Latest CVE Feed
-
7.5
HIGHCVE-2026-23864
Multiple denial of service vulnerabilities exist in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack. The vulnerabilities are triggered by sending specially crafted H... Read more
Affected Products : react- Published: Jan. 26, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-70957
A Denial of Service (DoS) vulnerability was discovered in the TON Lite Server before v2024.09. The vulnerability arises from the handling of external arguments passed to locally executed "get methods." An attacker can inject a constructed Continuation obj... Read more
Affected Products :- Published: Feb. 13, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2026-2495
The WPNakama – Team and multi-Client Collaboration, Editorial and Project Management plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the '/wp-json/WPNakama/v1/boards' REST API endpoint in all versions up to, and including,... Read more
Affected Products :- Published: Feb. 18, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Injection
-
7.5
HIGHCVE-2026-26316
OpenClaw is a personal AI assistant. Prior to 2026.2.13, the optional BlueBubbles iMessage channel plugin could accept webhook requests as authenticated based only on the TCP peer address being loopback (`127.0.0.1`, `::1`, `::ffff:127.0.0.1`) even when t... Read more
Affected Products : openclaw- Published: Feb. 19, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Authentication
-
7.5
HIGHCVE-2026-21435
webtransport-go is an implementation of the WebTransport protocol. Prior to v0.10.0, an attacker can cause a denial of service in webtransport-go by preventing or indefinitely delaying WebTransport session closure. A malicious peer can withhold QUIC flow ... Read more
Affected Products : webtransport-go- Published: Feb. 12, 2026
- Modified: Feb. 19, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-62349
Salt contains an authentication protocol version downgrade weakness that can allow a malicious minion to bypass newer authentication/security features by using an older request payload format, enabling minion impersonation and circumventing protections in... Read more
Affected Products : salt- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Authentication
-
7.5
HIGHCVE-2025-22453
Improper input validation for some Server Firmware Update Utility(SysFwUpdt) before version 16.0.12 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity att... Read more
Affected Products :- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Injection
-
7.4
HIGHCVE-2025-69822
An issue in Atomberg Atomberg Erica Smart Fan Firmware Version: V1.0.36 allows an attacker to obtain sensitive information and escalate privileges via a crafted deauth frame... Read more
- Published: Jan. 22, 2026
- Modified: Feb. 02, 2026
- Vuln Type: Information Disclosure
-
7.4
HIGHCVE-2025-65098
Typebot is an open-source chatbot builder. In versions prior to 3.13.2, client-side script execution in Typebot allows stealing all stored credentials from any user. When a victim previews a malicious typebot by clicking "Run", JavaScript executes in thei... Read more
Affected Products : typebot- Published: Jan. 22, 2026
- Modified: Jan. 30, 2026
- Vuln Type: Cross-Site Scripting
-
7.4
HIGHCVE-2026-2618
A vulnerability was determined in Beetel 777VR1 up to 01.00.09. This impacts an unknown function of the component SSH Service. This manipulation causes risky cryptographic algorithm. The attack is possible to be carried out remotely. The attack is conside... Read more
- Published: Feb. 17, 2026
- Modified: Feb. 19, 2026
- Vuln Type: Cryptography
-
7.4
HIGHCVE-2025-68136
EVerest is an EV charging software stack. Prior to version 2025.10.0, once the module receives a SDP request, it creates a whole new set of objects like `Session`, `IConnection` which open new TCP socket for the ISO15118-20 communications and registers ca... Read more
Affected Products : everest- Published: Jan. 21, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Memory Corruption
-
7.4
HIGHCVE-2026-24052
Claude Code is an agentic coding tool. Prior to version 1.0.111, Claude Code contained insufficient URL validation in its trusted domain verification mechanism for WebFetch requests. The application used a startsWith() function to validate trusted domains... Read more
Affected Products : claude_code- Published: Feb. 03, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Server-Side Request Forgery
-
7.4
HIGHCVE-2025-68621
Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on building large personal knowledge bases. Prior to 0.101.0, a critical timing attack vulnerability in Trilium's sync authentication endpoint allows unauthen... Read more
Affected Products :- Published: Feb. 06, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Authentication
-
7.4
HIGHCVE-2026-0723
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an individual with existing knowledge of a victim's credential ID to bypass two-factor authen... Read more
Affected Products : gitlab- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authentication
-
7.4
HIGHCVE-2026-21524
Exposure of sensitive information to an unauthorized actor in Azure Data Explorer allows an unauthorized attacker to disclose information over a network.... Read more
Affected Products : azure_data_explorer- Published: Jan. 22, 2026
- Modified: Feb. 03, 2026
-
7.4
HIGHCVE-2026-24123
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to version 1.4.34, BentoML's `bentofile.yaml` configuration allows path traversal attacks through multiple file path fields (`description`, `d... Read more
Affected Products : bentoml- Published: Jan. 26, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Path Traversal
-
7.4
HIGHCVE-2025-33088
IBM Concert 1.0.0 through 2.1.0 could allow a local user with specific knowledge about the system's architecture to escalate their privileges due to incorrect file permissions for critical resources.... Read more
- Published: Feb. 17, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Authorization
-
7.4
HIGHCVE-2025-68134
EVerest is an EV charging software stack. Prior to version 2025.10.0, the use of the `assert` function to handle errors frequently causes the module to crash. This is particularly critical because the manager shuts down all other modules and exits when an... Read more
Affected Products : everest- Published: Jan. 21, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Denial of Service
-
7.4
HIGHCVE-2025-70093
An issue in OpenSourcePOS v3.4.1 allows attackers to execute arbitrary code via returning a crafted AJAX response.... Read more
Affected Products : open_source_point_of_sale- Published: Feb. 13, 2026
- Modified: Feb. 17, 2026
- Vuln Type: Injection
-
7.4
HIGHCVE-2026-21521
Improper neutralization of escape, meta, or control sequences in Copilot allows an unauthorized attacker to disclose information over a network.... Read more
Affected Products : 365_word_copilot- Published: Jan. 22, 2026
- Modified: Feb. 02, 2026