CVE-2025-15335 - Tanium addressed an information disclosure vulnerability in Threat Response.
CVE ID : CVE-2025-15335
Published : Feb. 5, 2026, 7:15 p.m. | 1 hour, 29 minutes ago
Description : Tanium addressed an information disclosure vulnerability in Threat Response.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-15335
Published : Feb. 5, 2026, 7:15 p.m. | 1 hour, 29 minutes ago
Description : Tanium addressed an information disclosure vulnerability in Threat Response.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-15336 - Tanium addressed an incorrect default permissions vulnerability in Performance.
CVE ID : CVE-2025-15336
Published : Feb. 5, 2026, 7:15 p.m. | 1 hour, 29 minutes ago
Description : Tanium addressed an incorrect default permissions vulnerability in Performance.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-15336
Published : Feb. 5, 2026, 7:15 p.m. | 1 hour, 29 minutes ago
Description : Tanium addressed an incorrect default permissions vulnerability in Performance.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-15337 - Tanium addressed an incorrect default permissions vulnerability in Patch.
CVE ID : CVE-2025-15337
Published : Feb. 5, 2026, 7:15 p.m. | 1 hour, 29 minutes ago
Description : Tanium addressed an incorrect default permissions vulnerability in Patch.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-15337
Published : Feb. 5, 2026, 7:15 p.m. | 1 hour, 29 minutes ago
Description : Tanium addressed an incorrect default permissions vulnerability in Patch.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-15338 - Tanium addressed an incorrect default permissions vulnerability in Partner Integration.
CVE ID : CVE-2025-15338
Published : Feb. 5, 2026, 7:15 p.m. | 1 hour, 29 minutes ago
Description : Tanium addressed an incorrect default permissions vulnerability in Partner Integration.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-15338
Published : Feb. 5, 2026, 7:15 p.m. | 1 hour, 29 minutes ago
Description : Tanium addressed an incorrect default permissions vulnerability in Partner Integration.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-15339 - Tanium addressed an incorrect default permissions vulnerability in Discover.
CVE ID : CVE-2025-15339
Published : Feb. 5, 2026, 7:15 p.m. | 1 hour, 29 minutes ago
Description : Tanium addressed an incorrect default permissions vulnerability in Discover.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-15339
Published : Feb. 5, 2026, 7:15 p.m. | 1 hour, 29 minutes ago
Description : Tanium addressed an incorrect default permissions vulnerability in Discover.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-15340 - Tanium addressed an incorrect default permissions vulnerability in Comply.
CVE ID : CVE-2025-15340
Published : Feb. 5, 2026, 7:15 p.m. | 1 hour, 29 minutes ago
Description : Tanium addressed an incorrect default permissions vulnerability in Comply.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-15340
Published : Feb. 5, 2026, 7:15 p.m. | 1 hour, 29 minutes ago
Description : Tanium addressed an incorrect default permissions vulnerability in Comply.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-15341 - Tanium addressed an incorrect default permissions vulnerability in Benchmark.
CVE ID : CVE-2025-15341
Published : Feb. 5, 2026, 7:15 p.m. | 1 hour, 29 minutes ago
Description : Tanium addressed an incorrect default permissions vulnerability in Benchmark.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-15341
Published : Feb. 5, 2026, 7:15 p.m. | 1 hour, 29 minutes ago
Description : Tanium addressed an incorrect default permissions vulnerability in Benchmark.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-15342 - Tanium addressed an improper access controls vulnerability in Reputation.
CVE ID : CVE-2025-15342
Published : Feb. 5, 2026, 7:15 p.m. | 1 hour, 29 minutes ago
Description : Tanium addressed an improper access controls vulnerability in Reputation.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-15342
Published : Feb. 5, 2026, 7:15 p.m. | 1 hour, 29 minutes ago
Description : Tanium addressed an improper access controls vulnerability in Reputation.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-15343 - Tanium addressed an incorrect default permissions vulnerability in Enforce.
