Total
336347 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-1960 | 2026-02-09 | N/A | N/A | ||
|
Stored Cross-Site Scripting (XSS) vulnerability in Loggro Pymes, via the 'Facebook' parameter in '/loggrodemo/jbrain/ConsultaTerceros' endpoint.
|
|||||
| CVE-2026-0632 | 2026-02-09 | N/A | 5.4 MEDIUM | ||
|
The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.1.12 via the 'saveDataSource' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
|
|||||
| CVE-2025-66597 | 2026-02-09 | N/A | N/A | ||
|
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.
This product supports
weak cryptographic algorithms, potentially allowing an attacker to decrypt
communications with the web server.
The
affected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 to
R10.04
|
|||||
| CVE-2025-15027 | 2026-02-09 | N/A | 9.8 CRITICAL | ||
|
The JAY Login & Register plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.6.03. This is due to the plugin allowing a user to update arbitrary user meta through the 'jay_login_register_ajax_create_final_user' function. This makes it possible for unauthenticated attackers to elevate their privileges to that of an administrator.
|
|||||
| CVE-2026-2235 | 2026-02-09 | N/A | 6.5 MEDIUM | ||
|
C&Cm@il developed by HGiga has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.
|
|||||
| CVE-2026-1973 | 1 Free5gc | 1 Free5gc | 2026-02-09 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A vulnerability was determined in Free5GC up to 4.1.0. The impacted element is the function establishPfcpSession of the component SMF. Executing a manipulation can lead to null pointer dereference. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. It is best practice to apply a patch to resolve this issue.
|
|||||
| CVE-2026-1974 | 1 Free5gc | 1 Free5gc | 2026-02-09 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A vulnerability was identified in Free5GC up to 4.1.0. This affects the function ResolveNodeIdToIp of the file internal/sbi/processor/datapath.go of the component SMF. The manipulation leads to denial of service. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. It is recommended to apply a patch to fix this issue.
|
|||||
| CVE-2026-1550 | 1 Phpgurukul | 1 Hospital Management System | 2026-02-09 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A security flaw has been discovered in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /hms/hospital/docappsystem/adminviews.py of the component Admin Dashboard Page. Performing a manipulation results in improper authorization. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.
|
|||||
| CVE-2026-24897 | 1 Erugo | 1 Erugo | 2026-02-09 | N/A | 10.0 CRITICAL |
|
Erugo is a self-hosted file-sharing platform. In versions up to and including 0.2.14, an authenticated low-privileged user can upload arbitrary files to any specified location due to insufficient validation of user‑supplied paths when creating shares.
By specifying a writable path within the public web root, an attacker can upload and execute arbitrary code on the server, resulting in remote code execution (RCE). This vulnerability allows a low-privileged user to fully compromise the affected Er ...
Show More |
|||||
| CVE-2026-1552 | 1 Sem-cms | 1 Semcms | 2026-02-09 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A security vulnerability has been detected in SEMCMS 5.0. This vulnerability affects unknown code of the file /SEMCMS_Info.php. The manipulation of the argument searchml leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2026-1188 | 1 Eclipse | 1 Omr | 2026-02-09 | N/A | 9.8 CRITICAL |
|
In the Eclipse OMR port library component since release 0.2.0, an API function to return the textual names of all supported processor features was not accounting for the separator inserted between processor features. If the output buffer supplied to this function was incorrectly sized, failing to account for the separator when determining when a write to the buffer was safe could lead to a buffer overflow. This issue is fixed in Eclipse OMR version 0.8.0.
|
|||||
| CVE-2026-24962 | 2026-02-09 | N/A | 4.3 MEDIUM | ||
|
Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Sigmize sigmize allows Cross Site Request Forgery.This issue affects Sigmize: from n/a through <= 0.0.9.
|
|||||
| CVE-2025-36407 | 1 Ibm | 1 Db2 | 2026-02-09 | N/A | 6.5 MEDIUM |
|
IBM® Db2® is vulnerable to a denial of service with a specially crafted query that uses ALTER TABLE operations.
