CVE-2025-10464 - Cleartext password storage in Birtech Information Technologies' Sensaway
CVE ID : CVE-2025-10464
Published : Feb. 9, 2026, 12:49 p.m. | 17 minutes ago
Description : Insecure Storage of Sensitive Information vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Senseway allows Retrieve Embedded Sensitive Data.This issue affects Senseway: through 09022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10464
Published : Feb. 9, 2026, 12:49 p.m. | 17 minutes ago
Description : Insecure Storage of Sensitive Information vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Senseway allows Retrieve Embedded Sensitive Data.This issue affects Senseway: through 09022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10465 - Unrestricted File Upload in Birtech Information Technologies' Sensaway
CVE ID : CVE-2025-10465
Published : Feb. 9, 2026, 2:16 p.m. | 51 minutes ago
Description : Unrestricted Upload of File with Dangerous Type vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Sensaway allows Upload a Web Shell to a Web Server.This issue affects Sensaway: through 09022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10465
Published : Feb. 9, 2026, 2:16 p.m. | 51 minutes ago
Description : Unrestricted Upload of File with Dangerous Type vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Sensaway allows Upload a Web Shell to a Web Server.This issue affects Sensaway: through 09022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0398 - Crafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor
CVE ID : CVE-2026-0398
Published : Feb. 9, 2026, 2:20 p.m. | 46 minutes ago
Description : Crafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-0398
Published : Feb. 9, 2026, 2:20 p.m. | 46 minutes ago
Description : Crafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24027 - Crafted zones can lead to increased incoming network traffic
CVE ID : CVE-2026-24027
Published : Feb. 9, 2026, 2:25 p.m. | 42 minutes ago
Description : Crafted zones can lead to increased incoming network traffic.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-24027
Published : Feb. 9, 2026, 2:25 p.m. | 42 minutes ago
Description : Crafted zones can lead to increased incoming network traffic.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-14831 - Gnutls: gnutls: denial of service via excessive resource consumption during certificate verification
CVE ID : CVE-2025-14831
Published : Feb. 9, 2026, 3:16 p.m. | 3 hours, 54 minutes ago
Description : A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-14831
Published : Feb. 9, 2026, 3:16 p.m. | 3 hours, 54 minutes ago
Description : A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59023 - Crafted delegations or IP fragments can poison cached delegations in Recursor
CVE ID : CVE-2025-59023
Published : Feb. 9, 2026, 3:16 p.m. | 3 hours, 54 minutes ago
Description : Crafted delegations or IP fragments can poison cached delegations in Recursor.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59023
Published : Feb. 9, 2026, 3:16 p.m. | 3 hours, 54 minutes ago
Description : Crafted delegations or IP fragments can poison cached delegations in Recursor.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59024 - Crafted delegations or IP fragments can poison cached delegations in Recursor
CVE ID : CVE-2025-59024
Published : Feb. 9, 2026, 3:16 p.m. | 3 hours, 54 minutes ago
Description : Crafted delegations or IP fragments can poison cached delegations in Recursor.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59024
Published : Feb. 9, 2026, 3:16 p.m. | 3 hours, 54 minutes ago
Description : Crafted delegations or IP fragments can poison cached delegations in Recursor.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63354 - Hitron HI3120 Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-63354
Published : Feb. 9, 2026, 3:16 p.m. | 3 hours, 54 minutes ago
Description : Hitron HI3120 v7.2.4.5.2b1 allows stored XSS via the Parental Control option when creating a new filter. The device fails to properly handle inputs, allowing an attacker to inject and execute JavaScript.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63354
Published : Feb. 9, 2026, 3:16 p.m. | 3 hours, 54 minutes ago
Description : Hitron HI3120 v7.2.4.5.2b1 allows stored XSS via the Parental Control option when creating a new filter. The device fails to properly handle inputs, allowing an attacker to inject and execute JavaScript.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24095 - Missing Permission Check on Analyze Configuration Page
CVE ID : CVE-2026-24095
Published : Feb. 9, 2026, 4:16 p.m. | 2 hours, 54 minutes ago
Description : Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p21, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allows users with the "Use WATO" permission to access the "Analyze configuration" page by directly navigating to its URL, bypassing the intended "Access analyze configuration" permission check. If these users also have the "Make changes, perform actions" permission, they can perform unauthorized actions such as disabling checks or acknowledging results.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-24095
Published : Feb. 9, 2026, 4:16 p.m. | 2 hours, 54 minutes ago
Description : Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p21, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allows users with the "Use WATO" permission to access the "Analyze configuration" page by directly navigating to its URL, bypassing the intended "Access analyze configuration" permission check. If these users also have the "Make changes, perform actions" permission, they can perform unauthorized actions such as disabling checks or acknowledging results.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2240 - janet-lang janet compile.c janetc_pop_funcdef out-of-bounds
CVE ID : CVE-2026-2240
