<td>7.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2019-25300" target=3D= "_blank" rel=3D"noopener">CVE-2019-25300</a></td>

<a href=3D"https://www.exploit-db.com/exploits/47581" target=3D"_blank" rel= =3D"noopener">ExploitDB-47581</a> <a href=3D"https://github.com/thejshen= /contentManagementSystem" target=3D"_blank" rel=3D"noopener">Vendor Homepag= e</a> <a href=3D"https://www.vulncheck.com/advisories/thejshen-globitek-= cms-id-sql-injection" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory=
: thejshen Globitek CMS 1.4 - 'id' SQL Injection</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Acer--Launch Manager</td>
<td>Acer Launch Manager 6.1.7600.16385 contains an unquoted service path vu= lnerability in the DsiWMIService that allows local users to potentially exe= cute code with elevated privileges. Attackers can exploit the unquoted path=
in C:\Program Files (x86)\Launch Manager\dsiwmis.exe to insert malicious c= ode that would execute with system-level permissions during service startup= .</td>
<td>2026-02-06</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2019-25302" target=3D= "_blank" rel=3D"noopener">CVE-2019-25302</a></td>

<a href=3D"https://www.exploit-db.com/exploits/47577" target=3D"_blank" rel= =3D"noopener">ExploitDB-47577</a> <a href=3D"https://www.acer.com/" targ= et=3D"_blank" rel=3D"noopener">Acer Official Website</a> <a href=3D"http= s://www.vulncheck.com/advisories/acer-launch-manager-dsiwmiservice-unquoted= -service-path" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Acer = Launch Manager 6.1.7600.16385 - 'DsiWMIService' Unquoted Service Path</a><b= r>=C2=A0</td>
</tr>

<td class=3D"vendor-product">thejshen--contentManagementSystem</td> <td>TheJshen ContentManagementSystem 1.04 contains a SQL injection vulnerab= ility that allows attackers to manipulate database queries through the 'id'=
GET parameter. Attackers can exploit boolean-based, time-based, and UNION-= based SQL injection techniques to extract or manipulate database informatio=
n by crafting malicious query payloads.</td>
<td>2026-02-06</td>
<td>7.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2019-25303" target=3D= "_blank" rel=3D"noopener">CVE-2019-25303</a></td>

<a href=3D"https://www.exploit-db.com/exploits/47569" target=3D"_blank" rel= =3D"noopener">ExploitDB-47569</a> <a href=3D"https://github.com/thejshen= /contentManagementSystem" target=3D"_blank" rel=3D"noopener">Vendor Homepag= e</a> <a href=3D"https://www.vulncheck.com/advisories/thejshen-contentma= nagementsystem-id-sql-injection" target=3D"_blank" rel=3D"noopener">VulnChe=
ck Advisory: TheJshen contentManagementSystem 1.04 - 'id' SQL Injection</a>= =C2=A0</td>
</tr>

<td class=3D"vendor-product">Issivs--Intelligent Security System SecurOS En= terprise</td>
<td>SecurOS Enterprise 10.2 contains an unquoted service path vulnerability=
in the SecurosCtrlService that allows local users to potentially execute c= ode with elevated privileges. Attackers can exploit the unquoted path in C:= \Program Files (x86)\ISS\SecurOS\ to insert malicious code that would execu=
te with system-level permissions during service startup.</td> <td>2026-02-06</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2019-25304" target=3D= "_blank" rel=3D"noopener">CVE-2019-25304</a></td>

<a href=3D"https://www.exploit-db.com/exploits/47556" target=3D"_blank" rel= =3D"noopener">ExploitDB-47556</a> <a href=3D"https://www.issivs.com/prod= uct-detail/secure-os-enterprise/" target=3D"_blank" rel=3D"noopener">Vendor=
Product Homepage</a> <a href=3D"https://www.issivs.com" target=3D"_blan=
k" rel=3D"noopener">Company Website</a> <a href=3D"https://www.vulncheck= .com/advisories/intelligent-security-system-securos-enterprise-securosctrls= ervice-unquoted-service-path" target=3D"_blank" rel=3D"noopener">VulnCheck = Advisory: Intelligent Security System SecurOS Enterprise 10.2 - 'SecurosCtr= lService' Unquoted Service Path</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Inforprograma--JumpStart</td>
<td>JumpStart 0.6.0.0 contains an unquoted service path vulnerability in th=
e jswpbapi service running with LocalSystem privileges. Attackers can explo=
it the unquoted path containing spaces to inject and execute malicious code=
with elevated system permissions.</td>
<td>2026-02-06</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2019-25305" target=3D= "_blank" rel=3D"noopener">CVE-2019-25305</a></td>

<a href=3D"https://www.exploit-db.com/exploits/47549" target=3D"_blank" rel= =3D"noopener">ExploitDB-47549</a> <a href=3D"https://www.inforprograma.n= et/" target=3D"_blank" rel=3D"noopener">Official Product Homepage</a> <a=
href=3D"https://www.vulncheck.com/advisories/jumpstart-jswpbapi-unquoted-s= ervice-path" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: JumpSta=
rt 0.6.0.0 - 'jswpbapi' Unquoted Service Path</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">VictorAlagwu--CMSsite</td>
<td>Victor CMS 1.0 contains a stored cross-site scripting vulnerability in = the 'comment_author' POST parameter that allows attackers to inject malicio=
us scripts. Attackers can submit crafted JavaScript payloads through the co= mment submission form to execute arbitrary code in victim browsers.</td> <td>2026-02-03</td>
<td>7.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37072" target=3D= "_blank" rel=3D"noopener">CVE-2020-37072</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48484" target=3D"_blank" rel= =3D"noopener">ExploitDB-48484</a> <a href=3D"https://github.com/VictorAl= agwu/CMSsite" target=3D"_blank" rel=3D"noopener">Victor CMS Project Reposit= ory</a> <a href=3D"https://www.vulncheck.com/advisories/victor-cms-comme= ntauthor-persistent-cross-site-scripting" target=3D"_blank" rel=3D"noopener= ">VulnCheck Advisory: Victor CMS 1.0 - 'comment_author' Persistent Cross-Si=
te Scripting</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Fishing Reservation System--Fishing Reservatio=
n System</td>
<td>Fishing Reservation System 7.5 contains multiple remote SQL injection v= ulnerabilities in admin.php, cart.php, and calendar.php that allow attacker=
s to inject malicious SQL commands. Attackers can exploit vulnerable parame= ters like uid, pid, type, m, y, and code to compromise the database managem= ent system and web application without user interaction.</td> <td>2026-02-03</td>
<td>7.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37081" target=3D= "_blank" rel=3D"noopener">CVE-2020-37081</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48417" target=3D"_blank" rel= =3D"noopener">ExploitDB-48417</a> <a href=3D"https://www.vulnerability-l= ab.com/get_content.php?id=3D2243" target=3D"_blank" rel=3D"noopener">Vulner= ability-Lab Researcher Disclosure</a> <a href=3D"https://fishingreservat= ionsystem.com/index.html" target=3D"_blank" rel=3D"noopener">Fishing Reserv= ation System Homepage</a> <a href=3D"https://www.vulncheck.com/advisorie= s/fishing-reservation-system-uid-sql-injection" target=3D"_blank" rel=3D"no= opener">VulnCheck Advisory: Fishing Reservation System 7.5 - 'uid' SQL Inje= ction</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">SunnySideSoft--VirtualTablet Server</td> <td>VirtualTablet Server 3.0.2 contains a denial of service vulnerability t= hat allows attackers to crash the service by sending oversized string paylo= ads through the Thrift protocol. Attackers can exploit the vulnerability by=
sending a long string to the send_say() method, causing the server to beco=
me unresponsive.</td>
<td>2026-02-03</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37085" target=3D= "_blank" rel=3D"noopener">CVE-2020-37085</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48402" target=3D"_blank" rel= =3D"noopener">ExploitDB-48402</a> <a href=3D"http://www.sunnysidesoft.co= m/" target=3D"_blank" rel=3D"noopener">Official Product Homepage</a> <a = href=3D"https://www.vulncheck.com/advisories/virtualtablet-server-denial-of= -service-poc" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Virtua= lTablet Server 3.0.2 - Denial of Service (PoC)</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Arox--School ERP Pro</td>
<td>School ERP Pro 1.0 contains a file disclosure vulnerability that allows=
unauthenticated attackers to read arbitrary files by manipulating the 'doc= ument' parameter in download.php. Attackers can access sensitive configurat= ion files by supplying directory traversal paths to retrieve system credent= ials and configuration information.</td>
<td>2026-02-03</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37088" target=3D= "_blank" rel=3D"noopener">CVE-2020-37088</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48394" target=3D"_blank" rel= =3D"noopener">ExploitDB-48394</a> <a href=3D"https://web.archive.org/web= /20200129123503/http://arox.in/" target=3D"_blank" rel=3D"noopener">Archive=
d Vendor Homepage</a> <a href=3D"https://web.archive.org/web/20190612111= 732/https://sourceforge.net/projects/school-erp-ultimate/" target=3D"_blank=
" rel=3D"noopener">Archived SourceForge Product Page</a> <a href=3D"http= s://www.vulncheck.com/advisories/school-erp-pro-arbitrary-file-read" target= =3D"_blank" rel=3D"noopener">VulnCheck Advisory: School ERP Pro 1.0 - Arbit= rary File Read</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Netis Systems Co., Ltd.--Netis E1+</td>
<td>Netis E1+ version 1.2.32533 contains a hardcoded root account vulnerabi= lity that allows unauthenticated attackers to access the device with predef= ined credentials. Attackers can leverage the embedded root account with a c= rackable password to gain full administrative access to the network device.= </td>
<td>2026-02-03</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37092" target=3D= "_blank" rel=3D"noopener">CVE-2020-37092</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48382" target=3D"_blank" rel= =3D"noopener">ExploitDB-48382</a> <a href=3D"http://www.netis-systems.co=
m" target=3D"_blank" rel=3D"noopener">Netis Systems Official Homepage</a><b= r><a href=3D"https://www.vulncheck.com/advisories/netis-e-backdoor-account-= root" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Netis E1+ 1.2.= 32533 - Backdoor Account (root)</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Netis Systems Co., Ltd.--Netis E1+</td>
<td>Netis E1+ 1.2.32533 contains an information disclosure vulnerability th=
at allows unauthenticated attackers to retrieve WiFi passwords through the = netcore_get.cgi endpoint. Attackers can send a GET request to the endpoint =
to extract sensitive network credentials including SSID and WiFi passwords =
in plain text.</td>
<td>2026-02-03</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37093" target=3D= "_blank" rel=3D"noopener">CVE-2020-37093</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48384" target=3D"_blank" rel= =3D"noopener">ExploitDB-48384</a> <a href=3D"http://www.netis-systems.co=
m" target=3D"_blank" rel=3D"noopener">Netis Systems Official Homepage</a><b= r><a href=3D"https://www.vulncheck.com/advisories/netis-e-unauthenticated-w= ifi-password-leak" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: N= etis E1+ 1.2.32533 - Unauthenticated WiFi Password Leak</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">EDIMAX Technology Co., Ltd.--EW-7438RPn Mini</=

<td>Edimax EW-7438RPn 1.13 contains an information disclosure vulnerability=
that exposes WiFi network configuration details through the wlencrypt_wiz.= asp file. Attackers can access the script to retrieve sensitive information=
including WiFi network name and plaintext password stored in device config= uration variables.</td>
<td>2026-02-03</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37097" target=3D= "_blank" rel=3D"noopener">CVE-2020-37097</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48365" target=3D"_blank" rel= =3D"noopener">ExploitDB-48365</a> <a href=3D"https://www.edimax.com/edim= ax/merchandise/merchandise_detail/data/edimax/global/wi-fi_range_extenders_= n300/ew-7438rpn_mini/" target=3D"_blank" rel=3D"noopener">Edimax EW-7438RPn=
Product Homepage</a> <a href=3D"https://www.vulncheck.com/advisories/ed= imax-ew-rpn-information-disclosure-wifi-password" target=3D"_blank" rel=3D"= noopener">VulnCheck Advisory: Edimax EW-7438RPn 1.13 - Information Disclosu=
re (WiFi Password)</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">DiskSorter--Disk Sorter Enterprise</td>
<td>Disk Sorter Enterprise 12.4.16 contains an unquoted service path vulner= ability that allows local attackers to execute arbitrary code with elevated=
system privileges. Attackers can exploit the unquoted path in the service = configuration to inject malicious executables that will be launched with Lo= calSystem permissions.</td>
<td>2026-02-03</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37098" target=3D= "_blank" rel=3D"noopener">CVE-2020-37098</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48048" target=3D"_blank" rel= =3D"noopener">ExploitDB-48048</a> <a href=3D"http://www.disksorter.com" = target=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a href=3D"https:= //www.vulncheck.com/advisories/disk-sorter-enterprise-unquoted-service-path=
" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Disk Sorter Enterp= rise 12.4.16 - Unquoted Service Path</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">DiskSavvy--Disk Savvy Enterprise</td>
<td>Disk Savvy Enterprise 12.3.18 contains an unquoted service path vulnera= bility in its service configuration that allows local attackers to potentia= lly execute arbitrary code. Attackers can exploit the unquoted path in 'C:\= Program Files\Disk Savvy Enterprise\bin\disksvs.exe' to inject malicious ex= ecutables and escalate privileges.</td>
<td>2026-02-03</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37099" target=3D= "_blank" rel=3D"noopener">CVE-2020-37099</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48049" target=3D"_blank" rel= =3D"noopener">ExploitDB-48049</a> <a href=3D"http://www.disksavvy.com" t= arget=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a href=3D"https:/= /www.vulncheck.com/advisories/disk-savvy-enterprise-disksvsexe-unquoted-ser= vice-path" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Disk Savv=
y Enterprise 12.3.18 - 'disksvs.exe' Unquoted Service Path</a> =C2=A0</t=

</tr>

<td class=3D"vendor-product">SyncBreeze--Sync Breeze Enterprise</td>
<td>Sync Breeze Enterprise 12.4.18 contains an unquoted service path vulner= ability that allows local attackers to execute arbitrary code with elevated=
system privileges. Attackers can exploit the unquoted binary path by placi=
ng malicious executables in specific file system locations to hijack the se= rvice startup process.</td>
<td>2026-02-03</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37100" target=3D= "_blank" rel=3D"noopener">CVE-2020-37100</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48045" target=3D"_blank" rel= =3D"noopener">ExploitDB-48045</a> <a href=3D"http://www.syncbreeze.com" = target=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a href=3D"https:= //www.vulncheck.com/advisories/sync-breeze-enterprise-unquoted-service-path=
" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Sync Breeze Enterp= rise 12.4.18 - Unquoted Service Path</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Vpnunlimitedapp--VPN unlimited</td>
<td>VPN Unlimited 6.1 contains an unquoted service path vulnerability that = allows local attackers to inject malicious executables into the service bin= ary path. Attackers can exploit the unquoted path in 'C:\Program Files (x86= )\VPN Unlimited to replace the service executable and gain elevated system = privileges.</td>
<td>2026-02-03</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37101" target=3D= "_blank" rel=3D"noopener">CVE-2020-37101</a></td>

<a href=3D"https://www.exploit-db.com/exploits/47916" target=3D"_blank" rel= =3D"noopener">ExploitDB-47916</a> <a href=3D"https://www.vpnunlimitedapp= .com" target=3D"_blank" rel=3D"noopener">VPN Unlimited Official Homepage</a= > <a href=3D"https://www.vulncheck.com/advisories/vpn-unlimited-unquoted= -service-path" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: VPN u= nlimited 6.1 - Unquoted Service Path</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Lavasoft--Web Companion</td>
<td>Adaware Web Companion 4.9.2159 contains an unquoted service path vulner= ability in the WCAssistantService that allows local attackers to potentiall=
y execute arbitrary code. Attackers can exploit the unquoted binary path to=
inject malicious executables that will be run with LocalSystem privileges = during service startup.</td>
<td>2026-02-03</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37102" target=3D= "_blank" rel=3D"noopener">CVE-2020-37102</a></td>

<a href=3D"https://www.exploit-db.com/exploits/47852" target=3D"_blank" rel= =3D"noopener">ExploitDB-47852</a> <a href=3D"http://webcompanion.com/" t= arget=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a href=3D"http://= webcompanion.com/LP-WC002/index.php?partner=3DLU150701WEBDIRECT&campaign=3D= www.doc2pdf.com&search=3D2&homepage=3D2&bd=3D2" target=3D"_blank" rel=3D"no= opener">Software Download Link</a> <a href=3D"https://www.vulncheck.com/= advisories/adaware-web-companion-wcassistantservice-unquoted-service-path" = target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Adaware Web Companio=
n 4.9.2159 - 'WCAssistantService' Unquoted Service Path</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">redmine--PMB</td>
<td>PMB 5.6 contains a SQL injection vulnerability in the administration do= wnload script that allows authenticated attackers to execute arbitrary SQL = commands through the 'logid' parameter. Attackers can leverage this vulnera= bility by sending crafted requests to the /admin/sauvegarde/download.php en= dpoint with manipulated logid values to interact with the database.</td> <td>2026-02-03</td>
<td>7.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37105" target=3D= "_blank" rel=3D"noopener">CVE-2020-37105</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48356" target=3D"_blank" rel= =3D"noopener">ExploitDB-48356</a> <a href=3D"http://www.sigb.net" target= =3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a href=3D"http://forge= .sigb.net/redmine/projects/pmb/files" target=3D"_blank" rel=3D"noopener">So= ftware Download Repository</a> <a href=3D"https://www.vulncheck.com/advi= sories/pmb-logid-sql-injection" target=3D"_blank" rel=3D"noopener">VulnChec=
k Advisory: PMB 5.6 - 'logid' SQL Injection</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Core FTP--Core FTP LE</td>
<td>Core FTP LE 2.2 contains a denial of service vulnerability that allows = attackers to crash the application by overwriting the account field with a = large buffer. Attackers can create a text file with 20,000 repeated charact= ers and paste it into the account field to cause the application to become = unresponsive and require reinstallation.</td>
<td>2026-02-06</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37107" target=3D= "_blank" rel=3D"noopener">CVE-2020-37107</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48137" target=3D"_blank" rel= =3D"noopener">ExploitDB-48137</a> <a href=3D"http://www.coreftp.com/" ta= rget=3D"_blank" rel=3D"noopener">Core FTP Vendor Homepage</a> <a href=3D= "http://www.coreftp.com/download.html" target=3D"_blank" rel=3D"noopener">C= ore FTP Download Page</a> <a href=3D"https://www.vulncheck.com/advisorie= s/core-ftp-le-denial-of-service" target=3D"_blank" rel=3D"noopener">VulnChe=
ck Advisory: Core FTP LE 2.2 - Denial of Service</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">AllHandsMarketing--PhpIX 2012 Professional</td=

<td>PhpIX 2012 Professional contains a SQL injection vulnerability in the '= id' parameter of product_detail.php that allows remote attackers to manipul= ate database queries. Attackers can inject malicious SQL code through the '= id' parameter to potentially extract or modify database information.</td> <td>2026-02-03</td>
<td>7.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37108" target=3D= "_blank" rel=3D"noopener">CVE-2020-37108</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48138" target=3D"_blank" rel= =3D"noopener">ExploitDB-48138</a> <a href=3D"http://www.allhandsmarketin= g.com/" target=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a href= =3D"http://www.pcollectionnecktie.com/sandbox/" target=3D"_blank" rel=3D"no= opener">Demonstration Website</a> <a href=3D"https://www.vulncheck.com/a= dvisories/phpix-professional-id-sql-injection" target=3D"_blank" rel=3D"noo= pener">VulnCheck Advisory: PhpIX 2012 Professional - 'id' SQL Injection</a>= =C2=A0</td>
</tr>

<td class=3D"vendor-product">asc Applied Software Consultants--aSc TimeTabl= es</td>
<td>aSc TimeTables 2020.11.4 contains a denial of service vulnerability tha=
t allows attackers to crash the application by overwriting the Subject titl=
e field with a large buffer. Attackers can generate a 1000-character buffer=
and paste it into the Subject title to trigger an application crash and po= tential instability.</td>
<td>2026-02-06</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37109" target=3D= "_blank" rel=3D"noopener">CVE-2020-37109</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48133" target=3D"_blank" rel= =3D"noopener">ExploitDB-48133</a> <a href=3D"https://www.asctimetables.c= om/#!/home" target=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a hr= ef=3D"https://www.vulncheck.com/advisories/asc-timetables-denial-of-service=
" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: aSc TimeTables 202= 0.11.4 - Denial of Service</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Openeclass--GUnet OpenEclass</td>
<td>GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities = that allow authenticated attackers to manipulate database queries through u= nvalidated parameters. Attackers can exploit the 'month' parameter in the a= genda module and other endpoints to extract sensitive database information = using error-based or time-based injection techniques.</td>
<td>2026-02-03</td>
<td>7.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37112" target=3D= "_blank" rel=3D"noopener">CVE-2020-37112</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48163" target=3D"_blank" rel= =3D"noopener">ExploitDB-48163</a> <a href=3D"https://www.openeclass.org/=
" target=3D"_blank" rel=3D"noopener">Official Vendor Homepage</a> <a hre= f=3D"https://download.openeclass.org/files/docs/1.7/CHANGES.txt" target=3D"= _blank" rel=3D"noopener">Changelog</a> <a href=3D"https://www.vulncheck.= com/advisories/gunet-openeclass-e-learning-platform-month-sql-injection" ta= rget=3D"_blank" rel=3D"noopener">VulnCheck Advisory: GUnet OpenEclass 1.7.3=
E-learning platform - 'month' SQL Injection</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Nsauditor--FTP Password Recover</td> <td>SpotFTP-FTP Password Recover 2.4.8 contains a denial of service vulnera= bility that allows attackers to crash the application by generating a large=
buffer overflow. Attackers can create a text file with 1000 'Z' characters=
and input it as a registration code to trigger the application crash.</td> <td>2026-02-06</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37122" target=3D= "_blank" rel=3D"noopener">CVE-2020-37122</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48132" target=3D"_blank" rel= =3D"noopener">ExploitDB-48132</a> <a href=3D"http://www.nsauditor.com/" = target=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a href=3D"http:/= /www.nsauditor.com/spotftp.html" target=3D"_blank" rel=3D"noopener">Softwar=
e Download Page</a> <a href=3D"https://www.vulncheck.com/advisories/spot= ftp-ftp-password-recover-denial-of-service" target=3D"_blank" rel=3D"noopen= er">VulnCheck Advisory: SpotFTP-FTP Password Recover 2.4.8 - Denial of Serv= ice</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Nsauditor--Nsauditor</td>
<td>Nsauditor 3.2.0.0 contains a denial of service vulnerability in the reg= istration name input field that allows attackers to crash the application. = Attackers can create a malicious payload of 1000 bytes of repeated characte=
rs to trigger an application crash when pasted into the registration name f= ield.</td>
<td>2026-02-05</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37130" target=3D= "_blank" rel=3D"noopener">CVE-2020-37130</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48286" target=3D"_blank" rel= =3D"noopener">ExploitDB-48286</a> <a href=3D"http://www.nsauditor.com" t= arget=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a href=3D"https:/= /www.vulncheck.com/advisories/nsauditor-name-denial-of-service" target=3D"_= blank" rel=3D"noopener">VulnCheck Advisory: Nsauditor 3.2.0.0 - 'Name' Deni=
al of Service</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">UltraVNC Team--UltraVNC Launcher</td>
<td>UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in=
the Repeater Host configuration field that allows attackers to crash the a= pplication. Attackers can paste an overly long string of 300 characters int=
o the Repeater Host property to trigger an application crash.</td> <td>2026-02-05</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37133" target=3D= "_blank" rel=3D"noopener">CVE-2020-37133</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48288" target=3D"_blank" rel= =3D"noopener">ExploitDB-48288</a> <a href=3D"https://www.uvnc.com/" targ= et=3D"_blank" rel=3D"noopener">UltraVNC Official Homepage</a> <a href=3D= "https://www.vulncheck.com/advisories/ultravnc-launcher-repeaterhost-denial= -of-service" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: UltraVN=
C Launcher 1.2.4.0 - 'RepeaterHost' Denial of Service</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">UltraVNC Team--UltraVNC Viewer</td>
<td>UltraVNC Viewer 1.2.4.0 contains a denial of service vulnerability that=
allows attackers to crash the application by manipulating VNC Server input=
. Attackers can generate a malformed 256-byte payload and paste it into the=
VNC Server connection dialog to trigger an application crash.</td> <td>2026-02-05</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37134" target=3D= "_blank" rel=3D"noopener">CVE-2020-37134</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48291" target=3D"_blank" rel= =3D"noopener">ExploitDB-48291</a> <a href=3D"https://www.uvnc.com/" targ= et=3D"_blank" rel=3D"noopener">UltraVNC Official Homepage</a> <a href=3D= "https://www.vulncheck.com/advisories/ultravnc-viewer-vncserver-denial-of-s= ervice" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: UltraVNC Vie= wer 1.2.4.0 - 'VNCServer' Denial of Service</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Amssplus--AMSS++</td>
<td>AMSS++ 4.7 contains an authentication bypass vulnerability that allows = attackers to access administrative accounts using hardcoded credentials. At= tackers can log in with the default admin username and password '1234' to g= ain unauthorized administrative access to the system.</td>
<td>2026-02-06</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37135" target=3D= "_blank" rel=3D"noopener">CVE-2020-37135</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48114" target=3D"_blank" rel= =3D"noopener">ExploitDB-48114</a> <a href=3D"https://www.vulncheck.com/a= dvisories/amss-backdoor-admin-account" target=3D"_blank" rel=3D"noopener">V= ulnCheck Advisory: AMSS++ 4.7 - Backdoor Admin Account</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">EmTec--ZOC Terminal</td>
<td>ZOC Terminal 7.25.5 contains a denial of service vulnerability in the p= rivate key file input field that allows attackers to crash the application.=
Attackers can overwrite the private key file input with a 2000-byte buffer=
, causing the application to become unresponsive when attempting to create = SSH key files.</td>
<td>2026-02-05</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37136" target=3D= "_blank" rel=3D"noopener">CVE-2020-37136</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48292" target=3D"_blank" rel= =3D"noopener">ExploitDB-48292</a> <a href=3D"https://www.emtec.com" targ= et=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a href=3D"https://ww= w.vulncheck.com/advisories/zoc-terminal-private-key-file-denial-of-service"=
target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: ZOC Terminal v7.25.=
5 - 'Private key file' Denial of Service</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">GE Intelligent Platforms, Inc.--ProficySCADA f=
or iOS</td>
<td>ProficySCADA for iOS 5.0.25920 contains a denial of service vulnerabili=
ty that allows attackers to crash the application by manipulating the passw= ord input field. Attackers can overwrite the password field with 257 bytes =
of repeated characters to trigger an application crash and prevent successf=
ul authentication.</td>
<td>2026-02-05</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37143" target=3D= "_blank" rel=3D"noopener">CVE-2020-37143</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48236" target=3D"_blank" rel= =3D"noopener">ExploitDB-48236</a> <a href=3D"https://download.cnet.com/p= roficyscada/3000-2064_4-75728256.html" target=3D"_blank" rel=3D"noopener">A= rchived App Software</a> <a href=3D"https://www.vulncheck.com/advisories= /proficyscada-for-ios-password-denial-of-service" target=3D"_blank" rel=3D"= noopener">VulnCheck Advisory: ProficySCADA for iOS 5.0.25920 - 'Password' D= enial of Service</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">ACE SECURITY--Aptina AR0130 960P 1.3MP Camera<=

<td>ACE Security WiP-90113 HD Camera contains a configuration disclosure vu= lnerability that allows unauthenticated attackers to retrieve sensitive con= figuration files. Attackers can access the camera's configuration backup by=
sending a GET request to the /config_backup.bin endpoint, exposing credent= ials and system settings.</td>
<td>2026-02-06</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37146" target=3D= "_blank" rel=3D"noopener">CVE-2020-37146</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48127" target=3D"_blank" rel= =3D"noopener">ExploitDB-48127</a> <a href=3D"https://acesecurity.jp" tar= get=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a href=3D"https://a= cesecurity.jp/support/top/wip_series/wip-90113" target=3D"_blank" rel=3D"no= opener">Product Support Page</a> <a href=3D"https://www.vulncheck.com/ad= visories/aptina-ar-p-mp-camera-remote-configuration-disclosure" target=3D"_= blank" rel=3D"noopener">VulnCheck Advisory: Aptina AR0130 960P 1.3MP Camera=
- Remote Configuration Disclosure</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Atutor--ATutor</td>
<td>ATutor 2.2.4 contains a SQL injection vulnerability in the admin user d= eletion page that allows authenticated attackers to manipulate database que= ries through the 'id' parameter. Attackers can exploit the vulnerability by=
injecting malicious SQL code into the 'id' parameter of the admin_delete.p=
hp script to potentially extract or modify database information.</td> <td>2026-02-06</td>
<td>7.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37147" target=3D= "_blank" rel=3D"noopener">CVE-2020-37147</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48117" target=3D"_blank" rel= =3D"noopener">ExploitDB-48117</a> <a href=3D"https://atutor.github.io/" = target=3D"_blank" rel=3D"noopener">ATutor Official Homepage</a> <a href= =3D"https://www.vulncheck.com/advisories/atutor-id-sql-injection" target=3D= "_blank" rel=3D"noopener">VulnCheck Advisory: ATutor 2.2.4 - 'id' SQL Injec= tion</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">EDIMAX Technology--EW-7438RPn Mini</td>
<td>Edimax EW-7438RPn-v3 Mini 1.27 allows unauthenticated attackers to acce=
ss the /wizard_reboot.asp page in unsetup mode, which discloses the Wi-Fi S= SID and security key. Attackers can retrieve the wireless password by sendi=
ng a GET request to this endpoint, exposing sensitive information without a= uthentication.</td>
<td>2026-02-05</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37150" target=3D= "_blank" rel=3D"noopener">CVE-2020-37150</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48318" target=3D"_blank" rel= =3D"noopener">ExploitDB-48318</a> <a href=3D"https://www.edimax.com/edim= ax/merchandise/merchandise_detail/data/edimax/global/wi-fi_range_extenders_= n300/ew-7438rpn_mini/" target=3D"_blank" rel=3D"noopener">Edimax EW-7438RPn=
Mini Product Page</a> <a href=3D"https://www.vulncheck.com/advisories/e= dimax-technology-ew-rpn-mini-unauthorized-access-wi-fi-password-disclosure"=
target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Edimax Technology E= W-7438RPn-v3 Mini 1.27 - Unauthorized Access: Wi-Fi Password Disclosure</a>= =C2=A0</td>
</tr>

<td class=3D"vendor-product">Tripath Project--eLection</td>
<td>eLection 2.0 contains an authenticated SQL injection vulnerability in t=
he candidate management endpoint that allows attackers to manipulate databa=
se queries through the 'id' parameter. Attackers can leverage SQLMap to exp= loit the vulnerability, potentially gaining remote code execution by upload= ing backdoor files to the web application directory.</td>
<td>2026-02-06</td>
<td>7.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37154" target=3D= "_blank" rel=3D"noopener">CVE-2020-37154</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48122" target=3D"_blank" rel= =3D"noopener">ExploitDB-48122</a> <a href=3D"https://sourceforge.net/pro= jects/election-by-tripath/" target=3D"_blank" rel=3D"noopener">eLection Pro= ject Vendor Homepage</a> <a href=3D"https://github.com/J3rryBl4nks/eLect= ion-TriPath-/blob/master/SQLiIntoRCE.md" target=3D"_blank" rel=3D"noopener"= >Researcher Exploit Disclosure</a> <a href=3D"https://www.vulncheck.com/= advisories/election-id-sql-injection" target=3D"_blank" rel=3D"noopener">Vu= lnCheck Advisory: eLection 2.0 - 'id' SQL Injection</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Core FTP--Core FTP Lite</td>
<td>Core FTP Lite 1.3 contains a buffer overflow vulnerability in the usern= ame input field that allows attackers to crash the application by supplying=
oversized input. Attackers can generate a 7000-byte payload of repeated 'A=
' characters to trigger an application crash without requiring additional i= nteraction.</td>
<td>2026-02-06</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37155" target=3D= "_blank" rel=3D"noopener">CVE-2020-37155</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48100" target=3D"_blank" rel= =3D"noopener">ExploitDB-48100</a> <a href=3D"http://www.coreftp.com/" ta= rget=3D"_blank" rel=3D"noopener">Core FTP Official Homepage</a> <a href= =3D"https://www.vulncheck.com/advisories/core-ftp-lite-denial-of-service-po=
c" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Core FTP Lite 1.3=
- Denial of Service (PoC)</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">DBPower--DBPower C300 HD Camera</td>
<td>DBPower C300 HD Camera contains a configuration disclosure vulnerabilit=
y that allows unauthenticated attackers to retrieve sensitive credentials t= hrough an unprotected configuration backup endpoint. Attackers can download=
the configuration file and extract hardcoded username and password by acce= ssing the /tmpfs/config_backup.bin resource.</td>
<td>2026-02-06</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37157" target=3D= "_blank" rel=3D"noopener">CVE-2020-37157</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48095" target=3D"_blank" rel= =3D"noopener">ExploitDB-48095</a> <a href=3D"https://web.archive.org/web= /20200620110617/https://donev.eu/blog/dbpower-c300-multiple-vulnerabilities=
" target=3D"_blank" rel=3D"noopener">Archived Researcher Blog</a> <a hre= f=3D"https://www.vulncheck.com/advisories/dbpower-c-hd-camera-remote-config= uration-disclosure" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: = DBPower C300 HD Camera - Remote Configuration Disclosure</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Innomic--VibroLine Configurator 5.0</td>
<td>A local attacker could cause a full device reset by resetting the devic=
e passwords using an invalid reset file via USB.</td>
<td>2026-02-02</td>
<td>7.7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2022-50976" target=3D= "_blank" rel=3D"noopener">CVE-2022-50976</a></td>

<a href=3D"https://www.innomic.com/.well-known/csaf/white/2026/ids-2026-000= 1.html" target=3D"_blank" rel=3D"noopener">https://www.innomic.com/.well-kn= own/csaf/white/2026/ids-2026-0001.html</a> <a href=3D"https://www.innomi= c.com/.well-known/csaf/white/2026/ids-2026-0001.json" target=3D"_blank" rel= =3D"noopener">https://www.innomic.com/.well-known/csaf/white/2026/ids-2026-= 0001.json</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Innomic--VibroLine VLX1 HD 5.0</td>
<td>An unauthenticated remote attacker could potentially disrupt operations=
by switching=C2=A0between multiple configuration presets via HTTP.</td> <td>2026-02-02</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2022-50977" target=3D= "_blank" rel=3D"noopener">CVE-2022-50977</a></td>

<a href=3D"https://www.innomic.com/.well-known/csaf/white/2026/ids-2026-000= 1.html" target=3D"_blank" rel=3D"noopener">https://www.innomic.com/.well-kn= own/csaf/white/2026/ids-2026-0001.html</a> <a href=3D"https://www.innomi= c.com/.well-known/csaf/white/2026/ids-2026-0001.json" target=3D"_blank" rel= =3D"noopener">https://www.innomic.com/.well-known/csaf/white/2026/ids-2026-= 0001.json</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Innomic--VibroLine VLX1 HD 5.0</td>
<td>An unauthenticated remote attacker could potentially disrupt operations=
by switching between multiple configuration presets via Modbus (TCP).</td> <td>2026-02-02</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2022-50978" target=3D= "_blank" rel=3D"noopener">CVE-2022-50978</a></td>

<a href=3D"https://www.innomic.com/.well-known/csaf/white/2026/ids-2026-000= 1.html" target=3D"_blank" rel=3D"noopener">https://www.innomic.com/.well-kn= own/csaf/white/2026/ids-2026-0001.html</a> <a href=3D"https://www.innomi= c.com/.well-known/csaf/white/2026/ids-2026-0001.json" target=3D"_blank" rel= =3D"noopener">https://www.innomic.com/.well-known/csaf/white/2026/ids-2026-= 0001.json</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Talemy--Spirit Framework</td>
<td>Improper Control of Filename for Include/Require Statement in PHP Progr=
am ('PHP Remote File Inclusion') vulnerability in Talemy Spirit Framework a= llows PHP Local File Inclusion. This issue affects Spirit Framework: from n=
/a through 1.2.13.</td>
<td>2026-02-02</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2024-54263" target=3D= "_blank" rel=3D"noopener">CVE-2024-54263</a></td>

<a href=3D"https://patchstack.com/database/wordpress/plugin/spirit-framewor= k/vulnerability/wordpress-spirit-framework-plugin-1-2-13-local-file-inclusi= on-vulnerability?_s_id=3Dcve" target=3D"_blank" rel=3D"noopener">https://pa= tchstack.com/database/wordpress/plugin/spirit-framework/vulnerability/wordp= ress-spirit-framework-plugin-1-2-13-local-file-inclusion-vulnerability?_s_i= d=3Dcve</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Zyxel--ATP series firmware</td>
<td>A post=E2=80=91authentication command injection vulnerability in the Dy= namic DNS (DDNS) configuration CLI command in Zyxel ATP series firmware ver= sions from V5.35 through V5.41, USG FLEX series firmware versions from V5.3=
5 through V5.41, USG FLEX 50(W) series firmware versions from V5.35 through=
V5.41, and USG20(W)-VPN series firmware versions from V5.35 through V5.41 = could allow an authenticated attacker with administrator privileges to exec= ute operating system (OS) commands on an affected device by supplying a spe= cially crafted string as an argument to the CLI command.</td> <td>2026-02-05</td>
<td>7.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-11730" target=3D= "_blank" rel=3D"noopener">CVE-2025-11730</a></td>

<a href=3D"https://www.zyxel.com/global/en/support/security-advisories/zyxe= l-security-advisory-for-post-authentication-command-injection-vulnerability= -in-the-ddns-configuration-cli-command-of-zld-firewalls-02-05-2026" target= =3D"_blank" rel=3D"noopener">https://www.zyxel.com/global/en/support/securi= ty-advisories/zyxel-security-advisory-for-post-authentication-command-injec= tion-vulnerability-in-the-ddns-configuration-cli-command-of-zld-firewalls-0= 2-05-2026</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">IBM--Business Automation Workflow containers</=

<td>IBM Business Automation Workflow containers V25.0.0 through V25.0.0-IF0= 07, V24.0.1 - V24.0.1-IF007, V24.0.0 - V24.0.0-IF007 and IBM Business Autom= ation Workflow traditional V25.0.0, V24.0.1, V24.0.0 is vulnerable to an XM=
L external entity injection (XXE) attack when processing XML data. A=C2=A0r= emote attacker could exploit this vulnerability to expose sensitive informa= tion or consume memory=C2=A0resources.</td>
<td>2026-02-02</td>
<td>7.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-13096" target=3D= "_blank" rel=3D"noopener">CVE-2025-13096</a></td>

<a href=3D"https://www.ibm.com/support/pages/node/7259321" target=3D"_blank=
" rel=3D"noopener">https://www.ibm.com/support/pages/node/7259321</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">Mattermost--Mattermost Confluence Plugin</td> <td>Mattermost Confluence plugin version <1.7.0 fails to properly escape=
user-controlled display names in HTML template rendering which allows auth= enticated Confluence users with malicious display names to execute arbitrar=
y JavaScript in victim browsers via sending a specially crafted OAuth2 conn= ection link that, when visited, renders the attacker's display name without=
proper sanitization. Mattermost Advisory ID: MMSA-2025-00557</td> <td>2026-02-06</td>
<td>7.7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-13523" target=3D= "_blank" rel=3D"noopener">CVE-2025-13523</a></td>

<a href=3D"https://mattermost.com/security-updates" target=3D"_blank" rel= =3D"noopener">MMSA-2025-00557</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">IBM--WebSphere Application Server Liberty</td> <td>IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1=C2= =A0could allow a privileged user to upload a zip archive containing path tr= aversal sequences resulting in an overwrite of files leading to arbitrary c= ode execution.</td>
<td>2026-02-02</td>
<td>7.6</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-14914" target=3D= "_blank" rel=3D"noopener">CVE-2025-14914</a></td>

<a href=3D"https://www.ibm.com/support/pages/node/7258224" target=3D"_blank=
" rel=3D"noopener">https://www.ibm.com/support/pages/node/7258224</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">infility--Infility Global</td>
<td>The Infility Global plugin for WordPress is vulnerable to unauthenticat=
ed SQL Injection via the 'infility_get_data' API action in all versions up = to, and including, 2.14.46. This is due to insufficient escaping on the use=
r supplied parameter and lack of sufficient preparation on the existing SQL=
query. This makes it possible for unauthenticated attackers to append - wi=
th certain server configurations - additional SQL queries into already exis= ting queries that can be used to extract sensitive information from the dat= abase.</td>
<td>2026-02-04</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15268" target=3D= "_blank" rel=3D"noopener">CVE-2025-15268</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/648941= b8-d1ab-4587-bd87-f23008ac9a00?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/648941b8-d1a= b-4587-bd87-f23008ac9a00?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/infility-global/trunk/include/class/db.class.php?ma= rks=3D41#L41" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordp= ress.org/browser/infility-global/trunk/include/class/db.class.php?marks=3D4= 1#L41</a> <a href=3D"https://plugins.trac.wordpress.org/browser/infility= -global/trunk/infility_global.php?marks=3D626#L626" target=3D"_blank" rel= =3D"noopener">https://plugins.trac.wordpress.org/browser/infility-global/tr= unk/infility_global.php?marks=3D626#L626</a> <a href=3D"https://plugins.= trac.wordpress.org/browser/infility-global/trunk/include/class/str.class.ph= p?marks=3D21#L21" target=3D"_blank" rel=3D"noopener">https://plugins.trac.w= ordpress.org/browser/infility-global/trunk/include/class/str.class.php?mark= s=3D21#L21</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">lupsonline--SEO Flow by LupsOnline</td>
<td>The SEO Flow by LupsOnline plugin for WordPress is vulnerable to unauth= orized modification of data due to a missing capability check on the checkB= logAuthentication() and checkCategoryAuthentication() functions in all vers= ions up to, and including, 2.2.1. These authorization functions only implem= ent basic API key authentication but fail to implement WordPress capability=
checks. This makes it possible for unauthenticated attackers to create, mo= dify, and delete blog posts and categories.</td>
<td>2026-02-04</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15285" target=3D= "_blank" rel=3D"noopener">CVE-2025-15285</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/526837= cc-ed1d-4d3d-8f75-a2098445dd1d?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/526837cc-ed1= d-4d3d-8f75-a2098445dd1d?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/lupsonline-link-netwerk/tags/2.2.1/includes/class-l= inknetwerk-api.php?marks=3D83-99,101-117#L83" target=3D"_blank" rel=3D"noop= ener">https://plugins.trac.wordpress.org/browser/lupsonline-link-netwerk/ta= gs/2.2.1/includes/class-linknetwerk-api.php?marks=3D83-99,101-117#L83</a><b= r>=C2=A0</td>
</tr>

<td class=3D"vendor-product">Tanium--Tanium Appliance</td>
<td>Tanium addressed an unauthorized code execution vulnerability in Tanium=
Appliance.</td>
<td>2026-02-05</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15311" target=3D= "_blank" rel=3D"noopener">CVE-2025-15311</a></td>

<a href=3D"https://security.tanium.com/TAN-2025-002" target=3D"_blank" rel= =3D"noopener">TAN-2025-002</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">n/a--Open5GS</td>
<td>A security flaw has been discovered in Open5GS up to 2.7.6. Affected by=
this vulnerability is the function hss_ogs_diam_cx_mar_cb of the file src/= hss/hss-cx-path.c of the component VoLTE Cx-Test. The manipulation of the a= rgument OGS_KEY_LEN results in stack-based buffer overflow. The attack may =
be launched remotely. The patch is identified as 54dda041211098730221d0ae20= a2f9f9173e7a21. A patch should be applied to remediate this issue.</td> <td>2026-02-04</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15555" target=3D= "_blank" rel=3D"noopener">CVE-2025-15555</a></td>

<a href=3D"https://vuldb.com/?id.343795" target=3D"_blank" rel=3D"noopener"= >VDB-343795 | Open5GS VoLTE Cx-Test hss-cx-path.c hss_ogs_diam_cx_mar_cb st= ack-based overflow</a> <a href=3D"https://vuldb.com/?ctiid.343795" targe= t=3D"_blank" rel=3D"noopener">VDB-343795 | CTI Indicators (IOB, IOC, IOA)</= a> <a href=3D"https://vuldb.com/?submit.741901" target=3D"_blank" rel=3D= "noopener">Submit #741901 | Open5GS v2.7.6 Buffer Over-read</a> <a href= =3D"https://github.com/open5gs/open5gs/issues/4177" target=3D"_blank" rel= =3D"noopener">https://github.com/open5gs/open5gs/issues/4177</a> <a href= =3D"https://github.com/open5gs/open5gs/issues/4177#event-21256395700" targe= t=3D"_blank" rel=3D"noopener">https://github.com/open5gs/open5gs/issues/417= 7#event-21256395700</a> <a href=3D"https://github.com/open5gs/open5gs/co= mmit/54dda041211098730221d0ae20a2f9f9173e7a21" target=3D"_blank" rel=3D"noo= pener">https://github.com/open5gs/open5gs/commit/54dda041211098730221d0ae20= a2f9f9173e7a21</a> <a href=3D"https://github.com/open5gs/open5gs/" targe= t=3D"_blank" rel=3D"noopener">https://github.com/open5gs/open5gs/</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">Qualcomm, Inc.--Snapdragon</td>
<td>Memory Corruption when user space address is modified and passed to mem= _free API, causing kernel memory to be freed inadvertently.</td> <td>2026-02-02</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-47358" target=3D= "_blank" rel=3D"noopener">CVE-2025-47358</a></td>

<a href=3D"https://docs.qualcomm.com/product/publicresources/securitybullet= in/february-2026-bulletin.html" target=3D"_blank" rel=3D"noopener">https://= docs.qualcomm.com/product/publicresources/securitybulletin/february-2026-bu= lletin.html</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Qualcomm, Inc.--Snapdragon</td>
<td>Memory Corruption when multiple threads simultaneously access a memory = free API.</td>
<td>2026-02-02</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-47359" target=3D= "_blank" rel=3D"noopener">CVE-2025-47359</a></td>

<a href=3D"https://docs.qualcomm.com/product/publicresources/securitybullet= in/february-2026-bulletin.html" target=3D"_blank" rel=3D"noopener">https://= docs.qualcomm.com/product/publicresources/securitybulletin/february-2026-bu= lletin.html</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Qualcomm, Inc.--Snapdragon</td>
<td>Cryptographic issue when a Trusted Zone with outdated code is triggered=
by a HLOS providing incorrect input.</td>
<td>2026-02-02</td>
<td>7.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-47366" target=3D= "_blank" rel=3D"noopener">CVE-2025-47366</a></td>

<a href=3D"https://docs.qualcomm.com/product/publicresources/securitybullet= in/february-2026-bulletin.html" target=3D"_blank" rel=3D"noopener">https://= docs.qualcomm.com/product/publicresources/securitybulletin/february-2026-bu= lletin.html</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Qualcomm, Inc.--Snapdragon</td>
<td>Memory Corruption when initiating GPU memory mapping using scatter-gath=
er lists due to unchecked IOMMU mapping errors.</td>
<td>2026-02-02</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-47397" target=3D= "_blank" rel=3D"noopener">CVE-2025-47397</a></td>

<a href=3D"https://docs.qualcomm.com/product/publicresources/securitybullet= in/february-2026-bulletin.html" target=3D"_blank" rel=3D"noopener">https://= docs.qualcomm.com/product/publicresources/securitybulletin/february-2026-bu= lletin.html</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Qualcomm, Inc.--Snapdragon</td>
<td>Memory Corruption while deallocating graphics processing unit memory bu= ffers due to improper handling of memory pointers.</td>
<td>2026-02-02</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-47398" target=3D= "_blank" rel=3D"noopener">CVE-2025-47398</a></td>

<a href=3D"https://docs.qualcomm.com/product/publicresources/securitybullet= in/february-2026-bulletin.html" target=3D"_blank" rel=3D"noopener">https://= docs.qualcomm.com/product/publicresources/securitybulletin/february-2026-bu= lletin.html</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Qualcomm, Inc.--Snapdragon</td>
<td>Memory Corruption while processing IOCTL call to update sensor property=
settings with invalid input parameters.</td>
<td>2026-02-02</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-47399" target=3D= "_blank" rel=3D"noopener">CVE-2025-47399</a></td>

<a href=3D"https://docs.qualcomm.com/product/publicresources/securitybullet= in/february-2026-bulletin.html" target=3D"_blank" rel=3D"noopener">https://= docs.qualcomm.com/product/publicresources/securitybulletin/february-2026-bu= lletin.html</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">n8n-io--n8n</td>
<td>n8n is an open source workflow automation platform. From version 1.65.0=
to before 1.114.3, the use of Buffer.allocUnsafe() and Buffer.allocUnsafeS= low() in the task runner allowed untrusted code to allocate uninitialized m= emory. Such uninitialized buffers could contain residual data from within t=
he same Node.js process (for example, data from prior requests, tasks, secr= ets, or tokens), resulting in potential information disclosure. This issue = has been patched in version 1.114.3.</td>
<td>2026-02-04</td>
<td>7.7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-61917" target=3D= "_blank" rel=3D"noopener">CVE-2025-61917</a></td>

<a href=3D"https://github.com/n8n-io/n8n/security/advisories/GHSA-49mx-fj45= -q3p6" target=3D"_blank" rel=3D"noopener">https://github.com/n8n-io/n8n/sec= urity/advisories/GHSA-49mx-fj45-q3p6</a> <a href=3D"https://github.com/n= 8n-io/n8n/commit/2c4c2953199733c791f739a40879ae31ca129aba" target=3D"_blank=
" rel=3D"noopener">https://github.com/n8n-io/n8n/commit/2c4c2953199733c791f= 739a40879ae31ca129aba</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">N/A--Moodle[.]org</td>
<td>A flaw was found in Moodle. This cross-site scripting (XSS) vulnerabili= ty, caused by improper sanitization of AI prompt responses, allows attacker=
s to inject malicious HTML or script into web pages. When other users view = these compromised pages, their sessions could be stolen, or the user interf= ace could be manipulated.</td>
<td>2026-02-03</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-67849" target=3D= "_blank" rel=3D"noopener">CVE-2025-67849</a></td>

<a href=3D"https://access.redhat.com/security/cve/CVE-2025-67849" target=3D= "_blank" rel=3D"noopener">https://access.redhat.com/security/cve/CVE-2025-6= 7849</a> <a href=3D"https://bugzilla.redhat.com/show_bug.cgi?id=3D242383=
5" target=3D"_blank" rel=3D"noopener">RHBZ#2423835</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">N/A--Moodle[.]org</td>
<td>A flaw was found in moodle. This vulnerability, known as Cross-Site Scr= ipting (XSS), occurs due to insufficient checks on user-provided data in th=
e formula editor's arithmetic expression fields. A remote attacker could in= ject malicious code into these fields. When other users view these expressi= ons, the malicious code would execute in their web browsers, potentially co= mpromising their data or leading to unauthorized actions.</td> <td>2026-02-03</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-67850" target=3D= "_blank" rel=3D"noopener">CVE-2025-67850</a></td>

<a href=3D"https://access.redhat.com/security/cve/CVE-2025-67850" target=3D= "_blank" rel=3D"noopener">https://access.redhat.com/security/cve/CVE-2025-6= 7850</a> <a href=3D"https://bugzilla.redhat.com/show_bug.cgi?id=3D242383=
8" target=3D"_blank" rel=3D"noopener">RHBZ#2423838</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">N/A--Moodle[.]org</td>
<td>A flaw was found in Moodle. A remote attacker could exploit a lack of p= roper rate limiting in the confirmation email service. This vulnerability a= llows attackers to more easily enumerate or guess user credentials, facilit= ating brute-force attacks against user accounts.</td>
<td>2026-02-03</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-67853" target=3D= "_blank" rel=3D"noopener">CVE-2025-67853</a></td>

<a href=3D"https://access.redhat.com/security/cve/CVE-2025-67853" target=3D= "_blank" rel=3D"noopener">https://access.redhat.com/security/cve/CVE-2025-6= 7853</a> <a href=3D"https://bugzilla.redhat.com/show_bug.cgi?id=3D242384=
7" target=3D"_blank" rel=3D"noopener">RHBZ#2423847</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">TriliumNext--Trilium</td>
<td>Trilium Notes is an open-source, cross-platform hierarchical note takin=
g application with focus on building large personal knowledge bases. Prior =
to 0.101.0, a critical timing attack vulnerability in Trilium's sync authen= tication endpoint allows unauthenticated remote attackers to recover HMAC a= uthentication hashes byte-by-byte through statistical timing analysis. This=
enables complete authentication bypass without password knowledge, grantin=
g full read/write access to victim's knowledge base. This vulnerability is = fixed in 0.101.0.</td>
<td>2026-02-06</td>
<td>7.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-68621" target=3D= "_blank" rel=3D"noopener">CVE-2025-68621</a></td>

<a href=3D"https://github.com/TriliumNext/Trilium/security/advisories/GHSA-= hxf6-58cx-qq3x" target=3D"_blank" rel=3D"noopener">https://github.com/Trili= umNext/Trilium/security/advisories/GHSA-hxf6-58cx-qq3x</a> <a href=3D"ht= tps://github.com/TriliumNext/Trilium/pull/8129" target=3D"_blank" rel=3D"no= opener">https://github.com/TriliumNext/Trilium/pull/8129</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Ofisimo Web-Based Software Technologies--Assoc= iation Web Package Flora</td>
<td>Improper Neutralization of Input During Web Page Generation (XSS or 'Cr= oss-site Scripting') vulnerability in Ofisimo Web-Based Software Technologi=
es Association Web Package Flora allows XSS Through HTTP Headers. This issu=
e affects Association Web Package Flora: from v3.0 through 03022026.=C2=A0N= OTE: The vendor was contacted early about this disclosure but did not respo=
nd in any way.</td>
<td>2026-02-03</td>
<td>7.6</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-7760" target=3D"= _blank" rel=3D"noopener">CVE-2025-7760</a></td>

<a href=3D"https://www.usom.gov.tr/bildirim/tr-26-0015" target=3D"_blank" r= el=3D"noopener">https://www.usom.gov.tr/bildirim/tr-26-0015</a> =C2=A0</=

</tr>

<td class=3D"vendor-product">Kod8 Software Technologies Trade Ltd. Co.--Kod=
8 Individual and SME Website</td>
<td>Improper Neutralization of Input During Web Page Generation (XSS or 'Cr= oss-site Scripting') vulnerability in Kod8 Software Technologies Trade Ltd.=
Co. Kod8 Individual and SME Website allows Reflected XSS. This issue affec=
ts Kod8 Individual and SME Website: through 03022026.=C2=A0 NOTE: The vendo=
r was contacted early about this disclosure but did not respond in any way.= </td>
<td>2026-02-03</td>
<td>7.6</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-8456" target=3D"= _blank" rel=3D"noopener">CVE-2025-8456</a></td>

<a href=3D"https://www.usom.gov.tr/bildirim/tr-26-0012" target=3D"_blank" r= el=3D"noopener">https://www.usom.gov.tr/bildirim/tr-26-0012</a> =C2=A0</=

</tr>

<td class=3D"vendor-product">Seres Software--syWEB</td>
<td>Improper Neutralization of Input During Web Page Generation (XSS or 'Cr= oss-site Scripting') vulnerability in Seres Software syWEB allows Reflected=
XSS. This issue affects syWEB: through 03022026.=C2=A0 NOTE: The vendor wa=
s contacted early about this disclosure but did not respond in any way.</td=

<td>2026-02-03</td>
<td>7.6</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-8461" target=3D"= _blank" rel=3D"noopener">CVE-2025-8461</a></td>

<a href=3D"https://www.usom.gov.tr/bildirim/tr-26-0013" target=3D"_blank" r= el=3D"noopener">https://www.usom.gov.tr/bildirim/tr-26-0013</a> =C2=A0</=

</tr>

<td class=3D"vendor-product">AKCE Software Technology R&D Industry and = Trade Inc.--SKSPro</td>
<td>Improper Neutralization of Input During Web Page Generation (XSS or 'Cr= oss-site Scripting') vulnerability in AKCE Software Technology R&D Indu= stry and Trade Inc. SKSPro allows Reflected XSS. This issue affects SKSPro:=
through 07012026.</td>
<td>2026-02-03</td>
<td>7.6</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-8589" target=3D"= _blank" rel=3D"noopener">CVE-2025-8589</a></td>

<a href=3D"https://www.usom.gov.tr/bildirim/tr-26-0011" target=3D"_blank" r= el=3D"noopener">https://www.usom.gov.tr/bildirim/tr-26-0011</a> =C2=A0</=

</tr>

<td class=3D"vendor-product">AKCE Software Technology R&D Industry and = Trade Inc.--SKSPro</td>
<td>Exposure of Sensitive Information to an Unauthorized Actor vulnerabilit=
y in AKCE Software Technology R&D Industry and Trade Inc. SKSPro allows=
Directory Indexing. This issue affects SKSPro: through 07012026.</td> <td>2026-02-03</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-8590" target=3D"= _blank" rel=3D"noopener">CVE-2025-8590</a></td>

<a href=3D"https://www.usom.gov.tr/bildirim/tr-26-0011" target=3D"_blank" r= el=3D"noopener">https://www.usom.gov.tr/bildirim/tr-26-0011</a> =C2=A0</=

</tr>

<td class=3D"vendor-product">Autodesk--3ds Max</td>
<td>A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, c=
an cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can=
leverage this vulnerability to execute arbitrary code in the context of th=
e current process.</td>
<td>2026-02-04</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-0536" target=3D"= _blank" rel=3D"noopener">CVE-2026-0536</a></td>

<a href=3D"https://www.autodesk.com/products/autodesk-access/overview" targ= et=3D"_blank" rel=3D"noopener">https://www.autodesk.com/products/autodesk-a= ccess/overview</a> <a href=3D"https://www.autodesk.com/trust/security-ad= visories/adsk-sa-2026-0002" target=3D"_blank" rel=3D"noopener">https://www.= autodesk.com/trust/security-advisories/adsk-sa-2026-0002</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Autodesk--3ds Max</td>
<td>A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, c=
an force a Memory Corruption vulnerability. A malicious actor can leverage = this vulnerability to execute arbitrary code in the context of the current = process.</td>
<td>2026-02-04</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-0537" target=3D"= _blank" rel=3D"noopener">CVE-2026-0537</a></td>

<a href=3D"https://www.autodesk.com/products/autodesk-access/overview" targ= et=3D"_blank" rel=3D"noopener">https://www.autodesk.com/products/autodesk-a= ccess/overview</a> <a href=3D"https://www.autodesk.com/trust/security-ad= visories/adsk-sa-2026-0002" target=3D"_blank" rel=3D"noopener">https://www.= autodesk.com/trust/security-advisories/adsk-sa-2026-0002</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Autodesk--3ds Max</td>
<td>A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, c=
an force an Out-of-Bounds Write vulnerability. A malicious actor can levera=
ge this vulnerability to execute arbitrary code in the context of the curre=
nt process.</td>
<td>2026-02-04</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-0538" target=3D"= _blank" rel=3D"noopener">CVE-2026-0538</a></td>

<a href=3D"https://www.autodesk.com/products/autodesk-access/overview" targ= et=3D"_blank" rel=3D"noopener">https://www.autodesk.com/products/autodesk-a= ccess/overview</a> <a href=3D"https://www.autodesk.com/trust/security-ad= visories/adsk-sa-2026-0002" target=3D"_blank" rel=3D"noopener">https://www.= autodesk.com/trust/security-advisories/adsk-sa-2026-0002</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">latepoint--LatePoint Calendar Booking Plugin f=
or Appointments and Events</td>
<td>The LatePoint - Calendar Booking Plugin for Appointments and Events plu= gin for WordPress is vulnerable to Stored Cross-Site Scripting via the cust= omer profile fields in all versions up to, and including, 5.2.5 due to insu= fficient input sanitization and output escaping. This makes it possible for=
unauthenticated attackers to inject arbitrary web scripts in pages that wi=
ll execute whenever an administrator views the customer's activity history.= </td>
<td>2026-02-03</td>
<td>7.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-0617" target=3D"= _blank" rel=3D"noopener">CVE-2026-0617</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/22bcfd= 36-ecf9-4d2c-ac94-94ffa0340c4c?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/22bcfd36-ecf= 9-4d2c-ac94-94ffa0340c4c?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/latepoint/tags/5.2.5/lib/views/activities/view.php#= L27" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/= browser/latepoint/tags/5.2.5/lib/views/activities/view.php#L27</a> <a hr= ef=3D"https://plugins.trac.wordpress.org/browser/latepoint/tags/5.2.5/lib/c= ontrollers/activities_controller.php" target=3D"_blank" rel=3D"noopener">ht= tps://plugins.trac.wordpress.org/browser/latepoint/tags/5.2.5/lib/controlle= rs/activities_controller.php</a> <a href=3D"https://plugins.trac.wordpre= ss.org/browser/latepoint/tags/5.2.5/lib/models/activity_model.php" target= =3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/browser/lat= epoint/tags/5.2.5/lib/models/activity_model.php</a> <a href=3D"https://p= lugins.trac.wordpress.org/changeset?sfp_email=3D&sfph_mail=3D&reponame=3D&n= ew=3D3449263%40latepoint%2Ftrunk&old=3D3408660%40latepoint%2Ftrunk&sfp_emai= l=3D&sfph_mail=3D" target=3D"_blank" rel=3D"noopener">https://plugins.trac.= wordpress.org/changeset?sfp_email=3D&sfph_mail=3D&reponame=3D&new=3D3449263= %40latepoint%2Ftrunk&old=3D3408660%40latepoint%2Ftrunk&sfp_email=3D&sfph_ma= il</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Autodesk--USD for Arnold</td>
<td>A maliciously crafted USD file, when loaded or imported into Autodesk A= rnold or Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. =
A malicious actor can leverage this vulnerability to execute arbitrary code=
in the context of the current process.</td>
<td>2026-02-04</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-0659" target=3D"= _blank" rel=3D"noopener">CVE-2026-0659</a></td>

<a href=3D"https://www.autodesk.com/products/autodesk-access/overview" targ= et=3D"_blank" rel=3D"noopener">https://www.autodesk.com/products/autodesk-a= ccess/overview</a> <a href=3D"https://github.com/Autodesk/arnold-usd" ta= rget=3D"_blank" rel=3D"noopener">https://github.com/Autodesk/arnold-usd</a>= <a href=3D"https://www.autodesk.com/trust/security-advisories/adsk-sa-2= 026-0003" target=3D"_blank" rel=3D"noopener">https://www.autodesk.com/trust= /security-advisories/adsk-sa-2026-0003</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Autodesk--3ds Max</td>
<td>A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, c=
an cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can=
leverage this vulnerability to execute arbitrary code in the context of th=
e current process.</td>
<td>2026-02-04</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-0660" target=3D"= _blank" rel=3D"noopener">CVE-2026-0660</a></td>

<a href=3D"https://www.autodesk.com/products/autodesk-access/overview" targ= et=3D"_blank" rel=3D"noopener">https://www.autodesk.com/products/autodesk-a= ccess/overview</a> <a href=3D"https://www.autodesk.com/trust/security-ad= visories/adsk-sa-2026-0002" target=3D"_blank" rel=3D"noopener">https://www.= autodesk.com/trust/security-advisories/adsk-sa-2026-0002</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Autodesk--3ds Max</td>
<td>A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, c=
an force a Memory Corruption vulnerability. A malicious actor can leverage = this vulnerability to execute arbitrary code in the context of the current = process.</td>
<td>2026-02-04</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-0661" target=3D"= _blank" rel=3D"noopener">CVE-2026-0661</a></td>

<a href=3D"https://www.autodesk.com/products/autodesk-access/overview" targ= et=3D"_blank" rel=3D"noopener">https://www.autodesk.com/products/autodesk-a= ccess/overview</a> <a href=3D"https://www.autodesk.com/trust/security-ad= visories/adsk-sa-2026-0002" target=3D"_blank" rel=3D"noopener">https://www.= autodesk.com/trust/security-advisories/adsk-sa-2026-0002</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Autodesk--3ds Max</td>
<td>A maliciously crafted project directory, when opening a max file in Aut= odesk 3ds Max, could lead to execution of arbitrary code in the context of = the current process due to an Untrusted Search Path being utilized.</td> <td>2026-02-04</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-0662" target=3D"= _blank" rel=3D"noopener">CVE-2026-0662</a></td>

<a href=3D"https://www.autodesk.com/products/autodesk-access/overview" targ= et=3D"_blank" rel=3D"noopener">https://www.autodesk.com/products/autodesk-a= ccess/overview</a> <a href=3D"https://www.autodesk.com/trust/security-ad= visories/adsk-sa-2026-0002" target=3D"_blank" rel=3D"noopener">https://www.= autodesk.com/trust/security-advisories/adsk-sa-2026-0002</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">10web--Form Maker by 10Web Mobile-Friendly Dra=
g & Drop Contact Form Builder</td>
<td>The Form Maker plugin for WordPress is vulnerable to Stored Cross-Site = Scripting via hidden field values in all versions up to, and including, 1.1= 5.35. This is due to insufficient output escaping when displaying hidden fi= eld values in the admin submissions list. The plugin uses html_entity_decod= e() on user-supplied hidden field values without subsequent escaping before=
output, which converts HTML entity-encoded payloads back into executable J= avaScript. This makes it possible for unauthenticated attackers to inject a= rbitrary web scripts in the admin submissions view that will execute whenev=
er an administrator accesses the submissions list.</td>
<td>2026-02-03</td>
<td>7.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1058" target=3D"= _blank" rel=3D"noopener">CVE-2026-1058</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/e0ec00= 27-2792-4069-b413-8fdd951f5fe7?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/e0ec0027-279= 2-4069-b413-8fdd951f5fe7?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/form-maker/tags/1.15.34/admin/views/Submissions_fm.= php#L759" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress= .org/browser/form-maker/tags/1.15.34/admin/views/Submissions_fm.php#L759</a= > <a href=3D"https://plugins.trac.wordpress.org/changeset?sfp_email=3D&s= fph_mail=3D&reponame=3D&new=3D3447011%40form-maker%2Ftrunk&old=3D3440395%40= form-maker%2Ftrunk&sfp_email=3D&sfph_mail=3D" target=3D"_blank" rel=3D"noop= ener">https://plugins.trac.wordpress.org/changeset?sfp_email=3D&sfph_mail= =3D&reponame=3D&new=3D3447011%40form-maker%2Ftrunk&old=3D3440395%40form-mak= er%2Ftrunk&sfp_email=3D&sfph_mail</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">10web--Form Maker by 10Web Mobile-Friendly Dra=
g & Drop Contact Form Builder</td>
<td>The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cr= oss-Site Scripting in all versions up to, and including, 1.15.35. This is d=
ue to the plugin's default file upload allowlist including SVG files combin=
ed with weak substring-based extension validation. This makes it possible f=
or unauthenticated attackers to upload malicious SVG files containing JavaS= cript code that will execute when viewed by administrators or site visitors=
via file upload fields in forms granted they can submit forms.</td> <td>2026-02-03</td>
<td>7.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1065" target=3D"= _blank" rel=3D"noopener">CVE-2026-1065</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/8230d5= f8-01d9-465a-8a43-e9852248bb3d?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/8230d5f8-01d= 9-465a-8a43-e9852248bb3d?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/form-maker/tags/1.15.34/js/add_field.js#L2364" targ= et=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/browser/f= orm-maker/tags/1.15.34/js/add_field.js#L2364</a> <a href=3D"https://plug= ins.trac.wordpress.org/browser/form-maker/tags/1.15.34/frontend/models/form= _maker.php#L1744" target=3D"_blank" rel=3D"noopener">https://plugins.trac.w= ordpress.org/browser/form-maker/tags/1.15.34/frontend/models/form_maker.php= #L1744</a> <a href=3D"https://plugins.trac.wordpress.org/browser/form-ma= ker/tags/1.15.34/frontend/models/form_maker.php#L1855" target=3D"_blank" re= l=3D"noopener">https://plugins.trac.wordpress.org/browser/form-maker/tags/1= .15.34/frontend/models/form_maker.php#L1855</a> <a href=3D"https://plugi= ns.trac.wordpress.org/changeset?sfp_email=3D&sfph_mail=3D&reponame=3D&new= =3D3447011%40form-maker%2Ftrunk&old=3D3440395%40form-maker%2Ftrunk&sfp_emai= l=3D&sfph_mail=3D" target=3D"_blank" rel=3D"noopener">https://plugins.trac.= wordpress.org/changeset?sfp_email=3D&sfph_mail=3D&reponame=3D&new=3D3447011= %40form-maker%2Ftrunk&old=3D3440395%40form-maker%2Ftrunk&sfp_email=3D&sfph_= mail</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">bplugins--All In One Image Viewer Block Gutenb= erg block to create image viewer with hyperlink</td>
<td>The All In One Image Viewer Block plugin for WordPress is vulnerable to=
Server-Side Request Forgery in all versions up to, and including, 1.0.2 du=
e to missing authorization and URL validation on the image-proxy REST API e= ndpoint. This makes it possible for unauthenticated attackers to make web r= equests to arbitrary locations originating from the web application and can=
be used to query and modify information from internal services.</td> <td>2026-02-05</td>
<td>7.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1294" target=3D"= _blank" rel=3D"noopener">CVE-2026-1294</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/7c3f71= 08-eb32-425a-a705-4f032e7da6b0?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/7c3f7108-eb3= 2-425a-a705-4f032e7da6b0?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/image-viewer/tags/1.0.2/image-viewer-block.php#L10"=
target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/brow= ser/image-viewer/tags/1.0.2/image-viewer-block.php#L10</a> <a href=3D"ht= tps://plugins.trac.wordpress.org/changeset/3449642/image-viewer/tags/1.0.3/= image-viewer-block.php?old=3D3405983&old_path=3Dimage-viewer%2Ftags%2F1.0.2= %2Fimage-viewer-block.php" target=3D"_blank" rel=3D"noopener">https://plugi= ns.trac.wordpress.org/changeset/3449642/image-viewer/tags/1.0.3/image-viewe= r-block.php?old=3D3405983&old_path=3Dimage-viewer%2Ftags%2F1.0.2%2Fimage-vi= ewer-block.php</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">pgadmin.org--pgAdmin 4</td>
<td>pgAdmin versions 9.11 are affected by a Restore restriction bypass via = key disclosure vulnerability that occurs when running in server mode and pe= rforming restores from PLAIN-format dump files. An attacker with access to = the pgAdmin web interface can observe an active restore operation, extract = the `\restrict` key in real time, and race the restore process by overwriti=
ng the restore script with a payload that re-enables meta-commands using `\= unrestrict <key>`. This results in reliable command execution on the = pgAdmin host during the restore operation.</td>
<td>2026-02-05</td>
<td>7.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1707" target=3D"= _blank" rel=3D"noopener">CVE-2026-1707</a></td>

<a href=3D"https://github.com/pgadmin-org/pgadmin4/issues/9518" target=3D"_= blank" rel=3D"noopener">https://github.com/pgadmin-org/pgadmin4/issues/9518= </a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">EFM--ipTIME A8004T</td>
<td>A vulnerability was found in EFM ipTIME A8004T 14.18.2. This impacts th=
e function httpcon_check_session_url of the file /cgi/timepro.cgi of the co= mponent Hidden Hiddenloginsetup Interface. The manipulation results in impr= oper authentication. The attack may be performed from remote. The exploit h=
as been made public and could be used. The vendor was contacted early about=
this disclosure but did not respond in any way.</td>
<td>2026-02-02</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1740" target=3D"= _blank" rel=3D"noopener">CVE-2026-1740</a></td>

<a href=3D"https://vuldb.com/?id.343639" target=3D"_blank" rel=3D"noopener"= >VDB-343639 | EFM ipTIME A8004T Hidden Hiddenloginsetup timepro.cgi httpcon= _check_session_url improper authentication</a> <a href=3D"https://vuldb.= com/?ctiid.343639" target=3D"_blank" rel=3D"noopener">VDB-343639 | CTI Indi= cators (IOB, IOC, IOA)</a> <a href=3D"https://vuldb.com/?submit.741422" = target=3D"_blank" rel=3D"noopener">Submit #741422 | IPTIME A8004T 14.18.2 A= uthentication Bypass & Arbitrary Password Reset</a> <a href=3D"https= ://github.com/LX-LX88/cve/issues/27" target=3D"_blank" rel=3D"noopener">htt= ps://github.com/LX-LX88/cve/issues/27</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">AWS--SageMaker Python SDK</td>
<td>The Amazon SageMaker Python SDK before v3.2.0 and v2.256.0 includes the=
ModelBuilder HMAC signing key in the cleartext response elements of the De= scribeTrainingJob function. A third party with permissions to both call thi=
s API and permissions to modify objects in the Training Jobs S3 output loca= tion may have the ability to upload arbitrary artifacts which are executed = the next time the Training Job is invoked.</td>
<td>2026-02-02</td>
<td>7.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1777" target=3D"= _blank" rel=3D"noopener">CVE-2026-1777</a></td>

<a href=3D"https://aws.amazon.com/security/security-bulletins/2026-004-AWS/=
" target=3D"_blank" rel=3D"noopener">https://aws.amazon.com/security/securi= ty-bulletins/2026-004-AWS/</a> <a href=3D"https://github.com/aws/sagemak= er-python-sdk/security/advisories/GHSA-rjrp-m2jw-pv9c" target=3D"_blank" re= l=3D"noopener">https://github.com/aws/sagemaker-python-sdk/security/advisor= ies/GHSA-rjrp-m2jw-pv9c</a> <a href=3D"https://github.com/aws/sagemaker-= python-sdk/releases/tag/v3.2.0" target=3D"_blank" rel=3D"noopener">https://= github.com/aws/sagemaker-python-sdk/releases/tag/v3.2.0</a> <a href=3D"h= ttps://github.com/aws/sagemaker-python-sdk/releases/tag/v2.256.0" target=3D= "_blank" rel=3D"noopener">https://github.com/aws/sagemaker-python-sdk/relea= ses/tag/v2.256.0</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Ziroom--ZHOME A0101</td>
<td>A security flaw has been discovered in Ziroom ZHOME A0101 1.0.1.0. This=
issue affects the function macAddrClone of the file luci\controller\api\zr= MacClone.lua. The manipulation of the argument macType results in command i= njection. The attack may be launched remotely. The exploit has been release=
d to the public and may be used for attacks. The vendor was contacted early=
about this disclosure but did not respond in any way.</td>
<td>2026-02-03</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1802" target=3D"= _blank" rel=3D"noopener">CVE-2026-1802</a></td>

<a href=3D"https://vuldb.com/?id.343975" target=3D"_blank" rel=3D"noopener"= >VDB-343975 | Ziroom ZHOME A0101 zrMacClone.lua macAddrClone command inject= ion</a> <a href=3D"https://vuldb.com/?ctiid.343975" target=3D"_blank" re= l=3D"noopener">VDB-343975 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a h= ref=3D"https://vuldb.com/?submit.741842" target=3D"_blank" rel=3D"noopener"= >Submit #741842 | https://sh.ziroom.com/ ZHOME A0101 Command Injection</a><= br><a href=3D"https://github.com/jinhao118/cve/blob/main/ziru_router_comman= d_injection.md" target=3D"_blank" rel=3D"noopener">https://github.com/jinha= o118/cve/blob/main/ziru_router_command_injection.md</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">itsourcecode--Student Management System</td>
<td>A vulnerability was found in itsourcecode Student Management System 1.0=
. The affected element is an unknown function of the file /ramonsys/enrollm= ent/controller.php. The manipulation of the argument ID results in sql inje= ction. The attack can be launched remotely. The exploit has been made publi=
c and could be used.</td>
<td>2026-02-06</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2011" target=3D"= _blank" rel=3D"noopener">CVE-2026-2011</a></td>

<a href=3D"https://vuldb.com/?id.344593" target=3D"_blank" rel=3D"noopener"= >VDB-344593 | itsourcecode Student Management System controller.php sql inj= ection</a> <a href=3D"https://vuldb.com/?ctiid.344593" target=3D"_blank"=
rel=3D"noopener">VDB-344593 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <=
a href=3D"https://vuldb.com/?submit.743498" target=3D"_blank" rel=3D"noopen= er">Submit #743498 | itsourcecode Student Management System V1.0 SQL Inject= ion</a> <a href=3D"https://github.com/tianrenu/CVE-Discoveries/issues/1"=
target=3D"_blank" rel=3D"noopener">https://github.com/tianrenu/CVE-Discove= ries/issues/1</a> <a href=3D"https://itsourcecode.com/" target=3D"_blank=
" rel=3D"noopener">https://itsourcecode.com/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Cisco--Cisco RoomOS Software</td>
<td>A vulnerability in the text rendering subsystem of Cisco TelePresence C= ollaboration Endpoint (CE) Software and Cisco RoomOS Software could allow a=
n unauthenticated, remote attacker to cause a denial of service (DoS) condi= tion on an affected device. This vulnerability is due to insufficient valid= ation of input received by an affected device. An attacker could exploit th=
is vulnerability by getting the affected device to render crafted text, for=
example, a crafted meeting invitation. As indicated in the CVSS score, no = user interaction is required, such as accepting the meeting invitation. A s= uccessful exploit could allow the attacker to cause the affected device to = reload, resulting in a DoS condition.</td>
<td>2026-02-04</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-20119" target=3D= "_blank" rel=3D"noopener">CVE-2026-20119</a></td>

<a href=3D"https://sec.cloudapps.cisco.com/security/center/content/CiscoSec= urityAdvisory/cisco-sa-tce-roomos-dos-9V9jrC2q" target=3D"_blank" rel=3D"no= opener">cisco-sa-tce-roomos-dos-9V9jrC2q</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">itsourcecode--Student Management System</td>
<td>A vulnerability was determined in itsourcecode Student Management Syste=
m 1.0. The impacted element is an unknown function of the file /ramonsys/fa= cultyloading/index.php. This manipulation of the argument ID causes sql inj= ection. The attack may be initiated remotely. The exploit has been publicly=
disclosed and may be utilized.</td>
<td>2026-02-06</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2012" target=3D"= _blank" rel=3D"noopener">CVE-2026-2012</a></td>

<a href=3D"https://vuldb.com/?id.344594" target=3D"_blank" rel=3D"noopener"= >VDB-344594 | itsourcecode Student Management System index.php sql injectio= n</a> <a href=3D"https://vuldb.com/?ctiid.344594" target=3D"_blank" rel= =3D"noopener">VDB-344594 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a hr= ef=3D"https://vuldb.com/?submit.743499" target=3D"_blank" rel=3D"noopener">= Submit #743499 | itsourcecode Student Management System V1.0 SQL Injection<= /a> <a href=3D"https://github.com/tianrenu/CVE-Discoveries/issues/2" tar= get=3D"_blank" rel=3D"noopener">https://github.com/tianrenu/CVE-Discoveries= /issues/2</a> <a href=3D"https://itsourcecode.com/" target=3D"_blank" re= l=3D"noopener">https://itsourcecode.com/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">itsourcecode--Student Management System</td>
<td>A vulnerability was identified in itsourcecode Student Management Syste=
m 1.0. This affects an unknown function of the file /ramonsys/soa/index.php=
. Such manipulation of the argument ID leads to sql injection. The attack m=
ay be launched remotely. The exploit is publicly available and might be use= d.</td>
<td>2026-02-06</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2013" target=3D"= _blank" rel=3D"noopener">CVE-2026-2013</a></td>

<a href=3D"https://vuldb.com/?id.344595" target=3D"_blank" rel=3D"noopener"= >VDB-344595 | itsourcecode Student Management System index.php sql injectio= n</a> <a href=3D"https://vuldb.com/?ctiid.344595" target=3D"_blank" rel= =3D"noopener">VDB-344595 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a hr= ef=3D"https://vuldb.com/?submit.743500" target=3D"_blank" rel=3D"noopener">= Submit #743500 | itsourcecode Student Management System V1.0 SQL Injection<= /a> <a href=3D"https://github.com/tianrenu/CVE-Discoveries/issues/3" tar= get=3D"_blank" rel=3D"noopener">https://github.com/tianrenu/CVE-Discoveries= /issues/3</a> <a href=3D"https://itsourcecode.com/" target=3D"_blank" re= l=3D"noopener">https://itsourcecode.com/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">itsourcecode--Student Management System</td>
<td>A security flaw has been discovered in itsourcecode Student Management = System 1.0. This impacts an unknown function of the file /ramonsys/billing/= index.php. Performing a manipulation of the argument ID results in sql inje= ction. Remote exploitation of the attack is possible. The exploit has been = released to the public and may be used for attacks.</td>
<td>2026-02-06</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2014" target=3D"= _blank" rel=3D"noopener">CVE-2026-2014</a></td>

<a href=3D"https://vuldb.com/?id.344596" target=3D"_blank" rel=3D"noopener"= >VDB-344596 | itsourcecode Student Management System index.php sql injectio= n</a> <a href=3D"https://vuldb.com/?ctiid.344596" target=3D"_blank" rel= =3D"noopener">VDB-344596 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a hr= ef=3D"https://vuldb.com/?submit.744048" target=3D"_blank" rel=3D"noopener">= Submit #744048 | itsourcecode Student Management System V1.0 SQL Injection<= /a> <a href=3D"https://github.com/ltranquility/CVE/issues/35" target=3D"= _blank" rel=3D"noopener">https://github.com/ltranquility/CVE/issues/35</a><= br><a href=3D"https://itsourcecode.com/" target=3D"_blank" rel=3D"noopener"= >https://itsourcecode.com/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">itsourcecode--School Management System</td>
<td>A flaw has been found in itsourcecode School Management System 1.0. Thi=
s affects an unknown part of the file /ramonsys/settings/controller.php. Th=
is manipulation of the argument ID causes sql injection. It is possible to = initiate the attack remotely. The exploit has been published and may be use= d.</td>
<td>2026-02-06</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2018" target=3D"= _blank" rel=3D"noopener">CVE-2026-2018</a></td>

<a href=3D"https://vuldb.com/?id.344600" target=3D"_blank" rel=3D"noopener"= >VDB-344600 | itsourcecode School Management System controller.php sql inje= ction</a> <a href=3D"https://vuldb.com/?ctiid.344600" target=3D"_blank" = rel=3D"noopener">VDB-344600 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a=
href=3D"https://vuldb.com/?submit.744075" target=3D"_blank" rel=3D"noopene= r">Submit #744075 | itsourcecode School Management System V1.0 SQL Injectio= n</a> <a href=3D"https://github.com/ltranquility/CVE/issues/36" target= =3D"_blank" rel=3D"noopener">https://github.com/ltranquility/CVE/issues/36<= /a> <a href=3D"https://itsourcecode.com/" target=3D"_blank" rel=3D"noope= ner">https://itsourcecode.com/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">SourceCodester--Medical Center Portal Manageme=
nt System</td>
<td>A vulnerability was detected in SourceCodester Medical Center Portal Ma= nagement System 1.0. This affects an unknown function of the file /login.ph=
p. The manipulation of the argument User results in sql injection. The atta=
ck can be executed remotely. The exploit is now public and may be used.</td=

<td>2026-02-06</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2057" target=3D"= _blank" rel=3D"noopener">CVE-2026-2057</a></td>

<a href=3D"https://vuldb.com/?id.344617" target=3D"_blank" rel=3D"noopener"= >VDB-344617 | SourceCodester Medical Center Portal Management System login.= php sql injection</a> <a href=3D"https://vuldb.com/?ctiid.344617" target= =3D"_blank" rel=3D"noopener">VDB-344617 | CTI Indicators (IOB, IOC, TTP, IO= A)</a> <a href=3D"https://vuldb.com/?submit.744233" target=3D"_blank" re= l=3D"noopener">Submit #744233 | SourceCodester Medical Center Portal Manage= ment System 1.0 SQL Injection</a> <a href=3D"https://github.com/Roger-Ad= ventures/CVE/issues/1" target=3D"_blank" rel=3D"noopener">https://github.co= m/Roger-Adventures/CVE/issues/1</a> <a href=3D"https://www.sourcecodeste= r.com/" target=3D"_blank" rel=3D"noopener">https://www.sourcecodester.com/<= /a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">mathurvishal--CloudClassroom-PHP-Project</td> <td>A flaw has been found in mathurvishal CloudClassroom-PHP-Project up to = 5dadec098bfbbf3300d60c3494db3fb95b66e7be. This impacts an unknown function =
of the file /postquerypublic.php of the component Post Query Details Page. = This manipulation of the argument gnamex causes sql injection. The attack i=
s possible to be carried out remotely. The exploit has been published and m=
ay be used. This product adopts a rolling release strategy to maintain cont= inuous delivery. Therefore, version details for affected or updated release=
s cannot be specified. The vendor was contacted early about this disclosure=
but did not respond in any way.</td>
<td>2026-02-06</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2058" target=3D"= _blank" rel=3D"noopener">CVE-2026-2058</a></td>

<a href=3D"https://vuldb.com/?id.344618" target=3D"_blank" rel=3D"noopener"= >VDB-344618 | mathurvishal CloudClassroom-PHP-Project Post Query Details po= stquerypublic.php sql injection</a> <a href=3D"https://vuldb.com/?ctiid.= 344618" target=3D"_blank" rel=3D"noopener">VDB-344618 | CTI Indicators (IOB=
, IOC, TTP, IOA)</a> <a href=3D"https://vuldb.com/?submit.744236" target= =3D"_blank" rel=3D"noopener">Submit #744236 | https://github.com/mathurvish= al/CloudClassroom-PHP-Project CloudClassroom PHP Project 1.0 SQL Injection<= /a> <a href=3D"https://github.com/carlosalbertotuma/CLOUD-CLASSROOMS-php= -1.0" target=3D"_blank" rel=3D"noopener">https://github.com/carlosalbertotu= ma/CLOUD-CLASSROOMS-php-1.0</a> <a href=3D"https://github.com/carlosalbe= rtotuma/CLOUD-CLASSROOMS-php-1.0#impact" target=3D"_blank" rel=3D"noopener"= >https://github.com/carlosalbertotuma/CLOUD-CLASSROOMS-php-1.0#impact</a><b= r>=C2=A0</td>
</tr>

<td class=3D"vendor-product">SourceCodester--Medical Center Portal Manageme=
nt System</td>
<td>A vulnerability has been found in SourceCodester Medical Center Portal = Management System 1.0. Affected is an unknown function of the file /emp_edi= t1.php. Such manipulation of the argument ID leads to sql injection. The at= tack may be performed from remote. The exploit has been disclosed to the pu= blic and may be used.</td>
<td>2026-02-06</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2059" target=3D"= _blank" rel=3D"noopener">CVE-2026-2059</a></td>

<a href=3D"https://vuldb.com/?id.344619" target=3D"_blank" rel=3D"noopener"= >VDB-344619 | SourceCodester Medical Center Portal Management System emp_ed= it1.php sql injection</a> <a href=3D"https://vuldb.com/?ctiid.344619" ta= rget=3D"_blank" rel=3D"noopener">VDB-344619 | CTI Indicators (IOB, IOC, TTP=
, IOA)</a> <a href=3D"https://vuldb.com/?submit.744261" target=3D"_blank=
" rel=3D"noopener">Submit #744261 | SourceCodester Medical Center Portal Ma= nagement System 1.0 SQL Injection</a> <a href=3D"https://github.com/Roge= r-Adventures/CVE/issues/2" target=3D"_blank" rel=3D"noopener">https://githu= b.com/Roger-Adventures/CVE/issues/2</a> <a href=3D"https://www.sourcecod= ester.com/" target=3D"_blank" rel=3D"noopener">https://www.sourcecodester.c= om/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">code-projects--Simple Blood Donor Management S= ystem</td>
<td>A vulnerability was found in code-projects Simple Blood Donor Managemen=
t System 1.0. Affected by this vulnerability is an unknown functionality of=
the file /simpleblooddonor/editcampaignform.php. Performing a manipulation=
of the argument ID results in sql injection. It is possible to initiate th=
e attack remotely. The exploit has been made public and could be used.</td> <td>2026-02-06</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2060" target=3D"= _blank" rel=3D"noopener">CVE-2026-2060</a></td>

<a href=3D"https://vuldb.com/?id.344620" target=3D"_blank" rel=3D"noopener"= >VDB-344620 | code-projects Simple Blood Donor Management System editcampai= gnform.php sql injection</a> <a href=3D"https://vuldb.com/?ctiid.344620"=
target=3D"_blank" rel=3D"noopener">VDB-344620 | CTI Indicators (IOB, IOC, = TTP, IOA)</a> <a href=3D"https://vuldb.com/?submit.744262" target=3D"_bl= ank" rel=3D"noopener">Submit #744262 | code-projects Simple Blood Donor Man= agement System V1.0 SQL Injection</a> <a href=3D"https://github.com/kyxh= 001/CVE/issues/1" target=3D"_blank" rel=3D"noopener">https://github.com/kyx= h001/CVE/issues/1</a> <a href=3D"https://code-projects.org/" target=3D"_= blank" rel=3D"noopener">https://code-projects.org/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">itsourcecode--School Management System</td>
<td>A vulnerability was determined in itsourcecode School Management System=
1.0. This affects an unknown function of the file /ramonsys/user/index.php=
. Executing a manipulation of the argument ID can lead to sql injection. Th=
e attack may be performed from remote. The exploit has been publicly disclo= sed and may be utilized.</td>
<td>2026-02-07</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2073" target=3D"= _blank" rel=3D"noopener">CVE-2026-2073</a></td>

<a href=3D"https://vuldb.com/?id.344639" target=3D"_blank" rel=3D"noopener"= >VDB-344639 | itsourcecode School Management System index.php sql injection= </a> <a href=3D"https://vuldb.com/?ctiid.344639" target=3D"_blank" rel= =3D"noopener">VDB-344639 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a hr= ef=3D"https://vuldb.com/?submit.745482" target=3D"_blank" rel=3D"noopener">= Submit #745482 | itsourcecode School Management System V1.0 SQL Injection</= a> <a href=3D"https://github.com/Sherlocksbs/CVE/issues/1" target=3D"_bl= ank" rel=3D"noopener">https://github.com/Sherlocksbs/CVE/issues/1</a> <a=
href=3D"https://itsourcecode.com/" target=3D"_blank" rel=3D"noopener">http= s://itsourcecode.com/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">UTT--HiPER 810</td>
<td>A vulnerability has been found in UTT HiPER 810 1.7.4-141218. This issu=
e affects the function setSysAdm of the file /goform/formUser. The manipula= tion of the argument passwd1 leads to command injection. Remote exploitatio=
n of the attack is possible. The exploit has been disclosed to the public a=
nd may be used. The vendor was contacted early about this disclosure but di=
d not respond in any way.</td>
<td>2026-02-07</td>
<td>7.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2080" target=3D"= _blank" rel=3D"noopener">CVE-2026-2080</a></td>

<a href=3D"https://vuldb.com/?id.344646" target=3D"_blank" rel=3D"noopener"= >VDB-344646 | UTT HiPER 810 formUser setSysAdm command injection</a> <a = href=3D"https://vuldb.com/?ctiid.344646" target=3D"_blank" rel=3D"noopener"= >VDB-344646 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a href=3D"https:/= /vuldb.com/?submit.745521" target=3D"_blank" rel=3D"noopener">Submit #74552=
1 | UTT HiPER 810 / nv810v4 nv810v4v1.7.4-141218 Command Injection</a> <=
a href=3D"https://github.com/cha0yang1/UTT810CVE/blob/main/README.md" targe= t=3D"_blank" rel=3D"noopener">https://github.com/cha0yang1/UTT810CVE/blob/m= ain/README.md</a> <a href=3D"https://github.com/cha0yang1/UTT810CVE/blob= /main/README.md#reproduction-steps" target=3D"_blank" rel=3D"noopener">http= s://github.com/cha0yang1/UTT810CVE/blob/main/README.md#reproduction-steps</= a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">code-projects--Social Networking Site</td>
<td>A security flaw has been discovered in code-projects Social Networking = Site 1.0. This affects an unknown function of the file /delete_post.php. Pe= rforming a manipulation of the argument ID results in sql injection. It is = possible to initiate the attack remotely. The exploit has been released to = the public and may be used for attacks.</td>
<td>2026-02-07</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2083" target=3D"= _blank" rel=3D"noopener">CVE-2026-2083</a></td>

<a href=3D"https://vuldb.com/?id.344650" target=3D"_blank" rel=3D"noopener"= >VDB-344650 | code-projects Social Networking Site delete_post.php sql inje= ction</a> <a href=3D"https://vuldb.com/?ctiid.344650" target=3D"_blank" = rel=3D"noopener">VDB-344650 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a=
href=3D"https://vuldb.com/?submit.745937" target=3D"_blank" rel=3D"noopene= r">Submit #745937 | code-projects Social Networking Site V1.0 SQL Injection= </a> <a href=3D"https://github.com/6Justdododo6/CVE/issues/1" target=3D"= _blank" rel=3D"noopener">https://github.com/6Justdododo6/CVE/issues/1</a><b= r><a href=3D"https://code-projects.org/" target=3D"_blank" rel=3D"noopener"= >https://code-projects.org/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">D-Link--DIR-823X</td>
<td>A weakness has been identified in D-Link DIR-823X 250416. This impacts =
an unknown function of the file /goform/set_language. Executing a manipulat= ion of the argument langSelection can lead to os command injection. It is p= ossible to launch the attack remotely. The exploit has been made available =
to the public and could be used for attacks.</td>
<td>2026-02-07</td>
<td>7.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2084" target=3D"= _blank" rel=3D"noopener">CVE-2026-2084</a></td>

<a href=3D"https://vuldb.com/?id.344651" target=3D"_blank" rel=3D"noopener"= >VDB-344651 | D-Link DIR-823X set_language os command injection</a> <a h= ref=3D"https://vuldb.com/?ctiid.344651" target=3D"_blank" rel=3D"noopener">= VDB-344651 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a href=3D"https://= vuldb.com/?submit.746379" target=3D"_blank" rel=3D"noopener">Submit #746379=
| D-Link DIR 250416 OS Command Injection</a> <a href=3D"https://vuldb.c= om/?submit.746380" target=3D"_blank" rel=3D"noopener">Submit #746380 | D-Li=
nk DIR-823X 250416 OS Command Injection (Duplicate)</a> <a href=3D"https= ://github.com/master-abc/cve/issues/24" target=3D"_blank" rel=3D"noopener">= https://github.com/master-abc/cve/issues/24</a> <a href=3D"https://www.d= link.com/" target=3D"_blank" rel=3D"noopener">https://www.dlink.com/</a><br= >=C2=A0</td>
</tr>

<td class=3D"vendor-product">D-Link--DWR-M921</td>
<td>A security vulnerability has been detected in D-Link DWR-M921 1.1.50. A= ffected is the function sub_419F20 of the file /boafrm/formUSSDSetup of the=
component USSD Configuration Endpoint. The manipulation of the argument us= sdValue leads to command injection. The attack can be initiated remotely. T=
he exploit has been disclosed publicly and may be used.</td> <td>2026-02-07</td>
<td>7.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2085" target=3D"= _blank" rel=3D"noopener">CVE-2026-2085</a></td>

<a href=3D"https://vuldb.com/?id.344652" target=3D"_blank" rel=3D"noopener"= >VDB-344652 | D-Link DWR-M921 USSD Configuration Endpoint formUSSDSetup sub= _419F20 command injection</a> <a href=3D"https://vuldb.com/?ctiid.344652=
" target=3D"_blank" rel=3D"noopener">VDB-344652 | CTI Indicators (IOB, IOC,=
TTP, IOA)</a> <a href=3D"https://vuldb.com/?submit.746400" target=3D"_b= lank" rel=3D"noopener">Submit #746400 | D-Link DWR-M921 V1.1.50 Command Inj= ection</a> <a href=3D"https://github.com/LX-66-LX/cve-new/issues/1" targ= et=3D"_blank" rel=3D"noopener">https://github.com/LX-66-LX/cve-new/issues/1= </a> <a href=3D"https://github.com/LX-66-LX/cve-new/issues/1#issue-38513= 45029" target=3D"_blank" rel=3D"noopener">https://github.com/LX-66-LX/cve-n= ew/issues/1#issue-3851345029</a> <a href=3D"https://www.dlink.com/" targ= et=3D"_blank" rel=3D"noopener">https://www.dlink.com/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">SourceCodester--Online Class Record System</td=

<td>A flaw has been found in SourceCodester Online Class Record System 1.0.=
Affected by this issue is some unknown functionality of the file /admin/lo= gin.php. This manipulation of the argument user_email causes sql injection.=
The attack may be initiated remotely. The exploit has been published and m=
ay be used.</td>
<td>2026-02-07</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2087" target=3D"= _blank" rel=3D"noopener">CVE-2026-2087</a></td>

<a href=3D"https://vuldb.com/?id.344654" target=3D"_blank" rel=3D"noopener"= >VDB-344654 | SourceCodester Online Class Record System login.php sql injec= tion</a> <a href=3D"https://vuldb.com/?ctiid.344654" target=3D"_blank" r= el=3D"noopener">VDB-344654 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a = href=3D"https://vuldb.com/?submit.746510" target=3D"_blank" rel=3D"noopener= ">Submit #746510 | SourceCodester Online Class Record System 1.0 SQL Inject= ion</a> <a href=3D"https://github.com/xiaoccm07/cve/issues/1" target=3D"= _blank" rel=3D"noopener">https://github.com/xiaoccm07/cve/issues/1</a> <=
a href=3D"https://www.sourcecodester.com/" target=3D"_blank" rel=3D"noopene= r">https://www.sourcecodester.com/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">PHPGurukul--Beauty Parlour Management System</=

<td>A vulnerability has been found in PHPGurukul Beauty Parlour Management = System 1.1. This affects an unknown part of the file /admin/accepted-appoin= tment.php. Such manipulation of the argument delid leads to sql injection. = The attack may be launched remotely. The exploit has been disclosed to the = public and may be used.</td>
<td>2026-02-07</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2088" target=3D"= _blank" rel=3D"noopener">CVE-2026-2088</a></td>

<a href=3D"https://vuldb.com/?id.344655" target=3D"_blank" rel=3D"noopener"= >VDB-344655 | PHPGurukul Beauty Parlour Management System accepted-appointm= ent.php sql injection</a> <a href=3D"https://vuldb.com/?ctiid.344655" ta= rget=3D"_blank" rel=3D"noopener">VDB-344655 | CTI Indicators (IOB, IOC, TTP=
, IOA)</a> <a href=3D"https://vuldb.com/?submit.746520" target=3D"_blank=
" rel=3D"noopener">Submit #746520 | PHPgurukul Beauty Parlour Management Sy= stem V1.1 SQL Injection</a> <a href=3D"https://github.com/Shaon-Xis/cve/= issues/1" target=3D"_blank" rel=3D"noopener">https://github.com/Shaon-Xis/c= ve/issues/1</a> <a href=3D"https://phpgurukul.com/" target=3D"_blank" re= l=3D"noopener">https://phpgurukul.com/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">SourceCodester--Online Class Record System</td=

<td>A vulnerability was found in SourceCodester Online Class Record System = 1.0. This vulnerability affects unknown code of the file /admin/subject/con= troller.php. Performing a manipulation of the argument ID results in sql in= jection. Remote exploitation of the attack is possible. The exploit has bee=
n made public and could be used.</td>
<td>2026-02-07</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2089" target=3D"= _blank" rel=3D"noopener">CVE-2026-2089</a></td>

<a href=3D"https://vuldb.com/?id.344656" target=3D"_blank" rel=3D"noopener"= >VDB-344656 | SourceCodester Online Class Record System controller.php sql = injection</a> <a href=3D"https://vuldb.com/?ctiid.344656" target=3D"_bla= nk" rel=3D"noopener">VDB-344656 | CTI Indicators (IOB, IOC, TTP, IOA)</a><b= r><a href=3D"https://vuldb.com/?submit.746550" target=3D"_blank" rel=3D"noo= pener">Submit #746550 | SourceCodester Online Class Record System 1.0 SQL I= njection</a> <a href=3D"https://github.com/xiaoccm07/cve/issues/2" targe= t=3D"_blank" rel=3D"noopener">https://github.com/xiaoccm07/cve/issues/2</a>= <a href=3D"https://www.sourcecodester.com/" target=3D"_blank" rel=3D"no= opener">https://www.sourcecodester.com/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">SourceCodester--Online Class Record System</td=

<td>A vulnerability was determined in SourceCodester Online Class Record Sy= stem 1.0. This issue affects some unknown processing of the file /admin/mes= sage/search.php. Executing a manipulation of the argument term can lead to = sql injection. The attack can be executed remotely. The exploit has been pu= blicly disclosed and may be utilized.</td>
<td>2026-02-07</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2090" target=3D"= _blank" rel=3D"noopener">CVE-2026-2090</a></td>

<a href=3D"https://vuldb.com/?id.344657" target=3D"_blank" rel=3D"noopener"= >VDB-344657 | SourceCodester Online Class Record System search.php sql inje= ction</a> <a href=3D"https://vuldb.com/?ctiid.344657" target=3D"_blank" = rel=3D"noopener">VDB-344657 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a=
href=3D"https://vuldb.com/?submit.746551" target=3D"_blank" rel=3D"noopene= r">Submit #746551 | SourceCodester Online Class Record System 1.0 SQL Injec= tion</a> <a href=3D"https://github.com/xiaoccm07/cve/issues/3" target=3D= "_blank" rel=3D"noopener">https://github.com/xiaoccm07/cve/issues/3</a> =
<a href=3D"https://www.sourcecodester.com/" target=3D"_blank" rel=3D"noopen= er">https://www.sourcecodester.com/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Infor--SyteLine ERP</td>
<td>Infor SyteLine ERP uses hard-coded static cryptographic keys to encrypt=
stored credentials, including user passwords, database connection strings,=
and API keys. The encryption keys are identical across all installations. =
An attacker with access to the application binary and database can decrypt = all stored credentials.</td>
<td>2026-02-06</td>
<td>7.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2103" target=3D"= _blank" rel=3D"noopener">CVE-2026-2103</a></td>

<a href=3D"https://blog.blacklanternsecurity.com/p/cve-2026-2103-infor-syte= line-erp" target=3D"_blank" rel=3D"noopener">https://blog.blacklanternsecur= ity.com/p/cve-2026-2103-infor-syteline-erp</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">yuan1994--tpadmin</td>
<td>A security vulnerability has been detected in yuan1994 tpadmin up to 1.= 3.12. This affects an unknown part in the library /public/static/admin/lib/= webuploader/0.1.5/server/preview.php of the component WebUploader. The mani= pulation leads to deserialization. The attack is possible to be carried out=
remotely. The exploit has been disclosed publicly and may be used. This vu= lnerability only affects products that are no longer supported by the maint= ainer.</td>
<td>2026-02-07</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2113" target=3D"= _blank" rel=3D"noopener">CVE-2026-2113</a></td>

<a href=3D"https://vuldb.com/?id.344688" target=3D"_blank" rel=3D"noopener"= >VDB-344688 | yuan1994 tpadmin WebUploader preview.php deserialization</a><= br><a href=3D"https://vuldb.com/?ctiid.344688" target=3D"_blank" rel=3D"noo= pener">VDB-344688 | CTI Indicators (IOB, IOC, IOA)</a> <a href=3D"https:= //vuldb.com/?submit.746795" target=3D"_blank" rel=3D"noopener">Submit #7467=
95 | https://github.com/yuan1994/tpadmin cms v1.3 RCE</a> <a href=3D"htt= ps://github.com/sTy1H/CVE-Report/blob/main/Remote%20Code%20Execution%20Vuln= erability%20in%20Tpadmin%20System.md" target=3D"_blank" rel=3D"noopener">ht= tps://github.com/sTy1H/CVE-Report/blob/main/Remote%20Code%20Execution%20Vul= nerability%20in%20Tpadmin%20System.md</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">itsourcecode--Society Management System</td>
<td>A vulnerability was detected in itsourcecode Society Management System = 1.0. This vulnerability affects unknown code of the file /admin/edit_admin.= php. The manipulation of the argument admin_id results in sql injection. Th=
e attack may be performed from remote. The exploit is now public and may be=
used.</td>
<td>2026-02-07</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2114" target=3D"= _blank" rel=3D"noopener">CVE-2026-2114</a></td>

<a href=3D"https://vuldb.com/?id.344689" target=3D"_blank" rel=3D"noopener"= >VDB-344689 | itsourcecode Society Management System edit_admin.php sql inj= ection</a> <a href=3D"https://vuldb.com/?ctiid.344689" target=3D"_blank"=
rel=3D"noopener">VDB-344689 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <=
a href=3D"https://vuldb.com/?submit.746796" target=3D"_blank" rel=3D"noopen= er">Submit #746796 | itsourcecode Society Management System V1.0 SQL inject= ion</a> <a href=3D"https://github.com/zpf7029/oblong/issues/3" target=3D= "_blank" rel=3D"noopener">https://github.com/zpf7029/oblong/issues/3</a><br= ><a href=3D"https://itsourcecode.com/" target=3D"_blank" rel=3D"noopener">h= ttps://itsourcecode.com/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">itsourcecode--Society Management System</td>
<td>A flaw has been found in itsourcecode Society Management System 1.0. Th=
is issue affects some unknown processing of the file /admin/delete_expenses= .php. This manipulation of the argument expenses_id causes sql injection. I=
t is possible to initiate the attack remotely. The exploit has been publish=
ed and may be used.</td>
<td>2026-02-07</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2115" target=3D"= _blank" rel=3D"noopener">CVE-2026-2115</a></td>

<a href=3D"https://vuldb.com/?id.344690" target=3D"_blank" rel=3D"noopener"= >VDB-344690 | itsourcecode Society Management System delete_expenses.php sq=
l injection</a> <a href=3D"https://vuldb.com/?ctiid.344690" target=3D"_b= lank" rel=3D"noopener">VDB-344690 | CTI Indicators (IOB, IOC, TTP, IOA)</a>= <a href=3D"https://vuldb.com/?submit.746797" target=3D"_blank" rel=3D"n= oopener">Submit #746797 | itsourcecode Society Management System V1.0 SQL i= njection</a> <a href=3D"https://github.com/zpf7029/oblong/issues/2" targ= et=3D"_blank" rel=3D"noopener">https://github.com/zpf7029/oblong/issues/2</= a> <a href=3D"https://itsourcecode.com/" target=3D"_blank" rel=3D"noopen= er">https://itsourcecode.com/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">itsourcecode--Society Management System</td>
<td>A vulnerability has been found in itsourcecode Society Management Syste=
m 1.0. Impacted is an unknown function of the file /admin/edit_expenses.php=
. Such manipulation of the argument expenses_id leads to sql injection. It =
is possible to launch the attack remotely. The exploit has been disclosed t=
o the public and may be used.</td>
<td>2026-02-07</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2116" target=3D"= _blank" rel=3D"noopener">CVE-2026-2116</a></td>

<a href=3D"https://vuldb.com/?id.344691" target=3D"_blank" rel=3D"noopener"= >VDB-344691 | itsourcecode Society Management System edit_expenses.php sql = injection</a> <a href=3D"https://vuldb.com/?ctiid.344691" target=3D"_bla= nk" rel=3D"noopener">VDB-344691 | CTI Indicators (IOB, IOC, TTP, IOA)</a><b= r><a href=3D"https://vuldb.com/?submit.746798" target=3D"_blank" rel=3D"noo= pener">Submit #746798 | itsourcecode Society Management System V1.0 SQL inj= ection</a> <a href=3D"https://github.com/zpf7029/oblong/issues/1" target= =3D"_blank" rel=3D"noopener">https://github.com/zpf7029/oblong/issues/1</a>= <a href=3D"https://itsourcecode.com/" target=3D"_blank" rel=3D"noopener= ">https://itsourcecode.com/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">itsourcecode--Society Management System</td>
<td>A vulnerability was found in itsourcecode Society Management System 1.0=
. The affected element is an unknown function of the file /admin/edit_activ= ity.php. Performing a manipulation of the argument activity_id results in s=
ql injection. The attack can be initiated remotely. The exploit has been ma=
de public and could be used.</td>
<td>2026-02-07</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2117" target=3D"= _blank" rel=3D"noopener">CVE-2026-2117</a></td>

<a href=3D"https://vuldb.com/?id.344692" target=3D"_blank" rel=3D"noopener"= >VDB-344692 | itsourcecode Society Management System edit_activity.php sql = injection</a> <a href=3D"https://vuldb.com/?ctiid.344692" target=3D"_bla= nk" rel=3D"noopener">VDB-344692 | CTI Indicators (IOB, IOC, TTP, IOA)</a><b= r><a href=3D"https://vuldb.com/?submit.746884" target=3D"_blank" rel=3D"noo= pener">Submit #746884 | itsourcecode Society Management System V1.0 SQL inj= ection</a> <a href=3D"https://github.com/ZooNJarway/CVE/issues/4" target= =3D"_blank" rel=3D"noopener">https://github.com/ZooNJarway/CVE/issues/4</a>= <a href=3D"https://itsourcecode.com/" target=3D"_blank" rel=3D"noopener= ">https://itsourcecode.com/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">UTT--HiPER 810</td>
<td>A vulnerability was determined in UTT HiPER 810 1.7.4-141218. The impac= ted element is the function sub_4407D4 of the file /goform/formReleaseConne=
ct of the component rehttpd. Executing a manipulation of the argument Isp_N= ame can lead to command injection. The attack can be launched remotely. The=
exploit has been publicly disclosed and may be utilized.</td> <td>2026-02-08</td>
<td>7.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2118" target=3D"= _blank" rel=3D"noopener">CVE-2026-2118</a></td>

<a href=3D"https://vuldb.com/?id.344693" target=3D"_blank" rel=3D"noopener"= >VDB-344693 | UTT HiPER 810 rehttpd formReleaseConnect sub_4407D4 command i= njection</a> <a href=3D"https://vuldb.com/?ctiid.344693" target=3D"_blan=
k" rel=3D"noopener">VDB-344693 | CTI Indicators (IOB, IOC, TTP, IOA)</a><br= ><a href=3D"https://vuldb.com/?submit.746802" target=3D"_blank" rel=3D"noop= ener">Submit #746802 | UTT (=E8=89=BE=E6=B3=B0) HiPER 810 nv810v4v1.7.4-141= 218 Command Injection</a> <a href=3D"https://github.com/cha0yang1/UTT810= CVE/blob/main/CVEreadme1.md" target=3D"_blank" rel=3D"noopener">https://git= hub.com/cha0yang1/UTT810CVE/blob/main/CVEreadme1.md</a> <a href=3D"https= ://github.com/cha0yang1/UTT810CVE/blob/main/CVEreadme1.md#poc" target=3D"_b= lank" rel=3D"noopener">https://github.com/cha0yang1/UTT810CVE/blob/main/CVE= readme1.md#poc</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">D-Link--DIR-823X</td>
<td>A vulnerability was identified in D-Link DIR-823X 250416. This affects =
an unknown function of the file /goform/set_server_settings of the componen=
t Configuration Parameter Handler. The manipulation of the argument termina= l_addr/server_ip/server_port leads to os command injection. The attack may =
be initiated remotely. The exploit is publicly available and might be used.= </td>
<td>2026-02-08</td>
<td>7.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2120" target=3D"= _blank" rel=3D"noopener">CVE-2026-2120</a></td>

<a href=3D"https://vuldb.com/?id.344694" target=3D"_blank" rel=3D"noopener"= >VDB-344694 | D-Link DIR-823X Configuration Parameter set_server_settings o=
s command injection</a> <a href=3D"https://vuldb.com/?ctiid.344694" targ= et=3D"_blank" rel=3D"noopener">VDB-344694 | CTI Indicators (IOB, IOC, TTP, = IOA)</a> <a href=3D"https://vuldb.com/?submit.746916" target=3D"_blank" = rel=3D"noopener">Submit #746916 | D-Link DIR-823X 250416 OS Command Injecti= on</a> <a href=3D"https://github.com/master-abc/cve/issues/26" target=3D= "_blank" rel=3D"noopener">https://github.com/master-abc/cve/issues/26</a><b= r><a href=3D"https://www.dlink.com/" target=3D"_blank" rel=3D"noopener">htt= ps://www.dlink.com/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">D-Link--DIR-823X</td>
<td>A vulnerability was found in D-Link DIR-823X 250416. Affected by this i= ssue is some unknown functionality of the file /goform/set_ac_status. Perfo= rming a manipulation of the argument ac_ipaddr/ac_ipstatus/ap_randtime resu= lts in os command injection. The attack may be initiated remotely. The expl= oit has been made public and could be used.</td>
<td>2026-02-08</td>
<td>7.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2129" target=3D"= _blank" rel=3D"noopener">CVE-2026-2129</a></td>

<a href=3D"https://vuldb.com/?id.344764" target=3D"_blank" rel=3D"noopener"= >VDB-344764 | D-Link DIR-823X set_ac_status os command injection</a> <a = href=3D"https://vuldb.com/?ctiid.344764" target=3D"_blank" rel=3D"noopener"= >VDB-344764 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a href=3D"https:/= /vuldb.com/?submit.746935" target=3D"_blank" rel=3D"noopener">Submit #74693=
5 | D-Link DIR-823X 250416 OS Command Injection</a> <a href=3D"https://g= ithub.com/master-abc/cve/issues/23" target=3D"_blank" rel=3D"noopener">http= s://github.com/master-abc/cve/issues/23</a> <a href=3D"https://www.dlink= .com/" target=3D"_blank" rel=3D"noopener">https://www.dlink.com/</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">code-projects--Online Music Site</td>
<td>A security flaw has been discovered in code-projects Online Music Site = 1.0. This issue affects some unknown processing of the file /Administrator/= PHP/AdminUpdateCategory.php. The manipulation of the argument txtcat result=
s in sql injection. The attack can be executed remotely. The exploit has be=
en released to the public and may be used for attacks.</td>
<td>2026-02-08</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2132" target=3D"= _blank" rel=3D"noopener">CVE-2026-2132</a></td>

<a href=3D"https://vuldb.com/?id.344767" target=3D"_blank" rel=3D"noopener"= >VDB-344767 | code-projects Online Music Site AdminUpdateCategory.php sql i= njection</a> <a href=3D"https://vuldb.com/?ctiid.344767" target=3D"_blan=
k" rel=3D"noopener">VDB-344767 | CTI Indicators (IOB, IOC, TTP, IOA)</a><br= ><a href=3D"https://vuldb.com/?submit.747210" target=3D"_blank" rel=3D"noop= ener">Submit #747210 | code-projects ONLINE MUSIC SITE V1.0 SQL Injection</= a> <a href=3D"https://github.com/Volije/AdminUpdateCategory/issues/1" ta= rget=3D"_blank" rel=3D"noopener">https://github.com/Volije/AdminUpdateCateg= ory/issues/1</a> <a href=3D"https://code-projects.org/" target=3D"_blank=
" rel=3D"noopener">https://code-projects.org/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">code-projects--Online Music Site</td>
<td>A weakness has been identified in code-projects Online Music Site 1.0. = Impacted is an unknown function of the file /Administrator/PHP/AdminUpdateC= ategory.php. This manipulation of the argument txtimage causes unrestricted=
upload. The attack is possible to be carried out remotely. The exploit has=
been made available to the public and could be used for attacks.</td> <td>2026-02-08</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2133" target=3D"= _blank" rel=3D"noopener">CVE-2026-2133</a></td>

<a href=3D"https://vuldb.com/?id.344768" target=3D"_blank" rel=3D"noopener"= >VDB-344768 | code-projects Online Music Site AdminUpdateCategory.php unres= tricted upload</a> <a href=3D"https://vuldb.com/?ctiid.344768" target=3D= "_blank" rel=3D"noopener">VDB-344768 | CTI Indicators (IOB, IOC, TTP, IOA)<= /a> <a href=3D"https://vuldb.com/?submit.747213" target=3D"_blank" rel= =3D"noopener">Submit #747213 | code-projects ONLINE MUSIC SITE V1.0 Arbitra=
ry file upload vulnerability</a> <a href=3D"https://github.com/Volije/cv= e2/issues/1" target=3D"_blank" rel=3D"noopener">https://github.com/Volije/c= ve2/issues/1</a> <a href=3D"https://code-projects.org/" target=3D"_blank=
" rel=3D"noopener">https://code-projects.org/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">projectworlds--Online Food Ordering System</td=

<td>A flaw has been found in projectworlds Online Food Ordering System 1.0.=
This affects an unknown function of the file /view-ticket.php. Executing a=
manipulation of the argument ID can lead to sql injection. It is possible =
to launch the attack remotely. The exploit has been published and may be us= ed.</td>
<td>2026-02-08</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2136" target=3D"= _blank" rel=3D"noopener">CVE-2026-2136</a></td>

<a href=3D"https://vuldb.com/?id.344771" target=3D"_blank" rel=3D"noopener"= >VDB-344771 | projectworlds Online Food Ordering System view-ticket.php sql=
injection</a> <a href=3D"https://vuldb.com/?ctiid.344771" target=3D"_bl= ank" rel=3D"noopener">VDB-344771 | CTI Indicators (IOB, IOC, TTP, IOA)</a><= br><a href=3D"https://vuldb.com/?submit.747230" target=3D"_blank" rel=3D"no= opener">Submit #747230 | projectworlds Online Food Ordering System Project =
in PHP V1.0 SQL Injection</a> <a href=3D"https://github.com/hater-us/CVE= /issues/4" target=3D"_blank" rel=3D"noopener">https://github.com/hater-us/C= VE/issues/4</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">D-Link--DIR-823X</td>
<td>A weakness has been identified in D-Link DIR-823X 250416. This vulnerab= ility affects the function sub_420688 of the file /goform/set_qos. Executin=
g a manipulation can lead to os command injection. The attack can be execut=
ed remotely. The exploit has been made available to the public and could be=
used for attacks.</td>
<td>2026-02-08</td>
<td>7.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2142" target=3D"= _blank" rel=3D"noopener">CVE-2026-2142</a></td>

<a href=3D"https://vuldb.com/?id.344777" target=3D"_blank" rel=3D"noopener"= >VDB-344777 | D-Link DIR-823X set_qos sub_420688 os command injection</a><b= r><a href=3D"https://vuldb.com/?ctiid.344777" target=3D"_blank" rel=3D"noop= ener">VDB-344777 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a href=3D"ht= tps://vuldb.com/?submit.747428" target=3D"_blank" rel=3D"noopener">Submit #= 747428 | D-Link DIR-823X 250416 OS Command Injection</a> <a href=3D"http= s://github.com/master-abc/cve/issues/29" target=3D"_blank" rel=3D"noopener"= >https://github.com/master-abc/cve/issues/29</a> <a href=3D"https://www.= dlink.com/" target=3D"_blank" rel=3D"noopener">https://www.dlink.com/</a><b= r>=C2=A0</td>
</tr>

<td class=3D"vendor-product">D-Link--DIR-823X</td>
<td>A security vulnerability has been detected in D-Link DIR-823X 250416. T= his issue affects some unknown processing of the file /goform/set_ddns of t=
he component DDNS Service. The manipulation of the argument ddnsType/ddnsDo= mainName/ddnsUserName/ddnsPwd leads to os command injection. The attack is = possible to be carried out remotely. The exploit has been disclosed publicl=
y and may be used.</td>
<td>2026-02-08</td>
<td>7.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2143" target=3D"= _blank" rel=3D"noopener">CVE-2026-2143</a></td>

<a href=3D"https://vuldb.com/?id.344778" target=3D"_blank" rel=3D"noopener"= >VDB-344778 | D-Link DIR-823X DDNS Service set_ddns os command injection</a= > <a href=3D"https://vuldb.com/?ctiid.344778" target=3D"_blank" rel=3D"n= oopener">VDB-344778 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a href=3D= "https://vuldb.com/?submit.747492" target=3D"_blank" rel=3D"noopener">Submi=
t #747492 | D-Link DIR-823X 250416 OS Command Injection</a> <a href=3D"h= ttps://github.com/master-abc/cve/issues/25" target=3D"_blank" rel=3D"noopen= er">https://github.com/master-abc/cve/issues/25</a> <a href=3D"https://w= ww.dlink.com/" target=3D"_blank" rel=3D"noopener">https://www.dlink.com/</a= > =C2=A0</td>
</tr>

<td class=3D"vendor-product">D-Link--DIR-615</td>
<td>A vulnerability has been found in D-Link DIR-615 4.10. This affects an = unknown part of the file adv_firewall.php of the component DMZ Host Feature=
. Such manipulation of the argument dmz_ipaddr=C2=A0 leads to os command in= jection. The attack can be launched remotely. The exploit has been disclose=
d to the public and may be used. This vulnerability only affects products t= hat are no longer supported by the maintainer.</td>
<td>2026-02-08</td>
<td>7.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2151" target=3D"= _blank" rel=3D"noopener">CVE-2026-2151</a></td>

<a href=3D"https://vuldb.com/?id.344853" target=3D"_blank" rel=3D"noopener"= >VDB-344853 | D-Link DIR-615 DMZ Host Feature adv_firewall.php os command i= njection</a> <a href=3D"https://vuldb.com/?ctiid.344853" target=3D"_blan=
k" rel=3D"noopener">VDB-344853 | CTI Indicators (IOB, IOC, TTP, IOA)</a><br= ><a href=3D"https://vuldb.com/?submit.748031" target=3D"_blank" rel=3D"noop= ener">Submit #748031 | Dlink DIR-615 v4.10 OS Command Injection</a> <a h= ref=3D"https://pentagonal-time-3a7.notion.site/DIR-615-OS-Command-Injection= -2f6e5dd4c5a58053b2b4f166c2a503ba" target=3D"_blank" rel=3D"noopener">https= ://pentagonal-time-3a7.notion.site/DIR-615-OS-Command-Injection-2f6e5dd4c5a= 58053b2b4f166c2a503ba</a> <a href=3D"https://www.dlink.com/" target=3D"_= blank" rel=3D"noopener">https://www.dlink.com/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">D-Link--DIR-615</td>
<td>A vulnerability was found in D-Link DIR-615 4.10. This vulnerability af= fects unknown code of the file adv_routing.php of the component Web Configu= ration Interface. Performing a manipulation of the argument dest_ip/=C2=A0s= ubmask/=C2=A0gw results in os command injection. The attack may be initiate=
d remotely. The exploit has been made public and could be used. This vulner= ability only affects products that are no longer supported by the maintaine= r.</td>
<td>2026-02-08</td>
<td>7.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2152" target=3D"= _blank" rel=3D"noopener">CVE-2026-2152</a></td>

<a href=3D"https://vuldb.com/?id.344854" target=3D"_blank" rel=3D"noopener"= >VDB-344854 | D-Link DIR-615 Web Configuration adv_routing.php os command i= njection</a> <a href=3D"https://vuldb.com/?ctiid.344854" target=3D"_blan=
k" rel=3D"noopener">VDB-344854 | CTI Indicators (IOB, IOC, TTP, IOA)</a><br= ><a href=3D"https://vuldb.com/?submit.748032" target=3D"_blank" rel=3D"noop= ener">Submit #748032 | Dlink DIR-615 v4.10 OS Command Injection</a> <a h= ref=3D"https://pentagonal-time-3a7.notion.site/DIR-615-routing-command-inje= ction-2f6e5dd4c5a580089587f5e78a1bbf70?pvs=3D74" target=3D"_blank" rel=3D"n= oopener">https://pentagonal-time-3a7.notion.site/DIR-615-routing-command-in= jection-2f6e5dd4c5a580089587f5e78a1bbf70?pvs=3D74</a> <a href=3D"https:/= /www.dlink.com/" target=3D"_blank" rel=3D"noopener">https://www.dlink.com/<= /a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">D-Link--DIR-823X</td>
<td>A security flaw has been discovered in D-Link DIR-823X 250416. The affe= cted element is the function sub_4208A0 of the file /goform/set_dmz of the = component Configuration Handler. The manipulation of the argument dmz_host/= dmz_enable results in os command injection. The attack can be executed remo= tely. The exploit has been released to the public and may be used for attac= ks.</td>
<td>2026-02-08</td>
<td>7.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2155" target=3D"= _blank" rel=3D"noopener">CVE-2026-2155</a></td>

<a href=3D"https://vuldb.com/?id.344857" target=3D"_blank" rel=3D"noopener"= >VDB-344857 | D-Link DIR-823X Configuration set_dmz sub_4208A0 os command i= njection</a> <a href=3D"https://vuldb.com/?ctiid.344857" target=3D"_blan=
k" rel=3D"noopener">VDB-344857 | CTI Indicators (IOB, IOC, TTP, IOA)</a><br= ><a href=3D"https://vuldb.com/?submit.748236" target=3D"_blank" rel=3D"noop= ener">Submit #748236 | D-Link DIR-823X 250416 OS Command Injection</a> <=
a href=3D"https://vuldb.com/?submit.750038" target=3D"_blank" rel=3D"noopen= er">Submit #750038 | D-Link DIR-823X 250416 OS Command Injection (Duplicate= )</a> <a href=3D"https://github.com/master-abc/cve/issues/32" target=3D"= _blank" rel=3D"noopener">https://github.com/master-abc/cve/issues/32</a><br= ><a href=3D"https://www.dlink.com/" target=3D"_blank" rel=3D"noopener">http= s://www.dlink.com/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">D-Link--DIR-823X</td>
<td>A security vulnerability has been detected in D-Link DIR-823X 250416. T= his affects the function sub_4175CC of the file /goform/set_static_route_ta= ble. Such manipulation of the argument interface/destip/netmask/gateway/met= ric leads to os command injection. The attack may be performed from remote.=
The exploit has been disclosed publicly and may be used.</td> <td>2026-02-08</td>
<td>7.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2157" target=3D"= _blank" rel=3D"noopener">CVE-2026-2157</a></td>

<a href=3D"https://vuldb.com/?id.344859" target=3D"_blank" rel=3D"noopener"= >VDB-344859 | D-Link DIR-823X set_static_route_table sub_4175CC os command = injection</a> <a href=3D"https://vuldb.com/?ctiid.344859" target=3D"_bla= nk" rel=3D"noopener">VDB-344859 | CTI Indicators (IOB, IOC, TTP, IOA)</a><b= r><a href=3D"https://vuldb.com/?submit.748376" target=3D"_blank" rel=3D"noo= pener">Submit #748376 | D-Link DIR-823X 250416 OS Command Injection</a> =
<a href=3D"https://github.com/master-abc/cve/issues/28" target=3D"_blank" r= el=3D"noopener">https://github.com/master-abc/cve/issues/28</a> <a href= =3D"https://www.dlink.com/" target=3D"_blank" rel=3D"noopener">https://www.= dlink.com/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">code-projects--Student Web Portal</td>
<td>A vulnerability was detected in code-projects Student Web Portal 1.0. T= his impacts an unknown function of the file /check_user.php. Performing a m= anipulation of the argument Username results in sql injection. It is possib=
le to initiate the attack remotely.</td>
<td>2026-02-08</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2158" target=3D"= _blank" rel=3D"noopener">CVE-2026-2158</a></td>

<a href=3D"https://vuldb.com/?id.344860" target=3D"_blank" rel=3D"noopener"= >VDB-344860 | code-projects Student Web Portal check_user.php sql injection= </a> <a href=3D"https://vuldb.com/?ctiid.344860" target=3D"_blank" rel= =3D"noopener">VDB-344860 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a hr= ef=3D"https://vuldb.com/?submit.748816" target=3D"_blank" rel=3D"noopener">= Submit #748816 | code-projects.org STUDENT WEB PORTAL IN PHP WITH SOURCE CO=
DE 1.0 SQL Injection</a> <a href=3D"https://github.com/Qing-420/cve/blob= /main/sql.md" target=3D"_blank" rel=3D"noopener">https://github.com/Qing-42= 0/cve/blob/main/sql.md</a> <a href=3D"https://code-projects.org/" target= =3D"_blank" rel=3D"noopener">https://code-projects.org/</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">itsourcecode--Directory Management System</td> <td>A vulnerability was found in itsourcecode Directory Management System 1= .0. Affected by this issue is some unknown functionality of the file /admin= /forget-password.php. The manipulation of the argument email results in sql=
injection. The attack can be launched remotely. The exploit has been made = public and could be used.</td>
<td>2026-02-08</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2161" target=3D"= _blank" rel=3D"noopener">CVE-2026-2161</a></td>

<a href=3D"https://vuldb.com/?id.344863" target=3D"_blank" rel=3D"noopener"= >VDB-344863 | itsourcecode Directory Management System forget-password.php = sql injection</a> <a href=3D"https://vuldb.com/?ctiid.344863" target=3D"= _blank" rel=3D"noopener">VDB-344863 | CTI Indicators (IOB, IOC, TTP, IOA)</= a> <a href=3D"https://vuldb.com/?submit.751082" target=3D"_blank" rel=3D= "noopener">Submit #751082 | itsourcecode Directory Management System V1.0 S=
QL Injection</a> <a href=3D"https://github.com/Wzl731/test/issues/1" tar= get=3D"_blank" rel=3D"noopener">https://github.com/Wzl731/test/issues/1</a>= <a href=3D"https://itsourcecode.com/" target=3D"_blank" rel=3D"noopener= ">https://itsourcecode.com/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">detronetdip--E-commerce</td>
<td>A security flaw has been discovered in detronetdip E-commerce 1.0.0. Th=
is issue affects some unknown processing of the file /seller/assets/backend= /profile/addadhar.php. Performing a manipulation of the argument File resul=
ts in unrestricted upload. Remote exploitation of the attack is possible. T=
he exploit has been released to the public and may be used for attacks. The=
project was informed of the problem early through an issue report but has = not responded yet.</td>
<td>2026-02-08</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2164" target=3D"= _blank" rel=3D"noopener">CVE-2026-2164</a></td>

<a href=3D"https://vuldb.com/?id.344866" target=3D"_blank" rel=3D"noopener"= >VDB-344866 | detronetdip E-commerce addadhar.php unrestricted upload</a><b= r><a href=3D"https://vuldb.com/?ctiid.344866" target=3D"_blank" rel=3D"noop= ener">VDB-344866 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a href=3D"ht= tps://vuldb.com/?submit.751853" target=3D"_blank" rel=3D"noopener">Submit #= 751853 | detronetdip E-commerce 1.0 Remote Code Execution</a> <a href=3D= "https://github.com/detronetdip/E-commerce/issues/23" target=3D"_blank" rel= =3D"noopener">https://github.com/detronetdip/E-commerce/issues/23</a> <a=
href=3D"https://github.com/Nixon-H/PHP-Unrestricted-Upload-RCE" target=3D"= _blank" rel=3D"noopener">https://github.com/Nixon-H/PHP-Unrestricted-Upload= -RCE</a> <a href=3D"https://github.com/detronetdip/E-commerce/" target= =3D"_blank" rel=3D"noopener">https://github.com/detronetdip/E-commerce/</a>= =C2=A0</td>
</tr>

<td class=3D"vendor-product">detronetdip--E-commerce</td>
<td>A weakness has been identified in detronetdip E-commerce 1.0.0. Impacte=
d is an unknown function of the file /Admin/assets/backend/seller/add_selle= r.php of the component Account Creation Endpoint. Executing a manipulation =
of the argument email can lead to missing authentication. The attack can be=
executed remotely. The exploit has been made available to the public and c= ould be used for attacks. The project was informed of the problem early thr= ough an issue report but has not responded yet.</td>
<td>2026-02-08</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2165" target=3D"= _blank" rel=3D"noopener">CVE-2026-2165</a></td>

<a href=3D"https://vuldb.com/?id.344867" target=3D"_blank" rel=3D"noopener"= >VDB-344867 | detronetdip E-commerce Account Creation Endpoint add_seller.p=
hp missing authentication</a> <a href=3D"https://vuldb.com/?ctiid.344867=
" target=3D"_blank" rel=3D"noopener">VDB-344867 | CTI Indicators (IOB, IOC,=
IOA)</a> <a href=3D"https://vuldb.com/?submit.751857" target=3D"_blank"=
rel=3D"noopener">Submit #751857 | detronetdip E-commerce 1.0 Access Contro=
l Violation</a> <a href=3D"https://github.com/detronetdip/E-commerce/iss= ues/23" target=3D"_blank" rel=3D"noopener">https://github.com/detronetdip/E= -commerce/issues/23</a> <a href=3D"https://github.com/Nixon-H/Unauthenti= cated-Admin-Account-Creation" target=3D"_blank" rel=3D"noopener">https://gi= thub.com/Nixon-H/Unauthenticated-Admin-Account-Creation</a> <a href=3D"h= ttps://github.com/detronetdip/E-commerce/" target=3D"_blank" rel=3D"noopene= r">https://github.com/detronetdip/E-commerce/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">code-projects--Online Reviewer System</td>
<td>A security vulnerability has been detected in code-projects Online Revi= ewer System 1.0. The affected element is an unknown function of the file /l= ogin/index.php of the component Login. The manipulation of the argument use= rname/password leads to sql injection. The attack is possible to be carried=
out remotely. The exploit has been disclosed publicly and may be used.</td=

<td>2026-02-08</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2166" target=3D"= _blank" rel=3D"noopener">CVE-2026-2166</a></td>

<a href=3D"https://vuldb.com/?id.344868" target=3D"_blank" rel=3D"noopener"= >VDB-344868 | code-projects Online Reviewer System Login index.php sql inje= ction</a> <a href=3D"https://vuldb.com/?ctiid.344868" target=3D"_blank" = rel=3D"noopener">VDB-344868 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a=
href=3D"https://vuldb.com/?submit.751858" target=3D"_blank" rel=3D"noopene= r">Submit #751858 | code-projects OnlineReviewerSystem 1.0 SQL Injection</a= > <a href=3D"https://vuldb.com/?submit.750018" target=3D"_blank" rel=3D"= noopener">Submit #750018 | code-projects ONLINE REVIEWER SYSTEM V1.0 SQL In= jection (Duplicate)</a> <a href=3D"https://github.com/liaoliao-hla/cve/i= ssues/2" target=3D"_blank" rel=3D"noopener">https://github.com/liaoliao-hla= /cve/issues/2</a> <a href=3D"https://code-projects.org/" target=3D"_blan=
k" rel=3D"noopener">https://code-projects.org/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">code-projects--Online Student Management Syste= m</td>
<td>A vulnerability was found in code-projects Online Student Management Sy= stem 1.0. Affected is an unknown function of the file accounts.php of the c= omponent Login. Performing a manipulation of the argument username/password=
results in sql injection. The attack can be initiated remotely. The exploi=
t has been made public and could be used.</td>
<td>2026-02-08</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2171" target=3D"= _blank" rel=3D"noopener">CVE-2026-2171</a></td>

<a href=3D"https://vuldb.com/?id.344872" target=3D"_blank" rel=3D"noopener"= >VDB-344872 | code-projects Online Student Management System Login accounts= .php sql injection</a> <a href=3D"https://vuldb.com/?ctiid.344872" targe= t=3D"_blank" rel=3D"noopener">VDB-344872 | CTI Indicators (IOB, IOC, TTP, I= OA)</a> <a href=3D"https://vuldb.com/?submit.749233" target=3D"_blank" r= el=3D"noopener">Submit #749233 | code-projects Online Student Management Sy= stem in PHP unknown SQL Injection</a> <a href=3D"https://code-projects.o= rg/" target=3D"_blank" rel=3D"noopener">https://code-projects.org/</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">code-projects--Online Application System for A= dmission</td>
<td>A vulnerability was determined in code-projects Online Application Syst=
em for Admission 1.0. Affected by this vulnerability is an unknown function= ality of the file enrollment/index.php of the component Login Endpoint. Exe= cuting a manipulation can lead to sql injection. The attack can be launched=
remotely. The exploit has been publicly disclosed and may be utilized.</td=

<td>2026-02-08</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2172" target=3D"= _blank" rel=3D"noopener">CVE-2026-2172</a></td>

<a href=3D"https://vuldb.com/?id.344873" target=3D"_blank" rel=3D"noopener"= >VDB-344873 | code-projects Online Application System for Admission Login E= ndpoint index.php sql injection</a> <a href=3D"https://vuldb.com/?ctiid.= 344873" target=3D"_blank" rel=3D"noopener">VDB-344873 | CTI Indicators (IOB=
, IOC, TTP, IOA)</a> <a href=3D"https://vuldb.com/?submit.749253" target= =3D"_blank" rel=3D"noopener">Submit #749253 | code-projects Online Applicat= ion System for Admission in PHP unknown SQL Injection</a> <a href=3D"htt= ps://code-projects.org/" target=3D"_blank" rel=3D"noopener">https://code-pr= ojects.org/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">code-projects--Online Examination System</td> <td>A vulnerability was identified in code-projects Online Examination Syst=
em 1.0. Affected by this issue is some unknown functionality of the file lo= gin.php. The manipulation of the argument username/password leads to sql in= jection. The attack may be initiated remotely.</td>
<td>2026-02-08</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2173" target=3D"= _blank" rel=3D"noopener">CVE-2026-2173</a></td>

<a href=3D"https://vuldb.com/?id.344874" target=3D"_blank" rel=3D"noopener"= >VDB-344874 | code-projects Online Examination System login.php sql injecti= on</a> <a href=3D"https://vuldb.com/?ctiid.344874" target=3D"_blank" rel= =3D"noopener">VDB-344874 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a hr= ef=3D"https://vuldb.com/?submit.749255" target=3D"_blank" rel=3D"noopener">= Submit #749255 | code-projects Online Examination System in PHP unknown sql= </a> <a href=3D"https://code-projects.org/" target=3D"_blank" rel=3D"noo= pener">https://code-projects.org/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">code-projects--Contact Management System</td> <td>A security flaw has been discovered in code-projects Contact Management=
System 1.0. This affects an unknown part of the component CRUD Endpoint. T=
he manipulation of the argument ID results in improper authentication. The = attack may be launched remotely.</td>
<td>2026-02-08</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2174" target=3D"= _blank" rel=3D"noopener">CVE-2026-2174</a></td>

<a href=3D"https://vuldb.com/?id.344875" target=3D"_blank" rel=3D"noopener"= >VDB-344875 | code-projects Contact Management System CRUD Endpoint imprope=
r authentication</a> <a href=3D"https://vuldb.com/?ctiid.344875" target= =3D"_blank" rel=3D"noopener">VDB-344875 | CTI Indicators (IOB, IOC, IOA)</a= > <a href=3D"https://vuldb.com/?submit.749262" target=3D"_blank" rel=3D"= noopener">Submit #749262 | code-projects Contact Management System in PHP u= nknown Authentication Bypass Issues</a> <a href=3D"https://code-projects= .org/" target=3D"_blank" rel=3D"noopener">https://code-projects.org/</a><br= >=C2=A0</td>
</tr>

<td class=3D"vendor-product">D-Link--DIR-823X</td>
<td>A weakness has been identified in D-Link DIR-823X 250416. This vulnerab= ility affects the function sub_420618 of the file /goform/set_upnp. This ma= nipulation of the argument upnp_enable causes os command injection. Remote = exploitation of the attack is possible. The exploit has been made available=
to the public and could be used for attacks.</td>
<td>2026-02-08</td>
<td>7.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2175" target=3D"= _blank" rel=3D"noopener">CVE-2026-2175</a></td>

<a href=3D"https://vuldb.com/?id.344876" target=3D"_blank" rel=3D"noopener"= >VDB-344876 | D-Link DIR-823X set_upnp sub_420618 os command injection</a><= br><a href=3D"https://vuldb.com/?ctiid.344876" target=3D"_blank" rel=3D"noo= pener">VDB-344876 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a href=3D"h= ttps://vuldb.com/?submit.749263" target=3D"_blank" rel=3D"noopener">Submit = #749263 | D-Link DIR-823X 250416 OS Command Injection</a> <a href=3D"htt= ps://github.com/master-abc/cve/issues/31" target=3D"_blank" rel=3D"noopener= ">https://github.com/master-abc/cve/issues/31</a> <a href=3D"https://www= .dlink.com/" target=3D"_blank" rel=3D"noopener">https://www.dlink.com/</a><= br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">SourceCodester--Prison Management System</td> <td>A vulnerability has been found in SourceCodester Prison Management Syst=
em 1.0. The impacted element is an unknown function of the component Login.=
The manipulation leads to session fixiation. It is possible to initiate th=
e attack remotely. The exploit has been disclosed to the public and may be = used.</td>
<td>2026-02-08</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2177" target=3D"= _blank" rel=3D"noopener">CVE-2026-2177</a></td>

<a href=3D"https://vuldb.com/?id.344880" target=3D"_blank" rel=3D"noopener"= >VDB-344880 | SourceCodester Prison Management System Login session fixiati= on</a> <a href=3D"https://vuldb.com/?ctiid.344880" target=3D"_blank" rel= =3D"noopener">VDB-344880 | CTI Indicators (IOB, IOC)</a> <a href=3D"http= s://vuldb.com/?submit.749485" target=3D"_blank" rel=3D"noopener">Submit #74= 9485 | SourceCodester Prison Management System Using PHP V1.0 Session Fixia= tion</a> <a href=3D"https://github.com/hater-us/CVE/issues/10" target=3D= "_blank" rel=3D"noopener">https://github.com/hater-us/CVE/issues/10</a> =
<a href=3D"https://www.sourcecodester.com/" target=3D"_blank" rel=3D"noopen= er">https://www.sourcecodester.com/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">UTT-- 521G</td>
<td>A weakness has been identified in UTT =E8=BF=9B=E5=8F=96 521G 3.1.1-190= 816. Affected by this issue is the function doSystem of the file /goform/se= tSysAdm. Executing a manipulation of the argument passwd1 can lead to comma=
nd injection. The attack may be launched remotely. The exploit has been mad=
e available to the public and could be used for attacks.</td> <td>2026-02-08</td>
<td>7.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2182" target=3D"= _blank" rel=3D"noopener">CVE-2026-2182</a></td>

<a href=3D"https://vuldb.com/?id.344885" target=3D"_blank" rel=3D"noopener"= >VDB-344885 | UTT =E8=BF=9B=E5=8F=96 521G setSysAdm doSystem command inject= ion</a> <a href=3D"https://vuldb.com/?ctiid.344885" target=3D"_blank" re= l=3D"noopener">VDB-344885 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a h= ref=3D"https://vuldb.com/?submit.749712" target=3D"_blank" rel=3D"noopener"= >Submit #749712 | UTT (=E8=89=BE=E6=B3=B0) UTT521G NV521Gv2v3.1.1-190816 Co= mmand Injection</a> <a href=3D"https://github.com/cha0yang1/UTT521G/blob= /main/RCE1.md" target=3D"_blank" rel=3D"noopener">https://github.com/cha0ya= ng1/UTT521G/blob/main/RCE1.md</a> <a href=3D"https://github.com/cha0yang= 1/UTT521G/blob/main/RCE1.md#poc" target=3D"_blank" rel=3D"noopener">https:/= /github.com/cha0yang1/UTT521G/blob/main/RCE1.md#poc</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Great Developers--Certificate Generation Syste= m</td>
<td>A vulnerability was detected in Great Developers Certificate Generation=
System up to 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73. This vulnerability = affects unknown code of the file /restructured/csv.php. The manipulation of=
the argument photo results in os command injection. The attack can be exec= uted remotely. This product implements a rolling release for ongoing delive= ry, which means version information for affected or updated releases is una= vailable. The code repository of the project has not been active for many y= ears.</td>
<td>2026-02-08</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2184" target=3D"= _blank" rel=3D"noopener">CVE-2026-2184</a></td>

<a href=3D"https://vuldb.com/?id.344887" target=3D"_blank" rel=3D"noopener"= >VDB-344887 | Great Developers Certificate Generation System csv.php os com= mand injection</a> <a href=3D"https://vuldb.com/?ctiid.344887" target=3D= "_blank" rel=3D"noopener">VDB-344887 | CTI Indicators (IOB, IOC, TTP, IOA)<= /a> <a href=3D"https://vuldb.com/?submit.749714" target=3D"_blank" rel= =3D"noopener">Submit #749714 | Great Developers Certificate Generator Syste=
m 1.0 Improper Neutralization of Special Elements</a> <a href=3D"https:/= /github.com/lakshayyverma/CVE-Discovery/blob/main/Certificate2.md" target= =3D"_blank" rel=3D"noopener">https://github.com/lakshayyverma/CVE-Discovery= /blob/main/Certificate2.md</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">UTT-- 521G</td>
<td>A vulnerability was determined in UTT =E8=BF=9B=E5=8F=96 521G 3.1.1-190= 816. The impacted element is the function sub_446B18 of the file /goform/fo= rmPdbUpConfig. Executing a manipulation of the argument policyNames can lea=
d to os command injection. It is possible to launch the attack remotely. Th=
e exploit has been publicly disclosed and may be utilized.</td> <td>2026-02-08</td>
<td>7.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2188" target=3D"= _blank" rel=3D"noopener">CVE-2026-2188</a></td>

<a href=3D"https://vuldb.com/?id.344891" target=3D"_blank" rel=3D"noopener"= >VDB-344891 | UTT =E8=BF=9B=E5=8F=96 521G formPdbUpConfig sub_446B18 os com= mand injection</a> <a href=3D"https://vuldb.com/?ctiid.344891" target=3D= "_blank" rel=3D"noopener">VDB-344891 | CTI Indicators (IOB, IOC, TTP, IOA)<= /a> <a href=3D"https://vuldb.com/?submit.749733" target=3D"_blank" rel= =3D"noopener">Submit #749733 | UTT (=E8=89=BE=E6=B3=B0) UTT521G NV521Gv2v3.= 1.1-190816 Command Injection</a> <a href=3D"https://github.com/cha0yang1= /UTT521G/blob/main/RCE2.md" target=3D"_blank" rel=3D"noopener">https://gith= ub.com/cha0yang1/UTT521G/blob/main/RCE2.md</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">itsourcecode--School Management System</td>
<td>A vulnerability was identified in itsourcecode School Management System=
1.0. This affects an unknown function of the file /ramonsys/report/index.p= hp. The manipulation of the argument ay leads to sql injection. The attack = can be initiated remotely. The exploit is publicly available and might be u= sed.</td>
<td>2026-02-08</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2189" target=3D"= _blank" rel=3D"noopener">CVE-2026-2189</a></td>

<a href=3D"https://vuldb.com/?id.344892" target=3D"_blank" rel=3D"noopener"= >VDB-344892 | itsourcecode School Management System index.php sql injection= </a> <a href=3D"https://vuldb.com/?ctiid.344892" target=3D"_blank" rel= =3D"noopener">VDB-344892 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a hr= ef=3D"https://vuldb.com/?submit.749746" target=3D"_blank" rel=3D"noopener">= Submit #749746 | itsourcecode School Management System V1.0 SQL Injection</= a> <a href=3D"https://github.com/angtas/cve/issues/1" target=3D"_blank" = rel=3D"noopener">https://github.com/angtas/cve/issues/1</a> <a href=3D"h= ttps://itsourcecode.com/" target=3D"_blank" rel=3D"noopener">https://itsour= cecode.com/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">itsourcecode--School Management System</td>
<td>A security flaw has been discovered in itsourcecode School Management S= ystem 1.0. This impacts an unknown function of the file /ramonsys/user/cont= roller.php. The manipulation of the argument ID results in sql injection. T=
he attack can be launched remotely. The exploit has been released to the pu= blic and may be used for attacks.</td>
<td>2026-02-08</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2190" target=3D"= _blank" rel=3D"noopener">CVE-2026-2190</a></td>

<a href=3D"https://vuldb.com/?id.344893" target=3D"_blank" rel=3D"noopener"= >VDB-344893 | itsourcecode School Management System controller.php sql inje= ction</a> <a href=3D"https://vuldb.com/?ctiid.344893" target=3D"_blank" = rel=3D"noopener">VDB-344893 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a=
href=3D"https://vuldb.com/?submit.749783" target=3D"_blank" rel=3D"noopene= r">Submit #749783 | itsourcecode School Management System V1.0 SQL Injectio= n</a> <a href=3D"https://github.com/yyue02/cve/issues/2" target=3D"_blan=
k" rel=3D"noopener">https://github.com/yyue02/cve/issues/2</a> <a href= =3D"https://itsourcecode.com/" target=3D"_blank" rel=3D"noopener">https://i= tsourcecode.com/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Tenda--AC9</td>
<td>A weakness has been identified in Tenda AC9 15.03.06.42_multi. Affected=
is the function formGetDdosDefenceList. This manipulation of the argument = security.ddos.map causes stack-based buffer overflow. The attack may be ini= tiated remotely. The exploit has been made available to the public and coul=
d be used for attacks.</td>
<td>2026-02-08</td>
<td>7.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2191" target=3D"= _blank" rel=3D"noopener">CVE-2026-2191</a></td>

<a href=3D"https://vuldb.com/?id.344894" target=3D"_blank" rel=3D"noopener"= >VDB-344894 | Tenda AC9 formGetDdosDefenceList stack-based overflow</a> =
<a href=3D"https://vuldb.com/?ctiid.344894" target=3D"_blank" rel=3D"noopen= er">VDB-344894 | CTI Indicators (IOB, IOC, IOA)</a> <a href=3D"https://v= uldb.com/?submit.749800" target=3D"_blank" rel=3D"noopener">Submit #749800 =
| Tenda AC9 v1.0/V3.0 V15.03.06.42_multi Stack-based Buffer Overflow</a><br= ><a href=3D"https://github.com/glkfc/IoT-Vulnerability/blob/main/Tenda/tend= a3.md" target=3D"_blank" rel=3D"noopener">https://github.com/glkfc/IoT-Vuln= erability/blob/main/Tenda/tenda3.md</a> <a href=3D"https://www.tenda.com= .cn/" target=3D"_blank" rel=3D"noopener">https://www.tenda.com.cn/</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">Tenda--AC9</td>
<td>A security vulnerability has been detected in Tenda AC9 15.03.06.42_mul= ti. Affected by this vulnerability is the function formGetRebootTimer. Such=
manipulation of the argument sys.schedulereboot.start_time/sys.schedulereb= oot.end_time leads to stack-based buffer overflow. The attack may be launch=
ed remotely. The exploit has been disclosed publicly and may be used.</td> <td>2026-02-08</td>
<td>7.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2192" target=3D"= _blank" rel=3D"noopener">CVE-2026-2192</a></td>

<a href=3D"https://vuldb.com/?id.344895" target=3D"_blank" rel=3D"noopener"= >VDB-344895 | Tenda AC9 formGetRebootTimer stack-based overflow</a> <a h= ref=3D"https://vuldb.com/?ctiid.344895" target=3D"_blank" rel=3D"noopener">= VDB-344895 | CTI Indicators (IOB, IOC, IOA)</a> <a href=3D"https://vuldb= .com/?submit.749801" target=3D"_blank" rel=3D"noopener">Submit #749801 | Te= nda AC9 v1.0/V3.0 V15.03.06.42_multi Stack-based Buffer Overflow</a> <a = href=3D"https://github.com/glkfc/IoT-Vulnerability/blob/main/Tenda/tenda4.m=
d" target=3D"_blank" rel=3D"noopener">https://github.com/glkfc/IoT-Vulnerab= ility/blob/main/Tenda/tenda4.md</a> <a href=3D"https://www.tenda.com.cn/=
" target=3D"_blank" rel=3D"noopener">https://www.tenda.com.cn/</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">code-projects--Online Reviewer System</td>
<td>A vulnerability has been found in code-projects Online Reviewer System = 1.0. This vulnerability affects unknown code of the file /system/system/adm= ins/assessments/pretest/questions-view.php. The manipulation of the argumen=
t ID leads to sql injection. The attack is possible to be carried out remot= ely. The exploit has been disclosed to the public and may be used.</td> <td>2026-02-08</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2195" target=3D"= _blank" rel=3D"noopener">CVE-2026-2195</a></td>

<a href=3D"https://vuldb.com/?id.344898" target=3D"_blank" rel=3D"noopener"= >VDB-344898 | code-projects Online Reviewer System questions-view.php sql i= njection</a> <a href=3D"https://vuldb.com/?ctiid.344898" target=3D"_blan=
k" rel=3D"noopener">VDB-344898 | CTI Indicators (IOB, IOC, TTP, IOA)</a><br= ><a href=3D"https://vuldb.com/?submit.750005" target=3D"_blank" rel=3D"noop= ener">Submit #750005 | code-projects Online Reviewer System V1 SQL Injectio= n</a> <a href=3D"https://github.com/tiancesec/CVE/issues/16" target=3D"_= blank" rel=3D"noopener">https://github.com/tiancesec/CVE/issues/16</a> <=
a href=3D"https://code-projects.org/" target=3D"_blank" rel=3D"noopener">ht= tps://code-projects.org/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">TeamViewer--Remote</td>
<td>Improper access control in=E2=80=AFthe=E2=80=AFTeamViewer=E2=80=AFFull = and Host clients=E2=80=AF(Windows,=E2=80=AFmacOS, Linux)=E2=80=AFprior=E2= =80=AFversion=E2=80=AF15.74.5 allows an authenticated user=E2=80=AFto bypas= s=E2=80=AFadditional=E2=80=AFaccess controls with=E2=80=AF"Allow after=E2= =80=AFconfirmation"=E2=80=AFconfiguration=E2=80=AFin=E2=80=AFa=E2=80=AFremo=
te session.=E2=80=AFAn exploit could result in unauthorized access prior to=
local confirmation.=E2=80=AFThe user needs to be authenticated for the rem= ote session via ID/password, Session Link, or Easy Access as a prerequisite=
to exploit this vulnerability.</td>
<td>2026-02-05</td>
<td>7.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23572" target=3D= "_blank" rel=3D"noopener">CVE-2026-23572</a></td>

<a href=3D"https://www.teamviewer.com/en/resources/trust-center/security-bu= lletins/tv-2026-1003/" target=3D"_blank" rel=3D"noopener">https://www.teamv= iewer.com/en/resources/trust-center/security-bulletins/tv-2026-1003/</a><br= >=C2=A0</td>
</tr>

<td class=3D"vendor-product">apollographql--apollo-server</td>
<td>Apollo Server is an open-source, spec-compliant GraphQL server that's c= ompatible with any GraphQL client, including Apollo Client. In versions fro=
m 2.0.0 to 3.13.0, 4.2.0 to before 4.13.0, and 5.0.0 to before 5.4.0, the d= efault configuration of startStandaloneServer from @apollo/server/standalon=
e is vulnerable to denial of service (DoS) attacks through specially crafte=
d request bodies with exotic character set encodings. This issue does not a= ffect users that use @apollo/server as a dependency for integration package=
s, like @as-integrations/express5 or @as-integrations/next, only direct usa=
ge of startStandaloneServer.</td>
<td>2026-02-04</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23897" target=3D= "_blank" rel=3D"noopener">CVE-2026-23897</a></td>