|
|||||
| CVE-2026-1975 | 1 Free5gc | 1 Free5gc | 2026-02-09 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A security flaw has been discovered in Free5GC up to 4.1.0. This impacts the function identityTriggerType of the file pfcp_reports.go. The manipulation results in null pointer dereference. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. Applying a patch is advised to resolve this issue.
|
|||||
| CVE-2020-36926 | 1 Smartertools | 1 Smartertrack | 2026-02-09 | N/A | 7.5 HIGH |
|
SmarterTrack 7922 contains an information disclosure vulnerability in the Chat Management search form that reveals agent identification details. Attackers can access the vulnerable /Management/Chat/frmChatSearch.aspx endpoint to retrieve agents' first and last names along with their unique identifiers.
|
|||||
| CVE-2020-36927 | 1 Flexense | 1 Diskpulse | 2026-02-09 | N/A | 7.8 HIGH |
|
DiskPulse Enterprise 13.6.14 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Pulse Enterprise\bin\diskpls.exe' to inject malicious executables and escalate privileges.
|
|||||
| CVE-2026-1976 | 1 Free5gc | 1 Free5gc | 2026-02-09 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A weakness has been identified in Free5GC up to 4.1.0. Affected is the function SessionDeletionResponse of the component SMF. This manipulation causes null pointer dereference. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. It is suggested to install a patch to address this issue.
|
|||||
| CVE-2020-36928 | 1 Brother | 1 Bragent | 2026-02-09 | N/A | 7.8 HIGH |
|
Brother BRAgent 1.38 contains an unquoted service path vulnerability in the WBA_Agent_Client service running with LocalSystem privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Brother\BRAgent\ to inject and execute malicious code with elevated system permissions.
|
|||||
| CVE-2020-36929 | 1 Brother | 1 Brprint Auditor | 2026-02-09 | N/A | 7.8 HIGH |
|
Brother BRPrint Auditor 3.0.7 contains an unquoted service path vulnerability in its Windows service configurations that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted file paths in BrAuSvc and BRPA_Agent services to inject malicious executables and escalate privileges on the system.
|
|||||
| CVE-2020-36930 | 1 Flexense | 1 Sysgauge | 2026-02-09 | N/A | 7.8 HIGH |
|
SysGauge Server 7.9.18 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\SysGauge Server\bin\sysgaus.exe' to inject malicious executables and escalate privileges.
|
|||||
| CVE-2021-47783 | 1 Phpwcms | 1 Phpwcms | 2026-02-09 | N/A | 5.4 MEDIUM |
|
Phpwcms 1.9.30 contains a file upload vulnerability that allows authenticated attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG payloads through the multiple file upload feature to potentially execute cross-site scripting attacks on the platform.
|
|||||
| CVE-2026-25722 | 1 Anthropic | 1 Claude Code | 2026-02-09 | N/A | 9.1 CRITICAL |
|
Claude Code is an agentic coding tool. Prior to version 2.0.57, Claude Code failed to properly validate directory changes when combined with write operations to protected folders. By using the cd command to navigate into sensitive directories like .claude, it was possible to bypass write protection and create or modify files without user confirmation. Reliably exploiting this required the ability to add untrusted content into a Claude Code context window. This issue has been patched in version 2 ...
Show More |
|||||
| CVE-2026-25723 | 1 Anthropic | 1 Claude Code | 2026-02-09 | N/A | 6.5 MEDIUM |
|
Claude Code is an agentic coding tool. Prior to version 2.0.55, Claude Code failed to properly validate commands using piped sed operations with the echo command, allowing attackers to bypass file write restrictions. This vulnerability enabled writing to sensitive directories like the .claude folder and paths outside the project scope. Exploiting this required the ability to execute commands through Claude Code with the "accept edits" feature enabled. This issue has been patched in version 2.0.5 ...
Show More |
|||||
| CVE-2026-25724 | 1 Anthropic | 1 Claude Code | 2026-02-09 | N/A | 7.5 HIGH |
|
Claude Code is an agentic coding tool. Prior to version 2.1.7, Claude Code failed to strictly enforce deny rules configured in settings.json when accessing files through symbolic links. If a user explicitly denied Claude Code access to a file (such as /etc/passwd) and Claude Code had access to a symbolic link pointing to that file, it was possible for Claude Code to read the restricted file through the symlink without triggering deny rule enforcement. This issue has been patched in version 2.1.7 ...
