Total
336347 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-15327 | 1 Tanium | 1 Deploy | 2026-02-10 | N/A | 4.3 MEDIUM |
|
Tanium addressed an improper access controls vulnerability in Deploy.
|
|||||
| CVE-2025-15331 | 1 Tanium | 1 Connect | 2026-02-10 | N/A | 4.3 MEDIUM |
|
Tanium addressed an uncontrolled resource consumption vulnerability in Connect.
|
|||||
| CVE-2026-24674 | 1 Gunet | 1 Open Eclass Platform | 2026-02-10 | N/A | 4.7 MEDIUM |
|
The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a Reflected Cross-Site Scripting (XSS) vulnerability allows remote attackers to execute arbitrary JavaScript in the context of authenticated users by crafting malicious URLs and tricking victims into visiting them. This issue has been patched in version 4.2.
|
|||||
| CVE-2025-15323 | 1 Tanium | 1 Tanos | 2026-02-10 | N/A | 3.7 LOW |
|
Tanium addressed an improper certificate validation vulnerability in Tanium Appliance.
|
|||||
| CVE-2026-0949 | 1 Enterprisedb | 1 Postgres Enterprise Manager | 2026-02-10 | N/A | 6.5 MEDIUM |
|
PEM versions prior to 9.8.1 are affected by a stored Cross-site Scripting (XSS) vulnerability that allows users with access to the Manage Charts menu to inject arbitrary JavaScript when creating a new chart, which is then executed by any user accessing the chart. By default only the superuser and users with pem_admin or pem_super_admin privileges are able to access the Manage Charts menu.
|
|||||
| CVE-2026-24773 | 1 Gunet | 1 Open Eclass Platform | 2026-02-10 | N/A | 7.5 HIGH |
|
The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, an Insecure Direct Object Reference (IDOR) vulnerability allows unauthenticated remote attackers to access personal files of other users by directly requesting predictable user identifiers. This issue has been patched in version 4.2.
|
|||||
| CVE-2026-24774 | 1 Gunet | 1 Open Eclass Platform | 2026-02-10 | N/A | 4.3 MEDIUM |
|
The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a business logic vulnerability allows authenticated students to improperly mark themselves as present in attendance activities, including activities that have already expired, by directly accessing a crafted URL. This issue has been patched in version 4.2.
|
|||||
| CVE-2025-15326 | 1 Tanium | 1 Patch | 2026-02-10 | N/A | 4.3 MEDIUM |
|
Tanium addressed an improper access controls vulnerability in Patch.
|
|||||
| CVE-2026-0863 | 1 N8n | 1 N8n | 2026-02-10 | N/A | 8.5 HIGH |
|
Using string formatting and exception handling, an attacker may bypass n8n's python-task-executor sandbox restrictions and run arbitrary unrestricted Python code in the underlying operating system.
The vulnerability can be exploited via the Code block by an authenticated user with basic permissions and can lead to a full n8n instance takeover on instances operating under "Internal" execution mode.
If the instance is operating under the "External" execution mode (ex. n8n's official Docker imag ...
Show More |
|||||
| CVE-2025-15329 | 1 Tanium | 1 Threat Response | 2026-02-10 | N/A | 4.9 MEDIUM |
|
Tanium addressed an information disclosure vulnerability in Threat Response.
|
|||||
| CVE-2025-15335 | 1 Tanium | 1 Threat Response | 2026-02-10 | N/A | 4.3 MEDIUM |
|
Tanium addressed an information disclosure vulnerability in Threat Response.
|
|||||
| CVE-2025-15334 | 1 Tanium | 1 Threat Response | 2026-02-10 | N/A | 4.3 MEDIUM |
|
Tanium addressed an information disclosure vulnerability in Threat Response.
|
|||||
| CVE-2025-15333 | 1 Tanium | 1 Threat Response | 2026-02-10 | N/A | 4.3 MEDIUM |
|
Tanium addressed an information disclosure vulnerability in Threat Response.
|
|||||
| CVE-2025-15332 | 1 Tanium | 1 Threat Response | 2026-02-10 | N/A | 4.9 MEDIUM |
|
Tanium addressed an information disclosure vulnerability in Threat Response.
|
|||||
| CVE-2025-15312 | 1 Tanium | 1 Tanos | 2026-02-10 | N/A | 6.6 MEDIUM |
|
Tanium addressed an improper output sanitization vulnerability in Tanium Appliance.
