CVE-2026-25847 - JetBrains PyCharm DOM-based XSS Vulnerability
CVE ID : CVE-2026-25847
Published : Feb. 9, 2026, 11:16 a.m. | 1 hour, 50 minutes ago
Description : In JetBrains PyCharm before 2025.3.2 a DOM-based XSS on Jupyter viewer page was possible
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25847
Published : Feb. 9, 2026, 11:16 a.m. | 1 hour, 50 minutes ago
Description : In JetBrains PyCharm before 2025.3.2 a DOM-based XSS on Jupyter viewer page was possible
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25848 - JetBrains Hub Authentication Bypass Vulnerability
CVE ID : CVE-2026-25848
Published : Feb. 9, 2026, 11:16 a.m. | 1 hour, 50 minutes ago
Description : In JetBrains Hub before 2025.3.119807 authentication bypass allowing administrative actions was possible
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25848
Published : Feb. 9, 2026, 11:16 a.m. | 1 hour, 50 minutes ago
Description : In JetBrains Hub before 2025.3.119807 authentication bypass allowing administrative actions was possible
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10463 - Improper Authentication in Birtech Information Technologies' Sensaway
CVE ID : CVE-2025-10463
Published : Feb. 9, 2026, 12:15 p.m. | 50 minutes ago
Description : Improper Authentication vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Senseway allows Authentication Abuse.This issue affects Senseway: through 09022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10463
Published : Feb. 9, 2026, 12:15 p.m. | 50 minutes ago
Description : Improper Authentication vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Senseway allows Authentication Abuse.This issue affects Senseway: through 09022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6830 - SQLi in Xpoda Türkiye Information Technology's Xpoda Studio
CVE ID : CVE-2025-6830
Published : Feb. 9, 2026, 12:15 p.m. | 50 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xpoda Türkiye Information Technology Inc. Xpoda Studio allows SQL Injection.This issue affects Xpoda Studio: through 09022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6830
Published : Feb. 9, 2026, 12:15 p.m. | 50 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xpoda Türkiye Information Technology Inc. Xpoda Studio allows SQL Injection.This issue affects Xpoda Studio: through 09022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7708 - Sensitive Data Exposure in Atlas Software's k12net
CVE ID : CVE-2025-7708
Published : Feb. 9, 2026, 12:15 p.m. | 50 minutes ago
Description : Insertion of Sensitive Information Into Sent Data vulnerability in Atlas Educational Software Industry Ltd. Co. K12net allows Communication Channel Manipulation.This issue affects k12net: through 09022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7708
Published : Feb. 9, 2026, 12:15 p.m. | 50 minutes ago
Description : Insertion of Sensitive Information Into Sent Data vulnerability in Atlas Educational Software Industry Ltd. Co. K12net allows Communication Channel Manipulation.This issue affects k12net: through 09022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0632 - Fluent Forms Pro Add On Pack <= 6.1.12 - Authenticated (Subscriber+) Server-Side Request Forgery via 'saveDataSource'
CVE ID : CVE-2026-0632
Published : Feb. 9, 2026, 12:15 p.m. | 50 minutes ago
Description : The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.1.12 via the 'saveDataSource' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0632
Published : Feb. 9, 2026, 12:15 p.m. | 50 minutes ago
Description : The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.1.12 via the 'saveDataSource' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-1959 - Stored Cross-Site Scripting (XSS) vulnerability in Loggro Pymes
CVE ID : CVE-2026-1959
Published : Feb. 9, 2026, 12:15 p.m. | 50 minutes ago
Description : Stored Cross-Site Scripting (XSS) vulnerability in Loggro Pymes, via the 'descripción' parameter in the '/loggrodemo/jbrain/MaestraCuentasBancarias' endpoint.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-1959
Published : Feb. 9, 2026, 12:15 p.m. | 50 minutes ago
Description : Stored Cross-Site Scripting (XSS) vulnerability in Loggro Pymes, via the 'descripción' parameter in the '/loggrodemo/jbrain/MaestraCuentasBancarias' endpoint.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-1960 - Stored Cross-Site Scripting (XSS) vulnerability in Loggro Pymes
CVE ID : CVE-2026-1960
Published : Feb. 9, 2026, 12:15 p.m. | 50 minutes ago
Description : Stored Cross-Site Scripting (XSS) vulnerability in Loggro Pymes, via the 'Facebook' parameter in '/loggrodemo/jbrain/ConsultaTerceros' endpoint.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-1960
Published : Feb. 9, 2026, 12:15 p.m. | 50 minutes ago
Description : Stored Cross-Site Scripting (XSS) vulnerability in Loggro Pymes, via the 'Facebook' parameter in '/loggrodemo/jbrain/ConsultaTerceros' endpoint.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10464 - Cleartext password storage in Birtech Information Technologies' Sensaway
