CVE-2026-2008 - abhiphile fermat-mcp eqn_chart.py eqn_chart code injection
CVE ID : CVE-2026-2008
Published : Feb. 6, 2026, 7:16 a.m. | 1 hour, 32 minutes ago
Description : A vulnerability was detected in abhiphile fermat-mcp up to 47f11def1cd37e45dd060f30cdce346cbdbd6f0a. This vulnerability affects the function eqn_chart of the file fmcp/mpl_mcp/core/eqn_chart.py. Performing a manipulation of the argument equations results in code injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2008
Published : Feb. 6, 2026, 7:16 a.m. | 1 hour, 32 minutes ago
Description : A vulnerability was detected in abhiphile fermat-mcp up to 47f11def1cd37e45dd060f30cdce346cbdbd6f0a. This vulnerability affects the function eqn_chart of the file fmcp/mpl_mcp/core/eqn_chart.py. Performing a manipulation of the argument equations results in code injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-1279 - Employee Directory <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'form_title' Shortcode Attribute
CVE ID : CVE-2026-1279
Published : Feb. 6, 2026, 8:15 a.m. | 32 minutes ago
Description : The Employee Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'form_title' parameter in the `search_employee_directory` shortcode in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-1279
Published : Feb. 6, 2026, 8:15 a.m. | 32 minutes ago
Description : The Employee Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'form_title' parameter in the `search_employee_directory` shortcode in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21626 - Extension - stackideas.com - Information disclosure in post custom fields in EasyDiscuss 1.0.0-5.0.15 for Joomla
CVE ID : CVE-2026-21626
Published : Feb. 6, 2026, 8:15 a.m. | 32 minutes ago
Description : Access control settings for forum post custom fields are not applied to the JSON output type, leading to an ACL violation vector an information disclosure
Severity: 9.2 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21626
Published : Feb. 6, 2026, 8:15 a.m. | 32 minutes ago
Description : Access control settings for forum post custom fields are not applied to the JSON output type, leading to an ACL violation vector an information disclosure
Severity: 9.2 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2009 - SourceCodester Gas Agency Management System createUser.php access control
CVE ID : CVE-2026-2009
Published : Feb. 6, 2026, 8:15 a.m. | 32 minutes ago
Description : A flaw has been found in SourceCodester Gas Agency Management System 1.0. This issue affects some unknown processing of the file /gasmark/php_action/createUser.php. Executing a manipulation can lead to improper access controls. It is possible to launch the attack remotely. The exploit has been published and may be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2009
Published : Feb. 6, 2026, 8:15 a.m. | 32 minutes ago
Description : A flaw has been found in SourceCodester Gas Agency Management System 1.0. This issue affects some unknown processing of the file /gasmark/php_action/createUser.php. Executing a manipulation can lead to improper access controls. It is possible to launch the attack remotely. The exploit has been published and may be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2010 - Sanluan PublicCMS Trade Payment TradePaymentService.java paid improper authorization
CVE ID : CVE-2026-2010
Published : Feb. 6, 2026, 8:15 a.m. | 32 minutes ago
Description : A vulnerability has been found in Sanluan PublicCMS up to 4.0.202506.d/5.202506.d/6.202506.d. Impacted is the function Paid of the file publiccms-parent/publiccms-trade/src/main/java/com/publiccms/logic/service/trade/TradePaymentService.java of the component Trade Payment Handler. The manipulation of the argument paymentId leads to improper authorization. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is considered difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 7329437e1288540336b1c66c114ed3363adcba02. It is recommended to apply a patch to fix this issue.
Severity: 4.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2010
Published : Feb. 6, 2026, 8:15 a.m. | 32 minutes ago
Description : A vulnerability has been found in Sanluan PublicCMS up to 4.0.202506.d/5.202506.d/6.202506.d. Impacted is the function Paid of the file publiccms-parent/publiccms-trade/src/main/java/com/publiccms/logic/service/trade/TradePaymentService.java of the component Trade Payment Handler. The manipulation of the argument paymentId leads to improper authorization. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is considered difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 7329437e1288540336b1c66c114ed3363adcba02. It is recommended to apply a patch to fix this issue.
