Security Vulnerabilities
Tanium addressed an improper output sanitization vulnerability in Tanium Appliance.
CVSS Score
6.6
EPSS Score
0.001
Published
2026-02-05
Tanium addressed an improper input validation vulnerability in Tanium Appliance.
CVSS Score
2.7
EPSS Score
0.0
Published
2026-02-05
Tanium addressed an improper certificate validation vulnerability in Tanium Appliance.
CVSS Score
3.7
EPSS Score
0.0
Published
2026-02-05
pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract the `\restrict` key in real time, and race the restore process by overwriting the restore script with a payload that re-enables meta-commands using `\unrestrict <key>`. This results in reliable command execution on the pgAdmin host during the restore operation.
CVSS Score
7.4
EPSS Score
0.0
Published
2026-02-05
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.
CVSS Score
10.0
EPSS Score
0.0
Published
2026-02-05
An issue in ChestnutCMS v.1.5.8 and before allows a remote attacker to execute arbitrary code via the template creation function
CVSS Score
7.2
EPSS Score
0.003
Published
2026-02-05
The response coming from TP-Link Archer MR200 v5.2, C20 v6, TL-WR850N v3, and TL-WR845N v4 for any request is getting executed by the JavaScript function like eval directly without any check. Attackers can exploit this vulnerability via a Man-in-the-Middle (MitM) attack to execute JavaScript code on the router's admin web portal without the user's permission or knowledge.
CVSS Score
5.6
EPSS Score
0.0
Published
2026-02-05
An Improper Certificate Validation vulnerability in TP-Link Tapo H100 v1 and Tapo P100 v1 allows an on-path attacker on the same network segment to intercept and modify encrypted device-cloud communications. This may compromise the confidentiality and integrity of device-to-cloud communication, enabling manipulation of device data or operations.
CVSS Score
8.8
EPSS Score
0.0
Published
2026-02-05
Cross Site Scripting vulnerability in the "/admin/order/abandoned" endpoint of Microweber 2.0.19. An attacker can manipulate the "orderDirection" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The issue was reported to the developers and fixed in version 2.0.20.
CVSS Score
6.1
EPSS Score
0.0
Published
2026-02-05
Cross Site Scripting vulnerability in the "/admin/category/create" endpoint of Microweber 2.0.19. An attacker can manipulate the "rel_id" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The issue was reported to the developers and fixed in version 2.0.20.
CVSS Score
6.1
EPSS Score
0.0
Published
2026-02-05