Common Vulnerabilities and Exposures (CVE)

CVE-2025-7195

Feb 13, 2026 05:37:54 UTC

Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup, which modifies the permissions of the /etc/pass...

CVE-2025-48023

Feb 13, 2026 05:00:05 UTC

A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. The affected products and ver...

CVE-2025-48022

Feb 13, 2026 04:58:12 UTC

A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. The affected products and ver...

CVE-2025-52541

Feb 13, 2026 04:56:41 UTC

A DLL hijacking vulnerability in Vivado could allow a local attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

CVE-2025-52533

Feb 13, 2026 04:56:40 UTC

Improper Access Control in an on-chip debug interface could allow a privileged attacker to enable a debug interface and potentially compromise data confidentiality or integrity.

CVE-2024-36319

Feb 13, 2026 04:56:39 UTC

Debug code left active in AMD's Video Decoder Engine Firmware (VCN FW) could allow a attacker to submit a maliciously crafted command causing the VCN FW to perform read/writes HW registers, potentially impacting confidentiality, integrity a...

CVE-2025-55210

Feb 13, 2026 04:56:39 UTC

FreePBX is an open-source web-based graphical user interface (GUI) that manages Asterisk. Prior to 17.0.5 and 16.0.17, FreePBX module api (PBX API) is vulnerable to privilege escalation by authenticated users with REST/GraphQL API access. T...

CVE-2026-1837

Feb 13, 2026 04:56:38 UTC

A specially-crafted file can cause libjxl's decoder to write pixel data to uninitialized unallocated memory. Soon after that data from another uninitialized unallocated region is copied to pixel data. This can be done by requesting color t...

CVE-2026-23856

Feb 13, 2026 04:56:37 UTC

Dell iDRAC Service Module (iSM) for Windows, versions prior to 6.0.3.1, and Dell iDRAC Service Module (iSM) for Linux, versions prior to 5.4.1.1, contain an Improper Access Control vulnerability. A low privileged attacker with local access ...

CVE-2026-20615

Feb 13, 2026 04:56:36 UTC

A path handling issue was addressed with improved validation. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, visionOS 26.3. An app may be able to gain root privileges.

CVE-2026-20614

Feb 13, 2026 04:56:36 UTC

A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3, macOS Sonoma 14.8.4. An app may be able to gain root privileges.

CVE-2026-20617

Feb 13, 2026 04:56:35 UTC

A race condition was addressed with improved state handling. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An app may be able to gain root privileges.

CVE-2026-20626

Feb 13, 2026 04:56:34 UTC

This issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A malicious app may be able to gain root privileges.

CVE-2026-23857

Feb 13, 2026 04:56:33 UTC

Dell Update Package (DUP) Framework, versions 23.12.00 through 24.12.00, contains an Improper Handling of Insufficient Permissions or Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulne...

CVE-2026-2004

Feb 13, 2026 04:56:32 UTC

Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8...