CVE-2025-65127 - ZBT WE2001 Session Validation Bypass
CVE ID : CVE-2025-65127
Published : Feb. 11, 2026, 5:16 p.m. | 2 hours, 6 minutes ago
Description : A lack of session validation in the web API component of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote unauthenticated attackers to access administrative information-retrieval functions intended for authenticated users. By invoking "get_*" operations, attackers can obtain device configuration data, including plaintext credentials, without authentication or an existing session.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-65127
Published : Feb. 11, 2026, 5:16 p.m. | 2 hours, 6 minutes ago
Description : A lack of session validation in the web API component of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote unauthenticated attackers to access administrative information-retrieval functions intended for authenticated users. By invoking "get_*" operations, attackers can obtain device configuration data, including plaintext credentials, without authentication or an existing session.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24789 - ZLAN Information Technology ZLAN5143D Missing Authentication for Critical Function
CVE ID : CVE-2026-24789
Published : Feb. 11, 2026, 5:16 p.m. | 2 hours, 6 minutes ago
Description : An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-24789
Published : Feb. 11, 2026, 5:16 p.m. | 2 hours, 6 minutes ago
Description : An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25084 - ZLAN Information Technology ZLAN5143D Missing Authentication for Critical Function
CVE ID : CVE-2026-25084
Published : Feb. 11, 2026, 5:16 p.m. | 2 hours, 6 minutes ago
Description : Authentication for ZLAN5143D can be bypassed by directly accessing internal URLs.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25084
Published : Feb. 11, 2026, 5:16 p.m. | 2 hours, 6 minutes ago
Description : Authentication for ZLAN5143D can be bypassed by directly accessing internal URLs.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2313 - Google Chrome CSS Use-After-Free Heap Corruption Vulnerability
CVE ID : CVE-2026-2313
Published : Feb. 11, 2026, 6:08 p.m. | 1 hour, 15 minutes ago
Description : Use after free in CSS in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2313
Published : Feb. 11, 2026, 6:08 p.m. | 1 hour, 15 minutes ago
Description : Use after free in CSS in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2314 - Google Chrome Heap Buffer Overflow Vulnerability
CVE ID : CVE-2026-2314
Published : Feb. 11, 2026, 6:08 p.m. | 1 hour, 15 minutes ago
Description : Heap buffer overflow in Codecs in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2314
Published : Feb. 11, 2026, 6:08 p.m. | 1 hour, 15 minutes ago
Description : Heap buffer overflow in Codecs in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2315 - Google Chrome WebGPU Out-of-Bounds Memory Access Vulnerability
CVE ID : CVE-2026-2315
Published : Feb. 11, 2026, 6:08 p.m. | 1 hour, 15 minutes ago
Description : Inappropriate implementation in WebGPU in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2315
Published : Feb. 11, 2026, 6:08 p.m. | 1 hour, 15 minutes ago
Description : Inappropriate implementation in WebGPU in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2316 - Google Chrome UI Spoofing Vulnerability
CVE ID : CVE-2026-2316
Published : Feb. 11, 2026, 6:08 p.m. | 1 hour, 15 minutes ago
Description : Insufficient policy enforcement in Frames in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2316
Published : Feb. 11, 2026, 6:08 p.m. | 1 hour, 15 minutes ago
Description : Insufficient policy enforcement in Frames in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2317 - Google Chrome Animation Cross-Origin Data Leak Vulnerability
CVE ID : CVE-2026-2317
Published : Feb. 11, 2026, 6:08 p.m. | 1 hour, 15 minutes ago
Description : Inappropriate implementation in Animation in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2317
Published : Feb. 11, 2026, 6:08 p.m. | 1 hour, 15 minutes ago
Description : Inappropriate implementation in Animation in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2318 - Google Chrome PictureInPicture UI Spoofing Vulnerability
CVE ID : CVE-2026-2318
Published : Feb. 11, 2026, 6:08 p.m. | 1 hour, 15 minutes ago
Description : Inappropriate implementation in PictureInPicture in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2318
Published : Feb. 11, 2026, 6:08 p.m. | 1 hour, 15 minutes ago
Description : Inappropriate implementation in PictureInPicture in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2319 - Google Chrome DevTools Race Condition Object Corruption Vulnerability
CVE ID : CVE-2026-2319
Published : Feb. 11, 2026, 6:08 p.m. | 1 hour, 15 minutes ago
