Latest CVE Feed
-
7.1
HIGHCVE-2025-23608
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Omar Mohamed Mohamoud LIVE TV allows Reflected XSS.This issue affects LIVE TV: from n/a through 1.2.... Read more
Affected Products :- Published: Dec. 31, 2025
- Modified: Jan. 20, 2026
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2023-7332
PocketMine-MP versions prior to 4.18.1 contain an improper input validation vulnerability in inventory transaction handling. A remote attacker with a valid player session can request that the server drop more items than are available in the player's hotba... Read more
Affected Products :- Published: Dec. 31, 2025
- Modified: Jan. 02, 2026
- Vuln Type: Denial of Service
-
7.1
HIGHCVE-2026-21684
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in `CIccTagSpectralViewingCondi... Read more
Affected Products : iccdev- Published: Jan. 07, 2026
- Modified: Jan. 12, 2026
- Vuln Type: Memory Corruption
-
7.1
HIGHCVE-2025-68878
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Prasadkirpekar Advanced Custom CSS allows Reflected XSS.This issue affects Advanced Custom CSS: from n/a through 1.1.0.... Read more
Affected Products :- Published: Dec. 29, 2025
- Modified: Jan. 20, 2026
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2025-23707
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matamko En Masse allows Reflected XSS.This issue affects En Masse: from n/a through 1.0.... Read more
Affected Products :- Published: Dec. 31, 2025
- Modified: Jan. 20, 2026
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2026-21685
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in `CIccTagLut16::Read()`. This... Read more
Affected Products : iccdev- Published: Jan. 07, 2026
- Modified: Jan. 12, 2026
- Vuln Type: Memory Corruption
-
7.1
HIGHCVE-2025-23550
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kemal YAZICI Product Puller allows Reflected XSS.This issue affects Product Puller: from n/a through 1.5.1.... Read more
Affected Products :- Published: Dec. 30, 2025
- Modified: Jan. 20, 2026
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2025-14631
A NULL Pointer Dereference vulnerability in TP-Link Archer BE400 V1(802.11 modules) allows an adjacent attacker to cause a denial-of-service (DoS) by triggering a device reboot. This issue affects Archer BE400: xi 1.1.0 Build 20250710 rel.14914.... Read more
Affected Products :- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Memory Corruption
-
7.1
HIGHCVE-2024-30547
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Shazdeh Header Image Slider header-image-slider allows DOM-Based XSS.This issue affects Header Image Slider: from n/a through 0.3.... Read more
Affected Products :- Published: Jan. 06, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2025-23719
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zckevin ZhinaTwitterWidget allows Reflected XSS.This issue affects ZhinaTwitterWidget: from n/a through 1.0.... Read more
Affected Products :- Published: Dec. 31, 2025
- Modified: Jan. 20, 2026
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2025-69085
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e-plugins JobBank allows Reflected XSS.This issue affects JobBank: from n/a through 1.2.2.... Read more
Affected Products :- Published: Jan. 06, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2026-22218
Chainlit versions prior to 2.9.4 contain an arbitrary file read vulnerability in the /project/element update flow. An authenticated client can send a custom Element with a user-controlled path value, causing the server to copy the referenced file into the... Read more
Affected Products :- Published: Jan. 20, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Path Traversal
-
7.1
HIGHCVE-2024-53735
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Corourke iPhone Webclip Manager allows Stored XSS.This issue affects iPhone Webclip Manager: from n/a through 0.5.... Read more
Affected Products :- Published: Jan. 05, 2026
- Modified: Jan. 20, 2026
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2025-2026
The NPort 6100-G2/6200-G2 Series is affected by a high-severity vulnerability (CVE-2025-2026) that allows remote attackers to execute a null byte injection through the device’s web API. This may lead to an unexpected device reboot and result in a denial-o... Read more
Affected Products :- Published: Dec. 31, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Injection
-
7.1
HIGHCVE-2026-21687
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have Undefined Behavior in `CIccTagCurve::CIccTagCurve(... Read more
Affected Products : iccdev- Published: Jan. 07, 2026
- Modified: Jan. 12, 2026
- Vuln Type: Memory Corruption
-
7.1
HIGHCVE-2025-4675
Improper Check for Unusual or Exceptional Conditions vulnerability in ABB WebPro SNMP Card PowerValue, ABB WebPro SNMP Card PowerValue UL.This issue affects WebPro SNMP Card PowerValue: through 1.1.8.K; WebPro SNMP Card PowerValue UL: through 1.1.8.K.... Read more
Affected Products :- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
-
7.1
HIGHCVE-2025-49345
Cross-Site Request Forgery (CSRF) vulnerability in mg12 WP-EasyArchives allows Stored XSS.This issue affects WP-EasyArchives: from n/a through 3.1.2.... Read more
Affected Products :- Published: Dec. 31, 2025
- Modified: Jan. 20, 2026
- Vuln Type: Cross-Site Request Forgery
-
7.1
HIGHCVE-2025-24528
In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash.... Read more
Affected Products : kerberos_5- Published: Jan. 16, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Memory Corruption
-
7.1
HIGHCVE-2026-21986
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure wh... Read more
Affected Products : vm_virtualbox- Published: Jan. 20, 2026
- Modified: Jan. 26, 2026
-
7.1
HIGHCVE-2025-32300
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital zoom studio DZS Video Gallery allows Reflected XSS.This issue affects DZS Video Gallery: from n/a through 12.25.... Read more
Affected Products :- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Cross-Site Scripting