<a href=3D"https://github.com/apollographql/apollo-server/security/advisori= es/GHSA-mp6q-xf9x-fwf7" target=3D"_blank" rel=3D"noopener">https://github.c= om/apollographql/apollo-server/security/advisories/GHSA-mp6q-xf9x-fwf7</a><= br><a href=3D"https://github.com/apollographql/apollo-server/commit/d25a5bd= c377826ad424fcf7f8d1d062055911643" target=3D"_blank" rel=3D"noopener">https= ://github.com/apollographql/apollo-server/commit/d25a5bdc377826ad424fcf7f8d= 1d062055911643</a> <a href=3D"https://github.com/apollographql/apollo-se= rver/commit/e9d49d163a86b8a33be56ed27c494b9acd5400a4" target=3D"_blank" rel= =3D"noopener">https://github.com/apollographql/apollo-server/commit/e9d49d1= 63a86b8a33be56ed27c494b9acd5400a4</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">open-telemetry--opentelemetry-go</td> <td>OpenTelemetry-Go is the Go implementation of OpenTelemetry. The OpenTel= emetry Go SDK in version v1.20.0-1.39.0 is vulnerable to Path Hijacking (Un= trusted Search Paths) on macOS/Darwin systems. The resource detection code =
in sdk/resource/host_id.go executes the ioreg system command using a search=
path. An attacker with the ability to locally modify the PATH environment = variable can achieve Arbitrary Code Execution (ACE) within the context of t=
he application. A fix was released with v1.40.0.</td>
<td>2026-02-02</td>
<td>7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24051" target=3D= "_blank" rel=3D"noopener">CVE-2026-24051</a></td>

<a href=3D"https://github.com/open-telemetry/opentelemetry-go/security/advi= sories/GHSA-9h8m-3fm2-qjrq" target=3D"_blank" rel=3D"noopener">https://gith= ub.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-9h8m-3fm2-q= jrq</a> <a href=3D"https://github.com/open-telemetry/opentelemetry-go/co= mmit/d45961bcda453fcbdb6469c22d6e88a1f9970a53" target=3D"_blank" rel=3D"noo= pener">https://github.com/open-telemetry/opentelemetry-go/commit/d45961bcda= 453fcbdb6469c22d6e88a1f9970a53</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">NVIDIA--Megatron-LM</td>
<td>NVIDIA Megatron-LM for all platforms contains a vulnerability in a scri= pt, where malicious data created by an attacker may cause a code injection = issue. A successful exploit of this vulnerability may lead to code executio=
n, escalation of privileges, information disclosure, data tampering.</td> <td>2026-02-03</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24149" target=3D= "_blank" rel=3D"noopener">CVE-2026-24149</a></td>

<a href=3D"https://nvd.nist.gov/vuln/detail/CVE-2026-24149" target=3D"_blan=
k" rel=3D"noopener">NVD</a> <a href=3D"https://www.cve.org/CVERecord?id= =3DCVE-2026-24149" target=3D"_blank" rel=3D"noopener">Mitre</a> =C2=A0</=

</tr>

<td class=3D"vendor-product">gunet--openeclass</td>
<td>The Open eClass platform (formerly known as GUnet eClass) is a complete=
course management system. Prior to version 4.2, an insecure password reset=
mechanism allows local attackers to reuse a valid password reset token aft=
er it has already been used, enabling unauthorized password changes and pot= ential account takeover. This issue has been patched in version 4.2.</td> <td>2026-02-03</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24669" target=3D= "_blank" rel=3D"noopener">CVE-2026-24669</a></td>

<a href=3D"https://github.com/gunet/openeclass/security/advisories/GHSA-gcq= q-fxw6-f866" target=3D"_blank" rel=3D"noopener">https://github.com/gunet/op= eneclass/security/advisories/GHSA-gcqq-fxw6-f866</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">gunet--openeclass</td>
<td>The Open eClass platform (formerly known as GUnet eClass) is a complete=
course management system. Prior to version 4.2, a Stored Cross-Site Script= ing (XSS) vulnerability allows authenticated students to inject malicious J= avaScript into user profile fields, which is executed when users with viewi=
ng privileges access affected application pages. This issue has been patche=
d in version 4.2.</td>
<td>2026-02-03</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24672" target=3D= "_blank" rel=3D"noopener">CVE-2026-24672</a></td>

<a href=3D"https://github.com/gunet/openeclass/security/advisories/GHSA-3p2= x-qgxw-qvxh" target=3D"_blank" rel=3D"noopener">https://github.com/gunet/op= eneclass/security/advisories/GHSA-3p2x-qgxw-qvxh</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">gunet--openeclass</td>
<td>The Open eClass platform (formerly known as GUnet eClass) is a complete=
course management system. Prior to version 4.2, an Insecure Direct Object = Reference (IDOR) vulnerability allows unauthenticated remote attackers to a= ccess personal files of other users by directly requesting predictable user=
identifiers. This issue has been patched in version 4.2.</td> <td>2026-02-03</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24773" target=3D= "_blank" rel=3D"noopener">CVE-2026-24773</a></td>

<a href=3D"https://github.com/gunet/openeclass/security/advisories/GHSA-63p= m-pff4-xc9c" target=3D"_blank" rel=3D"noopener">https://github.com/gunet/op= eneclass/security/advisories/GHSA-63pm-pff4-xc9c</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">chainguard-dev--melange</td>
<td>melange allows users to build apk packages using declarative pipelines.=
From version 0.3.0 to before 0.40.3, an attacker who can provide build inp=
ut values, but not modify pipeline definitions, could execute arbitrary she=
ll commands if the pipeline uses ${{vars.*}} or ${{inputs.*}} substitutions=
in working-directory. The field is embedded into shell scripts without pro= per quote escaping. This issue has been patched in version 0.40.3.</td> <td>2026-02-04</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24844" target=3D= "_blank" rel=3D"noopener">CVE-2026-24844</a></td>

<a href=3D"https://github.com/chainguard-dev/melange/security/advisories/GH= SA-vqqr-rmpc-hhg2" target=3D"_blank" rel=3D"noopener">https://github.com/ch= ainguard-dev/melange/security/advisories/GHSA-vqqr-rmpc-hhg2</a> <a href= =3D"https://github.com/chainguard-dev/melange/commit/e51ca30cfb63178f5a8699= 7d23d3fff0359fa6c8" target=3D"_blank" rel=3D"noopener">https://github.com/c= hainguard-dev/melange/commit/e51ca30cfb63178f5a86997d23d3fff0359fa6c8</a><b= r>=C2=A0</td>
</tr>

<td class=3D"vendor-product">Huawei--HarmonyOS</td>
<td>Heap-based buffer overflow vulnerability in the image module. Impact: S= uccessful exploitation of this vulnerability may affect availability.</td> <td>2026-02-06</td>
<td>7.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24925" target=3D= "_blank" rel=3D"noopener">CVE-2026-24925</a></td>

<a href=3D"https://consumer.huawei.com/en/support/bulletin/2026/2/" target= =3D"_blank" rel=3D"noopener">https://consumer.huawei.com/en/support/bulleti= n/2026/2/</a> <a href=3D"https://consumer.huawei.com/en/support/bulletin= laptops/2026/2/" target=3D"_blank" rel=3D"noopener">https://consumer.huawei= .com/en/support/bulletinlaptops/2026/2/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">chainguard-dev--apko</td>
<td>apko allows users to build and publish OCI container images built from = apk packages. From version 0.14.8 to before 1.1.1, a path traversal vulnera= bility was discovered in apko's dirFS filesystem abstraction. An attacker w=
ho can supply a malicious APK package (e.g., via a compromised or typosquat= ted repository) could create directories or symlinks outside the intended i= nstallation root. The MkdirAll, Mkdir, and Symlink methods in pkg/apk/fs/rw= osfs.go use filepath.Join() without validating that the resulting path stay=
s within the base directory. This issue has been patched in version 1.1.1.<=

<td>2026-02-04</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25121" target=3D= "_blank" rel=3D"noopener">CVE-2026-25121</a></td>

<a href=3D"https://github.com/chainguard-dev/apko/security/advisories/GHSA-= 5g94-c2wx-8pxw" target=3D"_blank" rel=3D"noopener">https://github.com/chain= guard-dev/apko/security/advisories/GHSA-5g94-c2wx-8pxw</a> <a href=3D"ht= tps://github.com/chainguard-dev/apko/commit/d8b7887a968a527791b3c591ae83928= cb49a9f14" target=3D"_blank" rel=3D"noopener">https://github.com/chainguard= -dev/apko/commit/d8b7887a968a527791b3c591ae83928cb49a9f14</a> =C2=A0</td=

</tr>

<td class=3D"vendor-product">chainguard-dev--apko</td>
<td>apko allows users to build and publish OCI container images built from = apk packages. From version 0.14.8 to before 1.1.1, an attacker who controls=
or compromises an APK repository used by apko could cause resource exhaust= ion on the build host. The ExpandApk function in pkg/apk/expandapk/expandap= k.go expands .apk streams without enforcing decompression limits, allowing =
a malicious repository to serve a small, highly-compressed .apk that inflat=
es into a large tar stream, consuming excessive disk space and CPU time, ca= using build failures or denial of service. This issue has been patched in v= ersion 1.1.1.</td>
<td>2026-02-04</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25140" target=3D= "_blank" rel=3D"noopener">CVE-2026-25140</a></td>

<a href=3D"https://github.com/chainguard-dev/apko/security/advisories/GHSA-= f4w5-5xv9-85f6" target=3D"_blank" rel=3D"noopener">https://github.com/chain= guard-dev/apko/security/advisories/GHSA-f4w5-5xv9-85f6</a> <a href=3D"ht= tps://github.com/chainguard-dev/apko/commit/2be3903fe194ad46351840f0569b35f= 5ac965f09" target=3D"_blank" rel=3D"noopener">https://github.com/chainguard= -dev/apko/commit/2be3903fe194ad46351840f0569b35f5ac965f09</a> =C2=A0</td=

</tr>

<td class=3D"vendor-product">chainguard-dev--melange</td>
<td>melange allows users to build apk packages using declarative pipelines.=
From version 0.10.0 to before 0.40.3, an attacker who can influence inputs=
to the patch pipeline could execute arbitrary shell commands on the build = host. The patch pipeline in pkg/build/pipelines/patch.yaml embeds input-der= ived values (series paths, patch filenames, and numeric parameters) into sh= ell scripts without proper quoting or validation, allowing shell metacharac= ters to break out of their intended context. The vulnerability affects the = built-in patch pipeline which can be invoked through melange build and mela= nge license-check operations. An attacker who can control patch-related inp= uts (e.g., through pull request-driven CI, build-as-a-service, or by influe= ncing melange configurations) can inject shell metacharacters such as backt= icks, command substitutions $(=E2=80=A6), semicolons, pipes, or redirection=
s to execute arbitrary commands with the privileges of the melange build pr= ocess. This issue has been patched in version 0.40.3.</td>
<td>2026-02-04</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25143" target=3D= "_blank" rel=3D"noopener">CVE-2026-25143</a></td>

<a href=3D"https://github.com/chainguard-dev/melange/security/advisories/GH= SA-rf4g-89h5-crcr" target=3D"_blank" rel=3D"noopener">https://github.com/ch= ainguard-dev/melange/security/advisories/GHSA-rf4g-89h5-crcr</a> <a href= =3D"https://github.com/chainguard-dev/melange/commit/bd132535cd9f57d4bd39d9= ead0633598941af030" target=3D"_blank" rel=3D"noopener">https://github.com/c= hainguard-dev/melange/commit/bd132535cd9f57d4bd39d9ead0633598941af030</a><b= r>=C2=A0</td>
</tr>

<td class=3D"vendor-product">openclaw--openclaw</td>
<td>OpenClaw is a personal AI assistant. Prior to version 2026.1.29, there =
is an OS command injection vulnerability via the Project Root Path in sshNo= deCommand. The sshNodeCommand function constructed a shell script without p= roperly escaping the user-supplied project path in an error message. When t=
he cd command failed, the unescaped path was interpolated directly into an = echo statement, allowing arbitrary command execution on the remote SSH host=
. The parseSSHTarget function did not validate that SSH target strings coul=
d not begin with a dash. An attacker-supplied target like -oProxyCommand=3D= ... would be interpreted as an SSH configuration flag rather than a hostnam=
e, allowing arbitrary command execution on the local machine. This issue ha=
s been patched in version 2026.1.29.</td>
<td>2026-02-04</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25157" target=3D= "_blank" rel=3D"noopener">CVE-2026-25157</a></td>

<a href=3D"https://github.com/openclaw/openclaw/security/advisories/GHSA-q2= 84-4pvr-m585" target=3D"_blank" rel=3D"noopener">https://github.com/opencla= w/openclaw/security/advisories/GHSA-q284-4pvr-m585</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">fastify--fastify</td>
<td>Fastify is a fast and low overhead web framework, for Node.js. Prior to=
version 5.7.2, a validation bypass vulnerability exists in Fastify where r= equest body validation schemas specified by Content-Type can be completely = circumvented. By appending a tab character (\t) followed by arbitrary conte=
nt to the Content-Type header, attackers can bypass body validation while t=
he server still processes the body as the original content type. This issue=
has been patched in version 5.7.2.</td>
<td>2026-02-03</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25223" target=3D= "_blank" rel=3D"noopener">CVE-2026-25223</a></td>

<a href=3D"https://github.com/fastify/fastify/security/advisories/GHSA-jx2c= -rxcm-jvmq" target=3D"_blank" rel=3D"noopener">https://github.com/fastify/f= astify/security/advisories/GHSA-jx2c-rxcm-jvmq</a> <a href=3D"https://gi= thub.com/fastify/fastify/commit/32d7b6add39ddf082d92579a58bea7018c5ac821" t= arget=3D"_blank" rel=3D"noopener">https://github.com/fastify/fastify/commit= /32d7b6add39ddf082d92579a58bea7018c5ac821</a> <a href=3D"https://hackero= ne.com/reports/3464114" target=3D"_blank" rel=3D"noopener">https://hackeron= e.com/reports/3464114</a> <a href=3D"https://fastify.dev/docs/latest/Ref= erence/Validation-and-Serialization" target=3D"_blank" rel=3D"noopener">htt= ps://fastify.dev/docs/latest/Reference/Validation-and-Serialization</a> =
<a href=3D"https://github.com/fastify/fastify/blob/759e9787b5669abf953068e4= 2a17bffba7521348/lib/content-type-parser.js#L125" target=3D"_blank" rel=3D"= noopener">https://github.com/fastify/fastify/blob/759e9787b5669abf953068e42= a17bffba7521348/lib/content-type-parser.js#L125</a> <a href=3D"https://g= ithub.com/fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib= /validation.js#L272" target=3D"_blank" rel=3D"noopener">https://github.com/= fastify/fastify/blob/759e9787b5669abf953068e42a17bffba7521348/lib/validatio= n.js#L272</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">InternationalColorConsortium--iccDEV</td> <td>iccDEV provides a set of libraries and tools that allow for the interac= tion, manipulation, and application of ICC color management profiles. Prior=
to version 2.3.1.2, stack-based buffer overflow in icFixXml() function whe=
n processing malformed ICC profiles, allows potential arbitrary code execut= ion through crafted NamedColor2 tags. This issue has been patched in versio=
n 2.3.1.2.</td>
<td>2026-02-03</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25502" target=3D= "_blank" rel=3D"noopener">CVE-2026-25502</a></td>

<a href=3D"https://github.com/InternationalColorConsortium/iccDEV/security/= advisories/GHSA-c2qq-jf7w-rm27" target=3D"_blank" rel=3D"noopener">https://= github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-c2q= q-jf7w-rm27</a> <a href=3D"https://github.com/InternationalColorConsorti= um/iccDEV/issues/537" target=3D"_blank" rel=3D"noopener">https://github.com= /InternationalColorConsortium/iccDEV/issues/537</a> <a href=3D"https://g= ithub.com/InternationalColorConsortium/iccDEV/pull/545" target=3D"_blank" r= el=3D"noopener">https://github.com/InternationalColorConsortium/iccDEV/pull= /545</a> <a href=3D"https://github.com/InternationalColorConsortium/iccD= EV/commit/be5d7ec5cc137c084c08006aee8cd3ed378c7ac2" target=3D"_blank" rel= =3D"noopener">https://github.com/InternationalColorConsortium/iccDEV/commit= /be5d7ec5cc137c084c08006aee8cd3ed378c7ac2</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">InternationalColorConsortium--iccDEV</td> <td>iccDEV provides a set of libraries and tools that allow for the interac= tion, manipulation, and application of ICC color management profiles. Prior=
to version 2.3.1.2, type confusion allowed malformed ICC profiles to trigg=
er undefined behavior when loading invalid icImageEncodingType values causi=
ng denial of service. This issue has been patched in version 2.3.1.2.</td> <td>2026-02-03</td>
<td>7.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25503" target=3D= "_blank" rel=3D"noopener">CVE-2026-25503</a></td>

<a href=3D"https://github.com/InternationalColorConsortium/iccDEV/security/= advisories/GHSA-pf84-4c7q-x764" target=3D"_blank" rel=3D"noopener">https://= github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-pf8= 4-4c7q-x764</a> <a href=3D"https://github.com/InternationalColorConsorti= um/iccDEV/issues/539" target=3D"_blank" rel=3D"noopener">https://github.com= /InternationalColorConsortium/iccDEV/issues/539</a> <a href=3D"https://g= ithub.com/InternationalColorConsortium/iccDEV/pull/547" target=3D"_blank" r= el=3D"noopener">https://github.com/InternationalColorConsortium/iccDEV/pull= /547</a> <a href=3D"https://github.com/InternationalColorConsortium/iccD= EV/commit/353e6517a31cb6ac9fdd44ac0103bc2fadb25175" target=3D"_blank" rel= =3D"noopener">https://github.com/InternationalColorConsortium/iccDEV/commit= /353e6517a31cb6ac9fdd44ac0103bc2fadb25175</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">modelcontextprotocol--typescript-sdk</td>
<td>MCP TypeScript SDK is the official TypeScript SDK for Model Context Pro= tocol servers and clients. From version 1.10.0 to 1.25.3, cross-client resp= onse data leak when a single McpServer/Server and transport instance is reu= sed across multiple client connections, most commonly in stateless Streamab= leHTTPServerTransport deployments. This issue has been patched in version 1= .26.0.</td>
<td>2026-02-04</td>
<td>7.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25536" target=3D= "_blank" rel=3D"noopener">CVE-2026-25536</a></td>

<a href=3D"https://github.com/modelcontextprotocol/typescript-sdk/security/= advisories/GHSA-345p-7cg4-v4c7" target=3D"_blank" rel=3D"noopener">https://= github.com/modelcontextprotocol/typescript-sdk/security/advisories/GHSA-345= p-7cg4-v4c7</a> <a href=3D"https://github.com/modelcontextprotocol/types= cript-sdk/issues/204" target=3D"_blank" rel=3D"noopener">https://github.com= /modelcontextprotocol/typescript-sdk/issues/204</a> <a href=3D"https://g= ithub.com/modelcontextprotocol/typescript-sdk/issues/243" target=3D"_blank"=
rel=3D"noopener">https://github.com/modelcontextprotocol/typescript-sdk/is= sues/243</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Coding-Solo--godot-mcp</td>
<td>Godot MCP is a Model Context Protocol (MCP) server for interacting with=
the Godot game engine. Prior to version 0.1.1, a command injection vulnera= bility in godot-mcp allows remote code execution. The executeOperation func= tion passed user-controlled input (e.g., projectPath) directly to exec(), w= hich spawns a shell. An attacker could inject shell metacharacters like $(c= ommand) or &calc to execute arbitrary commands with the privileges of t=
he MCP server process. This affects any tool that accepts projectPath, incl= uding create_scene, add_node, load_sprite, and others. This issue has been = patched in version 0.1.1.</td>
<td>2026-02-04</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25546" target=3D= "_blank" rel=3D"noopener">CVE-2026-25546</a></td>

<a href=3D"https://github.com/Coding-Solo/godot-mcp/security/advisories/GHS= A-8jx2-rhfh-q928" target=3D"_blank" rel=3D"noopener">https://github.com/Cod= ing-Solo/godot-mcp/security/advisories/GHSA-8jx2-rhfh-q928</a> <a href= =3D"https://github.com/Coding-Solo/godot-mcp/issues/64" target=3D"_blank" r= el=3D"noopener">https://github.com/Coding-Solo/godot-mcp/issues/64</a> <=
a href=3D"https://github.com/Coding-Solo/godot-mcp/pull/67" target=3D"_blan=
k" rel=3D"noopener">https://github.com/Coding-Solo/godot-mcp/pull/67</a><br= ><a href=3D"https://github.com/Coding-Solo/godot-mcp/commit/21c785d923cfdb4= 71ea60323c13807d62dfecc5a" target=3D"_blank" rel=3D"noopener">https://githu= b.com/Coding-Solo/godot-mcp/commit/21c785d923cfdb471ea60323c13807d62dfecc5a= </a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">InternationalColorConsortium--iccDEV</td> <td>iccDEV provides a set of libraries and tools that allow for the interac= tion, manipulation, and application of ICC color management profiles. Prior=
to version 2.3.1.3, there is a heap buffer overflow (read) vulnerability i=
n CIccIO::WriteUInt16Float() when converting malformed XML to ICC profiles = via iccFromXml tool. This issue has been patched in version 2.3.1.3.</td> <td>2026-02-04</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25582" target=3D= "_blank" rel=3D"noopener">CVE-2026-25582</a></td>

<a href=3D"https://github.com/InternationalColorConsortium/iccDEV/security/= advisories/GHSA-46hq-fphp-jggf" target=3D"_blank" rel=3D"noopener">https://= github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-46h= q-fphp-jggf</a> <a href=3D"https://github.com/InternationalColorConsorti= um/iccDEV/issues/559" target=3D"_blank" rel=3D"noopener">https://github.com= /InternationalColorConsortium/iccDEV/issues/559</a> <a href=3D"https://g= ithub.com/InternationalColorConsortium/iccDEV/pull/561" target=3D"_blank" r= el=3D"noopener">https://github.com/InternationalColorConsortium/iccDEV/pull= /561</a> <a href=3D"https://github.com/InternationalColorConsortium/iccD= EV/commit/b5e5dd238f609ec1a4efb25674e7fa4bd29d894a" target=3D"_blank" rel= =3D"noopener">https://github.com/InternationalColorConsortium/iccDEV/commit= /b5e5dd238f609ec1a4efb25674e7fa4bd29d894a</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">InternationalColorConsortium--iccDEV</td> <td>iccDEV provides a set of libraries and tools that allow for the interac= tion, manipulation, and application of ICC color management profiles. Prior=
to version 2.3.1.3, there is a heap buffer overflow vulnerability in CIccF= ileIO::Read8() when processing malformed ICC profile files via unchecked fr= ead operation. This issue has been patched in version 2.3.1.3.</td> <td>2026-02-04</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25583" target=3D= "_blank" rel=3D"noopener">CVE-2026-25583</a></td>

<a href=3D"https://github.com/InternationalColorConsortium/iccDEV/security/= advisories/GHSA-5ffg-r52h-fgw3" target=3D"_blank" rel=3D"noopener">https://= github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-5ff= g-r52h-fgw3</a> <a href=3D"https://github.com/InternationalColorConsorti= um/iccDEV/issues/558" target=3D"_blank" rel=3D"noopener">https://github.com= /InternationalColorConsortium/iccDEV/issues/558</a> <a href=3D"https://g= ithub.com/InternationalColorConsortium/iccDEV/pull/562" target=3D"_blank" r= el=3D"noopener">https://github.com/InternationalColorConsortium/iccDEV/pull= /562</a> <a href=3D"https://github.com/InternationalColorConsortium/iccD= EV/commit/8a6df2d8dac1e971a18be66fa36e3a0d6584f919" target=3D"_blank" rel= =3D"noopener">https://github.com/InternationalColorConsortium/iccDEV/commit= /8a6df2d8dac1e971a18be66fa36e3a0d6584f919</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">InternationalColorConsortium--iccDEV</td> <td>iccDEV provides a set of libraries and tools that allow for the interac= tion, manipulation, and application of ICC color management profiles. Prior=
to version 2.3.1.3, there is a stack-buffer-overflow vulnerability in CIcc= TagFloatNum<>::GetValues(). This is triggered when processing a malfo= rmed ICC profile. The vulnerability allows an out-of-bounds write on the st= ack, potentially leading to memory corruption, information disclosure, or c= ode execution when processing specially crafted ICC files. This issue has b= een patched in version 2.3.1.3.</td>
<td>2026-02-04</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25584" target=3D= "_blank" rel=3D"noopener">CVE-2026-25584</a></td>

<a href=3D"https://github.com/InternationalColorConsortium/iccDEV/security/= advisories/GHSA-xjr3-v3vr-5794" target=3D"_blank" rel=3D"noopener">https://= github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-xjr= 3-v3vr-5794</a> <a href=3D"https://github.com/InternationalColorConsorti= um/iccDEV/issues/551" target=3D"_blank" rel=3D"noopener">https://github.com= /InternationalColorConsortium/iccDEV/issues/551</a> <a href=3D"https://g= ithub.com/InternationalColorConsortium/iccDEV/pull/565" target=3D"_blank" r= el=3D"noopener">https://github.com/InternationalColorConsortium/iccDEV/pull= /565</a> <a href=3D"https://github.com/InternationalColorConsortium/iccD= EV/commit/c9cb108f58683bd87afca616dea3e4cdb884c23f" target=3D"_blank" rel= =3D"noopener">https://github.com/InternationalColorConsortium/iccDEV/commit= /c9cb108f58683bd87afca616dea3e4cdb884c23f</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">InternationalColorConsortium--iccDEV</td> <td>iccDEV provides a set of libraries and tools that allow for the interac= tion, manipulation, and application of ICC color management profiles. Prior=
to version 2.3.1.3, there is a vulnerability IccCmm.cpp:5793 when reading = through index during ICC profile processing. The malformed ICC profile trig= gers improper array bounds validation in the color management module, resul= ting in an out-of-bounds read that can lead to memory disclosure or segment= ation fault from accessing memory beyond the array boundary. This issue has=
been patched in version 2.3.1.3.</td>
<td>2026-02-04</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25585" target=3D= "_blank" rel=3D"noopener">CVE-2026-25585</a></td>

<a href=3D"https://github.com/InternationalColorConsortium/iccDEV/security/= advisories/GHSA-pmqx-q624-jg6w" target=3D"_blank" rel=3D"noopener">https://= github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-pmq= x-q624-jg6w</a> <a href=3D"https://github.com/InternationalColorConsorti= um/iccDEV/issues/552" target=3D"_blank" rel=3D"noopener">https://github.com= /InternationalColorConsortium/iccDEV/issues/552</a> <a href=3D"https://g= ithub.com/InternationalColorConsortium/iccDEV/pull/563" target=3D"_blank" r= el=3D"noopener">https://github.com/InternationalColorConsortium/iccDEV/pull= /563</a> <a href=3D"https://github.com/InternationalColorConsortium/iccD= EV/commit/ba81cd94b9c82b1d3905d45427badbd9d8adfa15" target=3D"_blank" rel= =3D"noopener">https://github.com/InternationalColorConsortium/iccDEV/commit= /ba81cd94b9c82b1d3905d45427badbd9d8adfa15</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Blesta--Blesta</td>
<td>Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-= 5680.</td>
<td>2026-02-03</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25614" target=3D= "_blank" rel=3D"noopener">CVE-2026-25614</a></td>

<a href=3D"https://www.blesta.com/2026/01/28/security-advisory/" target=3D"= _blank" rel=3D"noopener">https://www.blesta.com/2026/01/28/security-advisor= y/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Blesta--Blesta</td>
<td>Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-= 5668.</td>
<td>2026-02-03</td>
<td>7.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25615" target=3D= "_blank" rel=3D"noopener">CVE-2026-25615</a></td>

<a href=3D"https://www.blesta.com/2026/01/28/security-advisory/" target=3D"= _blank" rel=3D"noopener">https://www.blesta.com/2026/01/28/security-advisor= y/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">InternationalColorConsortium--iccDEV</td> <td>iccDEV provides a set of libraries and tools that allow for the interac= tion, manipulation, and application of ICC color management profiles. Prior=
to 2.3.1.4, SrcPixel and DestPixel stack buffers overlap in CIccTagMultiPr= ocessElement::Apply() int IccTagMPE.cpp. This vulnerability is fixed in 2.3= .1.4.</td>
<td>2026-02-06</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25634" target=3D= "_blank" rel=3D"noopener">CVE-2026-25634</a></td>

<a href=3D"https://github.com/InternationalColorConsortium/iccDEV/security/= advisories/GHSA-35rg-jcmp-583h" target=3D"_blank" rel=3D"noopener">https://= github.com/InternationalColorConsortium/iccDEV/security/advisories/GHSA-35r= g-jcmp-583h</a> <a href=3D"https://github.com/InternationalColorConsorti= um/iccDEV/issues/577" target=3D"_blank" rel=3D"noopener">https://github.com= /InternationalColorConsortium/iccDEV/issues/577</a> <a href=3D"https://g= ithub.com/InternationalColorConsortium/iccDEV/pull/579" target=3D"_blank" r= el=3D"noopener">https://github.com/InternationalColorConsortium/iccDEV/pull= /579</a> <a href=3D"https://github.com/InternationalColorConsortium/iccD= EV/commit/9206e0b8684e4cf4186d9ae768f16760bc1af9ff" target=3D"_blank" rel= =3D"noopener">https://github.com/InternationalColorConsortium/iccDEV/commit= /9206e0b8684e4cf4186d9ae768f16760bc1af9ff</a> <a href=3D"https://github.= com/InternationalColorConsortium/iccDEV/releases/tag/v2.3.1.4" target=3D"_b= lank" rel=3D"noopener">https://github.com/InternationalColorConsortium/iccD= EV/releases/tag/v2.3.1.4</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">pydantic--pydantic-ai</td>
<td>Pydantic AI is a Python agent framework for building applications and w= orkflows with Generative AI. From 1.34.0 to before 1.51.0, a path traversal=
vulnerability in the Pydantic AI web UI allows an attacker to serve arbitr= ary JavaScript in the context of the application by crafting a malicious UR=
L. In affected versions, the CDN URL is constructed using a version query p= arameter from the request URL. This parameter is not validated, allowing pa=
th traversal sequences that cause the server to fetch and serve attacker-co= ntrolled HTML/JavaScript from an arbitrary source on the same CDN, instead =
of the legitimate chat UI package. If a victim clicks the link or visits it=
via an iframe, attacker-controlled code executes in their browser, enablin=
g theft of chat history and other client-side data. This vulnerability only=
affects applications that use Agent.to_web to serve a chat interface and c= lai web to serve a chat interface from the CLI. These are typically run loc= ally (on localhost), but may also be deployed on a remote server. This vuln= erability is fixed in 1.51.0.</td>
<td>2026-02-06</td>
<td>7.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25640" target=3D= "_blank" rel=3D"noopener">CVE-2026-25640</a></td>

<a href=3D"https://github.com/pydantic/pydantic-ai/security/advisories/GHSA= -wjp5-868j-wqv7" target=3D"_blank" rel=3D"noopener">https://github.com/pyda= ntic/pydantic-ai/security/advisories/GHSA-wjp5-868j-wqv7</a> <a href=3D"= https://github.com/pydantic/pydantic-ai/releases/tag/v1.51.0" target=3D"_bl= ank" rel=3D"noopener">https://github.com/pydantic/pydantic-ai/releases/tag/= v1.51.0</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">datahub-project--datahub</td>
<td>DataHub is an open-source metadata platform. Prior to version 1.3.1.8, = the LDAP ingestion source is vulnerable to MITM attack through TLS downgrad=
e. This issue has been patched in version 1.3.1.8.</td>
<td>2026-02-06</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25644" target=3D= "_blank" rel=3D"noopener">CVE-2026-25644</a></td>

<a href=3D"https://github.com/datahub-project/datahub/security/advisories/G= HSA-j34h-x7qg-4qw5" target=3D"_blank" rel=3D"noopener">https://github.com/d= atahub-project/datahub/security/advisories/GHSA-j34h-x7qg-4qw5</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">kovidgoyal--calibre</td>
<td>calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template In= jection (SSTI) vulnerability in Calibre's Templite templating engine allows=
arbitrary code execution when a user converts an ebook using a malicious c= ustom template file via the --template-html or --template-html-index comman= d-line options. This vulnerability is fixed in 9.2.0.</td>
<td>2026-02-06</td>
<td>7.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25731" target=3D= "_blank" rel=3D"noopener">CVE-2026-25731</a></td>

<a href=3D"https://github.com/kovidgoyal/calibre/security/advisories/GHSA-x= rh9-w7qx-3gcc" target=3D"_blank" rel=3D"noopener">https://github.com/kovidg= oyal/calibre/security/advisories/GHSA-xrh9-w7qx-3gcc</a> <a href=3D"http= s://github.com/kovidgoyal/calibre/commit/f0649b27512e987b95fcab2e1e0a3bcdaf= c23379" target=3D"_blank" rel=3D"noopener">https://github.com/kovidgoyal/ca= libre/commit/f0649b27512e987b95fcab2e1e0a3bcdafc23379</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">zauberzeug--nicegui</td>
<td>NiceGUI is a Python-based UI framework. Prior to 3.7.0, NiceGUI's FileU= pload.name property exposes client-supplied filename metadata without sanit= ization, enabling path traversal when developers use the pattern UPLOAD_DIR=
/ file.name. Malicious filenames containing ../ sequences allow attackers =
to write files outside intended directories, with potential for remote code=
execution through application file overwrites in vulnerable deployment pat= terns. This design creates a prevalent security footgun affecting applicati= ons following common community patterns. Note: Exploitation requires applic= ation code incorporating file.name into filesystem paths without sanitizati= on. Applications using fixed paths, generated filenames, or explicit saniti= zation are not affected. This vulnerability is fixed in 3.7.0.</td> <td>2026-02-06</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25732" target=3D= "_blank" rel=3D"noopener">CVE-2026-25732</a></td>

<a href=3D"https://github.com/zauberzeug/nicegui/security/advisories/GHSA-9= ffm-fxg3-xrhh" target=3D"_blank" rel=3D"noopener">https://github.com/zauber= zeug/nicegui/security/advisories/GHSA-9ffm-fxg3-xrhh</a> <a href=3D"http= s://github.com/zauberzeug/nicegui/blob/main/nicegui/elements/upload_files.p= y#L110-L115" target=3D"_blank" rel=3D"noopener">https://github.com/zauberze= ug/nicegui/blob/main/nicegui/elements/upload_files.py#L110-L115</a> <a h= ref=3D"https://github.com/zauberzeug/nicegui/blob/main/nicegui/elements/upl= oad_files.py#L79-L82" target=3D"_blank" rel=3D"noopener">https://github.com= /zauberzeug/nicegui/blob/main/nicegui/elements/upload_files.py#L79-L82</a><= br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">adonisjs--core</td>
<td>AdonisJS is a TypeScript-first web framework. Prior to versions 10.1.3 = and 11.0.0-next.9, a prototype pollution vulnerability in AdonisJS multipar=
t form-data parsing may allow a remote attacker to manipulate object protot= ypes at runtime. This issue has been patched in versions 10.1.3 and 11.0.0-= next.9.</td>
<td>2026-02-06</td>
<td>7.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25754" target=3D= "_blank" rel=3D"noopener">CVE-2026-25754</a></td>

<a href=3D"https://github.com/adonisjs/core/security/advisories/GHSA-f5x2-v= j4h-vg4c" target=3D"_blank" rel=3D"noopener">https://github.com/adonisjs/co= re/security/advisories/GHSA-f5x2-vj4h-vg4c</a> <a href=3D"https://github= .com/adonisjs/bodyparser/commit/40e1c71f958cffb74f6b91bed6630dca979062ed" t= arget=3D"_blank" rel=3D"noopener">https://github.com/adonisjs/bodyparser/co= mmit/40e1c71f958cffb74f6b91bed6630dca979062ed</a> <a href=3D"https://git= hub.com/adonisjs/bodyparser/releases/tag/v11.0.0-next.9" target=3D"_blank" = rel=3D"noopener">https://github.com/adonisjs/bodyparser/releases/tag/v11.0.= 0-next.9</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">adonisjs--core</td>
<td>AdonisJS is a TypeScript-first web framework. Prior to versions 10.1.3 = and 11.0.0-next.9, a denial of service (DoS) vulnerability exists in the mu= ltipart file handling logic of @adonisjs/bodyparser. When processing file u= ploads, the multipart parser may accumulate an unbounded amount of data in = memory while attempting to detect file types, potentially leading to excess= ive memory consumption and process termination. This issue has been patched=
in versions 10.1.3 and 11.0.0-next.9.</td>
<td>2026-02-06</td>
<td>7.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25762" target=3D= "_blank" rel=3D"noopener">CVE-2026-25762</a></td>

<a href=3D"https://github.com/adonisjs/core/security/advisories/GHSA-xx9g-f= h25-4q64" target=3D"_blank" rel=3D"noopener">https://github.com/adonisjs/co= re/security/advisories/GHSA-xx9g-fh25-4q64</a> <a href=3D"https://github= .com/adonisjs/bodyparser/releases/tag/v10.1.3" target=3D"_blank" rel=3D"noo= pener">https://github.com/adonisjs/bodyparser/releases/tag/v10.1.3</a> <=
a href=3D"https://github.com/adonisjs/bodyparser/releases/tag/v11.0.0-next.=
9" target=3D"_blank" rel=3D"noopener">https://github.com/adonisjs/bodyparse= r/releases/tag/v11.0.0-next.9</a> =C2=A0</td>
</tr>
</tbody>
</table>
<a href=3D"#top">Back to top</a>
</div>
<div id=3D"medium_v">
<h2 id=3D"medium_v_title">Medium Vulnerabilities</h2>
<table class=3D"table no-tablesaw" style=3D"table-layout: fixed; width: 100= %;" border=3D"1" summary=3D"Medium Vulnerabilities" align=3D"center">
<thead>

<th class=3D"vendor-product" style=3D"width: 24%;" scope=3D"col">
Primary Vendor -- Product</th>
<th style=3D"width: 44%;" scope=3D"col">Description</th>
<th style=3D"width: 10%;" scope=3D"col">Published</th>
<th style=3D"width: 8%;" scope=3D"col">CVSS Score</th>
<th style=3D"width: 7%;" scope=3D"col">Source Info</th>
<th style=3D"width: 7%;" scope=3D"col">Patch Info</th>
</tr>
</thead>
<tbody>

<td class=3D"vendor-product">Sweethawk--Zendesk App SweetHawk Survey</td> <td>Zendesk SweetHawk Survey 1.6 contains a persistent cross-site scripting=
vulnerability that allows attackers to inject malicious scripts through su= pport ticket submissions. Attackers can insert XSS payloads like script tag=
s into ticket text that automatically execute when survey pages are loaded =
by other users.</td>
<td>2026-02-03</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2019-25263" target=3D= "_blank" rel=3D"noopener">CVE-2019-25263</a></td>

<a href=3D"https://www.exploit-db.com/exploits/47781" target=3D"_blank" rel= =3D"noopener">ExploitDB-47781</a> <a href=3D"https://sweethawk.co/zendes= k/survey-app" target=3D"_blank" rel=3D"noopener">SweetHawk Survey App Vendo=
r Homepage</a> <a href=3D"https://www.zendesk.com/apps/support/survey/" = target=3D"_blank" rel=3D"noopener">Zendesk Survey App Software Page</a> =
<a href=3D"https://www.vulncheck.com/advisories/zendesk-app-sweethawk-surve= y-persistent-cross-site-scripting" target=3D"_blank" rel=3D"noopener">VulnC= heck Advisory: Zendesk App SweetHawk Survey 1.6 - Persistent Cross-Site Scr= ipting</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Snipeitapp--IT Open Source Asset Management</t=

<td>Snipe-IT 4.7.5 contains a persistent cross-site scripting vulnerability=
that allows authorized users to upload malicious SVG files with embedded J= avaScript. Attackers can craft SVG files with script tags to execute arbitr= ary JavaScript when the accessory is viewed by other users.</td> <td>2026-02-03</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2019-25264" target=3D= "_blank" rel=3D"noopener">CVE-2019-25264</a></td>

<a href=3D"https://www.exploit-db.com/exploits/47756" target=3D"_blank" rel= =3D"noopener">ExploitDB-47756</a> <a href=3D"https://snipeitapp.com/" ta= rget=3D"_blank" rel=3D"noopener">Official Vendor Homepage</a> <a href=3D= "https://github.com/snipe/snipe-it/releases/tag/v4.7.5" target=3D"_blank" r= el=3D"noopener">Snipe-IT Software Release v4.7.5</a> <a href=3D"https://= www.vulncheck.com/advisories/snipe-it-open-source-asset-management-persiste= nt-cross-site-scripting" target=3D"_blank" rel=3D"noopener">VulnCheck Advis= ory: Snipe-IT Open Source Asset Management 4.7.5 - Persistent Cross-Site Sc= ripting</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Bigprof--Online Inventory Manager</td>
<td>Online Inventory Manager 3.2 contains a stored cross-site scripting vul= nerability in the group description field of the admin edit groups section.=
Attackers can inject malicious JavaScript through the description field th=
at will execute when the groups page is viewed, allowing potential cookie t= heft and client-side script execution.</td>
<td>2026-02-03</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2019-25265" target=3D= "_blank" rel=3D"noopener">CVE-2019-25265</a></td>

<a href=3D"https://www.exploit-db.com/exploits/47725" target=3D"_blank" rel= =3D"noopener">ExploitDB-47725</a> <a href=3D"https://bigprof.com" target= =3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a href=3D"https://bigp= rof.com/appgini/applications/online-inventory-manager" target=3D"_blank" re= l=3D"noopener">Software Download Page</a> <a href=3D"https://www.vulnche= ck.com/advisories/online-inventory-manager-persistent-cross-site-scripting"=
target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Online Inventory Ma= nager 3.2 - Persistent Cross-Site Scripting</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">lolypop55--html5_snmp</td>
<td>html5_snmp 1.11 contains a persistent cross-site scripting vulnerabilit=
y that allows attackers to inject malicious scripts through the 'Remark' pa= rameter in add_router_operation.php. Attackers can craft a POST request wit=
h a script payload in the Remark field to execute arbitrary JavaScript in v= ictim browsers when the page is loaded.</td>
<td>2026-02-06</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2019-25294" target=3D= "_blank" rel=3D"noopener">CVE-2019-25294</a></td>

<a href=3D"https://www.exploit-db.com/exploits/47587" target=3D"_blank" rel= =3D"noopener">ExploitDB-47587</a> <a href=3D"https://github.com/lolypop5= 5/html5_snmp" target=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a = href=3D"https://www.vulncheck.com/advisories/htmlsnmp-remark-persistent-cro= ss-site-scripting" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: h= tml5_snmp 1.11 - 'Remark' Persistent Cross-Site Scripting</a> =C2=A0</td=

</tr>

<td class=3D"vendor-product">thrsrossi--Millhouse Project</td> <td>Millhouse-Project 1.414 contains a persistent cross-site scripting vuln= erability in the comment submission functionality that allows attackers to = inject malicious scripts. Attackers can post comments with embedded JavaScr= ipt through the 'content' parameter in add_comment_sql.php to execute arbit= rary scripts in victim browsers.</td>
<td>2026-02-06</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2019-25301" target=3D= "_blank" rel=3D"noopener">CVE-2019-25301</a></td>

<a href=3D"https://www.exploit-db.com/exploits/47583" target=3D"_blank" rel= =3D"noopener">ExploitDB-47583</a> <a href=3D"https://github.com/thrsross= i/Millhouse-Project" target=3D"_blank" rel=3D"noopener">Vendor Homepage</a>= <a href=3D"https://www.vulncheck.com/advisories/thrsrossi-millhouse-pro= ject-content-persistent-cross-site-scripting" target=3D"_blank" rel=3D"noop= ener">VulnCheck Advisory: thrsrossi Millhouse-Project 1.414 - 'content' Per= sistent Cross-Site Scripting</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Twinkle Toes Software--Booked Scheduler</td> <td>Booked Scheduler 2.7.7 contains a directory traversal vulnerability in = the manage_email_templates.php script that allows authenticated administrat= ors to access unauthorized files. Attackers can exploit the vulnerable 'tn'=
parameter to read files outside the intended directory by manipulating dir= ectory path traversal techniques.</td>
<td>2026-02-03</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37077" target=3D= "_blank" rel=3D"noopener">CVE-2020-37077</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48428" target=3D"_blank" rel= =3D"noopener">ExploitDB-48428</a> <a href=3D"https://www.bookedscheduler= .com" target=3D"_blank" rel=3D"noopener">Booked Scheduler Official Website<= /a> <a href=3D"https://web.archive.org/web/20190612055926/https://source= forge.net/projects/phpscheduleit/" target=3D"_blank" rel=3D"noopener">Archi= ved Booked Scheduler SourceForge Page</a> <a href=3D"https://www.vulnche= ck.com/advisories/booked-scheduler-authenticated-directory-traversal" targe= t=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Booked Scheduler 2.7.7 - = Authenticated Directory Traversal</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Rubikon Teknoloji--Easy Transfer</td>
<td>Easy Transfer 1.7 iOS mobile application contains a directory traversal=
vulnerability that allows remote attackers to access unauthorized file sys= tem paths without authentication. Attackers can exploit the vulnerability b=
y manipulating path parameters in GET and POST requests to list or download=
sensitive system files and inject malicious scripts into application param= eters.</td>
<td>2026-02-03</td>
<td>6.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37086" target=3D= "_blank" rel=3D"noopener">CVE-2020-37086</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48395" target=3D"_blank" rel= =3D"noopener">ExploitDB-48395</a> <a href=3D"https://www.vulnerability-l= ab.com/get_content.php?id=3D2223" target=3D"_blank" rel=3D"noopener">Vulner= ability-Lab Advisory</a> <a href=3D"https://apps.apple.com/us/app/easy-t= ransfer-wifi-transfer/id1484667078" target=3D"_blank" rel=3D"noopener">Offi= cial App Store Product Page</a> <a href=3D"https://www.vulncheck.com/adv= isories/easy-transfer-for-ios-directory-traversal" target=3D"_blank" rel=3D= "noopener">VulnCheck Advisory: Easy Transfer 1.7 for iOS - Directory Traver= sal</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Dnnsoftware--DotNetNuke</td>
<td>DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability=
that allows normal users to upload malicious XML files with executable scr= ipts through journal tools. Attackers can upload XML files with XHTML names= pace scripts to execute arbitrary JavaScript in users' browsers, potentiall=
y bypassing CSRF protections and performing more damaging attacks.</td> <td>2026-02-03</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37103" target=3D= "_blank" rel=3D"noopener">CVE-2020-37103</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48124" target=3D"_blank" rel= =3D"noopener">ExploitDB-48124</a> <a href=3D"http://dnnsoftware.com/" ta= rget=3D"_blank" rel=3D"noopener">DotNetNuke Official Vendor Homepage</a><br= ><a href=3D"https://medium.com/@SajjadPourali/dnn-dotnetnuke-cms-not-as-sec= ure-as-you-think-e8516f789175" target=3D"_blank" rel=3D"noopener">Vulnerabi= lity Analysis Blog Post</a> <a href=3D"https://www.vulncheck.com/advisor= ies/dotnetnuke-persistent-cross-site-scripting" target=3D"_blank" rel=3D"no= opener">VulnCheck Advisory: DotNetNuke 9.5 - Persistent Cross-Site Scriptin= g</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Davidvg--60CycleCMS</td>
<td>60CycleCMS 2.5.2 contains a cross-site scripting (XSS) vulnerability in=
news.php that allows attackers to inject malicious scripts through GET par= ameters. Attackers can craft malicious URLs with XSS payloads targeting the=
'etsu' and 'ltsu' parameters to execute arbitrary scripts in victim's brow= sers. This issue does not involve SQL injection.</td>
<td>2026-02-03</td>
<td>6.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37111" target=3D= "_blank" rel=3D"noopener">CVE-2020-37111</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48177" target=3D"_blank" rel= =3D"noopener">ExploitDB-48177</a> <a href=3D"http://davidvg.com/" target= =3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a href=3D"https://www.= opensourcecms.com/60cyclecms" target=3D"_blank" rel=3D"noopener">Software D= ownload Link</a> <a href=3D"https://www.vulncheck.com/advisories/cyclecm= s-newsphp-cross-site-scripting-xss-vulnerability" target=3D"_blank" rel=3D"= noopener">VulnCheck Advisory: 60CycleCMS 2.5.2 - 'news.php' Cross-site Scri= pting (XSS) Vulnerability</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Openeclass--GUnet OpenEclass</td>
<td>GUnet OpenEclass 1.7.3 stores user credentials in plaintext, allowing a= dministrators to view all registered users' usernames and passwords without=
encryption. This vulnerability exposes sensitive information and increases=
the risk of credential theft and unauthorized access.</td>
<td>2026-02-03</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37115" target=3D= "_blank" rel=3D"noopener">CVE-2020-37115</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48163" target=3D"_blank" rel= =3D"noopener">ExploitDB-48163</a> <a href=3D"https://www.openeclass.org/=
" target=3D"_blank" rel=3D"noopener">Official Vendor Homepage</a> <a hre= f=3D"https://download.openeclass.org/files/docs/1.7/CHANGES.txt" target=3D"= _blank" rel=3D"noopener">Changelog</a> <a href=3D"https://www.vulncheck.= com/advisories/gunet-openeclass-e-learning-platform-plaintext-password-stor= age" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: GUnet OpenEclas=
s 1.7.3 E-learning platform - Plaintext Password Storage</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">EmTec--ZOC Terminal</td>
<td>ZOC Terminal 7.25.5 contains a script processing vulnerability that all= ows local attackers to crash the application by loading a maliciously craft=
ed REXX script file. Attackers can generate an oversized script with 20,000=
repeated characters to trigger an application crash and cause a denial of = service.</td>
<td>2026-02-05</td>
<td>6.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37128" target=3D= "_blank" rel=3D"noopener">CVE-2020-37128</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48302" target=3D"_blank" rel= =3D"noopener">ExploitDB-48302</a> <a href=3D"https://www.emtec.com" targ= et=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a href=3D"https://ww= w.vulncheck.com/advisories/zoc-terminal-script-denial-of-service" target=3D= "_blank" rel=3D"noopener">VulnCheck Advisory: ZOC Terminal 7.25.5 - 'Script=
' Denial of Service</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Nsauditor--Product Key Explorer</td>
<td>Nsauditor Product Key Explorer 4.2.2.0 contains a denial of service vul= nerability that allows local attackers to crash the application by inputtin=
g a specially crafted registration key. Attackers can generate a payload of=
1000 bytes of repeated characters and paste it into the 'Key' input field =
to trigger the application crash.</td>
<td>2026-02-05</td>
<td>6.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37131" target=3D= "_blank" rel=3D"noopener">CVE-2020-37131</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48284" target=3D"_blank" rel= =3D"noopener">ExploitDB-48284</a> <a href=3D"http://www.nsauditor.com" t= arget=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a href=3D"https:/= /www.vulncheck.com/advisories/product-key-explorer-key-denial-of-service" t= arget=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Product Key Explorer = 4.2.2.0 - 'Key' Denial of Service</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">UltraVNC Team--UltraVNC Launcher</td>
<td>UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in=
its password configuration properties that allows local attackers to crash=
the application. Attackers can paste an overly long 300-character string i= nto the password field to trigger an application crash and prevent normal l= auncher functionality.</td>
<td>2026-02-05</td>
<td>6.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37132" target=3D= "_blank" rel=3D"noopener">CVE-2020-37132</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48290" target=3D"_blank" rel= =3D"noopener">ExploitDB-48290</a> <a href=3D"https://www.uvnc.com/" targ= et=3D"_blank" rel=3D"noopener">UltraVNC Official Homepage</a> <a href=3D= "https://www.vulncheck.com/advisories/ultravnc-launcher-password-denial-of-= service" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: UltraVNC La= uncher 1.2.4.0 - 'Password' Denial of Service</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">PHP Fusion--PHP Fusion</td>
<td>PHP-Fusion 9.03.50 contains a remote code execution vulnerability in th=
e 'add_panel_form()' function that allows attackers to execute arbitrary co=
de through an eval() function with unsanitized POST data. Attackers can exp= loit the vulnerability by sending crafted panel_content POST parameters to = the panels.php administration endpoint to execute malicious code.</td> <td>2026-02-05</td>
<td>6.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37137" target=3D= "_blank" rel=3D"noopener">CVE-2020-37137</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48278" target=3D"_blank" rel= =3D"noopener">ExploitDB-48278</a> <a href=3D"https://www.php-fusion.co.u=
k" target=3D"_blank" rel=3D"noopener">PHP Fusion Official Website</a> <a=
href=3D"https://www.vulncheck.com/advisories/php-fusion-panelsphp-eval-inj= ection" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: PHP-Fusion 9= .03.50 - 'panels.php' Eval Injection</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Veridium--SprintWork</td>
<td>SprintWork 2.3.1 contains multiple local privilege escalation vulnerabi= lities through insecure file, service, and folder permissions on Windows sy= stems. Local unprivileged users can exploit missing executable files and we=
ak service configurations to create a new administrative user and gain comp= lete system access.</td>
<td>2026-02-06</td>
<td>6.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37160" target=3D= "_blank" rel=3D"noopener">CVE-2020-37160</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48070" target=3D"_blank" rel= =3D"noopener">ExploitDB-48070</a> <a href=3D"https://veridium.net" targe= t=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a href=3D"https://ver= idium.net/sprintwork/" target=3D"_blank" rel=3D"noopener">Product Informati=
on Page</a> <a href=3D"https://www.vulncheck.com/advisories/sprintwork-l= ocal-privilege-escalation" target=3D"_blank" rel=3D"noopener">VulnCheck Adv= isory: SprintWork 2.3.1 - Local Privilege Escalation</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Celestial Software--AbsoluteTelnet</td> <td>AbsoluteTelnet 11.12 contains a denial of service vulnerability that al= lows local attackers to crash the application by supplying an oversized lic= ense name. Attackers can generate a 2500-character payload and paste it int=
o the license entry field to trigger an application crash.</td> <td>2026-02-06</td>
<td>6.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37164" target=3D= "_blank" rel=3D"noopener">CVE-2020-37164</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48005" target=3D"_blank" rel= =3D"noopener">ExploitDB-48005</a> <a href=3D"https://www.celestialsoftwa= re.net/" target=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a href= =3D"https://www.vulncheck.com/advisories/absolutetelnet-license-entry-denia= l-of-service" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Absolu= teTelnet 11.12 - "license entry" Denial of Service</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Celestial Software--AbsoluteTelnet</td> <td>AbsoluteTelnet 11.12 contains a denial of service vulnerability that al= lows local attackers to crash the application by supplying an oversized lic= ense name. Attackers can generate a 2500-character payload and paste it int=
o the license name field to trigger an application crash.</td> <td>2026-02-06</td>
<td>6.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37165" target=3D= "_blank" rel=3D"noopener">CVE-2020-37165</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48006" target=3D"_blank" rel= =3D"noopener">ExploitDB-48006</a> <a href=3D"https://www.celestialsoftwa= re.net/" target=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a href= =3D"https://www.vulncheck.com/advisories/absolutetelnet-license-name-denial= -of-service" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Absolut= eTelnet 11.12 - "license name" Denial of Service</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Celestial Software--AbsoluteTelnet</td> <td>AbsoluteTelnet 11.12 contains a denial of service vulnerability in the = SSH2 username input field that allows local attackers to crash the applicat= ion. Attackers can overwrite the username field with a 1000-byte buffer, ca= using the application to become unresponsive and terminate.</td> <td>2026-02-06</td>
<td>6.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37166" target=3D= "_blank" rel=3D"noopener">CVE-2020-37166</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48010" target=3D"_blank" rel= =3D"noopener">ExploitDB-48010</a> <a href=3D"https://www.celestialsoftwa= re.net/" target=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a href= =3D"https://www.vulncheck.com/advisories/absolutetelnet-sshusername-denial-= of-service" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Absolute= Telnet 11.12 - 'SSH2/username' Denial of Service</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Raimersoft--TapinRadio</td>
<td>TapinRadio 2.12.3 contains a denial of service vulnerability in the app= lication proxy address configuration that allows local attackers to crash t=
he application. Attackers can overwrite the address field with 3000 bytes o=
f arbitrary data to trigger an application crash and prevent normal program=
functionality.</td>
<td>2026-02-06</td>
<td>6.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37170" target=3D= "_blank" rel=3D"noopener">CVE-2020-37170</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48011" target=3D"_blank" rel= =3D"noopener">ExploitDB-48011</a> <a href=3D"https://www.raimersoft.com/= php/tapinradio.php" target=3D"_blank" rel=3D"noopener">TapinRadio Product W= ebpage</a> <a href=3D"https://www.vulncheck.com/advisories/tapinradio-ad= dress-denial-of-service" target=3D"_blank" rel=3D"noopener">VulnCheck Advis= ory: TapinRadio 2.12.3 - 'address' Denial of Service</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Raimersoft--TapinRadio</td>
<td>TapinRadio 2.12.3 contains a denial of service vulnerability in the app= lication proxy username configuration that allows local attackers to crash = the application. Attackers can overwrite the username field with 10,000 byt=
es of arbitrary data to trigger an application crash and prevent normal pro= gram functionality.</td>
<td>2026-02-06</td>
<td>6.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37171" target=3D= "_blank" rel=3D"noopener">CVE-2020-37171</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48013" target=3D"_blank" rel= =3D"noopener">ExploitDB-48013</a> <a href=3D"https://www.raimersoft.com/= php/tapinradio.php" target=3D"_blank" rel=3D"noopener">TapinRadio Product W= ebpage</a> <a href=3D"https://www.vulncheck.com/advisories/tapinradio-us= ername-denial-of-service" target=3D"_blank" rel=3D"noopener">VulnCheck Advi= sory: TapinRadio 2.12.3 - 'username' Denial of Service</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Innomic--VibroLine VLX1 HD 5.0</td>
<td>An unauthenticated adjacent attacker could potentially disrupt operatio=
ns by switching between multiple configuration presets via Modbus (RS485).<=

<td>2026-02-02</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2022-50979" target=3D= "_blank" rel=3D"noopener">CVE-2022-50979</a></td>

<a href=3D"https://www.innomic.com/.well-known/csaf/white/2026/ids-2026-000= 1.html" target=3D"_blank" rel=3D"noopener">https://www.innomic.com/.well-kn= own/csaf/white/2026/ids-2026-0001.html</a> <a href=3D"https://www.innomi= c.com/.well-known/csaf/white/2026/ids-2026-0001.json" target=3D"_blank" rel= =3D"noopener">https://www.innomic.com/.well-known/csaf/white/2026/ids-2026-= 0001.json</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Innomic--VibroLine VLX1 HD 5.0</td>
<td>A unauthenticated adjacent attacker could potentially disrupt operation=
s by switching between multiple configuration presets via CAN.</td> <td>2026-02-02</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2022-50980" target=3D= "_blank" rel=3D"noopener">CVE-2022-50980</a></td>

<a href=3D"https://www.innomic.com/.well-known/csaf/white/2026/ids-2026-000= 1.html" target=3D"_blank" rel=3D"noopener">https://www.innomic.com/.well-kn= own/csaf/white/2026/ids-2026-0001.html</a> <a href=3D"https://www.innomi= c.com/.well-known/csaf/white/2026/ids-2026-0001.json" target=3D"_blank" rel= =3D"noopener">https://www.innomic.com/.well-known/csaf/white/2026/ids-2026-= 0001.json</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">IBM--Concert</td>
<td>IBM Concert 1.0.0 through 2.1.0 does not invalidate session after logou=
t which could allow an authenticated user to impersonate another user on th=
e system.</td>
<td>2026-02-04</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2024-43181" target=3D= "_blank" rel=3D"noopener">CVE-2024-43181</a></td>

<a href=3D"https://www.ibm.com/support/pages/node/7257006" target=3D"_blank=
" rel=3D"noopener">https://www.ibm.com/support/pages/node/7257006</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">IBM--Concert</td>
<td>IBM Concert 1.0.0 through 2.1.0 is vulnerable to HTTP header injection,=
caused by improper validation of input by the HOST headers. This could all=
ow an attacker to conduct various attacks against the vulnerable system, in= cluding cross-site scripting, cache poisoning or session hijacking.</td> <td>2026-02-04</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2024-51451" target=3D= "_blank" rel=3D"noopener">CVE-2024-51451</a></td>

<a href=3D"https://www.ibm.com/support/pages/node/7257006" target=3D"_blank=
" rel=3D"noopener">https://www.ibm.com/support/pages/node/7257006</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">boldthemes--Bold Page Builder</td>
<td>The Bold Page Builder plugin for WordPress is vulnerable to Stored Cros= s-Site Scripting via the plugin's bt_bb_raw_content shortcode in all versio=
ns up to, and including, 5.4.8 due to insufficient input sanitization and o= utput escaping on user supplied attributes. This makes it possible for auth= enticated attackers, with contributor-level access and above, to inject arb= itrary web scripts in pages that will execute whenever a user accesses an i= njected page.</td>
<td>2026-02-07</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-12159" target=3D= "_blank" rel=3D"noopener">CVE-2025-12159</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/f492dc= b6-0aa7-476d-bb85-c81a136d02a6?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/f492dcb6-0aa= 7-476d-bb85-c81a136d02a6?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/bold-page-builder/tags/5.4.8/content_elements/bt_bb= _raw_content/bt_bb_raw_content.php#L25" target=3D"_blank" rel=3D"noopener">= https://plugins.trac.wordpress.org/browser/bold-page-builder/tags/5.4.8/con= tent_elements/bt_bb_raw_content/bt_bb_raw_content.php#L25</a> =C2=A0</td=

</tr>

<td class=3D"vendor-product">boldthemes--Bold Page Builder</td>
<td>The Bold Page Builder plugin for WordPress is vulnerable to Stored Cros= s-Site Scripting via the plugin 'bt_bb_tabs' shortcode in all versions up t=
o, and including, 5.5.1 due to insufficient input sanitization and output e= scaping on user supplied attributes. This makes it possible for authenticat=
ed attackers, with contributor-level access and above, to inject arbitrary = web scripts in pages that will execute whenever a user accesses an injected=
page.</td>
<td>2026-02-07</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-12803" target=3D= "_blank" rel=3D"noopener">CVE-2025-12803</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/64f303= 29-ecf2-4e30-bc23-9d447e239e08?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/64f30329-ecf= 2-4e30-bc23-9d447e239e08?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/bold-page-builder/tags/5.4.8/content_elements/bt_bb= _tabs/bt_bb_tabs.php" target=3D"_blank" rel=3D"noopener">https://plugins.tr= ac.wordpress.org/browser/bold-page-builder/tags/5.4.8/content_elements/bt_b= b_tabs/bt_bb_tabs.php</a> <a href=3D"https://plugins.trac.wordpress.org/= browser/bold-page-builder/tags/5.4.8/content_elements/bt_bb_tabs/bt_bb_tabs= .php#L65" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress= .org/browser/bold-page-builder/tags/5.4.8/content_elements/bt_bb_tabs/bt_bb= _tabs.php#L65</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">boldthemes--Bold Page Builder</td>
<td>The Bold Page Builder plugin for WordPress is vulnerable to Stored Cros= s-Site Scripting via the Post Grid component in all versions up to, and inc= luding, 5.5.3 due to insufficient input sanitization and output escaping. T= his makes it possible for authenticated attackers, with Author-level access=
and above, to inject arbitrary web scripts in pages that will execute when= ever a user accesses an injected page.</td>
<td>2026-02-07</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-13463" target=3D= "_blank" rel=3D"noopener">CVE-2025-13463</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/865ff4= bf-608e-45f0-a160-35581b82cc2b?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/865ff4bf-608= e-45f0-a160-35581b82cc2b?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/bold-page-builder/tags/5.5.3/content_elements/bt_bb= _css_post_grid/bt_bb_css_post_grid.php#L46" target=3D"_blank" rel=3D"noopen= er">https://plugins.trac.wordpress.org/browser/bold-page-builder/tags/5.5.3= /content_elements/bt_bb_css_post_grid/bt_bb_css_post_grid.php#L46</a> <a=
href=3D"https://plugins.trac.wordpress.org/browser/bold-page-builder/tags/= 5.5.3/content_elements/bt_bb_css_post_grid/bt_bb_css_post_grid.js#L8" targe= t=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/browser/bo= ld-page-builder/tags/5.5.3/content_elements/bt_bb_css_post_grid/bt_bb_css_p= ost_grid.js#L8</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">IBM--webMethods Integration (on prem) - Integr= ation Server</td>
<td>IBM webMethods Integration (on prem) - Integration Server 10.15 through=
IS_10.15_Core_Fix2411.1 to IS_11.1_Core_Fix8 IBM webMethods Integration co= uld disclose sensitive user information in server responses.</td> <td>2026-02-05</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-14150" target=3D= "_blank" rel=3D"noopener">CVE-2025-14150</a></td>

<a href=3D"https://www.ibm.com/support/pages/node/7259518" target=3D"_blank=
" rel=3D"noopener">https://www.ibm.com/support/pages/node/7259518</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">Docker Inc.--Docker Desktop</td>
<td>Docker Desktop for Windows contains multiple incorrect permission assig= nment vulnerabilities in the installer's handling of the C:\ProgramData\Doc= kerDesktop directory. The installer creates this directory without proper o= wnership verification, creating two exploitation scenarios: Scenario 1 (Per= sistent Attack): If a low-privileged attacker pre-creates C:\ProgramData\Do= ckerDesktop before Docker Desktop installation, the attacker retains owners= hip of the directory even after the installer applies restrictive ACLs. At = any time after installation completes, the attacker can modify the director=
y ACL (as the owner) and tamper with critical configuration files such as i= nstall-settings.json to specify a malicious credentialHelper, causing arbit= rary code execution when any user runs Docker Desktop. Scenario 2 (TOCTOU A= ttack): During installation, there is a time-of-check-time-of-use (TOCTOU) = race condition between when the installer creates C:\ProgramData\DockerDesk= top and when it sets secure ACLs. A low-privileged attacker actively monito= ring for the installation can inject malicious files (such as install-setti= ngs.json) with attacker-controlled ACLs during this window, achieving the s= ame code execution outcome.</td>
<td>2026-02-04</td>
<td>6.7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-14740" target=3D= "_blank" rel=3D"noopener">CVE-2025-14740</a></td>

<a href=3D"https://docs.docker.com/security/" target=3D"_blank" rel=3D"noop= ener">https://docs.docker.com/security/</a> <a href=3D"https://www.zerod= ayinitiative.com/advisories/ZDI-CAN-28542/" target=3D"_blank" rel=3D"noopen= er">https://www.zerodayinitiative.com/advisories/ZDI-CAN-28542/</a> <a h= ref=3D"https://www.zerodayinitiative.com/advisories/ZDI-CAN-28190/" target= =3D"_blank" rel=3D"noopener">https://www.zerodayinitiative.com/advisories/Z= DI-CAN-28190/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">lwsdevelopers--MyRewards Loyalty Points and Re= wards for WooCommerce Reward orders, referrals, product reviews and more</t=

<td>The MyRewards - Loyalty Points and Rewards for WooCommerce plugin for W= ordPress is vulnerable to missing authorization in all versions up to, and = including, 5.6.0. This is due to the plugin not properly verifying that a u= ser is authorized to perform an action in the 'ajax' function. This makes i=
t possible for authenticated attackers, with subscriber level access and ab= ove, to modify, add, or delete loyalty program earning rules, including man= ipulating point multipliers to arbitrary values.</td>
<td>2026-02-04</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15260" target=3D= "_blank" rel=3D"noopener">CVE-2025-15260</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/2591f4= 73-44ff-4319-8b17-b0f793a29d66?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/2591f473-44f= f-4319-8b17-b0f793a29d66?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/woorewards/tags/5.6.0/assets/lws-adminpanel/include= /internal/editlistcontroler.php#L76" target=3D"_blank" rel=3D"noopener">htt= ps://plugins.trac.wordpress.org/browser/woorewards/tags/5.6.0/assets/lws-ad= minpanel/include/internal/editlistcontroler.php#L76</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">boldthemes--Bold Page Builder</td>
<td>The Bold Page Builder plugin for WordPress is vulnerable to Stored Cros= s-Site Scripting via the plugin's bt_bb_accordion_item shortcode in all ver= sions up to, and including, 5.5.7 due to insufficient input sanitization an=
d output escaping on user supplied attributes. This makes it possible for a= uthenticated attackers, with contributor-level access and above, to inject = arbitrary web scripts in pages that will execute whenever a user accesses a=
n injected page.</td>
<td>2026-02-07</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15267" target=3D= "_blank" rel=3D"noopener">CVE-2025-15267</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/38a3b3= bf-9538-4ae8-9da4-d4b48805763b?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/38a3b3bf-953= 8-4ae8-9da4-d4b48805763b?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/bold-page-builder/tags/5.5.7/content_elements/bt_bb= _accordion_item/bt_bb_accordion_item.php?marks=3D28#L28" target=3D"_blank" = rel=3D"noopener">https://plugins.trac.wordpress.org/browser/bold-page-build= er/tags/5.5.7/content_elements/bt_bb_accordion_item/bt_bb_accordion_item.ph= p?marks=3D28#L28</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Tanium--Tanium Appliance</td>
<td>Tanium addressed an improper output sanitization vulnerability in Taniu=
m Appliance.</td>
<td>2026-02-05</td>
<td>6.6</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15312" target=3D= "_blank" rel=3D"noopener">CVE-2025-15312</a></td>

<a href=3D"https://security.tanium.com/TAN-2025-003" target=3D"_blank" rel= =3D"noopener">TAN-2025-003</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Tanium--Engage</td>
<td>Tanium addressed a documentation issue in Engage.</td>
<td>2026-02-05</td>
<td>6.6</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15324" target=3D= "_blank" rel=3D"noopener">CVE-2025-15324</a></td>

<a href=3D"https://security.tanium.com/TAN-2025-004" target=3D"_blank" rel= =3D"noopener">TAN-2025-004</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Tanium--Discover</td>
<td>Tanium addressed an improper input validation vulnerability in Discover= .</td>
<td>2026-02-05</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15325" target=3D= "_blank" rel=3D"noopener">CVE-2025-15325</a></td>

<a href=3D"https://security.tanium.com/TAN-2025-005" target=3D"_blank" rel= =3D"noopener">TAN-2025-005</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Tanium--Performance</td>
<td>Tanium addressed an incorrect default permissions vulnerability in Perf= ormance.</td>
<td>2026-02-05</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15336" target=3D= "_blank" rel=3D"noopener">CVE-2025-15336</a></td>

<a href=3D"https://security.tanium.com/TAN-2025-029" target=3D"_blank" rel= =3D"noopener">TAN-2025-029</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Tanium--Patch</td>
<td>Tanium addressed an incorrect default permissions vulnerability in Patc= h.</td>
<td>2026-02-05</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15337" target=3D= "_blank" rel=3D"noopener">CVE-2025-15337</a></td>

<a href=3D"https://security.tanium.com/TAN-2025-029" target=3D"_blank" rel= =3D"noopener">TAN-2025-029</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Tanium--Partner Integration</td>
<td>Tanium addressed an incorrect default permissions vulnerability in Part= ner Integration.</td>
<td>2026-02-05</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15338" target=3D= "_blank" rel=3D"noopener">CVE-2025-15338</a></td>

<a href=3D"https://security.tanium.com/TAN-2025-029" target=3D"_blank" rel= =3D"noopener">TAN-2025-029</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Tanium--Discover</td>
<td>Tanium addressed an incorrect default permissions vulnerability in Disc= over.</td>
<td>2026-02-05</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15339" target=3D= "_blank" rel=3D"noopener">CVE-2025-15339</a></td>

<a href=3D"https://security.tanium.com/TAN-2025-029" target=3D"_blank" rel= =3D"noopener">TAN-2025-029</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Tanium--Comply</td>
<td>Tanium addressed an incorrect default permissions vulnerability in Comp= ly.</td>
<td>2026-02-05</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15340" target=3D= "_blank" rel=3D"noopener">CVE-2025-15340</a></td>

<a href=3D"https://security.tanium.com/TAN-2025-029" target=3D"_blank" rel= =3D"noopener">TAN-2025-029</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Tanium--Benchmark</td>
<td>Tanium addressed an incorrect default permissions vulnerability in Benc= hmark.</td>
<td>2026-02-05</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15341" target=3D= "_blank" rel=3D"noopener">CVE-2025-15341</a></td>

<a href=3D"https://security.tanium.com/TAN-2025-029" target=3D"_blank" rel= =3D"noopener">TAN-2025-029</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Tanium--Enforce</td>
<td>Tanium addressed an incorrect default permissions vulnerability in Enfo= rce.</td>
<td>2026-02-05</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15343" target=3D= "_blank" rel=3D"noopener">CVE-2025-15343</a></td>

<a href=3D"https://security.tanium.com/TAN-2025-032" target=3D"_blank" rel= =3D"noopener">TAN-2025-032</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">simonfairbairn--The Bucketlister</td>
<td>The Bucketlister plugin for WordPress is vulnerable to SQL Injection vi=
a the plugin's shortcode `category` and `id` attributes in all versions up = to, and including, 0.1.5 due to insufficient escaping on the user supplied = parameters and lack of sufficient preparation on the existing SQL query. Th=
is makes it possible for authenticated attackers, with Contributor-level ac= cess and above, to append additional SQL queries into already existing quer= ies that can be used to extract sensitive information from the database.</t=

<td>2026-02-07</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15477" target=3D= "_blank" rel=3D"noopener">CVE-2025-15477</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/fba36e= bc-a396-4eb8-8cb6-afc50b9c974e?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/fba36ebc-a39= 6-4eb8-8cb6-afc50b9c974e?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/the-bucketlister/tags/0.1.5/bucketlister.php#L19" t= arget=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/browse= r/the-bucketlister/tags/0.1.5/bucketlister.php#L19</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">HCLSoftware--HCL DevOps Velocity</td>
<td>Rate limiting for certain API calls is not being enforced, making HCL V= elocity vulnerable to Denial of Service (DoS) attacks. An attacker could fl= ood the system with a large number of requests, overwhelming its resources = and causing it to become unresponsive to legitimate users. This vulnerabili=
ty is fixed in 5.1.7.</td>
<td>2026-02-07</td>
<td>6.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-31990" target=3D= "_blank" rel=3D"noopener">CVE-2025-31990</a></td>

<a href=3D"https://support.hcl-software.com/csm?id=3Dkb_article&sysparm_art= icle=3DKB0128585" target=3D"_blank" rel=3D"noopener">https://support.hcl-so= ftware.com/csm?id=3Dkb_article&sysparm_article=3DKB0128585</a> =C2=A0</t=

</tr>

<td class=3D"vendor-product">IBM--PowerVM Hypervisor</td>
<td>IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 through F= W1060.51, and FW950.00 through FW950.F0 could allow a local user with admin= istration privileges to obtain sensitive information from a Virtual TPM thr= ough a series of PowerVM service procedures.</td>
<td>2026-02-02</td>
<td>6</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-36238" target=3D= "_blank" rel=3D"noopener">CVE-2025-36238</a></td>

<a href=3D"https://www.ibm.com/support/pages/node/7257556" target=3D"_blank=
" rel=3D"noopener">https://www.ibm.com/support/pages/node/7257556</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">IBM--Cloud Pak for Business Automation</td> <td>IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix=
002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Inte= rim Fix 007=C2=A0 is vulnerable to stored cross-site scripting. This vulner= ability allows an authenticated user to embed arbitrary JavaScript code in = the Web UI thus altering the intended functionality potentially leading to = credentials disclosure within a trusted session.</td>
<td>2026-02-02</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-36436" target=3D= "_blank" rel=3D"noopener">CVE-2025-36436</a></td>

<a href=3D"https://www.ibm.com/support/pages/node/7259318" target=3D"_blank=
" rel=3D"noopener">https://www.ibm.com/support/pages/node/7259318</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">Qualcomm, Inc.--Snapdragon</td>
<td>Memory corruption when calculating oversized partition sizes without pr= oper checks.</td>
<td>2026-02-02</td>
<td>6.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-47363" target=3D= "_blank" rel=3D"noopener">CVE-2025-47363</a></td>

<a href=3D"https://docs.qualcomm.com/product/publicresources/securitybullet= in/february-2026-bulletin.html" target=3D"_blank" rel=3D"noopener">https://= docs.qualcomm.com/product/publicresources/securitybulletin/february-2026-bu= lletin.html</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Qualcomm, Inc.--Snapdragon</td>
<td>Memory corruption while calculating offset from partition start point.<=

<td>2026-02-02</td>
<td>6.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-47364" target=3D= "_blank" rel=3D"noopener">CVE-2025-47364</a></td>

<a href=3D"https://docs.qualcomm.com/product/publicresources/securitybullet= in/february-2026-bulletin.html" target=3D"_blank" rel=3D"noopener">https://= docs.qualcomm.com/product/publicresources/securitybulletin/february-2026-bu= lletin.html</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Qualcomm, Inc.--Snapdragon</td>
<td>Transient DOS when processing a received frame with an excessively larg=
e authentication information element.</td>
<td>2026-02-02</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-47402" target=3D= "_blank" rel=3D"noopener">CVE-2025-47402</a></td>

<a href=3D"https://docs.qualcomm.com/product/publicresources/securitybullet= in/february-2026-bulletin.html" target=3D"_blank" rel=3D"noopener">https://= docs.qualcomm.com/product/publicresources/securitybulletin/february-2026-bu= lletin.html</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">N/A--Moodle[.]org</td>
<td>A flaw was found in moodle. This formula injection vulnerability occurs=
when data fields are exported without proper escaping. A remote attacker c= ould exploit this by providing malicious data that, when exported and opene=
d in a spreadsheet, allows arbitrary formulas to execute. This can lead to = compromised data integrity and unintended operations within the spreadsheet= .</td>
<td>2026-02-03</td>
<td>6.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-67851" target=3D= "_blank" rel=3D"noopener">CVE-2025-67851</a></td>

<a href=3D"https://access.redhat.com/security/cve/CVE-2025-67851" target=3D= "_blank" rel=3D"noopener">https://access.redhat.com/security/cve/CVE-2025-6= 7851</a> <a href=3D"https://bugzilla.redhat.com/show_bug.cgi?id=3D242384=
1" target=3D"_blank" rel=3D"noopener">RHBZ#2423841</a> <a href=3D"https:= //moodle.org/mod/forum/discuss.php?d=3D471301" target=3D"_blank" rel=3D"noo= pener">https://moodle.org/mod/forum/discuss.php?d=3D471301</a> =C2=A0</t=

</tr>

<td class=3D"vendor-product">nanomq--nanomq</td>
<td>NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. I=
n version 0.24.6, NanoMQ has a protocol parsing / forwarding inconsistency = when handling shared subscriptions ($share/). A malformed SUBSCRIBE topic s= uch as $share/ab (missing the second /) is not strictly validated during th=
e subscription stage, so the invalid Topic Filter is stored into the subscr= iption table. Later, when any PUBLISH matches this subscription, the broker=
send path (nmq_pipe_send_start_v4/v5) performs a second $share/ parsing us= ing strchr() and increments the returned pointer without NULL checks. If th=
e second strchr() returns NULL, sub_topic++ turns the pointer into an inval=
id address (e.g. 0x1). This invalid pointer is then passed into topic_filte= rn(), which triggers strlen() and crashes with SIGSEGV. The crash is stable=
and remotely triggerable. This issue has been patched in version 0.24.7.</=

<td>2026-02-04</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-68699" target=3D= "_blank" rel=3D"noopener">CVE-2025-68699</a></td>

<a href=3D"https://github.com/nanomq/nanomq/security/advisories/GHSA-qv5f-c= 6v2-2f8h" target=3D"_blank" rel=3D"noopener">https://github.com/nanomq/nano= mq/security/advisories/GHSA-qv5f-c6v2-2f8h</a> <a href=3D"https://github= .com/nanomq/nanomq/commit/89d68d678e7f841ae7baa45cba8d9bc7ddc9ef4b" target= =3D"_blank" rel=3D"noopener">https://github.com/nanomq/nanomq/commit/89d68d= 678e7f841ae7baa45cba8d9bc7ddc9ef4b</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Microsoft--Microsoft Edge (Chromium-based)</td=

<td>User interface (ui) misrepresentation of critical information in Micros= oft Edge for Android allows an unauthorized attacker to perform spoofing ov=
er a network.</td>
<td>2026-02-05</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-0391" target=3D"= _blank" rel=3D"noopener">CVE-2026-0391</a></td>

<a href=3D"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0= 391" target=3D"_blank" rel=3D"noopener">Microsoft Edge (Chromium-based) for=
Android Spoofing Vulnerability</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">premmerce--Premmerce</td>
<td>The Premmerce plugin for WordPress is vulnerable to Stored Cross-Site S= cripting via the 'premmerce_wizard_actions' AJAX endpoint in all versions u=
p to, and including, 1.3.20. This is due to missing capability checks and i= nsufficient input sanitization and output escaping on the `state` parameter=
. This makes it possible for authenticated attackers, with subscriber level=
access and above, to inject arbitrary web scripts in pages that will execu=
te whenever a user accesses an injected page (the Premmerce Wizard admin pa= ge).</td>
<td>2026-02-07</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-0555" target=3D"= _blank" rel=3D"noopener">CVE-2026-0555</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/90b2a6= 44-19a0-43a1-8ff6-7486d7ef29b3?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/90b2a644-19a= 0-43a1-8ff6-7486d7ef29b3?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/premmerce/tags/1.3.20/src/Admin/Admin.php?marks=3D4= 1#L41" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.or= g/browser/premmerce/tags/1.3.20/src/Admin/Admin.php?marks=3D41#L41</a> <=
a href=3D"https://plugins.trac.wordpress.org/browser/premmerce/tags/1.3.20/= src/Admin/Handlers/WizardHandler.php?marks=3D42,50,52#L42" target=3D"_blank=
" rel=3D"noopener">https://plugins.trac.wordpress.org/browser/premmerce/tag= s/1.3.20/src/Admin/Handlers/WizardHandler.php?marks=3D42,50,52#L42</a> <=
a href=3D"https://plugins.trac.wordpress.org/browser/premmerce/tags/1.3.20/= src/Api/WizardApi.php?marks=3D38#L38" target=3D"_blank" rel=3D"noopener">ht= tps://plugins.trac.wordpress.org/browser/premmerce/tags/1.3.20/src/Api/Wiza= rdApi.php?marks=3D38#L38</a> <a href=3D"https://plugins.trac.wordpress.o= rg/browser/premmerce/tags/1.3.20/views/admin/tabs/wizard.php?marks=3D30#L30=
" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/bro= wser/premmerce/tags/1.3.20/views/admin/tabs/wizard.php?marks=3D30#L30</a><b= r>=C2=A0</td>
</tr>

<td class=3D"vendor-product">webpurify--WebPurify Profanity Filter</td>
<td>The WebPurify Profanity Filter plugin for WordPress is vulnerable to un= authorized modification of data due to a missing capability check on the 'w= ebpurify_save_options' function in all versions up to, and including, 4.0.2=
. This makes it possible for unauthenticated attackers to change plugin set= tings.</td>
<td>2026-02-04</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-0572" target=3D"= _blank" rel=3D"noopener">CVE-2026-0572</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/9283f6= ea-8bc4-4fdd-a0b9-05de127f34e4?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/9283f6ea-8bc= 4-4fdd-a0b9-05de127f34e4?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/webpurifytextreplace/trunk/webpurifytextreplace-opt= ions.php?rev=3D2343695#L92" target=3D"_blank" rel=3D"noopener">https://plug= ins.trac.wordpress.org/browser/webpurifytextreplace/trunk/webpurifytextrepl= ace-options.php?rev=3D2343695#L92</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">zealopensource--Smart Appointment & Bookin= g</td>
<td>The Smart Appointment & Booking plugin for WordPress is vulnerable =
to Stored Cross-Site Scripting via the saab_save_form_data AJAX action in a=
ll versions up to, and including, 1.0.7 due to insufficient input sanitizat= ion and output escaping on user supplied attributes. This makes it possible=
for authenticated attackers, with Subscriber-level access and above, to in= ject arbitrary web scripts in pages that will execute whenever a user acces= ses an injected page.</td>
<td>2026-02-04</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-0742" target=3D"= _blank" rel=3D"noopener">CVE-2026-0742</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/bf332c= 0d-5481-412d-b44a-b3de346d7b60?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/bf332c0d-548= 1-412d-b44a-b3de346d7b60?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/smart-appointment-booking/trunk/inc/admin/class.saa= b.admin.action.php#L1203" target=3D"_blank" rel=3D"noopener">https://plugin= s.trac.wordpress.org/browser/smart-appointment-booking/trunk/inc/admin/clas= s.saab.admin.action.php#L1203</a> <a href=3D"https://plugins.trac.wordpr= ess.org/browser/smart-appointment-booking/tags/1.0.7/inc/admin/class.saab.a= dmin.action.php#L1203" target=3D"_blank" rel=3D"noopener">https://plugins.t= rac.wordpress.org/browser/smart-appointment-booking/tags/1.0.7/inc/admin/cl= ass.saab.admin.action.php#L1203</a> <a href=3D"https://plugins.trac.word= press.org/browser/smart-appointment-booking/trunk/inc/front/class.saab.fron= t.action.php#L2189" target=3D"_blank" rel=3D"noopener">https://plugins.trac= .wordpress.org/browser/smart-appointment-booking/trunk/inc/front/class.saab= .front.action.php#L2189</a> <a href=3D"https://plugins.trac.wordpress.or= g/browser/smart-appointment-booking/tags/1.0.7/inc/front/class.saab.front.a= ction.php#L2189" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wo= rdpress.org/browser/smart-appointment-booking/tags/1.0.7/inc/front/class.sa= ab.front.action.php#L2189</a> <a href=3D"https://plugins.trac.wordpress.= org/changeset?sfp_email=3D&sfph_mail=3D&reponame=3D&old=3D3450387%40smart-a= ppointment-booking&new=3D3450387%40smart-appointment-booking&sfp_email=3D&s= fph_mail=3D" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpr= ess.org/changeset?sfp_email=3D&sfph_mail=3D&reponame=3D&old=3D3450387%40sma= rt-appointment-booking&new=3D3450387%40smart-appointment-booking&sfp_email= =3D&sfph_mail</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">catchthemes--Essential Widgets</td>
<td>The Essential Widgets plugin for WordPress is vulnerable to Stored Cros= s-Site Scripting via the plugin's ew-author, ew-archive, ew-category, ew-pa= ge, and ew-menu shortcodes in all versions up to, and including, 3.0 due to=
insufficient input sanitization and output escaping on user supplied attri= butes. This makes it possible for authenticated attackers, with contributor= -level access and above, to inject arbitrary web scripts in pages that will=
execute whenever a user accesses an injected page. NOTE: This vulnerabilit=
y was partially fixed in version 3.0.</td>
<td>2026-02-05</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-0867" target=3D"= _blank" rel=3D"noopener">CVE-2026-0867</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/08d4ed= 49-1338-422f-b55f-a102f2d1d6c8?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/08d4ed49-133= 8-422f-b55f-a102f2d1d6c8?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/changeset/3440541/essential-widgets" target=3D"_blank" rel= =3D"noopener">https://plugins.trac.wordpress.org/changeset/3440541/essentia= l-widgets</a> <a href=3D"https://plugins.trac.wordpress.org/changeset/34= 47282/essential-widgets" target=3D"_blank" rel=3D"noopener">https://plugins= .trac.wordpress.org/changeset/3447282/essential-widgets</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">thehappymonster--Happy Addons for Elementor</t=

<td>The Happy Addons for Elementor plugin for WordPress is vulnerable to St= ored Cross-Site Scripting via the '_elementor_data' meta field in all versi= ons up to, and including, 3.20.7 due to insufficient input sanitization and=
output escaping. This makes it possible for authenticated attackers, with = Contributor-level access and above, to inject arbitrary web scripts in page=
s that will execute whenever a user accesses an injected page.</td> <td>2026-02-03</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1210" target=3D"= _blank" rel=3D"noopener">CVE-2026-1210</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/df4b55= 4a-0336-404c-b06c-2bc98c99997d?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/df4b554a-033= 6-404c-b06c-2bc98c99997d?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/happy-elementor-addons/trunk/widgets/svg-draw/widge= t.php#L732" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpre= ss.org/browser/happy-elementor-addons/trunk/widgets/svg-draw/widget.php#L73= 2</a> <a href=3D"https://plugins.trac.wordpress.org/browser/happy-elemen= tor-addons/tags/3.20.4/widgets/svg-draw/widget.php#L732" target=3D"_blank" = rel=3D"noopener">https://plugins.trac.wordpress.org/browser/happy-elementor= -addons/tags/3.20.4/widgets/svg-draw/widget.php#L732</a> <a href=3D"http= s://plugins.trac.wordpress.org/browser/happy-elementor-addons/trunk/widgets= /age-gate/widget.php#L2055" target=3D"_blank" rel=3D"noopener">https://plug= ins.trac.wordpress.org/browser/happy-elementor-addons/trunk/widgets/age-gat= e/widget.php#L2055</a> <a href=3D"https://plugins.trac.wordpress.org/bro= wser/happy-elementor-addons/tags/3.20.4/widgets/age-gate/widget.php#L2055" = target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/brows= er/happy-elementor-addons/tags/3.20.4/widgets/age-gate/widget.php#L2055</a>= <a href=3D"https://plugins.trac.wordpress.org/browser/happy-elementor-a= ddons/trunk/widgets/age-gate/widget.php#L2120" target=3D"_blank" rel=3D"noo= pener">https://plugins.trac.wordpress.org/browser/happy-elementor-addons/tr= unk/widgets/age-gate/widget.php#L2120</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/happy-elementor-addons/tags/3.20.4/widgets/age-gate= /widget.php#L2120" target=3D"_blank" rel=3D"noopener">https://plugins.trac.= wordpress.org/browser/happy-elementor-addons/tags/3.20.4/widgets/age-gate/w= idget.php#L2120</a> <a href=3D"https://plugins.trac.wordpress.org/change= set/3451894/happy-elementor-addons/trunk/widgets/svg-draw/widget.php?old=3D= 3312461&old_path=3Dhappy-elementor-addons%2Ftrunk%2Fwidgets%2Fsvg-draw%2Fwi= dget.php" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress= .org/changeset/3451894/happy-elementor-addons/trunk/widgets/svg-draw/widget= .php?old=3D3312461&old_path=3Dhappy-elementor-addons%2Ftrunk%2Fwidgets%2Fsv= g-draw%2Fwidget.php</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">jackdewey--Events Listing Widget</td>
<td>The Events Listing Widget plugin for WordPress is vulnerable to Stored = Cross-Site Scripting via the 'Event URL' parameter in all versions up to, a=
nd including, 1.3.4 due to insufficient input sanitization and output escap= ing. This makes it possible for authenticated attackers, with Author-level = access and above, to inject arbitrary web scripts in pages that will execut=
e whenever a user accesses an injected page.</td>
<td>2026-02-06</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1252" target=3D"= _blank" rel=3D"noopener">CVE-2026-1252</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/7f3b13= a5-0711-4ad3-b11c-f8556e1ca9f9?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/7f3b13a5-071= 1-4ad3-b11c-f8556e1ca9f9?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/events-listing-widget/trunk/events-listing-widget.p= hp#L266" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.= org/browser/events-listing-widget/trunk/events-listing-widget.php#L266</a><= br><a href=3D"https://plugins.trac.wordpress.org/browser/events-listing-wid= get/tags/1.3.4/events-listing-widget.php#L266" target=3D"_blank" rel=3D"noo= pener">https://plugins.trac.wordpress.org/browser/events-listing-widget/tag= s/1.3.4/events-listing-widget.php#L266</a> <a href=3D"https://plugins.tr= ac.wordpress.org/changeset?sfp_email=3D&sfph_mail=3D&reponame=3D&old=3D3451= 446%40events-listing-widget&new=3D3451446%40events-listing-widget&sfp_email= =3D&sfph_mail=3D" target=3D"_blank" rel=3D"noopener">https://plugins.trac.w= ordpress.org/changeset?sfp_email=3D&sfph_mail=3D&reponame=3D&old=3D3451446%= 40events-listing-widget&new=3D3451446%40events-listing-widget&sfp_email=3D&= sfph_mail</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">brechtvds--Dynamic Widget Content</td>
<td>The Dynamic Widget Content plugin for WordPress is vulnerable to Stored=
Cross-Site Scripting via the widget content field in the Gutenberg editor = sidebar in all versions up to, and including, 1.3.6 due to insufficient inp=
ut sanitization and output escaping on user-supplied attributes. This makes=
it possible for authenticated attackers, with Contributor-level access and=
above, to inject arbitrary web scripts in pages that will execute whenever=
a user accesses an injected page.</td>
<td>2026-02-05</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1268" target=3D"= _blank" rel=3D"noopener">CVE-2026-1268</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/5324ca= 6d-37cb-41e4-8355-80ca113f855e?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/5324ca6d-37c= b-41e4-8355-80ca113f855e?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/dynamic-widget-content/tags/1.3.6/helpers/blocks.ph= p#L64" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.or= g/browser/dynamic-widget-content/tags/1.3.6/helpers/blocks.php#L64</a> <=
a href=3D"https://plugins.trac.wordpress.org/browser/dynamic-widget-content= /tags/1.3.6/helpers/blocks.php#L70" target=3D"_blank" rel=3D"noopener">http= s://plugins.trac.wordpress.org/browser/dynamic-widget-content/tags/1.3.6/he= lpers/blocks.php#L70</a> <a href=3D"https://plugins.trac.wordpress.org/c= hangeset?sfp_email=3D&sfph_mail=3D&reponame=3D&old=3D3444655%40dynamic-widg= et-content&new=3D3444655%40dynamic-widget-content&sfp_email=3D&sfph_mail=3D=
" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/cha= ngeset?sfp_email=3D&sfph_mail=3D&reponame=3D&old=3D3444655%40dynamic-widget= -content&new=3D3444655%40dynamic-widget-content&sfp_email=3D&sfph_mail</a><= br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">cyberlord92--Employee Directory Staff Director=
y and Listing</td>
<td>The Employee Directory plugin for WordPress is vulnerable to Stored Cro= ss-Site Scripting via the 'form_title' parameter in the `search_employee_di= rectory` shortcode in all versions up to, and including, 1.2.1 due to insuf= ficient input sanitization and output escaping. This makes it possible for = authenticated attackers, with Contributor-level access and above, to inject=
arbitrary web scripts in pages that will execute whenever a user accesses =
an injected page.</td>
<td>2026-02-06</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1279" target=3D"= _blank" rel=3D"noopener">CVE-2026-1279</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/f0d3b5= 4c-6244-4776-be3c-afe3a28a2b8a?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/f0d3b54c-624= 4-4776-be3c-afe3a28a2b8a?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/employee-staff-directory/trunk/handler/mo-empdir-se= arch_handler.php#L29" target=3D"_blank" rel=3D"noopener">https://plugins.tr= ac.wordpress.org/browser/employee-staff-directory/trunk/handler/mo-empdir-s= earch_handler.php#L29</a> <a href=3D"https://wordpress.org/plugins/emplo= yee-staff-directory" target=3D"_blank" rel=3D"noopener">https://wordpress.o= rg/plugins/employee-staff-directory</a> <a href=3D"https://plugins.trac.= wordpress.org/browser/employee-staff-directory/tags/1.2.1/handler/mo-empdir= -search_handler.php#L29" target=3D"_blank" rel=3D"noopener">https://plugins= .trac.wordpress.org/browser/employee-staff-directory/tags/1.2.1/handler/mo-= empdir-search_handler.php#L29</a> <a href=3D"https://plugins.trac.wordpr= ess.org/changeset?sfp_email=3D&sfph_mail=3D&reponame=3D&old=3D3448620%40emp= loyee-staff-directory&new=3D3448620%40employee-staff-directory" target=3D"_= blank" rel=3D"noopener">https://plugins.trac.wordpress.org/changeset?sfp_em= ail=3D&sfph_mail=3D&reponame=3D&old=3D3448620%40employee-staff-directory&ne= w=3D3448620%40employee-staff-directory</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">yoast--Yoast SEO Advanced SEO with real-time g= uidance and built-in AI</td>
<td>The Yoast SEO - Advanced SEO with real-time guidance and built-in AI pl= ugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the=
`yoast-schema` block attribute in all versions up to, and including, 26.8 = due to insufficient input sanitization and output escaping. This makes it p= ossible for authenticated attackers, with Contributor-level access and abov=
e, to inject arbitrary web scripts in pages that will execute whenever a us=
er accesses an injected page.</td>
<td>2026-02-06</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1293" target=3D"= _blank" rel=3D"noopener">CVE-2026-1293</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/8b2e7c= 2d-ed2f-439b-9cee-f2e5d46121b6?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/8b2e7c2d-ed2= f-439b-9cee-f2e5d46121b6?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/wordpress-seo/tags/26.8/src/presenters/schema-prese= nter.php#L49" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordp= ress.org/browser/wordpress-seo/tags/26.8/src/presenters/schema-presenter.ph= p#L49</a> <a href=3D"https://plugins.trac.wordpress.org/browser/wordpres= s-seo/tags/26.8/inc/class-wpseo-utils.php#L915" target=3D"_blank" rel=3D"no= opener">https://plugins.trac.wordpress.org/browser/wordpress-seo/tags/26.8/= inc/class-wpseo-utils.php#L915</a> <a href=3D"https://plugins.trac.wordp= ress.org/browser/wordpress-seo/tags/26.8/src/generators/schema-generator.ph= p#L188" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.o= rg/browser/wordpress-seo/tags/26.8/src/generators/schema-generator.php#L188= </a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">themeisle--Robin Image Optimizer Unlimited Ima=
ge Optimization & WebP Converter</td>
<td>The Robin Image Optimizer - Unlimited Image Optimization & WebP Con= verter plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi=
a the 'Alternative Text' field of a Media Library image in all versions up = to, and including, 2.0.2 due to insufficient input sanitization and output = escaping. This makes it possible for authenticated attackers, with Author-l= evel access and above, to inject arbitrary web scripts in pages that will e= xecute whenever a user accesses an injected page.</td>
<td>2026-02-05</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1319" target=3D"= _blank" rel=3D"noopener">CVE-2026-1319</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/288cd8= 6b-8d13-46bf-99ef-76698cd62a41?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/288cd86b-8d1= 3-46bf-99ef-76698cd62a41?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/changeset/3445467/robin-image-optimizer/tags/2.0.3/libs/add= ons/includes/classes/webp/vendor/rosell-dk/dom-util-for-webp/src/PictureTag= s.php" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.or= g/changeset/3445467/robin-image-optimizer/tags/2.0.3/libs/addons/includes/c= lasses/webp/vendor/rosell-dk/dom-util-for-webp/src/PictureTags.php</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">jackdewey--Tune Library</td>
<td>The Tune Library plugin for WordPress is vulnerable to Stored Cross-Sit=
e Scripting via CSV import in all versions up to, and including, 1.6.3. Thi=
s is due to insufficient input sanitization and output escaping on user sup= plied attributes. This makes it possible for authenticated attackers, with = Subscriber-level access and above, to inject arbitrary web scripts in pages=
that will execute whenever a user accesses the injected page. The vulnerab= ility exists because the CSV import functionality lacks authorization check=
s and doesn't sanitize imported data, which is later rendered without escap= ing through the [tune-library] shortcode.</td>
<td>2026-02-06</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1401" target=3D"= _blank" rel=3D"noopener">CVE-2026-1401</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/cd6008= 10-b1bc-4025-b441-5c90da7240de?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/cd600810-b1b= c-4025-b441-5c90da7240de?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/tune-library/tags/1.6.3/tune-library.php#L219" targ= et=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/browser/t= une-library/tags/1.6.3/tune-library.php#L219</a> <a href=3D"https://plug= ins.trac.wordpress.org/browser/tune-library/tags/1.6.3/tune-library.php#L23=
5" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/br= owser/tune-library/tags/1.6.3/tune-library.php#L235</a> <a href=3D"https= ://plugins.trac.wordpress.org/browser/tune-library/tags/1.6.3/writeNodes.ph= p#L113" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.o= rg/browser/tune-library/tags/1.6.3/writeNodes.php#L113</a> <a href=3D"ht= tps://plugins.trac.wordpress.org/changeset?sfp_email=3D&sfph_mail=3D&repona= me=3D&old=3D3451457%40tune-library&new=3D3451457%40tune-library&sfp_email= =3D&sfph_mail=3D" target=3D"_blank" rel=3D"noopener">https://plugins.trac.w= ordpress.org/changeset?sfp_email=3D&sfph_mail=3D&reponame=3D&old=3D3451457%= 40tune-library&new=3D3451457%40tune-library&sfp_email=3D&sfph_mail</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">dannycarlton--Simple Bible Verse via Shortcode= </td>
<td>The Simple Bible Verse via Shortcode plugin for WordPress is vulnerable=
to Stored Cross-Site Scripting via the plugin's `verse` shortcode in all v= ersions up to, and including, 1.1 due to insufficient input sanitization an=
d output escaping on user supplied attributes. This makes it possible for a= uthenticated attackers, with contributor-level access and above, to inject = arbitrary web scripts in pages that will execute whenever a user accesses a=
n injected page.</td>
<td>2026-02-07</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1570" target=3D"= _blank" rel=3D"noopener">CVE-2026-1570</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/098b97= 9f-337d-4fbd-bfcc-0e8a281e6982?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/098b979f-337= d-4fbd-bfcc-0e8a281e6982?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/simple-bible-verse-via-shortcode/trunk/index.php#L4=
0" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/br= owser/simple-bible-verse-via-shortcode/trunk/index.php#L40</a> =C2=A0</t=

</tr>

<td class=3D"vendor-product">omi-mexico--OMIGO</td>
<td>The OMIGO plugin for WordPress is vulnerable to Stored Cross-Site Scrip= ting via the plugin's `omigo_donate_button` shortcode in all versions up to=
, and including, 3.3 due to insufficient input sanitization and output esca= ping on user supplied attributes. This makes it possible for authenticated = attackers, with contributor-level access and above, to inject arbitrary web=
scripts in pages that will execute whenever a user accesses an injected pa= ge.</td>
<td>2026-02-07</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1573" target=3D"= _blank" rel=3D"noopener">CVE-2026-1573</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/f2cf46= e6-a732-45c4-ad18-607009d7a586?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/f2cf46e6-a73= 2-45c4-ad18-607009d7a586?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/omigo/trunk/omigo.php?rev=3D2778497#L386" target=3D= "_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/browser/omigo/= trunk/omigo.php?rev=3D2778497#L386</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Foxit Software Inc.--pdfonline.foxit.com</td> <td>Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripti=
ng vulnerability in the file upload feature. A malicious username is embedd=
ed into the upload file list without proper escaping, allowing arbitrary Ja= vaScript execution when the list is displayed. This issue affects pdfonline= .foxit.com: before 2026=E2=80=9102=E2=80=9103.</td>
<td>2026-02-03</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1591" target=3D"= _blank" rel=3D"noopener">CVE-2026-1591</a></td>

<a href=3D"https://www.foxit.com/support/security-bulletins.html" target=3D= "_blank" rel=3D"noopener">https://www.foxit.com/support/security-bulletins.= html</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Foxit Software Inc.--pdfonline.foxit.com</td> <td>Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripti=
ng vulnerability in the Create New Layer feature. Unsanitized user input is=
embedded into the HTML output, allowing arbitrary JavaScript execution whe=
n the layer is referenced. This issue affects pdfonline.foxit.com: before 2= 026=E2=80=9102=E2=80=9103.</td>
<td>2026-02-03</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1592" target=3D"= _blank" rel=3D"noopener">CVE-2026-1592</a></td>

<a href=3D"https://www.foxit.com/support/security-bulletins.html" target=3D= "_blank" rel=3D"noopener">https://www.foxit.com/support/security-bulletins.= html</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">tigor4eg--Video Onclick</td>
<td>The Video Onclick plugin for WordPress is vulnerable to Stored Cross-Si=
te Scripting via the plugin's `youtube` shortcode in all versions up to, an=
d including, 0.4.7 due to insufficient input sanitization and output escapi=
ng on user supplied attributes. This makes it possible for authenticated at= tackers, with contributor-level access and above, to inject arbitrary web s= cripts in pages that will execute whenever a user accesses an injected page= .</td>
<td>2026-02-07</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1608" target=3D"= _blank" rel=3D"noopener">CVE-2026-1608</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/73ddf7= 29-da69-4d0b-866f-34a92ec72800?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/73ddf729-da6= 9-4d0b-866f-34a92ec72800?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/video-onclick/tags/0.4.7/video-onclick.php#L109" ta= rget=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/browser= /video-onclick/tags/0.4.7/video-onclick.php#L109</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">jmrukkers--Wikiloops Track Player</td>
<td>The Wikiloops Track Player plugin for WordPress is vulnerable to Stored=
Cross-Site Scripting via the plugin's `wikiloops` shortcode in all version=
s up to, and including, 1.0.1 due to insufficient input sanitization and ou= tput escaping on user supplied attributes. This makes it possible for authe= nticated attackers, with contributor-level access and above, to inject arbi= trary web scripts in pages that will execute whenever a user accesses an in= jected page.</td>
<td>2026-02-07</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1611" target=3D"= _blank" rel=3D"noopener">CVE-2026-1611</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/cb472b= db-de35-45e4-bcea-04f27d425817?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/cb472bdb-de3= 5-45e4-bcea-04f27d425817?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/wikiloops-track-player/tags/1.0.1/Wikiloops-Track-P= layer.php#L19" target=3D"_blank" rel=3D"noopener">https://plugins.trac.word= press.org/browser/wikiloops-track-player/tags/1.0.1/Wikiloops-Track-Player.= php#L19</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">mrlister1--Wonka Slide</td>
<td>The Wonka Slide plugin for WordPress is vulnerable to Stored Cross-Site=
Scripting via the plugin's `list_class` shortcode in all versions up to, a=
nd including, 1.3.3 due to insufficient input sanitization and output escap= ing on user supplied attributes. This makes it possible for authenticated a= ttackers, with contributor-level access and above, to inject arbitrary web = scripts in pages that will execute whenever a user accesses an injected pag= e.</td>
<td>2026-02-07</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1613" target=3D"= _blank" rel=3D"noopener">CVE-2026-1613</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/f15f02= 11-724d-45b5-bf2f-7482f77c474d?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/f15f0211-724= d-45b5-bf2f-7482f77c474d?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/wonka-slide/trunk/admin/class-wonka-slide-build.php= #L65" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org= /browser/wonka-slide/trunk/admin/class-wonka-slide-build.php#L65</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">alexdtn--Subitem AL Slider</td>
<td>The Subitem AL Slider plugin for WordPress is vulnerable to Reflected C= ross-Site Scripting via the `$_SERVER['PHP_SELF']` parameter in all version=
s up to, and including, 1.0.0 due to insufficient input sanitization and ou= tput escaping. This makes it possible for unauthenticated attackers to inje=
ct arbitrary web scripts in pages that execute if they can successfully tri=
ck a user into performing an action such as clicking on a link.</td> <td>2026-02-07</td>
<td>6.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1634" target=3D"= _blank" rel=3D"noopener">CVE-2026-1634</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/4bfeff= 72-27de-46a9-b947-f60255b5d062?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/4bfeff72-27d= e-46a9-b947-f60255b5d062?source=3Dcve</a> <a href=3D"https://wordpress.o= rg/plugins/subitem-al-slider/" target=3D"_blank" rel=3D"noopener">https://w= ordpress.org/plugins/subitem-al-slider/</a> <a href=3D"https://plugins.t= rac.wordpress.org/browser/subitem-al-slider/trunk/templates/tab1_block1.tpl= #L11" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org= /browser/subitem-al-slider/trunk/templates/tab1_block1.tpl#L11</a> <a hr= ef=3D"https://plugins.trac.wordpress.org/browser/subitem-al-slider/tags/1.0= .0/templates/tab1_block1.tpl#L11" target=3D"_blank" rel=3D"noopener">https:= //plugins.trac.wordpress.org/browser/subitem-al-slider/tags/1.0.0/templates= /tab1_block1.tpl#L11</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">ariagle--MP-Ukagaka</td>
<td>The MP-Ukagaka plugin for WordPress is vulnerable to Reflected Cross-Si=
te Scripting in all versions up to, and including, 1.5.2 due to insufficien=
t input sanitization and output escaping. This makes it possible for unauth= enticated attackers to inject arbitrary web scripts in pages that execute i=
f they can successfully trick a user into performing an action such as clic= king on a link.</td>
<td>2026-02-07</td>
<td>6.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1643" target=3D"= _blank" rel=3D"noopener">CVE-2026-1643</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/14c3b5= 3c-ba98-4e93-ba65-6da11816d7a6?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/14c3b53c-ba9= 8-4e93-ba65-6da11816d7a6?source=3Dcve</a> <a href=3D"https://wordpress.o= rg/plugins/mp-ukagaka/" target=3D"_blank" rel=3D"noopener">https://wordpres= s.org/plugins/mp-ukagaka/</a> <a href=3D"https://plugins.trac.wordpress.= org/browser/mp-ukagaka/trunk/options.php#L160" target=3D"_blank" rel=3D"noo= pener">https://plugins.trac.wordpress.org/browser/mp-ukagaka/trunk/options.= php#L160</a> <a href=3D"https://plugins.trac.wordpress.org/browser/mp-uk= agaka/tags/1.5.2/options.php#L160" target=3D"_blank" rel=3D"noopener">https= ://plugins.trac.wordpress.org/browser/mp-ukagaka/tags/1.5.2/options.php#L16= 0</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">pkthree--Peters Date Countdown</td>
<td>The Peter's Date Countdown plugin for WordPress is vulnerable to Reflec= ted Cross-Site Scripting via the `$_SERVER['PHP_SELF']` parameter in all ve= rsions up to, and including, 2.0.0 due to insufficient input sanitization a=
nd output escaping. This makes it possible for unauthenticated attackers to=
inject arbitrary web scripts in pages that execute if they can successfull=
y trick a user into performing an action such as clicking on a link.</td> <td>2026-02-05</td>
<td>6.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1654" target=3D"= _blank" rel=3D"noopener">CVE-2026-1654</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/f8f8e4= 36-2679-4ecb-831e-2b22dd99be32?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/f8f8e436-267= 9-4ecb-831e-2b22dd99be32?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/peters-date-countdown/tags/2.0.0/datecountdown.php#= L246" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org= /browser/peters-date-countdown/tags/2.0.0/datecountdown.php#L246</a> <a = href=3D"https://plugins.trac.wordpress.org/changeset/3450122/" target=3D"_b= lank" rel=3D"noopener">https://plugins.trac.wordpress.org/changeset/3450122= /</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">EFM--ipTIME A8004T</td>
<td>A vulnerability was determined in EFM ipTIME A8004T 14.18.2. Affected i=
s the function httpcon_check_session_url of the file /sess-bin/d.cgi of the=
component Debug Interface. This manipulation of the argument cmd causes ba= ckdoor. It is possible to initiate the attack remotely. The complexity of a=
n attack is rather high. The exploitability is told to be difficult. The ex= ploit has been publicly disclosed and may be utilized. The vendor was conta= cted early about this disclosure but did not respond in any way.</td> <td>2026-02-02</td>
<td>6.6</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1741" target=3D"= _blank" rel=3D"noopener">CVE-2026-1741</a></td>

<a href=3D"https://vuldb.com/?id.343640" target=3D"_blank" rel=3D"noopener"= >VDB-343640 | EFM ipTIME A8004T Debug d.cgi httpcon_check_session_url backd= oor</a> <a href=3D"https://vuldb.com/?ctiid.343640" target=3D"_blank" re= l=3D"noopener">VDB-343640 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a h= ref=3D"https://vuldb.com/?submit.741423" target=3D"_blank" rel=3D"noopener"= >Submit #741423 | EFM IPTIME A8004T 14.18.2 Command Injection</a> <a hre= f=3D"https://github.com/LX-LX88/cve/issues/28" target=3D"_blank" rel=3D"noo= pener">https://github.com/LX-LX88/cve/issues/28</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">n/a--JeecgBoot</td>
<td>A vulnerability was identified in JeecgBoot 3.9.0. This vulnerability a= ffects unknown code of the file /JeecgBoot/sys/api/loadDictItemByKeyword of=
the component Online Report API. Such manipulation of the argument keyword=
leads to sql injection. The attack can be executed remotely. The exploit i=
s publicly available and might be used. The vendor was contacted early abou=
t this disclosure but did not respond in any way.</td>
<td>2026-02-02</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1746" target=3D"= _blank" rel=3D"noopener">CVE-2026-1746</a></td>

<a href=3D"https://vuldb.com/?id.343677" target=3D"_blank" rel=3D"noopener"= >VDB-343677 | JeecgBoot Online Report API loadDictItemByKeyword sql injecti= on</a> <a href=3D"https://vuldb.com/?ctiid.343677" target=3D"_blank" rel= =3D"noopener">VDB-343677 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a hr= ef=3D"https://vuldb.com/?submit.741647" target=3D"_blank" rel=3D"noopener">= Submit #741647 | Beijing Guoju Information Technology Co., Ltd JeecgBoot 3.= 9.0 SQL Injection</a> <a href=3D"https://www.yuque.com/meizhiyuwai/sks4n= u/clircmda9b8q66lo?singleDoc" target=3D"_blank" rel=3D"noopener">https://ww= w.yuque.com/meizhiyuwai/sks4nu/clircmda9b8q66lo?singleDoc</a> =C2=A0</td=

</tr>

<td class=3D"vendor-product">themeisle--Menu Icons by ThemeIsle</td>
<td>The Menu Icons by ThemeIsle plugin for WordPress is vulnerable to Store=
d Cross-Site Scripting via the '_wp_attachment_image_alt' post meta in all = versions up to, and including, 0.13.20 due to insufficient input sanitizati=
on and output escaping. This makes it possible for authenticated attackers,=
with Author-level access and above, to inject arbitrary web scripts in pag=
es that will execute whenever a user accesses an injected page.</td> <td>2026-02-03</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1755" target=3D"= _blank" rel=3D"noopener">CVE-2026-1755</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/30bfa6= 16-c7f3-4ff0-85b3-468debc8a73e?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/30bfa616-c7f= 3-4ff0-85b3-468debc8a73e?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/menu-icons/tags/0.13.20/includes/front.php#L497" ta= rget=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/browser= /menu-icons/tags/0.13.20/includes/front.php#L497</a> <a href=3D"https://= plugins.trac.wordpress.org/changeset/3452685/menu-icons" target=3D"_blank" = rel=3D"noopener">https://plugins.trac.wordpress.org/changeset/3452685/menu-= icons</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Red Hat--Red Hat Enterprise Linux 10</td>
<td>A flaw was identified in the interactive shell of the xmllint utility, = part of the libxml2 project, where memory allocated for user input is not p= roperly released under certain conditions. When a user submits input consis= ting only of whitespace, the program skips command execution but fails to f= ree the allocated buffer. Repeating this action causes memory to continuous=
ly accumulate. Over time, this can exhaust system memory and terminate the = xmllint process, creating a denial-of-service condition on the local system= .</td>
<td>2026-02-02</td>
<td>6.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1757" target=3D"= _blank" rel=3D"noopener">CVE-2026-1757</a></td>

<a href=3D"https://access.redhat.com/security/cve/CVE-2026-1757" target=3D"= _blank" rel=3D"noopener">https://access.redhat.com/security/cve/CVE-2026-17= 57</a> <a href=3D"https://bugzilla.redhat.com/show_bug.cgi?id=3D2435940"=
target=3D"_blank" rel=3D"noopener">RHBZ#2435940</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">ravanh--Orange Comfort+ accessibility toolbar = for WordPress</td>
<td>The Orange Confort+ accessibility toolbar for WordPress plugin for Word= Press is vulnerable to Stored Cross-Site Scripting via the 'style' paramete=
r of the ocplus_button shortcode in all versions up to, and including, 0.7 = due to insufficient input sanitization and output escaping. This makes it p= ossible for authenticated attackers, with Contributor-level access and abov=
e, to inject arbitrary web scripts in pages that will execute whenever a us=
er accesses an injected page.</td>
<td>2026-02-06</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1808" target=3D"= _blank" rel=3D"noopener">CVE-2026-1808</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/89cb81= c3-25d7-4a4e-beed-558ea8ce721d?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/89cb81c3-25d= 7-4a4e-beed-558ea8ce721d?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/orange-confort-plus/trunk/inc/class-shortcode.php#L= 50" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/b= rowser/orange-confort-plus/trunk/inc/class-shortcode.php#L50</a> <a href= =3D"https://plugins.trac.wordpress.org/browser/orange-confort-plus/tags/0.7= /inc/class-shortcode.php#L50" target=3D"_blank" rel=3D"noopener">https://pl= ugins.trac.wordpress.org/browser/orange-confort-plus/tags/0.7/inc/class-sho= rtcode.php#L50</a> <a href=3D"https://plugins.trac.wordpress.org/changes= et?sfp_email=3D&sfph_mail=3D&reponame=3D&old=3D3453313%40orange-confort-plu= s&new=3D3453313%40orange-confort-plus&sfp_email=3D&sfph_mail=3D" target=3D"= _blank" rel=3D"noopener">https://plugins.trac.wordpress.org/changeset?sfp_e= mail=3D&sfph_mail=3D&reponame=3D&old=3D3453313%40orange-confort-plus&new=3D= 3453313%40orange-confort-plus&sfp_email=3D&sfph_mail</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">bolo-blog--bolo-solo</td>
<td>A vulnerability was detected in bolo-blog bolo-solo up to 2.6.4. The im= pacted element is the function unpackFilteredZip of the file src/main/java/= org/b3log/solo/bolo/prop/BackupService.java of the component ZIP File Handl= er. Performing a manipulation of the argument File results in path traversa=
l. The attack is possible to be carried out remotely. The exploit is now pu= blic and may be used. The project was informed of the problem early through=
an issue report but has not responded yet.</td>
<td>2026-02-03</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1810" target=3D"= _blank" rel=3D"noopener">CVE-2026-1810</a></td>

<a href=3D"https://vuldb.com/?id.343978" target=3D"_blank" rel=3D"noopener"= >VDB-343978 | bolo-blog bolo-solo ZIP File BackupService.java unpackFiltere= dZip path traversal</a> <a href=3D"https://vuldb.com/?ctiid.343978" targ= et=3D"_blank" rel=3D"noopener">VDB-343978 | CTI Indicators (IOB, IOC, TTP, = IOA)</a> <a href=3D"https://vuldb.com/?submit.742422" target=3D"_blank" = rel=3D"noopener">Submit #742422 | https://github.com/bolo-blog/bolo-solo/ b= olo-solo V2.6.4 Write any file</a> <a href=3D"https://github.com/bolo-bl= og/bolo-solo/issues/326" target=3D"_blank" rel=3D"noopener">https://github.= com/bolo-blog/bolo-solo/issues/326</a> <a href=3D"https://github.com/bol= o-blog/bolo-solo/" target=3D"_blank" rel=3D"noopener">https://github.com/bo= lo-blog/bolo-solo/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">bolo-blog--bolo-solo</td>
<td>A flaw has been found in bolo-blog bolo-solo up to 2.6.4. This affects = the function importFromMarkdown of the file src/main/java/org/b3log/solo/bo= lo/prop/BackupService.java of the component Filename Handler. Executing a m= anipulation of the argument File can lead to path traversal. The attack may=
be performed from remote. The exploit has been published and may be used. = The project was informed of the problem early through an issue report but h=
as not responded yet.</td>
<td>2026-02-03</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1811" target=3D"= _blank" rel=3D"noopener">CVE-2026-1811</a></td>

<a href=3D"https://vuldb.com/?id.343979" target=3D"_blank" rel=3D"noopener"= >VDB-343979 | bolo-blog bolo-solo Filename BackupService.java importFromMar= kdown path traversal</a> <a href=3D"https://vuldb.com/?ctiid.343979" tar= get=3D"_blank" rel=3D"noopener">VDB-343979 | CTI Indicators (IOB, IOC, TTP,=
IOA)</a> <a href=3D"https://vuldb.com/?submit.742437" target=3D"_blank"=
rel=3D"noopener">Submit #742437 | https://github.com/bolo-blog/bolo-solo b= olo-solo V2.6.4 Arbitrary File Write and Remote Code Execution</a> <a hr= ef=3D"https://github.com/bolo-blog/bolo-solo/issues/327" target=3D"_blank" = rel=3D"noopener">https://github.com/bolo-blog/bolo-solo/issues/327</a> <=
a href=3D"https://github.com/bolo-blog/bolo-solo/" target=3D"_blank" rel=3D= "noopener">https://github.com/bolo-blog/bolo-solo/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">bolo-blog--bolo-solo</td>
<td>A vulnerability has been found in bolo-blog bolo-solo up to 2.6.4. This=
impacts the function importFromCnblogs of the file src/main/java/org/b3log= /solo/bolo/prop/BackupService.java of the component Filename Handler. The m= anipulation of the argument File leads to path traversal. It is possible to=
initiate the attack remotely. The exploit has been disclosed to the public=
and may be used. The project was informed of the problem early through an = issue report but has not responded yet.</td>
<td>2026-02-03</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1812" target=3D"= _blank" rel=3D"noopener">CVE-2026-1812</a></td>

<a href=3D"https://vuldb.com/?id.343980" target=3D"_blank" rel=3D"noopener"= >VDB-343980 | bolo-blog bolo-solo Filename BackupService.java importFromCnb= logs path traversal</a> <a href=3D"https://vuldb.com/?ctiid.343980" targ= et=3D"_blank" rel=3D"noopener">VDB-343980 | CTI Indicators (IOB, IOC, TTP, = IOA)</a> <a href=3D"https://vuldb.com/?submit.742582" target=3D"_blank" = rel=3D"noopener">Submit #742582 | https://github.com/bolo-blog/bolo-solo bo= lo-solo V2.6.4 Arbitrary file write</a> <a href=3D"https://github.com/bo= lo-blog/bolo-solo/issues/328" target=3D"_blank" rel=3D"noopener">https://gi= thub.com/bolo-blog/bolo-solo/issues/328</a> <a href=3D"https://github.co= m/bolo-blog/bolo-solo/" target=3D"_blank" rel=3D"noopener">https://github.c= om/bolo-blog/bolo-solo/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">bolo-blog--bolo-solo</td>
<td>A vulnerability was found in bolo-blog bolo-solo up to 2.6.4. Affected =
is an unknown function of the file src/main/java/org/b3log/solo/bolo/pic/Pi= cUploadProcessor.java of the component FreeMarker Template Handler. The man= ipulation of the argument File results in unrestricted upload. It is possib=
le to launch the attack remotely. The exploit has been made public and coul=
d be used. The project was informed of the problem early through an issue r= eport but has not responded yet.</td>
<td>2026-02-03</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1813" target=3D"= _blank" rel=3D"noopener">CVE-2026-1813</a></td>

<a href=3D"https://vuldb.com/?id.343981" target=3D"_blank" rel=3D"noopener"= >VDB-343981 | bolo-blog bolo-solo FreeMarker Template PicUploadProcessor.ja=
va unrestricted upload</a> <a href=3D"https://vuldb.com/?ctiid.343981" t= arget=3D"_blank" rel=3D"noopener">VDB-343981 | CTI Indicators (IOB, IOC, TT=
P, IOA)</a> <a href=3D"https://vuldb.com/?submit.743402" target=3D"_blan=
k" rel=3D"noopener">Submit #743402 | https://github.com/bolo-blog/bolo-solo=
bolo-solo V2.6.4 Arbitrary File Write and RCE</a> <a href=3D"https://gi= thub.com/bolo-blog/bolo-solo/issues/329" target=3D"_blank" rel=3D"noopener"= >https://github.com/bolo-blog/bolo-solo/issues/329</a> <a href=3D"https:= //github.com/bolo-blog/bolo-solo/" target=3D"_blank" rel=3D"noopener">https= ://github.com/bolo-blog/bolo-solo/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">htplugins--Docus YouTube Video Playlist</td> <td>The Docus - YouTube Video Playlist plugin for WordPress is vulnerable t=
o Stored Cross-Site Scripting via the 'docusplaylist' shortcode in all vers= ions up to, and including, 1.0.6 due to insufficient input sanitization and=
output escaping on user supplied attributes. This makes it possible for au= thenticated attackers, with Contributor-level access and above, to inject a= rbitrary web scripts in pages that will execute whenever a user accesses an=
injected page.</td>
<td>2026-02-06</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1888" target=3D"= _blank" rel=3D"noopener">CVE-2026-1888</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/16c6fe= c8-81ec-477a-9942-10fd3adb8fa4?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/16c6fec8-81e= c-477a-9942-10fd3adb8fa4?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/docus/trunk/includes/class.shortcode.php#L55" targe= t=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/browser/do= cus/trunk/includes/class.shortcode.php#L55</a> <a href=3D"https://plugin= s.trac.wordpress.org/browser/docus/tags/1.0.6/includes/class.shortcode.php#= L55" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/= browser/docus/tags/1.0.6/includes/class.shortcode.php#L55</a> <a href=3D= "https://plugins.trac.wordpress.org/changeset?sfp_email=3D&sfph_mail=3D&rep= oname=3D&old=3D3454510%40docus&new=3D3454510%40docus&sfp_email=3D&sfph_mail= =3D" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/= changeset?sfp_email=3D&sfph_mail=3D&reponame=3D&old=3D3454510%40docus&new= =3D3454510%40docus&sfp_email=3D&sfph_mail</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">n/a--WeKan</td>
<td>A vulnerability was detected in WeKan up to 8.20. This impacts an unkno=
wn function of the file models/checklistItems.js of the component REST API.=
Performing a manipulation of the argument item.cardId/item.checklistId/car= d.boardId results in improper authorization. Remote exploitation of the att= ack is possible. Upgrading to version 8.21 will fix this issue. The patch i=
s named 251d49eea94834cf351bb395808f4a56fb4dbb44. Upgrading the affected co= mponent is recommended.</td>
<td>2026-02-04</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1894" target=3D"= _blank" rel=3D"noopener">CVE-2026-1894</a></td>

<a href=3D"https://vuldb.com/?id.344266" target=3D"_blank" rel=3D"noopener"= >VDB-344266 | WeKan REST API checklistItems.js Checklist REST Bleed imprope=
r authorization</a> <a href=3D"https://vuldb.com/?ctiid.344266" target= =3D"_blank" rel=3D"noopener">VDB-344266 | CTI Indicators (IOB, IOC, TTP, IO= A)</a> <a href=3D"https://vuldb.com/?submit.742663" target=3D"_blank" re= l=3D"noopener">Submit #742663 | Wekan <8.21 IDOR via REST API / improper=
object relationship validation</a> <a href=3D"https://github.com/wekan/= wekan/commit/251d49eea94834cf351bb395808f4a56fb4dbb44" target=3D"_blank" re= l=3D"noopener">https://github.com/wekan/wekan/commit/251d49eea94834cf351bb3= 95808f4a56fb4dbb44</a> <a href=3D"https://github.com/wekan/wekan/release= s/tag/v8.21" target=3D"_blank" rel=3D"noopener">https://github.com/wekan/we= kan/releases/tag/v8.21</a> <a href=3D"https://github.com/wekan/wekan/" t= arget=3D"_blank" rel=3D"noopener">https://github.com/wekan/wekan/</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">n/a--WeKan</td>
<td>A flaw has been found in WeKan up to 8.20. Affected is the function app= lyWipLimit of the file models/lists.js of the component Attachment Storage = Handler. Executing a manipulation can lead to improper access controls. The=
attack can be executed remotely. Upgrading to version 8.21 is able to addr= ess this issue. This patch is called 8c0b4f79d8582932528ec2fdf2a4487c86770f= b9. It is recommended to upgrade the affected component.</td> <td>2026-02-04</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1895" target=3D"= _blank" rel=3D"noopener">CVE-2026-1895</a></td>

<a href=3D"https://vuldb.com/?id.344267" target=3D"_blank" rel=3D"noopener"= >VDB-344267 | WeKan Attachment Storage lists.js applyWipLimit ListWIPBleed = access control</a> <a href=3D"https://vuldb.com/?ctiid.344267" target=3D= "_blank" rel=3D"noopener">VDB-344267 | CTI Indicators (IOB, IOC, TTP, IOA)<= /a> <a href=3D"https://vuldb.com/?submit.742666" target=3D"_blank" rel= =3D"noopener">Submit #742666 | Wekan <8.21 Improper access control (CWE-= 284)</a> <a href=3D"https://github.com/wekan/wekan/commit/8c0b4f79d85829= 32528ec2fdf2a4487c86770fb9" target=3D"_blank" rel=3D"noopener">https://gith= ub.com/wekan/wekan/commit/8c0b4f79d8582932528ec2fdf2a4487c86770fb9</a> <=
a href=3D"https://github.com/wekan/wekan/releases/tag/v8.21" target=3D"_bla= nk" rel=3D"noopener">https://github.com/wekan/wekan/releases/tag/v8.21</a><= br><a href=3D"https://github.com/wekan/wekan/" target=3D"_blank" rel=3D"noo= pener">https://github.com/wekan/wekan/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">n/a--WeKan</td>
<td>A vulnerability has been found in WeKan up to 8.20. Affected by this vu= lnerability is the function ComprehensiveBoardMigration of the file server/= migrations/comprehensiveBoardMigration.js of the component Migration Operat= ion Handler. The manipulation of the argument boardId leads to improper acc= ess controls. The attack is possible to be carried out remotely. Upgrading =
to version 8.21 addresses this issue. The identifier of the patch is cc35da= fef57ef6e44a514a523f9a8d891e74ad8f. Upgrading the affected component is adv= ised.</td>
<td>2026-02-04</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1896" target=3D"= _blank" rel=3D"noopener">CVE-2026-1896</a></td>

<a href=3D"https://vuldb.com/?id.344268" target=3D"_blank" rel=3D"noopener"= >VDB-344268 | WeKan Migration Operation comprehensiveBoardMigration.js Comp= rehensiveBoardMigration MigrationBleed access control</a> <a href=3D"htt= ps://vuldb.com/?ctiid.344268" target=3D"_blank" rel=3D"noopener">VDB-344268=
| CTI Indicators (IOB, IOC, TTP, IOA)</a> <a href=3D"https://vuldb.com/= ?submit.742670" target=3D"_blank" rel=3D"noopener">Submit #742670 | Wekan &= lt;8.21 Improper access control on administrative migration methods (CWE</a= > <a href=3D"https://github.com/wekan/wekan/commit/cc35dafef57ef6e44a514= a523f9a8d891e74ad8f" target=3D"_blank" rel=3D"noopener">https://github.com/= wekan/wekan/commit/cc35dafef57ef6e44a514a523f9a8d891e74ad8f</a> <a href= =3D"https://github.com/wekan/wekan/releases/tag/v8.21" target=3D"_blank" re= l=3D"noopener">https://github.com/wekan/wekan/releases/tag/v8.21</a> <a = href=3D"https://github.com/wekan/wekan/" target=3D"_blank" rel=3D"noopener"= >https://github.com/wekan/wekan/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">n/a--WeKan</td>
<td>A vulnerability was determined in WeKan up to 8.20. This affects an unk= nown part of the file packages/wekan-ldap/server/syncUser.js of the compone=
nt LDAP User Sync. This manipulation causes improper access controls. It is=
possible to initiate the attack remotely. Upgrading to version 8.21 is abl=
e to mitigate this issue. Patch name: 146905a459106b5d00b4f09453a6554255e69= 65a. You should upgrade the affected component.</td>
<td>2026-02-05</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1898" target=3D"= _blank" rel=3D"noopener">CVE-2026-1898</a></td>

<a href=3D"https://vuldb.com/?id.344270" target=3D"_blank" rel=3D"noopener"= >VDB-344270 | WeKan LDAP User Sync syncUser.js SyncLDAPBleed access control= </a> <a href=3D"https://vuldb.com/?ctiid.344270" target=3D"_blank" rel= =3D"noopener">VDB-344270 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a hr= ef=3D"https://vuldb.com/?submit.742676" target=3D"_blank" rel=3D"noopener">= Submit #742676 | Wekan <8.21 Missing authorization on admin function (CW= E-284)</a> <a href=3D"https://github.com/wekan/wekan/commit/146905a45910= 6b5d00b4f09453a6554255e6965a" target=3D"_blank" rel=3D"noopener">https://gi= thub.com/wekan/wekan/commit/146905a459106b5d00b4f09453a6554255e6965a</a><br= ><a href=3D"https://github.com/wekan/wekan/releases/tag/v8.21" target=3D"_b= lank" rel=3D"noopener">https://github.com/wekan/wekan/releases/tag/v8.21</a= > <a href=3D"https://github.com/wekan/wekan/" target=3D"_blank" rel=3D"n= oopener">https://github.com/wekan/wekan/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">x-raym--WaveSurfer-WP</td>
<td>The WaveSurfer-WP plugin for WordPress is vulnerable to Stored Cross-Si=
te Scripting via the plugin's audio shortcode in all versions up to, and in= cluding, 2.8.3 due to insufficient input sanitization and output escaping o=
n the 'src' attribute. This makes it possible for authenticated attackers, = with Contributor-level access and above, to inject arbitrary web scripts in=
pages that will execute whenever a user accesses an injected page.</td> <td>2026-02-06</td>
<td>6.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1909" target=3D"= _blank" rel=3D"noopener">CVE-2026-1909</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/b50746= 2d-1ce2-4463-93bf-635ee78274f6?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/b507462d-1ce= 2-4463-93bf-635ee78274f6?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/wavesurfer-wp/trunk/wavesurfer-wp.php#L739" target= =3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/browser/wav= esurfer-wp/trunk/wavesurfer-wp.php#L739</a> <a href=3D"https://plugins.t= rac.wordpress.org/browser/wavesurfer-wp/tags/2.8.3/wavesurfer-wp.php#L739" = target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/brows= er/wavesurfer-wp/tags/2.8.3/wavesurfer-wp.php#L739</a> <a href=3D"https:= //plugins.trac.wordpress.org/changeset?sfp_email=3D&sfph_mail=3D&reponame= =3D&old=3D3454006%40wavesurfer-wp&new=3D3454006%40wavesurfer-wp&sfp_email= =3D&sfph_mail=3D" target=3D"_blank" rel=3D"noopener">https://plugins.trac.w= ordpress.org/changeset?sfp_email=3D&sfph_mail=3D&reponame=3D&old=3D3454006%= 40wavesurfer-wp&new=3D3454006%40wavesurfer-wp&sfp_email=3D&sfph_mail</a><br= >=C2=A0</td>
</tr>

<td class=3D"vendor-product">n/a--WeKan</td>
<td>A vulnerability has been found in WeKan up to 8.20. The impacted elemen=
t is an unknown function of the file server/attachmentMigration.js of the c= omponent Attachment Migration. The manipulation leads to improper access co= ntrols. The attack may be initiated remotely. Upgrading to version 8.21 is = sufficient to resolve this issue. The identifier of the patch is 053bf1dfb7= 6ef230db162c64a6ed50ebedf67eee. It is recommended to upgrade the affected c= omponent.</td>
<td>2026-02-05</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1962" target=3D"= _blank" rel=3D"noopener">CVE-2026-1962</a></td>

<a href=3D"https://vuldb.com/?id.344484" target=3D"_blank" rel=3D"noopener"= >VDB-344484 | WeKan Attachment Migration attachmentMigration.js AttachmentM= igrationBleed access control</a> <a href=3D"https://vuldb.com/?ctiid.344= 484" target=3D"_blank" rel=3D"noopener">VDB-344484 | CTI Indicators (IOB, I= OC, TTP, IOA)</a> <a href=3D"https://vuldb.com/?submit.742677" target=3D= "_blank" rel=3D"noopener">Submit #742677 | Wekan <8.21 Improper access c= ontrol on migration endpoints (CWE-284)</a> <a href=3D"https://github.co= m/wekan/wekan/commit/053bf1dfb76ef230db162c64a6ed50ebedf67eee" target=3D"_b= lank" rel=3D"noopener">https://github.com/wekan/wekan/commit/053bf1dfb76ef2= 30db162c64a6ed50ebedf67eee</a> <a href=3D"https://github.com/wekan/wekan= /releases/tag/v8.21" target=3D"_blank" rel=3D"noopener">https://github.com/= wekan/wekan/releases/tag/v8.21</a> <a href=3D"https://github.com/wekan/w= ekan/" target=3D"_blank" rel=3D"noopener">https://github.com/wekan/wekan/</= a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">n/a--WeKan</td>
<td>A vulnerability was found in WeKan up to 8.20. This affects an unknown = function of the file models/attachments.js of the component Attachment Stor= age. The manipulation results in improper access controls. The attack may b=
e launched remotely. Upgrading to version 8.21 mitigates this issue. The pa= tch is identified as c413a7e860bc4d93fe2adcf82516228570bf382d. Upgrading th=
e affected component is advised.</td>
<td>2026-02-05</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1963" target=3D"= _blank" rel=3D"noopener">CVE-2026-1963</a></td>

<a href=3D"https://vuldb.com/?id.344485" target=3D"_blank" rel=3D"noopener"= >VDB-344485 | WeKan Attachment Storage attachments.js MoveStorageBleed acce=
ss control</a> <a href=3D"https://vuldb.com/?ctiid.344485" target=3D"_bl= ank" rel=3D"noopener">VDB-344485 | CTI Indicators (IOB, IOC, TTP, IOA)</a><= br><a href=3D"https://vuldb.com/?submit.742678" target=3D"_blank" rel=3D"no= opener">Submit #742678 | Wekan <8.21 Improper access control (CWE-284)</= a> <a href=3D"https://github.com/wekan/wekan/commit/c413a7e860bc4d93fe2a= dcf82516228570bf382d" target=3D"_blank" rel=3D"noopener">https://github.com= /wekan/wekan/commit/c413a7e860bc4d93fe2adcf82516228570bf382d</a> <a href= =3D"https://github.com/wekan/wekan/releases/tag/v8.21" target=3D"_blank" re= l=3D"noopener">https://github.com/wekan/wekan/releases/tag/v8.21</a> <a = href=3D"https://github.com/wekan/wekan/" target=3D"_blank" rel=3D"noopener"= >https://github.com/wekan/wekan/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">isaacwasserman--mcp-vegalite-server</td>
<td>A security vulnerability has been detected in isaacwasserman mcp-vegali= te-server up to 16aefed598b8cd897b78e99b907f6e2984572c61. Affected by this = vulnerability is the function eval of the component visualize_data. Such ma= nipulation of the argument vegalite_specification leads to code injection. = The attack may be performed from remote. The exploit has been disclosed pub= licly and may be used. This product utilizes a rolling release system for c= ontinuous delivery, and as such, version information for affected or update=
d releases is not disclosed. The project was informed of the problem early = through an issue report but has not responded yet.</td>
<td>2026-02-06</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1977" target=3D"= _blank" rel=3D"noopener">CVE-2026-1977</a></td>

<a href=3D"https://vuldb.com/?id.344499" target=3D"_blank" rel=3D"noopener"= >VDB-344499 | isaacwasserman mcp-vegalite-server visualize_data eval code i= njection</a> <a href=3D"https://vuldb.com/?ctiid.344499" target=3D"_blan=
k" rel=3D"noopener">VDB-344499 | CTI Indicators (IOB, IOC, TTP, IOA)</a><br= ><a href=3D"https://vuldb.com/?submit.743246" target=3D"_blank" rel=3D"noop= ener">Submit #743246 | GitHub mcp-vegalite-server master Code Injection</a>= <a href=3D"https://github.com/isaacwasserman/mcp-vegalite-server/issues= /9" target=3D"_blank" rel=3D"noopener">https://github.com/isaacwasserman/mc= p-vegalite-server/issues/9</a> <a href=3D"https://github.com/isaacwasser= man/mcp-vegalite-server/" target=3D"_blank" rel=3D"noopener">https://github= .com/isaacwasserman/mcp-vegalite-server/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">abhiphile--fermat-mcp</td>
<td>A vulnerability was detected in abhiphile fermat-mcp up to 47f11def1cd3= 7e45dd060f30cdce346cbdbd6f0a. This vulnerability affects the function eqn_c= hart of the file fmcp/mpl_mcp/core/eqn_chart.py. Performing a manipulation =
of the argument equations results in code injection. It is possible to init= iate the attack remotely. The exploit is now public and may be used. This p= roduct is using a rolling release to provide continious delivery. Therefore=
, no version details for affected nor updated releases are available. The p= roject was informed of the problem early through an issue report but has no=
t responded yet.</td>
<td>2026-02-06</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2008" target=3D"= _blank" rel=3D"noopener">CVE-2026-2008</a></td>

<a href=3D"https://vuldb.com/?id.344590" target=3D"_blank" rel=3D"noopener"= >VDB-344590 | abhiphile fermat-mcp eqn_chart.py eqn_chart code injection</a= > <a href=3D"https://vuldb.com/?ctiid.344590" target=3D"_blank" rel=3D"n= oopener">VDB-344590 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a href=3D= "https://vuldb.com/?submit.743458" target=3D"_blank" rel=3D"noopener">Submi=
t #743458 | GitHub fermat-mcp master Code Injection</a> <a href=3D"https= ://github.com/abhiphile/fermat-mcp/issues/9" target=3D"_blank" rel=3D"noope= ner">https://github.com/abhiphile/fermat-mcp/issues/9</a> <a href=3D"htt= ps://github.com/abhiphile/fermat-mcp/issues/9#issue-3837794397" target=3D"_= blank" rel=3D"noopener">https://github.com/abhiphile/fermat-mcp/issues/9#is= sue-3837794397</a> <a href=3D"https://github.com/abhiphile/fermat-mcp/" = target=3D"_blank" rel=3D"noopener">https://github.com/abhiphile/fermat-mcp/= </a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">SourceCodester--Gas Agency Management System</=

<td>A flaw has been found in SourceCodester Gas Agency Management System 1.=
0. This issue affects some unknown processing of the file /gasmark/php_acti= on/createUser.php. Executing a manipulation can lead to improper access con= trols. It is possible to launch the attack remotely. The exploit has been p= ublished and may be used.</td>
<td>2026-02-06</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2009" target=3D"= _blank" rel=3D"noopener">CVE-2026-2009</a></td>

<a href=3D"https://vuldb.com/?id.344591" target=3D"_blank" rel=3D"noopener"= >VDB-344591 | SourceCodester Gas Agency Management System createUser.php ac= cess control</a> <a href=3D"https://vuldb.com/?ctiid.344591" target=3D"_= blank" rel=3D"noopener">VDB-344591 | CTI Indicators (IOB, IOC, TTP, IOA)</a= > <a href=3D"https://vuldb.com/?submit.743459" target=3D"_blank" rel=3D"= noopener">Submit #743459 | SourceCodester Gas Agency Management System 1.0 = Improper Access Controls</a> <a href=3D"https://github.com/Asim-QAZi/Imp= roper-Access-Control-in-SourceCodester-Gas-Agency-Management-System" target= =3D"_blank" rel=3D"noopener">https://github.com/Asim-QAZi/Improper-Access-C= ontrol-in-SourceCodester-Gas-Agency-Management-System</a> <a href=3D"htt= ps://www.sourcecodester.com/" target=3D"_blank" rel=3D"noopener">https://ww= w.sourcecodester.com/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Portabilis--i-Educar</td>
<td>A weakness has been identified in Portabilis i-Educar up to 2.10. Affec= ted is an unknown function of the file FinalStatusImportService.php of the = component Final Status Import. Executing a manipulation of the argument sch= ool_id can lead to improper authorization. The attack can be executed remot= ely. The exploit has been made available to the public and could be used fo=
r attacks. The vendor was contacted early about this disclosure but did not=
respond in any way.</td>
<td>2026-02-06</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2015" target=3D"= _blank" rel=3D"noopener">CVE-2026-2015</a></td>

<a href=3D"https://vuldb.com/?id.344597" target=3D"_blank" rel=3D"noopener"= >VDB-344597 | Portabilis i-Educar Final Status Import FinalStatusImportServ= ice.php improper authorization</a> <a href=3D"https://vuldb.com/?ctiid.3= 44597" target=3D"_blank" rel=3D"noopener">VDB-344597 | CTI Indicators (IOB,=
IOC, TTP, IOA)</a> <a href=3D"https://vuldb.com/?submit.743760" target= =3D"_blank" rel=3D"noopener">Submit #743760 | Portabilis i-Educar 2.0 2.1 2=
.2 2.3 2.4 2.5 2.6 2.7 2.8 2.9 2.10 Improper Authorization</a> <a href= =3D"https://github.com/ViniCastro2001/Security_Reports/tree/main/i-educar/B= FLA-Final-Status-Import" target=3D"_blank" rel=3D"noopener">https://github.= com/ViniCastro2001/Security_Reports/tree/main/i-educar/BFLA-Final-Status-Im= port</a> <a href=3D"https://github.com/ViniCastro2001/Security_Reports/t= ree/main/i-educar/BFLA-Final-Status-Import#proof-of-concept-poc" target=3D"= _blank" rel=3D"noopener">https://github.com/ViniCastro2001/Security_Reports= /tree/main/i-educar/BFLA-Final-Status-Import#proof-of-concept-poc</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">Flycatcher Toys--smART Pixelator</td>
<td>A security flaw has been discovered in Flycatcher Toys smART Pixelator = 2.0. Affected by this issue is some unknown functionality of the component = Bluetooth Low Energy Interface. Performing a manipulation results in missin=
g authentication. The attack can only be performed from the local network. = The exploit has been released to the public and may be used for attacks. Th=
e vendor was contacted early about this disclosure but did not respond in a=
ny way.</td>
<td>2026-02-06</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2065" target=3D"= _blank" rel=3D"noopener">CVE-2026-2065</a></td>

<a href=3D"https://vuldb.com/?id.344632" target=3D"_blank" rel=3D"noopener"= >VDB-344632 | Flycatcher Toys smART Pixelator Bluetooth Low Energy missing = authentication</a> <a href=3D"https://vuldb.com/?ctiid.344632" target=3D= "_blank" rel=3D"noopener">VDB-344632 | CTI Indicators (IOB, IOC)</a> <a = href=3D"https://vuldb.com/?submit.745129" target=3D"_blank" rel=3D"noopener= ">Submit #745129 | Flycatcher Toys smART Pixelator 2.0 2.0 Missing Authenti= cation</a> <a href=3D"https://github.com/davidrxchester/smart-pixelator-= upload" target=3D"_blank" rel=3D"noopener">https://github.com/davidrxcheste= r/smart-pixelator-upload</a> <a href=3D"https://github.com/davidrxcheste= r/smart-pixelator-upload/blob/main/poc.py" target=3D"_blank" rel=3D"noopene= r">https://github.com/davidrxchester/smart-pixelator-upload/blob/main/poc.p= y</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">n/a--O2OA</td>
<td>A vulnerability was identified in O2OA up to 9.0.0. This impacts an unk= nown function of the file /x_program_center/jaxrs/mpweixin/check of the com= ponent HTTP POST Request Handler. The manipulation leads to xml external en= tity reference. It is possible to initiate the attack remotely. The exploit=
is publicly available and might be used. The vendor was contacted early ab= out this disclosure but did not respond in any way.</td>
<td>2026-02-07</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2074" target=3D"= _blank" rel=3D"noopener">CVE-2026-2074</a></td>

<a href=3D"https://vuldb.com/?id.344640" target=3D"_blank" rel=3D"noopener"= >VDB-344640 | O2OA HTTP POST Request check xml external entity reference</a= > <a href=3D"https://vuldb.com/?ctiid.344640" target=3D"_blank" rel=3D"n= oopener">VDB-344640 | CTI Indicators (IOB, IOC, IOA)</a> <a href=3D"http= s://vuldb.com/?submit.745486" target=3D"_blank" rel=3D"noopener">Submit #74= 5486 | =E6=B5=99=E6=B1=9F=E5=85=B0=E5=BE=B7=E7=BA=B5=E6=A8=AA=E7=BD=91=E7= =BB=9C=E6=8A=80=E6=9C=AF=E8=82=A1=E4=BB=BD=E6=9C=89=E9=99=90=E5=85=AC=E5=8F= =B8 O2OA v6.1.0 =E8=87=B3 v9.0.0 XML=E5=AE=9E=E4=BD=93=E6=B3=A8=E5=85=A5=E6= =BC=8F=E6=B4=9E</a> <a href=3D"https://vuldb.com/?submit.745489" target= =3D"_blank" rel=3D"noopener">Submit #745489 | O2OA=E5=BC=80=E5=8F=91=E5=B9= =B3=E5=8F=B0 O2OA v6.1.0 =E8=87=B3 v9.0.0 XML=E5=AE=9E=E4=BD=93=E6=B3=A8=E5= =85=A5=E6=BC=8F=E6=B4=9E (Duplicate)</a> <a href=3D"https://github.com/S= ourByte05/SourByte-Lab/issues/7" target=3D"_blank" rel=3D"noopener">https:/= /github.com/SourByte05/SourByte-Lab/issues/7</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">yeqifu--warehouse</td>
<td>A security flaw has been discovered in yeqifu warehouse up to aaf29962b= a407d22d991781de28796ee7b4670e4. Affected is the function saveRolePermissio=
n of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controll= er\RoleController.java of the component Role-Permission Binding Handler. Th=
e manipulation results in improper access controls. It is possible to launc=
h the attack remotely. The exploit has been released to the public and may =
be used for attacks. This product takes the approach of rolling releases to=
provide continious delivery. Therefore, version details for affected and u= pdated releases are not available. The project was informed of the problem = early through an issue report but has not responded yet.</td> <td>2026-02-07</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2075" target=3D"= _blank" rel=3D"noopener">CVE-2026-2075</a></td>

<a href=3D"https://vuldb.com/?id.344641" target=3D"_blank" rel=3D"noopener"= >VDB-344641 | yeqifu warehouse Role-Permission Binding RoleController.java = saveRolePermission access control</a> <a href=3D"https://vuldb.com/?ctii= d.344641" target=3D"_blank" rel=3D"noopener">VDB-344641 | CTI Indicators (I= OB, IOC, TTP, IOA)</a> <a href=3D"https://vuldb.com/?submit.745508" targ= et=3D"_blank" rel=3D"noopener">Submit #745508 | yeqifu warehouse latest(git=
commit aaf29962ba407d22d991781de28796ee7b4670e4) Im</a> <a href=3D"http= s://github.com/yeqifu/warehouse/issues/52" target=3D"_blank" rel=3D"noopene= r">https://github.com/yeqifu/warehouse/issues/52</a> <a href=3D"https://= github.com/yeqifu/warehouse/issues/52#issue-3846645856" target=3D"_blank" r= el=3D"noopener">https://github.com/yeqifu/warehouse/issues/52#issue-3846645= 856</a> <a href=3D"https://github.com/yeqifu/warehouse/" target=3D"_blan=
k" rel=3D"noopener">https://github.com/yeqifu/warehouse/</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">yeqifu--warehouse</td>
<td>A weakness has been identified in yeqifu warehouse up to aaf29962ba407d= 22d991781de28796ee7b4670e4. Affected by this vulnerability is the function = addUser/updateUser/deleteUser of the file dataset\repos\warehouse\src\main\= java\com\yeqifu\sys\controller\UserController.java of the component User Ma= nagement Endpoint. This manipulation causes improper authorization. The att= ack can be initiated remotely. The exploit has been made available to the p= ublic and could be used for attacks. Continious delivery with rolling relea= ses is used by this product. Therefore, no version details of affected nor = updated releases are available. The project was informed of the problem ear=
ly through an issue report but has not responded yet.</td>
<td>2026-02-07</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2076" target=3D"= _blank" rel=3D"noopener">CVE-2026-2076</a></td>

<a href=3D"https://vuldb.com/?id.344642" target=3D"_blank" rel=3D"noopener"= >VDB-344642 | yeqifu warehouse User Management Endpoint UserController.java=
deleteUser improper authorization</a> <a href=3D"https://vuldb.com/?cti= id.344642" target=3D"_blank" rel=3D"noopener">VDB-344642 | CTI Indicators (= IOB, IOC, TTP, IOA)</a> <a href=3D"https://vuldb.com/?submit.745509" tar= get=3D"_blank" rel=3D"noopener">Submit #745509 | yeqifu warehouse latest(gi=
t commit aaf29962ba407d22d991781de28796ee7b4670e4) Improper Access Controls= </a> <a href=3D"https://github.com/yeqifu/warehouse/issues/53" target=3D= "_blank" rel=3D"noopener">https://github.com/yeqifu/warehouse/issues/53</a>= <a href=3D"https://github.com/yeqifu/warehouse/issues/53#issue-38466510= 70" target=3D"_blank" rel=3D"noopener">https://github.com/yeqifu/warehouse/= issues/53#issue-3846651070</a> <a href=3D"https://github.com/yeqifu/ware= house/" target=3D"_blank" rel=3D"noopener">https://github.com/yeqifu/wareho= use/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">yeqifu--warehouse</td>
<td>A security vulnerability has been detected in yeqifu warehouse up to aa= f29962ba407d22d991781de28796ee7b4670e4. Affected by this issue is the funct= ion addRole/updateRole/deleteRole of the file dataset\repos\warehouse\src\m= ain\java\com\yeqifu\sys\controller\RoleController.java of the component Rol=
e Management Handler. Such manipulation leads to improper authorization. Th=
e attack can be launched remotely. The exploit has been disclosed publicly = and may be used. This product does not use versioning. This is why informat= ion about affected and unaffected releases are unavailable. The project was=
informed of the problem early through an issue report but has not responde=
d yet.</td>
<td>2026-02-07</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2077" target=3D"= _blank" rel=3D"noopener">CVE-2026-2077</a></td>

<a href=3D"https://vuldb.com/?id.344643" target=3D"_blank" rel=3D"noopener"= >VDB-344643 | yeqifu warehouse Role Management RoleController.java deleteRo=
le improper authorization</a> <a href=3D"https://vuldb.com/?ctiid.344643=
" target=3D"_blank" rel=3D"noopener">VDB-344643 | CTI Indicators (IOB, IOC,=
TTP, IOA)</a> <a href=3D"https://vuldb.com/?submit.745512" target=3D"_b= lank" rel=3D"noopener">Submit #745512 | yeqifu warehouse latest(git commit = aaf29962ba407d22d991781de28796ee7b4670e4) Improper Access Controls</a> <=
a href=3D"https://github.com/yeqifu/warehouse/issues/54" target=3D"_blank" = rel=3D"noopener">https://github.com/yeqifu/warehouse/issues/54</a> <a hr= ef=3D"https://github.com/yeqifu/warehouse/issues/54#issue-3846654129" targe= t=3D"_blank" rel=3D"noopener">https://github.com/yeqifu/warehouse/issues/54= #issue-3846654129</a> <a href=3D"https://github.com/yeqifu/warehouse/" t= arget=3D"_blank" rel=3D"noopener">https://github.com/yeqifu/warehouse/</a><= br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">yeqifu--warehouse</td>
<td>A vulnerability was detected in yeqifu warehouse up to aaf29962ba407d22= d991781de28796ee7b4670e4. This affects the function addPermission/updatePer= mission/deletePermission of the file dataset\repos\warehouse\src\main\java\= com\yeqifu\sys\controller\PermissionController.java of the component Permis= sion Management. Performing a manipulation results in improper authorizatio=
n. The attack may be initiated remotely. The exploit is now public and may =
be used. This product uses a rolling release model to deliver continuous up= dates. As a result, specific version information for affected or updated re= leases is not available. The project was informed of the problem early thro= ugh an issue report but has not responded yet.</td>
<td>2026-02-07</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2078" target=3D"= _blank" rel=3D"noopener">CVE-2026-2078</a></td>

