| CVE-2026-25492 |
N/A |
AWS |
Craft CMS is a content management system. In Craft versions 3.5.0 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the save_images_Asset GraphQL mutation can be abused to fetch internal URLs by providing a domain name that resolves to an internal IP address, bypassing hostname validation. When a non-image file extension such as .txt is allowed, downstream image validation is bypassed, which can allow an authenticated attacker with permission to use save_images_Asset to retrieve sensitive data such as AWS instance metadata credentials from the underlying host. This issue is patched in versions 4.16.18 and 5.8.22. |
2026-02-09T21:55:30.093 |
https://cve.circl.lu/cve/CVE-2026-25492 |
| CVE-2026-25991 |
4.0 |
AWS |
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.5.1, there is a Blind Server-Side Request Forgery (SSRF) vulnerability in the Cookmate recipe import feature of Tandoor Recipes. The application fails to validate the destination URL after following HTTP redirects, allowing any authenticated user (including standard users without administrative privileges) to force the server to connect to arbitrary internal or external resources. The vulnerability lies in cookbook/integration/cookmate.py, within the Cookmate integration class. This vulnerability can be leveraged to scan internal network ports, access cloud instance metadata (e.g., AWS/GCP Metadata Service), or disclose the server's real IP address. This vulnerability is fixed in 2.5.1. |
2026-02-13T21:43:11.137 |
https://cve.circl.lu/cve/CVE-2026-25991 |
| CVE-2025-54236 |
5.2 |
Adobe |
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction. |
2026-02-11T02:00:02.997 |
https://cve.circl.lu/cve/CVE-2025-54236 |
| CVE-2026-22922 |
3.6 |
Airflow |
Apache Airflow versions 3.1.0 through 3.1.6 contain an authorization flaw that can allow an authenticated user with custom permissions limited to task access to view task logs without having task log access. Users are recommended to upgrade to Apache Airflow 3.1.7 or later, which resolves this issue. |
2026-02-11T18:30:44.510 |
https://cve.circl.lu/cve/CVE-2026-22922 |
| CVE-2026-24098 |
3.6 |
Airflow |
Apache Airflow versions before 3.1.7, has vulnerability that allows authenticated UI users with permission to one or more specific Dags to view import errors generated by other Dags they did not have access to. Users are advised to upgrade to 3.1.7 or later, which resolves this issue |
2026-02-11T18:30:27.193 |
https://cve.circl.lu/cve/CVE-2026-24098 |
| CVE-2024-26477 |
3.6 |
Amazon |
An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the api parameter of the oauth, amazon_sns, export endpoints. |
2026-02-12T22:16:02.260 |
https://cve.circl.lu/cve/CVE-2024-26477 |
| CVE-2023-23408 |
3.6 |
Apache |
Azure Apache Ambari Spoofing Vulnerability |
2026-02-11T18:49:19.880 |
https://cve.circl.lu/cve/CVE-2023-23408 |
| CVE-2023-35393 |
3.6 |
Apache |
Azure Apache Hive Spoofing Vulnerability |
2026-02-11T18:49:19.880 |
https://cve.circl.lu/cve/CVE-2023-35393 |
| CVE-2023-36877 |
3.6 |
Apache |
Azure Apache Oozie Spoofing Vulnerability |
2026-02-11T18:49:19.880 |
https://cve.circl.lu/cve/CVE-2023-36877 |
| CVE-2023-36881 |
3.6 |
Apache |
Azure Apache Ambari Spoofing Vulnerability |
2026-02-11T18:49:19.880 |
https://cve.circl.lu/cve/CVE-2023-36881 |
| CVE-2023-38188 |
3.6 |
Apache |
Azure Apache Hadoop Spoofing Vulnerability |
2026-02-11T18:49:19.880 |
https://cve.circl.lu/cve/CVE-2023-38188 |
| CVE-2026-20700 |
5.9 |
Apple |
A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An attacker with memory write capability may be able to execute arbitrary code. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 and CVE-2025-43529 were also issued in response to this report. |
2026-02-13T14:03:58.537 |
https://cve.circl.lu/cve/CVE-2026-20700 |
| CVE-2023-35394 |
2.5 |
Azure |
Azure HDInsight Jupyter Notebook Spoofing Vulnerability |
2026-02-11T18:49:19.880 |
https://cve.circl.lu/cve/CVE-2023-35394 |
| CVE-2026-26333 |
N/A |
ASP.NET |
Calero VeraSMART versions prior to 2022 R1 expose an unauthenticated .NET Remoting HTTP service on TCP port 8001. The service publishes default ObjectURIs (including EndeavorServer.rem and RemoteFileReceiver.rem) and permits the use of SOAP and binary formatters with TypeFilterLevel set to Full. An unauthenticated remote attacker can invoke the exposed remoting endpoints to perform arbitrary file read and write operations via the WebClient class. This allows retrieval of sensitive files such as WebRoot\\web.config, which may disclose IIS machineKey validation and decryption keys. An attacker can use these keys to generate a malicious ASP.NET ViewState payload and achieve remote code execution within the IIS application context. Additionally, supplying a UNC path can trigger outbound SMB authentication from the service account, potentially exposing NTLMv2 hashes for relay or offline cracking. |
2026-02-13T21:43:11.137 |
https://cve.circl.lu/cve/CVE-2026-26333 |
| CVE-2026-26335 |
N/A |
ASP.NET |
Calero VeraSMART versions prior to 2022 R1 use static ASP.NET/IIS machineKey values configured for the VeraSMART web application and stored in C:\\Program Files (x86)\\Veramark\\VeraSMART\\WebRoot\\web.config. An attacker who obtains these keys can craft a valid ASP.NET ViewState payload that passes integrity validation and is accepted by the application, resulting in server-side deserialization and remote code execution in the context of the IIS application. |
2026-02-13T21:43:11.137 |
https://cve.circl.lu/cve/CVE-2026-26335 |
| CVE-2026-26006 |
3.6 |
Artificial Intelligence |
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. The autogpt before 0.6.32 is vulnerable to Regular Expression Denial of Service due to the use of regex at Code Extraction Block. The two Regex are used containing the corresponding dangerous patterns \s+[\s\S]*? and \s+(.*?). They share a common characteristic — the combination of two adjacent quantifiers that can match the same space character (\s). As a result, an attacker can supply a long sequence of space characters to trigger excessive regex backtracking, potentially leading to a Denial of Service (DoS). This vulnerability is fixed in 0.6.32. |
2026-02-11T15:27:26.370 |
https://cve.circl.lu/cve/CVE-2026-26006 |
| CVE-2026-26020 |
N/A |
Artificial Intelligence |
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to 0.6.48, an authenticated user could achieve Remote Code Execution (RCE) on the backend server by embedding a disabled block inside a graph. The BlockInstallationBlock — a development tool capable of writing and importing arbitrary Python code — was marked disabled=True, but graph validation did not enforce this flag. This allowed any authenticated user to bypass the restriction by including the block as a node in a graph, rather than calling the block's execution endpoint directly (which did enforce the flag). This vulnerability is fixed in 0.6.48. |
2026-02-13T14:23:48.007 |
https://cve.circl.lu/cve/CVE-2026-26020 |
| CVE-2026-26157 |
5.9 |
BusyBox |
A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may write to files outside the intended directory. This can lead to arbitrary file overwrite, potentially enabling code execution through the modification of sensitive system files. |
2026-02-12T15:10:37.307 |
https://cve.circl.lu/cve/CVE-2026-26157 |
| CVE-2026-26158 |
5.9 |
BusyBox |
A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar archive is extracted with elevated privileges, this flaw can lead to privilege escalation, enabling an attacker to gain unauthorized access to critical system files. |
2026-02-12T15:10:37.307 |
https://cve.circl.lu/cve/CVE-2026-26158 |
| CVE-2025-61547 |
5.2 |
CSRF |
Cross-Site Request Forgery (CSRF) is present on all functions in edu Business Solutions Print Shop Pro WebDesk version 18.34 (fixed in 19.76). The application does not implement proper CSRF tokens or other other protective measures, allowing a remote attacker to trick authenticated users into unknowingly executing unintended actions within their session. This can lead to unauthorized data modification such as credential updates. |
2026-02-10T18:16:19.923 |
https://cve.circl.lu/cve/CVE-2025-61547 |
| CVE-2025-59891 |
5.9 |
CSRF |
Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible due to the lack of proper CSRF token implementation. Among other things, it is possible, using a POST request to change a user's password or create users via '/setup_login?sid=', affecting the 'username', 'password', and 'cpassword' parameters. |
2026-02-10T21:08:50.623 |
https://cve.circl.lu/cve/CVE-2025-59891 |
| CVE-2025-59892 |
5.9 |
CSRF |
Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible due to the lack of proper CSRF token implementation. Among other things, it is possible, using a POST request to delete commands individually via '/delete_command?sid=', using the 'cid' parameter. |
2026-02-10T21:08:39.607 |
https://cve.circl.lu/cve/CVE-2025-59892 |
| CVE-2025-59893 |
5.9 |
CSRF |
Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible due to the lack of proper CSRF token implementation. Among other things, it is possible, using a POST request to rename commands via '/rename_command?sid=', affecting the 'command_name' parameter. |
2026-02-10T21:08:26.120 |
https://cve.circl.lu/cve/CVE-2025-59893 |
| CVE-2025-59894 |
5.9 |
CSRF |
Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible due to the lack of proper CSRF token implementation. Among other things, it is possible, using a POST request to delete all commands via '/delete_all_commands?sid='. |
2026-02-10T21:08:13.387 |
https://cve.circl.lu/cve/CVE-2025-59894 |
| CVE-2025-20363 |
6.0 |
Cisco |
A vulnerability in the web services of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat Defense (FTD) Software, Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, remote attacker (Cisco ASA and FTD Software) or authenticated, remote attacker (Cisco IOS, IOS XE, and IOS XR Software) with low user privileges to execute arbitrary code on an affected device. This vulnerability is due to improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted web service on an affected device after obtaining additional information about the system, overcoming exploit mitigations, or both. A successful exploit could allow the attacker to execute arbitrary code as root, which may lead to the complete compromise of the affected device. For more information about this vulnerability, see the Details ["#details"] section of this advisory. |
2026-02-10T17:12:01.947 |
https://cve.circl.lu/cve/CVE-2025-20363 |
| CVE-2025-20360 |
1.4 |
Cisco |
Multiple Cisco products are affected by a vulnerability in the Snort 3 HTTP Decoder that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart.This vulnerability is due to a lack of complete error checking when the MIME fields of the HTTP header are parsed. An attacker could exploit this vulnerability by sending crafted HTTP packets through an established connection to be parsed by Snort 3. A successful exploit could allow the attacker to cause a DoS condition when the Snort 3 Detection Engine unexpectedly restarts. |
2026-02-12T19:15:50.247 |
https://cve.circl.lu/cve/CVE-2025-20360 |
| CVE-2026-20045 |
4.2 |
Cisco |
A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability by sending a sequence of crafted HTTP requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. Note: Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates. The reason is that exploitation of this vulnerability could result in an attacker elevating privileges to root. |
2026-02-13T21:37:06.717 |
https://cve.circl.lu/cve/CVE-2026-20045 |
| CVE-2025-48823 |
3.6 |
Cryptograph |
Cryptographic issues in Windows Cryptographic Services allows an unauthorized attacker to disclose information over a network. |
2026-02-13T20:17:30.333 |
https://cve.circl.lu/cve/CVE-2025-48823 |
| CVE-2025-49756 |
2.5 |
Cryptograph |
Use of a broken or risky cryptographic algorithm in Office Developer Platform allows an authorized attacker to bypass a security feature locally. |
2026-02-13T14:35:27.727 |
https://cve.circl.lu/cve/CVE-2025-49756 |
| CVE-2025-58740 |
3.6 |
Cryptograph |
The use of a hard-coded encryption key in calls to the Password function in C2SGlobalSettings.dll in Milner ImageDirector Capture on Windows allows a local attacker to decrypt database credentials by reading the cryptographic key from the executable.This issue affects ImageDirector Capture: from 7.0.9 before 7.6.3.25808. |
2026-02-10T16:53:15.267 |
https://cve.circl.lu/cve/CVE-2025-58740 |
| CVE-2025-58743 |
3.6 |
Cryptograph |
Use of a Broken or Risky Cryptographic Algorithm (DES) vulnerability in the Password class in C2SConnections.dll in Milner ImageDirector Capture on Windows allows Encryption Brute Forcing to obtain database credentials.This issue affects ImageDirector Capture: from 7.0.9.0 before 7.6.3.25808. |
2026-02-10T16:43:15.193 |
https://cve.circl.lu/cve/CVE-2025-58743 |
| CVE-2025-52026 |
3.6 |
Cryptograph |
An information disclosure vulnerability exists in the /srvs/membersrv/getCashiers endpoint of the Aptsys gemscms backend platform thru 2025-05-28. This unauthenticated endpoint returns a list of cashier accounts, including names, email addresses, usernames, and passwords hashed using MD5. As MD5 is a broken cryptographic function, the hashes can be easily reversed using public tools, exposing user credentials in plaintext. This allows remote attackers to perform unauthorized logins and potentially gain access to sensitive POS operations or backend functions. |
2026-02-12T16:48:21.933 |
https://cve.circl.lu/cve/CVE-2025-52026 |
| CVE-2026-1733 |
1.4 |
CRM |
A vulnerability was identified in Zhong Bang CRMEB up to 5.6.3. This affects the function detail/tidyOrder of the file /api/store_integral/order/detail/:uni. The manipulation of the argument order_id leads to improper authorization. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. |
2026-02-11T19:32:34.830 |
https://cve.circl.lu/cve/CVE-2026-1733 |
| CVE-2026-1734 |
1.4 |
CRM |
A security flaw has been discovered in Zhong Bang CRMEB up to 5.6.3. This vulnerability affects unknown code of the file crmeb/app/api/controller/v1/CrontabController.php of the component crontab Endpoint. The manipulation results in missing authorization. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. |
2026-02-11T19:33:06.060 |
https://cve.circl.lu/cve/CVE-2026-1734 |
| CVE-2026-0488 |
6.0 |
CRM |
An authenticated attacker in SAP CRM and SAP S/4HANA (Scripting Editor) could exploit a flaw in a generic function module call and execute unauthorized critical functionalities, which includes the ability to execute an arbitrary SQL statement. This leads to a full database compromise with high impact on confidentiality, integrity, and availability. |
2026-02-10T15:22:54.740 |
https://cve.circl.lu/cve/CVE-2026-0488 |
| CVE-2025-69634 |
6.0 |
CRM |
Cross Site Request Forgery vulnerability in Dolibarr ERP & CRM v.22.0.9 allows a remote attacker to escalate privileges via the notes field in perms.php |
2026-02-13T14:23:48.007 |
https://cve.circl.lu/cve/CVE-2025-69634 |
| CVE-2025-69542 |
5.9 |
D-Link |
A Command Injection Vulnerability has been discovered in the DHCP daemon service of D-Link DIR895LA1 v102b07. The vulnerability exists in the lease renewal processing logic where the DHCP hostname parameter is directly concatenated into a system command without proper sanitization. When a DHCP client renews an existing lease with a malicious hostname, arbitrary commands can be executed with root privileges. |
2026-02-10T19:48:29.113 |
https://cve.circl.lu/cve/CVE-2025-69542 |
| CVE-2026-1544 |
3.4 |
D-Link |
A security flaw has been discovered in D-Link DIR-823X 250416. Impacted is the function sub_41E2A0 of the file /goform/set_mode. Performing a manipulation of the argument lan_gateway results in os command injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer. |
2026-02-09T17:06:23.600 |
https://cve.circl.lu/cve/CVE-2026-1544 |
| CVE-2026-1596 |
3.4 |
D-Link |
A flaw has been found in D-Link DWR-M961 1.1.47. This vulnerability affects the function sub_419920 of the file /boafrm/formLtefotaUpgradeQuectel. This manipulation of the argument fota_url causes command injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. |
2026-02-10T17:42:17.303 |
https://cve.circl.lu/cve/CVE-2026-1596 |
| CVE-2026-1744 |
1.4 |
D-Link |
A vulnerability was found in D-Link DSL-6641K N8.TR069.20131126. Affected by this issue is the function doSubmitPPP of the file sp_pppoe_user.js. The manipulation of the argument Username results in cross site scripting. The attack may be launched remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer. |
2026-02-10T17:42:33.620 |
https://cve.circl.lu/cve/CVE-2026-1744 |
| CVE-2026-2061 |
3.4 |
D-Link |
A vulnerability was determined in D-Link DIR-823X 250416. Affected by this issue is the function sub_424D20 of the file /goform/set_ipv6. Executing a manipulation can lead to os command injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. |
2026-02-11T19:04:07.420 |
https://cve.circl.lu/cve/CVE-2026-2061 |
| CVE-2026-21537 |
5.9 |
Defender |
Improper control of generation of code ('code injection') in Microsoft Defender for Linux allows an unauthorized attacker to execute code over an adjacent network. |
2026-02-11T21:50:25.840 |
https://cve.circl.lu/cve/CVE-2026-21537 |
| CVE-2025-21104 |
1.4 |
Dell |
Dell NetWorker, versions prior to 19.11.0.4 and version 19.12, contains an URL Redirection to Untrusted Site ('Open Redirect') Vulnerability in NetWorker Management Console. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to a targeted application user being redirected to arbitrary web URLs. The vulnerability could be leveraged by attackers to conduct phishing attacks that cause users to divulge sensitive information. |
2026-02-13T20:16:15.527 |
https://cve.circl.lu/cve/CVE-2025-21104 |
| CVE-2023-53565 |
3.6 |
Dell |
In the Linux kernel, the following vulnerability has been resolved:wifi: brcmfmac: Check for probe() id argument being NULLThe probe() id argument may be NULL in 2 scenarios:1. brcmf_pcie_pm_leave_D3() calling brcmf_pcie_probe() to reprobe the device.2. If a user tries to manually bind the driver from sysfs then the sdio / pcie / usb probe() function gets called with NULL as id argument.1. Is being hit by users causing the following oops on resume and causingwifi to stop working:BUG: kernel NULL pointer dereference, address: 0000000000000018<snip>Hardware name: Dell Inc. XPS 13 9350/0PWNCR, BIDS 1.13.0 02/10/2020Workgueue: events_unbound async_run_entry_fnRIP: 0010:brcmf_pcie_probe+Ox16b/0x7a0 [brcmfmac]<snip>Call Trace: <TASK> brcmf_pcie_pm_leave_D3+0xc5/8x1a0 [brcmfmac be3b4cefca451e190fa35be8f00db1bbec293887] ? pci_pm_resume+0x5b/0xf0 ? pci_legacy_resume+0x80/0x80 dpm_run_callback+0x47/0x150 device_resume+0xa2/0x1f0 async_resume+0x1d/0x30<snip>Fix this by checking for id being NULL.In the PCI and USB cases try a manual lookup of the id so that manuallybinding the driver through sysfs and more importantly brcmf_pcie_probe()on resume will work.For the SDIO case there is no helper to do a manual sdio_device_id lookup,so just directly error out on a NULL id there. |
