CVE-2026-2258 - aardappel lobster wfc.h WaveFunctionCollapse memory corruption
CVE ID : CVE-2026-2258
Published : Feb. 10, 2026, 12:16 a.m. | 2 hours, 55 minutes ago
Description : A flaw has been found in aardappel lobster up to 2025.4. Affected by this vulnerability is the function WaveFunctionCollapse in the library dev/src/lobster/wfc.h. Executing a manipulation can lead to memory corruption. The attack can only be executed locally. The exploit has been published and may be used. This patch is called c2047a33e1ac2c42ab7e8704b33f7ea518a11ffd. It is advisable to implement a patch to correct this issue.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2258
Published : Feb. 10, 2026, 12:16 a.m. | 2 hours, 55 minutes ago
Description : A flaw has been found in aardappel lobster up to 2025.4. Affected by this vulnerability is the function WaveFunctionCollapse in the library dev/src/lobster/wfc.h. Executing a manipulation can lead to memory corruption. The attack can only be executed locally. The exploit has been published and may be used. This patch is called c2047a33e1ac2c42ab7e8704b33f7ea518a11ffd. It is advisable to implement a patch to correct this issue.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24328 - Open Redirection vulnerability in Business Server Pages Application (TAF_APPLAUNCHER)
CVE ID : CVE-2026-24328
Published : 2026年2月10日 04:16 | 3 小时 ago
Description : SAP TAF_APPLAUNCHER within Business Server Pages allows unauthenticated attacker to craft malicious links that, when clicked by a victim, redirect them to attacker?controlled sites, potentially exposing or altering sensitive information in the victim�s browser. This results in a low impact on confidentiality and integrity, with no impact on the availability of the application.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-24328
Published : 2026年2月10日 04:16 | 3 小时 ago
Description : SAP TAF_APPLAUNCHER within Business Server Pages allows unauthenticated attacker to craft malicious links that, when clicked by a victim, redirect them to attacker?controlled sites, potentially exposing or altering sensitive information in the victim�s browser. This results in a low impact on confidentiality and integrity, with no impact on the availability of the application.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2259 - aardappel lobster Parsing parser.h ParseStatements memory corruption
CVE ID : CVE-2026-2259
Published : 2026年2月10日 04:16 | 3 小时 ago
Description : A vulnerability has been found in aardappel lobster up to 2025.4. Affected by this issue is the function lobster::Parser::ParseStatements in the library dev/src/lobster/parser.h of the component Parsing. The manipulation leads to memory corruption. The attack can only be performed from a local environment. The exploit has been disclosed to the public and may be used. The identifier of the patch is 2f45fe860d00990e79e13250251c1dde633f1f89. Applying a patch is the recommended action to fix this issue.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2259
Published : 2026年2月10日 04:16 | 3 小时 ago
Description : A vulnerability has been found in aardappel lobster up to 2025.4. Affected by this issue is the function lobster::Parser::ParseStatements in the library dev/src/lobster/parser.h of the component Parsing. The manipulation leads to memory corruption. The attack can only be performed from a local environment. The exploit has been disclosed to the public and may be used. The identifier of the patch is 2f45fe860d00990e79e13250251c1dde633f1f89. Applying a patch is the recommended action to fix this issue.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2260 - D-Link DCS-931L setSysAdmin os command injection
CVE ID : CVE-2026-2260
Published : 2026年2月10日 04:16 | 3 小时 ago
Description : A vulnerability was found in D-Link DCS-931L up to 1.13.0. This affects an unknown part of the file /goform/setSysAdmin. The manipulation of the argument AdminID results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2260
Published : 2026年2月10日 04:16 | 3 小时 ago
Description : A vulnerability was found in D-Link DCS-931L up to 1.13.0. This affects an unknown part of the file /goform/setSysAdmin. The manipulation of the argument AdminID results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25973 - "Apache HTTP Server Cross-Site Request Forgery"
CVE ID : CVE-2026-25973
Published : 2026年2月10日 05:16 | 1 小时,59 分钟 ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25973
Published : 2026年2月10日 05:16 | 1 小时,59 分钟 ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25974 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2026-25974
Published : 2026年2月10日 05:16 | 1 小时,59 分钟 ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25974
Published : 2026年2月10日 05:16 | 1 小时,59 分钟 ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25975 - Apache HTTP Server Remote Code Execution
CVE ID : CVE-2026-25975
Published : 2026年2月10日 05:16 | 1 小时,59 分钟 ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25975
Published : 2026年2月10日 05:16 | 1 小时,59 分钟 ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25976 - Apache HTTP Server Denial of Service
CVE ID : CVE-2026-25976
Published : 2026年2月10日 05:16 | 1 小时,59 分钟 ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25976
Published : 2026年2月10日 05:16 | 1 小时,59 分钟 ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25977 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2026-25977
Published : 2026年2月10日 05:16 | 1 小时,59 分钟 ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25977
Published : 2026年2月10日 05:16 | 1 小时,59 分钟 ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25978 - Apache HTTP Server Uninitialized Pointer
CVE ID : CVE-2026-25978
Published : 2026年2月10日 05:16 | 1 小时,59 分钟 ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25978
Published : 2026年2月10日 05:16 | 1 小时,59 分钟 ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25979 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2026-25979
Published : 2026年2月10日 05:16 | 1 小时,59 分钟 ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25979
Published : 2026年2月10日 05:16 | 1 小时,59 分钟 ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25980 - Apache OpenSSH Authentication Bypass
CVE ID : CVE-2026-25980
Published : 2026年2月10日 05:16 | 1 小时,59 分钟 ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25980
Published : 2026年2月10日 05:16 | 1 小时,59 分钟 ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25981 - Apache HTTP Server Deserialization
CVE ID : CVE-2026-25981
Published : 2026年2月10日 05:16 | 1 小时,59 分钟 ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25981
Published : 2026年2月10日 05:16 | 1 小时,59 分钟 ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12063 - Apache Data Object Reference Bypass
CVE ID : CVE-2025-12063
Published : 2026年2月10日 05:52 | 1 小时,23 分钟 ago
Description : An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions.