<a href=3D"https://vuldb.com/?id.344644" target=3D"_blank" rel=3D"noopener"= >VDB-344644 | yeqifu warehouse Permission Management PermissionController.j= ava deletePermission improper authorization</a> <a href=3D"https://vuldb= .com/?ctiid.344644" target=3D"_blank" rel=3D"noopener">VDB-344644 | CTI Ind= icators (IOB, IOC, TTP, IOA)</a> <a href=3D"https://vuldb.com/?submit.74= 5513" target=3D"_blank" rel=3D"noopener">Submit #745513 | yeqifu warehouse = latest(git commit aaf29962ba407d22d991781de28796ee7b4670e4) Improper Access=
Controls</a> <a href=3D"https://github.com/yeqifu/warehouse/issues/55" = target=3D"_blank" rel=3D"noopener">https://github.com/yeqifu/warehouse/issu= es/55</a> <a href=3D"https://github.com/yeqifu/warehouse/issues/55#issue= -3846656775" target=3D"_blank" rel=3D"noopener">https://github.com/yeqifu/w= arehouse/issues/55#issue-3846656775</a> <a href=3D"https://github.com/ye= qifu/warehouse/" target=3D"_blank" rel=3D"noopener">https://github.com/yeqi= fu/warehouse/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">yeqifu--warehouse</td>
<td>A flaw has been found in yeqifu warehouse up to aaf29962ba407d22d991781= de28796ee7b4670e4. This vulnerability affects the function addMenu/updateMe= nu/deleteMenu of the file dataset\repos\warehouse\src\main\java\com\yeqifu\= sys\controller\MenuController.java of the component Menu Management. Execut= ing a manipulation can lead to improper authorization. The attack may be la= unched remotely. The exploit has been published and may be used. This produ=
ct operates on a rolling release basis, ensuring continuous delivery. Conse= quently, there are no version details for either affected or updated releas= es. The project was informed of the problem early through an issue report b=
ut has not responded yet.</td>
<td>2026-02-07</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2079" target=3D"= _blank" rel=3D"noopener">CVE-2026-2079</a></td>

<a href=3D"https://vuldb.com/?id.344645" target=3D"_blank" rel=3D"noopener"= >VDB-344645 | yeqifu warehouse Menu Management MenuController.java deleteMe=
nu improper authorization</a> <a href=3D"https://vuldb.com/?ctiid.344645=
" target=3D"_blank" rel=3D"noopener">VDB-344645 | CTI Indicators (IOB, IOC,=
TTP, IOA)</a> <a href=3D"https://vuldb.com/?submit.745514" target=3D"_b= lank" rel=3D"noopener">Submit #745514 | yeqifu warehouse latest(git commit = aaf29962ba407d22d991781de28796ee7b4670e4) Improper Access Controls</a> <=
a href=3D"https://github.com/yeqifu/warehouse/issues/56" target=3D"_blank" = rel=3D"noopener">https://github.com/yeqifu/warehouse/issues/56</a> <a hr= ef=3D"https://github.com/yeqifu/warehouse/issues/56#issue-3846659524" targe= t=3D"_blank" rel=3D"noopener">https://github.com/yeqifu/warehouse/issues/56= #issue-3846659524</a> <a href=3D"https://github.com/yeqifu/warehouse/" t= arget=3D"_blank" rel=3D"noopener">https://github.com/yeqifu/warehouse/</a><= br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">yeqifu--warehouse</td>
<td>A flaw has been found in yeqifu warehouse up to aaf29962ba407d22d991781= de28796ee7b4670e4. The affected element is the function addDept/updateDept/= deleteDept of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys= \controller\DeptController.java of the component Department Management. Exe= cuting a manipulation can lead to improper authorization. It is possible to=
launch the attack remotely. The exploit has been published and may be used=
. This product takes the approach of rolling releases to provide continious=
delivery. Therefore, version details for affected and updated releases are=
not available. The project was informed of the problem early through an is= sue report but has not responded yet.</td>
<td>2026-02-07</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2105" target=3D"= _blank" rel=3D"noopener">CVE-2026-2105</a></td>

<a href=3D"https://vuldb.com/?id.344681" target=3D"_blank" rel=3D"noopener"= >VDB-344681 | yeqifu warehouse Department Management DeptController.java de= leteDept improper authorization</a> <a href=3D"https://vuldb.com/?ctiid.= 344681" target=3D"_blank" rel=3D"noopener">VDB-344681 | CTI Indicators (IOB=
, IOC, TTP, IOA)</a> <a href=3D"https://vuldb.com/?submit.745515" target= =3D"_blank" rel=3D"noopener">Submit #745515 | yeqifu warehouse latest(git c= ommit aaf29962ba407d22d991781de28796ee7b4670e4) Improper Access Controls</a= > <a href=3D"https://github.com/yeqifu/warehouse/issues/57" target=3D"_b= lank" rel=3D"noopener">https://github.com/yeqifu/warehouse/issues/57</a><br= ><a href=3D"https://github.com/yeqifu/warehouse/issues/57#issue-3846662068"=
target=3D"_blank" rel=3D"noopener">https://github.com/yeqifu/warehouse/iss= ues/57#issue-3846662068</a> <a href=3D"https://github.com/yeqifu/warehou= se/" target=3D"_blank" rel=3D"noopener">https://github.com/yeqifu/warehouse= /</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">yeqifu--warehouse</td>
<td>A vulnerability has been found in yeqifu warehouse up to aaf29962ba407d= 22d991781de28796ee7b4670e4. The impacted element is the function addNotice/= updateNotice/deleteNotice/batchDeleteNotice of the file dataset\repos\wareh= ouse\src\main\java\com\yeqifu\sys\controller\NoticeController.java of the c= omponent Notice Management. The manipulation leads to improper authorizatio=
n. The attack can be initiated remotely. The exploit has been disclosed to = the public and may be used. Continious delivery with rolling releases is us=
ed by this product. Therefore, no version details of affected nor updated r= eleases are available. The project was informed of the problem early throug=
h an issue report but has not responded yet.</td>
<td>2026-02-07</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2106" target=3D"= _blank" rel=3D"noopener">CVE-2026-2106</a></td>

<a href=3D"https://vuldb.com/?id.344682" target=3D"_blank" rel=3D"noopener"= >VDB-344682 | yeqifu warehouse Notice Management NoticeController.java batc= hDeleteNotice improper authorization</a> <a href=3D"https://vuldb.com/?c= tiid.344682" target=3D"_blank" rel=3D"noopener">VDB-344682 | CTI Indicators=
(IOB, IOC, TTP, IOA)</a> <a href=3D"https://vuldb.com/?submit.745516" t= arget=3D"_blank" rel=3D"noopener">Submit #745516 | yeqifu warehouse latest(= git commit aaf29962ba407d22d991781de28796ee7b4670e4) Improper Access Contro= ls</a> <a href=3D"https://github.com/yeqifu/warehouse/issues/58" target= =3D"_blank" rel=3D"noopener">https://github.com/yeqifu/warehouse/issues/58<= /a> <a href=3D"https://github.com/yeqifu/warehouse/issues/58#issue-38466= 64260" target=3D"_blank" rel=3D"noopener">https://github.com/yeqifu/warehou= se/issues/58#issue-3846664260</a> <a href=3D"https://github.com/yeqifu/w= arehouse/" target=3D"_blank" rel=3D"noopener">https://github.com/yeqifu/war= ehouse/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">yeqifu--warehouse</td>
<td>A vulnerability was found in yeqifu warehouse up to aaf29962ba407d22d99= 1781de28796ee7b4670e4. This affects the function loadAllLoginfo/deleteLogin= fo/batchDeleteLoginfo of the file dataset\repos\warehouse\src\main\java\com= \yeqifu\sys\controller\LoginfoController.java of the component Log Info Han= dler. The manipulation results in improper authorization. The attack can be=
launched remotely. The exploit has been made public and could be used. Thi=
s product does not use versioning. This is why information about affected a=
nd unaffected releases are unavailable. The project was informed of the pro= blem early through an issue report but has not responded yet.</td> <td>2026-02-07</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2107" target=3D"= _blank" rel=3D"noopener">CVE-2026-2107</a></td>

<a href=3D"https://vuldb.com/?id.344683" target=3D"_blank" rel=3D"noopener"= >VDB-344683 | yeqifu warehouse Log Info LoginfoController.java batchDeleteL= oginfo improper authorization</a> <a href=3D"https://vuldb.com/?ctiid.34= 4683" target=3D"_blank" rel=3D"noopener">VDB-344683 | CTI Indicators (IOB, = IOC, TTP, IOA)</a> <a href=3D"https://vuldb.com/?submit.745517" target= =3D"_blank" rel=3D"noopener">Submit #745517 | yeqifu warehouse latest(git c= ommit aaf29962ba407d22d991781de28796ee7b4670e4) Improper Access Controls</a= > <a href=3D"https://github.com/yeqifu/warehouse/issues/59" target=3D"_b= lank" rel=3D"noopener">https://github.com/yeqifu/warehouse/issues/59</a><br= ><a href=3D"https://github.com/yeqifu/warehouse/issues/59#issue-3846665806"=
target=3D"_blank" rel=3D"noopener">https://github.com/yeqifu/warehouse/iss= ues/59#issue-3846665806</a> <a href=3D"https://github.com/yeqifu/warehou= se/" target=3D"_blank" rel=3D"noopener">https://github.com/yeqifu/warehouse= /</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Xiaopi--Panel</td>
<td>A security flaw has been discovered in Xiaopi Panel up to 20260126. Thi=
s impacts an unknown function of the file /demo.php of the component WAF Fi= rewall. The manipulation of the argument ID results in sql injection. The a= ttack may be launched remotely. The exploit has been released to the public=
and may be used for attacks. The vendor was contacted early about this dis= closure but did not respond in any way.</td>
<td>2026-02-08</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2122" target=3D"= _blank" rel=3D"noopener">CVE-2026-2122</a></td>

<a href=3D"https://vuldb.com/?id.344695" target=3D"_blank" rel=3D"noopener"= >VDB-344695 | Xiaopi Panel WAF Firewall demo.php sql injection</a> <a hr= ef=3D"https://vuldb.com/?ctiid.344695" target=3D"_blank" rel=3D"noopener">V= DB-344695 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a href=3D"https://v= uldb.com/?submit.746917" target=3D"_blank" rel=3D"noopener">Submit #746917 =
| Xiaopi Web Application Firewall V1.0.0 Bypass</a> <a href=3D"https://g= ithub.com/ltranquility/CVE/issues/37" target=3D"_blank" rel=3D"noopener">ht= tps://github.com/ltranquility/CVE/issues/37</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">BurtTheCoder--mcp-maigret</td>
<td>A vulnerability was determined in BurtTheCoder mcp-maigret up to 1.0.12=
. This affects an unknown part of the file src/index.ts of the component se= arch_username. Executing a manipulation of the argument Username can lead t=
o command injection. The attack may be launched remotely. Upgrading to vers= ion 1.0.13 is able to mitigate this issue. This patch is called b1ae073c4b3= e789ab8de36dc6ca8111ae9399e7a. Upgrading the affected component is advised.= </td>
<td>2026-02-08</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2130" target=3D"= _blank" rel=3D"noopener">CVE-2026-2130</a></td>

<a href=3D"https://vuldb.com/?id.344765" target=3D"_blank" rel=3D"noopener"= >VDB-344765 | BurtTheCoder mcp-maigret search_username index.ts command inj= ection</a> <a href=3D"https://vuldb.com/?ctiid.344765" target=3D"_blank"=
rel=3D"noopener">VDB-344765 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <=
a href=3D"https://vuldb.com/?submit.747171" target=3D"_blank" rel=3D"noopen= er">Submit #747171 | GitHub mcp-maigret v1.0.12 Command Injection</a> <a=
href=3D"https://github.com/BurtTheCoder/mcp-maigret/issues/9" target=3D"_b= lank" rel=3D"noopener">https://github.com/BurtTheCoder/mcp-maigret/issues/9= </a> <a href=3D"https://github.com/BurtTheCoder/mcp-maigret/pull/10" tar= get=3D"_blank" rel=3D"noopener">https://github.com/BurtTheCoder/mcp-maigret= /pull/10</a> <a href=3D"https://github.com/BurtTheCoder/mcp-maigret/comm= it/b1ae073c4b3e789ab8de36dc6ca8111ae9399e7a" target=3D"_blank" rel=3D"noope= ner">https://github.com/BurtTheCoder/mcp-maigret/commit/b1ae073c4b3e789ab8d= e36dc6ca8111ae9399e7a</a> <a href=3D"https://github.com/BurtTheCoder/mcp= -maigret/releases/tag/v1.0.13" target=3D"_blank" rel=3D"noopener">https://g= ithub.com/BurtTheCoder/mcp-maigret/releases/tag/v1.0.13</a> <a href=3D"h= ttps://github.com/BurtTheCoder/mcp-maigret/" target=3D"_blank" rel=3D"noope= ner">https://github.com/BurtTheCoder/mcp-maigret/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">XixianLiang--HarmonyOS-mcp-server</td>
<td>A vulnerability was identified in XixianLiang HarmonyOS-mcp-server 0.1.=
0. This vulnerability affects the function input_text. The manipulation of = the argument text leads to os command injection. Remote exploitation of the=
attack is possible. The exploit is publicly available and might be used.</=

<td>2026-02-08</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2131" target=3D"= _blank" rel=3D"noopener">CVE-2026-2131</a></td>

<a href=3D"https://vuldb.com/?id.344766" target=3D"_blank" rel=3D"noopener"= >VDB-344766 | XixianLiang HarmonyOS-mcp-server input_text os command inject= ion</a> <a href=3D"https://vuldb.com/?ctiid.344766" target=3D"_blank" re= l=3D"noopener">VDB-344766 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a h= ref=3D"https://vuldb.com/?submit.747209" target=3D"_blank" rel=3D"noopener"= >Submit #747209 | GitHub HarmonyOS-mcp-server v0.1.0 Command Injection</a><= br><a href=3D"https://github.com/scanleale/MCP_sec/blob/main/HarmonyOS-mcp-= server%20RCE%20vulnerability.md" target=3D"_blank" rel=3D"noopener">https:/= /github.com/scanleale/MCP_sec/blob/main/HarmonyOS-mcp-server%20RCE%20vulner= ability.md</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">UTT--HiPER 810</td>
<td>A vulnerability was detected in UTT HiPER 810 1.7.4-141218. The impacte=
d element is the function sub_43F020 of the file /goform/formPdbUpConfig. P= erforming a manipulation of the argument policyNames results in command inj= ection. It is possible to initiate the attack remotely. The exploit is now = public and may be used.</td>
<td>2026-02-08</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2135" target=3D"= _blank" rel=3D"noopener">CVE-2026-2135</a></td>

<a href=3D"https://vuldb.com/?id.344770" target=3D"_blank" rel=3D"noopener"= >VDB-344770 | UTT HiPER 810 formPdbUpConfig sub_43F020 command injection</a= > <a href=3D"https://vuldb.com/?ctiid.344770" target=3D"_blank" rel=3D"n= oopener">VDB-344770 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a href=3D= "https://vuldb.com/?submit.747222" target=3D"_blank" rel=3D"noopener">Submi=
t #747222 | UTT (=E8=89=BE=E6=B3=B0) HiPER 810 nv810v4v1.7.4-141218 Command=
Injection</a> <a href=3D"https://github.com/cha0yang1/UTT810CVE/blob/ma= in/CVEreadme2.md" target=3D"_blank" rel=3D"noopener">https://github.com/cha= 0yang1/UTT810CVE/blob/main/CVEreadme2.md</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">WuKongOpenSource--WukongCRM</td>
<td>A security flaw has been discovered in WuKongOpenSource WukongCRM up to=
11.3.3. This affects an unknown part of the file gateway/src/main/java/com= /kakarote/gateway/service/impl/PermissionServiceImpl.java of the component = URL Handler. Performing a manipulation results in improper authorization. R= emote exploitation of the attack is possible. The exploit has been released=
to the public and may be used for attacks. The vendor was contacted early = about this disclosure but did not respond in any way.</td>
<td>2026-02-08</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2141" target=3D"= _blank" rel=3D"noopener">CVE-2026-2141</a></td>

<a href=3D"https://vuldb.com/?id.344776" target=3D"_blank" rel=3D"noopener"= >VDB-344776 | WuKongOpenSource WukongCRM URL PermissionServiceImpl.java imp= roper authorization</a> <a href=3D"https://vuldb.com/?ctiid.344776" targ= et=3D"_blank" rel=3D"noopener">VDB-344776 | CTI Indicators (IOB, IOC, TTP, = IOA)</a> <a href=3D"https://vuldb.com/?submit.747264" target=3D"_blank" = rel=3D"noopener">Submit #747264 | =E9=83=91=E5=B7=9E=E5=8D=A1=E5=8D=A1=E7= =BD=97=E7=89=B9=E8=BD=AF=E4=BB=B6=E7=A7=91=E6=8A=80=E6=9C=89=E9=99=90=E5=85= =AC=E5=8F=B8 WukongCRM WukongCRM-11.x-JAVA logical flaw vulnerability</a><b= r><a href=3D"https://github.com/SourByte05/SourByte-Lab/issues/8" target=3D= "_blank" rel=3D"noopener">https://github.com/SourByte05/SourByte-Lab/issues= /8</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">guchengwuyue--yshopmall</td>
<td>A security flaw has been discovered in guchengwuyue yshopmall up to 1.9= .1. This affects the function updateAvatar of the file /api/users/updateAva= tar of the component co.yixiang.utils.FileUtil. Performing a manipulation o=
f the argument File results in unrestricted upload. The attack is possible =
to be carried out remotely. The exploit has been released to the public and=
may be used for attacks. The project was informed of the problem early thr= ough an issue report but has not responded yet.</td>
<td>2026-02-08</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2146" target=3D"= _blank" rel=3D"noopener">CVE-2026-2146</a></td>

<a href=3D"https://vuldb.com/?id.344848" target=3D"_blank" rel=3D"noopener"= >VDB-344848 | guchengwuyue yshopmall co.yixiang.utils.FileUtil updateAvatar=
unrestricted upload</a> <a href=3D"https://vuldb.com/?ctiid.344848" tar= get=3D"_blank" rel=3D"noopener">VDB-344848 | CTI Indicators (IOB, IOC, TTP,=
IOA)</a> <a href=3D"https://vuldb.com/?submit.747409" target=3D"_blank"=
rel=3D"noopener">Submit #747409 | https://github.com/guchengwuyue/yshopmal=
l yshopmall V1.9.1 Incomplete Identification of Uploaded File Variables</a>= <a href=3D"https://github.com/guchengwuyue/yshopmall/issues/40" target= =3D"_blank" rel=3D"noopener">https://github.com/guchengwuyue/yshopmall/issu= es/40</a> <a href=3D"https://github.com/guchengwuyue/yshopmall/issues/40= #issue-3860542812" target=3D"_blank" rel=3D"noopener">https://github.com/gu= chengwuyue/yshopmall/issues/40#issue-3860542812</a> <a href=3D"https://g= ithub.com/guchengwuyue/yshopmall/" target=3D"_blank" rel=3D"noopener">https= ://github.com/guchengwuyue/yshopmall/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Totolink--WA300</td>
<td>A vulnerability was detected in Totolink WA300 5.2cu.7112_B20190227. Th=
e impacted element is the function setAPNetwork of the file /cgi-bin/cstecg= i.cgi. The manipulation of the argument Ipaddr results in os command inject= ion. The attack may be performed from remote. The exploit is now public and=
may be used.</td>
<td>2026-02-08</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2167" target=3D"= _blank" rel=3D"noopener">CVE-2026-2167</a></td>

<a href=3D"https://vuldb.com/?id.344869" target=3D"_blank" rel=3D"noopener"= >VDB-344869 | Totolink WA300 cstecgi.cgi setAPNetwork os command injection<= /a> <a href=3D"https://vuldb.com/?ctiid.344869" target=3D"_blank" rel=3D= "noopener">VDB-344869 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a href= =3D"https://vuldb.com/?submit.752063" target=3D"_blank" rel=3D"noopener">Su= bmit #752063 | TOTOLINK WA300 V5.2cu.7112_B20190227 OS Command Injection</a= > <a href=3D"https://github.com/master-abc/cve/issues/36" target=3D"_bla= nk" rel=3D"noopener">https://github.com/master-abc/cve/issues/36</a> <a = href=3D"https://www.totolink.net/" target=3D"_blank" rel=3D"noopener">https= ://www.totolink.net/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">D-Link--DWR-M921</td>
<td>A flaw has been found in D-Link DWR-M921 1.1.50. This affects the funct= ion sub_419920 of the file /boafrm/formLtefotaUpgradeQuectel. This manipula= tion of the argument fota_url causes command injection. It is possible to i= nitiate the attack remotely. The exploit has been published and may be used= .</td>
<td>2026-02-08</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2168" target=3D"= _blank" rel=3D"noopener">CVE-2026-2168</a></td>

<a href=3D"https://vuldb.com/?id.344870" target=3D"_blank" rel=3D"noopener"= >VDB-344870 | D-Link DWR-M921 formLtefotaUpgradeQuectel sub_419920 command = injection</a> <a href=3D"https://vuldb.com/?ctiid.344870" target=3D"_bla= nk" rel=3D"noopener">VDB-344870 | CTI Indicators (IOB, IOC, TTP, IOA)</a><b= r><a href=3D"https://vuldb.com/?submit.748838" target=3D"_blank" rel=3D"noo= pener">Submit #748838 | D-Link DWR-M921 V1.1.50 Command Injection</a> <a=
href=3D"https://github.com/LX-66-LX/cve-new/issues/2" target=3D"_blank" re= l=3D"noopener">https://github.com/LX-66-LX/cve-new/issues/2</a> <a href= =3D"https://www.dlink.com/" target=3D"_blank" rel=3D"noopener">https://www.= dlink.com/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">D-Link--DWR-M921</td>
<td>A vulnerability has been found in D-Link DWR-M921 1.1.50. This impacts =
an unknown function of the file /boafrm/formLtefotaUpgradeFibocom. Such man= ipulation of the argument fota_url leads to command injection. It is possib=
le to launch the attack remotely. The exploit has been disclosed to the pub= lic and may be used.</td>
<td>2026-02-08</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2169" target=3D"= _blank" rel=3D"noopener">CVE-2026-2169</a></td>

<a href=3D"https://vuldb.com/?id.344871" target=3D"_blank" rel=3D"noopener"= >VDB-344871 | D-Link DWR-M921 formLtefotaUpgradeFibocom command injection</= a> <a href=3D"https://vuldb.com/?ctiid.344871" target=3D"_blank" rel=3D"= noopener">VDB-344871 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a href= =3D"https://vuldb.com/?submit.748930" target=3D"_blank" rel=3D"noopener">Su= bmit #748930 | D-Link DWR-M921 V1.1.50 Command Injection</a> <a href=3D"= https://github.com/LX-66-LX/cve-new/issues/3" target=3D"_blank" rel=3D"noop= ener">https://github.com/LX-66-LX/cve-new/issues/3</a> <a href=3D"https:= //www.dlink.com/" target=3D"_blank" rel=3D"noopener">https://www.dlink.com/= </a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">code-projects--Contact Management System</td> <td>A security vulnerability has been detected in code-projects Contact Man= agement System 1.0. This issue affects some unknown processing of the file = index.py. Such manipulation of the argument selecteditem[0] leads to sql in= jection. The attack can be executed remotely.</td>
<td>2026-02-08</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2176" target=3D"= _blank" rel=3D"noopener">CVE-2026-2176</a></td>

<a href=3D"https://vuldb.com/?id.344877" target=3D"_blank" rel=3D"noopener"= >VDB-344877 | code-projects Contact Management System index.py sql injectio= n</a> <a href=3D"https://vuldb.com/?ctiid.344877" target=3D"_blank" rel= =3D"noopener">VDB-344877 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a hr= ef=3D"https://vuldb.com/?submit.749264" target=3D"_blank" rel=3D"noopener">= Submit #749264 | code-projects Contact Management System in Python unknown = SQL Injection</a> <a href=3D"https://code-projects.org/" target=3D"_blan=
k" rel=3D"noopener">https://code-projects.org/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">r-huijts--xcode-mcp-server</td>
<td>A vulnerability was found in r-huijts xcode-mcp-server up to f3419f0011= 7aa9949e326f78cc940166c88f18cb. This affects the function registerXcodeTool=
s of the file src/tools/xcode/index.ts of the component run_lldb. The manip= ulation of the argument args results in command injection. It is possible t=
o launch the attack remotely. The exploit has been made public and could be=
used. This product takes the approach of rolling releases to provide conti= nious delivery. Therefore, version details for affected and updated release=
s are not available. The patch is identified as 11f8d6bacadd153beee649f92a7= 8a9dad761f56f. Applying a patch is advised to resolve this issue.</td> <td>2026-02-08</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2178" target=3D"= _blank" rel=3D"noopener">CVE-2026-2178</a></td>

<a href=3D"https://vuldb.com/?id.344881" target=3D"_blank" rel=3D"noopener"= >VDB-344881 | r-huijts xcode-mcp-server run_lldb index.ts registerXcodeTool=
s command injection</a> <a href=3D"https://vuldb.com/?ctiid.344881" targ= et=3D"_blank" rel=3D"noopener">VDB-344881 | CTI Indicators (IOB, IOC, TTP, = IOA)</a> <a href=3D"https://vuldb.com/?submit.749569" target=3D"_blank" = rel=3D"noopener">Submit #749569 | GitHub xcode-mcp-server master Command In= jection</a> <a href=3D"https://github.com/r-huijts/xcode-mcp-server/issu= es/13" target=3D"_blank" rel=3D"noopener">https://github.com/r-huijts/xcode= -mcp-server/issues/13</a> <a href=3D"https://github.com/r-huijts/xcode-m= cp-server/issues/13#issue-3878065790" target=3D"_blank" rel=3D"noopener">ht= tps://github.com/r-huijts/xcode-mcp-server/issues/13#issue-3878065790</a><b= r><a href=3D"https://github.com/r-huijts/xcode-mcp-server/commit/11f8d6baca= dd153beee649f92a78a9dad761f56f" target=3D"_blank" rel=3D"noopener">https://= github.com/r-huijts/xcode-mcp-server/commit/11f8d6bacadd153beee649f92a78a9d= ad761f56f</a> <a href=3D"https://github.com/r-huijts/xcode-mcp-server/" = target=3D"_blank" rel=3D"noopener">https://github.com/r-huijts/xcode-mcp-se= rver/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Great Developers--Certificate Generation Syste= m</td>
<td>A security vulnerability has been detected in Great Developers Certific= ate Generation System up to 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73. This = affects an unknown part of the file /restructured/csv.php. The manipulation=
leads to unrestricted upload. Remote exploitation of the attack is possibl=
e. This product follows a rolling release approach for continuous delivery,=
so version details for affected or updated releases are not provided. The = code repository of the project has not been active for many years.</td> <td>2026-02-08</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2183" target=3D"= _blank" rel=3D"noopener">CVE-2026-2183</a></td>

<a href=3D"https://vuldb.com/?id.344886" target=3D"_blank" rel=3D"noopener"= >VDB-344886 | Great Developers Certificate Generation System csv.php unrest= ricted upload</a> <a href=3D"https://vuldb.com/?ctiid.344886" target=3D"= _blank" rel=3D"noopener">VDB-344886 | CTI Indicators (IOB, IOC, TTP, IOA)</= a> <a href=3D"https://vuldb.com/?submit.749713" target=3D"_blank" rel=3D= "noopener">Submit #749713 | Great Developers Certificate Generator System 1=
.0 Unrestricted Upload</a> <a href=3D"https://github.com/lakshayyverma/C= VE-Discovery/blob/main/Certificate.md" target=3D"_blank" rel=3D"noopener">h= ttps://github.com/lakshayyverma/CVE-Discovery/blob/main/Certificate.md</a><= br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">D-Link--DI-7100G C1</td>
<td>A vulnerability was detected in D-Link DI-7100G C1 24.04.18D1. Affected=
by this issue is the function set_jhttpd_info. Performing a manipulation o=
f the argument usb_username results in command injection. Remote exploitati=
on of the attack is possible.</td>
<td>2026-02-08</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2193" target=3D"= _blank" rel=3D"noopener">CVE-2026-2193</a></td>

<a href=3D"https://vuldb.com/?id.344896" target=3D"_blank" rel=3D"noopener"= >VDB-344896 | D-Link DI-7100G C1 set_jhttpd_info command injection</a> <=
a href=3D"https://vuldb.com/?ctiid.344896" target=3D"_blank" rel=3D"noopene= r">VDB-344896 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a href=3D"https= ://vuldb.com/?submit.749803" target=3D"_blank" rel=3D"noopener">Submit #749= 803 | D-Link DI-7100G C1, 24.04.18D1 Command Injection</a> <a href=3D"ht= tps://github.com/glkfc/IoT-Vulnerability/blob/main/D-Link/Dlink_4.md" targe= t=3D"_blank" rel=3D"noopener">https://github.com/glkfc/IoT-Vulnerability/bl= ob/main/D-Link/Dlink_4.md</a> <a href=3D"https://www.dlink.com/" target= =3D"_blank" rel=3D"noopener">https://www.dlink.com/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">D-Link--DI-7100G C1</td>
<td>A flaw has been found in D-Link DI-7100G C1 24.04.18D1. This affects th=
e function start_proxy_client_email. Executing a manipulation can lead to c= ommand injection. The attack can be executed remotely. The exploit has been=
published and may be used.</td>
<td>2026-02-08</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2194" target=3D"= _blank" rel=3D"noopener">CVE-2026-2194</a></td>

<a href=3D"https://vuldb.com/?id.344897" target=3D"_blank" rel=3D"noopener"= >VDB-344897 | D-Link DI-7100G C1 start_proxy_client_email command injection= </a> <a href=3D"https://vuldb.com/?ctiid.344897" target=3D"_blank" rel= =3D"noopener">VDB-344897 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a hr= ef=3D"https://vuldb.com/?submit.749804" target=3D"_blank" rel=3D"noopener">= Submit #749804 | D-Link DI-7100G C1: 2020/02/21, 24.04.18D1: 2024/04/18 Com= mand Injection</a> <a href=3D"https://github.com/glkfc/IoT-Vulnerability= /blob/main/D-Link/Dlink_3.md" target=3D"_blank" rel=3D"noopener">https://gi= thub.com/glkfc/IoT-Vulnerability/blob/main/D-Link/Dlink_3.md</a> <a href= =3D"https://www.dlink.com/" target=3D"_blank" rel=3D"noopener">https://www.= dlink.com/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">glpi-project--glpi</td>
<td>GLPI is a free asset and IT management software package. From version 0= .85 to before 10.0.23, an authenticated user can perform a SQL injection. T= his issue has been patched in version 10.0.23.</td>
<td>2026-02-04</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-22044" target=3D= "_blank" rel=3D"noopener">CVE-2026-22044</a></td>

<a href=3D"https://github.com/glpi-project/glpi/security/advisories/GHSA-56= 9q-j526-w385" target=3D"_blank" rel=3D"noopener">https://github.com/glpi-pr= oject/glpi/security/advisories/GHSA-569q-j526-w385</a> <a href=3D"https:= //github.com/glpi-project/glpi/releases/tag/10.0.23" target=3D"_blank" rel= =3D"noopener">https://github.com/glpi-project/glpi/releases/tag/10.0.23</a>= =C2=A0</td>
</tr>

<td class=3D"vendor-product">n/a--WeKan</td>
<td>A security flaw has been discovered in WeKan up to 8.20. This vulnerabi= lity affects unknown code of the file server/methods/fixDuplicateLists.js o=
f the component Administrative Repair Handler. Performing a manipulation re= sults in improper access controls. It is possible to initiate the attack re= motely. Upgrading to version 8.21 is able to resolve this issue. The patch =
is named 4ce181d17249778094f73d21515f7f863f554743. It is advisable to upgra=
de the affected component.</td>
<td>2026-02-08</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2206" target=3D"= _blank" rel=3D"noopener">CVE-2026-2206</a></td>

<a href=3D"https://vuldb.com/?id.344920" target=3D"_blank" rel=3D"noopener"= >VDB-344920 | WeKan Administrative Repair fixDuplicateLists.js FixDuplicate= Bleed access control</a> <a href=3D"https://vuldb.com/?ctiid.344920" tar= get=3D"_blank" rel=3D"noopener">VDB-344920 | CTI Indicators (IOB, IOC, TTP,=
IOA)</a> <a href=3D"https://vuldb.com/?submit.752162" target=3D"_blank"=
rel=3D"noopener">Submit #752162 | Wekan <8.21 Improper access control o=
n administrative repair method</a> <a href=3D"https://github.com/wekan/w= ekan/commit/4ce181d17249778094f73d21515f7f863f554743" target=3D"_blank" rel= =3D"noopener">https://github.com/wekan/wekan/commit/4ce181d17249778094f73d2= 1515f7f863f554743</a> <a href=3D"https://github.com/wekan/wekan/releases= /tag/v8.21" target=3D"_blank" rel=3D"noopener">https://github.com/wekan/wek= an/releases/tag/v8.21</a> <a href=3D"https://github.com/wekan/wekan/" ta= rget=3D"_blank" rel=3D"noopener">https://github.com/wekan/wekan/</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">n/a--WeKan</td>
<td>A vulnerability was detected in WeKan up to 8.18. The affected element =
is the function setCreateTranslation of the file client/components/settings= /translationBody.js of the component Custom Translation Handler. The manipu= lation results in improper authorization. The attack can be launched remote= ly. Upgrading to version 8.19 is sufficient to fix this issue. The patch is=
identified as f244a43771f6ebf40218b83b9f46dba6b940d7de. It is suggested to=
upgrade the affected component.</td>
<td>2026-02-08</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2209" target=3D"= _blank" rel=3D"noopener">CVE-2026-2209</a></td>

<a href=3D"https://vuldb.com/?id.344923" target=3D"_blank" rel=3D"noopener"= >VDB-344923 | WeKan Custom Translation translationBody.js setCreateTranslat= ion improper authorization</a> <a href=3D"https://vuldb.com/?ctiid.34492=
3" target=3D"_blank" rel=3D"noopener">VDB-344923 | CTI Indicators (IOB, IOC=
, TTP, IOA)</a> <a href=3D"https://vuldb.com/?submit.752269" target=3D"_= blank" rel=3D"noopener">Submit #752269 | Wekan <8.20 IDOR in setCreateTr= anslation. Non-admin could change Custom Tran</a> <a href=3D"https://git= hub.com/wekan/wekan/commit/f244a43771f6ebf40218b83b9f46dba6b940d7de" target= =3D"_blank" rel=3D"noopener">https://github.com/wekan/wekan/commit/f244a437= 71f6ebf40218b83b9f46dba6b940d7de</a> <a href=3D"https://github.com/wekan= /wekan/releases/tag/v8.19" target=3D"_blank" rel=3D"noopener">https://githu= b.com/wekan/wekan/releases/tag/v8.19</a> <a href=3D"https://github.com/w= ekan/wekan/" target=3D"_blank" rel=3D"noopener">https://github.com/wekan/we= kan/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">gogs--gogs</td>
<td>Gogs is an open source self-hosted Git service. In version 0.13.3 and p= rior, an authenticated user can cause a DOS attack. If one of the repo file=
s is deleted before synchronization, it will cause the application to crash=
. This issue has been patched in versions 0.13.4 and 0.14.0+dev.</td> <td>2026-02-06</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-22592" target=3D= "_blank" rel=3D"noopener">CVE-2026-22592</a></td>

<a href=3D"https://github.com/gogs/gogs/security/advisories/GHSA-cr88-6mqm-= 4g57" target=3D"_blank" rel=3D"noopener">https://github.com/gogs/gogs/secur= ity/advisories/GHSA-cr88-6mqm-4g57</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">gogs--gogs</td>
<td>Gogs is an open source self-hosted Git service. In version 0.13.3 and p= rior, the endpoint "PUT /repos/:owner/:repo/contents/*" does not require wr= ite permissions and allows access with read permission only via repoAssignm= ent(). After passing the permission check, PutContents() invokes UpdateRepo= File(), which results in commit creation and the execution of git push. As =
a result, a token with read-only permission can be used to modify repositor=
y contents. This issue has been patched in versions 0.13.4 and 0.14.0+dev.<=

<td>2026-02-06</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23632" target=3D= "_blank" rel=3D"noopener">CVE-2026-23632</a></td>

<a href=3D"https://github.com/gogs/gogs/security/advisories/GHSA-5qhx-gwfj-= 6jqr" target=3D"_blank" rel=3D"noopener">https://github.com/gogs/gogs/secur= ity/advisories/GHSA-5qhx-gwfj-6jqr</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">gogs--gogs</td>
<td>Gogs is an open source self-hosted Git service. In version 0.13.3 and p= rior, there is an arbitrary file read/write via path traversal in Git hook = editing. This issue has been patched in versions 0.13.4 and 0.14.0+dev.</td=

<td>2026-02-06</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23633" target=3D= "_blank" rel=3D"noopener">CVE-2026-23633</a></td>

<a href=3D"https://github.com/gogs/gogs/security/advisories/GHSA-mrph-w4hh-= gx3g" target=3D"_blank" rel=3D"noopener">https://github.com/gogs/gogs/secur= ity/advisories/GHSA-mrph-w4hh-gx3g</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Kubernetes--ingress-nginx</td>
<td>A security issue was discovered in ingress-nginx=C2=A0where the validat= ing admission controller feature is subject to a denial of service conditio=
n. By sending large requests to the validating admission controller, an att= acker can cause memory consumption, which may result in the ingress-nginx c= ontroller pod being killed or the node running out of memory.</td> <td>2026-02-03</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24514" target=3D= "_blank" rel=3D"noopener">CVE-2026-24514</a></td>

<a href=3D"https://github.com/kubernetes/kubernetes/issues/136680" target= =3D"_blank" rel=3D"noopener">https://github.com/kubernetes/kubernetes/issue= s/136680</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">gunet--openeclass</td>
<td>The Open eClass platform (formerly known as GUnet eClass) is a complete=
course management system. Prior to version 4.2, a Cross-Site Request Forge=
ry (CSRF) vulnerability in multiple teacher-restricted endpoints allows att= ackers to induce authenticated teachers to perform unintended actions, such=
as modifying assignment grades, via crafted requests. This issue has been = patched in version 4.2.</td>
<td>2026-02-03</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24666" target=3D= "_blank" rel=3D"noopener">CVE-2026-24666</a></td>

<a href=3D"https://github.com/gunet/openeclass/security/advisories/GHSA-cgm= h-73qg-28fm" target=3D"_blank" rel=3D"noopener">https://github.com/gunet/op= eneclass/security/advisories/GHSA-cgmh-73qg-28fm</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">gunet--openeclass</td>
<td>The Open eClass platform (formerly known as GUnet eClass) is a complete=
course management system. Prior to version 4.2, a broken access control vu= lnerability allows authenticated students to add content to existing course=
units, an action normally restricted to higher-privileged roles. This issu=
e has been patched in version 4.2.</td>
<td>2026-02-03</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24668" target=3D= "_blank" rel=3D"noopener">CVE-2026-24668</a></td>

<a href=3D"https://github.com/gunet/openeclass/security/advisories/GHSA-22c= q-9fr7-fq6v" target=3D"_blank" rel=3D"noopener">https://github.com/gunet/op= eneclass/security/advisories/GHSA-22cq-9fr7-fq6v</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">gunet--openeclass</td>
<td>The Open eClass platform (formerly known as GUnet eClass) is a complete=
course management system. Prior to version 4.2, a broken access control vu= lnerability allows authenticated students to create new course units, an ac= tion normally restricted to higher-privileged roles. This issue has been pa= tched in version 4.2.</td>
<td>2026-02-03</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24670" target=3D= "_blank" rel=3D"noopener">CVE-2026-24670</a></td>

<a href=3D"https://github.com/gunet/openeclass/security/advisories/GHSA-4jf= 5-636r-hv9v" target=3D"_blank" rel=3D"noopener">https://github.com/gunet/op= eneclass/security/advisories/GHSA-4jf5-636r-hv9v</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">gunet--openeclass</td>
<td>The Open eClass platform (formerly known as GUnet eClass) is a complete=
course management system. Prior to version 4.2, a Stored Cross-Site Script= ing (XSS) vulnerability allows authenticated high-privileged users (teacher=
s or administrators) to inject malicious JavaScript into multiple user-cont= rollable input fields across the application, which is executed when other = users access affected pages. This issue has been patched in version 4.2.</t=

<td>2026-02-03</td>
<td>6.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24671" target=3D= "_blank" rel=3D"noopener">CVE-2026-24671</a></td>

<a href=3D"https://github.com/gunet/openeclass/security/advisories/GHSA-2x8= 3-4fh2-fcw7" target=3D"_blank" rel=3D"noopener">https://github.com/gunet/op= eneclass/security/advisories/GHSA-2x83-4fh2-fcw7</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Huawei--HarmonyOS</td>
<td>Out-of-bounds read issue in the media subsystem. Impact: Successful exp= loitation of this vulnerability will affect availability and confidentialit= y.</td>
<td>2026-02-06</td>
<td>6.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24915" target=3D= "_blank" rel=3D"noopener">CVE-2026-24915</a></td>

<a href=3D"https://consumer.huawei.com/en/support/bulletin/2026/2/" target= =3D"_blank" rel=3D"noopener">https://consumer.huawei.com/en/support/bulleti= n/2026/2/</a> <a href=3D"https://consumer.huawei.com/en/support/bulletin= laptops/2026/2/" target=3D"_blank" rel=3D"noopener">https://consumer.huawei= .com/en/support/bulletinlaptops/2026/2/</a> <a href=3D"https://consumer.= huawei.com/en/support/bulletinwearables/2026/2/" target=3D"_blank" rel=3D"n= oopener">https://consumer.huawei.com/en/support/bulletinwearables/2026/2/</= a> <a href=3D"https://consumer.huawei.com/en/support/bulletinvision/2026= /2/" target=3D"_blank" rel=3D"noopener">https://consumer.huawei.com/en/supp= ort/bulletinvision/2026/2/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Huawei--HarmonyOS</td>
<td>UAF vulnerability in the security module. Impact: Successful exploitati=
on of this vulnerability may affect availability.</td>
<td>2026-02-06</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24917" target=3D= "_blank" rel=3D"noopener">CVE-2026-24917</a></td>

<a href=3D"https://consumer.huawei.com/en/support/bulletin/2026/2/" target= =3D"_blank" rel=3D"noopener">https://consumer.huawei.com/en/support/bulleti= n/2026/2/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Huawei--HarmonyOS</td>
<td>Address read vulnerability in the communication module. Impact: Success= ful exploitation of this vulnerability may affect availability.</td> <td>2026-02-06</td>
<td>6.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24918" target=3D= "_blank" rel=3D"noopener">CVE-2026-24918</a></td>

<a href=3D"https://consumer.huawei.com/en/support/bulletin/2026/2/" target= =3D"_blank" rel=3D"noopener">https://consumer.huawei.com/en/support/bulleti= n/2026/2/</a> <a href=3D"https://consumer.huawei.com/en/support/bulletin= laptops/2026/2/" target=3D"_blank" rel=3D"noopener">https://consumer.huawei= .com/en/support/bulletinlaptops/2026/2/</a> <a href=3D"https://consumer.= huawei.com/en/support/bulletinwearables/2026/2/" target=3D"_blank" rel=3D"n= oopener">https://consumer.huawei.com/en/support/bulletinwearables/2026/2/</= a> <a href=3D"https://consumer.huawei.com/en/support/bulletinvision/2026= /2/" target=3D"_blank" rel=3D"noopener">https://consumer.huawei.com/en/supp= ort/bulletinvision/2026/2/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Huawei--HarmonyOS</td>
<td>Out-of-bounds write vulnerability in the DFX module. Impact: Successful=
exploitation of this vulnerability may affect availability.</td> <td>2026-02-06</td>
<td>6</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24919" target=3D= "_blank" rel=3D"noopener">CVE-2026-24919</a></td>

<a href=3D"https://consumer.huawei.com/en/support/bulletin/2026/2/" target= =3D"_blank" rel=3D"noopener">https://consumer.huawei.com/en/support/bulleti= n/2026/2/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Huawei--HarmonyOS</td>
<td>Permission control vulnerability in the AMS module. Impact: Successful = exploitation of this vulnerability may affect availability.</td> <td>2026-02-06</td>
<td>6.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24920" target=3D= "_blank" rel=3D"noopener">CVE-2026-24920</a></td>

<a href=3D"https://consumer.huawei.com/en/support/bulletin/2026/2/" target= =3D"_blank" rel=3D"noopener">https://consumer.huawei.com/en/support/bulleti= n/2026/2/</a> <a href=3D"https://consumer.huawei.com/en/support/bulletin= vision/2026/2/" target=3D"_blank" rel=3D"noopener">https://consumer.huawei.= com/en/support/bulletinvision/2026/2/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Huawei--HarmonyOS</td>
<td>Buffer overflow vulnerability in the HDC module. Impact: Successful exp= loitation of this vulnerability may affect availability.</td> <td>2026-02-06</td>
<td>6.9</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24922" target=3D= "_blank" rel=3D"noopener">CVE-2026-24922</a></td>

<a href=3D"https://consumer.huawei.com/en/support/bulletin/2026/2/" target= =3D"_blank" rel=3D"noopener">https://consumer.huawei.com/en/support/bulleti= n/2026/2/</a> <a href=3D"https://consumer.huawei.com/en/support/bulletin= laptops/2026/2/" target=3D"_blank" rel=3D"noopener">https://consumer.huawei= .com/en/support/bulletinlaptops/2026/2/</a> <a href=3D"https://consumer.= huawei.com/en/support/bulletinwearables/2026/2/" target=3D"_blank" rel=3D"n= oopener">https://consumer.huawei.com/en/support/bulletinwearables/2026/2/</= a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Huawei--HarmonyOS</td>
<td>Permission control vulnerability in the HDC module. Impact: Successful = exploitation of this vulnerability may affect service confidentiality.</td> <td>2026-02-06</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24923" target=3D= "_blank" rel=3D"noopener">CVE-2026-24923</a></td>

<a href=3D"https://consumer.huawei.com/en/support/bulletin/2026/2/" target= =3D"_blank" rel=3D"noopener">https://consumer.huawei.com/en/support/bulleti= n/2026/2/</a> <a href=3D"https://consumer.huawei.com/en/support/bulletin= laptops/2026/2/" target=3D"_blank" rel=3D"noopener">https://consumer.huawei= .com/en/support/bulletinlaptops/2026/2/</a> <a href=3D"https://consumer.= huawei.com/en/support/bulletinwearables/2026/2/" target=3D"_blank" rel=3D"n= oopener">https://consumer.huawei.com/en/support/bulletinwearables/2026/2/</= a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Huawei--HarmonyOS</td>
<td>Vulnerability of improper permission control in the print module. Impac=
t: Successful exploitation of this vulnerability may affect service confide= ntiality.</td>
<td>2026-02-06</td>
<td>6.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24924" target=3D= "_blank" rel=3D"noopener">CVE-2026-24924</a></td>

<a href=3D"https://consumer.huawei.com/en/support/bulletin/2026/2/" target= =3D"_blank" rel=3D"noopener">https://consumer.huawei.com/en/support/bulleti= n/2026/2/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">openclaw--openclaw</td>
<td>OpenClaw is a personal AI assistant. Prior to version 2026.1.30, the is= ValidMedia() function in src/media/parse.ts allows arbitrary file paths inc= luding absolute paths, home directory paths, and directory traversal sequen= ces. An agent can read any file on the system by outputting MEDIA:/path/to/= file, exfiltrating sensitive data to the user/channel. This issue has been = patched in version 2026.1.30.</td>
<td>2026-02-04</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25475" target=3D= "_blank" rel=3D"noopener">CVE-2026-25475</a></td>

<a href=3D"https://github.com/openclaw/openclaw/security/advisories/GHSA-r8= g4-86fx-92mq" target=3D"_blank" rel=3D"noopener">https://github.com/opencla= w/openclaw/security/advisories/GHSA-r8g4-86fx-92mq</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">espressif--esp-idf</td>
<td>ESF-IDF is the Espressif Internet of Things (IOT) Development Framework=
. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, a use-after-free vulne= rability was reported in the BLE provisioning transport (protocomm_ble) lay= er. The issue can be triggered by a remote BLE client while the device is i=
n provisioning mode. The vulnerability occurred when provisioning was stopp=
ed with keep_ble_on =3D true. In this configuration, internal protocomm_ble=
state and GATT metadata were freed while the BLE stack and GATT services r= emained active. Subsequent BLE read or write callbacks dereferenced freed m= emory, allowing a connected or newly connected client to trigger invalid me= mory acces. This issue has been patched in versions 5.5.3, 5.4.4, 5.3.5, 5.= 2.7, and 5.1.7.</td>
<td>2026-02-04</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25507" target=3D= "_blank" rel=3D"noopener">CVE-2026-25507</a></td>

<a href=3D"https://github.com/espressif/esp-idf/security/advisories/GHSA-h7= r3-gmg9-xjmg" target=3D"_blank" rel=3D"noopener">https://github.com/espress= if/esp-idf/security/advisories/GHSA-h7r3-gmg9-xjmg</a> <a href=3D"https:= //github.com/espressif/esp-idf/commit/0540c85140c2c06c0cbecc8843277ea676d5c= 4a9" target=3D"_blank" rel=3D"noopener">https://github.com/espressif/esp-id= f/commit/0540c85140c2c06c0cbecc8843277ea676d5c4a9</a> <a href=3D"https:/= /github.com/espressif/esp-idf/commit/1ff264abf2504cade46f0ce3a03f821310bcf6= d7" target=3D"_blank" rel=3D"noopener">https://github.com/espressif/esp-idf= /commit/1ff264abf2504cade46f0ce3a03f821310bcf6d7</a> <a href=3D"https://= github.com/espressif/esp-idf/commit/47552ff4fd824caf38215468ebd2f31fb5f36d7=
0" target=3D"_blank" rel=3D"noopener">https://github.com/espressif/esp-idf/= commit/47552ff4fd824caf38215468ebd2f31fb5f36d70</a> <a href=3D"https://g= ithub.com/espressif/esp-idf/commit/4c3fdcd316f780bab4ae5aa73c9626ea9fe24ac6=
" target=3D"_blank" rel=3D"noopener">https://github.com/espressif/esp-idf/c= ommit/4c3fdcd316f780bab4ae5aa73c9626ea9fe24ac6</a> <a href=3D"https://gi= thub.com/espressif/esp-idf/commit/894c28afe3f2f8f31ff25b64191883517dddb5cf"=
target=3D"_blank" rel=3D"noopener">https://github.com/espressif/esp-idf/co= mmit/894c28afe3f2f8f31ff25b64191883517dddb5cf</a> <a href=3D"https://git= hub.com/espressif/esp-idf/commit/cde7b7362adc15638c141c249681cbe5d23de663" = target=3D"_blank" rel=3D"noopener">https://github.com/espressif/esp-idf/com= mit/cde7b7362adc15638c141c249681cbe5d23de663</a> <a href=3D"https://gith= ub.com/espressif/esp-idf/commit/dba9a7dc01e4dab14c77d328f6a6f46369aeee63" t= arget=3D"_blank" rel=3D"noopener">https://github.com/espressif/esp-idf/comm= it/dba9a7dc01e4dab14c77d328f6a6f46369aeee63</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">espressif--esp-idf</td>
<td>ESF-IDF is the Espressif Internet of Things (IOT) Development Framework=
. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, an out-of-bounds read = vulnerability was reported in the BLE ATT Prepare Write handling of the BLE=
provisioning transport (protocomm_ble). The issue can be triggered by a re= mote BLE client while the device is in provisioning mode. The transport acc= umulated prepared-write fragments in a fixed-size buffer but incorrectly tr= acked the cumulative length. By sending repeated prepare write requests wit=
h overlapping offsets, a remote client could cause the reported length to e= xceed the allocated buffer size. This inflated length was then passed to pr= ovisioning handlers during execute-write processing, resulting in an out-of= -bounds read and potential memory corruption. This issue has been patched i=
n versions 5.5.3, 5.4.4, 5.3.5, 5.2.7, and 5.1.7.</td>
<td>2026-02-04</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25508" target=3D= "_blank" rel=3D"noopener">CVE-2026-25508</a></td>

<a href=3D"https://github.com/espressif/esp-idf/security/advisories/GHSA-9j= 5x-rf36-54x9" target=3D"_blank" rel=3D"noopener">https://github.com/espress= if/esp-idf/security/advisories/GHSA-9j5x-rf36-54x9</a> <a href=3D"https:= //github.com/espressif/esp-idf/commit/0540c85140c2c06c0cbecc8843277ea676d5c= 4a9" target=3D"_blank" rel=3D"noopener">https://github.com/espressif/esp-id= f/commit/0540c85140c2c06c0cbecc8843277ea676d5c4a9</a> <a href=3D"https:/= /github.com/espressif/esp-idf/commit/1ff264abf2504cade46f0ce3a03f821310bcf6= d7" target=3D"_blank" rel=3D"noopener">https://github.com/espressif/esp-idf= /commit/1ff264abf2504cade46f0ce3a03f821310bcf6d7</a> <a href=3D"https://= github.com/espressif/esp-idf/commit/47552ff4fd824caf38215468ebd2f31fb5f36d7=
0" target=3D"_blank" rel=3D"noopener">https://github.com/espressif/esp-idf/= commit/47552ff4fd824caf38215468ebd2f31fb5f36d70</a> <a href=3D"https://g= ithub.com/espressif/esp-idf/commit/4c3fdcd316f780bab4ae5aa73c9626ea9fe24ac6=
" target=3D"_blank" rel=3D"noopener">https://github.com/espressif/esp-idf/c= ommit/4c3fdcd316f780bab4ae5aa73c9626ea9fe24ac6</a> <a href=3D"https://gi= thub.com/espressif/esp-idf/commit/894c28afe3f2f8f31ff25b64191883517dddb5cf"=
target=3D"_blank" rel=3D"noopener">https://github.com/espressif/esp-idf/co= mmit/894c28afe3f2f8f31ff25b64191883517dddb5cf</a> <a href=3D"https://git= hub.com/espressif/esp-idf/commit/cde7b7362adc15638c141c249681cbe5d23de663" = target=3D"_blank" rel=3D"noopener">https://github.com/espressif/esp-idf/com= mit/cde7b7362adc15638c141c249681cbe5d23de663</a> <a href=3D"https://gith= ub.com/espressif/esp-idf/commit/dba9a7dc01e4dab14c77d328f6a6f46369aeee63" t= arget=3D"_blank" rel=3D"noopener">https://github.com/espressif/esp-idf/comm= it/dba9a7dc01e4dab14c77d328f6a6f46369aeee63</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">zauberzeug--nicegui</td>
<td>NiceGUI is a Python-based UI framework. The ui.markdown() component use=
s the markdown2 library to convert markdown content to HTML, which is then = rendered via innerHTML. By default, markdown2 allows raw HTML to pass throu=
gh unchanged. This means that if an application renders user-controlled con= tent through ui.markdown(), an attacker can inject malicious HTML containin=
g JavaScript event handlers. Unlike other NiceGUI components that render HT=
ML (ui.html(), ui.chat_message(), ui.interactive_image()), the ui.markdown(=
) component does not provide or require a sanitize parameter, leaving appli= cations vulnerable to XSS attacks. This vulnerability is fixed in 3.7.0.</t=

<td>2026-02-06</td>
<td>6.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25516" target=3D= "_blank" rel=3D"noopener">CVE-2026-25516</a></td>

<a href=3D"https://github.com/zauberzeug/nicegui/security/advisories/GHSA-v= 82v-c5x8-w282" target=3D"_blank" rel=3D"noopener">https://github.com/zauber= zeug/nicegui/security/advisories/GHSA-v82v-c5x8-w282</a> <a href=3D"http= s://github.com/zauberzeug/nicegui/commit/f1f7533577875af7d23f161ed3627f7358= 4cb561" target=3D"_blank" rel=3D"noopener">https://github.com/zauberzeug/ni= cegui/commit/f1f7533577875af7d23f161ed3627f73584cb561</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">espressif--esp-idf</td>
<td>ESF-IDF is the Espressif Internet of Things (IOT) Development Framework=
. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, a vulnerability exists=
in the WPS (Wi-Fi Protected Setup) Enrollee implementation where malformed=
EAP-WSC packets with truncated payloads can cause integer underflow during=
fragment length calculation. When processing EAP-Expanded (WSC) messages, = the code computes frag_len by subtracting header sizes from the total packe=
t length. If an attacker sends a packet where the EAP Length field covers o= nly the header and flags but omits the expected payload (such as the 2-byte=
Message Length field when WPS_MSG_FLAG_LEN is set), frag_len becomes negat= ive. This negative value is then implicitly cast to size_t when passed to w= pabuf_put_data(), resulting in a very large unsigned value. This issue has = been patched in versions 5.5.3, 5.4.4, 5.3.5, 5.2.7, and 5.1.7.</td> <td>2026-02-04</td>
<td>6.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25532" target=3D= "_blank" rel=3D"noopener">CVE-2026-25532</a></td>

<a href=3D"https://github.com/espressif/esp-idf/security/advisories/GHSA-m2= h2-683f-9mw7" target=3D"_blank" rel=3D"noopener">https://github.com/espress= if/esp-idf/security/advisories/GHSA-m2h2-683f-9mw7</a> <a href=3D"https:= //github.com/espressif/esp-idf/commit/60f992a26de17bb5406f2149a2f8282dd7ad1= c59" target=3D"_blank" rel=3D"noopener">https://github.com/espressif/esp-id= f/commit/60f992a26de17bb5406f2149a2f8282dd7ad1c59</a> <a href=3D"https:/= /github.com/espressif/esp-idf/commit/6f6766f917bc940ffbcc97eac4765a6ab15d5f= 79" target=3D"_blank" rel=3D"noopener">https://github.com/espressif/esp-idf= /commit/6f6766f917bc940ffbcc97eac4765a6ab15d5f79</a> <a href=3D"https://= github.com/espressif/esp-idf/commit/73a587d42a57ece1962b6a4c530b574600650f6=
3" target=3D"_blank" rel=3D"noopener">https://github.com/espressif/esp-idf/= commit/73a587d42a57ece1962b6a4c530b574600650f63</a> <a href=3D"https://g= ithub.com/espressif/esp-idf/commit/b209fae993d795255827ce6b2b0d6942a377f5d4=
" target=3D"_blank" rel=3D"noopener">https://github.com/espressif/esp-idf/c= ommit/b209fae993d795255827ce6b2b0d6942a377f5d4</a> <a href=3D"https://gi= thub.com/espressif/esp-idf/commit/b88befde6b5addcdd8d7373ce55c8052dea1e855"=
target=3D"_blank" rel=3D"noopener">https://github.com/espressif/esp-idf/co= mmit/b88befde6b5addcdd8d7373ce55c8052dea1e855</a> <a href=3D"https://git= hub.com/espressif/esp-idf/commit/cad36beb4cde27abcf316cd90d8d8dddbc6f213a" = target=3D"_blank" rel=3D"noopener">https://github.com/espressif/esp-idf/com= mit/cad36beb4cde27abcf316cd90d8d8dddbc6f213a</a> <a href=3D"https://gith= ub.com/espressif/esp-idf/commit/de28801e8ea6a736b6f0db6fc0c682739363bb41" t= arget=3D"_blank" rel=3D"noopener">https://github.com/espressif/esp-idf/comm= it/de28801e8ea6a736b6f0db6fc0c682739363bb41</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">mastodon--mastodon</td>
<td>Mastodon is a free, open-source social network server based on Activity= Pub. Prior to versions 4.3.19, 4.4.13, 4.5.6, Mastodon is vulnerable to web=
cache poisoning via `Rails.cache. When AUTHORIZED_FETCH is enabled, the Ac= tivityPub endpoints for pinned posts and featured hashtags have contents th=
at depend on the account that signed the HTTP request. However, these conte= nts are stored in an internal cache and reused with no regards to the signi=
ng actor. As a result, an empty response generated for a blocked user accou=
nt may be served to requests from legitimate non-blocked actors, or convers= ely, content intended for non-blocked actors may be returned to blocked act= ors. This issue has been patched in versions 4.3.19, 4.4.13, 4.5.6.</td> <td>2026-02-04</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25540" target=3D= "_blank" rel=3D"noopener">CVE-2026-25540</a></td>

<a href=3D"https://github.com/mastodon/mastodon/security/advisories/GHSA-cc= pr-m53r-mfwr" target=3D"_blank" rel=3D"noopener">https://github.com/mastodo= n/mastodon/security/advisories/GHSA-ccpr-m53r-mfwr</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">navidrome--navidrome</td>
<td>Navidrome is an open source web-based music collection server and strea= mer. Prior to version 0.60.0, a cross-site scripting vulnerability in the f= rontend allows a malicious attacker to inject code through the comment meta= data of a song to exfiltrate user credentials. This issue has been patched =
in version 0.60.0.</td>
<td>2026-02-04</td>
<td>6.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25578" target=3D= "_blank" rel=3D"noopener">CVE-2026-25578</a></td>

<a href=3D"https://github.com/navidrome/navidrome/security/advisories/GHSA-= rh3r-8pxm-hg4w" target=3D"_blank" rel=3D"noopener">https://github.com/navid= rome/navidrome/security/advisories/GHSA-rh3r-8pxm-hg4w</a> <a href=3D"ht= tps://github.com/navidrome/navidrome/commit/d7ec7355c9036d5be659d6ac555c334= bb5848ba6" target=3D"_blank" rel=3D"noopener">https://github.com/navidrome/= navidrome/commit/d7ec7355c9036d5be659d6ac555c334bb5848ba6</a> <a href=3D= "https://github.com/navidrome/navidrome/releases/tag/v0.60.0" target=3D"_bl= ank" rel=3D"noopener">https://github.com/navidrome/navidrome/releases/tag/v= 0.60.0</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">tgies--client-certificate-auth</td> <td>client-certificate-auth is middleware for Node.js implementing client S=
SL certificate authentication/authorization. Versions 0.2.1 and 0.3.0 of cl= ient-certificate-auth contain an open redirect vulnerability. The middlewar=
e unconditionally redirects HTTP requests to HTTPS using the unvalidated Ho=
st header, allowing an attacker to redirect users to arbitrary domains. Thi=
s vulnerability is fixed in 1.0.0.</td>
<td>2026-02-06</td>
<td>6.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25651" target=3D= "_blank" rel=3D"noopener">CVE-2026-25651</a></td>

<a href=3D"https://github.com/tgies/client-certificate-auth/security/adviso= ries/GHSA-m4w9-gch5-c2g4" target=3D"_blank" rel=3D"noopener">https://github= .com/tgies/client-certificate-auth/security/advisories/GHSA-m4w9-gch5-c2g4<= /a> <a href=3D"https://github.com/tgies/client-certificate-auth/releases= /tag/v1.0.0" target=3D"_blank" rel=3D"noopener">https://github.com/tgies/cl= ient-certificate-auth/releases/tag/v1.0.0</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">vim--vim</td>
<td>Vim is an open source, command line text editor. Prior to version 9.1.2= 132, a heap buffer overflow vulnerability exists in Vim's tag file resoluti=
on logic when processing the 'helpfile' option. The vulnerability is locate=
d in the get_tagfname() function in src/tag.c. When processing help file ta= gs, Vim copies the user-controlled 'helpfile' option value into a fixed-siz=
e heap buffer of MAXPATHL + 1 bytes (typically 4097 bytes) using an unsafe = STRCPY() operation without any bounds checking. This issue has been patched=
in version 9.1.2132.</td>
<td>2026-02-06</td>
<td>6.6</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25749" target=3D= "_blank" rel=3D"noopener">CVE-2026-25749</a></td>

<a href=3D"https://github.com/vim/vim/security/advisories/GHSA-5w93-4g67-mm= 43" target=3D"_blank" rel=3D"noopener">https://github.com/vim/vim/security/= advisories/GHSA-5w93-4g67-mm43</a> <a href=3D"https://github.com/vim/vim= /commit/0714b15940b245108e6e9d7aa2260dd849a26fa9" target=3D"_blank" rel=3D"= noopener">https://github.com/vim/vim/commit/0714b15940b245108e6e9d7aa2260dd= 849a26fa9</a> <a href=3D"https://github.com/vim/vim/releases/tag/v9.1.21= 32" target=3D"_blank" rel=3D"noopener">https://github.com/vim/vim/releases/= tag/v9.1.2132</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">BishopFox--sliver</td>
<td>Sliver is a command and control framework that uses a custom Wireguard = netstack. Prior to 1.6.11, a path traversal in the website content subsyste=
m lets an authenticated operator read arbitrary files on the Sliver server = host. This is an authenticated path traversal / arbitrary file read issue, = and it can expose credentials, configs, and keys. This vulnerability is fix=
ed in 1.6.11.</td>
<td>2026-02-06</td>
<td>6.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25760" target=3D= "_blank" rel=3D"noopener">CVE-2026-25760</a></td>

<a href=3D"https://github.com/BishopFox/sliver/security/advisories/GHSA-228= 6-hxv5-cmp2" target=3D"_blank" rel=3D"noopener">https://github.com/BishopFo= x/sliver/security/advisories/GHSA-2286-hxv5-cmp2</a> <a href=3D"https://= github.com/BishopFox/sliver/commit/818127349ccec812876693c4ca74ebf4350ec6b7=
" target=3D"_blank" rel=3D"noopener">https://github.com/BishopFox/sliver/co= mmit/818127349ccec812876693c4ca74ebf4350ec6b7</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Maian Media--Maian Support Helpdesk</td>
<td>Maian Support Helpdesk 4.3 contains a cross-site request forgery vulner= ability that allows attackers to create administrative accounts without aut= hentication. Attackers can craft malicious HTML forms to add admin users an=
d upload PHP files with unrestricted file upload capabilities through the F=
AQ attachment system.</td>
<td>2026-02-03</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37091" target=3D= "_blank" rel=3D"noopener">CVE-2020-37091</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48386" target=3D"_blank" rel= =3D"noopener">ExploitDB-48386</a> <a href=3D"https://www.maiansupport.co=
m" target=3D"_blank" rel=3D"noopener">Vendor Homepage</a> <a href=3D"htt= ps://www.vulncheck.com/advisories/maian-support-helpdesk-cross-site-request= -forgery-add-admin" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: = Maian Support Helpdesk 4.3 - Cross-Site Request Forgery (Add Admin)</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">EDIMAX Technology Co., Ltd.--EW-7438RPn Mini</=

<td>Edimax EW-7438RPn 1.13 contains a cross-site request forgery vulnerabil= ity in the MAC filtering configuration interface. Attackers can craft malic= ious web pages to trick users into adding unauthorized MAC addresses to the=
device's filtering rules without their consent.</td>
<td>2026-02-03</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37096" target=3D= "_blank" rel=3D"noopener">CVE-2020-37096</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48366" target=3D"_blank" rel= =3D"noopener">ExploitDB-48366</a> <a href=3D"https://www.edimax.com/edim= ax/merchandise/merchandise_detail/data/edimax/global/wi-fi_range_extenders_= n300/ew-7438rpn_mini/" target=3D"_blank" rel=3D"noopener">Edimax EW-7438RPn=
Product Homepage</a> <a href=3D"https://www.vulncheck.com/advisories/ed= imax-ew-rpn-cross-site-request-forgery-mac-filtering" target=3D"_blank" rel= =3D"noopener">VulnCheck Advisory: Edimax EW-7438RPn - Cross-Site Request Fo= rgery (MAC Filtering)</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Bdtask--Business Live Chat Software</td> <td>Business Live Chat Software 1.0 contains a cross-site request forgery v= ulnerability that allows attackers to change user account roles without aut= hentication. Attackers can craft a malicious HTML form to modify user privi= leges by submitting a POST request to the user creation endpoint with admin= istrative access parameters.</td>
<td>2026-02-06</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37106" target=3D= "_blank" rel=3D"noopener">CVE-2020-37106</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48141" target=3D"_blank" rel= =3D"noopener">ExploitDB-48141</a> <a href=3D"https://www.bdtask.com/busi= ness-live-chat-software.php" target=3D"_blank" rel=3D"noopener">Business Li=
ve Chat Software Vendor Homepage</a> <a href=3D"https://www.vulncheck.co= m/advisories/business-live-chat-software-cross-site-request-forgery-add-adm= in" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Business Live Ch=
at Software 1.0 - Cross-Site Request Forgery (Add Admin)</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Code::Blocks--Code::Blocks</td>
<td>CODE::BLOCKS 16.01 contains a buffer overflow vulnerability that allows=
attackers to execute arbitrary code by overwriting Structured Exception Ha= ndler with crafted Unicode characters. Attackers can create a malicious M3U=
playlist file with 536 bytes of buffer and shellcode to trigger remote cod=
e execution.</td>
<td>2026-02-05</td>
<td>5.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37121" target=3D= "_blank" rel=3D"noopener">CVE-2020-37121</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48344" target=3D"_blank" rel= =3D"noopener">ExploitDB-48344</a> <a href=3D"https://www.codeblocks.org/=
" target=3D"_blank" rel=3D"noopener">CODE::BLOCKS Product Homepage</a> <=
a href=3D"https://sourceforge.net/projects/codeblocks/" target=3D"_blank" r= el=3D"noopener">CODE::BLOCKS SourceForge Repository</a> <a href=3D"https= ://www.vulncheck.com/advisories/codeblocks-buffer-overflow-seh-unicode" tar= get=3D"_blank" rel=3D"noopener">VulnCheck Advisory: CODE::BLOCKS 16.01 - Bu= ffer Overflow (SEH) UNICODE</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">dnsmasq--dnsmasq-utils</td>
<td>Dnsmasq-utils 2.79-1 contains a buffer overflow vulnerability in the dh= cp_release utility that allows attackers to cause a denial of service by su= pplying excessive input. Attackers can trigger a core dump and terminate th=
e dhcp_release process by sending a crafted input string longer than 16 cha= racters.</td>
<td>2026-02-05</td>
<td>5.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37127" target=3D= "_blank" rel=3D"noopener">CVE-2020-37127</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48301" target=3D"_blank" rel= =3D"noopener">ExploitDB-48301</a> <a href=3D"https://launchpad.net/ubunt= u/+source/dnsmasq/2.79-1" target=3D"_blank" rel=3D"noopener">Software Link = for dnsmasq 2.79-1</a> <a href=3D"https://www.vulncheck.com/advisories/d= nsmasq-utils-dhcprelease-denial-of-service" target=3D"_blank" rel=3D"noopen= er">VulnCheck Advisory: dnsmasq-utils 2.79-1 - 'dhcp_release' Denial of Ser= vice</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">FinalWire--Everest</td>
<td>Everest, later referred to as AIDA64, 5.50.2100 contains a denial of se= rvice vulnerability that allows local attackers to crash the application by=
manipulating file open functionality. Attackers can generate a 450-byte bu= ffer of repeated characters and paste it into the file open dialog to trigg=
er an application crash.</td>
<td>2026-02-05</td>
<td>5.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37140" target=3D= "_blank" rel=3D"noopener">CVE-2020-37140</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48259" target=3D"_blank" rel= =3D"noopener">ExploitDB-48259</a> <a href=3D"https://web.archive.org/web= /20191223010612/https://www.aida64.com/" target=3D"_blank" rel=3D"noopener"= >Archived Product Page</a> <a href=3D"https://www.vulncheck.com/advisori= es/everest-open-file-denial-of-service" target=3D"_blank" rel=3D"noopener">= VulnCheck Advisory: Everest 5.50.2100 - 'Open File' Denial of Service</a><b= r>=C2=A0</td>
</tr>

<td class=3D"vendor-product">Exagate--Sysguard 6001</td>
<td>Exagate SYSGuard 6001 contains a cross-site request forgery vulnerabili=
ty that allows attackers to create unauthorized admin accounts through a cr= afted HTML form. Attackers can trick users into submitting a malicious form=
to /kulyon.php that adds a new user with administrative privileges without=
the victim's consent.</td>
<td>2026-02-05</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37144" target=3D= "_blank" rel=3D"noopener">CVE-2020-37144</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48234" target=3D"_blank" rel= =3D"noopener">ExploitDB-48234</a> <a href=3D"https://www.exagate.com/" t= arget=3D"_blank" rel=3D"noopener">Exagate Vendor Homepage</a> <a href=3D= "https://web.archive.org/web/20191020064936/https://www.exagate.com/sysguar= d-6001" target=3D"_blank" rel=3D"noopener">Archived Sysguard 6001 Product P= age</a> <a href=3D"https://www.vulncheck.com/advisories/exagate-sysguard= -cross-site-request-forgery-add-admin" target=3D"_blank" rel=3D"noopener">V= ulnCheck Advisory: Exagate Sysguard 6001 - Cross-Site Request Forgery (Add = Admin)</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">IBM--Cloud Pak System</td>
<td>IBM Cloud Pak System displays sensitive information in user messages th=
at could aid in further attacks against the system.</td>
<td>2026-02-04</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2023-38010" target=3D= "_blank" rel=3D"noopener">CVE-2023-38010</a></td>

<a href=3D"https://www.ibm.com/support/pages/node/7254419" target=3D"_blank=
" rel=3D"noopener">https://www.ibm.com/support/pages/node/7254419</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">IBM--Cloud Pak System</td>
<td>IBM Cloud Pak System=C2=A0is vulnerable to cross-site scripting. This v= ulnerability allows users to embed arbitrary JavaScript code in the Web UI = thus altering the intended functionality potentially leading to credentials=
disclosure within a trusted session.</td>
<td>2026-02-04</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2023-38017" target=3D= "_blank" rel=3D"noopener">CVE-2023-38017</a></td>

<a href=3D"https://www.ibm.com/support/pages/node/7254419" target=3D"_blank=
" rel=3D"noopener">https://www.ibm.com/support/pages/node/7254419</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">IBM--Cloud Pak System</td>
<td>IBM Cloud Pak System does not set the secure attribute on authorization=
tokens or session cookies. Attackers may be able to get the cookie values =
by sending a http:// link to a user or by planting this link in a site the = user goes to. The cookie will be sent to the insecure link and the attacker=
can then obtain the cookie value by snooping the traffic.</td> <td>2026-02-04</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2023-38281" target=3D= "_blank" rel=3D"noopener">CVE-2023-38281</a></td>

<a href=3D"https://www.ibm.com/support/pages/node/7254419" target=3D"_blank=
" rel=3D"noopener">https://www.ibm.com/support/pages/node/7254419</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">IBM--Db2 Big SQL on Cloud Pak for Data</td> <td>IBM Db2 Big SQL on Cloud Pak for Data versions 7.6 (on CP4D 4.8), 7.7 (=
on CP4D 5.0), and 7.8 (on CP4D 5.1) do not properly limit the allocation of=
system resources. An authenticated user with internal knowledge of the env= ironment could exploit this weakness to cause a denial of service.</td> <td>2026-02-04</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2024-39724" target=3D= "_blank" rel=3D"noopener">CVE-2024-39724</a></td>

<a href=3D"https://www.ibm.com/support/pages/node/7257907" target=3D"_blank=
" rel=3D"noopener">https://www.ibm.com/support/pages/node/7257907</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">cyberlord92--OAuth Single Sign On SSO (OAuth C= lient)</td>
<td>The OAuth Single Sign On - SSO (OAuth Client) plugin for WordPress is v= ulnerable to unauthorized access in all versions up to, and including, 6.26= .14. This is due to missing capability checks and authentication verificati=
on on the OAuth redirect functionality accessible via the 'oauthredirect' o= ption parameter. This makes it possible for unauthenticated attackers to se=
t the global redirect URL option via the redirect_url parameter granted the=
y can access the site directly.</td>
<td>2026-02-06</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-10753" target=3D= "_blank" rel=3D"noopener">CVE-2025-10753</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/915e1a= 6e-ad9c-4849-8ae0-3ded18720a1f?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/915e1a6e-ad9= c-4849-8ae0-3ded18720a1f?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/miniorange-login-with-eve-online-google-facebook/ta= gs/6.26.12/class-mooauth-widget.php#L260" target=3D"_blank" rel=3D"noopener= ">https://plugins.trac.wordpress.org/browser/miniorange-login-with-eve-onli= ne-google-facebook/tags/6.26.12/class-mooauth-widget.php#L260</a> <a hre= f=3D"https://plugins.trac.wordpress.org/changeset?sfp_email=3D&sfph_mail=3D= &reponame=3D&old=3D3399223%40miniorange-login-with-eve-online-google-facebo= ok&new=3D3399223%40miniorange-login-with-eve-online-google-facebook&sfp_ema= il=3D&sfph_mail=3D" target=3D"_blank" rel=3D"noopener">https://plugins.trac= .wordpress.org/changeset?sfp_email=3D&sfph_mail=3D&reponame=3D&old=3D339922= 3%40miniorange-login-with-eve-online-google-facebook&new=3D3399223%40minior= ange-login-with-eve-online-google-facebook&sfp_email=3D&sfph_mail</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">IBM--App Connect Operator</td>
<td>IBM App Connect Enterprise Certified Container=C2=A0up to 12.19.0 (Cont= inuous Delivery) and=C2=A012.0 LTS (Long Term Support) could allow an attac= ker to access sensitive files or modify configurations due to an untrusted = search path.</td>
<td>2026-02-05</td>
<td>5.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-13491" target=3D= "_blank" rel=3D"noopener">CVE-2025-13491</a></td>

<a href=3D"https://www.ibm.com/support/pages/node/7259746" target=3D"_blank=
" rel=3D"noopener">https://www.ibm.com/support/pages/node/7259746</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">elextensions--ELEX WordPress HelpDesk & Cu= stomer Ticketing System</td>
<td>The ELEX WordPress HelpDesk & Customer Ticketing System plugin for = WordPress is vulnerable to Missing Authorization in all versions up to, and=
including, 3.3.5. This is due to missing capability checks on the eh_crm_t= icket_general function combined with a shared nonce that is exposed to low-= privileged users. This makes it possible for authenticated attackers, with = Subscriber-level access and above, to modify global WSDesk settings via the=
`eh_crm_ticket_general` AJAX action.</td>
<td>2026-02-05</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-14079" target=3D= "_blank" rel=3D"noopener">CVE-2025-14079</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/6fd3ea= 16-4706-4573-b905-93dff434968d?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/6fd3ea16-470= 6-4573-b905-93dff434968d?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/elex-helpdesk-customer-support-ticket-system/tags/3= .3.4/includes/class-crm-ajax-functions-one.php#L15" target=3D"_blank" rel= =3D"noopener">https://plugins.trac.wordpress.org/browser/elex-helpdesk-cust= omer-support-ticket-system/tags/3.3.4/includes/class-crm-ajax-functions-one= .php#L15</a> <a href=3D"https://plugins.trac.wordpress.org/changeset/344= 9609/" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.or= g/changeset/3449609/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">unitecms--Unlimited Elements For Elementor</td=

<td>The Unlimited Elements for Elementor plugin for WordPress is vulnerable=
to Stored Cross-Site Scripting via the Border Hero widget's Button Link fi= eld in versions up to 2.0.1. This is due to insufficient input sanitization=
and output escaping on user-supplied URLs. This makes it possible for auth= enticated attackers, with Contributor-level access and above, to inject arb= itrary web scripts in pages that will execute whenever a user accesses an i= njected page.</td>
<td>2026-02-03</td>
<td>5.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-14274" target=3D= "_blank" rel=3D"noopener">CVE-2025-14274</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/482c49= 86-3677-4754-992b-ea9be7573d2e?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/482c4986-367= 7-4754-992b-ea9be7573d2e?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/unlimited-elements-for-elementor/trunk/inc_php/fram= ework/functions.class.php#L2859" target=3D"_blank" rel=3D"noopener">https:/= /plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/= inc_php/framework/functions.class.php#L2859</a> <a href=3D"https://plugi= ns.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/inc_ph= p/unitecreator_params_processor.class.php#L1518" target=3D"_blank" rel=3D"n= oopener">https://plugins.trac.wordpress.org/browser/unlimited-elements-for-= elementor/trunk/inc_php/unitecreator_params_processor.class.php#L1518</a><b= r><a href=3D"https://plugins.trac.wordpress.org/changeset?sfp_email=3D&sfph= _mail=3D&reponame=3D&new=3D3429507%40unlimited-elements-for-elementor%2Ftru= nk&old=3D3403331%40unlimited-elements-for-elementor%2Ftrunk&sfp_email=3D&sf= ph_mail=3D#file15" target=3D"_blank" rel=3D"noopener">https://plugins.trac.= wordpress.org/changeset?sfp_email=3D&sfph_mail=3D&reponame=3D&new=3D3429507= %40unlimited-elements-for-elementor%2Ftrunk&old=3D3403331%40unlimited-eleme= nts-for-elementor%2Ftrunk&sfp_email=3D&sfph_mail=3D#file15</a> =C2=A0</t=

</tr>

<td class=3D"vendor-product">tpixendit--Xendit Payment</td>
<td>The Xendit Payment plugin for WordPress is vulnerable to unauthorized o= rder status manipulation in all versions up to, and including, 6.0.2. This =
is due to the plugin exposing a publicly accessible WooCommerce API callbac=
k endpoint (`wc_xendit_callback`) that processes payment callbacks without = any authentication or cryptographic verification that the requests originat=
e from Xendit's payment gateway. This makes it possible for unauthenticated=
attackers to mark any WooCommerce order as paid by sending a crafted POST = request to the callback URL with a JSON body containing an `external_id` ma= tching the order ID pattern and a `status` of 'PAID' or 'SETTLED', granted = they can enumerate order IDs (which are sequential integers). This leads to=
orders being fraudulently marked as completed without any actual payment, = resulting in financial loss and inventory depletion.</td>
<td>2026-02-04</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-14461" target=3D= "_blank" rel=3D"noopener">CVE-2025-14461</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/2791bb= d5-9101-4484-a352-0e4d2ce04e5d?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/2791bbd5-910= 1-4484-a352-0e4d2ce04e5d?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/woo-xendit-virtual-accounts/trunk/woocommerce-xendi= t-pg.php#L252" target=3D"_blank" rel=3D"noopener">https://plugins.trac.word= press.org/browser/woo-xendit-virtual-accounts/trunk/woocommerce-xendit-pg.p= hp#L252</a> <a href=3D"https://plugins.trac.wordpress.org/browser/woo-xe= ndit-virtual-accounts/tags/6.0.2/woocommerce-xendit-pg.php#L252" target=3D"= _blank" rel=3D"noopener">https://plugins.trac.wordpress.org/browser/woo-xen= dit-virtual-accounts/tags/6.0.2/woocommerce-xendit-pg.php#L252</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">Tanium--Enforce</td>
<td>Tanium addressed an improper link resolution before file access vulnera= bility in Enforce.</td>
<td>2026-02-05</td>
<td>5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15328" target=3D= "_blank" rel=3D"noopener">CVE-2025-15328</a></td>

<a href=3D"https://security.tanium.com/TAN-2025-007" target=3D"_blank" rel= =3D"noopener">TAN-2025-007</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">chapaet--Chapa Payment Gateway Plugin for WooC= ommerce</td>
<td>The Chapa Payment Gateway Plugin for WooCommerce plugin for WordPress i=
s vulnerable to Sensitive Information Exposure in all versions up to, and i= ncluding, 1.0.3 via 'chapa_proceed' WooCommerce API endpoint. This makes it=
possible for unauthenticated attackers to extract sensitive data including=
the merchant's Chapa secret API key.</td>
<td>2026-02-04</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15482" target=3D= "_blank" rel=3D"noopener">CVE-2025-15482</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/190492= ec-5982-4dce-9e97-16a518a01a27?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/190492ec-598= 2-4dce-9e97-16a518a01a27?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/chapa-payment-gateway-for-woocommerce/tags/1.0.3/in= cludes/class-waf-wc-chapa-gateway.php#L418" target=3D"_blank" rel=3D"noopen= er">https://plugins.trac.wordpress.org/browser/chapa-payment-gateway-for-wo= ocommerce/tags/1.0.3/includes/class-waf-wc-chapa-gateway.php#L418</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">magicimport--Magic Import Document Extractor</=

<td>The Magic Import Document Extractor plugin for WordPress is vulnerable =
to unauthorized modification of data due to a missing capability check on t=
he ajax_sync_usage() function in all versions up to, and including, 1.0.4. = This makes it possible for unauthenticated attackers to modify the plugin's=
license status and credit balance.</td>
<td>2026-02-04</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15507" target=3D= "_blank" rel=3D"noopener">CVE-2025-15507</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/6854e4= 70-26ac-4747-b72c-164e79e1a1b1?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/6854e470-26a= c-4747-b72c-164e79e1a1b1?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/magic-import-document-extractor/tags/1.0.4/public/c= lass-public.php#L225" target=3D"_blank" rel=3D"noopener">https://plugins.tr= ac.wordpress.org/browser/magic-import-document-extractor/tags/1.0.4/public/= class-public.php#L225</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">magicimport--Magic Import Document Extractor</=

<td>The Magic Import Document Extractor plugin for WordPress is vulnerable =
to Sensitive Information Exposure in all versions up to, and including, 1.0=
.4 via the get_frontend_settings() function. This makes it possible for una= uthenticated attackers to extract the site's magicimport.ai license key fro=
m the page source on any page containing the plugin's shortcode.</td> <td>2026-02-04</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15508" target=3D= "_blank" rel=3D"noopener">CVE-2025-15508</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/9ec72a= c5-1851-4074-bea4-ccfd684b9c8d?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/9ec72ac5-185= 1-4074-bea4-ccfd684b9c8d?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/magic-import-document-extractor/tags/1.0.4/public/c= lass-public.php#L379" target=3D"_blank" rel=3D"noopener">https://plugins.tr= ac.wordpress.org/browser/magic-import-document-extractor/tags/1.0.4/public/= class-public.php#L379</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">IBM--Engineering Lifecycle Management - Global=
Configuration Management</td>
<td>IBM Engineering Lifecycle Management - Global Configuration Management = 7.0.3 through 7.0.3 Interim Fix 017, and 7.1.0 through 7.1.0 Interim Fix 00=
4 IBM Global Configuration Management is vulnerable to cross-site scripting=
. This vulnerability allows an authenticated user to embed arbitrary JavaSc= ript code in the Web UI thus altering the intended functionality potentiall=
y leading to credentials disclosure within a trusted session.</td> <td>2026-02-03</td>
<td>5.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-36033" target=3D= "_blank" rel=3D"noopener">CVE-2025-36033</a></td>

<a href=3D"https://www.ibm.com/support/pages/node/7258063" target=3D"_blank=
" rel=3D"noopener">https://www.ibm.com/support/pages/node/7258063</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">IBM--Cloud Pak for Business Automation</td> <td>IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix=
002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Inte= rim Fix 007 could allow an authenticated user to cause a denial of service =
or corrupt existing data due to the improper validation of input length.</t=

<td>2026-02-03</td>
<td>5.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-36094" target=3D= "_blank" rel=3D"noopener">CVE-2025-36094</a></td>

<a href=3D"https://www.ibm.com/support/pages/node/7259318" target=3D"_blank=
" rel=3D"noopener">https://www.ibm.com/support/pages/node/7259318</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">IBM--Concert</td>
<td>IBM Concert 1.0.0 through 2.1.0 uses weaker than expected cryptographic=
algorithms that could allow an attacker to decrypt highly sensitive inform= ation.</td>
<td>2026-02-02</td>
<td>5.9</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-36253" target=3D= "_blank" rel=3D"noopener">CVE-2025-36253</a></td>

<a href=3D"https://www.ibm.com/support/pages/node/7257565" target=3D"_blank=
" rel=3D"noopener">https://www.ibm.com/support/pages/node/7257565</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">HCL--AION</td>
<td>Root File System Not Mounted as Read-Only configuration vulnerability. = This can allow unintended modifications to critical system files, potential=
ly increasing the risk of system compromise or unauthorized changes. This i= ssue affects AION: 2.0.</td>
<td>2026-02-03</td>
<td>5.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-52627" target=3D= "_blank" rel=3D"noopener">CVE-2025-52627</a></td>

<a href=3D"https://support.hcl-software.com/csm?id=3Dkb_article&sysparm_art= icle=3DKB0127972" target=3D"_blank" rel=3D"noopener">https://support.hcl-so= ftware.com/csm?id=3Dkb_article&sysparm_article=3DKB0127972</a> =C2=A0</t=

</tr>

<td class=3D"vendor-product">N/A--Moodle[.]org</td>
<td>A flaw was found in Moodle. A remote attacker could exploit a reflected=
Cross-Site Scripting (XSS) vulnerability in the policy tool return URL. Th=
is vulnerability arises from insufficient sanitization of URL parameters, a= llowing attackers to inject malicious scripts through specially crafted lin= ks. Successful exploitation could lead to information disclosure or arbitra=
ry client-side script execution within the user's browser.</td> <td>2026-02-03</td>
<td>5.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-67855" target=3D= "_blank" rel=3D"noopener">CVE-2025-67855</a></td>

<a href=3D"https://access.redhat.com/security/cve/CVE-2025-67855" target=3D= "_blank" rel=3D"noopener">https://access.redhat.com/security/cve/CVE-2025-6= 7855</a> <a href=3D"https://bugzilla.redhat.com/show_bug.cgi?id=3D242386=
1" target=3D"_blank" rel=3D"noopener">RHBZ#2423861</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">N/A--Moodle[.]org</td>
<td>A flaw was found in Moodle. An authorization logic flaw, specifically d=
ue to incomplete role checks during the badge awarding process, allowed bad= ges to be granted without proper verification. This could enable unauthoriz=
ed users to obtain badges they are not entitled to, potentially leading to = privilege escalation or unauthorized access to certain features.</td> <td>2026-02-03</td>
<td>5.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-67856" target=3D= "_blank" rel=3D"noopener">CVE-2025-67856</a></td>

<a href=3D"https://access.redhat.com/security/cve/CVE-2025-67856" target=3D= "_blank" rel=3D"noopener">https://access.redhat.com/security/cve/CVE-2025-6= 7856</a> <a href=3D"https://bugzilla.redhat.com/show_bug.cgi?id=3D242386=
4" target=3D"_blank" rel=3D"noopener">RHBZ#2423864</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">khoj-ai--khoj</td>
<td>Khoj is a self-hostable artificial intelligence app. Prior to 2.0.0-bet= a.23, an IDOR in the Notion OAuth callback allows an attacker to hijack any=
user's Notion integration by manipulating the state parameter. The callbac=
k endpoint accepts any user UUID without verifying the OAuth flow was initi= ated by that user, allowing attackers to replace victims' Notion configurat= ions with their own, resulting in data poisoning and unauthorized access to=
the victim's Khoj search index. This attack requires knowing the user's UU=
ID which can be leaked through shared conversations where an AI generated i= mage is present. This vulnerability is fixed in 2.0.0-beta.23.</td> <td>2026-02-02</td>
<td>5.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-69207" target=3D= "_blank" rel=3D"noopener">CVE-2025-69207</a></td>

<a href=3D"https://github.com/khoj-ai/khoj/security/advisories/GHSA-6whj-7q= mg-86qj" target=3D"_blank" rel=3D"noopener">https://github.com/khoj-ai/khoj= /security/advisories/GHSA-6whj-7qmg-86qj</a> <a href=3D"https://github.c= om/khoj-ai/khoj/commit/1b7ccd141d47f365edeccc57d7316cb0913d748b" target=3D"= _blank" rel=3D"noopener">https://github.com/khoj-ai/khoj/commit/1b7ccd141d4= 7f365edeccc57d7316cb0913d748b</a> <a href=3D"https://github.com/khoj-ai/= khoj/releases/tag/2.0.0-beta.23" target=3D"_blank" rel=3D"noopener">https:/= /github.com/khoj-ai/khoj/releases/tag/2.0.0-beta.23</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">fortispay--Fortis for WooCommerce</td>
<td>The Fortis for WooCommerce plugin for WordPress is vulnerable to author= ization bypass due to an inverted nonce check in the 'check_fortis_notify_r= esponse' function in all versions up to, and including, 1.2.0. This makes i=
t possible for unauthenticated attackers to update arbitrary WooCommerce or= der statuses to paid/processing/completed, effectively allowing them to mar=
k orders as paid without payment.</td>
<td>2026-02-04</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-0679" target=3D"= _blank" rel=3D"noopener">CVE-2026-0679</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/9f16c0= 98-3e99-4506-b517-ae4b838a0925?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/9f16c098-3e9= 9-4506-b517-ae4b838a0925?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/fortis-for-woocommerce/trunk/classes/WC_Gateway_For= tis.php#L1674" target=3D"_blank" rel=3D"noopener">https://plugins.trac.word= press.org/browser/fortis-for-woocommerce/trunk/classes/WC_Gateway_Fortis.ph= p#L1674</a> <a href=3D"https://plugins.trac.wordpress.org/browser/fortis= -for-woocommerce/tags/1.2.0/classes/WC_Gateway_Fortis.php#L1674" target=3D"= _blank" rel=3D"noopener">https://plugins.trac.wordpress.org/browser/fortis-= for-woocommerce/tags/1.2.0/classes/WC_Gateway_Fortis.php#L1674</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">alimir--WP ULike Engagement Analytics & In= teractive Buttons to Understand Your Audience</td>
<td>The WP ULike plugin for WordPress is vulnerable to Insecure Direct Obje=
ct Reference in all versions up to, and including, 4.8.3.1. This is due to = the `wp_ulike_delete_history_api` AJAX action not verifying that the log en= try being deleted belongs to the current user. This makes it possible for a= uthenticated attackers, with Subscriber-level access and above (granted the=
'stats' capability is assigned to their role), to delete arbitrary log ent= ries belonging to other users via the 'id' parameter.</td>
<td>2026-02-03</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-0909" target=3D"= _blank" rel=3D"noopener">CVE-2026-0909</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/bee2e5= 20-46cc-4b54-9849-fafb9b37ba19?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/bee2e520-46c= c-4b54-9849-fafb9b37ba19?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/wp-ulike/trunk/admin/admin-ajax.php#L94" target=3D"= _blank" rel=3D"noopener">https://plugins.trac.wordpress.org/browser/wp-ulik= e/trunk/admin/admin-ajax.php#L94</a> <a href=3D"https://plugins.trac.wor= dpress.org/browser/wp-ulike/tags/4.8.3.1/admin/admin-ajax.php#L94" target= =3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/browser/wp-= ulike/tags/4.8.3.1/admin/admin-ajax.php#L94</a> <a href=3D"https://plugi= ns.trac.wordpress.org/changeset/3451296/wp-ulike/trunk/admin/admin-ajax.php=
" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/cha= ngeset/3451296/wp-ulike/trunk/admin/admin-ajax.php</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">brainstormforce--Spectra Gutenberg Blocks Webs= ite Builder for the Block Editor</td>
<td>The Spectra Gutenberg Blocks - Website Builder for the Block Editor plu= gin for WordPress is vulnerable to Information Disclosure in all versions u=
p to, and including, 2.19.17. This is due to the plugin failing to check `p= ost_password_required()` before rendering post excerpts in the `render_exce= rpt()` function and the `uagb_get_excerpt()` helper function. This makes it=
possible for unauthenticated attackers to read excerpts of password-protec= ted posts by simply viewing any page that contains a Spectra Post Grid, Pos=
t Masonry, Post Carousel, or Post Timeline block.</td>
<td>2026-02-03</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-0950" target=3D"= _blank" rel=3D"noopener">CVE-2026-0950</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/ccaccf= 03-4162-4365-9f12-0363a78e91d4?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/ccaccf03-416= 2-4365-9f12-0363a78e91d4?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/ultimate-addons-for-gutenberg/trunk/blocks-config/p= ost/class-uagb-post.php#L1303" target=3D"_blank" rel=3D"noopener">https://p= lugins.trac.wordpress.org/browser/ultimate-addons-for-gutenberg/trunk/block= s-config/post/class-uagb-post.php#L1303</a> <a href=3D"https://plugins.t= rac.wordpress.org/browser/ultimate-addons-for-gutenberg/tags/2.19.17/blocks= -config/post/class-uagb-post.php#L1303" target=3D"_blank" rel=3D"noopener">= https://plugins.trac.wordpress.org/browser/ultimate-addons-for-gutenberg/ta= gs/2.19.17/blocks-config/post/class-uagb-post.php#L1303</a> <a href=3D"h= ttps://plugins.trac.wordpress.org/browser/ultimate-addons-for-gutenberg/tru= nk/blocks-config/post/class-uagb-post.php#L1621" target=3D"_blank" rel=3D"n= oopener">https://plugins.trac.wordpress.org/browser/ultimate-addons-for-gut= enberg/trunk/blocks-config/post/class-uagb-post.php#L1621</a> <a href=3D= "https://plugins.trac.wordpress.org/browser/ultimate-addons-for-gutenberg/t= ags/2.19.17/blocks-config/post/class-uagb-post.php#L1621" target=3D"_blank"=
rel=3D"noopener">https://plugins.trac.wordpress.org/browser/ultimate-addon= s-for-gutenberg/tags/2.19.17/blocks-config/post/class-uagb-post.php#L1621</= a> <a href=3D"https://plugins.trac.wordpress.org/browser/ultimate-addons= -for-gutenberg/trunk/blocks-config/post/class-uagb-post.php#L2196" target= =3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/browser/ult= imate-addons-for-gutenberg/trunk/blocks-config/post/class-uagb-post.php#L21= 96</a> <a href=3D"https://plugins.trac.wordpress.org/browser/ultimate-ad= dons-for-gutenberg/tags/2.19.17/blocks-config/post/class-uagb-post.php#L219=
6" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/br= owser/ultimate-addons-for-gutenberg/tags/2.19.17/blocks-config/post/class-u= agb-post.php#L2196</a> <a href=3D"https://plugins.trac.wordpress.org/bro= wser/ultimate-addons-for-gutenberg/trunk/classes/class-uagb-helper.php#L140=
3" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/br= owser/ultimate-addons-for-gutenberg/trunk/classes/class-uagb-helper.php#L14= 03</a> <a href=3D"https://plugins.trac.wordpress.org/browser/ultimate-ad= dons-for-gutenberg/tags/2.19.17/classes/class-uagb-helper.php#L1403" target= =3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/browser/ult= imate-addons-for-gutenberg/tags/2.19.17/classes/class-uagb-helper.php#L1403= </a> <a href=3D"https://plugins.trac.wordpress.org/changeset?sfp_email= =3D&sfph_mail=3D&reponame=3D&new=3D3443216%40ultimate-addons-for-gutenberg%= 2Ftrunk&old=3D3410395%40ultimate-addons-for-gutenberg%2Ftrunk&sfp_email=3D&= sfph_mail=3D" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordp= ress.org/changeset?sfp_email=3D&sfph_mail=3D&reponame=3D&new=3D3443216%40ul= timate-addons-for-gutenberg%2Ftrunk&old=3D3410395%40ultimate-addons-for-gut= enberg%2Ftrunk&sfp_email=3D&sfph_mail</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">metagauss--ProfileGrid User Profiles, Groups a=
nd Communities</td>
<td>The ProfileGrid - User Profiles, Groups and Communities plugin for Word= Press is vulnerable to Insecure Direct Object Reference in all versions up = to, and including, 5.9.7.2 via the 'pm_upload_image' and 'pm_upload_cover_i= mage' AJAX actions. This is due to the update_user_meta() function being ca= lled outside of the user authorization check in public/partials/crop.php an=
d public/partials/coverimg_crop.php. This makes it possible for authenticat=
ed attackers, with Subscriber-level access and above, to change any user's = profile picture or cover image, including administrators.</td> <td>2026-02-05</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1271" target=3D"= _blank" rel=3D"noopener">CVE-2026-1271</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/712535= ce-8c38-4944-aa0a-36d9bacaeb67?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/712535ce-8c3= 8-4944-aa0a-36d9bacaeb67?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/profilegrid-user-profiles-groups-and-communities/tr= unk/public/partials/crop.php#L73" target=3D"_blank" rel=3D"noopener">https:= //plugins.trac.wordpress.org/browser/profilegrid-user-profiles-groups-and-c= ommunities/trunk/public/partials/crop.php#L73</a> <a href=3D"https://plu= gins.trac.wordpress.org/browser/profilegrid-user-profiles-groups-and-commun= ities/trunk/public/partials/coverimg_crop.php#L60" target=3D"_blank" rel=3D= "noopener">https://plugins.trac.wordpress.org/browser/profilegrid-user-prof= iles-groups-and-communities/trunk/public/partials/coverimg_crop.php#L60</a>= <a href=3D"https://plugins.trac.wordpress.org/browser/profilegrid-user-= profiles-groups-and-communities/tags/5.9.6.7/public/partials/crop.php#L73" = target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/brows= er/profilegrid-user-profiles-groups-and-communities/tags/5.9.6.7/public/par= tials/crop.php#L73</a> <a href=3D"https://plugins.trac.wordpress.org/bro= wser/profilegrid-user-profiles-groups-and-communities/tags/5.9.6.7/public/p= artials/coverimg_crop.php#L60" target=3D"_blank" rel=3D"noopener">https://p= lugins.trac.wordpress.org/browser/profilegrid-user-profiles-groups-and-comm= unities/tags/5.9.6.7/public/partials/coverimg_crop.php#L60</a> <a href= =3D"https://plugins.trac.wordpress.org/changeset?sfp_email=3D&sfph_mail=3D&= reponame=3D&old=3D3448434%40profilegrid-user-profiles-groups-and-communitie= s&new=3D3448434%40profilegrid-user-profiles-groups-and-communities&sfp_emai= l=3D&sfph_mail=3D" target=3D"_blank" rel=3D"noopener">https://plugins.trac.= wordpress.org/changeset?sfp_email=3D&sfph_mail=3D&reponame=3D&old=3D3448434= %40profilegrid-user-profiles-groups-and-communities&new=3D3448434%40profile= grid-user-profiles-groups-and-communities&sfp_email=3D&sfph_mail</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">themeum--Tutor LMS eLearning and online course=
solution</td>
<td>The Tutor LMS - eLearning and online course solution plugin for WordPre=
ss is vulnerable to Sensitive Information Exposure in all versions up to, a=
nd including, 3.9.5. This is due to missing authorization checks in the `aj= ax_coupon_details()` function, which only validates nonces but does not ver= ify user capabilities. This makes it possible for authenticated attackers, = with Subscriber-level access and above, to retrieve sensitive coupon inform= ation including coupon codes, discount amounts, usage statistics, and cours= e/bundle applications.</td>
<td>2026-02-03</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1371" target=3D"= _blank" rel=3D"noopener">CVE-2026-1371</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/7f5c5f= 64-a864-4ce1-9080-19f7c4418307?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/7f5c5f64-a86= 4-4ce1-9080-19f7c4418307?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/tutor/tags/3.9.5/ecommerce/CouponController.php#L10=
6" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/br= owser/tutor/tags/3.9.5/ecommerce/CouponController.php#L106</a> <a href= =3D"https://plugins.trac.wordpress.org/browser/tutor/tags/3.9.5/ecommerce/C= ouponController.php#L658" target=3D"_blank" rel=3D"noopener">https://plugin= s.trac.wordpress.org/browser/tutor/tags/3.9.5/ecommerce/CouponController.ph= p#L658</a> <a href=3D"https://plugins.trac.wordpress.org/changeset/34486= 15/tutor/trunk/ecommerce/CouponController.php?contextall=3D1&old=3D3422766&= old_path=3D%2Ftutor%2Ftrunk%2Fecommerce%2FCouponController.php" target=3D"_= blank" rel=3D"noopener">https://plugins.trac.wordpress.org/changeset/344861= 5/tutor/trunk/ecommerce/CouponController.php?contextall=3D1&old=3D3422766&o= ld_path=3D%2Ftutor%2Ftrunk%2Fecommerce%2FCouponController.php</a> =C2=A0= </td>
</tr>

<td class=3D"vendor-product">getwpfunnels--Mail Mint Newsletters, Email Mar= keting, Automation, WooCommerce Emails, Post Notification, and more</td> <td>The Mail Mint plugin for WordPress is vulnerable to Cross-Site Request = Forgery in all versions up to, and including, 1.19.2. This is due to missin=
g nonce validation on the create_or_update_note function. This makes it pos= sible for unauthenticated attackers to create or update contact notes via a=
forged request granted they can trick a site administrator into performing=
an action such as clicking on a link. Due to missing sanitization and esca= ping this can lead to stored Cross-Site Scripting.</td>
<td>2026-02-03</td>
<td>5.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1447" target=3D"= _blank" rel=3D"noopener">CVE-2026-1447</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/e67ae2= 04-2848-4389-a78d-7b3798e4ee54?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/e67ae204-284= 8-4389-a78d-7b3798e4ee54?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/mail-mint/trunk/app/API/Routes/Admin/Contact/Contac= tProfileRoute.php#L105" target=3D"_blank" rel=3D"noopener">https://plugins.= trac.wordpress.org/browser/mail-mint/trunk/app/API/Routes/Admin/Contact/Con= tactProfileRoute.php#L105</a> <a href=3D"https://plugins.trac.wordpress.= org/browser/mail-mint/tags/1.19.2/app/API/Routes/Admin/Contact/ContactProfi= leRoute.php#L105" target=3D"_blank" rel=3D"noopener">https://plugins.trac.w= ordpress.org/browser/mail-mint/tags/1.19.2/app/API/Routes/Admin/Contact/Con= tactProfileRoute.php#L105</a> <a href=3D"https://plugins.trac.wordpress.= org/browser/mail-mint/trunk/app/API/Actions/Admin/Contact/ContactProfileAct= ion.php#L85" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpr= ess.org/browser/mail-mint/trunk/app/API/Actions/Admin/Contact/ContactProfil= eAction.php#L85</a> <a href=3D"https://plugins.trac.wordpress.org/browse= r/mail-mint/tags/1.19.2/app/API/Actions/Admin/Contact/ContactProfileAction.= php#L85" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.= org/browser/mail-mint/tags/1.19.2/app/API/Actions/Admin/Contact/ContactProf= ileAction.php#L85</a> <a href=3D"https://plugins.trac.wordpress.org/chan= geset/3449536/mail-mint/trunk/app/API/Actions/Admin/Contact/ContactProfileA= ction.php?old=3D3032077&old_path=3Dmail-mint%2Ftrunk%2Fapp%2FAPI%2FActions%= 2FAdmin%2FContact%2FContactProfileAction.php" target=3D"_blank" rel=3D"noop= ener">https://plugins.trac.wordpress.org/changeset/3449536/mail-mint/trunk/= app/API/Actions/Admin/Contact/ContactProfileAction.php?old=3D3032077&old_pa= th=3Dmail-mint%2Ftrunk%2Fapp%2FAPI%2FActions%2FAdmin%2FContact%2FContactPro= fileAction.php</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">F5--NGINX Open Source</td>
<td>A vulnerability exists in NGINX OSS and NGINX Plus when configured to p= roxy to upstream Transport Layer Security (TLS) servers. An attacker with a=
man-in-the-middle (MITM) position on the upstream server side-along with c= onditions beyond the attacker's control-may be able to inject plain text da=
ta into the response from an upstream proxied server.=C2=A0=C2=A0Note: Soft= ware versions which have reached End of Technical Support (EoTS) are not ev= aluated.</td>
<td>2026-02-04</td>
<td>5.9</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1642" target=3D"= _blank" rel=3D"noopener">CVE-2026-1642</a></td>

<a href=3D"https://my.f5.com/manage/s/article/K000159824" target=3D"_blank"=
rel=3D"noopener">https://my.f5.com/manage/s/article/K000159824</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">brstefanovic--Advanced Country Blocker</td> <td>The Advanced Country Blocker plugin for WordPress is vulnerable to Auth= orization Bypass in all versions up to, and including, 2.3.1 due to the use=
of a predictable default value for the secret bypass key created during in= stallation without requiring users to change it. This makes it possible for=
unauthenticated attackers to bypass the geolocation blocking mechanism by = appending the key to any URL on sites where the administrator has not chang=
ed the default value.</td>
<td>2026-02-07</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1675" target=3D"= _blank" rel=3D"noopener">CVE-2026-1675</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/307479= 88-83f9-41f9-9bc5-1f533bc4cb94?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/30747988-83f= 9-41f9-9bc5-1f533bc4cb94?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/advanced-country-blocker/tags/2.3.1/advanced-countr= y-blocking.php#L278" target=3D"_blank" rel=3D"noopener">https://plugins.tra= c.wordpress.org/browser/advanced-country-blocker/tags/2.3.1/advanced-countr= y-blocking.php#L278</a> <a href=3D"https://plugins.trac.wordpress.org/br= owser/advanced-country-blocker/tags/2.3.1/advanced-country-blocking.php#L33=
6" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/br= owser/advanced-country-blocker/tags/2.3.1/advanced-country-blocking.php#L33= 6</a> <a href=3D"https://plugins.trac.wordpress.org/browser/advanced-cou= ntry-blocker/tags/2.3.1/advanced-country-blocking.php#L420" target=3D"_blan=
k" rel=3D"noopener">https://plugins.trac.wordpress.org/browser/advanced-cou= ntry-blocker/tags/2.3.1/advanced-country-blocking.php#L420</a> =C2=A0</t=

</tr>

<td class=3D"vendor-product">n/a--Open5GS</td>
<td>A security vulnerability has been detected in Open5GS up to 2.7.6. Impa= cted is the function sgwc_s11_handle_create_indirect_data_forwarding_tunnel= _request of the file /src/sgwc/s11-handler.c of the component SGWC. Such ma= nipulation leads to reachable assertion. The attack may be launched remotel=
y. The exploit has been disclosed publicly and may be used. A patch should =
be applied to remediate this issue. The issue report is flagged as already-= fixed.</td>
<td>2026-02-02</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1736" target=3D"= _blank" rel=3D"noopener">CVE-2026-1736</a></td>

<a href=3D"https://vuldb.com/?id.343635" target=3D"_blank" rel=3D"noopener"= >VDB-343635 | Open5GS SGWC s11-handler.c assertion</a> <a href=3D"https:= //vuldb.com/?ctiid.343635" target=3D"_blank" rel=3D"noopener">VDB-343635 | = CTI Indicators (IOB, IOC, IOA)</a> <a href=3D"https://vuldb.com/?submit.= 741191" target=3D"_blank" rel=3D"noopener">Submit #741191 | Open5GS SGWC v2= .7.6 Denial of Service</a> <a href=3D"https://github.com/open5gs/open5gs= /issues/4270" target=3D"_blank" rel=3D"noopener">https://github.com/open5gs= /open5gs/issues/4270</a> <a href=3D"https://github.com/open5gs/open5gs/i= ssues/4270#event-21968624624" target=3D"_blank" rel=3D"noopener">https://gi= thub.com/open5gs/open5gs/issues/4270#event-21968624624</a> <a href=3D"ht= tps://github.com/open5gs/open5gs/issues/4270#issue-3795141303" target=3D"_b= lank" rel=3D"noopener">https://github.com/open5gs/open5gs/issues/4270#issue= -3795141303</a> <a href=3D"https://github.com/open5gs/open5gs/" target= =3D"_blank" rel=3D"noopener">https://github.com/open5gs/open5gs/</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">n/a--Open5GS</td>
<td>A vulnerability was detected in Open5GS up to 2.7.6. The affected eleme=
nt is the function sgwc_s5c_handle_create_bearer_request of the file /src/s= gwc/s5c-handler.c of the component CreateBearerRequest Handler. Performing =
a manipulation results in reachable assertion. Remote exploitation of the a= ttack is possible. The exploit is now public and may be used. To fix this i= ssue, it is recommended to deploy a patch. The issue report is flagged as a= lready-fixed.</td>
<td>2026-02-02</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1737" target=3D"= _blank" rel=3D"noopener">CVE-2026-1737</a></td>

<a href=3D"https://vuldb.com/?id.343636" target=3D"_blank" rel=3D"noopener"= >VDB-343636 | Open5GS CreateBearerRequest s5c-handler.c sgwc_s5c_handle_cre= ate_bearer_request assertion</a> <a href=3D"https://vuldb.com/?ctiid.343= 636" target=3D"_blank" rel=3D"noopener">VDB-343636 | CTI Indicators (IOB, I= OC, IOA)</a> <a href=3D"https://vuldb.com/?submit.741192" target=3D"_bla= nk" rel=3D"noopener">Submit #741192 | Open5GS SGWC v2.7.6 Denial of Service= </a> <a href=3D"https://github.com/open5gs/open5gs/issues/4271" target= =3D"_blank" rel=3D"noopener">https://github.com/open5gs/open5gs/issues/4271= </a> <a href=3D"https://github.com/open5gs/open5gs/issues/4271#event-219= 68630023" target=3D"_blank" rel=3D"noopener">https://github.com/open5gs/ope= n5gs/issues/4271#event-21968630023</a> <a href=3D"https://github.com/ope= n5gs/open5gs/issues/4271#issue-3795147720" target=3D"_blank" rel=3D"noopene= r">https://github.com/open5gs/open5gs/issues/4271#issue-3795147720</a> <=
a href=3D"https://github.com/open5gs/open5gs/" target=3D"_blank" rel=3D"noo= pener">https://github.com/open5gs/open5gs/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">n/a--Open5GS</td>
<td>A flaw has been found in Open5GS up to 2.7.6. The impacted element is t=
he function sgwc_tunnel_add of the file /src/sgwc/context.c of the componen=
t SGWC. Executing a manipulation of the argument pdr can lead to reachable = assertion. The attack can be executed remotely. The exploit has been publis= hed and may be used. It is advisable to implement a patch to correct this i= ssue. The issue report is flagged as already-fixed.</td>
<td>2026-02-02</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1738" target=3D"= _blank" rel=3D"noopener">CVE-2026-1738</a></td>

<a href=3D"https://vuldb.com/?id.343637" target=3D"_blank" rel=3D"noopener"= >VDB-343637 | Open5GS SGWC context.c sgwc_tunnel_add assertion</a> <a hr= ef=3D"https://vuldb.com/?ctiid.343637" target=3D"_blank" rel=3D"noopener">V= DB-343637 | CTI Indicators (IOB, IOC, IOA)</a> <a href=3D"https://vuldb.= com/?submit.741193" target=3D"_blank" rel=3D"noopener">Submit #741193 | Ope= n5gs SGWC v2.7.6 Denial of Service</a> <a href=3D"https://github.com/ope= n5gs/open5gs/issues/4261" target=3D"_blank" rel=3D"noopener">https://github= .com/open5gs/open5gs/issues/4261</a> <a href=3D"https://github.com/open5= gs/open5gs/issues/4261#event-21968563677" target=3D"_blank" rel=3D"noopener= ">https://github.com/open5gs/open5gs/issues/4261#event-21968563677</a> <=
a href=3D"https://github.com/open5gs/open5gs/issues/4261#issue-3787803578" = target=3D"_blank" rel=3D"noopener">https://github.com/open5gs/open5gs/issue= s/4261#issue-3787803578</a> <a href=3D"https://github.com/open5gs/open5g= s/" target=3D"_blank" rel=3D"noopener">https://github.com/open5gs/open5gs/<= /a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Free5GC--pcf</td>
<td>A vulnerability has been found in Free5GC pcf up to 1.4.1. This affects=
the function HandleCreateSmPolicyRequest of the file internal/sbi/processo= r/smpolicy.go. The manipulation leads to null pointer dereference. The atta=
ck is possible to be carried out remotely. The exploit has been disclosed t=
o the public and may be used. The identifier of the patch is df535f55243146= 20715e842baf9723efbeb481a7. Applying a patch is the recommended action to f=
ix this issue.</td>
<td>2026-02-02</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1739" target=3D"= _blank" rel=3D"noopener">CVE-2026-1739</a></td>

<a href=3D"https://vuldb.com/?id.343638" target=3D"_blank" rel=3D"noopener"= >VDB-343638 | Free5GC pcf smpolicy.go HandleCreateSmPolicyRequest null poin= ter dereference</a> <a href=3D"https://vuldb.com/?ctiid.343638" target= =3D"_blank" rel=3D"noopener">VDB-343638 | CTI Indicators (IOB, IOC, IOA)</a= > <a href=3D"https://vuldb.com/?submit.741194" target=3D"_blank" rel=3D"= noopener">Submit #741194 | free5gc PCF v4.1.0 Denial of Service</a> <a h= ref=3D"https://github.com/free5gc/free5gc/issues/803" target=3D"_blank" rel= =3D"noopener">https://github.com/free5gc/free5gc/issues/803</a> <a href= =3D"https://github.com/free5gc/pcf/pull/62" target=3D"_blank" rel=3D"noopen= er">https://github.com/free5gc/pcf/pull/62</a> <a href=3D"https://github= .com/free5gc/free5gc/issues/803#issue-3815770007" target=3D"_blank" rel=3D"= noopener">https://github.com/free5gc/free5gc/issues/803#issue-3815770007</a= > <a href=3D"https://github.com/free5gc/pcf/commit/df535f5524314620715e8= 42baf9723efbeb481a7" target=3D"_blank" rel=3D"noopener">https://github.com/= free5gc/pcf/commit/df535f5524314620715e842baf9723efbeb481a7</a> <a href= =3D"https://github.com/free5gc/pcf/" target=3D"_blank" rel=3D"noopener">htt= ps://github.com/free5gc/pcf/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Red Hat--Red Hat Enterprise Linux 10</td>
<td>A flaw was found in SoupServer. This HTTP request smuggling vulnerabili=
ty occurs because SoupServer improperly handles requests that combine Trans= fer-Encoding: chunked and Connection: keep-alive headers. A remote, unauthe= nticated client can exploit this by sending specially crafted requests, cau= sing SoupServer to fail to close the connection as required by RFC 9112. Th=
is allows the attacker to smuggle additional requests over the persistent c= onnection, leading to unintended request processing and potential denial-of= -service (DoS) conditions.</td>
<td>2026-02-02</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1760" target=3D"= _blank" rel=3D"noopener">CVE-2026-1760</a></td>

<a href=3D"https://access.redhat.com/security/cve/CVE-2026-1760" target=3D"= _blank" rel=3D"noopener">https://access.redhat.com/security/cve/CVE-2026-17= 60</a> <a href=3D"https://bugzilla.redhat.com/show_bug.cgi?id=3D2435951"=
target=3D"_blank" rel=3D"noopener">RHBZ#2435951</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Xerox--CentreWare</td>
<td>Improper Neutralization of Input During Web Page Generation (XSS or 'Cr= oss-site Scripting') vulnerability in Xerox CentreWare on Windows allows St= ored XSS. This issue affects CentreWare: through 7.0.6.=C2=A0 Consider upgr= ading Xerox=C2=AE CentreWare Web=C2=AE to v7.2.2.25 via the software availa= ble on Xerox.com</td>
<td>2026-02-06</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1769" target=3D"= _blank" rel=3D"noopener">CVE-2026-1769</a></td>

<a href=3D"https://securitydocs.business.xerox.com/wp-content/uploads/2026/= 02/Xerox-Security-Bulletin-XRX26-003-for-Xerox-CentreWare-Web.pdf" target= =3D"_blank" rel=3D"noopener">https://securitydocs.business.xerox.com/wp-con= tent/uploads/2026/02/Xerox-Security-Bulletin-XRX26-003-for-Xerox-CentreWare= -Web.pdf</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">AWS--SageMaker Python SDK</td>
<td>Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS cert= ificate verification for HTTPS connections made by the service when a Trito=
n Python model is imported, incorrectly allowing for requests with invalid = and self-signed certificates to succeed.</td>
<td>2026-02-02</td>
<td>5.9</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1778" target=3D"= _blank" rel=3D"noopener">CVE-2026-1778</a></td>

<a href=3D"https://aws.amazon.com/security/security-bulletins/2026-004-AWS/=
" target=3D"_blank" rel=3D"noopener">https://aws.amazon.com/security/securi= ty-bulletins/2026-004-AWS/</a> <a href=3D"https://github.com/aws/sagemak= er-python-sdk/security/advisories/GHSA-62rc-f4v9-h543" target=3D"_blank" re= l=3D"noopener">https://github.com/aws/sagemaker-python-sdk/security/advisor= ies/GHSA-62rc-f4v9-h543</a> <a href=3D"https://github.com/aws/sagemaker-= python-sdk/releases/tag/v3.1.1" target=3D"_blank" rel=3D"noopener">https://= github.com/aws/sagemaker-python-sdk/releases/tag/v3.1.1</a> <a href=3D"h= ttps://github.com/aws/sagemaker-python-sdk/releases/tag/v2.256.0" target=3D= "_blank" rel=3D"noopener">https://github.com/aws/sagemaker-python-sdk/relea= ses/tag/v2.256.0</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Red Hat--Red Hat Enterprise Linux 10</td>
<td>A flaw was found in libsoup, an HTTP client/server library. This HTTP R= equest Smuggling vulnerability arises from non-RFC-compliant parsing in the=
soup_filter_input_stream_read_line() logic, where libsoup accepts malforme=
d chunk headers, such as lone line feed (LF) characters instead of the requ= ired carriage return and line feed (CRLF). A remote attacker can exploit th=
is without authentication or user interaction by sending specially crafted = chunked requests. This allows libsoup to parse and process multiple HTTP re= quests from a single network message, potentially leading to information di= sclosure.</td>
<td>2026-02-03</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1801" target=3D"= _blank" rel=3D"noopener">CVE-2026-1801</a></td>

<a href=3D"https://access.redhat.com/security/cve/CVE-2026-1801" target=3D"= _blank" rel=3D"noopener">https://access.redhat.com/security/cve/CVE-2026-18= 01</a> <a href=3D"https://bugzilla.redhat.com/show_bug.cgi?id=3D2436315"=
target=3D"_blank" rel=3D"noopener">RHBZ#2436315</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">n/a--WeKan</td>
<td>A security vulnerability has been detected in WeKan up to 8.20. This af= fects the function setBoardOrgs of the file models/boards.js of the compone=
nt REST API. Such manipulation of the argument item.cardId/item.checklistId= /card.boardId leads to improper authorization. The attack may be launched r= emotely. A high complexity level is associated with this attack. The exploi= tability is reported as difficult. Upgrading to version 8.21 mitigates this=
issue. The name of the patch is cabfeed9a68e21c469bf206d8655941444b9912c. =
It is suggested to upgrade the affected component.</td>
<td>2026-02-04</td>
<td>5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1892" target=3D"= _blank" rel=3D"noopener">CVE-2026-1892</a></td>

<a href=3D"https://vuldb.com/?id.344265" target=3D"_blank" rel=3D"noopener"= >VDB-344265 | WeKan REST API boards.js setBoardOrgs improper authorization<= /a> <a href=3D"https://vuldb.com/?ctiid.344265" target=3D"_blank" rel=3D= "noopener">VDB-344265 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a href= =3D"https://vuldb.com/?submit.742662" target=3D"_blank" rel=3D"noopener">Su= bmit #742662 | Wekan <8.21 IDOR via REST API / improper object relations= hip validation</a> <a href=3D"https://github.com/wekan/wekan/commit/cabf= eed9a68e21c469bf206d8655941444b9912c" target=3D"_blank" rel=3D"noopener">ht= tps://github.com/wekan/wekan/commit/cabfeed9a68e21c469bf206d8655941444b9912= c</a> <a href=3D"https://github.com/wekan/wekan/releases/tag/v8.21" targ= et=3D"_blank" rel=3D"noopener">https://github.com/wekan/wekan/releases/tag/= v8.21</a> <a href=3D"https://github.com/wekan/wekan/" target=3D"_blank" = rel=3D"noopener">https://github.com/wekan/wekan/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Edimax--BR-6208AC</td>
<td>A vulnerability was found in Edimax BR-6208AC 2_1.02. The affected elem= ent is the function auth_check_userpass2. Performing a manipulation of the = argument Username/Password results in use of default credentials. The attac=
k may be initiated remotely. The exploit has been made public and could be = used. The vendor confirms that the affected product is end-of-life. They co= nfirm that they "will issue a consolidated Security Advisory on our officia=
l support website." This vulnerability only affects products that are no lo= nger supported by the maintainer.</td>
<td>2026-02-06</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1972" target=3D"= _blank" rel=3D"noopener">CVE-2026-1972</a></td>

<a href=3D"https://vuldb.com/?id.344494" target=3D"_blank" rel=3D"noopener"= >VDB-344494 | Edimax BR-6208AC auth_check_userpass2 default credentials</a>= <a href=3D"https://vuldb.com/?ctiid.344494" target=3D"_blank" rel=3D"no= opener">VDB-344494 | CTI Indicators (IOB, IOC, IOA)</a> <a href=3D"https= ://vuldb.com/?submit.744032" target=3D"_blank" rel=3D"noopener">Submit #744= 032 | Edimax BR-6208AC V2_1.02 Weak Authentication</a> <a href=3D"https:= //tzh00203.notion.site/EDIMAX-BR-6208AC-V2_1-02-Weak-Password-Authenticatio= n-Vulnerability-in-auth_check_userpass2-Functi-2f0b5c52018a801c9645dd526171= 7901?source=3Dcopy_link" target=3D"_blank" rel=3D"noopener">https://tzh0020= 3.notion.site/EDIMAX-BR-6208AC-V2_1-02-Weak-Password-Authentication-Vulnera= bility-in-auth_check_userpass2-Functi-2f0b5c52018a801c9645dd5261717901?sour= ce=3Dcopy_link</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">n/a--Free5GC</td>
<td>A vulnerability was determined in Free5GC up to 4.1.0. The impacted ele= ment is the function establishPfcpSession of the component SMF. Executing a=
manipulation can lead to null pointer dereference. The attack may be launc= hed remotely. The exploit has been publicly disclosed and may be utilized. =
It is best practice to apply a patch to resolve this issue.</td> <td>2026-02-06</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1973" target=3D"= _blank" rel=3D"noopener">CVE-2026-1973</a></td>

<a href=3D"https://vuldb.com/?id.344495" target=3D"_blank" rel=3D"noopener"= >VDB-344495 | Free5GC SMF establishPfcpSession null pointer dereference</a>= <a href=3D"https://vuldb.com/?ctiid.344495" target=3D"_blank" rel=3D"no= opener">VDB-344495 | CTI Indicators (IOB, IOC, IOA)</a> <a href=3D"https= ://vuldb.com/?submit.743236" target=3D"_blank" rel=3D"noopener">Submit #743= 236 | free5gc SMF v4.1.0 Denial of Service</a> <a href=3D"https://github= .com/free5gc/free5gc/issues/815" target=3D"_blank" rel=3D"noopener">https:/= /github.com/free5gc/free5gc/issues/815</a> <a href=3D"https://github.com= /free5gc/free5gc/issues/815#issue-3832032062" target=3D"_blank" rel=3D"noop= ener">https://github.com/free5gc/free5gc/issues/815#issue-3832032062</a><br= ><a href=3D"https://github.com/free5gc/smf/pull/189" target=3D"_blank" rel= =3D"noopener">https://github.com/free5gc/smf/pull/189</a> <a href=3D"htt= ps://github.com/free5gc/free5gc/" target=3D"_blank" rel=3D"noopener">https:= //github.com/free5gc/free5gc/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">n/a--Free5GC</td>
<td>A vulnerability was identified in Free5GC up to 4.1.0. This affects the=
function ResolveNodeIdToIp of the file internal/sbi/processor/datapath.go =
of the component SMF. The manipulation leads to denial of service. Remote e= xploitation of the attack is possible. The exploit is publicly available an=
d might be used. It is recommended to apply a patch to fix this issue.</td> <td>2026-02-06</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1974" target=3D"= _blank" rel=3D"noopener">CVE-2026-1974</a></td>

<a href=3D"https://vuldb.com/?id.344496" target=3D"_blank" rel=3D"noopener"= >VDB-344496 | Free5GC SMF datapath.go ResolveNodeIdToIp denial of service</= a> <a href=3D"https://vuldb.com/?ctiid.344496" target=3D"_blank" rel=3D"= noopener">VDB-344496 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a href= =3D"https://vuldb.com/?submit.743237" target=3D"_blank" rel=3D"noopener">Su= bmit #743237 | free5gc SMF v4.1.0 Denial of Service</a> <a href=3D"https= ://github.com/free5gc/free5gc/issues/816" target=3D"_blank" rel=3D"noopener= ">https://github.com/free5gc/free5gc/issues/816</a> <a href=3D"https://g= ithub.com/free5gc/free5gc/issues/816#issue-3832055233" target=3D"_blank" re= l=3D"noopener">https://github.com/free5gc/free5gc/issues/816#issue-38320552= 33</a> <a href=3D"https://github.com/free5gc/smf/pull/189" target=3D"_bl= ank" rel=3D"noopener">https://github.com/free5gc/smf/pull/189</a> <a hre= f=3D"https://github.com/free5gc/free5gc/" target=3D"_blank" rel=3D"noopener= ">https://github.com/free5gc/free5gc/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">n/a--Free5GC</td>
<td>A security flaw has been discovered in Free5GC up to 4.1.0. This impact=
s the function identityTriggerType of the file pfcp_reports.go. The manipul= ation results in null pointer dereference. The attack can be executed remot= ely. The exploit has been released to the public and may be used for attack=
s. Applying a patch is advised to resolve this issue.</td>
<td>2026-02-06</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1975" target=3D"= _blank" rel=3D"noopener">CVE-2026-1975</a></td>

<a href=3D"https://vuldb.com/?id.344497" target=3D"_blank" rel=3D"noopener"= >VDB-344497 | Free5GC pfcp_reports.go identityTriggerType null pointer dere= ference</a> <a href=3D"https://vuldb.com/?ctiid.344497" target=3D"_blank=
" rel=3D"noopener">VDB-344497 | CTI Indicators (IOB, IOC, IOA)</a> <a hr= ef=3D"https://vuldb.com/?submit.743238" target=3D"_blank" rel=3D"noopener">= Submit #743238 | free5gc SMF v4.1.0 Denial of Service</a> <a href=3D"htt= ps://github.com/free5gc/free5gc/issues/814" target=3D"_blank" rel=3D"noopen= er">https://github.com/free5gc/free5gc/issues/814</a> <a href=3D"https:/= /github.com/free5gc/free5gc/issues/814#issue-3831993593" target=3D"_blank" = rel=3D"noopener">https://github.com/free5gc/free5gc/issues/814#issue-383199= 3593</a> <a href=3D"https://github.com/free5gc/smf/pull/189" target=3D"_= blank" rel=3D"noopener">https://github.com/free5gc/smf/pull/189</a> <a h= ref=3D"https://github.com/free5gc/free5gc/" target=3D"_blank" rel=3D"noopen= er">https://github.com/free5gc/free5gc/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">n/a--Free5GC</td>
<td>A weakness has been identified in Free5GC up to 4.1.0. Affected is the = function SessionDeletionResponse of the component SMF. This manipulation ca= uses null pointer dereference. The attack is possible to be carried out rem= otely. The exploit has been made available to the public and could be used = for attacks. It is suggested to install a patch to address this issue.</td> <td>2026-02-06</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1976" target=3D"= _blank" rel=3D"noopener">CVE-2026-1976</a></td>

<a href=3D"https://vuldb.com/?id.344498" target=3D"_blank" rel=3D"noopener"= >VDB-344498 | Free5GC SMF SessionDeletionResponse null pointer dereference<= /a> <a href=3D"https://vuldb.com/?ctiid.344498" target=3D"_blank" rel=3D= "noopener">VDB-344498 | CTI Indicators (IOB, IOC, IOA)</a> <a href=3D"ht= tps://vuldb.com/?submit.743239" target=3D"_blank" rel=3D"noopener">Submit #= 743239 | free5gc SMF v4.1.0 Denial of Service</a> <a href=3D"https://git= hub.com/free5gc/free5gc/issues/817" target=3D"_blank" rel=3D"noopener">http= s://github.com/free5gc/free5gc/issues/817</a> <a href=3D"https://github.= com/free5gc/free5gc/issues/817#issue-3832188092" target=3D"_blank" rel=3D"n= oopener">https://github.com/free5gc/free5gc/issues/817#issue-3832188092</a>= <a href=3D"https://github.com/free5gc/smf/pull/189" target=3D"_blank" r= el=3D"noopener">https://github.com/free5gc/smf/pull/189</a> <a href=3D"h= ttps://github.com/free5gc/free5gc/" target=3D"_blank" rel=3D"noopener">http= s://github.com/free5gc/free5gc/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">kalyan02--NanoCMS</td>
<td>A vulnerability was detected in kalyan02 NanoCMS up to 0.4. Affected by=
this issue is some unknown functionality of the file /data/pagesdata.txt o=
f the component User Information Handler. Performing a manipulation results=
in direct request. It is possible to initiate the attack remotely. The exp= loit is now public and may be used. You should change the configuration set= tings.</td>
<td>2026-02-06</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1978" target=3D"= _blank" rel=3D"noopener">CVE-2026-1978</a></td>

<a href=3D"https://vuldb.com/?id.344500" target=3D"_blank" rel=3D"noopener"= >VDB-344500 | kalyan02 NanoCMS User Information pagesdata.txt direct reques= t</a> <a href=3D"https://vuldb.com/?ctiid.344500" target=3D"_blank" rel= =3D"noopener">VDB-344500 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a hr= ef=3D"https://vuldb.com/?submit.743260" target=3D"_blank" rel=3D"noopener">= Submit #743260 | SourceCodester NanoCMS V0.4 Sensitive document leak</a><br= ><a href=3D"https://github.com/kalyan02/NanoCMS/blob/master/data/pagesdata.= txt" target=3D"_blank" rel=3D"noopener">https://github.com/kalyan02/NanoCMS= /blob/master/data/pagesdata.txt</a> <a href=3D"https://github.com/kalyan= 02/NanoCMS/" target=3D"_blank" rel=3D"noopener">https://github.com/kalyan02= /NanoCMS/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">n/a--mruby</td>
<td>A flaw has been found in mruby up to 3.4.0. This affects the function m= rb_vm_exec of the file src/vm.c of the component JMPNOT-to-JMPIF Optimizati= on. Executing a manipulation can lead to use after free. The attack needs t=
o be launched locally. The exploit has been published and may be used. This=
patch is called e50f15c1c6e131fa7934355eb02b8173b13df415. It is advisable =
to implement a patch to correct this issue.</td>
<td>2026-02-06</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1979" target=3D"= _blank" rel=3D"noopener">CVE-2026-1979</a></td>

<a href=3D"https://vuldb.com/?id.344501" target=3D"_blank" rel=3D"noopener"= >VDB-344501 | mruby JMPNOT-to-JMPIF Optimization vm.c mrb_vm_exec use after=
free</a> <a href=3D"https://vuldb.com/?ctiid.344501" target=3D"_blank" = rel=3D"noopener">VDB-344501 | CTI Indicators (IOB, IOC, IOA)</a> <a href= =3D"https://vuldb.com/?submit.743377" target=3D"_blank" rel=3D"noopener">Su= bmit #743377 | mruby cda2567 Use After Free</a> <a href=3D"https://githu= b.com/mruby/mruby/issues/6701" target=3D"_blank" rel=3D"noopener">https://g= ithub.com/mruby/mruby/issues/6701</a> <a href=3D"https://github.com/mrub= y/mruby/issues/6701#issue-3802609843" target=3D"_blank" rel=3D"noopener">ht= tps://github.com/mruby/mruby/issues/6701#issue-3802609843</a> <a href=3D= "https://github.com/sysfce2/mruby/commit/e50f15c1c6e131fa7934355eb02b8173b1= 3df415" target=3D"_blank" rel=3D"noopener">https://github.com/sysfce2/mruby= /commit/e50f15c1c6e131fa7934355eb02b8173b13df415</a> <a href=3D"https://= github.com/mruby/mruby/" target=3D"_blank" rel=3D"noopener">https://github.= com/mruby/mruby/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">happyfish100--libfastcommon</td>
<td>A security vulnerability has been detected in happyfish100 libfastcommo=
n up to 1.0.84. Affected by this vulnerability is the function base64_decod=
e of the file src/base64.c. The manipulation leads to stack-based buffer ov= erflow. Local access is required to approach this attack. The exploit has b= een disclosed publicly and may be used. The identifier of the patch is 82f6= 6af3e252e3e137dba0c3891570f085e79adf. Applying a patch is the recommended a= ction to fix this issue.</td>
<td>2026-02-06</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2016" target=3D"= _blank" rel=3D"noopener">CVE-2026-2016</a></td>

<a href=3D"https://vuldb.com/?id.344598" target=3D"_blank" rel=3D"noopener"= >VDB-344598 | happyfish100 libfastcommon base64.c base64_decode stack-based=
overflow</a> <a href=3D"https://vuldb.com/?ctiid.344598" target=3D"_bla= nk" rel=3D"noopener">VDB-344598 | CTI Indicators (IOB, IOC, IOA)</a> <a = href=3D"https://vuldb.com/?submit.743873" target=3D"_blank" rel=3D"noopener= ">Submit #743873 | happyfish100 libfastcommon V1.0.84 and earlier Heap-base=
d Buffer Overflow</a> <a href=3D"https://github.com/happyfish100/libfast= common/issues/55" target=3D"_blank" rel=3D"noopener">https://github.com/hap= pyfish100/libfastcommon/issues/55</a> <a href=3D"https://github.com/happ= yfish100/libfastcommon/issues/55#issuecomment-3776757848" target=3D"_blank"=
rel=3D"noopener">https://github.com/happyfish100/libfastcommon/issues/55#i= ssuecomment-3776757848</a> <a href=3D"https://github.com/happyfish100/li= bfastcommon/issues/55#issue-3836362577" target=3D"_blank" rel=3D"noopener">= https://github.com/happyfish100/libfastcommon/issues/55#issue-3836362577</a= > <a href=3D"https://github.com/happyfish100/libfastcommon/commit/82f66a= f3e252e3e137dba0c3891570f085e79adf" target=3D"_blank" rel=3D"noopener">http= s://github.com/happyfish100/libfastcommon/commit/82f66af3e252e3e137dba0c389= 1570f085e79adf</a> <a href=3D"https://github.com/happyfish100/libfastcom= mon/" target=3D"_blank" rel=3D"noopener">https://github.com/happyfish100/li= bfastcommon/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">D-Link--DIR-605L</td>
<td>A security flaw has been discovered in D-Link DIR-605L and DIR-619L 2.0= 6B01/2.13B01. Impacted is an unknown function of the component Wifi Setting=
Handler. Performing a manipulation results in information disclosure. The = attack may be initiated remotely. The exploit has been released to the publ=
ic and may be used for attacks. This vulnerability only affects products th=
at are no longer supported by the maintainer.</td>
<td>2026-02-06</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2054" target=3D"= _blank" rel=3D"noopener">CVE-2026-2054</a></td>

<a href=3D"https://vuldb.com/?id.344614" target=3D"_blank" rel=3D"noopener"= >VDB-344614 | D-Link DIR-605L/DIR-619L Wifi Setting information disclosure<= /a> <a href=3D"https://vuldb.com/?ctiid.344614" target=3D"_blank" rel=3D= "noopener">VDB-344614 | CTI Indicators (IOB, IOC, TTP)</a> <a href=3D"ht= tps://vuldb.com/?submit.744224" target=3D"_blank" rel=3D"noopener">Submit #= 744224 | D-Link DIR619L=E3=80=81DIR605L 2.06B01=E3=80=812.13B01 Improper Ac= cess Controls</a> <a href=3D"https://github.com/wudipjq/my_vuln/blob/mai= n/D-Link7/vuln_81/81.md" target=3D"_blank" rel=3D"noopener">https://github.= com/wudipjq/my_vuln/blob/main/D-Link7/vuln_81/81.md</a> <a href=3D"https= ://github.com/wudipjq/my_vuln/blob/main/D-Link7/vuln_81/81.md#poc--result" = target=3D"_blank" rel=3D"noopener">https://github.com/wudipjq/my_vuln/blob/= main/D-Link7/vuln_81/81.md#poc--result</a> <a href=3D"https://www.dlink.= com/" target=3D"_blank" rel=3D"noopener">https://www.dlink.com/</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">D-Link--DIR-605L</td>
<td>A weakness has been identified in D-Link DIR-605L and DIR-619L 2.06B01/= 2.13B01. The affected element is an unknown function of the component DHCP = Client Information Handler. Executing a manipulation can lead to informatio=
n disclosure. The attack may be launched remotely. The exploit has been mad=
e available to the public and could be used for attacks. This vulnerability=
only affects products that are no longer supported by the maintainer.</td> <td>2026-02-06</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2055" target=3D"= _blank" rel=3D"noopener">CVE-2026-2055</a></td>

<a href=3D"https://vuldb.com/?id.344615" target=3D"_blank" rel=3D"noopener"= >VDB-344615 | D-Link DIR-605L/DIR-619L DHCP Client Information information = disclosure</a> <a href=3D"https://vuldb.com/?ctiid.344615" target=3D"_bl= ank" rel=3D"noopener">VDB-344615 | CTI Indicators (IOB, IOC, TTP)</a> <a=
href=3D"https://vuldb.com/?submit.744225" target=3D"_blank" rel=3D"noopene= r">Submit #744225 | D-Link DIR619L=E3=80=81DIR605L 2.06B01=E3=80=812.13B01 = Improper Access Controls</a> <a href=3D"https://github.com/wudipjq/my_vu= ln/blob/main/D-Link7/vuln_82/82.md" target=3D"_blank" rel=3D"noopener">http= s://github.com/wudipjq/my_vuln/blob/main/D-Link7/vuln_82/82.md</a> <a hr= ef=3D"https://github.com/wudipjq/my_vuln/blob/main/D-Link7/vuln_82/82.md#po= c--result" target=3D"_blank" rel=3D"noopener">https://github.com/wudipjq/my= _vuln/blob/main/D-Link7/vuln_82/82.md#poc--result</a> <a href=3D"https:/= /www.dlink.com/" target=3D"_blank" rel=3D"noopener">https://www.dlink.com/<= /a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">D-Link--DIR-605L</td>
<td>A security vulnerability has been detected in D-Link DIR-605L and DIR-6= 19L 2.06B01/2.13B01. The impacted element is an unknown function of the fil=
e /wan_connection_status.asp of the component DHCP Connection Status Handle=
r. The manipulation leads to information disclosure. Remote exploitation of=
the attack is possible. The exploit has been disclosed publicly and may be=
used. This vulnerability only affects products that are no longer supporte=
d by the maintainer.</td>
<td>2026-02-06</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2056" target=3D"= _blank" rel=3D"noopener">CVE-2026-2056</a></td>

<a href=3D"https://vuldb.com/?id.344616" target=3D"_blank" rel=3D"noopener"= >VDB-344616 | D-Link DIR-605L/DIR-619L DHCP Connection Status wan_connectio= n_status.asp information disclosure</a> <a href=3D"https://vuldb.com/?ct= iid.344616" target=3D"_blank" rel=3D"noopener">VDB-344616 | CTI Indicators = (IOB, IOC, TTP, IOA)</a> <a href=3D"https://vuldb.com/?submit.744226" ta= rget=3D"_blank" rel=3D"noopener">Submit #744226 | D-Link DIR619L=E3=80=81DI= R605L 2.06B01=E3=80=812.13B01 Improper Access Controls</a> <a href=3D"ht= tps://github.com/wudipjq/my_vuln/blob/main/D-Link7/vuln_83/83.md" target=3D= "_blank" rel=3D"noopener">https://github.com/wudipjq/my_vuln/blob/main/D-Li= nk7/vuln_83/83.md</a> <a href=3D"https://github.com/wudipjq/my_vuln/blob= /main/D-Link7/vuln_82/82.md#poc--result" target=3D"_blank" rel=3D"noopener"= >https://github.com/wudipjq/my_vuln/blob/main/D-Link7/vuln_82/82.md#poc--re= sult</a> <a href=3D"https://www.dlink.com/" target=3D"_blank" rel=3D"noo= pener">https://www.dlink.com/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">n/a--Open5GS</td>
<td>A vulnerability was identified in Open5GS up to 2.7.6. This affects the=
function sgwc_s5c_handle_modify_bearer_response/sgwc_sxa_handle_session_mo= dification_response of the component PGW S5U Address Handler. The manipulat= ion leads to null pointer dereference. The attack can be initiated remotely=
. The exploit is publicly available and might be used. The identifier of th=
e patch is f1bbd7b57f831e2a070780a7d8d5d4c73babdb59. Applying a patch is th=
e recommended action to fix this issue.</td>
<td>2026-02-06</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2062" target=3D"= _blank" rel=3D"noopener">CVE-2026-2062</a></td>

<a href=3D"https://vuldb.com/?id.344622" target=3D"_blank" rel=3D"noopener"= >VDB-344622 | Open5GS PGW S5U Address sgwc_sxa_handle_session_modification_= response null pointer dereference</a> <a href=3D"https://vuldb.com/?ctii= d.344622" target=3D"_blank" rel=3D"noopener">VDB-344622 | CTI Indicators (I= OB, IOC, IOA)</a> <a href=3D"https://vuldb.com/?submit.744719" target=3D= "_blank" rel=3D"noopener">Submit #744719 | Open5GS SGWC v2.7.6 Denial of Se= rvice</a> <a href=3D"https://github.com/open5gs/open5gs/issues/4257" tar= get=3D"_blank" rel=3D"noopener">https://github.com/open5gs/open5gs/issues/4= 257</a> <a href=3D"https://github.com/open5gs/open5gs/issues/4257#issue-= 3787701521" target=3D"_blank" rel=3D"noopener">https://github.com/open5gs/o= pen5gs/issues/4257#issue-3787701521</a> <a href=3D"https://github.com/op= en5gs/open5gs/commit/f1bbd7b57f831e2a070780a7d8d5d4c73babdb59" target=3D"_b= lank" rel=3D"noopener">https://github.com/open5gs/open5gs/commit/f1bbd7b57f= 831e2a070780a7d8d5d4c73babdb59</a> <a href=3D"https://github.com/open5gs= /open5gs/" target=3D"_blank" rel=3D"noopener">https://github.com/open5gs/op= en5gs/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">jsbroks--COCO Annotator</td>
<td>A vulnerability was determined in jsbroks COCO Annotator up to 0.11.1. = This impacts an unknown function of the file /api/info/long_task of the com= ponent Endpoint. This manipulation causes denial of service. The attack may=
be initiated remotely. The exploit has been publicly disclosed and may be = utilized. The vendor was contacted early about this disclosure but did not = respond in any way.</td>
<td>2026-02-07</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2108" target=3D"= _blank" rel=3D"noopener">CVE-2026-2108</a></td>

<a href=3D"https://vuldb.com/?id.344684" target=3D"_blank" rel=3D"noopener"= >VDB-344684 | jsbroks COCO Annotator Endpoint long_task denial of service</= a> <a href=3D"https://vuldb.com/?ctiid.344684" target=3D"_blank" rel=3D"= noopener">VDB-344684 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a href= =3D"https://vuldb.com/?submit.745547" target=3D"_blank" rel=3D"noopener">Su= bmit #745547 | coco-annotator 0.11.1 Denial of Service</a> <a href=3D"ht= tps://github.com/nmmorette/vulnerability-research/blob/main/coco-anotator/U= nauthenticated%20Task%20Queue%20Flood%20in%20COCO%20Annotator%202f1ef09b873= 680f99d39e3f7db9886fa.md" target=3D"_blank" rel=3D"noopener">https://github= .com/nmmorette/vulnerability-research/blob/main/coco-anotator/Unauthenticat= ed%20Task%20Queue%20Flood%20in%20COCO%20Annotator%202f1ef09b873680f99d39e3f= 7db9886fa.md</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">jsbroks--COCO Annotator</td>
<td>A vulnerability was identified in jsbroks COCO Annotator up to 0.11.1. = Affected is an unknown function of the file /api/undo/ of the component Del= ete Category Handler. Such manipulation of the argument ID leads to imprope=
r authorization. The attack may be launched remotely. The exploit is public=
ly available and might be used. The vendor was contacted early about this d= isclosure but did not respond in any way.</td>
<td>2026-02-07</td>
<td>5.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2109" target=3D"= _blank" rel=3D"noopener">CVE-2026-2109</a></td>

<a href=3D"https://vuldb.com/?id.344685" target=3D"_blank" rel=3D"noopener"= >VDB-344685 | jsbroks COCO Annotator Delete Category undo improper authoriz= ation</a> <a href=3D"https://vuldb.com/?ctiid.344685" target=3D"_blank" = rel=3D"noopener">VDB-344685 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a=
href=3D"https://vuldb.com/?submit.745579" target=3D"_blank" rel=3D"noopene= r">Submit #745579 | coco-annotator v0.11.1 Broken Function Level Authorizat= ion</a> <a href=3D"https://github.com/nmmorette/vulnerability-research/b= lob/main/BFLA%20COCO%20Annotator%20in%20DELETE%20api%20undo/BFLA%20COCO%20A= nnotator%20in%20DELETE%20api%20undo%202f1ef09b8736807aa1f7ede4b64fa35d.md" = target=3D"_blank" rel=3D"noopener">https://github.com/nmmorette/vulnerabili= ty-research/blob/main/BFLA%20COCO%20Annotator%20in%20DELETE%20api%20undo/BF= LA%20COCO%20Annotator%20in%20DELETE%20api%20undo%202f1ef09b8736807aa1f7ede4= b64fa35d.md</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Tenda--AC21</td>
<td>A weakness has been identified in Tenda AC21 16.03.08.16. This impacts =
an unknown function of the file /cgi-bin/DownloadLog of the component Web M= anagement Interface. Executing a manipulation can lead to information discl= osure. The attack may be performed from remote. The exploit has been made a= vailable to the public and could be used for attacks.</td>
<td>2026-02-08</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2147" target=3D"= _blank" rel=3D"noopener">CVE-2026-2147</a></td>

<a href=3D"https://vuldb.com/?id.344849" target=3D"_blank" rel=3D"noopener"= >VDB-344849 | Tenda AC21 Web Management DownloadLog information disclosure<= /a> <a href=3D"https://vuldb.com/?ctiid.344849" target=3D"_blank" rel=3D= "noopener">VDB-344849 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a href= =3D"https://vuldb.com/?submit.747429" target=3D"_blank" rel=3D"noopener">Su= bmit #747429 | Tenda AC21 V16.03.08.16 Missing Critical Step in Authenticat= ion</a> <a href=3D"https://github.com/master-abc/cve/issues/30" target= =3D"_blank" rel=3D"noopener">https://github.com/master-abc/cve/issues/30</a= > <a href=3D"https://www.tenda.com.cn/" target=3D"_blank" rel=3D"noopene= r">https://www.tenda.com.cn/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Tenda--AC21</td>
<td>A security vulnerability has been detected in Tenda AC21 16.03.08.16. A= ffected is an unknown function of the file /cgi-bin/DownloadFlash of the co= mponent Web Management Interface. The manipulation leads to information dis= closure. It is possible to initiate the attack remotely. The exploit has be=
en disclosed publicly and may be used.</td>
<td>2026-02-08</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2148" target=3D"= _blank" rel=3D"noopener">CVE-2026-2148</a></td>

<a href=3D"https://vuldb.com/?id.344850" target=3D"_blank" rel=3D"noopener"= >VDB-344850 | Tenda AC21 Web Management DownloadFlash information disclosur= e</a> <a href=3D"https://vuldb.com/?ctiid.344850" target=3D"_blank" rel= =3D"noopener">VDB-344850 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a hr= ef=3D"https://vuldb.com/?submit.747557" target=3D"_blank" rel=3D"noopener">= Submit #747557 | Tenda AC21 V16.03.08.16 Missing Critical Step in Authentic= ation</a> <a href=3D"https://github.com/master-abc/cve/issues/27" target= =3D"_blank" rel=3D"noopener">https://github.com/master-abc/cve/issues/27</a= > <a href=3D"https://www.tenda.com.cn/" target=3D"_blank" rel=3D"noopene= r">https://www.tenda.com.cn/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">n/a--WeKan</td>
<td>A weakness has been identified in WeKan up to 8.20. This issue affects = some unknown processing of the file server/publications/activities.js of th=
e component Activity Publication Handler. Executing a manipulation can lead=
to information disclosure. It is possible to launch the attack remotely. U= pgrading to version 8.21 is capable of addressing this issue. This patch is=
called 91a936e07d2976d4246dfe834281c3aaa87f9503. You should upgrade the af= fected component.</td>
<td>2026-02-08</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2207" target=3D"= _blank" rel=3D"noopener">CVE-2026-2207</a></td>

<a href=3D"https://vuldb.com/?id.344921" target=3D"_blank" rel=3D"noopener"= >VDB-344921 | WeKan Activity Publication activities.js LinkedBoardActivitie= sBleed information disclosure</a> <a href=3D"https://vuldb.com/?ctiid.34= 4921" target=3D"_blank" rel=3D"noopener">VDB-344921 | CTI Indicators (IOB, = IOC, TTP, IOA)</a> <a href=3D"https://vuldb.com/?submit.752163" target= =3D"_blank" rel=3D"noopener">Submit #752163 | Wekan <8.21 Information di= sclosure via insufficient authorization filtering</a> <a href=3D"https:/= /github.com/wekan/wekan/commit/91a936e07d2976d4246dfe834281c3aaa87f9503" ta= rget=3D"_blank" rel=3D"noopener">https://github.com/wekan/wekan/commit/91a9= 36e07d2976d4246dfe834281c3aaa87f9503</a> <a href=3D"https://github.com/w= ekan/wekan/releases/tag/v8.21" target=3D"_blank" rel=3D"noopener">https://g= ithub.com/wekan/wekan/releases/tag/v8.21</a> <a href=3D"https://github.c= om/wekan/wekan/" target=3D"_blank" rel=3D"noopener">https://github.com/weka= n/wekan/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">F5--BIG-IP</td>
<td>When a BIG-IP Advanced WAF or ASM security policy is configured on a vi= rtual server, undisclosed requests along with conditions beyond the attacke= r's control can cause the bd=C2=A0process to terminate.=C2=A0 Note: Softwar=
e versions which have reached End of Technical Support (EoTS) are not evalu= ated.</td>
<td>2026-02-04</td>
<td>5.9</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-22548" target=3D= "_blank" rel=3D"noopener">CVE-2026-22548</a></td>

<a href=3D"https://my.f5.com/manage/s/article/K000158072" target=3D"_blank"=
rel=3D"noopener">https://my.f5.com/manage/s/article/K000158072</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">NeoRazorX--facturascripts</td>
<td>FacturaScripts is open-source enterprise resource planning and accounti=
ng software. Prior to 2025.8, there a reflected XSS bug in FacturaScripts. = The problem is in how error messages get displayed. Twig's | raw filter is = used, which skips HTML escaping. When triggering a database error (like pas= sing a string where an integer is expected), the error message includes the=
input and gets rendered without sanitization. This vulnerability is fixed =
in 2025.8.</td>
<td>2026-02-02</td>
<td>5.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23476" target=3D= "_blank" rel=3D"noopener">CVE-2026-23476</a></td>

