CVE-2026-25978 - Apache HTTP Server Uninitialized Pointer
CVE ID : CVE-2026-25978
Published : 2026年2月10日 05:16 | 1 小时,59 分钟 ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25978
Published : 2026年2月10日 05:16 | 1 小时,59 分钟 ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25979 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2026-25979
Published : 2026年2月10日 05:16 | 1 小时,59 分钟 ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25979
Published : 2026年2月10日 05:16 | 1 小时,59 分钟 ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25980 - Apache OpenSSH Authentication Bypass
CVE ID : CVE-2026-25980
Published : 2026年2月10日 05:16 | 1 小时,59 分钟 ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25980
Published : 2026年2月10日 05:16 | 1 小时,59 分钟 ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25981 - Apache HTTP Server Deserialization
CVE ID : CVE-2026-25981
Published : 2026年2月10日 05:16 | 1 小时,59 分钟 ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25981
Published : 2026年2月10日 05:16 | 1 小时,59 分钟 ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12063 - Apache Data Object Reference Bypass
CVE ID : CVE-2025-12063
Published : 2026年2月10日 05:52 | 1 小时,23 分钟 ago
Description : An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions.
Severity: 5.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12063
Published : 2026年2月10日 05:52 | 1 小时,23 分钟 ago
Description : An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions.
Severity: 5.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11142 - VAPIX API Mediaclip.cgi Remote Code Execution Vulnerability
CVE ID : CVE-2025-11142
Published : 2026年2月10日 06:15 | 1 小时 ago
Description : The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11142
Published : 2026年2月10日 06:15 | 1 小时 ago
Description : The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11547 - AXIS Camera Station Pro Privilege Escalation Vulnerability
CVE ID : CVE-2025-11547
Published : 2026年2月10日 06:15 | 1 小时 ago
Description : AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a non-admin user.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11547
Published : 2026年2月10日 06:15 | 1 小时 ago
Description : AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a non-admin user.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12757 - AXIS Camera Station Pro Information Disclosure
CVE ID : CVE-2025-12757
Published : 2026年2月10日 06:15 | 1 小时 ago
Description : An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are not permitted to.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12757
Published : 2026年2月10日 06:15 | 1 小时 ago
Description : An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are not permitted to.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13064 - Apache HTTP Server Cross-Site Scripting (XSS)
CVE ID : CVE-2025-13064
Published : 2026年2月10日 06:15 | 1 小时 ago
Description : A server-side injection was possible for a malicious admin to manipulate the application to include a malicious script which is executed by the server. This attack is only possible if the admin uses a client that have been tampered with.
Severity: 4.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13064
Published : 2026年2月10日 06:15 | 1 小时 ago
Description : A server-side injection was possible for a malicious admin to manipulate the application to include a malicious script which is executed by the server. This attack is only possible if the admin uses a client that have been tampered with.
Severity: 4.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-0996 - Fluent Forms <= 6.1.14 - Authenticated (Subscriber+) Stored Cross-Site Scripting via AI Form Builder Module
CVE ID : CVE-2026-0996
Published : 2026年2月10日 06:15 | 1 小时 ago
Description : The Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AI Form Builder module in all versions up to, and including, 6.1.14 due to a combination of missing authorization checks, a leaked nonce, and insufficient input sanitization. The vulnerability allows Subscriber-level users to trigger AI form generation via a protected endpoint. When prompted, AI services will typically return bare JavaScript code (without
CVE ID : CVE-2026-0996
Published : 2026年2月10日 06:15 | 1 小时 ago
Description : The Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AI Form Builder module in all versions up to, and including, 6.1.14 due to a combination of missing authorization checks, a leaked nonce, and insufficient input sanitization. The vulnerability allows Subscriber-level users to trigger AI form generation via a protected endpoint. When prompted, AI services will typically return bare JavaScript code (without
CVE-2026-2093 - Flowring|Docpedia - SQL Injection
CVE ID : CVE-2026-2093
Published : 2026年2月10日 06:45 | 30 分钟 ago
Description : Docpedia developed by Flowring has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2093
Published : 2026年2月10日 06:45 | 30 分钟 ago
Description : Docpedia developed by Flowring has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2094 - Flowring|Docpedia - SQL Injection
CVE ID : CVE-2026-2094
Published : 2026年2月10日 06:47 | 28 分钟 ago
Description : Docpedia developed by Flowring has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2094
Published : 2026年2月10日 06:47 | 28 分钟 ago
Description : Docpedia developed by Flowring has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2095 - Flowring|Agentflow - Authentication Bypass
CVE ID : CVE-2026-2095
Published : 2026年2月10日 06:53 | 22 分钟 ago
Description : Agentflow developed by Flowring has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to exploit a specific functionality to obtain arbitrary user authentication token and log into the system as any user.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2095
Published : 2026年2月10日 06:53 | 22 分钟 ago
