Common Vulnerabilities and Exposures (CVE)

CVE-2020-37137

Feb 5, 2026 20:37:15 UTC

PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'add_panel_form()' function that allows attackers to execute arbitrary code through an eval() function with unsanitized POST data. Attackers can exploit the vulnerabil...

CVE-2020-37140

Feb 5, 2026 20:35:13 UTC

Everest, later referred to as AIDA64, 5.50.2100 contains a denial of service vulnerability that allows local attackers to crash the application by manipulating file open functionality. Attackers can generate a 450-byte buffer of repeated ch...

CVE-2025-15557

Feb 5, 2026 20:33:53 UTC

An Improper Certificate Validation vulnerability in TP-Link Tapo H100 v1 and Tapo P100 v1 allows an on-path attacker on the same network segment to intercept and modify encrypted device-cloud communications.  This may compromise the confide...

CVE-2025-68722

Feb 5, 2026 20:32:12 UTC

Axigen Mail Server before 10.5.57 and 10.6.x before 10.6.26 contains a Cross-Site Request Forgery (CSRF) vulnerability in the WebAdmin interface through improper handling of the _s (breadcrumb) parameter. The application accepts state-chang...

CVE-2025-15551

Feb 5, 2026 20:31:56 UTC

The response coming from TP-Link Archer MR200 v5.2, C20 v6, TL-WR850N v3, and TL-WR845N v4 for any request is getting executed by the JavaScript function like eval directly without any check. Attackers can exploit this vulnerability via a M...

CVE-2025-12131

Feb 5, 2026 20:29:04 UTC

A truncated 802.15.4 packet can lead to an assert, resulting in a denial of service.

CVE-2025-68721

Feb 5, 2026 20:27:56 UTC

Axigen Mail Server before 10.5.57 contains an improper access control vulnerability in the WebAdmin interface. A delegated admin account with zero permissions can bypass access control checks and gain unauthorized access to the SSL Certific...

CVE-2025-33081

Feb 5, 2026 20:24:21 UTC

IBM Concert 1.0.0 through 2.1.0 stores potentially sensitive information in log files that could be read by a local user.

CVE-2026-1884

Feb 5, 2026 20:23:57 UTC

A weakness has been identified in ZenTao up to 21.7.6-85642. The impacted element is the function fetchHook of the file module/webhook/model.php of the component Webhook Module. This manipulation causes server-side request forgery. The atta...

CVE-2026-1301

Feb 5, 2026 20:23:12 UTC

In builds with PubSub and JSON enabled, a crafted JSON message can cause the decoder to write beyond a heap-allocated array before authentication, reliably crashing the process and corrupting memory.

CVE-2026-1814

Feb 5, 2026 19:55:44 UTC

A security vulnerability has been identified in Rapid7 Nexpose. Remediation is in progress.

CVE-2025-5987

Feb 5, 2026 19:47:26 UTC

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occur...

CVE-2025-5318

Feb 5, 2026 19:47:19 UTC

A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle ...

CVE-2025-11234

Feb 5, 2026 19:36:44 UTC

A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. Th...

CVE-2026-1761

Feb 5, 2026 19:31:57 UTC

A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted mult...