2026-02-10T15:21:36.083 |
https://cve.circl.lu/cve/CVE-2023-53565 |
| CVE-2025-43914 |
6.0 |
Dell |
Dell PowerProtect Data Domain BoostFS for Linux Ubuntu systems of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access. |
2026-02-12T17:14:05.740 |
https://cve.circl.lu/cve/CVE-2025-43914 |
| CVE-2025-46684 |
5.2 |
Dell |
Dell SupportAssist OS Recovery, versions prior to 5.5.15.1, contain a Creation of Temporary File With Insecure Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information Tampering. |
2026-02-13T21:02:41.140 |
https://cve.circl.lu/cve/CVE-2025-46684 |
| CVE-2025-46685 |
6.0 |
Dell |
Dell SupportAssist OS Recovery, versions prior to 5.5.15.1, contain a Creation of Temporary File With Insecure Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. |
2026-02-13T20:59:20.847 |
https://cve.circl.lu/cve/CVE-2025-46685 |
| CVE-2025-67723 |
2.5 |
Discourse |
Discourse is an open source discussion platform. Versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 have a content-security-policy-mitigated cross-site scriptinv vulnerability on the Discourse Math plugin when using its KaTeX variant. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. As a workaround, the Discourse Math plugin can be disabled, or the Mathjax provider can be used instead of KaTeX. |
2026-02-09T17:40:37.820 |
https://cve.circl.lu/cve/CVE-2025-67723 |
| CVE-2026-2250 |
3.6 |
Django |
The /dbviewer/ web endpoint in METIS WIC devices is exposed without authentication. A remote attacker can access and export the internal telemetry SQLite database containing sensitive operational data. Additionally, the application is configured with debug mode enabled, causing malformed requests to return verbose Django tracebacks that disclose backend source code, local file paths, and system configuration. |
2026-02-12T16:16:18.783 |
https://cve.circl.lu/cve/CVE-2026-2250 |
| CVE-2026-0863 |
6.0 |
Docker |
Using string formatting and exception handling, an attacker may bypass n8n's python-task-executor sandbox restrictions and run arbitrary unrestricted Python code in the underlying operating system.The vulnerability can be exploited via the Code block by an authenticated user with basic permissions and can lead to a full n8n instance takeover on instances operating under "Internal" execution mode.If the instance is operating under the "External" execution mode (ex. n8n's official Docker image) - arbitrary code execution occurs inside a Sidecar container and not the main node, which significantly reduces the vulnerability impact. |
2026-02-10T17:23:41.550 |
https://cve.circl.lu/cve/CVE-2026-0863 |
| CVE-2026-24763 |
5.9 |
Docker |
OpenClaw (formerly Clawdbot) is a personal AI assistant you run on your own devices. Prior to 2026.1.29, a command injection vulnerability existed in OpenClaw’s Docker sandbox execution mechanism due to unsafe handling of the PATH environment variable when constructing shell commands. An authenticated user able to control environment variables could influence command execution within the container context. This vulnerability is fixed in 2026.1.29. |
2026-02-13T14:28:51.560 |
https://cve.circl.lu/cve/CVE-2026-24763 |
| CVE-2026-26216 |
6.0 |
Docker |
Crawl4AI versions prior to 0.8.0 contain a remote code execution vulnerability in the Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec(). The __import__ builtin was included in the allowed builtins, allowing unauthenticated remote attackers to import arbitrary modules and execute system commands. Successful exploitation allows full server compromise, including arbitrary command execution, file read and write access, sensitive data exfiltration, and lateral movement within internal networks. |
2026-02-13T14:23:48.007 |
https://cve.circl.lu/cve/CVE-2026-26216 |
| CVE-2026-26217 |
4.0 |
Docker |
Crawl4AI versions prior to 0.8.0 contain a local file inclusion vulnerability in the Docker API deployment. The /execute_js, /screenshot, /pdf, and /html endpoints accept file:// URLs, allowing unauthenticated remote attackers to read arbitrary files from the server filesystem. An attacker can access sensitive files such as /etc/passwd, /etc/shadow, application configuration files, and environment variables via /proc/self/environ, potentially exposing credentials, API keys, and internal application structure. |
2026-02-13T14:23:48.007 |
https://cve.circl.lu/cve/CVE-2026-26217 |
| CVE-2025-25058 |
1.4 |
ESXi |
Improper initialization for some ESXi kernel mode driver for the Intel(R) Ethernet 800-Series before version 2.2.2.0 (esxi 8.0) & 2.2.3.0 (esxi 9.0) within Ring 1: Device Drivers may allow an information disclosure. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable data exposure. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (none) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. |
2026-02-10T21:51:48.077 |
https://cve.circl.lu/cve/CVE-2025-25058 |
| CVE-2026-1188 |
5.9 |
Eclipse |
In the Eclipse OMR port library component since release 0.2.0, an API function to return the textual names of all supported processor features was not accounting for the separator inserted between processor features. If the output buffer supplied to this function was incorrectly sized, failing to account for the separator when determining when a write to the buffer was safe could lead to a buffer overflow. This issue is fixed in Eclipse OMR version 0.8.0. |
2026-02-09T15:20:46.133 |
https://cve.circl.lu/cve/CVE-2026-1188 |
| CVE-2025-67274 |
3.6 |
Excel |
An issue in continuous.software aangine v.2025.2 allows a remote attacker to obtain sensitive information via the excel-integration-service template download module, integration-persistence-service job listing module, portfolio-item-service data retrieval module endpoints |
2026-02-12T15:46:29.970 |
https://cve.circl.lu/cve/CVE-2025-67274 |
| CVE-2026-21258 |
3.6 |
Excel |
Improper input validation in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. |
2026-02-11T19:12:56.623 |
https://cve.circl.lu/cve/CVE-2026-21258 |
| CVE-2026-21259 |
5.9 |
Excel |
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to elevate privileges locally. |
2026-02-11T19:12:00.613 |
https://cve.circl.lu/cve/CVE-2026-21259 |
| CVE-2026-21261 |
3.6 |
Excel |
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. |
2026-02-11T19:08:10.653 |
https://cve.circl.lu/cve/CVE-2026-21261 |
| CVE-2025-26466 |
3.6 |
Exchange |
A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack. |
2026-02-10T18:16:14.480 |
https://cve.circl.lu/cve/CVE-2025-26466 |
| CVE-2025-14559 |
5.2 |
Exchange |
A flaw was found in the keycloak-services component of Keycloak. This vulnerability allows the issuance of access and refresh tokens for disabled users, leading to unauthorized use of previously revoked privileges, via a business logic vulnerability in the Token Exchange implementation when a privileged client invokes the token exchange flow. |
2026-02-10T02:15:51.897 |
https://cve.circl.lu/cve/CVE-2025-14559 |
| CVE-2026-23740 |
0.0 |
Exchange |
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, when ast_coredumper writes its gdb init and output files to a directory that is world-writable (for example /tmp), an attacker with write permission(which is all users on a linux system) to that directory can cause root to execute arbitrary commands or overwrite arbitrary files by controlling the gdb init file and output paths. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2. |
2026-02-10T18:25:39.730 |
https://cve.circl.lu/cve/CVE-2026-23740 |
| CVE-2026-21527 |
2.5 |
Exchange |
User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. |
2026-02-11T21:41:55.400 |
https://cve.circl.lu/cve/CVE-2026-21527 |
| CVE-2023-27533 |
5.9 |
Exploit |
A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system. |
2026-02-13T21:16:11.790 |
https://cve.circl.lu/cve/CVE-2023-27533 |
| CVE-2023-31726 |
3.6 |
Exploit |
AList 3.15.1 is vulnerable to Incorrect Access Control, which can be exploited by attackers to obtain sensitive information. |
2026-02-13T21:18:02.773 |
https://cve.circl.lu/cve/CVE-2023-31726 |
| CVE-2023-25835 |
6.0 |
Exploit |
There is a stored Cross‑Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS Sites versions 11.1 and below that may allow a remote, authenticated attacker with high‑privileged access to create a crafted link that is persisted within the site configuration. When accessed by a victim, the stored payload may execute arbitrary JavaScript code in the victim’s browser. Successful exploitation could allow the attacker to access sensitive user data and session information, alter trusted site content and user actions, and disrupt normal site functionality, resulting in a high impact to confidentiality, integrity, and availability. |
2026-02-13T19:41:21.620 |
https://cve.circl.lu/cve/CVE-2023-25835 |
| CVE-2023-25837 |
6.0 |
Exploit |
There is a Cross‑Site Scripting (XSS) vulnerability in Esri ArcGIS Enterprise Sites versions 10.9 and below that may allow a remote, authenticated attacker to create a crafted link which, when clicked by a victim, could result in the execution of arbitrary JavaScript code in the target’s browser. Exploitation requires high‑privileged authenticated access. Successful exploitation may allow the attacker to access sensitive session data, manipulate trusted content, and disrupt normal application functionality, resulting in a high impact to confidentiality, integrity, and availability. |
2026-02-13T19:41:24.867 |
https://cve.circl.lu/cve/CVE-2023-25837 |
| CVE-2024-25699 |
6.0 |
Exploit |
There is a difficult‑to‑exploit improper authentication issue in the Home application for Esri Portal for ArcGIS versions 11.2 and below on Windows and Linux, and ArcGIS Enterprise versions 11.1 and below on Kubernetes, which under unique circumstances could allow a remote, authenticated attacker with low‑privileged access to compromise the confidentiality, integrity, and availability of the software. Successful exploitation allows the attacker to cross an authentication and authorization boundary beyond their originally assigned access, resulting in a scope change. |
2026-02-13T19:41:30.620 |
https://cve.circl.lu/cve/CVE-2024-25699 |
| CVE-2024-47067 |
2.7 |
Endpoint |
AList is a file list program that supports multiple storages. AList contains a reflected cross-site scripting vulnerability in helper.go. The endpoint /i/:link_name takes in a user-provided value and reflects it back in the response. The endpoint returns an application/xml response, opening it up to HTML tags via XHTML and thus leading to a XSS vulnerability. This vulnerability is fixed in 3.29.0. |
2026-02-13T21:18:02.773 |
https://cve.circl.lu/cve/CVE-2024-47067 |
| CVE-2025-25207 |
3.6 |
Endpoint |
The Authorino service in the Red Hat Connectivity Link is the authorization service for zero trust API security. Authorino allows the users with developer persona to add callbacks to be executed to HTTP endpoints once the authorization process is completed. It was found that an attacker with developer persona access can add a large number of those callbacks to be executed by Authorino and as the authentication policy is enforced by a single instance of the service, this leada to a Denial of Service in Authorino while processing the post-authorization callbacks. |
2026-02-11T11:16:04.750 |
https://cve.circl.lu/cve/CVE-2025-25207 |
| CVE-2025-27022 |
3.6 |
Endpoint |
A path traversal vulnerability of the WebGUI HTTP endpoint in Infinera G42 version R6.1.3 allows remote authenticated users to download all OS files via HTTP requests.Details: Lack or insufficient validation of user-supplied input allows authenticated users to access all files on the target machine file system that are readable to the user account used to run the httpd service. |
2026-02-11T21:31:52.680 |
https://cve.circl.lu/cve/CVE-2025-27022 |
| CVE-2025-34153 |
N/A |
Endpoint |
Hyland OnBase versions prior to 17.0.2.87 (other versions may be affected) are vulnerable to unauthenticated remote code execution via insecure deserialization on the .NET Remoting TCP channel. The service registers a listener on port 6031 with the URI endpoint TimerServer, implemented in Hyland.Core.Timers.dll. This endpoint deserializes untrusted input using the .NET BinaryFormatter, allowing attackers to execute arbitrary code under the context of NT AUTHORITY\SYSTEM. |
2026-02-13T18:16:10.517 |
https://cve.circl.lu/cve/CVE-2025-34153 |
| CVE-2025-8085 |
4.0 |
Endpoint |
The Ditty WordPress plugin before 3.1.58 lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs. |
2026-02-09T18:19:09.703 |
https://cve.circl.lu/cve/CVE-2025-8085 |
| CVE-2025-24477 |
3.4 |
Fortinet |
A heap-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2.4 through 7.2.12 allows an attacker to escalate its privileges via a specially crafted CLI command |
2026-02-10T08:15:55.963 |
https://cve.circl.lu/cve/CVE-2025-24477 |
| CVE-2025-52436 |
5.9 |
Fortinet |
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an unauthenticated attacker to execute commands via crafted requests. |
2026-02-10T21:52:01.987 |
https://cve.circl.lu/cve/CVE-2025-52436 |
| CVE-2025-55018 |
1.4 |
Fortinet |
An inconsistent interpretation of http requests ('http request smuggling') vulnerability in Fortinet FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4.3 through 6.4.16 may allow an unauthenticated attacker to smuggle an unlogged http request through the firewall policies via a specially crafted header |
2026-02-10T21:52:01.987 |
https://cve.circl.lu/cve/CVE-2025-55018 |
| CVE-2025-62439 |
2.7 |
Fortinet |
An Improper Verification of Source of a Communication Channel vulnerability [CWE-940] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions may allow an authenticated user with knowledge of FSSO policy configurations to gain unauthorized access to protected network resources via crafted requests. |
2026-02-10T21:52:01.987 |
https://cve.circl.lu/cve/CVE-2025-62439 |
| CVE-2025-62676 |
5.2 |
Fortinet |
An Improper Link Resolution Before File Access ('Link Following') vulnerability [CWE-59] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.4, FortiClientWindows 7.2.0 through 7.2.12, FortiClientWindows 7.0 all versions may allow a local low-privilege attacker to perform an arbitrary file write with elevated permissions via crafted named pipe messages. |
2026-02-12T16:06:17.343 |
https://cve.circl.lu/cve/CVE-2025-62676 |
| CVE-2025-21605 |
3.6 |
Firewall |
Redis is an open source, in-memory database that persists on disk. In versions starting at 2.6 and prior to 7.4.3, An unauthenticated client can cause unlimited growth of output buffers, until the server runs out of memory or is killed. By default, the Redis configuration does not limit the output buffer of normal clients (see client-output-buffer-limit). Therefore, the output buffer can grow unlimitedly over time. As a result, the service is exhausted and the memory is unavailable. When password authentication is enabled on the Redis server, but no password is provided, the client can still cause the output buffer to grow from "NOAUTH" responses until the system will run out of memory. This issue has been patched in version 7.4.3. An additional workaround to mitigate this problem without patching the redis-server executable is to block access to prevent unauthenticated users from connecting to Redis. This can be done in different ways. Either using network access control tools like firewalls, iptables, security groups, etc, or enabling TLS and requiring users to authenticate using client side certificates. |
2026-02-10T18:16:13.897 |
https://cve.circl.lu/cve/CVE-2025-21605 |
| CVE-2026-2122 |
3.4 |
Firewall |
A security flaw has been discovered in Xiaopi Panel up to 20260126. This impacts an unknown function of the file /demo.php of the component WAF Firewall. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. |
2026-02-09T16:08:35.290 |
https://cve.circl.lu/cve/CVE-2026-2122 |
| CVE-2026-0229 |
N/A |
Firewall |
A denial-of-service (DoS) vulnerability in the Advanced DNS Security (ADNS) feature of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to initiate system reboots using a maliciously crafted packet. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode.Cloud NGFW and Prisma Access® are not impacted by this vulnerability. |
2026-02-12T15:11:02.290 |
https://cve.circl.lu/cve/CVE-2026-0229 |
| CVE-2026-1868 |
6.0 |
GitLab |
GitLab has remediated a vulnerability in the Duo Workflow Service component of GitLab AI Gateway affecting all versions of the AI Gateway from 18.1.6, 18.2.6, 18.3.1 to 18.6.1, 18.7.0, and 18.8.0 in which AI Gateway was vulnerable to insecure template expansion of user supplied data via crafted Duo Agent Platform Flow definitions. This vulnerability could be used to cause Denial of Service or gain code execution on the Gateway. This has been fixed in versions 18.6.2, 18.7.1, and 18.8.1 of the GitLab AI Gateway. |
2026-02-09T16:08:35.290 |
https://cve.circl.lu/cve/CVE-2026-1868 |
| CVE-2025-12073 |
1.4 |
GitLab |
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an authenticated user to perform server-side request forgery against internal services by bypassing protections in the Git repository import functionality. |
2026-02-13T15:15:12.320 |
https://cve.circl.lu/cve/CVE-2025-12073 |
| CVE-2025-12575 |
2.5 |
GitLab |
GitLab has remediated an issue in GitLab EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user with certain permissions to make unauthorized requests to internal network services through the GitLab server. |
2026-02-13T15:16:07.330 |
https://cve.circl.lu/cve/CVE-2025-12575 |
| CVE-2025-14560 |
5.2 |
GitLab |
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized actions on behalf of another user by injecting malicious content into vulnerability code flow. |
2026-02-13T15:16:54.370 |
https://cve.circl.lu/cve/CVE-2025-14560 |
| CVE-2025-14592 |
1.4 |
GitLab |
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized operations by submitting GraphQL mutations through the GLQL API endpoint. |
2026-02-13T15:18:16.647 |
