Total
1480 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-59030 | 1 Powerdns | 1 Recursor | 2026-02-19 | 7.5 High |
| An attacker can trigger the removal of cached records by sending a NOTIFY query over TCP. | ||||
| CVE-2023-29131 | 1 Siemens | 1 Simatic Cn 4100 Firmware | 2026-02-18 | 7.4 High |
| A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). Affected device consists of an incorrect default value in the SSH configuration. This could allow an attacker to bypass network isolation. | ||||
| CVE-2020-37160 | 1 Microsoft | 1 Windows | 2026-02-17 | 6.2 Medium |
| SprintWork 2.3.1 contains multiple local privilege escalation vulnerabilities through insecure file, service, and folder permissions on Windows systems. Local unprivileged users can exploit missing executable files and weak service configurations to create a new administrative user and gain complete system access. | ||||
| CVE-2026-24780 | 2 Agpt, Significant-gravitas | 2 Autogpt Platform, Autogpt | 2026-02-17 | 8.8 High |
| AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.44, AutoGPT Platform's block execution endpoints (both main web API and external API) allow executing blocks by UUID without checking the `disabled` flag. Any authenticated user can execute the disabled `BlockInstallationBlock`, which writes arbitrary Python code to the server filesystem and executes it via `__import__()`, achieving Remote Code Execution. In default self-hosted deployments where Supabase signup is enabled, an attacker can self-register; if signup is disabled (e.g., hosted), the attacker needs an existing account. autogpt-platform-beta-v0.6.44 contains a fix. | ||||
| CVE-2025-69604 | 1 Shirt-pocket | 2 Superduper!, Superduper\! | 2026-02-13 | 7.8 High |
| An issue in Shirt Pocket's SuperDuper! 3.11 and earlier allow a local attacker to modify the default task template to install an arbitrary package that can run shell scripts with root privileges and Full Disk Access, thus bypassing macOS privacy controls. | ||||
| CVE-2025-29801 | 1 Microsoft | 1 Autoupdate | 2026-02-13 | 7.8 High |
| Incorrect default permissions in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-22849 | 1 Intel | 1 Optane Pmem Management Software | 2026-02-11 | 6.7 Medium |
| Incorrect default permissions for the Intel(R) Optane(TM) PMem management software before versions CR_MGMT_01.00.00.3584, CR_MGMT_02.00.00.4052, CR_MGMT_03.00.00.0538 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | ||||
| CVE-2025-31655 | 1 Intel | 1 Battery Life Diagnostic Tool | 2026-02-11 | 6.7 Medium |
| Incorrect default permissions for some Intel(R) Battery Life Diagnostic Tool within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | ||||
| CVE-2025-36522 | 1 Intel | 1 Chipset Software | 2026-02-11 | 6.7 Medium |
| Incorrect default permissions for some Intel(R) Chipset Software before version 10.1.20266.8668 or later. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | ||||
| CVE-2025-15339 | 1 Tanium | 2 Discover, Service Discover | 2026-02-10 | 6.5 Medium |
| Tanium addressed an incorrect default permissions vulnerability in Discover. | ||||
| CVE-2025-15341 | 1 Tanium | 2 Benchmark, Service Benchmark | 2026-02-10 | 6.5 Medium |
| Tanium addressed an incorrect default permissions vulnerability in Benchmark. | ||||
| CVE-2025-15343 | 1 Tanium | 2 Enforce, Service Enforce | 2026-02-10 | 6.5 Medium |
| Tanium addressed an incorrect default permissions vulnerability in Enforce. | ||||
| CVE-2025-15335 | 1 Tanium | 2 Service Threatresponse, Threat Response | 2026-02-10 | 4.3 Medium |
| Tanium addressed an information disclosure vulnerability in Threat Response. | ||||
| CVE-2025-15334 | 1 Tanium | 2 Service Threatresponse, Threat Response | 2026-02-10 | 4.3 Medium |
| Tanium addressed an information disclosure vulnerability in Threat Response. | ||||
| CVE-2025-15333 | 1 Tanium | 2 Service Threatresponse, Threat Response | 2026-02-10 | 4.3 Medium |
| Tanium addressed an information disclosure vulnerability in Threat Response. | ||||
| CVE-2025-15340 | 1 Tanium | 2 Comply, Service Comply | 2026-02-10 | 6.5 Medium |
| Tanium addressed an incorrect default permissions vulnerability in Comply. | ||||
| CVE-2025-15338 | 1 Tanium | 2 Partner Integration, Service Partnerintegration | 2026-02-10 | 6.5 Medium |
| Tanium addressed an incorrect default permissions vulnerability in Partner Integration. | ||||
| CVE-2025-15337 | 1 Tanium | 2 Patch, Service Patch | 2026-02-10 | 6.5 Medium |
| Tanium addressed an incorrect default permissions vulnerability in Patch. | ||||
| CVE-2025-15336 | 1 Tanium | 2 Performance, Service Performance | 2026-02-10 | 6.5 Medium |
| Tanium addressed an incorrect default permissions vulnerability in Performance. | ||||
| CVE-2026-25931 | 1 Streetsidesoftware | 1 Vscode-spell-checker | 2026-02-10 | 7.8 High |
| vscode-spell-checker is a basic spell checker that works well with code and documents. Prior to v4.5.4, DocumentSettings._determineIsTrusted treats the configuration value cSpell.trustedWorkspace as the authoritative trust flag. The value defaults to true (package.json) and is read from workspace configuration each time settings are fetched. The code coerces any truthy value to true and forwards it to ConfigLoader.setIsTrusted , which in turn allows JavaScript/TypeScript configuration files ( .cspell.config.js/.mjs/.ts , etc.) to be located and executed. Because no VS Code workspace-trust state is consulted, an untrusted workspace can keep the flag true and place a malicious .cspell.config.js ; opening the workspace causes the extension host to execute attacker-controlled Node.js code with the user’s privileges. This vulnerability is fixed in v4.5.4. | ||||