CVE ID : CVE-2025-15343
Published : Feb. 5, 2026, 7:15 p.m. | 1 hour, 29 minutes ago
Description : Tanium addressed an incorrect default permissions vulnerability in Enforce.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-15343
Published : Feb. 5, 2026, 7:15 p.m. | 1 hour, 29 minutes ago
Description : Tanium addressed an incorrect default permissions vulnerability in Enforce.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-1301 - Out-of-bounds Write in o6 Automation GmbH Open62541
CVE ID : CVE-2026-1301
Published : Feb. 5, 2026, 7:15 p.m. | 1 hour, 29 minutes ago
Description : In builds with PubSub and JSON enabled, a crafted JSON message can cause the decoder to write beyond a heap-allocated array before authentication, reliably crashing the process and corrupting memory.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-1301
Published : Feb. 5, 2026, 7:15 p.m. | 1 hour, 29 minutes ago
Description : In builds with PubSub and JSON enabled, a crafted JSON message can cause the decoder to write beyond a heap-allocated array before authentication, reliably crashing the process and corrupting memory.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25630 - Apache HTTP Server Remote Code Execution
CVE ID : CVE-2026-25630
Published : Feb. 5, 2026, 7:15 p.m. | 1 hour, 29 minutes ago
Description : Rejected reason: Reason: This candidate was issued in error.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25630
Published : Feb. 5, 2026, 7:15 p.m. | 1 hour, 29 minutes ago
Description : Rejected reason: Reason: This candidate was issued in error.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12131 - Truncated 802.15.4 packet leads to denial of service
CVE ID : CVE-2025-12131
Published : Feb. 5, 2026, 8:15 p.m. | 29 minutes ago
Description : A truncated 802.15.4 packet can lead to an assert, resulting in a denial of service.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12131
Published : Feb. 5, 2026, 8:15 p.m. | 29 minutes ago
Description : A truncated 802.15.4 packet can lead to an assert, resulting in a denial of service.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0106 - "VPU MMAP Privilege Escalation Vulnerability"
CVE ID : CVE-2026-0106
Published : Feb. 5, 2026, 8:19 p.m. | 26 minutes ago
Description : In vpu_mmap of vpu_ioctl, there is a possible arbitrary address mmap due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0106
Published : Feb. 5, 2026, 8:19 p.m. | 26 minutes ago
Description : In vpu_mmap of vpu_ioctl, there is a possible arbitrary address mmap due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-1962 - WeKan Attachment Migration attachmentMigration.js AttachmentMigrationBleed access control
CVE ID : CVE-2026-1962
Published : Feb. 5, 2026, 8:32 p.m. | 13 minutes ago
Description : A vulnerability has been found in WeKan up to 8.20. The impacted element is an unknown function of the file server/attachmentMigration.js of the component Attachment Migration. The manipulation leads to improper access controls. The attack may be initiated remotely. Upgrading to version 8.21 is sufficient to resolve this issue. The identifier of the patch is 053bf1dfb76ef230db162c64a6ed50ebedf67eee. It is recommended to upgrade the affected component.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-1962
Published : Feb. 5, 2026, 8:32 p.m. | 13 minutes ago
Description : A vulnerability has been found in WeKan up to 8.20. The impacted element is an unknown function of the file server/attachmentMigration.js of the component Attachment Migration. The manipulation leads to improper access controls. The attack may be initiated remotely. Upgrading to version 8.21 is sufficient to resolve this issue. The identifier of the patch is 053bf1dfb76ef230db162c64a6ed50ebedf67eee. It is recommended to upgrade the affected component.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-1963 - WeKan Attachment Storage attachments.js MoveStorageBleed access control
CVE ID : CVE-2026-1963
Published : Feb. 5, 2026, 9:15 p.m. | 3 hours, 32 minutes ago
Description : A vulnerability was found in WeKan up to 8.20. This affects an unknown function of the file models/attachments.js of the component Attachment Storage. The manipulation results in improper access controls. The attack may be launched remotely. Upgrading to version 8.21 mitigates this issue. The patch is identified as c413a7e860bc4d93fe2adcf82516228570bf382d. Upgrading the affected component is advised.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-1963