https://cve.circl.lu/cve/CVE-2025-14592 |
| CVE-2025-47911 |
1.4 |
Golang |
The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content. |
2026-02-12T16:16:03.417 |
https://cve.circl.lu/cve/CVE-2025-47911 |
| CVE-2025-58190 |
1.4 |
Golang |
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content. |
2026-02-12T16:16:03.737 |
https://cve.circl.lu/cve/CVE-2025-58190 |
| CVE-2023-47240 |
3.7 |
Google |
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Codeboxr CBX Map for Google Map & OpenStreetMap plugin <= 1.1.11 versions. |
2026-02-13T21:45:46.313 |
https://cve.circl.lu/cve/CVE-2023-47240 |
| CVE-2023-53548 |
3.6 |
Google |
In the Linux kernel, the following vulnerability has been resolved:net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urbThe syzbot fuzzer identified a problem in the usbnet driver:usb 1-1: BOGUS urb xfer, pipe 3 != type 1WARNING: CPU: 0 PID: 754 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504Modules linked in:CPU: 0 PID: 754 Comm: kworker/0:2 Not tainted 6.4.0-rc7-syzkaller-00014-g692b7dc87ca6 #0Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023Workqueue: mld mld_ifc_workRIP: 0010:usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504Code: 7c 24 18 e8 2c b4 5b fb 48 8b 7c 24 18 e8 42 07 f0 fe 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 a0 c9 fc 8a e8 5a 6f 23 fb <0f> 0b e9 58 f8 ff ff e8 fe b3 5b fb 48 81 c5 c0 05 00 00 e9 84 f7RSP: 0018:ffffc9000463f568 EFLAGS: 00010086RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000RDX: ffff88801eb28000 RSI: ffffffff814c03b7 RDI: 0000000000000001RBP: ffff8881443b7190 R08: 0000000000000001 R09: 0000000000000000R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000003R13: ffff88802a77cb18 R14: 0000000000000003 R15: ffff888018262500FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033CR2: 0000556a99c15a18 CR3: 0000000028c71000 CR4: 0000000000350ef0Call Trace: <TASK> usbnet_start_xmit+0xfe5/0x2190 drivers/net/usb/usbnet.c:1453 __netdev_start_xmit include/linux/netdevice.h:4918 [inline] netdev_start_xmit include/linux/netdevice.h:4932 [inline] xmit_one net/core/dev.c:3578 [inline] dev_hard_start_xmit+0x187/0x700 net/core/dev.c:3594...This bug is caused by the fact that usbnet trusts the bulk endpointaddresses its probe routine receives in the driver_info structure, andit does not check to see that these endpoints actually exist and havethe expected type and directions.The fix is simply to add such a check. |
2026-02-10T22:27:13.403 |
https://cve.circl.lu/cve/CVE-2023-53548 |
| CVE-2026-1861 |
5.9 |
Google |
Heap buffer overflow in libvpx in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
2026-02-11T18:32:11.090 |
https://cve.circl.lu/cve/CVE-2026-1861 |
| CVE-2026-1862 |
5.9 |
Google |
Type Confusion in V8 in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
2026-02-11T18:48:26.643 |
https://cve.circl.lu/cve/CVE-2026-1862 |
| CVE-2026-1727 |
N/A |
Google |
The Agentspace service was affected by a vulnerability that exposed sensitive information due to the use of predictable Google Cloud Storage bucket names. These names were utilized for error logs and temporary staging during data imports from GCS and Cloud SQL. This predictability allowed an attacker to engage in "bucket squatting" by establishing these buckets before a victim's initial use.All versions after December 12th, 2025 have been updated to protect from this vulnerability. No user action is required for this. |
2026-02-09T16:08:55.263 |
https://cve.circl.lu/cve/CVE-2026-1727 |
| CVE-2026-25063 |
N/A |
Gradle |
gradle-completion provides Bash and Zsh completion support for Gradle. A command injection vulnerability was found in gradle-completion up to and including 9.3.0 that allows arbitrary code execution when a user triggers Bash tab completion in a project containing a malicious Gradle build file. The `gradle-completion` script for Bash fails to adequately sanitize Gradle task names and task descriptions, allowing command injection via a malicious Gradle build file when the user completes a command in Bash (without them explicitly running any task in the build). For example, given a task description that includes a string between backticks, then that string would be evaluated as a command when presenting the task description in the completion list. While task execution is the core feature of Gradle, this inherent execution may lead to unexpected outcomes. The vulnerability does not affect zsh completion. The first patched version is 9.3.1. As a workaround, it is possible and effective to temporarily disable bash completion for Gradle by removing `gradle-completion` from `.bashrc` or `.bash_profile`. |
2026-02-10T15:16:06.010 |
https://cve.circl.lu/cve/CVE-2026-25063 |
| CVE-2025-41117 |
5.2 |
Grafana |
Stack traces in Grafana's Explore Traces view can be rendered as raw HTML, and thus inject malicious JavaScript in the browser. This would require malicious JavaScript to be entered into the stack trace field.Only datasources with the Jaeger HTTP API appear to be affected; Jaeger gRPC and Tempo do not appear affected whatsoever. |
2026-02-12T15:10:37.307 |
https://cve.circl.lu/cve/CVE-2025-41117 |
| CVE-2023-0676 |
2.7 |
GitHub |
Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to 1.5.1. |
2026-02-13T17:16:09.407 |
https://cve.circl.lu/cve/CVE-2023-0676 |
| CVE-2023-4451 |
2.7 |
GitHub |
Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4. |
2026-02-13T17:16:09.573 |
https://cve.circl.lu/cve/CVE-2023-4451 |
| CVE-2026-25598 |
N/A |
GitHub |
Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. Prior to 2.14.2, a security vulnerability has been identified in the Harden-Runner GitHub Action (Community Tier) that allows outbound network connections to evade audit logging. Specifically, outbound traffic using the sendto, sendmsg, and sendmmsg socket system calls can bypass detection and logging when using egress-policy: audit. This vulnerability is fixed in 2.14.2. |
2026-02-09T21:55:30.093 |
https://cve.circl.lu/cve/CVE-2026-25598 |
| CVE-2026-25761 |
5.9 |
GitHub |
Super-linter is a combination of multiple linters to run as a GitHub Action or standalone. From 6.0.0 to 8.3.0, the Super-linter GitHub Action is vulnerable to command injection via crafted filenames. When this action is used in downstream GitHub Actions workflows, an attacker can submit a pull request that introduces a file whose name contains shell command substitution syntax, such as $(...). In affected Super-linter versions, runtime scripts may execute the embedded command during file discovery processing, enabling arbitrary command execution in the workflow runner context. This can be used to disclose the job’s GITHUB_TOKEN depending on how the workflow configures permissions. This vulnerability is fixed in 8.3.1. |
2026-02-09T21:55:30.093 |
https://cve.circl.lu/cve/CVE-2026-25761 |
| CVE-2026-21256 |
5.9 |
GitHub |
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network. |
2026-02-11T21:37:01.630 |
https://cve.circl.lu/cve/CVE-2026-21256 |
| CVE-2026-21244 |
5.9 |
Hyper-V |
Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally. |
2026-02-11T20:43:08.610 |
https://cve.circl.lu/cve/CVE-2026-21244 |
| CVE-2026-21247 |
5.9 |
Hyper-V |
Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally. |
2026-02-11T20:45:56.220 |
https://cve.circl.lu/cve/CVE-2026-21247 |
| CVE-2026-21248 |
5.9 |
Hyper-V |
Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally. |
2026-02-11T20:15:17.870 |
https://cve.circl.lu/cve/CVE-2026-21248 |
| CVE-2026-21255 |
6.0 |
Hyper-V |
Improper access control in Windows Hyper-V allows an authorized attacker to bypass a security feature locally. |
2026-02-11T20:04:16.867 |
https://cve.circl.lu/cve/CVE-2026-21255 |
| CVE-2025-36009 |
3.6 |
IBM |
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of service due to excessive use of a global variable. |
2026-02-11T20:57:37.413 |
https://cve.circl.lu/cve/CVE-2025-36009 |
| CVE-2025-36407 |
3.6 |
IBM |
IBM® Db2® is vulnerable to a denial of service with a specially crafted query that uses ALTER TABLE operations. |
2026-02-09T15:16:10.667 |
https://cve.circl.lu/cve/CVE-2025-36407 |
| CVE-2025-36424 |
3.6 |
IBM |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a denial of service due to improper neutralization of special elements in data query logic. |
2026-02-11T20:57:25.490 |
https://cve.circl.lu/cve/CVE-2025-36424 |
| CVE-2025-36427 |
3.6 |
IBM |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a denial of service due to insufficient validation of special elements in data query logic. |
2026-02-11T20:57:17.513 |
https://cve.circl.lu/cve/CVE-2025-36427 |
| CVE-2025-14914 |
6.0 |
IBM |
IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading to arbitrary code execution. |
2026-02-12T21:16:54.170 |
https://cve.circl.lu/cve/CVE-2025-14914 |
| CVE-2025-66676 |
3.6 |
IOBit |
An issue in IObit Unlocker v1.3.0.11 allows attackers to cause a Denial of Service (DoS) via a crafted request. |
2026-02-13T21:43:11.137 |
https://cve.circl.lu/cve/CVE-2025-66676 |
| CVE-2026-0508 |
5.8 |
Intel |
The SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker with high privileges to insert malicious URL within the application. Upon successful exploitation, the victim may click on this malicious URL, resulting in an unvalidated redirect to the attacker-controlled domain and subsequently download the malicious content. This vulnerability has a high impact on the confidentiality and integrity of the application, with no effect on the availability of the application. |
2026-02-10T15:22:54.740 |
https://cve.circl.lu/cve/CVE-2026-0508 |
| CVE-2026-24324 |
3.6 |
Intel |
SAP BusinessObjects Business Intelligence Platform (AdminTools) allows an authenticated attacker with user privileges to execute a specific query in AdminTools that could cause the Content Management Server (CMS) to crash, rendering the CMS partially or completely unavailable and resulting in the denial of service of the Content Management Server (CMS). Successful exploitation impacts system availability, while confidentiality and integrity remain unaffected. |
2026-02-10T15:22:54.740 |
https://cve.circl.lu/cve/CVE-2026-24324 |
| CVE-2025-20070 |
5.9 |
Intel |
Improper conditions check for the Intel(R) Optane(TM) PMem management software before versions CR_MGMT_02.00.00.4052, CR_MGMT_03.00.00.0538 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable [cvss_threat_loss_factor]. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. |
2026-02-10T21:51:48.077 |
https://cve.circl.lu/cve/CVE-2025-20070 |
| CVE-2025-20080 |
4.0 |
Intel |
Null pointer dereference in the firmware for some Intel(R) AMT and Intel(R) Standard Manageability within Ring 0: Kernel may allow a denial of service. Network adversary with an unauthenticated user combined with a high complexity attack may enable denial of service. This result may potentially occur via network access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. |
2026-02-10T21:51:48.077 |
https://cve.circl.lu/cve/CVE-2025-20080 |
| CVE-2025-20106 |
5.9 |
Intel |
Uncontrolled search path in some software installer for some VTune(TM) Profiler software and Intel(R) oneAPI Base Toolkits before version 2025.0. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. |
2026-02-10T21:51:48.077 |
https://cve.circl.lu/cve/CVE-2025-20106 |
| CVE-2025-71089 |
N/A |
IoT |
In the Linux kernel, the following vulnerability has been resolved:iommu: disable SVA when CONFIG_X86 is setPatch series "Fix stale IOTLB entries for kernel address space", v7.This proposes a fix for a security vulnerability related to IOMMU SharedVirtual Addressing (SVA). In an SVA context, an IOMMU can cache kernelpage table entries. When a kernel page table page is freed andreallocated for another purpose, the IOMMU might still hold stale,incorrect entries. This can be exploited to cause a use-after-free orwrite-after-free condition, potentially leading to privilege escalation ordata corruption.This solution introduces a deferred freeing mechanism for kernel pagetable pages, which provides a safe window to notify the IOMMU toinvalidate its caches before the page is reused.This patch (of 8):In the IOMMU Shared Virtual Addressing (SVA) context, the IOMMU hardwareshares and walks the CPU's page tables. The x86 architecture maps thekernel's virtual address space into the upper portion of every process'spage table. Consequently, in an SVA context, the IOMMU hardware can walkand cache kernel page table entries.The Linux kernel currently lacks a notification mechanism for kernel pagetable changes, specifically when page table pages are freed and reused. The IOMMU driver is only notified of changes to user virtual addressmappings. This can cause the IOMMU's internal caches to retain staleentries for kernel VA.Use-After-Free (UAF) and Write-After-Free (WAF) conditions arise whenkernel page table pages are freed and later reallocated. The IOMMU couldmisinterpret the new data as valid page table entries. The IOMMU mightthen walk into attacker-controlled memory, leading to arbitrary physicalmemory DMA access or privilege escalation. This is also aWrite-After-Free issue, as the IOMMU will potentially continue to writeAccessed and Dirty bits to the freed memory while attempting to walk thestale page tables.Currently, SVA contexts are unprivileged and cannot access kernelmappings. However, the IOMMU will still walk kernel-only page tables allthe way down to the leaf entries, where it realizes the mapping is for thekernel and errors out. This means the IOMMU still caches theseintermediate page table entries, making the described vulnerability a realconcern.Disable SVA on x86 architecture until the IOMMU can receive notificationto flush the paging cache before freeing the CPU kernel page table pages. |
2026-02-12T09:16:08.263 |
https://cve.circl.lu/cve/CVE-2025-71089 |
| CVE-2025-63624 |
5.9 |
IoT |
SQL Injection vulnerability in Shandong Kede Electronics Co., Ltd IoT smart water meter monitoring platform v.1.0 allows a remote attacker to execute arbitrary code via the imei_list.aspx file. |
2026-02-11T19:25:42.057 |
https://cve.circl.lu/cve/CVE-2025-63624 |
| CVE-2026-21528 |
2.5 |
IoT |
Binding to an unrestricted ip address in Azure IoT SDK allows an unauthorized attacker to disclose information over a network. |
2026-02-11T21:43:38.763 |
https://cve.circl.lu/cve/CVE-2026-21528 |
| CVE-2024-25705 |
2.7 |
Java |
There is a cross‑site scripting (XSS) vulnerability in Esri Portal for ArcGIS Experience Builder versions 11.1 and below on Windows and Linux that allows a remote, authenticated attacker with low‑privileged access to create a crafted link which, when clicked, could potentially execute arbitrary JavaScript code in the victim’s browser. Exploitation requires basic authenticated access but does not require elevated or administrative privileges, indicating low privileges are required. |
2026-02-13T19:41:39.000 |
https://cve.circl.lu/cve/CVE-2024-25705 |
| CVE-2024-25709 |
2.7 |
Java |
There is a stored Cross‑Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS versions 11.2 and below that may allow a remote, authenticated attacker to create a crafted link that can be saved as a new location when moving an existing item, which could potentially execute arbitrary JavaScript code in a victim’s browser. Exploitation does not require any privileges and can be performed by an anonymous user. |
2026-02-13T19:41:45.883 |
https://cve.circl.lu/cve/CVE-2024-25709 |
| CVE-2024-35224 |
4.7 |
Java |
OpenProject is the leading open source project management software. OpenProject utilizes `tablesorter` inside of the Cost Report feature. This dependency, when misconfigured, can lead to Stored XSS via `{icon}` substitution in table header values. This attack requires the permissions "Edit work packages" as well as "Add attachments". A project admin could attempt to escalate their privileges by sending this XSS to a System Admin. Otherwise, if a full System Admin is required, then this attack is significantly less impactful. By utilizing a ticket's attachment, you can store javascript in the application itself and bypass the application's CSP policy to achieve Stored XSS. This vulnerability has been patched in version(s) 14.1.0, 14.0.2 and 13.4.2. |
2026-02-13T15:44:32.677 |
https://cve.circl.lu/cve/CVE-2024-35224 |
| CVE-2026-25846 |
3.6 |
JetBrains |
In JetBrains YouTrack before 2025.3.119033 access tokens could be exposed in Mailbox logs |
2026-02-09T16:08:35.290 |
https://cve.circl.lu/cve/CVE-2026-25846 |
| CVE-2026-25847 |
6.0 |
JetBrains |
In JetBrains PyCharm before 2025.3.2 a DOM-based XSS on Jupyter viewer page was possible |
2026-02-09T16:08:35.290 |
https://cve.circl.lu/cve/CVE-2026-25847 |
| CVE-2026-25848 |
5.2 |
JetBrains |
In JetBrains Hub before 2025.3.119807 authentication bypass allowing administrative actions was possible |
2026-02-09T16:08:35.290 |
https://cve.circl.lu/cve/CVE-2026-25848 |
| CVE-2026-1466 |
2.7 |
Jira |
Jirafeau normally prevents browser preview for text files due to the possibility that for example SVG and HTML documents could be exploited for cross site scripting. This was done by storing the MIME type of a file and allowing only browser preview for MIME types beginning with image (except for image/svg+xml, see CVE-2022-30110, CVE-2024-12326 and CVE-2025-7066), video and audio. However, it was possible to bypass this check by sending a manipulated HTTP request with an invalid MIME type like image. When doing the preview, the browser tries to automatically detect the MIME type resulting in detecting SVG and possibly executing JavaScript code. To prevent this, MIME sniffing is disabled by sending the HTTP header X-Content-Type-Options: nosniff. |
2026-02-12T20:43:24.200 |
https://cve.circl.lu/cve/CVE-2026-1466 |
| CVE-2026-22892 |
1.4 |
Jira |
Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have access to via the /create-issue API endpoint by providing the post ID of an inaccessible post.. Mattermost Advisory ID: MMSA-2025-00550 |
2026-02-13T14:23:48.007 |
https://cve.circl.lu/cve/CVE-2026-22892 |
| CVE-2026-25538 |
5.9 |
Kubernetes |
Devtron is an open source tool integration platform for Kubernetes. In version 2.0.0 and prior, a vulnerability exists in Devtron's Attributes API interface, allowing any authenticated user (including low-privileged CI/CD Developers) to obtain the global API Token signing key by accessing the /orchestrator/attributes?key=apiTokenSecret endpoint. After obtaining the key, attackers can forge JWT tokens for arbitrary user identities offline, thereby gaining complete control over the Devtron platform and laterally moving to the underlying Kubernetes cluster. This issue has been patched via commit d2b0d26. |
