Latest CVE Feed
-
7.5
HIGHCVE-2026-2164
A security flaw has been discovered in detronetdip E-commerce 1.0.0. This issue affects some unknown processing of the file /seller/assets/backend/profile/addadhar.php. Performing a manipulation of the argument File results in unrestricted upload. Remote ... Read more
Affected Products :- Published: Feb. 08, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Authentication
-
7.5
HIGHCVE-2025-40537
SolarWinds Web Help Desk was found to be susceptible to a hardcoded credentials vulnerability that, under certain situations, could allow access to administrative functions.... Read more
Affected Products : web_help_desk- Published: Jan. 28, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Authentication
-
7.5
HIGHCVE-2025-71003
An input validation vulnerability in the flow.arange() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.... Read more
Affected Products : oneflow- Published: Jan. 28, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-63657
An out-of-bounds read in the mk_mimetype_find function (mk_server/mk_mimetype.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.... Read more
Affected Products : monkey- Published: Jan. 29, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-63651
A use-after-free in the mk_string_char_search function (mk_core/mk_string.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.... Read more
Affected Products :- Published: Jan. 29, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-63650
An out-of-bounds read in the mk_ptr_to_buf in mk_core function (mk_memory.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.... Read more
Affected Products :- Published: Jan. 29, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2020-37206
ShareAlarmPro contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character buffer payload to trigger an application crash when pasted into the... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-56353
In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 (2024-02-18), a memory leak occurs due to the broker's failure to validate or reject malformed UTF-8 strings in topic filters. An attacker can exploit this by sending repeated subscription reques... Read more
Affected Products : tinymqtt- Published: Jan. 20, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2020-37215
MSN Password Recovery version 1.30 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized input in the registration code field. Attackers can generate a 9000-byte buffer of repeated characters a... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2026-2177
A vulnerability has been found in SourceCodester Prison Management System 1.0. The impacted element is an unknown function of the component Login. The manipulation leads to session fixiation. It is possible to initiate the attack remotely. The exploit has... Read more
- Published: Feb. 08, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authentication
-
7.5
HIGHCVE-2020-37210
SpotIE 2.9.5 contains a denial of service vulnerability in the registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Key' field to trigger an application crash.... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-61726
The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-en... Read more
Affected Products : go- Published: Jan. 28, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-52627
Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended modifications to critical system files, potentially increasing the risk of system compromise or unauthorized changes.This issue affects AION: 2.0.... Read more
Affected Products : aion- Published: Feb. 03, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Misconfiguration
-
7.5
HIGHCVE-2026-20402
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User intera... Read more
- Published: Feb. 02, 2026
- Modified: Feb. 17, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-68913
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in zozothemes Miion miion allows PHP Local File Inclusion.This issue affects Miion: from n/a through <= 1.2.7.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2026-25577
Emmett is a framework designed to simplify your development process. Prior to 1.3.11, the cookies property in mmett_core.http.wrappers.Request does not handle CookieError exceptions when parsing malformed Cookie headers. This allows unauthenticated attack... Read more
Affected Products :- Published: Feb. 10, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-69619
A path traversal in My Text Editor v1.6.2 allows attackers to cause a Denial of Service (DoS) via writing files to the internal storage.... Read more
Affected Products : my_teditor- Published: Feb. 05, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2020-37201
NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration name input that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application cr... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2020-37202
NetworkSleuth 3.0.0.0 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character buffer payload and paste it into the registration key field... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2026-25128
fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 5.0.9 through 5.3.3, a RangeError vulnerability exists in the numeric entity processing of fast-xm... Read more
Affected Products : fast-xml-parser- Published: Jan. 30, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Misconfiguration