<a href=3D"https://github.com/NeoRazorX/facturascripts/security/advisories/= GHSA-g6w2-q45f-xrp4" target=3D"_blank" rel=3D"noopener">https://github.com/= NeoRazorX/facturascripts/security/advisories/GHSA-g6w2-q45f-xrp4</a> <a = href=3D"https://github.com/NeoRazorX/facturascripts/commit/2afd98cecd26c5f8= 357e0e321d86063ad1012fc3" target=3D"_blank" rel=3D"noopener">https://github= .com/NeoRazorX/facturascripts/commit/2afd98cecd26c5f8357e0e321d86063ad1012f= c3</a> <a href=3D"https://github.com/NeoRazorX/facturascripts/releases/t= ag/v2025.8" target=3D"_blank" rel=3D"noopener">https://github.com/NeoRazorX= /facturascripts/releases/tag/v2025.8</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">CollaboraOnline--online</td>
<td>Collabora Online is a collaborative online office suite based on LibreO= ffice technology. Prior to Collabora Online Development Edition version 25.= 04.08.2 and prior to Collabora Online versions 23.05.20.1, 24.04.17.3, and = 25.04.7.5, a user with view-only rights and no download privileges can obta=
in a local copy of a shared file. Although there are no corresponding butto=
ns in the interface, pressing Ctrl+Shift+S initiates the file download proc= ess. This allows the user to bypass the access restrictions and leads to un= authorized data retrieval. This issue has been patched in Collabora Online = Development Edition version 25.04.08.2 and Collabora Online versions 23.05.= 20.1, 24.04.17.3, and 25.04.7.5.</td>
<td>2026-02-05</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23623" target=3D= "_blank" rel=3D"noopener">CVE-2026-23623</a></td>

<a href=3D"https://github.com/CollaboraOnline/online/security/advisories/GH= SA-68v6-r6qq-mmq2" target=3D"_blank" rel=3D"noopener">https://github.com/Co= llaboraOnline/online/security/advisories/GHSA-68v6-r6qq-mmq2</a> =C2=A0<=

</tr>

<td class=3D"vendor-product">gunet--openeclass</td>
<td>The Open eClass platform (formerly known as GUnet eClass) is a complete=
course management system. Prior to version 4.2, a username enumeration vul= nerability allows unauthenticated attackers to identify valid user accounts=
by analyzing differences in the login response behavior. This issue has be=
en patched in version 4.2.</td>
<td>2026-02-03</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24664" target=3D= "_blank" rel=3D"noopener">CVE-2026-24664</a></td>

<a href=3D"https://github.com/gunet/openeclass/security/advisories/GHSA-c3w= q-m629-5h2j" target=3D"_blank" rel=3D"noopener">https://github.com/gunet/op= eneclass/security/advisories/GHSA-c3wq-m629-5h2j</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">gunet--openeclass</td>
<td>The Open eClass platform (formerly known as GUnet eClass) is a complete=
course management system. Prior to version 4.2, failure to invalidate acti=
ve user sessions after a password change allows existing session tokens to = remain valid, potentially enabling unauthorized continued access to user ac= counts. This issue has been patched in version 4.2.</td>
<td>2026-02-03</td>
<td>5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24667" target=3D= "_blank" rel=3D"noopener">CVE-2026-24667</a></td>

<a href=3D"https://github.com/gunet/openeclass/security/advisories/GHSA-5h7= 3-53mh-m224" target=3D"_blank" rel=3D"noopener">https://github.com/gunet/op= eneclass/security/advisories/GHSA-5h73-53mh-m224</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Huawei--HarmonyOS</td>
<td>Identity authentication bypass vulnerability in the window module. Impa= ct: Successful exploitation of this vulnerability may affect service confid= entiality.</td>
<td>2026-02-06</td>
<td>5.9</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24916" target=3D= "_blank" rel=3D"noopener">CVE-2026-24916</a></td>

<a href=3D"https://consumer.huawei.com/en/support/bulletin/2026/2/" target= =3D"_blank" rel=3D"noopener">https://consumer.huawei.com/en/support/bulleti= n/2026/2/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Huawei--HarmonyOS</td>
<td>Out-of-bounds access vulnerability in the frequency modulation module. = Impact: Successful exploitation of this vulnerability may affect availabili= ty.</td>
<td>2026-02-06</td>
<td>5.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24927" target=3D= "_blank" rel=3D"noopener">CVE-2026-24927</a></td>

<a href=3D"https://consumer.huawei.com/en/support/bulletin/2026/2/" target= =3D"_blank" rel=3D"noopener">https://consumer.huawei.com/en/support/bulleti= n/2026/2/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Huawei--HarmonyOS</td>
<td>Out-of-bounds write vulnerability in the file system module. Impact: Su= ccessful exploitation of this vulnerability may affect service confidential= ity.</td>
<td>2026-02-06</td>
<td>5.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24928" target=3D= "_blank" rel=3D"noopener">CVE-2026-24928</a></td>

<a href=3D"https://consumer.huawei.com/en/support/bulletin/2026/2/" target= =3D"_blank" rel=3D"noopener">https://consumer.huawei.com/en/support/bulleti= n/2026/2/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Huawei--HarmonyOS</td>
<td>Out-of-bounds read vulnerability in the graphics module. Impact: Succes= sful exploitation of this vulnerability may affect availability.</td> <td>2026-02-06</td>
<td>5.9</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24929" target=3D= "_blank" rel=3D"noopener">CVE-2026-24929</a></td>

<a href=3D"https://consumer.huawei.com/en/support/bulletin/2026/2/" target= =3D"_blank" rel=3D"noopener">https://consumer.huawei.com/en/support/bulleti= n/2026/2/</a> <a href=3D"https://consumer.huawei.com/en/support/bulletin= laptops/2026/2/" target=3D"_blank" rel=3D"noopener">https://consumer.huawei= .com/en/support/bulletinlaptops/2026/2/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Huawei--HarmonyOS</td>
<td>Vulnerability of improper criterion security check in the card module. = Impact: Successful exploitation of this vulnerability may affect service co= nfidentiality.</td>
<td>2026-02-06</td>
<td>5.9</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24931" target=3D= "_blank" rel=3D"noopener">CVE-2026-24931</a></td>

<a href=3D"https://consumer.huawei.com/en/support/bulletin/2026/2/" target= =3D"_blank" rel=3D"noopener">https://consumer.huawei.com/en/support/bulleti= n/2026/2/</a> <a href=3D"https://consumer.huawei.com/en/support/bulletin= laptops/2026/2/" target=3D"_blank" rel=3D"noopener">https://consumer.huawei= .com/en/support/bulletinlaptops/2026/2/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">chainguard-dev--apko</td>
<td>apko allows users to build and publish OCI container images built from = apk packages. From version 0.14.8 to before 1.1.0, expandapk.Split drains t=
he first gzip stream of an APK archive via io.Copy(io.Discard, gzi) without=
explicit bounds. With an attacker-controlled input stream, this can force = large gzip inflation work and lead to resource exhaustion (availability imp= act). The Split function reads the first tar header, then drains the remain= der of the gzip stream by reading from the gzip reader directly without any=
maximum uncompressed byte limit or inflate-ratio cap. A caller that parses=
attacker-controlled APK streams may be forced to spend excessive CPU time = inflating gzip data, leading to timeouts or process slowdown. This issue ha=
s been patched in version 1.1.0.</td>
<td>2026-02-04</td>
<td>5.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25122" target=3D= "_blank" rel=3D"noopener">CVE-2026-25122</a></td>

<a href=3D"https://github.com/chainguard-dev/apko/security/advisories/GHSA-= 6p9p-q6wh-9j89" target=3D"_blank" rel=3D"noopener">https://github.com/chain= guard-dev/apko/security/advisories/GHSA-6p9p-q6wh-9j89</a> <a href=3D"ht= tps://github.com/chainguard-dev/apko/commit/2be3903fe194ad46351840f0569b35f= 5ac965f09" target=3D"_blank" rel=3D"noopener">https://github.com/chainguard= -dev/apko/commit/2be3903fe194ad46351840f0569b35f5ac965f09</a> =C2=A0</td=

</tr>

<td class=3D"vendor-product">homarr-labs--homarr</td>
<td>Homarr is an open-source dashboard. Prior to 1.52.0, a public (unauthen= ticated) tRPC endpoint widget.app.ping accepts an arbitrary url and perform=
s a server-side request to that URL. This allows an unauthenticated attacke=
r to trigger outbound HTTP requests from the Homarr server, enabling SSRF b= ehavior and a reliable port-scanning primitive (open vs closed ports can be=
inferred from statusCode vs fetch failed and timing). This vulnerability i=
s fixed in 1.52.0.</td>
<td>2026-02-06</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25123" target=3D= "_blank" rel=3D"noopener">CVE-2026-25123</a></td>

<a href=3D"https://github.com/homarr-labs/homarr/security/advisories/GHSA-c= 6rh-8wj4-gv74" target=3D"_blank" rel=3D"noopener">https://github.com/homarr= -labs/homarr/security/advisories/GHSA-c6rh-8wj4-gv74</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Talishar--Talishar</td>
<td>Talishar is a fan-made Flesh and Blood project. A Stored XSS exists in = the chat in-game system. The playerID parameter in SubmitChat.php and is sa= ved without sanitization and executed whenever a user view the current page=
game. This vulnerability is fixed by 09dd00e5452e3cd998eb1406a88e5b0fa868e= 6b4.</td>
<td>2026-02-02</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25144" target=3D= "_blank" rel=3D"noopener">CVE-2026-25144</a></td>

<a href=3D"https://github.com/Talishar/Talishar/security/advisories/GHSA-rr= r4-h2pc-57g6" target=3D"_blank" rel=3D"noopener">https://github.com/Talisha= r/Talishar/security/advisories/GHSA-rrr4-h2pc-57g6</a> <a href=3D"https:= //github.com/Talishar/Talishar/commit/09dd00e5452e3cd998eb1406a88e5b0fa868e= 6b4" target=3D"_blank" rel=3D"noopener">https://github.com/Talishar/Talisha= r/commit/09dd00e5452e3cd998eb1406a88e5b0fa868e6b4</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">chainguard-dev--melange</td>
<td>melange allows users to build apk packages using declarative pipelines.=
From version 0.14.0 to before 0.40.3, an attacker who can influence a mela= nge configuration file (e.g., through pull request-driven CI or build-as-a-= service scenarios) could read arbitrary files from the host system. The Lic= ensingInfos function in pkg/config/config.go reads license files specified =
in copyright[].license-path without validating that paths remain within the=
workspace directory, allowing path traversal via ../ sequences. The conten=
ts of the traversed file are embedded into the generated SBOM as license te= xt, enabling exfiltration of sensitive data through build artifacts. This i= ssue has been patched in version 0.40.3.</td>
<td>2026-02-04</td>
<td>5.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25145" target=3D= "_blank" rel=3D"noopener">CVE-2026-25145</a></td>

<a href=3D"https://github.com/chainguard-dev/melange/security/advisories/GH= SA-2w4f-9fgg-q2v9" target=3D"_blank" rel=3D"noopener">https://github.com/ch= ainguard-dev/melange/security/advisories/GHSA-2w4f-9fgg-q2v9</a> <a href= =3D"https://github.com/chainguard-dev/melange/commit/2f95c9f4355ed993f2670b= f1bb82d88b0f65e9e4" target=3D"_blank" rel=3D"noopener">https://github.com/c= hainguard-dev/melange/commit/2f95c9f4355ed993f2670bf1bb82d88b0f65e9e4</a><b= r>=C2=A0</td>
</tr>

<td class=3D"vendor-product">QwikDev--qwik</td>
<td>Qwik is a performance focused javascript framework. Prior to version 1.= 19.0, Qwik City's server-side request handler inconsistently interprets HTT=
P request headers, which can be abused by a remote attacker to circumvent f= orm submission CSRF protections using specially crafted or multi-valued Con= tent-Type headers. This issue has been patched in version 1.19.0.</td> <td>2026-02-03</td>
<td>5.9</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25151" target=3D= "_blank" rel=3D"noopener">CVE-2026-25151</a></td>

<a href=3D"https://github.com/QwikDev/qwik/security/advisories/GHSA-r666-8g= jf-4v5f" target=3D"_blank" rel=3D"noopener">https://github.com/QwikDev/qwik= /security/advisories/GHSA-r666-8gjf-4v5f</a> <a href=3D"https://github.c= om/QwikDev/qwik/commit/eebf610e04cc3a690f11e10191d09ff0fca1c7ed" target=3D"= _blank" rel=3D"noopener">https://github.com/QwikDev/qwik/commit/eebf610e04c= c3a690f11e10191d09ff0fca1c7ed</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">QwikDev--qwik</td>
<td>Qwik is a performance focused javascript framework. Prior to version 1.= 12.0, a typo in the regular expression within isContentType causes incorrec=
t parsing of certain Content-Type headers. This issue has been patched in v= ersion 1.12.0.</td>
<td>2026-02-03</td>
<td>5.9</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25155" target=3D= "_blank" rel=3D"noopener">CVE-2026-25155</a></td>

<a href=3D"https://github.com/QwikDev/qwik/security/advisories/GHSA-vm6g-8r= 4h-22x8" target=3D"_blank" rel=3D"noopener">https://github.com/QwikDev/qwik= /security/advisories/GHSA-vm6g-8r4h-22x8</a> <a href=3D"https://github.c= om/QwikDev/qwik/commit/d70d7099b90b998f1aac7cedc21c67d87bac4c75" target=3D"= _blank" rel=3D"noopener">https://github.com/QwikDev/qwik/commit/d70d7099b90= b998f1aac7cedc21c67d87bac4c75</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">SignalK--signalk-server</td>
<td>Signal K Server is a server application that runs on a central hub in a=
boat. Prior to 2.20.3, a path traversal vulnerability in SignalK Server's = applicationData API allows authenticated users on Windows systems to read, = write, and list arbitrary files and directories on the filesystem. The vali= dateAppId() function blocks forward slashes (/) but not backslashes (\), wh= ich are treated as directory separators by path.join() on Windows. This ena= bles attackers to escape the intended applicationData directory. This vulne= rability is fixed in 2.20.3.</td>
<td>2026-02-02</td>
<td>5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25228" target=3D= "_blank" rel=3D"noopener">CVE-2026-25228</a></td>

<a href=3D"https://github.com/SignalK/signalk-server/security/advisories/GH= SA-vrhw-v2hw-jffx" target=3D"_blank" rel=3D"noopener">https://github.com/Si= gnalK/signalk-server/security/advisories/GHSA-vrhw-v2hw-jffx</a> <a href= =3D"https://github.com/SignalK/signalk-server/commit/9bcf61c8fe2cb8a40998b9= 13a02fb64dff9e86c7" target=3D"_blank" rel=3D"noopener">https://github.com/S= ignalK/signalk-server/commit/9bcf61c8fe2cb8a40998b913a02fb64dff9e86c7</a><b= r>=C2=A0</td>
</tr>

<td class=3D"vendor-product">ci4-cms-erp--ci4ms</td>
<td>CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-= ready, modular architecture with RBAC authorization and theme support. Prio=
r to version 0.28.5.0, the authentication implementation in CI4MS is vulner= able to email enumeration. An unauthenticated attacker can determine whethe=
r an email address is registered in the system by analyzing the application=
's response during the password reset process. This issue has been patched =
in version 0.28.5.0.</td>
<td>2026-02-03</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25509" target=3D= "_blank" rel=3D"noopener">CVE-2026-25509</a></td>

<a href=3D"https://github.com/ci4-cms-erp/ci4ms/security/advisories/GHSA-65= 4x-9q7r-g966" target=3D"_blank" rel=3D"noopener">https://github.com/ci4-cms= -erp/ci4ms/security/advisories/GHSA-654x-9q7r-g966</a> <a href=3D"https:= //github.com/ci4-cms-erp/ci4ms/commit/86be2930d1c54eb7575102563302b2f3bafcb= 653" target=3D"_blank" rel=3D"noopener">https://github.com/ci4-cms-erp/ci4m= s/commit/86be2930d1c54eb7575102563302b2f3bafcb653</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">cert-manager--cert-manager</td>
<td>cert-manager adds certificates and certificate issuers as resource type=
s in Kubernetes clusters, and simplifies the process of obtaining, renewing=
and using those certificates. In versions from 1.18.0 to before 1.18.5 and=
from 1.19.0 to before 1.19.3, the cert-manager-controller performs DNS loo= kups during ACME DNS-01 processing (for zone discovery and propagation self= -checks). By default, these lookups use standard unencrypted DNS. An attack=
er who can intercept and modify DNS traffic from the cert-manager-controlle=
r pod can insert a crafted entry into cert-manager's DNS cache. Accessing t= his entry will trigger a panic, resulting in denial=E2=80=91of=E2=80=91serv= ice (DoS) of the cert-manager controller. The issue can also be exploited i=
f the authoritative DNS server for the domain being validated is controlled=
by a malicious actor. This issue has been patched in versions 1.18.5 and 1= .19.3.</td>
<td>2026-02-04</td>
<td>5.9</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25518" target=3D= "_blank" rel=3D"noopener">CVE-2026-25518</a></td>

<a href=3D"https://github.com/cert-manager/cert-manager/security/advisories= /GHSA-gx3x-vq4p-mhhv" target=3D"_blank" rel=3D"noopener">https://github.com= /cert-manager/cert-manager/security/advisories/GHSA-gx3x-vq4p-mhhv</a> <=
a href=3D"https://github.com/cert-manager/cert-manager/pull/8467" target=3D= "_blank" rel=3D"noopener">https://github.com/cert-manager/cert-manager/pull= /8467</a> <a href=3D"https://github.com/cert-manager/cert-manager/pull/8= 468" target=3D"_blank" rel=3D"noopener">https://github.com/cert-manager/cer= t-manager/pull/8468</a> <a href=3D"https://github.com/cert-manager/cert-= manager/pull/8469" target=3D"_blank" rel=3D"noopener">https://github.com/ce= rt-manager/cert-manager/pull/8469</a> <a href=3D"https://github.com/cert= -manager/cert-manager/commit/409fc24e539711a07aae45ed45abbe03dfdad2cc" targ= et=3D"_blank" rel=3D"noopener">https://github.com/cert-manager/cert-manager= /commit/409fc24e539711a07aae45ed45abbe03dfdad2cc</a> <a href=3D"https://= github.com/cert-manager/cert-manager/commit/9a73a0b3853035827edd37ac463e480= 3ba10327d" target=3D"_blank" rel=3D"noopener">https://github.com/cert-manag= er/cert-manager/commit/9a73a0b3853035827edd37ac463e4803ba10327d</a> <a h= ref=3D"https://github.com/cert-manager/cert-manager/commit/d4faed26ae12115c= ceb807cdc12507ebc28980e2" target=3D"_blank" rel=3D"noopener">https://github= .com/cert-manager/cert-manager/commit/d4faed26ae12115cceb807cdc12507ebc2898= 0e2</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">OpenMage--magento-lts</td>
<td>Magento-lts is a long-term support alternative to Magento Community Edi= tion (CE). Prior to version 20.16.1, the admin url can be discovered withou=
t prior knowledge of it's location by exploiting the X-Original-Url header =
on some configurations. This issue has been patched in version 20.16.1.</td=

<td>2026-02-04</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25523" target=3D= "_blank" rel=3D"noopener">CVE-2026-25523</a></td>

<a href=3D"https://github.com/OpenMage/magento-lts/security/advisories/GHSA= -jg68-vhv3-9r8f" target=3D"_blank" rel=3D"noopener">https://github.com/Open= Mage/magento-lts/security/advisories/GHSA-jg68-vhv3-9r8f</a> <a href=3D"= https://hackerone.com/bugs?subject=3Dopenmage&report_id=3D3416312" target= =3D"_blank" rel=3D"noopener">https://hackerone.com/bugs?subject=3Dopenmage&= report_id=3D3416312</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">payloadcms--payload</td>
<td>Payload is a free and open source headless content management system. P= rior to 3.74.0, a cross-collection Insecure Direct Object Reference (IDOR) = vulnerability exists in the payload-preferences internal collection. In mul= ti-auth collection environments using Postgres or SQLite with default seria= l/auto-increment IDs, authenticated users from one auth collection can read=
and delete preferences belonging to users in different auth collections wh=
en their numeric IDs collide. This vulnerability has been patched in v3.74.= 0.</td>
<td>2026-02-06</td>
<td>5.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25574" target=3D= "_blank" rel=3D"noopener">CVE-2026-25574</a></td>

<a href=3D"https://github.com/payloadcms/payload/security/advisories/GHSA-j= q29-r496-r955" target=3D"_blank" rel=3D"noopener">https://github.com/payloa= dcms/payload/security/advisories/GHSA-jq29-r496-r955</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">samclarke--SCEditor</td>
<td>SCEditor is a lightweight WYSIWYG BBCode and XHTML editor. Prior to 3.2= .1, if an attacker has the ability control configuration options passed to = sceditor.create(), like emoticons, charset, etc. then it's possible for the=
m to trigger an XSS attack due to lack of sanitisation of configuration opt= ions. This vulnerability is fixed in 3.2.1.</td>
<td>2026-02-06</td>
<td>5.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25581" target=3D= "_blank" rel=3D"noopener">CVE-2026-25581</a></td>

<a href=3D"https://github.com/samclarke/SCEditor/security/advisories/GHSA-2= 5fq-6qgg-qpj8" target=3D"_blank" rel=3D"noopener">https://github.com/samcla= rke/SCEditor/security/advisories/GHSA-25fq-6qgg-qpj8</a> <a href=3D"http= s://github.com/samclarke/SCEditor/commit/5733aed4f0e257cb78e1ba191715fc458c= bd473d" target=3D"_blank" rel=3D"noopener">https://github.com/samclarke/SCE= ditor/commit/5733aed4f0e257cb78e1ba191715fc458cbd473d</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">PrestaShop--PrestaShop</td>
<td>PrestaShop is an open source e-commerce web application. Prior to 8.2.4=
and 9.0.3, there is a time-based user enumeration vulnerability in the use=
r authentication functionality of PrestaShop. This vulnerability allows an = attacker to determine whether a customer account exists in the system by me= asuring response times. This vulnerability is fixed in 8.2.4 and 9.0.3.</td=

<td>2026-02-06</td>
<td>5.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25597" target=3D= "_blank" rel=3D"noopener">CVE-2026-25597</a></td>

<a href=3D"https://github.com/PrestaShop/PrestaShop/security/advisories/GHS= A-67v7-3g49-mxh2" target=3D"_blank" rel=3D"noopener">https://github.com/Pre= staShop/PrestaShop/security/advisories/GHSA-67v7-3g49-mxh2</a> <a href= =3D"https://github.com/PrestaShop/PrestaShop/releases/tag/8.2.4" target=3D"= _blank" rel=3D"noopener">https://github.com/PrestaShop/PrestaShop/releases/= tag/8.2.4</a> <a href=3D"https://github.com/PrestaShop/PrestaShop/releas= es/tag/9.0.3" target=3D"_blank" rel=3D"noopener">https://github.com/PrestaS= hop/PrestaShop/releases/tag/9.0.3</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Wing FTP Server--Wing FTP Server</td>
<td>Wing FTP Server versions prior to 6.2.7 contain a cross-site request fo= rgery (CSRF) vulnerability in the web administration interface that allows = attackers to delete admin users. Attackers can craft a malicious HTML page = with a hidden form to submit a request that deletes the administrative user=
account without proper authorization.</td>
<td>2026-02-06</td>
<td>4.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37079" target=3D= "_blank" rel=3D"noopener">CVE-2020-37079</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48200" target=3D"_blank" rel= =3D"noopener">ExploitDB-48200</a> <a href=3D"https://www.wftpserver.com"=
target=3D"_blank" rel=3D"noopener">Wing FTP Server Official Homepage</a><b= r><a href=3D"https://www.wftpserver.com/serverhistory.htm" target=3D"_blank=
" rel=3D"noopener">Wing FTP Server Version History</a> <a href=3D"https:= //www.vulncheck.com/advisories/wing-ftp-server-cross-site-request-forgery" = target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: Wing FTP Server <=
6.2.7 - Cross-site Request Forgery</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Openeclass--GUnet OpenEclass</td>
<td>GUnet OpenEclass 1.7.3 allows unauthenticated and authenticated users t=
o access sensitive information, including system information, application v= ersion, and other students' uploaded assessments, due to improper access co= ntrols and information disclosure flaws in various modules. Attackers can r= etrieve system info, version info, and view or download other users' files = without proper authorization.</td>
<td>2026-02-03</td>
<td>4.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37114" target=3D= "_blank" rel=3D"noopener">CVE-2020-37114</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48163" target=3D"_blank" rel= =3D"noopener">ExploitDB-48163</a> <a href=3D"https://www.openeclass.org/=
" target=3D"_blank" rel=3D"noopener">Official Vendor Homepage</a> <a hre= f=3D"https://download.openeclass.org/files/docs/1.7/CHANGES.txt" target=3D"= _blank" rel=3D"noopener">Changelog</a> <a href=3D"https://www.vulncheck.= com/advisories/gunet-openeclass-e-learning-platform-information-disclosure"=
target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: GUnet OpenEclass 1.= 7.3 E-learning platform - Information Disclosure</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">HRSALE--HRSALE</td>
<td>HRSALE 1.1.8 contains a cross-site request forgery vulnerability that a= llows attackers to add unauthorized administrative users through the employ=
ee registration form. Attackers can craft a malicious HTML page with hidden=
form fields to trick authenticated administrators into creating new user a= ccounts with elevated privileges.</td>
<td>2026-02-05</td>
<td>4.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37145" target=3D= "_blank" rel=3D"noopener">CVE-2020-37145</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48205" target=3D"_blank" rel= =3D"noopener">ExploitDB-48205</a> <a href=3D"https://web.archive.org/web= /20200109113640/http://hrsale.com/" target=3D"_blank" rel=3D"noopener">Arch= ived Product Webpage</a> <a href=3D"https://www.vulncheck.com/advisories= /hrsale-cross-site-request-forgery-add-admin" target=3D"_blank" rel=3D"noop= ener">VulnCheck Advisory: HRSALE 1.1.8 - Cross-Site Request Forgery (Add Ad= min)</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">IBM--Operations Analytics - Log Analysis</td> <td>IBM Operations Analytics - Log Analysis versions 1.3.5.0 through 1.3.8.=
3 and IBM SmartCloud Analytics - Log Analysis are vulnerable to a cross-sit=
e request forgery (CSRF) vulnerability that could allow an attacker to tric=
k a trusted user into performing unauthorized actions.</td>
<td>2026-02-04</td>
<td>4.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2024-40685" target=3D= "_blank" rel=3D"noopener">CVE-2024-40685</a></td>

<a href=3D"https://www.ibm.com/support/pages/node/7256429" target=3D"_blank=
" rel=3D"noopener">https://www.ibm.com/support/pages/node/7256429</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">metagauss--ProfileGrid User Profiles, Groups a=
nd Communities</td>
<td>The ProfileGrid - User Profiles, Groups and Communities plugin for Word= Press is vulnerable to unauthorized user suspension due to a missing capabi= lity check on the pm_deactivate_user_from_group() function in all versions =
up to, and including, 5.9.7.2. This makes it possible for authenticated att= ackers, with Subscriber-level access and above, to suspend arbitrary users = from groups, including administrators, via the pm_deactivate_user_from_grou=
p AJAX action.</td>
<td>2026-02-05</td>
<td>4.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-13416" target=3D= "_blank" rel=3D"noopener">CVE-2025-13416</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/31c2cd= 54-f258-43ea-8db2-8d98ad7014d1?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/31c2cd54-f25= 8-43ea-8db2-8d98ad7014d1?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/profilegrid-user-profiles-groups-and-communities/tr= unk/public/class-profile-magic-public.php#L3167" target=3D"_blank" rel=3D"n= oopener">https://plugins.trac.wordpress.org/browser/profilegrid-user-profil= es-groups-and-communities/trunk/public/class-profile-magic-public.php#L3167= </a> <a href=3D"https://plugins.trac.wordpress.org/browser/profilegrid-u= ser-profiles-groups-and-communities/tags/5.9.6.5/public/class-profile-magic= -public.php#L3167" target=3D"_blank" rel=3D"noopener">https://plugins.trac.= wordpress.org/browser/profilegrid-user-profiles-groups-and-communities/tags= /5.9.6.5/public/class-profile-magic-public.php#L3167</a> <a href=3D"http= s://plugins.trac.wordpress.org/changeset?sfp_email=3D&sfph_mail=3D&reponame= =3D&old=3D3448434%40profilegrid-user-profiles-groups-and-communities&new=3D= 3448434%40profilegrid-user-profiles-groups-and-communities&sfp_email=3D&sfp= h_mail=3D" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpres= s.org/changeset?sfp_email=3D&sfph_mail=3D&reponame=3D&old=3D3448434%40profi= legrid-user-profiles-groups-and-communities&new=3D3448434%40profilegrid-use= r-profiles-groups-and-communities&sfp_email=3D&sfph_mail</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Tanium--Patch</td>
<td>Tanium addressed an improper access controls vulnerability in Patch.</t=

<td>2026-02-05</td>
<td>4.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15326" target=3D= "_blank" rel=3D"noopener">CVE-2025-15326</a></td>

<a href=3D"https://security.tanium.com/TAN-2025-006" target=3D"_blank" rel= =3D"noopener">TAN-2025-006</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Tanium--Deploy</td>
<td>Tanium addressed an improper access controls vulnerability in Deploy.</=

<td>2026-02-05</td>
<td>4.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15327" target=3D= "_blank" rel=3D"noopener">CVE-2025-15327</a></td>

<a href=3D"https://security.tanium.com/TAN-2025-006" target=3D"_blank" rel= =3D"noopener">TAN-2025-006</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Tanium--Threat Response</td>
<td>Tanium addressed an information disclosure vulnerability in Threat Resp= onse.</td>
<td>2026-02-05</td>
<td>4.9</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15329" target=3D= "_blank" rel=3D"noopener">CVE-2025-15329</a></td>

<a href=3D"https://security.tanium.com/TAN-2025-019" target=3D"_blank" rel= =3D"noopener">TAN-2025-019</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Tanium--Connect</td>
<td>Tanium addressed an uncontrolled resource consumption vulnerability in = Connect.</td>
<td>2026-02-05</td>
<td>4.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15331" target=3D= "_blank" rel=3D"noopener">CVE-2025-15331</a></td>

<a href=3D"https://security.tanium.com/TAN-2025-015" target=3D"_blank" rel= =3D"noopener">TAN-2025-015</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Tanium--Threat Response</td>
<td>Tanium addressed an information disclosure vulnerability in Threat Resp= onse.</td>
<td>2026-02-05</td>
<td>4.9</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15332" target=3D= "_blank" rel=3D"noopener">CVE-2025-15332</a></td>

<a href=3D"https://security.tanium.com/TAN-2025-020" target=3D"_blank" rel= =3D"noopener">TAN-2025-020</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Tanium--Threat Response</td>
<td>Tanium addressed an information disclosure vulnerability in Threat Resp= onse.</td>
<td>2026-02-05</td>
<td>4.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15333" target=3D= "_blank" rel=3D"noopener">CVE-2025-15333</a></td>

<a href=3D"https://security.tanium.com/TAN-2025-025" target=3D"_blank" rel= =3D"noopener">TAN-2025-025</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Tanium--Threat Response</td>
<td>Tanium addressed an information disclosure vulnerability in Threat Resp= onse.</td>
<td>2026-02-05</td>
<td>4.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15334" target=3D= "_blank" rel=3D"noopener">CVE-2025-15334</a></td>

<a href=3D"https://security.tanium.com/TAN-2025-026" target=3D"_blank" rel= =3D"noopener">TAN-2025-026</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Tanium--Threat Response</td>
<td>Tanium addressed an information disclosure vulnerability in Threat Resp= onse.</td>
<td>2026-02-05</td>
<td>4.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15335" target=3D= "_blank" rel=3D"noopener">CVE-2025-15335</a></td>

<a href=3D"https://security.tanium.com/TAN-2025-027" target=3D"_blank" rel= =3D"noopener">TAN-2025-027</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Tanium--Reputation</td>
<td>Tanium addressed an improper access controls vulnerability in Reputatio= n.</td>
<td>2026-02-05</td>
<td>4.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15342" target=3D= "_blank" rel=3D"noopener">CVE-2025-15342</a></td>

<a href=3D"https://security.tanium.com/TAN-2025-030" target=3D"_blank" rel= =3D"noopener">TAN-2025-030</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">IBM--Jazz Foundation</td>
<td>IBM Jazz Foundation=C2=A07.0.3 through=C2=A07.0.3 iFix019 and=C2=A07.1.=
0 through=C2=A07.1.0 iFix005=C2=A0is vulnerable to access control violation=
s that allows the users to view or access/perform actions beyond their expe= cted capability.</td>
<td>2026-02-02</td>
<td>4.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15395" target=3D= "_blank" rel=3D"noopener">CVE-2025-15395</a></td>

<a href=3D"https://www.ibm.com/support/pages/node/7258304" target=3D"_blank=
" rel=3D"noopener">https://www.ibm.com/support/pages/node/7258304</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">simonfairbairn--The Bucketlister</td>
<td>The The Bucketlister plugin for WordPress is vulnerable to unauthorized=
modification of data due to a missing capability check on the bucketlister= _do_admin_ajax() function in all versions up to, and including, 0.1.5. This=
makes it possible for authenticated attackers, with Subscriber-level acces=
s and above, to add delete or modify arbitrary bucket list items.</td> <td>2026-02-07</td>
<td>4.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15476" target=3D= "_blank" rel=3D"noopener">CVE-2025-15476</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/fc9e63= 74-8f9e-4c60-a86b-46cd4122abf9?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/fc9e6374-8f9= e-4c60-a86b-46cd4122abf9?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/the-bucketlister/tags/0.1.5/bucketlister.php#L185" = target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/brows= er/the-bucketlister/tags/0.1.5/bucketlister.php#L185</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">qriouslad--Code Explorer</td>
<td>The Code Explorer plugin for WordPress is vulnerable to Path Traversal =
in all versions up to, and including, 1.4.6 via the 'file' parameter. This = makes it possible for authenticated attackers, with Administrator-level acc= ess and above, to read the contents of arbitrary files on the server, which=
can contain sensitive information.</td>
<td>2026-02-04</td>
<td>4.9</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15487" target=3D= "_blank" rel=3D"noopener">CVE-2025-15487</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/fad8ad= 54-56eb-40fa-a357-77b7d656d378?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/fad8ad54-56e= b-40fa-a357-77b7d656d378?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/code-explorer/tags/1.4.6/admin/class-code-explorer-= admin.php#L211" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wor= dpress.org/browser/code-explorer/tags/1.4.6/admin/class-code-explorer-admin= .php#L211</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">HCL--AION</td>
<td>A Potential Command Injection vulnerability in HCL AION.=C2=A0 An This = can allow unintended command execution, potentially leading to unauthorized=
actions on the underlying system. This issue affects AION: 2.0</td> <td>2026-02-03</td>
<td>4.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-52626" target=3D= "_blank" rel=3D"noopener">CVE-2025-52626</a></td>

<a href=3D"https://support.hcl-software.com/csm?id=3Dkb_article&sysparm_art= icle=3DKB0127972" target=3D"_blank" rel=3D"noopener">https://support.hcl-so= ftware.com/csm?id=3Dkb_article&sysparm_article=3DKB0127972</a> =C2=A0</t=

</tr>

<td class=3D"vendor-product">HCL--AION</td>
<td>HCL AION is affected by a Cookie with Insecure, Improper, or Missing Sa= meSite vulnerability. This can allow cookies to be sent in cross-site reque= sts, potentially increasing exposure to cross-site request forgery and rela= ted security risks. This issue affects AION: 2.0.</td>
<td>2026-02-03</td>
<td>4.6</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-52628" target=3D= "_blank" rel=3D"noopener">CVE-2025-52628</a></td>

<a href=3D"https://support.hcl-software.com/csm?id=3Dkb_article&sysparm_art= icle=3DKB0127972" target=3D"_blank" rel=3D"noopener">https://support.hcl-so= ftware.com/csm?id=3Dkb_article&sysparm_article=3DKB0127972</a> =C2=A0</t=

</tr>

<td class=3D"vendor-product">N/A--Moodle[.]org</td>
<td>A flaw was found in Moodle. During anonymous assignment submissions, us=
er identifiers were inadvertently exposed in URLs. This data exposure allow=
s unauthorized viewers to see internal user IDs, compromising the intended = anonymity and potentially leading to information disclosure.</td> <td>2026-02-03</td>
<td>4.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-67857" target=3D= "_blank" rel=3D"noopener">CVE-2025-67857</a></td>

<a href=3D"https://access.redhat.com/security/cve/CVE-2025-67857" target=3D= "_blank" rel=3D"noopener">https://access.redhat.com/security/cve/CVE-2025-6= 7857</a> <a href=3D"https://bugzilla.redhat.com/show_bug.cgi?id=3D242386=
8" target=3D"_blank" rel=3D"noopener">RHBZ#2423868</a> <a href=3D"https:= //moodle.org/mod/forum/discuss.php?d=3D471307" target=3D"_blank" rel=3D"noo= pener">https://moodle.org/mod/forum/discuss.php?d=3D471307</a> =C2=A0</t=

</tr>

<td class=3D"vendor-product">Red Hat--Red Hat Ansible Automation Platform 2= </td>
<td>A security flaw was identified in the Ansible Lightspeed API conversati=
on endpoints that handle AI chat interactions. The APIs do not properly ver= ify whether a conversation identifier belongs to the authenticated user mak= ing the request. As a result, an attacker with valid credentials could acce=
ss or influence conversations owned by other users. This exposes sensitive = conversation data and allows unauthorized manipulation of AI-generated outp= uts.</td>
<td>2026-02-06</td>
<td>4.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-0598" target=3D"= _blank" rel=3D"noopener">CVE-2026-0598</a></td>

<a href=3D"https://access.redhat.com/security/cve/CVE-2026-0598" target=3D"= _blank" rel=3D"noopener">https://access.redhat.com/security/cve/CVE-2026-05= 98</a> <a href=3D"https://bugzilla.redhat.com/show_bug.cgi?id=3D2427094"=
target=3D"_blank" rel=3D"noopener">RHBZ#2427094</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">rtddev--Extended Random Number Generator</td> <td>The Extended Random Number Generator plugin for WordPress is vulnerable=
to Stored Cross-Site Scripting via the plugin settings in all versions up = to, and including, 1.1 due to insufficient input sanitization and output es= caping. This makes it possible for authenticated attackers, with administra= tor-level access, to inject arbitrary web scripts in pages that will execut=
e whenever a user accesses an injected page. This only affects multi-site i= nstallations and installations where unfiltered_html has been disabled.</td=

<td>2026-02-04</td>
<td>4.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-0681" target=3D"= _blank" rel=3D"noopener">CVE-2026-0681</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/575c33= 29-8dbb-4d15-8e11-a86a01b96f50?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/575c3329-8db= b-4d15-8e11-a86a01b96f50?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/extended-random-number-generator/trunk/random_numbe= r_generator.php#L187" target=3D"_blank" rel=3D"noopener">https://plugins.tr= ac.wordpress.org/browser/extended-random-number-generator/trunk/random_numb= er_generator.php#L187</a> <a href=3D"https://plugins.trac.wordpress.org/= browser/extended-random-number-generator/tags/1.1/random_number_generator.p= hp#L187" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.= org/browser/extended-random-number-generator/tags/1.1/random_number_generat= or.php#L187</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">orenhav--WP Content Permission</td>
<td>The WP Content Permission plugin for WordPress is vulnerable to Stored = Cross-Site Scripting via the 'ohmem-message' parameter in all versions up t=
o, and including, 1.2 due to insufficient input sanitization and output esc= aping. This makes it possible for authenticated attackers, with Administrat= or-level access and above, to inject arbitrary web scripts in pages that wi=
ll execute whenever a user accesses an injected page.</td>
<td>2026-02-04</td>
<td>4.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-0743" target=3D"= _blank" rel=3D"noopener">CVE-2026-0743</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/e44403= cd-1cee-43c4-aabc-3eaad433c020?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/e44403cd-1ce= e-43c4-aabc-3eaad433c020?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/wp-content-permission/trunk/admin/views/admin.php#L= 74" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/b= rowser/wp-content-permission/trunk/admin/views/admin.php#L74</a> <a href= =3D"https://plugins.trac.wordpress.org/browser/wp-content-permission/tags/1= .2/admin/views/admin.php#L74" target=3D"_blank" rel=3D"noopener">https://pl= ugins.trac.wordpress.org/browser/wp-content-permission/tags/1.2/admin/views= /admin.php#L74</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">gtlwpdev--All push notification for WP</td> <td>The All push notification for WP plugin for WordPress is vulnerable to = time-based SQL Injection via the 'delete_id' parameter in all versions up t=
o, and including, 1.5.3 due to insufficient escaping on the user supplied p= arameter and lack of sufficient preparation on the existing SQL query. This=
makes it possible for authenticated attackers, with administrator-level ac= cess and above, to append additional SQL queries into already existing quer= ies that can be used to extract sensitive information from the database.</t=

<td>2026-02-04</td>
<td>4.9</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-0816" target=3D"= _blank" rel=3D"noopener">CVE-2026-0816</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/fc1f36= b1-cf28-472c-8a7a-f091ecb48c2d?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/fc1f36b1-cf2= 8-472c-8a7a-f091ecb48c2d?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/all-push-notification/tags/1.5.3/pushnotification-a= dmin/class-pushnotification-admin.php#L95" target=3D"_blank" rel=3D"noopene= r">https://plugins.trac.wordpress.org/browser/all-push-notification/tags/1.= 5.3/pushnotification-admin/class-pushnotification-admin.php#L95</a> <a h= ref=3D"https://plugins.trac.wordpress.org/browser/all-push-notification/tru= nk/pushnotification-admin/class-pushnotification-admin.php#L95" target=3D"_= blank" rel=3D"noopener">https://plugins.trac.wordpress.org/browser/all-push= -notification/trunk/pushnotification-admin/class-pushnotification-admin.php= #L95</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">arkapravamajumder--TITLE ANIMATOR</td>
<td>The TITLE ANIMATOR plugin for WordPress is vulnerable to Cross-Site Req= uest Forgery in all versions up to, and including, 1.0. This is due to miss= ing nonce validation on the settings page form handler in `inc/settings-pag= e.php`. This makes it possible for unauthenticated attackers to modify plug=
in settings via a forged request granted they can trick a site administrato=
r into performing an action such as clicking on a link.</td> <td>2026-02-07</td>
<td>4.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1082" target=3D"= _blank" rel=3D"noopener">CVE-2026-1082</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/98736b= 9d-3e0a-40c0-900a-fbbaaac07958?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/98736b9d-3e0= a-40c0-900a-fbbaaac07958?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/title-animator/trunk/inc/settings-page.php#L5" targ= et=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/browser/t= itle-animator/trunk/inc/settings-page.php#L5</a> <a href=3D"https://plug= ins.trac.wordpress.org/browser/title-animator/tags/1.0/inc/settings-page.ph= p#L5" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org= /browser/title-animator/tags/1.0/inc/settings-page.php#L5</a> =C2=A0</td=

</tr>

<td class=3D"vendor-product">bplugins--Timeline Block Beautiful Timeline Bu= ilder for WordPress (Vertical & Horizontal Timelines)</td>
<td>The Timeline Block - Beautiful Timeline Builder for WordPress (Vertical=
& Horizontal Timelines) plugin for WordPress is vulnerable to Insecure=
Direct Object Reference in all versions up to, and including, 1.3.3 via th=
e tlgb_shortcode() function due to missing validation on a user controlled = key. This makes it possible for authenticated attackers, with Author-level = access and above, to disclose private timeline content via the id attribute=
supplied to the 'timeline_block' shortcode.</td>
<td>2026-02-06</td>
<td>4.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1228" target=3D"= _blank" rel=3D"noopener">CVE-2026-1228</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/cecebf= d0-c2af-4150-8793-299cdbeaa7b9?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/cecebfd0-c2a= f-4150-8793-299cdbeaa7b9?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/changeset/3446078/timeline-block-block" target=3D"_blank" r= el=3D"noopener">https://plugins.trac.wordpress.org/changeset/3446078/timeli= ne-block-block</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">shortpixel--ShortPixel Image Optimizer Optimiz=
e Images, Convert WebP & AVIF</td>
<td>The ShortPixel Image Optimizer plugin for WordPress is vulnerable to Ar= bitrary File Read via path traversal in the 'loadFile' parameter in all ver= sions up to, and including, 6.4.2 due to insufficient path validation and s= anitization in the 'loadLogFile' AJAX action. This makes it possible for au= thenticated attackers, with Editor-level access and above, to read the cont= ents of arbitrary files on the server, which can contain sensitive informat= ion such as database credentials and authentication keys.</td> <td>2026-02-05</td>
<td>4.9</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1246" target=3D"= _blank" rel=3D"noopener">CVE-2026-1246</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/03cb41= d2-67c8-457f-8d85-7aede8e12d44?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/03cb41d2-67c= 8-457f-8d85-7aede8e12d44?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/shortpixel-image-optimiser/tags/6.4.1/class/Control= ler/AjaxController.php#L309" target=3D"_blank" rel=3D"noopener">https://plu= gins.trac.wordpress.org/browser/shortpixel-image-optimiser/tags/6.4.1/class= /Controller/AjaxController.php#L309</a> <a href=3D"https://plugins.trac.= wordpress.org/browser/shortpixel-image-optimiser/tags/6.4.1/class/Controlle= r/AjaxController.php#L1686" target=3D"_blank" rel=3D"noopener">https://plug= ins.trac.wordpress.org/browser/shortpixel-image-optimiser/tags/6.4.1/class/= Controller/AjaxController.php#L1686</a> <a href=3D"https://plugins.trac.= wordpress.org/browser/shortpixel-image-optimiser/tags/6.4.1/class/Controlle= r/BulkController.php#L200" target=3D"_blank" rel=3D"noopener">https://plugi= ns.trac.wordpress.org/browser/shortpixel-image-optimiser/tags/6.4.1/class/C= ontroller/BulkController.php#L200</a> <a href=3D"https://plugins.trac.wo= rdpress.org/changeset?sfp_email=3D&sfph_mail=3D&reponame=3D&old=3D3449706%4= 0shortpixel-image-optimiser&new=3D3449706%40shortpixel-image-optimiser&sfp_= email=3D&sfph_mail=3D" target=3D"_blank" rel=3D"noopener">https://plugins.t= rac.wordpress.org/changeset?sfp_email=3D&sfph_mail=3D&reponame=3D&old=3D344= 9706%40shortpixel-image-optimiser&new=3D3449706%40shortpixel-image-optimise= r&sfp_email=3D&sfph_mail</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">comprassibs--SIBS woocommerce payment gateway<=

<td>The SIBS woocommerce payment gateway plugin for WordPress is vulnerable=
to time-based SQL Injection via the 'referencedId' parameter in all versio=
ns up to, and including, 2.2.0 due to insufficient escaping on the user sup= plied parameter and lack of sufficient preparation on the existing SQL quer=
y. This makes it possible for authenticated attackers, with Administrator-l= evel access and above, to append additional SQL queries into already existi=
ng queries that can be used to extract sensitive information from the datab= ase.</td>
<td>2026-02-04</td>
<td>4.9</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1370" target=3D"= _blank" rel=3D"noopener">CVE-2026-1370</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/eac8e8= 1c-2f6f-4a4a-9678-f5d75f4954ae?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/eac8e81c-2f6= f-4a4a-9678-f5d75f4954ae?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/sibs-woocommerce/tags/2.2.0/class-sibs-payment-gate= way.php#L1855" target=3D"_blank" rel=3D"noopener">https://plugins.trac.word= press.org/browser/sibs-woocommerce/tags/2.2.0/class-sibs-payment-gateway.ph= p#L1855</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">n/a--iomad</td>
<td>A vulnerability was identified in iomad up to 5.0. Affected is an unkno=
wn function of the component Company Admin Block. Such manipulation leads t=
o sql injection. The attack can be executed remotely. It is best practice t=
o apply a patch to resolve this issue.</td>
<td>2026-02-05</td>
<td>4.7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1517" target=3D"= _blank" rel=3D"noopener">CVE-2026-1517</a></td>

<a href=3D"https://vuldb.com/?id.344487" target=3D"_blank" rel=3D"noopener"= >VDB-344487 | iomad Company Admin Block sql injection</a> <a href=3D"htt= ps://vuldb.com/?ctiid.344487" target=3D"_blank" rel=3D"noopener">VDB-344487=
| CTI Indicators (IOB, IOC, TTP)</a> <a href=3D"https://github.com/ioma= d/iomad/issues/2559" target=3D"_blank" rel=3D"noopener">https://github.com/= iomad/iomad/issues/2559</a> <a href=3D"https://github.com/iomad/iomad/is= sues/2559#issuecomment-3841174677" target=3D"_blank" rel=3D"noopener">https= ://github.com/iomad/iomad/issues/2559#issuecomment-3841174677</a> <a hre= f=3D"https://github.com/iomad/iomad/" target=3D"_blank" rel=3D"noopener">ht= tps://github.com/iomad/iomad/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Yealink--MeetingBar A30</td>
<td>A weakness has been identified in Yealink MeetingBar A30 133.321.0.3. T= his issue affects some unknown processing of the component Diagnostic Handl= er. This manipulation causes command injection. It is feasible to perform t=
he attack on the physical device. The exploit has been made available to th=
e public and could be used for attacks. The vendor was contacted early abou=
t this disclosure but did not respond in any way.</td>
<td>2026-02-02</td>
<td>4.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1735" target=3D"= _blank" rel=3D"noopener">CVE-2026-1735</a></td>

<a href=3D"https://vuldb.com/?id.343634" target=3D"_blank" rel=3D"noopener"= >VDB-343634 | Yealink MeetingBar A30 Diagnostic command injection</a> <a=
href=3D"https://vuldb.com/?ctiid.343634" target=3D"_blank" rel=3D"noopener= ">VDB-343634 | CTI Indicators (IOB, IOC, TTP)</a> <a href=3D"https://vul= db.com/?submit.736622" target=3D"_blank" rel=3D"noopener">Submit #736622 | = Yealink MeetingBar A30 133.321.0.3 Command Injection</a> <a href=3D"http= s://drive.google.com/file/d/1Uf46ihr8UmeXsFfkcvAeOtF1TkvGjozy/view?usp=3Dsh= aring" target=3D"_blank" rel=3D"noopener">https://drive.google.com/file/d/1= Uf46ihr8UmeXsFfkcvAeOtF1TkvGjozy/view?usp=3Dsharing</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">EFM--ipTIME A8004T</td>
<td>A vulnerability was identified in EFM ipTIME A8004T 14.18.2. Affected b=
y this vulnerability is the function commit_vpncli_file_upload of the file = /cgi/timepro.cgi of the component VPN Service. Such manipulation leads to u= nrestricted upload. It is possible to launch the attack remotely. The explo=
it is publicly available and might be used. The vendor was contacted early = about this disclosure but did not respond in any way.</td>
<td>2026-02-02</td>
<td>4.7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1742" target=3D"= _blank" rel=3D"noopener">CVE-2026-1742</a></td>

<a href=3D"https://vuldb.com/?id.343641" target=3D"_blank" rel=3D"noopener"= >VDB-343641 | EFM ipTIME A8004T VPN Service timepro.cgi commit_vpncli_file_= upload unrestricted upload</a> <a href=3D"https://vuldb.com/?ctiid.34364=
1" target=3D"_blank" rel=3D"noopener">VDB-343641 | CTI Indicators (IOB, IOC=
, TTP, IOA)</a> <a href=3D"https://vuldb.com/?submit.741450" target=3D"_= blank" rel=3D"noopener">Submit #741450 | EFM IPTIME A8004T 14.18.2 Authenti= cation Bypass & Arbitrary File Upload</a> <a href=3D"https://github.= com/LX-LX88/cve/issues/29" target=3D"_blank" rel=3D"noopener">https://githu= b.com/LX-LX88/cve/issues/29</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">SourceCodester--Medical Certificate Generator = App</td>
<td>A vulnerability was determined in SourceCodester Medical Certificate Ge= nerator App 1.0. This affects an unknown part. This manipulation causes cro= ss-site request forgery. Remote exploitation of the attack is possible. The=
exploit has been publicly disclosed and may be utilized.</td> <td>2026-02-02</td>
<td>4.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1745" target=3D"= _blank" rel=3D"noopener">CVE-2026-1745</a></td>

<a href=3D"https://vuldb.com/?id.343676" target=3D"_blank" rel=3D"noopener"= >VDB-343676 | SourceCodester Medical Certificate Generator App cross-site r= equest forgery</a> <a href=3D"https://vuldb.com/?ctiid.343676" target=3D= "_blank" rel=3D"noopener">VDB-343676 | CTI Indicators (IOB, IOC)</a> <a = href=3D"https://vuldb.com/?submit.742653" target=3D"_blank" rel=3D"noopener= ">Submit #742653 | SourceCodester Medical Certificate Generator App 1.0 Cro= ss-Site Request Forgery</a> <a href=3D"https://github.com/Asim-QAZi/Cros= s-Site-Request-Forgery-Arbitrary-Medical-Certificate-Deletion" target=3D"_b= lank" rel=3D"noopener">https://github.com/Asim-QAZi/Cross-Site-Request-Forg= ery-Arbitrary-Medical-Certificate-Deletion</a> <a href=3D"https://github= .com/Asim-QAZi/Cross-Site-Request-Forgery-Arbitrary-Medical-Certificate-Del= etion#proof-of-concept-csrf-exploit" target=3D"_blank" rel=3D"noopener">htt= ps://github.com/Asim-QAZi/Cross-Site-Request-Forgery-Arbitrary-Medical-Cert= ificate-Deletion#proof-of-concept-csrf-exploit</a> <a href=3D"https://ww= w.sourcecodester.com/" target=3D"_blank" rel=3D"noopener">https://www.sourc= ecodester.com/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">codesnippetspro--Code Snippets</td>
<td>The Code Snippets plugin for WordPress is vulnerable to Cross-Site Requ= est Forgery in all versions up to, and including, 3.9.4. This is due to mis= sing nonce validation on the cloud snippet download and update actions in t=
he Cloud_Search_List_Table class. This makes it possible for unauthenticate=
d attackers to force logged-in administrators to download or update cloud s= nippets without their consent via a crafted request, granted they can trick=
an administrator into visiting a malicious page.</td>
<td>2026-02-06</td>
<td>4.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1785" target=3D"= _blank" rel=3D"noopener">CVE-2026-1785</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/4a5787= f3-6a16-491a-aa01-6222f275cf0f?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/4a5787f3-6a1= 6-491a-aa01-6222f275cf0f?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/browser/code-snippets/trunk/php/cloud/class-cloud-search-li= st-table.php#L105" target=3D"_blank" rel=3D"noopener">https://plugins.trac.= wordpress.org/browser/code-snippets/trunk/php/cloud/class-cloud-search-list= -table.php#L105</a> <a href=3D"https://plugins.trac.wordpress.org/browse= r/code-snippets/tags/3.9.4/php/cloud/class-cloud-search-list-table.php#L105=
" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wordpress.org/bro= wser/code-snippets/tags/3.9.4/php/cloud/class-cloud-search-list-table.php#L= 105</a> <a href=3D"https://plugins.trac.wordpress.org/browser/code-snipp= ets/trunk/php/cloud/list-table-shared-ops.php#L57" target=3D"_blank" rel=3D= "noopener">https://plugins.trac.wordpress.org/browser/code-snippets/trunk/p= hp/cloud/list-table-shared-ops.php#L57</a> <a href=3D"https://plugins.tr= ac.wordpress.org/browser/code-snippets/tags/3.9.4/php/cloud/list-table-shar= ed-ops.php#L57" target=3D"_blank" rel=3D"noopener">https://plugins.trac.wor= dpress.org/browser/code-snippets/tags/3.9.4/php/cloud/list-table-shared-ops= .php#L57</a> <a href=3D"https://github.com/codesnippetspro/code-snippets= /pull/331/changes" target=3D"_blank" rel=3D"noopener">https://github.com/co= desnippetspro/code-snippets/pull/331/changes</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">lcg0124--BootDo</td>
<td>A vulnerability was identified in lcg0124 BootDo up to e93dd428ef6f5c88= 1aa74d49a2099ab0cf1e0fcb. This affects an unknown part. The manipulation le= ads to cross-site request forgery. The attack is possible to be carried out=
remotely. The exploit is publicly available and might be used. This produc=
t adopts a rolling release strategy to maintain continuous delivery. Theref= ore, version details for affected or updated releases cannot be specified.<=

<td>2026-02-04</td>
<td>4.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1835" target=3D"= _blank" rel=3D"noopener">CVE-2026-1835</a></td>

<a href=3D"https://vuldb.com/?id.344028" target=3D"_blank" rel=3D"noopener"= >VDB-344028 | lcg0124 BootDo cross-site request forgery</a> <a href=3D"h= ttps://vuldb.com/?ctiid.344028" target=3D"_blank" rel=3D"noopener">VDB-3440=
28 | CTI Indicators (IOB, IOC)</a> <a href=3D"https://vuldb.com/?submit.= 742484" target=3D"_blank" rel=3D"noopener">Submit #742484 | BootDo Web V1.0=
CSRF</a> <a href=3D"https://github.com/webzzaa/CVE-/issues/6" target=3D= "_blank" rel=3D"noopener">https://github.com/webzzaa/CVE-/issues/6</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">n/a--ZenTao</td>
<td>A weakness has been identified in ZenTao up to 21.7.6-85642. The impact=
ed element is the function fetchHook of the file module/webhook/model. Php =
of the component Webhook Module. This manipulation causes server-side reque=
st forgery. The attack may be initiated remotely. The exploit has been made=
available to the public and could be used for attacks. The vendor was cont= acted early about this disclosure but did not respond in any way.</td> <td>2026-02-04</td>
<td>4.7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1884" target=3D"= _blank" rel=3D"noopener">CVE-2026-1884</a></td>

<a href=3D"https://vuldb.com/?id.344264" target=3D"_blank" rel=3D"noopener"= >VDB-344264 | ZenTao Webhook model.php fetchHook server-side request forger= y</a> <a href=3D"https://vuldb.com/?ctiid.344264" target=3D"_blank" rel= =3D"noopener">VDB-344264 | CTI Indicators (IOB, IOC, IOA)</a> <a href=3D= "https://vuldb.com/?submit.742633" target=3D"_blank" rel=3D"noopener">Submi=
t #742633 | Zentao PMS <=3D21.7.6-85642 SSRF</a> <a href=3D"https://g= ithub.com/ez-lbz/ez-lbz.github.io/issues/9" target=3D"_blank" rel=3D"noopen= er">https://github.com/ez-lbz/ez-lbz.github.io/issues/9</a> <a href=3D"h= ttps://github.com/ez-lbz/ez-lbz.github.io/issues/9#issue-3832844574" target= =3D"_blank" rel=3D"noopener">https://github.com/ez-lbz/ez-lbz.github.io/iss= ues/9#issue-3832844574</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">n/a--WeKan</td>
<td>A vulnerability was found in WeKan up to 8.20. Affected by this issue i=
s some unknown functionality of the file server/methods/positionHistory.js =
of the component Position-History Tracking. The manipulation results in mis= sing authorization. The attack may be performed from remote. Upgrading to v= ersion 8.21 can resolve this issue. The patch is identified as 55576ec17722= db094835470b386162c9a662fb60. It is advisable to upgrade the affected compo= nent.</td>
<td>2026-02-05</td>
<td>4.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1897" target=3D"= _blank" rel=3D"noopener">CVE-2026-1897</a></td>

<a href=3D"https://vuldb.com/?id.344269" target=3D"_blank" rel=3D"noopener"= >VDB-344269 | WeKan Position-History Tracking positionHistory.js PositionHi= storyBleed authorization</a> <a href=3D"https://vuldb.com/?ctiid.344269"=
target=3D"_blank" rel=3D"noopener">VDB-344269 | CTI Indicators (IOB, IOC, = IOA)</a> <a href=3D"https://vuldb.com/?submit.742671" target=3D"_blank" = rel=3D"noopener">Submit #742671 | Wekan <8.21 Missing authorization chec=
ks leading to information disclosure a</a> <a href=3D"https://github.com= /wekan/wekan/commit/55576ec17722db094835470b386162c9a662fb60" target=3D"_bl= ank" rel=3D"noopener">https://github.com/wekan/wekan/commit/55576ec17722db0= 94835470b386162c9a662fb60</a> <a href=3D"https://github.com/wekan/wekan/= releases/tag/v8.21" target=3D"_blank" rel=3D"noopener">https://github.com/w= ekan/wekan/releases/tag/v8.21</a> <a href=3D"https://github.com/wekan/we= kan/" target=3D"_blank" rel=3D"noopener">https://github.com/wekan/wekan/</a= > =C2=A0</td>
</tr>

<td class=3D"vendor-product">wpsoul--Greenshift animation and page builder = blocks</td>
<td>The Greenshift - animation and page builder blocks plugin for WordPress=
is vulnerable to unauthorized access of data due to a missing capability c= heck on the greenshift_app_pass_validation() function in all versions up to=
, and including, 12.5.7. This makes it possible for authenticated attackers=
, with Subscriber-level access and above, to retrieve global plugin setting=
s including stored AI API keys.</td>
<td>2026-02-05</td>
<td>4.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1927" target=3D"= _blank" rel=3D"noopener">CVE-2026-1927</a></td>

<a href=3D"https://www.wordfence.com/threat-intel/vulnerabilities/id/6e2128= db-ca9f-4211-8bc5-01a2cc1cba64?source=3Dcve" target=3D"_blank" rel=3D"noope= ner">https://www.wordfence.com/threat-intel/vulnerabilities/id/6e2128db-ca9= f-4211-8bc5-01a2cc1cba64?source=3Dcve</a> <a href=3D"https://plugins.tra= c.wordpress.org/changeset/3441535/greenshift-animation-and-page-builder-blo= cks/trunk/init.php" target=3D"_blank" rel=3D"noopener">https://plugins.trac= .wordpress.org/changeset/3441535/greenshift-animation-and-page-builder-bloc= ks/trunk/init.php</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">n/a--WeKan</td>
<td>A vulnerability was determined in WeKan up to 8.20. This impacts an unk= nown function of the file models/boards.js of the component REST Endpoint. = This manipulation causes improper access controls. Remote exploitation of t=
he attack is possible. Upgrading to version 8.21 will fix this issue. Patch=
name: 545566f5663545d16174e0f2399f231aa693ab6e. It is advisable to upgrade=
the affected component.</td>
<td>2026-02-05</td>
<td>4.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1964" target=3D"= _blank" rel=3D"noopener">CVE-2026-1964</a></td>

<a href=3D"https://vuldb.com/?id.344486" target=3D"_blank" rel=3D"noopener"= >VDB-344486 | WeKan REST Endpoint boards.js BoardTitleRESTBleed access cont= rol</a> <a href=3D"https://vuldb.com/?ctiid.344486" target=3D"_blank" re= l=3D"noopener">VDB-344486 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a h= ref=3D"https://vuldb.com/?submit.742680" target=3D"_blank" rel=3D"noopener"= >Submit #742680 | Wekan <8.21 Improper access control in REST endpoint (= CWE-284)</a> <a href=3D"https://github.com/wekan/wekan/commit/545566f566= 3545d16174e0f2399f231aa693ab6e" target=3D"_blank" rel=3D"noopener">https://= github.com/wekan/wekan/commit/545566f5663545d16174e0f2399f231aa693ab6e</a><= br><a href=3D"https://github.com/wekan/wekan/releases/tag/v8.21" target=3D"= _blank" rel=3D"noopener">https://github.com/wekan/wekan/releases/tag/v8.21<= /a> <a href=3D"https://github.com/wekan/wekan/" target=3D"_blank" rel=3D= "noopener">https://github.com/wekan/wekan/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">DCN--DCME-320</td>
<td>A vulnerability was found in DCN DCME-320 up to 20260121. Impacted is t=
he function apply_config of the file /function/system/basic/bridge_cfg.php =
of the component Web Management Backend. Performing a manipulation of the a= rgument ip_list results in command injection. The attack is possible to be = carried out remotely. The exploit has been made public and could be used. T=
he vendor was contacted early about this disclosure but did not respond in = any way.</td>
<td>2026-02-06</td>
<td>4.7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2000" target=3D"= _blank" rel=3D"noopener">CVE-2026-2000</a></td>

<a href=3D"https://vuldb.com/?id.344548" target=3D"_blank" rel=3D"noopener"= >VDB-344548 | DCN DCME-320 Web Management Backend bridge_cfg.php apply_conf=
ig command injection</a> <a href=3D"https://vuldb.com/?ctiid.344548" tar= get=3D"_blank" rel=3D"noopener">VDB-344548 | CTI Indicators (IOB, IOC, TTP,=
IOA)</a> <a href=3D"https://vuldb.com/?submit.743455" target=3D"_blank"=
rel=3D"noopener">Submit #743455 | =E5=8C=97=E4=BA=AC=E7=A5=9E=E5=B7=9E=E6= =95=B0=E7=A0=81=E4=BA=91=E7=A7=91=E4=BF=A1=E6=81=AF=E6=8A=80=E6=9C=AF=E6=9C= =89=E9=99=90=E5=85=AC=E5=8F=B8 Dcme320 latest Command Injection</a> <a h= ref=3D"https://github.com/physicszq/Routers/tree/main/Dcme" target=3D"_blan=
k" rel=3D"noopener">https://github.com/physicszq/Routers/tree/main/Dcme</a>= =C2=A0</td>
</tr>

<td class=3D"vendor-product">Cisco--Cisco Secure Web Appliance</td>
<td>A vulnerability in the Dynamic Vectoring and Streaming (DVS) Engine imp= lementation of Cisco AsyncOS Software for Cisco Secure Web Appliance could = allow an unauthenticated, remote attacker to bypass the anti-malware scanne=
r, allowing malicious archive files to be downloaded. This vulnerability is=
due to improper handling of certain archive files. An attacker could explo=
it this vulnerability by sending a crafted archive file, which should be bl= ocked, through an affected device. A successful exploit could allow the att= acker to bypass the anti-malware scanner and download malware onto an end u= ser workstation. The downloaded malware will not automatically execute unle=
ss the end user extracts and launches the malicious file.&nbsp;</td> <td>2026-02-04</td>
<td>4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-20056" target=3D= "_blank" rel=3D"noopener">CVE-2026-20056</a></td>

<a href=3D"https://sec.cloudapps.cisco.com/security/center/content/CiscoSec= urityAdvisory/cisco-sa-wsa-archive-bypass-Scx2e8zF" target=3D"_blank" rel= =3D"noopener">cisco-sa-wsa-archive-bypass-Scx2e8zF</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Sanluan--PublicCMS</td>
<td>A vulnerability has been found in Sanluan PublicCMS up to 4.0.202506.d/= 5.202506.d/6.202506.d. Impacted is the function Paid of the file publiccms-= parent/publiccms-trade/src/main/java/com/publiccms/logic/service/trade/Trad= ePaymentService.java of the component Trade Payment Handler. The manipulati=
on of the argument paymentId leads to improper authorization. The attack ca=
n be initiated remotely. The complexity of an attack is rather high. The ex= ploitability is considered difficult. The exploit has been disclosed to the=
public and may be used. The identifier of the patch is 7329437e1288540336b= 1c66c114ed3363adcba02. It is recommended to apply a patch to fix this issue= .</td>
<td>2026-02-06</td>
<td>4.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2010" target=3D"= _blank" rel=3D"noopener">CVE-2026-2010</a></td>

<a href=3D"https://vuldb.com/?id.344592" target=3D"_blank" rel=3D"noopener"= >VDB-344592 | Sanluan PublicCMS Trade Payment TradePaymentService.java paid=
improper authorization</a> <a href=3D"https://vuldb.com/?ctiid.344592" = target=3D"_blank" rel=3D"noopener">VDB-344592 | CTI Indicators (IOB, IOC, T= TP, IOA)</a> <a href=3D"https://vuldb.com/?submit.743487" target=3D"_bla= nk" rel=3D"noopener">Submit #743487 | PublicCMS 5 Improper Access Controls<= /a> <a href=3D"https://github.com/sanluan/PublicCMS/issues/108" target= =3D"_blank" rel=3D"noopener">https://github.com/sanluan/PublicCMS/issues/10= 8</a> <a href=3D"https://github.com/sanluan/PublicCMS/issues/108#issue-3= 838143772" target=3D"_blank" rel=3D"noopener">https://github.com/sanluan/Pu= blicCMS/issues/108#issue-3838143772</a> <a href=3D"https://github.com/sa= nluan/PublicCMS/commit/7329437e1288540336b1c66c114ed3363adcba02" target=3D"= _blank" rel=3D"noopener">https://github.com/sanluan/PublicCMS/commit/732943= 7e1288540336b1c66c114ed3363adcba02</a> <a href=3D"https://github.com/san= luan/PublicCMS/" target=3D"_blank" rel=3D"noopener">https://github.com/sanl= uan/PublicCMS/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Cisco--Cisco Prime Infrastructure</td>
<td>A vulnerability in the web-based management interface of Cisco Prime In= frastructure could allow an authenticated, remote attacker to conduct a sto= red cross-site scripting (XSS) attack against users of the interface of an = affected system. This vulnerability exists because the web-based management=
interface does not properly validate user-supplied input. An attacker coul=
d exploit this vulnerability by inserting malicious code into specific data=
fields in the interface. A successful exploit could allow the attacker to = execute arbitrary script code in the context of the affected interface or a= ccess sensitive, browser-based information. To exploit this vulnerability, =
an attacker must have valid administrative credentials.</td> <td>2026-02-04</td>
<td>4.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-20111" target=3D= "_blank" rel=3D"noopener">CVE-2026-20111</a></td>

<a href=3D"https://sec.cloudapps.cisco.com/security/center/content/CiscoSec= urityAdvisory/cisco-sa-pi-xss-bYeVKCD" target=3D"_blank" rel=3D"noopener">c= isco-sa-pi-xss-bYeVKCD</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Cisco--Cisco Evolved Programmable Network Mana= ger (EPNM)</td>
<td>A vulnerability in the web-based management interface of Cisco Evolved = Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could al= low an unauthenticated, remote attacker to redirect a user to a malicious w=
eb page. This vulnerability is due to improper input validation of the para= meters in the HTTP request. An attacker could exploit this vulnerability by=
intercepting and modifying an HTTP request from a user. A successful explo=
it could allow the attacker to redirect the user to a malicious web page.</=

<td>2026-02-04</td>
<td>4.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-20123" target=3D= "_blank" rel=3D"noopener">CVE-2026-20123</a></td>

<a href=3D"https://sec.cloudapps.cisco.com/security/center/content/CiscoSec= urityAdvisory/cisco-sa-epnm-pi-redirect-6sX82dN" target=3D"_blank" rel=3D"n= oopener">cisco-sa-epnm-pi-redirect-6sX82dN</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">D-Link--DIR-823X</td>
<td>A vulnerability was determined in D-Link DIR-823X 250416. Affected by t= his issue is the function sub_424D20 of the file /goform/set_ipv6. Executin=
g a manipulation can lead to os command injection. It is possible to launch=
the attack remotely. The exploit has been publicly disclosed and may be ut= ilized.</td>
<td>2026-02-06</td>
<td>4.7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2061" target=3D"= _blank" rel=3D"noopener">CVE-2026-2061</a></td>

<a href=3D"https://vuldb.com/?id.344621" target=3D"_blank" rel=3D"noopener"= >VDB-344621 | D-Link DIR-823X set_ipv6 sub_424D20 os command injection</a><= br><a href=3D"https://vuldb.com/?ctiid.344621" target=3D"_blank" rel=3D"noo= pener">VDB-344621 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a href=3D"h= ttps://vuldb.com/?submit.744286" target=3D"_blank" rel=3D"noopener">Submit = #744286 | D-Link DIR-823X 250416 OS Command Injection</a> <a href=3D"htt= ps://github.com/master-abc/cve/issues/20" target=3D"_blank" rel=3D"noopener= ">https://github.com/master-abc/cve/issues/20</a> <a href=3D"https://www= .dlink.com/" target=3D"_blank" rel=3D"noopener">https://www.dlink.com/</a><= br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">D-Link--DIR-823X</td>
<td>A security flaw has been discovered in D-Link DIR-823X 250416. This vul= nerability affects unknown code of the file /goform/set_ac_server of the co= mponent Web Management Interface. The manipulation of the argument ac_serve=
r results in os command injection. The attack can be launched remotely. The=
exploit has been released to the public and may be used for attacks.</td> <td>2026-02-06</td>
<td>4.7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2063" target=3D"= _blank" rel=3D"noopener">CVE-2026-2063</a></td>

<a href=3D"https://vuldb.com/?id.344623" target=3D"_blank" rel=3D"noopener"= >VDB-344623 | D-Link DIR-823X Web Management set_ac_server os command injec= tion</a> <a href=3D"https://vuldb.com/?ctiid.344623" target=3D"_blank" r= el=3D"noopener">VDB-344623 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a = href=3D"https://vuldb.com/?submit.744720" target=3D"_blank" rel=3D"noopener= ">Submit #744720 | dlink DIR-823X 250416 OS Command Injection</a> <a hre= f=3D"https://github.com/master-abc/cve/issues/19" target=3D"_blank" rel=3D"= noopener">https://github.com/master-abc/cve/issues/19</a> <a href=3D"htt= ps://www.dlink.com/" target=3D"_blank" rel=3D"noopener">https://www.dlink.c= om/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">D-Link--DIR-823X</td>
<td>A vulnerability was determined in D-Link DIR-823X 250416. The affected = element is an unknown function of the file /goform/set_password. This manip= ulation of the argument http_passwd causes os command injection. The attack=
is possible to be carried out remotely. The exploit has been publicly disc= losed and may be utilized.</td>
<td>2026-02-07</td>
<td>4.7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2081" target=3D"= _blank" rel=3D"noopener">CVE-2026-2081</a></td>

<a href=3D"https://vuldb.com/?id.344648" target=3D"_blank" rel=3D"noopener"= >VDB-344648 | D-Link DIR-823X set_password os command injection</a> <a h= ref=3D"https://vuldb.com/?ctiid.344648" target=3D"_blank" rel=3D"noopener">= VDB-344648 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a href=3D"https://= vuldb.com/?submit.745553" target=3D"_blank" rel=3D"noopener">Submit #745553=
| D-Link DIR-823X 250416 OS Command Injection</a> <a href=3D"https://gi= thub.com/master-abc/cve/issues/22" target=3D"_blank" rel=3D"noopener">https= ://github.com/master-abc/cve/issues/22</a> <a href=3D"https://github.com= /master-abc/cve/issues/22#issue-3847400767" target=3D"_blank" rel=3D"noopen= er">https://github.com/master-abc/cve/issues/22#issue-3847400767</a> <a = href=3D"https://www.dlink.com/" target=3D"_blank" rel=3D"noopener">https://= www.dlink.com/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">D-Link--DIR-823X</td>
<td>A vulnerability was identified in D-Link DIR-823X 250416. The impacted = element is an unknown function of the file /goform/set_mac_clone. Such mani= pulation of the argument mac leads to os command injection. The attack may =
be performed from remote. The exploit is publicly available and might be us= ed.</td>
<td>2026-02-07</td>
<td>4.7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2082" target=3D"= _blank" rel=3D"noopener">CVE-2026-2082</a></td>

<a href=3D"https://vuldb.com/?id.344649" target=3D"_blank" rel=3D"noopener"= >VDB-344649 | D-Link DIR-823X set_mac_clone os command injection</a> <a = href=3D"https://vuldb.com/?ctiid.344649" target=3D"_blank" rel=3D"noopener"= >VDB-344649 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a href=3D"https:/= /vuldb.com/?submit.745854" target=3D"_blank" rel=3D"noopener">Submit #74585=
4 | dlink DIR-823X 250416 OS Command Injection</a> <a href=3D"https://gi= thub.com/master-abc/cve/issues/21" target=3D"_blank" rel=3D"noopener">https= ://github.com/master-abc/cve/issues/21</a> <a href=3D"https://github.com= /master-abc/cve/issues/21#issue-3847172823" target=3D"_blank" rel=3D"noopen= er">https://github.com/master-abc/cve/issues/21#issue-3847172823</a> <a = href=3D"https://www.dlink.com/" target=3D"_blank" rel=3D"noopener">https://= www.dlink.com/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">n/a--JeecgBoot</td>
<td>A weakness has been identified in JeecgBoot up to 3.9.0. Affected by th=
is issue is some unknown functionality of the file /airag/knowledge/doc/edi=
t of the component Retrieval-Augmented Generation Module. Executing a manip= ulation of the argument filePath can lead to path traversal. The attack can=
be executed remotely. The exploit has been made available to the public an=
d could be used for attacks. The vendor was contacted early about this disc= losure but did not respond in any way.</td>
<td>2026-02-07</td>
<td>4.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2111" target=3D"= _blank" rel=3D"noopener">CVE-2026-2111</a></td>

<a href=3D"https://vuldb.com/?id.344687" target=3D"_blank" rel=3D"noopener"= >VDB-344687 | JeecgBoot Retrieval-Augmented Generation edit path traversal<= /a> <a href=3D"https://vuldb.com/?ctiid.344687" target=3D"_blank" rel=3D= "noopener">VDB-344687 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a href= =3D"https://vuldb.com/?submit.746789" target=3D"_blank" rel=3D"noopener">Su= bmit #746789 | jeecgboot 3.9.0 Absolute Path Traversal</a> <a href=3D"ht= tps://www.yuque.com/la12138/vxbwk9/ezodz20a26g36y8m" target=3D"_blank" rel= =3D"noopener">https://www.yuque.com/la12138/vxbwk9/ezodz20a26g36y8m</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">PHPGurukul--Hospital Management System</td>
<td>A security vulnerability has been detected in PHPGurukul Hospital Manag= ement System 4.0. The affected element is an unknown function of the file /= hms/admin/manage-doctors.php. Such manipulation of the argument ID leads to=
sql injection. The attack may be performed from remote. The exploit has be=
en disclosed publicly and may be used.</td>
<td>2026-02-08</td>
<td>4.7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2134" target=3D"= _blank" rel=3D"noopener">CVE-2026-2134</a></td>

<a href=3D"https://vuldb.com/?id.344769" target=3D"_blank" rel=3D"noopener"= >VDB-344769 | PHPGurukul Hospital Management System manage-doctors.php sql = injection</a> <a href=3D"https://vuldb.com/?ctiid.344769" target=3D"_bla= nk" rel=3D"noopener">VDB-344769 | CTI Indicators (IOB, IOC, TTP, IOA)</a><b= r><a href=3D"https://vuldb.com/?submit.747214" target=3D"_blank" rel=3D"noo= pener">Submit #747214 | PHPGurukul Hospital Management System 4.0 SQL Injec= tion</a> <a href=3D"https://github.com/Shaon-Xis/PHPGurukul-HMS-SQL-Inje= ction" target=3D"_blank" rel=3D"noopener">https://github.com/Shaon-Xis/PHPG= urukul-HMS-SQL-Injection</a> <a href=3D"https://phpgurukul.com/" target= =3D"_blank" rel=3D"noopener">https://phpgurukul.com/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">SourceCodester--Patients Waiting Area Queue Ma= nagement System</td>
<td>A vulnerability was detected in SourceCodester/Patrick Mvuma Patients W= aiting Area Queue Management System 1.0. Affected by this vulnerability is =
an unknown functionality of the file /appointments.php. The manipulation of=
the argument patient_id results in cross site scripting. It is possible to=
launch the attack remotely. The exploit is now public and may be used.</td=

<td>2026-02-08</td>
<td>4.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2149" target=3D"= _blank" rel=3D"noopener">CVE-2026-2149</a></td>

<a href=3D"https://vuldb.com/?id.344851" target=3D"_blank" rel=3D"noopener"= >VDB-344851 | SourceCodester/Patrick Mvuma Patients Waiting Area Queue Mana= gement System appointments.php cross site scripting</a> <a href=3D"https= ://vuldb.com/?ctiid.344851" target=3D"_blank" rel=3D"noopener">VDB-344851 |=
CTI Indicators (IOB, IOC, TTP, IOA)</a> <a href=3D"https://vuldb.com/?s= ubmit.747920" target=3D"_blank" rel=3D"noopener">Submit #747920 | Patrick M= vuma Patients Waiting Area Queue Management System 1.0 Doubled Character XS=
S Manipulations</a> <a href=3D"https://github.com/xiahao90/CVEproject/bl= ob/main/xiahao.webray.com.cn/Patients-Waiting-Area-Queue-Management-System-= appointments-XSS.md" target=3D"_blank" rel=3D"noopener">https://github.com/= xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Patients-Waiting-Area-Qu= eue-Management-System-appointments-XSS.md</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">SourceCodester--Patients Waiting Area Queue Ma= nagement System</td>
<td>A flaw has been found in SourceCodester/Patrick Mvuma Patients Waiting = Area Queue Management System 1.0. Affected by this issue is some unknown fu= nctionality of the file /checkin.php. This manipulation of the argument pat= ient_id causes cross site scripting. The attack can be initiated remotely. = The exploit has been published and may be used.</td>
<td>2026-02-08</td>
<td>4.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2150" target=3D"= _blank" rel=3D"noopener">CVE-2026-2150</a></td>

<a href=3D"https://vuldb.com/?id.344852" target=3D"_blank" rel=3D"noopener"= >VDB-344852 | SourceCodester/Patrick Mvuma Patients Waiting Area Queue Mana= gement System checkin.php cross site scripting</a> <a href=3D"https://vu= ldb.com/?ctiid.344852" target=3D"_blank" rel=3D"noopener">VDB-344852 | CTI = Indicators (IOB, IOC, TTP, IOA)</a> <a href=3D"https://vuldb.com/?submit= .747921" target=3D"_blank" rel=3D"noopener">Submit #747921 | Patrick Mvuma = Patients Waiting Area Queue Management System 1.0 Doubled Character XSS Man= ipulations</a> <a href=3D"https://github.com/xiahao90/CVEproject/blob/ma= in/xiahao.webray.com.cn/Patients-Waiting-Area-Queue-Management-System-check= in-php-XSS.md" target=3D"_blank" rel=3D"noopener">https://github.com/xiahao= 90/CVEproject/blob/main/xiahao.webray.com.cn/Patients-Waiting-Area-Queue-Ma= nagement-System-checkin-php-XSS.md</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">mwielgoszewski--doorman</td>
<td>A vulnerability was determined in mwielgoszewski doorman up to 0.6. Thi=
s issue affects the function is_safe_url of the file doorman/users/views.py=
. Executing a manipulation of the argument Next can lead to open redirect. = The attack may be launched remotely. The exploit has been publicly disclose=
d and may be utilized.</td>
<td>2026-02-08</td>
<td>4.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2153" target=3D"= _blank" rel=3D"noopener">CVE-2026-2153</a></td>

<a href=3D"https://vuldb.com/?id.344855" target=3D"_blank" rel=3D"noopener"= >VDB-344855 | mwielgoszewski doorman views.py is_safe_url redirect</a> <=
a href=3D"https://vuldb.com/?ctiid.344855" target=3D"_blank" rel=3D"noopene= r">VDB-344855 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a href=3D"https= ://vuldb.com/?submit.748072" target=3D"_blank" rel=3D"noopener">Submit #748= 072 | https://github.com/mwielgoszewski/doorman doorman Latest Version (com= mit 9a9b97c8) Open Redirect</a> <a href=3D"https://gist.github.com/Racer= Z-fighting/39f230feb0e450ae54f0a80c63c5d924" target=3D"_blank" rel=3D"noope= ner">https://gist.github.com/RacerZ-fighting/39f230feb0e450ae54f0a80c63c5d9= 24</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">SourceCodester--Patients Waiting Area Queue Ma= nagement System</td>
<td>A vulnerability was identified in SourceCodester/Patrick Mvuma Patients=
Waiting Area Queue Management System 1.0. Impacted is an unknown function =
of the file /registration.php of the component Patient Registration Module.=
The manipulation of the argument First Name leads to cross site scripting.=
Remote exploitation of the attack is possible. The exploit is publicly ava= ilable and might be used.</td>
<td>2026-02-08</td>
<td>4.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2154" target=3D"= _blank" rel=3D"noopener">CVE-2026-2154</a></td>

<a href=3D"https://vuldb.com/?id.344856" target=3D"_blank" rel=3D"noopener"= >VDB-344856 | SourceCodester/Patrick Mvuma Patients Waiting Area Queue Mana= gement System Patient Registration registration.php cross site scripting</a= > <a href=3D"https://vuldb.com/?ctiid.344856" target=3D"_blank" rel=3D"n= oopener">VDB-344856 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a href=3D= "https://vuldb.com/?submit.748208" target=3D"_blank" rel=3D"noopener">Submi=
t #748208 | SourceCodester Patients Waiting Area Queue Management System 1 = Cross Site Scripting</a> <a href=3D"https://medium.com/@rvpipalwa/stored= -cross-site-scripting-xss-vulnerability-report-c97788dd6ea6" target=3D"_bla= nk" rel=3D"noopener">https://medium.com/@rvpipalwa/stored-cross-site-script= ing-xss-vulnerability-report-c97788dd6ea6</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">SourceCodester--Simple Responsive Tourism Webs= ite</td>
<td>A flaw has been found in SourceCodester Simple Responsive Tourism Websi=
te 1.0. Affected is an unknown function of the file /tourism/classes/Master= .php?f=3Dregister of the component Registration. Executing a manipulation o=
f the argument firstname/lastname/username can lead to cross site scripting=
. It is possible to launch the attack remotely. The exploit has been publis= hed and may be used.</td>
<td>2026-02-08</td>
<td>4.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2159" target=3D"= _blank" rel=3D"noopener">CVE-2026-2159</a></td>

<a href=3D"https://vuldb.com/?id.344861" target=3D"_blank" rel=3D"noopener"= >VDB-344861 | SourceCodester Simple Responsive Tourism Website Registration=
Master.php cross site scripting</a> <a href=3D"https://vuldb.com/?ctiid= .344861" target=3D"_blank" rel=3D"noopener">VDB-344861 | CTI Indicators (IO=
B, IOC, TTP, IOA)</a> <a href=3D"https://vuldb.com/?submit.750995" targe= t=3D"_blank" rel=3D"noopener">Submit #750995 | sourcecodester.com Simple Re= sponsive Tourism Website 1.0 Cross Site Scripting</a> <a href=3D"https:/= /github.com/CH0ico/CVE_choco_5/blob/main/report.md" target=3D"_blank" rel= =3D"noopener">https://github.com/CH0ico/CVE_choco_5/blob/main/report.md</a>= <a href=3D"https://www.sourcecodester.com/" target=3D"_blank" rel=3D"no= opener">https://www.sourcecodester.com/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">SourceCodester--Simple Responsive Tourism Webs= ite</td>
<td>A vulnerability has been found in SourceCodester Simple Responsive Tour= ism Website 1.0. Affected by this vulnerability is an unknown functionality=
of the file /tourism/classes/Master.php?f=3Dsave_package. The manipulation=
of the argument Title leads to cross site scripting. The attack can be ini= tiated remotely. The exploit has been disclosed to the public and may be us= ed.</td>
<td>2026-02-08</td>
<td>4.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2160" target=3D"= _blank" rel=3D"noopener">CVE-2026-2160</a></td>

<a href=3D"https://vuldb.com/?id.344862" target=3D"_blank" rel=3D"noopener"= >VDB-344862 | SourceCodester Simple Responsive Tourism Website Master.php c= ross site scripting</a> <a href=3D"https://vuldb.com/?ctiid.344862" targ= et=3D"_blank" rel=3D"noopener">VDB-344862 | CTI Indicators (IOB, IOC, TTP, = IOA)</a> <a href=3D"https://vuldb.com/?submit.751016" target=3D"_blank" = rel=3D"noopener">Submit #751016 | sourcecodester.com Simple Responsive Tour= ism Website 1.0 Cross Site Scripting</a> <a href=3D"https://github.com/C= H0ico/CVE_choco_6/blob/main/report.md" target=3D"_blank" rel=3D"noopener">h= ttps://github.com/CH0ico/CVE_choco_6/blob/main/report.md</a> <a href=3D"= https://www.sourcecodester.com/" target=3D"_blank" rel=3D"noopener">https:/= /www.sourcecodester.com/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">itsourcecode--News Portal Project</td>
<td>A vulnerability was determined in itsourcecode News Portal Project 1.0.=
This affects an unknown part of the file /admin/aboutus.php. This manipula= tion of the argument pagetitle causes sql injection. The attack may be init= iated remotely. The exploit has been publicly disclosed and may be utilized= .</td>
<td>2026-02-08</td>
<td>4.7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2162" target=3D"= _blank" rel=3D"noopener">CVE-2026-2162</a></td>

<a href=3D"https://vuldb.com/?id.344864" target=3D"_blank" rel=3D"noopener"= >VDB-344864 | itsourcecode News Portal Project aboutus.php sql injection</a= > <a href=3D"https://vuldb.com/?ctiid.344864" target=3D"_blank" rel=3D"n= oopener">VDB-344864 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a href=3D= "https://vuldb.com/?submit.751083" target=3D"_blank" rel=3D"noopener">Submi=
t #751083 | itsourcecode News Portal Project V1.0 SQL Injection</a> <a h= ref=3D"https://github.com/Wzl731/test/issues/2" target=3D"_blank" rel=3D"no= opener">https://github.com/Wzl731/test/issues/2</a> <a href=3D"https://i= tsourcecode.com/" target=3D"_blank" rel=3D"noopener">https://itsourcecode.c= om/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">D-Link--DIR-600</td>
<td>A vulnerability was identified in D-Link DIR-600 up to 2.15WWb02. This = vulnerability affects unknown code of the file ssdp.cgi. Such manipulation =
of the argument HTTP_ST/REMOTE_ADDR/REMOTE_PORT/SERVER_ID leads to command = injection. The attack may be launched remotely. The exploit is publicly ava= ilable and might be used. This vulnerability only affects products that are=
no longer supported by the maintainer.</td>
<td>2026-02-08</td>
<td>4.7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2163" target=3D"= _blank" rel=3D"noopener">CVE-2026-2163</a></td>

<a href=3D"https://vuldb.com/?id.344865" target=3D"_blank" rel=3D"noopener"= >VDB-344865 | D-Link DIR-600 ssdp.cgi command injection</a> <a href=3D"h= ttps://vuldb.com/?ctiid.344865" target=3D"_blank" rel=3D"noopener">VDB-3448=
65 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a href=3D"https://vuldb.co= m/?submit.751764" target=3D"_blank" rel=3D"noopener">Submit #751764 | D-Lin=
k D-Link DIR-600 v2.15WWb02 Remote Arbitrary Command Execution</a> <a hr= ef=3D"https://github.com/LonTan0/CVE/blob/main/Remote%20Arbitrary%20Command= %20Execution%20Vulnerability%20in%20ssdpcgi%20of%20D-Link%20DIR%E2%80%91600= .md" target=3D"_blank" rel=3D"noopener">https://github.com/LonTan0/CVE/blob= /main/Remote%20Arbitrary%20Command%20Execution%20Vulnerability%20in%20ssdpc= gi%20of%20D-Link%20DIR%E2%80%91600.md</a> <a href=3D"https://github.com/= LonTan0/CVE/blob/main/Remote%20Arbitrary%20Command%20Execution%20Vulnerabil= ity%20in%20ssdpcgi%20of%20D-Link%20DIR%E2%80%91600.md#poc" target=3D"_blank=
" rel=3D"noopener">https://github.com/LonTan0/CVE/blob/main/Remote%20Arbitr= ary%20Command%20Execution%20Vulnerability%20in%20ssdpcgi%20of%20D-Link%20DI= R%E2%80%91600.md#poc</a> <a href=3D"https://www.dlink.com/" target=3D"_b= lank" rel=3D"noopener">https://www.dlink.com/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">PHPGurukul--Hospital Management System</td>
<td>A vulnerability was determined in PHPGurukul Hospital Management System=
4.0. This impacts an unknown function of the file /admin/manage-users.php.=
This manipulation of the argument ID causes sql injection. The attack can =
be initiated remotely. The exploit has been publicly disclosed and may be u= tilized.</td>
<td>2026-02-08</td>
<td>4.7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2179" target=3D"= _blank" rel=3D"noopener">CVE-2026-2179</a></td>

<a href=3D"https://vuldb.com/?id.344882" target=3D"_blank" rel=3D"noopener"= >VDB-344882 | PHPGurukul Hospital Management System manage-users.php sql in= jection</a> <a href=3D"https://vuldb.com/?ctiid.344882" target=3D"_blank=
" rel=3D"noopener">VDB-344882 | CTI Indicators (IOB, IOC, TTP, IOA)</a> =
<a href=3D"https://vuldb.com/?submit.749592" target=3D"_blank" rel=3D"noope= ner">Submit #749592 | PHPGurukul Hospital Management System 4.0 SQL Injecti= on</a> <a href=3D"https://github.com/Shaon-Xis/PHPGurukul-HMS-SQLi-PoC/t= ree/main" target=3D"_blank" rel=3D"noopener">https://github.com/Shaon-Xis/P= HPGurukul-HMS-SQLi-PoC/tree/main</a> <a href=3D"https://github.com/Shaon= -Xis/PHPGurukul-HMS-SQLi-PoC/tree/main#4-proof-of-concept-reproduction-step=
s" target=3D"_blank" rel=3D"noopener">https://github.com/Shaon-Xis/PHPGuruk= ul-HMS-SQLi-PoC/tree/main#4-proof-of-concept-reproduction-steps</a> <a h= ref=3D"https://phpgurukul.com/" target=3D"_blank" rel=3D"noopener">https://= phpgurukul.com/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">n/a--WeKan</td>
<td>A vulnerability was identified in WeKan up to 8.20. This affects an unk= nown part of the file server/publications/cards.js of the component Meteor = Publication Handler. Such manipulation leads to information disclosure. The=
attack may be performed from remote. Upgrading to version 8.21 is able to = mitigate this issue. The name of the patch is 0f5a9c38778ca550cbab6c5093470= e1e90cb837f. Upgrading the affected component is advised.</td> <td>2026-02-08</td>
<td>4.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2205" target=3D"= _blank" rel=3D"noopener">CVE-2026-2205</a></td>

<a href=3D"https://vuldb.com/?id.344919" target=3D"_blank" rel=3D"noopener"= >VDB-344919 | WeKan Meteor Publication cards.js CardPubSubBleed information=
disclosure</a> <a href=3D"https://vuldb.com/?ctiid.344919" target=3D"_b= lank" rel=3D"noopener">VDB-344919 | CTI Indicators (IOB, IOC, TTP, IOA)</a>= <a href=3D"https://vuldb.com/?submit.752161" target=3D"_blank" rel=3D"n= oopener">Submit #752161 | Wekan <8.21 Information disclosure via publish= /subscribe authorization bug</a> <a href=3D"https://github.com/wekan/wek= an/commit/0f5a9c38778ca550cbab6c5093470e1e90cb837f" target=3D"_blank" rel= =3D"noopener">https://github.com/wekan/wekan/commit/0f5a9c38778ca550cbab6c5= 093470e1e90cb837f</a> <a href=3D"https://github.com/wekan/wekan/releases= /tag/v8.21" target=3D"_blank" rel=3D"noopener">https://github.com/wekan/wek= an/releases/tag/v8.21</a> <a href=3D"https://github.com/wekan/wekan/" ta= rget=3D"_blank" rel=3D"noopener">https://github.com/wekan/wekan/</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">n/a--WeKan</td>
<td>A security vulnerability has been detected in WeKan up to 8.20. Impacte=
d is an unknown function of the file server/publications/rules.js of the co= mponent Rules Handler. The manipulation leads to missing authorization. The=
attack can be initiated remotely. Upgrading to version 8.21 is recommended=
to address this issue. The identifier of the patch is a787bcddf33ca28afb13= ff5ea9a4cb92dceac005. The affected component should be upgraded.</td> <td>2026-02-08</td>
<td>4.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2208" target=3D"= _blank" rel=3D"noopener">CVE-2026-2208</a></td>

<a href=3D"https://vuldb.com/?id.344922" target=3D"_blank" rel=3D"noopener"= >VDB-344922 | WeKan Rules rules.js RulesBleed authorization</a> <a href= =3D"https://vuldb.com/?ctiid.344922" target=3D"_blank" rel=3D"noopener">VDB= -344922 | CTI Indicators (IOB, IOC, IOA)</a> <a href=3D"https://vuldb.co= m/?submit.752164" target=3D"_blank" rel=3D"noopener">Submit #752164 | Wekan=
<8.21 Information disclosure / missing authorization on admin publicat<= /a> <a href=3D"https://github.com/wekan/wekan/commit/a787bcddf33ca28afb1= 3ff5ea9a4cb92dceac005" target=3D"_blank" rel=3D"noopener">https://github.co= m/wekan/wekan/commit/a787bcddf33ca28afb13ff5ea9a4cb92dceac005</a> <a hre= f=3D"https://github.com/wekan/wekan/releases/tag/v8.21" target=3D"_blank" r= el=3D"noopener">https://github.com/wekan/wekan/releases/tag/v8.21</a> <a=
href=3D"https://github.com/wekan/wekan/" target=3D"_blank" rel=3D"noopener= ">https://github.com/wekan/wekan/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">glpi-project--glpi</td>
<td>GLPI is a free asset and IT management software package. From version 1= 1.0.0 to before 11.0.5, a GLPI administrator can perform SSRF request throu=
gh the Webhook feature. This issue has been patched in version 11.0.5.</td> <td>2026-02-04</td>
<td>4.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-22247" target=3D= "_blank" rel=3D"noopener">CVE-2026-22247</a></td>

<a href=3D"https://github.com/glpi-project/glpi/security/advisories/GHSA-f6= f6-v3qr-9p5x" target=3D"_blank" rel=3D"noopener">https://github.com/glpi-pr= oject/glpi/security/advisories/GHSA-f6f6-v3qr-9p5x</a> <a href=3D"https:= //github.com/glpi-project/glpi/releases/tag/11.0.5" target=3D"_blank" rel= =3D"noopener">https://github.com/glpi-project/glpi/releases/tag/11.0.5</a><= br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">F5--F5 BIG-IP Container Ingress Services</td> <td>A vulnerability exists in F5 BIG-IP Container Ingress Services that may=
allow excessive permissions to read cluster secrets.=C2=A0 Note: Software = versions which have reached End of Technical Support (EoTS) are not evaluat= ed.</td>
<td>2026-02-04</td>
<td>4.9</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-22549" target=3D= "_blank" rel=3D"noopener">CVE-2026-22549</a></td>

<a href=3D"https://my.f5.com/manage/s/article/K000157960" target=3D"_blank"=
rel=3D"noopener">https://my.f5.com/manage/s/article/K000157960</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">rizinorg--rizin</td>
<td>Rizin is a UNIX-like reverse engineering framework and command-line too= lset. Prior to 0.8.2, a heap overflow can be exploited when a malicious mac=
h0 file, having bogus entries for the dyld chained segments, is parsed by r= izin. This vulnerability is fixed in 0.8.2.</td>
<td>2026-02-02</td>
<td>4.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-22780" target=3D= "_blank" rel=3D"noopener">CVE-2026-22780</a></td>

<a href=3D"https://github.com/rizinorg/rizin/security/advisories/GHSA-f3v7-= xhmj-9cjj" target=3D"_blank" rel=3D"noopener">https://github.com/rizinorg/r= izin/security/advisories/GHSA-f3v7-xhmj-9cjj</a> <a href=3D"https://gith= ub.com/rizinorg/rizin/issues/5768" target=3D"_blank" rel=3D"noopener">https= ://github.com/rizinorg/rizin/issues/5768</a> <a href=3D"https://github.c= om/rizinorg/rizin/pull/5770" target=3D"_blank" rel=3D"noopener">https://git= hub.com/rizinorg/rizin/pull/5770</a> <a href=3D"https://github.com/rizin= org/rizin/commit/41ea75d5b07d9b41b27ae80675cdda65f1b1c989" target=3D"_blank=
" rel=3D"noopener">https://github.com/rizinorg/rizin/commit/41ea75d5b07d9b4= 1b27ae80675cdda65f1b1c989</a> <a href=3D"https://github.com/rizinorg/riz= in/blob/6dd0dba9ff4dc706f549d0cdcd93856b49e59aa0/librz/bin/format/mach0/mac= h0_chained_fixups.c#L200" target=3D"_blank" rel=3D"noopener">https://github= .com/rizinorg/rizin/blob/6dd0dba9ff4dc706f549d0cdcd93856b49e59aa0/librz/bin= /format/mach0/mach0_chained_fixups.c#L200</a> <a href=3D"https://github.= com/rizinorg/rizin/releases/tag/v0.8.2" target=3D"_blank" rel=3D"noopener">= https://github.com/rizinorg/rizin/releases/tag/v0.8.2</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">glpi-project--glpi</td>
<td>GLPI is a free asset and IT management software package. In versions st= arting from 0.71 to before 10.0.23 and before 11.0.5, when remote authentic= ation is used, based on SSO variables, a user can steal a GLPI session prev= iously opened by another user on the same machine. This issue has been patc= hed in versions .</td>
<td>2026-02-04</td>
<td>4.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23624" target=3D= "_blank" rel=3D"noopener">CVE-2026-23624</a></td>

<a href=3D"https://github.com/glpi-project/glpi/security/advisories/GHSA-5j= 4j-vx46-r477" target=3D"_blank" rel=3D"noopener">https://github.com/glpi-pr= oject/glpi/security/advisories/GHSA-5j4j-vx46-r477</a> <a href=3D"https:= //github.com/glpi-project/glpi/releases/tag/10.0.23" target=3D"_blank" rel= =3D"noopener">https://github.com/glpi-project/glpi/releases/tag/10.0.23</a>= <a href=3D"https://github.com/glpi-project/glpi/releases/tag/11.0.5" ta= rget=3D"_blank" rel=3D"noopener">https://github.com/glpi-project/glpi/relea= ses/tag/11.0.5</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Enalean--tuleap</td>
<td>Tuleap is an Open Source Suite for management of software development a=
nd collaboration. Tuleap is missing CSRF protection in the Overview inconsi= stent items. An attacker could use this vulnerability to trick victims into=
repairing inconsistent items (creating artifact links from the release). T= his vulnerability is fixed in Tuleap Community Edition 17.0.99.1768924735 a=
nd Tuleap Enterprise Edition 17.2-5, 17.1-6, and 17.0-9.</td> <td>2026-02-02</td>
<td>4.6</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24007" target=3D= "_blank" rel=3D"noopener">CVE-2026-24007</a></td>

<a href=3D"https://github.com/Enalean/tuleap/security/advisories/GHSA-7g48-= rwqj-ffxw" target=3D"_blank" rel=3D"noopener">https://github.com/Enalean/tu= leap/security/advisories/GHSA-7g48-rwqj-ffxw</a> <a href=3D"https://gith= ub.com/Enalean/tuleap/commit/5ec5e81e409892fe0e41f11d5d36ee6c85a6fbb5" targ= et=3D"_blank" rel=3D"noopener">https://github.com/Enalean/tuleap/commit/5ec= 5e81e409892fe0e41f11d5d36ee6c85a6fbb5</a> <a href=3D"https://tuleap.net/= plugins/git/tuleap/tuleap/stable?a=3Dcommit&h=3D5ec5e81e409892fe0e41f11d5d3= 6ee6c85a6fbb5" target=3D"_blank" rel=3D"noopener">https://tuleap.net/plugin= s/git/tuleap/tuleap/stable?a=3Dcommit&h=3D5ec5e81e409892fe0e41f11d5d36ee6c8= 5a6fbb5</a> <a href=3D"https://tuleap.net/plugins/tracker/?aid=3D46389" = target=3D"_blank" rel=3D"noopener">https://tuleap.net/plugins/tracker/?aid= =3D46389</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">gunet--openeclass</td>
<td>The Open eClass platform (formerly known as GUnet eClass) is a complete=
course management system. Prior to version 4.2, a file upload validation b= ypass vulnerability allows attackers to upload files with prohibited extens= ions by embedding them inside ZIP archives and extracting them using the ap= plication's built-in decompression functionality. This issue has been patch=
ed in version 4.2.</td>
<td>2026-02-03</td>
<td>4.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24673" target=3D= "_blank" rel=3D"noopener">CVE-2026-24673</a></td>

<a href=3D"https://github.com/gunet/openeclass/security/advisories/GHSA-3g4= j-56gp-v6wv" target=3D"_blank" rel=3D"noopener">https://github.com/gunet/op= eneclass/security/advisories/GHSA-3g4j-56gp-v6wv</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">gunet--openeclass</td>
<td>The Open eClass platform (formerly known as GUnet eClass) is a complete=
course management system. Prior to version 4.2, a Reflected Cross-Site Scr= ipting (XSS) vulnerability allows remote attackers to execute arbitrary Jav= aScript in the context of authenticated users by crafting malicious URLs an=
d tricking victims into visiting them. This issue has been patched in versi=
on 4.2.</td>
<td>2026-02-03</td>
<td>4.7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24674" target=3D= "_blank" rel=3D"noopener">CVE-2026-24674</a></td>

<a href=3D"https://github.com/gunet/openeclass/security/advisories/GHSA-gqv= p-w22w-w99r" target=3D"_blank" rel=3D"noopener">https://github.com/gunet/op= eneclass/security/advisories/GHSA-gqvp-w22w-w99r</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">gunet--openeclass</td>
<td>The Open eClass platform (formerly known as GUnet eClass) is a complete=
course management system. Prior to version 4.2, a business logic vulnerabi= lity allows authenticated students to improperly mark themselves as present=
in attendance activities, including activities that have already expired, =
by directly accessing a crafted URL. This issue has been patched in version=
4.2.</td>
<td>2026-02-03</td>
<td>4.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24774" target=3D= "_blank" rel=3D"noopener">CVE-2026-24774</a></td>

<a href=3D"https://github.com/gunet/openeclass/security/advisories/GHSA-rv2= x-4rc8-93jh" target=3D"_blank" rel=3D"noopener">https://github.com/gunet/op= eneclass/security/advisories/GHSA-rv2x-4rc8-93jh</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">opf--openproject</td>
<td>OpenProject is an open-source, web-based project management software. P= rior to 17.0.2, the drag&drop handler moving an agenda item to a differ= ent section was not properly checking if the target meeting section is part=
of the same meeting (or is the backlog, in case of recurring meetings). Th=
is allowed an attacker to move a meeting agenda item into a different meeti= ng. The attacker did not get access to meetings, but they could add arbitra=
ry agenda items, that could cause confusions. The vulnerability is fixed in=
17.0.2.</td>
<td>2026-02-06</td>
<td>4.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24776" target=3D= "_blank" rel=3D"noopener">CVE-2026-24776</a></td>

<a href=3D"https://github.com/opf/openproject/security/advisories/GHSA-p9v8= -w9ph-hqmf" target=3D"_blank" rel=3D"noopener">https://github.com/opf/openp= roject/security/advisories/GHSA-p9v8-w9ph-hqmf</a> <a href=3D"https://gi= thub.com/opf/openproject/releases/tag/v17.0.2" target=3D"_blank" rel=3D"noo= pener">https://github.com/opf/openproject/releases/tag/v17.0.2</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">Huawei--HarmonyOS</td>
<td>Type confusion vulnerability in the camera module. Impact: Successful e= xploitation of this vulnerability may affect availability.</td> <td>2026-02-06</td>
<td>4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24914" target=3D= "_blank" rel=3D"noopener">CVE-2026-24914</a></td>

<a href=3D"https://consumer.huawei.com/en/support/bulletin/2026/2/" target= =3D"_blank" rel=3D"noopener">https://consumer.huawei.com/en/support/bulleti= n/2026/2/</a> <a href=3D"https://consumer.huawei.com/en/support/bulletin= laptops/2026/2/" target=3D"_blank" rel=3D"noopener">https://consumer.huawei= .com/en/support/bulletinlaptops/2026/2/</a> <a href=3D"https://consumer.= huawei.com/en/support/bulletinwearables/2026/2/" target=3D"_blank" rel=3D"n= oopener">https://consumer.huawei.com/en/support/bulletinwearables/2026/2/</= a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Huawei--HarmonyOS</td>
<td>Address read vulnerability in the HDC module. Impact: Successful exploi= tation of this vulnerability will affect availability and confidentiality.<=

<td>2026-02-06</td>
<td>4.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24921" target=3D= "_blank" rel=3D"noopener">CVE-2026-24921</a></td>

<a href=3D"https://consumer.huawei.com/en/support/bulletin/2026/2/" target= =3D"_blank" rel=3D"noopener">https://consumer.huawei.com/en/support/bulleti= n/2026/2/</a> <a href=3D"https://consumer.huawei.com/en/support/bulletin= laptops/2026/2/" target=3D"_blank" rel=3D"noopener">https://consumer.huawei= .com/en/support/bulletinlaptops/2026/2/</a> <a href=3D"https://consumer.= huawei.com/en/support/bulletinwearables/2026/2/" target=3D"_blank" rel=3D"n= oopener">https://consumer.huawei.com/en/support/bulletinwearables/2026/2/</= a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Blesta--Blesta</td>
<td>Blesta 3.x through 5.x before 5.13.3 mishandles input validation, aka C= ORE-5665.</td>
<td>2026-02-03</td>
<td>4.7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25616" target=3D= "_blank" rel=3D"noopener">CVE-2026-25616</a></td>

<a href=3D"https://www.blesta.com/2026/01/28/security-advisory/" target=3D"= _blank" rel=3D"noopener">https://www.blesta.com/2026/01/28/security-advisor= y/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">hedgedoc--hedgedoc</td>
<td>HedgeDoc is an open source, real-time, collaborative, markdown notes ap= plication. Prior to 1.10.6, files served below the /uploads/ endpoint did n=
ot use a more strict security-policy. This resulted in a too open Content-S= ecurity-Policy and furthermore opened the possibility to host malicious int= eractive web content (such as fake login forms) using SVG files. This vulne= rability is fixed in 1.10.6.</td>
<td>2026-02-06</td>
<td>4.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25642" target=3D= "_blank" rel=3D"noopener">CVE-2026-25642</a></td>

<a href=3D"https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-x7= 4j-jmf9-534w" target=3D"_blank" rel=3D"noopener">https://github.com/hedgedo= c/hedgedoc/security/advisories/GHSA-x74j-jmf9-534w</a> <a href=3D"https:= //github.com/hedgedoc/hedgedoc/commit/74daa0e7a1cbfafd9aeb255eaf064dfe47cd4= 01c" target=3D"_blank" rel=3D"noopener">https://github.com/hedgedoc/hedgedo= c/commit/74daa0e7a1cbfafd9aeb255eaf064dfe47cd401c</a> <a href=3D"https:/= /github.com/hedgedoc/hedgedoc/commit/b930fe04cee92cd4723044030bb59c36781c71= 37" target=3D"_blank" rel=3D"noopener">https://github.com/hedgedoc/hedgedoc= /commit/b930fe04cee92cd4723044030bb59c36781c7137</a> <a href=3D"https://= github.com/hedgedoc/hedgedoc/releases/tag/1.10.6" target=3D"_blank" rel=3D"= noopener">https://github.com/hedgedoc/hedgedoc/releases/tag/1.10.6</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">siyuan-note--siyuan</td>
<td>Lute is a structured Markdown engine supporting Go and JavaScript. Lute=
1.7.6 and earlier (as used in SiYuan before) has a Stored Cross-Site Scrip= ting (XSS) vulnerability in the Markdown rendering engine. An attacker can = inject malicious JavaScript into a Markdown text/note. When another user cl= icks the rendered content, the script executes in the context of their sess= ion.</td>
<td>2026-02-06</td>
<td>4.6</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25647" target=3D= "_blank" rel=3D"noopener">CVE-2026-25647</a></td>

<a href=3D"https://github.com/siyuan-note/siyuan/security/advisories/GHSA-r= w25-98wq-76qv" target=3D"_blank" rel=3D"noopener">https://github.com/siyuan= -note/siyuan/security/advisories/GHSA-rw25-98wq-76qv</a> <a href=3D"http= s://github.com/88250/lute/commit/0118e218916cf0cc7df639b50ce74e0c6c3d1868" = target=3D"_blank" rel=3D"noopener">https://github.com/88250/lute/commit/011= 8e218916cf0cc7df639b50ce74e0c6c3d1868</a> =C2=A0</td>
</tr>
</tbody>
</table>
<a href=3D"#top">Back to top</a>
</div>
<div id=3D"low_v">
<h2 id=3D"low_v_title">Low Vulnerabilities</h2>
<table class=3D"table no-tablesaw" style=3D"table-layout: fixed; width: 100= %;" border=3D"1" summary=3D"Low Vulnerabilities" align=3D"center">
<thead>

<th class=3D"vendor-product" style=3D"width: 24%;" scope=3D"col">
Primary Vendor -- Product</th>
<th style=3D"width: 44%;" scope=3D"col">Description</th>
<th style=3D"width: 10%;" scope=3D"col">Published</th>
<th style=3D"width: 8%;" scope=3D"col">CVSS Score</th>
<th style=3D"width: 7%;" scope=3D"col">Source Info</th>
<th style=3D"width: 7%;" scope=3D"col">Patch Info</th>
</tr>
</thead>
<tbody>

<td class=3D"vendor-product">P5--FNIP-8x16A</td>
<td>P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vu= lnerability that allows attackers to perform administrative actions without=
user interaction. Attackers can craft malicious web pages to add new admin=
users, change passwords, and modify system configurations by tricking auth= enticated users into loading a specially crafted page.</td>
<td>2026-02-05</td>
<td>3.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37118" target=3D= "_blank" rel=3D"noopener">CVE-2020-37118</a></td>

<a href=3D"https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5564.php"=
target=3D"_blank" rel=3D"noopener">Zero Science Lab Disclosure (ZSL-2020-5= 564)</a> <a href=3D"https://www.exploit-db.com/exploits/48362" target=3D= "_blank" rel=3D"noopener">ExploitDB-48362</a> <a href=3D"https://packets= torm.news/files/id/157318" target=3D"_blank" rel=3D"noopener">Packet Storm = Entry</a> <a href=3D"https://exchange.xforce.ibmcloud.com/vulnerabilitie= s/180253" target=3D"_blank" rel=3D"noopener">IBM X-Force Vulnerability Repo= rt</a> <a href=3D"https://www.p5.hu/" target=3D"_blank" rel=3D"noopener"= >P5 Vendor Homepage</a> <a href=3D"https://www.vulncheck.com/advisories/= p-fnip-xa-fnip-xsh-cross-site-request-forgery-add-admin" target=3D"_blank" = rel=3D"noopener">VulnCheck Advisory: P5 FNIP-8x16A FNIP-4xSH 1.0.20 - Cross= -Site Request Forgery (Add Admin)</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">P5--FNIP-8x16A</td>
<td>P5 FNIP-8x16A/FNIP-4xSH versions 1.0.20 and 1.0.11 suffer from a stored=
cross-site scripting vulnerability. Input passed to several GET/POST param= eters is not properly sanitized before being returned to the user, allowing=
attackers to execute arbitrary HTML and script code in a user's browser se= ssion in the context of the affected site. This can be exploited by submitt= ing crafted input to the label modification functionality, such as the 'lab=
4' parameter in config.html.</td>
<td>2026-02-05</td>
<td>3.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37148" target=3D= "_blank" rel=3D"noopener">CVE-2020-37148</a></td>

<a href=3D"https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5564.php"=
target=3D"_blank" rel=3D"noopener">Zero Science Lab Disclosure (ZSL-2020-5= 564)</a> <a href=3D"https://www.exploit-db.com/exploits/48362" target=3D= "_blank" rel=3D"noopener">ExploitDB-48362</a> <a href=3D"https://packets= tormsecurity.com/files/156170/P5-FNIP-8x16A-FNIP-4xSH-1.0.20-CSRF-XSS.html"=
target=3D"_blank" rel=3D"noopener">Packet Storm Entry</a> <a href=3D"ht= tps://exchange.xforce.ibmcloud.com/vulnerabilities/176993" target=3D"_blank=
" rel=3D"noopener">IBM X-Force Vulnerability Report</a> <a href=3D"https= ://www.p5.hu/" target=3D"_blank" rel=3D"noopener">P5 Vendor Homepage</a><br= ><a href=3D"https://www.vulncheck.com/advisories/p-fnip-xafnip-xsh-stored-c= ross-site-scripting-xss" target=3D"_blank" rel=3D"noopener">VulnCheck Advis= ory: P5 FNIP-8x16A/FNIP-4xSH 1.0.20, 1.0.11 - Stored Cross-Site Scripting (= XSS)</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Tanium--Interact</td>
<td>Tanium addressed an improper access controls vulnerability in Interact.= </td>
<td>2026-02-05</td>
<td>3.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15289" target=3D= "_blank" rel=3D"noopener">CVE-2025-15289</a></td>

<a href=3D"https://security.tanium.com/TAN-2025-033" target=3D"_blank" rel= =3D"noopener">TAN-2025-033</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Tanium--Tanium Client</td>
<td>Tanium addressed a denial of service vulnerability in Tanium Client.</t=

<td>2026-02-06</td>
<td>3.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15320" target=3D= "_blank" rel=3D"noopener">CVE-2025-15320</a></td>

<a href=3D"https://security.tanium.com/TAN-2025-023" target=3D"_blank" rel= =3D"noopener">TAN-2025-023</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Tanium--Tanium Appliance</td>
<td>Tanium addressed an improper certificate validation vulnerability in Ta= nium Appliance.</td>
<td>2026-02-05</td>
<td>3.7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15323" target=3D= "_blank" rel=3D"noopener">CVE-2025-15323</a></td>

<a href=3D"https://security.tanium.com/TAN-2025-031" target=3D"_blank" rel= =3D"noopener">TAN-2025-031</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">n/a--Mapnik</td>
<td>A vulnerability has been found in Mapnik up to 4.2.0. This vulnerabilit=
y affects the function mapnik::detail::mod<...>::operator of the file=
src/value.cpp. The manipulation leads to divide by zero. The attack needs =
to be performed locally. The exploit has been disclosed to the public and m=
ay be used. The project was informed of the problem early through an issue = report but has not responded yet.</td>
<td>2026-02-07</td>
<td>3.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15564" target=3D= "_blank" rel=3D"noopener">CVE-2025-15564</a></td>

<a href=3D"https://vuldb.com/?id.344502" target=3D"_blank" rel=3D"noopener"= >VDB-344502 | Mapnik value.cpp operator divide by zero</a> <a href=3D"ht= tps://vuldb.com/?ctiid.344502" target=3D"_blank" rel=3D"noopener">VDB-34450=
2 | CTI Indicators (IOB, IOC, IOA)</a> <a href=3D"https://vuldb.com/?sub= mit.743386" target=3D"_blank" rel=3D"noopener">Submit #743386 | mapnik Mapn=
ik v4.2.0 and master branch Divide By Zero</a> <a href=3D"https://github= .com/mapnik/mapnik/issues/4545" target=3D"_blank" rel=3D"noopener">https://= github.com/mapnik/mapnik/issues/4545</a> <a href=3D"https://github.com/o= neafter/1219/blob/main/repro" target=3D"_blank" rel=3D"noopener">https://gi= thub.com/oneafter/1219/blob/main/repro</a> <a href=3D"https://github.com= /mapnik/mapnik/" target=3D"_blank" rel=3D"noopener">https://github.com/mapn= ik/mapnik/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">IBM--Jazz Reporting Service</td>
<td>IBM Jazz Reporting Service could allow an authenticated user on the hos=
t network to cause a denial of service using specially crafted SQL query th=
at consumes excess memory resources.</td>
<td>2026-02-04</td>
<td>3.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-1823" target=3D"= _blank" rel=3D"noopener">CVE-2025-1823</a></td>

<a href=3D"https://www.ibm.com/support/pages/node/7258083" target=3D"_blank=
" rel=3D"noopener">https://www.ibm.com/support/pages/node/7258083</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">IBM--Jazz Reporting Service</td>
<td>IBM Jazz Reporting Service could allow an authenticated user on the net= work to affect the system's performance using complicated queries due to in= sufficient resource pooling.</td>
<td>2026-02-04</td>
<td>3.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-2134" target=3D"= _blank" rel=3D"noopener">CVE-2025-2134</a></td>

<a href=3D"https://www.ibm.com/support/pages/node/7258083" target=3D"_blank=
" rel=3D"noopener">https://www.ibm.com/support/pages/node/7258083</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">IBM--Jazz Reporting Service</td>
<td>IBM Jazz Reporting Service could allow an authenticated user on the hos=
t network to obtain sensitive information about other projects that reside =
on the server.</td>
<td>2026-02-04</td>
<td>3.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-27550" target=3D= "_blank" rel=3D"noopener">CVE-2025-27550</a></td>

<a href=3D"https://www.ibm.com/support/pages/node/7258083" target=3D"_blank=
" rel=3D"noopener">https://www.ibm.com/support/pages/node/7258083</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">IBM--Concert</td>
<td>IBM Concert 1.0.0 through 2.1.0 stores potentially sensitive informatio=
n in log files that could be read by a local user.</td>
<td>2026-02-03</td>
<td>3.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-33081" target=3D= "_blank" rel=3D"noopener">CVE-2025-33081</a></td>

<a href=3D"https://www.ibm.com/support/pages/node/7257565" target=3D"_blank=
" rel=3D"noopener">https://www.ibm.com/support/pages/node/7257565</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">HCL--AION</td>
<td>HCL AION is affected by an Autocomplete HTML Attribute Not Disabled for=
Password Field vulnerability. This can allow autocomplete on password fiel=
ds may lead to unintended storage or disclosure of sensitive credentials, p= otentially increasing the risk of unauthorized access. This issue affects A= ION: 2.0.</td>
<td>2026-02-03</td>
<td>3.7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-52623" target=3D= "_blank" rel=3D"noopener">CVE-2025-52623</a></td>

<a href=3D"https://support.hcl-software.com/csm?id=3Dkb_article&sysparm_art= icle=3DKB0127972" target=3D"_blank" rel=3D"noopener">https://support.hcl-so= ftware.com/csm?id=3Dkb_article&sysparm_article=3DKB0127972</a> =C2=A0</t=

</tr>

<td class=3D"vendor-product">HCL--AION</td>
<td>HCL AION is susceptible to Missing Content-Security-Policy.=C2=A0 An Th=
e absence of a CSP header may increase the risk of cross-site scripting and=
other content injection attacks by allowing unsafe scripts or resources to=
execute. This issue affects AION: 2.0.</td>
<td>2026-02-03</td>
<td>3.7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-52629" target=3D= "_blank" rel=3D"noopener">CVE-2025-52629</a></td>

<a href=3D"https://support.hcl-software.com/csm?id=3Dkb_article&sysparm_art= icle=3DKB0127972" target=3D"_blank" rel=3D"noopener">https://support.hcl-so= ftware.com/csm?id=3Dkb_article&sysparm_article=3DKB0127972</a> =C2=A0</t=

</tr>

<td class=3D"vendor-product">HCL--AION</td>
<td>HCL AION is affected by a Missing or Insecure HTTP Strict-Transport-Sec= urity (HSTS) Header vulnerability. This can allow insecure connections, pot= entially exposing the application to man-in-the-middle and protocol downgra=
de attacks. This issue affects AION: 2.0.</td>
<td>2026-02-03</td>
<td>3.7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-52631" target=3D= "_blank" rel=3D"noopener">CVE-2025-52631</a></td>

<a href=3D"https://support.hcl-software.com/csm?id=3Dkb_article&sysparm_art= icle=3DKB0127972" target=3D"_blank" rel=3D"noopener">https://support.hcl-so= ftware.com/csm?id=3Dkb_article&sysparm_article=3DKB0127972</a> =C2=A0</t=

</tr>

<td class=3D"vendor-product">HCL--AION</td>
<td>HCL AION is affected by a Permanent Cookie Containing Sensitive Session=
Information vulnerability. It is storing sensitive session data in persist= ent cookies may increase the risk of unauthorized access if the cookies are=
intercepted or compromised. This issue affects AION: 2.0.</td> <td>2026-02-03</td>
<td>3.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-52633" target=3D= "_blank" rel=3D"noopener">CVE-2025-52633</a></td>

<a href=3D"https://support.hcl-software.com/csm?id=3Dkb_article&sysparm_art= icle=3DKB0127972" target=3D"_blank" rel=3D"noopener">https://support.hcl-so= ftware.com/csm?id=3Dkb_article&sysparm_article=3DKB0127972</a> =C2=A0</t=

</tr>

<td class=3D"vendor-product">N/A--Moodle[.]org</td>
<td>A flaw was found in Moodle. An open redirect vulnerability in the OAuth=
login flow allows a remote attacker to redirect users to attacker-controll=
ed pages after they have successfully authenticated. This occurs due to ins= ufficient validation of redirect parameters, which could lead to phishing a= ttacks or information disclosure.</td>
<td>2026-02-03</td>
<td>3.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-67852" target=3D= "_blank" rel=3D"noopener">CVE-2025-67852</a></td>

<a href=3D"https://access.redhat.com/security/cve/CVE-2025-67852" target=3D= "_blank" rel=3D"noopener">https://access.redhat.com/security/cve/CVE-2025-6= 7852</a> <a href=3D"https://bugzilla.redhat.com/show_bug.cgi?id=3D242384=
4" target=3D"_blank" rel=3D"noopener">RHBZ#2423844</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">webpack--webpack</td>
<td>Webpack is a module bundler. From version 5.49.0 to before 5.104.0, whe=
n experiments.buildHttp is enabled, webpack's HTTP(S) resolver (HttpUriPlug= in) enforces allowedUris only for the initial URL, but does not re-validate=
allowedUris after following HTTP 30x redirects. As a result, an import tha=
t appears restricted to a trusted allow-list can be redirected to HTTP(S) U= RLs outside the allow-list. This is a policy/allow-list bypass that enables=
build-time SSRF behavior (requests from the build machine to internal-only=
endpoints, depending on network access) and untrusted content inclusion in=
build outputs (redirected content is treated as module source and bundled)=
. This issue has been patched in version 5.104.0.</td>
<td>2026-02-05</td>
<td>3.7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-68157" target=3D= "_blank" rel=3D"noopener">CVE-2025-68157</a></td>

<a href=3D"https://github.com/webpack/webpack/security/advisories/GHSA-38r7= -794h-5758" target=3D"_blank" rel=3D"noopener">https://github.com/webpack/w= ebpack/security/advisories/GHSA-38r7-794h-5758</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">webpack--webpack</td>
<td>Webpack is a module bundler. From version 5.49.0 to before 5.104.1, whe=
n experiments.buildHttp is enabled, webpack's HTTP(S) resolver (HttpUriPlug= in) can be bypassed to fetch resources from hosts outside allowedUris by us= ing crafted URLs that include userinfo (username:password@host). If allowed= Uris enforcement relies on a raw string prefix check (e.g., uri.startsWith(= allowed)), a URL that looks allow-listed can pass validation while the actu=
al network request is sent to a different authority/host after URL parsing.=
This is a policy/allow-list bypass that enables build-time SSRF behavior (= outbound requests from the build machine to internal-only endpoints, depend= ing on network access) and untrusted content inclusion (the fetched respons=
e is treated as module source and bundled). This issue has been patched in = version 5.104.1.</td>
<td>2026-02-05</td>
<td>3.7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-68458" target=3D= "_blank" rel=3D"noopener">CVE-2025-68458</a></td>

<a href=3D"https://github.com/webpack/webpack/security/advisories/GHSA-8fgc= -7cc6-rx7x" target=3D"_blank" rel=3D"noopener">https://github.com/webpack/w= ebpack/security/advisories/GHSA-8fgc-7cc6-rx7x</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">DJI--Mavic Mini</td>
<td>A vulnerability has been found in DJI Mavic Mini, Air, Spark and Mini S=
E up to 01.00.0500. Affected by this vulnerability is an unknown functional= ity of the component Enhanced Wi-Fi Pairing. The manipulation leads to auth= entication bypass by capture-replay. The attack must be carried out from wi= thin the local network. A high degree of complexity is needed for the attac=
k. The exploitation appears to be difficult. The exploit has been disclosed=
to the public and may be used. The vendor was contacted early about this d= isclosure but did not respond in any way.</td>
<td>2026-02-02</td>
<td>3.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1743" target=3D"= _blank" rel=3D"noopener">CVE-2026-1743</a></td>

<a href=3D"https://vuldb.com/?id.343674" target=3D"_blank" rel=3D"noopener"= >VDB-343674 | DJI Mavic Mini/Air/Spark/Mini SE Enhanced Wi-Fi Pairing authe= ntication replay</a> <a href=3D"https://vuldb.com/?ctiid.343674" target= =3D"_blank" rel=3D"noopener">VDB-343674 | CTI Indicators (IOB, IOC, TTP)</a= > <a href=3D"https://vuldb.com/?submit.741323" target=3D"_blank" rel=3D"= noopener">Submit #741323 | DJI DJI Mavic Mini, Spark, Mini SE 01.00.0500 an=
d Below Authentication Bypass by Capture-replay</a> <a href=3D"https://g= ithub.com/ByteMe1001/DJI-CatNect" target=3D"_blank" rel=3D"noopener">https:= //github.com/ByteMe1001/DJI-CatNect</a> <a href=3D"https://github.com/By= teMe1001/DJI-CatNect/blob/main/exploit.c" target=3D"_blank" rel=3D"noopener= ">https://github.com/ByteMe1001/DJI-CatNect/blob/main/exploit.c</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">GitLab--GitLab</td>
<td>A vulnerability has been discovered in GitLab CE/EE affecting all versi= ons starting with 16.8 before 18.5.0 that could have allowed unauthorized e= dits to merge request approval rules under certain conditions.</td> <td>2026-02-02</td>
<td>3.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1751" target=3D"= _blank" rel=3D"noopener">CVE-2026-1751</a></td>

<a href=3D"https://gitlab.com/gitlab-org/gitlab/-/issues/519340" target=3D"= _blank" rel=3D"noopener">GitLab Issue #519340</a> <a href=3D"https://hac= kerone.com/reports/2980839" target=3D"_blank" rel=3D"noopener">HackerOne Bu=
g Bounty Report #2980839</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Edimax--BR-6258n</td>
<td>A flaw has been found in Edimax BR-6258n up to 1.18. This issue affects=
the function formStaDrvSetup of the file /goform/formStaDrvSetup. This man= ipulation of the argument submit-url causes open redirect. The attack can b=
e initiated remotely. The exploit has been published and may be used. The v= endor confirms that the affected product is end-of-life. They confirm that = they "will issue a consolidated Security Advisory on our official support w= ebsite." This vulnerability only affects products that are no longer suppor= ted by the maintainer.</td>
<td>2026-02-05</td>
<td>3.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1970" target=3D"= _blank" rel=3D"noopener">CVE-2026-1970</a></td>

<a href=3D"https://vuldb.com/?id.344492" target=3D"_blank" rel=3D"noopener"= >VDB-344492 | Edimax BR-6258n formStaDrvSetup redirect</a> <a href=3D"ht= tps://vuldb.com/?ctiid.344492" target=3D"_blank" rel=3D"noopener">VDB-34449=
2 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a href=3D"https://vuldb.com= /?submit.742734" target=3D"_blank" rel=3D"noopener">Submit #742734 | Edimax=
BR-6258n v1.18 Open Redirect</a> <a href=3D"https://tzh00203.notion.sit= e/EDIMAX-BR-6258n-v1-18-Open-Redirect-Vulnerability-in-Web-formStaDrvSetup-= handler-2eeb5c52018a803bb958e4f80cdf2550?source=3Dcopy_link" target=3D"_bla= nk" rel=3D"noopener">https://tzh00203.notion.site/EDIMAX-BR-6258n-v1-18-Ope= n-Redirect-Vulnerability-in-Web-formStaDrvSetup-handler-2eeb5c52018a803bb95= 8e4f80cdf2550?source=3Dcopy_link</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">n/a--oatpp</td>
<td>A security vulnerability has been detected in oatpp up to 1.3.1. This i= mpacts the function oatpp::data::type::ObjectWrapper::ObjectWrapper of the = file src/oatpp/data/type/Type.hpp. The manipulation leads to null pointer d= ereference. Local access is required to approach this attack. The exploit h=
as been disclosed publicly and may be used. The project was informed of the=
problem early through an issue report but has not responded yet.</td> <td>2026-02-06</td>
<td>3.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1990" target=3D"= _blank" rel=3D"noopener">CVE-2026-1990</a></td>

<a href=3D"https://vuldb.com/?id.344508" target=3D"_blank" rel=3D"noopener"= >VDB-344508 | oatpp Type.hpp ObjectWrapper null pointer dereference</a> =
<a href=3D"https://vuldb.com/?ctiid.344508" target=3D"_blank" rel=3D"noopen= er">VDB-344508 | CTI Indicators (IOB, IOC, IOA)</a> <a href=3D"https://v= uldb.com/?submit.743387" target=3D"_blank" rel=3D"noopener">Submit #743387 =
| oatpp 1.3.1 and master-branch NULL Pointer Dereference</a> <a href=3D"= https://github.com/oatpp/oatpp/issues/1080" target=3D"_blank" rel=3D"noopen= er">https://github.com/oatpp/oatpp/issues/1080</a> <a href=3D"https://gi= thub.com/oatpp/oatpp/issues/1080#issue-3806715350" target=3D"_blank" rel=3D= "noopener">https://github.com/oatpp/oatpp/issues/1080#issue-3806715350</a><= br><a href=3D"https://github.com/oatpp/oatpp/" target=3D"_blank" rel=3D"noo= pener">https://github.com/oatpp/oatpp/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">n/a--libuvc</td>
<td>A vulnerability was detected in libuvc up to 0.0.7. Affected is the fun= ction uvc_scan_streaming of the file src/device.c of the component UVC Desc= riptor Handler. The manipulation results in null pointer dereference. The a= ttack needs to be approached locally. The exploit is now public and may be = used. The project was informed of the problem early through an issue report=
but has not responded yet.</td>
<td>2026-02-06</td>
<td>3.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1991" target=3D"= _blank" rel=3D"noopener">CVE-2026-1991</a></td>

<a href=3D"https://vuldb.com/?id.344509" target=3D"_blank" rel=3D"noopener"= >VDB-344509 | libuvc UVC Descriptor device.c uvc_scan_streaming null pointe=
r dereference</a> <a href=3D"https://vuldb.com/?ctiid.344509" target=3D"= _blank" rel=3D"noopener">VDB-344509 | CTI Indicators (IOB, IOC, IOA)</a><br= ><a href=3D"https://vuldb.com/?submit.743388" target=3D"_blank" rel=3D"noop= ener">Submit #743388 | libuvc v0.0.7 and master-branch NULL Pointer Derefer= ence</a> <a href=3D"https://github.com/libuvc/libuvc/issues/300" target= =3D"_blank" rel=3D"noopener">https://github.com/libuvc/libuvc/issues/300</a= > <a href=3D"https://github.com/oneafter/0104/blob/main/repro" target=3D= "_blank" rel=3D"noopener">https://github.com/oneafter/0104/blob/main/repro<= /a> <a href=3D"https://github.com/libuvc/libuvc/" target=3D"_blank" rel= =3D"noopener">https://github.com/libuvc/libuvc/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">n/a--micropython</td>
<td>A flaw has been found in micropython up to 1.27.0. This vulnerability a= ffects the function mp_import_all of the file py/runtime.c. This manipulati=
on causes memory corruption. The attack needs to be launched locally. The e= xploit has been published and may be used. Patch name: 570744d06c5ba9dba59b= 4c3f432ca4f0abd396b6. It is suggested to install a patch to address this is= sue.</td>
<td>2026-02-06</td>
<td>3.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1998" target=3D"= _blank" rel=3D"noopener">CVE-2026-1998</a></td>

<a href=3D"https://vuldb.com/?id.344546" target=3D"_blank" rel=3D"noopener"= >VDB-344546 | micropython runtime.c mp_import_all memory corruption</a> =
<a href=3D"https://vuldb.com/?ctiid.344546" target=3D"_blank" rel=3D"noopen= er">VDB-344546 | CTI Indicators (IOB, IOC, IOA)</a> <a href=3D"https://v= uldb.com/?submit.743396" target=3D"_blank" rel=3D"noopener">Submit #743396 =
| micropython 0fd0843 Memory Corruption</a> <a href=3D"https://github.co= m/micropython/micropython/issues/18639" target=3D"_blank" rel=3D"noopener">= https://github.com/micropython/micropython/issues/18639</a> <a href=3D"h= ttps://github.com/micropython/micropython/pull/18671" target=3D"_blank" rel= =3D"noopener">https://github.com/micropython/micropython/pull/18671</a> =
<a href=3D"https://github.com/micropython/micropython/issues/18639#issue-37= 80651410" target=3D"_blank" rel=3D"noopener">https://github.com/micropython= /micropython/issues/18639#issue-3780651410</a> <a href=3D"https://github= .com/dpgeorge/micropython/commit/570744d06c5ba9dba59b4c3f432ca4f0abd396b6" = target=3D"_blank" rel=3D"noopener">https://github.com/dpgeorge/micropython/= commit/570744d06c5ba9dba59b4c3f432ca4f0abd396b6</a> <a href=3D"https://g= ithub.com/micropython/micropython/" target=3D"_blank" rel=3D"noopener">http= s://github.com/micropython/micropython/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Portabilis--i-Educar</td>
<td>A vulnerability was identified in Portabilis i-Educar up to 2.10. Affec= ted by this vulnerability is an unknown functionality of the file /intranet= /meusdadod.php of the component User Data Page. Such manipulation of the ar= gument File leads to cross site scripting. It is possible to launch the att= ack remotely. The exploit is publicly available and might be used. The vend=
or was contacted early about this disclosure but did not respond in any way= .</td>
<td>2026-02-06</td>
<td>3.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2064" target=3D"= _blank" rel=3D"noopener">CVE-2026-2064</a></td>

<a href=3D"https://vuldb.com/?id.344631" target=3D"_blank" rel=3D"noopener"= >VDB-344631 | Portabilis i-Educar User Data meusdadod.php cross site script= ing</a> <a href=3D"https://vuldb.com/?ctiid.344631" target=3D"_blank" re= l=3D"noopener">VDB-344631 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a h= ref=3D"https://vuldb.com/?submit.745108" target=3D"_blank" rel=3D"noopener"= >Submit #745108 | Portabilis i-Educar 2.10 Cross Site Scripting</a> <a h= ref=3D"https://github.com/nmmorette/vulnerability-research/tree/main/XSS-Id= iario" target=3D"_blank" rel=3D"noopener">https://github.com/nmmorette/vuln= erability-research/tree/main/XSS-Idiario</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">ggml-org--llama.cpp</td>
<td>A flaw has been found in ggml-org llama.cpp up to 55abc39. Impacted is = the function llama_grammar_advance_stack of the file llama.cpp/src/llama-gr= ammar.cpp of the component GBNF Grammar Handler. This manipulation causes s= tack-based buffer overflow. The attack needs to be launched locally. The ex= ploit has been published and may be used. Patch name: 18993. To fix this is= sue, it is recommended to deploy a patch.</td>
<td>2026-02-06</td>
<td>3.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2069" target=3D"= _blank" rel=3D"noopener">CVE-2026-2069</a></td>

<a href=3D"https://vuldb.com/?id.344636" target=3D"_blank" rel=3D"noopener"= >VDB-344636 | ggml-org llama.cpp GBNF Grammar llama-grammar.cpp llama_gramm= ar_advance_stack stack-based overflow</a> <a href=3D"https://vuldb.com/?= ctiid.344636" target=3D"_blank" rel=3D"noopener">VDB-344636 | CTI Indicator=
s (IOB, IOC, IOA)</a> <a href=3D"https://vuldb.com/?submit.745263" targe= t=3D"_blank" rel=3D"noopener">Submit #745263 | llama.cpp commit 55abc39 Sta= ck-based Buffer Overflow</a> <a href=3D"https://github.com/ggml-org/llam= a.cpp/issues/18988" target=3D"_blank" rel=3D"noopener">https://github.com/g= gml-org/llama.cpp/issues/18988</a> <a href=3D"https://github.com/ggml-or= g/llama.cpp/issues/18988#event-4426704865" target=3D"_blank" rel=3D"noopene= r">https://github.com/ggml-org/llama.cpp/issues/18988#event-4426704865</a><= br><a href=3D"https://github.com/user-attachments/files/24761101/poc.zip" t= arget=3D"_blank" rel=3D"noopener">https://github.com/user-attachments/files= /24761101/poc.zip</a> <a href=3D"https://github.com/ggml-org/llama.cpp/p= ull/18993" target=3D"_blank" rel=3D"noopener">https://github.com/ggml-org/l= lama.cpp/pull/18993</a> <a href=3D"https://github.com/ggml-org/llama.cpp=
/" target=3D"_blank" rel=3D"noopener">https://github.com/ggml-org/llama.cpp= /</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">F5--BIG-IP Edge Client</td>
<td>A vulnerability exists in BIG-IP Edge Client and browser VPN clients on=
Windows that may allow attackers to gain access to sensitive information.= =C2=A0=C2=A0Note: Software versions which have reached End of Technical Sup= port (EoTS) are not evaluated</td>
<td>2026-02-04</td>
<td>3.3</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-20730" target=3D= "_blank" rel=3D"noopener">CVE-2026-20730</a></td>

<a href=3D"https://my.f5.com/manage/s/article/K000158931" target=3D"_blank"=
rel=3D"noopener">https://my.f5.com/manage/s/article/K000158931</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">F5--BIG-IP</td>
<td>A vulnerability exists in an undisclosed BIG-IP Configuration utility p= age that may allow an attacker to spoof error messages.=C2=A0=C2=A0Note: So= ftware versions which have reached End of Technical Support (EoTS) are not = evaluated.</td>
<td>2026-02-04</td>
<td>3.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-20732" target=3D= "_blank" rel=3D"noopener">CVE-2026-20732</a></td>

<a href=3D"https://my.f5.com/manage/s/article/K000156644" target=3D"_blank"=
rel=3D"noopener">https://my.f5.com/manage/s/article/K000156644</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">Tasin1025--SwiftBuy</td>
<td>A security flaw has been discovered in Tasin1025 SwiftBuy up to 0f50113= 72e8d1d7edfd642d57d721c9fadc54ec7. Affected by this vulnerability is an unk= nown functionality of the file /login.php. Performing a manipulation result=
s in improper restriction of excessive authentication attempts. Remote expl= oitation of the attack is possible. The attack's complexity is rated as hig=
h. The exploitation appears to be difficult. The exploit has been released =
to the public and may be used for attacks. This product follows a rolling r= elease approach for continuous delivery, so version details for affected or=
updated releases are not provided. The vendor was contacted early about th=
is disclosure but did not respond in any way.</td>
<td>2026-02-07</td>
<td>3.7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2110" target=3D"= _blank" rel=3D"noopener">CVE-2026-2110</a></td>

<a href=3D"https://vuldb.com/?id.344686" target=3D"_blank" rel=3D"noopener"= >VDB-344686 | Tasin1025 SwiftBuy login.php excessive authentication</a> =
<a href=3D"https://vuldb.com/?ctiid.344686" target=3D"_blank" rel=3D"noopen= er">VDB-344686 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a href=3D"http= s://vuldb.com/?submit.746251" target=3D"_blank" rel=3D"noopener">Submit #74= 6251 | Md Tasin Rahman Swiftbuy 1.0 Improper Restriction of Excessive Authe= ntication Attempts</a> <a href=3D"https://www.websecurityinsights.my.id/= 2026/01/swiftbuy-v-10-loginphp-no-limit-to.html" target=3D"_blank" rel=3D"n= oopener">https://www.websecurityinsights.my.id/2026/01/swiftbuy-v-10-loginp= hp-no-limit-to.html</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">cym1102--nginxWebUI</td>
<td>A vulnerability was identified in cym1102 nginxWebUI up to 4.3.7. The i= mpacted element is an unknown function of the file /adminPage/conf/check of=
the component Web Management Interface. Such manipulation of the argument = nginxDir leads to cross site scripting. The attack can be executed remotely=
. The exploit is publicly available and might be used. The project was info= rmed of the problem early through an issue report but has not responded yet= .</td>
<td>2026-02-08</td>
<td>3.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2145" target=3D"= _blank" rel=3D"noopener">CVE-2026-2145</a></td>

<a href=3D"https://vuldb.com/?id.344847" target=3D"_blank" rel=3D"noopener"= >VDB-344847 | cym1102 nginxWebUI Web Management check cross site scripting<= /a> <a href=3D"https://vuldb.com/?ctiid.344847" target=3D"_blank" rel=3D= "noopener">VDB-344847 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a href= =3D"https://vuldb.com/?submit.747404" target=3D"_blank" rel=3D"noopener">Su= bmit #747404 | cym1102 nginxWebUI 4.3.7 Cross Site Scripting</a> <a href= =3D"https://github.com/cym1102/nginxWebUI/issues/203" target=3D"_blank" rel= =3D"noopener">https://github.com/cym1102/nginxWebUI/issues/203</a> <a hr= ef=3D"https://github.com/cym1102/nginxWebUI/issues/203#issue-3860109934" ta= rget=3D"_blank" rel=3D"noopener">https://github.com/cym1102/nginxWebUI/issu= es/203#issue-3860109934</a> <a href=3D"https://github.com/cym1102/nginxW= ebUI/" target=3D"_blank" rel=3D"noopener">https://github.com/cym1102/nginxW= ebUI/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">asterisk--asterisk</td>
<td>Asterisk is an open source private branch exchange and telephony toolki=
t. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, user=
supplied/control values for Cookies and any GET variable query Parameter a=
re directly interpolated into the HTML of the page using ast_str_append. Th=
e endpoint at GET /httpstatus is the potential vulnerable endpoint relating=
to asterisk/main /http.c. This issue has been patched in versions 20.7-cer= t9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2.</td>
<td>2026-02-06</td>
<td>3.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23738" target=3D= "_blank" rel=3D"noopener">CVE-2026-23738</a></td>

<a href=3D"https://github.com/asterisk/asterisk/security/advisories/GHSA-v6= hp-wh3r-cwxh" target=3D"_blank" rel=3D"noopener">https://github.com/asteris= k/asterisk/security/advisories/GHSA-v6hp-wh3r-cwxh</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Kubernetes--ingress-nginx</td>
<td>A security issue was discovered in ingress-nginx=C2=A0where the protect= ion afforded by the `auth-url` Ingress annotation may not be effective in t=
he presence of a specific misconfiguration. If the ingress-nginx controller=
is configured with a default custom-errors configuration that includes HTT=
P errors 401 or 403, and if the configured default custom-errors backend is=
defective and fails to respect the X-Code HTTP header, then an Ingress wit=
h the `auth-url` annotation may be accessed even when authentication fails.=
Note that the built-in custom-errors backend works correctly. To trigger t= his issue requires an administrator to specifically configure ingress-nginx=
with a broken external component.</td>
<td>2026-02-03</td>
<td>3.1</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24513" target=3D= "_blank" rel=3D"noopener">CVE-2026-24513</a></td>

<a href=3D"https://github.com/kubernetes/kubernetes/issues/136679" target= =3D"_blank" rel=3D"noopener">https://github.com/kubernetes/kubernetes/issue= s/136679</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">fastify--fastify</td>
<td>Fastify is a fast and low overhead web framework, for Node.js. Prior to=
version 5.7.3, a denial-of-service vulnerability in Fastify's Web Streams = response handling can allow a remote client to exhaust server memory. Appli= cations that return a ReadableStream (or Response with a Web Stream body) v=
ia reply.send() are impacted. A slow or non-reading client can trigger unbo= unded buffering when backpressure is ignored, leading to process crashes or=
severe degradation. This issue has been patched in version 5.7.3.</td> <td>2026-02-03</td>
<td>3.7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25224" target=3D= "_blank" rel=3D"noopener">CVE-2026-25224</a></td>

<a href=3D"https://github.com/fastify/fastify/security/advisories/GHSA-mrq3= -vjjr-p77c" target=3D"_blank" rel=3D"noopener">https://github.com/fastify/f= astify/security/advisories/GHSA-mrq3-vjjr-p77c</a> <a href=3D"https://gi= thub.com/fastify/fastify/commit/eb11156396f6a5fedaceed0140aed2b7f026be37" t= arget=3D"_blank" rel=3D"noopener">https://github.com/fastify/fastify/commit= /eb11156396f6a5fedaceed0140aed2b7f026be37</a> <a href=3D"https://hackero= ne.com/reports/3524779" target=3D"_blank" rel=3D"noopener">https://hackeron= e.com/reports/3524779</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">opf--openproject</td>
<td>OpenProject is an open-source, web-based project management software. P= rior to versions 16.6.7 and 17.0.3, an HTML injection vulnerability occurs =
in the time tracking function of OpenProject. The application does not esca=
pe HTML tags, an attacker with administrator privileges can create a work p= ackage with the name containing the HTML tags and add it to the Work packag=
e section when creating time tracking. This issue has been patched in versi= ons 16.6.7 and 17.0.3.</td>
<td>2026-02-06</td>
<td>3.5</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25764" target=3D= "_blank" rel=3D"noopener">CVE-2026-25764</a></td>

<a href=3D"https://github.com/opf/openproject/security/advisories/GHSA-q523= -c695-h3hp" target=3D"_blank" rel=3D"noopener">https://github.com/opf/openp= roject/security/advisories/GHSA-q523-c695-h3hp</a> <a href=3D"https://gi= thub.com/opf/openproject/releases/tag/v16.6.7" target=3D"_blank" rel=3D"noo= pener">https://github.com/opf/openproject/releases/tag/v16.6.7</a> <a hr= ef=3D"https://github.com/opf/openproject/releases/tag/v17.0.3" target=3D"_b= lank" rel=3D"noopener">https://github.com/opf/openproject/releases/tag/v17.= 0.3</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Fortinet--FortiOS</td>
<td>Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credent= ials stored in device configuration files, as exploited in the wild from 20= 25-12-16 through 2026 (by default, the encryption key is the same across al=
l customers' installations). NOTE: the Supplier's position is that the inst= ance of CWE-1394 is not a vulnerability because customers "are supposed to = enable" a non-default option that eliminates the weakness. However, that no= n-default option can disrupt functionality as shown in the "Managing FortiG= ates with private data encryption" document, and is therefore intentionally=
not a default option.</td>
<td>2026-02-05</td>
<td>3.2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25815" target=3D= "_blank" rel=3D"noopener">CVE-2026-25815</a></td>

<a href=3D"https://www.cert.at/en/blog/2026/1/threat-actors-use-forticloud-= to-collect-ldap-connection-passwords" target=3D"_blank" rel=3D"noopener">ht= tps://www.cert.at/en/blog/2026/1/threat-actors-use-forticloud-to-collect-ld= ap-connection-passwords</a> <a href=3D"https://docs.fortinet.com/documen= t/fortimanager/7.6.6/administration-guide/30332/managing-fortigates-with-pr= ivate-data-encryption" target=3D"_blank" rel=3D"noopener">https://docs.fort= inet.com/document/fortimanager/7.6.6/administration-guide/30332/managing-fo= rtigates-with-private-data-encryption</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Red Hat--Red Hat Build of Keycloak</td>
<td>A flaw was found in Keycloak Admin API. This vulnerability allows an ad= ministrator with limited privileges to retrieve sensitive custom attributes=
via the /unmanagedAttributes endpoint, bypassing User Profile visibility s= ettings.</td>
<td>2026-02-02</td>
<td>2.7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-13881" target=3D= "_blank" rel=3D"noopener">CVE-2025-13881</a></td>

<a href=3D"https://access.redhat.com/security/cve/CVE-2025-13881" target=3D= "_blank" rel=3D"noopener">https://access.redhat.com/security/cve/CVE-2025-1= 3881</a> <a href=3D"https://bugzilla.redhat.com/show_bug.cgi?id=3D241833=
0" target=3D"_blank" rel=3D"noopener">RHBZ#2418330</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Tanium--Tanium Appliance</td>
<td>Tanium addressed an improper input validation vulnerability in Tanium A= ppliance.</td>
<td>2026-02-05</td>
<td>2.7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15321" target=3D= "_blank" rel=3D"noopener">CVE-2025-15321</a></td>

<a href=3D"https://security.tanium.com/TAN-2025-024" target=3D"_blank" rel= =3D"noopener">TAN-2025-024</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">IBM--PowerVM Hypervisor</td>
<td>IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 through F= W1060.51, and FW950.00 through FW950.F0 may expose a limited amount of data=
to a peer partition in specific shared processor configurations during cer= tain operations.</td>
<td>2026-02-02</td>
<td>2.8</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-36194" target=3D= "_blank" rel=3D"noopener">CVE-2025-36194</a></td>

<a href=3D"https://www.ibm.com/support/pages/node/7257555" target=3D"_blank=
" rel=3D"noopener">https://www.ibm.com/support/pages/node/7257555</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">Red Hat--Red Hat Build of Keycloak</td>
<td>A flaw was found in Keycloak's CIBA feature where insufficient validati=
on of client-configured backchannel notification endpoints could allow blin=
d server-side requests to internal services.</td>
<td>2026-02-02</td>
<td>2.7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1518" target=3D"= _blank" rel=3D"noopener">CVE-2026-1518</a></td>

<a href=3D"https://access.redhat.com/security/cve/CVE-2026-1518" target=3D"= _blank" rel=3D"noopener">https://access.redhat.com/security/cve/CVE-2026-15= 18</a> <a href=3D"https://bugzilla.redhat.com/show_bug.cgi?id=3D2433727"=
target=3D"_blank" rel=3D"noopener">RHBZ#2433727</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">D-Link--DSL-6641K</td>
<td>A vulnerability was found in D-Link DSL-6641K N8.TR069.20131126. Affect=
ed by this issue is the function doSubmitPPP of the file sp_pppoe_user.js. = The manipulation of the argument Username results in cross site scripting. = The attack may be launched remotely. The exploit has been made public and c= ould be used. This vulnerability only affects products that are no longer s= upported by the maintainer.</td>
<td>2026-02-02</td>
<td>2.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1744" target=3D"= _blank" rel=3D"noopener">CVE-2026-1744</a></td>

