CVE-2022-50979 - Multiple Innomic VibroLine VLX and avibia AVLX allow unauthenticated configuration preset change via Modbus (RS485)
CVE ID : CVE-2022-50979
Published : Feb. 2, 2026, 2:10 p.m. | 29 minutes ago
Description : An unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus (RS485).
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2022-50979
Published : Feb. 2, 2026, 2:10 p.m. | 29 minutes ago
Description : An unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus (RS485).
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2022-50980 - Multiple Innomic VibroLine VLX and avibia AVLX allow unauthenticated configuration preset change via CAN
CVE ID : CVE-2022-50980
Published : Feb. 2, 2026, 2:11 p.m. | 28 minutes ago
Description : A unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via CAN.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2022-50980
Published : Feb. 2, 2026, 2:11 p.m. | 28 minutes ago
Description : A unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via CAN.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2022-50981 - Multiple Innomic VibroLine VLX HD 5.0 and avibia AVLX weak password requirements
CVE ID : CVE-2022-50981
Published : Feb. 2, 2026, 2:12 p.m. | 27 minutes ago
Description : An unauthenticated remote attacker can gain full access on the affected devices as they are shipped without a password by default and setting one is not enforced.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2022-50981
Published : Feb. 2, 2026, 2:12 p.m. | 27 minutes ago
Description : An unauthenticated remote attacker can gain full access on the affected devices as they are shipped without a password by default and setting one is not enforced.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-1186 - Path Traversal in EAP Legislator
CVE ID : CVE-2026-1186
Published : Feb. 2, 2026, 2:16 p.m. | 23 minutes ago
Description : EAP Legislator is vulnerable to Path Traversal in file extraction functionality. Attacker can prepare zipx archive (default file type used by the Legislator application) and choose arbitrary path outside the intended directory (e.x. system startup) where files will be extracted by the victim upon opening the file. This issue was fixed in version 2.25a.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-1186
Published : Feb. 2, 2026, 2:16 p.m. | 23 minutes ago
Description : EAP Legislator is vulnerable to Path Traversal in file extraction functionality. Attacker can prepare zipx archive (default file type used by the Legislator application) and choose arbitrary path outside the intended directory (e.x. system startup) where files will be extracted by the victim upon opening the file. This issue was fixed in version 2.25a.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-1760 - Libsoup: soupserver: denial of service via http request smuggling
CVE ID : CVE-2026-1760
Published : Feb. 2, 2026, 2:16 p.m. | 23 minutes ago
Description : A flaw was found in SoupServer. This HTTP request smuggling vulnerability occurs because SoupServer improperly handles requests that combine Transfer-Encoding: chunked and Connection: keep-alive headers. A remote, unauthenticated client can exploit this by sending specially crafted requests, causing SoupServer to fail to close the connection as required by RFC 9112. This allows the attacker to smuggle additional requests over the persistent connection, leading to unintended request processing and potential denial-of-service (DoS) conditions.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-1760
Published : Feb. 2, 2026, 2:16 p.m. | 23 minutes ago
Description : A flaw was found in SoupServer. This HTTP request smuggling vulnerability occurs because SoupServer improperly handles requests that combine Transfer-Encoding: chunked and Connection: keep-alive headers. A remote, unauthenticated client can exploit this by sending specially crafted requests, causing SoupServer to fail to close the connection as required by RFC 9112. This allows the attacker to smuggle additional requests over the persistent connection, leading to unintended request processing and potential denial-of-service (DoS) conditions.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-1761 - Libsoup: stack-based buffer overflow in libsoup multipart response parsingmultipart http response
CVE ID : CVE-2026-1761
Published : Feb. 2, 2026, 2:16 p.m. | 23 minutes ago
Description : A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption. This issue may result in application crashes or arbitrary code execution in applications that process untrusted server responses, and it does not require authentication or user interaction.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-1761
Published : Feb. 2, 2026, 2:16 p.m. | 23 minutes ago