2026-02-11T19:10:54.880 |
https://cve.circl.lu/cve/CVE-2026-25538 |
| CVE-2026-25804 |
N/A |
Kubernetes |
Antrea is a Kubernetes networking solution intended to be Kubernetes native. Prior to versions 2.3.2 and 2.4.3, Antrea's network policy priority assignment system has a uint16 arithmetic overflow bug that causes incorrect OpenFlow priority calculations when handling a large numbers of policies with various priority values. This results in potentially incorrect traffic enforcement. This issue has been patched in versions 2.4.3. |
2026-02-09T16:08:55.263 |
https://cve.circl.lu/cve/CVE-2026-25804 |
| CVE-2026-24044 |
N/A |
Kubernetes |
Element Server Suite Community Edition (ESS Community) deploys a Matrix stack using the provided Helm charts and Kubernetes distribution. The ESS Community Helm Chart secrets initialization hook (using matrix-tools container before 0.5.7) is using an insecure Matrix server key generation method, allowing network attackers to potentially recreate the same key pair, allowing them to impersonate the victim server. The secret is generated by the secrets initialization hook, in the ESS Community Helm Chart values, if both initSecrets.enabled is not set to false and synapse.signingKey is not defined. Given a server key in Matrix authenticates both requests originating from and events constructed on a given server, this potentially impacts confidentiality, integrity and availability of rooms which have a vulnerable server present as a member. The confidentiality of past conversations in end-to-end encrypted rooms is not impacted. The key generation issue was fixed in matrix-tools 0.5.7, released as part of ESS Community Helm Chart 25.12.1. |
2026-02-13T14:23:48.007 |
https://cve.circl.lu/cve/CVE-2026-24044 |
| CVE-2026-25996 |
N/A |
Kubernetes |
Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. String fields from eBPF events in columns output mode are rendered to the terminal without any sanitization of control characters or ANSI escape sequences. Therefore, a maliciously forged – partially or completely – event payload, coming from an observed container, might inject the escape sequences into the terminal of ig operators, with various effects. The columns output mode is the default when running ig run interactively. |
2026-02-13T14:23:48.007 |
https://cve.circl.lu/cve/CVE-2026-25996 |
| CVE-2020-37178 |
3.6 |
KeePass |
KeePass Password Safe versions before 2.44 contain a denial of service vulnerability in the help system's HTML handling. Attackers can trigger the vulnerability by dragging and dropping malicious HTML files into the help area, potentially causing application instability or crash. |
2026-02-12T15:10:37.307 |
https://cve.circl.lu/cve/CVE-2020-37178 |
| CVE-2024-42079 |
3.6 |
Linux |
In the Linux kernel, the following vulnerability has been resolved:gfs2: Fix NULL pointer dereference in gfs2_log_flushIn gfs2_jindex_free(), set sdp->sd_jdesc to NULL under the log flushlock to provide exclusion against gfs2_log_flush().In gfs2_log_flush(), check if sdp->sd_jdesc is non-NULL beforedereferencing it. Otherwise, we could run into a NULL pointerdereference when outstanding glock work races with an unmount(glock_work_func -> run_queue -> do_xmote -> inode_go_sync ->gfs2_log_flush). |
2026-02-12T09:16:06.777 |
https://cve.circl.lu/cve/CVE-2024-42079 |
| CVE-2024-51954 |
4.7 |
Linux |
There is an improper access control issue in ArcGIS Server versions 11.3 and below on Windows and Linux which, under unique circumstances, could allow a remote, low‑privileged authenticated attacker to access secure services published to a standalone (unfederated) ArcGIS Server instance. Successful exploitation results in unauthorized access to protected services outside the attacker’s originally assigned authorization boundary, constituting a scope change. If exploited, this issue would have a high impact on confidentiality, a low impact on integrity, and no impact on the availability of the software. |
2026-02-13T19:41:36.327 |
https://cve.circl.lu/cve/CVE-2024-51954 |
| CVE-2025-22042 |
3.6 |
Linux |
In the Linux kernel, the following vulnerability has been resolved:ksmbd: add bounds check for create lease contextAdd missing bounds check for create lease context. |
2026-02-13T15:58:50.887 |
https://cve.circl.lu/cve/CVE-2025-22042 |
| CVE-2026-2069 |
1.4 |
Llama |
A flaw has been found in ggml-org llama.cpp up to 55abc39. Impacted is the function llama_grammar_advance_stack of the file llama.cpp/src/llama-grammar.cpp of the component GBNF Grammar Handler. This manipulation causes stack-based buffer overflow. The attack needs to be launched locally. The exploit has been published and may be used. Patch name: 18993. To fix this issue, it is recommended to deploy a patch. |
2026-02-09T16:08:55.263 |
https://cve.circl.lu/cve/CVE-2026-2069 |
| CVE-2025-23366 |
5.2 |
Management |
A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated as a user that belongs to management groups “SuperUser”, “Admin”, or “Maintainer”. |
2026-02-10T14:16:09.203 |
https://cve.circl.lu/cve/CVE-2025-23366 |
| CVE-2025-23367 |
3.6 |
Management |
A flaw was found in the Wildfly Server Role Based Access Control (RBAC) provider. When authorization to control management operations is secured using the Role Based Access Control provider, a user without the required privileges can suspend or resume the server. A user with a Monitor or Auditor role is supposed to have only read access permissions and should not be able to suspend the server. The vulnerability is caused by the Suspend and Resume handlers not performing authorization checks to validate whether the current user has the required permissions to proceed with the action. |
2026-02-10T14:16:09.357 |
https://cve.circl.lu/cve/CVE-2025-23367 |
| CVE-2025-20985 |
3.6 |
Management |
Improper privilege management in ThemeManager prior to SMR Jun-2025 Release 1 allows local privileged attackers to reuse trial items. |
2026-02-10T22:15:15.550 |
https://cve.circl.lu/cve/CVE-2025-20985 |
| CVE-2026-20796 |
1.4 |
Mattermost |
Mattermost versions 10.11.x <= 10.11.9 fail to properly validate channel membership at the time of data retrieval which allows a deactivated user to learn team names they should not have access to via a race condition in the /common_teams API endpoint.. Mattermost Advisory ID: MMSA-2025-00549 |
2026-02-13T14:23:48.007 |
https://cve.circl.lu/cve/CVE-2026-20796 |
| CVE-2024-43468 |
5.9 |
Microsoft |
Microsoft Configuration Manager Remote Code Execution Vulnerability |
2026-02-13T14:04:05.243 |
https://cve.circl.lu/cve/CVE-2024-43468 |
| CVE-2025-47732 |
5.8 |
Microsoft |
Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute code over a network. |
2026-02-13T20:17:23.490 |
https://cve.circl.lu/cve/CVE-2025-47732 |
| CVE-2025-47176 |
5.9 |
Microsoft |
'.../...//' in Microsoft Office Outlook allows an authorized attacker to execute code locally. |
2026-02-13T20:17:23.027 |
https://cve.circl.lu/cve/CVE-2025-47176 |
| CVE-2025-49731 |
1.4 |
Microsoft |
Improper handling of insufficient permissions or privileges in Microsoft Teams allows an authorized attacker to elevate privileges over a network. |
2026-02-13T14:32:33.727 |
https://cve.circl.lu/cve/CVE-2025-49731 |
| CVE-2025-49737 |
5.9 |
Microsoft |
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Teams allows an authorized attacker to elevate privileges locally. |
2026-02-13T14:34:47.430 |
https://cve.circl.lu/cve/CVE-2025-49737 |
| CVE-2026-25611 |
3.6 |
MongoDB |
A series of specifically crafted, unauthenticated messages can exhaust available memory and crash a MongoDB server. |
2026-02-10T21:51:48.077 |
https://cve.circl.lu/cve/CVE-2026-25611 |
| CVE-2026-25612 |
3.6 |
MongoDB |
The internal locking mechanism of the MongoDB server uses an internal encoding of the resources in order to choose what lock to take. Collections may inadvertently collide with one another in this representation causing unavailability between them due to conflicting locks. |
2026-02-10T21:51:48.077 |
https://cve.circl.lu/cve/CVE-2026-25612 |
| CVE-2026-1849 |
3.6 |
MongoDB |
MongoDB Server may experience an out-of-memory failure while evaluating expressions that produce deeply nested documents. The issue arises in recursive functions because the server does not periodically check the depth of the expression. |
2026-02-10T21:51:48.077 |
https://cve.circl.lu/cve/CVE-2026-1849 |
| CVE-2026-1850 |
3.6 |
MongoDB |
Complex queries can cause excessive memory usage in MongoDB Query Planner resulting in an Out-Of-Memory Crash. |
2026-02-10T21:51:48.077 |
https://cve.circl.lu/cve/CVE-2026-1850 |
| CVE-2026-25613 |
3.6 |
MongoDB |
An authorized user may disable the MongoDB server by issuing a query against a collection that contains an invalid compound wildcard index. |
2026-02-10T21:51:48.077 |
https://cve.circl.lu/cve/CVE-2026-25613 |
| CVE-2020-37116 |
5.9 |
MySQL |
GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the platform can remotely access phpMyAdmin and, after uploading a shell, view the config.php file to obtain the MySQL password, leading to full database compromise. |
2026-02-10T21:20:24.043 |
https://cve.circl.lu/cve/CVE-2020-37116 |
| CVE-2026-25923 |
N/A |
MySQL |
my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view. Prior to 20260208.1, the application fails to filter the phar:// protocol in URL validation, allowing attackers to upload a malicious Phar Polyglot file (disguised as JPEG) via the image upload feature, trigger Phar deserialization through BBCode [img] tag processing, and exploit Smarty 4.1.0 POP chain to achieve arbitrary file deletion. This vulnerability is fixed in 20260208.1. |
2026-02-10T15:22:54.740 |
https://cve.circl.lu/cve/CVE-2026-25923 |
| CVE-2025-55210 |
N/A |
MySQL |
FreePBX is an open-source web-based graphical user interface (GUI) that manages Asterisk. Prior to 17.0.5 and 16.0.17, FreePBX module api (PBX API) is vulnerable to privilege escalation by authenticated users with REST/GraphQL API access. This vulnerability allows an attacker to forge a valid JWT with full access to the REST and GraphQL APIs on a FreePBX that they've already connected to, possibly as a lower privileged user. The JWT is signed using the api-oauth.key private key. An attacker can generate their own token if they possess this key (e.g., by accessing an affected instance), and specify any scopes they wish (e.g., rest, gql), bypassing traditional authorization checks. However, FreePBX enforces that the jti (JWT ID) claim must exist in the database (api_access_tokens table in the asterisk MySQL database) in order for the token to be accepted. Therefore, the attacker must know a jti value that already exists on the target instance. This vulnerability is fixed in 17.0.5 and 16.0.17. |
2026-02-13T14:23:48.007 |
https://cve.circl.lu/cve/CVE-2025-55210 |
| CVE-2025-69604 |
5.9 |
MacOS |
An issue in Shirt Pocket's SuperDuper! 3.11 and earlier allow a local attacker to modify the default task template to install an arbitrary package that can run shell scripts with root privileges and Full Disk Access, thus bypassing macOS privacy controls. |
2026-02-13T20:32:40.430 |
https://cve.circl.lu/cve/CVE-2025-69604 |
| CVE-2026-23903 |
1.4 |
MacOS |
Authentication Bypass by Alternate Name vulnerability in Apache Shiro.This issue affects Apache Shiro: before 2.0.7.Users are recommended to upgrade to version 2.0.7, which fixes the issue.The issue only effects static files. If static files are served from a case-insensitive filesystem,such as default macOS setup, static files may be accessed by varying the case of the filename in the request.If only lower-case (common default) filters are present in Shiro, they may be bypassed this way.Shiro 2.0.7 and later has a new parameters to remediate this issueshiro.ini: filterChainResolver.caseInsensitive = trueapplication.propertie: shiro.caseInsensitive=trueShiro 3.0.0 and later (upcoming) makes this the default. |
2026-02-11T18:30:59.070 |
https://cve.circl.lu/cve/CVE-2026-23903 |
| CVE-2026-2303 |
3.6 |
MacOS |
The mongo-go-driver repository contains CGo bindings for GSSAPI (Kerberos) authentication on Linux and macOS. The C wrapper implementation contains a heap out-of-bounds read vulnerability due to incorrect assumptions about string termination in the GSSAPI standard. Since GSSAPI buffers are not guaranteed to be null-terminated or have extra padding, this results in reading one byte past the allocated heap buffer. |
2026-02-10T21:51:48.077 |
https://cve.circl.lu/cve/CVE-2026-2303 |
| CVE-2025-43403 |
3.6 |
MacOS |
An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4. An app may be able to access sensitive user data. |
2026-02-13T14:50:34.183 |
https://cve.circl.lu/cve/CVE-2025-43403 |
| CVE-2025-43417 |
3.6 |
MacOS |
A path handling issue was addressed with improved logic. This issue is fixed in macOS Sonoma 14.8.4. An app may be able to access user-sensitive data. |
2026-02-13T14:50:19.590 |
https://cve.circl.lu/cve/CVE-2025-43417 |
| CVE-2025-65924 |
1.4 |
Malware |
ERPNext thru 15.88.1 does not sanitize or remove certain HTML tags specifically `<a>` hyperlinks in fields that are intended for plain text. Although JavaScript is blocked (preventing XSS), the HTML is still preserved in the generated PDF document. As a result, an attacker can inject malicious clickable links into an ERP-generated PDF. Since PDF files generated by the ERP system are generally considered trustworthy, users are highly likely to click these links, potentially enabling phishing attacks or malware delivery. This issue occurs in the Add Quality Goal' function. |
2026-02-11T16:47:58.950 |
https://cve.circl.lu/cve/CVE-2025-65924 |
| CVE-2026-0404 |
5.9 |
Netgear |
An insufficient input validation vulnerability in NETGEAR Orbi devices' DHCPv6 functionality allows network adjacent attackers authenticated over WiFi or on LAN to execute OS command injections on the router. DHCPv6 is not enabled by default. |
2026-02-12T17:36:09.760 |
https://cve.circl.lu/cve/CVE-2026-0404 |
| CVE-2026-0405 |
5.9 |
Netgear |
An authentication bypass vulnerability in NETGEAR Orbi devices allows users connected to the local network to access the router web interface as an admin. |
2026-02-12T17:40:40.530 |
https://cve.circl.lu/cve/CVE-2026-0405 |
| CVE-2026-1642 |
3.6 |
Nginx |
A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-middle (MITM) position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data into the response from an upstream proxied server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
2026-02-13T21:35:01.730 |
https://cve.circl.lu/cve/CVE-2026-1642 |
| CVE-2026-2145 |
1.4 |
Nginx |
A vulnerability was identified in cym1102 nginxWebUI up to 4.3.7. The impacted element is an unknown function of the file /adminPage/conf/check of the component Web Management Interface. Such manipulation of the argument nginxDir leads to cross site scripting. The attack can be executed remotely. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet. |
2026-02-09T16:08:35.290 |
https://cve.circl.lu/cve/CVE-2026-2145 |
| CVE-2025-57283 |
5.9 |
Node.js |
The Node.js package browserstack-local 1.5.8 contains a command injection vulnerability. This occurs because the logfile variable is not properly sanitized in lib/Local.js. |
2026-02-09T19:17:13.890 |
https://cve.circl.lu/cve/CVE-2025-57283 |
| CVE-2026-25223 |
3.6 |
Node.js |
Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.2, a validation bypass vulnerability exists in Fastify where request body validation schemas specified by Content-Type can be completely circumvented. By appending a tab character (\t) followed by arbitrary content to the Content-Type header, attackers can bypass body validation while the server still processes the body as the original content type. This issue has been patched in version 5.7.2. |
2026-02-10T20:05:15.127 |
https://cve.circl.lu/cve/CVE-2026-25223 |
| CVE-2026-25224 |
1.4 |
Node.js |
Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.3, a denial-of-service vulnerability in Fastify’s Web Streams response handling can allow a remote client to exhaust server memory. Applications that return a ReadableStream (or Response with a Web Stream body) via reply.send() are impacted. A slow or non-reading client can trigger unbounded buffering when backpressure is ignored, leading to process crashes or severe degradation. This issue has been patched in version 5.7.3. |
2026-02-10T19:24:48.703 |
https://cve.circl.lu/cve/CVE-2026-25224 |
| CVE-2026-1615 |
5.9 |
Node.js |
All versions of the package jsonpath are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-supplied JSON Path expressions. The library relies on the static-eval module to process JSON Path input, which is not designed to handle untrusted data safely. An attacker can exploit this vulnerability by supplying a malicious JSON Path expression that, when evaluated, executes arbitrary JavaScript code, leading to Remote Code Execution in Node.js environments or Cross-site Scripting (XSS) in browser contexts. This affects all methods that evaluate JSON Paths against objects, including .query, .nodes, .paths, .value, .parent, and .apply. |
2026-02-09T16:08:35.290 |
https://cve.circl.lu/cve/CVE-2026-1615 |
| CVE-2026-25639 |
3.6 |
Node.js |
Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service. This vulnerability is fixed in 1.13.5. |
2026-02-09T21:55:30.093 |
https://cve.circl.lu/cve/CVE-2026-25639 |
| CVE-2026-1814 |
N/A |
Nexpose |
Rapid7 Nexpose versions 6.4.50 and later are vulnerable to an insufficient entropy issue in the CredentialsKeyStorePassword.generateRandomPassword() method. When updating legacy keystore passwords, the application generates a new password with insufficient length (7-12 characters) and a static prefix 'p', resulting in a weak keyspace. An attacker with access to the nsc.ks file can brute-force this password using consumer-grade hardware to decrypt stored credentials. |
2026-02-09T20:15:56.100 |
https://cve.circl.lu/cve/CVE-2026-1814 |
| CVE-2026-2026 |
4.2 |
Nessus |
A vulnerability has been identified where weak file permissions in the Nessus Agent directory on Windows hosts could allow unauthorized access, potentially permitting Denial of Service (DoS) attacks. |
2026-02-13T21:43:11.137 |
https://cve.circl.lu/cve/CVE-2026-2026 |
| CVE-2026-26021 |
5.9 |
NPM |
set-in provides the set value of nested associative structure given array of keys. A prototype pollution vulnerability exists in the the npm package set-in (>=2.0.1, < 2.0.5). Despite a previous fix that attempted to mitigate prototype pollution by checking whether user input contained a forbidden key, it is still possible to pollute Object.prototype via a crafted input using Array.prototype. This has been fixed in version 2.0.5. |