Published : Feb. 5, 2026, 9:15 p.m. | 3 hours, 32 minutes ago
Description : A vulnerability was found in WeKan up to 8.20. This affects an unknown function of the file models/attachments.js of the component Attachment Storage. The manipulation results in improper access controls. The attack may be launched remotely. Upgrading to version 8.21 mitigates this issue. The patch is identified as c413a7e860bc4d93fe2adcf82516228570bf382d. Upgrading the affected component is advised.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-1964 - WeKan REST Endpoint boards.js BoardTitleRESTBleed access control
CVE ID : CVE-2026-1964
Published : Feb. 5, 2026, 10:15 p.m. | 2 hours, 32 minutes ago
Description : A vulnerability was determined in WeKan up to 8.20. This impacts an unknown function of the file models/boards.js of the component REST Endpoint. This manipulation causes improper access controls. Remote exploitation of the attack is possible. Upgrading to version 8.21 will fix this issue. Patch name: 545566f5663545d16174e0f2399f231aa693ab6e. It is advisable to upgrade the affected component.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-1964
Published : Feb. 5, 2026, 10:15 p.m. | 2 hours, 32 minutes ago
Description : A vulnerability was determined in WeKan up to 8.20. This impacts an unknown function of the file models/boards.js of the component REST Endpoint. This manipulation causes improper access controls. Remote exploitation of the attack is possible. Upgrading to version 8.21 will fix this issue. Patch name: 545566f5663545d16174e0f2399f231aa693ab6e. It is advisable to upgrade the affected component.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-1970 - Edimax BR-6258n formStaDrvSetup redirect
CVE ID : CVE-2026-1970
Published : Feb. 5, 2026, 10:15 p.m. | 2 hours, 32 minutes ago
Description : A flaw has been found in Edimax BR-6258n up to 1.18. This issue affects the function formStaDrvSetup of the file /goform/formStaDrvSetup. This manipulation of the argument submit-url causes open redirect. The attack can be initiated remotely. The exploit has been published and may be used. The vendor confirms that the affected product is end-of-life. They confirm that they "will issue a consolidated Security Advisory on our official support website." This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-1970
Published : Feb. 5, 2026, 10:15 p.m. | 2 hours, 32 minutes ago
Description : A flaw has been found in Edimax BR-6258n up to 1.18. This issue affects the function formStaDrvSetup of the file /goform/formStaDrvSetup. This manipulation of the argument submit-url causes open redirect. The attack can be initiated remotely. The exploit has been published and may be used. The vendor confirms that the affected product is end-of-life. They confirm that they "will issue a consolidated Security Advisory on our official support website." This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25815 - Fortinet FortiOS LDAP Credentials Decryption Vulnerability
CVE ID : CVE-2026-25815
Published : Feb. 5, 2026, 10:15 p.m. | 2 hours, 32 minutes ago
Description : Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from 2025-12-16 through 2026 (by default, the encryption key is the same across all customers' installations). NOTE: the Supplier's position is that the instance of CWE-1394 is not a vulnerability because customers "are supposed to enable" a non-default option that eliminates the weakness. However, that non-default option can disrupt functionality as shown in the "Managing FortiGates with private data encryption" document, and is therefore intentionally not a default option.
Severity: 3.2 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25815
Published : Feb. 5, 2026, 10:15 p.m. | 2 hours, 32 minutes ago
Description : Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from 2025-12-16 through 2026 (by default, the encryption key is the same across all customers' installations). NOTE: the Supplier's position is that the instance of CWE-1394 is not a vulnerability because customers "are supposed to enable" a non-default option that eliminates the weakness. However, that non-default option can disrupt functionality as shown in the "Managing FortiGates with private data encryption" document, and is therefore intentionally not a default option.
