Security Vulnerabilities
An array index out of bounds vulnerability in the AMF component of free5GC v4.0.1 allows remote attackers to cause a denial of service via a crafted 5GS Mobile Identity in a NAS Registration Request message. The issue occurs in the GetSUCI method (NAS_MobileIdentity5GS.go) when accessing index 5 of a 5-element array, leading to a runtime panic and AMF crash.
CVSS Score
7.5
EPSS Score
0.001
Published
2026-02-13
A cross-site scripting (XSS) vulnerability in the item management and sales invoice function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-02-13
A cross-site scripting (XSS) vulnerability in the Customers function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Phone Number parameter.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-02-13
An issue in OpenSourcePOS v3.4.1 allows attackers to execute arbitrary code via returning a crafted AJAX response.
CVSS Score
7.4
EPSS Score
0.001
Published
2026-02-13
A cross-site scripting (XSS) vulnerability in the Generate Item Barcode function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Item Category parameter.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-02-13
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, The fix for CVE-2023-33968 is incomplete. The TaskCreationController::duplicateProjects() endpoint does not validate user permissions for target projects, allowing authenticated users to duplicate tasks into projects they cannot access. This vulnerability is fixed in 1.2.50.
CVSS Score
4.3
EPSS Score
0.0
Published
2026-02-13
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas.
This issue affects Apache Avro Java SDK: all versions through 1.11.4 and versionĀ 1.12.0.
Users are recommended to upgrade to version 1.12.1 or 1.11.5, which fix the issue.
CVSS Score
7.3
EPSS Score
0.0
Published
2026-02-13
Mattermost versions 10.11.x <= 10.11.9 fail to properly validate channel membership at the time of data retrieval which allows a deactivated user to learn team names they should not have access to via a race condition in the /common_teams API endpoint.. Mattermost Advisory ID: MMSA-2025-00549
CVSS Score
3.1
EPSS Score
0.0
Published
2026-02-13
Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have access to via the /create-issue API endpoint by providing the post ID of an inaccessible post.. Mattermost Advisory ID: MMSA-2025-00550
CVSS Score
4.3
EPSS Score
0.0
Published
2026-02-13
CVE-2026-25108
FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command.
Known exploited
CVSS Score
8.8
EPSS Score
0.186
Published
2026-02-13