2026-02-13T21:43:27.900 |
https://cve.circl.lu/cve/CVE-2026-26021 |
| CVE-2026-2391 |
1.4 |
NPM |
### SummaryThe `arrayLimit` option in qs does not enforce limits for comma-separated values when `comma: true` is enabled, allowing attackers to cause denial-of-service via memory exhaustion. This is a bypass of the array limit enforcement, similar to the bracket notation bypass addressed in GHSA-6rw7-vpxm-498p (CVE-2025-15284).### DetailsWhen the `comma` option is set to `true` (not the default, but configurable in applications), qs allows parsing comma-separated strings as arrays (e.g., `?param=a,b,c` becomes `['a', 'b', 'c']`). However, the limit check for `arrayLimit` (default: 20) and the optional throwOnLimitExceeded occur after the comma-handling logic in `parseArrayValue`, enabling a bypass. This permits creation of arbitrarily large arrays from a single parameter, leading to excessive memory allocation.**Vulnerable code** (lib/parse.js: lines ~40-50):```jsif (val && typeof val === 'string' && options.comma && val.indexOf(',') > -1) { return val.split(',');}if (options.throwOnLimitExceeded && currentArrayLength >= options.arrayLimit) { throw new RangeError('Array limit exceeded. Only ' + options.arrayLimit + ' element' + (options.arrayLimit === 1 ? '' : 's') + ' allowed in an array.');}return val;```The `split(',')` returns the array immediately, skipping the subsequent limit check. Downstream merging via `utils.combine` does not prevent allocation, even if it marks overflows for sparse arrays.This discrepancy allows attackers to send a single parameter with millions of commas (e.g., `?param=,,,,,,,,...`), allocating massive arrays in memory without triggering limits. It bypasses the intent of `arrayLimit`, which is enforced correctly for indexed (`a[0]=`) and bracket (`a[]=`) notations (the latter fixed in v6.14.1 per GHSA-6rw7-vpxm-498p).### PoC**Test 1 - Basic bypass:**```npm install qs``````jsconst qs = require('qs');const payload = 'a=' + ','.repeat(25); // 26 elements after split (bypasses arrayLimit: 5)const options = { comma: true, arrayLimit: 5, throwOnLimitExceeded: true };try { const result = qs.parse(payload, options); console.log(result.a.length); // Outputs: 26 (bypass successful)} catch (e) { console.log('Limit enforced:', e.message); // Not thrown}```**Configuration:**- `comma: true`- `arrayLimit: 5`- `throwOnLimitExceeded: true`Expected: Throws "Array limit exceeded" error.Actual: Parses successfully, creating an array of length 26.### ImpactDenial of Service (DoS) via memory exhaustion. |
2026-02-12T16:16:19.440 |
https://cve.circl.lu/cve/CVE-2026-2391 |
| CVE-2025-56647 |
3.6 |
NPM |
npm @farmfe/core before 1.7.6 is Missing Origin Validation in WebSocket. The development (hot module reloading) server does not validate origin when connecting to a WebSocket client. This allows attackers to surveil developers running Farm who visit their webpage and steal source code that is leaked by the WebSocket server. |
2026-02-13T14:23:48.007 |
https://cve.circl.lu/cve/CVE-2025-56647 |
| CVE-2025-37778 |
5.9 |
NULL Pointer |
In the Linux kernel, the following vulnerability has been resolved:ksmbd: Fix dangling pointer in krb_authenticatekrb_authenticate frees sess->user and does not set the pointerto NULL. It calls ksmbd_krb5_authenticate to reinitialisesess->user but that function may return without doing so. Ifthat happens then smb2_sess_setup, which calls krb_authenticate,will be accessing free'd memory when it later uses sess->user. |
2026-02-13T15:52:51.533 |
https://cve.circl.lu/cve/CVE-2025-37778 |
| CVE-2025-32709 |
5.9 |
NULL Pointer |
Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. |
2026-02-13T21:37:17.017 |
https://cve.circl.lu/cve/CVE-2025-32709 |
| CVE-2025-38234 |
3.6 |
NULL Pointer |
In the Linux kernel, the following vulnerability has been resolved:sched/rt: Fix race in push_rt_taskOverview========When a CPU chooses to call push_rt_task and picks a task to push toanother CPU's runqueue then it will call find_lock_lowest_rq methodwhich would take a double lock on both CPUs' runqueues. If one of thelocks aren't readily available, it may lead to dropping the currentrunqueue lock and reacquiring both the locks at once. During this windowit is possible that the task is already migrated and is running on someother CPU. These cases are already handled. However, if the task ismigrated and has already been executed and another CPU is now trying towake it up (ttwu) such that it is queued again on the runqeue(on_rq is 1) and also if the task was run by the same CPU, then thecurrent checks will pass even though the task was migrated out and is nolonger in the pushable tasks list.Crashes=======This bug resulted in quite a few flavors of crashes triggering kernelpanics with various crash signatures such as assert failures, pagefaults, null pointer dereferences, and queue corruption errors allcoming from scheduler itself.Some of the crashes:-> kernel BUG at kernel/sched/rt.c:1616! BUG_ON(idx >= MAX_RT_PRIO) Call Trace: ? __die_body+0x1a/0x60 ? die+0x2a/0x50 ? do_trap+0x85/0x100 ? pick_next_task_rt+0x6e/0x1d0 ? do_error_trap+0x64/0xa0 ? pick_next_task_rt+0x6e/0x1d0 ? exc_invalid_op+0x4c/0x60 ? pick_next_task_rt+0x6e/0x1d0 ? asm_exc_invalid_op+0x12/0x20 ? pick_next_task_rt+0x6e/0x1d0 __schedule+0x5cb/0x790 ? update_ts_time_stats+0x55/0x70 schedule_idle+0x1e/0x40 do_idle+0x15e/0x200 cpu_startup_entry+0x19/0x20 start_secondary+0x117/0x160 secondary_startup_64_no_verify+0xb0/0xbb-> BUG: kernel NULL pointer dereference, address: 00000000000000c0 Call Trace: ? __die_body+0x1a/0x60 ? no_context+0x183/0x350 ? __warn+0x8a/0xe0 ? exc_page_fault+0x3d6/0x520 ? asm_exc_page_fault+0x1e/0x30 ? pick_next_task_rt+0xb5/0x1d0 ? pick_next_task_rt+0x8c/0x1d0 __schedule+0x583/0x7e0 ? update_ts_time_stats+0x55/0x70 schedule_idle+0x1e/0x40 do_idle+0x15e/0x200 cpu_startup_entry+0x19/0x20 start_secondary+0x117/0x160 secondary_startup_64_no_verify+0xb0/0xbb-> BUG: unable to handle page fault for address: ffff9464daea5900 kernel BUG at kernel/sched/rt.c:1861! BUG_ON(rq->cpu != task_cpu(p))-> kernel BUG at kernel/sched/rt.c:1055! BUG_ON(!rq->nr_running) Call Trace: ? __die_body+0x1a/0x60 ? die+0x2a/0x50 ? do_trap+0x85/0x100 ? dequeue_top_rt_rq+0xa2/0xb0 ? do_error_trap+0x64/0xa0 ? dequeue_top_rt_rq+0xa2/0xb0 ? exc_invalid_op+0x4c/0x60 ? dequeue_top_rt_rq+0xa2/0xb0 ? asm_exc_invalid_op+0x12/0x20 ? dequeue_top_rt_rq+0xa2/0xb0 dequeue_rt_entity+0x1f/0x70 dequeue_task_rt+0x2d/0x70 __schedule+0x1a8/0x7e0 ? blk_finish_plug+0x25/0x40 schedule+0x3c/0xb0 futex_wait_queue_me+0xb6/0x120 futex_wait+0xd9/0x240 do_futex+0x344/0xa90 ? get_mm_exe_file+0x30/0x60 ? audit_exe_compare+0x58/0x70 ? audit_filter_rules.constprop.26+0x65e/0x1220 __x64_sys_futex+0x148/0x1f0 do_syscall_64+0x30/0x80 entry_SYSCALL_64_after_hwframe+0x62/0xc7-> BUG: unable to handle page fault for address: ffff8cf3608bc2c0 Call Trace: ? __die_body+0x1a/0x60 ? no_context+0x183/0x350 ? spurious_kernel_fault+0x171/0x1c0 ? exc_page_fault+0x3b6/0x520 ? plist_check_list+0x15/0x40 ? plist_check_list+0x2e/0x40 ? asm_exc_page_fault+0x1e/0x30 ? _cond_resched+0x15/0x30 ? futex_wait_queue_me+0xc8/0x120 ? futex_wait+0xd9/0x240 ? try_to_wake_up+0x1b8/0x490 ? futex_wake+0x78/0x160 ? do_futex+0xcd/0xa90 ? plist_check_list+0x15/0x40 ? plist_check_list+0x2e/0x40 ? plist_del+0x6a/0xd0 ? plist_check_list+0x15/0x40 ? plist_check_list+0x2e/0x40 ? dequeue_pushable_task+0x20/0x70 ? __schedule+0x382/0x7e0 ? asm_sysvec_reschedule_i---truncated--- |
2026-02-12T09:16:07.240 |
https://cve.circl.lu/cve/CVE-2025-38234 |
| CVE-2023-53538 |
3.6 |
NULL Pointer |
In the Linux kernel, the following vulnerability has been resolved:btrfs: insert tree mod log move in push_node_leftThere is a fairly unlikely race condition in tree mod log rewind thatcan result in a kernel panic which has the following trace: [530.569] BTRFS critical (device sda3): unable to find logical 0 length 4096 [530.585] BTRFS critical (device sda3): unable to find logical 0 length 4096 [530.602] BUG: kernel NULL pointer dereference, address: 0000000000000002 [530.618] #PF: supervisor read access in kernel mode [530.629] #PF: error_code(0x0000) - not-present page [530.641] PGD 0 P4D 0 [530.647] Oops: 0000 [#1] SMP [530.654] CPU: 30 PID: 398973 Comm: below Kdump: loaded Tainted: G S O K 5.12.0-0_fbk13_clang_7455_gb24de3bdb045 #1 [530.680] Hardware name: Quanta Mono Lake-M.2 SATA 1HY9U9Z001G/Mono Lake-M.2 SATA, BIOS F20_3A15 08/16/2017 [530.703] RIP: 0010:__btrfs_map_block+0xaa/0xd00 [530.755] RSP: 0018:ffffc9002c2f7600 EFLAGS: 00010246 [530.767] RAX: ffffffffffffffea RBX: ffff888292e41000 RCX: f2702d8b8be15100 [530.784] RDX: ffff88885fda6fb8 RSI: ffff88885fd973c8 RDI: ffff88885fd973c8 [530.800] RBP: ffff888292e410d0 R08: ffffffff82fd7fd0 R09: 00000000fffeffff [530.816] R10: ffffffff82e57fd0 R11: ffffffff82e57d70 R12: 0000000000000000 [530.832] R13: 0000000000001000 R14: 0000000000001000 R15: ffffc9002c2f76f0 [530.848] FS: 00007f38d64af000(0000) GS:ffff88885fd80000(0000) knlGS:0000000000000000 [530.866] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [530.880] CR2: 0000000000000002 CR3: 00000002b6770004 CR4: 00000000003706e0 [530.896] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [530.912] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [530.928] Call Trace: [530.934] ? btrfs_printk+0x13b/0x18c [530.943] ? btrfs_bio_counter_inc_blocked+0x3d/0x130 [530.955] btrfs_map_bio+0x75/0x330 [530.963] ? kmem_cache_alloc+0x12a/0x2d0 [530.973] ? btrfs_submit_metadata_bio+0x63/0x100 [530.984] btrfs_submit_metadata_bio+0xa4/0x100 [530.995] submit_extent_page+0x30f/0x360 [531.004] read_extent_buffer_pages+0x49e/0x6d0 [531.015] ? submit_extent_page+0x360/0x360 [531.025] btree_read_extent_buffer_pages+0x5f/0x150 [531.037] read_tree_block+0x37/0x60 [531.046] read_block_for_search+0x18b/0x410 [531.056] btrfs_search_old_slot+0x198/0x2f0 [531.066] resolve_indirect_ref+0xfe/0x6f0 [531.076] ? ulist_alloc+0x31/0x60 [531.084] ? kmem_cache_alloc_trace+0x12e/0x2b0 [531.095] find_parent_nodes+0x720/0x1830 [531.105] ? ulist_alloc+0x10/0x60 [531.113] iterate_extent_inodes+0xea/0x370 [531.123] ? btrfs_previous_extent_item+0x8f/0x110 [531.134] ? btrfs_search_path_in_tree+0x240/0x240 [531.146] iterate_inodes_from_logical+0x98/0xd0 [531.157] ? btrfs_search_path_in_tree+0x240/0x240 [531.168] btrfs_ioctl_logical_to_ino+0xd9/0x180 [531.179] btrfs_ioctl+0xe2/0x2eb0This occurs when logical inode resolution takes a tree mod log sequencenumber, and then while backref walking hits a rewind on a busy nodewhich has the following sequence of tree mod log operations (numbersfilled in from a specific example, but they are somewhat arbitrary) REMOVE_WHILE_FREEING slot 532 REMOVE_WHILE_FREEING slot 531 REMOVE_WHILE_FREEING slot 530 ... REMOVE_WHILE_FREEING slot 0 REMOVE slot 455 REMOVE slot 454 REMOVE slot 453 ... REMOVE slot 0 ADD slot 455 ADD slot 454 ADD slot 453 ... ADD slot 0 MOVE src slot 0 -> dst slot 456 nritems 533 REMOVE slot 455 REMOVE slot 454 REMOVE slot 453 ... REMOVE slot 0When this sequence gets applied via btrfs_tree_mod_log_rewind, itallocates a fresh rewind eb, and first inserts the correct key info forthe 533 elements, then overwrites the first 456 of them, then decrementsthe count by 456 via the add ops, then rewinds the move by doing amemmove from 456:988->0:532. We have never written anything past 532,---truncated--- |
2026-02-09T22:06:08.497 |
https://cve.circl.lu/cve/CVE-2023-53538 |
| CVE-2025-67852 |
1.4 |
OAuth |
A flaw was found in Moodle. An open redirect vulnerability in the OAuth login flow allows a remote attacker to redirect users to attacker-controlled pages after they have successfully authenticated. This occurs due to insufficient validation of redirect parameters, which could lead to phishing attacks or information disclosure. |
2026-02-11T18:32:29.677 |
https://cve.circl.lu/cve/CVE-2025-67852 |
| CVE-2026-1721 |
N/A |
OAuth |
SummaryA Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the AI Playground's OAuth callback handler. The `error_description` query parameter was directly interpolated into an HTML script tag without proper escaping, allowing attackers to execute arbitrary JavaScript in the context of the victim's session.Root causeThe OAuth callback handler in `site/ai-playground/src/server.ts` directly interpolated the `authError` value, sourced from the `error_description` query parameter, into an inline `<script>` tag.ImpactAn attacker could craft a malicious link that, when clicked by a victim, would: * Steal user chat message history - Access all LLM interactions stored in the user's session. * Access connected MCP Servers - Interact with any MCP servers connected to the victim's session (public or authenticated/private), potentially allowing the attacker to perform actions on the victim's behalfMitigation: * PR: https://github.com/cloudflare/agents/pull/841 https://github.com/cloudflare/agents/pull/841 * Agents-sdk users should upgrade to agents@0.3.10 * Developers using configureOAuthCallback with custom error handling in their own applications should ensure all user-controlled input is escaped before interpolation. |
2026-02-13T14:23:48.007 |
https://cve.circl.lu/cve/CVE-2026-1721 |
| CVE-2026-25892 |
3.6 |
OpenSSL |
Adminer is open-source database management software. Adminer v5.4.1 and earlier has a version check mechanism where adminer.org sends signed version info via JavaScript postMessage, which the browser then POSTs to ?script=version. This endpoint lacks origin validation and accepts POST data from any source. An attacker can POST version[] parameter which PHP converts to an array. On next page load, openssl_verify() receives this array instead of string and throws TypeError, returning HTTP 500 to all users. Upgrade to Adminer 5.4.2. |
2026-02-10T15:22:54.740 |
https://cve.circl.lu/cve/CVE-2026-25892 |
| CVE-2026-1357 |
5.9 |
OpenSSL |
The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Upload in versions up to and including 0.9.123. This is due to improper error handling in the RSA decryption process combined with a lack of path sanitization when writing uploaded files. When the plugin fails to decrypt a session key using openssl_private_decrypt(), it does not terminate execution and instead passes the boolean false value to the phpseclib library's AES cipher initialization. The library treats this false value as a string of null bytes, allowing an attacker to encrypt a malicious payload using a predictable null-byte key. Additionally, the plugin accepts filenames from the decrypted payload without sanitization, enabling directory traversal to escape the protected backup directory. This makes it possible for unauthenticated attackers to upload arbitrary PHP files to publicly accessible directories and achieve Remote Code Execution via the wpvivid_action=send_to_site parameter. |
2026-02-11T15:27:26.370 |
https://cve.circl.lu/cve/CVE-2026-1357 |
| CVE-2026-21260 |
3.6 |
Outlook |
Exposure of sensitive information to an unauthorized actor in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network. |
2026-02-11T19:10:20.090 |
https://cve.circl.lu/cve/CVE-2026-21260 |
| CVE-2026-21511 |
3.6 |
Outlook |
Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network. |
2026-02-11T18:56:56.907 |
https://cve.circl.lu/cve/CVE-2026-21511 |
| CVE-2026-21509 |
5.9 |
Office |
Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally. |
2026-02-11T15:40:33.473 |
https://cve.circl.lu/cve/CVE-2026-21509 |
| CVE-2026-1996 |
N/A |
Office |
Certain HP OfficeJet Pro printers may be vulnerable to potential denial of service when the IPP requests are mishandled, failing to establish a TCP connection. |
2026-02-10T21:51:48.077 |
https://cve.circl.lu/cve/CVE-2026-1996 |
| CVE-2026-1997 |
1.4 |
Office |
Certain HP OfficeJet Pro printers may expose information if Cross‑Origin Resource Sharing (CORS) is misconfigured, potentially allowing unauthorized web origins to access device resource.CORS is disabled by default on Pro‑class devices and can only be enabled by an administrator through the Embedded Web Server (EWS). Keeping CORS disabled unless explicitly required helps ensure that only trusted solutions can interact with the device. |
2026-02-12T15:13:31.403 |
https://cve.circl.lu/cve/CVE-2026-1997 |
| CVE-2021-35438 |
2.7 |
PHP |
phpIPAM 1.4.3 allows Reflected XSS via app/dashboard/widgets/ipcalc-result.php and app/tools/ip-calculator/result.php of the IP calculator. |
2026-02-13T17:16:09.257 |
https://cve.circl.lu/cve/CVE-2021-35438 |
| CVE-2024-41355 |
3.7 |
PHP |
phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/tools/request-ip/index.php. |
2026-02-13T17:16:09.993 |
https://cve.circl.lu/cve/CVE-2024-41355 |
| CVE-2021-47783 |
2.7 |
PHP |
Phpwcms 1.9.30 contains a file upload vulnerability that allows authenticated attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG payloads through the multiple file upload feature to potentially execute cross-site scripting attacks on the platform. |
2026-02-09T14:52:36.330 |
https://cve.circl.lu/cve/CVE-2021-47783 |
| CVE-2025-52022 |
1.4 |
PHP |
A vulnerability in the PHP backend of gemsloyalty.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. This occurs when specially crafted HTTP GET/POST requests are sent to public API endpoints, exposing potentially sensitive information useful for further exploitation. This issue is classified under CWE-209: Information Exposure Through an Error Message. |
2026-02-11T19:25:31.770 |
https://cve.circl.lu/cve/CVE-2025-52022 |
| CVE-2025-69229 |
1.4 |
Python |
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, handling of chunked messages can result in excessive blocking CPU usage when receiving a large number of chunks. If an application makes use of the request.read() method in an endpoint, it may be possible for an attacker to cause the server to spend a moderate amount of blocking CPU time (e.g. 1 second) while processing the request. This could potentially lead to DoS as the server would be unable to handle other requests during that time. This issue is fixed in version 3.13.3. |
2026-02-13T18:55:03.527 |
https://cve.circl.lu/cve/CVE-2025-69229 |
| CVE-2025-14026 |
5.9 |
Python |
Forcepoint One DLP Client, version 23.04.5642 (and possibly newer versions), includes a restricted version of Python 2.5.4 that prevents use of the ctypes library. ctypes is a foreign function interface (FFI) for Python, enabling calls to DLLs/shared libraries, memory allocation, and direct code execution. It was demonstrated that these restrictions could be bypassed. |
