Latest CVE Feed
-
6.5
MEDIUMCVE-2026-1898
A vulnerability was determined in WeKan up to 8.20. This affects an unknown part of the file packages/wekan-ldap/server/syncUser.js of the component LDAP User Sync. This manipulation causes improper access controls. It is possible to initiate the attack r... Read more
Affected Products :- Published: Feb. 05, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Authorization
-
9.4
CRITICALCVE-2026-21893
n8n is an open source workflow automation platform. From version 0.187.0 to before 1.120.3, a command injection vulnerability was identified in n8n’s community package installation functionality. The issue allowed authenticated users with administrative p... Read more
Affected Products : n8n- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Injection
-
9.2
CRITICALCVE-2026-25547
@isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service (DoS) issue caused by unbounded brace range expansion. When an attacker provides a pattern... Read more
Affected Products :- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Denial of Service
-
8.5
HIGHCVE-2019-25281
NCP Secure Entry Client 9.2 contains an unquoted service path vulnerability in multiple Windows services that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted paths in services like ncprwsnt, rwsrsu, ncpclcfg, a... Read more
Affected Products : ncp_secure_entry_client- Published: Feb. 05, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Misconfiguration
-
8.5
HIGHCVE-2019-25274
ProShow Producer 9.0.3797 contains an unquoted service path vulnerability in the ScsiAccess service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will... Read more
Affected Products :- Published: Feb. 05, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Misconfiguration
-
8.5
HIGHCVE-2019-25272
TexasSoft CyberPlanet 6.4.131 contains an unquoted service path vulnerability in the CCSrvProxy service that allows local attackers to execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\TenaxSoft\CyberPlanet\SrvProx... Read more
Affected Products :- Published: Feb. 05, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2026-1896
A vulnerability has been found in WeKan up to 8.20. Affected by this vulnerability is the function ComprehensiveBoardMigration of the file server/migrations/comprehensiveBoardMigration.js of the component Migration Operation Handler. The manipulation of t... Read more
Affected Products :- Published: Feb. 05, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Authorization
-
7.5
HIGHCVE-2026-25140
apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.1, an attacker who controls or compromises an APK repository used by apko could cause resource exhaustion on the build host. The ExpandA... Read more
Affected Products :- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Denial of Service
-
7.8
HIGHCVE-2026-25583
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a heap buffer overflow vulnerability in CIccFileIO::Read8() when processing mal... Read more
Affected Products : iccdev- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Memory Corruption
-
6.4
MEDIUMCVE-2026-0867
The Essential Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ew-author, ew-archive, ew-category, ew-page, and ew-menu shortcodes in all versions up to, and including, 3.0 due to insufficient input sanitization a... Read more
Affected Products : essential_widgets- Published: Feb. 05, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Cross-Site Scripting
-
0.0
NACVE-2026-23100
In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix hugetlb_pmd_shared() Patch series "mm/hugetlb: fixes for PMD table sharing (incl. using mmu_gather)", v3. One functional fix, one performance regression fix, and two r... Read more
Affected Products : linux_kernel- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Memory Corruption
-
6.4
MEDIUMCVE-2026-1319
The Robin Image Optimizer – Unlimited Image Optimization & WebP Converter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Alternative Text' field of a Media Library image in all versions up to, and including, 2.0.2 due to insuff... Read more
Affected Products :- Published: Feb. 05, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2026-1268
The Dynamic Widget Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget content field in the Gutenberg editor sidebar in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escapin... Read more
Affected Products :- Published: Feb. 05, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Cross-Site Scripting
-
7.2
HIGHCVE-2026-23572
Improper access control in the TeamViewer Full and Host clients (Windows, macOS, Linux) prior version 15.74.5 allows an authenticated user to bypass additional access controls with “Allow after confirmation” configuration in a remote session. An exploit c... Read more
Affected Products : remote- Published: Feb. 05, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Authorization
-
9.3
CRITICALCVE-2025-62615
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.34, in RSSFeedBlock, the third-party library urllib.request.urlopen is use... Read more
Affected Products : autogpt_platform- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Server-Side Request Forgery
-
8.1
HIGHCVE-2026-22038
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.46, the AutoGPT platform's Stagehand integration blocks log API keys and a... Read more
Affected Products : autogpt_platform- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Information Disclosure
-
8.5
HIGHCVE-2019-25269
Amiti Antivirus 25.0.640 contains an unquoted service path vulnerability in its Windows service configurations. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges by placing executable files i... Read more
Affected Products :- Published: Feb. 05, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2026-1894
A vulnerability was detected in WeKan up to 8.20. This impacts an unknown function of the file models/checklistItems.js of the component REST API. Performing a manipulation of the argument item.cardId/item.checklistId/card.boardId results in improper auth... Read more
Affected Products :- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Authorization
-
8.5
HIGHCVE-2019-25273
Easy-Hide-IP 5.0.0.3 contains an unquoted service path vulnerability in the EasyRedirect service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.... Read more
Affected Products :- Published: Feb. 05, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Misconfiguration
-
9.2
CRITICALCVE-2026-25579
Navidrome is an open source web-based music collection server and streamer. Prior to version 0.60.0, authenticated users can crash the Navidrome server by supplying an excessively large size parameter to /rest/getCoverArt or to a shared-image URL (/share/... Read more
Affected Products : navidrome- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Denial of Service