<a href=3D"https://vuldb.com/?id.343675" target=3D"_blank" rel=3D"noopener"= >VDB-343675 | D-Link DSL-6641K sp_pppoe_user.js doSubmitPPP cross site scri= pting</a> <a href=3D"https://vuldb.com/?ctiid.343675" target=3D"_blank" = rel=3D"noopener">VDB-343675 | CTI Indicators (IOB, IOC, TTP, IOA)</a> <a=
href=3D"https://vuldb.com/?submit.742439" target=3D"_blank" rel=3D"noopene= r">Submit #742439 | D-Link DSL6641K version N8.TR069.20131126 Cross Site Sc= ripting</a> <a href=3D"https://tzh00203.notion.site/D-Link-DSL6641K-vers= ion-N8-TR069-20131126-XSS-via-sp_pppoe_user-js-Configuration-2eeb5c52018a80= d083aaf19efbaa9130?source=3Dcopy_link" target=3D"_blank" rel=3D"noopener">h= ttps://tzh00203.notion.site/D-Link-DSL6641K-version-N8-TR069-20131126-XSS-v= ia-sp_pppoe_user-js-Configuration-2eeb5c52018a80d083aaf19efbaa9130?source= =3Dcopy_link</a> <a href=3D"https://www.dlink.com/" target=3D"_blank" re= l=3D"noopener">https://www.dlink.com/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Hillstone Networks--Operation and Maintenance = Security Gateway</td>
<td>Unrestricted Upload of File with Dangerous Type vulnerability in Hillst= one Networks Operation and Maintenance Security Gateway on Linux allows Upl= oad a Web Shell to a Web Server. This issue affects Operation and Maintenan=
ce Security Gateway: V5.5ST00001B113.</td>
<td>2026-02-04</td>
<td>2.7</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1791" target=3D"= _blank" rel=3D"noopener">CVE-2026-1791</a></td>

<a href=3D"https://www.hillstonenet.com.cn/security-notification/2025/12/08= /wgscld/" target=3D"_blank" rel=3D"noopener">https://www.hillstonenet.com.c= n/security-notification/2025/12/08/wgscld/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Edimax--BR-6288ACL</td>
<td>A vulnerability has been found in Edimax BR-6288ACL up to 1.12. Impacte=
d is the function wiz_WISP24gmanual of the file wiz_WISP24gmanual.asp. Such=
manipulation of the argument manualssid leads to cross site scripting. The=
attack can be launched remotely. The exploit has been disclosed to the pub= lic and may be used. The vendor confirms that the affected product is end-o= f-life. They confirm that they "will issue a consolidated Security Advisory=
on our official support website." This vulnerability only affects products=
that are no longer supported by the maintainer.</td>
<td>2026-02-06</td>
<td>2.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1971" target=3D"= _blank" rel=3D"noopener">CVE-2026-1971</a></td>

<a href=3D"https://vuldb.com/?id.344493" target=3D"_blank" rel=3D"noopener"= >VDB-344493 | Edimax BR-6288ACL wiz_WISP24gmanual.asp wiz_WISP24gmanual cro=
ss site scripting</a> <a href=3D"https://vuldb.com/?ctiid.344493" target= =3D"_blank" rel=3D"noopener">VDB-344493 | CTI Indicators (IOB, IOC, TTP, IO= A)</a> <a href=3D"https://vuldb.com/?submit.743318" target=3D"_blank" re= l=3D"noopener">Submit #743318 | Edimax BR6288ACL v1.12 Cross Site Scripting= </a> <a href=3D"https://tzh00203.notion.site/EDIMAX-BR6288ACL-v1-12-XSS-= via-wiz_WISP24gmanual-asp-Configuration-2eeb5c52018a802e8ed9f6d000f7a6aa?so= urce=3Dcopy_link" target=3D"_blank" rel=3D"noopener">https://tzh00203.notio= n.site/EDIMAX-BR6288ACL-v1-12-XSS-via-wiz_WISP24gmanual-asp-Configuration-2= eeb5c52018a802e8ed9f6d000f7a6aa?source=3Dcopy_link</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">code-projects--Online Student Management Syste= m</td>
<td>A weakness has been identified in code-projects Online Student Manageme=
nt System 1.0. The impacted element is an unknown function of the file /adm= in/announcement/index.php?view=3Dadd of the component Announcement Manageme=
nt Module. This manipulation causes cross site scripting. The attack is pos= sible to be carried out remotely. The exploit has been made available to th=
e public and could be used for attacks.</td>
<td>2026-02-08</td>
<td>2.4</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-2156" target=3D"= _blank" rel=3D"noopener">CVE-2026-2156</a></td>

<a href=3D"https://vuldb.com/?id.344858" target=3D"_blank" rel=3D"noopener"= >VDB-344858 | code-projects Online Student Management System Announcement M= anagement index.php cross site scripting</a> <a href=3D"https://vuldb.co= m/?ctiid.344858" target=3D"_blank" rel=3D"noopener">VDB-344858 | CTI Indica= tors (IOB, IOC, TTP, IOA)</a> <a href=3D"https://vuldb.com/?submit.74832=
8" target=3D"_blank" rel=3D"noopener">Submit #748328 | code-projects Online=
Student Management System in PHP latest (no version specified by vendor) C= ross-Site Scripting</a> <a href=3D"https://github.com/baguette168/CVE/is= sues/1" target=3D"_blank" rel=3D"noopener">https://github.com/baguette168/C= VE/issues/1</a> <a href=3D"https://code-projects.org/" target=3D"_blank"=
rel=3D"noopener">https://code-projects.org/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">asterisk--asterisk</td>
<td>Asterisk is an open source private branch exchange and telephony toolki=
t. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the = ast_xml_open() function in xml.c parses XML documents using libxml with uns= afe parsing options that enable entity expansion and XInclude processing. S= pecifically, it invokes xmlReadFile() with the XML_PARSE_NOENT flag and lat=
er processes XIncludes via xmlXIncludeProcess().If any untrusted or user-su= pplied XML file is passed to this function, it can allow an attacker to tri= gger XML External Entity (XXE) or XInclude-based local file disclosure, pot= entially exposing sensitive files from the host system. This can also be tr= iggered in other cases in which the user is able to supply input in xml for= mat that triggers the asterisk process to parse it. This issue has been pat= ched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2.</td> <td>2026-02-06</td>
<td>2</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23739" target=3D= "_blank" rel=3D"noopener">CVE-2026-23739</a></td>

<a href=3D"https://github.com/asterisk/asterisk/security/advisories/GHSA-85= x7-54wr-vh42" target=3D"_blank" rel=3D"noopener">https://github.com/asteris= k/asterisk/security/advisories/GHSA-85x7-54wr-vh42</a> =C2=A0</td>
</tr>
</tbody>
</table>
<a href=3D"#top">Back to top</a>
</div>
<div id=3D"snya_v">
<h2 id=3D"snya_v_title">Severity Not Yet Assigned</h2>
<table id=3D"table_severity_not_yet_assigned" class=3D"table no-tablesaw" s= tyle=3D"table-layout: fixed; width: 100%;" border=3D"1" summary=3D"Severity=
Not Yet Assigned" align=3D"center">
<thead>

<th class=3D"vendor-product" style=3D"width: 24%;" scope=3D"col">
Primary Vendor -- Product</th>
<th style=3D"width: 44%;" scope=3D"col">Description</th>
<th style=3D"width: 10%;" scope=3D"col">Published</th>
<th style=3D"width: 8%;" scope=3D"col">CVSS Score</th>
<th style=3D"width: 7%;" scope=3D"col">Source Info</th>
<th style=3D"width: 7%;" scope=3D"col">Patch Info</th>
</tr>
</thead>
<tbody>

<td class=3D"vendor-product">wintercms--winter</td>
<td>Winter is a free, open-source content management system (CMS) based on = the Laravel PHP framework. Versions of Winter CMS before 1.2.10 allow users=
with access to the CMS Asset Manager were able to upload SVGs without auto= matic sanitization. To actively exploit this security issue, an attacker wo= uld need access to the Backend with a user account with the following permi= ssion: cms.manage_assets. The Winter CMS maintainers strongly recommend tha=
t the cms.manage_assets permission only be reserved to trusted administrato=
rs and developers in general. This vulnerability is fixed in 1.2.10.</td> <td>2026-02-06</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-22254" target=3D= "_blank" rel=3D"noopener">CVE-2026-22254</a></td>

<a href=3D"https://github.com/wintercms/winter/security/advisories/GHSA-m7g= w-rffq-rxjm" target=3D"_blank" rel=3D"noopener">https://github.com/wintercm= s/winter/security/advisories/GHSA-m7gw-rffq-rxjm</a> <a href=3D"https://= github.com/wintercms/winter/commit/8a7f74b004fcd19721764fc63af0cdb339d9fb65=
" target=3D"_blank" rel=3D"noopener">https://github.com/wintercms/winter/co= mmit/8a7f74b004fcd19721764fc63af0cdb339d9fb65</a> <a href=3D"https://git= hub.com/wintercms/winter/releases/tag/v1.2.10" target=3D"_blank" rel=3D"noo= pener">https://github.com/wintercms/winter/releases/tag/v1.2.10</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">asterisk--asterisk</td>
<td>Asterisk is an open source private branch exchange and telephony toolki=
t. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, when=
ast_coredumper writes its gdb init and output files to a directory that is=
world-writable (for example /tmp), an attacker with write permission(which=
is all users on a linux system) to that directory can cause root to execut=
e arbitrary commands or overwrite arbitrary files by controlling the gdb in=
it file and output paths. This issue has been patched in versions 20.7-cert=
9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2.</td>
<td>2026-02-06</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23740" target=3D= "_blank" rel=3D"noopener">CVE-2026-23740</a></td>

<a href=3D"https://github.com/asterisk/asterisk/security/advisories/GHSA-xp= c6-x892-v83c" target=3D"_blank" rel=3D"noopener">https://github.com/asteris= k/asterisk/security/advisories/GHSA-xpc6-x892-v83c</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">asterisk--asterisk</td>
<td>Asterisk is an open source private branch exchange and telephony toolki=
t. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the = asterisk/contrib/scripts/ast_coredumper runs as root, as noted by the NOTES=
tag on line 689 of the ast_coredumper file. The script will source the con= tents of /etc/asterisk/ast_debug_tools.conf, which resides in a folder that=
is writeable by the asterisk user:group. Due to the /etc/asterisk/ast_debu= g_tools.conf file following bash semantics and it being loaded; an attacker=
with write permissions may add or modify the file such that when the root = ast_coredumper is run; it would source and thereby execute arbitrary bash c= ode found in the /etc/asterisk/ast_debug_tools.conf. This issue has been pa= tched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2.</td> <td>2026-02-06</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23741" target=3D= "_blank" rel=3D"noopener">CVE-2026-23741</a></td>

<a href=3D"https://github.com/asterisk/asterisk/security/advisories/GHSA-rv= ch-3jmx-3jf3" target=3D"_blank" rel=3D"noopener">https://github.com/asteris= k/asterisk/security/advisories/GHSA-rvch-3jmx-3jf3</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Arox--School ERP Pro</td>
<td>School ERP Pro 1.0 contains a remote code execution vulnerability that = allows authenticated admin users to upload arbitrary PHP files as profile p= hotos by bypassing file extension checks. Attackers can exploit improper fi=
le validation in pre-editstudent.inc.php to execute arbitrary code on the s= erver.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37084" target=3D= "_blank" rel=3D"noopener">CVE-2020-37084</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48392" target=3D"_blank" rel= =3D"noopener">ExploitDB-48392</a> <a href=3D"https://web.archive.org/web= /20200129123503/http://arox.in/" target=3D"_blank" rel=3D"noopener">Archive=
d Vendor Homepage</a> <a href=3D"https://web.archive.org/web/20190612111= 732/https://sourceforge.net/projects/school-erp-ultimate/" target=3D"_blank=
" rel=3D"noopener">Archived SourceForge Product Page</a> <a href=3D"http= s://www.vulncheck.com/advisories/school-erp-pro-admin-profile-photo-upload-= remote-code-execution-vulnerability" target=3D"_blank" rel=3D"noopener">Vul= nCheck Advisory: School ERP Pro 1.0 Admin Profile Photo Upload Remote Code = Execution Vulnerability</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Rubikon Teknoloji--Easy Transfer</td>
<td>Easy Transfer Wifi Transfer v1.7 for iOS contains a persistent cross-si=
te scripting vulnerability that allows remote attackers to inject malicious=
scripts by manipulating the oldPath, newPath, and path parameters in Creat=
e Folder and Move/Edit functions. Attackers can exploit improper input vali= dation via POST requests to execute arbitrary JavaScript in the context of = the mobile web application.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37087" target=3D= "_blank" rel=3D"noopener">CVE-2020-37087</a></td>

<a href=3D"https://www.exploit-db.com/exploits/48395" target=3D"_blank" rel= =3D"noopener">ExploitDB-48395</a> <a href=3D"https://www.vulnerability-l= ab.com/get_content.php?id=3D2223" target=3D"_blank" rel=3D"noopener">Vulner= ability-Lab Advisory</a> <a href=3D"https://apps.apple.com/us/app/easy-t= ransfer-wifi-transfer/id1484667078" target=3D"_blank" rel=3D"noopener">Offi= cial App Store Product Page</a> <a href=3D"https://www.vulncheck.com/adv= isories/easy-transfer-for-ios-persistent-cross-site-scripting" target=3D"_b= lank" rel=3D"noopener">VulnCheck Advisory: Easy Transfer 1.7 for iOS - Pers= istent Cross-Site Scripting</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">PHP-Fusion--PHP-Fusion</td>
<td>PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site scripting (XS=
S) via the 'panel_content' POST parameter. The application fails to properl=
y sanitize user input before rendering it in the browser, allowing attacker=
s to inject arbitrary JavaScript. This can be exploited by submitting craft=
ed input to the 'panel_content' field in panels.php, resulting in execution=
of malicious scripts in the context of the affected site.</td> <td>2026-02-05</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2020-37152" target=3D= "_blank" rel=3D"noopener">CVE-2020-37152</a></td>

<a href=3D"https://www.php-fusion.co.uk/" target=3D"_blank" rel=3D"noopener= ">Vendor Homepage</a> <a href=3D"https://www.exploit-db.com/exploits/482= 99" target=3D"_blank" rel=3D"noopener">ExploitDB-48299</a> <a href=3D"ht= tps://www.vulncheck.com/advisories/php-fusion-panelsphp-cross-site-scriptin= g-xss" target=3D"_blank" rel=3D"noopener">VulnCheck Advisory: PHP-Fusion 9.= 03.50 panels.php - Cross-Site Scripting (XSS)</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">parisneo--parisneo/lollms-webui</td>
<td>A Local File Inclusion (LFI) vulnerability exists in the '/reinstall_ex= tension' endpoint of the parisneo/lollms-webui application, specifically wi= thin the `name` parameter of the `@router.post("/reinstall_extension")` rou= te. This vulnerability allows attackers to inject a malicious `name` parame= ter, leading to the server loading and executing arbitrary Python files fro=
m the upload directory for discussions. This issue arises due to the concat= enation of `data.name` directly with `lollmsElfServer.lollms_paths.extensio= ns_zoo_path` and its use as an argument for `ExtensionBuilder().build_exten= sion()`. The server's handling of the `__init__.py` file in arbitrary locat= ions, facilitated by `importlib.machinery.SourceFileLoader`, enables the ex= ecution of arbitrary code, such as command execution or creating a reverse-= shell connection. This vulnerability affects the latest version of parisneo= /lollms-webui and can lead to Remote Code Execution (RCE) when the applicat= ion is exposed to an external endpoint or the UI, especially when bound to = `0.0.0.0` or in `headless mode`. No user interaction is required for exploi= tation.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2024-2356" target=3D"= _blank" rel=3D"noopener">CVE-2024-2356</a></td>

<a href=3D"https://huntr.com/bounties/cb9867b4-28e3-4406-9031-f66fc28553d4"=
target=3D"_blank" rel=3D"noopener">https://huntr.com/bounties/cb9867b4-28e= 3-4406-9031-f66fc28553d4</a> <a href=3D"https://github.com/parisneo/loll= ms-webui/commit/41dbb1b3f2e78ea276e5269544e50514252c0c25" target=3D"_blank"=
rel=3D"noopener">https://github.com/parisneo/lollms-webui/commit/41dbb1b3f= 2e78ea276e5269544e50514252c0c25</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">lunary-ai--lunary-ai/lunary</td>
<td>In lunary-ai/lunary version 1.2.13, an insufficient granularity of acce=
ss control vulnerability allows users to delete prompts created in other or= ganizations through ID manipulation. The vulnerability stems from the appli= cation's failure to validate the ownership of the prompt before deletion, o= nly checking if the user has permissions to delete such resources without v= erifying if it belongs to the user's project or organization. As a result, = users can remove prompts not owned by their organization or project, leadin=
g to legitimate users being unable to access the removed prompts and causin=
g information inconsistencies.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2024-4147" target=3D"= _blank" rel=3D"noopener">CVE-2024-4147</a></td>

<a href=3D"https://huntr.com/bounties/3f051943-71ea-414c-a528-cd8b5d82a7ad"=
target=3D"_blank" rel=3D"noopener">https://huntr.com/bounties/3f051943-71e= a-414c-a528-cd8b5d82a7ad</a> <a href=3D"https://github.com/lunary-ai/lun= ary/commit/0755dde1afc2a74ec23b55eee03e4416916cf48f" target=3D"_blank" rel= =3D"noopener">https://github.com/lunary-ai/lunary/commit/0755dde1afc2a74ec2= 3b55eee03e4416916cf48f</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">lunary-ai--lunary-ai/lunary</td>
<td>In lunary-ai/lunary version 1.2.2, an account hijacking vulnerability e= xists due to a password reset token leak. A user with a 'viewer' role can e= xploit this vulnerability to hijack another user's account by obtaining the=
password reset token. The vulnerability is triggered when the 'viewer' rol=
e user sends a specific request to the server, which responds with a passwo=
rd reset token in the 'recoveryToken' parameter. This token can then be use=
d to reset the password of another user's account without authorization. Th=
e issue results from an excessive attack surface, allowing lower-privileged=
users to escalate their privileges and take over accounts.</td> <td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2024-5386" target=3D"= _blank" rel=3D"noopener">CVE-2024-5386</a></td>

<a href=3D"https://huntr.com/bounties/602eb4a1-305d-46d6-b975-5a5d8b040ad1"=
target=3D"_blank" rel=3D"noopener">https://huntr.com/bounties/602eb4a1-305= d-46d6-b975-5a5d8b040ad1</a> <a href=3D"https://github.com/lunary-ai/lun= ary/commit/fc7ab3d5621c18992da5dab3a2a9a8d227d42311" target=3D"_blank" rel= =3D"noopener">https://github.com/lunary-ai/lunary/commit/fc7ab3d5621c18992d= a5dab3a2a9a8d227d42311</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">h2oai--h2oai/h2o-3</td>
<td>A vulnerability in h2oai/h2o-3 version 3.46.0.1 allows remote attackers=
to write arbitrary data to any file on the server. This is achieved by exp= loiting the `/3/Parse` endpoint to inject attacker-controlled data as the h= eader of an empty file, which is then exported using the `/3/Frames/framena= me/export` endpoint. The impact of this vulnerability includes the potentia=
l for remote code execution and complete access to the system running h2o-3=
, as attackers can overwrite critical files such as private SSH keys or scr= ipt files.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2024-5986" target=3D"= _blank" rel=3D"noopener">CVE-2024-5986</a></td>

<a href=3D"https://huntr.com/bounties/64ff5319-6ac3-4447-87f7-b53495d4d5a3"=
target=3D"_blank" rel=3D"noopener">https://huntr.com/bounties/64ff5319-6ac= 3-4447-87f7-b53495d4d5a3</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Nokia--Infinera DNA</td>
<td>Infinera DNA is vulnerable to a time-based SQL injection vulnerability = due to insufficient input validation, which may result in leaking of sensit= ive information.</td>
<td>2026-02-05</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-10258" target=3D= "_blank" rel=3D"noopener">CVE-2025-10258</a></td>

<a href=3D"https://www.nokia.com/we-are-nokia/security/product-security-adv= isory/cve-2025-10258/" target=3D"_blank" rel=3D"noopener">Nokia Product Sec= urity Advisory</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">mlflow--mlflow/mlflow</td>
<td>In mlflow version 2.20.3, the temporary directory used for creating Pyt= hon virtual environments is assigned insecure world-writable permissions (0= o777). This vulnerability allows an attacker with write access to the `/tmp=
` directory to exploit a race condition and overwrite `.py` files in the vi= rtual environment, leading to arbitrary code execution. The issue is resolv=
ed in version 3.4.0.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-10279" target=3D= "_blank" rel=3D"noopener">CVE-2025-10279</a></td>

<a href=3D"https://huntr.com/bounties/01d3b81e-13d1-43aa-b91a-443aec68bdc8"=
target=3D"_blank" rel=3D"noopener">https://huntr.com/bounties/01d3b81e-13d= 1-43aa-b91a-443aec68bdc8</a> <a href=3D"https://github.com/mlflow/mlflow= /commit/1d7c8d4cf0a67d407499a8a4ffac387ea4f8194a" target=3D"_blank" rel=3D"= noopener">https://github.com/mlflow/mlflow/commit/1d7c8d4cf0a67d407499a8a4f= fac387ea4f8194a</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Wikimedia Foundation--OATHAuth</td> <td>Vulnerability in Wikimedia Foundation OATHAuth. This vulnerability is a= ssociated with program files src/Special/OATHManage.Php. This issue affects=
OATHAuth: from * before 1.39.14, 1.43.4, 1.44.1.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-11173" target=3D= "_blank" rel=3D"noopener">CVE-2025-11173</a></td>

<a href=3D"https://phabricator.wikimedia.org/T401862" target=3D"_blank" rel= =3D"noopener">https://phabricator.wikimedia.org/T401862</a> <a href=3D"h= ttps://phabricator.wikimedia.org/T402094" target=3D"_blank" rel=3D"noopener= ">https://phabricator.wikimedia.org/T402094</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Wikimedia Foundation--MediaWiki</td>
<td>Improper Neutralization of Input During Web Page Generation (XSS or 'Cr= oss-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This = vulnerability is associated with program files resources/src/mediawiki.Lang= uage/mediawiki.Language.Js. This issue affects MediaWiki: from * before 1.3= 9.15, 1.43.5, 1.44.2.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-11261" target=3D= "_blank" rel=3D"noopener">CVE-2025-11261</a></td>

<a href=3D"https://https://phabricator.wikimedia.org/T406322" target=3D"_bl= ank" rel=3D"noopener">https://https://phabricator.wikimedia.org/T406322</a>= <a href=3D"https://phabricator.wikimedia.org/T402077" target=3D"_blank"=
rel=3D"noopener">https://phabricator.wikimedia.org/T402077</a> =C2=A0</=

</tr>

<td class=3D"vendor-product">Centralny Orodek Informatyki--mObywatel</td> <td>In mObywatel iOS application=C2=A0an unauthorized user can use the App = Switcher to view the account owner's personal information in the minimized = app window, even after the login session has ended (reopening the app would=
require the user to log in). The data exposed depends on the last applicat= ion view displayed before the application was minimized This issue was fixe=
d in version 4.71.0</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-11598" target=3D= "_blank" rel=3D"noopener">CVE-2025-11598</a></td>

<a href=3D"https://info.mobywatel.gov.pl/" target=3D"_blank" rel=3D"noopene= r">https://info.mobywatel.gov.pl/</a> <a href=3D"https://cert.pl/posts/2= 026/02/CVE-2025-11598" target=3D"_blank" rel=3D"noopener">https://cert.pl/p= osts/2026/02/CVE-2025-11598</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">silabs.com--Simplicity SDK</td>
<td>A truncated 802.15.4 packet can lead to an assert, resulting in a denia=
l of service.</td>
<td>2026-02-05</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-12131" target=3D= "_blank" rel=3D"noopener">CVE-2025-12131</a></td>

<a href=3D"https://community.silabs.com/068Vm00000g8dP3" target=3D"_blank" = rel=3D"noopener">https://community.silabs.com/068Vm00000g8dP3</a> =C2=A0= </td>
</tr>

<td class=3D"vendor-product">Brocade--SANnav</td>
<td>A vulnerability in Brocade SANnav before 2.4.0b prints the Password-Bas=
ed Encryption (PBE) key in plaintext in the system audit log file. The vuln= erability could allow a remote authenticated attacker with access to the au= dit logs to access the pbe key. Note: The vulnerability is only triggered d= uring a migration and not in a new installation. The system audit logs are = accessible only to a privileged user on the server. These audit logs are th=
e local server VM's audit logs and are not controlled by SANnav. These logs=
are only visible to the server admin of the host server and are not visibl=
e to the SANnav admin or any SANnav user.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-12679" target=3D= "_blank" rel=3D"noopener">CVE-2025-12679</a></td>

<a href=3D"https://support.broadcom.com/web/ecx/support-content-notificatio= n/-/external/content/SecurityAdvisories/0/36845" target=3D"_blank" rel=3D"n= oopener">https://support.broadcom.com/web/ecx/support-content-notification/= -/external/content/SecurityAdvisories/0/36845</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Brocade--SANnav</td>
<td>Brocade SANnav before Brocade SANnav 2.4.0b logs database passwords in = clear text in the standby SANnav server, after disaster recovery failover. = The vulnerability could allow a remote authenticated attacker with admin pr= ivilege able to access the SANnav logs or the supportsave to read the datab= ase password.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-12680" target=3D= "_blank" rel=3D"noopener">CVE-2025-12680</a></td>

<a href=3D"https://support.broadcom.com/web/ecx/support-content-notificatio= n/-/external/content/SecurityAdvisories/0/36844" target=3D"_blank" rel=3D"n= oopener">https://support.broadcom.com/web/ecx/support-content-notification/= -/external/content/SecurityAdvisories/0/36844</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Brocade--SANnav</td>
<td>Brocade SANnav before 2.4.0b logs the Brocade Fabric OS Switch admin pa= ssword on the SANnav support save logs. When OOM occurs on a Brocade SANnav=
server, the call stack trace for the Brocade switch is also collected in t=
he heap dump file which contains this switch password in clear text. The vu= lnerability could allow a remote authenticated attacker with admin privileg=
e able to access the SANnav logs or the supportsave to read the switch admi=
n password.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-12772" target=3D= "_blank" rel=3D"noopener">CVE-2025-12772</a></td>

<a href=3D"https://support.broadcom.com/web/ecx/support-content-notificatio= n/-/external/content/SecurityAdvisories/0/36846" target=3D"_blank" rel=3D"n= oopener">https://support.broadcom.com/web/ecx/support-content-notification/= -/external/content/SecurityAdvisories/0/36846</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Brocade--SANnav</td>
<td>A vulnerability in update-reports-purge-settings.sh script logging for = Brocade SANnav before 2.4.0a could allow the collection of SANnav database = password in the system audit logs.=C2=A0The vulnerability could allow a rem= ote authenticated attacker with access to the audit logs to access the Broc= ade SANnav database password.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-12773" target=3D= "_blank" rel=3D"noopener">CVE-2025-12773</a></td>

<a href=3D"https://support.broadcom.com/web/ecx/support-content-notificatio= n/-/external/content/SecurityAdvisories/0/36847" target=3D"_blank" rel=3D"n= oopener">https://support.broadcom.com/web/ecx/support-content-notification/= -/external/content/SecurityAdvisories/0/36847</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Brocade--SANnav</td>
<td>A vulnerability in the migration script for Brocade SANnav before 3.0 c= ould allow the collection of database sql queries in the SANnav support sav=
e file.=C2=A0An attacker with access to Brocade SANnav supportsave file, co= uld open the file and then obtain sensitive information such as details of = database tables and encrypted passwords.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-12774" target=3D= "_blank" rel=3D"noopener">CVE-2025-12774</a></td>

<a href=3D"https://support.broadcom.com/web/ecx/support-content-notificatio= n/-/external/content/SecurityAdvisories/0/36848" target=3D"_blank" rel=3D"n= oopener">https://support.broadcom.com/web/ecx/support-content-notification/= -/external/content/SecurityAdvisories/0/36848</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">ASUS--ASUS Business Manager</td>
<td>An improper access control vulnerability exists in ASUS Secure Delete D= river of ASUS Business Manager. This vulnerability can be triggered by a lo= cal user sending a specially crafted request, potentially leading to the cr= eation of arbitrary files in a specified path. Refer to the "Security Updat=
e for ASUS Business Manager" section on the ASUS Security Advisory for more=
information.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-13348" target=3D= "_blank" rel=3D"noopener">CVE-2025-13348</a></td>

<a href=3D"https://www.asus.com/security-advisory/" target=3D"_blank" rel= =3D"noopener">https://www.asus.com/security-advisory/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">djangoproject--Django</td>
<td>An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2=
before 4.2.28. The `django.contrib.auth.handlers.modwsgi.check_password()`=
function for authentication via `mod_wsgi` allows remote attackers to enum= erate users via a timing attack. Earlier, unsupported Django series (such a=
s 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Dja= ngo would like to thank Stackered for reporting this issue.</td> <td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-13473" target=3D= "_blank" rel=3D"noopener">CVE-2025-13473</a></td>

<a href=3D"https://docs.djangoproject.com/en/dev/releases/security/" target= =3D"_blank" rel=3D"noopener">Django security archive</a> <a href=3D"http= s://groups.google.com/g/django-announce" target=3D"_blank" rel=3D"noopener"= >Django releases announcements</a> <a href=3D"https://www.djangoproject.= com/weblog/2026/feb/03/security-releases/" target=3D"_blank" rel=3D"noopene= r">Django security releases issued: 6.0.2, 5.2.11, and 4.2.28</a> =C2=A0= </td>
</tr>

<td class=3D"vendor-product">ESET spol s.r.o.--ESET Management Agent</td> <td>Local privilege escalation vulnerability via insecure temporary batch f= ile execution in ESET Management Agent</td>
<td>2026-02-06</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-13818" target=3D= "_blank" rel=3D"noopener">CVE-2025-13818</a></td>

<a href=3D"https://support.eset.com/en/ca8913-eset-customer-advisory-local-= privilege-escalation-via-insecure-temporary-batch-file-execution-in-eset-ma= nagement-agent-for-windows-fixed" target=3D"_blank" rel=3D"noopener">https:= //support.eset.com/en/ca8913-eset-customer-advisory-local-privilege-escalat= ion-via-insecure-temporary-batch-file-execution-in-eset-management-agent-fo= r-windows-fixed</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">djangoproject--Django</td>
<td>An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2=
before 4.2.28. `ASGIRequest` allows a remote attacker to cause a potential=
denial-of-service via a crafted request with multiple duplicate headers. E= arlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were no=
t evaluated and may also be affected. Django would like to thank Jiyong Yan=
g for reporting this issue.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-14550" target=3D= "_blank" rel=3D"noopener">CVE-2025-14550</a></td>

<a href=3D"https://docs.djangoproject.com/en/dev/releases/security/" target= =3D"_blank" rel=3D"noopener">Django security archive</a> <a href=3D"http= s://groups.google.com/g/django-announce" target=3D"_blank" rel=3D"noopener"= >Django releases announcements</a> <a href=3D"https://www.djangoproject.= com/weblog/2026/feb/03/security-releases/" target=3D"_blank" rel=3D"noopene= r">Django security releases issued: 6.0.2, 5.2.11, and 4.2.28</a> =C2=A0= </td>
</tr>

<td class=3D"vendor-product">Unknown--User Profile Builder</td>
<td>The User Profile Builder WordPress plugin before 3.15.2 does not have a=
proper password reset process, allowing a few unauthenticated requests to = reset the password of any user by knowing their username, such as administr= ator ones, and therefore gain access to their account</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15030" target=3D= "_blank" rel=3D"noopener">CVE-2025-15030</a></td>

<a href=3D"https://wpscan.com/vulnerability/344cb1b1-342e-44b2-ae4a-3bb31be= 56b22/" target=3D"_blank" rel=3D"noopener">https://wpscan.com/vulnerability= /344cb1b1-342e-44b2-ae4a-3bb31be56b22/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Mitsubishi Electric Corporation--MELSEC iQ-R S= eries R08PCPU</td>
<td>Improper Validation of Specified Quantity in Input vulnerability in Mit= subishi Electric MELSEC iQ-R Series R08PCPU, R16PCPU, R32PCPU, and R120PCPU=
allows an unauthenticated attacker to read device data or part of a contro=
l program from the affected product, write device data in the affected prod= uct, or cause a denial of service (DoS) condition on the affected product b=
y sending a specially crafted packet containing a specific command to the a= ffected product.</td>
<td>2026-02-05</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15080" target=3D= "_blank" rel=3D"noopener">CVE-2025-15080</a></td>

<a href=3D"https://jvn.jp/vu/JVNVU95093080/" target=3D"_blank" rel=3D"noope= ner">https://jvn.jp/vu/JVNVU95093080/</a> <a href=3D"https://www.mitsubi= shielectric.com/psirt/vulnerability/pdf/2025-020_en.pdf" target=3D"_blank" = rel=3D"noopener">https://www.mitsubishielectric.com/psirt/vulnerability/pdf= /2025-020_en.pdf</a> <a href=3D"https://www.cisa.gov/news-events/ics-adv= isories/icsa-26-036-02" target=3D"_blank" rel=3D"noopener">https://www.cisa= .gov/news-events/ics-advisories/icsa-26-036-02</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Unknown--Library Viewer</td>
<td>The Library Viewer WordPress plugin before 3.2.0 does not sanitise and = escape some parameters before outputting them back in the page, leading to =
a Reflected Cross-Site Scripting which could be used against high privilege=
users such as admin.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15396" target=3D= "_blank" rel=3D"noopener">CVE-2025-15396</a></td>

<a href=3D"https://wpscan.com/vulnerability/08790e11-019d-4680-a75f-ee0a937= f8cc8/" target=3D"_blank" rel=3D"noopener">https://wpscan.com/vulnerability= /08790e11-019d-4680-a75f-ee0a937f8cc8/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Unknown--Post Slides</td>
<td>The Post Slides WordPress plugin through 1.0.1 does not validate some s= hortcode attributes before using them to generate paths passed to include f= unction/s, allowing any authenticated users such as with contributor or hig= her roles to perform LFI attacks</td>
<td>2026-02-07</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15491" target=3D= "_blank" rel=3D"noopener">CVE-2025-15491</a></td>

<a href=3D"https://wpscan.com/vulnerability/eb0424cc-e60c-44a5-aa24-cd1fe04= 2b27a/" target=3D"_blank" rel=3D"noopener">https://wpscan.com/vulnerability= /eb0424cc-e60c-44a5-aa24-cd1fe042b27a/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">TP-Link Systems Inc.--Archer MR200 v5.2</td> <td>The response coming from TP-Link Archer MR200 v5.2, C20 v6, TL-WR850N v=
3, and TL-WR845N v4 for any request is getting executed by the JavaScript f= unction like eval directly without any check.=C2=A0Attackers can exploit th=
is vulnerability via a Man-in-the-Middle (MitM) attack to execute JavaScrip=
t code on the router's admin web portal without the user's permission or kn= owledge.</td>
<td>2026-02-05</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15551" target=3D= "_blank" rel=3D"noopener">CVE-2025-15551</a></td>

<a href=3D"https://www.tp-link.com/en/support/download/archer-mr200/v5.20/#= Firmware" target=3D"_blank" rel=3D"noopener">https://www.tp-link.com/en/sup= port/download/archer-mr200/v5.20/#Firmware</a> <a href=3D"https://www.tp= -link.com/en/support/download/archer-c20/v6/#Firmware" target=3D"_blank" re= l=3D"noopener">https://www.tp-link.com/en/support/download/archer-c20/v6/#F= irmware</a> <a href=3D"https://www.tp-link.com/in/support/download/tl-wr= 850n/#Firmware" target=3D"_blank" rel=3D"noopener">https://www.tp-link.com/= in/support/download/tl-wr850n/#Firmware</a> <a href=3D"https://www.tp-li= nk.com/en/support/download/tl-wr845n/#Firmware" target=3D"_blank" rel=3D"no= opener">https://www.tp-link.com/en/support/download/tl-wr845n/#Firmware</a>= <a href=3D"https://www.tp-link.com/in/support/download/archer-mr200/v5.= 20/#Firmware" target=3D"_blank" rel=3D"noopener">https://www.tp-link.com/in= /support/download/archer-mr200/v5.20/#Firmware</a> <a href=3D"https://ww= w.tp-link.com/in/support/download/archer-c20/v6/#Firmware" target=3D"_blank=
" rel=3D"noopener">https://www.tp-link.com/in/support/download/archer-c20/v= 6/#Firmware</a> <a href=3D"https://www.tp-link.com/in/support/download/t= l-wr845n/#Firmware" target=3D"_blank" rel=3D"noopener">https://www.tp-link.= com/in/support/download/tl-wr845n/#Firmware</a> <a href=3D"https://www.t= p-link.com/us/support/faq/4948/" target=3D"_blank" rel=3D"noopener">https:/= /www.tp-link.com/us/support/faq/4948/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">notepad-plus-plus--notepad-plus-plus</td> <td>Notepad++ versions prior to 8.8.9, when using the WinGUp updater, conta=
in an update integrity verification vulnerability where downloaded update m= etadata and installers are not cryptographically verified. An attacker able=
to intercept or redirect update traffic can cause the updater to download = and execute an attacker-controlled installer, resulting in arbitrary code e= xecution with the privileges of the user.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15556" target=3D= "_blank" rel=3D"noopener">CVE-2025-15556</a></td>

<a href=3D"https://community.notepad-plus-plus.org/topic/27298/notepad-v8-8= -9-vulnerability-fix" target=3D"_blank" rel=3D"noopener">https://community.= notepad-plus-plus.org/topic/27298/notepad-v8-8-9-vulnerability-fix</a> <=
a href=3D"https://notepad-plus-plus.org/news/hijacked-incident-info-update/=
" target=3D"_blank" rel=3D"noopener">https://notepad-plus-plus.org/news/hij= acked-incident-info-update/</a> <a href=3D"https://github.com/notepad-pl= us-plus/notepad-plus-plus/commit/bcf2aa68ef414338d717e20e059459570ed6c5ab" = target=3D"_blank" rel=3D"noopener">https://github.com/notepad-plus-plus/not= epad-plus-plus/commit/bcf2aa68ef414338d717e20e059459570ed6c5ab</a> <a hr= ef=3D"https://github.com/notepad-plus-plus/wingup/commit/ce0037549995ed0396= cc363544d14b3425614fdb" target=3D"_blank" rel=3D"noopener">https://github.c= om/notepad-plus-plus/wingup/commit/ce0037549995ed0396cc363544d14b3425614fdb= </a> <a href=3D"https://www.vulncheck.com/advisories/notepad-plus-plus-w= ingup-updater-lacks-update-integrity-verification" target=3D"_blank" rel=3D= "noopener">https://www.vulncheck.com/advisories/notepad-plus-plus-wingup-up= dater-lacks-update-integrity-verification</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">TP-Link Systems Inc.--Tapo H100 v1</td>
<td>An Improper Certificate Validation vulnerability in TP-Link Tapo H100 v=
1 and Tapo P100 v1 allows an on-path attacker on the same network segment t=
o intercept and modify encrypted device-cloud communications.=C2=A0 This ma=
y compromise the confidentiality and integrity of device-to-cloud communica= tion, enabling manipulation of device data or operations.</td> <td>2026-02-05</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-15557" target=3D= "_blank" rel=3D"noopener">CVE-2025-15557</a></td>

<a href=3D"https://www.tp-link.com/us/support/download/tapo-h100/" target= =3D"_blank" rel=3D"noopener">https://www.tp-link.com/us/support/download/ta= po-h100/</a> <a href=3D"https://www.tp-link.com/us/support/download/tapo= -p100/" target=3D"_blank" rel=3D"noopener">https://www.tp-link.com/us/suppo= rt/download/tapo-p100/</a> <a href=3D"https://www.tp-link.com/en/support= /download/tapo-h100/" target=3D"_blank" rel=3D"noopener">https://www.tp-lin= k.com/en/support/download/tapo-h100/</a> <a href=3D"https://www.tp-link.= com/en/support/download/tapo-p100/" target=3D"_blank" rel=3D"noopener">http= s://www.tp-link.com/en/support/download/tapo-p100/</a> <a href=3D"https:= //www.tp-link.com/us/support/faq/4949/" target=3D"_blank" rel=3D"noopener">= https://www.tp-link.com/us/support/faq/4949/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Go standard library--os</td>
<td>It was possible to improperly access the parent directory of an os.Root=
by opening a filename ending in "../". For example, Root.Open("../") would=
open the parent directory of the Root. This escape only permits opening th=
e parent directory itself, not ancestors of the parent or files contained w= ithin the parent.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-22873" target=3D= "_blank" rel=3D"noopener">CVE-2025-22873</a></td>

<a href=3D"https://go.dev/cl/670036" target=3D"_blank" rel=3D"noopener">htt= ps://go.dev/cl/670036</a> <a href=3D"https://go.dev/issue/73555" target= =3D"_blank" rel=3D"noopener">https://go.dev/issue/73555</a> <a href=3D"h= ttps://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ" ta= rget=3D"_blank" rel=3D"noopener">https://groups.google.com/g/golang-announc= e/c/UZoIkUT367A/m/5WDxKizJAQAJ</a> <a href=3D"https://pkg.go.dev/vuln/GO= -2026-4403" target=3D"_blank" rel=3D"noopener">https://pkg.go.dev/vuln/GO-2= 026-4403</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Hancom Inc.--Hancom Office 2018</td>
<td>Access of Resource Using Incompatible Type ('Type Confusion') vulnerabi= lity in Hancom Inc. Hancom Office 2018, Hancom Inc. Hancom Office 2020, Han= com Inc. Hancom Office 2022, Hancom Inc. Hancom Office 2024 allows File Con= tent Injection. This issue affects Hancom Office 2018: before 10.0.0.12681;=
Hancom Office 2020: before 11.0.0.8916; Hancom Office 2022: before 12.0.0.= 4426; Hancom Office 2024: before 13.0.0.3050.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-29867" target=3D= "_blank" rel=3D"noopener">CVE-2025-29867</a></td>

<a href=3D"https://www.boho.or.kr/kr/bbs/view.do?searchCnd=3D&bbsId=3DB0000= 302&searchWrd=3D&menuNo=3D205023&pageIndex=3D1&categoryCode=3D&nttId=3D7195=
9" target=3D"_blank" rel=3D"noopener">https://www.boho.or.kr/kr/bbs/view.do= ?searchCnd=3D&bbsId=3DB0000302&searchWrd=3D&menuNo=3D205023&pageIndex=3D1&c= ategoryCode=3D&nttId=3D71959</a> <a href=3D"https://www.hancom.com/suppo= rt/downloadCenter/download" target=3D"_blank" rel=3D"noopener">https://www.= hancom.com/support/downloadCenter/download</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Significant-Gravitas--AutoGPT</td>
<td>AutoGPT is a platform that allows users to create, deploy, and manage c= ontinuous artificial intelligence agents that automate complex workflows. P= rior to autogpt-platform-beta-v0.6.32, there is a DoS vulnerability in Read= RSSFeedBlock. In RSSBlock, feedparser.parser is called to obtain the XML fi=
le according to the URL input by the user, parse the XML, and finally obtai=
n the parsed result. However, during the parsing process, there is no limit=
on the parsing time and the resources that can be allocated for parsing. W= hen a malicious user lets RSSBlock parse a carefully constructed, deep XML,=
it will cause memory resources to be exhausted, eventually causing DoS. Th=
is issue has been patched in autogpt-platform-beta-v0.6.32.</td> <td>2026-02-05</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-32393" target=3D= "_blank" rel=3D"noopener">CVE-2025-32393</a></td>

<a href=3D"https://github.com/Significant-Gravitas/AutoGPT/security/advisor= ies/GHSA-5cqw-g779-9f9x" target=3D"_blank" rel=3D"noopener">https://github.= com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-5cqw-g779-9f9x</a= > <a href=3D"https://github.com/Significant-Gravitas/AutoGPT/commit/57a0= 6f70883ce6be18738c6ae8bb41085c71e266" target=3D"_blank" rel=3D"noopener">ht= tps://github.com/Significant-Gravitas/AutoGPT/commit/57a06f70883ce6be18738c= 6ae8bb41085c71e266</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Luna Imaging--LUNA</td>
<td>Stored Cross-Site Scripting (XSS) vulnerability type in LUNA software v= 7.5.5.6. This vulnerability allows an attacker to execute JavaScript code i=
n the victim's browser by inyecting a malicious payload through the 'Edit B= atch Name' function. THe payload is stored by the application and subsequen= tly displayed without proper sanitization when other users access it. This = vulnerability can be exploited to steal sensitive user data, such as sessio=
n cookies, or to perform actions on behalf of the user.</td> <td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-41065" target=3D= "_blank" rel=3D"noopener">CVE-2025-41065</a></td>

<a href=3D"https://www.incibe.es/en/incibe-cert/notices/aviso/stored-cross-= site-scripting-xss-luna-luna-imaging" target=3D"_blank" rel=3D"noopener">ht= tps://www.incibe.es/en/incibe-cert/notices/aviso/stored-cross-site-scriptin= g-xss-luna-luna-imaging</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Apidog--Apidog Web Platform</td>
<td>Stored Cross-Site Scripting (XSS) vulnerability type in Apidog in the v= ersion 2.7.15, where SVG image uploads are not properly sanitized. This all= ows attackers to embed malicious scripts in SVG files by sending a POST req= uest to '/api/v1/user-avatar', which are then stored on the server and exec= uted in the context of any user accessing the compromised resource.</td> <td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-41085" target=3D= "_blank" rel=3D"noopener">CVE-2025-41085</a></td>

<a href=3D"https://www.incibe.es/en/incibe-cert/notices/aviso/stored-cross-= site-scripting-xss-apidog-web-platform" target=3D"_blank" rel=3D"noopener">= https://www.incibe.es/en/incibe-cert/notices/aviso/stored-cross-site-script= ing-xss-apidog-web-platform</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">n/a--Tinyfilemanager 2.6</td>
<td>Tiny File Manager through 2.6 contains a server-side request forgery (S= SRF) vulnerability in the URL upload feature. Due to insufficient validatio=
n of user-supplied URLs, an attacker can send crafted requests to localhost=
by using http://www.127.0.0.1.example.com/ or a similarly constructed doma=
in name. This may lead to unauthorized port scanning or access to internal-= only services.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-46651" target=3D= "_blank" rel=3D"noopener">CVE-2025-46651</a></td>

<a href=3D"https://github.com/prasathmani/tinyfilemanager/blob/master/tinyf= ilemanager.php#L608" target=3D"_blank" rel=3D"noopener">https://github.com/= prasathmani/tinyfilemanager/blob/master/tinyfilemanager.php#L608</a> <a = href=3D"https://github.com/RobertoLuzanilla/tinyfilemanager-security-adviso= ries/blob/main/CVE-2025-46651.md" target=3D"_blank" rel=3D"noopener">https:= //github.com/RobertoLuzanilla/tinyfilemanager-security-advisories/blob/main= /CVE-2025-46651.md</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">golang.org/x/net--golang.org/x/net/html</td> <td>The html.Parse function in golang.org/x/net/html has quadratic parsing = complexity when processing certain inputs, which can lead to denial of serv= ice (DoS) if an attacker provides specially crafted HTML content.</td> <td>2026-02-05</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-47911" target=3D= "_blank" rel=3D"noopener">CVE-2025-47911</a></td>

<a href=3D"https://go.dev/cl/709876" target=3D"_blank" rel=3D"noopener">htt= ps://go.dev/cl/709876</a> <a href=3D"https://github.com/golang/vulndb/is= sues/4440" target=3D"_blank" rel=3D"noopener">https://github.com/golang/vul= ndb/issues/4440</a> <a href=3D"https://groups.google.com/g/golang-announ= ce/c/jnQcOYpiR2c" target=3D"_blank" rel=3D"noopener">https://groups.google.= com/g/golang-announce/c/jnQcOYpiR2c</a> <a href=3D"https://pkg.go.dev/vu= ln/GO-2026-4440" target=3D"_blank" rel=3D"noopener">https://pkg.go.dev/vuln= /GO-2026-4440</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">n/a--Beijing YouDataSum Tech</td>
<td>YouDataSum CPAS Audit Management System <=3Dv4.9 is vulnerable to SQ=
L Injection in /cpasList/findArchiveReportByDah due to insufficient input v= alidation. This allows remote unauthenticated attackers to execute arbitrar=
y SQL commands via crafted input to the parameter. Successful exploitation = could lead to unauthorized data access</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-57529" target=3D= "_blank" rel=3D"noopener">CVE-2025-57529</a></td>

<a href=3D"https://github.com/songqb-xx/CPAS-bug" target=3D"_blank" rel=3D"= noopener">https://github.com/songqb-xx/CPAS-bug</a> <a href=3D"https://g= ithub.com/songqb-xx/CVE-2025-57529/blob/main/README.md" target=3D"_blank" r= el=3D"noopener">https://github.com/songqb-xx/CVE-2025-57529/blob/main/READM= E.md</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">TP-Link Systems Inc.--Archer AX53 v1.0</td> <td>Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (t= mpserver modules) allows authenticated adjacent attackers to=C2=A0cause a s= egmentation fault or potentially execute arbitrary code via a specially cra= fted set of network packets containing an excessive number of host entries = This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120.</td> <td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-58077" target=3D= "_blank" rel=3D"noopener">CVE-2025-58077</a></td>

<a href=3D"https://talosintelligence.com/vulnerability_reports/" target=3D"= _blank" rel=3D"noopener">https://talosintelligence.com/vulnerability_report= s/</a> <a href=3D"https://www.tp-link.com/en/support/download/archer-ax5= 3/v1/#Firmware" target=3D"_blank" rel=3D"noopener">https://www.tp-link.com/= en/support/download/archer-ax53/v1/#Firmware</a> <a href=3D"https://www.= tp-link.com/my/support/download/archer-ax53/v1/#Firmware" target=3D"_blank"=
rel=3D"noopener">https://www.tp-link.com/my/support/download/archer-ax53/v= 1/#Firmware</a> <a href=3D"https://www.tp-link.com/us/support/faq/4943/"=
target=3D"_blank" rel=3D"noopener">https://www.tp-link.com/us/support/faq/= 4943/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">golang.org/x/net--golang.org/x/net/html</td> <td>The html.Parse function in golang.org/x/net/html has an infinite parsin=
g loop when processing certain inputs, which can lead to denial of service = (DoS) if an attacker provides specially crafted HTML content.</td> <td>2026-02-05</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-58190" target=3D= "_blank" rel=3D"noopener">CVE-2025-58190</a></td>

<a href=3D"https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c" targe= t=3D"_blank" rel=3D"noopener">https://groups.google.com/g/golang-announce/c= /jnQcOYpiR2c</a> <a href=3D"https://github.com/golang/vulndb/issues/4441=
" target=3D"_blank" rel=3D"noopener">https://github.com/golang/vulndb/issue= s/4441</a> <a href=3D"https://go.dev/cl/709875" target=3D"_blank" rel=3D= "noopener">https://go.dev/cl/709875</a> <a href=3D"https://pkg.go.dev/vu= ln/GO-2026-4441" target=3D"_blank" rel=3D"noopener">https://pkg.go.dev/vuln= /GO-2026-4441</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Semiconductor[.]Samsung[.]com--Processor Exyno= s</td>
<td>An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor=
and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580=
, W920, W930 and W1000. There is unbounded memory allocation via a large bu= ffer in a /proc/driver/unifi0/send_delts write operation, leading to kernel=
memory exhaustion.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-58340" target=3D= "_blank" rel=3D"noopener">CVE-2025-58340</a></td>

<a href=3D"https://semiconductor.samsung.com/support/quality-support/produc= t-security-updates/" target=3D"_blank" rel=3D"noopener">https://semiconduct= or.samsung.com/support/quality-support/product-security-updates/</a> <a = href=3D"https://semiconductor.samsung.com/support/quality-support/product-s= ecurity-updates/cve-2025-58340/" target=3D"_blank" rel=3D"noopener">https:/= /semiconductor.samsung.com/support/quality-support/product-security-updates= /cve-2025-58340/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Semiconductor[.]Samsung[.]com--Processor Exyno= s</td>
<td>An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor=
and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580=
, W920, W930 and W1000. There is unbounded memory allocation via a large bu= ffer in a /proc/driver/unifi0/ap_cert_disable_ht_vht write operation, leadi=
ng to kernel memory exhaustion.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-58341" target=3D= "_blank" rel=3D"noopener">CVE-2025-58341</a></td>

<a href=3D"https://semiconductor.samsung.com/support/quality-support/produc= t-security-updates/" target=3D"_blank" rel=3D"noopener">https://semiconduct= or.samsung.com/support/quality-support/product-security-updates/</a> <a = href=3D"https://semiconductor.samsung.com/support/quality-support/product-s= ecurity-updates/cve-2025-58341/" target=3D"_blank" rel=3D"noopener">https:/= /semiconductor.samsung.com/support/quality-support/product-security-updates= /cve-2025-58341/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Semiconductor[.]Samsung[.]com--Processor Exyno= s</td>
<td>An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor=
and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580=
, W920, W930 and W1000. There is unbounded memory allocation via a large bu= ffer in a /proc/driver/unifi0/uapsd write operation, leading to kernel memo=
ry exhaustion.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-58342" target=3D= "_blank" rel=3D"noopener">CVE-2025-58342</a></td>

<a href=3D"https://semiconductor.samsung.com/support/quality-support/produc= t-security-updates/" target=3D"_blank" rel=3D"noopener">https://semiconduct= or.samsung.com/support/quality-support/product-security-updates/</a> <a = href=3D"https://semiconductor.samsung.com/support/quality-support/product-s= ecurity-updates/cve-2025-58342/" target=3D"_blank" rel=3D"noopener">https:/= /semiconductor.samsung.com/support/quality-support/product-security-updates= /cve-2025-58342/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Semiconductor[.]Samsung[.]com--Processor Exyno= s</td>
<td>An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor=
and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580=
, W920, W930 and W1000. There is unbounded memory allocation via a large bu= ffer in a /proc/driver/unifi0/create_tspec write operation, leading to kern=
el memory exhaustion.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-58343" target=3D= "_blank" rel=3D"noopener">CVE-2025-58343</a></td>

<a href=3D"https://semiconductor.samsung.com/support/quality-support/produc= t-security-updates/" target=3D"_blank" rel=3D"noopener">https://semiconduct= or.samsung.com/support/quality-support/product-security-updates/</a> <a = href=3D"https://semiconductor.samsung.com/support/quality-support/product-s= ecurity-updates/cve-2025-58343/" target=3D"_blank" rel=3D"noopener">https:/= /semiconductor.samsung.com/support/quality-support/product-security-updates= /cve-2025-58343/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Semiconductor[.]Samsung[.]com--Processor Exyno= s</td>
<td>An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor=
and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580=
, W920, W930 and W1000. There is unbounded memory allocation in a /proc/dri= ver/unifi0/conn_log_event_burst_to_us write operation, leading to kernel me= mory exhaustion.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-58344" target=3D= "_blank" rel=3D"noopener">CVE-2025-58344</a></td>

<a href=3D"https://semiconductor.samsung.com/support/quality-support/produc= t-security-updates/" target=3D"_blank" rel=3D"noopener">https://semiconduct= or.samsung.com/support/quality-support/product-security-updates/</a> <a = href=3D"https://semiconductor.samsung.com/support/quality-support/product-s= ecurity-updates/cve-2025-58344/" target=3D"_blank" rel=3D"noopener">https:/= /semiconductor.samsung.com/support/quality-support/product-security-updates= /cve-2025-58344/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Semiconductor[.]Samsung[.]com--Processor Exyno= s</td>
<td>An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor=
and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580=
, W920, W930 and W1000. There is unbounded memory allocation via a large bu= ffer in a /proc/driver/unifi0/ap_certif_11ax_mode write operation, leading =
to kernel memory exhaustion.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-58345" target=3D= "_blank" rel=3D"noopener">CVE-2025-58345</a></td>

<a href=3D"https://semiconductor.samsung.com/support/quality-support/produc= t-security-updates/" target=3D"_blank" rel=3D"noopener">https://semiconduct= or.samsung.com/support/quality-support/product-security-updates/</a> <a = href=3D"https://semiconductor.samsung.com/support/quality-support/product-s= ecurity-updates/cve-2025-58345/" target=3D"_blank" rel=3D"noopener">https:/= /semiconductor.samsung.com/support/quality-support/product-security-updates= /cve-2025-58345/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Semiconductor[.]Samsung[.]com--Processor Exyno= s</td>
<td>An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor=
and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580=
, W920, W930 and W1000. There is unbounded memory allocation via a large bu= ffer in a /proc/driver/unifi0/send_addts write operation, leading to kernel=
memory exhaustion.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-58346" target=3D= "_blank" rel=3D"noopener">CVE-2025-58346</a></td>

<a href=3D"https://semiconductor.samsung.com/support/quality-support/produc= t-security-updates/" target=3D"_blank" rel=3D"noopener">https://semiconduct= or.samsung.com/support/quality-support/product-security-updates/</a> <a = href=3D"https://semiconductor.samsung.com/support/quality-support/product-s= ecurity-updates/cve-2025-58346/" target=3D"_blank" rel=3D"noopener">https:/= /semiconductor.samsung.com/support/quality-support/product-security-updates= /cve-2025-58346/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Semiconductor[.]Samsung[.]com--Processor Exyno= s</td>
<td>An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor=
and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580=
, W920, W930 and W1000. There is unbounded memory allocation via a large bu= ffer in a /proc/driver/unifi0/p2p_certif write operation, leading to kernel=
memory exhaustion.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-58347" target=3D= "_blank" rel=3D"noopener">CVE-2025-58347</a></td>

<a href=3D"https://semiconductor.samsung.com/support/quality-support/produc= t-security-updates/" target=3D"_blank" rel=3D"noopener">https://semiconduct= or.samsung.com/support/quality-support/product-security-updates/</a> <a = href=3D"https://semiconductor.samsung.com/support/quality-support/product-s= ecurity-updates/cve-2025-58347/" target=3D"_blank" rel=3D"noopener">https:/= /semiconductor.samsung.com/support/quality-support/product-security-updates= /cve-2025-58347/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Semiconductor[.]Samsung[.]com--Processor Exyno= s</td>
<td>An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor=
and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580=
, W920, W930 and W1000. There is unbounded memory allocation via a large bu= ffer in a /proc/driver/unifi0/confg_tspec write operation, leading to kerne=
l memory exhaustion.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-58348" target=3D= "_blank" rel=3D"noopener">CVE-2025-58348</a></td>

<a href=3D"https://semiconductor.samsung.com/support/quality-support/produc= t-security-updates/" target=3D"_blank" rel=3D"noopener">https://semiconduct= or.samsung.com/support/quality-support/product-security-updates/</a> <a = href=3D"https://semiconductor.samsung.com/support/quality-support/product-s= ecurity-updates/cve-2025-58348" target=3D"_blank" rel=3D"noopener">https://= semiconductor.samsung.com/support/quality-support/product-security-updates/= cve-2025-58348</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Brocade--Fabric OS</td>
<td>Brocade Fabric OS before 9.2.1 has a vulnerability that could allow a l= ocal authenticated attacker to reveal command line passwords using commands=
that may expose higher privilege sensitive information by a lower privileg=
ed user.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-58379" target=3D= "_blank" rel=3D"noopener">CVE-2025-58379</a></td>

<a href=3D"https://support.broadcom.com/web/ecx/support-content-notificatio= n/-/external/content/SecurityAdvisories/0/36850" target=3D"_blank" rel=3D"n= oopener">https://support.broadcom.com/web/ecx/support-content-notification/= -/external/content/SecurityAdvisories/0/36850</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Brocade--Fabric OS</td>
<td>A vulnerability in Brocade Fabric OS before 9.2.1 could allow an authen= ticated attacker with admin privileges using the shell command "grep" to mo= dify the path variables and move upwards in the directory structure or to t= raverse to different directories.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-58380" target=3D= "_blank" rel=3D"noopener">CVE-2025-58380</a></td>

<a href=3D"https://support.broadcom.com/web/ecx/support-content-notificatio= n/-/external/content/SecurityAdvisories/0/36854" target=3D"_blank" rel=3D"n= oopener">https://support.broadcom.com/web/ecx/support-content-notification/= -/external/content/SecurityAdvisories/0/36854</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Brocade--Fabric OS</td>
<td>A vulnerability in Brocade Fabric OS before 9.2.1c2 could allow an auth= enticated attacker with admin privileges using the shell commands "source, = ping6, sleep, disown, wait to modify the path variables and move upwards in=
the directory structure or to traverse to different directories.</td> <td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-58381" target=3D= "_blank" rel=3D"noopener">CVE-2025-58381</a></td>

<a href=3D"https://support.broadcom.com/web/ecx/support-content-notificatio= n/-/external/content/SecurityAdvisories/0/36853" target=3D"_blank" rel=3D"n= oopener">https://support.broadcom.com/web/ecx/support-content-notification/= -/external/content/SecurityAdvisories/0/36853</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Brocade--Fabric OS</td>
<td>A vulnerability in the secure configuration of authentication and manag= ement services in Brocade Fabric OS before Fabric OS 9.2.1c2 could allow an=
authenticated, remote attacker with administrative credentials to execute = arbitrary commands as root using "supportsave", "seccertmgmt", "configuploa=
d" command.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-58382" target=3D= "_blank" rel=3D"noopener">CVE-2025-58382</a></td>

<a href=3D"https://support.broadcom.com/web/ecx/support-content-notificatio= n/-/external/content/SecurityAdvisories/0/36849" target=3D"_blank" rel=3D"n= oopener">https://support.broadcom.com/web/ecx/support-content-notification/= -/external/content/SecurityAdvisories/0/36849</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Brocade--Fabric OS</td>
<td>A vulnerability in Brocade Fabric OS versions before 9.2.1c2 could allo=
w an administrator-level user to execute the bind command, to escalate priv= ileges and bypass security controls allowing the execution of arbitrary com= mands.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-58383" target=3D= "_blank" rel=3D"noopener">CVE-2025-58383</a></td>

<a href=3D"https://support.broadcom.com/web/ecx/support-content-notificatio= n/-/external/content/SecurityAdvisories/0/36878" target=3D"_blank" rel=3D"n= oopener">https://support.broadcom.com/web/ecx/support-content-notification/= -/external/content/SecurityAdvisories/0/36878</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">TP-Link Systems Inc.--Archer AX53 v1.0</td> <td>Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (t= mpserver modules) allows authenticated adjacent attackers to cause a segmen= tation fault or potentially execute arbitrary code via a specially crafted = network packet whose length exceeds the maximum expected value. This issue = affects Archer AX53 v1.0: through 1.3.1 Build 20241120.</td> <td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-58455" target=3D= "_blank" rel=3D"noopener">CVE-2025-58455</a></td>

<a href=3D"https://talosintelligence.com/vulnerability_reports/" target=3D"= _blank" rel=3D"noopener">https://talosintelligence.com/vulnerability_report= s/</a> <a href=3D"https://www.tp-link.com/en/support/download/archer-ax5= 3/v1/#Firmware" target=3D"_blank" rel=3D"noopener">https://www.tp-link.com/= en/support/download/archer-ax53/v1/#Firmware</a> <a href=3D"https://www.= tp-link.com/my/support/download/archer-ax53/v1/#Firmware" target=3D"_blank"=
rel=3D"noopener">https://www.tp-link.com/my/support/download/archer-ax53/v= 1/#Firmware</a> <a href=3D"https://www.tp-link.com/us/support/faq/4943/"=
target=3D"_blank" rel=3D"noopener">https://www.tp-link.com/us/support/faq/= 4943/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Semiconductor[.]Samsung[.]com--Processor Exyno= s</td>
<td>An issue was discovered in Samsung Mobile Processor, Wearable Processor=
and Modem Exynos 980, 990, 850, 1080, 9110, W920, W930, W1000 and Modem 51= 23. Incorrect handling of NAS Registration messages leads to a Denial of Se= rvice because of Improper Handling of Exceptional Conditions.</td> <td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-59439" target=3D= "_blank" rel=3D"noopener">CVE-2025-59439</a></td>

<a href=3D"https://semiconductor.samsung.com/support/quality-support/produc= t-security-updates/" target=3D"_blank" rel=3D"noopener">https://semiconduct= or.samsung.com/support/quality-support/product-security-updates/</a> <a = href=3D"https://semiconductor.samsung.com/support/quality-support/product-s= ecurity-updates/cve-2025-59439/" target=3D"_blank" rel=3D"noopener">https:/= /semiconductor.samsung.com/support/quality-support/product-security-updates= /cve-2025-59439/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">TP-Link Systems Inc.--Archer AX53 v1.0</td> <td>Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (t= mpserver modules) allows authenticated adjacent attackers to cause a segmen= tation fault or potentially execute arbitrary code via a specially crafted = network packet containing a field whose length exceeds the maximum expected=
value. This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120.<=

<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-59482" target=3D= "_blank" rel=3D"noopener">CVE-2025-59482</a></td>

<a href=3D"https://talosintelligence.com/vulnerability_reports/" target=3D"= _blank" rel=3D"noopener">https://talosintelligence.com/vulnerability_report= s/</a> <a href=3D"https://www.tp-link.com/en/support/download/archer-ax5= 3/v1/#Firmware" target=3D"_blank" rel=3D"noopener">https://www.tp-link.com/= en/support/download/archer-ax53/v1/#Firmware</a> <a href=3D"https://www.= tp-link.com/my/support/download/archer-ax53/v1/#Firmware" target=3D"_blank"=
rel=3D"noopener">https://www.tp-link.com/my/support/download/archer-ax53/v= 1/#Firmware</a> <a href=3D"https://www.tp-link.com/us/support/faq/4943/"=
target=3D"_blank" rel=3D"noopener">https://www.tp-link.com/us/support/faq/= 4943/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">TP-Link Systems Inc.--Archer AX53 v1.0</td> <td>Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (t= mpserver modules) allows authenticated adjacent attackers to cause a segmen= tation fault or potentially execute arbitrary code. The vulnerability arise=
s from improper validation of a packet field whose offset is used to determ= ine the write location in memory. By crafting a packet with a manipulated f= ield offset, an attacker can redirect writes to arbitrary memory locations.=
This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120.</td> <td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-59487" target=3D= "_blank" rel=3D"noopener">CVE-2025-59487</a></td>

<a href=3D"https://talosintelligence.com/vulnerability_reports/" target=3D"= _blank" rel=3D"noopener">https://talosintelligence.com/vulnerability_report= s/</a> <a href=3D"https://www.tp-link.com/en/support/download/archer-ax5= 3/v1/#Firmware" target=3D"_blank" rel=3D"noopener">https://www.tp-link.com/= en/support/download/archer-ax53/v1/#Firmware</a> <a href=3D"https://www.= tp-link.com/my/support/download/archer-ax53/v1/#Firmware" target=3D"_blank"=
rel=3D"noopener">https://www.tp-link.com/my/support/download/archer-ax53/v= 1/#Firmware</a> <a href=3D"https://www.tp-link.com/us/support/faq/4943/"=
target=3D"_blank" rel=3D"noopener">https://www.tp-link.com/us/support/faq/= 4943/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">NICE--NICE Chat</td>
<td>HTML injection vulnerability in NICE Chat. This vulnerability allows an=
attacker to inject and render arbitrary HTML content in email transcripts =
by modifying the 'firstName' and 'lastName' parameters during a chat sessio=
n. The injected HTML is included in the body of the email sent by the syste=
m, which could enable phishing attacks, impersonation, or credential theft.= </td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-59902" target=3D= "_blank" rel=3D"noopener">CVE-2025-59902</a></td>

<a href=3D"https://www.incibe.es/en/incibe-cert/notices/aviso/html-injectio= n-nice-chat" target=3D"_blank" rel=3D"noopener">https://www.incibe.es/en/in= cibe-cert/notices/aviso/html-injection-nice-chat</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">www[.]pchelpsoft[.]com--Avanquest Driver Updat=
er v.9</td>
<td>Insecure Permissions vulnerability in avanquest Driver Updater v.9.1.57= 803.1174 allows a local attacker to escalate privileges via the Driver Upda= ter Service windows component.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-60865" target=3D= "_blank" rel=3D"noopener">CVE-2025-60865</a></td>

<a href=3D"https://www.pchelpsoft.com/products/driver-updater/" target=3D"_= blank" rel=3D"noopener">https://www.pchelpsoft.com/products/driver-updater/= </a> <a href=3D"https://github.com/parad0x1334/CVE-Disclosures/tree/50e5= d2bf33b2926db2cb14d47d392b38ac619a41/Driver%20Updater%20-%20PCHelpsoft" tar= get=3D"_blank" rel=3D"noopener">https://github.com/parad0x1334/CVE-Disclosu= res/tree/50e5d2bf33b2926db2cb14d47d392b38ac619a41/Driver%20Updater%20-%20PC= Helpsoft</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">n/a--MediaCrush</td>
<td>An issue was discovered in MediaCrush thru 1.0.1 allowing remote unauth= enticated attackers to upload arbitrary files of any size to the /upload en= dpoint.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-61506" target=3D= "_blank" rel=3D"noopener">CVE-2025-61506</a></td>

<a href=3D"https://gist.github.com/pescada-dev/a046d36e8026bbaf1ee591c6dad0= d7e6" target=3D"_blank" rel=3D"noopener">https://gist.github.com/pescada-de= v/a046d36e8026bbaf1ee591c6dad0d7e6</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Wikimedia Foundation--MediaWiki</td> <td>Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is = associated with program files includes/Rest/Handler/PageHTMLHandler.Php. Th=
is issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.</td> <td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-61634" target=3D= "_blank" rel=3D"noopener">CVE-2025-61634</a></td>

<a href=3D"https://phabricator.wikimedia.org/T387478" target=3D"_blank" rel= =3D"noopener">https://phabricator.wikimedia.org/T387478</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Wikimedia Foundation--ConfirmEdit</td> <td>Vulnerability in Wikimedia Foundation ConfirmEdit. This vulnerability i=
s associated with program files includes/FancyCaptcha/ApiFancyCaptchaReload= .Php. This issue affects ConfirmEdit: *.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-61635" target=3D= "_blank" rel=3D"noopener">CVE-2025-61635</a></td>

<a href=3D"https://phabricator.wikimedia.org/T355073" target=3D"_blank" rel= =3D"noopener">https://phabricator.wikimedia.org/T355073</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Wikimedia Foundation--MediaWiki</td>
<td>Improper Neutralization of Input During Web Page Generation (XSS or 'Cr= oss-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This = vulnerability is associated with program files includes/htmlform/fields/HTM= LButtonField.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43= .4, 1.44.1.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-61636" target=3D= "_blank" rel=3D"noopener">CVE-2025-61636</a></td>

<a href=3D"https://phabricator.wikimedia.org/T394396" target=3D"_blank" rel= =3D"noopener">https://phabricator.wikimedia.org/T394396</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Wikimedia Foundation--MediaWiki</td>
<td>Improper Neutralization of Input During Web Page Generation (XSS or 'Cr= oss-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This = vulnerability is associated with program files resources/src/mediawiki.Acti= on/mediawiki.Action.Edit.Preview.Js, resources/src/mediawiki.Page.Preview.J=
s. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.</td=

<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-61637" target=3D= "_blank" rel=3D"noopener">CVE-2025-61637</a></td>

<a href=3D"https://phabricator.wikimedia.org/T394856" target=3D"_blank" rel= =3D"noopener">https://phabricator.wikimedia.org/T394856</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Wikimedia Foundation--MediaWiki</td>
<td>Improper Neutralization of Input During Web Page Generation (XSS or 'Cr= oss-site Scripting') vulnerability in Wikimedia Foundation MediaWiki, Wikim= edia Foundation Parsoid. This vulnerability is associated with program file=
s includes/parser/Sanitizer.Php, src/Core/Sanitizer.Php. This issue affects=
MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1; Parsoid: from * before 0= .16.6, 0.20.4, 0.21.1.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-61638" target=3D= "_blank" rel=3D"noopener">CVE-2025-61638</a></td>

<a href=3D"https://phabricator.wikimedia.org/T401099" target=3D"_blank" rel= =3D"noopener">https://phabricator.wikimedia.org/T401099</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Wikimedia Foundation--MediaWiki</td>
<td>Exposure of Sensitive Information to an Unauthorized Actor vulnerabilit=
y in Wikimedia Foundation MediaWiki. This vulnerability is associated with = program files includes/logging/ManualLogEntry.Php, includes/recentchanges/R= ecentChangeFactory.Php, includes/recentchanges/RecentChangeStore.Php. This = issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.</td> <td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-61639" target=3D= "_blank" rel=3D"noopener">CVE-2025-61639</a></td>

<a href=3D"https://phabricator.wikimedia.org/T280413" target=3D"_blank" rel= =3D"noopener">https://phabricator.wikimedia.org/T280413</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Wikimedia Foundation--MediaWiki</td>
<td>Improper Neutralization of Input During Web Page Generation (XSS or 'Cr= oss-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This = vulnerability is associated with program files resources/src/mediawiki.Rcfi= lters/ui/RclToOrFromWidget.Js. This issue affects MediaWiki: from * before = 1.39.14, 1.43.4, 1.44.1.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-61640" target=3D= "_blank" rel=3D"noopener">CVE-2025-61640</a></td>

<a href=3D"https://phabricator.wikimedia.org/T402075" target=3D"_blank" rel= =3D"noopener">https://phabricator.wikimedia.org/T402075</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Wikimedia Foundation--MediaWiki</td> <td>Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is = associated with program files includes/api/ApiQueryAllPages.Php. This issue=
affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.</td> <td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-61641" target=3D= "_blank" rel=3D"noopener">CVE-2025-61641</a></td>

<a href=3D"https://phabricator.wikimedia.org/T298690" target=3D"_blank" rel= =3D"noopener">https://phabricator.wikimedia.org/T298690</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Wikimedia Foundation--MediaWiki</td>
<td>Improper Neutralization of Input During Web Page Generation (XSS or 'Cr= oss-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This = vulnerability is associated with program files includes/htmlform/CodexHTMLF= orm.Php, includes/htmlform/fields/HTMLButtonField.Php. This issue affects M= ediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-61642" target=3D= "_blank" rel=3D"noopener">CVE-2025-61642</a></td>

<a href=3D"https://phabricator.wikimedia.org/T402313" target=3D"_blank" rel= =3D"noopener">https://phabricator.wikimedia.org/T402313</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Wikimedia Foundation--MediaWiki</td> <td>Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is = associated with program files includes/recentchanges/RecentChangeRCFeedNoti= fier.Php. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44= .1.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-61643" target=3D= "_blank" rel=3D"noopener">CVE-2025-61643</a></td>

<a href=3D"https://phabricator.wikimedia.org/T403757" target=3D"_blank" rel= =3D"noopener">https://phabricator.wikimedia.org/T403757</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Wikimedia Foundation--MediaWiki</td>
<td>Improper Neutralization of Input During Web Page Generation (XSS or 'Cr= oss-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This = vulnerability is associated with program files resources/src/mediawiki.Rcfi= lters/ui/WatchlistTopSectionWidget.Js. This issue affects MediaWiki: from *=
before > fb856ce9cf121e046305116852cca4899ecb48ca.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-61644" target=3D= "_blank" rel=3D"noopener">CVE-2025-61644</a></td>

<a href=3D"https://phabricator.wikimedia.org/T403411" target=3D"_blank" rel= =3D"noopener">https://phabricator.wikimedia.org/T403411</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Wikimedia Foundation--MediaWiki</td>
<td>Improper Neutralization of Input During Web Page Generation (XSS or 'Cr= oss-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This = vulnerability is associated with program files includes/pager/CodexTablePag= er.Php. This issue affects MediaWiki: from * before 1.44.1.</td> <td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-61645" target=3D= "_blank" rel=3D"noopener">CVE-2025-61645</a></td>

<a href=3D"https://phabricator.wikimedia.org/T403761" target=3D"_blank" rel= =3D"noopener">https://phabricator.wikimedia.org/T403761</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Wikimedia Foundation--MediaWiki</td> <td>Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is = associated with program files includes/RecentChanges/EnhancedChangesList.Ph=
p. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1.</td=

<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-61646" target=3D= "_blank" rel=3D"noopener">CVE-2025-61646</a></td>

<a href=3D"https://phabricator.wikimedia.org/T398706" target=3D"_blank" rel= =3D"noopener">https://phabricator.wikimedia.org/T398706</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Wikimedia Foundation--CheckUser</td> <td>Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is = associated with program files src/Api/Rest/Handler/UserInfoHandler.Php. Thi=
s issue affects CheckUser: from a3dc1bbcc33acbcca6831d6afaccbb1054c93a57, 0= 584eb2ad564648aa3ce9c555dd044dda02b55f4.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-61647" target=3D= "_blank" rel=3D"noopener">CVE-2025-61647</a></td>

<a href=3D"https://phabricator.wikimedia.org/T399093" target=3D"_blank" rel= =3D"noopener">https://phabricator.wikimedia.org/T399093</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Wikimedia Foundation--CheckUser</td>
<td>Improper Neutralization of Input During Web Page Generation (XSS or 'Cr= oss-site Scripting') vulnerability in Wikimedia Foundation CheckUser. This = vulnerability is associated with program files modules/ext.CheckUser.TempAc= counts/components/ShowIPButton.Vue, modules/ext.CheckUser.TempAccounts/Spec= ialBlock.Js. This issue affects CheckUser: from * before 1.44.1.</td> <td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-61648" target=3D= "_blank" rel=3D"noopener">CVE-2025-61648</a></td>

<a href=3D"https://phabricator.wikimedia.org/T402077" target=3D"_blank" rel= =3D"noopener">https://phabricator.wikimedia.org/T402077</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Wikimedia Foundation--CheckUser</td> <td>Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is = associated with program files src/Services/CheckUserUserInfoCardService.Php=
. This issue affects CheckUser: from 7cedd58781d261f110651b6af4f41d2d11ae73= 09.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-61649" target=3D= "_blank" rel=3D"noopener">CVE-2025-61649</a></td>

<a href=3D"https://phabricator.wikimedia.org/T397396" target=3D"_blank" rel= =3D"noopener">https://phabricator.wikimedia.org/T397396</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Wikimedia Foundation--CheckUser</td>
<td>Improper Neutralization of Input During Web Page Generation (XSS or 'Cr= oss-site Scripting') vulnerability in Wikimedia Foundation CheckUser. This = vulnerability is associated with program files src/Services/CheckUserUserIn= foCardService.Php. This issue affects CheckUser: from * before 795bf3332722= 06a0189050d975e94b70eb7dc507.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-61650" target=3D= "_blank" rel=3D"noopener">CVE-2025-61650</a></td>

<a href=3D"https://phabricator.wikimedia.org/T403289" target=3D"_blank" rel= =3D"noopener">https://phabricator.wikimedia.org/T403289</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Wikimedia Foundation--CheckUser</td>
<td>Improper Neutralization of Input During Web Page Generation (XSS or 'Cr= oss-site Scripting') vulnerability in Wikimedia Foundation CheckUser. This = vulnerability is associated with program files modules/ext.CheckUser/checku= ser/checkUserHelper/buildUserElement.Js. This issue affects CheckUser: from=
* before 1.44.1.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-61651" target=3D= "_blank" rel=3D"noopener">CVE-2025-61651</a></td>

<a href=3D"https://phabricator.wikimedia.org/T403408" target=3D"_blank" rel= =3D"noopener">https://phabricator.wikimedia.org/T403408</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Wikimedia Foundation--DiscussionTools</td> <td>Vulnerability in Wikimedia Foundation DiscussionTools. This issue affec=
ts DiscussionTools: from * before 1.43.4, 1.44.1.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-61652" target=3D= "_blank" rel=3D"noopener">CVE-2025-61652</a></td>

<a href=3D"https://phabricator.wikimedia.org/T397580" target=3D"_blank" rel= =3D"noopener">https://phabricator.wikimedia.org/T397580</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Wikimedia Foundation--TextExtracts</td> <td>Vulnerability in Wikimedia Foundation TextExtracts. This vulnerability =
is associated with program files includes/ApiQueryExtracts.Php. This issue = affects TextExtracts: from * before 1.39.14, 1.43.4, 1.44.1.</td> <td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-61653" target=3D= "_blank" rel=3D"noopener">CVE-2025-61653</a></td>

<a href=3D"https://phabricator.wikimedia.org/T397577" target=3D"_blank" rel= =3D"noopener">https://phabricator.wikimedia.org/T397577</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Wikimedia Foundation--Thanks</td> <td>Vulnerability in Wikimedia Foundation Thanks. This vulnerability is ass= ociated with program files includes/ThanksQueryHelper.Php. This issue affec=
ts Thanks: from * before 1.43.4, 1.44.1.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-61654" target=3D= "_blank" rel=3D"noopener">CVE-2025-61654</a></td>

<a href=3D"https://phabricator.wikimedia.org/T397497" target=3D"_blank" rel= =3D"noopener">https://phabricator.wikimedia.org/T397497</a> <a href=3D"h= ttps://nvd.nist.gov/vuln/detail/CVE-2025-62661" target=3D"_blank" rel=3D"no= opener">https://nvd.nist.gov/vuln/detail/CVE-2025-62661</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Wikimedia Foundation--VisualEditor</td> <td>Improper Neutralization of Input During Web Page Generation (XSS or 'Cr= oss-site Scripting') vulnerability in Wikimedia Foundation VisualEditor. Th=
is vulnerability is associated with program files includes/ApiVisualEditorE= dit.Php, modules/ve-mw/init/targets/ve.Init.Mw.DesktopArticleTarget.Js, mod= ules/ve-mw/ui/dialogs/ve.Ui.MWSaveDialog.Js. This issue affects VisualEdito=
r: from * before 1.39.14, 1.43.4, 1.44.1.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-61655" target=3D= "_blank" rel=3D"noopener">CVE-2025-61655</a></td>

<a href=3D"https://phabricator.wikimedia.org/T395858" target=3D"_blank" rel= =3D"noopener">https://phabricator.wikimedia.org/T395858</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Wikimedia Foundation--VisualEditor</td> <td>Improper Neutralization of Input During Web Page Generation (XSS or 'Cr= oss-site Scripting') vulnerability in Wikimedia Foundation VisualEditor. Th=
is vulnerability is associated with program files src/ce/ve.Ce.ClipboardHan= dler.Js. This issue affects VisualEditor: from * before 1.39.14, 1.43.4, 1.= 44.1.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-61656" target=3D= "_blank" rel=3D"noopener">CVE-2025-61656</a></td>

<a href=3D"https://phabricator.wikimedia.org/T397232" target=3D"_blank" rel= =3D"noopener">https://phabricator.wikimedia.org/T397232</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Wikimedia Foundation--Vector</td>
<td>Improper Neutralization of Input During Web Page Generation (XSS or 'Cr= oss-site Scripting') vulnerability in Wikimedia Foundation Vector. This vul= nerability is associated with program files resources/skins.Vector.Js/stick= yHeader.Js. This issue affects Vector: from * before 1.43.4, 1.44.1.</td> <td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-61657" target=3D= "_blank" rel=3D"noopener">CVE-2025-61657</a></td>

<a href=3D"https://phabricator.wikimedia.org/T398636" target=3D"_blank" rel= =3D"noopener">https://phabricator.wikimedia.org/T398636</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Wikimedia Foundation--CheckUser</td> <td>Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is = associated with program files src/GlobalContributions/GlobalContributionsPa= ger.Php. This issue affects CheckUser: from * before 1.43.4, 1.44.1.</td> <td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-61658" target=3D= "_blank" rel=3D"noopener">CVE-2025-61658</a></td>

<a href=3D"https://phabricator.wikimedia.org/T404805" target=3D"_blank" rel= =3D"noopener">https://phabricator.wikimedia.org/T404805</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Go toolchain--cmd/cgo</td>
<td>A discrepancy between how Go and C/C++ comments were parsed allowed for=
code smuggling into the resulting cgo binary.</td>
<td>2026-02-05</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-61732" target=3D= "_blank" rel=3D"noopener">CVE-2025-61732</a></td>

<a href=3D"https://go.dev/cl/734220" target=3D"_blank" rel=3D"noopener">htt= ps://go.dev/cl/734220</a> <a href=3D"https://go.dev/issue/76697" target= =3D"_blank" rel=3D"noopener">https://go.dev/issue/76697</a> <a href=3D"h= ttps://groups.google.com/g/golang-announce/c/K09ubi9FQFk" target=3D"_blank"=
rel=3D"noopener">https://groups.google.com/g/golang-announce/c/K09ubi9FQFk= </a> <a href=3D"https://pkg.go.dev/vuln/GO-2026-4433" target=3D"_blank" = rel=3D"noopener">https://pkg.go.dev/vuln/GO-2026-4433</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">TP-Link Systems Inc.--Archer AX53 v1.0</td> <td>Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (t= mpserver modules) allows authenticated adjacent attackers to cause a segmen= tation fault or potentially execute arbitrary code via a specially crafted = network packet containing an excessive number of fields with zero=E2=80=91l= ength values. This issue affects Archer AX53 v1.0: through 1.3.1 Build 2024= 1120.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-61944" target=3D= "_blank" rel=3D"noopener">CVE-2025-61944</a></td>

<a href=3D"https://talosintelligence.com/vulnerability_reports/" target=3D"= _blank" rel=3D"noopener">https://talosintelligence.com/vulnerability_report= s/</a> <a href=3D"https://www.tp-link.com/en/support/download/archer-ax5= 3/v1/#Firmware" target=3D"_blank" rel=3D"noopener">https://www.tp-link.com/= en/support/download/archer-ax53/v1/#Firmware</a> <a href=3D"https://www.= tp-link.com/my/support/download/archer-ax53/v1/#Firmware" target=3D"_blank"=
rel=3D"noopener">https://www.tp-link.com/my/support/download/archer-ax53/v= 1/#Firmware</a> <a href=3D"https://www.tp-link.com/us/support/faq/4943/"=
target=3D"_blank" rel=3D"noopener">https://www.tp-link.com/us/support/faq/= 4943/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">TP-Link Systems Inc.--Archer AX53 v1.0</td> <td>Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (t= mpserver modules) allows authenticated adjacent attackers to cause a segmen= tation fault or potentially execute arbitrary code via a specially crafted = network packet containing an excessive number of fields with zero=E2=80=91l= ength values. This issue affects Archer AX53 v1.0: through 1.3.1 Build 2024= 1120.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-61983" target=3D= "_blank" rel=3D"noopener">CVE-2025-61983</a></td>

<a href=3D"https://talosintelligence.com/vulnerability_reports/" target=3D"= _blank" rel=3D"noopener">https://talosintelligence.com/vulnerability_report= s/</a> <a href=3D"https://www.tp-link.com/en/support/download/archer-ax5= 3/v1/#Firmware" target=3D"_blank" rel=3D"noopener">https://www.tp-link.com/= en/support/download/archer-ax53/v1/#Firmware</a> <a href=3D"https://www.= tp-link.com/my/support/download/archer-ax53/v1/#Firmware" target=3D"_blank"=
rel=3D"noopener">https://www.tp-link.com/my/support/download/archer-ax53/v= 1/#Firmware</a> <a href=3D"https://www.tp-link.com/us/support/faq/4943/"=
target=3D"_blank" rel=3D"noopener">https://www.tp-link.com/us/support/faq/= 4943/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">run-llama--run-llama/llama_index</td>
<td>The `SimpleDirectoryReader` component in `llama_index.core` version 0.1= 2.23 suffers from uncontrolled memory consumption due to a resource managem= ent flaw. The vulnerability arises because the user-specified file limit (`= num_files_limit`) is applied after all files in a directory are loaded into=
memory. This can lead to memory exhaustion and degraded performance, parti= cularly in environments with limited resources. The issue is resolved in ve= rsion 0.12.41.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-6208" target=3D"= _blank" rel=3D"noopener">CVE-2025-6208</a></td>

<a href=3D"https://huntr.com/bounties/7d722bb6-6567-4608-8b23-f95048d7605a"=
target=3D"_blank" rel=3D"noopener">https://huntr.com/bounties/7d722bb6-656= 7-4608-8b23-f95048d7605a</a> <a href=3D"https://github.com/run-llama/lla= ma_index/commit/53614e2f7913c0e86b58add9470b3c900b6c60b2" target=3D"_blank"=
rel=3D"noopener">https://github.com/run-llama/llama_index/commit/53614e2f7= 913c0e86b58add9470b3c900b6c60b2</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">TP-Link Systems Inc.--Archer AX53 v1.0</td> <td>Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (t= mpserver modules) allows authenticated adjacent attackers to cause a segmen= tation fault or potentially execute arbitrary code via a specially crafted = network packet whose length exceeds the maximum expected value. This issue = affects Archer AX53 v1.0: through 1.3.1 Build 20241120.</td> <td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-62404" target=3D= "_blank" rel=3D"noopener">CVE-2025-62404</a></td>

<a href=3D"https://talosintelligence.com/vulnerability_reports/" target=3D"= _blank" rel=3D"noopener">https://talosintelligence.com/vulnerability_report= s/</a> <a href=3D"https://www.tp-link.com/en/support/download/archer-ax5= 3/v1/#Firmware" target=3D"_blank" rel=3D"noopener">https://www.tp-link.com/= en/support/download/archer-ax53/v1/#Firmware</a> <a href=3D"https://www.= tp-link.com/my/support/download/archer-ax53/v1/#Firmware" target=3D"_blank"=
rel=3D"noopener">https://www.tp-link.com/my/support/download/archer-ax53/v= 1/#Firmware</a> <a href=3D"https://www.tp-link.com/us/support/faq/4943/"=
target=3D"_blank" rel=3D"noopener">https://www.tp-link.com/us/support/faq/= 4943/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">TP-Link Systems Inc.--Archer AX53 v1.0</td> <td>Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (t= mpserver modules) allows authenticated adjacent attackers to cause a segmen= tation fault or potentially execute arbitrary code via a specially crafted = network packet containing a field whose length exceeds the maximum expected=
value. This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120.<=

<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-62405" target=3D= "_blank" rel=3D"noopener">CVE-2025-62405</a></td>

<a href=3D"https://talosintelligence.com/vulnerability_reports/" target=3D"= _blank" rel=3D"noopener">https://talosintelligence.com/vulnerability_report= s/</a> <a href=3D"https://www.tp-link.com/en/support/download/archer-ax5= 3/v1/#Firmware" target=3D"_blank" rel=3D"noopener">https://www.tp-link.com/= en/support/download/archer-ax53/v1/#Firmware</a> <a href=3D"https://www.= tp-link.com/my/support/download/archer-ax53/v1/#Firmware" target=3D"_blank"=
rel=3D"noopener">https://www.tp-link.com/my/support/download/archer-ax53/v= 1/#Firmware</a> <a href=3D"https://www.tp-link.com/us/support/faq/4943/"=
target=3D"_blank" rel=3D"noopener">https://www.tp-link.com/us/support/faq/= 4943/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">TP-Link Systems Inc.--Archer AX53 v1.0</td> <td>SSH Hostkey misconfiguration vulnerability in TP-Link Archer AX53 v1.0 = (tmpserver modules) allows attackers to obtain device credentials through a=
specially crafted man=E2=80=91in=E2=80=91the=E2=80=91middle (MITM) attack.= =C2=A0This could enable unauthorized access if captured credentials are reu= sed. This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120.</td=

<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-62501" target=3D= "_blank" rel=3D"noopener">CVE-2025-62501</a></td>

<a href=3D"https://talosintelligence.com/vulnerability_reports/" target=3D"= _blank" rel=3D"noopener">https://talosintelligence.com/vulnerability_report= s/</a> <a href=3D"https://www.tp-link.com/en/support/download/archer-ax5= 3/v1/#Firmware" target=3D"_blank" rel=3D"noopener">https://www.tp-link.com/= en/support/download/archer-ax53/v1/#Firmware</a> <a href=3D"https://www.= tp-link.com/my/support/download/archer-ax53/v1/#Firmware" target=3D"_blank"=
rel=3D"noopener">https://www.tp-link.com/my/support/download/archer-ax53/v= 1/#Firmware</a> <a href=3D"https://www.tp-link.com/us/support/faq/4943/"=
target=3D"_blank" rel=3D"noopener">https://www.tp-link.com/us/support/faq/= 4943/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">eProsima--Fast-DDS</td>
<td>Fast DDS is a C++ implementation of the DDS (Data Distribution Service)=
standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3= .3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Sub= message within an SPDP packet sent by a publisher causes an Out-Of-Memory (= OOM) condition, resulting in remote termination of Fast-DDS. If t he fields=
of PID_IDENTITY_TOKEN or PID_PERMISSION_TOKEN in the DATA Submessage - spe= cifically by tampering with the length field in readPropertySeq - are modif= ied, an integer overflow occurs, leading to an OOM during the resize operat= ion. Versi ons 3.4.1, 3.3.1, and 2.6.11 patch the issue.</td> <td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-62599" target=3D= "_blank" rel=3D"noopener">CVE-2025-62599</a></td>

<a href=3D"https://security-tracker.debian.org/tracker/CVE-2025-62599" targ= et=3D"_blank" rel=3D"noopener">https://security-tracker.debian.org/tracker/= CVE-2025-62599</a> <a href=3D"https://github.com/eProsima/Fast-DDS/commi= t/354218514d32beac963ff5c306f1cf159ee37c5f" target=3D"_blank" rel=3D"noopen= er">https://github.com/eProsima/Fast-DDS/commit/354218514d32beac963ff5c306f= 1cf159ee37c5f</a> <a href=3D"https://github.com/eProsima/Fast-DDS/commit= /ced3b6f92d928af1eae77d5fe889878128ad421a" target=3D"_blank" rel=3D"noopene= r">https://github.com/eProsima/Fast-DDS/commit/ced3b6f92d928af1eae77d5fe889= 878128ad421a</a> <a href=3D"https://github.com/eProsima/Fast-DDS/commit/= a726e6a5daba660418d1f7c05b6f203c17747d2b" target=3D"_blank" rel=3D"noopener= ">https://github.com/eProsima/Fast-DDS/commit/a726e6a5daba660418d1f7c05b6f2= 03c17747d2b</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">eProsima--Fast-DDS</td>
<td>Fast DDS is a C++ implementation of the DDS (Data Distribution Service)=
standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3= .3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Sub= message within an SPDP packet sent by a publisher causes an Out-Of-Memory (= OOM) condition, resulting in remote termination of Fast-DDS. If t he fields=
of PID_IDENTITY_TOKEN or PID_PERMISSION_TOKEN in the DATA Submessage - spe= cifically by tampering with the length field in readBinaryPropertySeq - are=
modified, an integer overflow occurs, leading to an OOM during the resize = operation. Versions 3.4.1, 3.3.1, and 2.6.11 patch the issue.</td> <td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-62600" target=3D= "_blank" rel=3D"noopener">CVE-2025-62600</a></td>

<a href=3D"https://security-tracker.debian.org/tracker/CVE-2025-62600" targ= et=3D"_blank" rel=3D"noopener">https://security-tracker.debian.org/tracker/= CVE-2025-62600</a> <a href=3D"https://github.com/eProsima/Fast-DDS/commi= t/354218514d32beac963ff5c306f1cf159ee37c5f" target=3D"_blank" rel=3D"noopen= er">https://github.com/eProsima/Fast-DDS/commit/354218514d32beac963ff5c306f= 1cf159ee37c5f</a> <a href=3D"https://github.com/eProsima/Fast-DDS/commit= /ced3b6f92d928af1eae77d5fe889878128ad421a" target=3D"_blank" rel=3D"noopene= r">https://github.com/eProsima/Fast-DDS/commit/ced3b6f92d928af1eae77d5fe889= 878128ad421a</a> <a href=3D"https://github.com/eProsima/Fast-DDS/commit/= a726e6a5daba660418d1f7c05b6f203c17747d2b" target=3D"_blank" rel=3D"noopener= ">https://github.com/eProsima/Fast-DDS/commit/a726e6a5daba660418d1f7c05b6f2= 03c17747d2b</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">eProsima--Fast-DDS</td>
<td>Fast DDS is a C++ implementation of the DDS (Data Distribution Service)=
standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3= .3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Sub= message within an SPDP packet sent by a publisher causes a heap buffer over= flow, resulting in remote termination of Fast-DDS. If the fields of `PID_ID= ENTITY_TOKEN` or `PID_PERMISSIONS_TOKEN` in the DATA Submessage - specifica= lly by tampering with the `str_size` value read by `readString` (called fro=
m `readBinaryProperty`) - are modified, a 32-bit integer overflow can occur=
, causing `std::vector::resize` to use an attacker-controlled size and quic= kly trigger heap buffer overflow and remote process term ination. Versions = 3.4.1, 3.3.1, and 2.6.11 patch the issue.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-62601" target=3D= "_blank" rel=3D"noopener">CVE-2025-62601</a></td>

<a href=3D"https://security-tracker.debian.org/tracker/CVE-2025-62601" targ= et=3D"_blank" rel=3D"noopener">https://security-tracker.debian.org/tracker/= CVE-2025-62601</a> <a href=3D"https://github.com/eProsima/Fast-DDS/commi= t/354218514d32beac963ff5c306f1cf159ee37c5f" target=3D"_blank" rel=3D"noopen= er">https://github.com/eProsima/Fast-DDS/commit/354218514d32beac963ff5c306f= 1cf159ee37c5f</a> <a href=3D"https://github.com/eProsima/Fast-DDS/commit= /ced3b6f92d928af1eae77d5fe889878128ad421a" target=3D"_blank" rel=3D"noopene= r">https://github.com/eProsima/Fast-DDS/commit/ced3b6f92d928af1eae77d5fe889= 878128ad421a</a> <a href=3D"https://github.com/eProsima/Fast-DDS/commit/= a726e6a5daba660418d1f7c05b6f203c17747d2b" target=3D"_blank" rel=3D"noopener= ">https://github.com/eProsima/Fast-DDS/commit/a726e6a5daba660418d1f7c05b6f2= 03c17747d2b</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">eProsima--Fast-DDS</td>
<td>Fast DDS is a C++ implementation of the DDS (Data Distribution Service)=
standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3= .3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Sub= message within an SPDP packet sent by a publisher causes a heap buffer over= flow, resulting in remote termination of Fast-DDS. If the fields of `PID_ID= ENTITY_TOKEN` or `PID_PERMISSIONS_TOKEN` in the DATA Submessage are tampere=
d with - specially `readOctetVector` reads an unchecked `vecsize` that is p= ropagated unchanged into `readData` as the `length` parameter - the attacke= r-contro lled `vecsize` can trigger a 32-bit integer overflow during the `l= ength` calculation. That overflow can cause large alloca tion attempt that = quickly leads to OOM, enabling a remotely-triggerable denial-of-service and=
remote process termination. Versions 3.4.1, 3.3.1, and 2.6.11 patch the is= sue.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-62602" target=3D= "_blank" rel=3D"noopener">CVE-2025-62602</a></td>

<a href=3D"https://security-tracker.debian.org/tracker/CVE-2025-62602" targ= et=3D"_blank" rel=3D"noopener">https://security-tracker.debian.org/tracker/= CVE-2025-62602</a> <a href=3D"https://github.com/eProsima/Fast-DDS/commi= t/354218514d32beac963ff5c306f1cf159ee37c5f" target=3D"_blank" rel=3D"noopen= er">https://github.com/eProsima/Fast-DDS/commit/354218514d32beac963ff5c306f= 1cf159ee37c5f</a> <a href=3D"https://github.com/eProsima/Fast-DDS/commit= /ced3b6f92d928af1eae77d5fe889878128ad421a" target=3D"_blank" rel=3D"noopene= r">https://github.com/eProsima/Fast-DDS/commit/ced3b6f92d928af1eae77d5fe889= 878128ad421a</a> <a href=3D"https://github.com/eProsima/Fast-DDS/commit/= a726e6a5daba660418d1f7c05b6f203c17747d2b" target=3D"_blank" rel=3D"noopener= ">https://github.com/eProsima/Fast-DDS/commit/a726e6a5daba660418d1f7c05b6f2= 03c17747d2b</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">eProsima--Fast-DDS</td>
<td>Fast DDS is a C++ implementation of the DDS (Data Distribution Service)=
standard of the OMG (Object Management Group ). ParticipantGenericMessage =
is the DDS Security control-message container that carries not only the han= dshake but also on going security-control traffic after the handshake, such=
as crypto-token exchange, rekeying, re-authentication, and token delivery = for newly appearing endpoints. On receive, the CDR parser is invoked first = and deserializes the `message_data` (i .e., the `DataHolderSeq`) via the `r= eadParticipantGenericMessage =E2=86=92 readDataHolderSeq` path. The `DataHo= lderSeq` is parsed sequentially: a sequence count (`uint32`), and for each = DataHolder the `class_id` string (e.g. `DDS:Auth:PKI-DH:1.0+Req`), string p= roperties (a sequence of key/value pairs), and binary properties (a name pl=
us an octet-vector). The parser operat es at a stateless level and does not=
know higher-layer state (for example, whether the handshake has already co= mpleted), s o it fully unfolds the structure before distinguishing legitima=
te from malformed traffic. Because RTPS permits duplicates, delays, and ret= ransmissions, a receiver must perform at least minimal structural parsing t=
o check identity and sequence n umbers before discarding or processing a me= ssage; the current implementation, however, does not "peek" only at a minim=
al header and instead parses the entire `DataHolderSeq`. As a result, prior=
to versions 3.4.1, 3.3.1, and 2.6.11, this parsi ng behavior can trigger a=
n out-of-memory condition and remotely terminate the process. Versions 3.4.=
1, 3.3.1, and 2.6.11 p atch the issue.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-62603" target=3D= "_blank" rel=3D"noopener">CVE-2025-62603</a></td>

<a href=3D"https://security-tracker.debian.org/tracker/CVE-2025-62603" targ= et=3D"_blank" rel=3D"noopener">https://security-tracker.debian.org/tracker/= CVE-2025-62603</a> <a href=3D"https://github.com/eProsima/Fast-DDS/commi= t/354218514d32beac963ff5c306f1cf159ee37c5f" target=3D"_blank" rel=3D"noopen= er">https://github.com/eProsima/Fast-DDS/commit/354218514d32beac963ff5c306f= 1cf159ee37c5f</a> <a href=3D"https://github.com/eProsima/Fast-DDS/commit= /ced3b6f92d928af1eae77d5fe889878128ad421a" target=3D"_blank" rel=3D"noopene= r">https://github.com/eProsima/Fast-DDS/commit/ced3b6f92d928af1eae77d5fe889= 878128ad421a</a> <a href=3D"https://github.com/eProsima/Fast-DDS/commit/= a726e6a5daba660418d1f7c05b6f203c17747d2b" target=3D"_blank" rel=3D"noopener= ">https://github.com/eProsima/Fast-DDS/commit/a726e6a5daba660418d1f7c05b6f2= 03c17747d2b</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Significant-Gravitas--AutoGPT</td>
<td>AutoGPT is a platform that allows users to create, deploy, and manage c= ontinuous artificial intelligence agents that automate complex workflows. P= rior to autogpt-platform-beta-v0.6.34, in RSSFeedBlock, the third-party lib= rary urllib.request.urlopen is used directly to access the URL, but the inp=
ut URL is not filtered, which will cause SSRF vulnerability. This issue has=
been patched in autogpt-platform-beta-v0.6.34.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-62615" target=3D= "_blank" rel=3D"noopener">CVE-2025-62615</a></td>

<a href=3D"https://github.com/Significant-Gravitas/AutoGPT/security/advisor= ies/GHSA-r55v-q5pc-j57f" target=3D"_blank" rel=3D"noopener">https://github.= com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-r55v-q5pc-j57f</a= > =C2=A0</td>
</tr>

<td class=3D"vendor-product">Significant-Gravitas--AutoGPT</td>
<td>AutoGPT is a platform that allows users to create, deploy, and manage c= ontinuous artificial intelligence agents that automate complex workflows. P= rior to autogpt-platform-beta-v0.6.34, in SendDiscordFileBlock, the third-p= arty library aiohttp.ClientSession().get is used directly to access the URL=
, but the input URL is not filtered, which will cause SSRF vulnerability. T= his issue has been patched in autogpt-platform-beta-v0.6.34.</td> <td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-62616" target=3D= "_blank" rel=3D"noopener">CVE-2025-62616</a></td>

<a href=3D"https://github.com/Significant-Gravitas/AutoGPT/security/advisor= ies/GHSA-ggc4-4fmm-9hmc" target=3D"_blank" rel=3D"noopener">https://github.= com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-ggc4-4fmm-9hmc</a= > =C2=A0</td>
</tr>

<td class=3D"vendor-product">TP-Link Systems Inc.--Archer AX53 v1.0</td> <td>Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (t= dpserver modules) allows adjacent attackers to cause a segmentation fault o=
r potentially execute arbitrary code via a specially crafted network packet=
containing a maliciously formed field. This issue affects Archer AX53 v1.0=
: through 1.3.1 Build 20241120.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-62673" target=3D= "_blank" rel=3D"noopener">CVE-2025-62673</a></td>

<a href=3D"https://talosintelligence.com/vulnerability_reports/" target=3D"= _blank" rel=3D"noopener">https://talosintelligence.com/vulnerability_report= s/</a> <a href=3D"https://www.tp-link.com/en/support/download/archer-ax5= 3/v1/#Firmware" target=3D"_blank" rel=3D"noopener">https://www.tp-link.com/= en/support/download/archer-ax53/v1/#Firmware</a> <a href=3D"https://www.= tp-link.com/my/support/download/archer-ax53/v1/#Firmware" target=3D"_blank"=
rel=3D"noopener">https://www.tp-link.com/my/support/download/archer-ax53/v= 1/#Firmware</a> <a href=3D"https://www.tp-link.com/us/support/faq/4943/"=
target=3D"_blank" rel=3D"noopener">https://www.tp-link.com/us/support/faq/= 4943/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">eProsima--Fast-DDS</td>
<td>Fast DDS is a C++ implementation of the DDS (Data Distribution Service)=
standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3= .3.1, and 2.6.11, a heap buffer overflow exists in the Fast-DDS DATA_FRAG r= eceive path. An un authenticated sender can transmit a single malformed RTP=
S DATA_FRAG packet where `fragmentSize` and `sampleSize` are craft ed to vi= olate internal assumptions. Due to a 4-byte alignment step during fragment = metadata initialization, the code write s past the end of the allocated pay= load buffer, causing immediate crash (DoS) and potentially enabling memory = corruption ( RCE risk). Versions 3.4.1, 3.3.1, and 2.6.11 patch the issue.<=

<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-62799" target=3D= "_blank" rel=3D"noopener">CVE-2025-62799</a></td>

<a href=3D"https://security-tracker.debian.org/tracker/CVE-2025-62799" targ= et=3D"_blank" rel=3D"noopener">https://security-tracker.debian.org/tracker/= CVE-2025-62799</a> <a href=3D"https://github.com/eProsima/Fast-DDS/commi= t/d6dd58f4ecd28cd1c3bc4ef0467be9110fa94659" target=3D"_blank" rel=3D"noopen= er">https://github.com/eProsima/Fast-DDS/commit/d6dd58f4ecd28cd1c3bc4ef0467= be9110fa94659</a> <a href=3D"https://github.com/eProsima/Fast-DDS/commit= /0c3824ef4991628de5dfba240669dc6172d63b46" target=3D"_blank" rel=3D"noopene= r">https://github.com/eProsima/Fast-DDS/commit/0c3824ef4991628de5dfba240669= dc6172d63b46</a> <a href=3D"https://github.com/eProsima/Fast-DDS/commit/= 955c8a15899dc6eb409e080fe7dc89e142d5a514" target=3D"_blank" rel=3D"noopener= ">https://github.com/eProsima/Fast-DDS/commit/955c8a15899dc6eb409e080fe7dc8= 9e142d5a514</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Articentgroup--Zip Rar Extractor 1.3</td> <td>Articentgroup Zip Rar Extractor Tool 1.345.93.0 is vulnerable to Direct= ory Traversal. The vulnerability resides in the ZIP file processing compone= nt, specifically in the functionality responsible for extracting and handli=
ng ZIP archive contents.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-63372" target=3D= "_blank" rel=3D"noopener">CVE-2025-63372</a></td>

<a href=3D"https://articentgroup.com/zip-rar-extractor-tool/" target=3D"_bl= ank" rel=3D"noopener">https://articentgroup.com/zip-rar-extractor-tool/</a>= =C2=A0</td>
</tr>

<td class=3D"vendor-product">Shandong Kede Electronics--Water meter monitor=
v.1</td>
<td>SQL Injection vulnerability in Shandong Kede Electronics Co., Ltd IoT s= mart water meter monitoring platform v.1.0 allows a remote attacker to exec= ute arbitrary code via the imei_list.aspx file.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-63624" target=3D= "_blank" rel=3D"noopener">CVE-2025-63624</a></td>

<a href=3D"https://github.com/songqb-xx/Internet-of-Things-Smart-Water-Mete= r-Monitoring-Platform-Unauthorized-RCE" target=3D"_blank" rel=3D"noopener">= https://github.com/songqb-xx/Internet-of-Things-Smart-Water-Meter-Monitorin= g-Platform-Unauthorized-RCE</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">eProsima--Fast-DDS</td>
<td>Fast DDS is a C++ implementation of the DDS (Data Distribution Service)=
standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3= .3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Sub= message within an SPDP packet sent by a publisher causes an Out-Of-Memory (= OOM) condition, resulting in remote termination of Fast-DDS. If t he fields=
of `PID_IDENTITY_TOKEN` or `PID_PERMISSIONS_TOKEN` in the DATA Submessage = are tampered with - specifically by ta mpering with the the `vecsize` value=
read by `readOctetVector` - a 32-bit integer overflow can occur, causing `= std::vector ::resize` to request an attacker-controlled size and quickly tr= igger OOM and remote process termination. Versions 3.4.1, 3 .3.1, and 2.6.1=
1 patch the issue.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-64098" target=3D= "_blank" rel=3D"noopener">CVE-2025-64098</a></td>

<a href=3D"https://security-tracker.debian.org/tracker/CVE-2025-64098" targ= et=3D"_blank" rel=3D"noopener">https://security-tracker.debian.org/tracker/= CVE-2025-64098</a> <a href=3D"https://github.com/eProsima/Fast-DDS/commi= t/354218514d32beac963ff5c306f1cf159ee37c5f" target=3D"_blank" rel=3D"noopen= er">https://github.com/eProsima/Fast-DDS/commit/354218514d32beac963ff5c306f= 1cf159ee37c5f</a> <a href=3D"https://github.com/eProsima/Fast-DDS/commit= /ced3b6f92d928af1eae77d5fe889878128ad421a" target=3D"_blank" rel=3D"noopene= r">https://github.com/eProsima/Fast-DDS/commit/ced3b6f92d928af1eae77d5fe889= 878128ad421a</a> <a href=3D"https://github.com/eProsima/Fast-DDS/commit/= a726e6a5daba660418d1f7c05b6f203c17747d2b" target=3D"_blank" rel=3D"noopener= ">https://github.com/eProsima/Fast-DDS/commit/a726e6a5daba660418d1f7c05b6f2= 03c17747d2b</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">gogs--gogs</td>
<td>Gogs is an open source self-hosted Git service. In version 0.13.3 and p= rior, due to the insufficient patch for CVE-2024-56731, it's still possible=
to update files in the .git directory and achieve remote command execution=
. This issue has been patched in versions 0.13.4 and 0.14.0+dev.</td> <td>2026-02-06</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-64111" target=3D= "_blank" rel=3D"noopener">CVE-2025-64111</a></td>

<a href=3D"https://github.com/gogs/gogs/security/advisories/GHSA-gg64-xxr9-= qhjp" target=3D"_blank" rel=3D"noopener">https://github.com/gogs/gogs/secur= ity/advisories/GHSA-gg64-xxr9-qhjp</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">gogs--gogs</td>
<td>Gogs is an open source self-hosted Git service. In version 0.13.3 and p= rior, Gogs' 2FA recovery code validation does not scope codes by user, enab= ling cross-account bypass. If an attacker knows a victim's username and pas= sword, they can use any unused recovery code (e.g., from their own account)=
to bypass the victim's 2FA. This enables full account takeover and renders=
2FA ineffective in all environments where it's enabled.. This issue has be=
en patched in versions 0.13.4 and 0.14.0+dev.</td>
<td>2026-02-06</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-64175" target=3D= "_blank" rel=3D"noopener">CVE-2025-64175</a></td>

<a href=3D"https://github.com/gogs/gogs/security/advisories/GHSA-p6x6-9mx6-= 26wj" target=3D"_blank" rel=3D"noopener">https://github.com/gogs/gogs/secur= ity/advisories/GHSA-p6x6-9mx6-26wj</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">eProsima--Fast-DDS</td>
<td>Fast DDS is a C++ implementation of the DDS (Data Distribution Service)=
standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3= .3.1, and 2.6.11, a remotely triggerable Out-of-Memory (OOM) denial-of-serv= ice exists in Fast -DDS when processing RTPS GAP submessages under RELIABLE=
QoS. By sending a tiny GAP packet with a huge gap range (`gapList .base - = gapStart`), an attacker drives `StatefulReader::processGapMsg()` into an un= bounded loop that inserts millions of s equence numbers into `WriterProxy::= changes_received_` (`std::set`), causing multi-GB heap growth and process t= ermination. No authentication is required beyond network reachability to th=
e reader on the DDS domain. In environments without an RSS limit (non-ASan =
/ unlimited), memory consumption was observed to rise to ~64 GB. Versions 3= .4.1, 3.3.1, and 2.6.11 patch t he issue.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-64438" target=3D= "_blank" rel=3D"noopener">CVE-2025-64438</a></td>

<a href=3D"https://security-tracker.debian.org/tracker/CVE-2025-64438" targ= et=3D"_blank" rel=3D"noopener">https://security-tracker.debian.org/tracker/= CVE-2025-64438</a> <a href=3D"https://github.com/eProsima/Fast-DDS/commi= t/0b0cb308eaeeb2175694aa0a0a723106824ce9a7" target=3D"_blank" rel=3D"noopen= er">https://github.com/eProsima/Fast-DDS/commit/0b0cb308eaeeb2175694aa0a0a7= 23106824ce9a7</a> <a href=3D"https://github.com/eProsima/Fast-DDS/commit= /71da01b4aea4d937558984f2cf0089f5ba3c871f" target=3D"_blank" rel=3D"noopene= r">https://github.com/eProsima/Fast-DDS/commit/71da01b4aea4d937558984f2cf00= 89f5ba3c871f</a> <a href=3D"https://github.com/eProsima/Fast-DDS/commit/= 8ca016134dac20b6e30e42b7b73466ef7cdbc213" target=3D"_blank" rel=3D"noopener= ">https://github.com/eProsima/Fast-DDS/commit/8ca016134dac20b6e30e42b7b7346= 6ef7cdbc213</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">decidim--decidim</td>
<td>Decidim is a participatory democracy framework. In versions from 0.30.0=
to before 0.30.4 and from 0.31.0.rc1 to before 0.31.0, the private data ex= ports can lead to data leaks in case the UUID generation, causing collision=
s for the generated UUIDs. This issue has been patched in versions 0.30.4 a=
nd 0.31.0.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-65017" target=3D= "_blank" rel=3D"noopener">CVE-2025-65017</a></td>

<a href=3D"https://github.com/decidim/decidim/security/advisories/GHSA-3cx6= -j9j4-54mp" target=3D"_blank" rel=3D"noopener">https://github.com/decidim/d= ecidim/security/advisories/GHSA-3cx6-j9j4-54mp</a> <a href=3D"https://gi= thub.com/decidim/decidim/pull/13571" target=3D"_blank" rel=3D"noopener">htt= ps://github.com/decidim/decidim/pull/13571</a> <a href=3D"https://github= .com/decidim/decidim/releases/tag/v0.30.4" target=3D"_blank" rel=3D"noopene= r">https://github.com/decidim/decidim/releases/tag/v0.30.4</a> <a href= =3D"https://github.com/decidim/decidim/releases/tag/v0.31.0" target=3D"_bla= nk" rel=3D"noopener">https://github.com/decidim/decidim/releases/tag/v0.31.= 0</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Lexmark--MXTCT, MSNGM, MSTGM, MXNGM, MXTGM, CS= NGV, CSTGV, CXTGV, MSNGW, MSTGW, MXTGW, CSTLS, CXTLS, MXTLS, CSTMM, CXTMM, = CSTPC, CXTPC, MXTPM, MSNSN, MSTSN, MXTSN, CSNZJ, CSTZJ, CXNZJ, CXTZJ</td>
<td>A relative path traversal vulnerability has been identified in the Embe= dded Solutions Framework in various Lexmark devices. This vulnerability can=
be leveraged by an attacker to execute arbitrary code as an unprivileged u= ser.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-65077" target=3D= "_blank" rel=3D"noopener">CVE-2025-65077</a></td>

<a href=3D"https://www.lexmark.com/en_us/solutions/security/lexmark-securit= y-advisories.html" target=3D"_blank" rel=3D"noopener">https://www.lexmark.c= om/en_us/solutions/security/lexmark-security-advisories.html</a> =C2=A0<=

</tr>

<td class=3D"vendor-product">Lexmark--MXTCT, MSNGM, MSTGM, MXNGM, MXTGM, CS= NGV, CSTGV, CXTGV, MSNGW, MSTGW, MXTGW, CSTLS, CXTLS, MXTLS, CSTMM, CXTMM, = CSTPC, CXTPC, MXTPM, MSNSN, MSTSN, MXTSN, CSNZJ, CSTZJ, CXNZJ, CXTZJ</td> <td>An untrusted search path vulnerability has been identified in the Embed= ded Solutions Framework in various Lexmark devices. This vulnerability can =
be leveraged by an attacker to execute arbitrary code.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-65078" target=3D= "_blank" rel=3D"noopener">CVE-2025-65078</a></td>

<a href=3D"https://www.lexmark.com/en_us/solutions/security/lexmark-securit= y-advisories.html" target=3D"_blank" rel=3D"noopener">https://www.lexmark.c= om/en_us/solutions/security/lexmark-security-advisories.html</a> =C2=A0<=

</tr>

<td class=3D"vendor-product">Lexmark--MXTCT, MSNGM, MSTGM, MXNGM, MXTGM, CS= NGV, CSTGV, CXTGV, MSNGW, MSTGW, MXTGW, CSTLS, CXTLS, MXTLS, CSTMM, CXTMM, = CSTPC, CXTPC, MXTPM, MSNSN, MSTSN, MXTSN, CSNZJ, CSTZJ, CXNZJ, CXTZJ</td>
<td>A heap-based buffer overflow vulnerability has been identified in the P= ostscript interpreter in various Lexmark devices. This vulnerability can be=
leveraged by an attacker to execute arbitrary code as an unprivileged user= .</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-65079" target=3D= "_blank" rel=3D"noopener">CVE-2025-65079</a></td>

<a href=3D"https://www.lexmark.com/en_us/solutions/security/lexmark-securit= y-advisories.html" target=3D"_blank" rel=3D"noopener">https://www.lexmark.c= om/en_us/solutions/security/lexmark-security-advisories.html</a> =C2=A0<=

</tr>

<td class=3D"vendor-product">Lexmark--MXTCT, MSNGM, MSTGM, MXNGM, MXTGM, CS= NGV, CSTGV, CXTGV, MSNGW, MSTGW, MXTGW, CSTLS, CXTLS, MXTLS, CSTMM, CXTMM, = CSTPC, CXTPC, MXTPM, MSNSN, MSTSN, MXTSN, CSNZJ, CSTZJ, CXNZJ, CXTZJ</td>
<td>A type confusion vulnerability has been identified in the Postscript in= terpreter in various Lexmark devices. This vulnerability can be leveraged b=
y an attacker to execute arbitrary code as an unprivileged user.</td> <td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-65080" target=3D= "_blank" rel=3D"noopener">CVE-2025-65080</a></td>

<a href=3D"https://www.lexmark.com/en_us/solutions/security/lexmark-securit= y-advisories.html" target=3D"_blank" rel=3D"noopener">https://www.lexmark.c= om/en_us/solutions/security/lexmark-security-advisories.html</a> =C2=A0<=

</tr>

<td class=3D"vendor-product">Lexmark--MXTCT, MSNGM, MSTGM, MXNGM, MXTGM, CS= NGV, CSTGV, CXTGV, MSNGW, MSTGW, MXTGW, CSTLS, CXTLS, MXTLS, CSTMM, CXTMM, = CSTPC, CXTPC, MXTPM, MSNSN, MSTSN, MXTSN, CSNZJ, CSTZJ, CXNZJ, CXTZJ</td> <td>An out-of-bounds read vulnerability has been identified in the Postscri=
pt interpreter in various Lexmark devices. This vulnerability can be levera= ged by an attacker to execute arbitrary code as an unprivileged user.</td> <td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-65081" target=3D= "_blank" rel=3D"noopener">CVE-2025-65081</a></td>

<a href=3D"https://www.lexmark.com/en_us/solutions/security/lexmark-securit= y-advisories.html" target=3D"_blank" rel=3D"noopener">https://www.lexmark.c= om/en_us/solutions/security/lexmark-security-advisories.html</a> =C2=A0<=

</tr>

<td class=3D"vendor-product">Wikimedia Foundation--MediaWiki</td> <td>Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is = associated with program files includes/specials/pagers/BlockListPager.Php. = This issue affects MediaWiki: >=3D 1.42.0.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-6589" target=3D"= _blank" rel=3D"noopener">CVE-2025-6589</a></td>

<a href=3D"https://phabricator.wikimedia.org/T391343" target=3D"_blank" rel= =3D"noopener">https://phabricator.wikimedia.org/T391343</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Wikimedia Foundation--MediaWiki</td>
<td>Exposure of Sensitive Information to an Unauthorized Actor vulnerabilit=
y in Wikimedia Foundation MediaWiki. This vulnerability is associated with = program files includes/htmlform/fields/HTMLUserTextField.Php. This issue af= fects MediaWiki: from * through 1.39.12, 1.42.76 1.43.1, 1.44.0.</td> <td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-6590" target=3D"= _blank" rel=3D"noopener">CVE-2025-6590</a></td>

<a href=3D"https://phabricator.wikimedia.org/T392746" target=3D"_blank" rel= =3D"noopener">https://phabricator.wikimedia.org/T392746</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Wikimedia Foundation--MediaWiki</td> <td>Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is = associated with program files includes/api/ApiFeedContributions.Php. This i= ssue affects MediaWiki: from * before 1.39.13, 1.42.7 1.43.2, 1.44.0.</td> <td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-6591" target=3D"= _blank" rel=3D"noopener">CVE-2025-6591</a></td>

<a href=3D"https://phabricator.wikimedia.org/T392276" target=3D"_blank" rel= =3D"noopener">https://phabricator.wikimedia.org/T392276</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Wikimedia Foundation--AbuseFilter</td> <td>Vulnerability in Wikimedia Foundation AbuseFilter. This vulnerability i=
s associated with program files includes/auth/AuthManager.Php. This issue a= ffects AbuseFilter: from fe0b1cb9e9691faf4d8d9bd80646589f6ec37615 before 1.= 43.2, 1.44.0.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-6592" target=3D"= _blank" rel=3D"noopener">CVE-2025-6592</a></td>

<a href=3D"https://phabricator.wikimedia.org/T391218" target=3D"_blank" rel= =3D"noopener">https://phabricator.wikimedia.org/T391218</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">n/a--ERPNext</td>
<td>A Stored Cross-Site Scripting (XSS) vulnerability was discovered within=
the CSV import mechanism of ERPNext thru 15.88.1 when using the Update Exi= sting Recordsoption. An attacker can embed malicious JavaScript code into a=
CSV field, which is then stored in the database and executed whenever the = affected record is viewed by a user within the ERPNext web interface. This = exposure may allow an attacker to compromise user sessions or perform unaut= horized actions under the context of a victim's account.</td> <td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-65923" target=3D= "_blank" rel=3D"noopener">CVE-2025-65923</a></td>

<a href=3D"https://github.com/frappe/frappe_docker.git" target=3D"_blank" r= el=3D"noopener">https://github.com/frappe/frappe_docker.git</a> =C2=A0</=

</tr>

<td class=3D"vendor-product">n/a--ERPNext</td>
<td>ERPNext thru 15.88.1 does not sanitize or remove certain HTML tags spec= ifically `<a>` hyperlinks in fields that are intended for plain text.=
Although JavaScript is blocked (preventing XSS), the HTML is still preserv=
ed in the generated PDF document. As a result, an attacker can inject malic= ious clickable links into an ERP-generated PDF. Since PDF files generated b=
y the ERP system are generally considered trustworthy, users are highly lik= ely to click these links, potentially enabling phishing attacks or malware = delivery. This issue occurs in the Add Quality Goal' function.</td> <td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-65924" target=3D= "_blank" rel=3D"noopener">CVE-2025-65924</a></td>

<a href=3D"https://github.com/frappe/frappe_docker.git" target=3D"_blank" r= el=3D"noopener">https://github.com/frappe/frappe_docker.git</a> =C2=A0</=

</tr>

<td class=3D"vendor-product">Wikimedia Foundation--MediaWiki</td> <td>Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is = associated with program files includes/user/User.Php. This issue affects Me= diaWiki: from 1.27.0 before 1.39.13, 1.42.7 1.43.2, 1.44.0.</td> <td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-6593" target=3D"= _blank" rel=3D"noopener">CVE-2025-6593</a></td>

<a href=3D"https://phabricator.wikimedia.org/T396230" target=3D"_blank" rel= =3D"noopener">https://phabricator.wikimedia.org/T396230</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Wikimedia Foundation--MediaWiki</td>
<td>Improper Neutralization of Input During Web Page Generation (XSS or 'Cr= oss-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This = vulnerability is associated with program files resources/src/mediawiki.Spec= ial.Apisandbox/ApiSandbox.Js. This issue affects MediaWiki: from 1.27.0 bef= ore 1.39.13, 1.42.7 1.43.2, 1.44.0.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-6594" target=3D"= _blank" rel=3D"noopener">CVE-2025-6594</a></td>

<a href=3D"https://phabricator.wikimedia.org/T395063" target=3D"_blank" rel= =3D"noopener">https://phabricator.wikimedia.org/T395063</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Wikimedia Foundation--MultimediaViewer</td> <td>Improper Neutralization of Input During Web Page Generation (XSS or 'Cr= oss-site Scripting') vulnerability in Wikimedia Foundation MultimediaViewer=
. This issue affects MultimediaViewer: from * before 1.39.13, 1.42.7, 1.43.=
2, 1.44.0.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-6595" target=3D"= _blank" rel=3D"noopener">CVE-2025-6595</a></td>

<a href=3D"https://phabricator.wikimedia.org/T394863" target=3D"_blank" rel= =3D"noopener">https://phabricator.wikimedia.org/T394863</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Wikimedia Foundation--Vector</td>
<td>Improper Neutralization of Input During Web Page Generation (XSS or 'Cr= oss-site Scripting') vulnerability in Wikimedia Foundation Vector. This vul= nerability is associated with program files resources/skins.Vector.Js/portl= ets.Js, resources/skins.Vector.Legacy.Js/portlets.Js. This issue affects Ve= ctor: from >=3D 1.40.0 before 1.42.7, 1.43.2, 1.44.0.</td> <td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-6596" target=3D"= _blank" rel=3D"noopener">CVE-2025-6596</a></td>

<a href=3D"https://phabricator.wikimedia.org/T396685" target=3D"_blank" rel= =3D"noopener">https://phabricator.wikimedia.org/T396685</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Wikimedia Foundation--MediaWiki</td> <td>Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is = associated with program files includes/auth/AuthManager.Php. This issue aff= ects MediaWiki: from * before 1.39.13, 1.42.7, 1.43.2, 1.44.0.</td> <td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-6597" target=3D"= _blank" rel=3D"noopener">CVE-2025-6597</a></td>

<a href=3D"https://phabricator.wikimedia.org/T389009" target=3D"_blank" rel= =3D"noopener">https://phabricator.wikimedia.org/T389009</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">CyberArk--CyberArk Endpoint Agent v25.10.0</td=

<td>CyberArk Endpoint Privilege Manager Agent through 25.10.0 allows a loca=
l user to achieve privilege escalation through policy elevation of an Admin= istration task.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-66374" target=3D= "_blank" rel=3D"noopener">CVE-2025-66374</a></td>

<a href=3D"https://www.cyberark.com/product-security/" target=3D"_blank" re= l=3D"noopener">https://www.cyberark.com/product-security/</a> <a href=3D= "https://www.cyberark.com/ca26-01" target=3D"_blank" rel=3D"noopener">https= ://www.cyberark.com/ca26-01</a> <a href=3D"https://docs.cyberark.com/epm= /latest/en/content/release%20notes/rn-whatsnew25-12.htm#Security" target=3D= "_blank" rel=3D"noopener">https://docs.cyberark.com/epm/latest/en/content/r= elease%20notes/rn-whatsnew25-12.htm#Security</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">TOTOlink--A950RG Router</td>
<td>TOTOLINK A950RG V4.1.2cu.5204_B20210112 contains a buffer overflow vuln= erability in the setUrlFilterRules interface of /lib/cste_modules/firewall.= so. The vulnerability occurs because the `url` parameter is not properly va= lidated for length, allowing remote attackers to trigger a buffer overflow,=
potentially leading to arbitrary code execution or denial of service.</td> <td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-67186" target=3D= "_blank" rel=3D"noopener">CVE-2025-67186</a></td>

<a href=3D"https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/= main/ToTolink/A950RG/5024-setUrlFliterRules-url-buffer.md" target=3D"_blank=
" rel=3D"noopener">https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishI= OT/blob/main/ToTolink/A950RG/5024-setUrlFliterRules-url-buffer.md</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">TOTOlink--A950RG Router</td>
<td>A stack-based buffer overflow vulnerability was identified in TOTOLINK = A950RG V4.1.2cu.5204_B20210112. The flaw exists in the setIpQosRules interf= ace of /lib/cste_modules/firewall.so where the comment parameter is not pro= perly validated for length.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-67187" target=3D= "_blank" rel=3D"noopener">CVE-2025-67187</a></td>

<a href=3D"https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/= main/ToTolink/A950RG/5024-setIpQosRules-comment-buffer.md" target=3D"_blank=
" rel=3D"noopener">https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishI= OT/blob/main/ToTolink/A950RG/5024-setIpQosRules-comment-buffer.md</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">TOTOlink--A950RG Router</td>
<td>A buffer overflow vulnerability exists in TOTOLINK A950RG V4.1.2cu.5204= _B20210112. The issue resides in the setRadvdCfg interface of the /lib/cste= _modules/ipv6.so module. The function fails to properly validate the length=
of the user-controlled radvdinterfacename parameter, allowing remote attac= kers to trigger a stack buffer overflow.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-67188" target=3D= "_blank" rel=3D"noopener">CVE-2025-67188</a></td>

<a href=3D"https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/= main/ToTolink/A950RG/5024-ipv6-setRadvdCfg-radvdinterfacename-buffer.md" ta= rget=3D"_blank" rel=3D"noopener">https://github.com/SunnyYANGyaya/cuicuisha= rk-sheep-fishIOT/blob/main/ToTolink/A950RG/5024-ipv6-setRadvdCfg-radvdinter= facename-buffer.md</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">TOTOlink--A950RG Router</td>
<td>A buffer overflow vulnerability exists in the setParentalRules interfac=
e of TOTOLINK A950RG V4.1.2cu.5204_B20210112. The urlKeyword parameter is n=
ot properly validated, and the function concatenates multiple user-controll=
ed fields into a fixed-size stack buffer without performing boundary checks=
. A remote attacker can exploit this flaw to cause denial of service or pot= entially achieve arbitrary code execution.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-67189" target=3D= "_blank" rel=3D"noopener">CVE-2025-67189</a></td>

<a href=3D"https://github.com/SunnyYANGyaya/cuicuishark-sheep-fishIOT/blob/= main/ToTolink/A950RG/5024-setParentRules-urlKeyWord-buffer.md" target=3D"_b= lank" rel=3D"noopener">https://github.com/SunnyYANGyaya/cuicuishark-sheep-f= ishIOT/blob/main/ToTolink/A950RG/5024-setParentRules-urlKeyWord-buffer.md</= a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Wikimedia Foundation--MediaWiki</td>
<td>Improper Neutralization of Input During Web Page Generation (XSS or 'Cr= oss-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This = vulnerability is associated with program files includes/CommentFormatter/Co= mmentParser.Php. This issue affects MediaWiki: from * before 1.39.16, 1.43.=
6, 1.44.3, 1.45.1.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-67475" target=3D= "_blank" rel=3D"noopener">CVE-2025-67475</a></td>

<a href=3D"https://phabricator.wikimedia.org/T406664" target=3D"_blank" rel= =3D"noopener">https://phabricator.wikimedia.org/T406664</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Wikimedia Foundation--MediaWiki</td> <td>Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is = associated with program files includes/Import/ImportableOldRevisionImporter= .Php. This issue affects MediaWiki: from * before 1.44.3, 1.45.1.</td> <td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-67476" target=3D= "_blank" rel=3D"noopener">CVE-2025-67476</a></td>

<a href=3D"https://phabricator.wikimedia.org/T405859" target=3D"_blank" rel= =3D"noopener">https://phabricator.wikimedia.org/T405859</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Wikimedia Foundation--MediaWiki</td>
<td>Improper Neutralization of Input During Web Page Generation (XSS or 'Cr= oss-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This = vulnerability is associated with program files resources/src/mediawiki.Spec= ial.Apisandbox/ApiSandboxLayout.Js. This issue affects MediaWiki: from * be= fore 1.44.3, 1.45.1.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-67477" target=3D= "_blank" rel=3D"noopener">CVE-2025-67477</a></td>

<a href=3D"https://phabricator.wikimedia.org/T406639" target=3D"_blank" rel= =3D"noopener">https://phabricator.wikimedia.org/T406639</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Wikimedia Foundation--CheckUser</td> <td>Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is = associated with program files includes/Mail/UserMailer.Php. This issue affe= cts CheckUser: from * before 1.39.14, 1.43.4, 1.44.1.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-67478" target=3D= "_blank" rel=3D"noopener">CVE-2025-67478</a></td>

<a href=3D"https://phabricator.wikimedia.org/T385403" target=3D"_blank" rel= =3D"noopener">https://phabricator.wikimedia.org/T385403</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Wikimedia Foundation--MediaWiki</td> <td>Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation C= ite. This vulnerability is associated with program files includes/Parser/Co= reParserFunctions.Php, includes/Parser/Sanitizer.Php. This issue affects Me= diaWiki: from * before 1.39.14, 1.43.4, 1.44.1; Cite: from * before 1.39.14=
, 1.43.4, 1.44.1.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-67479" target=3D= "_blank" rel=3D"noopener">CVE-2025-67479</a></td>

<a href=3D"https://phabricator.wikimedia.org/T407131" target=3D"_blank" rel= =3D"noopener">https://phabricator.wikimedia.org/T407131</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Wikimedia Foundation--MediaWiki</td> <td>Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is = associated with program files includes/Api/ApiQueryRevisionsBase.Php. This = issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1.</td=

<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-67480" target=3D= "_blank" rel=3D"noopener">CVE-2025-67480</a></td>

<a href=3D"https://phabricator.wikimedia.org/T401053" target=3D"_blank" rel= =3D"noopener">https://phabricator.wikimedia.org/T401053</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Wikimedia Foundation--MediaWiki</td>
<td>Improper Neutralization of Input During Web Page Generation (XSS or 'Cr= oss-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This = vulnerability is associated with program files resources/src/mediawiki.Jque= ryMsg/mediawiki.JqueryMsg.Js. This issue affects MediaWiki: from * before 1= .39.16, 1.43.6, 1.44.3, 1.45.1.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-67481" target=3D= "_blank" rel=3D"noopener">CVE-2025-67481</a></td>

<a href=3D"https://phabricator.wikimedia.org/T251032" target=3D"_blank" rel= =3D"noopener">https://phabricator.wikimedia.org/T251032</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Wikimedia Foundation--Scribunto</td> <td>Vulnerability in Wikimedia Foundation Scribunto, Wikimedia Foundation l= uasandbox. This vulnerability is associated with program files includes/Eng= ines/LuaCommon/lualib/mwInit.Lua, library.C. This issue affects Scribunto: = from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1; luasandbox: from * before fe= a2304f8f6ab30314369a612f4f5b165e68e95a.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-67482" target=3D= "_blank" rel=3D"noopener">CVE-2025-67482</a></td>

<a href=3D"https://phabricator.wikimedia.org/T408135" target=3D"_blank" rel= =3D"noopener">https://phabricator.wikimedia.org/T408135</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Wikimedia Foundation--MediaWiki</td>
<td>Improper Neutralization of Input During Web Page Generation (XSS or 'Cr= oss-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This = vulnerability is associated with program files resources/src/mediawiki.Page= .Preview.Js. This issue affects MediaWiki: from * before 1.43.6, 1.44.3, 1.= 45.1.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-67483" target=3D= "_blank" rel=3D"noopener">CVE-2025-67483</a></td>

<a href=3D"https://phabricator.wikimedia.org/T409226" target=3D"_blank" rel= =3D"noopener">https://phabricator.wikimedia.org/T409226</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Wikimedia Foundation--MediaWiki</td> <td>Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is = associated with program files includes/Api/ApiFormatXml.Php. This issue aff= ects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1.</td> <td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-67484" target=3D= "_blank" rel=3D"noopener">CVE-2025-67484</a></td>

<a href=3D"https://phabricator.wikimedia.org/T401995" target=3D"_blank" rel= =3D"noopener">https://phabricator.wikimedia.org/T401995</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Go standard library--crypto/tls</td>
<td>During session resumption in crypto/tls, if the underlying Config has i=
ts ClientCAs or RootCAs fields mutated between the initial handshake and th=
e resumed handshake, the resumed handshake may succeed when it should have = failed. This may happen when a user calls Config.Clone and mutates the retu= rned Config, or uses Config.GetConfigForClient. This can cause a client to = resume a session with a server that it would not have resumed with during t=
he initial handshake, or cause a server to resume a session with a client t= hat it would not have resumed with during the initial handshake.</td> <td>2026-02-05</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-68121" target=3D= "_blank" rel=3D"noopener">CVE-2025-68121</a></td>

<a href=3D"https://groups.google.com/g/golang-announce/c/K09ubi9FQFk" targe= t=3D"_blank" rel=3D"noopener">https://groups.google.com/g/golang-announce/c= /K09ubi9FQFk</a> <a href=3D"https://go.dev/cl/737700" target=3D"_blank" = rel=3D"noopener">https://go.dev/cl/737700</a> <a href=3D"https://go.dev/= issue/77217" target=3D"_blank" rel=3D"noopener">https://go.dev/issue/77217<= /a> <a href=3D"https://pkg.go.dev/vuln/GO-2026-4337" target=3D"_blank" r= el=3D"noopener">https://pkg.go.dev/vuln/GO-2026-4337</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Axigen--Mail Server</td>
<td>Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting (X= SS) in the handling of the timeFormat account preference parameter. Attacke=
rs can exploit this by deploying a multi-stage attack. In the first stage, =
a malicious JavaScript payload is injected into the timeFormat preference b=
y exploiting a separate vulnerability or using compromised credentials. In = the second stage, when the victim logs into the WebMail interface, the unsa= nitized timeFormat value is loaded from storage and inserted into the DOM, = causing the injected script to execute.</td>
<td>2026-02-05</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-68643" target=3D= "_blank" rel=3D"noopener">CVE-2025-68643</a></td>

<a href=3D"https://www.axigen.com/mail-server/download/" target=3D"_blank" = rel=3D"noopener">https://www.axigen.com/mail-server/download/</a> <a hre= f=3D"https://www.axigen.com/knowledgebase/Axigen-WebMail-Stored-XSS-Vulnera= bility-CVE-2025-68643-_405.html" target=3D"_blank" rel=3D"noopener">https:/= /www.axigen.com/knowledgebase/Axigen-WebMail-Stored-XSS-Vulnerability-CVE-2= 025-68643-_405.html</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Axigen--Mail Server</td>
<td>Axigen Mail Server before 10.5.57 contains an improper access control v= ulnerability in the WebAdmin interface. A delegated admin account with zero=
permissions can bypass access control checks and gain unauthorized access =
to the SSL Certificates management endpoint (page=3Dsslcerts). This allows = the attacker to view, download, upload, and delete SSL certificate files, d= espite lacking the necessary privileges to access the Security & Filter= ing section.</td>
<td>2026-02-05</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-68721" target=3D= "_blank" rel=3D"noopener">CVE-2025-68721</a></td>

<a href=3D"https://www.axigen.com/mail-server/download/" target=3D"_blank" = rel=3D"noopener">https://www.axigen.com/mail-server/download/</a> <a hre= f=3D"https://www.axigen.com/knowledgebase/Axigen-WebAdmin-Improper-Access-C= ontrol-Vulnerability-CVE-2025-68721-_406.html" target=3D"_blank" rel=3D"noo= pener">https://www.axigen.com/knowledgebase/Axigen-WebAdmin-Improper-Access= -Control-Vulnerability-CVE-2025-68721-_406.html</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Axigen--Mail Server</td>
<td>Axigen Mail Server before 10.5.57 and 10.6.x before 10.6.26 contains a = Cross-Site Request Forgery (CSRF) vulnerability in the WebAdmin interface t= hrough improper handling of the _s (breadcrumb) parameter. The application = accepts state-changing requests via the GET method and automatically proces= ses base64-encoded commands queued in the _s parameter immediately after ad= ministrator authentication. Attackers can craft malicious URLs that, when c= licked by administrators, execute arbitrary administrative actions upon log=
in without further user interaction, including creating rogue administrator=
accounts or modifying critical server configurations.</td>
<td>2026-02-05</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-68722" target=3D= "_blank" rel=3D"noopener">CVE-2025-68722</a></td>

<a href=3D"https://www.axigen.com/mail-server/download/" target=3D"_blank" = rel=3D"noopener">https://www.axigen.com/mail-server/download/</a> <a hre= f=3D"https://www.axigen.com/knowledgebase/Axigen-WebAdmin-CSRF-Vulnerabilit= y-CVE-2025-68722-_407.html" target=3D"_blank" rel=3D"noopener">https://www.= axigen.com/knowledgebase/Axigen-WebAdmin-CSRF-Vulnerability-CVE-2025-68722-= _407.html</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Axigen--Mail Server</td>
<td>Axigen Mail Server before 10.5.57 contains multiple stored Cross-Site S= cripting (XSS) vulnerabilities in the WebAdmin interface. Three instances e= xist: (1) the log file name parameter in the Local Services Log page, (2) c= ertificate file content in the SSL Certificates View Usage feature, and (3)=
the Certificate File name parameter in the WebMail Listeners SSL settings.=
Attackers can inject malicious JavaScript payloads that execute in adminis= trators' browsers when they access affected pages or features, enabling pri= vilege escalation attacks where low-privileged admins can force high-privil= eged admins to perform unauthorized actions.</td>
<td>2026-02-05</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-68723" target=3D= "_blank" rel=3D"noopener">CVE-2025-68723</a></td>

<a href=3D"https://www.axigen.com/mail-server/download/" target=3D"_blank" = rel=3D"noopener">https://www.axigen.com/mail-server/download/</a> <a hre= f=3D"https://www.axigen.com/knowledgebase/Axigen-WebAdmin-Stored-XSS-Vulner= abilities-CVE-2025-68723-_408.html" target=3D"_blank" rel=3D"noopener">http= s://www.axigen.com/knowledgebase/Axigen-WebAdmin-Stored-XSS-Vulnerabilities= -CVE-2025-68723-_408.html</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">devcode-it--openstamanager</td>
<td>OpenSTAManager is an open source management software for technical assi= stance and invoicing. In 2.9.8 and earlier, a critical OS Command Injection=
vulnerability exists in the P7M (signed XML) file decoding functionality. =
An authenticated attacker can upload a ZIP file containing a .p7m file with=
a malicious filename to execute arbitrary system commands on the server.</=

<td>2026-02-06</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-69212" target=3D= "_blank" rel=3D"noopener">CVE-2025-69212</a></td>

<a href=3D"https://github.com/devcode-it/openstamanager/security/advisories= /GHSA-25fp-8w8p-mx36" target=3D"_blank" rel=3D"noopener">https://github.com= /devcode-it/openstamanager/security/advisories/GHSA-25fp-8w8p-mx36</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">devcode-it--openstamanager</td>
<td>OpenSTAManager is an open source management software for technical assi= stance and invoicing. In version 2.9.8 and prior, a SQL Injection vulnerabi= lity exists in the ajax_complete.php endpoint when handling the get_sedi op= eration. An authenticated attacker can inject malicious SQL code through th=
e idanagrafica parameter, leading to unauthorized database access. At time =
of publication, no known patch exists.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-69213" target=3D= "_blank" rel=3D"noopener">CVE-2025-69213</a></td>

<a href=3D"https://github.com/devcode-it/openstamanager/security/advisories= /GHSA-w995-ff8h-rppg" target=3D"_blank" rel=3D"noopener">https://github.com= /devcode-it/openstamanager/security/advisories/GHSA-w995-ff8h-rppg</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">devcode-it--openstamanager</td>
<td>OpenSTAManager is an open source management software for technical assi= stance and invoicing. In 2.9.8 and earlier, an SQL Injection vulnerability = exists in the ajax_select.php endpoint when handling the componenti operati= on. An authenticated attacker can inject malicious SQL code through the opt= ions[matricola] parameter.</td>
<td>2026-02-06</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-69214" target=3D= "_blank" rel=3D"noopener">CVE-2025-69214</a></td>

<a href=3D"https://github.com/devcode-it/openstamanager/security/advisories= /GHSA-qjv8-63xq-gq8m" target=3D"_blank" rel=3D"noopener">https://github.com= /devcode-it/openstamanager/security/advisories/GHSA-qjv8-63xq-gq8m</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">devcode-it--openstamanager</td>
<td>OpenSTAManager is an open source management software for technical assi= stance and invoicing. In version 2.9.8 and prior, there is a SQL Injection = vulnerability in the Stampe Module. At time of publication, no known patch = exists.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-69215" target=3D= "_blank" rel=3D"noopener">CVE-2025-69215</a></td>

<a href=3D"https://github.com/devcode-it/openstamanager/security/advisories= /GHSA-qx9p-w3vj-q24q" target=3D"_blank" rel=3D"noopener">https://github.com= /devcode-it/openstamanager/security/advisories/GHSA-qx9p-w3vj-q24q</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">devcode-it--openstamanager</td>
<td>OpenSTAManager is an open source management software for technical assi= stance and invoicing. In 2.9.8 and earlier, an authenticated SQL injection = vulnerability in OpenSTAManager's Scadenzario (Payment Schedule) print temp= late allows any authenticated user to extract sensitive data from the datab= ase, including admin credentials, customer information, and financial recor= ds. The vulnerability exists in templates/scadenzario/init.php, where the i= d_anagrafica parameter is directly concatenated into an SQL query without p= roper sanitization. The vulnerability enables complete database read access=
through error-based SQL injection techniques.</td>
<td>2026-02-06</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-69216" target=3D= "_blank" rel=3D"noopener">CVE-2025-69216</a></td>

<a href=3D"https://github.com/devcode-it/openstamanager/security/advisories= /GHSA-q6g3-fv43-m2w6" target=3D"_blank" rel=3D"noopener">https://github.com= /devcode-it/openstamanager/security/advisories/GHSA-q6g3-fv43-m2w6</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">Wikimedia Foundation--MediaWiki</td> <td>Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is = associated with program files includes/specials/pagers/BlockListPager.Php, = includes/api/ApiQueryBlocks.Php. This issue affects MediaWiki: from >=3D=
1.42.0 before 1.39.13, 1.42.7 1.43.2, 1.44.0.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-6927" target=3D"= _blank" rel=3D"noopener">CVE-2025-6927</a></td>

<a href=3D"https://phabricator.wikimedia.org/T397595" target=3D"_blank" rel= =3D"noopener">https://phabricator.wikimedia.org/T397595</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">ORICO--NAS CD3510</td>
<td>The ORICO NAS CD3510 (version V1.9.12 and below) contains an Incorrect = Symlink Follow vulnerability that could be exploited by attackers to leak o=
r tamper with the internal file system. Attackers can format a USB drive to=
ext4, create a symbolic link to its root directory, insert the drive into = the NAS device's slot, then access the USB drive's symlink directory mounte=
d on the NAS to obtain all files within the NAS system and tamper with thos=
e files.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-69429" target=3D= "_blank" rel=3D"noopener">CVE-2025-69429</a></td>

<a href=3D"https://www.notion.so/ORICO-NAS-Incorrect-Symlink-Follow-2c36cf4= e528a80b7bf0be4dcac758419?source=3Dcopy_link" target=3D"_blank" rel=3D"noop= ener">https://www.notion.so/ORICO-NAS-Incorrect-Symlink-Follow-2c36cf4e528a= 80b7bf0be4dcac758419?source=3Dcopy_link</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Yottamaster NAS-- Symlink Follow</td>
<td>An Incorrect Symlink Follow vulnerability exists in multiple Yottamaste=
r NAS devices, including DM2 (version equal to or prior to V1.9.12), DM3 (v= ersion equal to or prior to V1.9.12), and DM200 (version equal to or prior =
to V1.2.23) that could be exploited by attackers to leak or tamper with the=
internal file system. Attackers can format a USB drive to ext4, create a s= ymbolic link to its root directory, insert the drive into the NAS device's = slot, then access the USB drive's symlink directory mounted on the NAS to o= btain all files within the NAS system and tamper with those files.</td> <td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-69430" target=3D= "_blank" rel=3D"noopener">CVE-2025-69430</a></td>

<a href=3D"https://www.notion.so/Yottamaster-Incorrect-Symlink-Follow-2c36c= f4e528a8001b37cdad4be7431f8?source=3Dcopy_link" target=3D"_blank" rel=3D"no= opener">https://www.notion.so/Yottamaster-Incorrect-Symlink-Follow-2c36cf4e= 528a8001b37cdad4be7431f8?source=3Dcopy_link</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">ZSPACE--Q2C NAS</td>
<td>The ZSPACE Q2C NAS contains a vulnerability related to incorrect symbol=
ic link following. Attackers can format a USB drive to ext4, create a symbo= lic link to its root directory, insert the drive into the NAS device's slot=
, and then access the USB drive's directory mounted on the NAS using the Sa= mba protocol. This allows them to obtain all files within the NAS system an=
d tamper with those files.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-69431" target=3D= "_blank" rel=3D"noopener">CVE-2025-69431</a></td>

<a href=3D"https://www.notion.so/ZSPACE-Incorrect-Symlink-Follow-2c26cf4e52= 8a8087ba14d9b1d31a5bb2?source=3Dcopy_link" target=3D"_blank" rel=3D"noopene= r">https://www.notion.so/ZSPACE-Incorrect-Symlink-Follow-2c26cf4e528a8087ba= 14d9b1d31a5bb2?source=3Dcopy_link</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Coto[.]com--Tarot, Astro & Healing v11.4</=

<td>An arbitrary file overwrite vulnerability in the file import process of=
Tarot, Astro & Healing v11.4.0 allows attackers to overwrite critical = internal files, potentially leading to arbitrary code execution or exposure=
of sensitive information.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-69618" target=3D= "_blank" rel=3D"noopener">CVE-2025-69618</a></td>

<a href=3D"https://secsys.fudan.edu.cn/" target=3D"_blank" rel=3D"noopener"= >https://secsys.fudan.edu.cn/</a> <a href=3D"http://coto.com" target=3D"= _blank" rel=3D"noopener">http://coto.com</a> <a href=3D"https://coto.wor= ld/" target=3D"_blank" rel=3D"noopener">https://coto.world/</a> <a href= =3D"https://github.com/Secsys-FDU/AF_CVEs/issues/9" target=3D"_blank" rel= =3D"noopener">https://github.com/Secsys-FDU/AF_CVEs/issues/9</a> =C2=A0<=

</tr>

<td class=3D"vendor-product">Zipperapp[.]cafe24--Text Editor v1.6.2</td>
<td>A path traversal in My Text Editor v1.6.2 allows attackers to cause a D= enial of Service (DoS) via writing files to the internal storage.</td> <td>2026-02-05</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-69619" target=3D= "_blank" rel=3D"noopener">CVE-2025-69619</a></td>

<a href=3D"http://my.com" target=3D"_blank" rel=3D"noopener">http://my.com<= /a> <a href=3D"https://secsys.fudan.edu.cn/" target=3D"_blank" rel=3D"no= opener">https://secsys.fudan.edu.cn/</a> <a href=3D"http://zipperapp.caf= e24.com/" target=3D"_blank" rel=3D"noopener">http://zipperapp.cafe24.com/</= a> <a href=3D"https://github.com/Secsys-FDU/AF_CVEs/issues/10" target=3D= "_blank" rel=3D"noopener">https://github.com/Secsys-FDU/AF_CVEs/issues/10</= a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">n/a--Moo Chan Song v4.5.7</td>
<td>A path traversal in Moo Chan Song v4.5.7 allows attackers to cause a De= nial of Service (DoS) via writing files to the internal storage.</td> <td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-69620" target=3D= "_blank" rel=3D"noopener">CVE-2025-69620</a></td>

<a href=3D"https://secsys.fudan.edu.cn/" target=3D"_blank" rel=3D"noopener"= >https://secsys.fudan.edu.cn/</a> <a href=3D"http://office.com" target= =3D"_blank" rel=3D"noopener">http://office.com</a> <a href=3D"http://www= .ntoolslab.com/" target=3D"_blank" rel=3D"noopener">http://www.ntoolslab.co= m/</a> <a href=3D"https://github.com/Secsys-FDU/AF_CVEs/issues/11" targe= t=3D"_blank" rel=3D"noopener">https://github.com/Secsys-FDU/AF_CVEs/issues/= 11</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">n/a--Comic Book Reader v1.0.95</td>
<td>An arbitrary file overwrite vulnerability in the file import process of=
Comic Book Reader v1.0.95 allows attackers to overwrite critical internal = files, potentially leading to arbitrary code execution or exposure of sensi= tive information.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-69621" target=3D= "_blank" rel=3D"noopener">CVE-2025-69621</a></td>

<a href=3D"https://secsys.fudan.edu.cn/" target=3D"_blank" rel=3D"noopener"= >https://secsys.fudan.edu.cn/</a> <a href=3D"http://comic.com" target=3D= "_blank" rel=3D"noopener">http://comic.com</a> <a href=3D"https://androi= d-tools.ru/" target=3D"_blank" rel=3D"noopener">https://android-tools.ru/</= a> <a href=3D"https://github.com/Secsys-FDU/AF_CVEs/issues/12" target=3D= "_blank" rel=3D"noopener">https://github.com/Secsys-FDU/AF_CVEs/issues/12</= a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">n/a--NetBox</td>
<td>NetBox is an open-source infrastructure resource modeling and IP addres=
s management platform. A reflected cross-site scripting (XSS) vulnerability=
exists in versions 2.11.0 through 3.7.x in the ProtectedError handling log= ic, where object names are included in HTML error messages without proper e= scaping. This allows user-controlled content to be rendered in the web inte= rface when a delete operation fails due to protected relationships, potenti= ally enabling execution of arbitrary client-side code in the context of a p= rivileged user.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-69848" target=3D= "_blank" rel=3D"noopener">CVE-2025-69848</a></td>

<a href=3D"https://github.com/netbox-community/netbox" target=3D"_blank" re= l=3D"noopener">https://github.com/netbox-community/netbox</a> =C2=A0</td=