|
|||||
| CVE-2025-15311 | 1 Tanium | 1 Tanos | 2026-02-10 | N/A | 7.8 HIGH |
|
Tanium addressed an unauthorized code execution vulnerability in Tanium Appliance.
|
|||||
| CVE-2019-14193 | 1 Denx | 1 U-boot | 2026-02-10 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with an unvalidated length at nfs_readlink_reply, in the "if" block after calculating the new path length.
|
|||||
| CVE-2025-15340 | 1 Tanium | 1 Comply | 2026-02-10 | N/A | 6.5 MEDIUM |
|
Tanium addressed an incorrect default permissions vulnerability in Comply.
|
|||||
| CVE-2025-15338 | 1 Tanium | 1 Partner Integration | 2026-02-10 | N/A | 6.5 MEDIUM |
|
Tanium addressed an incorrect default permissions vulnerability in Partner Integration.
|
|||||
| CVE-2025-15337 | 1 Tanium | 1 Patch | 2026-02-10 | N/A | 6.5 MEDIUM |
|
Tanium addressed an incorrect default permissions vulnerability in Patch.
|
|||||
| CVE-2025-15336 | 1 Tanium | 1 Performance | 2026-02-10 | N/A | 6.5 MEDIUM |
|
Tanium addressed an incorrect default permissions vulnerability in Performance.
|
|||||
| CVE-2025-15321 | 1 Tanium | 1 Tanos | 2026-02-10 | N/A | 2.7 LOW |
|
Tanium addressed an improper input validation vulnerability in Tanium Appliance.
|
|||||
| CVE-2025-20363 | 1 Cisco | 6 Adaptive Security Appliance Software, Asr 9001, Firepower Threat Defense and 3 more | 2026-02-10 | N/A | 9.0 CRITICAL |
|
A vulnerability in the web services of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat Defense (FTD) Software, Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, remote attacker (Cisco ASA and FTD Software) or authenticated, remote attacker (Cisco IOS, IOS XE, and IOS XR Software) with low user privileges to execute arbitrary code on an affected device.
This vulnerability is due to improper valid ...
Show More |
|||||
| CVE-2026-1124 | 1 Yonyou | 1 Ksoa | 2026-02-10 | 7.5 HIGH | 7.3 HIGH |
|
A security flaw has been discovered in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /worksheet/work_report.jsp of the component HTTP GET Parameter Handler. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-15538 | 1 Assimp | 1 Assimp | 2026-02-10 | 4.3 MEDIUM | 5.3 MEDIUM |
|
A security vulnerability has been detected in Open Asset Import Library Assimp up to 6.0.2. Affected by this vulnerability is the function Assimp::LWOImporter::FindUVChannels of the file /src/assimp/code/AssetLib/LWO/LWOMaterial.cpp. Such manipulation leads to use after free. The attack needs to be performed locally. The exploit has been disclosed publicly and may be used. This and similar defects are tracked and handled via issue #6128.
|
|||||
| CVE-2020-37088 | 1 Arox | 1 School Erp Pro | 2026-02-10 | N/A | 7.5 HIGH |
|
School ERP Pro 1.0 contains a file disclosure vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the 'document' parameter in download.php. Attackers can access sensitive configuration files by supplying directory traversal paths to retrieve system credentials and configuration information.
|
|||||
| CVE-2020-37089 | 1 Arox | 1 School Erp Pro | 2026-02-10 | N/A | 8.2 HIGH |
|
School ERP Pro 1.0 contains a SQL injection vulnerability in the 'es_messagesid' parameter that allows attackers to manipulate database queries through GET requests. Attackers can exploit the vulnerable parameter by injecting crafted SQL statements to potentially extract, modify, or delete database information.
|
|||||
| CVE-2026-1129 | 1 Yonyou | 1 Ksoa | 2026-02-10 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability was detected in Yonyou KSOA 9.0. This vulnerability affects unknown code of the file /worksheet/worksadd.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2026-1130 | 1 Yonyou | 1 Ksoa | 2026-02-10 | 7.5 HIGH | 7.3 HIGH |
|
A flaw has been found in Yonyou KSOA 9.0. This issue affects some unknown processing of the file /worksheet/worksadd_plan.jsp of the component HTTP GET Parameter Handler. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2020-37090 | 1 Arox | 1 School Erp Pro | 2026-02-10 | N/A | 9.8 CRITICAL |
|
School ERP Pro 1.0 contains a file upload vulnerability that allows students to upload arbitrary PHP files to the messaging system. Attackers can upload malicious PHP scripts through the message attachment feature, enabling remote code execution on the server.