Description : A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption. This issue may result in application crashes or arbitrary code execution in applications that process untrusted server responses, and it does not require authentication or user interaction.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24070 - Local Privilege Escalation via DYLIB Injection in Native Instruments Native Access
CVE ID : CVE-2026-24070
Published : Feb. 2, 2026, 2:16 p.m. | 23 minutes ago
Description : During the installation of the Native Access application, a privileged helper `com.native-instruments.NativeAccess.Helper2`, which is used by Native Access to trigger functions via XPC communication like copy-file, remove or set-permissions, is deployed as well. The communication with the XPC service of the privileged helper is only allowed if the client process is signed with the corresponding certificate and fulfills the following code signing requirement: "anchor trusted and certificate leaf[subject.CN] = \"Developer ID Application: Native Instruments GmbH (83K5EG6Z9V)\"" The Native Access application was found to be signed with the `com.apple.security.cs.allow-dyld-environment-variables` and `com.apple.security.cs.disable-library-validation` entitlements leading to DYLIB injection and therefore command execution in the context of this application. A low privileged user can exploit the DYLIB injection to trigger functions of the privileged helper XPC service resulting in privilege escalation by first deleting the /etc/sudoers file and then copying a malicious version of that file to /etc/sudoers.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-24070
Published : Feb. 2, 2026, 2:16 p.m. | 23 minutes ago
Description : During the installation of the Native Access application, a privileged helper `com.native-instruments.NativeAccess.Helper2`, which is used by Native Access to trigger functions via XPC communication like copy-file, remove or set-permissions, is deployed as well. The communication with the XPC service of the privileged helper is only allowed if the client process is signed with the corresponding certificate and fulfills the following code signing requirement: "anchor trusted and certificate leaf[subject.CN] = \"Developer ID Application: Native Instruments GmbH (83K5EG6Z9V)\"" The Native Access application was found to be signed with the `com.apple.security.cs.allow-dyld-environment-variables` and `com.apple.security.cs.disable-library-validation` entitlements leading to DYLIB injection and therefore command execution in the context of this application. A low privileged user can exploit the DYLIB injection to trigger functions of the privileged helper XPC service resulting in privilege escalation by first deleting the /etc/sudoers file and then copying a malicious version of that file to /etc/sudoers.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24071 - XPC Client Validation via PID leading to Local Privilege Escalation in Native Instruments Native Access
CVE ID : CVE-2026-24071
Published : Feb. 2, 2026, 2:16 p.m. | 23 minutes ago
Description : It was found that the XPC service offered by the privileged helper of Native Access uses the PID of the connecting client to verify its code signature. This is considered insecure and can be exploited by PID reuse attacks. The connection handler function uses _xpc_connection_get_pid(arg2) as argument for the hasValidSignature function. This value can not be trusted since it is vulnerable to PID reuse attacks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-24071
Published : Feb. 2, 2026, 2:16 p.m. | 23 minutes ago
Description : It was found that the XPC service offered by the privileged helper of Native Access uses the PID of the connecting client to verify its code signature. This is considered insecure and can be exploited by PID reuse attacks. The connection handler function uses _xpc_connection_get_pid(arg2) as argument for the hasValidSignature function. This value can not be trusted since it is vulnerable to PID reuse attacks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-1703 - Limited path traversal when installing wheel archives
CVE ID : CVE-2026-1703
Published : Feb. 2, 2026, 3:16 p.m. | 3 hours, 23 minutes ago
Description : When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical situations.
Severity: 2.0 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-1703
Published : Feb. 2, 2026, 3:16 p.m. | 3 hours, 23 minutes ago
Description : When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical situations.
Severity: 2.0 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-14914 - IBM WebSphere Application Server Liberty Path Traversal
CVE ID : CVE-2025-14914
Published : Feb. 2, 2026, 4:16 p.m. | 2 hours, 24 minutes ago
Description : IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading to arbitrary code execution.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-14914
Published : Feb. 2, 2026, 4:16 p.m. | 2 hours, 24 minutes ago
Description : IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading to arbitrary code execution.