</tr>

<td class=3D"vendor-product">n/a--Quick Heal Security 23.0.0</td>
<td>A vulnerability exists in Quick Heal Total Security 23.0.0 in the quara= ntine management component where insufficient validation of restore paths a=
nd improper permission handling allow a low-privileged local user to restor=
e quarantined files into protected system directories. This behavior can be=
abused by a local attacker to place files in high-privilege locations, pot= entially leading to privilege escalation.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-69875" target=3D= "_blank" rel=3D"noopener">CVE-2025-69875</a></td>

<a href=3D"https://github.com/mertdas/QuickHealTotalSecurityPOC" target=3D"= _blank" rel=3D"noopener">https://github.com/mertdas/QuickHealTotalSecurityP= OC</a> <a href=3D"https://semiconductor.samsung.com/support/quality-supp= ort/product-security-updates/cve-2025-59439/" target=3D"_blank" rel=3D"noop= ener">https://semiconductor.samsung.com/support/quality-support/product-sec= urity-updates/cve-2025-59439/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">n/a--Monstra CMS v3.0.4</td>
<td>Monstra CMS v3.0.4 contains an arbitrary file upload vulnerability in t=
he Files Manager plugin. The application relies on blacklist-based file ext= ension validation and stores uploaded files directly in a web-accessible di= rectory. Under typical server configurations, this can allow an attacker to=
upload files that are interpreted as executable code, resulting in remote = code execution.</td>
<td>2026-02-05</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-69906" target=3D= "_blank" rel=3D"noopener">CVE-2025-69906</a></td>

<a href=3D"https://github.com/monstra-cms/monstra/tree/master/plugins/box/f= ilesmanager" target=3D"_blank" rel=3D"noopener">https://github.com/monstra-= cms/monstra/tree/master/plugins/box/filesmanager</a> <a href=3D"https://= github.com/cypherdavy/CVE-2025-69906-Monstra-CMS-3.0.4-Arbitrary-File-Uploa= d-to-RCE" target=3D"_blank" rel=3D"noopener">https://github.com/cypherdavy/= CVE-2025-69906-Monstra-CMS-3.0.4-Arbitrary-File-Upload-to-RCE</a> =C2=A0= </td>
</tr>

<td class=3D"vendor-product">n/a--FUXA v1.2.7</td>
<td>FUXA v1.2.7 contains an insecure default configuration vulnerability in=
server/settings.default.js. The 'secureEnabled' flag is commented out by d= efault, causing the application to initialize with authentication disabled.=
This allows unauthenticated remote attackers to access sensitive API endpo= ints, modify projects, and control industrial equipment immediately after i= nstallation.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-69970" target=3D= "_blank" rel=3D"noopener">CVE-2025-69970</a></td>

<a href=3D"https://github.com/frangoteam/FUXA/blob/master/server/settings.d= efault.js" target=3D"_blank" rel=3D"noopener">https://github.com/frangoteam= /FUXA/blob/master/server/settings.default.js</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">n/a--FUXA v1.2.7</td>
<td>FUXA v1.2.7 contains a hard-coded credential vulnerability in server/ap= i/jwt-helper.js. The application uses a hard-coded secret key to sign and v= erify JWT Tokens. This allows remote attackers to forge valid admin tokens = and bypass authentication to gain full administrative access.</td> <td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-69971" target=3D= "_blank" rel=3D"noopener">CVE-2025-69971</a></td>

<a href=3D"https://github.com/frangoteam/FUXA/blob/master/server/api/jwt-he= lper.js" target=3D"_blank" rel=3D"noopener">https://github.com/frangoteam/F= UXA/blob/master/server/api/jwt-helper.js</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">n/a--FUXA v1.2.7</td>
<td>FUXA v1.2.7 contains an Unrestricted File Upload vulnerability in the `= /api/upload` API endpoint. The endpoint lacks authentication mechanisms, al= lowing unauthenticated remote attackers to upload arbitrary files. This can=
be exploited to overwrite critical system files (such as the SQLite user d= atabase) to gain administrative access, or to upload malicious scripts to e= xecute arbitrary code.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-69981" target=3D= "_blank" rel=3D"noopener">CVE-2025-69981</a></td>

<a href=3D"https://github.com/frangoteam/FUXA/blob/master/server/api/projec= ts/index.js#L193" target=3D"_blank" rel=3D"noopener">https://github.com/fra= ngoteam/FUXA/blob/master/server/api/projects/index.js#L193</a> =C2=A0</t=

</tr>

<td class=3D"vendor-product">n/a--FUXA v1.2.7</td>
<td>FUXA v1.2.7 allows Remote Code Execution (RCE) via the project import f= unctionality. The application does not properly sanitize or sandbox user-su= pplied scripts within imported project files. An attacker can upload a mali= cious project containing system commands, leading to full system compromise= .</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-69983" target=3D= "_blank" rel=3D"noopener">CVE-2025-69983</a></td>

<a href=3D"https://github.com/frangoteam/FUXA/blob/master/server/api/projec= ts/index.js" target=3D"_blank" rel=3D"noopener">https://github.com/frangote= am/FUXA/blob/master/server/api/projects/index.js</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">n/a--ChestnutCMS v.1.5.8</td>
<td>An issue in ChestnutCMS v.1.5.8 and before allows a remote attacker to = execute arbitrary code via the template creation function</td> <td>2026-02-05</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-70073" target=3D= "_blank" rel=3D"noopener">CVE-2025-70073</a></td>

<a href=3D"https://github.com/liweiyi/ChestnutCMS/issues/8" target=3D"_blan=
k" rel=3D"noopener">https://github.com/liweiyi/ChestnutCMS/issues/8</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">n/a--JEEWMS 1.0=C2=A0</td>
<td>JEEWMS 1.0 is vulnerable to SQL Injection. Attackers can inject malicio=
us SQL statements through the id1 and id2 parameters in the /systemControl.=
do interface for attack.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-70311" target=3D= "_blank" rel=3D"noopener">CVE-2025-70311</a></td>

<a href=3D"https://gitee.com/erzhongxmu/JEEWMS" target=3D"_blank" rel=3D"no= opener">https://gitee.com/erzhongxmu/JEEWMS</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">PPC (Belden)--2K05X router firmware v1.1.9_206= </td>
<td>A stored cross-site scripting (XSS) vulnerability exists in the web man= agement interface of the PPC (Belden) ONT 2K05X router running firmware v1.= 1.9_206L. The Common Gateway Interface (CGI) component improperly handles u= ser-supplied input, allowing a remote, unauthenticated attacker to inject a= rbitrary JavaScript that is persistently stored and executed when the affec= ted interface is accessed.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-70545" target=3D= "_blank" rel=3D"noopener">CVE-2025-70545</a></td>

<a href=3D"http://ppc.com" target=3D"_blank" rel=3D"noopener">http://ppc.co= m</a> <a href=3D"https://github.com/jeyabalaji711/CVE-2025-70545" target= =3D"_blank" rel=3D"noopener">https://github.com/jeyabalaji711/CVE-2025-7054= 5</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">
n/a--pdfminer.six
=C2=A0
</td>
<td>pdfminer.six before 20251230 contains an insecure deserialization vulne= rability in the CMap loading mechanism. The library uses Python pickle to d= eserialize CMap cache files without validation. An attacker with the abilit=
y to place a malicious pickle file in a location accessible to the applicat= ion can trigger arbitrary code execution or privilege escalation when the f= ile is loaded by a trusted process. This is caused by an incomplete patch t=
o CVE-2025-64512.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-70559" target=3D= "_blank" rel=3D"noopener">CVE-2025-70559</a></td>

<a href=3D"https://github.com/pdfminer/pdfminer.six/security/advisories/GHS= A-f83h-ghpp-7wcc" target=3D"_blank" rel=3D"noopener">https://github.com/pdf= miner/pdfminer.six/security/advisories/GHSA-f83h-ghpp-7wcc</a> <a href= =3D"https://github.com/advisories/GHSA-f83h-ghpp-7wcc" target=3D"_blank" re= l=3D"noopener">https://github.com/advisories/GHSA-f83h-ghpp-7wcc</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">n/a--Boltz 2.0</td>
<td>Boltz 2.0.0 contains an insecure deserialization vulnerability in its m= olecule loading functionality. The application uses Python pickle to deseri= alize molecule data files without validation. An attacker with the ability =
to place a malicious pickle file in a directory processed by boltz can achi= eve arbitrary code execution when the file is loaded.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-70560" target=3D= "_blank" rel=3D"noopener">CVE-2025-70560</a></td>

<a href=3D"https://github.com/jwohlwend/boltz/issues/600" target=3D"_blank"=
rel=3D"noopener">https://github.com/jwohlwend/boltz/issues/600</a> <a h= ref=3D"https://github.com/jwohlwend/boltz/blob/cb04aeccdd480fd4db707f0bbafd= e538397fa2ac/src/boltz/data/mol.py#L80" target=3D"_blank" rel=3D"noopener">= https://github.com/jwohlwend/boltz/blob/cb04aeccdd480fd4db707f0bbafde538397= fa2ac/src/boltz/data/mol.py#L80</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">n/a--chetans9</td>
<td>chetans9 core-php-admin-panel through commit a94a780d6 contains an auth= entication bypass vulnerability in includes/auth_validate.php. The applicat= ion sends an HTTP redirect via header(Location:login.php) when a user is no=
t authenticated but fails to call exit() afterward. This allows remote unau= thenticated attackers to access protected pages.customer database.</td> <td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-70758" target=3D= "_blank" rel=3D"noopener">CVE-2025-70758</a></td>

<a href=3D"https://github.com/chetans9/core-php-admin-panel" target=3D"_bla= nk" rel=3D"noopener">https://github.com/chetans9/core-php-admin-panel</a><b= r><a href=3D"https://github.com/chetans9/core-php-admin-panel/blob/master/i= ncludes/auth_validate.php" target=3D"_blank" rel=3D"noopener">https://githu= b.com/chetans9/core-php-admin-panel/blob/master/includes/auth_validate.php<= /a> <a href=3D"https://github.com/XavLimSG/Vulnerability-Research/tree/m= ain/CVE-2025-70758" target=3D"_blank" rel=3D"noopener">https://github.com/X= avLimSG/Vulnerability-Research/tree/main/CVE-2025-70758</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">n/a--Microweber 2.0.19</td>
<td>Cross Site Scripting vulnerability in the "/admin/order/abandoned" endp= oint of Microweber 2.0.19. An attacker can manipulate the "orderDirection" = parameter in a crafted URL and lure a user with admin privileges into visit= ing it, achieving JavaScript code execution in the victim's browser. The is= sue was reported to the developers and fixed in version 2.0.20.</td> <td>2026-02-05</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-70791" target=3D= "_blank" rel=3D"noopener">CVE-2025-70791</a></td>

<a href=3D"https://github.com/microweber/microweber/commit/aa0791fc286d785c= cd33ccc706f7bb3ed05b1d7f" target=3D"_blank" rel=3D"noopener">https://github= .com/microweber/microweber/commit/aa0791fc286d785ccd33ccc706f7bb3ed05b1d7f<= /a> <a href=3D"https://gist.github.com/TimRecktenwald/9615b9915a4cacda9f= 57bb57f13ab6d4" target=3D"_blank" rel=3D"noopener">https://gist.github.com/= TimRecktenwald/9615b9915a4cacda9f57bb57f13ab6d4</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">n/a--n/a</td>
<td>Cross Site Scripting vulnerability in the "/admin/category/create" endp= oint of Microweber 2.0.19. An attacker can manipulate the "rel_id" paramete=
r in a crafted URL and lure a user with admin privileges into visiting it, = achieving JavaScript code execution in the victim's browser. The issue was = reported to the developers and fixed in version 2.0.20.</td> <td>2026-02-05</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-70792" target=3D= "_blank" rel=3D"noopener">CVE-2025-70792</a></td>

<a href=3D"https://github.com/microweber/microweber/commit/aa0791fc286d785c= cd33ccc706f7bb3ed05b1d7f" target=3D"_blank" rel=3D"noopener">https://github= .com/microweber/microweber/commit/aa0791fc286d785ccd33ccc706f7bb3ed05b1d7f<= /a> <a href=3D"https://gist.github.com/TimRecktenwald/f4b0d1edbb87e75c17= c639ca0bacba57" target=3D"_blank" rel=3D"noopener">https://gist.github.com/= TimRecktenwald/f4b0d1edbb87e75c17c639ca0bacba57</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">n/a--podinfo</td>
<td>Arbitrary File Upload in podinfo thru 6.9.0 allows unauthenticated atta= ckers to upload arbitrary files via crafted POST request to the /store endp= oint. The application renders uploaded content without a restrictive Conten= t-Security-Policy (CSP) or adequate Content-Type validation, leading to Sto= red Cross-Site Scripting (XSS).</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-70849" target=3D= "_blank" rel=3D"noopener">CVE-2025-70849</a></td>

<a href=3D"https://gist.github.com/kazisabu/27f3e272f474005001a9ecd2c258dbe=
a" target=3D"_blank" rel=3D"noopener">https://gist.github.com/kazisabu/27f3= e272f474005001a9ecd2c258dbea</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">n/a--Subrion CMS v4.2.1</td>
<td>Multiple reflected cross-site scripting (XSS) vulnerabilities in the in= stallation module of Subrion CMS v4.2.1 allows attackers to execute arbitra=
ry Javascript in the context of the user's browser via injecting a crafted = payload into the dbuser, dbpwd, and dbname parameters.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-70958" target=3D= "_blank" rel=3D"noopener">CVE-2025-70958</a></td>

<a href=3D"https://github.com/emirhanyucell/Subrion-CMS-4.2.1/blob/main/sub= rion-cms-exploit.txt" target=3D"_blank" rel=3D"noopener">https://github.com= /emirhanyucell/Subrion-CMS-4.2.1/blob/main/subrion-cms-exploit.txt</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">n/a--Tendenci CMS v15.3.7</td>
<td>A stored cross-site scripting (XSS) vulnerability in the Jobs module of=
Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or = HTML via injecting a crafted payload.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-70959" target=3D= "_blank" rel=3D"noopener">CVE-2025-70959</a></td>

<a href=3D"https://github.com/emirhanyucelll/tendenci/blob/main/Readme.md" = target=3D"_blank" rel=3D"noopener">https://github.com/emirhanyucelll/tenden= ci/blob/main/Readme.md</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">n/a--Tendenci CMS v15.3.7</td>
<td>A stored cross-site scripting (XSS) vulnerability in the Forums module =
of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts o=
r HTML via injecting a crafted payload.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-70960" target=3D= "_blank" rel=3D"noopener">CVE-2025-70960</a></td>

<a href=3D"https://github.com/emirhanyucelll/tendenci/blob/main/Readme.md" = target=3D"_blank" rel=3D"noopener">https://github.com/emirhanyucelll/tenden= ci/blob/main/Readme.md</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">n/a--Gophish</td>
<td>Gophish <=3D0.12.1 is vulnerable to Incorrect Access Control. The ad= ministrative dashboard exposes each user's long-lived API key directly insi=
de the rendered HTML/JavaScript of the page on every login. This makes perm= anent API credentials accessible to any script running in the browser conte= xt.</td>
<td>2026-02-06</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-70963" target=3D= "_blank" rel=3D"noopener">CVE-2025-70963</a></td>

<a href=3D"https://github.com/gophish/gophish/issues/9366" target=3D"_blank=
" rel=3D"noopener">https://github.com/gophish/gophish/issues/9366</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">n/a--eladmin v2.7</td>
<td>A vulnerability has been discovered in eladmin v2.7 and before. This vu= lnerability allows for an arbitrary user password reset under any user perm= ission level.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-70997" target=3D= "_blank" rel=3D"noopener">CVE-2025-70997</a></td>

<a href=3D"https://github.com/elunez/eladmin" target=3D"_blank" rel=3D"noop= ener">https://github.com/elunez/eladmin</a> <a href=3D"https://github.co= m/fofo137/CVE/issues/1" target=3D"_blank" rel=3D"noopener">https://github.c= om/fofo137/CVE/issues/1</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">n/a--n/a</td>
<td>Water-Melon Melon commit 9df9292 and below is vulnerable to Denial of S= ervice. The HTTP component doesn't have any maximum length. As a result, an=
excessive request header could cause a denial of service by consuming RAM = memory.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-71031" target=3D= "_blank" rel=3D"noopener">CVE-2025-71031</a></td>

<a href=3D"https://suphawith-phusanbai.gitbook.io/book-of-suphawith/my-expl= oits/denial-of-service-in-melon-c-library" target=3D"_blank" rel=3D"noopene= r">https://suphawith-phusanbai.gitbook.io/book-of-suphawith/my-exploits/den= ial-of-service-in-melon-c-library</a> <a href=3D"https://suphawith-phusa= nbai.gitbook.io/book-of-suphawith/my-exploits/cve-2025-71031-denial-of-serv= ice-in-melon-c-library" target=3D"_blank" rel=3D"noopener">https://suphawit= h-phusanbai.gitbook.io/book-of-suphawith/my-exploits/cve-2025-71031-denial-= of-service-in-melon-c-library</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">danny-avila--danny-avila/librechat</td>
<td>A vulnerability in danny-avila/librechat allows attackers to exploit th=
e unrestricted Fork Function in `/api/convos/fork` to fork numerous content=
s rapidly. If the forked content includes a Mermaid graph with a large numb=
er of nodes, it can lead to a JavaScript heap out of memory error upon serv= ice restart, causing a denial of service. This issue affects the latest ver= sion of the product.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-7105" target=3D"= _blank" rel=3D"noopener">CVE-2025-7105</a></td>

<a href=3D"https://huntr.com/bounties/e44f0740-48bd-443b-8826-528e6afe9e34"=
target=3D"_blank" rel=3D"noopener">https://huntr.com/bounties/e44f0740-48b= d-443b-8826-528e6afe9e34</a> <a href=3D"https://github.com/danny-avila/l= ibrechat/commit/97a99985fa339db0a21ad63604e0bb8db4442ffc" target=3D"_blank"=
rel=3D"noopener">https://github.com/danny-avila/librechat/commit/97a99985f= a339db0a21ad63604e0bb8db4442ffc</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">n/a--Creativeitem Academy LMS 7.0</td> <td>Creativeitem Academy LMS 7.0 contains reflected Cross-Site Scripting (X= SS) vulnerabilities via the search parameter to the /academy/blogs endpoint=
, and the string parameter to the /academy/course_bundles/search/query endp= oint. These vulnerabilities are distinct from the patch for CVE-2023-4119, = which only fixed XSS in query and sort_by parameters to the /academy/home/c= ourses endpoint.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-71179" target=3D= "_blank" rel=3D"noopener">CVE-2025-71179</a></td>

<a href=3D"https://codecanyon.net/item/academy-course-based-learning-manage= ment-system/22703468" target=3D"_blank" rel=3D"noopener">https://codecanyon= .net/item/academy-course-based-learning-management-system/22703468</a> <=
a href=3D"https://creativeitem.com/products/academy-learning-management-sys= tem/" target=3D"_blank" rel=3D"noopener">https://creativeitem.com/products/= academy-learning-management-system/</a> <a href=3D"https://github.com/co= d3rLucas/security-advisories/blob/main/CVE-2025-71179.md" target=3D"_blank"=
rel=3D"noopener">https://github.com/cod3rLucas/security-advisories/blob/ma= in/CVE-2025-71179.md</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: ALS=
A: ac97: fix a double free in snd_ac97_controller_register() If ac97_add_ad= apter() fails, put_device() is the correct way to drop the device reference=
. kfree() is not required. Add kfree() if idr_alloc() fails and in ac97_ada= pter_release() to do the cleanup. Found by code review.</td> <td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-71192" target=3D= "_blank" rel=3D"noopener">CVE-2025-71192</a></td>

<a href=3D"https://git.kernel.org/stable/c/c80f9b3349a99a9d5b295f5bbc23f544= c5995ad7" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/c80f9b3349a99a9d5b295f5bbc23f544c5995ad7</a> <a href=3D"https://git.ke= rnel.org/stable/c/21f8bc5179bed91c3f946adb5e55d717b891960c" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/21f8bc5179bed91c3f946ad= b5e55d717b891960c</a> <a href=3D"https://git.kernel.org/stable/c/fcc04c9= 2cbb5497ce67c58dd2f0001bb87f40396" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/fcc04c92cbb5497ce67c58dd2f0001bb87f40396</a> =
<a href=3D"https://git.kernel.org/stable/c/cb73d37ac18bc1716690ff5255a0ef19= 52827e9e" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/cb73d37ac18bc1716690ff5255a0ef1952827e9e</a> <a href=3D"https://git.ke= rnel.org/stable/c/830988b6cf197e6dcffdfe2008c5738e6c6c3c0f" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/830988b6cf197e6dcffdfe2= 008c5738e6c6c3c0f</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: phy=
: qcom-qusb2: Fix NULL pointer dereference on early suspend Enabling runtim=
e PM before attaching the QPHY instance as driver data can lead to a NULL p= ointer dereference in runtime PM callbacks that expect valid driver data. T= here is a small window where the suspend callback may run after PM runtime = enabling and before runtime forbid. This causes a sporadic crash during boo=
t: ``` Unable to handle kernel NULL pointer dereference at virtual address = 00000000000000a1 [...] CPU: 0 UID: 0 PID: 11 Comm: kworker/0:1 Not tainted = 6.16.7+ #116 PREEMPT Workqueue: pm pm_runtime_work pstate: 20000005 (nzCv d= aif -PAN -UAO -TCO -DIT -SSBS BTYPE=3D--) pc : qusb2_phy_runtime_suspend+0x= 14/0x1e0 [phy_qcom_qusb2] lr : pm_generic_runtime_suspend+0x2c/0x44 [...] `=
`` Attach the QPHY instance as driver data before enabling runtime PM to pr= event NULL pointer dereference in runtime PM callbacks. Reorder pm_runtime_= enable() and pm_runtime_forbid() to prevent a short window where an unneces= sary runtime suspend can occur. Use the devres-managed version to ensure PM=
runtime is symmetrically disabled during driver removal for proper cleanup= .</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-71193" target=3D= "_blank" rel=3D"noopener">CVE-2025-71193</a></td>

<a href=3D"https://git.kernel.org/stable/c/beba460a299150b5d8dcbe3474a8f4bd= f0205180" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/beba460a299150b5d8dcbe3474a8f4bdf0205180</a> <a href=3D"https://git.ke= rnel.org/stable/c/d50a9b7fd07296a1ab81c49ceba14cae3d31df86" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/d50a9b7fd07296a1ab81c49= ceba14cae3d31df86</a> <a href=3D"https://git.kernel.org/stable/c/4ac15ca= a27ff842b068a54f1c6a8ff8b31f658e7" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/4ac15caa27ff842b068a54f1c6a8ff8b31f658e7</a> =
<a href=3D"https://git.kernel.org/stable/c/1ca52c0983c34fca506921791202ed5b= dafd5306" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/1ca52c0983c34fca506921791202ed5bdafd5306</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: btr= fs: fix deadlock in wait_current_trans() due to ignored transaction type Wh=
en wait_current_trans() is called during start_transaction(), it currently = waits for a blocked transaction without considering whether the given trans= action type actually needs to wait for that particular transaction state. T=
he btrfs_blocked_trans_types[] array already defines which transaction type=
s should wait for which transaction states, but this check was missing in w= ait_current_trans(). This can lead to a deadlock scenario involving two tra= nsactions and pending ordered extents: 1. Transaction A is in TRANS_STATE_C= OMMIT_DOING state 2. A worker processing an ordered extent calls start_tran= saction() with TRANS_JOIN 3. join_transaction() returns -EBUSY because Tran= saction A is in TRANS_STATE_COMMIT_DOING 4. Transaction A moves to TRANS_ST= ATE_UNBLOCKED and completes 5. A new Transaction B is created (TRANS_STATE_= RUNNING) 6. The ordered extent from step 2 is added to Transaction B's pend= ing ordered extents 7. Transaction B immediately starts commit by another t= ask and enters TRANS_STATE_COMMIT_START 8. The worker finally reaches wait_= current_trans(), sees Transaction B in TRANS_STATE_COMMIT_START (a blocked = state), and waits unconditionally 9. However, TRANS_JOIN should NOT wait fo=
r TRANS_STATE_COMMIT_START according to btrfs_blocked_trans_types[] 10. Tra= nsaction B is waiting for pending ordered extents to complete 11. Deadlock:=
Transaction B waits for ordered extent, ordered extent waits for Transacti=
on B This can be illustrated by the following call stacks: CPU0 CPU1 btrfs_= finish_ordered_io() start_transaction(TRANS_JOIN) join_transaction() # -EBU=
SY (Transaction A is # TRANS_STATE_COMMIT_DOING) # Transaction A completes =
# Transaction B created # ordered extent added to # Transaction B's pending=
list btrfs_commit_transaction() # Transaction B enters # TRANS_STATE_COMMI= T_START # waiting for pending ordered # extents wait_current_trans() # wait=
s for Transaction B # (should not wait!) Task bstore_kv_sync in btrfs_commi= t_transaction waiting for ordered extents: __schedule+0x2e7/0x8a0 schedule+= 0x64/0xe0 btrfs_commit_transaction+0xbf7/0xda0 [btrfs] btrfs_sync_file+0x34= 2/0x4d0 [btrfs] __x64_sys_fdatasync+0x4b/0x80 do_syscall_64+0x33/0x40 entry= _SYSCALL_64_after_hwframe+0x44/0xa9 Task kworker in wait_current_trans wait= ing for transaction commit: Workqueue: btrfs-syno_nocow btrfs_work_helper [= btrfs] __schedule+0x2e7/0x8a0 schedule+0x64/0xe0 wait_current_trans+0xb0/0x= 110 [btrfs] start_transaction+0x346/0x5b0 [btrfs] btrfs_finish_ordered_io.i= sra.0+0x49b/0x9c0 [btrfs] btrfs_work_helper+0xe8/0x350 [btrfs] process_one_= work+0x1d3/0x3c0 worker_thread+0x4d/0x3e0 kthread+0x12d/0x150 ret_from_fork= +0x1f/0x30 Fix this by passing the transaction type to wait_current_trans()=
and checking btrfs_blocked_trans_types[cur_trans->state] against the gi= ven type before deciding to wait. This ensures that transaction types which=
are allowed to join during certain blocked states will not unnecessarily w= ait and cause deadlocks.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-71194" target=3D= "_blank" rel=3D"noopener">CVE-2025-71194</a></td>

<a href=3D"https://git.kernel.org/stable/c/e563f59395981fcd69d1307612909298= 06e728d6" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/e563f59395981fcd69d130761290929806e728d6</a> <a href=3D"https://git.ke= rnel.org/stable/c/dc84036c173cff6a432d9ab926298850b1d2a659" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/dc84036c173cff6a432d9ab= 926298850b1d2a659</a> <a href=3D"https://git.kernel.org/stable/c/d7b04b4= 0ac8e6d814e35202a0e1568809b818295" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/d7b04b40ac8e6d814e35202a0e1568809b818295</a> =
<a href=3D"https://git.kernel.org/stable/c/99da896614d17e8a84aeb2b2d464ac04= 6cc8633d" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/99da896614d17e8a84aeb2b2d464ac046cc8633d</a> <a href=3D"https://git.ke= rnel.org/stable/c/8b0bb145d3bc264360f525c9717653be3522e528" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/8b0bb145d3bc264360f525c= 9717653be3522e528</a> <a href=3D"https://git.kernel.org/stable/c/9ac6333= 3d600732a56b35ee1fa46836da671eb50" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/9ac63333d600732a56b35ee1fa46836da671eb50</a> =
<a href=3D"https://git.kernel.org/stable/c/5037b342825df7094a4906d1e2a9674b= aab50cb2" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/5037b342825df7094a4906d1e2a9674baab50cb2</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: dma= engine: xilinx: xdma: Fix regmap max_register The max_register field is ass= igned the size of the register memory region instead of the offset of the l= ast register. The result is that reading from the regmap via debugfs can ca= use a segmentation fault: tail /sys/kernel/debug/regmap/xdma.1.auto/registe=
rs Unable to handle kernel paging request at virtual address ffff800082f700=
00 Mem abort info: ESR =3D 0x0000000096000007 EC =3D 0x25: DABT (current EL=
), IL =3D 32 bits SET =3D 0, FnV =3D 0 EA =3D 0, S1PTW =3D 0 FSC =3D 0x07: = level 3 translation fault [...] Call trace: regmap_mmio_read32le+0x10/0x30 = _regmap_bus_reg_read+0x74/0xc0 _regmap_read+0x68/0x198 regmap_read+0x54/0x8=
8 regmap_read_debugfs+0x140/0x380 regmap_map_read_file+0x30/0x48 full_proxy= _read+0x68/0xc8 vfs_read+0xcc/0x310 ksys_read+0x7c/0x120 __arm64_sys_read+0= x24/0x40 invoke_syscall.constprop.0+0x64/0x108 do_el0_svc+0xb0/0xd8 el0_svc= +0x38/0x130 el0t_64_sync_handler+0x120/0x138 el0t_64_sync+0x194/0x198 Code:=
aa1e03e9 d503201f f9400000 8b214000 (b9400000) ---[ end trace 000000000000= 0000 ]--- note: tail[1217] exited with irqs disabled note: tail[1217] exite=
d with preempt_count 1 Segmentation fault</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-71195" target=3D= "_blank" rel=3D"noopener">CVE-2025-71195</a></td>

<a href=3D"https://git.kernel.org/stable/c/df8a131a41ff6202d47f59452735787f= 2b71dd2d" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/df8a131a41ff6202d47f59452735787f2b71dd2d</a> <a href=3D"https://git.ke= rnel.org/stable/c/606ea969e78295407f4bf06aa0e272fe59897184" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/606ea969e78295407f4bf06= aa0e272fe59897184</a> <a href=3D"https://git.kernel.org/stable/c/5e7ad32= 9d259cf5bed7530d6d2525bcf7cb487a1" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/5e7ad329d259cf5bed7530d6d2525bcf7cb487a1</a> =
<a href=3D"https://git.kernel.org/stable/c/c7d436a6c1a274c1ac28d5fb3b8eb8f0= 3b6d0e10" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/c7d436a6c1a274c1ac28d5fb3b8eb8f03b6d0e10</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: phy=
: stm32-usphyc: Fix off by one in probe() The "index" variable is used as a=
n index into the usbphyc->phys[] array which has usbphyc->nphys eleme= nts. So if it is equal to usbphyc->nphys then it is one element out of b= ounds. The "index" comes from the device tree so it's data that we trust an=
d it's unlikely to be wrong, however it's obviously still worth fixing the = bug. Change the > to >=3D.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-71196" target=3D= "_blank" rel=3D"noopener">CVE-2025-71196</a></td>

<a href=3D"https://git.kernel.org/stable/c/a9eec890879731c280697fdf1c50699e= 905b2fa7" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/a9eec890879731c280697fdf1c50699e905b2fa7</a> <a href=3D"https://git.ke= rnel.org/stable/c/fb9d513cdf1614bf0f0e785816afb1faae3f81af" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/fb9d513cdf1614bf0f0e785= 816afb1faae3f81af</a> <a href=3D"https://git.kernel.org/stable/c/c06f138= 76cbad702582cd67fc77356e5524d02cd" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/c06f13876cbad702582cd67fc77356e5524d02cd</a> =
<a href=3D"https://git.kernel.org/stable/c/76b870fdaad82171a24b8aacffe5e4d9= e0d2ee2c" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/76b870fdaad82171a24b8aacffe5e4d9e0d2ee2c</a> <a href=3D"https://git.ke= rnel.org/stable/c/b91c9f6bfb04e430adeeac7e7ebc9d80f9d72bad" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/b91c9f6bfb04e430adeeac7= e7ebc9d80f9d72bad</a> <a href=3D"https://git.kernel.org/stable/c/7c27eaf= 183563b86d815ff6e9cca0210b4cfa051" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/7c27eaf183563b86d815ff6e9cca0210b4cfa051</a> =
<a href=3D"https://git.kernel.org/stable/c/cabd25b57216ddc132efbcc31f972baa= 03aad15a" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/cabd25b57216ddc132efbcc31f972baa03aad15a</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: w1:=
therm: Fix off-by-one buffer overflow in alarms_store The sysfs buffer pas= sed to alarms_store() is allocated with 'size + 1' bytes and a NUL terminat=
or is appended. However, the 'size' argument does not account for this extr=
a byte. The original code then allocated 'size' bytes and used strcpy() to = copy 'buf', which always writes one byte past the allocated buffer since st= rcpy() copies until the NUL terminator at index 'size'. Fix this by parsing=
the 'buf' parameter directly using simple_strtoll() without allocating any=
intermediate memory or string copying. This removes the overflow while sim= plifying the code.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-71197" target=3D= "_blank" rel=3D"noopener">CVE-2025-71197</a></td>

<a href=3D"https://git.kernel.org/stable/c/49ff9b4b9deacbefa6654a0a2bcaf910= c9de7e95" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/49ff9b4b9deacbefa6654a0a2bcaf910c9de7e95</a> <a href=3D"https://git.ke= rnel.org/stable/c/060b08d72a38b158a7f850d4b83c17c2969e0f6b" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/060b08d72a38b158a7f850d= 4b83c17c2969e0f6b</a> <a href=3D"https://git.kernel.org/stable/c/b3fc3e1= f04dcc7c41787bbf08a6e0d2728e022cf" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/b3fc3e1f04dcc7c41787bbf08a6e0d2728e022cf</a> =
<a href=3D"https://git.kernel.org/stable/c/6a5820ecfa5a76c3d3e154802c8c15f3= 91ef442e" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/6a5820ecfa5a76c3d3e154802c8c15f391ef442e</a> <a href=3D"https://git.ke= rnel.org/stable/c/6fd6d2a8e41b7f544a4d26cbd60bedf9c67893a0" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/6fd6d2a8e41b7f544a4d26c= bd60bedf9c67893a0</a> <a href=3D"https://git.kernel.org/stable/c/e6b2609= af21b5cccc9559339591b8a2cbf884169" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/e6b2609af21b5cccc9559339591b8a2cbf884169</a> =
<a href=3D"https://git.kernel.org/stable/c/761fcf46a1bd797bd32d23f3ea0141ff= d437668a" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/761fcf46a1bd797bd32d23f3ea0141ffd437668a</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: iio=
: imu: st_lsm6dsx: fix iio_chan_spec for sensors without event detection Th=
e st_lsm6dsx_acc_channels array of struct iio_chan_spec has a non-NULL even= t_spec field, indicating support for IIO events. However, event detection i=
s not supported for all sensors, and if userspace tries to configure accele= rometer wakeup events on a sensor device that does not support them (e.g. L= SM6DS0), st_lsm6dsx_write_event() dereferences a NULL pointer when trying t=
o write to the wakeup register. Define an additional struct iio_chan_spec a= rray whose members have a NULL event_spec field, and use this array instead=
of st_lsm6dsx_acc_channels for sensors without event detection capability.= </td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-71198" target=3D= "_blank" rel=3D"noopener">CVE-2025-71198</a></td>

<a href=3D"https://git.kernel.org/stable/c/7673167fac9323110973a3300637adba= 7d45de3a" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/7673167fac9323110973a3300637adba7d45de3a</a> <a href=3D"https://git.ke= rnel.org/stable/c/4d60ffcdedfe2cdb68a1cde19bb292bc67451629" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/4d60ffcdedfe2cdb68a1cde= 19bb292bc67451629</a> <a href=3D"https://git.kernel.org/stable/c/81ed6e4= 2d6e555dd978c9dd5e3f7c20cb121221b" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/81ed6e42d6e555dd978c9dd5e3f7c20cb121221b</a> =
<a href=3D"https://git.kernel.org/stable/c/c34e2e2d67b3bb8d5a6d09b0d6dac845= cdd13fb3" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/c34e2e2d67b3bb8d5a6d09b0d6dac845cdd13fb3</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: iio=
: adc: at91-sama5d2_adc: Fix potential use-after-free in sama5d2_adc driver=
at91_adc_interrupt can call at91_adc_touch_data_handler function to start = the work by schedule_work(&st->touch_st.workq). If we remove the mod= ule which will call at91_adc_remove to make cleanup, it will free indio_dev=
through iio_device_unregister but quite a bit later. While the work mentio= ned above will be used. The sequence of operations that may lead to a UAF b=
ug is as follows: CPU0 CPU1 | at91_adc_workq_handler at91_adc_remove | iio_= device_unregister(indio_dev) | //free indio_dev a bit later | | iio_push_to= _buffers(indio_dev) | //use indio_dev Fix it by ensuring that the work is c= anceled before proceeding with the cleanup in at91_adc_remove.</td> <td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-71199" target=3D= "_blank" rel=3D"noopener">CVE-2025-71199</a></td>

<a href=3D"https://git.kernel.org/stable/c/4c83dd62595ee7b7c9298a4d19a256b6= 647e7240" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/4c83dd62595ee7b7c9298a4d19a256b6647e7240</a> <a href=3D"https://git.ke= rnel.org/stable/c/fdc8c835c637a3473878d1e7438c77ab8928af63" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/fdc8c835c637a3473878d1e= 7438c77ab8928af63</a> <a href=3D"https://git.kernel.org/stable/c/919d176= b05776c7ede79c36744c823a07d631617" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/919d176b05776c7ede79c36744c823a07d631617</a> =
<a href=3D"https://git.kernel.org/stable/c/9795fe80976f8c31cafda7d44edfc0f5= 32d1f7c4" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/9795fe80976f8c31cafda7d44edfc0f532d1f7c4</a> <a href=3D"https://git.ke= rnel.org/stable/c/d7b6fc224c7f5d6d8adcb18037138d3cfe2bbdfe" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/d7b6fc224c7f5d6d8adcb18= 037138d3cfe2bbdfe</a> <a href=3D"https://git.kernel.org/stable/c/d890234= a91570542c228a20f132ce74f9fedd904" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/d890234a91570542c228a20f132ce74f9fedd904</a> =
<a href=3D"https://git.kernel.org/stable/c/dbdb442218cd9d613adeab31a88ac973= f22c4873" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/dbdb442218cd9d613adeab31a88ac973f22c4873</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Brocade--Fabric OS</td>
<td>A vulnerability in Brocade Fabric OS before 9.2.1c3 could allow elevati=
ng the privileges of the local authenticated user to "root" using the expor=
t option of seccertmgmt and seccryptocfg commands.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-9711" target=3D"= _blank" rel=3D"noopener">CVE-2025-9711</a></td>

<a href=3D"https://support.broadcom.com/web/ecx/support-content-notificatio= n/-/external/content/SecurityAdvisories/0/36852" target=3D"_blank" rel=3D"n= oopener">https://support.broadcom.com/web/ecx/support-content-notification/= -/external/content/SecurityAdvisories/0/36852</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Nokia--Nokia ONT</td>
<td>The unified WEBUI application of the ONT/Beacon device contains an inpu=
t handling flaw that allows authenticated users to trigger unintended syste= m-level command execution. Due to insufficient validation of user-supplied = data, a low-privileged authenticated attacker may be able to execute arbitr= ary commands on the underlying ONT/Beacon operating system, potentially imp= acting the confidentiality, integrity, and availability of the device.</td> <td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2025-9974" target=3D"= _blank" rel=3D"noopener">CVE-2025-9974</a></td>

<a href=3D"https://www.nokia.com/we-are-nokia/security/product-security-adv= isory/cve-2025-9974/" target=3D"_blank" rel=3D"noopener">Nokia Security Adv= isory</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Google--Android</td>
<td>In vpu_mmap of vpu_ioctl, there is a possible arbitrary address mmap du=
e to a missing bounds check. This could lead to local escalation of privile=
ge with no additional execution privileges needed. User interaction is not = needed for exploitation.</td>
<td>2026-02-05</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-0106" target=3D"= _blank" rel=3D"noopener">CVE-2026-0106</a></td>

<a href=3D"https://source.android.com/security/bulletin/pixel/2026-02-01" t= arget=3D"_blank" rel=3D"noopener">https://source.android.com/security/bulle= tin/pixel/2026-02-01</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Brocade--Fabric OS</td>
<td>A vulnerability in Brocade Fabric OS could allow an authenticated, loca=
l attacker with privileges to access the Bash shell to access insecurely st= ored file contents including the history command.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-0383" target=3D"= _blank" rel=3D"noopener">CVE-2026-0383</a></td>

<a href=3D"https://support.broadcom.com/web/ecx/support-content-notificatio= n/-/external/content/SecurityAdvisories/0/36851" target=3D"_blank" rel=3D"n= oopener">https://support.broadcom.com/web/ecx/support-content-notification/= -/external/content/SecurityAdvisories/0/36851</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">TYDAC AG--MAP+</td>
<td>A reflected cross-site scripting (XSS) vulnerability in the PDF export = functionality of the TYDAC AG MAP+ solution allows unauthenticated attacker=
s to craft a malicious URL, that if visited by a victim, will execute arbit= rary JavaScript in the victim's context. Such a URL could be delivered thro= ugh various means, for instance, by sending a link or by tricking victims t=
o visit a page crafted by the attacker. This issue was verified in MAP+: 3.= 4.0.</td>
<td>2026-02-06</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-0521" target=3D"= _blank" rel=3D"noopener">CVE-2026-0521</a></td>

<a href=3D"https://www.tydac.ch/en/mapplus/" target=3D"_blank" rel=3D"noope= ner">https://www.tydac.ch/en/mapplus/</a> <a href=3D"https://www.redguar= d.ch/blog/2026/02/05/advisory-tydac-mapplus/" target=3D"_blank" rel=3D"noop= ener">https://www.redguard.ch/blog/2026/02/05/advisory-tydac-mapplus/</a><b= r>=C2=A0</td>
</tr>

<td class=3D"vendor-product">huggingface--huggingface/text-generation-infer= ence</td>
<td>A vulnerability in huggingface/text-generation-inference version 3.3.6 = allows unauthenticated remote attackers to exploit unbounded external image=
fetching during input validation in VLM mode. The issue arises when the ro= uter scans inputs for Markdown image links and performs a blocking HTTP GET=
request, reading the entire response body into memory and cloning it befor=
e decoding. This behavior can lead to resource exhaustion, including networ=
k bandwidth saturation, memory inflation, and CPU overutilization. The vuln= erability is triggered even if the request is later rejected for exceeding = token limits. The default deployment configuration, which lacks memory usag=
e limits and authentication, exacerbates the impact, potentially crashing t=
he host machine. The issue is resolved in version 3.3.7.</td> <td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-0599" target=3D"= _blank" rel=3D"noopener">CVE-2026-0599</a></td>

<a href=3D"https://huntr.com/bounties/1d3f2085-666c-4441-b265-22f6f7d8d9cd"=
target=3D"_blank" rel=3D"noopener">https://huntr.com/bounties/1d3f2085-666= c-4441-b265-22f6f7d8d9cd</a> <a href=3D"https://github.com/huggingface/t= ext-generation-inference/commit/24ee40d143d8d046039f12f76940a85886cbe152" t= arget=3D"_blank" rel=3D"noopener">https://github.com/huggingface/text-gener= ation-inference/commit/24ee40d143d8d046039f12f76940a85886cbe152</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">TP-Link Systems Inc.--AXE75</td>
<td>When configured as L2TP/IPSec VPN server, Archer AXE75 V1 may accept co= nnections using L2TP without IPSec protection, even when IPSec is enabled.= =C2=A0=C2=A0This allows VPN sessions without encryption, exposing data in t= ransit and compromising confidentiality.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-0620" target=3D"= _blank" rel=3D"noopener">CVE-2026-0620</a></td>

<a href=3D"https://www.tp-link.com/en/support/download/archer-axe75/v1/#Fir= mware" target=3D"_blank" rel=3D"noopener">https://www.tp-link.com/en/suppor= t/download/archer-axe75/v1/#Firmware</a> <a href=3D"https://www.tp-link.= com/us/support/download/archer-axe75/v1/#Firmware" target=3D"_blank" rel=3D= "noopener">https://www.tp-link.com/us/support/download/archer-axe75/v1/#Fir= mware</a> <a href=3D"https://www.tp-link.com/us/support/faq/4942/" targe= t=3D"_blank" rel=3D"noopener">https://www.tp-link.com/us/support/faq/4942/<= /a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">TP-Link Systems Inc.--Archer BE230 v1.2</td> <td>An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(web = modules) allows adjacent authenticated attacker to execute=C2=A0arbitrary c= ode.=C2=A0Successful exploitation could allow an attacker to gain full admi= nistrative control of the device, resulting in severe compromise of configu= ration integrity, network security, and service availability. This CVE cove=
rs one of multiple distinct OS command injection issues identified across s= eparate code paths. Although similar in nature, each instance is tracked un= der a unique CVE ID. This issue affects Archer BE230 v1.2 < 1.2.4 Build = 20251218 rel.70420.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-0630" target=3D"= _blank" rel=3D"noopener">CVE-2026-0630</a></td>

<a href=3D"https://www.tp-link.com/us/support/download/archer-be230/v1.20/#= Firmware" target=3D"_blank" rel=3D"noopener">https://www.tp-link.com/us/sup= port/download/archer-be230/v1.20/#Firmware</a> <a href=3D"https://www.tp= -link.com/en/support/download/archer-be230/v1.20/#Firmware" target=3D"_blan=
k" rel=3D"noopener">https://www.tp-link.com/en/support/download/archer-be23= 0/v1.20/#Firmware</a> <a href=3D"https://www.tp-link.com/sg/support/down= load/archer-be230/v1.20/#Firmware" target=3D"_blank" rel=3D"noopener">https= ://www.tp-link.com/sg/support/download/archer-be230/v1.20/#Firmware</a> =
<a href=3D"https://www.tp-link.com/us/support/faq/4935/" target=3D"_blank" = rel=3D"noopener">https://www.tp-link.com/us/support/faq/4935/</a> =C2=A0= </td>
</tr>

<td class=3D"vendor-product">TP-Link Systems Inc.--Archer BE230 v1.2</td> <td>An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn = modules) allows an adjacent authenticated attacker to=C2=A0execute arbitrar=
y code.=C2=A0Successful exploitation could allow an attacker to gain full a= dministrative control of the device, resulting in severe compromise of conf= iguration integrity, network security, and service availability. This CVE c= overs one of multiple distinct OS command injection issues identified acros=
s separate code paths. Although similar in nature, each instance is tracked=
under a unique CVE ID. This issue affects Archer BE230 v1.2 < 1.2.4 Bui=
ld 20251218 rel.70420.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-0631" target=3D"= _blank" rel=3D"noopener">CVE-2026-0631</a></td>

<a href=3D"https://www.tp-link.com/us/support/download/archer-be230/v1.20/#= Firmware" target=3D"_blank" rel=3D"noopener">https://www.tp-link.com/us/sup= port/download/archer-be230/v1.20/#Firmware</a> <a href=3D"https://www.tp= -link.com/en/support/download/archer-be230/v1.20/#Firmware" target=3D"_blan=
k" rel=3D"noopener">https://www.tp-link.com/en/support/download/archer-be23= 0/v1.20/#Firmware</a> <a href=3D"https://www.tp-link.com/sg/support/down= load/archer-be230/v1.20/#Firmware" target=3D"_blank" rel=3D"noopener">https= ://www.tp-link.com/sg/support/download/archer-be230/v1.20/#Firmware</a> =
<a href=3D"https://www.tp-link.com/us/support/faq/4935/" target=3D"_blank" = rel=3D"noopener">https://www.tp-link.com/us/support/faq/4935/</a> =C2=A0= </td>
</tr>

<td class=3D"vendor-product">Unknown--Five Star Restaurant Reservations</td=

<td>The Five Star Restaurant Reservations WordPress plugin before 2.7.9 doe=
s not have CSRF checks in some bulk actions, which could allow attackers to=
make logged in admins perform unwanted actions, such as deleting bookings = via CSRF attacks.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-0658" target=3D"= _blank" rel=3D"noopener">CVE-2026-0658</a></td>

<a href=3D"https://wpscan.com/vulnerability/6e39090e-a4b2-4c16-806f-e2b1c45= 6fb00/" target=3D"_blank" rel=3D"noopener">https://wpscan.com/vulnerability= /6e39090e-a4b2-4c16-806f-e2b1c456fb00/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Moxa--UC-1200A Series</td>
<td>A physical attack vulnerability exists in certain Moxa industrial compu= ters using TPM-backed LUKS full-disk encryption=C2=A0on Moxa Industrial Lin=
ux 3, where the discrete TPM is connected to the CPU via an SPI bus. Exploi= tation requires invasive physical access, including opening the device and = attaching external equipment to the SPI bus to capture TPM communications. =
If successful, the captured data may allow offline decryption of eMMC conte= nts. This attack cannot be performed through brief or opportunistic physica=
l access=C2=A0and requires extended physical access, possession of the devi= ce, appropriate equipment, and sufficient time for signal capture and analy= sis. Remote exploitation is not possible.</td>
<td>2026-02-05</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-0714" target=3D"= _blank" rel=3D"noopener">CVE-2026-0714</a></td>

<a href=3D"https://www.moxa.com/en/support/product-support/security-advisor= y/mpsa-255121-cve-2026-0714-cve-2026-0715-multiple-vulnerabilities-in-indus= trial-computers" target=3D"_blank" rel=3D"noopener">https://www.moxa.com/en= /support/product-support/security-advisory/mpsa-255121-cve-2026-0714-cve-20= 26-0715-multiple-vulnerabilities-in-industrial-computers</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Moxa--UC-1200A Series</td>
<td>Moxa Arm-based industrial computers running Moxa Industrial Linux Secur=
e use a device-unique bootloader password provided on the device. An attack=
er with physical access=C2=A0to the device could use this information to ac= cess the bootloader menu via a serial interface. =C2=A0Access to the bootlo= ader menu does not allow full system takeover or privilege escalation. The = bootloader enforces digital signature verification and only permits flashin=
g of Moxa-signed images. As a result, an attacker cannot install malicious = firmware or execute arbitrary code. The primary impact is limited to a pote= ntial temporary denial-of-service condition=C2=A0if a valid image is reflas= hed. Remote exploitation is not possible.</td>
<td>2026-02-05</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-0715" target=3D"= _blank" rel=3D"noopener">CVE-2026-0715</a></td>

<a href=3D"https://www.moxa.com/en/support/product-support/security-advisor= y/mpsa-255121-cve-2026-0714-cve-2026-0715-multiple-vulnerabilities-in-indus= trial-computers" target=3D"_blank" rel=3D"noopener">https://www.moxa.com/en= /support/product-support/security-advisory/mpsa-255121-cve-2026-0714-cve-20= 26-0715-multiple-vulnerabilities-in-industrial-computers</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">Ercom--Cryptobox</td>
<td>On a Cryptobox platform where administrator segregation based on entiti=
es is used, some vulnerabilities in Ercom Cryptobox administration console = allows an authenticated entity administrator with knowledge to elevate his = account to global administrator.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-0873" target=3D"= _blank" rel=3D"noopener">CVE-2026-0873</a></td>

<a href=3D"https://info.cryptobox.com/doc/v4.40/4.40.en/" target=3D"_blank"=
rel=3D"noopener">https://info.cryptobox.com/doc/v4.40/4.40.en/</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">Dr.Buho--BuhoCleaner</td> <td>BuhoCleaner=C2=A0contains an insecure XPC service that allows local, un= privileged users to escalate their privileges to root via insecure function=
s. This issue affects BuhoCleaner: 1.15.2.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-0924" target=3D"= _blank" rel=3D"noopener">CVE-2026-0924</a></td>

<a href=3D"https://fluidattacks.com/advisories/solstafir" target=3D"_blank"=
rel=3D"noopener">https://fluidattacks.com/advisories/solstafir</a> <a h= ref=3D"https://www.drbuho.com/buhocleaner" target=3D"_blank" rel=3D"noopene= r">https://www.drbuho.com/buhocleaner</a> <a href=3D"https://www.drbuho.= com/buhocleaner/download" target=3D"_blank" rel=3D"noopener">https://www.dr= buho.com/buhocleaner/download</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Drupal--Group invite</td>
<td>Improper Check for Unusual or Exceptional Conditions vulnerability in D= rupal Group invite allows Forceful Browsing. This issue affects Group invit=
e: from 0.0.0 before 2.3.9, from 3.0.0 before 3.0.4, from 4.0.0 before 4.0.= 4.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-0944" target=3D"= _blank" rel=3D"noopener">CVE-2026-0944</a></td>

<a href=3D"https://www.drupal.org/sa-contrib-2026-001" target=3D"_blank" re= l=3D"noopener">https://www.drupal.org/sa-contrib-2026-001</a> =C2=A0</td=

</tr>

<td class=3D"vendor-product">Drupal--Role Delegation</td>
<td>Privilege Defined With Unsafe Actions vulnerability in Drupal Role Dele= gation allows Privilege Escalation. This issue affects Role Delegation: fro=
m 1.3.0 before 1.5.0.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-0945" target=3D"= _blank" rel=3D"noopener">CVE-2026-0945</a></td>

<a href=3D"https://www.drupal.org/sa-contrib-2026-002" target=3D"_blank" re= l=3D"noopener">https://www.drupal.org/sa-contrib-2026-002</a> =C2=A0</td=

</tr>

<td class=3D"vendor-product">Drupal--AT Internet SmartTag</td>
<td>Improper Neutralization of Input During Web Page Generation ("Cross-sit=
e Scripting") vulnerability in Drupal AT Internet SmartTag allows Cross-Sit=
e Scripting (XSS). This issue affects AT Internet SmartTag: from 0.0.0 befo=
re 1.0.1.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-0946" target=3D"= _blank" rel=3D"noopener">CVE-2026-0946</a></td>

<a href=3D"https://www.drupal.org/sa-contrib-2026-003" target=3D"_blank" re= l=3D"noopener">https://www.drupal.org/sa-contrib-2026-003</a> =C2=A0</td=

</tr>

<td class=3D"vendor-product">Drupal--AT Internet Piano Analytics</td> <td>Improper Neutralization of Input During Web Page Generation ("Cross-sit=
e Scripting") vulnerability in Drupal AT Internet Piano Analytics allows Cr= oss-Site Scripting (XSS). This issue affects AT Internet Piano Analytics: f= rom 0.0.0 before 1.0.1, from 2.0.0 before 2.3.1.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-0947" target=3D"= _blank" rel=3D"noopener">CVE-2026-0947</a></td>

<a href=3D"https://www.drupal.org/sa-contrib-2026-004" target=3D"_blank" re= l=3D"noopener">https://www.drupal.org/sa-contrib-2026-004</a> =C2=A0</td=

</tr>

<td class=3D"vendor-product">Drupal--Microsoft Entra ID SSO Login</td> <td>Authentication Bypass Using an Alternate Path or Channel vulnerability =
in Drupal Microsoft Entra ID SSO Login allows Privilege Escalation. This is= sue affects Microsoft Entra ID SSO Login: from 0.0.0 before 1.0.4.</td> <td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-0948" target=3D"= _blank" rel=3D"noopener">CVE-2026-0948</a></td>

<a href=3D"https://www.drupal.org/sa-contrib-2026-005" target=3D"_blank" re= l=3D"noopener">https://www.drupal.org/sa-contrib-2026-005</a> =C2=A0</td=

</tr>

<td class=3D"vendor-product">parisneo--parisneo/lollms</td>
<td>A vulnerability in the `lollms_generation_events.py` component of paris= neo/lollms version 5.9.0 allows unauthenticated access to sensitive Socket.=
IO events. The `add_events` function registers event handlers such as `gene= rate_text`, `cancel_generation`, `generate_msg`, and `generate_msg_from` wi= thout implementing authentication or authorization checks. This allows unau= thenticated clients to execute resource-intensive or state-altering operati= ons, leading to potential denial of service, state corruption, and race con= ditions. Additionally, the use of global flags (`lollmsElfServer.busy`, `lo= llmsElfServer.cancel_gen`) for state management in a multi-client environme=
nt introduces further vulnerabilities, enabling one client's actions to aff= ect the server's state and other clients' operations. The lack of proper ac= cess control and reliance on insecure global state management significantly=
impacts the availability and integrity of the service.</td> <td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1117" target=3D"= _blank" rel=3D"noopener">CVE-2026-1117</a></td>

<a href=3D"https://huntr.com/bounties/d2846a7f-0140-4105-b1bb-5ef64ec8b829"=
target=3D"_blank" rel=3D"noopener">https://huntr.com/bounties/d2846a7f-014= 0-4105-b1bb-5ef64ec8b829</a> <a href=3D"https://github.com/parisneo/loll= ms/commit/36a5b513dfefe9c2913bf9b618457b4fea603e3b" target=3D"_blank" rel= =3D"noopener">https://github.com/parisneo/lollms/commit/36a5b513dfefe9c2913= bf9b618457b4fea603e3b</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">ABC PRO SP. Z O.O.--EAP Legislator</td>
<td>EAP Legislator is vulnerable to Path Traversal in file extraction funct= ionality. Attacker can prepare zipx archive (default file type used by the = Legislator application) and choose arbitrary path outside the intended dire= ctory (e.x. system startup)=C2=A0where files will be extracted by the victi=
m upon opening the file. This issue was fixed in version 2.25a.</td> <td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1186" target=3D"= _blank" rel=3D"noopener">CVE-2026-1186</a></td>

<a href=3D"https://abcpro.pl/eap-legislator" target=3D"_blank" rel=3D"noope= ner">https://abcpro.pl/eap-legislator</a> <a href=3D"https://cert.pl/pos= ts/2026/02/CVE-2026-1186" target=3D"_blank" rel=3D"noopener">https://cert.p= l/posts/2026/02/CVE-2026-1186</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">djangoproject--Django</td>
<td>An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2=
before 4.2.28. Raster lookups on ``RasterField`` (only implemented on Post= GIS) allows remote attackers to inject SQL via the band index parameter. Ea= rlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not=
evaluated and may also be affected. Django would like to thank Tarek Nakko= uch for reporting this issue.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1207" target=3D"= _blank" rel=3D"noopener">CVE-2026-1207</a></td>

<a href=3D"https://docs.djangoproject.com/en/dev/releases/security/" target= =3D"_blank" rel=3D"noopener">Django security archive</a> <a href=3D"http= s://groups.google.com/g/django-announce" target=3D"_blank" rel=3D"noopener"= >Django releases announcements</a> <a href=3D"https://www.djangoproject.= com/weblog/2026/feb/03/security-releases/" target=3D"_blank" rel=3D"noopene= r">Django security releases issued: 6.0.2, 5.2.11, and 4.2.28</a> =C2=A0= </td>
</tr>

<td class=3D"vendor-product">BeyondTrust--Privilege management for Windows<=

<td>A medium-severity vulnerability has been identified in BeyondTrust Priv= ilege Management for Windows versions <=3D25.7. Under certain conditions=
, a local authenticated user with elevated privileges may be able to bypass=
the product's anti-tamper protections, which could allow access to protect=
ed application components and the ability to modify product configuration.<=

<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1232" target=3D"= _blank" rel=3D"noopener">CVE-2026-1232</a></td>

<a href=3D"https://www.beyondtrust.com/trust-center/security-advisories/bt2= 6-01" target=3D"_blank" rel=3D"noopener">https://www.beyondtrust.com/trust-= center/security-advisories/bt26-01</a> <a href=3D"https://beyondtrustcor= p.service-now.com/csm?id=3Dkb_article_view&sysparm_article=3DKB0023100" tar= get=3D"_blank" rel=3D"noopener">https://beyondtrustcorp.service-now.com/csm= ?id=3Dkb_article_view&sysparm_article=3DKB0023100</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">djangoproject--Django</td>
<td>An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2=
before 4.2.28. `django.utils.text.Truncator.chars()` and `Truncator.words(=
)` methods (with `html=3DTrue`) and the `truncatechars_html` and `truncatew= ords_html` template filters allow a remote attacker to cause a potential de= nial-of-service via crafted inputs containing a large number of unmatched H= TML end tags. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and=
3.2.x) were not evaluated and may also be affected. Django would like to t= hank Seokchan Yoon for reporting this issue.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1285" target=3D"= _blank" rel=3D"noopener">CVE-2026-1285</a></td>

<a href=3D"https://docs.djangoproject.com/en/dev/releases/security/" target= =3D"_blank" rel=3D"noopener">Django security archive</a> <a href=3D"http= s://groups.google.com/g/django-announce" target=3D"_blank" rel=3D"noopener"= >Django releases announcements</a> <a href=3D"https://www.djangoproject.= com/weblog/2026/feb/03/security-releases/" target=3D"_blank" rel=3D"noopene= r">Django security releases issued: 6.0.2, 5.2.11, and 4.2.28</a> =C2=A0= </td>
</tr>

<td class=3D"vendor-product">djangoproject--Django</td>
<td>An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2=
before 4.2.28. `FilteredRelation` is subject to SQL injection in column al= iases via control characters, using a suitably crafted dictionary, with dic= tionary expansion, as the `**kwargs` passed to `QuerySet` methods `annotate= ()`, `aggregate()`, `extra()`, `values()`, `values_list()`, and `alias()`. = Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were n=
ot evaluated and may also be affected. Django would like to thank Solomon K= ebede for reporting this issue.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1287" target=3D"= _blank" rel=3D"noopener">CVE-2026-1287</a></td>

<a href=3D"https://docs.djangoproject.com/en/dev/releases/security/" target= =3D"_blank" rel=3D"noopener">Django security archive</a> <a href=3D"http= s://groups.google.com/g/django-announce" target=3D"_blank" rel=3D"noopener"= >Django releases announcements</a> <a href=3D"https://www.djangoproject.= com/weblog/2026/feb/03/security-releases/" target=3D"_blank" rel=3D"noopene= r">Django security releases issued: 6.0.2, 5.2.11, and 4.2.28</a> =C2=A0= </td>
</tr>

<td class=3D"vendor-product">o6 Automation GmbH--Open62541</td>
<td>In builds with PubSub and JSON enabled, a crafted JSON message can caus=
e the decoder to write beyond a heap-allocated array before authentication,=
reliably crashing the process and corrupting memory.</td>
<td>2026-02-05</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1301" target=3D"= _blank" rel=3D"noopener">CVE-2026-1301</a></td>

<a href=3D"https://www.cisa.gov/news-events/ics-advisories/icsa-26-036-03" = target=3D"_blank" rel=3D"noopener">https://www.cisa.gov/news-events/ics-adv= isories/icsa-26-036-03</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">djangoproject--Django</td>
<td>An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2=
before 4.2.28. `.QuerySet.order_by()` is subject to SQL injection in colum=
n aliases containing periods when the same alias is, using a suitably craft=
ed dictionary, with dictionary expansion, used in `FilteredRelation`. Earli= er, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not ev= aluated and may also be affected. Django would like to thank Solomon Kebede=
for reporting this issue.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1312" target=3D"= _blank" rel=3D"noopener">CVE-2026-1312</a></td>

<a href=3D"https://docs.djangoproject.com/en/dev/releases/security/" target= =3D"_blank" rel=3D"noopener">Django security archive</a> <a href=3D"http= s://groups.google.com/g/django-announce" target=3D"_blank" rel=3D"noopener"= >Django releases announcements</a> <a href=3D"https://www.djangoproject.= com/weblog/2026/feb/03/security-releases/" target=3D"_blank" rel=3D"noopene= r">Django security releases issued: 6.0.2, 5.2.11, and 4.2.28</a> =C2=A0= </td>
</tr>

<td class=3D"vendor-product">neo4j--Enterprise Edition</td>
<td>Insufficient escaping of unicode characters in query log in Neo4j Enter= prise and Community editions prior to 2026.01 can lead to XSS if the user o= pens the logs in a tool that treats them as HTML. There is no security impa=
ct on Neo4j products, but this advisory is released as a precaution to trea=
t the logs as plain text if using versions prior to 2026.01. Proof of conce=
pt exploit:=C2=A0 https://github.com/JoakimBulow/CVE-2026-1337</td> <td>2026-02-06</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1337" target=3D"= _blank" rel=3D"noopener">CVE-2026-1337</a></td>

<a href=3D"https://github.com/JoakimBulow/CVE-2026-1337" target=3D"_blank" = rel=3D"noopener">https://github.com/JoakimBulow/CVE-2026-1337</a> =C2=A0= </td>
</tr>

<td class=3D"vendor-product">Avation--Avation Light Engine Pro</td>
<td>Avation Light Engine Pro exposes its configuration and control interfac=
e without any authentication or access control.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1341" target=3D"= _blank" rel=3D"noopener">CVE-2026-1341</a></td>

<a href=3D"https://www.cisa.gov/news-events/ics-advisories/icsa-26-034-02" = target=3D"_blank" rel=3D"noopener">https://www.cisa.gov/news-events/ics-adv= isories/icsa-26-034-02</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">T-Systems--Buroweb</td>
<td>SQL injection vulnerability in the Buroweb platform version 2505.0.12, = specifically in the 'tablon' component. This vulnerability is present in se= veral parameters that do not correctly sanitize user input in the endpoint = '/sta/CarpetaPublic/doEvent?APP_CODE=3DSTA&PAGE_CODE=3DTABLON'. Exploit= ing this vulnerability could allow an attacker to execute queries on the da= tabase and gain access to confidential information.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1432" target=3D"= _blank" rel=3D"noopener">CVE-2026-1432</a></td>

<a href=3D"https://www.incibe.es/en/incibe-cert/notices/aviso/sql-injection= -sqli-buroweb-platform" target=3D"_blank" rel=3D"noopener">https://www.inci= be.es/en/incibe-cert/notices/aviso/sql-injection-sqli-buroweb-platform</a><= br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">PRIMION DIGITEK--Digitek ADT1100</td>
<td>Path Traversal vulnerability in Digitek ADT1100 and Digitek DT950 from = PRIMION DIGITEK, S.L.U (Azkoyen Group). This vulnerability allows an attack=
er to access arbitrary files in the server's file system, thet is, 'http://= <host>/..%2F..% 2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd'. B=
y manipulating the input to include URL encoded directory traversal sequenc=
es (e.g., %2F representing /), an attacker can bypass the input validation = mechanisms ans retrieve sensitive files outside the intended directory, whi=
ch could lead to information disclosure or further system compromise.</td> <td>2026-02-05</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1523" target=3D"= _blank" rel=3D"noopener">CVE-2026-1523</a></td>

<a href=3D"https://www.incibe.es/en/incibe-cert/notices/aviso/path-traversa= l-digitek-grupo-azkoyen" target=3D"_blank" rel=3D"noopener">https://www.inc= ibe.es/en/incibe-cert/notices/aviso/path-traversal-digitek-grupo-azkoyen</a= > =C2=A0</td>
</tr>

<td class=3D"vendor-product">Drupal--Drupal Canvas</td>
<td>Incorrect Authorization vulnerability in Drupal Drupal Canvas allows Fo= rceful Browsing. This issue affects Drupal Canvas: from 0.0.0 before 1.0.4.= </td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1553" target=3D"= _blank" rel=3D"noopener">CVE-2026-1553</a></td>

<a href=3D"https://www.drupal.org/sa-contrib-2026-006" target=3D"_blank" re= l=3D"noopener">https://www.drupal.org/sa-contrib-2026-006</a> =C2=A0</td=

</tr>

<td class=3D"vendor-product">Drupal--Central Authentication System (CAS) Se= rver</td>
<td>XML Injection (aka Blind XPath Injection) vulnerability in Drupal Centr=
al Authentication System (CAS) Server allows Privilege Escalation. This iss=
ue affects Central Authentication System (CAS) Server: from 0.0.0 before 2.= 0.3, from 2.1.0 before 2.1.2.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1554" target=3D"= _blank" rel=3D"noopener">CVE-2026-1554</a></td>

<a href=3D"https://www.drupal.org/sa-contrib-2026-007" target=3D"_blank" re= l=3D"noopener">https://www.drupal.org/sa-contrib-2026-007</a> =C2=A0</td=

</tr>

<td class=3D"vendor-product">neo4j--Enterprise Edition</td>
<td>Neo4j Enterprise and Community editions versions prior to 2026.01.3 and=
5.26.21 are vulnerable to a potential information disclosure by a user who=
has ability to access the local log files. The "obfuscate_literals" option=
in the query logs does not redact error information, exposing unredacted d= ata in the query log when a customer writes a query that fails. It can allo=
w a user with legitimate access to the local log files to obtain informatio=
n they are not authorised to see. If this user is also in a position to run=
queries and trigger errors, this vulnerability can potentially help them t=
o infer information they are not authorised to see through their intended d= atabase access. We recommend=C2=A0upgrading to versions 2026.01.3 (or 5.26.= 21) where the issue is fixed, and reviewing query log files permissions to = ensure restricted access. If your configuration had=C2=A0db.logs.query.obfu= scate_literals=C2=A0enabled, and you wish the obfuscation to cover the erro=
r messages as well, you need to enable the new configuration setting=C2=A0d= b.logs.query.obfuscate_errors=C2=A0once you have upgraded Neo4j.</td> <td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1622" target=3D"= _blank" rel=3D"noopener">CVE-2026-1622</a></td>

<a href=3D"https://neo4j.com/security/CVE-2026-1622" target=3D"_blank" rel= =3D"noopener">https://neo4j.com/security/CVE-2026-1622</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">N/A--N/A</td>
<td>Summary An Insecure Direct Object Reference has been found to exist in = `createHeaderBasedEmailResolver()` function within the Cloudflare Agents SD=
K. The issue occurs because the `Message-ID` and `References` headers are p= arsed to derive the target agentName and agentId without proper validation =
or origin checks, allowing an external attacker with control of these heade=
rs to route inbound mail to arbitrary Durable Object instances and namespac=
es . Root cause The `createHeaderBasedEmailResolver()` function lacks crypt= ographic verification or origin validation for the headers used in the rout= ing logic, effectively allowing external input to dictate internal object r= outing. Impact Insecure Direct Object Reference (IDOR) in email routing let=
s an attacker steer inbound mail to arbitrary Agent instances via spoofed M= essage-ID. Mitigation: * PR: https://github.com/cloudflare/agents/blob/main= /docs/email.md ] provides the necessary architectural context for coding ag= ents to mitigate the issue by refactoring the resolver to enforce strict id= entity boundaries. * Agents-sdk users should upgrade to agents@0.3.7</td> <td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1664" target=3D"= _blank" rel=3D"noopener">CVE-2026-1664</a></td>

<a href=3D"https://github.com/cloudflare/agents" target=3D"_blank" rel=3D"n= oopener">https://github.com/cloudflare/agents</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Python Packaging Authority--pip</td>
<td>When pip is installing and extracting a maliciously crafted wheel archi= ve, files may be extracted outside the installation directory. The path tra= versal is limited to prefixes of the installation directory, thus isn't abl=
e to inject or overwrite executable files in typical situations.</td> <td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1703" target=3D"= _blank" rel=3D"noopener">CVE-2026-1703</a></td>

<a href=3D"https://github.com/pypa/pip/pull/13777" target=3D"_blank" rel=3D= "noopener">https://github.com/pypa/pip/pull/13777</a> <a href=3D"https:/= /github.com/pypa/pip/commit/8e227a9be4faa9594e05d02ca05a413a2a4e7735" targe= t=3D"_blank" rel=3D"noopener">https://github.com/pypa/pip/commit/8e227a9be4= faa9594e05d02ca05a413a2a4e7735</a> <a href=3D"https://mail.python.org/ar= chives/list/security-announce@python.org/thread/WIEA34D4TABF2UNQJAOMXKCICSP= BE2DJ/" target=3D"_blank" rel=3D"noopener">https://mail.python.org/archives= /list/security-announce@python.org/thread/WIEA34D4TABF2UNQJAOMXKCICSPBE2DJ/= </a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Google Cloud--Gemini Enterprise (formerly Agen= tspace)</td>
<td>The Agentspace service was affected by a vulnerability that exposed sen= sitive information due to the use of predictable Google Cloud Storage bucke=
t names. These names were utilized for error logs and temporary staging dur= ing data imports from GCS and Cloud SQL. This predictability allowed an att= acker to engage in "bucket squatting" by establishing these buckets before =
a victim's initial use. All versions after December 12th, 2025 have been up= dated to protect from this vulnerability. No user action is required for th= is.</td>
<td>2026-02-06</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1727" target=3D"= _blank" rel=3D"noopener">CVE-2026-1727</a></td>

<a href=3D"https://docs.cloud.google.com/gemini/enterprise/docs/release-not= es#February_06_2026" target=3D"_blank" rel=3D"noopener">https://docs.cloud.= google.com/gemini/enterprise/docs/release-notes#February_06_2026</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">BeyondTrust--Remote Support(RS) & Privileg=
ed Remote Access(PRA)</td>
<td>BeyondTrust Remote Support (RS) and certain older versions of Privilege=
d Remote Access (PRA) contain a critical pre-authentication remote code exe= cution vulnerability. By sending specially crafted requests, an unauthentic= ated remote attacker may be able to execute operating system commands in th=
e context of the site user.</td>
<td>2026-02-06</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1731" target=3D"= _blank" rel=3D"noopener">CVE-2026-1731</a></td>

<a href=3D"https://beyondtrustcorp.service-now.com/csm?id=3Dcsm_kb_article&= sysparm_article=3DKB0023293" target=3D"_blank" rel=3D"noopener">https://bey= ondtrustcorp.service-now.com/csm?id=3Dcsm_kb_article&sysparm_article=3DKB00= 23293</a> <a href=3D"https://www.beyondtrust.com/trust-center/security-a= dvisories/bt26-02" target=3D"_blank" rel=3D"noopener">https://www.beyondtru= st.com/trust-center/security-advisories/bt26-02</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">CrafterCMS--CrafterCMS</td>
<td>Improper Control of Dynamically-Managed Code Resources vulnerability in=
Crafter Studio of Crafter CMS allows authenticated developers to execute O=
S commands via Groovy Sandbox Bypass. By inserting malicious Groovy element=
s, an attacker may bypass sandbox restrictions and obtain RCE (Remote Code = Execution).</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1770" target=3D"= _blank" rel=3D"noopener">CVE-2026-1770</a></td>

<a href=3D"https://docs.craftercms.org/current/security/advisory.html#cv-20= 26020201" target=3D"_blank" rel=3D"noopener">https://docs.craftercms.org/cu= rrent/security/advisory.html#cv-2026020201</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Xquic Project--Xquic Server</td>
<td>: Out-of-bounds Write vulnerability in Xquic Project Xquic Server xquic=
on Linux (QUIC protocol implementation, packet processing module modules) = allows : Buffer Manipulation. This issue affects Xquic Server: through 1.8.= 3.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1788" target=3D"= _blank" rel=3D"noopener">CVE-2026-1788</a></td>

<a href=3D"https://github.com/alibaba/xquic" target=3D"_blank" rel=3D"noope= ner">https://github.com/alibaba/xquic</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Rapid7--InsightVM/Nexpose</td>
<td>A security vulnerability has been identified in Rapid7 Nexpose. Remedia= tion is in progress.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1814" target=3D"= _blank" rel=3D"noopener">CVE-2026-1814</a></td>

<a href=3D"https://www.atredis.com/disclosure" target=3D"_blank" rel=3D"noo= pener">https://www.atredis.com/disclosure</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Google--Chrome</td>
<td>Heap buffer overflow in libvpx in Google Chrome prior to 144.0.7559.132=
allowed a remote attacker to potentially exploit heap corruption via a cra= fted HTML page. (Chromium security severity: High)</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1861" target=3D"= _blank" rel=3D"noopener">CVE-2026-1861</a></td>

<a href=3D"https://chromereleases.googleblog.com/2026/02/stable-channel-upd= ate-for-desktop.html" target=3D"_blank" rel=3D"noopener">https://chromerele= ases.googleblog.com/2026/02/stable-channel-update-for-desktop.html</a> <=
a href=3D"https://issues.chromium.org/issues/478942410" target=3D"_blank" r= el=3D"noopener">https://issues.chromium.org/issues/478942410</a> =C2=A0<=

</tr>

<td class=3D"vendor-product">Google--Chrome</td>
<td>Type Confusion in V8 in Google Chrome prior to 144.0.7559.132 allowed a=
remote attacker to potentially exploit heap corruption via a crafted HTML = page. (Chromium security severity: High)</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1862" target=3D"= _blank" rel=3D"noopener">CVE-2026-1862</a></td>

<a href=3D"https://chromereleases.googleblog.com/2026/02/stable-channel-upd= ate-for-desktop.html" target=3D"_blank" rel=3D"noopener">https://chromerele= ases.googleblog.com/2026/02/stable-channel-update-for-desktop.html</a> <=
a href=3D"https://issues.chromium.org/issues/479726070" target=3D"_blank" r= el=3D"noopener">https://issues.chromium.org/issues/479726070</a> =C2=A0<=

</tr>

<td class=3D"vendor-product">Nukegraphic CMS--Nukegraphic CMS</td> <td>Nukegraphic CMS v3.1.2 contains a stored cross-site scripting (XSS) vul= nerability in the user profile edit functionality at /ngc-cms/user-edit-pro= file.php. The application fails to properly sanitize user input in the name=
field before storing it in the database and rendering it across multiple C=
MS pages. An authenticated attacker with low privileges can inject maliciou=
s JavaScript payloads through the profile edit request, which are then exec= uted site-wide whenever the affected user's name is displayed. This allows = the attacker to execute arbitrary JavaScript in the context of other users'=
sessions, potentially leading to session hijacking, credential theft, or u= nauthorized actions performed on behalf of victims.</td>
<td>2026-02-05</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1953" target=3D"= _blank" rel=3D"noopener">CVE-2026-1953</a></td>

<a href=3D"https://github.com/carlosbudiman/CVE-2026-1953-Disclosure" targe= t=3D"_blank" rel=3D"noopener">https://github.com/carlosbudiman/CVE-2026-195= 3-Disclosure</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">YugabyteDB Inc--YugabyteDB Anywhere</td> <td>YugabyteDB Anywhere displays LDAP bind passwords configured via gflags =
in cleartext within the web UI. An authenticated user with access to the co= nfiguration view could obtain LDAP credentials, potentially enabling unauth= orized access to external directory services.</td>
<td>2026-02-05</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-1966" target=3D"= _blank" rel=3D"noopener">CVE-2026-1966</a></td>

<a href=3D"https://docs.yugabyte.com/stable/secure/vulnerability-disclosure= -policy/" target=3D"_blank" rel=3D"noopener">https://docs.yugabyte.com/stab= le/secure/vulnerability-disclosure-policy/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">MediaTek, Inc.--MT2735, MT6833, MT6853, MT6855=
, MT6873, MT6875, MT6877, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, M= T6893, MT8675, MT8771, MT8791, MT8791T, MT8797</td>
<td>In Modem, there is a possible system crash due to an uncaught exception=
. This could lead to remote denial of service, if a UE has connected to a r= ogue base station controlled by the attacker, with no additional execution = privileges needed. User interaction is not needed for exploitation. Patch I=
D: MOLY01738310; Issue ID: MSV-5933.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-20401" target=3D= "_blank" rel=3D"noopener">CVE-2026-20401</a></td>

<a href=3D"https://corp.mediatek.com/product-security-bulletin/February-202=
6" target=3D"_blank" rel=3D"noopener">https://corp.mediatek.com/product-sec= urity-bulletin/February-2026</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">MediaTek, Inc.--MT2735, MT6833, MT6853, MT6855=
, MT6873, MT6875, MT6877, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, M= T6893, MT8675, MT8771, MT8791, MT8791T, MT8797</td>
<td>In Modem, there is a possible system crash due to improper input valida= tion. This could lead to remote denial of service, if a UE has connected to=
a rogue base station controlled by the attacker, with no additional execut= ion privileges needed. User interaction is not needed for exploitation. Pat=
ch ID: MOLY00693083; Issue ID: MSV-5928.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-20402" target=3D= "_blank" rel=3D"noopener">CVE-2026-20402</a></td>

<a href=3D"https://corp.mediatek.com/product-security-bulletin/February-202=
6" target=3D"_blank" rel=3D"noopener">https://corp.mediatek.com/product-sec= urity-bulletin/February-2026</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">MediaTek, Inc.--MT2735, MT2737, MT6813, MT6815=
, MT6833, MT6835, MT6853, MT6855, MT6873, MT6875, MT6877, MT6878, MT6879, M= T6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT68= 96, MT6897, MT6899, MT6980, MT6983, MT6985, MT6989, MT6990, MT6991, MT6993,=
MT8673, MT8675, MT8676, MT8771, MT8791, MT8791T, MT8795T, MT8797, MT8798, = MT8893</td>
<td>In Modem, there is a possible system crash due to a missing bounds chec=
k. This could lead to remote denial of service, if a UE has connected to a = rogue base station controlled by the attacker, with no additional execution=
privileges needed. User interaction is not needed for exploitation. Patch = ID: MOLY01689254 (Note: For N15 and NR16) / MOLY01689259 (Note: For NR17 an=
d NR17R); Issue ID: MSV-4843.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-20403" target=3D= "_blank" rel=3D"noopener">CVE-2026-20403</a></td>

<a href=3D"https://corp.mediatek.com/product-security-bulletin/February-202=
6" target=3D"_blank" rel=3D"noopener">https://corp.mediatek.com/product-sec= urity-bulletin/February-2026</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">MediaTek, Inc.--MT2735, MT2737, MT6813, MT6815=
, MT6833, MT6835, MT6853, MT6855, MT6858, MT6873, MT6875, MT6877, MT6878, M= T6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT68= 95, MT6896, MT6897, MT6899, MT6980, MT6983, MT6985, MT6986, MT6989, MT6990,=
MT6991, MT6993, MT8668, MT8673, MT8675, MT8676, MT8678, MT8755, MT8771, MT= 8791, MT8791T, MT8792, MT8793, MT8795T, MT8797, MT8798, MT8863, MT8873, MT8= 883, MT8893</td>
<td>In Modem, there is a possible system crash due to improper input valida= tion. This could lead to remote denial of service, if a UE has connected to=
a rogue base station controlled by the attacker, with no additional execut= ion privileges needed. User interaction is not needed for exploitation. Pat=
ch ID: MOLY01689248; Issue ID: MSV-4837.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-20404" target=3D= "_blank" rel=3D"noopener">CVE-2026-20404</a></td>

<a href=3D"https://corp.mediatek.com/product-security-bulletin/February-202=
6" target=3D"_blank" rel=3D"noopener">https://corp.mediatek.com/product-sec= urity-bulletin/February-2026</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">MediaTek, Inc.--MT2735, MT2737, MT6813, MT6815=
, MT6833, MT6835, MT6853, MT6855, MT6858, MT6873, MT6875, MT6877, MT6878, M= T6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT68= 95, MT6896, MT6897, MT6899, MT6980, MT6983, MT6985, MT6986, MT6989, MT6990,=
MT6991, MT6993, MT8668, MT8673, MT8675, MT8676, MT8678, MT8755, MT8771, MT= 8791, MT8791T, MT8792, MT8793, MT8795T, MT8797, MT8798, MT8863, MT8873, MT8= 883, MT8893</td>
<td>In Modem, there is a possible system crash due to a missing bounds chec=
k. This could lead to remote denial of service, if a UE has connected to a = rogue base station controlled by the attacker, with no additional execution=
privileges needed. User interaction is not needed for exploitation. Patch = ID: MOLY01688495; Issue ID: MSV-4818.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-20405" target=3D= "_blank" rel=3D"noopener">CVE-2026-20405</a></td>

<a href=3D"https://corp.mediatek.com/product-security-bulletin/February-202=
6" target=3D"_blank" rel=3D"noopener">https://corp.mediatek.com/product-sec= urity-bulletin/February-2026</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">MediaTek, Inc.--MT2735, MT2737, MT6813, MT6815=
, MT6833, MT6835, MT6853, MT6855, MT6858, MT6873, MT6875, MT6877, MT6878, M= T6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT68= 95, MT6896, MT6897, MT6899, MT6980, MT6983, MT6985, MT6986, MT6989, MT6990,=
MT6991, MT6993, MT8668, MT8673, MT8675, MT8676, MT8678, MT8755, MT8771, MT= 8791, MT8791T, MT8792, MT8793, MT8795T, MT8797, MT8798, MT8863, MT8873, MT8= 883, MT8893</td>
<td>In Modem, there is a possible system crash due to an uncaught exception=
. This could lead to remote denial of service, if a UE has connected to a r= ogue base station controlled by the attacker, with no additional execution = privileges needed. User interaction is not needed for exploitation. Patch I=
D: MOLY01726634; Issue ID: MSV-5728.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-20406" target=3D= "_blank" rel=3D"noopener">CVE-2026-20406</a></td>

<a href=3D"https://corp.mediatek.com/product-security-bulletin/February-202=
6" target=3D"_blank" rel=3D"noopener">https://corp.mediatek.com/product-sec= urity-bulletin/February-2026</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">MediaTek, Inc.--MT7902, MT7920, MT7921, MT7922=
, MT7925, MT7927</td>
<td>In wlan STA driver, there is a possible escalation of privilege due to =
a missing bounds check. This could lead to local escalation of privilege wi=
th User execution privileges needed. User interaction is not needed for exp= loitation. Patch ID: WCNCR00464377; Issue ID: MSV-4905.</td> <td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-20407" target=3D= "_blank" rel=3D"noopener">CVE-2026-20407</a></td>

<a href=3D"https://corp.mediatek.com/product-security-bulletin/February-202=
6" target=3D"_blank" rel=3D"noopener">https://corp.mediatek.com/product-sec= urity-bulletin/February-2026</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">MediaTek, Inc.--MT6890, MT7615, MT7915, MT7916=
, MT7981, MT7986</td>
<td>In wlan, there is a possible out of bounds write due to a heap buffer o= verflow. This could lead to remote (proximal/adjacent) escalation of privil= ege with no additional execution privileges needed. User interaction is not=
needed for exploitation. Patch ID: WCNCR00461651; Issue ID: MSV-4758.</td> <td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-20408" target=3D= "_blank" rel=3D"noopener">CVE-2026-20408</a></td>

<a href=3D"https://corp.mediatek.com/product-security-bulletin/February-202=
6" target=3D"_blank" rel=3D"noopener">https://corp.mediatek.com/product-sec= urity-bulletin/February-2026</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">MediaTek, Inc.--MT6897, MT6989</td>
<td>In imgsys, there is a possible out of bounds write due to a missing bou= nds check. This could lead to local escalation of privilege if a malicious = actor has already obtained the System privilege. User interaction is not ne= eded for exploitation. Patch ID: ALPS10363246; Issue ID: MSV-5779.</td> <td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-20409" target=3D= "_blank" rel=3D"noopener">CVE-2026-20409</a></td>

<a href=3D"https://corp.mediatek.com/product-security-bulletin/February-202=
6" target=3D"_blank" rel=3D"noopener">https://corp.mediatek.com/product-sec= urity-bulletin/February-2026</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">MediaTek, Inc.--MT6897, MT6989, MT8370, MT8390=
, MT8395</td>
<td>In imgsys, there is a possible out of bounds write due to a missing bou= nds check. This could lead to local escalation of privilege if a malicious = actor has already obtained the System privilege. User interaction is not ne= eded for exploitation. Patch ID: ALPS10362552; Issue ID: MSV-5760.</td> <td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-20410" target=3D= "_blank" rel=3D"noopener">CVE-2026-20410</a></td>

<a href=3D"https://corp.mediatek.com/product-security-bulletin/February-202=
6" target=3D"_blank" rel=3D"noopener">https://corp.mediatek.com/product-sec= urity-bulletin/February-2026</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">MediaTek, Inc.--MT6878, MT6879, MT6881, MT6886=
, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT6993, MT8168, M= T8188, MT8195, MT8365, MT8370, MT8390, MT8395, MT8666, MT8667, MT8673, MT86= 76, MT8793</td>
<td>In cameraisp, there is a possible escalation of privilege due to use af= ter free. This could lead to local denial of service if a malicious actor h=
as already obtained the System privilege. User interaction is not needed fo=
r exploitation. Patch ID: ALPS10351676; Issue ID: MSV-5737.</td> <td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-20411" target=3D= "_blank" rel=3D"noopener">CVE-2026-20411</a></td>

<a href=3D"https://corp.mediatek.com/product-security-bulletin/February-202=
6" target=3D"_blank" rel=3D"noopener">https://corp.mediatek.com/product-sec= urity-bulletin/February-2026</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">MediaTek, Inc.--MT6878, MT6879, MT6881, MT6886=
, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT6993, MT8168, M= T8188, MT8195, MT8365, MT8390, MT8395, MT8666, MT8667, MT8673, MT8676, MT86= 96, MT8793</td>
<td>In cameraisp, there is a possible out of bounds write due to a missing = bounds check. This could lead to local escalation of privilege if a malicio=
us actor has already obtained the System privilege. User interaction is not=
needed for exploitation. Patch ID: ALPS10351676; Issue ID: MSV-5733.</td> <td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-20412" target=3D= "_blank" rel=3D"noopener">CVE-2026-20412</a></td>

<a href=3D"https://corp.mediatek.com/product-security-bulletin/February-202=
6" target=3D"_blank" rel=3D"noopener">https://corp.mediatek.com/product-sec= urity-bulletin/February-2026</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">MediaTek, Inc.--MT6899, MT6991, MT8678, MT8793= </td>
<td>In imgsys, there is a possible out of bounds write due to a missing bou= nds check. This could lead to local escalation of privilege if a malicious = actor has already obtained the System privilege. User interaction is not ne= eded for exploitation. Patch ID: ALPS10362725; Issue ID: MSV-5694.</td> <td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-20413" target=3D= "_blank" rel=3D"noopener">CVE-2026-20413</a></td>

<a href=3D"https://corp.mediatek.com/product-security-bulletin/February-202=
6" target=3D"_blank" rel=3D"noopener">https://corp.mediatek.com/product-sec= urity-bulletin/February-2026</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">MediaTek, Inc.--MT6897, MT6989, MT8196, MT8678=
, MT8766, MT8768, MT8786, MT8796</td>
<td>In imgsys, there is a possible escalation of privilege due to use after=
free. This could lead to local escalation of privilege if a malicious acto=
r has already obtained the System privilege. User interaction is not needed=
for exploitation. Patch ID: ALPS10362999; Issue ID: MSV-5625.</td> <td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-20414" target=3D= "_blank" rel=3D"noopener">CVE-2026-20414</a></td>

<a href=3D"https://corp.mediatek.com/product-security-bulletin/February-202=
6" target=3D"_blank" rel=3D"noopener">https://corp.mediatek.com/product-sec= urity-bulletin/February-2026</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">MediaTek, Inc.--MT6897, MT6989</td>
<td>In imgsys, there is a possible memory corruption due to improper lockin=
g. This could lead to local denial of service if a malicious actor has alre= ady obtained the System privilege. User interaction is not needed for explo= itation. Patch ID: ALPS10363254; Issue ID: MSV-5617.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-20415" target=3D= "_blank" rel=3D"noopener">CVE-2026-20415</a></td>

<a href=3D"https://corp.mediatek.com/product-security-bulletin/February-202=
6" target=3D"_blank" rel=3D"noopener">https://corp.mediatek.com/product-sec= urity-bulletin/February-2026</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">MediaTek, Inc.--MT6991, MT6993, MT8678</td>
<td>In pcie, there is a possible out of bounds write due to a missing bound=
s check. This could lead to local escalation of privilege if a malicious ac= tor has already obtained the System privilege. User interaction is not need=
ed for exploitation. Patch ID: ALPS10314946 / ALPS10340155; Issue ID: MSV-5= 154.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-20417" target=3D= "_blank" rel=3D"noopener">CVE-2026-20417</a></td>

<a href=3D"https://corp.mediatek.com/product-security-bulletin/February-202=
6" target=3D"_blank" rel=3D"noopener">https://corp.mediatek.com/product-sec= urity-bulletin/February-2026</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">MediaTek, Inc.--MT7931, MT7933</td>
<td>In Thread, there is a possible out of bounds write due to a missing bou= nds check. This could lead to remote escalation of privilege with no additi= onal execution privileges needed. User interaction is not needed for exploi= tation. Patch ID: WCNCR00465153; Issue ID: MSV-4927.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-20418" target=3D= "_blank" rel=3D"noopener">CVE-2026-20418</a></td>

<a href=3D"https://corp.mediatek.com/product-security-bulletin/February-202=
6" target=3D"_blank" rel=3D"noopener">https://corp.mediatek.com/product-sec= urity-bulletin/February-2026</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">MediaTek, Inc.--MT6890, MT6989TB, MT7902, MT79= 15, MT7916, MT7920, MT7921, MT7922, MT7925, MT7927, MT7981, MT7986, MT8196,=
MT8668, MT8676, MT8678, MT8775, MT8791T, MT8792, MT8793, MT8796, MT8873, M= T8883, MT8893, MT8910</td>
<td>In wlan AP/STA firmware, there is a possible system becoming irresponsi=
ve due to an uncaught exception. This could lead to remote (proximal/adjace= nt) denial of service with no additional execution privileges needed. User = interaction is not needed for exploitation. Patch ID: WCNCR00461663 / WCNCR= 00463309; Issue ID: MSV-4852.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-20419" target=3D= "_blank" rel=3D"noopener">CVE-2026-20419</a></td>

<a href=3D"https://corp.mediatek.com/product-security-bulletin/February-202=
6" target=3D"_blank" rel=3D"noopener">https://corp.mediatek.com/product-sec= urity-bulletin/February-2026</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">MediaTek, Inc.--MT2735, MT2737, MT6813, MT6815=
, MT6833, MT6835, MT6853, MT6855, MT6858, MT6873, MT6875, MT6877, MT6878, M= T6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT68= 95, MT6896, MT6897, MT6899, MT6980, MT6983, MT6985, MT6986, MT6989, MT6990,=
MT6991, MT6993, MT8676, MT8791</td>
<td>In Modem, there is a possible system crash due to incorrect error handl= ing. This could lead to remote denial of service, if a UE has connected to =
a rogue base station controlled by the attacker, with no additional executi=
on privileges needed. User interaction is not needed for exploitation. Patc=
h ID: MOLY01738313; Issue ID: MSV-5935.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-20420" target=3D= "_blank" rel=3D"noopener">CVE-2026-20420</a></td>

<a href=3D"https://corp.mediatek.com/product-security-bulletin/February-202=
6" target=3D"_blank" rel=3D"noopener">https://corp.mediatek.com/product-sec= urity-bulletin/February-2026</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">MediaTek, Inc.--MT2735, MT6833, MT6853, MT6855=
, MT6873, MT6875, MT6877, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, M= T6893, MT8791</td>
<td>In Modem, there is a possible system crash due to improper input valida= tion. This could lead to remote denial of service, if a UE has connected to=
a rogue base station controlled by the attacker, with no additional execut= ion privileges needed. User interaction is not needed for exploitation. Pat=
ch ID: MOLY01738293; Issue ID: MSV-5922.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-20421" target=3D= "_blank" rel=3D"noopener">CVE-2026-20421</a></td>

<a href=3D"https://corp.mediatek.com/product-security-bulletin/February-202=
6" target=3D"_blank" rel=3D"noopener">https://corp.mediatek.com/product-sec= urity-bulletin/February-2026</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">MediaTek, Inc.--MT2735, MT2737, MT6813, MT6815=
, MT6833, MT6835, MT6853, MT6855, MT6858, MT6873, MT6875, MT6877, MT6878, M= T6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT68= 95, MT6896, MT6897, MT6899, MT6980, MT6983, MT6985, MT6986, MT6989, MT6990,=
MT6991, MT6993, MT8668, MT8673, MT8675, MT8676, MT8678, MT8755, MT8771, MT= 8775, MT8791, MT8791T, MT8792, MT8793, MT8795T, MT8797, MT8798, MT8863, MT8= 873, MT8883, MT8893</td>
<td>In Modem, there is a possible system crash due to improper input valida= tion. This could lead to remote denial of service, if a UE has connected to=
a rogue base station controlled by the attacker, with no additional execut= ion privileges needed. User interaction is not needed for exploitation. Pat=
ch ID: MOLY00827332; Issue ID: MSV-5919.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-20422" target=3D= "_blank" rel=3D"noopener">CVE-2026-20422</a></td>

<a href=3D"https://corp.mediatek.com/product-security-bulletin/February-202=
6" target=3D"_blank" rel=3D"noopener">https://corp.mediatek.com/product-sec= urity-bulletin/February-2026</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">ELECOM CO.,LTD.--WRC-X1500GS-B</td>
<td>Cross-site request forgery vulnerability exists in WRC-X1500GS-B and WR= C-X1500GSA-B. If a user accesses a malicious page while logged-in to the af= fected product, unintended operations may be performed.</td> <td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-20704" target=3D= "_blank" rel=3D"noopener">CVE-2026-20704</a></td>

<a href=3D"https://www.elecom.co.jp/news/security/20260203-01/" target=3D"_= blank" rel=3D"noopener">https://www.elecom.co.jp/news/security/20260203-01/= </a> <a href=3D"https://jvn.jp/en/jp/JVN94012927/" target=3D"_blank" rel= =3D"noopener">https://jvn.jp/en/jp/JVN94012927/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Cybozu, Inc.--Cybozu Garoon</td>
<td>Cross-site scripting vulnerability exists in E-mail function of Cybozu = Garoon 5.0.0 to 6.0.3, which may allow an attacker to reset arbitrary users=
' passwords.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-20711" target=3D= "_blank" rel=3D"noopener">CVE-2026-20711</a></td>

<a href=3D"https://kb.cybozu.support/article/39081/" target=3D"_blank" rel= =3D"noopener">https://kb.cybozu.support/article/39081/</a> <a href=3D"ht= tps://jvn.jp/en/jp/JVN35265756/" target=3D"_blank" rel=3D"noopener">https:/= /jvn.jp/en/jp/JVN35265756/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Samsung Mobile--Samsung Mobile Devices</td> <td>Improper access control in Emergency Sharing prior to SMR Feb-2026 Rele= ase 1 allows local attackers to interrupt its functioning.</td> <td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-20977" target=3D= "_blank" rel=3D"noopener">CVE-2026-20977</a></td>

<a href=3D"https://security.samsungmobile.com/securityUpdate.smsb?year=3D20= 26&month=3D02" target=3D"_blank" rel=3D"noopener">https://security.samsungm= obile.com/securityUpdate.smsb?year=3D2026&month=3D02</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Samsung Mobile--Samsung Mobile Devices</td> <td>Improper authorization in KnoxGuardManager prior to SMR Feb-2026 Releas=
e 1 allows local attackers to bypass the persistence configuration of the a= pplication.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-20978" target=3D= "_blank" rel=3D"noopener">CVE-2026-20978</a></td>

<a href=3D"https://security.samsungmobile.com/securityUpdate.smsb?year=3D20= 26&month=3D02" target=3D"_blank" rel=3D"noopener">https://security.samsungm= obile.com/securityUpdate.smsb?year=3D2026&month=3D02</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Samsung Mobile--Samsung Mobile Devices</td> <td>Improper privilege management in Settings prior to SMR Feb-2026 Release=
1 allows local attackers to launch arbitrary activity with Settings privil= ege.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-20979" target=3D= "_blank" rel=3D"noopener">CVE-2026-20979</a></td>

<a href=3D"https://security.samsungmobile.com/securityUpdate.smsb?year=3D20= 26&month=3D02" target=3D"_blank" rel=3D"noopener">https://security.samsungm= obile.com/securityUpdate.smsb?year=3D2026&month=3D02</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Samsung Mobile--Samsung Mobile Devices</td> <td>Improper input validation in PACM prior to SMR Feb-2026 Release 1 allow=
s physical attacker to execute arbitrary commands.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-20980" target=3D= "_blank" rel=3D"noopener">CVE-2026-20980</a></td>

<a href=3D"https://security.samsungmobile.com/securityUpdate.smsb?year=3D20= 26&month=3D02" target=3D"_blank" rel=3D"noopener">https://security.samsungm= obile.com/securityUpdate.smsb?year=3D2026&month=3D02</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Samsung Mobile--Samsung Mobile Devices</td> <td>Improper input validation in FacAtFunction prior to SMR Feb-2026 Releas=
e 1 allows privileged physical attacker to execute arbitrary command with s= ystem privilege.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-20981" target=3D= "_blank" rel=3D"noopener">CVE-2026-20981</a></td>

<a href=3D"https://security.samsungmobile.com/securityUpdate.smsb?year=3D20= 26&month=3D02" target=3D"_blank" rel=3D"noopener">https://security.samsungm= obile.com/securityUpdate.smsb?year=3D2026&month=3D02</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Samsung Mobile--Samsung Mobile Devices</td> <td>Path traversal in ShortcutService prior to SMR Feb-2026 Release 1 allow=
s privileged local attacker to create file with system privilege.</td> <td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-20982" target=3D= "_blank" rel=3D"noopener">CVE-2026-20982</a></td>

<a href=3D"https://security.samsungmobile.com/securityUpdate.smsb?year=3D20= 26&month=3D02" target=3D"_blank" rel=3D"noopener">https://security.samsungm= obile.com/securityUpdate.smsb?year=3D2026&month=3D02</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Samsung Mobile--Samsung Mobile Devices</td> <td>Improper export of android application components in Samsung Dialer pri=
or to SMR Feb-2026 Release 1 allows local attackers to launch arbitrary act= ivity with Samsung Dialer privilege.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-20983" target=3D= "_blank" rel=3D"noopener">CVE-2026-20983</a></td>

<a href=3D"https://security.samsungmobile.com/securityUpdate.smsb?year=3D20= 26&month=3D02" target=3D"_blank" rel=3D"noopener">https://security.samsungm= obile.com/securityUpdate.smsb?year=3D2026&month=3D02</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Samsung Mobile--Galaxy Wearable</td>
<td>Improper handling of insufficient permission in Galaxy Wearable install=
ed on non-Samsung Device prior to version 2.2.68 allows local attackers to = access sensitive information.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-20984" target=3D= "_blank" rel=3D"noopener">CVE-2026-20984</a></td>

<a href=3D"https://security.samsungmobile.com/serviceWeb.smsb?year=3D2026&m= onth=3D02" target=3D"_blank" rel=3D"noopener">https://security.samsungmobil= e.com/serviceWeb.smsb?year=3D2026&month=3D02</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Samsung Mobile--Samsung Members</td>
<td>Improper input validation in Samsung Members prior to version 5.6.00.11=
allows remote attackers to connect arbitrary URL and launch arbitrary acti= vity with Samsung Members privilege. User interaction is required for trigg= ering this vulnerability.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-20985" target=3D= "_blank" rel=3D"noopener">CVE-2026-20985</a></td>

<a href=3D"https://security.samsungmobile.com/serviceWeb.smsb?year=3D2026&m= onth=3D02" target=3D"_blank" rel=3D"noopener">https://security.samsungmobil= e.com/serviceWeb.smsb?year=3D2026&month=3D02</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Samsung Mobile--Chinese Samsung Members</td> <td>Path traversal in Samsung Members prior to Chinese version 15.5.05.4 al= lows local attackers to overwrite data within Samsung Members.</td> <td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-20986" target=3D= "_blank" rel=3D"noopener">CVE-2026-20986</a></td>

<a href=3D"https://security.samsungmobile.com/serviceWeb.smsb?year=3D2026&m= onth=3D02" target=3D"_blank" rel=3D"noopener">https://security.samsungmobil= e.com/serviceWeb.smsb?year=3D2026&month=3D02</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Samsung Mobile--GalaxyDiagnostics</td> <td>Improper input validation in GalaxyDiagnostics prior to version 3.5.050=
allows local privileged attackers to execute privileged commands.</td> <td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-20987" target=3D= "_blank" rel=3D"noopener">CVE-2026-20987</a></td>

<a href=3D"https://security.samsungmobile.com/serviceWeb.smsb?year=3D2026&m= onth=3D02" target=3D"_blank" rel=3D"noopener">https://security.samsungmobil= e.com/serviceWeb.smsb?year=3D2026&month=3D02</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Six Apart Ltd.--Movable Type (Software Edition= )</td>
<td>Movable Type contains a stored cross-site scripting vulnerability in Ed=
it Comment. If crafted input is stored by an attacker, arbitrary script may=
be executed on a logged-in user's web browser. Note that Movable Type 7 se= ries and 8.4 series, which are End-of-Life (EOL), are affected by the vulne= rability as well.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-21393" target=3D= "_blank" rel=3D"noopener">CVE-2026-21393</a></td>

<a href=3D"https://movabletype.org/news/2026/02/mt-906-released.html" targe= t=3D"_blank" rel=3D"noopener">https://movabletype.org/news/2026/02/mt-906-r= eleased.html</a> <a href=3D"https://www.sixapart.jp/movabletype/news/202= 6/02/04-1100.html" target=3D"_blank" rel=3D"noopener">https://www.sixapart.= jp/movabletype/news/2026/02/04-1100.html</a> <a href=3D"https://jvn.jp/e= n/jp/JVN45405689/" target=3D"_blank" rel=3D"noopener">https://jvn.jp/en/jp/= JVN45405689/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Stackideas.com--EasyDiscuss extension for Joom= la</td>
<td>Access control settings for forum post custom fields are not applied to=
the JSON output type, leading to an ACL violation vector an information di= sclosure</td>
<td>2026-02-06</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-21626" target=3D= "_blank" rel=3D"noopener">CVE-2026-21626</a></td>

<a href=3D"https://stackideas.com/easydiscuss" target=3D"_blank" rel=3D"noo= pener">https://stackideas.com/easydiscuss</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">rustfs--rustfs</td>
<td>RustFS is a distributed object storage system built in Rust. Prior to v= ersion alpha.78, IP-based access control can be bypassed: get_condition_val= ues trusts client-supplied X-Forwarded-For/X-Real-Ip without verifying a tr= usted proxy, so any reachable client can spoof aws:SourceIp and satisfy IP-= allowlist policies. This issue has been patched in version alpha.78.</td> <td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-21862" target=3D= "_blank" rel=3D"noopener">CVE-2026-21862</a></td>

<a href=3D"https://github.com/rustfs/rustfs/security/advisories/GHSA-fc6g-2= gcp-2qrq" target=3D"_blank" rel=3D"noopener">https://github.com/rustfs/rust= fs/security/advisories/GHSA-fc6g-2gcp-2qrq</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">n8n-io--n8n</td>
<td>n8n is an open source workflow automation platform. From version 0.187.=
0 to before 1.120.3, a command injection vulnerability was identified in n8= n's community package installation functionality. The issue allowed authent= icated users with administrative permissions to execute arbitrary system co= mmands on the n8n host under specific conditions. This issue has been patch=
ed in version 1.120.3.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-21893" target=3D= "_blank" rel=3D"noopener">CVE-2026-21893</a></td>

<a href=3D"https://github.com/n8n-io/n8n/security/advisories/GHSA-7c4h-vh2m= -743m" target=3D"_blank" rel=3D"noopener">https://github.com/n8n-io/n8n/sec= urity/advisories/GHSA-7c4h-vh2m-743m</a> <a href=3D"https://github.com/n= 8n-io/n8n/commit/ae0669a736cc496beeb296e115267862727ae838" target=3D"_blank=
" rel=3D"noopener">https://github.com/n8n-io/n8n/commit/ae0669a736cc496beeb= 296e115267862727ae838</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">TP-Link Systems Inc.--Archer BE230 v1.2</td>
<td>A lack of proper input validation in the HTTP processing path in TP-Lin=
k Archer BE230 v1.2 (web modules) may allow a crafted request to cause the = device's web service to become unresponsive, resulting in a denial of servi=
ce condition. A network adjacent attacker with high privileges could cause = the device's web interface to temporarily stop responding until it recovers=
or is rebooted. This issue affects Archer BE230 v1.2 < 1.2.4 Build 2025= 1218 rel.70420.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-22220" target=3D= "_blank" rel=3D"noopener">CVE-2026-22220</a></td>

<a href=3D"https://www.tp-link.com/us/support/download/archer-be230/v1.20/#= Firmware" target=3D"_blank" rel=3D"noopener">https://www.tp-link.com/us/sup= port/download/archer-be230/v1.20/#Firmware</a> <a href=3D"https://www.tp= -link.com/en/support/download/archer-be230/v1.20/#Firmware" target=3D"_blan=
k" rel=3D"noopener">https://www.tp-link.com/en/support/download/archer-be23= 0/v1.20/#Firmware</a> <a href=3D"https://www.tp-link.com/sg/support/down= load/archer-be230/v1.20/#Firmware" target=3D"_blank" rel=3D"noopener">https= ://www.tp-link.com/sg/support/download/archer-be230/v1.20/#Firmware</a> =
<a href=3D"https://www.tp-link.com/us/support/faq/4941/" target=3D"_blank" = rel=3D"noopener">https://www.tp-link.com/us/support/faq/4941/</a> =C2=A0= </td>
</tr>

<td class=3D"vendor-product">TP-Link Systems Inc.--Archer BE230 v1.2</td> <td>An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn = modules) allows adjacent authenticated attacker execute arbitrary code.=C2= =A0Successful exploitation could allow an attacker to gain full administrat= ive control of the device, resulting in severe compromise of configuration = integrity, network security, and service availability. This CVE covers one =
of multiple distinct OS command injection issues identified across separate=
code paths. Although similar in nature, each instance is tracked under a u= nique CVE ID. This issue affects Archer BE230 v1.2 < 1.2.4 Build 2025121=
8 rel.70420.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-22221" target=3D= "_blank" rel=3D"noopener">CVE-2026-22221</a></td>

<a href=3D"https://www.tp-link.com/us/support/download/archer-be230/v1.20/#= Firmware" target=3D"_blank" rel=3D"noopener">https://www.tp-link.com/us/sup= port/download/archer-be230/v1.20/#Firmware</a> <a href=3D"https://www.tp= -link.com/en/support/download/archer-be230/v1.20/#Firmware" target=3D"_blan=
k" rel=3D"noopener">https://www.tp-link.com/en/support/download/archer-be23= 0/v1.20/#Firmware</a> <a href=3D"https://www.tp-link.com/sg/support/down= load/archer-be230/v1.20/#Firmware" target=3D"_blank" rel=3D"noopener">https= ://www.tp-link.com/sg/support/download/archer-be230/v1.20/#Firmware</a> =
<a href=3D"https://www.tp-link.com/us/support/faq/4935/" target=3D"_blank" = rel=3D"noopener">https://www.tp-link.com/us/support/faq/4935/</a> =C2=A0= </td>
</tr>

<td class=3D"vendor-product">TP-Link Systems Inc.--Archer BE230 v1.2</td> <td>An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(web = modules) allows adjacent authenticated attacker to=C2=A0execute arbitrary c= ode.=C2=A0Successful exploitation could allow an attacker to gain full admi= nistrative control of the device, resulting in severe compromise of configu= ration integrity, network security, and service availability. This CVE cove=
rs one of multiple distinct OS command injection issues identified across s= eparate code paths. Although similar in nature, each instance is tracked un= der a unique CVE ID. This issue affects Archer BE230 v1.2 < 1.2.4 Build = 20251218 rel.70420.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-22222" target=3D= "_blank" rel=3D"noopener">CVE-2026-22222</a></td>

<a href=3D"https://www.tp-link.com/us/support/download/archer-be230/v1.20/#= Firmware" target=3D"_blank" rel=3D"noopener">https://www.tp-link.com/us/sup= port/download/archer-be230/v1.20/#Firmware</a> <a href=3D"https://www.tp= -link.com/en/support/download/archer-be230/v1.20/#Firmware" target=3D"_blan=
k" rel=3D"noopener">https://www.tp-link.com/en/support/download/archer-be23= 0/v1.20/#Firmware</a> <a href=3D"https://www.tp-link.com/sg/support/down= load/archer-be230/v1.20/#Firmware" target=3D"_blank" rel=3D"noopener">https= ://www.tp-link.com/sg/support/download/archer-be230/v1.20/#Firmware</a> =
<a href=3D"https://www.tp-link.com/us/support/faq/4935/" target=3D"_blank" = rel=3D"noopener">https://www.tp-link.com/us/support/faq/4935/</a> =C2=A0= </td>
</tr>

<td class=3D"vendor-product">TP-Link System Inc.--Archer BE230 v1.2</td>
<td>An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn = modules) allows adjacent authenticated attacker execute arbitrary code.=C2= =A0Successful exploitation could allow an attacker to gain full administrat= ive control of the device, resulting in severe compromise of configuration = integrity, network security, and service availability. This CVE covers one =
of multiple distinct OS command injection issues identified across separate=
code paths. Although similar in nature, each instance is tracked under a u= nique CVE ID. This issue affects Archer BE230 v1.2 < 1.2.4 Build 2025121=
8 rel.70420.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-22223" target=3D= "_blank" rel=3D"noopener">CVE-2026-22223</a></td>

<a href=3D"https://www.tp-link.com/us/support/download/archer-be230/v1.20/#= Firmware" target=3D"_blank" rel=3D"noopener">https://www.tp-link.com/us/sup= port/download/archer-be230/v1.20/#Firmware</a> <a href=3D"https://www.tp= -link.com/en/support/download/archer-be230/v1.20/#Firmware" target=3D"_blan=
k" rel=3D"noopener">https://www.tp-link.com/en/support/download/archer-be23= 0/v1.20/#Firmware</a> <a href=3D"https://www.tp-link.com/sg/support/down= load/archer-be230/v1.20/#Firmware" target=3D"_blank" rel=3D"noopener">https= ://www.tp-link.com/sg/support/download/archer-be230/v1.20/#Firmware</a> =
<a href=3D"https://www.tp-link.com/us/support/faq/4935/" target=3D"_blank" = rel=3D"noopener">https://www.tp-link.com/us/support/faq/4935/</a> =C2=A0= </td>
</tr>

<td class=3D"vendor-product">TP-Link Systems Inc.--Archer BE230 v1.2</td>
<td>A command injection vulnerability may be exploited after the admin's au= thentication in the cloud communication interface on the TP-Link Archer BE2=
30 v1.2. Successful exploitation could allow an attacker to gain full admin= istrative control of the device, resulting in severe compromise of configur= ation integrity, network security, and service availability. This CVE cover=
s one of multiple distinct OS command injection issues identified across se= parate code paths. Although similar in nature, each instance is tracked und=
er a unique CVE ID. This issue affects Archer BE230 v1.2 < 1.2.4 Build 2= 0251218 rel.70420.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-22224" target=3D= "_blank" rel=3D"noopener">CVE-2026-22224</a></td>

<a href=3D"https://www.tp-link.com/us/support/download/archer-be230/v1.20/#= Firmware" target=3D"_blank" rel=3D"noopener">https://www.tp-link.com/us/sup= port/download/archer-be230/v1.20/#Firmware</a> <a href=3D"https://www.tp= -link.com/en/support/download/archer-be230/v1.20/#Firmware" target=3D"_blan=
k" rel=3D"noopener">https://www.tp-link.com/en/support/download/archer-be23= 0/v1.20/#Firmware</a> <a href=3D"https://www.tp-link.com/sg/support/down= load/archer-be230/v1.20/#Firmware" target=3D"_blank" rel=3D"noopener">https= ://www.tp-link.com/sg/support/download/archer-be230/v1.20/#Firmware</a> =
<a href=3D"https://www.tp-link.com/us/support/faq/4935/" target=3D"_blank" = rel=3D"noopener">https://www.tp-link.com/us/support/faq/4935/</a> =C2=A0= </td>
</tr>

<td class=3D"vendor-product">TP-Link Systems Inc.--Archer BE230 v1.2</td>
<td>A command injection vulnerability may be exploited after the admin's au= thentication in the VPN Connection Service on the Archer BE230 v1.2. Succes= sful exploitation could allow an attacker to gain full administrative contr=
ol of the device, resulting in severe compromise of configuration integrity=
, network security, and service availability. This CVE covers one of multip=
le distinct OS command injection issues identified across separate code pat= hs. Although similar in nature, each instance is tracked under a unique CVE=
ID. This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.704= 20.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-22225" target=3D= "_blank" rel=3D"noopener">CVE-2026-22225</a></td>

<a href=3D"https://www.tp-link.com/us/support/download/archer-be230/v1.20/#= Firmware" target=3D"_blank" rel=3D"noopener">https://www.tp-link.com/us/sup= port/download/archer-be230/v1.20/#Firmware</a> <a href=3D"https://www.tp= -link.com/en/support/download/archer-be230/v1.20/#Firmware" target=3D"_blan=
k" rel=3D"noopener">https://www.tp-link.com/en/support/download/archer-be23= 0/v1.20/#Firmware</a> <a href=3D"https://www.tp-link.com/sg/support/down= load/archer-be230/v1.20/#Firmware" target=3D"_blank" rel=3D"noopener">https= ://www.tp-link.com/sg/support/download/archer-be230/v1.20/#Firmware</a> =
<a href=3D"https://www.tp-link.com/us/support/faq/4935/" target=3D"_blank" = rel=3D"noopener">https://www.tp-link.com/us/support/faq/4935/</a> =C2=A0= </td>
</tr>

<td class=3D"vendor-product">TP-Link Systems Inc.--Archer BE230 v1.2</td>
<td>A command injection vulnerability may be exploited after the admin's au= thentication in the VPN server configuration module on the TP-Link Archer B= E230 v1.2. Successful exploitation could allow an attacker to gain full adm= inistrative control of the device, resulting in severe compromise of config= uration integrity, network security, and service availability. This CVE cov= ers one of multiple distinct OS command injection issues identified across = separate code paths. Although similar in nature, each instance is tracked u= nder a unique CVE ID. This issue affects Archer BE230 v1.2 < 1.2.4 Build=
20251218 rel.70420.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-22226" target=3D= "_blank" rel=3D"noopener">CVE-2026-22226</a></td>

<a href=3D"https://www.tp-link.com/us/support/download/archer-be230/v1.20/#= Firmware" target=3D"_blank" rel=3D"noopener">https://www.tp-link.com/us/sup= port/download/archer-be230/v1.20/#Firmware</a> <a href=3D"https://www.tp= -link.com/en/support/download/archer-be230/v1.20/#Firmware" target=3D"_blan=
k" rel=3D"noopener">https://www.tp-link.com/en/support/download/archer-be23= 0/v1.20/#Firmware</a> <a href=3D"https://www.tp-link.com/sg/support/down= load/archer-be230/v1.20/#Firmware" target=3D"_blank" rel=3D"noopener">https= ://www.tp-link.com/sg/support/download/archer-be230/v1.20/#Firmware</a> =
<a href=3D"https://www.tp-link.com/us/support/faq/4935/" target=3D"_blank" = rel=3D"noopener">https://www.tp-link.com/us/support/faq/4935/</a> =C2=A0= </td>
</tr>

<td class=3D"vendor-product">TP-Link Systems Inc.--Archer BE230 v1.2</td>
<td>A command injection vulnerability may be exploited after the admin's au= thentication via the configuration backup restoration function of the TP-Li=
nk Archer BE230 v1.2. Successful exploitation could allow an attacker to ga=
in full administrative control of the device, resulting in severe compromis=
e of configuration integrity, network security, and service availability. T= his CVE covers one of multiple distinct OS command injection issues identif= ied across separate code paths. Although similar in nature, each instance i=
s tracked under a unique CVE ID. This issue affects Archer BE230 v1.2 < = 1.2.4 Build 20251218 rel.70420.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-22227" target=3D= "_blank" rel=3D"noopener">CVE-2026-22227</a></td>

<a href=3D"https://www.tp-link.com/us/support/download/archer-be230/v1.20/#= Firmware" target=3D"_blank" rel=3D"noopener">https://www.tp-link.com/us/sup= port/download/archer-be230/v1.20/#Firmware</a> <a href=3D"https://www.tp= -link.com/en/support/download/archer-be230/v1.20/#Firmware" target=3D"_blan=
k" rel=3D"noopener">https://www.tp-link.com/en/support/download/archer-be23= 0/v1.20/#Firmware</a> <a href=3D"https://www.tp-link.com/sg/support/down= load/archer-be230/v1.20/#Firmware" target=3D"_blank" rel=3D"noopener">https= ://www.tp-link.com/sg/support/download/archer-be230/v1.20/#Firmware</a> =
<a href=3D"https://www.tp-link.com/us/support/faq/4935/" target=3D"_blank" = rel=3D"noopener">https://www.tp-link.com/us/support/faq/4935/</a> =C2=A0= </td>
</tr>

<td class=3D"vendor-product">TP-Link Systems Inc.--Archer BE230 v1.2</td> <td>An authenticated user with high privileges may trigger a denial=E2=80= =91of=E2=80=91service condition in TP-Link Archer BE230 v1.2 by restoring a=
crafted configuration file containing an excessively long parameter. Resto= ring such a file can cause the device to become unresponsive, requiring a r= eboot to restore normal operation. This issue affects Archer BE230 v1.2 &lt=
; 1.2.4 Build 20251218 rel.70420.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-22228" target=3D= "_blank" rel=3D"noopener">CVE-2026-22228</a></td>

<a href=3D"https://www.tp-link.com/us/support/download/archer-be230/v1.20/#= Firmware" target=3D"_blank" rel=3D"noopener">https://www.tp-link.com/us/sup= port/download/archer-be230/v1.20/#Firmware</a> <a href=3D"https://www.tp= -link.com/en/support/download/archer-be230/v1.20/#Firmware" target=3D"_blan=
k" rel=3D"noopener">https://www.tp-link.com/en/support/download/archer-be23= 0/v1.20/#Firmware</a> <a href=3D"https://www.tp-link.com/sg/support/down= load/archer-be230/v1.20/#Firmware" target=3D"_blank" rel=3D"noopener">https= ://www.tp-link.com/sg/support/download/archer-be230/v1.20/#Firmware</a> =
<a href=3D"https://www.tp-link.com/us/support/faq/4941/" target=3D"_blank" = rel=3D"noopener">https://www.tp-link.com/us/support/faq/4941/</a> =C2=A0= </td>
</tr>

<td class=3D"vendor-product">TP-Link Systems Inc.--Archer BE230 v1.2</td>
<td>A command injection vulnerability may be exploited after the admin's au= thentication via the import of a crafted VPN client configuration file on t=
he TP-Link Archer BE230 v1.2. Successful exploitation could allow an attack=
er to gain full administrative control of the device, resulting in severe c= ompromise of configuration integrity, network security, and service availab= ility. This CVE covers one of multiple distinct OS command injection issues=
identified across separate code paths. Although similar in nature, each in= stance is tracked under a unique CVE ID. This issue affects Archer BE230 v1=
.2 < 1.2.4 Build 20251218 rel.70420.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-22229" target=3D= "_blank" rel=3D"noopener">CVE-2026-22229</a></td>

<a href=3D"https://www.tp-link.com/us/support/download/archer-be230/v1.20/#= Firmware" target=3D"_blank" rel=3D"noopener">https://www.tp-link.com/us/sup= port/download/archer-be230/v1.20/#Firmware</a> <a href=3D"https://www.tp= -link.com/en/support/download/archer-be230/v1.20/#Firmware" target=3D"_blan=
k" rel=3D"noopener">https://www.tp-link.com/en/support/download/archer-be23= 0/v1.20/#Firmware</a> <a href=3D"https://www.tp-link.com/sg/support/down= load/archer-be230/v1.20/#Firmware" target=3D"_blank" rel=3D"noopener">https= ://www.tp-link.com/sg/support/download/archer-be230/v1.20/#Firmware</a> =
<a href=3D"https://www.tp-link.com/us/support/faq/4935/" target=3D"_blank" = rel=3D"noopener">https://www.tp-link.com/us/support/faq/4935/</a> =C2=A0= </td>
</tr>

<td class=3D"vendor-product">ELECOM CO.,LTD.--WRC-X1500GS-B</td>
<td>OS command injection vulnerability exists in WRC-X1500GS-B and WRC-X150= 0GSA-B. A crafted request from a logged-in user may lead to an arbitrary OS=
command execution.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-22550" target=3D= "_blank" rel=3D"noopener">CVE-2026-22550</a></td>

<a href=3D"https://www.elecom.co.jp/news/security/20260203-01/" target=3D"_= blank" rel=3D"noopener">https://www.elecom.co.jp/news/security/20260203-01/= </a> <a href=3D"https://jvn.jp/en/jp/JVN94012927/" target=3D"_blank" rel= =3D"noopener">https://jvn.jp/en/jp/JVN94012927/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Six Apart Ltd.--Movable Type (Software Edition= )</td>
<td>Movable Type contains a stored cross-site scripting vulnerability in Ex= port Sites. If crafted input is stored by an attacker, arbitrary script may=
be executed on a logged-in user's web browser. Note that Movable Type 7 se= ries and 8.4 series, which are End-of-Life (EOL), are affected by the vulne= rability as well.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-22875" target=3D= "_blank" rel=3D"noopener">CVE-2026-22875</a></td>

<a href=3D"https://movabletype.org/news/2026/02/mt-906-released.html" targe= t=3D"_blank" rel=3D"noopener">https://movabletype.org/news/2026/02/mt-906-r= eleased.html</a> <a href=3D"https://www.sixapart.jp/movabletype/news/202= 6/02/04-1100.html" target=3D"_blank" rel=3D"noopener">https://www.sixapart.= jp/movabletype/news/2026/02/04-1100.html</a> <a href=3D"https://jvn.jp/e= n/jp/JVN45405689/" target=3D"_blank" rel=3D"noopener">https://jvn.jp/en/jp/= JVN45405689/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Cybozu, Inc.--Cybozu Garoon</td>
<td>Cross-site scripting vulnerability exists in Message function of Cybozu=
Garoon 5.15.0 to 6.0.3, which may allow an attacker to reset arbitrary use= rs' passwords.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-22881" target=3D= "_blank" rel=3D"noopener">CVE-2026-22881</a></td>

<a href=3D"https://kb.cybozu.support/article/39084/" target=3D"_blank" rel= =3D"noopener">https://kb.cybozu.support/article/39084/</a> <a href=3D"ht= tps://jvn.jp/en/jp/JVN35265756/" target=3D"_blank" rel=3D"noopener">https:/= /jvn.jp/en/jp/JVN35265756/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Cybozu, Inc.--Cybozu Garoon</td>
<td>Improper input verification issue exists in Cybozu Garoon 5.0.0 to 6.0.=
3, which may lead to unauthorized alteration of portal settings, potentiall=
y blocking access to the product.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-22888" target=3D= "_blank" rel=3D"noopener">CVE-2026-22888</a></td>

<a href=3D"https://kb.cybozu.support/article/39083/" target=3D"_blank" rel= =3D"noopener">https://kb.cybozu.support/article/39083/</a> <a href=3D"ht= tps://jvn.jp/en/jp/JVN35265756/" target=3D"_blank" rel=3D"noopener">https:/= /jvn.jp/en/jp/JVN35265756/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: wif=
i: mac80211_hwsim: fix typo in frequency notification The NAN notification =
is for 5745 MHz which corresponds to channel 149 and not 5475 which is not = actually a valid channel. This could result in a NULL pointer dereference i=
n cfg80211_next_nan_dw_notif.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23040" target=3D= "_blank" rel=3D"noopener">CVE-2026-23040</a></td>

<a href=3D"https://git.kernel.org/stable/c/1251bbdb8f5b2ea86ca9b4268a2e6aa3= 4372ab33" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/1251bbdb8f5b2ea86ca9b4268a2e6aa34372ab33</a> <a href=3D"https://git.ke= rnel.org/stable/c/333418872bfecf4843f1ded7a4151685dfcf07d5" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/333418872bfecf4843f1ded= 7a4151685dfcf07d5</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: bnx= t_en: Fix NULL pointer crash in bnxt_ptp_enable during error cleanup When b= nxt_init_one() fails during initialization (e.g., bnxt_init_int_mode return=
s -ENODEV), the error path calls bnxt_free_hwrm_resources() which destroys = the DMA pool and sets bp->hwrm_dma_pool to NULL. Subsequently, bnxt_ptp_= clear() is called, which invokes ptp_clock_unregister(). Since commit a60fc= 3294a37 ("ptp: rework ptp_clock_unregister() to disable events"), ptp_clock= _unregister() now calls ptp_disable_all_events(), which in turn invokes the=
driver's .enable() callback (bnxt_ptp_enable()) to disable PTP events befo=
re completing the unregistration. bnxt_ptp_enable() attempts to send HWRM c= ommands via bnxt_ptp_cfg_pin() and bnxt_ptp_cfg_event(), both of which call=
hwrm_req_init(). This function tries to allocate from bp->hwrm_dma_pool=
, causing a NULL pointer dereference: bnxt_en 0000:01:00.0 (unnamed net_dev= ice) (uninitialized): bnxt_init_int_mode err: ffffffed KASAN: null-ptr-dere=
f in range [0x0000000000000028-0x000000000000002f] Call Trace: __hwrm_req_i= nit (drivers/net/ethernet/broadcom/bnxt/bnxt_hwrm.c:72) bnxt_ptp_enable (dr= ivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c:323 drivers/net/ethernet/broadc= om/bnxt/bnxt_ptp.c:517) ptp_disable_all_events (drivers/ptp/ptp_chardev.c:6=
6) ptp_clock_unregister (drivers/ptp/ptp_clock.c:518) bnxt_ptp_clear (drive= rs/net/ethernet/broadcom/bnxt/bnxt_ptp.c:1134) bnxt_init_one (drivers/net/e= thernet/broadcom/bnxt/bnxt.c:16889) Lines are against commit f8f9c1f4d0c7 (= "Linux 6.19-rc3") Fix this by clearing and unregistering ptp (bnxt_ptp_clea= r()) before freeing HWRM resources.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23041" target=3D= "_blank" rel=3D"noopener">CVE-2026-23041</a></td>

<a href=3D"https://git.kernel.org/stable/c/0174d5466caefc22f03a36c43b2a3cce= 7e332627" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/0174d5466caefc22f03a36c43b2a3cce7e332627</a> <a href=3D"https://git.ke= rnel.org/stable/c/3358995b1a7f9dcb52a56ec8251570d71024dad0" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/3358995b1a7f9dcb52a56ec= 8251570d71024dad0</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: idp=
f: fix aux device unplugging when rdma is not supported by vport If vport f= lags do not contain VIRTCHNL2_VPORT_ENABLE_RDMA, driver does not allocate v= dev_info for this vport. This leads to kernel NULL pointer dereference in i= dpf_idc_vport_dev_down(), which references vdev_info for every vport regard= less. Check, if vdev_info was ever allocated before unplugging aux device.<=

<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23042" target=3D= "_blank" rel=3D"noopener">CVE-2026-23042</a></td>

<a href=3D"https://git.kernel.org/stable/c/0ad6d6e50e9d8bf596cfe77a882ddc20= b29f525a" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/0ad6d6e50e9d8bf596cfe77a882ddc20b29f525a</a> <a href=3D"https://git.ke= rnel.org/stable/c/4648fb2f2e7210c53b85220ee07d42d1e4bae3f9" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/4648fb2f2e7210c53b85220= ee07d42d1e4bae3f9</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: btr= fs: fix NULL pointer dereference in do_abort_log_replay() Coverity reported=
a NULL pointer dereference issue (CID 1666756) in do_abort_log_replay(). W= hen btrfs_alloc_path() fails in replay_one_buffer(), wc->subvol_path is = NULL, but btrfs_abort_log_replay() calls do_abort_log_replay() which uncond= itionally dereferences wc->subvol_path when attempting to print debug in= formation. Fix this by adding a NULL check before dereferencing wc->subv= ol_path in do_abort_log_replay().</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23043" target=3D= "_blank" rel=3D"noopener">CVE-2026-23043</a></td>

<a href=3D"https://git.kernel.org/stable/c/6d1b61b8e1e44888c643d89225ab819b= 10649b2e" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/6d1b61b8e1e44888c643d89225ab819b10649b2e</a> <a href=3D"https://git.ke= rnel.org/stable/c/530e3d4af566ca44807d79359b90794dea24c4f3" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/530e3d4af566ca44807d793= 59b90794dea24c4f3</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: PM:=
hibernate: Fix crash when freeing invalid crypto compressor When crypto_al= loc_acomp() fails, it returns an ERR_PTR value, not NULL. The cleanup code =
in save_compressed_image() and load_compressed_image() unconditionally call=
s crypto_free_acomp() without checking for ERR_PTR, which causes crypto_aco= mp_tfm() to dereference an invalid pointer and crash the kernel. This can b=
e triggered when the compression algorithm is unavailable (e.g., CONFIG_CRY= PTO_LZO not enabled). Fix by adding IS_ERR_OR_NULL() checks before calling = crypto_free_acomp() and acomp_request_free(), similar to the existing kthre= ad_stop() check. [ rjw: Added 2 empty code lines ]</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23044" target=3D= "_blank" rel=3D"noopener">CVE-2026-23044</a></td>

<a href=3D"https://git.kernel.org/stable/c/b7a883b0135dbc6817e90a829421c9fc= 8cd94bad" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/b7a883b0135dbc6817e90a829421c9fc8cd94bad</a> <a href=3D"https://git.ke= rnel.org/stable/c/7966cf0ebe32c981bfa3db252cb5fc3bb1bf2e77" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/7966cf0ebe32c981bfa3db2= 52cb5fc3bb1bf2e77</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: net= /ena: fix missing lock when update devlink params Fix assert lock warning w= hile calling devl_param_driverinit_value_set() in ena. WARNING: net/devlink= /core.c:261 at devl_assert_locked+0x62/0x90, CPU#0: kworker/0:0/9 CPU: 0 UI=
D: 0 PID: 9 Comm: kworker/0:0 Not tainted 6.19.0-rc2+ #1 PREEMPT(lazy) Hard= ware name: Amazon EC2 m8i-flex.4xlarge/, BIOS 1.0 10/16/2017 Workqueue: eve= nts work_for_cpu_fn RIP: 0010:devl_assert_locked+0x62/0x90 Call Trace: <= TASK> devl_param_driverinit_value_set+0x15/0x1c0 ena_devlink_alloc+0x18c= /0x220 [ena] ? __pfx_ena_devlink_alloc+0x10/0x10 [ena] ? trace_hardirqs_on+= 0x18/0x140 ? lockdep_hardirqs_on+0x8c/0x130 ? __raw_spin_unlock_irqrestore+= 0x5d/0x80 ? __raw_spin_unlock_irqrestore+0x46/0x80 ? devm_ioremap_wc+0x9a/0= xd0 ena_probe+0x4d2/0x1b20 [ena] ? __lock_acquire+0x56a/0xbd0 ? __pfx_ena_p= robe+0x10/0x10 [ena] ? local_clock+0x15/0x30 ? __lock_release.isra.0+0x1c9/= 0x340 ? mark_held_locks+0x40/0x70 ? lockdep_hardirqs_on_prepare.part.0+0x92= /0x170 ? trace_hardirqs_on+0x18/0x140 ? lockdep_hardirqs_on+0x8c/0x130 ? __= raw_spin_unlock_irqrestore+0x5d/0x80 ? __raw_spin_unlock_irqrestore+0x46/0x=
80 ? __pfx_ena_probe+0x10/0x10 [ena] ...... </TASK></td> <td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23045" target=3D= "_blank" rel=3D"noopener">CVE-2026-23045</a></td>

<a href=3D"https://git.kernel.org/stable/c/f2c4bcfa193eef1b7457a56be9c47a8d= e015f225" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/f2c4bcfa193eef1b7457a56be9c47a8de015f225</a> <a href=3D"https://git.ke= rnel.org/stable/c/8da901ffe497a53fa4ecc3ceed0e6d771586f88e" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/8da901ffe497a53fa4ecc3c= eed0e6d771586f88e</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: vir= tio_net: fix device mismatch in devm_kzalloc/devm_kfree Initial rss_hdr all= ocation uses virtio_device->device, but virtnet_set_queues() frees using=
net_device->device. This device mismatch causing below devres warning [=
3788.514041] ------------[ cut here ]------------ [ 3788.514044] WARNING: = drivers/base/devres.c:1095 at devm_kfree+0x84/0x98, CPU#16: vdpa/1463 [ 378= 8.514054] Modules linked in: octep_vdpa virtio_net virtio_vdpa [last unload= ed: virtio_vdpa] [ 3788.514064] CPU: 16 UID: 0 PID: 1463 Comm: vdpa Tainted=
: G W 6.18.0 #10 PREEMPT [ 3788.514067] Tainted: [W]=3DWARN [ 3788.514069] = Hardware name: Marvell CN106XX board (DT) [ 3788.514071] pstate: 63400009 (= nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=3D--) [ 3788.514074] pc : devm_kf= ree+0x84/0x98 [ 3788.514076] lr : devm_kfree+0x54/0x98 [ 3788.514079] sp : = ffff800084e2f220 [ 3788.514080] x29: ffff800084e2f220 x28: ffff0003b2366000=
x27: 000000000000003f [ 3788.514085] x26: 000000000000003f x25: ffff000106= f17c10 x24: 0000000000000080 [ 3788.514089] x23: ffff00045bb8ab08 x22: ffff= 00045bb8a000 x21: 0000000000000018 [ 3788.514093] x20: ffff0004355c3080 x19=
: ffff00045bb8aa00 x18: 0000000000080000 [ 3788.514098] x17: 00000000000000=
40 x16: 000000000000001f x15: 000000000007ffff [ 3788.514102] x14: 00000000= 00000488 x13: 0000000000000005 x12: 00000000000fffff [ 3788.514106] x11: ff= ffffffffffffff x10: 0000000000000005 x9 : ffff800080c8c05c [ 3788.514110] x=
8 : ffff800084e2eeb8 x7 : 0000000000000000 x6 : 000000000000003f [ 3788.514= 115] x5 : ffff8000831bafe0 x4 : ffff800080c8b010 x3 : ffff0004355c3080 [ 37= 88.514119] x2 : ffff0004355c3080 x1 : 0000000000000000 x0 : 000000000000000=
0 [ 3788.514123] Call trace: [ 3788.514125] devm_kfree+0x84/0x98 (P) [ 3788= .514129] virtnet_set_queues+0x134/0x2e8 [virtio_net] [ 3788.514135] virtnet= _probe+0x9c0/0xe00 [virtio_net] [ 3788.514139] virtio_dev_probe+0x1e0/0x338=
[ 3788.514144] really_probe+0xc8/0x3a0 [ 3788.514149] __driver_probe_devic= e+0x84/0x170 [ 3788.514152] driver_probe_device+0x44/0x120 [ 3788.514155] _= _device_attach_driver+0xc4/0x168 [ 3788.514158] bus_for_each_drv+0x8c/0xf0 =
[ 3788.514161] __device_attach+0xa4/0x1c0 [ 3788.514164] device_initial_pro= be+0x1c/0x30 [ 3788.514168] bus_probe_device+0xb4/0xc0 [ 3788.514170] devic= e_add+0x614/0x828 [ 3788.514173] register_virtio_device+0x214/0x258 [ 3788.= 514175] virtio_vdpa_probe+0xa0/0x110 [virtio_vdpa] [ 3788.514179] vdpa_dev_= probe+0xa8/0xd8 [ 3788.514183] really_probe+0xc8/0x3a0 [ 3788.514186] __dri= ver_probe_device+0x84/0x170 [ 3788.514189] driver_probe_device+0x44/0x120 [=
3788.514192] __device_attach_driver+0xc4/0x168 [ 3788.514195] bus_for_each= _drv+0x8c/0xf0 [ 3788.514197] __device_attach+0xa4/0x1c0 [ 3788.514200] dev= ice_initial_probe+0x1c/0x30 [ 3788.514203] bus_probe_device+0xb4/0xc0 [ 378= 8.514206] device_add+0x614/0x828 [ 3788.514209] _vdpa_register_device+0x58/= 0x88 [ 3788.514211] octep_vdpa_dev_add+0x104/0x228 [octep_vdpa] [ 3788.5142= 15] vdpa_nl_cmd_dev_add_set_doit+0x2d0/0x3c0 [ 3788.514218] genl_family_rcv= _msg_doit+0xe4/0x158 [ 3788.514222] genl_rcv_msg+0x218/0x298 [ 3788.514225]=
netlink_rcv_skb+0x64/0x138 [ 3788.514229] genl_rcv+0x40/0x60 [ 3788.514233=
] netlink_unicast+0x32c/0x3b0 [ 3788.514237] netlink_sendmsg+0x170/0x3b8 [ = 3788.514241] __sys_sendto+0x12c/0x1c0 [ 3788.514246] __arm64_sys_sendto+0x3= 0/0x48 [ 3788.514249] invoke_syscall.constprop.0+0x58/0xf8 [ 3788.514255] d= o_el0_svc+0x48/0xd0 [ 3788.514259] el0_svc+0x48/0x210 [ 3788.514264] el0t_6= 4_sync_handler+0xa0/0xe8 [ 3788.514268] el0t_64_sync+0x198/0x1a0 [ 3788.514= 271] ---[ end trace 0000000000000000 ]--- Fix by using virtio_device->de= vice consistently for allocation and deallocation</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23046" target=3D= "_blank" rel=3D"noopener">CVE-2026-23046</a></td>

<a href=3D"https://git.kernel.org/stable/c/a5e2d902f64c76169c771f584559c82b= 588090e3" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/a5e2d902f64c76169c771f584559c82b588090e3</a> <a href=3D"https://git.ke= rnel.org/stable/c/acb4bc6e1ba34ae1a34a9334a1ce8474c909466e" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/acb4bc6e1ba34ae1a34a933= 4a1ce8474c909466e</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: lib= ceph: make calc_target() set t->paused, not just clear it Currently calc= _target() clears t->paused if the request shouldn't be paused anymore, b=
ut doesn't ever set t->paused even though it's able to determine when th=
e request should be paused. Setting t->paused is left to __submit_reques= t() which is fine for regular requests but doesn't work for linger requests=
-- since __submit_request() doesn't operate on linger requests, there is n= owhere for lreq->t.paused to be set. One consequence of this is that wat= ches don't get reestablished on paused -> unpaused transitions in cases = where requests have been paused long enough for the (paused) unwatch reques=
t to time out and for the subsequent (re)watch request to enter the paused = state. On top of the watch not getting reestablished, rbd_reregister_watch(=
) gets stuck with rbd_dev->watch_mutex held: rbd_register_watch __rbd_re= gister_watch ceph_osdc_watch linger_reg_commit_wait It's waiting for lreq-&= gt;reg_commit_wait to be completed, but for that to happen the respective r= equest needs to end up on need_resend_linger list and be kicked when reques=
ts are unpaused. There is no chance for that if the request in question is = never marked paused in the first place. The fact that rbd_dev->watch_mut=
ex remains taken out forever then prevents the image from getting unmapped =
-- "rbd unmap" would inevitably hang in D state on an attempt to grab the m= utex.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23047" target=3D= "_blank" rel=3D"noopener">CVE-2026-23047</a></td>

<a href=3D"https://git.kernel.org/stable/c/2b3329b3c29d9e188e40d902d5230c2d= 5989b940" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/2b3329b3c29d9e188e40d902d5230c2d5989b940</a> <a href=3D"https://git.ke= rnel.org/stable/c/5d0dc83cb9a69c1d0bea58f1c430199b05f6b021" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/5d0dc83cb9a69c1d0bea58f= 1c430199b05f6b021</a> <a href=3D"https://git.kernel.org/stable/c/4d3399c= 52e0e61720ae898f5a0b5b75d4460ae24" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/4d3399c52e0e61720ae898f5a0b5b75d4460ae24</a> =
<a href=3D"https://git.kernel.org/stable/c/4ebc711b738d139cabe2fc9e7e774984= 7676a342" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/4ebc711b738d139cabe2fc9e7e7749847676a342</a> <a href=3D"https://git.ke= rnel.org/stable/c/6f468f6ff233c6a81e0e761d9124e982903fe9a5" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/6f468f6ff233c6a81e0e761= d9124e982903fe9a5</a> <a href=3D"https://git.kernel.org/stable/c/5647d42= c47b535573b63e073e91164d6a5bb058c" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/5647d42c47b535573b63e073e91164d6a5bb058c</a> =
<a href=3D"https://git.kernel.org/stable/c/c0fe2994f9a9d0a2ec9e42441ea5ba74= b6a16176" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/c0fe2994f9a9d0a2ec9e42441ea5ba74b6a16176</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: udp=
: call skb_orphan() before skb_attempt_defer_free() Standard UDP receive pa=
th does not use skb->destructor. But skmsg layer does use it, since it c= alls skb_set_owner_sk_safe() from udp_read_skb(). This then triggers this w= arning in skb_attempt_defer_free(): DEBUG_NET_WARN_ON_ONCE(skb->destruct= or); We must call skb_orphan() to fix this issue.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23048" target=3D= "_blank" rel=3D"noopener">CVE-2026-23048</a></td>

<a href=3D"https://git.kernel.org/stable/c/0c63d5683eae6a7b4d81382bcbecb2a1= 9feff90d" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/0c63d5683eae6a7b4d81382bcbecb2a19feff90d</a> <a href=3D"https://git.ke= rnel.org/stable/c/e5c8eda39a9fc1547d1398d707aa06c1d080abdd" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/e5c8eda39a9fc1547d1398d= 707aa06c1d080abdd</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: drm= /panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel The c= onnector type for the DataImage SCF0700C48GGU18 panel is missing and devm_d= rm_panel_bridge_add() requires connector type to be set. This leads to a wa= rning and a backtrace in the kernel log and panel does not work: " WARNING:=
CPU: 3 PID: 38 at drivers/gpu/drm/bridge/panel.c:379 devm_drm_of_get_bridg= e+0xac/0xb8 " The warning is triggered by a check for valid connector type =
in devm_drm_panel_bridge_add(). If there is no valid connector type set for=
a panel, the warning is printed and panel is not added. Fill in the missin=
g connector type to fix the warning and make the panel operational once aga= in.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23049" target=3D= "_blank" rel=3D"noopener">CVE-2026-23049</a></td>

<a href=3D"https://git.kernel.org/stable/c/f4c330b4499e7334ec6fce535574e09d= 55843d71" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/f4c330b4499e7334ec6fce535574e09d55843d71</a> <a href=3D"https://git.ke= rnel.org/stable/c/bb309377eece5317207d71fd833f99cca4727fbd" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/bb309377eece5317207d71f= d833f99cca4727fbd</a> <a href=3D"https://git.kernel.org/stable/c/83e0d8d= 22e7ee3151af1951595104887eebed6ab" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/83e0d8d22e7ee3151af1951595104887eebed6ab</a> =
<a href=3D"https://git.kernel.org/stable/c/bc0b17bdba3838e9e17e7e9adc968384= ac99938b" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/bc0b17bdba3838e9e17e7e9adc968384ac99938b</a> <a href=3D"https://git.ke= rnel.org/stable/c/04218cd68d1502000823c8288f37b4f171dcdcae" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/04218cd68d1502000823c82= 88f37b4f171dcdcae</a> <a href=3D"https://git.kernel.org/stable/c/f7940d3= ec1dc6bf719eddc69d4b8e52cc2201896" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/f7940d3ec1dc6bf719eddc69d4b8e52cc2201896</a> =
<a href=3D"https://git.kernel.org/stable/c/6ab3d4353bf75005eaa375677c9fed31= 148154d6" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/6ab3d4353bf75005eaa375677c9fed31148154d6</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: pNF=
S: Fix a deadlock when returning a delegation during open() Ben Coddington = reports seeing a hang in the following stack trace: 0 [ffffd0b50e1774e0] __= schedule at ffffffff9ca05415 1 [ffffd0b50e177548] schedule at ffffffff9ca05= 717 2 [ffffd0b50e177558] bit_wait at ffffffff9ca061e1 3 [ffffd0b50e177568] = __wait_on_bit at ffffffff9ca05cfb 4 [ffffd0b50e1775c8] out_of_line_wait_on_= bit at ffffffff9ca05ea5 5 [ffffd0b50e177618] pnfs_roc at ffffffffc154207b [= nfsv4] 6 [ffffd0b50e1776b8] _nfs4_proc_delegreturn at ffffffffc1506586 [nfs= v4] 7 [ffffd0b50e177788] nfs4_proc_delegreturn at ffffffffc1507480 [nfsv4] =
8 [ffffd0b50e1777f8] nfs_do_return_delegation at ffffffffc1523e41 [nfsv4] 9=
[ffffd0b50e177838] nfs_inode_set_delegation at ffffffffc1524a75 [nfsv4] 10=
[ffffd0b50e177888] nfs4_process_delegation at ffffffffc14f41dd [nfsv4] 11 = [ffffd0b50e1778a0] _nfs4_opendata_to_nfs4_state at ffffffffc1503edf [nfsv4]=
12 [ffffd0b50e1778c0] _nfs4_open_and_get_state at ffffffffc1504e56 [nfsv4]=
13 [ffffd0b50e177978] _nfs4_do_open at ffffffffc15051b8 [nfsv4] 14 [ffffd0= b50e1779f8] nfs4_do_open at ffffffffc150559c [nfsv4] 15 [ffffd0b50e177a80] = nfs4_atomic_open at ffffffffc15057fb [nfsv4] 16 [ffffd0b50e177ad0] nfs4_fil= e_open at ffffffffc15219be [nfsv4] 17 [ffffd0b50e177b78] do_dentry_open at = ffffffff9c09e6ea 18 [ffffd0b50e177ba8] vfs_open at ffffffff9c0a082e 19 [fff= fd0b50e177bd0] dentry_open at ffffffff9c0a0935 The issue is that the delegr= eturn is being asked to wait for a layout return that cannot complete becau=
se a state recovery was initiated. The state recovery cannot complete until=
the open() finishes processing the delegations it was given. The solution =
is to propagate the existing flags that indicate a non-blocking call to the=
function pnfs_roc(), so that it knows not to wait in this situation.</td> <td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23050" target=3D= "_blank" rel=3D"noopener">CVE-2026-23050</a></td>

<a href=3D"https://git.kernel.org/stable/c/a316fd9d3065b753b03d802530004aea= 481512cc" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/a316fd9d3065b753b03d802530004aea481512cc</a> <a href=3D"https://git.ke= rnel.org/stable/c/d6c75aa9d607044d1e5c8498eff0259eed356c32" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/d6c75aa9d607044d1e5c849= 8eff0259eed356c32</a> <a href=3D"https://git.kernel.org/stable/c/857bf90= 56291a16785ae3be1d291026b2437fc48" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/857bf9056291a16785ae3be1d291026b2437fc48</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: drm= /amdgpu: fix drm panic null pointer when driver not support atomic When dri= ver not support atomic, fb using plane->fb rather than plane->state-&= gt;fb. (cherry picked from commit 2f2a72de673513247cd6fae14e53f6c40c5841ef)= </td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23051" target=3D= "_blank" rel=3D"noopener">CVE-2026-23051</a></td>

<a href=3D"https://git.kernel.org/stable/c/a1aedf4053af7dad3772b94b057a7d1f= 5473055f" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/a1aedf4053af7dad3772b94b057a7d1f5473055f</a> <a href=3D"https://git.ke= rnel.org/stable/c/9cb6278b44c38899961b36d303d7b18b38be2a6e" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/9cb6278b44c38899961b36d= 303d7b18b38be2a6e</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: ftr= ace: Do not over-allocate ftrace memory The pg_remaining calculation in ftr= ace_process_locs() assumes that ENTRIES_PER_PAGE multiplied by 2^order equa=
ls the actual capacity of the allocated page group. However, ENTRIES_PER_PA=
GE is PAGE_SIZE / ENTRY_SIZE (integer division). When PAGE_SIZE is not a mu= ltiple of ENTRY_SIZE (e.g. 4096 / 24 =3D 170 with remainder 16), high-order=
allocations (like 256 pages) have significantly more capacity than 256 * 1= 70. This leads to pg_remaining being underestimated, which in turn makes sk=
ip (derived from skipped - pg_remaining) larger than expected, causing the = WARN(skip !=3D remaining) to trigger. Extra allocated pages for ftrace: 2 w= ith 654 skipped WARNING: CPU: 0 PID: 0 at kernel/trace/ftrace.c:7295 ftrace= _process_locs+0x5bf/0x5e0 A similar problem in ftrace_allocate_records() ca=
n result in allocating too many pages. This can trigger the second warning =
in ftrace_process_locs(). Extra allocated pages for ftrace WARNING: CPU: 0 = PID: 0 at kernel/trace/ftrace.c:7276 ftrace_process_locs+0x548/0x580 Use th=
e actual capacity of a page group to determine the number of pages to alloc= ate. Have ftrace_allocate_pages() return the number of allocated pages to a= void having to calculate it. Use the actual page group capacity when valida= ting the number of unused pages due to skipped entries. Drop the definition=
of ENTRIES_PER_PAGE since it is no longer used.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23052" target=3D= "_blank" rel=3D"noopener">CVE-2026-23052</a></td>

<a href=3D"https://git.kernel.org/stable/c/9aef476717994e96dadfb359641c4b82= b521aa36" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/9aef476717994e96dadfb359641c4b82b521aa36</a> <a href=3D"https://git.ke= rnel.org/stable/c/be55257fab181b93af38f8c4b1b3cb453a78d742" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/be55257fab181b93af38f8c= 4b1b3cb453a78d742</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: NFS=
: Fix a deadlock involving nfs_release_folio() Wang Zhaolong reports a dead= lock involving NFSv4.1 state recovery waiting on kthreadd, which is attempt= ing to reclaim memory by calling nfs_release_folio(). The latter cannot mak=
e progress due to state recovery being needed. It seems that the only safe = thing to do here is to kick off a writeback of the folio, without waiting f=
or completion, or else kicking off an asynchronous commit.</td> <td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23053" target=3D= "_blank" rel=3D"noopener">CVE-2026-23053</a></td>

<a href=3D"https://git.kernel.org/stable/c/49d352bc263fe4a834233338bfaad31b= 3109addf" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/49d352bc263fe4a834233338bfaad31b3109addf</a> <a href=3D"https://git.ke= rnel.org/stable/c/19b4d9ab5e77843eac0429c019470c02f8710b55" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/19b4d9ab5e77843eac0429c= 019470c02f8710b55</a> <a href=3D"https://git.kernel.org/stable/c/cce0be6= eb4971456b703aaeafd571650d314bcca" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/cce0be6eb4971456b703aaeafd571650d314bcca</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: net=
: hv_netvsc: reject RSS hash key programming without RX indirection table R=
SS configuration requires a valid RX indirection table. When the device rep= orts a single receive queue, rndis_filter_device_add() does not allocate an=
indirection table, accepting RSS hash key updates in this state leads to a=
hang. Fix this by gating netvsc_set_rxfh() on ndc->rx_table_sz and retu=
rn -EOPNOTSUPP when the table is absent. This aligns set_rxfh with the devi=
ce capabilities and prevents incorrect behavior.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23054" target=3D= "_blank" rel=3D"noopener">CVE-2026-23054</a></td>