Description : Agentflow developed by Flowring has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to exploit a specific functionality to obtain arbitrary user authentication token and log into the system as any user.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2096 - Flowring|Agentflow - Missing Authenticaton
CVE ID : CVE-2026-2096
Published : 2026年2月10日 06:59 | 16 分钟 ago
Description : Agentflow developed by Flowring has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2096
Published : 2026年2月10日 06:59 | 16 分钟 ago
Description : Agentflow developed by Flowring has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2097 - Flowring|Agentflow - Arbitrary File Upload
CVE ID : CVE-2026-2097
Published : 2026年2月10日 07:02 | 13 分钟 ago
Description : Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2097
Published : 2026年2月10日 07:02 | 13 分钟 ago
Description : Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2098 - Flowring|AgentFlow - Reflected Cross-site Scripting
CVE ID : CVE-2026-2098
Published : 2026年2月10日 07:06 | 9 分钟 ago
Description : AgentFlow developed by Flowring has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2098
Published : 2026年2月10日 07:06 | 9 分钟 ago
Description : AgentFlow developed by Flowring has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2099 - Flowring|AgentFlow - Stored Cross-Site Scripting
CVE ID : CVE-2026-2099
Published : 2026年2月10日 07:09 | 6 分钟 ago
Description : AgentFlow developed by Flowring has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject persistent JavaScript codes that are executed in users' browsers upon page load.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2099
Published : 2026年2月10日 07:09 | 6 分钟 ago
Description : AgentFlow developed by Flowring has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject persistent JavaScript codes that are executed in users' browsers upon page load.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-1722 - WCFM Marketplace <= 3.7.0 - Insecure Direct Object Reference to Unauthenticated Arbitrary Refund Request Creation
CVE ID : CVE-2026-1722
Published : Feb. 10, 2026, 8:15 a.m. | 3 hours ago
Description : The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.7.0. This is due to the plugin not implementing authorization checks in the `wcfm-refund-requests-form` AJAX controller. This makes it possible for unauthenticated attackers to create arbitrary refund requests for any order ID and item ID, potentially leading to financial loss if automatic refund approval is enabled in the plugin settings.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-1722
Published : Feb. 10, 2026, 8:15 a.m. | 3 hours ago
Description : The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.7.0. This is due to the plugin not implementing authorization checks in the `wcfm-refund-requests-form` AJAX controller. This makes it possible for unauthenticated attackers to create arbitrary refund requests for any order ID and item ID, potentially leading to financial loss if automatic refund approval is enabled in the plugin settings.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11242 - SSRF in Teknolist Computer's Okulistik
CVE ID : CVE-2025-11242
Published : Feb. 10, 2026, 9:16 a.m. | 2 hours ago
Description : Server-Side Request Forgery (SSRF) vulnerability in Teknolist Computer Systems Software Publishing Industry and Trade Inc. Okulistik allows Server Side Request Forgery.This issue affects Okulistik: through 21102025.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11242
Published : Feb. 10, 2026, 9:16 a.m. | 2 hours ago
Description : Server-Side Request Forgery (SSRF) vulnerability in Teknolist Computer Systems Software Publishing Industry and Trade Inc. Okulistik allows Server Side Request Forgery.This issue affects Okulistik: through 21102025.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-15569 - Artifex MuPDF win_main.c get_system_dpi uncontrolled search path
CVE ID : CVE-2025-15569
Published : Feb. 10, 2026, 10:02 a.m. | 1 hour, 14 minutes ago
Description : A flaw has been found in Artifex MuPDF up to 1.26.1 on Windows. The impacted element is the function get_system_dpi of the file platform/x11/win_main.c. This manipulation causes uncontrolled search path. The attack requires local access. The attack is considered to have high complexity. The exploitability is regarded as difficult. Upgrading to version 1.26.2 is sufficient to resolve this issue. Patch name: ebb125334eb007d64e579204af3c264aadf2e244. Upgrading the affected component is recommended.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-15569
Published : Feb. 10, 2026, 10:02 a.m. | 1 hour, 14 minutes ago
Description : A flaw has been found in Artifex MuPDF up to 1.26.1 on Windows. The impacted element is the function get_system_dpi of the file platform/x11/win_main.c. This manipulation causes uncontrolled search path. The attack requires local access. The attack is considered to have high complexity. The exploitability is regarded as difficult. Upgrading to version 1.26.2 is sufficient to resolve this issue. Patch name: ebb125334eb007d64e579204af3c264aadf2e244. Upgrading the affected component is recommended.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-52334 - "Siemens syngo.plaza Password Decryption Vulnerability"
CVE ID : CVE-2024-52334
Published : Feb. 10, 2026, 10:15 a.m. | 1 hour ago
Description : A vulnerability has been identified in syngo.plaza VB30E (All versions < VB30E_HF07). The affected application does not encrypt the passwords properly. This could allow an attacker to recover the original passwords and might gain unauthorized access.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-52334
Published : Feb. 10, 2026, 10:15 a.m. | 1 hour ago
Description : A vulnerability has been identified in syngo.plaza VB30E (All versions < VB30E_HF07). The affected application does not encrypt the passwords properly. This could allow an attacker to recover the original passwords and might gain unauthorized access.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...