Severity: 3.2 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-32393 - AutoGPT has a DoS vulnerability in ReadRSSFeedBlock
CVE ID : CVE-2025-32393
Published : Feb. 5, 2026, 11:15 p.m. | 1 hour, 32 minutes ago
Description : AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.32, there is a DoS vulnerability in ReadRSSFeedBlock. In RSSBlock, feedparser.parser is called to obtain the XML file according to the URL input by the user, parse the XML, and finally obtain the parsed result. However, during the parsing process, there is no limit on the parsing time and the resources that can be allocated for parsing. When a malicious user lets RSSBlock parse a carefully constructed, deep XML, it will cause memory resources to be exhausted, eventually causing DoS. This issue has been patched in autogpt-platform-beta-v0.6.32.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-32393
Published : Feb. 5, 2026, 11:15 p.m. | 1 hour, 32 minutes ago
Description : AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.32, there is a DoS vulnerability in ReadRSSFeedBlock. In RSSBlock, feedparser.parser is called to obtain the XML file according to the URL input by the user, parse the XML, and finally obtain the parsed result. However, during the parsing process, there is no limit on the parsing time and the resources that can be allocated for parsing. When a malicious user lets RSSBlock parse a carefully constructed, deep XML, it will cause memory resources to be exhausted, eventually causing DoS. This issue has been patched in autogpt-platform-beta-v0.6.32.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-68157 - webpack buildHttp HttpUriPlugin allowedUris bypass via HTTP redirects
CVE ID : CVE-2025-68157
Published : Feb. 5, 2026, 11:15 p.m. | 1 hour, 32 minutes ago
Description : Webpack is a module bundler. From version 5.49.0 to before 5.104.0, when experiments.buildHttp is enabled, webpack’s HTTP(S) resolver (HttpUriPlugin) enforces allowedUris only for the initial URL, but does not re-validate allowedUris after following HTTP 30x redirects. As a result, an import that appears restricted to a trusted allow-list can be redirected to HTTP(S) URLs outside the allow-list. This is a policy/allow-list bypass that enables build-time SSRF behavior (requests from the build machine to internal-only endpoints, depending on network access) and untrusted content inclusion in build outputs (redirected content is treated as module source and bundled). This issue has been patched in version 5.104.0.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-68157
Published : Feb. 5, 2026, 11:15 p.m. | 1 hour, 32 minutes ago
Description : Webpack is a module bundler. From version 5.49.0 to before 5.104.0, when experiments.buildHttp is enabled, webpack’s HTTP(S) resolver (HttpUriPlugin) enforces allowedUris only for the initial URL, but does not re-validate allowedUris after following HTTP 30x redirects. As a result, an import that appears restricted to a trusted allow-list can be redirected to HTTP(S) URLs outside the allow-list. This is a policy/allow-list bypass that enables build-time SSRF behavior (requests from the build machine to internal-only endpoints, depending on network access) and untrusted content inclusion in build outputs (redirected content is treated as module source and bundled). This issue has been patched in version 5.104.0.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-68458 - webpack buildHttp: allowedUris allow-list bypass via URL userinfo (@) leading to build-time SSRF behavior
CVE ID : CVE-2025-68458
Published : Feb. 5, 2026, 11:15 p.m. | 1 hour, 32 minutes ago
Description : Webpack is a module bundler. From version 5.49.0 to before 5.104.1, when experiments.buildHttp is enabled, webpack’s HTTP(S) resolver (HttpUriPlugin) can be bypassed to fetch resources from hosts outside allowedUris by using crafted URLs that include userinfo (username:password@host). If allowedUris enforcement relies on a raw string prefix check (e.g., uri.startsWith(allowed)), a URL that looks allow-listed can pass validation while the actual network request is sent to a different authority/host after URL parsing. This is a policy/allow-list bypass that enables build-time SSRF behavior (outbound requests from the build machine to internal-only endpoints, depending on network access) and untrusted content inclusion (the fetched response is treated as module source and bundled). This issue has been patched in version 5.104.1.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-68458
Published : Feb. 5, 2026, 11:15 p.m. | 1 hour, 32 minutes ago
Description : Webpack is a module bundler. From version 5.49.0 to before 5.104.1, when experiments.buildHttp is enabled, webpack’s HTTP(S) resolver (HttpUriPlugin) can be bypassed to fetch resources from hosts outside allowedUris by using crafted URLs that include userinfo (username:password@host). If allowedUris enforcement relies on a raw string prefix check (e.g., uri.startsWith(allowed)), a URL that looks allow-listed can pass validation while the actual network request is sent to a different authority/host after URL parsing. This is a policy/allow-list bypass that enables build-time SSRF behavior (outbound requests from the build machine to internal-only endpoints, depending on network access) and untrusted content inclusion (the fetched response is treated as module source and bundled). This issue has been patched in version 5.104.1.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...