<a href=3D"https://git.kernel.org/stable/c/8288136f508e78eb3563e7073975999c= f225a2f9" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/8288136f508e78eb3563e7073975999cf225a2f9</a> <a href=3D"https://git.ke= rnel.org/stable/c/82c9039c8ebb715753a40434df714f865a3aec9c" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/82c9039c8ebb715753a4043= 4df714f865a3aec9c</a> <a href=3D"https://git.kernel.org/stable/c/4cd55c6= 09e85ae2313248ef1a33619a3eef44a16" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/4cd55c609e85ae2313248ef1a33619a3eef44a16</a> =
<a href=3D"https://git.kernel.org/stable/c/11dd9a9ef4dc4507a15a69b8511a0013= c6c28fa3" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/11dd9a9ef4dc4507a15a69b8511a0013c6c28fa3</a> <a href=3D"https://git.ke= rnel.org/stable/c/d23564955811da493f34412d7de60fa268c8cb50" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/d23564955811da493f34412= d7de60fa268c8cb50</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: i2c=
: riic: Move suspend handling to NOIRQ phase Commit 53326135d0e0 ("i2c: rii=
c: Add suspend/resume support") added suspend support for the Renesas I2C d= river and following this change on RZ/G3E the following WARNING is seen on = entering suspend ... [ 134.275704] Freezing remaining freezable tasks compl= eted (elapsed 0.001 seconds) [ 134.285536] ------------[ cut here ]--------= ---- [ 134.290298] i2c i2c-2: Transfer while suspended [ 134.295174] WARNIN=
G: drivers/i2c/i2c-core.h:56 at __i2c_smbus_xfer+0x1e4/0x214, CPU#0: system= d-sleep/388 [ 134.365507] Tainted: [W]=3DWARN [ 134.368485] Hardware name: = Renesas SMARC EVK version 2 based on r9a09g047e57 (DT) [ 134.375961] pstate=
: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=3D--) [ 134.382935] p=
c : __i2c_smbus_xfer+0x1e4/0x214 [ 134.387329] lr : __i2c_smbus_xfer+0x1e4/= 0x214 [ 134.391717] sp : ffff800083f23860 [ 134.395040] x29: ffff800083f238=
60 x28: 0000000000000000 x27: ffff800082ed5d60 [ 134.402226] x26: 0000001f4= 395fd74 x25: 0000000000000007 x24: 0000000000000001 [ 134.409408] x23: 0000= 000000000000 x22: 000000000000006f x21: ffff800083f23936 [ 134.416589] x20:=
ffff0000c090e140 x19: ffff0000c090e0d0 x18: 0000000000000006 [ 134.423771]=
x17: 6f63657320313030 x16: 2e30206465737061 x15: ffff800083f23280 [ 134.43= 0953] x14: 0000000000000000 x13: ffff800082b16ce8 x12: 0000000000000f09 [ 1= 34.438134] x11: 0000000000000503 x10: ffff800082b6ece8 x9 : ffff800082b16ce=
8 [ 134.445315] x8 : 00000000ffffefff x7 : ffff800082b6ece8 x6 : 80000000ff= fff000 [ 134.452495] x5 : 0000000000000504 x4 : 0000000000000000 x3 : 00000= 00000000000 [ 134.459672] x2 : 0000000000000000 x1 : 0000000000000000 x0 : = ffff0000c9ee9e80 [ 134.466851] Call trace: [ 134.469311] __i2c_smbus_xfer+0= x1e4/0x214 (P) [ 134.473715] i2c_smbus_xfer+0xbc/0x120 [ 134.477507] i2c_sm= bus_read_byte_data+0x4c/0x84 [ 134.482077] isl1208_i2c_read_time+0x44/0x178=
[rtc_isl1208] [ 134.487703] isl1208_rtc_read_time+0x14/0x20 [rtc_isl1208] =
[ 134.493226] __rtc_read_time+0x44/0x88 [ 134.497012] rtc_read_time+0x3c/0x=
68 [ 134.500622] rtc_suspend+0x9c/0x170 The warning is triggered because I2=
C transfers can still be attempted while the controller is already suspende=
d, due to inappropriate ordering of the system sleep callbacks. If the cont= roller is autosuspended, there is no way to wake it up once runtime PM disa= bled (in suspend_late()). During system resume, the I2C controller will be = available only after runtime PM is re-enabled (in resume_early()). However,=
this may be too late for some devices. Wake up the controller in the suspe= nd() callback while runtime PM is still enabled. The I2C controller will re= main available until the suspend_noirq() callback (pm_runtime_force_suspend= ()) is called. During resume, the I2C controller can be restored by the res= ume_noirq() callback (pm_runtime_force_resume()). Finally, the resume() cal= lback re-enables autosuspend. As a result, the I2C controller can remain av= ailable until the system enters suspend_noirq() and from resume_noirq().</t=

<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23055" target=3D= "_blank" rel=3D"noopener">CVE-2026-23055</a></td>

<a href=3D"https://git.kernel.org/stable/c/469f8fe4c87e43520f279e45b927c35d= 6fe99194" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/469f8fe4c87e43520f279e45b927c35d6fe99194</a> <a href=3D"https://git.ke= rnel.org/stable/c/0b4c0fbbe00b7de76bdaea7fa771017d7a979b0d" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/0b4c0fbbe00b7de76bdaea7= fa771017d7a979b0d</a> <a href=3D"https://git.kernel.org/stable/c/e383f09= 61422f983451ac4dd6aed1a3d3311f2be" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/e383f0961422f983451ac4dd6aed1a3d3311f2be</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: uac= ce: implement mremap in uacce_vm_ops to return -EPERM The current uacce_vm_= ops does not support the mremap operation of vm_operations_struct. Implemen=
t .mremap to return -EPERM to remind users. The reason we need to explicitl=
y disable mremap is that when the driver does not implement .mremap, it use=
s the default mremap method. This could lead to a risk scenario: An applica= tion might first mmap address p1, then mremap to p2, followed by munmap(p1)=
, and finally munmap(p2). Since the default mremap copies the original vma'=
s vm_private_data (i.e., q) to the new vma, both munmap operations would tr= igger vma_close, causing q->qfr to be freed twice(qfr will be set to nul=
l here, so repeated release is ok).</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23056" target=3D= "_blank" rel=3D"noopener">CVE-2026-23056</a></td>

<a href=3D"https://git.kernel.org/stable/c/78d99f062d42e3af2ca46bde1a8e46e0= dfd372e3" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/78d99f062d42e3af2ca46bde1a8e46e0dfd372e3</a> <a href=3D"https://git.ke= rnel.org/stable/c/ebfa85658a39b49ec3901ceea7535b73aa0429e6" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/ebfa85658a39b49ec3901ce= ea7535b73aa0429e6</a> <a href=3D"https://git.kernel.org/stable/c/75b29bd= c935ff93b8e8bf6f6b4d8a4810b26e06f" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/75b29bdc935ff93b8e8bf6f6b4d8a4810b26e06f</a> =
<a href=3D"https://git.kernel.org/stable/c/4c042bc71474dbe417c268f4bfb8ec19= 6f802f07" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/4c042bc71474dbe417c268f4bfb8ec196f802f07</a> <a href=3D"https://git.ke= rnel.org/stable/c/a407ddd61b3e6afc5ccfcd1478797171cf5686ee" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/a407ddd61b3e6afc5ccfcd1= 478797171cf5686ee</a> <a href=3D"https://git.kernel.org/stable/c/ba29b59= d124e725e0377f09b2044909c91d657a1" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/ba29b59d124e725e0377f09b2044909c91d657a1</a> =
<a href=3D"https://git.kernel.org/stable/c/02695347be532b628f22488300d40c4e= ba48b9b7" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/02695347be532b628f22488300d40c4eba48b9b7</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: vso= ck/virtio: Coalesce only linear skb vsock/virtio common tries to coalesce b= uffers in rx queue: if a linear skb (with a spare tail room) is followed by=
a small skb (length limited by GOOD_COPY_LEN =3D 128), an attempt is made =
to join them. Since the introduction of MSG_ZEROCOPY support, assumption th=
at a small skb will always be linear is incorrect. In the zerocopy case, da=
ta is lost and the linear skb is appended with uninitialized kernel memory.=
Of all 3 supported virtio-based transports, only loopback-transport is aff= ected. G2H virtio-transport rx queue operates on explicitly linear skbs; se=
e virtio_vsock_alloc_linear_skb() in virtio_vsock_rx_fill(). H2G vhost-tran= sport may allocate non-linear skbs, but only for sizes that are not conside= red for coalescence; see PAGE_ALLOC_COSTLY_ORDER in virtio_vsock_alloc_skb(=
). Ensure only linear skbs are coalesced. Note that skb_tailroom(last_skb) = > 0 guarantees last_skb is linear.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23057" target=3D= "_blank" rel=3D"noopener">CVE-2026-23057</a></td>

<a href=3D"https://git.kernel.org/stable/c/568e9cd8ed7ca9bf748c7687ba6501f2= 9d30e59f" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/568e9cd8ed7ca9bf748c7687ba6501f29d30e59f</a> <a href=3D"https://git.ke= rnel.org/stable/c/63ef9b300bd09e24c57050c5dbe68feedce42e72" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/63ef9b300bd09e24c57050c= 5dbe68feedce42e72</a> <a href=3D"https://git.kernel.org/stable/c/0386bd3= 21d0f95d041a7b3d7b07643411b044a96" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/0386bd321d0f95d041a7b3d7b07643411b044a96</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: can=
: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak Fix similar me= mory leak as in commit 7352e1d5932a ("can: gs_usb: gs_usb_receive_bulk_call= back(): fix URB memory leak"). In ems_usb_open(), the URBs for USB-in trans= fers are allocated, added to the dev->rx_submitted anchor and submitted.=
In the complete callback ems_usb_read_bulk_callback(), the URBs are proces= sed and resubmitted. In ems_usb_close() the URBs are freed by calling usb_k= ill_anchored_urbs(&dev->rx_submitted). However, this does not take i= nto account that the USB framework unanchors the URB before the complete fu= nction is called. This means that once an in-URB has been completed, it is =
no longer anchored and is ultimately not released in ems_usb_close(). Fix t=
he memory leak by anchoring the URB in the ems_usb_read_bulk_callback() to = the dev->rx_submitted anchor.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23058" target=3D= "_blank" rel=3D"noopener">CVE-2026-23058</a></td>

<a href=3D"https://git.kernel.org/stable/c/e2c71030dc464d437110bcfb367c493f= d402bddb" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/e2c71030dc464d437110bcfb367c493fd402bddb</a> <a href=3D"https://git.ke= rnel.org/stable/c/f48eabd15194b216030b32445f44230df95f5fe0" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/f48eabd15194b216030b324= 45f44230df95f5fe0</a> <a href=3D"https://git.kernel.org/stable/c/61e6d36= 74c3d1da1475dc207b3e75c55d678d18e" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/61e6d3674c3d1da1475dc207b3e75c55d678d18e</a> =
<a href=3D"https://git.kernel.org/stable/c/e9410fdd4d5f7eaa6526d8c80e83029d= 7c86a8e8" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/e9410fdd4d5f7eaa6526d8c80e83029d7c86a8e8</a> <a href=3D"https://git.ke= rnel.org/stable/c/46a191ff7eeec33a2ccb2a1bfea34e18fbc5dc1a" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/46a191ff7eeec33a2ccb2a1= bfea34e18fbc5dc1a</a> <a href=3D"https://git.kernel.org/stable/c/68c62b3= e53901846b5f68c5a8bade72a5d9c0b87" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/68c62b3e53901846b5f68c5a8bade72a5d9c0b87</a> =
<a href=3D"https://git.kernel.org/stable/c/0ce73a0eb5a27070957b67fd74059b6d= a89cc516" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/0ce73a0eb5a27070957b67fd74059b6da89cc516</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: scs=
i: qla2xxx: Sanitize payload size to prevent member overflow In qla27xx_cop= y_fpin_pkt() and qla27xx_copy_multiple_pkt(), the frame_size reported by fi= rmware is used to calculate the copy length into item->iocb. However, th=
e iocb member is defined as a fixed-size 64-byte array within struct purex_= item. If the reported frame_size exceeds 64 bytes, subsequent memcpy calls = will overflow the iocb member boundary. While extra memory might be allocat= ed, this cross-member write is unsafe and triggers warnings under CONFIG_FO= RTIFY_SOURCE. Fix this by capping total_bytes to the size of the iocb membe=
r (64 bytes) before allocation and copying. This ensures all copies remain = within the bounds of the destination structure member.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23059" target=3D= "_blank" rel=3D"noopener">CVE-2026-23059</a></td>

<a href=3D"https://git.kernel.org/stable/c/408bfa8d70f79ac696cec1bdbdfb3bf4= 3a02e6d0" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/408bfa8d70f79ac696cec1bdbdfb3bf43a02e6d0</a> <a href=3D"https://git.ke= rnel.org/stable/c/1922468a4a80424e5a69f7ba50adcee37f4722e9" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/1922468a4a80424e5a69f7b= a50adcee37f4722e9</a> <a href=3D"https://git.kernel.org/stable/c/aa14451= fa5d5f2de919384c637e2a8c604e1a1fe" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/aa14451fa5d5f2de919384c637e2a8c604e1a1fe</a> =
<a href=3D"https://git.kernel.org/stable/c/19bc5f2a6962dfaa0e32d0e0bc227199= 3d85d414" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/19bc5f2a6962dfaa0e32d0e0bc2271993d85d414</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: cry= pto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spe=
c authencesn assumes an ESP/ESN-formatted AAD. When assoclen is shorter tha=
n the minimum expected length, crypto_authenc_esn_decrypt() can advance pas=
t the end of the destination scatterlist and trigger a NULL pointer derefer= ence in scatterwalk_map_and_copy(), leading to a kernel panic (DoS). Add a = minimum AAD length check to fail fast on invalid inputs.</td> <td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23060" target=3D= "_blank" rel=3D"noopener">CVE-2026-23060</a></td>

<a href=3D"https://git.kernel.org/stable/c/df22c9a65e9a9daa368a72fed596af9d= 7d5876bb" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/df22c9a65e9a9daa368a72fed596af9d7d5876bb</a> <a href=3D"https://git.ke= rnel.org/stable/c/fee86edf5803f1d1f19e3b4f2dacac241bddfa48" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/fee86edf5803f1d1f19e3b4= f2dacac241bddfa48</a> <a href=3D"https://git.kernel.org/stable/c/767e834= 9f7e929b7dd95c08f0b4cb353459b365e" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/767e8349f7e929b7dd95c08f0b4cb353459b365e</a> =
<a href=3D"https://git.kernel.org/stable/c/b0a9609283a5c852addb513dafa655c6= 1eebc1ef" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/b0a9609283a5c852addb513dafa655c61eebc1ef</a> <a href=3D"https://git.ke= rnel.org/stable/c/161bdc90fce25bd9890adc67fa1c8563a7acbf40" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/161bdc90fce25bd9890adc6= 7fa1c8563a7acbf40</a> <a href=3D"https://git.kernel.org/stable/c/9532ff0= d0e90ff78a214299f594ab9bac81defe4" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/9532ff0d0e90ff78a214299f594ab9bac81defe4</a> =
<a href=3D"https://git.kernel.org/stable/c/2397e9264676be7794f8f7f1e9763d90= bd3c7335" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/2397e9264676be7794f8f7f1e9763d90bd3c7335</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: can=
: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak Fix simi= lar memory leak as in commit 7352e1d5932a ("can: gs_usb: gs_usb_receive_bul= k_callback(): fix URB memory leak"). In kvaser_usb_set_{,data_}bittiming() = -> kvaser_usb_setup_rx_urbs(), the URBs for USB-in transfers are allocat= ed, added to the dev->rx_submitted anchor and submitted. In the complete=
callback kvaser_usb_read_bulk_callback(), the URBs are processed and resub= mitted. In kvaser_usb_remove_interfaces() the URBs are freed by calling usb= _kill_anchored_urbs(&dev->rx_submitted). However, this does not take=
into account that the USB framework unanchors the URB before the complete = function is called. This means that once an in-URB has been completed, it i=
s no longer anchored and is ultimately not released in usb_kill_anchored_ur= bs(). Fix the memory leak by anchoring the URB in the kvaser_usb_read_bulk_= callback() to the dev->rx_submitted anchor.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23061" target=3D= "_blank" rel=3D"noopener">CVE-2026-23061</a></td>

<a href=3D"https://git.kernel.org/stable/c/d9d824582f2ec76459ffab449e9b05c7= bc49645c" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/d9d824582f2ec76459ffab449e9b05c7bc49645c</a> <a href=3D"https://git.ke= rnel.org/stable/c/40a3334ffda479c63e416e61ff086485e24401f7" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/40a3334ffda479c63e416e6= 1ff086485e24401f7</a> <a href=3D"https://git.kernel.org/stable/c/c1b39fa= 24c140bc616f51fef4175c1743e2bb132" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/c1b39fa24c140bc616f51fef4175c1743e2bb132</a> =
<a href=3D"https://git.kernel.org/stable/c/7c308f7530bffafa994e0aa8dc651a31= 2f4b9ff4" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/7c308f7530bffafa994e0aa8dc651a312f4b9ff4</a> <a href=3D"https://git.ke= rnel.org/stable/c/94a7fc42e21c7d9d1c49778cd1db52de5df52a01" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/94a7fc42e21c7d9d1c49778= cd1db52de5df52a01</a> <a href=3D"https://git.kernel.org/stable/c/3b1a593= eab941c3f32417896cc7df564191f2482" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/3b1a593eab941c3f32417896cc7df564191f2482</a> =
<a href=3D"https://git.kernel.org/stable/c/248e8e1a125fa875158df521b30f2cc7= e27eeeaa" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/248e8e1a125fa875158df521b30f2cc7e27eeeaa</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: pla= tform/x86: hp-bioscfg: Fix kernel panic in GET_INSTANCE_ID macro The GET_IN= STANCE_ID macro that caused a kernel panic when accessing sysfs attributes:=
1. Off-by-one error: The loop condition used '<=3D' instead of '<', = causing access beyond array bounds. Since array indices are 0-based and go = from 0 to instances_count-1, the loop should use '<'. 2. Missing NULL ch= eck: The code dereferenced attr_name_kobj->name without checking if attr= _name_kobj was NULL, causing a null pointer dereference in min_length_show(=
) and other attribute show functions. The panic occurred when fwupd tried t=
o read BIOS configuration attributes: Oops: general protection fault [#1] S=
MP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000= 000000007] RIP: 0010:min_length_show+0xcf/0x1d0 [hp_bioscfg] Add a NULL che=
ck for attr_name_kobj before dereferencing and corrects the loop boundary t=
o match the pattern used elsewhere in the driver.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23062" target=3D= "_blank" rel=3D"noopener">CVE-2026-23062</a></td>

<a href=3D"https://git.kernel.org/stable/c/eb5ff1025c92117d5d1cc728bcfa294a= be484da1" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/eb5ff1025c92117d5d1cc728bcfa294abe484da1</a> <a href=3D"https://git.ke= rnel.org/stable/c/eba49c1dee9c5e514ca18e52c545bba524e8a045" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/eba49c1dee9c5e514ca18e5= 2c545bba524e8a045</a> <a href=3D"https://git.kernel.org/stable/c/193922a= 23d7294085a47d7719fdb7d66ad0a236f" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/193922a23d7294085a47d7719fdb7d66ad0a236f</a> =
<a href=3D"https://git.kernel.org/stable/c/25150715e0b049b99df664daf05dab12= f41c3e13" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/25150715e0b049b99df664daf05dab12f41c3e13</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: uac= ce: ensure safe queue release with state management Directly calling `put_q= ueue` carries risks since it cannot guarantee that resources of `uacce_queu=
e` have been fully released beforehand. So adding a `stop_queue` operation = for the UACCE_CMD_PUT_Q command and leaving the `put_queue` operation to th=
e final resource release ensures safety. Queue states are defined as follow=
s: - UACCE_Q_ZOMBIE: Initial state - UACCE_Q_INIT: After opening `uacce` - = UACCE_Q_STARTED: After `start` is issued via `ioctl` When executing `powero=
ff -f` in virt while accelerator are still working, `uacce_fops_release` an=
d `uacce_remove` may execute concurrently. This can cause `uacce_put_queue`=
within `uacce_fops_release` to access a NULL `ops` pointer. Therefore, add=
state checks to prevent accessing freed pointers.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23063" target=3D= "_blank" rel=3D"noopener">CVE-2026-23063</a></td>

<a href=3D"https://git.kernel.org/stable/c/b457abeb5d962db88aaf60e249402fd3= 073dbfab" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/b457abeb5d962db88aaf60e249402fd3073dbfab</a> <a href=3D"https://git.ke= rnel.org/stable/c/8b57bf1d3b1db692f34bce694a03e41be79f6016" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/8b57bf1d3b1db692f34bce6= 94a03e41be79f6016</a> <a href=3D"https://git.kernel.org/stable/c/336fb41= a186e7c0415ae94fec9e23d1f04b87483" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/336fb41a186e7c0415ae94fec9e23d1f04b87483</a> =
<a href=3D"https://git.kernel.org/stable/c/43f233eb6e7b9d88536881a9bc43726d= 0e34800d" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/43f233eb6e7b9d88536881a9bc43726d0e34800d</a> <a href=3D"https://git.ke= rnel.org/stable/c/47634d70073890c9c37e39ab4ff93d4b585b028a" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/47634d70073890c9c37e39a= b4ff93d4b585b028a</a> <a href=3D"https://git.kernel.org/stable/c/92e4f11= e29b98ef424ff72d6371acac03e5d973c" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/92e4f11e29b98ef424ff72d6371acac03e5d973c</a> =
<a href=3D"https://git.kernel.org/stable/c/26c08dabe5475d99a13f353d8dd70e51= 8de45663" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/26c08dabe5475d99a13f353d8dd70e518de45663</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: net= /sched: act_ife: avoid possible NULL deref tcf_ife_encode() must make sure = ife_encode() does not return NULL. syzbot reported: Oops: general protectio=
n fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] S=
MP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000= 000000007] RIP: 0010:ife_tlv_meta_encode+0x41/0xa0 net/ife/ife.c:166 CPU: 3=
UID: 0 PID: 8990 Comm: syz.0.696 Not tainted syzkaller #0 PREEMPT(full) Ca=
ll Trace: <TASK> ife_encode_meta_u32+0x153/0x180 net/sched/act_ife.c:= 101 tcf_ife_encode net/sched/act_ife.c:841 [inline] tcf_ife_act+0x1022/0x1d=
e0 net/sched/act_ife.c:877 tc_act include/net/tc_wrapper.h:130 [inline] tcf= _action_exec+0x1c0/0xa20 net/sched/act_api.c:1152 tcf_exts_exec include/net= /pkt_cls.h:349 [inline] mall_classify+0x1a0/0x2a0 net/sched/cls_matchall.c:=
42 tc_classify include/net/tc_wrapper.h:197 [inline] __tcf_classify net/sch= ed/cls_api.c:1764 [inline] tcf_classify+0x7f2/0x1380 net/sched/cls_api.c:18=
60 multiq_classify net/sched/sch_multiq.c:39 [inline] multiq_enqueue+0xe0/0= x510 net/sched/sch_multiq.c:66 dev_qdisc_enqueue+0x45/0x250 net/core/dev.c:= 4147 __dev_xmit_skb net/core/dev.c:4262 [inline] __dev_queue_xmit+0x2998/0x= 46c0 net/core/dev.c:4798</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23064" target=3D= "_blank" rel=3D"noopener">CVE-2026-23064</a></td>

<a href=3D"https://git.kernel.org/stable/c/4ef2c77851676b7ed106f0c47755bee9= eeec9a40" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/4ef2c77851676b7ed106f0c47755bee9eeec9a40</a> <a href=3D"https://git.ke= rnel.org/stable/c/dd9442aedbeae87c44cc64c0ee41abd296dc008b" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/dd9442aedbeae87c44cc64c= 0ee41abd296dc008b</a> <a href=3D"https://git.kernel.org/stable/c/1440d74= 9fe49c8665da6f744323b1671d25a56a0" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/1440d749fe49c8665da6f744323b1671d25a56a0</a> =
<a href=3D"https://git.kernel.org/stable/c/03710cebfc0bcfe247a9e04381e79ea3= 3896e278" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/03710cebfc0bcfe247a9e04381e79ea33896e278</a> <a href=3D"https://git.ke= rnel.org/stable/c/374915dfc932adf57712df3be010667fd1190e3c" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/374915dfc932adf57712df3= be010667fd1190e3c</a> <a href=3D"https://git.kernel.org/stable/c/6c75fed= 55080014545f262b7055081cec4768b20" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/6c75fed55080014545f262b7055081cec4768b20</a> =
<a href=3D"https://git.kernel.org/stable/c/27880b0b0d35ad1c98863d09788254e3= 6f874968" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/27880b0b0d35ad1c98863d09788254e36f874968</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: pla= tform/x86/amd: Fix memory leak in wbrf_record() The tmp buffer is allocated=
using kcalloc() but is not freed if acpi_evaluate_dsm() fails. This causes=
a memory leak in the error path. Fix this by explicitly freeing the tmp bu= ffer in the error handling path of acpi_evaluate_dsm().</td> <td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23065" target=3D= "_blank" rel=3D"noopener">CVE-2026-23065</a></td>

<a href=3D"https://git.kernel.org/stable/c/1152dffe01af86e42ce2b208b92ef7f8= c275d130" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/1152dffe01af86e42ce2b208b92ef7f8c275d130</a> <a href=3D"https://git.ke= rnel.org/stable/c/1a0072bd1f1e559eda3e91a24dbc51c9eb025c54" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/1a0072bd1f1e559eda3e91a= 24dbc51c9eb025c54</a> <a href=3D"https://git.kernel.org/stable/c/2bf1877= b7094c684e1d652cac6912cfbc507ad3e" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/2bf1877b7094c684e1d652cac6912cfbc507ad3e</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: rxr= pc: Fix recvmsg() unconditional requeue If rxrpc_recvmsg() fails because MS= G_DONTWAIT was specified but the call at the front of the recvmsg queue alr= eady has its mutex locked, it requeues the call - whether or not the call i=
s already queued. The call may be on the queue because MSG_PEEK was also pa= ssed and so the call was not dequeued or because the I/O thread requeued it=
. The unconditional requeue may then corrupt the recvmsg queue, leading to = things like UAFs or refcount underruns. Fix this by only requeuing the call=
if it isn't already on the queue - and moving it to the front if it is alr= eady queued. If we don't queue it, we have to put the ref we obtained by de= queuing it. Also, MSG_PEEK doesn't dequeue the call so shouldn't call rxrpc= _notify_socket() for the call if we didn't use up all the data on the queue=
, so fix that also.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23066" target=3D= "_blank" rel=3D"noopener">CVE-2026-23066</a></td>

<a href=3D"https://git.kernel.org/stable/c/930114425065f7ace6e0c0630fab4af7= 5e059ea8" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/930114425065f7ace6e0c0630fab4af75e059ea8</a> <a href=3D"https://git.ke= rnel.org/stable/c/2c28769a51deb6022d7fbd499987e237a01dd63a" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/2c28769a51deb6022d7fbd4= 99987e237a01dd63a</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: iom= mu/io-pgtable-arm: fix size_t signedness bug in unmap path __arm_lpae_unmap=
() returns size_t but was returning -ENOENT (negative error code) when enco= untering an unmapped PTE. Since size_t is unsigned, -ENOENT (typically -2) = becomes a huge positive value (0xFFFFFFFFFFFFFFFE on 64-bit systems). This = corrupted value propagates through the call chain: __arm_lpae_unmap() retur=
ns -ENOENT as size_t -> arm_lpae_unmap_pages() returns it -> __iommu_= unmap() adds it to iova address -> iommu_pgsize() triggers BUG_ON due to=
corrupted iova This can cause IOVA address overflow in __iommu_unmap() loo=
p and trigger BUG_ON in iommu_pgsize() from invalid address alignment. Fix =
by returning 0 instead of -ENOENT. The WARN_ON already signals the error co= ndition, and returning 0 (meaning "nothing unmapped") is the correct semant=
ic for size_t return type. This matches the behavior of other io-pgtable im= plementations (io-pgtable-arm-v7s, io-pgtable-dart) which return 0 on error=
conditions.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23067" target=3D= "_blank" rel=3D"noopener">CVE-2026-23067</a></td>

<a href=3D"https://git.kernel.org/stable/c/41ec6988547819756fb65e94fc24f3e0= dddf84ac" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/41ec6988547819756fb65e94fc24f3e0dddf84ac</a> <a href=3D"https://git.ke= rnel.org/stable/c/374e7af67d9d9d6103c2cfc8eb32abfecf3a2fd8" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/374e7af67d9d9d6103c2cfc= 8eb32abfecf3a2fd8</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: spi=
: spi-sprd-adi: Fix double free in probe error path The driver currently us=
es spi_alloc_host() to allocate the controller but registers it using devm_= spi_register_controller(). If devm_register_restart_handler() fails, the co=
de jumps to the put_ctlr label and calls spi_controller_put(). However, sin=
ce the controller was registered via a devm function, the device core will = automatically call spi_controller_put() again when the probe fails. This re= sults in a double-free of the spi_controller structure. Fix this by switchi=
ng to devm_spi_alloc_host() and removing the manual spi_controller_put() ca= ll.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23068" target=3D= "_blank" rel=3D"noopener">CVE-2026-23068</a></td>

<a href=3D"https://git.kernel.org/stable/c/bddd3d10d039729b81cfb0804520c883= 2a701a0e" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/bddd3d10d039729b81cfb0804520c8832a701a0e</a> <a href=3D"https://git.ke= rnel.org/stable/c/417cdfd9b9f986e95bfcb1d68eb443e6e0a15f8c" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/417cdfd9b9f986e95bfcb1d= 68eb443e6e0a15f8c</a> <a href=3D"https://git.kernel.org/stable/c/346775f= 2b4cf839177e8e86b94aa180a06dc15b0" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/346775f2b4cf839177e8e86b94aa180a06dc15b0</a> =
<a href=3D"https://git.kernel.org/stable/c/f6d6b3f172df118db582fe5ec43ae223= a55d99cf" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/f6d6b3f172df118db582fe5ec43ae223a55d99cf</a> <a href=3D"https://git.ke= rnel.org/stable/c/383d4f5cffcc8df930d95b06518a9d25a6d74aac" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/383d4f5cffcc8df930d95b0= 6518a9d25a6d74aac</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: vso= ck/virtio: fix potential underflow in virtio_transport_get_credit() The cre= dit calculation in virtio_transport_get_credit() uses unsigned arithmetic: = ret =3D vvs->peer_buf_alloc - (vvs->tx_cnt - vvs->peer_fwd_cnt); I=
f the peer shrinks its advertised buffer (peer_buf_alloc) while bytes are i=
n flight, the subtraction can underflow and produce a large positive value,=
potentially allowing more data to be queued than the peer can handle. Reus=
e virtio_transport_has_space() which already handles this case and add a co= mment to make it clear why we are doing that. [Stefano: use virtio_transpor= t_has_space() instead of duplicating the code] [Stefano: tweak the commit m= essage]</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23069" target=3D= "_blank" rel=3D"noopener">CVE-2026-23069</a></td>

<a href=3D"https://git.kernel.org/stable/c/d96de882d6b99955604669d962ae14e9= 4b66a551" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/d96de882d6b99955604669d962ae14e94b66a551</a> <a href=3D"https://git.ke= rnel.org/stable/c/02f9af192b98d15883c70dd41ac76d1b0217c899" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/02f9af192b98d15883c70dd= 41ac76d1b0217c899</a> <a href=3D"https://git.kernel.org/stable/c/d05bc31= 3788f0684b27f0f5b60c52a844669b542" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/d05bc313788f0684b27f0f5b60c52a844669b542</a> =
<a href=3D"https://git.kernel.org/stable/c/ec0f1b3da8061be3173d1c39faaf9504= f91942c3" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/ec0f1b3da8061be3173d1c39faaf9504f91942c3</a> <a href=3D"https://git.ke= rnel.org/stable/c/3ef3d52a1a9860d094395c7a3e593f3aa26ff012" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/3ef3d52a1a9860d094395c7= a3e593f3aa26ff012</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: Oct= eontx2-af: Add proper checks for fwdata firmware populates MAC address, lin=
k modes (supported, advertised) and EEPROM data in shared firmware structur=
e which kernel access via MAC block(CGX/RPM). Accessing fwdata, on boards b= ooted with out MAC block leading to kernel panics. Internal error: Oops: 00= 00000096000005 [#1] SMP [ 10.460721] Modules linked in: [ 10.463779] CPU: 0=
UID: 0 PID: 174 Comm: kworker/0:3 Not tainted 6.19.0-rc5-00154-g76ec646abd= f7-dirty #3 PREEMPT [ 10.474045] Hardware name: Marvell OcteonTX CN98XX boa=
rd (DT) [ 10.479793] Workqueue: events work_for_cpu_fn [ 10.484159] pstate:=
80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=3D--) [ 10.491124] pc =
: rvu_sdp_init+0x18/0x114 [ 10.495051] lr : rvu_probe+0xe58/0x1d18</td> <td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23070" target=3D= "_blank" rel=3D"noopener">CVE-2026-23070</a></td>

<a href=3D"https://git.kernel.org/stable/c/e343973fab43c266a40e4e0dabdc4216= db6d5eff" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/e343973fab43c266a40e4e0dabdc4216db6d5eff</a> <a href=3D"https://git.ke= rnel.org/stable/c/4a3dba48188208e4f66822800e042686784d29d1" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/4a3dba48188208e4f668228= 00e042686784d29d1</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: reg= map: Fix race condition in hwspinlock irqsave routine Previously, the addre=
ss of the shared member '&map->spinlock_flags' was passed directly t=
o 'hwspin_lock_timeout_irqsave'. This creates a race condition where multip=
le contexts contending for the lock could overwrite the shared flags variab= le, potentially corrupting the state for the current lock owner. Fix this b=
y using a local stack variable 'flags' to store the IRQ state temporarily.<=

<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23071" target=3D= "_blank" rel=3D"noopener">CVE-2026-23071</a></td>

<a href=3D"https://git.kernel.org/stable/c/e1a7072bc4f958c9e852dc7e57e39f12= b0bb44b5" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/e1a7072bc4f958c9e852dc7e57e39f12b0bb44b5</a> <a href=3D"https://git.ke= rnel.org/stable/c/766e243ae8c8b27087a4cc605752c0d5ee2daeab" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/766e243ae8c8b27087a4cc6= 05752c0d5ee2daeab</a> <a href=3D"https://git.kernel.org/stable/c/f1e2fe2= 6a51eca95b41420af76d22c2e613efd5e" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/f1e2fe26a51eca95b41420af76d22c2e613efd5e</a> =
<a href=3D"https://git.kernel.org/stable/c/24f31be6ad70537fd7706269d99c92ca= de465a09" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/24f31be6ad70537fd7706269d99c92cade465a09</a> <a href=3D"https://git.ke= rnel.org/stable/c/4aab0ca0a0f7760e33edcb4e47576064d05128f5" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/4aab0ca0a0f7760e33edcb4= e47576064d05128f5</a> <a href=3D"https://git.kernel.org/stable/c/c2d2cf7= 10dc3ee1a69e00b4ed8de607a92a07889" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/c2d2cf710dc3ee1a69e00b4ed8de607a92a07889</a> =
<a href=3D"https://git.kernel.org/stable/c/4b58aac989c1e3fafb1c68a733811859= df388250" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/4b58aac989c1e3fafb1c68a733811859df388250</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: l2t=
p: Fix memleak in l2tp_udp_encap_recv(). syzbot reported memleak of struct = l2tp_session, l2tp_tunnel, sock, etc. [0] The cited commit moved down the v= alidation of the protocol version in l2tp_udp_encap_recv(). The new place r= equires an extra error handling to avoid the memleak. Let's call l2tp_sessi= on_put() there. [0]: BUG: memory leak unreferenced object 0xffff88810a29020=
0 (size 512): comm "syz.0.17", pid 6086, jiffies 4294944299 hex dump (first=
32 bytes): 7d eb 04 0c 00 00 00 00 01 00 00 00 00 00 00 00 }..............=
. 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrac=
e (crc babb6a4f): kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inl= ine] slab_post_alloc_hook mm/slub.c:4958 [inline] slab_alloc_node mm/slub.c= :5263 [inline] __do_kmalloc_node mm/slub.c:5656 [inline] __kmalloc_noprof+0= x3e0/0x660 mm/slub.c:5669 kmalloc_noprof include/linux/slab.h:961 [inline] = kzalloc_noprof include/linux/slab.h:1094 [inline] l2tp_session_create+0x3a/= 0x3b0 net/l2tp/l2tp_core.c:1778 pppol2tp_connect+0x48b/0x920 net/l2tp/l2tp_= ppp.c:755 __sys_connect_file+0x7a/0xb0 net/socket.c:2089 __sys_connect+0xde= /0x110 net/socket.c:2108 __do_sys_connect net/socket.c:2114 [inline] __se_s= ys_connect net/socket.c:2111 [inline] __x64_sys_connect+0x1c/0x30 net/socke= t.c:2111 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_= 64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe= +0x77/0x7f</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23072" target=3D= "_blank" rel=3D"noopener">CVE-2026-23072</a></td>

<a href=3D"https://git.kernel.org/stable/c/5cd158a88eef34e7b100cd9b963873d3= b4e41b35" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/5cd158a88eef34e7b100cd9b963873d3b4e41b35</a> <a href=3D"https://git.ke= rnel.org/stable/c/d4ce79e6dce2a4a49eebceea7b4caf5dc0f0ef3d" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/d4ce79e6dce2a4a49eebcee= a7b4caf5dc0f0ef3d</a> <a href=3D"https://git.kernel.org/stable/c/4d10edf= d1475b69dbd4c47f34b61a3772ece83ca" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/4d10edfd1475b69dbd4c47f34b61a3772ece83ca</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: wif=
i: rsi: Fix memory corruption due to not set vif driver data size The struc=
t ieee80211_vif contains trailing space for vif driver data, when struct ie= ee80211_vif is allocated, the total memory size that is allocated is sizeof= (struct ieee80211_vif) + size of vif driver data. The size of vif driver da=
ta is set by each WiFi driver as needed. The RSI911x driver does not set vi=
f driver data size, no trailing space for vif driver data is therefore allo= cated past struct ieee80211_vif . The RSI911x driver does however use the v=
if driver data to store its vif driver data structure "struct vif_priv". An=
access to vif->drv_priv leads to access out of struct ieee80211_vif bou= nds and corruption of some memory. In case of the failure observed locally,=
rsi_mac80211_add_interface() would write struct vif_priv *vif_info =3D (st= ruct vif_priv *)vif->drv_priv; vif_info->vap_id =3D vap_idx. This wri=
te corrupts struct fq_tin member struct list_head new_flows . The flow =3D = list_first_entry(head, struct fq_flow, flowchain); in fq_tin_reset() then r= eports non-NULL bogus address, which when accessed causes a crash. The trig= ger is very simple, boot the machine with init=3D/bin/sh , mount devtmpfs, = sysfs, procfs, and then do "ip link set wlan0 up", "sleep 1", "ip link set = wlan0 down" and the crash occurs. Fix this by setting the correct size of v=
if driver data, which is the size of "struct vif_priv", so that memory is a= llocated and the driver can store its driver data in it, instead of corrupt= ing memory around it.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23073" target=3D= "_blank" rel=3D"noopener">CVE-2026-23073</a></td>

<a href=3D"https://git.kernel.org/stable/c/49ef094fdbc3526e5db2aebb404b84f7= 9c5603dc" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/49ef094fdbc3526e5db2aebb404b84f79c5603dc</a> <a href=3D"https://git.ke= rnel.org/stable/c/0d7c9e793e351cbbe9e06a9ca47d77b6ad288fb0" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/0d7c9e793e351cbbe9e06a9= ca47d77b6ad288fb0</a> <a href=3D"https://git.kernel.org/stable/c/7c54d0c= 3e2cad4300be721ec2aecfcf8a63bc9f4" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/7c54d0c3e2cad4300be721ec2aecfcf8a63bc9f4</a> =
<a href=3D"https://git.kernel.org/stable/c/7761d7801f40e61069b4df3db88b36d8= 0d089f8a" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/7761d7801f40e61069b4df3db88b36d80d089f8a</a> <a href=3D"https://git.ke= rnel.org/stable/c/99129d80a5d4989ef8566f434f3589f60f28042b" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/99129d80a5d4989ef8566f4= 34f3589f60f28042b</a> <a href=3D"https://git.kernel.org/stable/c/31efbcf= f90884ea5f65bf3d1de01267db51ee3d1" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/31efbcff90884ea5f65bf3d1de01267db51ee3d1</a> =
<a href=3D"https://git.kernel.org/stable/c/4f431d88ea8093afc7ba55edf4652978= c5a68f33" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/4f431d88ea8093afc7ba55edf4652978c5a68f33</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: net= /sched: Enforce that teql can only be used as root qdisc Design intent of t= eql is that it is only supposed to be used as root qdisc. We need to check = for that constraint. Although not important, I will describe the scenario t= hat unearthed this issue for the curious. GangMin Kim <km.kim1503@gmail.= com> managed to concot a scenario as follows: ROOT qdisc 1:0 (QFQ) =E2= =94=9C=E2=94=80=E2=94=80 class 1:1 (weight=3D15, lmax=3D16384) netem with d= elay 6.4s =E2=94=94=E2=94=80=E2=94=80 class 1:2 (weight=3D1, lmax=3D1514) t= eql GangMin sends a packet which is enqueued to 1:1 (netem). Any invocation=
of dequeue by QFQ from this class will not return a packet until after 6.4=
s. In the meantime, a second packet is sent and it lands on 1:2. teql's enq= ueue will return success and this will activate class 1:2. Main issue is th=
at teql only updates the parent visible qlen (sch->q.qlen) at dequeue. S= ince QFQ will only call dequeue if peek succeeds (and teql's peek always re= turns NULL), dequeue will never be called and thus the qlen will remain as =
0. With that in mind, when GangMin updates 1:2's lmax value, the qfq_change= _class calls qfq_deact_rm_from_agg. Since the child qdisc's qlen was not in= cremented, qfq fails to deactivate the class, but still frees its pointers = from the aggregate. So when the first packet is rescheduled after 6.4 secon=
ds (netem's delay), a dangling pointer is accessed causing GangMin's causin=
g a UAF.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23074" target=3D= "_blank" rel=3D"noopener">CVE-2026-23074</a></td>

<a href=3D"https://git.kernel.org/stable/c/73d970ff0eddd874a84c953387c7f446= 4b705fc6" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/73d970ff0eddd874a84c953387c7f4464b705fc6</a> <a href=3D"https://git.ke= rnel.org/stable/c/ae810e6a8ac4fe25042e6825d2a401207a2e41fb" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/ae810e6a8ac4fe25042e682= 5d2a401207a2e41fb</a> <a href=3D"https://git.kernel.org/stable/c/dad49a6= 7c2d817bfec98e6e45121b351e3a0202c" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/dad49a67c2d817bfec98e6e45121b351e3a0202c</a> =
<a href=3D"https://git.kernel.org/stable/c/0686bedfed34155520f3f735cbf3210c= b9044380" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/0686bedfed34155520f3f735cbf3210cb9044380</a> <a href=3D"https://git.ke= rnel.org/stable/c/4c7e8aa71c9232cba84c289b4b56cba80b280841" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/4c7e8aa71c9232cba84c289= b4b56cba80b280841</a> <a href=3D"https://git.kernel.org/stable/c/16ed73c= 1282d376b956bff23e5139add061767ba" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/16ed73c1282d376b956bff23e5139add061767ba</a> =
<a href=3D"https://git.kernel.org/stable/c/50da4b9d07a7a463e2cfb738f3ad4cff= 6b2c9c3b" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/50da4b9d07a7a463e2cfb738f3ad4cff6b2c9c3b</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: can=
: esd_usb: esd_usb_read_bulk_callback(): fix URB memory leak Fix similar me= mory leak as in commit 7352e1d5932a ("can: gs_usb: gs_usb_receive_bulk_call= back(): fix URB memory leak"). In esd_usb_open(), the URBs for USB-in trans= fers are allocated, added to the dev->rx_submitted anchor and submitted.=
In the complete callback esd_usb_read_bulk_callback(), the URBs are proces= sed and resubmitted. In esd_usb_close() the URBs are freed by calling usb_k= ill_anchored_urbs(&dev->rx_submitted). However, this does not take i= nto account that the USB framework unanchors the URB before the complete fu= nction is called. This means that once an in-URB has been completed, it is =
no longer anchored and is ultimately not released in esd_usb_close(). Fix t=
he memory leak by anchoring the URB in the esd_usb_read_bulk_callback() to = the dev->rx_submitted anchor.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23075" target=3D= "_blank" rel=3D"noopener">CVE-2026-23075</a></td>

<a href=3D"https://git.kernel.org/stable/c/93b34d4ba7266030801a509c088ac77c= 0d7a12e9" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/93b34d4ba7266030801a509c088ac77c0d7a12e9</a> <a href=3D"https://git.ke= rnel.org/stable/c/dc934d96673992af8568664c1b58e13eb164010d" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/dc934d96673992af8568664= c1b58e13eb164010d</a> <a href=3D"https://git.kernel.org/stable/c/92d26ce= 07ac3b7a850dc68c8d73d487b39c39b33" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/92d26ce07ac3b7a850dc68c8d73d487b39c39b33</a> =
<a href=3D"https://git.kernel.org/stable/c/adec5e1f9c99fe079ec4c92cca3f1109= a3e257c3" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/adec5e1f9c99fe079ec4c92cca3f1109a3e257c3</a> <a href=3D"https://git.ke= rnel.org/stable/c/9d1807b442fc3286b204f8e59981b10e743533ce" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/9d1807b442fc3286b204f8e= 59981b10e743533ce</a> <a href=3D"https://git.kernel.org/stable/c/a9503ae= 43256e80db5cba9d449b238607164c51d" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/a9503ae43256e80db5cba9d449b238607164c51d</a> =
<a href=3D"https://git.kernel.org/stable/c/5a4391bdc6c8357242f62f22069c865b= 792406b3" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/5a4391bdc6c8357242f62f22069c865b792406b3</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: ALS=
A: ctxfi: Fix potential OOB access in audio mixer handling In the audio mix=
er handling code of ctxfi driver, the conf field is used as a kind of loop = index, and it's referred in the index callbacks (amixer_index() and sum_ind= ex()). As spotted recently by fuzzers, the current code causes OOB access a=
t those functions. | UBSAN: array-index-out-of-bounds in /build/reproducibl= e-path/linux-6.17.8/sound/pci/ctxfi/ctamixer.c:347:48 | index 8 is out of r= ange for type 'unsigned char [8]' After the analysis, the cause was found t=
o be the lack of the proper (re-)initialization of conj field. This patch a= ddresses those OOB accesses by adding the proper initializations of the loo=
p indices.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23076" target=3D= "_blank" rel=3D"noopener">CVE-2026-23076</a></td>

<a href=3D"https://git.kernel.org/stable/c/6524205326e0c1a21263b5c14e48e14e= f7e449ae" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/6524205326e0c1a21263b5c14e48e14ef7e449ae</a> <a href=3D"https://git.ke= rnel.org/stable/c/afca7ff5d5d4d63a1acb95461f55ca9a729feedf" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/afca7ff5d5d4d63a1acb954= 61f55ca9a729feedf</a> <a href=3D"https://git.kernel.org/stable/c/8c1d098= 06e1441bc6a54b9a4f2818918046d5174" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/8c1d09806e1441bc6a54b9a4f2818918046d5174</a> =
<a href=3D"https://git.kernel.org/stable/c/a8c42d11b0526a89192bd2f79facb4c6= 0c8a1f38" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/a8c42d11b0526a89192bd2f79facb4c60c8a1f38</a> <a href=3D"https://git.ke= rnel.org/stable/c/d77ba72558cd66704f0fb7e0969f697e87c0f71c" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/d77ba72558cd66704f0fb7e= 0969f697e87c0f71c</a> <a href=3D"https://git.kernel.org/stable/c/873e236= 0d247eeee642878fcc3398babff7e387c" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/873e2360d247eeee642878fcc3398babff7e387c</a> =
<a href=3D"https://git.kernel.org/stable/c/61006c540cbdedea83b05577dc7fb7fa= 18fe1276" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/61006c540cbdedea83b05577dc7fb7fa18fe1276</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: mm/= vma: fix anon_vma UAF on mremap() faulted, unfaulted merge Patch series "mm= /vma: fix anon_vma UAF on mremap() faulted, unfaulted merge", v2. Commit 87= 9bca0a2c4f ("mm/vma: fix incorrectly disallowed anonymous VMA merges") intr= oduced the ability to merge previously unavailable VMA merge scenarios. How= ever, it is handling merges incorrectly when it comes to mremap() of a faul= ted VMA adjacent to an unfaulted VMA. The issues arise in three cases: 1. P= revious VMA unfaulted: copied -----| v |-----------|.............| | unfaul= ted |(faulted VMA)| |-----------|.............| prev 2. Next VMA unfaulted:=
copied -----| v |.............|-----------| |(faulted VMA)| unfaulted | |.= ............|-----------| next 3. Both adjacent VMAs unfaulted: copied ----=
-| v |-----------|.............|-----------| | unfaulted |(faulted VMA)| un= faulted | |-----------|.............|-----------| prev next This series fix=
es each of these cases, and introduces self tests to assert that the issues=
are corrected. I also test a further case which was already handled, to as= sert that my changes continues to correctly handle it: 4. prev unfaulted, n= ext faulted: copied -----| v |-----------|.............|-----------| | unfa= ulted |(faulted VMA)| faulted | |-----------|.............|-----------| pre=
v next This bug was discovered via a syzbot report, linked to in the first = patch in the series, I confirmed that this series fixes the bug. I also dis= covered that we are failing to check that the faulted VMA was not forked wh=
en merging a copied VMA in cases 1-3 above, an issue this series also addre= sses. I also added self tests to assert that this is resolved (and confirme=
d that the tests failed prior to this). I also cleaned up vma_expand() as p= art of this work, renamed vma_had_uncowed_parents() to vma_is_fork_child() =
as the previous name was unduly confusing, and simplified the comments arou=
nd this function. This patch (of 4): Commit 879bca0a2c4f ("mm/vma: fix inco= rrectly disallowed anonymous VMA merges") introduced the ability to merge p= reviously unavailable VMA merge scenarios. The key piece of logic introduce=
d was the ability to merge a faulted VMA immediately next to an unfaulted V= MA, which relies upon dup_anon_vma() to correctly handle anon_vma state. In=
the case of the merge of an existing VMA (that is changing properties of a=
VMA and then merging if those properties are shared by adjacent VMAs), dup= _anon_vma() is invoked correctly. However in the case of the merge of a new=
VMA, a corner case peculiar to mremap() was missed. The issue is that vma_= expand() only performs dup_anon_vma() if the target (the VMA that will ulti= mately become the merged VMA): is not the next VMA, i.e. the one that appea=
rs after the range in which the new VMA is to be established. A key insight=
here is that in all other cases other than mremap(), a new VMA merge eithe=
r expands an existing VMA, meaning that the target VMA will be that VMA, or=
would have anon_vma be NULL. Specifically: * __mmap_region() - no anon_vma=
in place, initial mapping. * do_brk_flags() - expanding an existing VMA. *=
vma_merge_extend() - expanding an existing VMA. * relocate_vma_down() - no=
anon_vma in place, initial mapping. In addition, we are in the unique situ= ation of needing to duplicate anon_vma state from a VMA that is neither the=
previous or next VMA being merged with. dup_anon_vma() deals exclusively w= ith the target=3Dunfaulted, src=3Dfaulted case. This leaves four possibilit= ies, in each case where the copied VMA is faulted: 1. Previous VMA unfaulte=
d: copied -----| ---truncated---</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23077" target=3D= "_blank" rel=3D"noopener">CVE-2026-23077</a></td>

<a href=3D"https://git.kernel.org/stable/c/a4d9dbfc1bab16e25fefd34b5e537a46= bed8fc96" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/a4d9dbfc1bab16e25fefd34b5e537a46bed8fc96</a> <a href=3D"https://git.ke= rnel.org/stable/c/61f67c230a5e7c741c352349ea80147fbe65bfae" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/61f67c230a5e7c741c35234= 9ea80147fbe65bfae</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: ALS=
A: scarlett2: Fix buffer overflow in config retrieval The scarlett2_usb_get= _config() function has a logic error in the endianness conversion code that=
can cause buffer overflows when count > 1. The code checks `if (size = =3D=3D 2)` where `size` is the total buffer size in bytes, then loops `coun=
t` times treating each element as u16 (2 bytes). This causes the loop to ac= cess `count * 2` bytes when the buffer only has `size` bytes allocated. Fix=
by checking the element size (config_item->size) instead of the total b= uffer size. This ensures the endianness conversion matches the actual eleme=
nt type.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23078" target=3D= "_blank" rel=3D"noopener">CVE-2026-23078</a></td>

<a href=3D"https://git.kernel.org/stable/c/d5e80d1f97ae55bcea1426f551e44192= 45b41b9c" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/d5e80d1f97ae55bcea1426f551e4419245b41b9c</a> <a href=3D"https://git.ke= rnel.org/stable/c/51049f6e3f05d70660e2458ad3bb302a3721b751" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/51049f6e3f05d70660e2458= ad3bb302a3721b751</a> <a href=3D"https://git.kernel.org/stable/c/91a756d= 22f0482eac5bedb113c8922f90b254449" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/91a756d22f0482eac5bedb113c8922f90b254449</a> =
<a href=3D"https://git.kernel.org/stable/c/27049f50be9f5ae3a62d272128ce0b38= 1cb26a24" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/27049f50be9f5ae3a62d272128ce0b381cb26a24</a> <a href=3D"https://git.ke= rnel.org/stable/c/31a3eba5c265a763260976674a22851e83128f6d" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/31a3eba5c265a7632609766= 74a22851e83128f6d</a> <a href=3D"https://git.kernel.org/stable/c/6f5c69f= 72e50d51be3a8c028ae7eda42c82902cb" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/6f5c69f72e50d51be3a8c028ae7eda42c82902cb</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: gpi=
o: cdev: Fix resource leaks on errors in lineinfo_changed_notify() On error=
handling paths, lineinfo_changed_notify() doesn't free the allocated resou= rces which results leaks. Fix it.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23079" target=3D= "_blank" rel=3D"noopener">CVE-2026-23079</a></td>

<a href=3D"https://git.kernel.org/stable/c/16414341b0dd58b650b5df45c79115bc= 5977bb76" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/16414341b0dd58b650b5df45c79115bc5977bb76</a> <a href=3D"https://git.ke= rnel.org/stable/c/70b3c280533167749a8f740acaa8ef720f78f984" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/70b3c280533167749a8f740= acaa8ef720f78f984</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: can=
: mcba_usb: mcba_usb_read_bulk_callback(): fix URB memory leak Fix similar = memory leak as in commit 7352e1d5932a ("can: gs_usb: gs_usb_receive_bulk_ca= llback(): fix URB memory leak"). In mcba_usb_probe() -> mcba_usb_start()=
, the URBs for USB-in transfers are allocated, added to the priv->rx_sub= mitted anchor and submitted. In the complete callback mcba_usb_read_bulk_ca= llback(), the URBs are processed and resubmitted. In mcba_usb_close() ->=
mcba_urb_unlink() the URBs are freed by calling usb_kill_anchored_urbs(&am= p;priv->rx_submitted). However, this does not take into account that the=
USB framework unanchors the URB before the complete function is called. Th=
is means that once an in-URB has been completed, it is no longer anchored a=
nd is ultimately not released in usb_kill_anchored_urbs(). Fix the memory l= eak by anchoring the URB in the mcba_usb_read_bulk_callback()to the priv-&g= t;rx_submitted anchor.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23080" target=3D= "_blank" rel=3D"noopener">CVE-2026-23080</a></td>

<a href=3D"https://git.kernel.org/stable/c/8b34c611a4feb81921bc4728c091e4e3= ba0270c0" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/8b34c611a4feb81921bc4728c091e4e3ba0270c0</a> <a href=3D"https://git.ke= rnel.org/stable/c/b5a1ccdc63b71d93a69a6b72f7a3f3934293ea60" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/b5a1ccdc63b71d93a69a6b7= 2f7a3f3934293ea60</a> <a href=3D"https://git.kernel.org/stable/c/59153b6= 388e05609144ad56a9b354e9100a91983" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/59153b6388e05609144ad56a9b354e9100a91983</a> =
<a href=3D"https://git.kernel.org/stable/c/179f6f0cf5ae489743273b7c1644324c= 0c477ea9" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/179f6f0cf5ae489743273b7c1644324c0c477ea9</a> <a href=3D"https://git.ke= rnel.org/stable/c/94c9f6f7b953f6382fef4bdc48c046b861b8868f" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/94c9f6f7b953f6382fef4bd= c48c046b861b8868f</a> <a href=3D"https://git.kernel.org/stable/c/d374d71= 5e338dfc3804aaa006fa6e470ffebb264" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/d374d715e338dfc3804aaa006fa6e470ffebb264</a> =
<a href=3D"https://git.kernel.org/stable/c/710a7529fb13c5a470258ff5508ed3c4= 98d54729" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/710a7529fb13c5a470258ff5508ed3c498d54729</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: net=
: phy: intel-xway: fix OF node refcount leakage Automated review spotted am=
OF node reference count leakage when checking if the 'leds' child node exi= sts. Call of_put_node() to correctly maintain the refcount.</td> <td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23081" target=3D= "_blank" rel=3D"noopener">CVE-2026-23081</a></td>

<a href=3D"https://git.kernel.org/stable/c/1f24dfd556401b75f78e8d9cbd94dd9f= 31411c3a" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/1f24dfd556401b75f78e8d9cbd94dd9f31411c3a</a> <a href=3D"https://git.ke= rnel.org/stable/c/79912b256e14054e6ba177d7e7e631485ce23dbe" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/79912b256e14054e6ba177d= 7e7e631485ce23dbe</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: can=
: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() = error In commit 7352e1d5932a ("can: gs_usb: gs_usb_receive_bulk_callback():=
fix URB memory leak"), the URB was re-anchored before usb_submit_urb() in = gs_usb_receive_bulk_callback() to prevent a leak of this URB during cleanup=
. However, this patch did not take into account that usb_submit_urb() could=
fail. The URB remains anchored and usb_kill_anchored_urbs(&parent->= rx_submitted) in gs_can_close() loops infinitely since the anchor list neve=
r becomes empty. To fix the bug, unanchor the URB when an usb_submit_urb() = error occurs, also print an info message.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23082" target=3D= "_blank" rel=3D"noopener">CVE-2026-23082</a></td>

<a href=3D"https://git.kernel.org/stable/c/aa8a8866c533a150be4763bcb2799360= 3bd5426c" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/aa8a8866c533a150be4763bcb27993603bd5426c</a> <a href=3D"https://git.ke= rnel.org/stable/c/ce4352057fc5a986c76ece90801b9755e7c6e56c" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/ce4352057fc5a986c76ece9= 0801b9755e7c6e56c</a> <a href=3D"https://git.kernel.org/stable/c/c610b55= 0ccc0438d456dfe1df9f4f36254ccaae3" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/c610b550ccc0438d456dfe1df9f4f36254ccaae3</a> =
<a href=3D"https://git.kernel.org/stable/c/c3edc14da81a8d8398682f6e4ab819f0= 9f37c0b7" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/c3edc14da81a8d8398682f6e4ab819f09f37c0b7</a> <a href=3D"https://git.ke= rnel.org/stable/c/79a6d1bfe1148bc921b8d7f3371a7fbce44e30f7" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/79a6d1bfe1148bc921b8d7f= 3371a7fbce44e30f7</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: fou=
: Don't allow 0 for FOU_ATTR_IPPROTO. fou_udp_recv() has the same problem m= entioned in the previous patch. If FOU_ATTR_IPPROTO is set to 0, skb is not=
freed by fou_udp_recv() nor "resubmit"-ted in ip_protocol_deliver_rcu(). L= et's forbid 0 for FOU_ATTR_IPPROTO.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23083" target=3D= "_blank" rel=3D"noopener">CVE-2026-23083</a></td>

<a href=3D"https://git.kernel.org/stable/c/c7498f9bc390479ccfad7c7f2332237f= f4945b03" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/c7498f9bc390479ccfad7c7f2332237ff4945b03</a> <a href=3D"https://git.ke= rnel.org/stable/c/611ef4bd9c73d9e6d87bed57a635ff1fdd8c91ea" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/611ef4bd9c73d9e6d87bed5= 7a635ff1fdd8c91ea</a> <a href=3D"https://git.kernel.org/stable/c/6e98378= 9b7588ee59cbf303583546c043bad8e19" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/6e983789b7588ee59cbf303583546c043bad8e19</a> =
<a href=3D"https://git.kernel.org/stable/c/1cc98b8887cabb1808d2f4a37cd10a7b= e7574771" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/1cc98b8887cabb1808d2f4a37cd10a7be7574771</a> <a href=3D"https://git.ke= rnel.org/stable/c/b7db31a52c3862a1a32202a273a4c32e7f5f4823" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/b7db31a52c3862a1a32202a= 273a4c32e7f5f4823</a> <a href=3D"https://git.kernel.org/stable/c/9b75dff= 8446ec871030d8daf5a69e74f5fe8b956" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/9b75dff8446ec871030d8daf5a69e74f5fe8b956</a> =
<a href=3D"https://git.kernel.org/stable/c/7a9bc9e3f42391e4c187e099263cf7a1= c4b69ff5" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/7a9bc9e3f42391e4c187e099263cf7a1c4b69ff5</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: be2= net: Fix NULL pointer dereference in be_cmd_get_mac_from_list When the para= meter pmac_id_valid argument of be_cmd_get_mac_from_list() is set to false,=
the driver may request the PMAC_ID from the firmware of the network card, = and this function will store that PMAC_ID at the provided address pmac_id. = This is the contract of this function. However, there is a location within = the driver where both pmac_id_valid =3D=3D false and pmac_id =3D=3D NULL ar=
e being passed. This could result in dereferencing a NULL pointer. To resol=
ve this issue, it is necessary to pass the address of a stub variable to th=
e function.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23084" target=3D= "_blank" rel=3D"noopener">CVE-2026-23084</a></td>

<a href=3D"https://git.kernel.org/stable/c/4cba480c9b9a3861a515262225cb53a1= f5978344" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/4cba480c9b9a3861a515262225cb53a1f5978344</a> <a href=3D"https://git.ke= rnel.org/stable/c/92c6dc181a18e6e0ddb872ed35cb48a9274829e4" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/92c6dc181a18e6e0ddb872e= d35cb48a9274829e4</a> <a href=3D"https://git.kernel.org/stable/c/6c3e008= 88dbec887125a08b51a705b9b163fcdd1" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/6c3e00888dbec887125a08b51a705b9b163fcdd1</a> =
<a href=3D"https://git.kernel.org/stable/c/e206fb415db36bad52bb90c08d46ce71= ffbe8a80" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/e206fb415db36bad52bb90c08d46ce71ffbe8a80</a> <a href=3D"https://git.ke= rnel.org/stable/c/47ffb4dcffe336f4a7bd0f3284be7aadc6484698" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/47ffb4dcffe336f4a7bd0f3= 284be7aadc6484698</a> <a href=3D"https://git.kernel.org/stable/c/31410a0= 1a86bcb98c798d01061abf1f789c4f75a" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/31410a01a86bcb98c798d01061abf1f789c4f75a</a> =
<a href=3D"https://git.kernel.org/stable/c/8215794403d264739cc6766680875129= 50b2ff31" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/8215794403d264739cc676668087512950b2ff31</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: irq= chip/gic-v3-its: Avoid truncating memory addresses On 32-bit machines with = CONFIG_ARM_LPAE, it is possible for lowmem allocations to be backed by addr= esses physical memory above the 32-bit address limit, as found while experi= menting with larger VMSPLIT configurations. This caused the qemu virt model=
to crash in the GICv3 driver, which allocates the 'itt' object using GFP_K= ERNEL. Since all memory below the 4GB physical address limit is in ZONE_DMA=
in this configuration, kmalloc() defaults to higher addresses for ZONE_NOR= MAL, and the ITS driver stores the physical address in a 32-bit 'unsigned l= ong' variable. Change the itt_addr variable to the correct phys_addr_t type=
instead, along with all other variables in this driver that hold a physica=
l address. The gicv5 driver correctly uses u64 variables, while all other i= rqchip drivers don't call virt_to_phys or similar interfaces. It's expected=
that other device drivers have similar issues, but fixing this one is suff= icient for booting a virtio based guest.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23085" target=3D= "_blank" rel=3D"noopener">CVE-2026-23085</a></td>

<a href=3D"https://git.kernel.org/stable/c/e332b3b69e5b3acf07204a4b185071ba= b15c2b88" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/e332b3b69e5b3acf07204a4b185071bab15c2b88</a> <a href=3D"https://git.ke= rnel.org/stable/c/e2f9c751f73a2d5bb62d94ab030aec118a811f27" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/e2f9c751f73a2d5bb62d94a= b030aec118a811f27</a> <a href=3D"https://git.kernel.org/stable/c/85215d6= 33983233809f7d4dad163b953331b8238" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/85215d633983233809f7d4dad163b953331b8238</a> =
<a href=3D"https://git.kernel.org/stable/c/1b323391560354d8c515de8658b057a1= daa82adb" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/1b323391560354d8c515de8658b057a1daa82adb</a> <a href=3D"https://git.ke= rnel.org/stable/c/084ba3b99f2dfd991ce7e84fb17117319ec3cd9f" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/084ba3b99f2dfd991ce7e84= fb17117319ec3cd9f</a> <a href=3D"https://git.kernel.org/stable/c/03faa61= eb4b9ca9aa09bd91d4c3773d8e7b1ac98" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/03faa61eb4b9ca9aa09bd91d4c3773d8e7b1ac98</a> =
<a href=3D"https://git.kernel.org/stable/c/8d76a7d89c12d08382b66e2f21f20d06= 27d14859" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/8d76a7d89c12d08382b66e2f21f20d0627d14859</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: vso= ck/virtio: cap TX credit to local buffer size The virtio transports derives=
its TX credit directly from peer_buf_alloc, which is set from the remote e= ndpoint's SO_VM_SOCKETS_BUFFER_SIZE value. On the host side this means that=
the amount of data we are willing to queue for a connection is scaled by a=
guest-chosen buffer size, rather than the host's own vsock configuration. =
A malicious guest can advertise a large buffer and read slowly, causing the=
host to allocate a correspondingly large amount of sk_buff memory. The sam=
e thing would happen in the guest with a malicious host, since virtio trans= ports share the same code base. Introduce a small helper, virtio_transport_= tx_buf_size(), that returns min(peer_buf_alloc, buf_alloc), and use it wher= ever we consume peer_buf_alloc. This ensures the effective TX window is bou= nded by both the peer's advertised buffer and our own buf_alloc (already cl= amped to buffer_max_size via SO_VM_SOCKETS_BUFFER_MAX_SIZE), so a remote pe=
er cannot force the other to queue more data than allowed by its own vsock = settings. On an unpatched Ubuntu 22.04 host (~64 GiB RAM), running a PoC wi=
th 32 guest vsock connections advertising 2 GiB each and reading slowly dro=
ve Slab/SUnreclaim from ~0.5 GiB to ~57 GiB; the system only recovered afte=
r killing the QEMU process. That said, if QEMU memory is limited with cgrou= ps, the maximum memory used will be limited. With this patch applied: Befor=
e: MemFree: ~61.6 GiB Slab: ~142 MiB SUnreclaim: ~117 MiB After 32 high-cre= dit connections: MemFree: ~61.5 GiB Slab: ~178 MiB SUnreclaim: ~152 MiB Onl=
y ~35 MiB increase in Slab/SUnreclaim, no host OOM, and the guest remains r= esponsive. Compatibility with non-virtio transports: - VMCI uses the AF_VSO=
CK buffer knobs to size its queue pairs per socket based on the local vsk-&= gt;buffer_* values; the remote side cannot enlarge those queues beyond what=
the local endpoint configured. - Hyper-V's vsock transport uses fixed-size=
VMBus ring buffers and an MTU bound; there is no peer-controlled credit fi= eld comparable to peer_buf_alloc, and the remote endpoint cannot drive in-f= light kernel memory above those ring sizes. - The loopback path reuses virt= io_transport_common.c, so it naturally follows the same semantics as the vi= rtio transport. This change is limited to virtio_transport_common.c and thu=
s affects virtio-vsock, vhost-vsock, and loopback, bringing them in line wi=
th the "remote window intersected with local policy" behaviour that VMCI an=
d Hyper-V already effectively have. [Stefano: small adjustments after chang= ing the previous patch] [Stefano: tweak the commit message]</td> <td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23086" target=3D= "_blank" rel=3D"noopener">CVE-2026-23086</a></td>

<a href=3D"https://git.kernel.org/stable/c/fef7110ae5617555c792a2bb4d27878d= 84583adf" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/fef7110ae5617555c792a2bb4d27878d84583adf</a> <a href=3D"https://git.ke= rnel.org/stable/c/d9d5f222558b42f6277eafaaa6080966faf37676" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/d9d5f222558b42f6277eafa= aa6080966faf37676</a> <a href=3D"https://git.kernel.org/stable/c/c0e42fb= 0e054c2b2ec4ee80f48ccd256ae0227ce" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/c0e42fb0e054c2b2ec4ee80f48ccd256ae0227ce</a> =
<a href=3D"https://git.kernel.org/stable/c/84ef86aa7120449828d1e0ce438c4990= 14839711" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/84ef86aa7120449828d1e0ce438c499014839711</a> <a href=3D"https://git.ke= rnel.org/stable/c/8ee784fdf006cbe8739cfa093f54d326cbf54037" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/8ee784fdf006cbe8739cfa0= 93f54d326cbf54037</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: scs=
i: xen: scsiback: Fix potential memory leak in scsiback_remove() Memory all= ocated for struct vscsiblk_info in scsiback_probe() is not freed in scsibac= k_remove() leading to potential memory leaks on remove, as well as in the s= csiback_probe() error paths. Fix that by freeing it in scsiback_remove().</=

<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23087" target=3D= "_blank" rel=3D"noopener">CVE-2026-23087</a></td>

<a href=3D"https://git.kernel.org/stable/c/a8bb3ec8d85951a56af0a72d93ccbc2a= ee42eef9" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/a8bb3ec8d85951a56af0a72d93ccbc2aee42eef9</a> <a href=3D"https://git.ke= rnel.org/stable/c/427b0fb30ddec3bad05dcd73b00718f98c7026d2" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/427b0fb30ddec3bad05dcd7= 3b00718f98c7026d2</a> <a href=3D"https://git.kernel.org/stable/c/4a975c7= 2429b050c234405668b742cdecc11548e" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/4a975c72429b050c234405668b742cdecc11548e</a> =
<a href=3D"https://git.kernel.org/stable/c/f86264ec0e2b102fcd49bf3e4f32fee6= 69d482fc" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/f86264ec0e2b102fcd49bf3e4f32fee669d482fc</a> <a href=3D"https://git.ke= rnel.org/stable/c/32e52b56056daf0f0881fd9254706acf25b4be97" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/32e52b56056daf0f0881fd9= 254706acf25b4be97</a> <a href=3D"https://git.kernel.org/stable/c/24c441f= 0e24da175d7912095663f526ac480dc4f" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/24c441f0e24da175d7912095663f526ac480dc4f</a> =
<a href=3D"https://git.kernel.org/stable/c/901a5f309daba412e2a30364d7ec1492= fa11c32c" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/901a5f309daba412e2a30364d7ec1492fa11c32c</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: tra= cing: Fix crash on synthetic stacktrace field usage When creating a synthet=
ic event based on an existing synthetic event that had a stacktrace field a=
nd the new synthetic event used that field a kernel crash occurred: ~# cd /= sys/kernel/tracing ~# echo 's:stack unsigned long stack[];' > dynamic_ev= ents ~# echo 'hist:keys=3Dprev_pid:s0=3Dcommon_stacktrace if prev_state &am=
p; 3' >> events/sched/sched_switch/trigger ~# echo 'hist:keys=3Dnext_= pid:s1=3D$s0:onmatch(sched.sched_switch).trace(stack,$s1)' >> events/= sched/sched_switch/trigger The above creates a synthetic event that takes a=
stacktrace when a task schedules out in a non-running state and passes tha=
t stacktrace to the sched_switch event when that task schedules back in. It=
triggers the "stack" synthetic event that has a stacktrace as its field (c= alled "stack"). ~# echo 's:syscall_stack s64 id; unsigned long stack[];' &g= t;> dynamic_events ~# echo 'hist:keys=3Dcommon_pid:s2=3Dstack' >> = events/synthetic/stack/trigger ~# echo 'hist:keys=3Dcommon_pid:s3=3D$s2,i0= =3Did:onmatch(synthetic.stack).trace(syscall_stack,$i0,$s3)' >> event= s/raw_syscalls/sys_exit/trigger The above makes another synthetic event cal= led "syscall_stack" that attaches the first synthetic event (stack) to the = sys_exit trace event and records the stacktrace from the stack event with t=
he id of the system call that is exiting. When enabling this event (or usin=
g it in a historgram): ~# echo 1 > events/synthetic/syscall_stack/enable=
Produces a kernel crash! BUG: unable to handle page fault for address: 000= 0000000400010 #PF: supervisor read access in kernel mode #PF: error_code(0x= 0000) - not-present page PGD 0 P4D 0 Oops: Oops: 0000 [#1] SMP PTI CPU: 6 U= ID: 0 PID: 1257 Comm: bash Not tainted 6.16.3+deb14-amd64 #1 PREEMPT(lazy) = Debian 6.16.3-1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.= 17.0-debian-1.17.0-1 04/01/2014 RIP: 0010:trace_event_raw_event_synth+0x90/= 0x380 Code: c5 00 00 00 00 85 d2 0f 84 e1 00 00 00 31 db eb 34 0f 1f 00 66 =
66 2e 0f 1f 84 00 00 00 00 00 66 66 2e 0f 1f 84 00 00 00 00 00 <49> 8=
b 04 24 48 83 c3 01 8d 0c c5 08 00 00 00 01 cd 41 3b 5d 40 0f RSP: 0018:fff= fd2670388f958 EFLAGS: 00010202 RAX: ffff8ba1065cc100 RBX: 0000000000000000 = RCX: 0000000000000000 RDX: 0000000000000001 RSI: fffff266ffda7b90 RDI: ffff= d2670388f9b0 RBP: 0000000000000010 R08: ffff8ba104e76000 R09: ffffd2670388f= a50 R10: ffff8ba102dd42e0 R11: ffffffff9a908970 R12: 0000000000400010 R13: = ffff8ba10a246400 R14: ffff8ba10a710220 R15: fffff266ffda7b90 FS: 00007fa3bc= 63f740(0000) GS:ffff8ba2e0f48000(0000) knlGS:0000000000000000 CS: 0010 DS: = 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000400010 CR3: 0000000107f9= e003 CR4: 0000000000172ef0 Call Trace: <TASK> ? __tracing_map_insert+= 0x208/0x3a0 action_trace+0x67/0x70 event_hist_trigger+0x633/0x6d0 event_tri= ggers_call+0x82/0x130 trace_event_buffer_commit+0x19d/0x250 trace_event_raw= _event_sys_exit+0x62/0xb0 syscall_exit_work+0x9d/0x140 do_syscall_64+0x20a/= 0x2f0 ? trace_event_raw_event_sched_switch+0x12b/0x170 ? save_fpregs_to_fps= tate+0x3e/0x90 ? _raw_spin_unlock+0xe/0x30 ? finish_task_switch.isra.0+0x97= /0x2c0 ? __rseq_handle_notify_resume+0xad/0x4c0 ? __schedule+0x4b8/0xd00 ? = restore_fpregs_from_fpstate+0x3c/0x90 ? switch_fpu_return+0x5b/0xe0 ? do_sy= scall_64+0x1ef/0x2f0 ? do_fault+0x2e9/0x540 ? __handle_mm_fault+0x7d1/0xf70=
? count_memcg_events+0x167/0x1d0 ? handle_mm_fault+0x1d7/0x2e0 ? do_user_a= ddr_fault+0x2c3/0x7f0 entry_SYSCALL_64_after_hwframe+0x76/0x7e The reason i=
s that the stacktrace field is not labeled as such, and is treated as a nor= mal field and not as a dynamic event that it is. In trace_event_raw_event_s= ynth() the event is field is still treated as a dynamic array, but the retr= ieval of the data is considered a normal field, and the reference is just t=
he meta data: // Meta data is retrieved instead of a dynamic array ---trunc= ated---</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23088" target=3D= "_blank" rel=3D"noopener">CVE-2026-23088</a></td>

<a href=3D"https://git.kernel.org/stable/c/98ecbfb2598c9c7ca755a29f402da9d3= 6c057077" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/98ecbfb2598c9c7ca755a29f402da9d36c057077</a> <a href=3D"https://git.ke= rnel.org/stable/c/327af07dff6ab5650b21491eb4f69694999ff3d1" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/327af07dff6ab5650b21491= eb4f69694999ff3d1</a> <a href=3D"https://git.kernel.org/stable/c/3b90d09= 9efa2b67239bd3b3dc3521ec584261748" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/3b90d099efa2b67239bd3b3dc3521ec584261748</a> =
<a href=3D"https://git.kernel.org/stable/c/90f9f5d64cae4e72defd96a2a2276017= 3cb3c9ec" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/90f9f5d64cae4e72defd96a2a22760173cb3c9ec</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: ALS=
A: usb-audio: Fix use-after-free in snd_usb_mixer_free() When snd_usb_creat= e_mixer() fails, snd_usb_mixer_free() frees mixer->id_elems but the cont= rols already added to the card still reference the freed memory. Later when=
snd_card_register() runs, the OSS mixer layer calls their callbacks and hi=
ts a use-after-free read. Call trace: get_ctl_value+0x63f/0x820 sound/usb/m= ixer.c:411 get_min_max_with_quirks.isra.0+0x240/0x1f40 sound/usb/mixer.c:12=
41 mixer_ctl_feature_info+0x26b/0x490 sound/usb/mixer.c:1381 snd_mixer_oss_= build_test+0x174/0x3a0 sound/core/oss/mixer_oss.c:887 ... snd_card_register= +0x4ed/0x6d0 sound/core/init.c:923 usb_audio_probe+0x5ef/0x2a90 sound/usb/c= ard.c:1025 Fix by calling snd_ctl_remove() for all mixer controls before fr= eeing id_elems. We save the next pointer first because snd_ctl_remove() fre=
es the current element.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23089" target=3D= "_blank" rel=3D"noopener">CVE-2026-23089</a></td>

<a href=3D"https://git.kernel.org/stable/c/51b1aa6fe7dc87356ba58df06afb9677= c9b841ea" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/51b1aa6fe7dc87356ba58df06afb9677c9b841ea</a> <a href=3D"https://git.ke= rnel.org/stable/c/56fb6efd5d04caf6f14994d51ec85393b9a896c6" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/56fb6efd5d04caf6f14994d= 51ec85393b9a896c6</a> <a href=3D"https://git.kernel.org/stable/c/7009dae= efa945973a530b2f605fe445fc03747af" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/7009daeefa945973a530b2f605fe445fc03747af</a> =
<a href=3D"https://git.kernel.org/stable/c/7bff0156d13f0ad9436e5178b979b063= d59f572a" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/7bff0156d13f0ad9436e5178b979b063d59f572a</a> <a href=3D"https://git.ke= rnel.org/stable/c/e6f103a22b08daf5df2f4aa158081840e5910963" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/e6f103a22b08daf5df2f4aa= 158081840e5910963</a> <a href=3D"https://git.kernel.org/stable/c/dc1a5dd= 80af1ee1f29d8375b12dd7625f6294dad" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/dc1a5dd80af1ee1f29d8375b12dd7625f6294dad</a> =
<a href=3D"https://git.kernel.org/stable/c/930e69757b74c3ae083b0c3c7419bfe7= f0edc7b2" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/930e69757b74c3ae083b0c3c7419bfe7f0edc7b2</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: sli= mbus: core: fix device reference leak on report present Slimbus devices can=
be allocated dynamically upon reception of report-present messages. Make s= ure to drop the reference taken when looking up already registered devices.=
Note that this requires taking an extra reference in case the device has n=
ot yet been registered and has to be allocated.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23090" target=3D= "_blank" rel=3D"noopener">CVE-2026-23090</a></td>

<a href=3D"https://git.kernel.org/stable/c/b1217e40705b2f6d311c197b12866752= 656217ff" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/b1217e40705b2f6d311c197b12866752656217ff</a> <a href=3D"https://git.ke= rnel.org/stable/c/948615429c9f2ac9d25d4e1f1a4472926b217a9a" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/948615429c9f2ac9d25d4e1= f1a4472926b217a9a</a> <a href=3D"https://git.kernel.org/stable/c/02b78bb= fbafe49832e508079148cb87cdfa55825" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/02b78bbfbafe49832e508079148cb87cdfa55825</a> =
<a href=3D"https://git.kernel.org/stable/c/2ddc09f6a0a221b1d91a7cbc8cc2cefd= bd334fe6" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/2ddc09f6a0a221b1d91a7cbc8cc2cefdbd334fe6</a> <a href=3D"https://git.ke= rnel.org/stable/c/54de72a7aabc0749938d7a2833a0c1a5d3ed7ac9" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/54de72a7aabc0749938d7a2= 833a0c1a5d3ed7ac9</a> <a href=3D"https://git.kernel.org/stable/c/6602bb4= d1338e92b5838e50322b87697bdbd2ee0" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/6602bb4d1338e92b5838e50322b87697bdbd2ee0</a> =
<a href=3D"https://git.kernel.org/stable/c/9391380eb91ea5ac792aae9273535c8d= a5b9aa01" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/9391380eb91ea5ac792aae9273535c8da5b9aa01</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: int= el_th: fix device leak on output open() Make sure to drop the reference tak=
en when looking up the th device during output device open() on errors and =
on close(). Note that a recent commit fixed the leak in a couple of open() = error paths but not all of them, and the reference is still leaking on succ= essful open().</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23091" target=3D= "_blank" rel=3D"noopener">CVE-2026-23091</a></td>

<a href=3D"https://git.kernel.org/stable/c/af4b9467296b9a16ebc0081472380702= 36982b6d" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/af4b9467296b9a16ebc008147238070236982b6d</a> <a href=3D"https://git.ke= rnel.org/stable/c/64015cbf06e8bb75b81ae95b997e847b55280f7f" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/64015cbf06e8bb75b81ae95= b997e847b55280f7f</a> <a href=3D"https://git.kernel.org/stable/c/b71e64e= f7ff9443835d1333e3e80ab1e49e5209f" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/b71e64ef7ff9443835d1333e3e80ab1e49e5209f</a> =
<a href=3D"https://git.kernel.org/stable/c/bf7785434b5d05d940d936b789250809= 50bd54dd" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/bf7785434b5d05d940d936b78925080950bd54dd</a> <a href=3D"https://git.ke= rnel.org/stable/c/0fca16c5591534cc1fec8b6181277ee3a3d0f26c" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/0fca16c5591534cc1fec8b6= 181277ee3a3d0f26c</a> <a href=3D"https://git.kernel.org/stable/c/f9b059b= da4276f2bb72cb98ec7875a747f042ea2" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/f9b059bda4276f2bb72cb98ec7875a747f042ea2</a> =
<a href=3D"https://git.kernel.org/stable/c/95fc36a234da24bbc5f476f8104a5a15= f99ed3e3" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/95fc36a234da24bbc5f476f8104a5a15f99ed3e3</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: iio=
: dac: ad3552r-hs: fix out-of-bound write in ad3552r_hs_write_data_source W= hen simple_write_to_buffer() succeeds, it returns the number of bytes actua= lly copied to the buffer. The code incorrectly uses 'count' as the index fo=
r null termination instead of the actual bytes copied. If count exceeds the=
buffer size, this leads to out-of-bounds write. Add a check for the count = and use the return value as the index. The bug was validated using a demo m= odule that mirrors the original code and was tested under QEMU. Pattern of = the bug: - A fixed 64-byte stack buffer is filled using count. - If count &= gt; 64, the code still does buf[count] =3D ' ', causing an - out-of-bounds = write on the stack. Steps for reproduce: - Opens the device node. - Writes = 128 bytes of A to it. - This overflows the 64-byte stack buffer and KASAN r= eports the OOB. Found via static analysis. This is similar to the commit da= 9374819eb3 ("iio: backend: fix out-of-bound write")</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23092" target=3D= "_blank" rel=3D"noopener">CVE-2026-23092</a></td>

<a href=3D"https://git.kernel.org/stable/c/db16e7c52032c79156930a337ee17232= 931794ba" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/db16e7c52032c79156930a337ee17232931794ba</a> <a href=3D"https://git.ke= rnel.org/stable/c/978d28136c53df38f8f0b747191930e2f95e9084" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/978d28136c53df38f8f0b74= 7191930e2f95e9084</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: ksm= bd: smbd: fix dma_unmap_sg() nents The dma_unmap_sg() functions should be c= alled with the same nents as the dma_map_sg(), not the value the map functi=
on returned.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23093" target=3D= "_blank" rel=3D"noopener">CVE-2026-23093</a></td>

<a href=3D"https://git.kernel.org/stable/c/f569f5b8bfd5133defdf9c7f8a72c63a= a11f54ec" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/f569f5b8bfd5133defdf9c7f8a72c63aa11f54ec</a> <a href=3D"https://git.ke= rnel.org/stable/c/6ececffd3e9fe93a87738625dc0671165d27bf96" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/6ececffd3e9fe93a8773862= 5dc0671165d27bf96</a> <a href=3D"https://git.kernel.org/stable/c/4d1e9a4= a450aae47277763562122cc80ed703ab2" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/4d1e9a4a450aae47277763562122cc80ed703ab2</a> =
<a href=3D"https://git.kernel.org/stable/c/70ba85e439221a5d6dda34a3004db664= 0f0525e6" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/70ba85e439221a5d6dda34a3004db6640f0525e6</a> <a href=3D"https://git.ke= rnel.org/stable/c/d1943bc9dc9508f5933788a76f8a35d10e43a646" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/d1943bc9dc9508f5933788a= 76f8a35d10e43a646</a> <a href=3D"https://git.kernel.org/stable/c/98e3e2b= 561bc88f4dd218d1c05890672874692f6" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/98e3e2b561bc88f4dd218d1c05890672874692f6</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: uac= ce: fix isolate sysfs check condition uacce supports the device isolation f= eature. If the driver implements the isolate_err_threshold_read and isolate= _err_threshold_write callback functions, uacce will create sysfs files now.=
Users can read and configure the isolation policy through sysfs. Currently=
, sysfs files are created as long as either isolate_err_threshold_read or i= solate_err_threshold_write callback functions are present. However, accessi=
ng a non-existent callback function may cause the system to crash. Therefor=
e, intercept the creation of sysfs if neither read nor write exists; create=
sysfs if either is supported, but intercept unsupported operations at the = call site.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23094" target=3D= "_blank" rel=3D"noopener">CVE-2026-23094</a></td>

<a href=3D"https://git.kernel.org/stable/c/9ab05cdcac354b1b1139918f49c6418b= 9005d042" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/9ab05cdcac354b1b1139918f49c6418b9005d042</a> <a href=3D"https://git.ke= rnel.org/stable/c/fdbbb47d15ae17bf39fafec7e2028c1f8efba15e" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/fdbbb47d15ae17bf39fafec= 7e2028c1f8efba15e</a> <a href=3D"https://git.kernel.org/stable/c/82821a6= 81d5dcce31475a65190fc39ea8f372cc0" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/82821a681d5dcce31475a65190fc39ea8f372cc0</a> =
<a href=3D"https://git.kernel.org/stable/c/98eec349259b1fd876f350b1c600403b= cef8f85d" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/98eec349259b1fd876f350b1c600403bcef8f85d</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: gue=
: Fix skb memleak with inner IP protocol 0. syzbot reported skb memleak bel= ow. [0] The repro generated a GUE packet with its inner protocol 0. gue_udp= _recv() returns -guehdr->proto_ctype for "resubmit" in ip_protocol_deliv= er_rcu(), but this only works with non-zero protocol number. Let's drop suc=
h packets. Note that 0 is a valid number (IPv6 Hop-by-Hop Option). I think =
it is not practical to encap HOPOPT in GUE, so once someone starts to compl= ain, we could pass down a resubmit flag pointer to distinguish two zeros fr=
om the upper layer: * no error * resubmit HOPOPT [0] BUG: memory leak unref= erenced object 0xffff888109695a00 (size 240): comm "syz.0.17", pid 6088, ji= ffies 4294943096 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 0=
0 00 00 00 00 00 ................ 00 40 c2 10 81 88 ff ff 00 00 00 00 00 00=
00 00 .@.............. backtrace (crc a84b336f): kmemleak_alloc_recursive = include/linux/kmemleak.h:44 [inline] slab_post_alloc_hook mm/slub.c:4958 [i= nline] slab_alloc_node mm/slub.c:5263 [inline] kmem_cache_alloc_noprof+0x3b= 4/0x590 mm/slub.c:5270 __build_skb+0x23/0x60 net/core/skbuff.c:474 build_sk= b+0x20/0x190 net/core/skbuff.c:490 __tun_build_skb drivers/net/tun.c:1541 [= inline] tun_build_skb+0x4a1/0xa40 drivers/net/tun.c:1636 tun_get_user+0xc12= /0x2030 drivers/net/tun.c:1770 tun_chr_write_iter+0x71/0x120 drivers/net/tu= n.c:1999 new_sync_write fs/read_write.c:593 [inline] vfs_write+0x45d/0x710 = fs/read_write.c:686 ksys_write+0xa7/0x170 fs/read_write.c:738 do_syscall_x6=
4 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xa4/0xf80 arch/x86= /entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f</td> <td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23095" target=3D= "_blank" rel=3D"noopener">CVE-2026-23095</a></td>

<a href=3D"https://git.kernel.org/stable/c/886f186328b718400dbf79e1bc8cbcbd= 710ab766" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/886f186328b718400dbf79e1bc8cbcbd710ab766</a> <a href=3D"https://git.ke= rnel.org/stable/c/380a82d36e37db49fd41ecc378c22fd29392e96a" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/380a82d36e37db49fd41ecc= 378c22fd29392e96a</a> <a href=3D"https://git.kernel.org/stable/c/536f5bb= c322eb1e175bdd1ced22b236a951c4d8f" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/536f5bbc322eb1e175bdd1ced22b236a951c4d8f</a> =
<a href=3D"https://git.kernel.org/stable/c/f87b9b7a618c82e7465e872eb10e14c8= 03871892" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/f87b9b7a618c82e7465e872eb10e14c803871892</a> <a href=3D"https://git.ke= rnel.org/stable/c/ce569b389a5c78d64788a5ea94560e17fa574b35" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/ce569b389a5c78d64788a5e= a94560e17fa574b35</a> <a href=3D"https://git.kernel.org/stable/c/5437a27= 9804ced8088cabb945dba88a26d828f8c" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/5437a279804ced8088cabb945dba88a26d828f8c</a> =
<a href=3D"https://git.kernel.org/stable/c/9a56796ad258786d3624eef5aefba394= fc9bdded" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/9a56796ad258786d3624eef5aefba394fc9bdded</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: uac= ce: fix cdev handling in the cleanup path When cdev_device_add fails, it in= ternally releases the cdev memory, and if cdev_device_del is then executed,=
it will cause a hang error. To fix it, we check the return value of cdev_d= evice_add() and clear uacce->cdev to avoid calling cdev_device_del in th=
e uacce_remove.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23096" target=3D= "_blank" rel=3D"noopener">CVE-2026-23096</a></td>

<a href=3D"https://git.kernel.org/stable/c/c94c7188d325bc5137d447d67a2f18f7= d4f2f4a3" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/c94c7188d325bc5137d447d67a2f18f7d4f2f4a3</a> <a href=3D"https://git.ke= rnel.org/stable/c/1bc3e51367c420e6db31f41efa874c7a8e12194a" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/1bc3e51367c420e6db31f41= efa874c7a8e12194a</a> <a href=3D"https://git.kernel.org/stable/c/819d647= 406200d0e83e56fd2df8f451b11290559" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/819d647406200d0e83e56fd2df8f451b11290559</a> =
<a href=3D"https://git.kernel.org/stable/c/d9031575a2f8aabc53af3025dd79af31= 3a2e046b" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/d9031575a2f8aabc53af3025dd79af313a2e046b</a> <a href=3D"https://git.ke= rnel.org/stable/c/98d67a1bd6caddd0a8b8c82a0b925742cf500936" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/98d67a1bd6caddd0a8b8c82= a0b925742cf500936</a> <a href=3D"https://git.kernel.org/stable/c/bd2393e= d7712513e7e2dbcb6e21464a67ff9e702" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/bd2393ed7712513e7e2dbcb6e21464a67ff9e702</a> =
<a href=3D"https://git.kernel.org/stable/c/a3bece3678f6c88db1f44c602b2a63e8= 4b4040ac" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/a3bece3678f6c88db1f44c602b2a63e84b4040ac</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: mig= rate: correct lock ordering for hugetlb file folios Syzbot has found a dead= lock (analyzed by Lance Yang): 1) Task (5749): Holds folio_lock, then tries=
to acquire i_mmap_rwsem(read lock). 2) Task (5754): Holds i_mmap_rwsem(wri=
te lock), then tries to acquire folio_lock. migrate_pages() -> migrate_h= ugetlbs() -> unmap_and_move_huge_page() <- Takes folio_lock! -> re= move_migration_ptes() -> __rmap_walk_file() -> i_mmap_lock_read() &lt=
;- Waits for i_mmap_rwsem(read lock)! hugetlbfs_fallocate() -> hugetlbfs= _punch_hole() <- Takes i_mmap_rwsem(write lock)! -> hugetlbfs_zero_pa= rtial_page() -> filemap_lock_hugetlb_folio() -> filemap_lock_folio() = -> __filemap_get_folio <- Waits for folio_lock! The migration path is=
the one taking locks in the wrong order according to the documentation at = the top of mm/rmap.c. So expand the scope of the existing i_mmap_lock to co= ver the calls to remove_migration_ptes() too. This is (mostly) how it used =
to be after commit c0d0381ade79. That was removed by 336bf30eb765 for both = file & anon hugetlb pages when it should only have been removed for ano=
n hugetlb pages.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23097" target=3D= "_blank" rel=3D"noopener">CVE-2026-23097</a></td>

<a href=3D"https://git.kernel.org/stable/c/e7396d23f9d5739f56cf9ab430c3a169= f5508394" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/e7396d23f9d5739f56cf9ab430c3a169f5508394</a> <a href=3D"https://git.ke= rnel.org/stable/c/ad97b9a55246eb940a26ac977f80892a395cabf9" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/ad97b9a55246eb940a26ac9= 77f80892a395cabf9</a> <a href=3D"https://git.kernel.org/stable/c/5edb985= 4f8df5428b40990a1c7d60507da5bd330" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/5edb9854f8df5428b40990a1c7d60507da5bd330</a> =
<a href=3D"https://git.kernel.org/stable/c/526394af4e8ade89cacd1a9ce2b97712= 712fcc34" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/526394af4e8ade89cacd1a9ce2b97712712fcc34</a> <a href=3D"https://git.ke= rnel.org/stable/c/b75070823b89009f5123fd0e05a8e0c3d39937c1" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/b75070823b89009f5123fd0= e05a8e0c3d39937c1</a> <a href=3D"https://git.kernel.org/stable/c/1b68efc= e6dd483d22f50d0d3800c4cfda14b1305" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/1b68efce6dd483d22f50d0d3800c4cfda14b1305</a> =
<a href=3D"https://git.kernel.org/stable/c/b7880cb166ab62c2409046b2347261ab= f701530e" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/b7880cb166ab62c2409046b2347261abf701530e</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: net= rom: fix double-free in nr_route_frame() In nr_route_frame(), old_skb is im= mediately freed without checking if nr_neigh->ax25 pointer is NULL. Ther= efore, if nr_neigh->ax25 is NULL, the caller function will free old_skb = again, causing a double-free bug. Therefore, to prevent this, we need to mo= dify it to check whether nr_neigh->ax25 is NULL before freeing old_skb.<=

<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23098" target=3D= "_blank" rel=3D"noopener">CVE-2026-23098</a></td>

<a href=3D"https://git.kernel.org/stable/c/25aab6bfc31017a7e52035b99aef5c2b= 6bde8ffb" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/25aab6bfc31017a7e52035b99aef5c2b6bde8ffb</a> <a href=3D"https://git.ke= rnel.org/stable/c/6e0110ea90313b7c0558a0b77038274a6821caf8" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/6e0110ea90313b7c0558a0b= 77038274a6821caf8</a> <a href=3D"https://git.kernel.org/stable/c/7c48fdf= 2d1349bb54815b56fb012b9d577707708" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/7c48fdf2d1349bb54815b56fb012b9d577707708</a> =
<a href=3D"https://git.kernel.org/stable/c/bd8955337e3764f912f49b360e176d8a= aecf7016" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/bd8955337e3764f912f49b360e176d8aaecf7016</a> <a href=3D"https://git.ke= rnel.org/stable/c/94d1a8bd08af1f4cc345c5c29f5db1ea72b8bb8c" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/94d1a8bd08af1f4cc345c5c= 29f5db1ea72b8bb8c</a> <a href=3D"https://git.kernel.org/stable/c/9f5fa78= d9980fe75a69835521627ab7943cb3d67" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/9f5fa78d9980fe75a69835521627ab7943cb3d67</a> =
<a href=3D"https://git.kernel.org/stable/c/ba1096c315283ee3292765f6aea4cca1= 5816c4f7" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/ba1096c315283ee3292765f6aea4cca15816c4f7</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: bon= ding: limit BOND_MODE_8023AD to Ethernet devices BOND_MODE_8023AD makes sen=
se for ARPHRD_ETHER only. syzbot reported: BUG: KASAN: global-out-of-bounds=
in __hw_addr_create net/core/dev_addr_lists.c:63 [inline] BUG: KASAN: glob= al-out-of-bounds in __hw_addr_add_ex+0x25d/0x760 net/core/dev_addr_lists.c:= 118 Read of size 16 at addr ffffffff8bf94040 by task syz.1.3580/19497 CPU: =
1 UID: 0 PID: 19497 Comm: syz.1.3580 Tainted: G L syzkaller #0 PREEMPT(full=
) Tainted: [L]=3DSOFTLOCKUP Hardware name: Google Google Compute Engine/Goo= gle Compute Engine, BIOS Google 10/25/2025 Call Trace: <TASK> dump_st= ack_lvl+0xe8/0x150 lib/dump_stack.c:120 print_address_description mm/kasan/= report.c:378 [inline] print_report+0xca/0x240 mm/kasan/report.c:482 kasan_r= eport+0x118/0x150 mm/kasan/report.c:595 check_region_inline mm/kasan/generi= c.c:-1 [inline] kasan_check_range+0x2b0/0x2c0 mm/kasan/generic.c:200 __asan= _memcpy+0x29/0x70 mm/kasan/shadow.c:105 __hw_addr_create net/core/dev_addr_= lists.c:63 [inline] __hw_addr_add_ex+0x25d/0x760 net/core/dev_addr_lists.c:= 118 __dev_mc_add net/core/dev_addr_lists.c:868 [inline] dev_mc_add+0xa1/0x1=
20 net/core/dev_addr_lists.c:886 bond_enslave+0x2b8b/0x3ac0 drivers/net/bon= ding/bond_main.c:2180 do_set_master+0x533/0x6d0 net/core/rtnetlink.c:2963 d= o_setlink+0xcf0/0x41c0 net/core/rtnetlink.c:3165 rtnl_changelink net/core/r= tnetlink.c:3776 [inline] __rtnl_newlink net/core/rtnetlink.c:3935 [inline] = rtnl_newlink+0x161c/0x1c90 net/core/rtnetlink.c:4072 rtnetlink_rcv_msg+0x7c= f/0xb70 net/core/rtnetlink.c:6958 netlink_rcv_skb+0x208/0x470 net/netlink/a= f_netlink.c:2550 netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inli= ne] netlink_unicast+0x82f/0x9e0 net/netlink/af_netlink.c:1344 netlink_sendm= sg+0x805/0xb30 net/netlink/af_netlink.c:1894 sock_sendmsg_nosec net/socket.= c:727 [inline] __sock_sendmsg+0x21c/0x270 net/socket.c:742 ____sys_sendmsg+= 0x505/0x820 net/socket.c:2592 ___sys_sendmsg+0x21f/0x2a0 net/socket.c:2646 = __sys_sendmsg+0x164/0x220 net/socket.c:2678 do_syscall_32_irqs_on arch/x86/= entry/syscall_32.c:83 [inline] __do_fast_syscall_32+0x1dc/0x560 arch/x86/en= try/syscall_32.c:307 do_fast_syscall_32+0x34/0x80 arch/x86/entry/syscall_32= .c:332 entry_SYSENTER_compat_after_hwframe+0x84/0x8e </TASK> The bugg=
y address belongs to the variable: lacpdu_mcast_addr+0x0/0x40</td> <td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23099" target=3D= "_blank" rel=3D"noopener">CVE-2026-23099</a></td>

<a href=3D"https://git.kernel.org/stable/c/72925dbb0c8c7b16bf922e93c6cc03cb= d8c955c4" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/72925dbb0c8c7b16bf922e93c6cc03cbd8c955c4</a> <a href=3D"https://git.ke= rnel.org/stable/c/5063b2cd9b27d35ab788d707d7858ded0acc8f1d" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/5063b2cd9b27d35ab788d70= 7d7858ded0acc8f1d</a> <a href=3D"https://git.kernel.org/stable/c/80c881e= 53a4fa0a80fa4bef7bc0ead0e8e88940d" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/80c881e53a4fa0a80fa4bef7bc0ead0e8e88940d</a> =
<a href=3D"https://git.kernel.org/stable/c/ef68afb1bee8d35a18896c27d7358079= 353d8d8a" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/ef68afb1bee8d35a18896c27d7358079353d8d8a</a> <a href=3D"https://git.ke= rnel.org/stable/c/43dee6f7ef1d228821de1b61c292af3744c8d7da" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/43dee6f7ef1d228821de1b6= 1c292af3744c8d7da</a> <a href=3D"https://git.kernel.org/stable/c/c84fcb7= 9e5dbde0b8d5aeeaf04282d2149aebcf6" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/c84fcb79e5dbde0b8d5aeeaf04282d2149aebcf6</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: mm/= hugetlb: fix hugetlb_pmd_shared() Patch series "mm/hugetlb: fixes for PMD t= able sharing (incl. using mmu_gather)", v3. One functional fix, one perform= ance regression fix, and two related comment fixes. I cleaned up my prototy=
pe I recently shared [1] for the performance fix, deferring most of the cle= anups I had in the prototype to a later point. While doing that I identifie=
d the other things. The goal of this patch set is to be backported to stabl=
e trees "fairly" easily. At least patch #1 and #4. Patch #1 fixes hugetlb_p= md_shared() not detecting any sharing Patch #2 + #3 are simple comment fixe=
s that patch #4 interacts with. Patch #4 is a fix for the reported performa= nce regression due to excessive IPI broadcasts during fork()+exit(). The la=
st patch is all about TLB flushes, IPIs and mmu_gather. Read: complicated T= here are plenty of cleanups in the future to be had + one reasonable optimi= zation on x86. But that's all out of scope for this series. Runtime tested,=
with a focus on fixing the performance regression using the original repro= ducer [2] on x86. This patch (of 4): We switched from (wrongly) using the p= age count to an independent shared count. Now, shared page tables have a re= fcount of 1 (excluding speculative references) and instead use ptdesc->p= t_share_count to identify sharing. We didn't convert hugetlb_pmd_shared(), =
so right now, we would never detect a shared PMD table as such, because sha= ring/unsharing no longer touches the refcount of a PMD table. Page migratio=
n, like mbind() or migrate_pages() would allow for migrating folios mapped = into such shared PMD tables, even though the folios are not exclusive. In s= maps we would account them as "private" although they are "shared", and we = would be wrongly setting the PM_MMAP_EXCLUSIVE in the pagemap interface. Fi=
x it by properly using ptdesc_pmd_is_shared() in hugetlb_pmd_shared().</td> <td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23100" target=3D= "_blank" rel=3D"noopener">CVE-2026-23100</a></td>

<a href=3D"https://git.kernel.org/stable/c/69c4e241ff13545d410a8b2a688c9321= 82a858bf" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/69c4e241ff13545d410a8b2a688c932182a858bf</a> <a href=3D"https://git.ke= rnel.org/stable/c/ca1a47cd3f5f4c46ca188b1c9a27af87d1ab2216" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/ca1a47cd3f5f4c46ca188b1= c9a27af87d1ab2216</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: led=
s: led-class: Only Add LED to leds_list when it is fully ready Before this = change the LED was added to leds_list before led_init_core() gets called ad= ding it the list before led_classdev.set_brightness_work gets initialized. = This leaves a window where led_trigger_register() of a LED's default trigge=
r will call led_trigger_set() which calls led_set_brightness() which in tur=
n will end up queueing the *uninitialized* led_classdev.set_brightness_work=
. This race gets hit by the lenovo-thinkpad-t14s EC driver which registers =
2 LEDs with a default trigger provided by snd_ctl_led.ko in quick successio=
n. The first led_classdev_register() causes an async modprobe of snd_ctl_le=
d to run and that async modprobe manages to exactly hit the window where th=
e second LED is on the leds_list without led_init_core() being called for i=
t, resulting in: ------------[ cut here ]------------ WARNING: CPU: 11 PID:=
5608 at kernel/workqueue.c:4234 __flush_work+0x344/0x390 Hardware name: LE= NOVO 21N2S01F0B/21N2S01F0B, BIOS N42ET93W (2.23 ) 09/01/2025 ... Call trace=
: __flush_work+0x344/0x390 (P) flush_work+0x2c/0x50 led_trigger_set+0x1c8/0= x340 led_trigger_register+0x17c/0x1c0 led_trigger_register_simple+0x84/0xe8=
snd_ctl_led_init+0x40/0xf88 [snd_ctl_led] do_one_initcall+0x5c/0x318 do_in= it_module+0x9c/0x2b8 load_module+0x7e0/0x998 Close the race window by movin=
g the adding of the LED to leds_list to after the led_init_core() call.</td=

<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23101" target=3D= "_blank" rel=3D"noopener">CVE-2026-23101</a></td>

<a href=3D"https://git.kernel.org/stable/c/f7a6df659af777058833802c29b3b797= 4db5e78a" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/f7a6df659af777058833802c29b3b7974db5e78a</a> <a href=3D"https://git.ke= rnel.org/stable/c/d117fdcb21b05c0e0460261d017b92303cd9ba77" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/d117fdcb21b05c0e0460261= d017b92303cd9ba77</a> <a href=3D"https://git.kernel.org/stable/c/e90c861= 411fc84629a240384b0a72830539d3386" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/e90c861411fc84629a240384b0a72830539d3386</a> =
<a href=3D"https://git.kernel.org/stable/c/2757f7748ce2d0fa44112024907bafb3= 7e104d6e" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/2757f7748ce2d0fa44112024907bafb37e104d6e</a> <a href=3D"https://git.ke= rnel.org/stable/c/da565bf98c9ad0eabcb09fc97859e0b52f98b7c3" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/da565bf98c9ad0eabcb09fc= 97859e0b52f98b7c3</a> <a href=3D"https://git.kernel.org/stable/c/7882262= 8165f3d817382f67f91129161159ca234" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/78822628165f3d817382f67f91129161159ca234</a> =
<a href=3D"https://git.kernel.org/stable/c/d1883cefd31752f0504b94c3bcfa1f6d= 511d6e87" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/d1883cefd31752f0504b94c3bcfa1f6d511d6e87</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: arm= 64/fpsimd: signal: Fix restoration of SVE context When SME is supported, Re= storing SVE signal context can go wrong in a few ways, including placing th=
e task into an invalid state where the kernel may read from out-of-bounds m= emory (and may potentially take a fatal fault) and/or may kill the task wit=
h a SIGKILL. (1) Restoring a context with SVE_SIG_FLAG_SM set can place the=
task into an invalid state where SVCR.SM is set (and sve_state is non-NULL=
) but TIF_SME is clear, consequently resuting in out-of-bounds memory reads=
and/or killing the task with SIGKILL. This can only occur in unusual (but = legitimate) cases where the SVE signal context has either been modified by = userspace or was saved in the context of another task (e.g. as with CRIU), =
as otherwise the presence of an SVE signal context with SVE_SIG_FLAG_SM imp= lies that TIF_SME is already set. While in this state, task_fpsimd_load() w= ill NOT configure SMCR_ELx (leaving some arbitrary value configured in hard= ware) before restoring SVCR and attempting to restore the streaming mode SV=
E registers from memory via sve_load_state(). As the value of SMCR_ELx.LEN = may be larger than the task's streaming SVE vector length, this may read me= mory outside of the task's allocated sve_state, reading unrelated data and/=
or triggering a fault. While this can result in secrets being loaded into s= treaming SVE registers, these values are never exposed. As TIF_SME is clear=
, fpsimd_bind_task_to_cpu() will configure CPACR_ELx.SMEN to trap EL0 acces= ses to streaming mode SVE registers, so these cannot be accessed directly a=
t EL0. As fpsimd_save_user_state() verifies the live vector length before s= aving (S)SVE state to memory, no secret values can be saved back to memory = (and hence cannot be observed via ptrace, signals, etc). When the live vect=
or length doesn't match the expected vector length for the task, fpsimd_sav= e_user_state() will send a fatal SIGKILL signal to the task. Hence the task=
may be killed after executing userspace for some period of time. (2) Resto= ring a context with SVE_SIG_FLAG_SM clear does not clear the task's SVCR.SM=
. If SVCR.SM was set prior to restoring the context, then the task will be = left in streaming mode unexpectedly, and some register state will be combin=
ed inconsistently, though the task will be left in legitimate state from th=
e kernel's PoV. This can only occur in unusual (but legitimate) cases where=
ptrace has been used to set SVCR.SM after entry to the sigreturn syscall, =
as syscall entry clears SVCR.SM. In these cases, the the provided SVE regis= ter data will be loaded into the task's sve_state using the non-streaming S=
VE vector length and the FPSIMD registers will be merged into this using th=
e streaming SVE vector length. Fix (1) by setting TIF_SME when setting SVCR= .SM. This also requires ensuring that the task's sme_state has been allocat= ed, but as this could contain live ZA state, it should not be zeroed. Fix (=
2) by clearing SVCR.SM when restoring a SVE signal context with SVE_SIG_FLA= G_SM clear. For consistency, I've pulled the manipulation of SVCR, TIF_SVE,=
TIF_SME, and fp_type earlier, immediately after the allocation of sve_stat= e/sme_state, before the restore of the actual register state. This makes it=
easier to ensure that these are always modified consistently, even if a fa= ult is taken while reading the register data from the signal context. I do = not expect any software to depend on the exact state restored when a fault =
is taken while reading the context.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23102" target=3D= "_blank" rel=3D"noopener">CVE-2026-23102</a></td>

<a href=3D"https://git.kernel.org/stable/c/9bc3adba8c35119be80ab20217027720= 446742f2" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/9bc3adba8c35119be80ab20217027720446742f2</a> <a href=3D"https://git.ke= rnel.org/stable/c/ce820dd4e6e2d711242dc4331713b9bb4fe06d09" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/ce820dd4e6e2d711242dc43= 31713b9bb4fe06d09</a> <a href=3D"https://git.kernel.org/stable/c/7b5a52c= f252a0d2e89787b645290ad288878f332" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/7b5a52cf252a0d2e89787b645290ad288878f332</a> =
<a href=3D"https://git.kernel.org/stable/c/d2907cbe9ea0a54cbe078076f9d08924= 0ee1e2d9" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/d2907cbe9ea0a54cbe078076f9d089240ee1e2d9</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: ipv= lan: Make the addrs_lock be per port Make the addrs_lock be per port, not p=
er ipvlan dev. Initial code seems to be written in the assumption, that any=
address change must occur under RTNL. But it is not so for the case of IPv=
6. So 1) Introduce per-port addrs_lock. 2) It was needed to fix places wher=
e it was forgotten to take lock (ipvlan_open/ipvlan_close) This appears to =
be a very minor problem though. Since it's highly unlikely that ipvlan_add_= addr() will be called on 2 CPU simultaneously. But nevertheless, this could=
cause: 1) False-negative of ipvlan_addr_busy(): one interface iterated thr= ough all port->ipvlans + ipvlan->addrs under some ipvlan spinlock, an=
d another added IP under its own lock. Though this is only possible for IPv=
6, since looks like only ipvlan_addr6_event() can be called without rtnl_lo= ck. 2) Race since ipvlan_ht_addr_add(port) is called under different ipvlan= ->addrs_lock locks This should not affect performance, since add/remove =
IP is a rare situation and spinlock is not taken on fast paths.</td> <td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23103" target=3D= "_blank" rel=3D"noopener">CVE-2026-23103</a></td>

<a href=3D"https://git.kernel.org/stable/c/3c149b662cbb202a450e81f938e702ba= 333864ad" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/3c149b662cbb202a450e81f938e702ba333864ad</a> <a href=3D"https://git.ke= rnel.org/stable/c/70feb16e3fbfb10b15de1396557c38e99f1ab8df" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/70feb16e3fbfb10b15de139= 6557c38e99f1ab8df</a> <a href=3D"https://git.kernel.org/stable/c/88f83e6= c9cdb46b8c8ddd0ba01393362963cf589" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/88f83e6c9cdb46b8c8ddd0ba01393362963cf589</a> =
<a href=3D"https://git.kernel.org/stable/c/04ba6de6eff61238e5397c14ac26a657= 8c7735a5" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/04ba6de6eff61238e5397c14ac26a6578c7735a5</a> <a href=3D"https://git.ke= rnel.org/stable/c/1f300c10d92c547c3a7d978e1212ff52f18256ed" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/1f300c10d92c547c3a7d978= e1212ff52f18256ed</a> <a href=3D"https://git.kernel.org/stable/c/6a81e2d= b096913d7e43aada1c350c1282e76db39" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/6a81e2db096913d7e43aada1c350c1282e76db39</a> =
<a href=3D"https://git.kernel.org/stable/c/d3ba32162488283c0a4c5bedd8817aec= 91748802" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/d3ba32162488283c0a4c5bedd8817aec91748802</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: ice=
: fix devlink reload call trace Commit 4da71a77fc3b ("ice: read internal te= mperature sensor") introduced internal temperature sensor reading via HWMON=
. ice_hwmon_init() was added to ice_init_feature() and ice_hwmon_exit() was=
added to ice_remove(). As a result if devlink reload is used to reinit the=
device and then the driver is removed, a call trace can occur. BUG: unable=
to handle page fault for address: ffffffffc0fd4b5d Call Trace: string+0x48= /0xe0 vsnprintf+0x1f9/0x650 sprintf+0x62/0x80 name_show+0x1f/0x30 dev_attr_= show+0x19/0x60 The call trace repeats approximately every 10 minutes when s= ystem monitoring tools (e.g., sadc) attempt to read the orphaned hwmon sysf=
s attributes that reference freed module memory. The sequence is: 1. Driver=
load, ice_hwmon_init() gets called from ice_init_feature() 2. Devlink relo=
ad down, flow does not call ice_remove() 3. Devlink reload up, ice_hwmon_in= it() gets called from ice_init_feature() resulting in a second instance 4. = Driver unload, ice_hwmon_exit() called from ice_remove() leaving the first = hwmon instance orphaned with dangling pointer Fix this by moving ice_hwmon_= exit() from ice_remove() to ice_deinit_features() to ensure proper cleanup = symmetry with ice_hwmon_init().</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23104" target=3D= "_blank" rel=3D"noopener">CVE-2026-23104</a></td>

<a href=3D"https://git.kernel.org/stable/c/87c1dacca197cc64e06fedeb269e3dd6= 699bae60" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/87c1dacca197cc64e06fedeb269e3dd6699bae60</a> <a href=3D"https://git.ke= rnel.org/stable/c/d3f867e7a04678640ebcbfb81893c59f4af48586" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/d3f867e7a04678640ebcbfb= 81893c59f4af48586</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: net= /sched: qfq: Use cl_is_active to determine whether class is active in qfq_r= m_from_ag This is more of a preventive patch to make the code more consiste=
nt and to prevent possible exploits that employ child qlen manipulations on=
qfq. use cl_is_active instead of relying on the child qdisc's qlen to dete= rmine class activation.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23105" target=3D= "_blank" rel=3D"noopener">CVE-2026-23105</a></td>

<a href=3D"https://git.kernel.org/stable/c/fac2c67bb2bb732eae4283e45fc338af= 7e08c254" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/fac2c67bb2bb732eae4283e45fc338af7e08c254</a> <a href=3D"https://git.ke= rnel.org/stable/c/b8c24cf5268fb3bfb8d16324c3dbb985f698c835" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/b8c24cf5268fb3bfb8d1632= 4c3dbb985f698c835</a> <a href=3D"https://git.kernel.org/stable/c/f27047a= bf7cac1b6f90c3ad60de21ef9f717c26d" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/f27047abf7cac1b6f90c3ad60de21ef9f717c26d</a> =
<a href=3D"https://git.kernel.org/stable/c/93b8635974fb050c43d07e35e5edfe6e= 685ca28a" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/93b8635974fb050c43d07e35e5edfe6e685ca28a</a> <a href=3D"https://git.ke= rnel.org/stable/c/abd9fc26ea577561a5ef6241a1b058755ffdad0c" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/abd9fc26ea577561a5ef624= 1a1b058755ffdad0c</a> <a href=3D"https://git.kernel.org/stable/c/77f1afd= 0bb4d5da95236f6114e6d0dfcde187ff6" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/77f1afd0bb4d5da95236f6114e6d0dfcde187ff6</a> =
<a href=3D"https://git.kernel.org/stable/c/d837fbee92453fbb829f950c8e7cf762= 07d73f33" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/d837fbee92453fbb829f950c8e7cf76207d73f33</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: tim= ekeeping: Adjust the leap state for the correct auxiliary timekeeper When _= _do_ajdtimex() was introduced to handle adjtimex for any timekeeper, this r= eference to tk_core was not updated. When called on an auxiliary timekeeper=
, the core timekeeper would be updated incorrectly. This gets caught by the=
lock debugging diagnostics because the timekeepers sequence lock gets writ= ten to without holding its associated spinlock: WARNING: include/linux/seql= ock.h:226 at __do_adjtimex+0x394/0x3b0, CPU#2: test/125 aux_clock_adj (kern= el/time/timekeeping.c:2979) __do_sys_clock_adjtime (kernel/time/posix-timer= s.c:1161 kernel/time/posix-timers.c:1173) do_syscall_64 (arch/x86/entry/sys= call_64.c:63 (discriminator 1) arch/x86/entry/syscall_64.c:94 (discriminato=
r 1)) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:131) Update=
the correct auxiliary timekeeper.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23106" target=3D= "_blank" rel=3D"noopener">CVE-2026-23106</a></td>

<a href=3D"https://git.kernel.org/stable/c/8f7c9dbeaa0be5810e44d323735967d3= dba9239d" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/8f7c9dbeaa0be5810e44d323735967d3dba9239d</a> <a href=3D"https://git.ke= rnel.org/stable/c/e806f7dde8ba28bc72a7a0898589cac79f6362ac" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/e806f7dde8ba28bc72a7a08= 98589cac79f6362ac</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: arm= 64/fpsimd: signal: Allocate SSVE storage when restoring ZA The code to rest= ore a ZA context doesn't attempt to allocate the task's sve_state before se= tting TIF_SME. Consequently, restoring a ZA context can place a task into a=
n invalid state where TIF_SME is set but the task's sve_state is NULL. In l= egitimate but uncommon cases where the ZA signal context was NOT created by=
the kernel in the context of the same task (e.g. if the task is saved/rest= ored with something like CRIU), we have no guarantee that sve_state had bee=
n allocated previously. In these cases, userspace can enter streaming mode = without trapping while sve_state is NULL, causing a later NULL pointer dere= ference when the kernel attempts to store the register state: | # ./sigretu= rn-za | Unable to handle kernel NULL pointer dereference at virtual address=
0000000000000000 | Mem abort info: | ESR =3D 0x0000000096000046 | EC =3D 0= x25: DABT (current EL), IL =3D 32 bits | SET =3D 0, FnV =3D 0 | EA =3D 0, S= 1PTW =3D 0 | FSC =3D 0x06: level 2 translation fault | Data abort info: | I=
SV =3D 0, ISS =3D 0x00000046, ISS2 =3D 0x00000000 | CM =3D 0, WnR =3D 1, Tn=
D =3D 0, TagAccess =3D 0 | GCS =3D 0, Overlay =3D 0, DirtyBit =3D 0, Xs =3D=
0 | user pgtable: 4k pages, 52-bit VAs, pgdp=3D0000000101f47c00 | [0000000= 000000000] pgd=3D08000001021d8403, p4d=3D0800000102274403, pud=3D0800000102= 275403, pmd=3D0000000000000000 | Internal error: Oops: 0000000096000046 [#1=
] SMP | Modules linked in: | CPU: 0 UID: 0 PID: 153 Comm: sigreturn-za Not = tainted 6.19.0-rc1 #1 PREEMPT | Hardware name: linux,dummy-virt (DT) | psta= te: 214000c9 (nzCv daIF +PAN -UAO -TCO +DIT -SSBS BTYPE=3D--) | pc : sve_sa= ve_state+0x4/0xf0 | lr : fpsimd_save_user_state+0xb0/0x1c0 | sp : ffff80008= 070bcc0 | x29: ffff80008070bcc0 x28: fff00000c1ca4c40 x27: 63cfa172fb5cf658=
| x26: fff00000c1ca5228 x25: 0000000000000000 x24: 0000000000000000 | x23:=
0000000000000000 x22: fff00000c1ca4c40 x21: fff00000c1ca4c40 | x20: 000000= 0000000020 x19: fff00000ff6900f0 x18: 0000000000000000 | x17: fff05e8e0311f= 000 x16: 0000000000000000 x15: 028fca8f3bdaf21c | x14: 0000000000000212 x13=
: fff00000c0209f10 x12: 0000000000000020 | x11: 0000000000200b20 x10: 00000= 00000000000 x9 : fff00000ff69dcc0 | x8 : 00000000000003f2 x7 : 000000000000= 0001 x6 : fff00000c1ca5b48 | x5 : fff05e8e0311f000 x4 : 0000000008000000 x3=
: 0000000000000000 | x2 : 0000000000000001 x1 : fff00000c1ca5970 x0 : 0000= 000000000440 | Call trace: | sve_save_state+0x4/0xf0 (P) | fpsimd_thread_sw= itch+0x48/0x198 | __switch_to+0x20/0x1c0 | __schedule+0x36c/0xce0 | schedul= e+0x34/0x11c | exit_to_user_mode_loop+0x124/0x188 | el0_interrupt+0xc8/0xd8=
| __el0_irq_handler_common+0x18/0x24 | el0t_64_irq_handler+0x10/0x1c | el0= t_64_irq+0x198/0x19c | Code: 54000040 d51b4408 d65f03c0 d503245f (e5bb5800)=
| ---[ end trace 0000000000000000 ]--- Fix this by having restore_za_conte= xt() ensure that the task's sve_state is allocated, matching what we do whe=
n taking an SME trap. Any live SVE/SSVE state (which is restored earlier fr=
om a separate signal context) must be preserved, and hence this is not zero= ed.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23107" target=3D= "_blank" rel=3D"noopener">CVE-2026-23107</a></td>

<a href=3D"https://git.kernel.org/stable/c/c5a5b150992ebab779c1ce54f5467678= 6e47e94c" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/c5a5b150992ebab779c1ce54f54676786e47e94c</a> <a href=3D"https://git.ke= rnel.org/stable/c/19b2c3f3ca1b4b6dccd2a42aca2692d8c79c4214" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/19b2c3f3ca1b4b6dccd2a42= aca2692d8c79c4214</a> <a href=3D"https://git.kernel.org/stable/c/0af233d= 66eff90fb8f3e0fc09f2316bba0b72bb9" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/0af233d66eff90fb8f3e0fc09f2316bba0b72bb9</a> =
<a href=3D"https://git.kernel.org/stable/c/70f7f54566afc23f2c71bf1411af81f5= d8009e0f" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/70f7f54566afc23f2c71bf1411af81f5d8009e0f</a> <a href=3D"https://git.ke= rnel.org/stable/c/ea8ccfddbce0bee6310da4f3fc560ad520f5e6b4" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/ea8ccfddbce0bee6310da4f= 3fc560ad520f5e6b4</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: can=
: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak Fix similar = memory leak as in commit 7352e1d5932a ("can: gs_usb: gs_usb_receive_bulk_ca= llback(): fix URB memory leak"). In usb_8dev_open() -> usb_8dev_start(),=
the URBs for USB-in transfers are allocated, added to the priv->rx_subm= itted anchor and submitted. In the complete callback usb_8dev_read_bulk_cal= lback(), the URBs are processed and resubmitted. In usb_8dev_close() -> = unlink_all_urbs() the URBs are freed by calling usb_kill_anchored_urbs(&amp= ;priv->rx_submitted). However, this does not take into account that the = USB framework unanchors the URB before the complete function is called. Thi=
s means that once an in-URB has been completed, it is no longer anchored an=
d is ultimately not released in usb_kill_anchored_urbs(). Fix the memory le=
ak by anchoring the URB in the usb_8dev_read_bulk_callback() to the priv-&g= t;rx_submitted anchor.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23108" target=3D= "_blank" rel=3D"noopener">CVE-2026-23108</a></td>

<a href=3D"https://git.kernel.org/stable/c/feb8243eaea7efd5279b19667d7189fd= 8654c87a" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/feb8243eaea7efd5279b19667d7189fd8654c87a</a> <a href=3D"https://git.ke= rnel.org/stable/c/ef6e608e5ee71eca0cd3475c737e684cef24f240" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/ef6e608e5ee71eca0cd3475= c737e684cef24f240</a> <a href=3D"https://git.kernel.org/stable/c/6071966= 1b4cbd7ffbed1a0e0fa3bbc82d8bd2be9" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/60719661b4cbd7ffbed1a0e0fa3bbc82d8bd2be9</a> =
<a href=3D"https://git.kernel.org/stable/c/59ff56992bba28051ad67cd8cc7b0edf= e7280796" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/59ff56992bba28051ad67cd8cc7b0edfe7280796</a> <a href=3D"https://git.ke= rnel.org/stable/c/ea4a98e924164586066b39f29bfcc7cc9da108cd" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/ea4a98e924164586066b39f= 29bfcc7cc9da108cd</a> <a href=3D"https://git.kernel.org/stable/c/07e9373= 739c6388af9d99797cdb2e79dbbcbe92b" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/07e9373739c6388af9d99797cdb2e79dbbcbe92b</a> =
<a href=3D"https://git.kernel.org/stable/c/f7a980b3b8f80fe367f679da376cf76e= 800f9480" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/f7a980b3b8f80fe367f679da376cf76e800f9480</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: fs/= writeback: skip AS_NO_DATA_INTEGRITY mappings in wait_sb_inodes() Above the=
while() loop in wait_sb_inodes(), we document that we must wait for all pa= ges under writeback for data integrity. Consequently, if a mapping, like fu= se, traditionally does not have data integrity semantics, there is no need =
to wait at all; we can simply skip these inodes. This restores fuse back to=
prior behavior where syncs are no-ops. This fixes a user regression where =
if a system is running a faulty fuse server that does not reply to issued w= rite requests, this causes wait_sb_inodes() to wait forever.</td> <td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23109" target=3D= "_blank" rel=3D"noopener">CVE-2026-23109</a></td>

<a href=3D"https://git.kernel.org/stable/c/3f4ed5e2b8f111553562507ad6202432= c7c57731" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/3f4ed5e2b8f111553562507ad6202432c7c57731</a> <a href=3D"https://git.ke= rnel.org/stable/c/f9a49aa302a05e91ca01f69031cb79a0ea33031f" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/f9a49aa302a05e91ca01f69= 031cb79a0ea33031f</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Linux--Linux</td>
<td>In the Linux kernel, the following vulnerability has been resolved: scs=
i: core: Wake up the error handler when final completions race against each=
other The fragile ordering between marking commands completed or failed so=
that the error handler only wakes when the last running command completes =
or times out has race conditions. These race conditions can cause the SCSI = layer to fail to wake the error handler, leaving I/O through the SCSI host = stuck as the error state cannot advance. First, there is an memory ordering=
issue within scsi_dec_host_busy(). The write which clears SCMD_STATE_INFLI= GHT may be reordered with reads counting in scsi_host_busy(). While the loc=
al CPU will see its own write, reordering can allow other CPUs in scsi_dec_= host_busy() or scsi_eh_inc_host_failed() to see a raised busy count, causin=
g no CPU to see a host busy equal to the host_failed count. This race condi= tion can be prevented with a memory barrier on the error path to force the = write to be visible before counting host busy commands. Second, there is a = general ordering issue with scsi_eh_inc_host_failed(). By counting busy com= mands before incrementing host_failed, it can race with a final command in = scsi_dec_host_busy(), such that scsi_dec_host_busy() does not see host_fail=
ed incremented but scsi_eh_inc_host_failed() counts busy commands before SC= MD_STATE_INFLIGHT is cleared by scsi_dec_host_busy(), resulting in neither = waking the error handler task. This needs the call to scsi_host_busy() to b=
e moved after host_failed is incremented to close the race condition.</td> <td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23110" target=3D= "_blank" rel=3D"noopener">CVE-2026-23110</a></td>

<a href=3D"https://git.kernel.org/stable/c/cc872e35c0df80062abc71268d690a2f= 749e542e" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/cc872e35c0df80062abc71268d690a2f749e542e</a> <a href=3D"https://git.ke= rnel.org/stable/c/6d9a367be356101963c249ebf10ea10b32886607" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/6d9a367be356101963c249e= bf10ea10b32886607</a> <a href=3D"https://git.kernel.org/stable/c/9fdc6f2= 8d5e81350ab1d2cac8389062bd09e61e1" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/9fdc6f28d5e81350ab1d2cac8389062bd09e61e1</a> =
<a href=3D"https://git.kernel.org/stable/c/64ae21b9c4f0c7e60cf47a53fa7ab688= 52079ef0" target=3D"_blank" rel=3D"noopener">https://git.kernel.org/stable/= c/64ae21b9c4f0c7e60cf47a53fa7ab68852079ef0</a> <a href=3D"https://git.ke= rnel.org/stable/c/219f009ebfd1ef3970888ee9eef4c8a06357f862" target=3D"_blan=
k" rel=3D"noopener">https://git.kernel.org/stable/c/219f009ebfd1ef3970888ee= 9eef4c8a06357f862</a> <a href=3D"https://git.kernel.org/stable/c/fe2f8ad= 6f0999db3b318359a01ee0108c703a8c3" target=3D"_blank" rel=3D"noopener">https= ://git.kernel.org/stable/c/fe2f8ad6f0999db3b318359a01ee0108c703a8c3</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">Six Apart Ltd.--Movable Type (Software Edition= )</td>
<td>A non-administrative user can upload malicious files. When an administr= ator or the product accesses that file, an arbitrary script may be executed=
on the administrator's browser. Note that Movable Type 7 series and 8.4 se= ries, which are End-of-Life (EOL), are affected by the vulnerability as wel= l.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23704" target=3D= "_blank" rel=3D"noopener">CVE-2026-23704</a></td>

<a href=3D"https://movabletype.org/news/2026/02/mt-906-released.html" targe= t=3D"_blank" rel=3D"noopener">https://movabletype.org/news/2026/02/mt-906-r= eleased.html</a> <a href=3D"https://www.sixapart.jp/movabletype/news/202= 6/02/04-1100.html" target=3D"_blank" rel=3D"noopener">https://www.sixapart.= jp/movabletype/news/2026/02/04-1100.html</a> <a href=3D"https://jvn.jp/e= n/jp/JVN45405689/" target=3D"_blank" rel=3D"noopener">https://jvn.jp/en/jp/= JVN45405689/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Apache Software Foundation--Apache Syncope</td=

<td>Reflected XSS in Apache Syncope's Enduser Login page. An attacker that = tricks a legitimate user into clicking a malicious link and logging in to S= yncope Enduser could steal that user's credentials. This issue affects Apac=
he Syncope: from 3.0 through 3.0.15, from 4.0 through 4.0.3. Users are reco= mmended to upgrade to version 3.0.16 / 4.0.4, which fix this issue.</td> <td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23794" target=3D= "_blank" rel=3D"noopener">CVE-2026-23794</a></td>

<a href=3D"https://lists.apache.org/thread/7h30ghqdsf3spl3h7gdmscxofrm8ygjo=
" target=3D"_blank" rel=3D"noopener">https://lists.apache.org/thread/7h30gh= qdsf3spl3h7gdmscxofrm8ygjo</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Apache Software Foundation--Apache Syncope</td=

<td>Improper Restriction of XML External Entity Reference vulnerability in = Apache Syncope Console. An administrator with adequate entitlements to crea=
te or edit Keymaster parameters via Console can construct malicious XML tex=
t to launch an XXE attack, thereby causing sensitive data leakage occurs. T= his issue affects Apache Syncope: from 3.0 through 3.0.15, from 4.0 through=
4.0.3. Users are recommended to upgrade to version 3.0.16 / 4.0.4, which f=
ix this issue.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23795" target=3D= "_blank" rel=3D"noopener">CVE-2026-23795</a></td>

<a href=3D"https://lists.apache.org/thread/mzgbdn8hzk8vr94o660njcc7w62c2pos=
" target=3D"_blank" rel=3D"noopener">https://lists.apache.org/thread/mzgbdn= 8hzk8vr94o660njcc7w62c2pos</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">OpenSolution--Quick.Cart</td>
<td>Quick.Cart allows a user's session identifier to be set before authenti= cation. The value of this session ID stays the same after authentication.= =C2=A0This behaviour enables an attacker to fix a session ID for a victim a=
nd later hijack the authenticated session. The vendor was notified early ab= out this vulnerability, but didn't respond with the details of vulnerabilit=
y or vulnerable version range. Only version 6.7 was tested and confirmed as=
vulnerable, other versions were not tested and might also be vulnerable.</=

<td>2026-02-05</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23796" target=3D= "_blank" rel=3D"noopener">CVE-2026-23796</a></td>

<a href=3D"https://opensolution.org/sklep-internetowy-quick-cart.html" targ= et=3D"_blank" rel=3D"noopener">https://opensolution.org/sklep-internetowy-q= uick-cart.html</a> <a href=3D"https://cert.pl/posts/2026/02/CVE-2026-237= 96" target=3D"_blank" rel=3D"noopener">https://cert.pl/posts/2026/02/CVE-20= 26-23796</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">OpenSolution--Quick.Cart</td>
<td>In Quick.Cart user passwords are stored in plaintext form. An attacker = with high privileges can display users' password in user editing page. The = vendor was notified early about this vulnerability, but didn't respond with=
the details of vulnerability or vulnerable version range. Only version 6.7=
was tested and confirmed as vulnerable, other versions were not tested and=
might also be vulnerable.</td>
<td>2026-02-05</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-23797" target=3D= "_blank" rel=3D"noopener">CVE-2026-23797</a></td>

<a href=3D"https://opensolution.org/sklep-internetowy-quick-cart.html" targ= et=3D"_blank" rel=3D"noopener">https://opensolution.org/sklep-internetowy-q= uick-cart.html</a> <a href=3D"https://cert.pl/posts/2026/02/CVE-2026-237= 96" target=3D"_blank" rel=3D"noopener">https://cert.pl/posts/2026/02/CVE-20= 26-23796</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">parallax--jsPDF</td>
<td>jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, the = addJS method in the jspdf Node.js build utilizes a shared module-scoped var= iable (text) to store JavaScript content. When used in a concurrent environ= ment (e.g., a Node.js web server), this variable is shared across all reque= sts. If multiple requests generate PDFs simultaneously, the JavaScript cont= ent intended for one user may be overwritten by a subsequent request before=
the document is generated. This results in Cross-User Data Leakage, where = the PDF generated for User A contains the JavaScript payload (and any embed= ded sensitive data) intended for User B. Typically, this only affects serve= r-side environments, although the same race conditions might occur if jsPDF=
runs client-side. The vulnerability has been fixed in jsPDF@4.1.0.</td> <td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24040" target=3D= "_blank" rel=3D"noopener">CVE-2026-24040</a></td>

<a href=3D"https://github.com/parallax/jsPDF/security/advisories/GHSA-cjw8-= 79x6-5cj4" target=3D"_blank" rel=3D"noopener">https://github.com/parallax/j= sPDF/security/advisories/GHSA-cjw8-79x6-5cj4</a> <a href=3D"https://gith= ub.com/parallax/jsPDF/commit/2863e5c26afef211a545e8c174ab4d5fce3b8c0e" targ= et=3D"_blank" rel=3D"noopener">https://github.com/parallax/jsPDF/commit/286= 3e5c26afef211a545e8c174ab4d5fce3b8c0e</a> <a href=3D"https://github.com/= parallax/jsPDF/releases/tag/v4.1.0" target=3D"_blank" rel=3D"noopener">http= s://github.com/parallax/jsPDF/releases/tag/v4.1.0</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">parallax--jsPDF</td>
<td>jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user=
control of the first argument of the addMetadata function allows users to = inject arbitrary XML. If given the possibility to pass unsanitized input to=
the addMetadata method, a user can inject arbitrary XMP metadata into the = generated PDF. If the generated PDF is signed, stored or otherwise processe=
d after, the integrity of the PDF can no longer be guaranteed. The vulnerab= ility has been fixed in jsPDF@4.1.0.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24043" target=3D= "_blank" rel=3D"noopener">CVE-2026-24043</a></td>

<a href=3D"https://github.com/parallax/jsPDF/security/advisories/GHSA-vm32-= vv63-w422" target=3D"_blank" rel=3D"noopener">https://github.com/parallax/j= sPDF/security/advisories/GHSA-vm32-vv63-w422</a> <a href=3D"https://gith= ub.com/parallax/jsPDF/commit/efe54bf50f3f5e5416b2495e3c24624fc80b6cff" targ= et=3D"_blank" rel=3D"noopener">https://github.com/parallax/jsPDF/commit/efe= 54bf50f3f5e5416b2495e3c24624fc80b6cff</a> <a href=3D"https://github.com/= parallax/jsPDF/releases/tag/v4.1.0" target=3D"_blank" rel=3D"noopener">http= s://github.com/parallax/jsPDF/releases/tag/v4.1.0</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">zulip--zulip</td>
<td>Zulip is an open-source team collaboration tool. From 5.0 to before 11.=
5, some administrative actions on the user profile were susceptible to stor=
ed XSS in group names or channel names. Exploiting these vulnerabilities re= quired the user explicitly interacting with the problematic object. This vu= lnerability is fixed in 11.5.</td>
<td>2026-02-06</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24050" target=3D= "_blank" rel=3D"noopener">CVE-2026-24050</a></td>

<a href=3D"https://github.com/zulip/zulip/security/advisories/GHSA-56qv-882= 3-6fq9" target=3D"_blank" rel=3D"noopener">https://github.com/zulip/zulip/s= ecurity/advisories/GHSA-56qv-8823-6fq9</a> <a href=3D"https://github.com= /zulip/zulip/commit/e6093d9e4788f4d82236d856c5ed7b16767886a7" target=3D"_bl= ank" rel=3D"noopener">https://github.com/zulip/zulip/commit/e6093d9e4788f4d= 82236d856c5ed7b16767886a7</a> <a href=3D"https://github.com/zulip/zulip/= releases/tag/11.5" target=3D"_blank" rel=3D"noopener">https://github.com/zu= lip/zulip/releases/tag/11.5</a> <a href=3D"https://zulip.readthedocs.io/= en/latest/overview/changelog.html#zulip-server-11-5" target=3D"_blank" rel= =3D"noopener">https://zulip.readthedocs.io/en/latest/overview/changelog.htm= l#zulip-server-11-5</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">anthropics--claude-code</td>
<td>Claude Code is an agentic coding tool. Prior to version 1.0.111, Claude=
Code contained insufficient URL validation in its trusted domain verificat= ion mechanism for WebFetch requests. The application used a startsWith() fu= nction to validate trusted domains (e.g., docs.python.org, modelcontextprot= ocol.io), this could have enabled attackers to register domains like modelc= ontextprotocol.io.example.com that would pass validation. This could enable=
automatic requests to attacker-controlled domains without user consent, po= tentially leading to data exfiltration. This issue has been patched in vers= ion 1.0.111.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24052" target=3D= "_blank" rel=3D"noopener">CVE-2026-24052</a></td>

<a href=3D"https://github.com/anthropics/claude-code/security/advisories/GH= SA-vhw5-3g5m-8ggf" target=3D"_blank" rel=3D"noopener">https://github.com/an= thropics/claude-code/security/advisories/GHSA-vhw5-3g5m-8ggf</a> =C2=A0<=

</tr>

<td class=3D"vendor-product">anthropics--claude-code</td>
<td>Claude Code is an agentic coding tool. Prior to version 2.0.74, due to =
a Bash command validation flaw in parsing ZSH clobber syntax, it was possib=
le to bypass directory restrictions and write files outside the current wor= king directory without user permission prompts. Exploiting this required th=
e user to use ZSH and the ability to add untrusted content into a Claude Co=
de context window. This issue has been patched in version 2.0.74.</td> <td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24053" target=3D= "_blank" rel=3D"noopener">CVE-2026-24053</a></td>

<a href=3D"https://github.com/anthropics/claude-code/security/advisories/GH= SA-q728-gf8j-w49r" target=3D"_blank" rel=3D"noopener">https://github.com/an= thropics/claude-code/security/advisories/GHSA-q728-gf8j-w49r</a> =C2=A0<=

</tr>

<td class=3D"vendor-product">Native Instruments--Native Access</td>
<td>During the installation of the Native Access application, a privileged = helper `com.native-instruments.NativeAccess.Helper2`, which is used by Nati=
ve Access to trigger functions via XPC communication like copy-file, remove=
or set-permissions, is deployed as well. The communication with the XPC se= rvice of the privileged helper is only allowed if the client process is sig= ned with the corresponding certificate and fulfills the following code sign= ing requirement: "anchor trusted and certificate leaf[subject.CN] =3D \"Dev= eloper ID Application: Native Instruments GmbH (83K5EG6Z9V)\"" The Native A= ccess application was found to be signed with the `com.apple.security.cs.al= low-dyld-environment-variables` and `com.apple.security.cs.disable-library-= validation` entitlements leading to DYLIB injection and therefore command e= xecution in the context of this application. A low privileged user can expl= oit the DYLIB injection to trigger functions of the privileged helper XPC s= ervice resulting in privilege escalation by first deleting the /etc/sudoers=
file and then copying a malicious version of that file to /etc/sudoers.</t=

<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24070" target=3D= "_blank" rel=3D"noopener">CVE-2026-24070</a></td>

<a href=3D"https://sec-consult.com/vulnerability-lab/advisory/multiple-vuln= erabilities-in-native-instruments-native-access-macos/" target=3D"_blank" r= el=3D"noopener">https://sec-consult.com/vulnerability-lab/advisory/multiple= -vulnerabilities-in-native-instruments-native-access-macos/</a> =C2=A0</=

</tr>

<td class=3D"vendor-product">Native Instruments--Native Access</td>
<td>It was found that the XPC service offered by the privileged helper of N= ative Access uses the PID of the connecting client to verify its code signa= ture. This is considered insecure and can be exploited by PID reuse attacks= .=C2=A0The connection handler function uses _xpc_connection_get_pid(arg2) a=
s argument for the hasValidSignature function. This value can not be truste=
d since it is vulnerable to PID reuse attacks.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24071" target=3D= "_blank" rel=3D"noopener">CVE-2026-24071</a></td>

<a href=3D"https://sec-consult.com/vulnerability-lab/advisory/multiple-vuln= erabilities-in-native-instruments-native-access-macos/" target=3D"_blank" r= el=3D"noopener">https://sec-consult.com/vulnerability-lab/advisory/multiple= -vulnerabilities-in-native-instruments-native-access-macos/</a> =C2=A0</=

</tr>

<td class=3D"vendor-product">parallax--jsPDF</td>
<td>jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user=
control of the first argument of the addImage method results in denial of = service. If given the possibility to pass unsanitized image data or URLs to=
the addImage method, a user can provide a harmful BMP file that results in=
out of memory errors and denial of service. Harmful BMP files have large w= idth and/or height entries in their headers, which lead to excessive memory=
allocation. The html method is also affected. The vulnerability has been f= ixed in jsPDF@4.1.0.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24133" target=3D= "_blank" rel=3D"noopener">CVE-2026-24133</a></td>

<a href=3D"https://github.com/parallax/jsPDF/security/advisories/GHSA-95fx-= jjr5-f39c" target=3D"_blank" rel=3D"noopener">https://github.com/parallax/j= sPDF/security/advisories/GHSA-95fx-jjr5-f39c</a> <a href=3D"https://gith= ub.com/parallax/jsPDF/commit/ae4b93f76d8fc1baa5614bd5fdb5d174c3b85f0d" targ= et=3D"_blank" rel=3D"noopener">https://github.com/parallax/jsPDF/commit/ae4= b93f76d8fc1baa5614bd5fdb5d174c3b85f0d</a> <a href=3D"https://github.com/= parallax/jsPDF/releases/tag/v4.1.0" target=3D"_blank" rel=3D"noopener">http= s://github.com/parallax/jsPDF/releases/tag/v4.1.0</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">gogs--gogs</td>
<td>Gogs is an open source self-hosted Git service. In version 0.13.3 and p= rior, a path traversal vulnerability exists in the updateWikiPage function =
of Gogs. The vulnerability allows an authenticated user with write access t=
o a repository's wiki to delete arbitrary files on the server by manipulati=
ng the old_title parameter in the wiki editing form. This issue has been pa= tched in versions 0.13.4 and 0.14.0+dev.</td>
<td>2026-02-06</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24135" target=3D= "_blank" rel=3D"noopener">CVE-2026-24135</a></td>

<a href=3D"https://github.com/gogs/gogs/security/advisories/GHSA-jp7c-wj6q-= 3qf2" target=3D"_blank" rel=3D"noopener">https://github.com/gogs/gogs/secur= ity/advisories/GHSA-jp7c-wj6q-3qf2</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">devcode-it--openstamanager</td>
<td>OpenSTAManager is an open source management software for technical assi= stance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical = Time-Based Blind SQL Injection vulnerability in the article pricing complet= ion handler. The application fails to properly sanitize the idarticolo para= meter before using it in SQL queries, allowing attackers to inject arbitrar=
y SQL commands and extract sensitive data through time-based Boolean infere= nce.</td>
<td>2026-02-06</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24416" target=3D= "_blank" rel=3D"noopener">CVE-2026-24416</a></td>

<a href=3D"https://github.com/devcode-it/openstamanager/security/advisories= /GHSA-p864-fqgv-92q4" target=3D"_blank" rel=3D"noopener">https://github.com= /devcode-it/openstamanager/security/advisories/GHSA-p864-fqgv-92q4</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">devcode-it--openstamanager</td>
<td>OpenSTAManager is an open source management software for technical assi= stance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical = Time-Based Blind SQL Injection vulnerability in the global search functiona= lity. The application fails to properly sanitize the term parameter before = using it in SQL LIKE clauses across multiple module-specific search handler=
s, allowing attackers to inject arbitrary SQL commands and extract sensitiv=
e data through time-based Boolean inference.</td>
<td>2026-02-06</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24417" target=3D= "_blank" rel=3D"noopener">CVE-2026-24417</a></td>

<a href=3D"https://github.com/devcode-it/openstamanager/security/advisories= /GHSA-4hc4-8599-xh2h" target=3D"_blank" rel=3D"noopener">https://github.com= /devcode-it/openstamanager/security/advisories/GHSA-4hc4-8599-xh2h</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">devcode-it--openstamanager</td>
<td>OpenSTAManager is an open source management software for technical assi= stance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical = Error-Based SQL Injection vulnerability in the bulk operations handler for = the Scadenzario (Payment Schedule) module. The application fails to validat=
e that elements of the id_records array are integers before using them in a=
n SQL IN() clause, allowing attackers to inject arbitrary SQL commands and = extract sensitive data through XPATH error messages.</td>
<td>2026-02-06</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24418" target=3D= "_blank" rel=3D"noopener">CVE-2026-24418</a></td>

<a href=3D"https://github.com/devcode-it/openstamanager/security/advisories= /GHSA-4xwv-49c8-fvhq" target=3D"_blank" rel=3D"noopener">https://github.com= /devcode-it/openstamanager/security/advisories/GHSA-4xwv-49c8-fvhq</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">devcode-it--openstamanager</td>
<td>OpenSTAManager is an open source management software for technical assi= stance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical = Error-Based SQL Injection vulnerability in the Prima Nota (Journal Entry) m= odule's add.php file. The application fails to validate that comma-separate=
d values from the id_documenti GET parameter are integers before using them=
in SQL IN() clauses, allowing attackers to inject arbitrary SQL commands a=
nd extract sensitive data through XPATH error messages.</td> <td>2026-02-06</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24419" target=3D= "_blank" rel=3D"noopener">CVE-2026-24419</a></td>

<a href=3D"https://github.com/devcode-it/openstamanager/security/advisories= /GHSA-4j2x-jh4m-fqv6" target=3D"_blank" rel=3D"noopener">https://github.com= /devcode-it/openstamanager/security/advisories/GHSA-4j2x-jh4m-fqv6</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">Shenzhen Tenda Technology Co., Ltd.--Tenda AC7= </td>
<td>Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior contain= =C2=A0an improper output encoding vulnerability in the web management inter= face. User-supplied input is reflected in HTTP responses without adequate e= scaping, allowing injection of arbitrary HTML or JavaScript in a victim's b= rowser context.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24426" target=3D= "_blank" rel=3D"noopener">CVE-2026-24426</a></td>

<a href=3D"https://www.tendacn.com/product/AC7" target=3D"_blank" rel=3D"no= opener">https://www.tendacn.com/product/AC7</a> <a href=3D"https://www.v= ulncheck.com/advisories/tenda-ac7-reflected-xss-via-web-interface-output-en= coding" target=3D"_blank" rel=3D"noopener">https://www.vulncheck.com/adviso= ries/tenda-ac7-reflected-xss-via-web-interface-output-encoding</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">Shenzhen Tenda Technology Co., Ltd.--Tenda AC7= </td>
<td>Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior expose se= nsitive information in web management responses. Administrative credentials=
, including the router and/or admin panel password, are included in plainte=
xt within configuration response bodies. In addition, responses lack approp= riate Cache-Control directives, which may permit web browsers to cache page=
s containing these credentials and enable subsequent disclosure to an attac= ker with access to the client system or browser profile.</td> <td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24427" target=3D= "_blank" rel=3D"noopener">CVE-2026-24427</a></td>

<a href=3D"https://www.tendacn.com/product/AC7" target=3D"_blank" rel=3D"no= opener">https://www.tendacn.com/product/AC7</a> <a href=3D"https://www.v= ulncheck.com/advisories/tenda-ac7-exposes-admin-credentials-in-configuratio= n-responses" target=3D"_blank" rel=3D"noopener">https://www.vulncheck.com/a= dvisories/tenda-ac7-exposes-admin-credentials-in-configuration-responses</a= > =C2=A0</td>
</tr>

<td class=3D"vendor-product">Shenzhen Tenda Technology Co., Ltd.--Tenda AC7= </td>
<td>Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior does not = implement CSRF protections for administrative functions in the web manageme=
nt interface. The interface does not enforce anti-CSRF tokens or robust ori= gin validation, which can allow an attacker to induce a logged-in administr= ator to perform unintended state-changing requests and modify router settin= gs.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24434" target=3D= "_blank" rel=3D"noopener">CVE-2026-24434</a></td>

<a href=3D"https://www.tendacn.com/product/AC7" target=3D"_blank" rel=3D"no= opener">https://www.tendacn.com/product/AC7</a> <a href=3D"https://www.v= ulncheck.com/advisories/tenda-ac7-web-interface-lacks-csrf-protections-for-= admin-actions" target=3D"_blank" rel=3D"noopener">https://www.vulncheck.com= /advisories/tenda-ac7-web-interface-lacks-csrf-protections-for-admin-action= s</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Shenzhen Tenda Technology Co., Ltd.--Tenda AC7= </td>
<td>Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior expose ac= count credentials in plaintext within HTTP responses, allowing an on-path a= ttacker to obtain sensitive authentication material.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24441" target=3D= "_blank" rel=3D"noopener">CVE-2026-24441</a></td>

<a href=3D"https://www.tendacn.com/product/AC7" target=3D"_blank" rel=3D"no= opener">https://www.tendacn.com/product/AC7</a> <a href=3D"https://www.v= ulncheck.com/advisories/tenda-ac7-transmits-admin-credentials-without-https= -protection" target=3D"_blank" rel=3D"noopener">https://www.vulncheck.com/a= dvisories/tenda-ac7-transmits-admin-credentials-without-https-protection</a= > =C2=A0</td>
</tr>

<td class=3D"vendor-product">Six Apart Ltd.--Movable Type (Software Edition= )</td>
<td>If a malformed data is input to the affected product, a CSV file downlo= aded from the affected product may contain such malformed data. When a vict=
im user download and open such a CSV file, the embedded code may be execute=
d in the user's environment. Note that Movable Type 7 series and 8.4 series=
, which are End-of-Life (EOL), are affected by the vulnerability as well.</=

<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24447" target=3D= "_blank" rel=3D"noopener">CVE-2026-24447</a></td>

<a href=3D"https://movabletype.org/news/2026/02/mt-906-released.html" targe= t=3D"_blank" rel=3D"noopener">https://movabletype.org/news/2026/02/mt-906-r= eleased.html</a> <a href=3D"https://www.sixapart.jp/movabletype/news/202= 6/02/04-1100.html" target=3D"_blank" rel=3D"noopener">https://www.sixapart.= jp/movabletype/news/2026/02/04-1100.html</a> <a href=3D"https://jvn.jp/e= n/jp/JVN45405689/" target=3D"_blank" rel=3D"noopener">https://jvn.jp/en/jp/= JVN45405689/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">ELECOM CO.,LTD.--WRC-X1500GS-B</td>
<td>For WRC-X1500GS-B and WRC-X1500GSA-B, the initial passwords can be calc= ulated easily from the system information.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24449" target=3D= "_blank" rel=3D"noopener">CVE-2026-24449</a></td>

<a href=3D"https://www.elecom.co.jp/news/security/20260203-01/" target=3D"_= blank" rel=3D"noopener">https://www.elecom.co.jp/news/security/20260203-01/= </a> <a href=3D"https://jvn.jp/en/jp/JVN94012927/" target=3D"_blank" rel= =3D"noopener">https://jvn.jp/en/jp/JVN94012927/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">ELECOM CO.,LTD.--WAB-S733IW2-PD</td> <td>Stack-based buffer overflow vulnerability exists in ELECOM wireless LAN=
access point devices. A crafted packet may lead to arbitrary code executio= n.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24465" target=3D= "_blank" rel=3D"noopener">CVE-2026-24465</a></td>