Published : Feb. 9, 2026, 4:16 p.m. | 2 hours, 54 minutes ago
Description : A vulnerability has been found in janet-lang janet up to 1.40.1. The impacted element is the function janetc_pop_funcdef of the file src/core/compile.c. Such manipulation leads to out-of-bounds read. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The name of the patch is 4dd08a4cdef5b1c42d9a2c19fc24412e97ef51d5. A patch should be applied to remediate this issue.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2240
Published : Feb. 9, 2026, 4:16 p.m. | 2 hours, 54 minutes ago
Description : A vulnerability has been found in janet-lang janet up to 1.40.1. The impacted element is the function janetc_pop_funcdef of the file src/core/compile.c. Such manipulation leads to out-of-bounds read. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The name of the patch is 4dd08a4cdef5b1c42d9a2c19fc24412e97ef51d5. A patch should be applied to remediate this issue.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-66630 - Fiber insecurely fallsback in utils.UUIDv4() / utils.UUID() — predictable / zero‑UUID on crypto/rand failure
CVE ID : CVE-2025-66630
Published : Feb. 9, 2026, 6:16 p.m. | 54 minutes ago
Description : Fiber is an Express inspired web framework written in Go. Before 2.52.11, on Go versions prior to 1.24, the underlying crypto/rand implementation can return an error if secure randomness cannot be obtained. Because no error is returned by the Fiber v2 UUID functions, application code may unknowingly rely on predictable, repeated, or low-entropy identifiers in security-critical pathways. This is especially impactful because many Fiber v2 middleware components (session middleware, CSRF, rate limiting, request-ID generation, etc.) default to using utils.UUIDv4(). This vulnerability is fixed in 2.52.11.
Severity: 9.2 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-66630
Published : Feb. 9, 2026, 6:16 p.m. | 54 minutes ago
Description : Fiber is an Express inspired web framework written in Go. Before 2.52.11, on Go versions prior to 1.24, the underlying crypto/rand implementation can return an error if secure randomness cannot be obtained. Because no error is returned by the Fiber v2 UUID functions, application code may unknowingly rely on predictable, repeated, or low-entropy identifiers in security-critical pathways. This is especially impactful because many Fiber v2 middleware components (session middleware, CSRF, rate limiting, request-ID generation, etc.) default to using utils.UUIDv4(). This vulnerability is fixed in 2.52.11.
Severity: 9.2 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7432 - DPA countermeasures not reseeded under certain conditions
CVE ID : CVE-2025-7432
Published : Feb. 9, 2026, 6:16 p.m. | 54 minutes ago
Description : DPA countermeasures in Silicon Labs' Series 2 devices are not reseeded under certain conditions. This may allow an attacker to eventually extract secret keys through a DPA attack.
Severity: 1.0 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7432
Published : Feb. 9, 2026, 6:16 p.m. | 54 minutes ago
Description : DPA countermeasures in Silicon Labs' Series 2 devices are not reseeded under certain conditions. This may allow an attacker to eventually extract secret keys through a DPA attack.
Severity: 1.0 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21419 - Dell Display and Peripheral Manager Link Following Vulnerability
CVE ID : CVE-2026-21419
Published : Feb. 9, 2026, 6:16 p.m. | 54 minutes ago
Description : Dell Display and Peripheral Manager (Windows) versions prior to 2.2 contain an Improper Link Resolution Before File Access ('Link Following') vulnerability in the Installer and Service. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21419
Published : Feb. 9, 2026, 6:16 p.m. | 54 minutes ago
Description : Dell Display and Peripheral Manager (Windows) versions prior to 2.2 contain an Improper Link Resolution Before File Access ('Link Following') vulnerability in the Installer and Service. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2241 - janet-lang janet os.c os_strftime out-of-bounds
CVE ID : CVE-2026-2241
Published : Feb. 9, 2026, 6:16 p.m. | 54 minutes ago
Description : A vulnerability was found in janet-lang janet up to 1.40.1. This affects the function os_strftime of the file src/core/os.c. Performing a manipulation results in out-of-bounds read. The attack must be initiated from a local position. The exploit has been made public and could be used. The patch is named 0f285855f0e34f9183956be5f16e045f54626bff. To fix this issue, it is recommended to deploy a patch.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2241
Published : Feb. 9, 2026, 6:16 p.m. | 54 minutes ago
Description : A vulnerability was found in janet-lang janet up to 1.40.1. This affects the function os_strftime of the file src/core/os.c. Performing a manipulation results in out-of-bounds read. The attack must be initiated from a local position. The exploit has been made public and could be used. The patch is named 0f285855f0e34f9183956be5f16e045f54626bff. To fix this issue, it is recommended to deploy a patch.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2242 - janet-lang janet specials.c janetc_if out-of-bounds
CVE ID : CVE-2026-2242
Published : Feb. 9, 2026, 6:16 p.m. | 54 minutes ago
Description : A vulnerability was determined in janet-lang janet up to 1.40.1. This impacts the function janetc_if of the file src/core/specials.c. Executing a manipulation can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. This patch is called c43e06672cd9dacf2122c99f362120a17c34b391. It is advisable to implement a patch to correct this issue.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2242
Published : Feb. 9, 2026, 6:16 p.m. | 54 minutes ago
