Security Vulnerabilities
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas.
This issue affects Apache Avro Java SDK: all versions through 1.11.4 and versionĀ 1.12.0.
Users are recommended to upgrade to version 1.12.1 or 1.11.5, which fix the issue.
CVSS Score
7.3
EPSS Score
0.0
Published
2026-02-13
Mattermost versions 10.11.x <= 10.11.9 fail to properly validate channel membership at the time of data retrieval which allows a deactivated user to learn team names they should not have access to via a race condition in the /common_teams API endpoint.. Mattermost Advisory ID: MMSA-2025-00549
CVSS Score
3.1
EPSS Score
0.0
Published
2026-02-13
Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have access to via the /create-issue API endpoint by providing the post ID of an inaccessible post.. Mattermost Advisory ID: MMSA-2025-00550
CVSS Score
4.3
EPSS Score
0.0
Published
2026-02-13
A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation.
If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated.
The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier
CVSS Score
6.5
EPSS Score
0.0
Published
2026-02-13
A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation.
If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated.
The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier
CVSS Score
6.5
EPSS Score
0.0
Published
2026-02-13
A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation.
If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated.
The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier
CVSS Score
6.5
EPSS Score
0.0
Published
2026-02-13
A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation.
If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated.
The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier
CVSS Score
6.5
EPSS Score
0.0
Published
2026-02-13
A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation.
If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated.
The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier
CVSS Score
6.5
EPSS Score
0.0
Published
2026-02-13
A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation.
If affected product receive maliciously crafted packets, a DoS attack may cause Vnet/IP communication functions to stop or arbitrary programs to be executed.
The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier
CVSS Score
8.2
EPSS Score
0.0
Published
2026-02-13
CVE-2026-25108
FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command.
Known exploited
CVSS Score
8.8
EPSS Score
0.186
Published
2026-02-13