Severity: 4.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24925 - Apache Image Heap Buffer Overflow
CVE ID : CVE-2026-24925
Published : Feb. 6, 2026, 8:22 a.m. | 25 minutes ago
Description : Heap-based buffer overflow vulnerability in the image module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-24925
Published : Feb. 6, 2026, 8:22 a.m. | 25 minutes ago
Description : Heap-based buffer overflow vulnerability in the image module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24926 - "Canon Camera Out-of-Bounds Write Vulnerability"
CVE ID : CVE-2026-24926
Published : Feb. 6, 2026, 8:23 a.m. | 24 minutes ago
Description : Out-of-bounds write vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-24926
Published : Feb. 6, 2026, 8:23 a.m. | 24 minutes ago
Description : Out-of-bounds write vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21643 - Fortinet FortiClientEMS SQL Injection
CVE ID : CVE-2026-21643
Published : Feb. 6, 2026, 8:24 a.m. | 23 minutes ago
Description : An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21643
Published : Feb. 6, 2026, 8:24 a.m. | 23 minutes ago
Description : An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-1499 - WP Duplicate <= 1.1.8 - Authenticated (Subscriber+) Arbitrary File Upload via 'process_add_site' AJAX Action
CVE ID : CVE-2026-1499
Published : Feb. 6, 2026, 8:25 a.m. | 23 minutes ago
Description : The WP Duplicate plugin for WordPress is vulnerable to Missing Authorization leading to Arbitrary File Upload in all versions up to and including 1.1.8. This is due to a missing capability check on the `process_add_site()` AJAX action combined with path traversal in the file upload functionality. This makes it possible for authenticated (subscriber-level) attackers to set the internal `prod_key_random_id` option, which can then be used by an unauthenticated attacker to bypass authentication checks and write arbitrary files to the server via the `handle_upload_single_big_file()` function, ultimately leading to remote code execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-1499
Published : Feb. 6, 2026, 8:25 a.m. | 23 minutes ago
Description : The WP Duplicate plugin for WordPress is vulnerable to Missing Authorization leading to Arbitrary File Upload in all versions up to and including 1.1.8. This is due to a missing capability check on the `process_add_site()` AJAX action combined with path traversal in the file upload functionality. This makes it possible for authenticated (subscriber-level) attackers to set the internal `prod_key_random_id` option, which can then be used by an unauthenticated attacker to bypass authentication checks and write arbitrary files to the server via the `handle_upload_single_big_file()` function, ultimately leading to remote code execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-1785 - Code Snippets <= 3.9.4 - Cross-Site Request Forgery to Cloud Snippet Download/Update Actions
CVE ID : CVE-2026-1785
Published : Feb. 6, 2026, 8:25 a.m. | 23 minutes ago
Description : The Code Snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.9.4. This is due to missing nonce validation on the cloud snippet download and update actions in the Cloud_Search_List_Table class. This makes it possible for unauthenticated attackers to force logged-in administrators to download or update cloud snippets without their consent via a crafted request, granted they can trick an administrator into visiting a malicious page.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-1785
Published : Feb. 6, 2026, 8:25 a.m. | 23 minutes ago
Description : The Code Snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.9.4. This is due to missing nonce validation on the cloud snippet download and update actions in the Cloud_Search_List_Table class. This makes it possible for unauthenticated attackers to force logged-in administrators to download or update cloud snippets without their consent via a crafted request, granted they can trick an administrator into visiting a malicious page.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-1252 - Events Listing Widget <= 1.3.4 - Authenticated (Author+) Stored Cross-Site Scripting via Event URL Field
CVE ID : CVE-2026-1252
Published : Feb. 6, 2026, 8:25 a.m. | 23 minutes ago
Description : The Events Listing Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Event URL' parameter in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-1252
Published : Feb. 6, 2026, 8:25 a.m. | 23 minutes ago