Description : A vulnerability was determined in janet-lang janet up to 1.40.1. This impacts the function janetc_if of the file src/core/specials.c. Executing a manipulation can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. This patch is called c43e06672cd9dacf2122c99f362120a17c34b391. It is advisable to implement a patch to correct this issue.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25812 - PlaciPy is Missing CSRF Protection on State-Changing Endpoints
CVE ID : CVE-2026-25812
Published : Feb. 9, 2026, 10:16 p.m. | 55 minutes ago
Description : PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application enables credentialed CORS requests but does not implement any CSRF protection mechanism.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25812
Published : Feb. 9, 2026, 10:16 p.m. | 55 minutes ago
Description : PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application enables credentialed CORS requests but does not implement any CSRF protection mechanism.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25813 - PlaciPy Exposes Sensitive Data via Application Logs
CVE ID : CVE-2026-25813
Published : Feb. 9, 2026, 10:16 p.m. | 55 minutes ago
Description : PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The application logs highly sensitive data directly to console output without masking or redaction.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25813
Published : Feb. 9, 2026, 10:16 p.m. | 55 minutes ago
Description : PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The application logs highly sensitive data directly to console output without masking or redaction.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25814 - NoSQL Injection Risk via Unsanitized Query Parameters
CVE ID : CVE-2026-25814
Published : Feb. 9, 2026, 10:16 p.m. | 55 minutes ago
Description : PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, User-controlled query parameters are passed directly into DynamoDB query/filter construction without validation or sanitization.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25814
Published : Feb. 9, 2026, 10:16 p.m. | 55 minutes ago
Description : PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, User-controlled query parameters are passed directly into DynamoDB query/filter construction without validation or sanitization.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25875 - PlaciPy Admin Privilege Escalation via Trusted JWT Claims
CVE ID : CVE-2026-25875
Published : Feb. 9, 2026, 10:16 p.m. | 55 minutes ago
Description : PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The admin authorization middleware trusts client-controlled JWT claims (role and scope) without enforcing server-side role verification.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25875
Published : Feb. 9, 2026, 10:16 p.m. | 55 minutes ago
Description : PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The admin authorization middleware trusts client-controlled JWT claims (role and scope) without enforcing server-side role verification.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25880 - Untrusted Search Path in SumatraPDF Reader (explorer.exe on Windows)
CVE ID : CVE-2026-25880
Published : Feb. 9, 2026, 10:16 p.m. | 55 minutes ago
Description : SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, the PDF reader allows execution of a malicious binary (explorer.exe) located in the same directory as the opened PDF when the user clicks File → “Show in folder”. This behavior leads to arbitrary code execution on the victim’s system with the privileges of the current user, without any warning or user interaction beyond the menu click.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25880
Published : Feb. 9, 2026, 10:16 p.m. | 55 minutes ago
Description : SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, the PDF reader allows execution of a malicious binary (explorer.exe) located in the same directory as the opened PDF when the user clicks File → “Show in folder”. This behavior leads to arbitrary code execution on the victim’s system with the privileges of the current user, without any warning or user interaction beyond the menu click.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25881 - @nyariv/sandboxjs has host prototype pollution from sandbox via array intermediary (sandbox escape)
CVE ID : CVE-2026-25881
Published : Feb. 9, 2026, 10:16 p.m. | 55 minutes ago
Description : SandboxJS is a JavaScript sandboxing library. Prior to 0.8.31, a sandbox escape vulnerability allows sandboxed code to mutate host built-in prototypes by laundering the isGlobal protection flag through array literal intermediaries. When a global prototype reference (e.g., Map.prototype, Set.prototype) is placed into an array and retrieved, the isGlobal taint is stripped, permitting direct prototype mutation from within the sandbox. This results in persistent host-side prototype pollution and may enable RCE in applications that use polluted properties in sensitive sinks (example gadget: execSync(obj.cmd)). This vulnerability is fixed in 0.8.31.
Severity: 9.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25881
Published : Feb. 9, 2026, 10:16 p.m. | 55 minutes ago
Description : SandboxJS is a JavaScript sandboxing library. Prior to 0.8.31, a sandbox escape vulnerability allows sandboxed code to mutate host built-in prototypes by laundering the isGlobal protection flag through array literal intermediaries. When a global prototype reference (e.g., Map.prototype, Set.prototype) is placed into an array and retrieved, the isGlobal taint is stripped, permitting direct prototype mutation from within the sandbox. This results in persistent host-side prototype pollution and may enable RCE in applications that use polluted properties in sensitive sinks (example gadget: execSync(obj.cmd)). This vulnerability is fixed in 0.8.31.
Severity: 9.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...