|
|||||
| CVE-2026-1131 | 1 Yonyou | 1 Ksoa | 2026-02-10 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability has been found in Yonyou KSOA 9.0. Impacted is an unknown function of the file /kmc/save_catalog.jsp of the component HTTP GET Parameter Handler. Such manipulation of the argument catalogid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2026-1007 | 1 Devolutions | 1 Devolutions Server | 2026-02-10 | N/A | 7.6 HIGH |
|
Incorrect Authorization vulnerability in virtual gateway component in Devolutions Server allows attackers to bypass deny IP rules.This issue affects Server: from 2025.3.1 through 2025.3.12.
|
|||||
| CVE-2020-37084 | 1 Arox | 1 School Erp Pro | 2026-02-10 | N/A | 7.2 HIGH |
|
School ERP Pro 1.0 contains a remote code execution vulnerability that allows authenticated admin users to upload arbitrary PHP files as profile photos by bypassing file extension checks. Attackers can exploit improper file validation in pre-editstudent.inc.php to execute arbitrary code on the server.
|
|||||
| CVE-2025-58740 | 2 Microsoft, Milner | 2 Windows, Imagedirector Capture | 2026-02-10 | N/A | 5.5 MEDIUM |
|
The use of a hard-coded encryption key in calls to the Password function in C2SGlobalSettings.dll in Milner ImageDirector Capture on Windows allows a local attacker to decrypt database credentials by reading the cryptographic key from the executable.
This issue affects ImageDirector Capture: from 7.0.9 before 7.6.3.25808.
|
|||||
| CVE-2025-58741 | 1 Milner | 1 Imagedirector Capture | 2026-02-10 | N/A | 7.5 HIGH |
|
Insufficiently Protected Credentials vulnerability in the Credential Field of Milner ImageDirector Capture allows retrieval of credential material and enables database access.This issue affects ImageDirector Capture: from 7.0.9 through 7.6.3.25808.
|
|||||
| CVE-2025-58742 | 2 Microsoft, Milner | 2 Windows, Imagedirector Capture | 2026-02-10 | N/A | 5.9 MEDIUM |
|
Insufficiently Protected Credentials, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Connection Settings dialog in Milner ImageDirector Capture on Windows allows Adversary in the Middle (AiTM) by modifying the 'Server' field to redirect client authentication.This issue affects ImageDirector Capture: from 7.0.9 before 7.6.3.25808.
|
|||||
| CVE-2025-58744 | 2 Microsoft, Milner | 2 Windows, Imagedirector Capture | 2026-02-10 | N/A | 7.5 HIGH |
|
Use of Default Credentials, Hard-coded Credentials vulnerability in C2SGlobalSettings.dll in
Milner ImageDirector Capture on Windows allows decryption of document archive files using credentials decrypted with hard-coded application encryption key.
This issue affects ImageDirector Capture: from 7.0.9.0 before 7.6.3.25808.
|
|||||
| CVE-2025-58743 | 2 Microsoft, Milner | 2 Windows, Imagedirector Capture | 2026-02-10 | N/A | 7.5 HIGH |
|
Use of a Broken or Risky Cryptographic Algorithm (DES) vulnerability
in the Password class in C2SConnections.dll in Milner ImageDirector Capture on Windows allows Encryption Brute Forcing to obtain database credentials.This issue affects ImageDirector Capture: from 7.0.9.0 before 7.6.3.25808.
|
|||||
| CVE-2026-0834 | 1 Tp-link | 4 Archer Ax53, Archer Ax53 Firmware, Archer C20 and 1 more | 2026-02-10 | N/A | 8.8 HIGH |
|
Logic vulnerability in TP-Link Archer C20 v6.0 and Archer AX53 v1.0 (TDDP module) allows unauthenticated adjacent attackers to execute administrative commands including factory reset and device reboot without credentials. Attackers on the adjacent network can remotely trigger factory resets and reboots without credentials, causing configuration loss and interruption of device availability.This issue affects Archer C20 v6.0 < V6_251031.
Archer AX53 v1.0 <
V1_251215
|
|||||
| CVE-2026-25503 | 1 Color | 1 Iccdev | 2026-02-10 | N/A | 7.1 HIGH |
|
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, type confusion allowed malformed ICC profiles to trigger undefined behavior when loading invalid icImageEncodingType values causing denial of service. This issue has been patched in version 2.3.1.2.
|
|||||