Latest CVE Feed
-
7.3
HIGHCVE-2026-2542
A weakness has been identified in Total VPN 0.5.29.0 on Windows. Affected by this vulnerability is an unknown functionality of the file C:\Program Files\Total VPN\win-service.exe. Executing a manipulation can lead to unquoted search path. It is possible t... Read more
Affected Products :- Published: Feb. 16, 2026
- Modified: Feb. 16, 2026
- Vuln Type: Misconfiguration
-
7.3
HIGHCVE-2025-68902
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AivahThemes Anona anona allows Path Traversal.This issue affects Anona: from n/a through <= 8.0.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Path Traversal
-
7.3
HIGHCVE-2025-27821
Out-of-bounds Write vulnerability in Apache Hadoop HDFS native client. This issue affects Apache Hadoop: from 3.2.0 before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue.... Read more
Affected Products : hadoop- Published: Jan. 26, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Memory Corruption
-
7.3
HIGHCVE-2025-68904
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jegtheme JNews - Frontend Submit jnews-frontend-submit allows Reflected XSS.This issue affects JNews - Frontend Submit: from n/a through <= 11.0.0.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 28, 2026
- Vuln Type: Cross-Site Scripting
-
7.3
HIGHCVE-2025-69185
Missing Authorization vulnerability in e-plugins Hotel Listing hotel-listing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hotel Listing: from n/a through <= 1.4.2.... Read more
Affected Products : hotel_directory- Published: Jan. 22, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Authorization
-
7.3
HIGHCVE-2025-68906
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jegtheme JNews - Video jnews-video allows Reflected XSS.This issue affects JNews - Video: from n/a through <= 11.0.2.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 28, 2026
- Vuln Type: Cross-Site Scripting
-
7.3
HIGHCVE-2026-2516
A vulnerability was identified in Unidocs ezPDF DRM Reader and ezPDF Reader 2.0/3.0.0.4 on 32-bit. This affects an unknown part in the library SHFOLDER.dll. Such manipulation leads to uncontrolled search path. The attack needs to be performed locally. Att... Read more
Affected Products : ezpdf_reader- Published: Feb. 15, 2026
- Modified: Feb. 15, 2026
- Vuln Type: Misconfiguration
-
7.3
HIGHCVE-2026-24344
Multiple Buffer Overflows in Admin UI of EZCast Pro II version 1.17478.146 allow attackers to cause a program crash and potential remote code execution... Read more
Affected Products :- Published: Jan. 27, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Memory Corruption
-
7.3
HIGHCVE-2026-23960
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.6.17 and 3.7.8, stored XSS in the artifact directory listing allows any workflow author to execute arbitrary JavaScript in... Read more
- Published: Jan. 21, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting
-
7.3
HIGHCVE-2026-23736
seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, due to improper input validation, a malicious object key can lead to prototype pollution during JSON deserializatio... Read more
Affected Products :- Published: Jan. 21, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Misconfiguration
-
7.3
HIGHCVE-2025-69181
Missing Authorization vulnerability in e-plugins Lawyer Directory lawyer-directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lawyer Directory: from n/a through <= 1.3.4.... Read more
Affected Products : lawyer_directory- Published: Jan. 22, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Authorization
-
7.3
HIGHCVE-2026-0776
Discord Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Discord Client. An attacker must first obtain the ability to execute lo... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
-
7.3
HIGHCVE-2025-14560
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized actions on behalf of ... Read more
Affected Products : gitlab- Published: Feb. 11, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Authorization
-
7.3
HIGHCVE-2026-21248
Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 +4 more products- Published: Feb. 10, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Memory Corruption
-
7.3
HIGHCVE-2025-33042
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. This issue affects Apache Avro Java SDK: all versions through 1.11.4 and version 1.12.0. Users ... Read more
Affected Products : avro- Published: Feb. 13, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Injection
-
7.3
HIGHCVE-2026-2538
A security flaw has been discovered in Flos Freeware Notepad2 4.2.22/4.2.23/4.2.24/4.2.25. Affected is an unknown function in the library Msimg32.dll. Performing a manipulation results in uncontrolled search path. Attacking locally is a requirement. The a... Read more
Affected Products :- Published: Feb. 16, 2026
- Modified: Feb. 16, 2026
- Vuln Type: Path Traversal
-
7.3
HIGHCVE-2026-0595
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.9 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to add unauthorized email addresses to victim... Read more
Affected Products : gitlab- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Cross-Site Scripting
-
7.3
HIGHCVE-2026-25156
HotCRP is conference review software. HotCRP versions from October 2025 through January 2026 delivered documents of all types with inline Content-Disposition, causing them to be rendered in the user’s browser rather than downloaded. (The intended behavior... Read more
Affected Products : hotcrp- Published: Jan. 30, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Cross-Site Scripting
-
7.3
HIGHCVE-2026-24925
Heap-based buffer overflow vulnerability in the image module. Impact: Successful exploitation of this vulnerability may affect availability.... Read more
Affected Products : harmonyos- Published: Feb. 06, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Memory Corruption
-
7.3
HIGHCVE-2025-33228
NVIDIA Nsight Systems contains a vulnerability in the gfx_hotspot recipe, where an attacker could cause an OS command injection by supplying a malicious string to the process_nsys_rep_cli.py script if the script is invoked manually. A successful exploit o... Read more
Affected Products : cuda_toolkit- Published: Jan. 20, 2026
- Modified: Feb. 02, 2026
- Vuln Type: Injection