2026-02-10T19:31:05.097 |
https://cve.circl.lu/cve/CVE-2025-14026 |
| CVE-2025-70559 |
2.5 |
Python |
pdfminer.six before 20251230 contains an insecure deserialization vulnerability in the CMap loading mechanism. The library uses Python pickle to deserialize CMap cache files without validation. An attacker with the ability to place a malicious pickle file in a location accessible to the application can trigger arbitrary code execution or privilege escalation when the file is loaded by a trusted process. This is caused by an incomplete patch to CVE-2025-64512. |
2026-02-11T18:16:06.870 |
https://cve.circl.lu/cve/CVE-2025-70559 |
| CVE-2025-70560 |
5.9 |
Python |
Boltz 2.0.0 contains an insecure deserialization vulnerability in its molecule loading functionality. The application uses Python pickle to deserialize molecule data files without validation. An attacker with the ability to place a malicious pickle file in a directory processed by boltz can achieve arbitrary code execution when the file is loaded. |
2026-02-11T16:01:33.467 |
https://cve.circl.lu/cve/CVE-2025-70560 |
| CVE-2021-47914 |
2.7 |
Phishing |
PHP Melody version 3.0 contains a persistent cross-site scripting vulnerability in the edit-video.php submitted parameter that allows remote attackers to inject malicious script code. Attackers can exploit this vulnerability to execute arbitrary JavaScript, potentially leading to session hijacking, persistent phishing, and manipulation of application modules. |
2026-02-11T19:29:24.883 |
https://cve.circl.lu/cve/CVE-2021-47914 |
| CVE-2021-47919 |
2.7 |
Phishing |
Simple CMS 2.1 contains a non-persistent cross-site scripting vulnerability in the preview.php file's id parameter. Attackers can inject malicious script code through a GET request to execute arbitrary scripts and potentially hijack user sessions or perform phishing attacks. |
2026-02-11T19:30:50.400 |
https://cve.circl.lu/cve/CVE-2021-47919 |
| CVE-2023-53558 |
3.6 |
QEMU |
In the Linux kernel, the following vulnerability has been resolved:rcu-tasks: Avoid pr_info() with spin lock in cblist_init_generic()pr_info() is called with rtp->cbs_gbl_lock spin lock locked. Becausepr_info() calls printk() that might sleep, this will result in BUGlike below:[ 0.206455] cblist_init_generic: Setting adjustable number of callback queues.[ 0.206463][ 0.206464] =============================[ 0.206464] [ BUG: Invalid wait context ][ 0.206465] 5.19.0-00428-g9de1f9c8ca51 #5 Not tainted[ 0.206466] -----------------------------[ 0.206466] swapper/0/1 is trying to lock:[ 0.206467] ffffffffa0167a58 (&port_lock_key){....}-{3:3}, at: serial8250_console_write+0x327/0x4a0[ 0.206473] other info that might help us debug this:[ 0.206473] context-{5:5}[ 0.206474] 3 locks held by swapper/0/1:[ 0.206474] #0: ffffffff9eb597e0 (rcu_tasks.cbs_gbl_lock){....}-{2:2}, at: cblist_init_generic.constprop.0+0x14/0x1f0[ 0.206478] #1: ffffffff9eb579c0 (console_lock){+.+.}-{0:0}, at: _printk+0x63/0x7e[ 0.206482] #2: ffffffff9ea77780 (console_owner){....}-{0:0}, at: console_emit_next_record.constprop.0+0x111/0x330[ 0.206485] stack backtrace:[ 0.206486] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.19.0-00428-g9de1f9c8ca51 #5[ 0.206488] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-1.fc36 04/01/2014[ 0.206489] Call Trace:[ 0.206490] <TASK>[ 0.206491] dump_stack_lvl+0x6a/0x9f[ 0.206493] __lock_acquire.cold+0x2d7/0x2fe[ 0.206496] ? stack_trace_save+0x46/0x70[ 0.206497] lock_acquire+0xd1/0x2f0[ 0.206499] ? serial8250_console_write+0x327/0x4a0[ 0.206500] ? __lock_acquire+0x5c7/0x2720[ 0.206502] _raw_spin_lock_irqsave+0x3d/0x90[ 0.206504] ? serial8250_console_write+0x327/0x4a0[ 0.206506] serial8250_console_write+0x327/0x4a0[ 0.206508] console_emit_next_record.constprop.0+0x180/0x330[ 0.206511] console_unlock+0xf7/0x1f0[ 0.206512] vprintk_emit+0xf7/0x330[ 0.206514] _printk+0x63/0x7e[ 0.206516] cblist_init_generic.constprop.0.cold+0x24/0x32[ 0.206518] rcu_init_tasks_generic+0x5/0xd9[ 0.206522] kernel_init_freeable+0x15b/0x2a2[ 0.206523] ? rest_init+0x160/0x160[ 0.206526] kernel_init+0x11/0x120[ 0.206527] ret_from_fork+0x1f/0x30[ 0.206530] </TASK>[ 0.207018] cblist_init_generic: Setting shift to 1 and lim to 1.This patch moves pr_info() so that it is called withoutrtp->cbs_gbl_lock locked. |
2026-02-12T16:06:35.690 |
https://cve.circl.lu/cve/CVE-2023-53558 |
| CVE-2023-53560 |
5.9 |
QEMU |
In the Linux kernel, the following vulnerability has been resolved:tracing/histograms: Add histograms to hist_vars if they have referenced variablesHist triggers can have referenced variables without having directvariables fields. This can be the case if referenced variables are addedfor trigger actions. In this case the newly added references will nothave field variables. Not taking such referenced variables intoconsideration can result in a bug where it would be possible to removehist trigger with variables being refenced. This will result in a bugthat is easily reproducable like so$ cd /sys/kernel/tracing$ echo 'synthetic_sys_enter char[] comm; long id' >> synthetic_events$ echo 'hist:keys=common_pid.execname,id.syscall:vals=hitcount:comm=common_pid.execname' >> events/raw_syscalls/sys_enter/trigger$ echo 'hist:keys=common_pid.execname,id.syscall:onmatch(raw_syscalls.sys_enter).synthetic_sys_enter($comm, id)' >> events/raw_syscalls/sys_enter/trigger$ echo '!hist:keys=common_pid.execname,id.syscall:vals=hitcount:comm=common_pid.execname' >> events/raw_syscalls/sys_enter/trigger[ 100.263533] ==================================================================[ 100.264634] BUG: KASAN: slab-use-after-free in resolve_var_refs+0xc7/0x180[ 100.265520] Read of size 8 at addr ffff88810375d0f0 by task bash/439[ 100.266320][ 100.266533] CPU: 2 PID: 439 Comm: bash Not tainted 6.5.0-rc1 #4[ 100.267277] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-20220807_005459-localhost 04/01/2014[ 100.268561] Call Trace:[ 100.268902] <TASK>[ 100.269189] dump_stack_lvl+0x4c/0x70[ 100.269680] print_report+0xc5/0x600[ 100.270165] ? resolve_var_refs+0xc7/0x180[ 100.270697] ? kasan_complete_mode_report_info+0x80/0x1f0[ 100.271389] ? resolve_var_refs+0xc7/0x180[ 100.271913] kasan_report+0xbd/0x100[ 100.272380] ? resolve_var_refs+0xc7/0x180[ 100.272920] __asan_load8+0x71/0xa0[ 100.273377] resolve_var_refs+0xc7/0x180[ 100.273888] event_hist_trigger+0x749/0x860[ 100.274505] ? kasan_save_stack+0x2a/0x50[ 100.275024] ? kasan_set_track+0x29/0x40[ 100.275536] ? __pfx_event_hist_trigger+0x10/0x10[ 100.276138] ? ksys_write+0xd1/0x170[ 100.276607] ? do_syscall_64+0x3c/0x90[ 100.277099] ? entry_SYSCALL_64_after_hwframe+0x6e/0xd8[ 100.277771] ? destroy_hist_data+0x446/0x470[ 100.278324] ? event_hist_trigger_parse+0xa6c/0x3860[ 100.278962] ? __pfx_event_hist_trigger_parse+0x10/0x10[ 100.279627] ? __kasan_check_write+0x18/0x20[ 100.280177] ? mutex_unlock+0x85/0xd0[ 100.280660] ? __pfx_mutex_unlock+0x10/0x10[ 100.281200] ? kfree+0x7b/0x120[ 100.281619] ? ____kasan_slab_free+0x15d/0x1d0[ 100.282197] ? event_trigger_write+0xac/0x100[ 100.282764] ? __kasan_slab_free+0x16/0x20[ 100.283293] ? __kmem_cache_free+0x153/0x2f0[ 100.283844] ? sched_mm_cid_remote_clear+0xb1/0x250[ 100.284550] ? __pfx_sched_mm_cid_remote_clear+0x10/0x10[ 100.285221] ? event_trigger_write+0xbc/0x100[ 100.285781] ? __kasan_check_read+0x15/0x20[ 100.286321] ? __bitmap_weight+0x66/0xa0[ 100.286833] ? _find_next_bit+0x46/0xe0[ 100.287334] ? task_mm_cid_work+0x37f/0x450[ 100.287872] event_triggers_call+0x84/0x150[ 100.288408] trace_event_buffer_commit+0x339/0x430[ 100.289073] ? ring_buffer_event_data+0x3f/0x60[ 100.292189] trace_event_raw_event_sys_enter+0x8b/0xe0[ 100.295434] syscall_trace_enter.constprop.0+0x18f/0x1b0[ 100.298653] syscall_enter_from_user_mode+0x32/0x40[ 100.301808] do_syscall_64+0x1a/0x90[ 100.304748] entry_SYSCALL_64_after_hwframe+0x6e/0xd8[ 100.307775] RIP: 0033:0x7f686c75c1cb[ 100.310617] Code: 73 01 c3 48 8b 0d 65 3c 10 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 21 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 35 3c 10 00 f7 d8 64 89 01 48[ 100.317847] RSP: 002b:00007ffc60137a38 EFLAGS: 00000246 ORIG_RAX: 0000000000000021[ 100.321200] RA---truncated--- |
2026-02-12T16:05:16.650 |
https://cve.circl.lu/cve/CVE-2023-53560 |
| CVE-2023-53577 |
5.9 |
QEMU |
In the Linux kernel, the following vulnerability has been resolved:bpf, cpumap: Make sure kthread is running before map update returnsThe following warning was reported when running stress-mode enabledxdp_redirect_cpu with some RT threads: ------------[ cut here ]------------ WARNING: CPU: 4 PID: 65 at kernel/bpf/cpumap.c:135 CPU: 4 PID: 65 Comm: kworker/4:1 Not tainted 6.5.0-rc2+ #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) Workqueue: events cpu_map_kthread_stop RIP: 0010:put_cpu_map_entry+0xda/0x220 ...... Call Trace: <TASK> ? show_regs+0x65/0x70 ? __warn+0xa5/0x240 ...... ? put_cpu_map_entry+0xda/0x220 cpu_map_kthread_stop+0x41/0x60 process_one_work+0x6b0/0xb80 worker_thread+0x96/0x720 kthread+0x1a5/0x1f0 ret_from_fork+0x3a/0x70 ret_from_fork_asm+0x1b/0x30 </TASK>The root cause is the same as commit 436901649731 ("bpf: cpumap: Fix memoryleak in cpu_map_update_elem"). The kthread is stopped prematurely bykthread_stop() in cpu_map_kthread_stop(), and kthread() doesn't callcpu_map_kthread_run() at all but XDP program has already queued someframes or skbs into ptr_ring. So when __cpu_map_ring_cleanup() checksthe ptr_ring, it will find it was not emptied and report a warning.An alternative fix is to use __cpu_map_ring_cleanup() to drop thesepending frames or skbs when kthread_stop() returns -EINTR, but it mayconfuse the user, because these frames or skbs have been handledcorrectly by XDP program. So instead of dropping these frames or skbs,just make sure the per-cpu kthread is running before__cpu_map_entry_alloc() returns.After apply the fix, the error handle for kthread_stop() will beunnecessary because it will always return 0, so just remove it. |
2026-02-10T15:21:08.353 |
https://cve.circl.lu/cve/CVE-2023-53577 |
| CVE-2023-53581 |
3.6 |
QEMU |
In the Linux kernel, the following vulnerability has been resolved:net/mlx5e: Check for NOT_READY flag state after lockingCurrently the check for NOT_READY flag is performed before obtaining thenecessary lock. This opens a possibility for race condition when the flowis concurrently removed from unready_flows list by the workqueue task,which causes a double-removal from the list and a crash[0]. Fix the issueby moving the flag check inside the section protected byuplink_priv->unready_flows_lock mutex.[0]:[44376.389654] general protection fault, probably for non-canonical address 0xdead000000000108: 0000 [#1] SMP[44376.391665] CPU: 7 PID: 59123 Comm: tc Not tainted 6.4.0-rc4+ #1[44376.392984] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014[44376.395342] RIP: 0010:mlx5e_tc_del_fdb_flow+0xb3/0x340 [mlx5_core][44376.396857] Code: 00 48 8b b8 68 ce 02 00 e8 8a 4d 02 00 4c 8d a8 a8 01 00 00 4c 89 ef e8 8b 79 88 e1 48 8b 83 98 06 00 00 48 8b 93 90 06 00 00 <48> 89 42 08 48 89 10 48 b8 00 01 00 00 00 00 ad de 48 89 83 90 06[44376.399167] RSP: 0018:ffff88812cc97570 EFLAGS: 00010246[44376.399680] RAX: dead000000000122 RBX: ffff8881088e3800 RCX: ffff8881881bac00[44376.400337] RDX: dead000000000100 RSI: ffff88812cc97500 RDI: ffff8881242f71b0[44376.401001] RBP: ffff88811cbb0940 R08: 0000000000000400 R09: 0000000000000001[44376.401663] R10: 0000000000000001 R11: 0000000000000000 R12: ffff88812c944000[44376.402342] R13: ffff8881242f71a8 R14: ffff8881222b4000 R15: 0000000000000000[44376.402999] FS: 00007f0451104800(0000) GS:ffff88852cb80000(0000) knlGS:0000000000000000[44376.403787] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033[44376.404343] CR2: 0000000000489108 CR3: 0000000123a79003 CR4: 0000000000370ea0[44376.405004] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000[44376.405665] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400[44376.406339] Call Trace:[44376.406651] <TASK>[44376.406939] ? die_addr+0x33/0x90[44376.407311] ? exc_general_protection+0x192/0x390[44376.407795] ? asm_exc_general_protection+0x22/0x30[44376.408292] ? mlx5e_tc_del_fdb_flow+0xb3/0x340 [mlx5_core][44376.408876] __mlx5e_tc_del_fdb_peer_flow+0xbc/0xe0 [mlx5_core][44376.409482] mlx5e_tc_del_flow+0x42/0x210 [mlx5_core][44376.410055] mlx5e_flow_put+0x25/0x50 [mlx5_core][44376.410529] mlx5e_delete_flower+0x24b/0x350 [mlx5_core][44376.411043] tc_setup_cb_reoffload+0x22/0x80[44376.411462] fl_reoffload+0x261/0x2f0 [cls_flower][44376.411907] ? mlx5e_rep_indr_setup_ft_cb+0x160/0x160 [mlx5_core][44376.412481] ? mlx5e_rep_indr_setup_ft_cb+0x160/0x160 [mlx5_core][44376.413044] tcf_block_playback_offloads+0x76/0x170[44376.413497] tcf_block_unbind+0x7b/0xd0[44376.413881] tcf_block_setup+0x17d/0x1c0[44376.414269] tcf_block_offload_cmd.isra.0+0xf1/0x130[44376.414725] tcf_block_offload_unbind+0x43/0x70[44376.415153] __tcf_block_put+0x82/0x150[44376.415532] ingress_destroy+0x22/0x30 [sch_ingress][44376.415986] qdisc_destroy+0x3b/0xd0[44376.416343] qdisc_graft+0x4d0/0x620[44376.416706] tc_get_qdisc+0x1c9/0x3b0[44376.417074] rtnetlink_rcv_msg+0x29c/0x390[44376.419978] ? rep_movs_alternative+0x3a/0xa0[44376.420399] ? rtnl_calcit.isra.0+0x120/0x120[44376.420813] netlink_rcv_skb+0x54/0x100[44376.421192] netlink_unicast+0x1f6/0x2c0[44376.421573] netlink_sendmsg+0x232/0x4a0[44376.421980] sock_sendmsg+0x38/0x60[44376.422328] ____sys_sendmsg+0x1d0/0x1e0[44376.422709] ? copy_msghdr_from_user+0x6d/0xa0[44376.423127] ___sys_sendmsg+0x80/0xc0[44376.423495] ? ___sys_recvmsg+0x8b/0xc0[44376.423869] __sys_sendmsg+0x51/0x90[44376.424226] do_syscall_64+0x3d/0x90[44376.424587] entry_SYSCALL_64_after_hwframe+0x46/0xb0[44376.425046] RIP: 0033:0x7f045134f887[44376.425403] Code: 0a 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00---truncated--- |
2026-02-10T13:06:15.787 |
https://cve.circl.lu/cve/CVE-2023-53581 |
| CVE-2023-53582 |
3.6 |
QEMU |
In the Linux kernel, the following vulnerability has been resolved:wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-boundsFix a stack-out-of-bounds read in brcmfmac that occurswhen 'buf' that is not null-terminated is passed as an argument ofstrreplace() in brcmf_c_preinit_dcmds(). This buffer is filled witha CLM version string by memcpy() in brcmf_fil_iovar_data_get().Ensure buf is null-terminated.Found by a modified version of syzkaller.[ 33.004414][ T1896] brcmfmac: brcmf_c_process_clm_blob: no clm_blob available (err=-2), device may have limited channels available[ 33.013486][ T1896] brcmfmac: brcmf_c_preinit_dcmds: Firmware: BCM43236/3 wl0: Nov 30 2011 17:33:42 version 5.90.188.22[ 33.021554][ T1896] ==================================================================[ 33.022379][ T1896] BUG: KASAN: stack-out-of-bounds in strreplace+0xf2/0x110[ 33.023122][ T1896] Read of size 1 at addr ffffc90001d6efc8 by task kworker/0:2/1896[ 33.023852][ T1896][ 33.024096][ T1896] CPU: 0 PID: 1896 Comm: kworker/0:2 Tainted: G O 5.14.0+ #132[ 33.024927][ T1896] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org 04/01/2014[ 33.026065][ T1896] Workqueue: usb_hub_wq hub_event[ 33.026581][ T1896] Call Trace:[ 33.026896][ T1896] dump_stack_lvl+0x57/0x7d[ 33.027372][ T1896] print_address_description.constprop.0.cold+0xf/0x334[ 33.028037][ T1896] ? strreplace+0xf2/0x110[ 33.028403][ T1896] ? strreplace+0xf2/0x110[ 33.028807][ T1896] kasan_report.cold+0x83/0xdf[ 33.029283][ T1896] ? strreplace+0xf2/0x110[ 33.029666][ T1896] strreplace+0xf2/0x110[ 33.029966][ T1896] brcmf_c_preinit_dcmds+0xab1/0xc40[ 33.030351][ T1896] ? brcmf_c_set_joinpref_default+0x100/0x100[ 33.030787][ T1896] ? rcu_read_lock_sched_held+0xa1/0xd0[ 33.031223][ T1896] ? rcu_read_lock_bh_held+0xb0/0xb0[ 33.031661][ T1896] ? lock_acquire+0x19d/0x4e0[ 33.032091][ T1896] ? find_held_lock+0x2d/0x110[ 33.032605][ T1896] ? brcmf_usb_deq+0x1a7/0x260[ 33.033087][ T1896] ? brcmf_usb_rx_fill_all+0x5a/0xf0[ 33.033582][ T1896] brcmf_attach+0x246/0xd40[ 33.034022][ T1896] ? wiphy_new_nm+0x1476/0x1d50[ 33.034383][ T1896] ? kmemdup+0x30/0x40[ 33.034722][ T1896] brcmf_usb_probe+0x12de/0x1690[ 33.035223][ T1896] ? brcmf_usbdev_qinit.constprop.0+0x470/0x470[ 33.035833][ T1896] usb_probe_interface+0x25f/0x710[ 33.036315][ T1896] really_probe+0x1be/0xa90[ 33.036656][ T1896] __driver_probe_device+0x2ab/0x460[ 33.037026][ T1896] ? usb_match_id.part.0+0x88/0xc0[ 33.037383][ T1896] driver_probe_device+0x49/0x120[ 33.037790][ T1896] __device_attach_driver+0x18a/0x250[ 33.038300][ T1896] ? driver_allows_async_probing+0x120/0x120[ 33.038986][ T1896] bus_for_each_drv+0x123/0x1a0[ 33.039906][ T1896] ? bus_rescan_devices+0x20/0x20[ 33.041412][ T1896] ? lockdep_hardirqs_on_prepare+0x273/0x3e0[ 33.041861][ T1896] ? trace_hardirqs_on+0x1c/0x120[ 33.042330][ T1896] __device_attach+0x207/0x330[ 33.042664][ T1896] ? device_bind_driver+0xb0/0xb0[ 33.043026][ T1896] ? kobject_uevent_env+0x230/0x12c0[ 33.043515][ T1896] bus_probe_device+0x1a2/0x260[ 33.043914][ T1896] device_add+0xa61/0x1ce0[ 33.044227][ T1896] ? __mutex_unlock_slowpath+0xe7/0x660[ 33.044891][ T1896] ? __fw_devlink_link_to_suppliers+0x550/0x550[ 33.045531][ T1896] usb_set_configuration+0x984/0x1770[ 33.046051][ T1896] ? kernfs_create_link+0x175/0x230[ 33.046548][ T1896] usb_generic_driver_probe+0x69/0x90[ 33.046931][ T1896] usb_probe_device+0x9c/0x220[ 33.047434][ T1896] really_probe+0x1be/0xa90[ 33.047760][ T1896] __driver_probe_device+0x2ab/0x460[ 33.048134][ T1896] driver_probe_device+0x49/0x120[ 33.048516][ T1896] __device_attach_driver+0x18a/0x250[ 33.048910][ T1896] ? driver_allows_async_probing+0x120/0x120---truncated--- |
2026-02-10T14:43:43.063 |
https://cve.circl.lu/cve/CVE-2023-53582 |
| CVE-2026-23948 |
3.6 |
RDP |
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, a NULL pointer dereference vulnerability in rdp_write_logon_info_v2() allows a malicious RDP server to crash FreeRDP proxy by sending a specially crafted LogonInfoV2 PDU with cbDomain=0 or cbUserName=0. This vulnerability is fixed in 3.22.0. |
2026-02-10T15:09:11.707 |
https://cve.circl.lu/cve/CVE-2026-23948 |
| CVE-2026-24684 |
3.6 |
RDP |
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, the RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsnd_treat_wave. This vulnerability is fixed in 3.22.0. |
2026-02-10T15:02:32.033 |
https://cve.circl.lu/cve/CVE-2026-24684 |
| CVE-2020-0919 |
5.9 |
Remote Desktop |
An elevation of privilege vulnerability exists in Remote Desktop App for Mac in the way it allows an attacker to load unsigned binaries, aka 'Microsoft Remote Desktop App for Mac Elevation of Privilege Vulnerability'. |
2026-02-12T22:01:59.620 |
https://cve.circl.lu/cve/CVE-2020-0919 |
