Common Vulnerabilities and Exposures (CVE)

CVE-2026-0535

Feb 3, 2026 17:35:07 UTC

A maliciously crafted HTML payload, stored in a component’s description and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vul...

CVE-2026-24939

Feb 3, 2026 17:33:45 UTC

Missing Authorization vulnerability in WP Chill Modula Image Gallery modula-best-grid-gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Modula Image Gallery: from n/a through <= 2.13.6.

CVE-2025-66374

Feb 3, 2026 17:33:23 UTC

CyberArk Endpoint Privilege Manager Agent through 25.10.0 allows a local user to achieve privilege escalation through policy elevation of an Administration task.

CVE-2025-52624

Feb 3, 2026 17:31:27 UTC

A vulnerability  Bypass of the script allowlist configuration in HCL AION.  An Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended modifications to critical system files, potentially increasing ...

CVE-2026-24942

Feb 3, 2026 17:22:13 UTC

Cross-Site Request Forgery (CSRF) vulnerability in magepeopleteam WpEvently mage-eventpress allows Cross Site Request Forgery.This issue affects WpEvently: from n/a through <= 5.1.1.

CVE-2026-22228

Feb 3, 2026 17:20:34 UTC

An authenticated user with high privileges may trigger a denial‑of‑service condition in TP-Link Archer BE230 v1.2 by restoring a crafted configuration file containing an excessively long parameter. Restoring such a file can cause the device...

CVE-2019-19006

Feb 3, 2026 17:20:23 UTC

Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Control.

CVE-2025-64328

Feb 3, 2026 17:20:23 UTC

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions 17.0.2.36 and above before 17.0.3, the filestore module within the Administrative interface is vulnerable to a post-authentication command...

CVE-2021-39935

Feb 3, 2026 17:20:23 UTC

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Unauthorized external users could perform Se...

CVE-2026-1788

Feb 3, 2026 17:18:06 UTC

: Out-of-bounds Write vulnerability in Xquic Project Xquic Server xquic on Linux (QUIC protocol implementation, packet processing module modules) allows : Buffer Manipulation.This issue affects Xquic Server: through 1.8.3.

CVE-2024-1394

Feb 3, 2026 17:18:03 UTC

A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.g...

CVE-2025-41065

Feb 3, 2026 17:16:58 UTC

Stored Cross-Site Scripting (XSS) vulnerability type in LUNA software v7.5.5.6. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by inyecting a malicious payload through the 'Edit Batch Name' function...

CVE-2025-59902

Feb 3, 2026 17:16:31 UTC

HTML injection vulnerability in NICE Chat. This vulnerability allows an attacker to inject and render arbitrary HTML content in email transcripts by modifying the 'firstName' and 'lastName' parameters during a chat session. The injected HTM...

CVE-2026-22220

Feb 3, 2026 17:15:59 UTC

A lack of proper input validation in the HTTP processing path in TP-Link Archer BE230 v1.2 (web modules) may allow a crafted request to cause the device’s web service to become unresponsive, resulting in a denial of service condition. A net...

CVE-2025-36366

Feb 3, 2026 17:15:52 UTC

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a denial of service by executing a query that invokes the JSON_Object scalar function, which may trigger an unhandled exception leading to abnorma...