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-15395 - IBM Jazz Foundation access control violation
CVE ID : CVE-2025-15395
Published : Feb. 2, 2026, 4:16 p.m. | 2 hours, 24 minutes ago
Description : IBM Jazz Foundation 7.0.3 through 7.0.3 iFix019 and 7.1.0 through 7.1.0 iFix005 is vulnerable to access control violations that allows the users to view or access/perform actions beyond their expected capability.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-15395
Published : Feb. 2, 2026, 4:16 p.m. | 2 hours, 24 minutes ago
Description : IBM Jazz Foundation 7.0.3 through 7.0.3 iFix019 and 7.1.0 through 7.1.0 iFix005 is vulnerable to access control violations that allows the users to view or access/perform actions beyond their expected capability.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47358 - Use After Free in Secure Processor
CVE ID : CVE-2025-47358
Published : Feb. 2, 2026, 4:16 p.m. | 2 hours, 24 minutes ago
Description : Memory Corruption when user space address is modified and passed to mem_free API, causing kernel memory to be freed inadvertently.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47358
Published : Feb. 2, 2026, 4:16 p.m. | 2 hours, 24 minutes ago
Description : Memory Corruption when user space address is modified and passed to mem_free API, causing kernel memory to be freed inadvertently.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47359 - Use After Free in Secure Processor
CVE ID : CVE-2025-47359
Published : Feb. 2, 2026, 4:16 p.m. | 2 hours, 24 minutes ago
Description : Memory Corruption when multiple threads simultaneously access a memory free API.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47359
Published : Feb. 2, 2026, 4:16 p.m. | 2 hours, 24 minutes ago
Description : Memory Corruption when multiple threads simultaneously access a memory free API.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47363 - Integer Overflow or Wraparound in Automotive
CVE ID : CVE-2025-47363
Published : Feb. 2, 2026, 4:16 p.m. | 2 hours, 24 minutes ago
Description : Memory corruption when calculating oversized partition sizes without proper checks.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47363
Published : Feb. 2, 2026, 4:16 p.m. | 2 hours, 24 minutes ago
Description : Memory corruption when calculating oversized partition sizes without proper checks.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47364 - Integer Overflow or Wraparound in Automotive
CVE ID : CVE-2025-47364
Published : Feb. 2, 2026, 4:16 p.m. | 2 hours, 24 minutes ago
Description : Memory corruption while calculating offset from partition start point.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47364
Published : Feb. 2, 2026, 4:16 p.m. | 2 hours, 24 minutes ago
Description : Memory corruption while calculating offset from partition start point.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47366 - Exposed Dangerous Method or Function in HLOS
CVE ID : CVE-2025-47366
Published : Feb. 2, 2026, 4:16 p.m. | 2 hours, 24 minutes ago
Description : Cryptographic issue when a Trusted Zone with outdated code is triggered by a HLOS providing incorrect input.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47366
Published : Feb. 2, 2026, 4:16 p.m. | 2 hours, 24 minutes ago
Description : Cryptographic issue when a Trusted Zone with outdated code is triggered by a HLOS providing incorrect input.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47397 - Improper Release of Memory Before Removing Last Reference in Graphics
CVE ID : CVE-2025-47397
Published : Feb. 2, 2026, 4:16 p.m. | 2 hours, 24 minutes ago
Description : Memory Corruption when initiating GPU memory mapping using scatter-gather lists due to unchecked IOMMU mapping errors.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47397
Published : Feb. 2, 2026, 4:16 p.m. | 2 hours, 24 minutes ago
Description : Memory Corruption when initiating GPU memory mapping using scatter-gather lists due to unchecked IOMMU mapping errors.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47398 - Use After Free in Graphics
CVE ID : CVE-2025-47398
Published : Feb. 2, 2026, 4:16 p.m. | 2 hours, 24 minutes ago
Description : Memory Corruption while deallocating graphics processing unit memory buffers due to improper handling of memory pointers.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47398
Published : Feb. 2, 2026, 4:16 p.m. | 2 hours, 24 minutes ago
Description : Memory Corruption while deallocating graphics processing unit memory buffers due to improper handling of memory pointers.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47399 - Buffer Copy Without Checking Size of Input in Camera
CVE ID : CVE-2025-47399
Published : Feb. 2, 2026, 4:16 p.m. | 2 hours, 24 minutes ago
Description : Memory Corruption while processing IOCTL call to update sensor property settings with invalid input parameters.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47399
Published : Feb. 2, 2026, 4:16 p.m. | 2 hours, 24 minutes ago
Description : Memory Corruption while processing IOCTL call to update sensor property settings with invalid input parameters.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47402 - Buffer Over-read in WLAN Firmware
CVE ID : CVE-2025-47402
Published : Feb. 2, 2026, 4:16 p.m. | 2 hours, 24 minutes ago
Description : Transient DOS when processing a received frame with an excessively large authentication information element.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47402
Published : Feb. 2, 2026, 4:16 p.m. | 2 hours, 24 minutes ago
Description : Transient DOS when processing a received frame with an excessively large authentication information element.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0921 - Apache HTTP Server Remote Code Execution
CVE ID : CVE-2026-0921
Published : Feb. 2, 2026, 5:16 p.m. | 1 hour, 24 minutes ago
Description : Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0921
Published : Feb. 2, 2026, 5:16 p.m. | 1 hour, 24 minutes ago
Description : Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...