Severity: 5.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12063
Published : 2026年2月10日 05:52 | 1 小时,23 分钟 ago
Description : An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions.
Severity: 5.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11142 - VAPIX API Mediaclip.cgi Remote Code Execution Vulnerability
CVE ID : CVE-2025-11142
Published : 2026年2月10日 06:15 | 1 小时 ago
Description : The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11142
Published : 2026年2月10日 06:15 | 1 小时 ago
Description : The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11547 - AXIS Camera Station Pro Privilege Escalation Vulnerability
CVE ID : CVE-2025-11547
Published : 2026年2月10日 06:15 | 1 小时 ago
Description : AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a non-admin user.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11547
Published : 2026年2月10日 06:15 | 1 小时 ago
Description : AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a non-admin user.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12757 - AXIS Camera Station Pro Information Disclosure
CVE ID : CVE-2025-12757
Published : 2026年2月10日 06:15 | 1 小时 ago
Description : An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are not permitted to.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12757
Published : 2026年2月10日 06:15 | 1 小时 ago
Description : An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are not permitted to.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13064 - Apache HTTP Server Cross-Site Scripting (XSS)
CVE ID : CVE-2025-13064
Published : 2026年2月10日 06:15 | 1 小时 ago
Description : A server-side injection was possible for a malicious admin to manipulate the application to include a malicious script which is executed by the server. This attack is only possible if the admin uses a client that have been tampered with.
Severity: 4.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13064
Published : 2026年2月10日 06:15 | 1 小时 ago
Description : A server-side injection was possible for a malicious admin to manipulate the application to include a malicious script which is executed by the server. This attack is only possible if the admin uses a client that have been tampered with.
Severity: 4.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0996 - Fluent Forms <= 6.1.14 - Authenticated (Subscriber+) Stored Cross-Site Scripting via AI Form Builder Module
CVE ID : CVE-2026-0996
Published : 2026年2月10日 06:15 | 1 小时 ago
Description : The Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AI Form Builder module in all versions up to, and including, 6.1.14 due to a combination of missing authorization checks, a leaked nonce, and insufficient input sanitization. The vulnerability allows Subscriber-level users to trigger AI form generation via a protected endpoint. When prompted, AI services will typically return bare JavaScript code (without
CVE ID : CVE-2026-0996
Published : 2026年2月10日 06:15 | 1 小时 ago
Description : The Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AI Form Builder module in all versions up to, and including, 6.1.14 due to a combination of missing authorization checks, a leaked nonce, and insufficient input sanitization. The vulnerability allows Subscriber-level users to trigger AI form generation via a protected endpoint. When prompted, AI services will typically return bare JavaScript code (without
CVE-2026-2093 - Flowring|Docpedia - SQL Injection
CVE ID : CVE-2026-2093
Published : 2026年2月10日 06:45 | 30 分钟 ago
Description : Docpedia developed by Flowring has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2093
Published : 2026年2月10日 06:45 | 30 分钟 ago
Description : Docpedia developed by Flowring has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2094 - Flowring|Docpedia - SQL Injection
CVE ID : CVE-2026-2094
Published : 2026年2月10日 06:47 | 28 分钟 ago
Description : Docpedia developed by Flowring has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2094
Published : 2026年2月10日 06:47 | 28 分钟 ago
Description : Docpedia developed by Flowring has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...