Description : The Events Listing Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Event URL' parameter in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24914 - "Canon Camera Type Confusion Vulnerability"
CVE ID : CVE-2026-24914
Published : Feb. 6, 2026, 8:26 a.m. | 22 minutes ago
Description : Type confusion vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-24914
Published : Feb. 6, 2026, 8:26 a.m. | 22 minutes ago
Description : Type confusion vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24915 - Cisco Media Out-of-Bounds Read Vulnerability
CVE ID : CVE-2026-24915
Published : Feb. 6, 2026, 8:27 a.m. | 20 minutes ago
Description : Out-of-bounds read issue in the media subsystem. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-24915
Published : Feb. 6, 2026, 8:27 a.m. | 20 minutes ago
Description : Out-of-bounds read issue in the media subsystem. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24918 - Apache Communication Module Read Vulnerability
CVE ID : CVE-2026-24918
Published : Feb. 6, 2026, 8:29 a.m. | 19 minutes ago
Description : Address read vulnerability in the communication module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-24918
Published : Feb. 6, 2026, 8:29 a.m. | 19 minutes ago
Description : Address read vulnerability in the communication module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24921 - Cisco HDC Module Read Vulnerability
CVE ID : CVE-2026-24921
Published : Feb. 6, 2026, 8:30 a.m. | 17 minutes ago
Description : Address read vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-24921
Published : Feb. 6, 2026, 8:30 a.m. | 17 minutes ago
Description : Address read vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2011 - itsourcecode Student Management System controller.php sql injection
CVE ID : CVE-2026-2011
Published : Feb. 6, 2026, 8:32 a.m. | 16 minutes ago
Description : A vulnerability was found in itsourcecode Student Management System 1.0. The affected element is an unknown function of the file /ramonsys/enrollment/controller.php. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2011
Published : Feb. 6, 2026, 8:32 a.m. | 16 minutes ago
Description : A vulnerability was found in itsourcecode Student Management System 1.0. The affected element is an unknown function of the file /ramonsys/enrollment/controller.php. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24922 - Cisco HDC Buffer Overflow Vulnerability
CVE ID : CVE-2026-24922
Published : Feb. 6, 2026, 8:32 a.m. | 16 minutes ago
Description : Buffer overflow vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-24922
Published : Feb. 6, 2026, 8:32 a.m. | 16 minutes ago
Description : Buffer overflow vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24923 - "HPDC HDC Permission Control Vulnerability"
CVE ID : CVE-2026-24923
Published : Feb. 6, 2026, 8:39 a.m. | 9 minutes ago
Description : Permission control vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-24923
Published : Feb. 6, 2026, 8:39 a.m. | 9 minutes ago
Description : Permission control vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24929 - Adobe Flash Out-of-bounds Read Vulnerability
CVE ID : CVE-2026-24929
Published : Feb. 6, 2026, 8:41 a.m. | 6 minutes ago
Description : Out-of-bounds read vulnerability in the graphics module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-24929
Published : Feb. 6, 2026, 8:41 a.m. | 6 minutes ago
Description : Out-of-bounds read vulnerability in the graphics module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24930 - Adobe Flash UAF Concurrency Vulnerability
CVE ID : CVE-2026-24930
Published : Feb. 6, 2026, 8:42 a.m. | 5 minutes ago
Description : UAF concurrency vulnerability in the graphics module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-24930
Published : Feb. 6, 2026, 8:42 a.m. | 5 minutes ago
Description : UAF concurrency vulnerability in the graphics module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24917 - Apache Security Module Use-After-Free Vulnerability
CVE ID : CVE-2026-24917
Published : Feb. 6, 2026, 9:15 a.m. | 3 hours, 32 minutes ago
Description : UAF vulnerability in the security module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-24917
Published : Feb. 6, 2026, 9:15 a.m. | 3 hours, 32 minutes ago
Description : UAF vulnerability in the security module. Impact: Successful exploitation of this vulnerability may affect availability.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...