3.1

CVSS3.1

CVE-2025-15289 - Tanium addressed an improper access controls vulnerability in Interact.

Tanium addressed an improper access controls vulnerability in Interact.

📅 Published: Feb. 5, 2026, 6:10 p.m. 🔄 Last Modified: Feb. 10, 2026, 5:31 p.m.

5.3

CVSS3.1

CVE-2025-58190 - Infinite parsing loop in golang.org/x/net

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.

📅 Published: Feb. 5, 2026, 5:48 p.m. 🔄 Last Modified: Feb. 18, 2026, 5:46 p.m.

7.4

CVSS3.1

CVE-2025-68121 - Unexpected session resumption in crypto/tls

During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returne…

📅 Published: Feb. 5, 2026, 5:48 p.m. 🔄 Last Modified: Feb. 20, 2026, 5:25 p.m.

5.3

CVSS3.1

CVE-2025-47911 - Quadratic parsing complexity in golang.org/x/net/html

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.

📅 Published: Feb. 5, 2026, 5:48 p.m. 🔄 Last Modified: Feb. 18, 2026, 5:48 p.m.

7.5

CVSS4.0

CVE-2025-15557 - Improper Certificate Validation in TP-Link Tapo H100 and P100 Allows Man-in-the-Middle Attack

An Improper Certificate Validation vulnerability in TP-Link Tapo H100 v1 and Tapo P100 v1 allows an on-path attacker on the same network segment to intercept and modify encrypted device-cloud communications.  This may compromise the confidentiality and integrity of device-to-cloud communication, en…

📅 Published: Feb. 5, 2026, 5:45 p.m. 🔄 Last Modified: Feb. 12, 2026, 5:29 p.m.

7.4

CVSS3.1

CVE-2026-1707 - Restore restriction bypass via key disclosure vulnerability (pgAdmin 4)

pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract the…

📅 Published: Feb. 5, 2026, 5:30 p.m. 🔄 Last Modified: Feb. 26, 2026, 10:20 p.m.

5.9

CVSS4.0

CVE-2025-15551 - LAN Code Execution on TP-Link Archer MR200, Archer C20, TL-WR850N and TL-WR845N

The response coming from TP-Link Archer MR200 v5.2, C20 v6, TL-WR850N v3, and TL-WR845N v4 for any request is getting executed by the JavaScript function like eval directly without any check. Attackers can exploit this vulnerability via a Man-in-the-Middle (MitM) attack to execute JavaScript code o…

📅 Published: Feb. 5, 2026, 5:22 p.m. 🔄 Last Modified: Feb. 12, 2026, 4:24 p.m.

7

CVSS4.0

CVE-2026-0715 - Bootloader Password Disclosure Allows Physical Device Denial-of-Service

Moxa Arm-based industrial computers running Moxa Industrial Linux Secure use a device-unique bootloader password provided on the device. An attacker with physical access to the device could use this information to access the bootloader menu via a serial interface.  Access to the bootloader menu doe…

📅 Published: Feb. 5, 2026, 5:01 p.m. 🔄 Last Modified: April 18, 2026, 1:45 p.m.

7

CVSS4.0

CVE-2026-0714 -

A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an SPI bus. Exploitation requires invasive physical access, including opening the device and attachin…

📅 Published: Feb. 5, 2026, 4:58 p.m. 🔄 Last Modified: April 17, 2026, 11:15 p.m.

5.1

CVSS4.0

CVE-2020-37148 - P5 FNIP-8x16A/FNIP-4xSH 1.0.20, 1.0.11 - Stored Cross-Site Scripting (XSS)

P5 FNIP-8x16A/FNIP-4xSH versions 1.0.20 and 1.0.11 suffer from a stored cross-site scripting vulnerability. Input passed to several GET/POST parameters is not properly sanitized before being returned to the user, allowing attackers to execute arbitrary HTML and script code in a user's browser sessi…

📅 Published: Feb. 5, 2026, 4:14 p.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.
Total resulsts: 345248
Page 1393 of 34,525
« previous page » next page
Filters