CVE ID : CVE-2025-10464
Published : Feb. 9, 2026, 12:49 p.m. | 17 minutes ago
Description : Insecure Storage of Sensitive Information vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Senseway allows Retrieve Embedded Sensitive Data.This issue affects Senseway: through 09022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10464
Published : Feb. 9, 2026, 12:49 p.m. | 17 minutes ago
Description : Insecure Storage of Sensitive Information vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Senseway allows Retrieve Embedded Sensitive Data.This issue affects Senseway: through 09022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10465 - Unrestricted File Upload in Birtech Information Technologies' Sensaway
CVE ID : CVE-2025-10465
Published : Feb. 9, 2026, 2:16 p.m. | 51 minutes ago
Description : Unrestricted Upload of File with Dangerous Type vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Sensaway allows Upload a Web Shell to a Web Server.This issue affects Sensaway: through 09022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10465
Published : Feb. 9, 2026, 2:16 p.m. | 51 minutes ago
Description : Unrestricted Upload of File with Dangerous Type vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Sensaway allows Upload a Web Shell to a Web Server.This issue affects Sensaway: through 09022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0398 - Crafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor
CVE ID : CVE-2026-0398
Published : Feb. 9, 2026, 2:20 p.m. | 46 minutes ago
Description : Crafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0398
Published : Feb. 9, 2026, 2:20 p.m. | 46 minutes ago
Description : Crafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24027 - Crafted zones can lead to increased incoming network traffic
CVE ID : CVE-2026-24027
Published : Feb. 9, 2026, 2:25 p.m. | 42 minutes ago
Description : Crafted zones can lead to increased incoming network traffic.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-24027
Published : Feb. 9, 2026, 2:25 p.m. | 42 minutes ago
Description : Crafted zones can lead to increased incoming network traffic.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-14831 - Gnutls: gnutls: denial of service via excessive resource consumption during certificate verification
CVE ID : CVE-2025-14831
Published : Feb. 9, 2026, 3:16 p.m. | 3 hours, 54 minutes ago
Description : A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-14831
Published : Feb. 9, 2026, 3:16 p.m. | 3 hours, 54 minutes ago
Description : A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59023 - Crafted delegations or IP fragments can poison cached delegations in Recursor
CVE ID : CVE-2025-59023
Published : Feb. 9, 2026, 3:16 p.m. | 3 hours, 54 minutes ago
Description : Crafted delegations or IP fragments can poison cached delegations in Recursor.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59023
Published : Feb. 9, 2026, 3:16 p.m. | 3 hours, 54 minutes ago
Description : Crafted delegations or IP fragments can poison cached delegations in Recursor.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59024 - Crafted delegations or IP fragments can poison cached delegations in Recursor
CVE ID : CVE-2025-59024
Published : Feb. 9, 2026, 3:16 p.m. | 3 hours, 54 minutes ago
Description : Crafted delegations or IP fragments can poison cached delegations in Recursor.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59024
Published : Feb. 9, 2026, 3:16 p.m. | 3 hours, 54 minutes ago
Description : Crafted delegations or IP fragments can poison cached delegations in Recursor.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63354 - Hitron HI3120 Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-63354
Published : Feb. 9, 2026, 3:16 p.m. | 3 hours, 54 minutes ago
Description : Hitron HI3120 v7.2.4.5.2b1 allows stored XSS via the Parental Control option when creating a new filter. The device fails to properly handle inputs, allowing an attacker to inject and execute JavaScript.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63354
Published : Feb. 9, 2026, 3:16 p.m. | 3 hours, 54 minutes ago
Description : Hitron HI3120 v7.2.4.5.2b1 allows stored XSS via the Parental Control option when creating a new filter. The device fails to properly handle inputs, allowing an attacker to inject and execute JavaScript.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24095 - Missing Permission Check on Analyze Configuration Page
CVE ID : CVE-2026-24095
Published : Feb. 9, 2026, 4:16 p.m. | 2 hours, 54 minutes ago
Description : Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p21, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allows users with the "Use WATO" permission to access the "Analyze configuration" page by directly navigating to its URL, bypassing the intended "Access analyze configuration" permission check. If these users also have the "Make changes, perform actions" permission, they can perform unauthorized actions such as disabling checks or acknowledging results.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-24095
