Search
Search Results (331916 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-0996 | 2026-02-10 | 6.4 Medium | ||
| The Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AI Form Builder module in all versions up to, and including, 6.1.14 due to a combination of missing authorization checks, a leaked nonce, and insufficient input sanitization. The vulnerability allows Subscriber-level users to trigger AI form generation via a protected endpoint. When prompted, AI services will typically return bare JavaScript code (without <script> tags), which bypasses the plugin's sanitization. This stored JavaScript executes whenever anyone views the generated form, making it possible for authenticated attackers with Subscriber-level access and above to inject arbitrary web scripts that will execute in the context of any user accessing the form. | ||||
| CVE-2025-13064 | 1 Axis Communications Ab | 1 Axis Camera Station Pro | 2026-02-10 | 4.5 Medium |
| A server-side injection was possible for a malicious admin to manipulate the application to include a malicious script which is executed by the server. This attack is only possible if the admin uses a client that have been tampered with. | ||||
| CVE-2025-12757 | 1 Axis Communications Ab | 1 Axis Camera Station Pro | 2026-02-10 | 4.6 Medium |
| An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are not permitted to. | ||||
| CVE-2025-11547 | 1 Axis Communications Ab | 1 Axis Camera Station Pro | 2026-02-10 | 7.8 High |
| AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a non-admin user. | ||||
| CVE-2025-11142 | 1 Axis Communications Ab | 1 Axis Os | 2026-02-10 | 7.1 High |
| The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account. | ||||
| CVE-2025-12063 | 1 Axis Communications Ab | 1 Axis Camera Station Pro | 2026-02-10 | 5.7 Medium |
| An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions. | ||||
| CVE-2026-25981 | 2026-02-10 | N/A | ||
| Not used | ||||
| CVE-2026-25980 | 2026-02-10 | N/A | ||
| Not used | ||||
| CVE-2026-25979 | 2026-02-10 | N/A | ||
| Not used | ||||
| CVE-2026-25978 | 2026-02-10 | N/A | ||
| Not used | ||||
| CVE-2026-25977 | 2026-02-10 | N/A | ||
| Not used | ||||
| CVE-2026-25976 | 2026-02-10 | N/A | ||
| Not used | ||||
| CVE-2026-25975 | 2026-02-10 | N/A | ||
| Not used | ||||
| CVE-2026-25974 | 2026-02-10 | N/A | ||
| Not used | ||||
| CVE-2026-25973 | 2026-02-10 | N/A | ||
| Not used | ||||
| CVE-2026-21419 | 2026-02-10 | 6.6 Medium | ||
| Dell Display and Peripheral Manager (Windows) versions prior to 2.2 contain an Improper Link Resolution Before File Access ('Link Following') vulnerability in the Installer and Service. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges | ||||
| CVE-2026-1731 | 1 Beyondtrust | 2 Privileged Remote Access, Remote Support | 2026-02-10 | N/A |
| BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user. | ||||
| CVE-2026-25848 | 2026-02-10 | 9.1 Critical | ||
| In JetBrains Hub before 2025.3.119807 authentication bypass allowing administrative actions was possible | ||||
| CVE-2026-2260 | 2026-02-10 | 7.2 High | ||
| A vulnerability was found in D-Link DCS-931L up to 1.13.0. This affects an unknown part of the file /goform/setSysAdmin. The manipulation of the argument AdminID results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2026-2259 | 2026-02-10 | 3.3 Low | ||
| A vulnerability has been found in aardappel lobster up to 2025.4. Affected by this issue is the function lobster::Parser::ParseStatements in the library dev/src/lobster/parser.h of the component Parsing. The manipulation leads to memory corruption. The attack can only be performed from a local environment. The exploit has been disclosed to the public and may be used. The identifier of the patch is 2f45fe860d00990e79e13250251c1dde633f1f89. Applying a patch is the recommended action to fix this issue. | ||||