Show More |
|||||
| CVE-2026-25725 | 1 Anthropic | 1 Claude Code | 2026-02-09 | N/A | 10.0 CRITICAL |
|
Claude Code is an agentic coding tool. Prior to version 2.1.2, Claude Code's bubblewrap sandboxing mechanism failed to properly protect the .claude/settings.json configuration file when it did not exist at startup. While the parent directory was mounted as writable and .claude/settings.local.json was explicitly protected with read-only constraints, settings.json was not protected if it was missing. This allowed malicious code running inside the sandbox to create this file and inject persistent h ...
Show More |
|||||
| CVE-2021-47785 | 1 Ethersoftware | 1 Ether Mp3 Cd Burner | 2026-02-09 | N/A | 9.8 CRITICAL |
|
Ether MP3 CD Burner 1.3.8 contains a buffer overflow vulnerability in the registration name field that allows remote code execution. Attackers can craft a malicious payload to overwrite SEH handlers and execute a bind shell on port 3110 by exploiting improper input validation.
|
|||||
| CVE-2021-47786 | 1 Redragon | 28 Bm-4091, Bm-4091 Firmware, M602-ks and 25 more | 2026-02-09 | N/A | 7.5 HIGH |
|
Redragon Gaming Mouse driver contains a kernel-level vulnerability that allows attackers to trigger a denial of service by sending malformed IOCTL requests. Attackers can send a crafted 2000-byte buffer with specific byte patterns to the REDRAGON_MOUSE device to crash the kernel driver.
|
|||||
| CVE-2021-47787 | 1 Totalav | 1 Totalav | 2026-02-09 | N/A | 7.8 HIGH |
|
TotalAV 5.15.69 contains an unquoted service path vulnerability in multiple system services running with LocalSystem privileges. Attackers can place malicious executables in specific unquoted path segments to potentially gain SYSTEM-level access by exploiting the service path configuration.
|
|||||
| CVE-2025-48393 | 2026-02-09 | N/A | 5.7 MEDIUM | ||
|
The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacker to perform a Man-in-the-middle attack. This security issue has been fixed in the latest firmware version of Eaton G4 PDU which is available on the Eaton download center.
|
|||||
| CVE-2025-27234 | 2026-02-08 | N/A | N/A | ||
|
Zabbix Agent 2 smartctl plugin does not properly sanitize smart.disk.get parameters, allowing an attacker to inject unexpected arguments into the smartctl command. In Zabbix 5.0 this allows for remote code execution.
|
|||||
| CVE-2026-25845 | 2026-02-07 | N/A | N/A | ||
|
Rejected reason: Not used
|
|||||
| CVE-2026-25844 | 2026-02-07 | N/A | N/A | ||
|
Rejected reason: Not used
|
|||||
| CVE-2026-25843 | 2026-02-07 | N/A | N/A | ||
|
Rejected reason: Not used
|
|||||
| CVE-2026-25842 | 2026-02-07 | N/A | N/A | ||
|
Rejected reason: Not used
|
|||||
| CVE-2026-25841 | 2026-02-07 | N/A | N/A | ||
|
Rejected reason: Not used
|
|||||
| CVE-2026-25840 | 2026-02-07 | N/A | N/A | ||
|
Rejected reason: Not used
|
|||||
| CVE-2026-25839 | 2026-02-07 | N/A | N/A | ||
|
Rejected reason: Not used
|
|||||
| CVE-2026-25838 | 2026-02-07 | N/A | N/A | ||
|
Rejected reason: Not used
|
|||||
| CVE-2026-25837 | 2026-02-07 | N/A | N/A | ||
|
Rejected reason: Not used
|
|||||
| CVE-2025-6021 | 2 Redhat, Xmlsoft | 20 Enterprise Linux, Enterprise Linux Eus, Enterprise Linux For Arm 64 and 17 more | 2026-02-06 | N/A | 7.5 HIGH |
|
A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.
|
|||||