| CVE-2026-24491 |
3.6 |
Remote Desktop |
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, video_timer can send client notifications after the control channel is closed, dereferencing a freed callback and triggering a use after free. This vulnerability is fixed in 3.22.0. |
2026-02-10T15:06:24.917 |
https://cve.circl.lu/cve/CVE-2026-24491 |
| CVE-2026-24675 |
3.6 |
Remote Desktop |
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, urb_select_interface can free the device's MS config on error but later code still dereferences it, leading to a use after free in libusb_udev_select_interface. This vulnerability is fixed in 3.22.0. |
2026-02-10T15:05:31.817 |
https://cve.circl.lu/cve/CVE-2026-24675 |
| CVE-2026-24676 |
3.6 |
Remote Desktop |
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, AUDIN format renegotiation frees the active format list while the capture thread continues using audin->format, leading to a use after free in audio_format_compatible. This vulnerability is fixed in 3.22.0. |
2026-02-10T15:04:59.453 |
https://cve.circl.lu/cve/CVE-2026-24676 |
| CVE-2026-24685 |
5.9 |
Repository |
OpenProject is an open-source, web-based project management software. Versions prior to 16.6.6 and 17.0.2 have an arbitrary file write vulnerability in OpenProject’s repository diff download endpoint (`/projects/:project_id/repository/diff.diff`) when rendering a single revision via git show. By supplying a specially crafted rev value (for example, `rev=--output=/tmp/poc.txt)`, an attacker can inject git show command-line options. When OpenProject executes the SCM command, Git interprets the attacker-controlled rev as an option and writes the output to an attacker-chosen path. As a result, any user with the `:browse_repository` permission on the project can create or overwrite arbitrary files that the OpenProject process user is permitted to write. The written contents consist of git show output (commit metadata and patch), but overwriting application or configuration files still leads to data loss and denial of service, impacting integrity and availability. The issue has been fixed in OpenProject 17.0.2 and 16.6.6. |
2026-02-09T18:24:51.600 |
https://cve.circl.lu/cve/CVE-2026-24685 |
| CVE-2026-25763 |
6.0 |
Repository |
OpenProject is an open-source, web-based project management software. Prior to versions 16.6.7 and 17.0.3, an arbitrary file write vulnerability exists in OpenProject’s repository changes endpoint (/projects/:project_id/repository/changes) when rendering the “latest changes” view via git log. By supplying a specially crafted rev value (for example, rev=--output=/tmp/poc.txt), an attacker can inject git log command-line options. When OpenProject executes the SCM command, Git interprets the attacker-controlled rev as an option and writes the output to an attacker-chosen path. As a result, any user with the :browse_repository permission on the project can create or overwrite arbitrary files that the OpenProject process user is permitted to write. The written contents consist of git log output, but by crafting custom commits the attacker can still upload valid shell scripts, ultimately leading to RCE. The RCE lets the attacker create a reverse shell to the target host and view confidential files outside of OpenProject, such as /etc/passwd. This issue has been patched in versions 16.6.7 and 17.0.3. |
2026-02-13T19:07:56.520 |
https://cve.circl.lu/cve/CVE-2026-25763 |
| CVE-2026-2183 |
3.4 |
Repository |
A security vulnerability has been detected in Great Developers Certificate Generation System up to 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73. This affects an unknown part of the file /restructured/csv.php. The manipulation leads to unrestricted upload. Remote exploitation of the attack is possible. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The code repository of the project has not been active for many years. |
2026-02-09T16:08:35.290 |
https://cve.circl.lu/cve/CVE-2026-2183 |
| CVE-2025-3722 |
3.6 |
Repo |
A path traversal vulnerability in System Information Reporter (SIR) 1.0.3 and prior allowed an authenticated high privileged user to issue malicious ePO post requests to System Information Reporter, leading to creation of files anywhere on the filesystem and possibly overwriting existing files and exposing sensitive information disclosure. |
2026-02-11T21:40:42.813 |
https://cve.circl.lu/cve/CVE-2025-3722 |
| CVE-2025-3773 |
3.6 |
Repo |
A sensitive information exposure vulnerability in System Information Reporter (SIR) 1.0.3 and prior allows an authenticated non-admin local user to extract sensitive information stored in a registry backup folder. |
2026-02-11T21:39:41.160 |
https://cve.circl.lu/cve/CVE-2025-3773 |
| CVE-2026-0484 |
3.6 |
SAP |
Due to missing authorization check in SAP NetWeaver Application Server ABAP and SAP S/4HANA, an authenticated attacker could access a specific transaction code and modify the text data in the system. This vulnerability has a high impact on integrity of the application with no effect on the confidentiality and availability. |
2026-02-10T15:22:54.740 |
https://cve.circl.lu/cve/CVE-2026-0484 |
| CVE-2026-0485 |
3.6 |
SAP |
SAP BusinessObjects BI Platform allows an unauthenticated attacker to send specially crafted requests that could cause the Content Management Server (CMS) to crash and automatically restart. By repeatedly submitting these requests, the attacker could induce a persistent service disruption, rendering the CMS completely unavailable. Successful exploitation results in a high impact on availability, while confidentiality and integrity remain unaffected. |
2026-02-10T15:22:54.740 |
https://cve.circl.lu/cve/CVE-2026-0485 |
| CVE-2026-0486 |
1.4 |
SAP |
In ABAP based SAP systems a remote enabled function module does not perform necessary authorization checks for an authenticated user resulting in disclosure of system information.This has low impact on confidentiality. Integrity and availability are not impacted. |
2026-02-10T15:22:54.740 |
https://cve.circl.lu/cve/CVE-2026-0486 |
| CVE-2026-0490 |
3.6 |
SAP |
SAP BusinessObjects BI Platform allows an unauthenticated attacker to craft a specific network request to the trusted endpoint that breaks the authentication, which prevents the legitimate users from accessing the platform. As a result, it has a high impact on the availability but no impact on the confidentiality and integrity. |
2026-02-10T15:22:54.740 |
https://cve.circl.lu/cve/CVE-2026-0490 |
| CVE-2025-68615 |
5.9 |
SNMP |
net-snmp is a SNMP application library, tools and daemon. Prior to versions 5.9.5 and 5.10.pre2, a specially crafted packet to an net-snmp snmptrapd daemon can cause a buffer overflow and the daemon to crash. This issue has been patched in versions 5.9.5 and 5.10.pre2. |
2026-02-10T18:16:21.673 |
https://cve.circl.lu/cve/CVE-2025-68615 |
| CVE-2022-35737 |
3.6 |
SQL |
SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API. |
2026-02-13T20:16:13.533 |
https://cve.circl.lu/cve/CVE-2022-35737 |
| CVE-2022-46763 |
5.9 |
SQL |
A SQL injection issue in a database stored function in TrueConf Server 5.2.0.10225 (fixed in 5.2.6.10025) allows a low-privileged database user to execute arbitrary SQL commands as the database administrator, resulting in execution of arbitrary code. |
2026-02-09T16:15:57.840 |
https://cve.circl.lu/cve/CVE-2022-46763 |
| CVE-2024-5653 |
3.4 |
SQL |
A vulnerability, which was classified as critical, has been found in Chanjet Smooth T+system 3.5. This issue affects some unknown processing of the file /tplus/UFAQD/keyEdit.aspx. The manipulation of the argument KeyID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-267185 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
2026-02-10T19:18:29.010 |
https://cve.circl.lu/cve/CVE-2024-5653 |
| CVE-2024-51962 |
5.8 |
SQL |
A SQL injection vulnerability in ArcGIS Server allows an EDIT operation to modify column properties in a manner that could lead to SQL injection when performed by a remote authenticated user requiring elevated, non‑administrative privileges. Exploitation is restricted to users with advanced application‑specific permissions, indicating high privileges are required. Successful exploitation would have a high impact on integrity and confidentiality, with no impact on availability. |
2026-02-13T19:41:49.147 |
https://cve.circl.lu/cve/CVE-2024-51962 |
| CVE-2025-39474 |
4.7 |
SQL |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThemeMove Amely allows SQL Injection. This issue affects Amely: from n/a through 3.1.4. |
2026-02-11T21:38:41.560 |
https://cve.circl.lu/cve/CVE-2025-39474 |
| CVE-2025-56230 |
3.6 |
SSL |
Tencent Docs Desktop 3.9.20 and earlier suffers from Missing SSL Certificate Validation in the update component. |
2026-02-10T17:47:38.917 |
https://cve.circl.lu/cve/CVE-2025-56230 |
| CVE-2025-68721 |
5.2 |
SSL |
Axigen Mail Server before 10.5.57 contains an improper access control vulnerability in the WebAdmin interface. A delegated admin account with zero permissions can bypass access control checks and gain unauthorized access to the SSL Certificates management endpoint (page=sslcerts). This allows the attacker to view, download, upload, and delete SSL certificate files, despite lacking the necessary privileges to access the Security & Filtering section. |
2026-02-13T15:15:57.127 |
https://cve.circl.lu/cve/CVE-2025-68721 |
| CVE-2025-68723 |
6.0 |
SSL |
Axigen Mail Server before 10.5.57 contains multiple stored Cross-Site Scripting (XSS) vulnerabilities in the WebAdmin interface. Three instances exist: (1) the log file name parameter in the Local Services Log page, (2) certificate file content in the SSL Certificates View Usage feature, and (3) the Certificate File name parameter in the WebMail Listeners SSL settings. Attackers can inject malicious JavaScript payloads that execute in administrators' browsers when they access affected pages or features, enabling privilege escalation attacks where low-privileged admins can force high-privileged admins to perform unauthorized actions. |
2026-02-13T15:15:57.503 |
https://cve.circl.lu/cve/CVE-2025-68723 |
| CVE-2025-66598 |
N/A |
SSL |
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation.This product supportsold SSL/TLS versions, potentially allowing an attacker to decryptcommunications with the web server.Theaffected products and versions are as follows: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) R9.01 toR10.04 |
2026-02-09T16:08:35.290 |
https://cve.circl.lu/cve/CVE-2025-66598 |
| CVE-2026-26214 |
5.2 |
SSL |
Galaxy FDS Android SDK (XiaoMi/galaxy-fds-sdk-android) version 3.0.8 and prior disable TLS hostname verification when HTTPS is enabled (the default configuration). In GalaxyFDSClientImpl.createHttpClient(), the SDK configures Apache HttpClient with SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER, which accepts any valid TLS certificate regardless of hostname mismatch. Because HTTPS is enabled by default in FDSClientConfiguration, all applications using the SDK with default settings are affected. This vulnerability allows a man-in-the-middle attacker to intercept and modify SDK communications to Xiaomi FDS cloud storage endpoints, potentially exposing authentication credentials, file contents, and API responses. The XiaoMi/galaxy-fds-sdk-android open source project has reached end-of-life status. |
2026-02-13T14:23:48.007 |
https://cve.circl.lu/cve/CVE-2026-26214 |
| CVE-2026-25949 |
3.6 |
STARTTLS |
Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.8, there is a potential vulnerability in Traefik managing STARTTLS requests. An unauthenticated client can bypass Traefik entrypoint respondingTimeouts.readTimeout by sending the 8-byte Postgres SSLRequest (STARTTLS) prelude and then stalling, causing connections to remain open indefinitely, leading to a denial of service. This vulnerability is fixed in 3.6.8. |
2026-02-13T14:23:48.007 |
https://cve.circl.lu/cve/CVE-2026-25949 |
| CVE-2025-40536 |
5.9 |
Solarwinds |
SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain restricted functionality. |
2026-02-13T14:03:55.790 |
https://cve.circl.lu/cve/CVE-2025-40536 |
| CVE-2025-69431 |
5.2 |
Samba |
The ZSPACE Q2C NAS contains a vulnerability related to incorrect symbolic link following. Attackers can format a USB drive to ext4, create a symbolic link to its root directory, insert the drive into the NAS device's slot, and then access the USB drive's directory mounted on the NAS using the Samba protocol. This allows them to obtain all files within the NAS system and tamper with those files. |
2026-02-11T16:14:00.497 |
https://cve.circl.lu/cve/CVE-2025-69431 |
| CVE-2020-37153 |
5.9 |
SIP |
ASTPP 4.0.1 contains multiple vulnerabilities including cross-site scripting and command injection in SIP device configuration and plugin management interfaces. Attackers can exploit these flaws to inject system commands, hijack administrator sessions, and potentially execute arbitrary code with root permissions through cron task manipulation. |
2026-02-12T15:10:37.307 |
https://cve.circl.lu/cve/CVE-2020-37153 |
| CVE-2025-1790 |
N/A |
SIP |
Local privilege escalation in Genetec Sipelia Plugin. An authenticated low-privileged Windows user could exploit this vulnerability to gain elevated privileges on the affected system. |
2026-02-13T21:43:11.137 |
https://cve.circl.lu/cve/CVE-2025-1790 |
| CVE-2025-27024 |
3.6 |
SSH |
Unrestricted access to OS file system in SFTP service in Infinera G42 version R6.1.3 allows remote authenticated users to read/write OS files via SFTP connections.Details: Account members of the Network Administrator profile can access the target machine via SFTP with the same credentials used for SSH CLI access and are able to read all files according to the OS permission instead of remaining inside the chrooted directory position. |
2026-02-11T21:28:14.523 |
https://cve.circl.lu/cve/CVE-2025-27024 |
| CVE-2024-54855 |
5.5 |
SSH |
fabricators Ltd Vanilla OS 2 Core image v1.1.0 was discovered to contain static keys for the SSH service, allowing attackers to possibly execute a man-in-the-middle attack during connections with other hosts. |
2026-02-10T18:36:03.913 |
https://cve.circl.lu/cve/CVE-2024-54855 |
| CVE-2025-62501 |
5.9 |
SSH |
SSH Hostkey misconfiguration vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows attackers to obtain device credentials through a specially crafted man‑in‑the‑middle (MITM) attack. This could enable unauthorized access if captured credentials are reused.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120. |
2026-02-11T19:21:23.680 |
https://cve.circl.lu/cve/CVE-2025-62501 |
| CVE-2026-25157 |
6.0 |
SSH |
OpenClaw is a personal AI assistant. Prior to version 2026.1.29, there is an OS command injection vulnerability via the Project Root Path in sshNodeCommand. The sshNodeCommand function constructed a shell script without properly escaping the user-supplied project path in an error message. When the cd command failed, the unescaped path was interpolated directly into an echo statement, allowing arbitrary command execution on the remote SSH host. The parseSSHTarget function did not validate that SSH target strings could not begin with a dash. An attacker-supplied target like -oProxyCommand=... would be interpreted as an SSH configuration flag rather than a hostname, allowing arbitrary command execution on the local machine. This issue has been patched in version 2026.1.29. |
2026-02-13T14:33:31.043 |
https://cve.circl.lu/cve/CVE-2026-25157 |
| CVE-2024-8149 |
2.5 |
SES |
There is a reflected Cross‑Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS versions 11.1 and 11.2 that may allow a remote, authenticated attacker with low‑privileged access to create a crafted link which, when clicked, could potentially execute arbitrary JavaScript code in the victim’s browser. Exploitation is limited to the same browser execution context and does not result in a change of security scope beyond the affected user session. |
2026-02-13T19:41:27.740 |
https://cve.circl.lu/cve/CVE-2024-8149 |
| CVE-2025-64186 |
5.8 |
TLS |
Evervault is a payment security solution. A vulnerability was identified in the `evervault-go` SDK’s attestation verification logic in versions of `evervault-go` prior to 1.3.2 that may allow incomplete documents to pass validation. This may cause the client to trust an enclave operator that does not meet expected integrity guarantees. The exploitability of this issue is limited in Evervault-hosted environments as an attacker would require the pre-requisite ability to serve requests from specific evervault domain names, following from our ACME challenge based TLS certificate acquisition pipeline. The vulnerability primarily affects applications which only check PCR8. Though the efficacy is also reduced for applications that check all PCR values, the impact is largely remediated by checking PCR 0, 1 and 2. The identified issue has been addressed in version 1.3.2 by validating attestation documents before storing in the cache, and replacing the naive equality checks with a new SatisfiedBy check. Those who useevervault-go to attest Enclaves that are hosted outside of Evervault environments and cannot upgrade have two possible workarounds available. Modify the application logic to fail verification if PCR8 is not explicitly present and non-empty and/or add custom pre-validation to reject documents that omit any required PCRs. |
2026-02-13T16:57:05.983 |
https://cve.circl.lu/cve/CVE-2025-64186 |
| CVE-2026-25160 |
5.2 |
TLS |
Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application disables TLS certificate verification by default for all outgoing storage driver communications, making the system vulnerable to Man-in-the-Middle (MitM) attacks. This enables the complete decryption, theft, and manipulation of all data transmitted during storage operations, severely compromising the confidentiality and integrity of user data. This issue has been patched in version 3.57.0. |
2026-02-13T21:23:28.700 |
https://cve.circl.lu/cve/CVE-2026-25160 |
| CVE-2026-25644 |
3.6 |
TLS |
DataHub is an open-source metadata platform. Prior to version 1.3.1.8, the LDAP ingestion source is vulnerable to MITM attack through TLS downgrade. This issue has been patched in version 1.3.1.8. |
2026-02-09T16:08:55.263 |
https://cve.circl.lu/cve/CVE-2026-25644 |
| CVE-2026-25961 |
5.9 |
TLS |
SumatraPDF is a multi-format reader for Windows. In 3.5.0 through 3.5.2, SumatraPDF's update mechanism disables TLS hostname verification (INTERNET_FLAG_IGNORE_CERT_CN_INVALID) and executes installers without signature checks. A network attacker with any valid TLS certificate (e.g., Let's Encrypt) can intercept the update check request, inject a malicious installer URL, and achieve arbitrary code execution. |
