5.1

CVSS4.0

CVE-2026-1960 - Stored Cross-Site Scripting (XSS) vulnerability in Loggro Pymes

Stored Cross-Site Scripting (XSS) vulnerability in Loggro Pymes, via theย 'Facebook' parameter in '/loggrodemo/jbrain/ConsultaTerceros' endpoint.

๐Ÿ“… Published: Feb. 9, 2026, 11:41 a.m. ๐Ÿ”„ Last Modified: Feb. 9, 2026, 4:08 p.m.

5.1

CVSS4.0

CVE-2026-1959 - Stored Cross-Site Scripting (XSS) vulnerability in Loggro Pymes

Stored Cross-Site Scripting (XSS) vulnerability in Loggro Pymes, via the 'descripciรณn' parameter in the '/loggrodemo/jbrain/MaestraCuentasBancarias' endpoint.

๐Ÿ“… Published: Feb. 9, 2026, 11:41 a.m. ๐Ÿ”„ Last Modified: Feb. 9, 2026, 4:08 p.m.

5.4

CVSS3.1

CVE-2026-0632 - Fluent Forms Pro Add On Pack <= 6.1.12 - Authenticated (Subscriber+) Server-Side Request Forgery viโ€ฆ

The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.1.12 via the 'saveDataSource' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbiโ€ฆ

๐Ÿ“… Published: Feb. 9, 2026, 11:22 a.m. ๐Ÿ”„ Last Modified: Feb. 9, 2026, 4:08 p.m.

9.8

CVSS3.1

CVE-2025-6830 - SQLi in Xpoda Tรผrkiye Information Technology's Xpoda Studio

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xpoda Tรผrkiye Information Technology Inc. Xpoda Studio allows SQL Injection.This issue affects Xpoda Studio: through 09022026.ย NOTE: The vendor was contacted early about this disclosure but did notโ€ฆ

๐Ÿ“… Published: Feb. 9, 2026, 11:18 a.m. ๐Ÿ”„ Last Modified: Feb. 9, 2026, 4:08 p.m.

9.1

CVSS3.1

CVE-2026-25848 -

In JetBrains Hub before 2025.3.119807 authentication bypass allowing administrative actions was possible

๐Ÿ“… Published: Feb. 9, 2026, 10:39 a.m. ๐Ÿ”„ Last Modified: Feb. 10, 2026, 4:55 a.m.

8.2

CVSS3.1

CVE-2026-25847 -

In JetBrains PyCharm before 2025.3.2 a DOM-based XSS on Jupyter viewer page was possible

๐Ÿ“… Published: Feb. 9, 2026, 10:39 a.m. ๐Ÿ”„ Last Modified: Feb. 9, 2026, 4:08 p.m.

6.5

CVSS3.1

CVE-2026-25846 -

In JetBrains YouTrack before 2025.3.119033 access tokens could be exposed in Mailbox logs

๐Ÿ“… Published: Feb. 9, 2026, 10:38 a.m. ๐Ÿ”„ Last Modified: Feb. 9, 2026, 4:08 p.m.

6.5

CVSS3.1

CVE-2026-22922 - Apache Airflow: Airflow externalLogUrl Permission Bypass

Apache Airflow versions 3.1.0 through 3.1.6 contain an authorization flaw that can allow an authenticated user with custom permissions limited to task access to view task logs without having task log access. Users are recommended to upgrade to Apache Airflow 3.1.7 or later, which resolves this isโ€ฆ

๐Ÿ“… Published: Feb. 9, 2026, 10:33 a.m. ๐Ÿ”„ Last Modified: Feb. 9, 2026, 6:16 p.m.

6.5

CVSS3.1

CVE-2026-24098 - Apache Airflow: Assigning single DAG permission leaked all DAGs Import Errors

Apache Airflow versions before 3.1.7, has vulnerability that allows authenticated UI users with permission to one or more specific Dags to view import errors generated by other Dags they did not have access to. Users are advised to upgrade to 3.1.7 or later, which resolves this issue

๐Ÿ“… Published: Feb. 9, 2026, 10:32 a.m. ๐Ÿ”„ Last Modified: Feb. 9, 2026, 6:16 p.m.

5.1

CVSS4.0

CVE-2026-2227 - D-Link DCS-931L setSystemAdmin doSystem command injection

A vulnerability was found in D-Link DCS-931L up to 1.13.0. Impacted is the function doSystem of the file /setSystemAdmin. Performing a manipulation of the argument AdminID results in command injection. The attack may be initiated remotely. The exploit has been made public and could be used. This vuโ€ฆ

๐Ÿ“… Published: Feb. 9, 2026, 10:02 a.m. ๐Ÿ”„ Last Modified: Feb. 9, 2026, 4:08 p.m.
Total resulsts: 331841
Page 17 of 33,185
ยซ previous page ยป next page
Filters