Latest CVE Feed
-
6.5
MEDIUMCVE-2026-1977
A security vulnerability has been detected in isaacwasserman mcp-vegalite-server up to 16aefed598b8cd897b78e99b907f6e2984572c61. Affected by this vulnerability is the function eval of the component visualize_data. Such manipulation of the argument vegalit... Read more
Affected Products :- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Injection
-
5.5
MEDIUMCVE-2026-1974
A vulnerability was identified in Free5GC up to 4.1.0. This affects the function ResolveNodeIdToIp of the file internal/sbi/processor/datapath.go of the component SMF. The manipulation leads to denial of service. Remote exploitation of the attack is possi... Read more
Affected Products :- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2026-1973
A vulnerability was determined in Free5GC up to 4.1.0. The impacted element is the function establishPfcpSession of the component SMF. Executing a manipulation can lead to null pointer dereference. The attack may be launched remotely. The exploit has been... Read more
Affected Products :- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2026-1972
A vulnerability was found in Edimax BR-6208AC 2_1.02. The affected element is the function auth_check_userpass2. Performing a manipulation of the argument Username/Password results in use of default credentials. The attack may be initiated remotely. The e... Read more
Affected Products : br-6208ac_firmware- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Authentication
-
8.7
HIGHCVE-2025-32393
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.32, there is a DoS vulnerability in ReadRSSFeedBlock. In RSSBlock, feedpar... Read more
Affected Products : autogpt_platform- Published: Feb. 05, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Denial of Service
-
6.4
MEDIUMCVE-2026-1909
The WaveSurfer-WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's audio shortcode in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping on the 'src' attribute. This makes ... Read more
Affected Products :- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Cross-Site Scripting
-
8.3
HIGHCVE-2025-13818
Local privilege escalation vulnerability via insecure temporary batch file execution in ESET Management Agent... Read more
Affected Products :- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Misconfiguration
-
5.3
MEDIUMCVE-2026-1979
A flaw has been found in mruby up to 3.4.0. This affects the function mrb_vm_exec of the file src/vm.c of the component JMPNOT-to-JMPIF Optimization. Executing a manipulation can lead to use after free. The attack needs to be launched locally. The exploit... Read more
Affected Products : mruby- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2026-2056
A security vulnerability has been detected in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. The impacted element is an unknown function of the file /wan_connection_status.asp of the component DHCP Connection Status Handler. The manipulation leads to infor... Read more
- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Information Disclosure
-
9.8
CRITICALCVE-2026-21643
An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.... Read more
Affected Products : forticlientems- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Injection
-
5.5
MEDIUMCVE-2026-1975
A security flaw has been discovered in Free5GC up to 4.1.0. This impacts the function identityTriggerType of the file pfcp_reports.go. The manipulation results in null pointer dereference. The attack can be executed remotely. The exploit has been released... Read more
Affected Products :- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2026-24917
UAF vulnerability in the security module. Impact: Successful exploitation of this vulnerability may affect availability.... Read more
- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Memory Corruption
-
10.0
HIGHCVE-2026-2017
A vulnerability was detected in IP-COM W30AP up to 1.0.0.11(1340). Affected by this issue is the function R7WebsSecurityHandler of the file /goform/wx3auth of the component POST Request Handler. The manipulation of the argument data results in stack-based... Read more
Affected Products :- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2026-2011
A vulnerability was found in itsourcecode Student Management System 1.0. The affected element is an unknown function of the file /ramonsys/enrollment/controller.php. The manipulation of the argument ID results in sql injection. The attack can be launched ... Read more
Affected Products : student_management_system- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Injection
-
4.2
MEDIUMCVE-2026-2010
A vulnerability has been found in Sanluan PublicCMS up to 4.0.202506.d/5.202506.d/6.202506.d. Impacted is the function Paid of the file publiccms-parent/publiccms-trade/src/main/java/com/publiccms/logic/service/trade/TradePaymentService.java of the compon... Read more
Affected Products : publiccms- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Authorization
-
4.8
MEDIUMCVE-2026-1998
A flaw has been found in micropython up to 1.27.0. This vulnerability affects the function mp_import_all of the file py/runtime.c. This manipulation causes memory corruption. The attack needs to be launched locally. The exploit has been published and may ... Read more
Affected Products : micropython- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Memory Corruption
-
4.0
MEDIUMCVE-2026-24914
Type confusion vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability.... Read more
Affected Products : harmonyos- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Memory Corruption
-
4.2
MEDIUMCVE-2026-0598
A security flaw was identified in the Ansible Lightspeed API conversation endpoints that handle AI chat interactions. The APIs do not properly verify whether a conversation identifier belongs to the authenticated user making the request. As a result, an a... Read more
Affected Products :- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Authorization
-
6.4
MEDIUMCVE-2026-1293
The Yoast SEO – Advanced SEO with real-time guidance and built-in AI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the `yoast-schema` block attribute in all versions up to, and including, 26.8 due to insufficient input sanitiza... Read more
Affected Products :- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Cross-Site Scripting
-
7.8
HIGHCVE-2026-0662
A maliciously crafted project directory, when opening a max file in Autodesk 3ds Max, could lead to execution of arbitrary code in the context of the current process due to an Untrusted Search Path being utilized.... Read more
Affected Products : 3ds_max- Published: Feb. 04, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Misconfiguration