Published : Feb. 9, 2026, 4:16 p.m. | 2 hours, 54 minutes ago
Description : Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p21, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allows users with the "Use WATO" permission to access the "Analyze configuration" page by directly navigating to its URL, bypassing the intended "Access analyze configuration" permission check. If these users also have the "Make changes, perform actions" permission, they can perform unauthorized actions such as disabling checks or acknowledging results.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2240 - janet-lang janet compile.c janetc_pop_funcdef out-of-bounds
CVE ID : CVE-2026-2240
Published : Feb. 9, 2026, 4:16 p.m. | 2 hours, 54 minutes ago
Description : A vulnerability has been found in janet-lang janet up to 1.40.1. The impacted element is the function janetc_pop_funcdef of the file src/core/compile.c. Such manipulation leads to out-of-bounds read. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The name of the patch is 4dd08a4cdef5b1c42d9a2c19fc24412e97ef51d5. A patch should be applied to remediate this issue.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2240
Published : Feb. 9, 2026, 4:16 p.m. | 2 hours, 54 minutes ago
Description : A vulnerability has been found in janet-lang janet up to 1.40.1. The impacted element is the function janetc_pop_funcdef of the file src/core/compile.c. Such manipulation leads to out-of-bounds read. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The name of the patch is 4dd08a4cdef5b1c42d9a2c19fc24412e97ef51d5. A patch should be applied to remediate this issue.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66630 - Fiber insecurely fallsback in utils.UUIDv4() / utils.UUID() — predictable / zero‑UUID on crypto/rand failure
CVE ID : CVE-2025-66630
Published : Feb. 9, 2026, 6:16 p.m. | 54 minutes ago
Description : Fiber is an Express inspired web framework written in Go. Before 2.52.11, on Go versions prior to 1.24, the underlying crypto/rand implementation can return an error if secure randomness cannot be obtained. Because no error is returned by the Fiber v2 UUID functions, application code may unknowingly rely on predictable, repeated, or low-entropy identifiers in security-critical pathways. This is especially impactful because many Fiber v2 middleware components (session middleware, CSRF, rate limiting, request-ID generation, etc.) default to using utils.UUIDv4(). This vulnerability is fixed in 2.52.11.
Severity: 9.2 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66630
Published : Feb. 9, 2026, 6:16 p.m. | 54 minutes ago
Description : Fiber is an Express inspired web framework written in Go. Before 2.52.11, on Go versions prior to 1.24, the underlying crypto/rand implementation can return an error if secure randomness cannot be obtained. Because no error is returned by the Fiber v2 UUID functions, application code may unknowingly rely on predictable, repeated, or low-entropy identifiers in security-critical pathways. This is especially impactful because many Fiber v2 middleware components (session middleware, CSRF, rate limiting, request-ID generation, etc.) default to using utils.UUIDv4(). This vulnerability is fixed in 2.52.11.
Severity: 9.2 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7432 - DPA countermeasures not reseeded under certain conditions
CVE ID : CVE-2025-7432
Published : Feb. 9, 2026, 6:16 p.m. | 54 minutes ago
Description : DPA countermeasures in Silicon Labs' Series 2 devices are not reseeded under certain conditions. This may allow an attacker to eventually extract secret keys through a DPA attack.
Severity: 1.0 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7432
Published : Feb. 9, 2026, 6:16 p.m. | 54 minutes ago
Description : DPA countermeasures in Silicon Labs' Series 2 devices are not reseeded under certain conditions. This may allow an attacker to eventually extract secret keys through a DPA attack.
Severity: 1.0 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21419 - Dell Display and Peripheral Manager Link Following Vulnerability
CVE ID : CVE-2026-21419
Published : Feb. 9, 2026, 6:16 p.m. | 54 minutes ago
Description : Dell Display and Peripheral Manager (Windows) versions prior to 2.2 contain an Improper Link Resolution Before File Access ('Link Following') vulnerability in the Installer and Service. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21419
Published : Feb. 9, 2026, 6:16 p.m. | 54 minutes ago
Description : Dell Display and Peripheral Manager (Windows) versions prior to 2.2 contain an Improper Link Resolution Before File Access ('Link Following') vulnerability in the Installer and Service. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...