Total
575 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-2641 | 2026-02-18 | 1.7 LOW | 3.3 LOW | ||
| A weakness has been identified in universal-ctags ctags up to 6.2.1. The affected element is the function parseExpression/parseExprList of the file parsers/v.c of the component V Language Parser. Executing a manipulation can lead to uncontrolled recursion. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet. | |||||
| CVE-2025-15572 | 1 Wasm3 Project | 1 Wasm3 | 2026-02-12 | 1.7 LOW | 3.3 LOW |
| A vulnerability has been found in wasm3 up to 0.5.0. The affected element is the function NewCodePage. The manipulation leads to memory leak. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. Unfortunately, the project has no active maintainer at the moment. | |||||
| CVE-2026-1739 | 1 Free5gc | 1 Pcf | 2026-02-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been found in Free5GC pcf up to 1.4.1. This affects the function HandleCreateSmPolicyRequest of the file internal/sbi/processor/smpolicy.go. The manipulation leads to null pointer dereference. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is df535f5524314620715e842baf9723efbeb481a7. Applying a patch is the recommended action to fix this issue. | |||||
| CVE-2026-2062 | 1 Open5gs | 1 Open5gs | 2026-02-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was identified in Open5GS up to 2.7.6. This affects the function sgwc_s5c_handle_modify_bearer_response/sgwc_sxa_handle_session_modification_response of the component PGW S5U Address Handler. The manipulation leads to null pointer dereference. The attack can be initiated remotely. The exploit is publicly available and might be used. The identifier of the patch is f1bbd7b57f831e2a070780a7d8d5d4c73babdb59. Applying a patch is the recommended action to fix this issue. | |||||
| CVE-2026-1973 | 1 Free5gc | 1 Free5gc | 2026-02-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was determined in Free5GC up to 4.1.0. The impacted element is the function establishPfcpSession of the component SMF. Executing a manipulation can lead to null pointer dereference. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. It is best practice to apply a patch to resolve this issue. | |||||
| CVE-2026-1974 | 1 Free5gc | 1 Free5gc | 2026-02-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was identified in Free5GC up to 4.1.0. This affects the function ResolveNodeIdToIp of the file internal/sbi/processor/datapath.go of the component SMF. The manipulation leads to denial of service. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2026-1975 | 1 Free5gc | 1 Free5gc | 2026-02-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| A security flaw has been discovered in Free5GC up to 4.1.0. This impacts the function identityTriggerType of the file pfcp_reports.go. The manipulation results in null pointer dereference. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. Applying a patch is advised to resolve this issue. | |||||
| CVE-2026-1976 | 1 Free5gc | 1 Free5gc | 2026-02-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| A weakness has been identified in Free5GC up to 4.1.0. Affected is the function SessionDeletionResponse of the component SMF. This manipulation causes null pointer dereference. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. It is suggested to install a patch to address this issue. | |||||
| CVE-2026-1990 | 2026-02-06 | 1.7 LOW | 3.3 LOW | ||
| A security vulnerability has been detected in oatpp up to 1.3.1. This impacts the function oatpp::data::type::ObjectWrapper::ObjectWrapper of the file src/oatpp/data/type/Type.hpp. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet. | |||||
| CVE-2025-69821 | 1 Beatxp | 2 Vega Smartwatch, Vega Smartwatch Firmware | 2026-02-02 | N/A | 7.4 HIGH |
| An issue in Beat XP VEGA Smartwatch (Firmware Version - RB303ATV006229) allows an attacker to cause a denial of service via the BLE connection | |||||
| CVE-2025-7209 | 1 9fans | 1 Plan9port | 2026-02-02 | 1.7 LOW | 3.3 LOW |
| A vulnerability has been found in 9fans plan9port up to 9da5b44 and classified as problematic. Affected by this vulnerability is the function value_decode in the library src/libsec/port/x509.c. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The identifier of the patch is deae8939583d83fd798fca97665e0e94656c3ee8. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2024-7887 | 1 Limesurvey | 1 Limesurvey | 2026-01-30 | 3.3 LOW | 2.7 LOW |
| A vulnerability was found in LimeSurvey 6.3.0-231016 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php of the component File Upload. The manipulation of the argument size leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-0731 | 1 Totolink | 2 Wa1200-poe, Wa1200-poe Firmware | 2026-01-29 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been found in TOTOLINK WA1200 5.9c.2914. The impacted element is an unknown function of the file cstecgi.cgi of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-55102 | 2026-01-29 | N/A | N/A | ||
| A denial-of-service vulnerability exists in the NetX IPv6 component functionality of Eclipse ThreadX NetX Duo. A specially crafted network packet of "Packet Too Big" with more than 15 different source address can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability. | |||||
| CVE-2026-21975 | 1 Oracle | 1 Java Virtual Machine | 2026-01-29 | N/A | 4.5 MEDIUM |
| Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.29 and 21.3-21.20. Easily exploitable vulnerability allows high privileged attacker having Authenticated User privilege with network access via Oracle Net to compromise Java VM. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java VM. CVSS 3.1 Base Score 4.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H). | |||||
| CVE-2025-52982 | 1 Juniper | 11 Junos, Mx10004, Mx10008 and 8 more | 2026-01-23 | N/A | 5.9 MEDIUM |
| An Improper Resource Shutdown or Release vulnerability in the SIP ALG of Juniper Networks Junos OS on MX Series with MS-MPC allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). When an MX Series device with an MS-MPC is configured with two or more service sets which are both processing SIP calls, a specific sequence of call events will lead to a crash and restart of the MS-MPC. This issue affects Junos OS: * all versions before 21.2R3-S9, * 21.4 versions from 21.4R1, * 22.2 versions before 22.2R3-S6, * 22.4 versions before 22.4R3-S6. As the MS-MPC is EoL after Junos OS 22.4, later versions are not affected. This issue does not affect MX-SPC3 or SRX Series devices. | |||||
| CVE-2024-36856 | 2026-01-15 | N/A | 7.5 HIGH | ||
| RMQTT Broker 0.4.0 allows remote attackers to cause a Denial of Service (daemon crash) via a large number of malicious packets. | |||||
| CVE-2025-49483 | 1 Asrmicro | 7 Asr1803, Asr1806, Asr1901 and 4 more | 2026-01-12 | N/A | 5.4 MEDIUM |
| Improper Resource Shutdown or Release vulnerability in ASR180x 、ASR190x in tr069 modules allows Resource Leak Exposure. This vulnerability is associated with program files tr069/tr069_uci.c. This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536. | |||||
| CVE-2025-49482 | 1 Asrmicro | 7 Asr1803, Asr1806, Asr1901 and 4 more | 2026-01-12 | N/A | 5.4 MEDIUM |
| Improper Resource Shutdown or Release vulnerability in ASR180x 、ASR190x in tr069 modules allows Resource Leak Exposure. This vulnerability is associated with program files tr069/tr098.c. This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536. | |||||
| CVE-2025-15229 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2026-01-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been found in Tenda CH22 up to 1.0.0.1. Affected by this vulnerability is the function fromDhcpListClient of the file /goform/DhcpListClient. Such manipulation of the argument LISTLEN leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||