| CVE-2020-37151 |
phpMyChat Plus 1.98 'deluser.php' SQL Injection |
05.02.2026 |
|
| CVE-2025-13491 |
IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to loss of confidentiality [] |
05.02.2026 |
5.1 |
| CVE-2025-14150 |
IBM webMethods Integration Sever is affected by |
05.02.2026 |
6.5 |
| CVE-2025-13379 |
A SQL Injection vulnerability has been addressed in IBM Aspera Console |
05.02.2026 |
8.6 |
| CVE-2026-1523 |
Path Traversal in Digitek from Grupo Azkoyen |
05.02.2026 |
|
| CVE-2026-1927 |
GreenShift - Animation and Page Builder Blocks <= 12.5.7 - Authenticated (Subscriber+) Information Disclosure of AI API Keys |
05.02.2026 |
4.3 |
| CVE-2026-1517 |
iomad Company Admin Block sql injection |
05.02.2026 |
|
| CVE-2026-1966 |
YugabyteDB Anywhere Exposes LDAP Credentials in Cleartext in Web UI |
05.02.2026 |
|
| CVE-2026-23572 |
Improper Access Control in TeamViewer clients |
05.02.2026 |
7.2 |
| CVE-2026-23796 |
Session Fixation in Quick.Cart |
05.02.2026 |
|
| CVE-2026-23797 |
Plaintext password display in Quick.Cart |
05.02.2026 |
|
| CVE-2025-14079 |
ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.5 - Missing Authorization to Authenticated (Subscriber+) Settings Update |
05.02.2026 |
5.3 |
| CVE-2026-1271 |
ProfileGrid <= 5.9.7.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Profile and Cover Image Modification |
05.02.2026 |
5.3 |
| CVE-2026-1294 |
All In One Image Viewer Block <= 1.0.2 - Unauthenticated Server-Side Request Forgery via image-proxy Endpoint |
05.02.2026 |
7.2 |
| CVE-2026-1654 |
Peter's Date Countdown <= 2.0.0 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] |
05.02.2026 |
6.1 |
| CVE-2025-13416 |
ProfileGrid – User Profiles, Groups and Communities <= 5.9.7.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Suspension |
05.02.2026 |
4.3 |
| CVE-2026-1319 |
Robin Image Optimizer <= 2.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via Image Alternative Text Field |
05.02.2026 |
6.4 |
| CVE-2026-25198 |
|
05.02.2026 |
|
| CVE-2025-10258 |
A time-based SQL Injection vulnerability in Infinera DNA |
05.02.2026 |
|
| CVE-2026-0867 |
Essential Widgets <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes |
05.02.2026 |
6.4 |
| CVE-2026-1246 |
ShortPixel Image Optimizer <= 6.4.2 - Authenticated (Editor+) Arbitrary File Read via 'loadFile' Parameter |
05.02.2026 |
4.9 |
| CVE-2026-1268 |
Dynamic Widget Content <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Content Field |
05.02.2026 |
6.4 |
| CVE-2026-1953 |
Stored Cross Site Scripting(XSS) in Nukegraphic CMS V3.1.2 |
05.02.2026 |
|
| CVE-2025-15080 |
Information Disclosure, Information Tampering, and Denial of Service (DoS) Vulnerability in Mitsubishi Electric proprietary protocol communication and SLMP communication for FA products |
05.02.2026 |
|
| CVE-2025-61732 |
Potential code smuggling via doc comments in cmd/cgo |
05.02.2026 |
|
| CVE-2025-10314 |
Malicious Code Execution Vulnerability in Mitsubishi Small-Capacity UPS Shutdown Software FREQSHIP-mini for Windows |
05.02.2026 |
8.8 |
| CVE-2025-11730 |
|
05.02.2026 |
7.2 |
| CVE-2026-1897 |
WeKan Position-History Tracking positionHistory.js PositionHistoryBleed authorization |
05.02.2026 |
|
| CVE-2026-1898 |
WeKan LDAP User Sync syncUser.js SyncLDAPBleed access control |
05.02.2026 |
|
| CVE-2026-1896 |
WeKan Migration Operation comprehensiveBoardMigration.js ComprehensiveBoardMigration MigrationBleed access control |
04.02.2026 |
|
| CVE-2019-25267 |
Wing FTP Server 6.0.7 - Unquoted Service Path |
04.02.2026 |
|
| CVE-2019-25269 |
Amiti Antivirus 25.0.640 - Unquoted Service Path Vulnerability |
04.02.2026 |
|
| CVE-2019-25271 |
NETGATE Data Backup 3.0.620 - 'NGDatBckpSrv' Unquoted Service Path |
04.02.2026 |
|
| CVE-2019-25272 |
TexasSoft CyberPlanet 6.4.131 - 'CCSrvProxy' Unquoted Service Path |
04.02.2026 |
|
| CVE-2019-25273 |
Easy-Hide-IP 5.0.0.3 - 'EasyRedirect' Unquoted Service Path |
04.02.2026 |
|
| CVE-2019-25274 |
ProShow Producer 9.0.3797 - Unquoted Service Path |
05.02.2026 |
|
| CVE-2019-25275 |
BartVPN 1.2.2 - 'BartVPNService' Unquoted Service Path |
05.02.2026 |
|
| CVE-2019-25276 |
Studio 5000 Logix Designer 30.01.00 - 'FactoryTalk Activation Service' Unquoted Service Path |
04.02.2026 |
|
| CVE-2019-25281 |
NCP_Secure_Entry_Client 9.2 - Unquoted Service Paths |