2026-02-10T15:22:54.740 |
https://cve.circl.lu/cve/CVE-2026-25961 |
| CVE-2026-1637 |
5.9 |
Tenda |
A vulnerability was identified in Tenda AC21 16.03.08.16. The affected element is the function fromAdvSetMacMtuWan of the file /goform/AdvSetMacMtuWan. The manipulation leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. |
2026-02-10T15:13:38.820 |
https://cve.circl.lu/cve/CVE-2026-1637 |
| CVE-2026-1687 |
3.4 |
Tenda |
A weakness has been identified in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon. Impacted is an unknown function of the file /boaform/formSamba of the component Boa Webserver. Executing a manipulation of the argument serverString can lead to command injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. |
2026-02-10T15:14:03.207 |
https://cve.circl.lu/cve/CVE-2026-1687 |
| CVE-2026-1689 |
3.4 |
Tenda |
A vulnerability was detected in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon. The impacted element is the function checkUserFromLanOrWan of the file /boaform/admin/formLogin of the component Login Interface. The manipulation of the argument Host results in command injection. The attack can be launched remotely. The exploit is now public and may be used. |
2026-02-10T14:18:11.040 |
https://cve.circl.lu/cve/CVE-2026-1689 |
| CVE-2026-1690 |
3.4 |
Tenda |
A flaw has been found in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon. This affects the function system of the file /boaform/formSysCmd. This manipulation of the argument sysCmd causes command injection. The attack may be initiated remotely. The exploit has been published and may be used. |
2026-02-10T14:34:50.513 |
https://cve.circl.lu/cve/CVE-2026-1690 |
| CVE-2026-24426 |
2.7 |
Tenda |
Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior contain an improper output encoding vulnerability in the web management interface. User-supplied input is reflected in HTTP responses without adequate escaping, allowing injection of arbitrary HTML or JavaScript in a victim’s browser context. |
2026-02-10T14:13:03.557 |
https://cve.circl.lu/cve/CVE-2026-24426 |
| CVE-2026-23563 |
5.2 |
TeamViewer |
Improper Link Resolution Before File Access (invoked by 1E‑Explorer‑TachyonCore‑DeleteFileByPath instruction) in TeamViewer DEX - 1E Client before version 26.1 on Windows allows a low‑privileged local attacker to delete protected system files via a crafted RPC control junction or symlink that is followed when the delete instruction executes. |
2026-02-11T19:20:41.057 |
https://cve.circl.lu/cve/CVE-2026-23563 |
| CVE-2026-23564 |
3.6 |
TeamViewer |
A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to cause normally encrypted UDP traffic to be sent in cleartext. This can result in disclosure of sensitive information. |
2026-02-11T19:24:41.843 |
https://cve.circl.lu/cve/CVE-2026-23564 |
| CVE-2026-23565 |
3.6 |
TeamViewer |
A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to cause the NomadBranch.exe process to terminate via crafted requests. This can result in a denial-of-service condition of the Content Distribution Service. |
2026-02-11T19:25:35.060 |
https://cve.circl.lu/cve/CVE-2026-23565 |
| CVE-2026-23566 |
3.6 |
TeamViewer |
A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to inject, tamper with, or forge log entries in \Nomad Branch.log via crafted data sent to the UDP network handler. This can impact log integrity and nonrepudiation. |
2026-02-11T19:42:27.537 |
https://cve.circl.lu/cve/CVE-2026-23566 |
| CVE-2026-23567 |
3.6 |
TeamViewer |
An integer underflow in the UDP command handler of the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an adjacent network attacker to trigger a heap-based buffer overflow and cause a denial-of-service (service crash) via specially crafted UDP packets. |
2026-02-11T20:08:43.147 |
https://cve.circl.lu/cve/CVE-2026-23567 |
| CVE-2026-0918 |
N/A |
TAP |
The Tapo C220 v1 and C520WS v2 cameras’ HTTP service does not safely handle POST requests containing an excessively large Content-Length header. The resulting failed memory allocation triggers a NULL pointer dereference, causing the main service process to crash. An unauthenticated attacker can repeatedly crash the service, causing temporary denial of service. The device restarts automatically, and repeated requests can keep it unavailable. |
2026-02-10T00:16:06.253 |
https://cve.circl.lu/cve/CVE-2026-0918 |
| CVE-2025-15557 |
5.9 |
TAP |
An Improper Certificate Validation vulnerability in TP-Link Tapo H100 v1 and Tapo P100 v1 allows an on-path attacker on the same network segment to intercept and modify encrypted device-cloud communications. This may compromise the confidentiality and integrity of device-to-cloud communication, enabling manipulation of device data or operations. |
2026-02-12T17:29:30.100 |
https://cve.circl.lu/cve/CVE-2025-15557 |
| CVE-2020-37170 |
3.6 |
TAP |
TapinRadio 2.12.3 contains a denial of service vulnerability in the application proxy address configuration that allows local attackers to crash the application. Attackers can overwrite the address field with 3000 bytes of arbitrary data to trigger an application crash and prevent normal program functionality. |
2026-02-09T16:08:55.263 |
https://cve.circl.lu/cve/CVE-2020-37170 |
| CVE-2020-37171 |
3.6 |
TAP |
TapinRadio 2.12.3 contains a denial of service vulnerability in the application proxy username configuration that allows local attackers to crash the application. Attackers can overwrite the username field with 10,000 bytes of arbitrary data to trigger an application crash and prevent normal program functionality. |
2026-02-09T16:08:55.263 |
https://cve.circl.lu/cve/CVE-2020-37171 |
| CVE-2026-0651 |
5.9 |
TAP |
On TP-Link Tapo C260 v1, path traversal is possible due to improper handling of specific GET request paths via https, allowing local unauthenticated probing of filesystem paths. An attacker on the local network can determine whether certain files exists on the device, with no read, write or code execution possibilities. |
2026-02-13T20:45:32.090 |
https://cve.circl.lu/cve/CVE-2026-0651 |
| CVE-2019-12749 |
5.2 |
Ubuntu |
dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass. |
2026-02-13T20:16:12.897 |
https://cve.circl.lu/cve/CVE-2019-12749 |
| CVE-2026-20730 |
1.4 |
VPN |
A vulnerability exists in BIG-IP Edge Client and browser VPN clients on Windows that may allow attackers to gain access to sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated |
2026-02-13T21:36:18.327 |
https://cve.circl.lu/cve/CVE-2026-20730 |
| CVE-2026-25803 |
5.9 |
VPN |
3DP-MANAGER is an inbound generator for 3x-ui. In version 2.0.1 and prior, the application automatically creates an administrative account with known default credentials (admin/admin) upon the first initialization. Attackers with network access to the application's login interface can gain full administrative control, managing VPN tunnels and system settings. This issue will be patched in version 2.0.2. |
2026-02-09T16:08:55.263 |
https://cve.circl.lu/cve/CVE-2026-25803 |
| CVE-2026-22153 |
5.9 |
VPN |
An Authentication Bypass by Primary Weakness vulnerability [CWE-305] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4 may allow an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FSSO policy, when the remote LDAP server is configured in a specific way. |
2026-02-12T16:03:10.500 |
https://cve.circl.lu/cve/CVE-2026-22153 |
| CVE-2026-21257 |
5.9 |
Visual Studio |
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an authorized attacker to elevate privileges over a network. |
2026-02-11T19:47:12.797 |
https://cve.circl.lu/cve/CVE-2026-21257 |
| CVE-2026-21518 |
3.6 |
Visual Studio |
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network. |
2026-02-11T21:34:21.863 |
https://cve.circl.lu/cve/CVE-2026-21518 |
| CVE-2026-21523 |
5.9 |
Visual Studio |
Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network. |
2026-02-11T21:41:36.627 |
https://cve.circl.lu/cve/CVE-2026-21523 |
| CVE-2026-25931 |
5.9 |
VS Code |
vscode-spell-checker is a basic spell checker that works well with code and documents. Prior to v4.5.4, DocumentSettings._determineIsTrusted treats the configuration value cSpell.trustedWorkspace as the authoritative trust flag. The value defaults to true (package.json) and is read from workspace configuration each time settings are fetched. The code coerces any truthy value to true and forwards it to ConfigLoader.setIsTrusted , which in turn allows JavaScript/TypeScript configuration files ( .cspell.config.js/.mjs/.ts , etc.) to be located and executed. Because no VS Code workspace-trust state is consulted, an untrusted workspace can keep the flag true and place a malicious .cspell.config.js ; opening the workspace causes the extension host to execute attacker-controlled Node.js code with the user’s privileges. This vulnerability is fixed in v4.5.4. |
2026-02-10T15:22:54.740 |
https://cve.circl.lu/cve/CVE-2026-25931 |
| CVE-2026-23901 |
1.4 |
VS Code |
Observable Timing Discrepancy vulnerability in Apache Shiro.This issue affects Apache Shiro: from 1.*, 2.* before 2.0.7.Users are recommended to upgrade to version 2.0.7 or later, which fixes the issue.Prior to Shiro 2.0.7, code paths for non-existent vs. existing users are different enough,that a brute-force attack may be able to tell, by timing the requests only, determine ifthe request failed because of a non-existent user vs. wrong password.The most likely attack vector is a local attack only.Shiro security model https://shiro.apache.org/security-model.html#username_enumeration discusses this as well.Typically, brute force attack can be mitigated at the infrastructure level. |
2026-02-12T15:30:25.543 |
https://cve.circl.lu/cve/CVE-2026-23901 |
| CVE-2026-25749 |
5.2 |
Vim |
Vim is an open source, command line text editor. Prior to version 9.1.2132, a heap buffer overflow vulnerability exists in Vim's tag file resolution logic when processing the 'helpfile' option. The vulnerability is located in the get_tagfname() function in src/tag.c. When processing help file tags, Vim copies the user-controlled 'helpfile' option value into a fixed-size heap buffer of MAXPATHL + 1 bytes (typically 4097 bytes) using an unsafe STRCPY() operation without any bounds checking. This issue has been patched in version 9.1.2132. |
2026-02-09T16:08:55.263 |
https://cve.circl.lu/cve/CVE-2026-25749 |
| CVE-2026-26269 |
2.5 |
Vim |
Vim is an open source, command line text editor. Prior to 9.1.2148, a stack buffer overflow vulnerability exists in Vim's NetBeans integration when processing the specialKeys command, affecting Vim builds that enable and use the NetBeans feature. The Stack buffer overflow exists in special_keys() (in src/netbeans.c). The while (*tok) loop writes two bytes per iteration into a 64-byte stack buffer (keybuf) with no bounds check. A malicious NetBeans server can overflow keybuf with a single specialKeys command. The issue has been fixed as of Vim patch v9.1.2148. |
2026-02-13T22:16:11.220 |
https://cve.circl.lu/cve/CVE-2026-26269 |
| CVE-2025-48508 |
4.0 |
Virtual Machine |
Improper Hardware reset flow logic in the GPU GFX Hardware IP block could allow a privileged attacker in a guest virtual machine to control reset operation potentially causing host or GPU crash or reset resulting in denial of service. |
2026-02-11T15:27:26.370 |
https://cve.circl.lu/cve/CVE-2025-48508 |
| CVE-2024-21961 |
N/A |
Virtual Machine |
Improper restriction of operations within the bounds of a memory buffer in PCIe® Link could allow an attacker with access to a guest virtual machine to potentially perform a denial of service attack against the host resulting in loss of availability. |
2026-02-13T14:23:48.007 |
https://cve.circl.lu/cve/CVE-2024-21961 |
| CVE-2025-70954 |
N/A |
Virtual Machine |
A Null Pointer Dereference vulnerability exists in the TON Virtual Machine (TVM) within the TON Blockchain before v2025.06. The issue is located in the execution logic of the INMSGPARAM instruction, where the program fails to validate if a specific pointer is null before accessing it. By sending a malicious transaction or smart contract, an attacker can trigger this null pointer dereference, causing the validator node process to crash (segmentation fault). This results in a Denial of Service (DoS) affecting the availability of the entire blockchain network. |
2026-02-13T22:16:10.047 |
https://cve.circl.lu/cve/CVE-2025-70954 |
| CVE-2025-70955 |
N/A |
Virtual Machine |
A Stack Overflow vulnerability was discovered in the TON Virtual Machine (TVM) before v2024.10. The vulnerability stems from the improper handling of vmstate and continuation jump instructions, which allow for continuous dynamic tail calls. An attacker can exploit this by crafting a smart contract with deeply nested jump logic. Even within permissible gas limits, this nested execution exhausts the host process's stack space, causing the validator node to crash. This results in a Denial of Service (DoS) for the TON blockchain network. |
2026-02-13T22:16:10.170 |
https://cve.circl.lu/cve/CVE-2025-70955 |
| CVE-2025-70956 |
N/A |
Virtual Machine |
A State Pollution vulnerability was discovered in the TON Virtual Machine (TVM) before v2025.04. The issue exists in the RUNVM instruction logic (VmState::run_child_vm), which is responsible for initializing child virtual machines. The operation moves critical resources (specifically libraries and log) from the parent state to a new child state in a non-atomic manner. If an Out-of-Gas (OOG) exception occurs after resources are moved but before the state transition is finalized, the parent VM retains a corrupted state where these resources are emptied/invalid. Because RUNVM supports gas isolation, the parent VM continues execution with this corrupted state, leading to unexpected behavior or denial of service within the contract's context. |
2026-02-13T22:16:10.290 |
https://cve.circl.lu/cve/CVE-2025-70956 |
| CVE-2025-21300 |
3.6 |
Windows |
Windows Universal Plug and Play (UPnP) Device Host Denial of Service Vulnerability |
2026-02-13T20:16:31.037 |
https://cve.circl.lu/cve/CVE-2025-21300 |
| CVE-2025-21389 |
3.6 |
Windows |
Uncontrolled resource consumption in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to deny service over a network. |
2026-02-13T20:16:41.427 |
https://cve.circl.lu/cve/CVE-2025-21389 |
| CVE-2022-2709 |
2.7 |
WordPress |
The Float to Top Button WordPress plugin through 2.3.6 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) |
2026-02-10T19:21:57.800 |
https://cve.circl.lu/cve/CVE-2022-2709 |
| CVE-2023-1333 |
1.4 |
WordPress |
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clear_page_cache function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete the plugin's cache. |
2026-02-13T21:44:17.270 |
https://cve.circl.lu/cve/CVE-2023-1333 |
| CVE-2023-1346 |
1.4 |
WordPress |
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the clear_page_cache function. This makes it possible for unauthenticated attackers to clear the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. |
2026-02-13T21:44:25.630 |
https://cve.circl.lu/cve/CVE-2023-1346 |
| CVE-2025-8280 |
3.7 |
WordPress |
The Contact Form 7 reCAPTCHA WordPress plugin through 1.2.0 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers. |
2026-02-13T15:54:12.670 |
https://cve.circl.lu/cve/CVE-2025-8280 |
| CVE-2026-25760 |
3.6 |
WireGuard |
Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to 1.6.11, a path traversal in the website content subsystem lets an authenticated operator read arbitrary files on the Sliver server host. This is an authenticated path traversal / arbitrary file read issue, and it can expose credentials, configs, and keys. This vulnerability is fixed in 1.6.11. |
2026-02-09T16:08:55.263 |
https://cve.circl.lu/cve/CVE-2026-25760 |
| CVE-2026-25791 |
3.6 |
WireGuard |
Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to 1.7.0, the DNS C2 listener accepts unauthenticated TOTP bootstrap messages and allocates server-side DNS sessions without validating OTP values, even when EnforceOTP is enabled. Because sessions are stored without a cleanup/expiry path in this flow, an unauthenticated remote actor can repeatedly create sessions and drive memory exhaustion. This vulnerability is fixed in 1.7.0. |
2026-02-09T21:55:30.093 |
https://cve.circl.lu/cve/CVE-2026-25791 |
| CVE-2026-23553 |
1.4 |
Xen |
In the context switch logic Xen attempts to skip an IBPB in the case ofa vCPU returning to a CPU on which it was the previous vCPU to run.While safe for Xen's isolation between vCPUs, this prevents the guestkernel correctly isolating between tasks. Consider: 1) vCPU runs on CPU A, running task 1. 2) vCPU moves to CPU B, idle gets scheduled on A. Xen skips IBPB. 3) On CPU B, guest kernel switches from task 1 to 2, issuing IBPB. 4) vCPU moves back to CPU A. Xen skips IBPB again.Now, task 2 is running on CPU A with task 1's training still in the BTB. |
2026-02-09T18:46:17.720 |
https://cve.circl.lu/cve/CVE-2026-23553 |
| CVE-2017-6478 |
2.7 |
XSS |
paintballrefjosh/MaNGOSWebV4 before 4.0.8 is vulnerable to a reflected XSS in install/index.php (step parameter). |
2026-02-13T17:16:08.487 |
https://cve.circl.lu/cve/CVE-2017-6478 |
| CVE-2018-15899 |
2.7 |
XSS |
An issue was discovered in MiniCMS 1.10. There is a post.php?date= XSS vulnerability. |
2026-02-13T17:16:08.870 |
https://cve.circl.lu/cve/CVE-2018-15899 |
| CVE-2026-24116 |
3.6 |
X86 |
Wasmtime is a runtime for WebAssembly. Starting in version 29.0.0 and prior to version 36.0.5, 40.0.3, and 41.0.1, on x86-64 platforms with AVX, Wasmtime's compilation of the `f64.copysign` WebAssembly instruction with Cranelift may load 8 more bytes than is necessary. When signals-based-traps are disabled this can result in a uncaught segfault due to loading from unmapped guard pages. With guard pages disabled it's possible for out-of-sandbox data to be loaded, but unless there is another bug in Cranelift this data is not visible to WebAssembly guests. Wasmtime 36.0.5, 40.0.3, and 41.0.1 have been released to fix this issue. Users are recommended to upgrade to the patched versions of Wasmtime. Other affected versions are not patched and users should updated to supported major version instead. This bug can be worked around by enabling signals-based-traps. While disabling guard pages can be a quick fix in some situations, it's not recommended to disabled guard pages as it is a key defense-in-depth measure of Wasmtime. |
2026-02-12T21:36:55.310 |
https://cve.circl.lu/cve/CVE-2026-24116 |
