Security Vulnerabilities
Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc. FlexCity/Kiosk allows Accessing Functionality Not Properly Constrained by ACLs, Privilege Escalation.This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36.
CVSS Score
8.8
EPSS Score
0.001
Published
2026-02-13
Authentication Bypass Using an Alternate Path or Channel vulnerability in Universal Software Inc. FlexCity/Kiosk allows Privilege Escalation.This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36.
CVSS Score
8.8
EPSS Score
0.001
Published
2026-02-13
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas.
This issue affects Apache Avro Java SDK: all versions through 1.11.4 and versionĀ 1.12.0.
Users are recommended to upgrade to version 1.12.1 or 1.11.5, which fix the issue.
CVSS Score
7.3
EPSS Score
0.0
Published
2026-02-13
Mattermost versions 10.11.x <= 10.11.9 fail to properly validate channel membership at the time of data retrieval which allows a deactivated user to learn team names they should not have access to via a race condition in the /common_teams API endpoint.. Mattermost Advisory ID: MMSA-2025-00549
CVSS Score
3.1
EPSS Score
0.0
Published
2026-02-13
Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have access to via the /create-issue API endpoint by providing the post ID of an inaccessible post.. Mattermost Advisory ID: MMSA-2025-00550
CVSS Score
4.3
EPSS Score
0.0
Published
2026-02-13
A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation.
If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated.
The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier
CVSS Score
6.5
EPSS Score
0.0
Published
2026-02-13
A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation.
If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated.
The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier
CVSS Score
6.5
EPSS Score
0.0
Published
2026-02-13
A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation.
If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated.
The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier
CVSS Score
6.5
EPSS Score
0.0
Published
2026-02-13
A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation.
If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated.
The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier
CVSS Score
6.5
EPSS Score
0.0
Published
2026-02-13
A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation.
If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated.
The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier
CVSS Score
6.5
EPSS Score
0.0
Published
2026-02-13