04.02.2026 |
|
| CVE-2019-25283 |
Shrew Soft VPN Client 2.2.2 - 'iked' Unquoted Service Path |
04.02.2026 |
|
| CVE-2019-25285 |
Alps Pointing-device Controller 8.1202.1711.04 - 'ApHidMonitorService' Unquoted Service Path |
04.02.2026 |
|
| CVE-2019-25286 |
_GCafé 3.0 - 'gbClienService' Unquoted Service Path |
04.02.2026 |
|
| CVE-2019-25287 |
Adaware Web Companion version 4.8.2078.3950 - 'WCAssistantService' Unquoted Service Path |
04.02.2026 |
|
| CVE-2019-25288 |
Wacom WTabletService 6.6.7-3 - 'WTabletServicePro' Unquoted Service Path |
04.02.2026 |
|
| CVE-2025-13192 |
Popup builder with Gamification <= 2.2.0 - Unauthenticated SQL Injection via Multiple REST API Endpoints |
04.02.2026 |
8.2 |
| CVE-2025-22873 |
Improper access to parent directory of root in os |
05.02.2026 |
|
| CVE-2026-1895 |
WeKan Attachment Storage lists.js applyWipLimit ListWIPBleed access control |
05.02.2026 |
|
| CVE-2025-62615 |
AutoGPT has SSRF vulnerability in ReadRSSFeedBlock |
05.02.2026 |
|
| CVE-2025-62616 |
AutoGPT has SSRF vulnerability in SendDiscordFileBlock |
05.02.2026 |
|
| CVE-2026-1894 |
WeKan REST API checklistItems.js Checklist REST Bleed improper authorization |
05.02.2026 |
|
| CVE-2026-22038 |
AutoGPT's API Keys and Secrets Logged in Plaintext in Stagehand Integration Blocks |
05.02.2026 |
8.1 |
| CVE-2026-25585 |
iccDEV vulnerable to OOB in CIccXform3DLut::Apply() |
05.02.2026 |
7.8 |
| CVE-2026-1892 |
WeKan REST API boards.js setBoardOrgs improper authorization |
05.02.2026 |
|
| CVE-2026-25541 |
Bytes is vulnerable to integer overflow in BytesMut::reserve |
05.02.2026 |
|
| CVE-2026-25582 |
iccDEV vulnerable to Heap Buffer Overflow in CIccIO::WriteUInt16Float() |
05.02.2026 |
7.8 |
| CVE-2026-25583 |
iccDEV vulnerable to Heap Buffer Overflow in CIccFileIO::Read8() |
05.02.2026 |
7.8 |
| CVE-2026-25584 |
iccDEV vulnerable to Stack-based Buffer Overflow in CIccTagFloatNum::GetValues() |
05.02.2026 |
7.8 |
| CVE-2026-25575 |
NavigaTUM has a Path Traversal Vulnerability in the propose_edits functionality |
04.02.2026 |
|
| CVE-2026-25578 |
Navidrome is vulnerable to XSS via comment from song metadata |
05.02.2026 |
6.1 |
| CVE-2026-25579 |
Navidrome affected by Denial of Service and disk exhaustion via oversized `size` parameter in `/rest/getCoverArt` and `/share/img/<token>` endpoints |
05.02.2026 |
|
| CVE-2026-25539 |
SiYuan has Arbitrary File Write via /api/file/copyFile leading to RCE |
04.02.2026 |
9.1 |
| CVE-2026-25540 |
Mastodon's signature-dependent ActivityPub collection responses cached under signature-independent keys (Web Cache Poisoning via `Rails.cache`) |
04.02.2026 |
6.5 |
| CVE-2026-25543 |
HtmlSanitizer has a bypass via template tag |
04.02.2026 |
|
| CVE-2026-25546 |
Godot MCP is vulnerable to Command Injection via unsanitized projectPath |
04.02.2026 |
7.8 |
| CVE-2026-25547 |
Uncontrolled Resource Consumption in @isaacs/brace-expansion |
05.02.2026 |
|
| CVE-2026-1884 |
ZenTao Webhook model.php fetchHook server-side request forgery |
04.02.2026 |
|
| CVE-2026-25526 |
JinJava Bypass through ForTag leads to Arbitrary Java Execution |
04.02.2026 |
9.8 |
| CVE-2026-25536 |
@modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse |
04.02.2026 |
7.1 |
| CVE-2026-25537 |
jsonwebtoken has Type Confusion that leads to potential authorization bypass |
04.02.2026 |
|
| CVE-2026-25538 |
Devtron Attributes API Unauthorized Access Leading to API Token Signing Key Leakage |
04.02.2026 |
|
| CVE-2024-40685 |
IBM Operations Analytics - Log Analysis is affected by CSRF Token Replay Attack |
05.02.2026 |
4.3 |
| CVE-2024-43181 |
Multiple Vulnerabilities in IBM Concert Software |
05.02.2026 |
6.3 |
| CVE-2024-51451 |
Multiple Vulnerabilities in IBM Concert Software |
05.02.2026 |
6.5 |
| CVE-2026-25518 |
cert-manager-controller DoS via Specially Crafted DNS Response |
05.02.2026 |
5.9 |
| CVE-2026-25521 |
Locutus is vulnerable to Prototype Pollution |
05.02.2026 |
|
| CVE-2026-25523 |
Magento's X-Original-Url header can expose admin url |
04.02.2026 |
5.3 |
| CVE-2025-1823 |
IBM Jazz Reporting Service Denial of Service |
05.02.2026 |
3.5 |
| CVE-2025-27550 |
IBM Jazz Reporting Service Information Disclosure |
04.02.2026 |
3.5 |
| CVE-2025-2134 |
IBM Jazz Reporting Service Denial of Service |
04.02.2026 |
3.5 |