Description : Race in DevTools in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures and install a malicious extension to potentially exploit object corruption via a malicious file. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2319
Published : Feb. 11, 2026, 6:08 p.m. | 1 hour, 15 minutes ago
Description : Race in DevTools in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures and install a malicious extension to potentially exploit object corruption via a malicious file. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2320 - Google Chrome File Input UI Spoofing Vulnerability
CVE ID : CVE-2026-2320
Published : Feb. 11, 2026, 6:08 p.m. | 1 hour, 15 minutes ago
Description : Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2320
Published : Feb. 11, 2026, 6:08 p.m. | 1 hour, 15 minutes ago
Description : Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2321 - Google Chrome Ozone Use-After-Free Heap Corruption
CVE ID : CVE-2026-2321
Published : Feb. 11, 2026, 6:08 p.m. | 1 hour, 15 minutes ago
Description : Use after free in Ozone in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2321
Published : Feb. 11, 2026, 6:08 p.m. | 1 hour, 15 minutes ago
Description : Use after free in Ozone in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2322 - Google Chrome UI Spoofing Vulnerability
CVE ID : CVE-2026-2322
Published : Feb. 11, 2026, 6:08 p.m. | 1 hour, 14 minutes ago
Description : Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2322
Published : Feb. 11, 2026, 6:08 p.m. | 1 hour, 14 minutes ago
Description : Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2323 - Google Chrome UI Spoofing Vulnerability
CVE ID : CVE-2026-2323
Published : Feb. 11, 2026, 6:08 p.m. | 1 hour, 14 minutes ago
Description : Inappropriate implementation in Downloads in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2323
Published : Feb. 11, 2026, 6:08 p.m. | 1 hour, 14 minutes ago
Description : Inappropriate implementation in Downloads in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-65128 - Shenzhen Zhibotong Electronics ZBT WE2001 Unauthenticated Configuration Modification Vulnerability
CVE ID : CVE-2025-65128
Published : Feb. 11, 2026, 6:16 p.m. | 1 hour, 7 minutes ago
Description : A missing authentication mechanism in the web management API components of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows unauthenticated attackers on the local network to modify router and network configurations. By invoking operations whose names end with "*_nocommit" and supplying the parameters expected by the invoked function, an attacker can change configuration data, including SSID, Wi-Fi credentials, and administrative passwords, without authentication or an existing session.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-65128
Published : Feb. 11, 2026, 6:16 p.m. | 1 hour, 7 minutes ago
Description : A missing authentication mechanism in the web management API components of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows unauthenticated attackers on the local network to modify router and network configurations. By invoking operations whose names end with "*_nocommit" and supplying the parameters expected by the invoked function, an attacker can change configuration data, including SSID, Wi-Fi credentials, and administrative passwords, without authentication or an existing session.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-65480 - Pacom Unison Client Remote Code Execution Vulnerability
CVE ID : CVE-2025-65480
Published : Feb. 11, 2026, 6:16 p.m. | 1 hour, 7 minutes ago
Description : An issue was discovered in Pacom Unison Client 5.13.1. Authenticated users can inject malicious scripts in the Report Templates which are executed when certain script conditions are fulfilled, leading to Remote Code Execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-65480
Published : Feb. 11, 2026, 6:16 p.m. | 1 hour, 7 minutes ago
Description : An issue was discovered in Pacom Unison Client 5.13.1. Authenticated users can inject malicious scripts in the Report Templates which are executed when certain script conditions are fulfilled, leading to Remote Code Execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-69874 - Nanotar Path Traversal Vulnerability
CVE ID : CVE-2025-69874
Published : Feb. 11, 2026, 6:16 p.m. | 1 hour, 7 minutes ago
Description : nanotar through 0.2.0 has a path traversal vulnerability in parseTar() and parseTarGzip() that allows remote attackers to write arbitrary files outside the intended extraction directory via a crafted tar archive containing path traversal sequence.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-69874
Published : Feb. 11, 2026, 6:16 p.m. | 1 hour, 7 minutes ago
