Total
11755 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-13428 | 1 Google | 1 Security Operations Soar | 2026-02-03 | N/A | 7.2 HIGH |
| A vulnerability exists in the SecOps SOAR server. The custom integrations feature allowed an authenticated user with an "IDE role" to achieve Remote Code Execution (RCE) in the server. The flaw stemmed from weak validation of uploaded Python package code. An attacker could upload a package containing a malicious setup.py file, which would execute on the server during the installation process, leading to potential server compromise. No customer action is required. All customers have been automatically upgraded to the fixed version: 6.3.64 or higher. | |||||
| CVE-2025-65397 | 1 Blurams | 2 Dome Flare, Dome Flare Firmware | 2026-02-03 | N/A | 6.8 MEDIUM |
| An insecure authentication mechanism in the safe_exec.sh startup script of Blurams Flare Camera version 24.1114.151.929 and earlier allows an attacker with physical access to the device to execute arbitrary commands with root privileges, if file /opt/images/public_key.der is not present in the file system. The vulnerability can be triggered by providing a maliciously crafted auth.ini file on the device's SD card. | |||||
| CVE-2026-22220 | 2026-02-03 | N/A | N/A | ||
| A lack of proper input validation in the HTTP processing path in TP-Link Archer BE230 v1.2 (web modules) may allow a crafted request to cause the device’s web service to become unresponsive, resulting in a denial of service condition. A network adjacent attacker with high privileges could cause the device’s web interface to temporarily stop responding until it recovers or is rebooted. This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420. | |||||
| CVE-2025-71003 | 1 Oneflow | 1 Oneflow | 2026-02-03 | N/A | 7.5 HIGH |
| An input validation vulnerability in the flow.arange() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||||
| CVE-2026-24936 | 2026-02-03 | N/A | N/A | ||
| When a specific function is enabled while joining a AD Domain from ADM, an improper input parameters validation vulnerability in a specific CGI program allowing an unauthenticated remote attacker to write arbitrary data to any file on the system. By exploiting this vulnerability, attackers can overwrite critical system files, leading to a complete system compromise. Affected products and versions include: from ADM 4.1.0 through ADM 4.3.3.ROF1 as well as from ADM 5.0.0 through ADM 5.1.1.RCI1. | |||||
| CVE-2025-71007 | 1 Oneflow | 1 Oneflow | 2026-02-03 | N/A | 7.5 HIGH |
| An input validation vulnerability in the oneflow.index_add component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||||
| CVE-2025-71009 | 1 Oneflow | 1 Oneflow | 2026-02-03 | N/A | 6.2 MEDIUM |
| An input validation vulnerability in the flow.scatter/flow.scatter_add component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted indices. | |||||
| CVE-2025-71011 | 1 Oneflow | 1 Oneflow | 2026-02-03 | N/A | 6.2 MEDIUM |
| An input validation vulnerability in the flow.Tensor.new_empty/flow.Tensor.new_ones/flow.Tensor.new_zeros component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||||
| CVE-2026-23839 | 1 Leepeuker | 1 Movary | 2026-02-03 | N/A | 9.3 CRITICAL |
| Movary is a web application to track, rate and explore your movie watch history. Due to insufficient input validation, attackers can trigger cross-site scripting payloads in versions prior to 0.70.0. The vulnerable parameter is `?categoryUpdated=`. Version 0.70.0 fixes the issue. | |||||
| CVE-2026-23840 | 1 Leepeuker | 1 Movary | 2026-02-03 | N/A | 9.3 CRITICAL |
| Movary is a web application to track, rate and explore your movie watch history. Due to insufficient input validation, attackers can trigger cross-site scripting payloads in versions prior to 0.70.0. The vulnerable parameter is `?categoryDeleted=`. Version 0.70.0 fixes the issue. | |||||
| CVE-2026-24856 | 1 Color | 1 Iccdev | 2026-02-03 | N/A | 7.8 HIGH |
| iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Versions prior to 2.3.1.2 have an undefined behavior issue when floating-point NaN values are converted to unsigned short integer types during ICC profile XML parsing potentially corrupting memory structures and enabling arbitrary code execution. This vulnerability affects users of the iccDEV library who process ICC color profiles. ICC Profile Injection vulnerabilities arise when user-controllable input is incorporated into ICC profile data or other structured binary blobs in an unsafe manner. Version 2.3.1.2 contains a fix for the issue. No known workarounds are available. | |||||
| CVE-2025-54236 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2026-02-03 | N/A | 9.1 CRITICAL |
| Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction. | |||||
| CVE-2025-66959 | 1 Ollama | 1 Ollama | 2026-02-02 | N/A | 7.5 HIGH |
| An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the GGUF decoder | |||||
| CVE-2025-66960 | 1 Ollama | 1 Ollama | 2026-02-02 | N/A | 7.5 HIGH |
| An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the fs/ggml/gguf.go, function readGGUFV1String reads a string length from untrusted GGUF metadata | |||||
| CVE-2026-23841 | 1 Leepeuker | 1 Movary | 2026-02-02 | N/A | 9.3 CRITICAL |
| Movary is a web application to track, rate and explore your movie watch history. Due to insufficient input validation, attackers can trigger cross-site scripting payloads in versions prior to 0.70.0. The vulnerable parameter is `?categoryCreated=`. Version 0.70.0 fixes the issue. | |||||
| CVE-2025-15545 | 2026-01-31 | N/A | N/A | ||
| The backup restore function does not properly validate unexpected or unrecognized tags within the backup file. When such a crafted file is restored, the injected tag is interpreted by a shell, allowing execution of arbitrary commands with root privileges. Successful exploitation allows the attacker to gain root-level command execution, compromising confidentiality, integrity and availability. | |||||
| CVE-2025-9014 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2026-01-30 | N/A | 7.5 HIGH |
| A Null Pointer Dereference vulnerability exists in the referer header check of the web portal of TP-Link TL-WR841N v14, caused by improper input validation. A remote, unauthenticated attacker can exploit this flaw and cause Denial of Service on the web portal service.This issue affects TL-WR841N v14: before 250908. | |||||
| CVE-2025-66902 | 1 Pithikos | 1 Websocket Server | 2026-01-30 | N/A | 7.5 HIGH |
| An input validation issue in in Pithikos websocket-server v.0.6.4 allows a remote attacker to obtain sensitive information or cause unexpected server behavior via the websocket_server/websocket_server.py, WebSocketServer._message_received components. | |||||
| CVE-2025-67493 | 1 Homarr | 1 Homarr | 2026-01-30 | N/A | 7.5 HIGH |
| Homarr is an open-source dashboard. Prior to version 1.45.3, it was possible to craft an input which allowed privilege escalation and getting access to groups of other users due to missing sanitization of inputs in ldap search query. The vulnerability could impact all instances using ldap authentication where a malicious actor had access to a user account. Version 1.45.3 has a patch for the issue. | |||||
| CVE-2026-24412 | 1 Color | 1 Iccdev | 2026-01-30 | N/A | 8.8 HIGH |
| iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have aHeap Buffer Overflow vulnerability in the CIccTagXmlSegmentedCurve::ToXml() function. This occurs when user-controllable input is unsafely incorporated into ICC profile data or other structured binary blobs. Successful exploitation may allow an attacker to perform DoS, manipulate data, bypass application logic and Code Execution. This issue has been fixed in version 2.3.1.2. | |||||