<a href=3D"https://www.elecom.co.jp/news/security/20260203-01/" target=3D"_= blank" rel=3D"noopener">https://www.elecom.co.jp/news/security/20260203-01/= </a> <a href=3D"https://www.elecom.co.jp/news/security/20260203-02/" tar= get=3D"_blank" rel=3D"noopener">https://www.elecom.co.jp/news/security/2026= 0203-02/</a> <a href=3D"https://jvn.jp/en/jp/JVN94012927/" target=3D"_bl= ank" rel=3D"noopener">https://jvn.jp/en/jp/JVN94012927/</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">continuwuity--continuwuity</td>
<td>continuwuity is a Matrix homeserver written in Rust. This vulnerability=
allows an attacker with a malicious remote server to cause the local serve=
r to sign an arbitrary event upon user interaction. Upon a user account lea= ving a room (rejecting an invite), joining a room or knocking on a room, th=
e victim server may ask a remote server for assistance. If the victim asks = the attacker server for assistance the attacker is able to provide an arbit= rary event, which the victim will sign and return to the attacker. For the = /leave endpoint, this works for any event with a supported room version, wh= ere the origin and origin_server_ts is set by the victim. For the /join end= point, an additionally victim-set content field in the format of a join mem= bership is needed. For the /knock endpoint, an additional victim-set conten=
t field in the format of a knock membership and a room version not between =
1 and 6 is needed. This was exploited as a part of a larger chain against t=
he continuwuity.org homeserver. This vulnerability affects all Conduit-deri= ved servers. This vulnerability is fixed in Continuwuity 0.5.1, Conduit 0.1= 0.11, Grapevine 0aae932b, and Tuwunel 1.4.9.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24471" target=3D= "_blank" rel=3D"noopener">CVE-2026-24471</a></td>

<a href=3D"https://github.com/continuwuity/continuwuity/security/advisories= /GHSA-m5p2-vccg-8c9v" target=3D"_blank" rel=3D"noopener">https://github.com= /continuwuity/continuwuity/security/advisories/GHSA-m5p2-vccg-8c9v</a> <=
a href=3D"https://forgejo.ellis.link/continuwuation/continuwuity/commit/12a= ecf809172205436c852a1eaf268c1a2c3a900" target=3D"_blank" rel=3D"noopener">h= ttps://forgejo.ellis.link/continuwuation/continuwuity/commit/12aecf80917220= 5436c852a1eaf268c1a2c3a900</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Roland Corporation--Roland Cloud Manager</td> <td>The installer for Roland Cloud Manager ver.3.1.19 and prior insecurely = loads Dynamic Link Libraries (DLLs), which could allow an attacker to execu=
te arbitrary code with the privileges of the application.</td> <td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24694" target=3D= "_blank" rel=3D"noopener">CVE-2026-24694</a></td>

<a href=3D"https://www.roland.com/global/products/rc_roland_cloud_manager/s= upport/#dl-support_documents" target=3D"_blank" rel=3D"noopener">https://ww= w.roland.com/global/products/rc_roland_cloud_manager/support/#dl-support_do= cuments</a> <a href=3D"https://jvn.jp/en/jp/JVN89992160/" target=3D"_bla= nk" rel=3D"noopener">https://jvn.jp/en/jp/JVN89992160/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Apache Software Foundation--Apache Answer</td> <td>Exposure of Private Personal Information to an Unauthorized Actor vulne= rability in Apache Answer. This issue affects Apache Answer: through 1.7.1.=
An unauthenticated API endpoint incorrectly exposes full revision history = for deleted content. This allows unauthorized user to retrieve restricted o=
r sensitive information. Users are recommended to upgrade to version 2.0.0,=
which fixes the issue.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24735" target=3D= "_blank" rel=3D"noopener">CVE-2026-24735</a></td>

<a href=3D"https://lists.apache.org/thread/whxloom7mpxlyt5wzdskflsg5mzdzd60=
" target=3D"_blank" rel=3D"noopener">https://lists.apache.org/thread/whxloo= m7mpxlyt5wzdskflsg5mzdzd60</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">rustfs--rustfs</td>
<td>RustFS is a distributed object storage system built in Rust. From versi= ons alpha.13 to alpha.81, RustFS logs sensitive credential material (access=
key, secret key, session token) to application logs at INFO level. This re= sults in credentials being recorded in plaintext in log output, which may b=
e accessible to internal or external log consumers and could lead to compro= mise of sensitive credentials. This issue has been patched in version alpha= .82.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24762" target=3D= "_blank" rel=3D"noopener">CVE-2026-24762</a></td>

<a href=3D"https://github.com/rustfs/rustfs/security/advisories/GHSA-r54g-4= 9rx-98cr" target=3D"_blank" rel=3D"noopener">https://github.com/rustfs/rust= fs/security/advisories/GHSA-r54g-49rx-98cr</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">RaspAP--raspap-webgui</td>
<td>RaspAP raspap-webgui versions prior to 3.3.6 contain an OS command inje= ction vulnerability. If exploited, an arbitrary OS command may be executed =
by a user who can log in to the product.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24788" target=3D= "_blank" rel=3D"noopener">CVE-2026-24788</a></td>

<a href=3D"https://github.com/RaspAP/raspap-webgui/releases" target=3D"_bla= nk" rel=3D"noopener">https://github.com/RaspAP/raspap-webgui/releases</a><b= r><a href=3D"https://jvn.jp/en/jp/JVN27202136/" target=3D"_blank" rel=3D"no= opener">https://jvn.jp/en/jp/JVN27202136/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">openfga--openfga</td>
<td>OpenFGA is a high-performance and flexible authorization/permission eng= ine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.5 to=
v1.11.2 ( openfga-0.2.22<=3D Helm chart <=3D openfga-0.2.51, v.1.8.5=
<=3D docker <=3D v.1.11.2) are vulnerable to improper policy enforce= ment when certain Check calls are executed. The vulnerability requires a mo= del that has a a relation directly assignable by a type bound public access=
and assignable by type bound non-public access, a tuple assigned for the r= elation that is a type bound public access, a tuple assigned for the same o= bject with the same relation that is not type bound public access, and a tu= ple assigned for a different object that has an object ID lexicographically=
larger with the same user and relation which is not type bound public acce= ss. This vulnerability is fixed in v1.11.3.</td>
<td>2026-02-06</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24851" target=3D= "_blank" rel=3D"noopener">CVE-2026-24851</a></td>

<a href=3D"https://github.com/openfga/openfga/security/advisories/GHSA-jq9f= -gm9w-rwm9" target=3D"_blank" rel=3D"noopener">https://github.com/openfga/o= penfga/security/advisories/GHSA-jq9f-gm9w-rwm9</a> <a href=3D"https://gi= thub.com/openfga/openfga/releases/tag/v1.11.3" target=3D"_blank" rel=3D"noo= pener">https://github.com/openfga/openfga/releases/tag/v1.11.3</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">anthropics--claude-code</td>
<td>Claude Code is an agentic coding tool. Prior to version 2.0.72, due to =
an error in command parsing, it was possible to bypass the Claude Code conf= irmation prompt to trigger execution of untrusted commands through the find=
command. Reliably exploiting this required the ability to add untrusted co= ntent into a Claude Code context window. This issue has been patched in ver= sion 2.0.72.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24887" target=3D= "_blank" rel=3D"noopener">CVE-2026-24887</a></td>

<a href=3D"https://github.com/anthropics/claude-code/security/advisories/GH= SA-qgqw-h4xq-7w8w" target=3D"_blank" rel=3D"noopener">https://github.com/an= thropics/claude-code/security/advisories/GHSA-qgqw-h4xq-7w8w</a> =C2=A0<=

</tr>

<td class=3D"vendor-product">AlgoNetLab--OrcaStatLLM-Researcher</td> <td>OrcaStatLLM Researcher is an LLM Based Research Paper Generator. A Stor=
ed Cross-Site Scripting (XSS) vulnerability was discovered in the Log Messa=
ge in the Session Page in OrcaStatLLM-Researcher that allows attackers to i= nject and execute arbitrary JavaScript code in victims' browsers through ma= licious research topic inputs.</td>
<td>2026-02-06</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24903" target=3D= "_blank" rel=3D"noopener">CVE-2026-24903</a></td>

<a href=3D"https://github.com/AlgoNetLab/OrcaStatLLM-Researcher/security/ad= visories/GHSA-47wv-g894-82m4" target=3D"_blank" rel=3D"noopener">https://gi= thub.com/AlgoNetLab/OrcaStatLLM-Researcher/security/advisories/GHSA-47wv-g8= 94-82m4</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">ASUSTOR--ADM</td>
<td>The DDNS update function in ADM fails to properly validate the hostname=
of the DDNS server's TLS/SSL certificate. Although the connection uses HTT= PS, an improper validated TLS/SSL certificates allows a remote attacker can=
intercept the communication to perform a Man-in-the-Middle (MitM) attack, = which may obtain the sensitive information of DDNS updating process, includ= ing the user's account email, MD5 hashed password, and device serial number=
. This issue affects ADM: from 4.1.0 through 4.3.3.ROF1, from 5.0.0 through=
5.1.1.RCI1.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24932" target=3D= "_blank" rel=3D"noopener">CVE-2026-24932</a></td>

<a href=3D"https://www.asustor.com/security/security_advisory_detail?id=3D5=
0" target=3D"_blank" rel=3D"noopener">https://www.asustor.com/security/secu= rity_advisory_detail?id=3D50</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">ASUSTOR--ADM</td>
<td>The API communication component fails to validate the SSL/TLS certifica=
te when sending HTTPS requests to the server. An improper certificates vali= dation vulnerability allows an unauthenticated remote attacker can perform =
a Man-in-the-Middle (MitM) attack to intercept the cleartext communication,=
potentially leading to the exposure of sensitive user information, includi=
ng account emails, MD5 hashed passwords, and device serial numbers. Affecte=
d products and versions include: from ADM 4.1.0 through ADM 4.3.3.ROF1 as w= ell as from ADM 5.0.0 through ADM 5.1.1.RCI1.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24933" target=3D= "_blank" rel=3D"noopener">CVE-2026-24933</a></td>

<a href=3D"https://www.asustor.com/security/security_advisory_detail?id=3D5=
0" target=3D"_blank" rel=3D"noopener">https://www.asustor.com/security/secu= rity_advisory_detail?id=3D50</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">ASUSTOR--ADM</td>
<td>The DDNS function uses an insecure HTTP connection or fails to validate=
the SSL/TLS certificate when querying an external server for the device's = WAN IP address. An unauthenticated remote attacker can perform a Man-in-the= -Middle (MitM) attack to spoof the response, leading the device to update i=
ts DDNS record with an incorrect IP address. Affected products and versions=
include: from ADM 4.1.0 through ADM 4.3.3.ROF1 as well as from ADM 5.0.0 t= hrough ADM 5.1.1.RCI1.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24934" target=3D= "_blank" rel=3D"noopener">CVE-2026-24934</a></td>

<a href=3D"https://www.asustor.com/security/security_advisory_detail?id=3D5=
0" target=3D"_blank" rel=3D"noopener">https://www.asustor.com/security/secu= rity_advisory_detail?id=3D50</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">ASUSTOR--ADM</td>
<td>A third-party NAT traversal module fails to validate SSL/TLS certificat=
es when connecting to the signaling server. While subsequent access to devi=
ce services requires additional authentication, a Man-in-the-Middle (MitM) = attacker can intercept or redirect the NAT tunnel establishment. This could=
allow an attacker to disrupt service availability or facilitate further ta= rgeted attacks by acting as a proxy between the user and the device service=
s. Affected products and versions include: from ADM 4.1.0 through ADM 4.3.3= .ROF1 as well as from ADM 5.0.0 through ADM 5.1.1.RCI1.</td> <td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24935" target=3D= "_blank" rel=3D"noopener">CVE-2026-24935</a></td>

<a href=3D"https://www.asustor.com/security/security_advisory_detail?id=3D5=
0" target=3D"_blank" rel=3D"noopener">https://www.asustor.com/security/secu= rity_advisory_detail?id=3D50</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">ASUSTOR--ADM</td>
<td>When a specific function is enabled while joining a AD Domain from ADM,=
an improper input parameters validation vulnerability in a specific CGI pr= ogram allowing an unauthenticated remote attacker to write arbitrary data t=
o any file on the system. By exploiting this vulnerability, attackers can o= verwrite critical system files, leading to a complete system compromise. Af= fected products and versions include: from ADM 4.1.0 through ADM 4.3.3.ROF1=
as well as from ADM 5.0.0 through ADM 5.1.1.RCI1.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24936" target=3D= "_blank" rel=3D"noopener">CVE-2026-24936</a></td>

<a href=3D"https://www.asustor.com/security/security_advisory_detail?id=3D5=
1" target=3D"_blank" rel=3D"noopener">https://www.asustor.com/security/secu= rity_advisory_detail?id=3D51</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Ajay--Better Search</td>
<td>Improper Neutralization of Input During Web Page Generation ('Cross-sit=
e Scripting') vulnerability in Ajay Better Search better-search allows Stor=
ed XSS. This issue affects Better Search: from n/a through <=3D 4.2.1.</=

<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24938" target=3D= "_blank" rel=3D"noopener">CVE-2026-24938</a></td>

<a href=3D"https://patchstack.com/database/Wordpress/Plugin/better-search/v= ulnerability/wordpress-better-search-plugin-4-2-1-cross-site-scripting-xss-= vulnerability?_s_id=3Dcve" target=3D"_blank" rel=3D"noopener">https://patch= stack.com/database/Wordpress/Plugin/better-search/vulnerability/wordpress-b= etter-search-plugin-4-2-1-cross-site-scripting-xss-vulnerability?_s_id=3Dcv= e</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">WP Chill--Modula Image Gallery</td>
<td>Missing Authorization vulnerability in WP Chill Modula Image Gallery mo= dula-best-grid-gallery allows Exploiting Incorrectly Configured Access Cont= rol Security Levels. This issue affects Modula Image Gallery: from n/a thro= ugh <=3D 2.13.6.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24939" target=3D= "_blank" rel=3D"noopener">CVE-2026-24939</a></td>

<a href=3D"https://patchstack.com/database/Wordpress/Plugin/modula-best-gri= d-gallery/vulnerability/wordpress-modula-image-gallery-plugin-2-13-6-broken= -access-control-vulnerability?_s_id=3Dcve" target=3D"_blank" rel=3D"noopene= r">https://patchstack.com/database/Wordpress/Plugin/modula-best-grid-galler= y/vulnerability/wordpress-modula-image-gallery-plugin-2-13-6-broken-access-= control-vulnerability?_s_id=3Dcve</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Themefic--Travelfic Toolkit</td>
<td>Missing Authorization vulnerability in Themefic Travelfic Toolkit trave= lfic-toolkit allows Exploiting Incorrectly Configured Access Control Securi=
ty Levels. This issue affects Travelfic Toolkit: from n/a through <=3D 1= .3.3.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24940" target=3D= "_blank" rel=3D"noopener">CVE-2026-24940</a></td>

<a href=3D"https://patchstack.com/database/Wordpress/Plugin/travelfic-toolk= it/vulnerability/wordpress-travelfic-toolkit-plugin-1-3-3-broken-access-con= trol-vulnerability?_s_id=3Dcve" target=3D"_blank" rel=3D"noopener">https://= patchstack.com/database/Wordpress/Plugin/travelfic-toolkit/vulnerability/wo= rdpress-travelfic-toolkit-plugin-1-3-3-broken-access-control-vulnerability?= _s_id=3Dcve</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">magepeopleteam--WpEvently</td>
<td>Cross-Site Request Forgery (CSRF) vulnerability in magepeopleteam WpEve= ntly mage-eventpress allows Cross Site Request Forgery. This issue affects = WpEvently: from n/a through <=3D 5.1.1.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24942" target=3D= "_blank" rel=3D"noopener">CVE-2026-24942</a></td>

<a href=3D"https://patchstack.com/database/Wordpress/Plugin/mage-eventpress= /vulnerability/wordpress-wpevently-plugin-5-1-1-cross-site-request-forgery-= csrf-vulnerability?_s_id=3Dcve" target=3D"_blank" rel=3D"noopener">https://= patchstack.com/database/Wordpress/Plugin/mage-eventpress/vulnerability/word= press-wpevently-plugin-5-1-1-cross-site-request-forgery-csrf-vulnerability?= _s_id=3Dcve</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Themefic--Ultimate Addons for Contact Form 7</=

<td>Missing Authorization vulnerability in Themefic Ultimate Addons for Con= tact Form 7 ultimate-addons-for-contact-form-7 allows Exploiting Incorrectl=
y Configured Access Control Security Levels. This issue affects Ultimate Ad= dons for Contact Form 7: from n/a through <=3D 3.5.34.</td> <td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24945" target=3D= "_blank" rel=3D"noopener">CVE-2026-24945</a></td>

<a href=3D"https://patchstack.com/database/Wordpress/Plugin/ultimate-addons= -for-contact-form-7/vulnerability/wordpress-ultimate-addons-for-contact-for= m-7-plugin-3-5-34-broken-access-control-vulnerability?_s_id=3Dcve" target= =3D"_blank" rel=3D"noopener">https://patchstack.com/database/Wordpress/Plug= in/ultimate-addons-for-contact-form-7/vulnerability/wordpress-ultimate-addo= ns-for-contact-form-7-plugin-3-5-34-broken-access-control-vulnerability?_s_= id=3Dcve</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">LA-Studio--LA-Studio Element Kit for Elementor= </td>
<td>Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit = for Elementor lastudio-element-kit allows Exploiting Incorrectly Configured=
Access Control Security Levels. This issue affects LA-Studio Element Kit f=
or Elementor: from n/a through < 1.5.6.3.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24947" target=3D= "_blank" rel=3D"noopener">CVE-2026-24947</a></td>

<a href=3D"https://patchstack.com/database/Wordpress/Plugin/lastudio-elemen= t-kit/vulnerability/wordpress-la-studio-element-kit-for-elementor-plugin-1-= 5-6-3-broken-access-control-vulnerability?_s_id=3Dcve" target=3D"_blank" re= l=3D"noopener">https://patchstack.com/database/Wordpress/Plugin/lastudio-el= ement-kit/vulnerability/wordpress-la-studio-element-kit-for-elementor-plugi= n-1-5-6-3-broken-access-control-vulnerability?_s_id=3Dcve</a> =C2=A0</td=

</tr>

<td class=3D"vendor-product">Saad Iqbal--myCred</td>
<td>Missing Authorization vulnerability in Saad Iqbal myCred mycred allows = Exploiting Incorrectly Configured Access Control Security Levels. This issu=
e affects myCred: from n/a through <=3D 2.9.7.3.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24951" target=3D= "_blank" rel=3D"noopener">CVE-2026-24951</a></td>

<a href=3D"https://patchstack.com/database/Wordpress/Plugin/mycred/vulnerab= ility/wordpress-mycred-plugin-2-9-7-3-broken-access-control-vulnerability?_= s_id=3Dcve" target=3D"_blank" rel=3D"noopener">https://patchstack.com/datab= ase/Wordpress/Plugin/mycred/vulnerability/wordpress-mycred-plugin-2-9-7-3-b= roken-access-control-vulnerability?_s_id=3Dcve</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Craig Hewitt--Seriously Simple Podcasting</td> <td>Improper Neutralization of Input During Web Page Generation ('Cross-sit=
e Scripting') vulnerability in Craig Hewitt Seriously Simple Podcasting ser= iously-simple-podcasting allows Stored XSS. This issue affects Seriously Si= mple Podcasting: from n/a through <=3D 3.14.1.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24952" target=3D= "_blank" rel=3D"noopener">CVE-2026-24952</a></td>

<a href=3D"https://patchstack.com/database/Wordpress/Plugin/seriously-simpl= e-podcasting/vulnerability/wordpress-seriously-simple-podcasting-plugin-3-1= 4-1-cross-site-scripting-xss-vulnerability?_s_id=3Dcve" target=3D"_blank" r= el=3D"noopener">https://patchstack.com/database/Wordpress/Plugin/seriously-= simple-podcasting/vulnerability/wordpress-seriously-simple-podcasting-plugi= n-3-14-1-cross-site-scripting-xss-vulnerability?_s_id=3Dcve</a> =C2=A0</=

</tr>

<td class=3D"vendor-product">magepeopleteam--WpEvently</td>
<td>Deserialization of Untrusted Data vulnerability in magepeopleteam WpEve= ntly mage-eventpress allows Object Injection. This issue affects WpEvently:=
from n/a through <=3D 5.0.8.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24954" target=3D= "_blank" rel=3D"noopener">CVE-2026-24954</a></td>

<a href=3D"https://patchstack.com/database/Wordpress/Plugin/mage-eventpress= /vulnerability/wordpress-wpevently-plugin-5-0-8-deserialization-of-untruste= d-data-vulnerability?_s_id=3Dcve" target=3D"_blank" rel=3D"noopener">https:= //patchstack.com/database/Wordpress/Plugin/mage-eventpress/vulnerability/wo= rdpress-wpevently-plugin-5-0-8-deserialization-of-untrusted-data-vulnerabil= ity?_s_id=3Dcve</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">WP Chill--Strong Testimonials</td>
<td>Missing Authorization vulnerability in WP Chill Strong Testimonials str= ong-testimonials allows Exploiting Incorrectly Configured Access Control Se= curity Levels. This issue affects Strong Testimonials: from n/a through &lt= ;=3D 3.2.20.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24957" target=3D= "_blank" rel=3D"noopener">CVE-2026-24957</a></td>

<a href=3D"https://patchstack.com/database/Wordpress/Plugin/strong-testimon= ials/vulnerability/wordpress-strong-testimonials-plugin-3-2-20-broken-acces= s-control-vulnerability?_s_id=3Dcve" target=3D"_blank" rel=3D"noopener">htt= ps://patchstack.com/database/Wordpress/Plugin/strong-testimonials/vulnerabi= lity/wordpress-strong-testimonials-plugin-3-2-20-broken-access-control-vuln= erability?_s_id=3Dcve</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Crocoblock--JetElements For Elementor</td> <td>Improper Neutralization of Input During Web Page Generation ('Cross-sit=
e Scripting') vulnerability in Crocoblock JetElements For Elementor jet-ele= ments allows DOM-Based XSS. This issue affects JetElements For Elementor: f= rom n/a through <=3D 2.7.12.2.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24958" target=3D= "_blank" rel=3D"noopener">CVE-2026-24958</a></td>

<a href=3D"https://patchstack.com/database/Wordpress/Plugin/jet-elements/vu= lnerability/wordpress-jetelements-for-elementor-plugin-2-7-12-2-cross-site-= scripting-xss-vulnerability?_s_id=3Dcve" target=3D"_blank" rel=3D"noopener"= >https://patchstack.com/database/Wordpress/Plugin/jet-elements/vulnerabilit= y/wordpress-jetelements-for-elementor-plugin-2-7-12-2-cross-site-scripting-= xss-vulnerability?_s_id=3Dcve</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">ThemeGoods--Grand Blog</td>
<td>Server-Side Request Forgery (SSRF) vulnerability in ThemeGoods Grand Bl=
og grandblog allows Server Side Request Forgery. This issue affects Grand B= log: from n/a through < 3.1.5.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24961" target=3D= "_blank" rel=3D"noopener">CVE-2026-24961</a></td>

<a href=3D"https://patchstack.com/database/Wordpress/Theme/grandblog/vulner= ability/wordpress-grand-blog-theme-3-1-5-server-side-request-forgery-ssrf-v= ulnerability?_s_id=3Dcve" target=3D"_blank" rel=3D"noopener">https://patchs= tack.com/database/Wordpress/Theme/grandblog/vulnerability/wordpress-grand-b= log-theme-3-1-5-server-side-request-forgery-ssrf-vulnerability?_s_id=3Dcve<= /a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Brainstorm Force--Sigmize</td>
<td>Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Sig= mize sigmize allows Cross Site Request Forgery. This issue affects Sigmize:=
from n/a through <=3D 0.0.9.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24962" target=3D= "_blank" rel=3D"noopener">CVE-2026-24962</a></td>

<a href=3D"https://patchstack.com/database/Wordpress/Plugin/sigmize/vulnera= bility/wordpress-sigmize-plugin-0-0-9-cross-site-request-forgery-csrf-vulne= rability?_s_id=3Dcve" target=3D"_blank" rel=3D"noopener">https://patchstack= .com/database/Wordpress/Plugin/sigmize/vulnerability/wordpress-sigmize-plug= in-0-0-9-cross-site-request-forgery-csrf-vulnerability?_s_id=3Dcve</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">Wasiliy Strecker / ContestGallery developer--C= ontest Gallery</td>
<td>Missing Authorization vulnerability in Wasiliy Strecker / ContestGaller=
y developer Contest Gallery contest-gallery allows Exploiting Incorrectly C= onfigured Access Control Security Levels. This issue affects Contest Galler=
y: from n/a through <=3D 28.1.1.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24965" target=3D= "_blank" rel=3D"noopener">CVE-2026-24965</a></td>

<a href=3D"https://patchstack.com/database/Wordpress/Plugin/contest-gallery= /vulnerability/wordpress-contest-gallery-plugin-28-1-1-broken-access-contro= l-vulnerability?_s_id=3Dcve" target=3D"_blank" rel=3D"noopener">https://pat= chstack.com/database/Wordpress/Plugin/contest-gallery/vulnerability/wordpre= ss-contest-gallery-plugin-28-1-1-broken-access-control-vulnerability?_s_id= =3Dcve</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Copyscape--Copyscape Premium</td>
<td>Cross-Site Request Forgery (CSRF) vulnerability in Copyscape Copyscape = Premium copyscape-premium allows Cross Site Request Forgery. This issue aff= ects Copyscape Premium: from n/a through <=3D 1.4.1.</td> <td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24966" target=3D= "_blank" rel=3D"noopener">CVE-2026-24966</a></td>

<a href=3D"https://patchstack.com/database/Wordpress/Plugin/copyscape-premi= um/vulnerability/wordpress-copyscape-premium-plugin-1-4-1-cross-site-reques= t-forgery-csrf-vulnerability?_s_id=3Dcve" target=3D"_blank" rel=3D"noopener= ">https://patchstack.com/database/Wordpress/Plugin/copyscape-premium/vulner= ability/wordpress-copyscape-premium-plugin-1-4-1-cross-site-request-forgery= -csrf-vulnerability?_s_id=3Dcve</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">ameliabooking--Amelia</td>
<td>Missing Authorization vulnerability in ameliabooking Amelia ameliabooki=
ng allows Exploiting Incorrectly Configured Access Control Security Levels.=
This issue affects Amelia: from n/a through <=3D 1.2.38.</td> <td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24967" target=3D= "_blank" rel=3D"noopener">CVE-2026-24967</a></td>

<a href=3D"https://patchstack.com/database/Wordpress/Plugin/ameliabooking/v= ulnerability/wordpress-amelia-plugin-1-2-38-broken-access-control-vulnerabi= lity?_s_id=3Dcve" target=3D"_blank" rel=3D"noopener">https://patchstack.com= /database/Wordpress/Plugin/ameliabooking/vulnerability/wordpress-amelia-plu= gin-1-2-38-broken-access-control-vulnerability?_s_id=3Dcve</a> =C2=A0</t=

</tr>

<td class=3D"vendor-product">Brainstorm Force--Spectra</td>
<td>Missing Authorization vulnerability in Brainstorm Force Spectra ultimat= e-addons-for-gutenberg allows Exploiting Incorrectly Configured Access Cont= rol Security Levels. This issue affects Spectra: from n/a through <=3D 2= .19.17.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24982" target=3D= "_blank" rel=3D"noopener">CVE-2026-24982</a></td>

<a href=3D"https://patchstack.com/database/Wordpress/Plugin/ultimate-addons= -for-gutenberg/vulnerability/wordpress-spectra-plugin-2-19-17-broken-access= -control-vulnerability?_s_id=3Dcve" target=3D"_blank" rel=3D"noopener">http= s://patchstack.com/database/Wordpress/Plugin/ultimate-addons-for-gutenberg/= vulnerability/wordpress-spectra-plugin-2-19-17-broken-access-control-vulner= ability?_s_id=3Dcve</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Brecht--Visual Link Preview</td>
<td>Missing Authorization vulnerability in Brecht Visual Link Preview visua= l-link-preview allows Exploiting Incorrectly Configured Access Control Secu= rity Levels. This issue affects Visual Link Preview: from n/a through <=
=3D 2.2.9.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24984" target=3D= "_blank" rel=3D"noopener">CVE-2026-24984</a></td>

<a href=3D"https://patchstack.com/database/Wordpress/Plugin/visual-link-pre= view/vulnerability/wordpress-visual-link-preview-plugin-2-2-9-broken-access= -control-vulnerability?_s_id=3Dcve" target=3D"_blank" rel=3D"noopener">http= s://patchstack.com/database/Wordpress/Plugin/visual-link-preview/vulnerabil= ity/wordpress-visual-link-preview-plugin-2-2-9-broken-access-control-vulner= ability?_s_id=3Dcve</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">approveme--WP Forms Signature Contract Add-On<=

<td>Missing Authorization vulnerability in approveme WP Forms Signature Con= tract Add-On wp-forms-signature-contract-add-on allows Exploiting Incorrect=
ly Configured Access Control Security Levels. This issue affects WP Forms S= ignature Contract Add-On: from n/a through <=3D 1.8.2.</td> <td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24985" target=3D= "_blank" rel=3D"noopener">CVE-2026-24985</a></td>

<a href=3D"https://patchstack.com/database/Wordpress/Plugin/wp-forms-signat= ure-contract-add-on/vulnerability/wordpress-wp-forms-signature-contract-add= -on-plugin-1-8-2-broken-access-control-to-notice-dismissal-vulnerability?_s= _id=3Dcve" target=3D"_blank" rel=3D"noopener">https://patchstack.com/databa= se/Wordpress/Plugin/wp-forms-signature-contract-add-on/vulnerability/wordpr= ess-wp-forms-signature-contract-add-on-plugin-1-8-2-broken-access-control-t= o-notice-dismissal-vulnerability?_s_id=3Dcve</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">wp.insider--Simple Membership WP user Import</=

<td>Cross-Site Request Forgery (CSRF) vulnerability in wp.insider Simple Me= mbership WP user Import simple-membership-wp-user-import allows Cross Site = Request Forgery. This issue affects Simple Membership WP user Import: from = n/a through <=3D 1.9.1.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24986" target=3D= "_blank" rel=3D"noopener">CVE-2026-24986</a></td>

<a href=3D"https://patchstack.com/database/Wordpress/Plugin/simple-membersh= ip-wp-user-import/vulnerability/wordpress-simple-membership-wp-user-import-= plugin-1-9-1-cross-site-request-forgery-csrf-vulnerability?_s_id=3Dcve" tar= get=3D"_blank" rel=3D"noopener">https://patchstack.com/database/Wordpress/P= lugin/simple-membership-wp-user-import/vulnerability/wordpress-simple-membe= rship-wp-user-import-plugin-1-9-1-cross-site-request-forgery-csrf-vulnerabi= lity?_s_id=3Dcve</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Brian Hogg--The Events Calendar Shortcode &amp=
; Block</td>
<td>Improper Neutralization of Input During Web Page Generation ('Cross-sit=
e Scripting') vulnerability in Brian Hogg The Events Calendar Shortcode &am= p;amp; Block the-events-calendar-shortcode allows Stored XSS. This issue af= fects The Events Calendar Shortcode &amp; Block: from n/a through <=
=3D 3.1.1.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24988" target=3D= "_blank" rel=3D"noopener">CVE-2026-24988</a></td>

<a href=3D"https://patchstack.com/database/Wordpress/Plugin/the-events-cale= ndar-shortcode/vulnerability/wordpress-the-events-calendar-shortcode-block-= plugin-3-1-1-cross-site-scripting-xss-vulnerability?_s_id=3Dcve" target=3D"= _blank" rel=3D"noopener">https://patchstack.com/database/Wordpress/Plugin/t= he-events-calendar-shortcode/vulnerability/wordpress-the-events-calendar-sh= ortcode-block-plugin-3-1-1-cross-site-scripting-xss-vulnerability?_s_id=3Dc= ve</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Fahad Mahmood--WP Docs</td>
<td>Missing Authorization vulnerability in Fahad Mahmood WP Docs wp-docs al= lows Exploiting Incorrectly Configured Access Control Security Levels. This=
issue affects WP Docs: from n/a through <=3D 2.2.8.</td> <td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24990" target=3D= "_blank" rel=3D"noopener">CVE-2026-24990</a></td>

<a href=3D"https://patchstack.com/database/Wordpress/Plugin/wp-docs/vulnera= bility/wordpress-wp-docs-plugin-2-2-8-broken-access-control-vulnerability?_= s_id=3Dcve" target=3D"_blank" rel=3D"noopener">https://patchstack.com/datab= ase/Wordpress/Plugin/wp-docs/vulnerability/wordpress-wp-docs-plugin-2-2-8-b= roken-access-control-vulnerability?_s_id=3Dcve</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">HT Plugins--Extensions For CF7</td> <td>Authorization Bypass Through User-Controlled Key vulnerability in HT Pl= ugins Extensions For CF7 extensions-for-cf7 allows Exploiting Incorrectly C= onfigured Access Control Security Levels. This issue affects Extensions For=
CF7: from n/a through <=3D 3.4.0.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24991" target=3D= "_blank" rel=3D"noopener">CVE-2026-24991</a></td>

<a href=3D"https://patchstack.com/database/Wordpress/Plugin/extensions-for-= cf7/vulnerability/wordpress-extensions-for-cf7-plugin-3-4-0-insecure-direct= -object-references-idor-vulnerability?_s_id=3Dcve" target=3D"_blank" rel=3D= "noopener">https://patchstack.com/database/Wordpress/Plugin/extensions-for-= cf7/vulnerability/wordpress-extensions-for-cf7-plugin-3-4-0-insecure-direct= -object-references-idor-vulnerability?_s_id=3Dcve</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">WPFactory--Advanced WooCommerce Product Sales = Reporting</td>
<td>Insertion of Sensitive Information Into Sent Data vulnerability in WPFa= ctory Advanced WooCommerce Product Sales Reporting webd-woocommerce-advance= d-reporting-statistics allows Retrieve Embedded Sensitive Data. This issue = affects Advanced WooCommerce Product Sales Reporting: from n/a through <= =3D 4.1.2.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24992" target=3D= "_blank" rel=3D"noopener">CVE-2026-24992</a></td>

<a href=3D"https://patchstack.com/database/Wordpress/Plugin/webd-woocommerc= e-advanced-reporting-statistics/vulnerability/wordpress-advanced-woocommerc= e-product-sales-reporting-plugin-4-1-2-sensitive-data-exposure-vulnerabilit= y?_s_id=3Dcve" target=3D"_blank" rel=3D"noopener">https://patchstack.com/da= tabase/Wordpress/Plugin/webd-woocommerce-advanced-reporting-statistics/vuln= erability/wordpress-advanced-woocommerce-product-sales-reporting-plugin-4-1= -2-sensitive-data-exposure-vulnerability?_s_id=3Dcve</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">sunshinephotocart--Sunshine Photo Cart</td> <td>Missing Authorization vulnerability in sunshinephotocart Sunshine Photo=
Cart sunshine-photo-cart allows Exploiting Incorrectly Configured Access C= ontrol Security Levels. This issue affects Sunshine Photo Cart: from n/a th= rough <=3D 3.5.7.2.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24994" target=3D= "_blank" rel=3D"noopener">CVE-2026-24994</a></td>

<a href=3D"https://patchstack.com/database/Wordpress/Plugin/sunshine-photo-= cart/vulnerability/wordpress-sunshine-photo-cart-plugin-3-5-7-2-broken-acce= ss-control-vulnerability?_s_id=3Dcve" target=3D"_blank" rel=3D"noopener">ht= tps://patchstack.com/database/Wordpress/Plugin/sunshine-photo-cart/vulnerab= ility/wordpress-sunshine-photo-cart-plugin-3-5-7-2-broken-access-control-vu= lnerability?_s_id=3Dcve</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Iulia Cazan--Latest Post Shortcode</td> <td>Missing Authorization vulnerability in Iulia Cazan Latest Post Shortcod=
e latest-post-shortcode allows Exploiting Incorrectly Configured Access Con= trol Security Levels. This issue affects Latest Post Shortcode: from n/a th= rough <=3D 14.2.0.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24995" target=3D= "_blank" rel=3D"noopener">CVE-2026-24995</a></td>

<a href=3D"https://patchstack.com/database/Wordpress/Plugin/latest-post-sho= rtcode/vulnerability/wordpress-latest-post-shortcode-plugin-14-2-0-broken-a= ccess-control-vulnerability?_s_id=3Dcve" target=3D"_blank" rel=3D"noopener"= >https://patchstack.com/database/Wordpress/Plugin/latest-post-shortcode/vul= nerability/wordpress-latest-post-shortcode-plugin-14-2-0-broken-access-cont= rol-vulnerability?_s_id=3Dcve</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">wpelemento--WPElemento Importer</td>
<td>Missing Authorization vulnerability in wpelemento WPElemento Importer w= pelemento-importer allows Exploiting Incorrectly Configured Access Control = Security Levels. This issue affects WPElemento Importer: from n/a through &= lt;=3D 0.6.4.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24996" target=3D= "_blank" rel=3D"noopener">CVE-2026-24996</a></td>

<a href=3D"https://patchstack.com/database/Wordpress/Plugin/wpelemento-impo= rter/vulnerability/wordpress-wpelemento-importer-plugin-0-6-4-broken-access= -control-vulnerability?_s_id=3Dcve" target=3D"_blank" rel=3D"noopener">http= s://patchstack.com/database/Wordpress/Plugin/wpelemento-importer/vulnerabil= ity/wordpress-wpelemento-importer-plugin-0-6-4-broken-access-control-vulner= ability?_s_id=3Dcve</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Wired Impact--Wired Impact Volunteer Managemen= t</td>
<td>Missing Authorization vulnerability in Wired Impact Wired Impact Volunt= eer Management wired-impact-volunteer-management allows Exploiting Incorrec= tly Configured Access Control Security Levels. This issue affects Wired Imp= act Volunteer Management: from n/a through <=3D 2.8.</td> <td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24997" target=3D= "_blank" rel=3D"noopener">CVE-2026-24997</a></td>

<a href=3D"https://patchstack.com/database/Wordpress/Plugin/wired-impact-vo= lunteer-management/vulnerability/wordpress-wired-impact-volunteer-managemen= t-plugin-2-8-broken-access-control-vulnerability?_s_id=3Dcve" target=3D"_bl= ank" rel=3D"noopener">https://patchstack.com/database/Wordpress/Plugin/wire= d-impact-volunteer-management/vulnerability/wordpress-wired-impact-voluntee= r-management-plugin-2-8-broken-access-control-vulnerability?_s_id=3Dcve</a>= =C2=A0</td>
</tr>

<td class=3D"vendor-product">WPMU DEV - Your All-in-One WordPress Platform-= -Hustle</td>
<td>Exposure of Sensitive System Information to an Unauthorized Control Sph= ere vulnerability in WPMU DEV - Your All-in-One WordPress Platform Hustle w= ordpress-popup allows Retrieve Embedded Sensitive Data. This issue affects = Hustle: from n/a through <=3D 7.8.9.2.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-24998" target=3D= "_blank" rel=3D"noopener">CVE-2026-24998</a></td>

<a href=3D"https://patchstack.com/database/Wordpress/Plugin/wordpress-popup= /vulnerability/wordpress-hustle-plugin-7-8-9-2-sensitive-data-exposure-vuln= erability?_s_id=3Dcve" target=3D"_blank" rel=3D"noopener">https://patchstac= k.com/database/Wordpress/Plugin/wordpress-popup/vulnerability/wordpress-hus= tle-plugin-7-8-9-2-sensitive-data-exposure-vulnerability?_s_id=3Dcve</a><br= >=C2=A0</td>
</tr>

<td class=3D"vendor-product">ILLID--Share This Image</td>
<td>Missing Authorization vulnerability in ILLID Share This Image share-thi= s-image allows Exploiting Incorrectly Configured Access Control Security Le= vels. This issue affects Share This Image: from n/a through <=3D 2.09.</=

<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25010" target=3D= "_blank" rel=3D"noopener">CVE-2026-25010</a></td>

<a href=3D"https://patchstack.com/database/Wordpress/Plugin/share-this-imag= e/vulnerability/wordpress-share-this-image-plugin-2-09-broken-access-contro= l-vulnerability?_s_id=3Dcve" target=3D"_blank" rel=3D"noopener">https://pat= chstack.com/database/Wordpress/Plugin/share-this-image/vulnerability/wordpr= ess-share-this-image-plugin-2-09-broken-access-control-vulnerability?_s_id= =3Dcve</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Northern Beaches Websites--WP Custom Admin Int= erface</td>
<td>Missing Authorization vulnerability in Northern Beaches Websites WP Cus= tom Admin Interface wp-custom-admin-interface allows Exploiting Incorrectly=
Configured Access Control Security Levels. This issue affects WP Custom Ad= min Interface: from n/a through <=3D 7.41.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25011" target=3D= "_blank" rel=3D"noopener">CVE-2026-25011</a></td>

<a href=3D"https://patchstack.com/database/Wordpress/Plugin/wp-custom-admin= -interface/vulnerability/wordpress-wp-custom-admin-interface-plugin-7-41-br= oken-access-control-vulnerability?_s_id=3Dcve" target=3D"_blank" rel=3D"noo= pener">https://patchstack.com/database/Wordpress/Plugin/wp-custom-admin-int= erface/vulnerability/wordpress-wp-custom-admin-interface-plugin-7-41-broken= -access-control-vulnerability?_s_id=3Dcve</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">gfazioli--WP Bannerize Pro</td>
<td>Missing Authorization vulnerability in gfazioli WP Bannerize Pro wp-ban= nerize-pro allows Exploiting Incorrectly Configured Access Control Security=
Levels. This issue affects WP Bannerize Pro: from n/a through <=3D 1.11= .0.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25012" target=3D= "_blank" rel=3D"noopener">CVE-2026-25012</a></td>

<a href=3D"https://patchstack.com/database/Wordpress/Plugin/wp-bannerize-pr= o/vulnerability/wordpress-wp-bannerize-pro-plugin-1-11-0-broken-access-cont= rol-vulnerability?_s_id=3Dcve" target=3D"_blank" rel=3D"noopener">https://p= atchstack.com/database/Wordpress/Plugin/wp-bannerize-pro/vulnerability/word= press-wp-bannerize-pro-plugin-1-11-0-broken-access-control-vulnerability?_s= _id=3Dcve</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">themelooks--Enter Addons</td>
<td>Cross-Site Request Forgery (CSRF) vulnerability in themelooks Enter Add= ons enteraddons allows Cross Site Request Forgery. This issue affects Enter=
Addons: from n/a through <=3D 2.3.2.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25014" target=3D= "_blank" rel=3D"noopener">CVE-2026-25014</a></td>

<a href=3D"https://patchstack.com/database/Wordpress/Plugin/enteraddons/vul= nerability/wordpress-enter-addons-plugin-2-3-2-cross-site-request-forgery-c= srf-vulnerability?_s_id=3Dcve" target=3D"_blank" rel=3D"noopener">https://p= atchstack.com/database/Wordpress/Plugin/enteraddons/vulnerability/wordpress= -enter-addons-plugin-2-3-2-cross-site-request-forgery-csrf-vulnerability?_s= _id=3Dcve</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Stiofan--UsersWP</td>
<td>Cross-Site Request Forgery (CSRF) vulnerability in Stiofan UsersWP user= swp allows Cross Site Request Forgery. This issue affects UsersWP: from n/a=
through <=3D 1.2.53.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25015" target=3D= "_blank" rel=3D"noopener">CVE-2026-25015</a></td>

<a href=3D"https://patchstack.com/database/Wordpress/Plugin/userswp/vulnera= bility/wordpress-userswp-plugin-1-2-53-cross-site-request-forgery-csrf-vuln= erability?_s_id=3Dcve" target=3D"_blank" rel=3D"noopener">https://patchstac= k.com/database/Wordpress/Plugin/userswp/vulnerability/wordpress-userswp-plu= gin-1-2-53-cross-site-request-forgery-csrf-vulnerability?_s_id=3Dcve</a><br= >=C2=A0</td>
</tr>

<td class=3D"vendor-product">Nelio Software--Nelio Popups</td>
<td>Missing Authorization vulnerability in Nelio Software Nelio Popups neli= o-popups allows Exploiting Incorrectly Configured Access Control Security L= evels. This issue affects Nelio Popups: from n/a through <=3D 1.3.5.</td=

<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25016" target=3D= "_blank" rel=3D"noopener">CVE-2026-25016</a></td>

<a href=3D"https://patchstack.com/database/Wordpress/Plugin/nelio-popups/vu= lnerability/wordpress-nelio-popups-plugin-1-3-5-broken-access-control-vulne= rability?_s_id=3Dcve" target=3D"_blank" rel=3D"noopener">https://patchstack= .com/database/Wordpress/Plugin/nelio-popups/vulnerability/wordpress-nelio-p= opups-plugin-1-3-5-broken-access-control-vulnerability?_s_id=3Dcve</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">Vito Peleg--Atarim</td>
<td>Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-= collaboration allows Exploiting Incorrectly Configured Access Control Secur= ity Levels. This issue affects Atarim: from n/a through <=3D 4.3.1.</td> <td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25019" target=3D= "_blank" rel=3D"noopener">CVE-2026-25019</a></td>

<a href=3D"https://patchstack.com/database/Wordpress/Plugin/atarim-visual-c= ollaboration/vulnerability/wordpress-atarim-plugin-4-3-1-broken-access-cont= rol-vulnerability?_s_id=3Dcve" target=3D"_blank" rel=3D"noopener">https://p= atchstack.com/database/Wordpress/Plugin/atarim-visual-collaboration/vulnera= bility/wordpress-atarim-plugin-4-3-1-broken-access-control-vulnerability?_s= _id=3Dcve</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">WP connect--WP Sync for Notion</td>
<td>Missing Authorization vulnerability in WP connect WP Sync for Notion wp= -sync-for-notion allows Exploiting Incorrectly Configured Access Control Se= curity Levels. This issue affects WP Sync for Notion: from n/a through <= =3D 1.7.0.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25020" target=3D= "_blank" rel=3D"noopener">CVE-2026-25020</a></td>

<a href=3D"https://patchstack.com/database/Wordpress/Plugin/wp-sync-for-not= ion/vulnerability/wordpress-wp-sync-for-notion-plugin-1-7-0-broken-access-c= ontrol-vulnerability?_s_id=3Dcve" target=3D"_blank" rel=3D"noopener">https:= //patchstack.com/database/Wordpress/Plugin/wp-sync-for-notion/vulnerability= /wordpress-wp-sync-for-notion-plugin-1-7-0-broken-access-control-vulnerabil= ity?_s_id=3Dcve</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Mizan Themes--Mizan Demo Importer</td>
<td>Missing Authorization vulnerability in Mizan Themes Mizan Demo Importer=
mizan-demo-importer allows Exploiting Incorrectly Configured Access Contro=
l Security Levels. This issue affects Mizan Demo Importer: from n/a through=
<=3D 0.1.3.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25021" target=3D= "_blank" rel=3D"noopener">CVE-2026-25021</a></td>

<a href=3D"https://patchstack.com/database/Wordpress/Plugin/mizan-demo-impo= rter/vulnerability/wordpress-mizan-demo-importer-plugin-0-1-3-broken-access= -control-vulnerability?_s_id=3Dcve" target=3D"_blank" rel=3D"noopener">http= s://patchstack.com/database/Wordpress/Plugin/mizan-demo-importer/vulnerabil= ity/wordpress-mizan-demo-importer-plugin-0-1-3-broken-access-control-vulner= ability?_s_id=3Dcve</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Iqonic Design--KiviCare</td>
<td>Improper Neutralization of Special Elements used in an SQL Command ('SQ=
L Injection') vulnerability in Iqonic Design KiviCare kivicare-clinic-manag= ement-system allows Blind SQL Injection. This issue affects KiviCare: from = n/a through <=3D 3.6.16.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25022" target=3D= "_blank" rel=3D"noopener">CVE-2026-25022</a></td>

<a href=3D"https://patchstack.com/database/Wordpress/Plugin/kivicare-clinic= -management-system/vulnerability/wordpress-kivicare-plugin-3-6-16-sql-injec= tion-vulnerability?_s_id=3Dcve" target=3D"_blank" rel=3D"noopener">https://= patchstack.com/database/Wordpress/Plugin/kivicare-clinic-management-system/= vulnerability/wordpress-kivicare-plugin-3-6-16-sql-injection-vulnerability?= _s_id=3Dcve</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">mdedev--Run Contests, Raffles, and Giveaways w= ith ContestsWP</td>
<td>Exposure of Sensitive System Information to an Unauthorized Control Sph= ere vulnerability in mdedev Run Contests, Raffles, and Giveaways with Conte= stsWP contest-code-checker allows Retrieve Embedded Sensitive Data. This is= sue affects Run Contests, Raffles, and Giveaways with ContestsWP: from n/a = through <=3D 2.0.7.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25023" target=3D= "_blank" rel=3D"noopener">CVE-2026-25023</a></td>

<a href=3D"https://patchstack.com/database/Wordpress/Plugin/contest-code-ch= ecker/vulnerability/wordpress-run-contests-raffles-and-giveaways-with-conte= stswp-plugin-2-0-7-sensitive-data-exposure-vulnerability?_s_id=3Dcve" targe= t=3D"_blank" rel=3D"noopener">https://patchstack.com/database/Wordpress/Plu= gin/contest-code-checker/vulnerability/wordpress-run-contests-raffles-and-g= iveaways-with-contestswp-plugin-2-0-7-sensitive-data-exposure-vulnerability= ?_s_id=3Dcve</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Blair Williams--ThirstyAffiliates</td> <td>Cross-Site Request Forgery (CSRF) vulnerability in Blair Williams Thirs= tyAffiliates thirstyaffiliates allows Cross Site Request Forgery. This issu=
e affects ThirstyAffiliates: from n/a through <=3D 3.11.9.</td> <td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25024" target=3D= "_blank" rel=3D"noopener">CVE-2026-25024</a></td>

<a href=3D"https://patchstack.com/database/Wordpress/Plugin/thirstyaffiliat= es/vulnerability/wordpress-thirstyaffiliates-plugin-3-11-9-cross-site-reque= st-forgery-csrf-vulnerability?_s_id=3Dcve" target=3D"_blank" rel=3D"noopene= r">https://patchstack.com/database/Wordpress/Plugin/thirstyaffiliates/vulne= rability/wordpress-thirstyaffiliates-plugin-3-11-9-cross-site-request-forge= ry-csrf-vulnerability?_s_id=3Dcve</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">ThemeMove--Unicamp</td>
<td>Improper Control of Filename for Include/Require Statement in PHP Progr=
am ('PHP Remote File Inclusion') vulnerability in ThemeMove Unicamp unicamp=
allows PHP Local File Inclusion. This issue affects Unicamp: from n/a thro= ugh <=3D 2.7.1.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25027" target=3D= "_blank" rel=3D"noopener">CVE-2026-25027</a></td>

<a href=3D"https://patchstack.com/database/Wordpress/Theme/unicamp/vulnerab= ility/wordpress-unicamp-theme-2-7-1-local-file-inclusion-vulnerability?_s_i= d=3Dcve" target=3D"_blank" rel=3D"noopener">https://patchstack.com/database= /Wordpress/Theme/unicamp/vulnerability/wordpress-unicamp-theme-2-7-1-local-= file-inclusion-vulnerability?_s_id=3Dcve</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Element Invader--ElementInvader Addons for Ele= mentor</td>
<td>Missing Authorization vulnerability in Element Invader ElementInvader A= ddons for Elementor elementinvader-addons-for-elementor allows Exploiting I= ncorrectly Configured Access Control Security Levels. This issue affects El= ementInvader Addons for Elementor: from n/a through <=3D 1.4.1.</td> <td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25028" target=3D= "_blank" rel=3D"noopener">CVE-2026-25028</a></td>

<a href=3D"https://patchstack.com/database/Wordpress/Plugin/elementinvader-= addons-for-elementor/vulnerability/wordpress-elementinvader-addons-for-elem= entor-plugin-1-4-1-broken-access-control-vulnerability?_s_id=3Dcve" target= =3D"_blank" rel=3D"noopener">https://patchstack.com/database/Wordpress/Plug= in/elementinvader-addons-for-elementor/vulnerability/wordpress-elementinvad= er-addons-for-elementor-plugin-1-4-1-broken-access-control-vulnerability?_s= _id=3Dcve</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">WP Chill--Passster</td>
<td>Missing Authorization vulnerability in WP Chill Passster content-protec= tor allows Exploiting Incorrectly Configured Access Control Security Levels=
. This issue affects Passster: from n/a through <=3D 4.2.25.</td> <td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25036" target=3D= "_blank" rel=3D"noopener">CVE-2026-25036</a></td>

<a href=3D"https://patchstack.com/database/Wordpress/Plugin/content-protect= or/vulnerability/wordpress-passster-plugin-4-2-25-broken-access-control-vul= nerability?_s_id=3Dcve" target=3D"_blank" rel=3D"noopener">https://patchsta= ck.com/database/Wordpress/Plugin/content-protector/vulnerability/wordpress-= passster-plugin-4-2-25-broken-access-control-vulnerability?_s_id=3Dcve</a><= br>=C2=A0</td>
</tr>

<td class=3D"vendor-product">n8n-io--n8n</td>
<td>n8n is an open source workflow automation platform. Prior to versions 1= .123.17 and 2.5.2, an authenticated user with permission to create or modif=
y workflows could abuse crafted expressions in workflow parameters to trigg=
er unintended system command execution on the host running n8n. This issue = has been patched in versions 1.123.17 and 2.5.2.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25049" target=3D= "_blank" rel=3D"noopener">CVE-2026-25049</a></td>

<a href=3D"https://github.com/n8n-io/n8n/security/advisories/GHSA-6cqr-8cfr= -67f8" target=3D"_blank" rel=3D"noopener">https://github.com/n8n-io/n8n/sec= urity/advisories/GHSA-6cqr-8cfr-67f8</a> <a href=3D"https://github.com/n= 8n-io/n8n/commit/7860896909b3d42993a36297f053d2b0e633235d" target=3D"_blank=
" rel=3D"noopener">https://github.com/n8n-io/n8n/commit/7860896909b3d42993a= 36297f053d2b0e633235d</a> <a href=3D"https://github.com/n8n-io/n8n/commi= t/936c06cfc1ad269a89e8ef7f8ac79c104436d54b" target=3D"_blank" rel=3D"noopen= er">https://github.com/n8n-io/n8n/commit/936c06cfc1ad269a89e8ef7f8ac79c1044= 36d54b</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">n8n-io--n8n</td>
<td>n8n is an open source workflow automation platform. Prior to version 1.= 123.2, a Cross-Site Scripting (XSS) vulnerability has been identified in th=
e handling of webhook responses and related HTTP endpoints. Under certain c= onditions, the Content Security Policy (CSP) sandbox protection intended to=
isolate HTML responses may not be applied correctly. An authenticated user=
with permission to create or modify workflows could abuse this to execute = malicious scripts with same-origin privileges when other users interact wit=
h the crafted workflow. This could lead to session hijacking and account ta= keover. This issue has been patched in version 1.123.2.</td> <td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25051" target=3D= "_blank" rel=3D"noopener">CVE-2026-25051</a></td>

<a href=3D"https://github.com/n8n-io/n8n/security/advisories/GHSA-825q-w924= -xhgx" target=3D"_blank" rel=3D"noopener">https://github.com/n8n-io/n8n/sec= urity/advisories/GHSA-825q-w924-xhgx</a> <a href=3D"https://github.com/n= 8n-io/n8n/commit/ced34c0f93ab4c759a56065965986094d8ef7323" target=3D"_blank=
" rel=3D"noopener">https://github.com/n8n-io/n8n/commit/ced34c0f93ab4c759a5= 6065965986094d8ef7323</a> <a href=3D"https://github.com/n8n-io/n8n/commi= t/e8cf4d6bb3af94dc296cbb67bc3dd20e9b508ac9" target=3D"_blank" rel=3D"noopen= er">https://github.com/n8n-io/n8n/commit/e8cf4d6bb3af94dc296cbb67bc3dd20e9b= 508ac9</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">n8n-io--n8n</td>
<td>n8n is an open source workflow automation platform. Prior to versions 1= .123.18 and 2.5.0, a vulnerability in the file access controls allows authe= nticated users with permission to create or modify workflows to read sensit= ive files from the n8n host system. This can be exploited to obtain critica=
l configuration data and user credentials, leading to complete account take= over of any user on the instance. This issue has been patched in versions 1= .123.18 and 2.5.0.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25052" target=3D= "_blank" rel=3D"noopener">CVE-2026-25052</a></td>

<a href=3D"https://github.com/n8n-io/n8n/security/advisories/GHSA-gfvg-qv54= -r4pc" target=3D"_blank" rel=3D"noopener">https://github.com/n8n-io/n8n/sec= urity/advisories/GHSA-gfvg-qv54-r4pc</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">n8n-io--n8n</td>
<td>n8n is an open source workflow automation platform. Prior to versions 1= .123.10 and 2.5.0, vulnerabilities in the Git node allowed authenticated us= ers with permission to create or modify workflows to execute arbitrary syst=
em commands or read arbitrary files on the n8n host. This issue has been pa= tched in versions 1.123.10 and 2.5.0.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25053" target=3D= "_blank" rel=3D"noopener">CVE-2026-25053</a></td>

<a href=3D"https://github.com/n8n-io/n8n/security/advisories/GHSA-9g95-qf3f= -ggrw" target=3D"_blank" rel=3D"noopener">https://github.com/n8n-io/n8n/sec= urity/advisories/GHSA-9g95-qf3f-ggrw</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">n8n-io--n8n</td>
<td>n8n is an open source workflow automation platform. Prior to versions 1= .123.9 and 2.2.1, a Cross-Site Scripting (XSS) vulnerability existed in a m= arkdown rendering component used in n8n's interface, including workflow sti= cky notes and other areas that support markdown content. An authenticated u= ser with permission to create or modify workflows could abuse this to execu=
te scripts with same-origin privileges when other users interact with a mal= iciously crafted workflow. This could lead to session hijacking and account=
takeover. This issue has been patched in versions 1.123.9 and 2.2.1.</td> <td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25054" target=3D= "_blank" rel=3D"noopener">CVE-2026-25054</a></td>

<a href=3D"https://github.com/n8n-io/n8n/security/advisories/GHSA-qpq4-pw7f= -pp8w" target=3D"_blank" rel=3D"noopener">https://github.com/n8n-io/n8n/sec= urity/advisories/GHSA-qpq4-pw7f-pp8w</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">n8n-io--n8n</td>
<td>n8n is an open source workflow automation platform. Prior to versions 1= .123.12 and 2.4.0, when workflows process uploaded files and transfer them =
to remote servers via the SSH node without validating their metadata the vu= lnerability can lead to files being written to unintended locations on thos=
e remote systems potentially leading to remote code execution on those syst= ems. As a prerequisites an unauthenticated attacker needs knowledge of such=
workflows existing and the endpoints for file uploads need to be unauthent= icated. This issue has been patched in versions 1.123.12 and 2.4.0.</td> <td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25055" target=3D= "_blank" rel=3D"noopener">CVE-2026-25055</a></td>

<a href=3D"https://github.com/n8n-io/n8n/security/advisories/GHSA-m82q-59gv= -mcr9" target=3D"_blank" rel=3D"noopener">https://github.com/n8n-io/n8n/sec= urity/advisories/GHSA-m82q-59gv-mcr9</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">n8n-io--n8n</td>
<td>n8n is an open source workflow automation platform. Prior to versions 1= .118.0 and 2.4.0, a vulnerability in the Merge node's SQL Query mode allowe=
d authenticated users with permission to create or modify workflows to writ=
e arbitrary files to the n8n server's filesystem potentially leading to rem= ote code execution. This issue has been patched in versions 1.118.0 and 2.4= .0.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25056" target=3D= "_blank" rel=3D"noopener">CVE-2026-25056</a></td>

<a href=3D"https://github.com/n8n-io/n8n/security/advisories/GHSA-hv53-3329= -vmrm" target=3D"_blank" rel=3D"noopener">https://github.com/n8n-io/n8n/sec= urity/advisories/GHSA-hv53-3329-vmrm</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">n8n-io--n8n</td>
<td>n8n is an open source workflow automation platform. Prior to version 2.= 4.8, a vulnerability in the Python Code node allows authenticated users to = break out of the Python sandbox environment and execute code outside the in= tended security boundary. This issue has been patched in version 2.4.8.</td=

<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25115" target=3D= "_blank" rel=3D"noopener">CVE-2026-25115</a></td>

<a href=3D"https://github.com/n8n-io/n8n/security/advisories/GHSA-8398-gmmx= -564h" target=3D"_blank" rel=3D"noopener">https://github.com/n8n-io/n8n/sec= urity/advisories/GHSA-8398-gmmx-564h</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Intermesh--groupoffice</td>
<td>Group-Office is an enterprise customer relationship management and grou= pware tool. Prior to 6.8.150, 25.0.82, and 26.0.5, the MaintenanceControlle=
r exposes an action zipLanguage which takes a lang parameter and passes it = directly to a system zip command via exec(). This can be combined with uplo= ading a crafted zip file to achieve remote code execution. This vulnerabili=
ty is fixed in 6.8.150, 25.0.82, and 26.0.5.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25134" target=3D= "_blank" rel=3D"noopener">CVE-2026-25134</a></td>

<a href=3D"https://github.com/Intermesh/groupoffice/security/advisories/GHS= A-v39j-549w-8849" target=3D"_blank" rel=3D"noopener">https://github.com/Int= ermesh/groupoffice/security/advisories/GHSA-v39j-549w-8849</a> <a href= =3D"https://github.com/Intermesh/groupoffice/commit/d28490a6a29936db7888aa8= 41ab8ade88800540b" target=3D"_blank" rel=3D"noopener">https://github.com/In= termesh/groupoffice/commit/d28490a6a29936db7888aa841ab8ade88800540b</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">RIOT-OS--RIOT</td>
<td>RIOT is an open-source microcontroller operating system, designed to ma= tch the requirements of Internet of Things (IoT) devices and other embedded=
devices. In version 2025.10 and prior, multiple out-of-bounds read allow a=
ny unauthenticated user, with ability to send or manipulate input packets, =
to read adjacent memory locations, or crash a vulnerable device running the=
6LoWPAN stack. The received packet is cast into a sixlowpan_sfr_rfrag_t st= ruct and dereferenced without validating the packet is large enough to cont= ain the struct object. At time of publication, no known patch exists.</td> <td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25139" target=3D= "_blank" rel=3D"noopener">CVE-2026-25139</a></td>

<a href=3D"https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-c8fh-23= qr-97mc" target=3D"_blank" rel=3D"noopener">https://github.com/RIOT-OS/RIOT= /security/advisories/GHSA-c8fh-23qr-97mc</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">QwikDev--qwik</td>
<td>Qwik is a performance focused javascript framework. Prior to version 1.= 19.0, a Cross-Site Scripting vulnerability in Qwik.js' server-side renderin=
g virtual attribute serialization allows a remote attacker to inject arbitr= ary web scripts into server-rendered pages via virtual attributes. Successf=
ul exploitation permits script execution in a victim's browser in the conte=
xt of the affected origin. This issue has been patched in version 1.19.0.</=

<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25148" target=3D= "_blank" rel=3D"noopener">CVE-2026-25148</a></td>

<a href=3D"https://github.com/QwikDev/qwik/security/advisories/GHSA-m6jq-g7= gq-5w3c" target=3D"_blank" rel=3D"noopener">https://github.com/QwikDev/qwik= /security/advisories/GHSA-m6jq-g7gq-5w3c</a> <a href=3D"https://github.c= om/QwikDev/qwik/commit/fe2d9232c0bcec99411d51a00dae29295871d094" target=3D"= _blank" rel=3D"noopener">https://github.com/QwikDev/qwik/commit/fe2d9232c0b= cec99411d51a00dae29295871d094</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">QwikDev--qwik</td>
<td>Qwik is a performance focused javascript framework. Prior to version 1.= 19.0, an Open Redirect vulnerability in Qwik City's default request handler=
middleware allows a remote attacker to redirect users to arbitrary protoco= l-relative URLs. Successful exploitation permits attackers to craft convinc= ing phishing links that appear to originate from the trusted domain but red= irect the victim to an attacker-controlled site. This issue has been patche=
d in version 1.19.0.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25149" target=3D= "_blank" rel=3D"noopener">CVE-2026-25149</a></td>

<a href=3D"https://github.com/QwikDev/qwik/security/advisories/GHSA-92j7-wg= mg-f32m" target=3D"_blank" rel=3D"noopener">https://github.com/QwikDev/qwik= /security/advisories/GHSA-92j7-wgmg-f32m</a> <a href=3D"https://github.c= om/QwikDev/qwik/commit/9959eab30a3ad9cc03689eaa080fcfbc33df71ed" target=3D"= _blank" rel=3D"noopener">https://github.com/QwikDev/qwik/commit/9959eab30a3= ad9cc03689eaa080fcfbc33df71ed</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">web2py--web2py</td>
<td>web2py versions 2.27.1-stable+timestamp.2023.11.16.08.03.57 and prior c= ontain an open redirect vulnerability. If this vulnerability is exploited, = the user may be redirected to an arbitrary website when accessing a special=
ly crafted URL. As a result, the user may become a victim of a phishing att= ack.</td>
<td>2026-02-05</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25198" target=3D= "_blank" rel=3D"noopener">CVE-2026-25198</a></td>

<a href=3D"https://github.com/web2py/web2py/commit/b4e1ddbd6d40fb30863f6263= a67bcdf411a0c6df" target=3D"_blank" rel=3D"noopener">https://github.com/web= 2py/web2py/commit/b4e1ddbd6d40fb30863f6263a67bcdf411a0c6df</a> <a href= =3D"https://github.com/web2py/web2py/releases" target=3D"_blank" rel=3D"noo= pener">https://github.com/web2py/web2py/releases</a> <a href=3D"https://= web2py.com/" target=3D"_blank" rel=3D"noopener">https://web2py.com/</a> =
<a href=3D"https://jvn.jp/en/jp/JVN46925341/" target=3D"_blank" rel=3D"noop= ener">https://jvn.jp/en/jp/JVN46925341/</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">polarnl--PolarLearn</td>
<td>PolarLearn is a free and open-source learning program. In 0-PRERELEASE-=
15 and earlier, the OAuth 2.0 implementation for GitHub and Google login pr= oviders is vulnerable to Login Cross-Site Request Forgery (CSRF). The appli= cation fails to implement and verify the state parameter during the authent= ication flow. This allows an attacker to pre-authenticate a session and tri=
ck a victim into logging into the attacker's account. Any data the victim t= hen enters or academic progress they make is stored on the attacker's accou= nt, leading to data loss for the victim and information disclosure to the a= ttacker.</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25221" target=3D= "_blank" rel=3D"noopener">CVE-2026-25221</a></td>

<a href=3D"https://github.com/polarnl/PolarLearn/security/advisories/GHSA-f= hhm-574m-7rpw" target=3D"_blank" rel=3D"noopener">https://github.com/polarn= l/PolarLearn/security/advisories/GHSA-fhhm-574m-7rpw</a> <a href=3D"http= s://github.com/polarnl/PolarLearn/commit/44669bbb5b647c7625f22dd82f3121c7d7= bfbe19" target=3D"_blank" rel=3D"noopener">https://github.com/polarnl/Polar= Learn/commit/44669bbb5b647c7625f22dd82f3121c7d7bfbe19</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">polarnl--PolarLearn</td>
<td>PolarLearn is a free and open-source learning program. In 0-PRERELEASE-=
15 and earlier, a timing attack vulnerability in the sign-in process allows=
unauthenticated attackers to determine if a specific email address is regi= stered on the platform. By measuring the response time of the login endpoin=
t, an attacker can distinguish between valid and invalid email addresses. T= his occurs because the server only performs the computationally expensive A= rgon2 password hashing if the user exists in the database. Requests for exi= sting users take significantly longer (~650ms) than requests for non-existe=
nt users (~160ms).</td>
<td>2026-02-02</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25222" target=3D= "_blank" rel=3D"noopener">CVE-2026-25222</a></td>

<a href=3D"https://github.com/polarnl/PolarLearn/security/advisories/GHSA-w= cr9-mvr9-4qh5" target=3D"_blank" rel=3D"noopener">https://github.com/polarn= l/PolarLearn/security/advisories/GHSA-wcr9-mvr9-4qh5</a> <a href=3D"http= s://github.com/polarnl/PolarLearn/commit/6c276855172c7310cce0df996cb47ffe0d= 886741" target=3D"_blank" rel=3D"noopener">https://github.com/polarnl/Polar= Learn/commit/6c276855172c7310cce0df996cb47ffe0d886741</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">pear--pearweb</td>
<td>PEAR is a framework and distribution system for reusable PHP components=
. Prior to version 1.33.0, logic bug in the roadmap role check allows non-l= ead maintainers to create, update, or delete roadmaps. This issue has been = patched in version 1.33.0.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25233" target=3D= "_blank" rel=3D"noopener">CVE-2026-25233</a></td>

<a href=3D"https://github.com/pear/pearweb/security/advisories/GHSA-p92v-9j= 73-fxx3" target=3D"_blank" rel=3D"noopener">https://github.com/pear/pearweb= /security/advisories/GHSA-p92v-9j73-fxx3</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">pear--pearweb</td>
<td>PEAR is a framework and distribution system for reusable PHP components=
. Prior to version 1.33.0, a SQL injection vulnerability in category deleti=
on can allow an attacker with access to the category manager workflow to in= ject SQL via a category id. This issue has been patched in version 1.33.0.<=

<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25234" target=3D= "_blank" rel=3D"noopener">CVE-2026-25234</a></td>

<a href=3D"https://github.com/pear/pearweb/security/advisories/GHSA-q28j-3p= 7r-6722" target=3D"_blank" rel=3D"noopener">https://github.com/pear/pearweb= /security/advisories/GHSA-q28j-3p7r-6722</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">pear--pearweb</td>
<td>PEAR is a framework and distribution system for reusable PHP components=
. Prior to version 1.33.0, predictable verification hashes may allow attack= ers to guess verification tokens and potentially verify election account re= quests without authorization. This issue has been patched in version 1.33.0= .</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25235" target=3D= "_blank" rel=3D"noopener">CVE-2026-25235</a></td>

<a href=3D"https://github.com/pear/pearweb/security/advisories/GHSA-477r-4c= mw-3cgf" target=3D"_blank" rel=3D"noopener">https://github.com/pear/pearweb= /security/advisories/GHSA-477r-4cmw-3cgf</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">pear--pearweb</td>
<td>PEAR is a framework and distribution system for reusable PHP components=
. Prior to version 1.33.0, a SQL injection risk exists in karma queries due=
to unsafe literal substitution for an IN (...) list. This issue has been p= atched in version 1.33.0.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25236" target=3D= "_blank" rel=3D"noopener">CVE-2026-25236</a></td>

<a href=3D"https://github.com/pear/pearweb/security/advisories/GHSA-95mc-p9= 66-c29f" target=3D"_blank" rel=3D"noopener">https://github.com/pear/pearweb= /security/advisories/GHSA-95mc-p966-c29f</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">pear--pearweb</td>
<td>PEAR is a framework and distribution system for reusable PHP components=
. Prior to version 1.33.0, use of preg_replace() with the /e modifier in bu=
g update email handling can enable PHP code execution if attacker-controlle=
d content reaches the evaluated replacement. This issue has been patched in=
version 1.33.0.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25237" target=3D= "_blank" rel=3D"noopener">CVE-2026-25237</a></td>

<a href=3D"https://github.com/pear/pearweb/security/advisories/GHSA-vhw6-hq= h9-8r23" target=3D"_blank" rel=3D"noopener">https://github.com/pear/pearweb= /security/advisories/GHSA-vhw6-hqh9-8r23</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">pear--pearweb</td>
<td>PEAR is a framework and distribution system for reusable PHP components=
. Prior to version 1.33.0, a SQL injection vulnerability in bug subscriptio=
n deletion may allow attackers to inject SQL via a crafted email value. Thi=
s issue has been patched in version 1.33.0.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25238" target=3D= "_blank" rel=3D"noopener">CVE-2026-25238</a></td>

<a href=3D"https://github.com/pear/pearweb/security/advisories/GHSA-cv3c-27= h5-7gmv" target=3D"_blank" rel=3D"noopener">https://github.com/pear/pearweb= /security/advisories/GHSA-cv3c-27h5-7gmv</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">pear--pearweb</td>
<td>PEAR is a framework and distribution system for reusable PHP components=
. Prior to version 1.33.0, a SQL injection vulnerability in apidoc queue in= sertion can allow query manipulation if an attacker can influence the inser= ted filename value. This issue has been patched in version 1.33.0.</td> <td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25239" target=3D= "_blank" rel=3D"noopener">CVE-2026-25239</a></td>

<a href=3D"https://github.com/pear/pearweb/security/advisories/GHSA-f9mg-x4= 63-3vxg" target=3D"_blank" rel=3D"noopener">https://github.com/pear/pearweb= /security/advisories/GHSA-f9mg-x463-3vxg</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">pear--pearweb</td>
<td>PEAR is a framework and distribution system for reusable PHP components=
. Prior to version 1.33.0, a SQL injection vulnerability can occur in user:= :maintains() when role filters are provided as an array and interpolated in=
to an IN (...) clause. This issue has been patched in version 1.33.0.</td> <td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25240" target=3D= "_blank" rel=3D"noopener">CVE-2026-25240</a></td>

<a href=3D"https://github.com/pear/pearweb/security/advisories/GHSA-xw9g-5g= r2-c44f" target=3D"_blank" rel=3D"noopener">https://github.com/pear/pearweb= /security/advisories/GHSA-xw9g-5gr2-c44f</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">pear--pearweb</td>
<td>PEAR is a framework and distribution system for reusable PHP components=
. Prior to version 1.33.0, an unauthenticated SQL injection in the /get/&lt= ;package>/<version> endpoint allows remote attackers to execute ar= bitrary SQL via a crafted package version. This issue has been patched in v= ersion 1.33.0.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25241" target=3D= "_blank" rel=3D"noopener">CVE-2026-25241</a></td>

<a href=3D"https://github.com/pear/pearweb/security/advisories/GHSA-63fv-vp= q5-gv8p" target=3D"_blank" rel=3D"noopener">https://github.com/pear/pearweb= /security/advisories/GHSA-63fv-vpq5-gv8p</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">langroid--langroid</td>
<td>Langroid is a framework for building large-language-model-powered appli= cations. Prior to version 0.59.32, there is a bypass to the fix for CVE-202= 5-46724. TableChatAgent can call pandas_eval tool to evaluate the expressio=
n. There is a WAF in langroid/utils/pandas_utils.py introduced to block cod=
e injection CVE-2025-46724. However it can be bypassed due to _literal_ok()=
returning False instead of raising UnsafeCommandError on invalid input, co= mbined with unrestricted access to dangerous dunder attributes (__init__, _= _globals__, __builtins__). This allows chaining whitelisted DataFrame metho=
ds to leak the eval builtin and execute arbitrary code. This issue has been=
patched in version 0.59.32.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25481" target=3D= "_blank" rel=3D"noopener">CVE-2026-25481</a></td>

<a href=3D"https://github.com/langroid/langroid/security/advisories/GHSA-x3= 4r-63hx-w57f" target=3D"_blank" rel=3D"noopener">https://github.com/langroi= d/langroid/security/advisories/GHSA-x34r-63hx-w57f</a> <a href=3D"https:= //github.com/langroid/langroid/security/advisories/GHSA-jqq5-wc57-f8hj" tar= get=3D"_blank" rel=3D"noopener">https://github.com/langroid/langroid/securi= ty/advisories/GHSA-jqq5-wc57-f8hj</a> <a href=3D"https://github.com/lang= roid/langroid/commit/30abbc1a854dee22fbd2f8b2f575dfdabdb603ea" target=3D"_b= lank" rel=3D"noopener">https://github.com/langroid/langroid/commit/30abbc1a= 854dee22fbd2f8b2f575dfdabdb603ea</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">craftcms--commerce</td>
<td>Craft Commerce is an ecommerce platform for Craft CMS. In versions from=
4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored DOM XSS vulnerabilit=
y exists in the "Recent Orders" dashboard widget. The Order Status Name is = rendered via JavaScript string concatenation without proper escaping, allow= ing script execution when any admin visits the dashboard. This issue has be=
en patched in versions 4.10.1 and 5.5.2.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25482" target=3D= "_blank" rel=3D"noopener">CVE-2026-25482</a></td>

<a href=3D"https://github.com/craftcms/commerce/security/advisories/GHSA-fr= j9-9rwc-pw9j" target=3D"_blank" rel=3D"noopener">https://github.com/craftcm= s/commerce/security/advisories/GHSA-frj9-9rwc-pw9j</a> <a href=3D"https:= //github.com/craftcms/commerce/commit/d94d1c9832a47a1c383e375ae87c46c13935b= a65" target=3D"_blank" rel=3D"noopener">https://github.com/craftcms/commerc= e/commit/d94d1c9832a47a1c383e375ae87c46c13935ba65</a> <a href=3D"https:/= /github.com/craftcms/commerce/releases/tag/4.10.1" target=3D"_blank" rel=3D= "noopener">https://github.com/craftcms/commerce/releases/tag/4.10.1</a> =
<a href=3D"https://github.com/craftcms/commerce/releases/tag/5.5.2" target= =3D"_blank" rel=3D"noopener">https://github.com/craftcms/commerce/releases/= tag/5.5.2</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">craftcms--commerce</td>
<td>Craft Commerce is an ecommerce platform for Craft CMS. In versions from=
4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability ex= ists in Craft Commerce's Order Status History Message. The message is rende= red using the |md filter, which permits raw HTML, enabling malicious script=
execution. If a user has database backup utility permissions (which do not=
require an elevated session), an attacker can exfiltrate the entire databa= se, including all user credentials, customer PII, order history, and 2FA re= covery codes. This issue has been patched in versions 4.10.1 and 5.5.2.</td=

<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25483" target=3D= "_blank" rel=3D"noopener">CVE-2026-25483</a></td>

<a href=3D"https://github.com/craftcms/commerce/security/advisories/GHSA-84= 78-rmjg-mjj5" target=3D"_blank" rel=3D"noopener">https://github.com/craftcm= s/commerce/security/advisories/GHSA-8478-rmjg-mjj5</a> <a href=3D"https:= //github.com/craftcms/commerce/commit/4665a47c0961aee311a42af2ff94a7c470f0a= d8c" target=3D"_blank" rel=3D"noopener">https://github.com/craftcms/commerc= e/commit/4665a47c0961aee311a42af2ff94a7c470f0ad8c</a> <a href=3D"https:/= /github.com/craftcms/commerce/releases/tag/4.10.1" target=3D"_blank" rel=3D= "noopener">https://github.com/craftcms/commerce/releases/tag/4.10.1</a> =
<a href=3D"https://github.com/craftcms/commerce/releases/tag/5.5.2" target= =3D"_blank" rel=3D"noopener">https://github.com/craftcms/commerce/releases/= tag/5.5.2</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">craftcms--commerce</td>
<td>Craft Commerce is an ecommerce platform for Craft CMS. In versions from=
4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, there is a Stored XSS via Pro= duct Type names. The name is not sanitized when displayed in user permissio=
ns settings. The vulnerable input (source) is in Commerce (Product Type set= tings), but the sink is in CMS user permissions settings. This issue has be=
en patched in versions 4.10.1 and 5.5.2.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25484" target=3D= "_blank" rel=3D"noopener">CVE-2026-25484</a></td>

<a href=3D"https://github.com/craftcms/commerce/security/advisories/GHSA-2h= 2m-v2mg-656c" target=3D"_blank" rel=3D"noopener">https://github.com/craftcm= s/commerce/security/advisories/GHSA-2h2m-v2mg-656c</a> <a href=3D"https:= //github.com/craftcms/commerce/commit/7e1dedf06038c8e70dce0187b7048d4ab8ffb= 75c" target=3D"_blank" rel=3D"noopener">https://github.com/craftcms/commerc= e/commit/7e1dedf06038c8e70dce0187b7048d4ab8ffb75c</a> <a href=3D"https:/= /github.com/craftcms/commerce/releases/tag/4.10.1" target=3D"_blank" rel=3D= "noopener">https://github.com/craftcms/commerce/releases/tag/4.10.1</a> =
<a href=3D"https://github.com/craftcms/commerce/releases/tag/5.5.2" target= =3D"_blank" rel=3D"noopener">https://github.com/craftcms/commerce/releases/= tag/5.5.2</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">craftcms--commerce</td>
<td>Craft Commerce is an ecommerce platform for Craft CMS. In versions from=
4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in=
Craft Commerce allows attackers to execute malicious JavaScript in an admi= nistrator's browser. This occurs because the Shipping Categories (Name &amp=
; Description) fields in the Store Management section are not properly sani= tized before being displayed in the admin panel. This issue has been patche=
d in versions 4.10.1 and 5.5.2.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25485" target=3D= "_blank" rel=3D"noopener">CVE-2026-25485</a></td>

<a href=3D"https://github.com/craftcms/commerce/security/advisories/GHSA-w8= gw-qm8p-j9j3" target=3D"_blank" rel=3D"noopener">https://github.com/craftcm= s/commerce/security/advisories/GHSA-w8gw-qm8p-j9j3</a> <a href=3D"https:= //github.com/craftcms/commerce/commit/fa273330807807d05b564d37c88654cd77283= 9ee" target=3D"_blank" rel=3D"noopener">https://github.com/craftcms/commerc= e/commit/fa273330807807d05b564d37c88654cd772839ee</a> <a href=3D"https:/= /github.com/craftcms/commerce/releases/tag/4.10.1" target=3D"_blank" rel=3D= "noopener">https://github.com/craftcms/commerce/releases/tag/4.10.1</a> =
<a href=3D"https://github.com/craftcms/commerce/releases/tag/5.5.2" target= =3D"_blank" rel=3D"noopener">https://github.com/craftcms/commerce/releases/= tag/5.5.2</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">craftcms--commerce</td>
<td>Craft Commerce is an ecommerce platform for Craft CMS. From version 5.0=
.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers =
to execute malicious JavaScript in an administrator's browser. This occurs = because the Shipping Methods Name field in the Store Management section is = not properly sanitized before being displayed in the admin panel. This issu=
e has been patched in version 5.5.2.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25486" target=3D= "_blank" rel=3D"noopener">CVE-2026-25486</a></td>

<a href=3D"https://github.com/craftcms/commerce/security/advisories/GHSA-g9= 2v-wpv7-6w22" target=3D"_blank" rel=3D"noopener">https://github.com/craftcm= s/commerce/security/advisories/GHSA-g92v-wpv7-6w22</a> <a href=3D"https:= //github.com/craftcms/commerce/commit/fa273330807807d05b564d37c88654cd77283= 9ee" target=3D"_blank" rel=3D"noopener">https://github.com/craftcms/commerc= e/commit/fa273330807807d05b564d37c88654cd772839ee</a> <a href=3D"https:/= /github.com/craftcms/commerce/releases/tag/5.5.2" target=3D"_blank" rel=3D"= noopener">https://github.com/craftcms/commerce/releases/tag/5.5.2</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">craftcms--commerce</td>
<td>Craft Commerce is an ecommerce platform for Craft CMS. In versions from=
4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in=
Craft Commerce allows attackers to execute malicious JavaScript in an admi= nistrator's browser. This occurs because the Tax Rates 'Name' field in the = Store Management section is not properly sanitized before being displayed i=
n the admin panel. This issue has been patched in versions 4.10.1 and 5.5.2= .</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25487" target=3D= "_blank" rel=3D"noopener">CVE-2026-25487</a></td>

<a href=3D"https://github.com/craftcms/commerce/security/advisories/GHSA-wq= c5-485v-3hqh" target=3D"_blank" rel=3D"noopener">https://github.com/craftcm= s/commerce/security/advisories/GHSA-wqc5-485v-3hqh</a> <a href=3D"https:= //github.com/craftcms/commerce/commit/fa273330807807d05b564d37c88654cd77283= 9ee" target=3D"_blank" rel=3D"noopener">https://github.com/craftcms/commerc= e/commit/fa273330807807d05b564d37c88654cd772839ee</a> <a href=3D"https:/= /github.com/craftcms/commerce/releases/tag/4.10.1" target=3D"_blank" rel=3D= "noopener">https://github.com/craftcms/commerce/releases/tag/4.10.1</a> =
<a href=3D"https://github.com/craftcms/commerce/releases/tag/5.5.2" target= =3D"_blank" rel=3D"noopener">https://github.com/craftcms/commerce/releases/= tag/5.5.2</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">craftcms--commerce</td>
<td>Craft Commerce is an ecommerce platform for Craft CMS. In versions from=
4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in=
Craft Commerce allows attackers to execute malicious JavaScript in an admi= nistrator's browser. This occurs because the Tax Categories (Name & Des= cription) fields in the Store Management section are not properly sanitized=
before being displayed in the admin panel. This issue has been patched in = versions 4.10.1 and 5.5.2.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25488" target=3D= "_blank" rel=3D"noopener">CVE-2026-25488</a></td>

<a href=3D"https://github.com/craftcms/commerce/security/advisories/GHSA-p6= w8-q63m-72c8" target=3D"_blank" rel=3D"noopener">https://github.com/craftcm= s/commerce/security/advisories/GHSA-p6w8-q63m-72c8</a> <a href=3D"https:= //github.com/craftcms/commerce/commit/fa273330807807d05b564d37c88654cd77283= 9ee" target=3D"_blank" rel=3D"noopener">https://github.com/craftcms/commerc= e/commit/fa273330807807d05b564d37c88654cd772839ee</a> <a href=3D"https:/= /github.com/craftcms/commerce/releases/tag/4.10.1" target=3D"_blank" rel=3D= "noopener">https://github.com/craftcms/commerce/releases/tag/4.10.1</a> =
<a href=3D"https://github.com/craftcms/commerce/releases/tag/5.5.2" target= =3D"_blank" rel=3D"noopener">https://github.com/craftcms/commerce/releases/= tag/5.5.2</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">craftcms--commerce</td>
<td>Craft Commerce is an ecommerce platform for Craft CMS. In versions from=
4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in=
Craft Commerce allows attackers to execute malicious JavaScript in an admi= nistrator's browser. This occurs because the Name & Description fields =
in Tax Zones are not properly sanitized before being displayed in the admin=
panel. This issue has been patched in versions 4.10.1 and 5.5.2.</td> <td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25489" target=3D= "_blank" rel=3D"noopener">CVE-2026-25489</a></td>

<a href=3D"https://github.com/craftcms/commerce/security/advisories/GHSA-v5= 85-mf6r-rqrc" target=3D"_blank" rel=3D"noopener">https://github.com/craftcm= s/commerce/security/advisories/GHSA-v585-mf6r-rqrc</a> <a href=3D"https:= //github.com/craftcms/commerce/commit/fa273330807807d05b564d37c88654cd77283= 9ee" target=3D"_blank" rel=3D"noopener">https://github.com/craftcms/commerc= e/commit/fa273330807807d05b564d37c88654cd772839ee</a> <a href=3D"https:/= /github.com/craftcms/commerce/releases/tag/4.10.1" target=3D"_blank" rel=3D= "noopener">https://github.com/craftcms/commerce/releases/tag/4.10.1</a> =
<a href=3D"https://github.com/craftcms/commerce/releases/tag/5.5.2" target= =3D"_blank" rel=3D"noopener">https://github.com/craftcms/commerce/releases/= tag/5.5.2</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">craftcms--commerce</td>
<td>Craft Commerce is an ecommerce platform for Craft CMS. In versions from=
4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in=
Craft Commerce allows attackers to execute malicious JavaScript in an admi= nistrator's browser. This occurs because the 'Address Line 1' field in Inve= ntory Locations is not properly sanitized before being displayed in the adm=
in panel. This issue has been patched in versions 4.10.1 and 5.5.2.</td> <td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25490" target=3D= "_blank" rel=3D"noopener">CVE-2026-25490</a></td>

<a href=3D"https://github.com/craftcms/commerce/security/advisories/GHSA-wq= 2m-r96q-crrf" target=3D"_blank" rel=3D"noopener">https://github.com/craftcm= s/commerce/security/advisories/GHSA-wq2m-r96q-crrf</a> <a href=3D"https:= //github.com/craftcms/commerce/commit/fa273330807807d05b564d37c88654cd77283= 9ee" target=3D"_blank" rel=3D"noopener">https://github.com/craftcms/commerc= e/commit/fa273330807807d05b564d37c88654cd772839ee</a> <a href=3D"https:/= /github.com/craftcms/commerce/releases/tag/4.10.1" target=3D"_blank" rel=3D= "noopener">https://github.com/craftcms/commerce/releases/tag/4.10.1</a> =
<a href=3D"https://github.com/craftcms/commerce/releases/tag/5.5.2" target= =3D"_blank" rel=3D"noopener">https://github.com/craftcms/commerce/releases/= tag/5.5.2</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">bpg--terraform-provider-proxmox</td>
<td>Terraform / OpenTofu Provider adds support for Proxmox Virtual Environm= ent. Prior to version 0.93.1, in the SSH configuration documentation, the s= udoer line suggested is insecure and can result in escaping the folder usin=
g ../, allowing any files on the system to be edited. This issue has been p= atched in version 0.93.1.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25499" target=3D= "_blank" rel=3D"noopener">CVE-2026-25499</a></td>

<a href=3D"https://github.com/bpg/terraform-provider-proxmox/security/advis= ories/GHSA-gwch-7m8v-7544" target=3D"_blank" rel=3D"noopener">https://githu= b.com/bpg/terraform-provider-proxmox/security/advisories/GHSA-gwch-7m8v-754= 4</a> <a href=3D"https://github.com/bpg/terraform-provider-proxmox/commi= t/bd604c41a31e2a55dd6acc01b0608be3ea49c023" target=3D"_blank" rel=3D"noopen= er">https://github.com/bpg/terraform-provider-proxmox/commit/bd604c41a31e2a= 55dd6acc01b0608be3ea49c023</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Intermesh--groupoffice</td>
<td>Group-Office is an enterprise customer relationship management and grou= pware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, an authenticate=
d user within the System Administrator group can trigger a full SSRF via th=
e WOPI service discovery URL, including access to internal hosts/ports. The=
SSRF response body can be exfiltrated via the built=E2=80=91in debug syste=
m, turning it into a visible SSRF. This also allows full server-side file r= ead. This issue has been patched in versions 6.8.150, 25.0.82, and 26.0.5.<=

<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25511" target=3D= "_blank" rel=3D"noopener">CVE-2026-25511</a></td>

<a href=3D"https://github.com/Intermesh/groupoffice/security/advisories/GHS= A-r9v4-jm2r-r9pm" target=3D"_blank" rel=3D"noopener">https://github.com/Int= ermesh/groupoffice/security/advisories/GHSA-r9v4-jm2r-r9pm</a> <a href= =3D"https://github.com/Intermesh/groupoffice/commit/5ac199dce758e1ce0d1cdb6= 905df5da3c2af42b3" target=3D"_blank" rel=3D"noopener">https://github.com/In= termesh/groupoffice/commit/5ac199dce758e1ce0d1cdb6905df5da3c2af42b3</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">Intermesh--groupoffice</td>
<td>Group-Office is an enterprise customer relationship management and grou= pware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, there is a remo=
te code execution (RCE) vulnerability in Group-Office. The endpoint email/m= essage/tnefAttachmentFromTempFile directly concatenates the user-controlled=
parameter tmp_file into an exec() call. By injecting shell metacharacters = into tmp_file, an authenticated attacker can execute arbitrary system comma= nds on the server. This issue has been patched in versions 6.8.150, 25.0.82=
, and 26.0.5.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25512" target=3D= "_blank" rel=3D"noopener">CVE-2026-25512</a></td>

<a href=3D"https://github.com/Intermesh/groupoffice/security/advisories/GHS= A-579w-jvg7-frr4" target=3D"_blank" rel=3D"noopener">https://github.com/Int= ermesh/groupoffice/security/advisories/GHSA-579w-jvg7-frr4</a> <a href= =3D"http://github.com/Intermesh/groupoffice/commit/6c612deca97a6cd2a1bd4fee= a0ce7e8e9d907792" target=3D"_blank" rel=3D"noopener">http://github.com/Inte= rmesh/groupoffice/commit/6c612deca97a6cd2a1bd4feea0ce7e8e9d907792</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">NeoRazorX--facturascripts</td>
<td>FacturaScripts is open-source enterprise resource planning and accounti=
ng software. Prior to version 2025.81, FacturaScripts contains a critical S=
QL injection vulnerability in the REST API that allows authenticated API us= ers to execute arbitrary SQL queries through the sort parameter. The vulner= ability exists in the ModelClass::getOrderBy() method where user-supplied s= orting parameters are directly concatenated into the SQL ORDER BY clause wi= thout validation or sanitization. This affects all API endpoints that suppo=
rt sorting functionality. This issue has been patched in version 2025.81.</=

<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25513" target=3D= "_blank" rel=3D"noopener">CVE-2026-25513</a></td>

<a href=3D"https://github.com/NeoRazorX/facturascripts/security/advisories/= GHSA-cjfx-qhwm-hf99" target=3D"_blank" rel=3D"noopener">https://github.com/= NeoRazorX/facturascripts/security/advisories/GHSA-cjfx-qhwm-hf99</a> <a = href=3D"https://github.com/NeoRazorX/facturascripts/commit/1b6cdfa9ee1bb336= 5ea4a4ad753452035a027605" target=3D"_blank" rel=3D"noopener">https://github= .com/NeoRazorX/facturascripts/commit/1b6cdfa9ee1bb3365ea4a4ad753452035a0276= 05</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">NeoRazorX--facturascripts</td>
<td>FacturaScripts is open-source enterprise resource planning and accounti=
ng software. Prior to version 2025.81, FacturaScripts contains a critical S=
QL injection vulnerability in the autocomplete functionality that allows au= thenticated attackers to extract sensitive data from the database including=
user credentials, configuration settings, and all stored business data. Th=
e vulnerability exists in the CodeModel::all() method where user-supplied p= arameters are directly concatenated into SQL queries without sanitization o=
r parameterized binding. This issue has been patched in version 2025.81.</t=

<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25514" target=3D= "_blank" rel=3D"noopener">CVE-2026-25514</a></td>

<a href=3D"https://github.com/NeoRazorX/facturascripts/security/advisories/= GHSA-pqqg-5f4f-8952" target=3D"_blank" rel=3D"noopener">https://github.com/= NeoRazorX/facturascripts/security/advisories/GHSA-pqqg-5f4f-8952</a> <a = href=3D"https://github.com/NeoRazorX/facturascripts/commit/5c070f82665b98ef= d2f914a4769c6dc9415f5b0f" target=3D"_blank" rel=3D"noopener">https://github= .com/NeoRazorX/facturascripts/commit/5c070f82665b98efd2f914a4769c6dc9415f5b= 0f</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">wagtail--wagtail</td>
<td>Wagtail is an open source content management system built on Django. Pr= ior to versions 6.3.6, 7.0.4, 7.1.3, 7.2.2, and 7.3, due to a missing permi= ssion check on the preview endpoints, a user with access to the Wagtail adm=
in and knowledge of a model's fields can craft a form submission to obtain =
a preview rendering of any page, snippet or site setting object for which p= reviews are enabled, consisting of any data of the user's choosing. The exi= sting data of the object itself is not exposed, but depending on the nature=
of the template being rendered, this may expose other database contents th=
at would otherwise only be accessible to users with edit access over the mo= del. The vulnerability is not exploitable by an ordinary site visitor witho=
ut access to the Wagtail admin. This issue has been patched in versions 6.3= .6, 7.0.4, 7.1.3, 7.2.2, and 7.3.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25517" target=3D= "_blank" rel=3D"noopener">CVE-2026-25517</a></td>

<a href=3D"https://github.com/wagtail/wagtail/security/advisories/GHSA-4qvv= -g3vr-m348" target=3D"_blank" rel=3D"noopener">https://github.com/wagtail/w= agtail/security/advisories/GHSA-4qvv-g3vr-m348</a> <a href=3D"https://gi= thub.com/wagtail/wagtail/commit/01fd3477365a193e6a8270311defb76e890d2719" t= arget=3D"_blank" rel=3D"noopener">https://github.com/wagtail/wagtail/commit= /01fd3477365a193e6a8270311defb76e890d2719</a> <a href=3D"https://github.= com/wagtail/wagtail/commit/5f09b6da61e779b0e8499bdbba52bf2f7bd3241f" target= =3D"_blank" rel=3D"noopener">https://github.com/wagtail/wagtail/commit/5f09= b6da61e779b0e8499bdbba52bf2f7bd3241f</a> <a href=3D"https://github.com/w= agtail/wagtail/commit/73f070dbefbd3b39ea6649ce36bd2d2a6eef2190" target=3D"_= blank" rel=3D"noopener">https://github.com/wagtail/wagtail/commit/73f070dbe= fbd3b39ea6649ce36bd2d2a6eef2190</a> <a href=3D"https://github.com/wagtai= l/wagtail/commit/7dfe8de5f8b3f112c73c87b6729197db16454915" target=3D"_blank=
" rel=3D"noopener">https://github.com/wagtail/wagtail/commit/7dfe8de5f8b3f1= 12c73c87b6729197db16454915</a> <a href=3D"https://github.com/wagtail/wag= tail/commit/dd824023a031f1b82a6b6f83a97a5c73391b7c03" target=3D"_blank" rel= =3D"noopener">https://github.com/wagtail/wagtail/commit/dd824023a031f1b82a6= b6f83a97a5c73391b7c03</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">locutusjs--locutus</td>
<td>Locutus brings stdlibs of other programming languages to JavaScript for=
educational purposes. In versions from 2.0.12 to before 2.0.39, a prototyp=
e pollution vulnerability exists in locutus. Despite a previous fix that at= tempted to mitigate prototype pollution by checking whether user input cont= ained a forbidden key, it is still possible to pollute Object.prototype via=
a crafted input using String.prototype. This issue has been patched in ver= sion 2.0.39.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25521" target=3D= "_blank" rel=3D"noopener">CVE-2026-25521</a></td>

<a href=3D"https://github.com/locutusjs/locutus/security/advisories/GHSA-rx= rv-835q-v5mh" target=3D"_blank" rel=3D"noopener">https://github.com/locutus= js/locutus/security/advisories/GHSA-rxrv-835q-v5mh</a> <a href=3D"https:= //github.com/locutusjs/locutus/commit/042af9ca7fde2ff599120783e720a17f335bb= 01c" target=3D"_blank" rel=3D"noopener">https://github.com/locutusjs/locutu= s/commit/042af9ca7fde2ff599120783e720a17f335bb01c</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">craftcms--commerce</td>
<td>Craft Commerce is an ecommerce platform for Craft CMS. In versions from=
4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in=
Craft Commerce allows attackers to execute malicious JavaScript in an admi= nistrator's browser. This occurs because the Shipping Zone (Name & Desc= ription) fields in the Store Management section are not properly sanitized = before being displayed in the admin panel. This issue has been patched in v= ersions 4.10.1 and 5.5.2.</td>
<td>2026-02-03</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25522" target=3D= "_blank" rel=3D"noopener">CVE-2026-25522</a></td>

<a href=3D"https://github.com/craftcms/commerce/security/advisories/GHSA-h9= r9-2pxg-cx9m" target=3D"_blank" rel=3D"noopener">https://github.com/craftcm= s/commerce/security/advisories/GHSA-h9r9-2pxg-cx9m</a> <a href=3D"https:= //github.com/craftcms/commerce/commit/fa273330807807d05b564d37c88654cd77283= 9ee" target=3D"_blank" rel=3D"noopener">https://github.com/craftcms/commerc= e/commit/fa273330807807d05b564d37c88654cd772839ee</a> <a href=3D"https:/= /github.com/craftcms/commerce/releases/tag/4.10.1" target=3D"_blank" rel=3D= "noopener">https://github.com/craftcms/commerce/releases/tag/4.10.1</a> =
<a href=3D"https://github.com/craftcms/commerce/releases/tag/5.5.2" target= =3D"_blank" rel=3D"noopener">https://github.com/craftcms/commerce/releases/= tag/5.5.2</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">agentfront--enclave</td>
<td>Enclave is a secure JavaScript sandbox designed for safe AI agent code = execution. Prior to 2.10.1, the existing layers of security in enclave-vm a=
re insufficient: The AST sanitization can be bypassed with dynamic property=
accesses, the hardening of the error objects does not cover the peculiar b= ehavior or the vm module and the function constructor access prevention can=
be side-stepped by leveraging host object references. This vulnerability i=
s fixed in 2.10.1.</td>
<td>2026-02-06</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25533" target=3D= "_blank" rel=3D"noopener">CVE-2026-25533</a></td>

<a href=3D"https://github.com/agentfront/enclave/security/advisories/GHSA-x= 39w-8vm5-5m3p" target=3D"_blank" rel=3D"noopener">https://github.com/agentf= ront/enclave/security/advisories/GHSA-x39w-8vm5-5m3p</a> <a href=3D"http= s://github.com/agentfront/enclave/commit/2fcf5da81e7e2578ede6f94cae4f379165= 426dca" target=3D"_blank" rel=3D"noopener">https://github.com/agentfront/en= clave/commit/2fcf5da81e7e2578ede6f94cae4f379165426dca</a> <a href=3D"htt= ps://www.staicu.org/publications/usenixSec2023-SandDriller.pdf" target=3D"_= blank" rel=3D"noopener">https://www.staicu.org/publications/usenixSec2023-S= andDriller.pdf</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Keats--jsonwebtoken</td>
<td>jsonwebtoken is a JWT lib in rust. Prior to version 10.3.0, there is a = Type Confusion vulnerability in jsonwebtoken, specifically, in its claim va= lidation logic. When a standard claim (such as nbf or exp) is provided with=
an incorrect JSON type (Like a String instead of a Number), the library's = internal parsing mechanism marks the claim as "FailedToParse". Crucially, t=
he validation logic treats this "FailedToParse" state identically to "NotPr= esent". This means that if a check is enabled (like: validate_nbf =3D true)=
, but the claim is not explicitly marked as required in required_spec_claim=
s, the library will skip the validation check entirely for the malformed cl= aim, treating it as if it were not there. This allows attackers to bypass c= ritical time-based security restrictions (like "Not Before" checks) and com= mit potential authentication and authorization bypasses. This issue has bee=
n patched in version 10.3.0.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25537" target=3D= "_blank" rel=3D"noopener">CVE-2026-25537</a></td>

<a href=3D"https://github.com/Keats/jsonwebtoken/security/advisories/GHSA-h= 395-gr6q-cpjc" target=3D"_blank" rel=3D"noopener">https://github.com/Keats/= jsonwebtoken/security/advisories/GHSA-h395-gr6q-cpjc</a> <a href=3D"http= s://github.com/Keats/jsonwebtoken/commit/abbc3076742c4161347bc6b8bf4aa5eb86= e1dc01" target=3D"_blank" rel=3D"noopener">https://github.com/Keats/jsonweb= token/commit/abbc3076742c4161347bc6b8bf4aa5eb86e1dc01</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">devtron-labs--devtron</td>
<td>Devtron is an open source tool integration platform for Kubernetes. In = version 2.0.0 and prior, a vulnerability exists in Devtron's Attributes API=
interface, allowing any authenticated user (including low-privileged CI/CD=
Developers) to obtain the global API Token signing key by accessing the /o= rchestrator/attributes?key=3DapiTokenSecret endpoint. After obtaining the k= ey, attackers can forge JWT tokens for arbitrary user identities offline, t= hereby gaining complete control over the Devtron platform and laterally mov= ing to the underlying Kubernetes cluster. This issue has been patched via c= ommit d2b0d26.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25538" target=3D= "_blank" rel=3D"noopener">CVE-2026-25538</a></td>

<a href=3D"https://github.com/devtron-labs/devtron/security/advisories/GHSA= -8wpc-j9q9-j5m2" target=3D"_blank" rel=3D"noopener">https://github.com/devt= ron-labs/devtron/security/advisories/GHSA-8wpc-j9q9-j5m2</a> <a href=3D"= https://github.com/devtron-labs/devtron/commit/d2b0d260d858ab1354b73a8f50f7= f078ca62706f" target=3D"_blank" rel=3D"noopener">https://github.com/devtron= -labs/devtron/commit/d2b0d260d858ab1354b73a8f50f7f078ca62706f</a> =C2=A0= </td>
</tr>

<td class=3D"vendor-product">tokio-rs--bytes</td>
<td>Bytes is a utility library for working with bytes. From version 1.2.1 t=
o before 1.11.1, Bytes is vulnerable to integer overflow in BytesMut::reser= ve. In the unique reclaim path of BytesMut::reserve, if the condition "v_ca= pacity >=3D new_cap + offset" uses an unchecked addition. When new_cap +=
offset overflows usize in release builds, this condition may incorrectly p= ass, causing self.cap to be set to a value that exceeds the actual allocate=
d capacity. Subsequent APIs such as spare_capacity_mut() then trust this co= rrupted cap value and may create out-of-bounds slices, leading to UB. This = behavior is observable in release builds (integer overflow wraps), whereas = debug builds panic due to overflow checks. This issue has been patched in v= ersion 1.11.1.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25541" target=3D= "_blank" rel=3D"noopener">CVE-2026-25541</a></td>

<a href=3D"https://github.com/tokio-rs/bytes/security/advisories/GHSA-434x-= w66g-qw3r" target=3D"_blank" rel=3D"noopener">https://github.com/tokio-rs/b= ytes/security/advisories/GHSA-434x-w66g-qw3r</a> <a href=3D"https://gith= ub.com/tokio-rs/bytes/commit/d0293b0e35838123c51ca5dfdf468ecafee4398f" targ= et=3D"_blank" rel=3D"noopener">https://github.com/tokio-rs/bytes/commit/d02= 93b0e35838123c51ca5dfdf468ecafee4398f</a> <a href=3D"https://github.com/= tokio-rs/bytes/releases/tag/v1.11.1" target=3D"_blank" rel=3D"noopener">htt= ps://github.com/tokio-rs/bytes/releases/tag/v1.11.1</a> <a href=3D"https= ://rustsec.org/advisories/RUSTSEC-2026-0007.html" target=3D"_blank" rel=3D"= noopener">https://rustsec.org/advisories/RUSTSEC-2026-0007.html</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">mganss--HtmlSanitizer</td>
<td>HtmlSanitizer is a .NET library for cleaning HTML fragments and documen=
ts from constructs that can lead to XSS attacks. Prior to versions 9.0.892 = and 9.1.893-beta, if the template tag is allowed, its contents are not sani= tized. The template tag is a special tag that does not usually render its c= ontents, unless the shadowrootmode attribute is set to open or closed. This=
issue has been patched in versions 9.0.892 and 9.1.893-beta.</td> <td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25543" target=3D= "_blank" rel=3D"noopener">CVE-2026-25543</a></td>

<a href=3D"https://github.com/mganss/HtmlSanitizer/security/advisories/GHSA= -j92c-7v7g-gj3f" target=3D"_blank" rel=3D"noopener">https://github.com/mgan= ss/HtmlSanitizer/security/advisories/GHSA-j92c-7v7g-gj3f</a> <a href=3D"= https://github.com/mganss/HtmlSanitizer/commit/0ac53dca30ddad963f2b243669a5= 066933d82b81" target=3D"_blank" rel=3D"noopener">https://github.com/mganss/= HtmlSanitizer/commit/0ac53dca30ddad963f2b243669a5066933d82b81</a> <a hre= f=3D"https://www.nuget.org/packages/HtmlSanitizer/9.0.892" target=3D"_blank=
" rel=3D"noopener">https://www.nuget.org/packages/HtmlSanitizer/9.0.892</a>= <a href=3D"https://www.nuget.org/packages/HtmlSanitizer/9.1.893-beta" t= arget=3D"_blank" rel=3D"noopener">https://www.nuget.org/packages/HtmlSaniti= zer/9.1.893-beta</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">isaacs--brace-expansion</td> <td>@isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-ex= pansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a=
denial of service (DoS) issue caused by unbounded brace range expansion. W= hen an attacker provides a pattern containing repeated numeric brace ranges=
, the library attempts to eagerly generate every possible combination synch= ronously. Because the expansion grows exponentially, even a small input can=
consume excessive CPU and memory and may crash the Node.js process. This i= ssue has been patched in version 5.0.1.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25547" target=3D= "_blank" rel=3D"noopener">CVE-2026-25547</a></td>

<a href=3D"https://github.com/isaacs/brace-expansion/security/advisories/GH= SA-7h2j-956f-4vf2" target=3D"_blank" rel=3D"noopener">https://github.com/is= aacs/brace-expansion/security/advisories/GHSA-7h2j-956f-4vf2</a> =C2=A0<=

</tr>

<td class=3D"vendor-product">Artifex Software--MuPDF</td>
<td>MuPDF versions 1.23.0 through 1.27.0 contain a double-free vulnerabilit=
y in fz_fill_pixmap_from_display_list() when an exception occurs during dis= play list rendering. The function accepts a caller-owned fz_pixmap pointer = but incorrectly drops the pixmap in its error handling path before rethrowi=
ng the exception. Callers (including the barcode decoding path in fz_decode= _barcode_from_display_list) also drop the same pixmap in cleanup, resulting=
in a double-free that can corrupt the heap and crash the process. This iss=
ue affects applications that enable and use MuPDF barcode decoding and can =
be triggered by processing crafted input that causes a rendering-time error=
while decoding barcodes.</td>
<td>2026-02-06</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25556" target=3D= "_blank" rel=3D"noopener">CVE-2026-25556</a></td>

<a href=3D"https://bugs.ghostscript.com/show_bug.cgi?id=3D709029" target=3D= "_blank" rel=3D"noopener">https://bugs.ghostscript.com/show_bug.cgi?id=3D70= 9029</a> <a href=3D"https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.= git/commit/?id=3Dd4743b6092d513321c23c6f7fe5cff87cde043c1" target=3D"_blank=
" rel=3D"noopener">https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/= commit/?id=3Dd4743b6092d513321c23c6f7fe5cff87cde043c1</a> <a href=3D"htt= ps://mupdf.com/" target=3D"_blank" rel=3D"noopener">https://mupdf.com/</a><= br><a href=3D"https://www.vulncheck.com/advisories/mupdf-barcode-decoding-d= ouble-free" target=3D"_blank" rel=3D"noopener">https://www.vulncheck.com/ad= visories/mupdf-barcode-decoding-double-free</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">WeKan--WeKan</td>
<td>WeKan versions prior to 8.19 contain an LDAP filter injection vulnerabi= lity in LDAP authentication. User-supplied username input is incorporated i= nto LDAP search filters and DN-related values without adequate escaping, al= lowing an attacker to manipulate LDAP queries during authentication.</td> <td>2026-02-07</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25560" target=3D= "_blank" rel=3D"noopener">CVE-2026-25560</a></td>

<a href=3D"https://github.com/wekan/wekan/commit/0b0e16c3eae28bbf453d33a81a= 9c58ce7db6d5bb" target=3D"_blank" rel=3D"noopener">https://github.com/wekan= /wekan/commit/0b0e16c3eae28bbf453d33a81a9c58ce7db6d5bb</a> <a href=3D"ht= tps://wekan.fi/" target=3D"_blank" rel=3D"noopener">https://wekan.fi/</a><b= r><a href=3D"https://www.vulncheck.com/advisories/wekan-ldap-authentication= -filter-injection" target=3D"_blank" rel=3D"noopener">https://www.vulncheck= .com/advisories/wekan-ldap-authentication-filter-injection</a> =C2=A0</t=

</tr>

<td class=3D"vendor-product">WeKan--WeKan</td>
<td>WeKan versions prior to 8.19 contain an authorization weakness in the a= ttachment upload API. The API does not fully validate that provided identif= iers (such as boardId, cardId, swimlaneId, and listId) are consistent and r= efer to a coherent card/board relationship, enabling attempts to upload att= achments with mismatched object relationships.</td>
<td>2026-02-07</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25561" target=3D= "_blank" rel=3D"noopener">CVE-2026-25561</a></td>

<a href=3D"https://github.com/wekan/wekan/commit/1d16955b6d4f0a0282e89c2c1b= 0415c7597019b8" target=3D"_blank" rel=3D"noopener">https://github.com/wekan= /wekan/commit/1d16955b6d4f0a0282e89c2c1b0415c7597019b8</a> <a href=3D"ht= tps://wekan.fi/" target=3D"_blank" rel=3D"noopener">https://wekan.fi/</a><b= r><a href=3D"https://www.vulncheck.com/advisories/wekan-attachment-upload-o= bject-relationship-validation-bypass" target=3D"_blank" rel=3D"noopener">ht= tps://www.vulncheck.com/advisories/wekan-attachment-upload-object-relations= hip-validation-bypass</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">WeKan--WeKan</td>
<td>WeKan versions prior to 8.19 contain an information disclosure vulnerab= ility in the attachments publication. Attachment metadata can be returned w= ithout properly scoping results to boards and cards accessible to the reque= sting user, potentially exposing attachment metadata to unauthorized users.= </td>
<td>2026-02-07</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25562" target=3D= "_blank" rel=3D"noopener">CVE-2026-25562</a></td>

<a href=3D"https://github.com/wekan/wekan/commit/6dfa3beb2b6ab23438d0f4395b= 84bf0749eb4820" target=3D"_blank" rel=3D"noopener">https://github.com/wekan= /wekan/commit/6dfa3beb2b6ab23438d0f4395b84bf0749eb4820</a> <a href=3D"ht= tps://wekan.fi/" target=3D"_blank" rel=3D"noopener">https://wekan.fi/</a><b= r><a href=3D"https://www.vulncheck.com/advisories/wekan-attachments-publica= tion-information-disclosure" target=3D"_blank" rel=3D"noopener">https://www= .vulncheck.com/advisories/wekan-attachments-publication-information-disclos= ure</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">WeKan--WeKan</td>
<td>WeKan versions prior to 8.19 contain an insecure direct object referenc=
e (IDOR) in checklist creation and related checklist routes. The implementa= tion does not verify that the supplied cardId belongs to the supplied board= Id, allowing cross-board ID tampering by manipulating identifiers.</td> <td>2026-02-07</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25563" target=3D= "_blank" rel=3D"noopener">CVE-2026-25563</a></td>

<a href=3D"https://github.com/wekan/wekan/commit/5cd875813fdec5a3c40a0358b3= 0a347967c85c14" target=3D"_blank" rel=3D"noopener">https://github.com/wekan= /wekan/commit/5cd875813fdec5a3c40a0358b30a347967c85c14</a> <a href=3D"ht= tps://wekan.fi/" target=3D"_blank" rel=3D"noopener">https://wekan.fi/</a><b= r><a href=3D"https://www.vulncheck.com/advisories/wekan-checklist-creation-= cross-board-idor" target=3D"_blank" rel=3D"noopener">https://www.vulncheck.= com/advisories/wekan-checklist-creation-cross-board-idor</a> =C2=A0</td> </tr>

<td class=3D"vendor-product">WeKan--WeKan</td>
<td>WeKan versions prior to 8.19 contain an insecure direct object referenc=
e (IDOR) in checklist creation and related checklist routes. The implementa= tion does not verify that the supplied cardId belongs to the supplied board= Id, allowing cross-board ID tampering by manipulating identifiers.</td> <td>2026-02-07</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25564" target=3D= "_blank" rel=3D"noopener">CVE-2026-25564</a></td>

<a href=3D"https://github.com/wekan/wekan/commit/08a6f084eba09487743a7c807f= b4a9000fcfa9ac" target=3D"_blank" rel=3D"noopener">https://github.com/wekan= /wekan/commit/08a6f084eba09487743a7c807fb4a9000fcfa9ac</a> <a href=3D"ht= tps://wekan.fi/" target=3D"_blank" rel=3D"noopener">https://wekan.fi/</a><b= r><a href=3D"https://www.vulncheck.com/advisories/wekan-checklist-deletion-= idor-via-missing-relationship-validation" target=3D"_blank" rel=3D"noopener= ">https://www.vulncheck.com/advisories/wekan-checklist-deletion-idor-via-mi= ssing-relationship-validation</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">WeKan--WeKan</td>
<td>WeKan versions prior to 8.19 contain an authorization vulnerability whe=
re certain card update API paths validate only board read access rather tha=
n requiring write permission. This can allow users with read-only roles to = perform card updates that should require write access.</td>
<td>2026-02-07</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25565" target=3D= "_blank" rel=3D"noopener">CVE-2026-25565</a></td>

<a href=3D"https://github.com/wekan/wekan/commit/181f837d8cbae96bdf9dcbd31b= eaa3653c2c0285" target=3D"_blank" rel=3D"noopener">https://github.com/wekan= /wekan/commit/181f837d8cbae96bdf9dcbd31beaa3653c2c0285</a> <a href=3D"ht= tps://wekan.fi/" target=3D"_blank" rel=3D"noopener">https://wekan.fi/</a><b= r><a href=3D"https://www.vulncheck.com/advisories/wekan-read-only-board-rol= es-can-update-cards" target=3D"_blank" rel=3D"noopener">https://www.vulnche= ck.com/advisories/wekan-read-only-board-roles-can-update-cards</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">WeKan--WeKan</td>
<td>WeKan versions prior to 8.19 contain an authorization vulnerability in = card move logic. A user can specify a destination board/list/swimlane witho=
ut adequate authorization checks for the destination and without validating=
that destination objects belong to the destination board, potentially enab= ling unauthorized cross-board moves.</td>
<td>2026-02-07</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25566" target=3D= "_blank" rel=3D"noopener">CVE-2026-25566</a></td>

<a href=3D"https://github.com/wekan/wekan/commit/198509e7600981400353aec625= 9247b3c04e043e" target=3D"_blank" rel=3D"noopener">https://github.com/wekan= /wekan/commit/198509e7600981400353aec6259247b3c04e043e</a> <a href=3D"ht= tps://wekan.fi/" target=3D"_blank" rel=3D"noopener">https://wekan.fi/</a><b= r><a href=3D"https://www.vulncheck.com/advisories/wekan-cross-board-card-mo= ve-without-destination-authorization" target=3D"_blank" rel=3D"noopener">ht= tps://www.vulncheck.com/advisories/wekan-cross-board-card-move-without-dest= ination-authorization</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">WeKan--WeKan</td>
<td>WeKan versions prior to 8.19 contain an insecure direct object referenc=
e (IDOR) in the card comment creation API. The endpoint accepts an authorId=
from the request body, allowing an authenticated user to spoof the recorde=
d comment author by supplying another user's identifier.</td> <td>2026-02-07</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25567" target=3D= "_blank" rel=3D"noopener">CVE-2026-25567</a></td>

<a href=3D"https://github.com/wekan/wekan/commit/67cb47173c1a152d9eaf546974= 0992b2dacdf62d" target=3D"_blank" rel=3D"noopener">https://github.com/wekan= /wekan/commit/67cb47173c1a152d9eaf5469740992b2dacdf62d</a> <a href=3D"ht= tps://wekan.fi/" target=3D"_blank" rel=3D"noopener">https://wekan.fi/</a><b= r><a href=3D"https://www.vulncheck.com/advisories/wekan-card-comment-author= -spoofing-via-user-controlled-authorid" target=3D"_blank" rel=3D"noopener">= https://www.vulncheck.com/advisories/wekan-card-comment-author-spoofing-via= -user-controlled-authorid</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">WeKan--WeKan</td>
<td>WeKan versions prior to 8.19 contain an authorization logic vulnerabili=
ty where the instance configuration setting allowPrivateOnly is not suffici= ently enforced at board creation time. When allowPrivateOnly is enabled, us= ers can still create public boards due to incomplete server-side enforcemen= t.</td>
<td>2026-02-07</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25568" target=3D= "_blank" rel=3D"noopener">CVE-2026-25568</a></td>

<a href=3D"https://github.com/wekan/wekan/commit/7ed76c180ede46ab1dac6b8ad2= 7e9128a272c2c8" target=3D"_blank" rel=3D"noopener">https://github.com/wekan= /wekan/commit/7ed76c180ede46ab1dac6b8ad27e9128a272c2c8</a> <a href=3D"ht= tps://wekan.fi/" target=3D"_blank" rel=3D"noopener">https://wekan.fi/</a><b= r><a href=3D"https://www.vulncheck.com/advisories/wekan-allowprivateonly-se= tting-enforcement-bypass" target=3D"_blank" rel=3D"noopener">https://www.vu= lncheck.com/advisories/wekan-allowprivateonly-setting-enforcement-bypass</a= > =C2=A0</td>
</tr>

<td class=3D"vendor-product">TUM-Dev--NavigaTUM</td>
<td>NavigaTUM is a website and API to search for rooms, buildings and other=
places. Prior to commit 86f34c7, there is a path traversal vulnerability i=
n the propose_edits endpoint allows unauthenticated users to overwrite file=
s in directories writable by the application user (e.g., /cdn). By supplyin=
g unsanitized file keys containing traversal sequences (e.g., ../../) in th=
e JSON payload, an attacker can escape the intended temporary directory and=
replace public facing images or fill the server's storage. This issue has = been patched via commit 86f34c7.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25575" target=3D= "_blank" rel=3D"noopener">CVE-2026-25575</a></td>

<a href=3D"https://github.com/TUM-Dev/NavigaTUM/security/advisories/GHSA-59= hj-f48w-hjfm" target=3D"_blank" rel=3D"noopener">https://github.com/TUM-Dev= /NavigaTUM/security/advisories/GHSA-59hj-f48w-hjfm</a> <a href=3D"https:= //github.com/TUM-Dev/NavigaTUM/pull/2650" target=3D"_blank" rel=3D"noopener= ">https://github.com/TUM-Dev/NavigaTUM/pull/2650</a> <a href=3D"https://= github.com/TUM-Dev/NavigaTUM/commit/86f34c72886a59ec8f1e6c00f78a5ab889a70fd=
0" target=3D"_blank" rel=3D"noopener">https://github.com/TUM-Dev/NavigaTUM/= commit/86f34c72886a59ec8f1e6c00f78a5ab889a70fd0</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">navidrome--navidrome</td>
<td>Navidrome is an open source web-based music collection server and strea= mer. Prior to version 0.60.0, authenticated users can crash the Navidrome s= erver by supplying an excessively large size parameter to /rest/getCoverArt=
or to a shared-image URL (/share/img/<token>). When processing such = requests, the server attempts to create an extremely large resized image, c= ausing uncontrolled memory growth. This triggers the Linux OOM killer, term= inates the Navidrome process, and results in a full service outage. If the = system has sufficient memory and survives the allocation, Navidrome then wr= ites these extremely large resized images into its cache directory, allowin=
g an attacker to rapidly exhaust server disk space as well. This issue has = been patched in version 0.60.0.</td>
<td>2026-02-04</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25579" target=3D= "_blank" rel=3D"noopener">CVE-2026-25579</a></td>

<a href=3D"https://github.com/navidrome/navidrome/security/advisories/GHSA-= hrr4-3wgr-68x3" target=3D"_blank" rel=3D"noopener">https://github.com/navid= rome/navidrome/security/advisories/GHSA-hrr4-3wgr-68x3</a> <a href=3D"ht= tps://github.com/navidrome/navidrome/releases/tag/v0.60.0" target=3D"_blank=
" rel=3D"noopener">https://github.com/navidrome/navidrome/releases/tag/v0.6= 0.0</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">n8n-io--n8n</td>
<td>n8n is an open source workflow automation platform. Prior to 1.121.0, t= here is a vulnerability in the HTTP Request node's credential domain valida= tion allowed an authenticated attacker to send requests with credentials to=
unintended domains, potentially leading to credential exfiltration. This o= nly might affect user who have credentials that use wildcard domain pattern=
s (e.g., *.example.com) in the "Allowed domains" setting. This issue is fix=
ed in version 1.121.0 and later.</td>
<td>2026-02-06</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25631" target=3D= "_blank" rel=3D"noopener">CVE-2026-25631</a></td>

<a href=3D"https://github.com/n8n-io/n8n/security/advisories/GHSA-2xcx-75h9= -vr9h" target=3D"_blank" rel=3D"noopener">https://github.com/n8n-io/n8n/sec= urity/advisories/GHSA-2xcx-75h9-vr9h</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">smn2gnt--MCP-Salesforce</td>
<td>MCP Salesforce Connector is a Model Context Protocol (MCP) server imple= mentation for Salesforce integration. Prior to 0.1.10, arbitrary attribute = access leads to disclosure of Salesforce auth token. This vulnerability is = fixed in 0.1.10.</td>
<td>2026-02-06</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25650" target=3D= "_blank" rel=3D"noopener">CVE-2026-25650</a></td>

<a href=3D"https://github.com/smn2gnt/MCP-Salesforce/security/advisories/GH= SA-vf6j-c56p-cq58" target=3D"_blank" rel=3D"noopener">https://github.com/sm= n2gnt/MCP-Salesforce/security/advisories/GHSA-vf6j-c56p-cq58</a> <a href= =3D"https://github.com/smn2gnt/MCP-Salesforce/commit/a1e3a5a786f48508d066b6= d40b58201ebf9b7fd6" target=3D"_blank" rel=3D"noopener">https://github.com/s= mn2gnt/MCP-Salesforce/commit/a1e3a5a786f48508d066b6d40b58201ebf9b7fd6</a><b= r><a href=3D"https://github.com/smn2gnt/MCP-Salesforce/releases/tag/v0.1.10=
" target=3D"_blank" rel=3D"noopener">https://github.com/smn2gnt/MCP-Salesfo= rce/releases/tag/v0.1.10</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">anthropics--claude-code</td>
<td>Claude Code is an agentic coding tool. Prior to version 2.0.57, Claude = Code failed to properly validate directory changes when combined with write=
operations to protected folders. By using the cd command to navigate into = sensitive directories like .claude, it was possible to bypass write protect= ion and create or modify files without user confirmation. Reliably exploiti=
ng this required the ability to add untrusted content into a Claude Code co= ntext window. This issue has been patched in version 2.0.57.</td> <td>2026-02-06</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25722" target=3D= "_blank" rel=3D"noopener">CVE-2026-25722</a></td>

<a href=3D"https://github.com/anthropics/claude-code/security/advisories/GH= SA-66q4-vfjg-2qhh" target=3D"_blank" rel=3D"noopener">https://github.com/an= thropics/claude-code/security/advisories/GHSA-66q4-vfjg-2qhh</a> =C2=A0<=

</tr>

<td class=3D"vendor-product">anthropics--claude-code</td>
<td>Claude Code is an agentic coding tool. Prior to version 2.0.55, Claude = Code failed to properly validate commands using piped sed operations with t=
he echo command, allowing attackers to bypass file write restrictions. This=
vulnerability enabled writing to sensitive directories like the .claude fo= lder and paths outside the project scope. Exploiting this required the abil= ity to execute commands through Claude Code with the "accept edits" feature=
enabled. This issue has been patched in version 2.0.55.</td> <td>2026-02-06</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25723" target=3D= "_blank" rel=3D"noopener">CVE-2026-25723</a></td>

<a href=3D"https://github.com/anthropics/claude-code/security/advisories/GH= SA-mhg7-666j-cqg4" target=3D"_blank" rel=3D"noopener">https://github.com/an= thropics/claude-code/security/advisories/GHSA-mhg7-666j-cqg4</a> =C2=A0<=

</tr>

<td class=3D"vendor-product">anthropics--claude-code</td>
<td>Claude Code is an agentic coding tool. Prior to version 2.1.7, Claude C= ode failed to strictly enforce deny rules configured in settings.json when = accessing files through symbolic links. If a user explicitly denied Claude = Code access to a file (such as /etc/passwd) and Claude Code had access to a=
symbolic link pointing to that file, it was possible for Claude Code to re=
ad the restricted file through the symlink without triggering deny rule enf= orcement. This issue has been patched in version 2.1.7.</td> <td>2026-02-06</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25724" target=3D= "_blank" rel=3D"noopener">CVE-2026-25724</a></td>

<a href=3D"https://github.com/anthropics/claude-code/security/advisories/GH= SA-4q92-rfm6-2cqx" target=3D"_blank" rel=3D"noopener">https://github.com/an= thropics/claude-code/security/advisories/GHSA-4q92-rfm6-2cqx</a> =C2=A0<=

</tr>

<td class=3D"vendor-product">anthropics--claude-code</td>
<td>Claude Code is an agentic coding tool. Prior to version 2.1.2, Claude C= ode's bubblewrap sandboxing mechanism failed to properly protect the .claud= e/settings.json configuration file when it did not exist at startup. While = the parent directory was mounted as writable and .claude/settings.local.jso=
n was explicitly protected with read-only constraints, settings.json was no=
t protected if it was missing. This allowed malicious code running inside t=
he sandbox to create this file and inject persistent hooks (such as Session= Start commands) that would execute with host privileges when Claude Code wa=
s restarted. This issue has been patched in version 2.1.2.</td> <td>2026-02-06</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25725" target=3D= "_blank" rel=3D"noopener">CVE-2026-25725</a></td>

<a href=3D"https://github.com/anthropics/claude-code/security/advisories/GH= SA-ff64-7w26-62rf" target=3D"_blank" rel=3D"noopener">https://github.com/an= thropics/claude-code/security/advisories/GHSA-ff64-7w26-62rf</a> =C2=A0<=

</tr>

<td class=3D"vendor-product">time-rs--time</td>
<td>time provides date and time handling in Rust. From 0.3.6 to before 0.3.= 47, when user-provided input is provided to any type that parses with the R=
FC 2822 format, a denial of service attack via stack exhaustion is possible=
. The attack relies on formally deprecated and rarely-used features that ar=
e part of the RFC 2822 format used in a malicious manner. Ordinary, non-mal= icious input will never encounter this scenario. A limit to the depth of re= cursion was added in v0.3.47. From this version, an error will be returned = rather than exhausting the stack.</td>
<td>2026-02-06</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25727" target=3D= "_blank" rel=3D"noopener">CVE-2026-25727</a></td>

<a href=3D"https://github.com/time-rs/time/security/advisories/GHSA-r6v5-fh= 4h-64xc" target=3D"_blank" rel=3D"noopener">https://github.com/time-rs/time= /security/advisories/GHSA-r6v5-fh4h-64xc</a> <a href=3D"https://github.c= om/time-rs/time/commit/1c63dc7985b8fa26bd8c689423cc56b7a03841ee" target=3D"= _blank" rel=3D"noopener">https://github.com/time-rs/time/commit/1c63dc7985b= 8fa26bd8c689423cc56b7a03841ee</a> <a href=3D"https://github.com/time-rs/= time/blob/main/CHANGELOG.md#0347-2026-02-05" target=3D"_blank" rel=3D"noope= ner">https://github.com/time-rs/time/blob/main/CHANGELOG.md#0347-2026-02-05= </a> <a href=3D"https://github.com/time-rs/time/releases/tag/v0.3.47" ta= rget=3D"_blank" rel=3D"noopener">https://github.com/time-rs/time/releases/t= ag/v0.3.47</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">lintsinghua--DeepAudit</td>
<td>DeepAudit is a multi-agent system for code vulnerability discovery. In = 3.0.4 and earlier, there is an improper access control vulnerability in the=
/api/v1/users/ endpoint allows any authenticated user to enumerate all use=
rs in the system and retrieve sensitive information including email address= es, phone numbers, full names, and role information.</td>
<td>2026-02-06</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25729" target=3D= "_blank" rel=3D"noopener">CVE-2026-25729</a></td>

<a href=3D"https://github.com/lintsinghua/DeepAudit/security/advisories/GHS= A-vmmm-48w2-q56q" target=3D"_blank" rel=3D"noopener">https://github.com/lin= tsinghua/DeepAudit/security/advisories/GHSA-vmmm-48w2-q56q</a> <a href= =3D"https://github.com/lintsinghua/DeepAudit/commit/b2a3b26579d3fdbab5236ae= 12ed67ae2313175fd" target=3D"_blank" rel=3D"noopener">https://github.com/li= ntsinghua/DeepAudit/commit/b2a3b26579d3fdbab5236ae12ed67ae2313175fd</a> = =C2=A0</td>
</tr>

<td class=3D"vendor-product">frangoteam--FUXA</td>
<td>FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) softwar=
e. An information disclosure vulnerability in FUXA allows an unauthenticate=
d, remote attacker to retrieve sensitive administrative database credential=
s. Exploitation allows an unauthenticated, remote attacker to obtain the fu=
ll system configuration, including administrative credentials for the Influ= xDB database. Possession of these credentials may allow an attacker to auth= enticate directly to the database service, enabling them to read, modify, o=
r delete all historical process data, or perform a Denial of Service by cor= rupting the database. This affects FUXA through version 1.2.9. This issue h=
as been patched in FUXA version 1.2.10.</td>
<td>2026-02-06</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25751" target=3D= "_blank" rel=3D"noopener">CVE-2026-25751</a></td>

<a href=3D"https://github.com/frangoteam/FUXA/security/advisories/GHSA-c5gq= -4h56-4mmx" target=3D"_blank" rel=3D"noopener">https://github.com/frangotea= m/FUXA/security/advisories/GHSA-c5gq-4h56-4mmx</a> <a href=3D"https://gi= thub.com/frangoteam/FUXA/releases/tag/v1.2.10" target=3D"_blank" rel=3D"noo= pener">https://github.com/frangoteam/FUXA/releases/tag/v1.2.10</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">frangoteam--FUXA</td>
<td>FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) softwar=
e. An authorization bypass vulnerability in FUXA allows an unauthenticated,=
remote attacker to modify device tags via WebSockets. Exploitation allows =
an unauthenticated, remote attacker to bypass role-based access controls an=
d overwrite arbitrary device tags or disable communication drivers, exposin=
g connected ICS/SCADA environments to follow-on actions. This may allow an = attacker to manipulate physical processes and disconnected devices from the=
HMI. This affects FUXA through version 1.2.9. This issue has been patched =
in FUXA version 1.2.10.</td>
<td>2026-02-06</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25752" target=3D= "_blank" rel=3D"noopener">CVE-2026-25752</a></td>

<a href=3D"https://github.com/frangoteam/FUXA/security/advisories/GHSA-ggxw= -g3cp-mgf8" target=3D"_blank" rel=3D"noopener">https://github.com/frangotea= m/FUXA/security/advisories/GHSA-ggxw-g3cp-mgf8</a> <a href=3D"https://gi= thub.com/frangoteam/FUXA/releases/tag/v1.2.10" target=3D"_blank" rel=3D"noo= pener">https://github.com/frangoteam/FUXA/releases/tag/v1.2.10</a> =C2= =A0</td>
</tr>

<td class=3D"vendor-product">Praskla-Technology--assessment-placipy</td> <td>PlaciPy is a placement management system designed for educational insti= tutions. In version 1.0.0, the application uses a hard-coded, static defaul=
t password for all newly created student accounts. This results in mass acc= ount takeover, allowing any attacker to log in as any student once the pass= word is known.</td>
<td>2026-02-06</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25753" target=3D= "_blank" rel=3D"noopener">CVE-2026-25753</a></td>

<a href=3D"https://github.com/Praskla-Technology/assessment-placipy/securit= y/advisories/GHSA-6537-cf56-j9w2" target=3D"_blank" rel=3D"noopener">https:= //github.com/Praskla-Technology/assessment-placipy/security/advisories/GHSA= -6537-cf56-j9w2</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">spree--spree</td>
<td>Spree is an open source e-commerce solution built with Ruby on Rails. P= rior to versions 5.0.8, 5.1.10, 5.2.7, and 5.3.2, unauthenticated users can=
view completed guest orders by Order ID. This issue may lead to disclosure=
of PII of guest users (including names, addresses and phone numbers). This=
issue has been patched in versions 5.0.8, 5.1.10, 5.2.7, and 5.3.2.</td> <td>2026-02-06</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25757" target=3D= "_blank" rel=3D"noopener">CVE-2026-25757</a></td>

<a href=3D"https://github.com/spree/spree/security/advisories/GHSA-p6pv-q7r= c-g4h9" target=3D"_blank" rel=3D"noopener">https://github.com/spree/spree/s= ecurity/advisories/GHSA-p6pv-q7rc-g4h9</a> <a href=3D"https://github.com= /spree/spree/commit/3e00be64c128ef4bd4b99731f0c3ab469509cfab" target=3D"_bl= ank" rel=3D"noopener">https://github.com/spree/spree/commit/3e00be64c128ef4= bd4b99731f0c3ab469509cfab</a> <a href=3D"https://github.com/spree/spree/= commit/6b32ed7d474aa55fa441990e6aa39740152aa1be" target=3D"_blank" rel=3D"n= oopener">https://github.com/spree/spree/commit/6b32ed7d474aa55fa441990e6aa3= 9740152aa1be</a> <a href=3D"https://github.com/spree/spree/commit/6f6b8a= 7a28a8bff24a6e20eab04b4bbbdf39384d" target=3D"_blank" rel=3D"noopener">http= s://github.com/spree/spree/commit/6f6b8a7a28a8bff24a6e20eab04b4bbbdf39384d<= /a> <a href=3D"https://github.com/spree/spree/commit/ea4a5db590ca753dbc9= 86f2a4e818d9e0edfb1ad" target=3D"_blank" rel=3D"noopener">https://github.co= m/spree/spree/commit/ea4a5db590ca753dbc986f2a4e818d9e0edfb1ad</a> <a hre= f=3D"https://github.com/spree/spree/blob/1341623f2ae92685cdbe232885bf5808fc= 8f9ca8/storefront/app/controllers/spree/orders_controller.rb#L14" target=3D= "_blank" rel=3D"noopener">https://github.com/spree/spree/blob/1341623f2ae92= 685cdbe232885bf5808fc8f9ca8/storefront/app/controllers/spree/orders_control= ler.rb#L14</a> <a href=3D"https://github.com/spree/spree/blob/1341623f2a= e92685cdbe232885bf5808fc8f9ca8/storefront/app/controllers/spree/orders_cont= roller.rb#L51C1-L55C8" target=3D"_blank" rel=3D"noopener">https://github.co= m/spree/spree/blob/1341623f2ae92685cdbe232885bf5808fc8f9ca8/storefront/app/= controllers/spree/orders_controller.rb#L51C1-L55C8</a> <a href=3D"https:= //github.com/spree/spree/blob/a878eb4a782ce0445d218ea86fb12075b0e3d7cc/core= /lib/spree/core/number_generator.rb#L45" target=3D"_blank" rel=3D"noopener"= >https://github.com/spree/spree/blob/a878eb4a782ce0445d218ea86fb12075b0e3d7= cc/core/lib/spree/core/number_generator.rb#L45</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">spree--spree</td>
<td>Spree is an open source e-commerce solution built with Ruby on Rails. A=
critical IDOR vulnerability exists in Spree Commerce's guest checkout flow=
that allows any guest user to bind arbitrary guest addresses to their orde=
r by manipulating address ID parameters. This enables unauthorized access t=
o other guests' personally identifiable information (PII) including names, = addresses and phone numbers. The vulnerability bypasses existing ownership = validation checks and affects all guest checkout transactions. This vulnera= bility is fixed in 4.10.3, 5.0.8, 5.1.10, 5.2.7, and 5.3.2.</td> <td>2026-02-06</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25758" target=3D= "_blank" rel=3D"noopener">CVE-2026-25758</a></td>

<a href=3D"https://github.com/spree/spree/security/advisories/GHSA-87fh-rc9= 6-6fr6" target=3D"_blank" rel=3D"noopener">https://github.com/spree/spree/s= ecurity/advisories/GHSA-87fh-rc96-6fr6</a> <a href=3D"https://github.com= /spree/spree/commit/15619618e43b367617ec8d2d4aafc5e54fa7b734" target=3D"_bl= ank" rel=3D"noopener">https://github.com/spree/spree/commit/15619618e43b367= 617ec8d2d4aafc5e54fa7b734</a> <a href=3D"https://github.com/spree/spree/= commit/29282d1565ba4f7bc2bbc47d550e2c0c6d0ae59f" target=3D"_blank" rel=3D"n= oopener">https://github.com/spree/spree/commit/29282d1565ba4f7bc2bbc47d550e= 2c0c6d0ae59f</a> <a href=3D"https://github.com/spree/spree/commit/6650f9= 6356faa0d16c05bcb516f1ffd5641741b8" target=3D"_blank" rel=3D"noopener">http= s://github.com/spree/spree/commit/6650f96356faa0d16c05bcb516f1ffd5641741b8<= /a> <a href=3D"https://github.com/spree/spree/commit/902d301ac83fd2047db= 1b9a3a99545162860f748" target=3D"_blank" rel=3D"noopener">https://github.co= m/spree/spree/commit/902d301ac83fd2047db1b9a3a99545162860f748</a> <a hre= f=3D"https://github.com/spree/spree/commit/ff7cfcfcfe0c40c60d03317e1d0ee361= c6a6b054" target=3D"_blank" rel=3D"noopener">https://github.com/spree/spree= /commit/ff7cfcfcfe0c40c60d03317e1d0ee361c6a6b054</a> <a href=3D"https://= github.com/spree/spree/blob/1341623f2ae92685cdbe232885bf5808fc8f9ca8/core/a= pp/models/spree/order/address_book.rb#L16-L38" target=3D"_blank" rel=3D"noo= pener">https://github.com/spree/spree/blob/1341623f2ae92685cdbe232885bf5808= fc8f9ca8/core/app/models/spree/order/address_book.rb#L16-L38</a> <a href= =3D"https://github.com/spree/spree/blob/1341623f2ae92685cdbe232885bf5808fc8= f9ca8/core/app/models/spree/order/checkout.rb#L241-L254" target=3D"_blank" = rel=3D"noopener">https://github.com/spree/spree/blob/1341623f2ae92685cdbe23= 2885bf5808fc8f9ca8/core/app/models/spree/order/checkout.rb#L241-L254</a><br= ><a href=3D"https://github.com/spree/spree/blob/1341623f2ae92685cdbe232885b= f5808fc8f9ca8/core/app/services/spree/checkout/update.rb#L33-L48" target=3D= "_blank" rel=3D"noopener">https://github.com/spree/spree/blob/1341623f2ae92= 685cdbe232885bf5808fc8f9ca8/core/app/services/spree/checkout/update.rb#L33-= L48</a> <a href=3D"https://github.com/spree/spree/blob/1341623f2ae92685c= dbe232885bf5808fc8f9ca8/core/lib/spree/permitted_attributes.rb#L92-L96" tar= get=3D"_blank" rel=3D"noopener">https://github.com/spree/spree/blob/1341623= f2ae92685cdbe232885bf5808fc8f9ca8/core/lib/spree/permitted_attributes.rb#L9= 2-L96</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">opf--openproject</td>
<td>OpenProject is an open-source, web-based project management software. P= rior to versions 16.6.7 and 17.0.3, an arbitrary file write vulnerability e= xists in OpenProject's repository changes endpoint (/projects/:project_id/r= epository/changes) when rendering the "latest changes" view via git log. By=
supplying a specially crafted rev value (for example, rev=3D--output=3D/tm= p/poc.txt), an attacker can inject git log command-line options. When OpenP= roject executes the SCM command, Git interprets the attacker-controlled rev=
as an option and writes the output to an attacker-chosen path. As a result=
, any user with the :browse_repository permission on the project can create=
or overwrite arbitrary files that the OpenProject process user is permitte=
d to write. The written contents consist of git log output, but by crafting=
custom commits the attacker can still upload valid shell scripts, ultimate=
ly leading to RCE. The RCE lets the attacker create a reverse shell to the = target host and view confidential files outside of OpenProject, such as /et= c/passwd. This issue has been patched in versions 16.6.7 and 17.0.3.</td> <td>2026-02-06</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25763" target=3D= "_blank" rel=3D"noopener">CVE-2026-25763</a></td>

<a href=3D"https://github.com/opf/openproject/security/advisories/GHSA-x37c= -hcg5-r5m7" target=3D"_blank" rel=3D"noopener">https://github.com/opf/openp= roject/security/advisories/GHSA-x37c-hcg5-r5m7</a> <a href=3D"https://gi= thub.com/opf/openproject/releases/tag/v16.6.7" target=3D"_blank" rel=3D"noo= pener">https://github.com/opf/openproject/releases/tag/v16.6.7</a> <a hr= ef=3D"https://github.com/opf/openproject/releases/tag/v17.0.3" target=3D"_b= lank" rel=3D"noopener">https://github.com/opf/openproject/releases/tag/v17.= 0.3</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">slackhq--nebula</td>
<td>Nebula is a scalable overlay networking tool. In versions from 1.7.0 to=
1.10.2, when using P256 certificates (which is not the default configurati= on), it is possible to evade a blocklist entry created against the fingerpr= int of a certificate by using ECDSA Signature Malleability to use a copy of=
the certificate with a different fingerprint. This issue has been patched =
in version 1.10.3.</td>
<td>2026-02-06</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25793" target=3D= "_blank" rel=3D"noopener">CVE-2026-25793</a></td>

<a href=3D"https://github.com/slackhq/nebula/security/advisories/GHSA-69x3-= g4r3-p962" target=3D"_blank" rel=3D"noopener">https://github.com/slackhq/ne= bula/security/advisories/GHSA-69x3-g4r3-p962</a> <a href=3D"https://gith= ub.com/slackhq/nebula/commit/f573e8a26695278f9d71587390fbfe0d0933aa21" targ= et=3D"_blank" rel=3D"noopener">https://github.com/slackhq/nebula/commit/f57= 3e8a26695278f9d71587390fbfe0d0933aa21</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">antrea-io--antrea</td>
<td>Antrea is a Kubernetes networking solution intended to be Kubernetes na= tive. Prior to versions 2.3.2 and 2.4.3, Antrea's network policy priority a= ssignment system has a uint16 arithmetic overflow bug that causes incorrect=
OpenFlow priority calculations when handling a large numbers of policies w= ith various priority values. This results in potentially incorrect traffic = enforcement. This issue has been patched in versions 2.4.3.</td> <td>2026-02-06</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25804" target=3D= "_blank" rel=3D"noopener">CVE-2026-25804</a></td>

<a href=3D"https://github.com/antrea-io/antrea/security/advisories/GHSA-86x= 4-wp9f-wrr9" target=3D"_blank" rel=3D"noopener">https://github.com/antrea-i= o/antrea/security/advisories/GHSA-86x4-wp9f-wrr9</a> <a href=3D"https://= github.com/antrea-io/antrea/pull/7496" target=3D"_blank" rel=3D"noopener">h= ttps://github.com/antrea-io/antrea/pull/7496</a> <a href=3D"https://gith= ub.com/antrea-io/antrea/commit/86c4b6010f3be536866f339b632621c23d7186fa" ta= rget=3D"_blank" rel=3D"noopener">https://github.com/antrea-io/antrea/commit= /86c4b6010f3be536866f339b632621c23d7186fa</a> =C2=A0</td>
</tr>

<td class=3D"vendor-product">Shenzhen Tenda Technology--Tenda G300-F</td> <td>Tenda G300-F router firmware versio 16.01.14.2 and prior contain an OS = command injection vulnerability in the WAN diagnostic functionality (formSe= tWanDiag). The implementation constructs a shell command that invokes curl = and incorporates attacker-controlled input into the command line without ad= equate neutralization. As a result, a remote attacker with access to the af= fected management interface can inject additional shell syntax and execute = arbitrary commands on the device with the privileges of the management proc= ess.</td>
<td>2026-02-07</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25857" target=3D= "_blank" rel=3D"noopener">CVE-2026-25857</a></td>

<a href=3D"https://blog.evan.lat/blog/cve-2026-25857/" target=3D"_blank" re= l=3D"noopener">https://blog.evan.lat/blog/cve-2026-25857/</a> <a href=3D= "https://www.tendacn.com/material/show/736333682028613" target=3D"_blank" r= el=3D"noopener">https://www.tendacn.com/material/show/736333682028613</a><b= r><a href=3D"https://www.vulncheck.com/advisories/tenda-g300-f-command-inje= ction-via-formsetwandiag" target=3D"_blank" rel=3D"noopener">https://www.vu= lncheck.com/advisories/tenda-g300-f-command-injection-via-formsetwandiag</a= > =C2=A0</td>
</tr>

<td class=3D"vendor-product">macrozheng--mall</td>
<td>macrozheng mall version 1.0.3 and prior contains an authentication vuln= erability in the mall-portal password reset workflow that allows an unauthe= nticated attacker to reset arbitrary user account passwords using only a vi= ctim's telephone number. The password reset flow exposes the one-time passw= ord (OTP) directly in the API response and validates password reset request=
s solely by comparing the provided OTP to a value stored by telephone numbe=
r, without verifying user identity or ownership of the telephone number. Th=
is enables remote account takeover of any user with a known or guessable te= lephone number.</td>
<td>2026-02-07</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25858" target=3D= "_blank" rel=3D"noopener">CVE-2026-25858</a></td>

<a href=3D"https://github.com/macrozheng/mall/issues/946" target=3D"_blank"=
rel=3D"noopener">https://github.com/macrozheng/mall/issues/946</a> <a h= ref=3D"https://www.macrozheng.com/" target=3D"_blank" rel=3D"noopener">http= s://www.macrozheng.com/</a> <a href=3D"https://www.vulncheck.com/advisor= ies/macrozheng-mall-unauthenticated-password-reset-via-otp-disclosure" targ= et=3D"_blank" rel=3D"noopener">https://www.vulncheck.com/advisories/macrozh= eng-mall-unauthenticated-password-reset-via-otp-disclosure</a> =C2=A0</t=

</tr>

<td class=3D"vendor-product">WeKan--WeKan</td>
<td>Wekan versions prior to 8.20 allow non-administrative users to access m= igration functionality due to insufficient permission checks, potentially r= esulting in unauthorized migration operations.</td>
<td>2026-02-07</td>
<td>not yet calculated</td>
<td><a href=3D"https://www.cve.org/CVERecord?id=3DCVE-2026-25859" target=3D= "_blank" rel=3D"noopener">CVE-2026-25859</a></td>

<a href=3D"https://github.com/wekan/wekan/commit/cbb1cd78de3e40264a5e047ace= 0ce27f8635b4e6" target=3D"_blank" rel=3D"noopener">https://github.com/wekan= /wekan/commit/cbb1cd78de3e40264a5e047ace0ce27f8635b4e6</a> <a href=3D"ht= tps://wekan.fi/" target=3D"_blank" rel=3D"noopener">https://wekan.fi/</a><b= r><a href=3D"https://www.vulncheck.com/advisories/wekan-migration-functiona= lity-insufficient-permission-checks" target=3D"_blank" rel=3D"noopener">htt= ps://www.vulncheck.com/advisories/wekan-migration-functionality-insufficien= t-permission-checks</a> =C2=A0</td>
</tr>
</tbody>
</table>
<a href=3D"#top">Back to top</a>
</div>
</div>
</div>
<style>body {
font-size: 1em; font-family: Arial, Verdana, sans-serif; font-weight: norma=
l; font-style: normal; color: #333333;
}
</style>
=20

<div id=3D"mail_footer">
Having trouble viewing this message?=C2=A0<a href=3D"ht= tps://content.govdelivery.com/accounts/USDHSCISA/bulletins/4090726" target= =3D"_blank" rel=3D"noopener">View it as a webpage</a>.=C2=A0<a href=3D"http= s://content.govdelivery.com/accounts/USDHS/bulletins/292141e" target=3D"_bl= ank" rel=3D"noopener"></a>
You are subscribed to updates from the <a href=3D"https://w= ww.cisa.gov">Cybersecurity and Infrastru= cture Security Agency</a> (CISA) <a href=3D"https://public.govdelivery.com/account= s/USDHSCISA/subscriber/edit?preferences=3Dtrue#tab1" target=3D"_blank" rel= =3D"noopener">Manage Sub= scriptions</a>=C2=A0=C2=A0|=C2=A0=C2=A0<a href=3D"https://www.cisa.gov/privacy-policy=
" target=3D"_blank" rel=3D"noopener">Privacy Policy</a>=C2=A0=C2=A0|=C2=A0 <a href=3D"https://subscriberhelp.granicu= s.com/s/article/Subscriber-Help-Center" target=3D"_blank" rel=3D"noopener">= Help</a><a href=3D"https://insights.govdelivery.com/Communications/Subscrib= er_Help_Center" target=3D"_blank" rel=3D"noopener"></a>
Connect with CISA: <a href=3D"https://www.facebook.com/= CISA" target=3D"_blank" rel=3D"noopener">Facebook</a>=C2=A0 |=C2=A0 <a href=3D"https://twitter.com/CISAgov" t= arget=3D"_blank" rel=3D"noopener">Twitter</a>=C2=A0 |=C2=A0 <a href=3D"https://Instagram.com/cisagov" target= =3D"_blank" rel=3D"noopener">Instagram</a>=C2=A0 |=C2=A0 <a href=3D"https://www.linkedin.com/company/cybersec= urity-and-infrastructure-security-agency" target=3D"_blank" rel=3D"noopener= ">LinkedIn</a><sp=
an style=3D"font-size: 10.0pt; color: #757575;">=C2=A0 |=C2=A0=C2=A0 </span= ><a href=3D"https://www.youtube.com/channel/UCxyq9roe-npgzrVwbpoAy0A" targe= t=3D"_self">YouTube</spa= n></a>

</div>
<div id=3D"tagline">
<hr>
<table style=3D"width: 100%;" border=3D"0" cellspacing=3D"0" cellpadding=3D=

<tbody>

<td style=3D"color: #757575; font-size: 10px; font-family: Arial;" width=3D= "89%">This email was sent to cisa@toolazy.synchro.net using GovDelivery Com= munications Cloud, on behalf of: Cybersecurity and Infrastructure Security = Agency =C2=B7 707 17th St, Suite 4000 =C2=B7 Denver, CO 80202</td>
<td align=3D"right" width=3D"11%"><a href=3D"https://subscriberhelp.granicu= s.com/" target=3D"_blank" rel=3D"noopener"><img src=3D"https://content.govd= elivery.com/images/govd-logo-dark.png" border=3D"0" alt=3D"GovDelivery logo=
" width=3D"115"></a></td>
</tr>
</tbody>
</table>
<style type=3D"text/css">body .abe-column-block { min-height: 5px; } table.= gd_combo_table img {margin-left:10px; margin-right:10px;} table.gd_combo_ta= ble div.govd_image_display img, table.gd_combo_table td.gd_combo_image_cell=
img {margin-left:0px; margin-right:0px;}</style>

</div>
</td>
</tr>
</table>

<img alt=3D"" src=3D"https://links-2.govdelivery.com/CI0/0101019c43d61d32-e= 1ebde4a-2147-4d45-a84b-44a67e927ff8-000000/dDYPyM6kyK21N5Qt-SsmCsqphmgXqImK= qkHqJD8Cq0U=3D443" style=3D"display: none; width: 1px; height: 1px;">
</body>
</html>

--===============3080814400787859564==--

--===============7159767842078463374==--

Who's Online
Recent Visitors
- Geek2
  Wed Mar 4 21:24:21 2026
  from Euclid, Oh via Telnet
- Geek2
  Wed Mar 4 18:27:09 2026
  from Euclid, Oh via Telnet
- Geek2
  Tue Mar 3 10:26:12 2026
  from Euclid, Oh via Telnet
- Geek2
  Mon Mar 2 11:22:09 2026
  from Euclid, Oh via Telnet

System Info

Sysop:	Amessyroom
Location:	Fayetteville, NC
Users:	59
Nodes:	6 (0 / 6)
Uptime:	28:14:38
Calls:	812
Files:	1,288
D/L today:	2 files (20K bytes)
Messages:	213,278

Vulnerability Summary for the Week of February 2, 2026

Who's Online

Recent Visitors

System Info