Description : nanotar through 0.2.0 has a path traversal vulnerability in parseTar() and parseTarGzip() that allows remote attackers to write arbitrary files outside the intended extraction directory via a crafted tar archive containing path traversal sequence.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-70029 - Sunbird-Ed SSL/TLS Certificate Validation Bypass Vulnerability
CVE ID : CVE-2025-70029
Published : Feb. 11, 2026, 6:16 p.m. | 1 hour, 6 minutes ago
Description : An issue in Sunbird-Ed SunbirdEd-portal v1.13.4 allows attackers to obtain sensitive information. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTP request options
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-70029
Published : Feb. 11, 2026, 6:16 p.m. | 1 hour, 6 minutes ago
Description : An issue in Sunbird-Ed SunbirdEd-portal v1.13.4 allows attackers to obtain sensitive information. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTP request options
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-70083 - OpenSatKit Stack Buffer Overflow Vulnerability
CVE ID : CVE-2025-70083
Published : Feb. 11, 2026, 6:16 p.m. | 1 hour, 6 minutes ago
Description : An issue was discovered in OpenSatKit 2.2.1. The DirName field in the telecommand is provided by the ground segment and must be treated as untrusted input. The program copies DirName into the local buffer DirWithSep using strcpy. The size of this buffer is OS_MAX_PATH_LEN. If the length of DirName is greater than or equal to OS_MAX_PATH_LEN, a stack buffer overflow occurs, overwriting adjacent stack memory. The path length check (FileUtil_AppendPathSep) is performed after the strcpy operation, meaning the validation occurs too late and cannot prevent the overflow.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-70083
Published : Feb. 11, 2026, 6:16 p.m. | 1 hour, 6 minutes ago
Description : An issue was discovered in OpenSatKit 2.2.1. The DirName field in the telecommand is provided by the ground segment and must be treated as untrusted input. The program copies DirName into the local buffer DirWithSep using strcpy. The size of this buffer is OS_MAX_PATH_LEN. If the length of DirName is greater than or equal to OS_MAX_PATH_LEN, a stack buffer overflow occurs, overwriting adjacent stack memory. The path length check (FileUtil_AppendPathSep) is performed after the strcpy operation, meaning the validation occurs too late and cannot prevent the overflow.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-70084 - OpenSatKit Directory Traversal Vulnerability
CVE ID : CVE-2025-70084
Published : Feb. 11, 2026, 6:16 p.m. | 1 hour, 6 minutes ago
Description : Directory traversal vulnerability in OpenSatKit 2.2.1 allows attackers to gain access to sensitive information or delete arbitrary files via crafted value to the FileUtil_GetFileInfo function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-70084
Published : Feb. 11, 2026, 6:16 p.m. | 1 hour, 6 minutes ago
Description : Directory traversal vulnerability in OpenSatKit 2.2.1 allows attackers to gain access to sensitive information or delete arbitrary files via crafted value to the FileUtil_GetFileInfo function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-70085 - OpenSatKit Stack Buffer Overflow
CVE ID : CVE-2025-70085
Published : Feb. 11, 2026, 6:16 p.m. | 1 hour, 6 minutes ago
Description : An issue was discovered in OpenSatKit 2.2.1. The EventErrStr buffer has a fixed size of 256 bytes. The code uses sprintf to format two filenames (Source1Filename and the string returned by FileUtil_FileStateStr) into this buffer without any length checking and without using bounded format specifiers such as %.*s. If the filename length approaches OS_MAX_PATH_LEN (commonly 64-256 bytes), the combined formatted string together with constant text can exceed 256 bytes, resulting in a stack buffer overflow. Such unsafe sprintf calls are scattered across multiple functions in file.c, including FILE_ConcatenateCmd() and ConcatenateFiles(), all of which fail to validate the output length.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-70085
Published : Feb. 11, 2026, 6:16 p.m. | 1 hour, 6 minutes ago
Description : An issue was discovered in OpenSatKit 2.2.1. The EventErrStr buffer has a fixed size of 256 bytes. The code uses sprintf to format two filenames (Source1Filename and the string returned by FileUtil_FileStateStr) into this buffer without any length checking and without using bounded format specifiers such as %.*s. If the filename length approaches OS_MAX_PATH_LEN (commonly 64-256 bytes), the combined formatted string together with constant text can exceed 256 bytes, resulting in a stack buffer overflow. Such unsafe sprintf calls are scattered across multiple functions in file.c, including FILE_ConcatenateCmd() and ConcatenateFiles(), all of which fail to validate the output length.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...