Latest CVE Feed
-
7.4
HIGHCVE-2026-1707
pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can obse... Read more
- Published: Feb. 05, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Information Disclosure
-
7.4
HIGHCVE-2025-68141
EVerest is an EV charging software stack. Prior to version 2025.10.0, during the deserialization of a `DC_ChargeLoopRes` message that includes Receipt as well as TaxCosts, the vector `<DetailedTax>tax_costs` in the target `Receipt` structure is accessed o... Read more
Affected Products : everest- Published: Jan. 21, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Memory Corruption
-
7.4
HIGHCVE-2026-25478
Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to 2.20.0, CORSConfig.allowed_origins_regex is constructed using a regex built from configured allowlist values and used with fullmatch() for validation. Because metacharacters a... Read more
Affected Products : litestar- Published: Feb. 09, 2026
- Modified: Feb. 17, 2026
- Vuln Type: Information Disclosure
-
7.4
HIGHCVE-2025-69822
An issue in Atomberg Atomberg Erica Smart Fan Firmware Version: V1.0.36 allows an attacker to obtain sensitive information and escalate privileges via a crafted deauth frame... Read more
- Published: Jan. 22, 2026
- Modified: Feb. 02, 2026
- Vuln Type: Information Disclosure
-
7.4
HIGHCVE-2025-68133
EVerest is an EV charging software stack. In versions 2025.9.0 and below, an attacker can exhaust the operating system's memory and cause the module to terminate by initiating an unlimited number of TCP connections that never proceed to ISO 15118-2 commun... Read more
Affected Products : everest- Published: Jan. 21, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Denial of Service
-
7.4
HIGHCVE-2025-33088
IBM Concert 1.0.0 through 2.1.0 could allow a local user with specific knowledge about the system's architecture to escalate their privileges due to incorrect file permissions for critical resources.... Read more
- Published: Feb. 17, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Authorization
-
7.3
HIGHCVE-2026-2538
A security flaw has been discovered in Flos Freeware Notepad2 4.2.22/4.2.23/4.2.24/4.2.25. Affected is an unknown function in the library Msimg32.dll. Performing a manipulation results in uncontrolled search path. Attacking locally is a requirement. The a... Read more
Affected Products :- Published: Feb. 16, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Path Traversal
-
7.3
HIGHCVE-2026-21247
Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 +4 more products- Published: Feb. 10, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Injection
-
7.3
HIGHCVE-2026-21244
Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 +4 more products- Published: Feb. 10, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Memory Corruption
-
7.3
HIGHCVE-2026-21248
Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 +4 more products- Published: Feb. 10, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Memory Corruption
-
7.3
HIGHCVE-2026-2516
A vulnerability was identified in Unidocs ezPDF DRM Reader and ezPDF Reader 2.0/3.0.0.4 on 32-bit. This affects an unknown part in the library SHFOLDER.dll. Such manipulation leads to uncontrolled search path. The attack needs to be performed locally. Att... Read more
Affected Products : ezpdf_reader- Published: Feb. 15, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Misconfiguration
-
7.3
HIGHCVE-2025-14340
Cross-site scripting in REST Management Interface in Payara Server <4.1.2.191.54, <5.83.0, <6.34.0, <7.2026.1 allows an attacker to mislead the administrator to change the admin password via URL Payload.... Read more
Affected Products :- Published: Feb. 18, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Cross-Site Scripting
-
7.3
HIGHCVE-2026-2542
A weakness has been identified in Total VPN 0.5.29.0 on Windows. Affected by this vulnerability is an unknown functionality of the file C:\Program Files\Total VPN\win-service.exe. Executing a manipulation can lead to unquoted search path. It is possible t... Read more
Affected Products :- Published: Feb. 16, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Misconfiguration
-
7.3
HIGHCVE-2025-69192
Missing Authorization vulnerability in e-plugins Real Estate Pro real-estate-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Real Estate Pro: from n/a through <= 2.1.5.... Read more
Affected Products : real_estate_pro- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authorization
-
7.3
HIGHCVE-2025-69185
Missing Authorization vulnerability in e-plugins Hotel Listing hotel-listing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hotel Listing: from n/a through <= 1.4.2.... Read more
Affected Products : hotel_directory- Published: Jan. 22, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Authorization
-
7.3
HIGHCVE-2025-69191
Missing Authorization vulnerability in e-plugins ListingHub listinghub allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ListingHub: from n/a through <= 1.2.7.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authorization
-
7.3
HIGHCVE-2026-0776
Discord Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Discord Client. An attacker must first obtain the ability to execute lo... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
-
7.3
HIGHCVE-2026-24344
Multiple Buffer Overflows in Admin UI of EZCast Pro II version 1.17478.146 allow attackers to cause a program crash and potential remote code execution... Read more
Affected Products :- Published: Jan. 27, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Memory Corruption
-
7.3
HIGHCVE-2024-11976
The The BuddyPress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 14.3.3. This is due to the software allowing users to execute an action that does not properly validate a value before running do_... Read more
Affected Products : buddypress- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Injection
-
7.3
HIGHCVE-2025-69048
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Universal Video Player universal-video-player allows Reflected XSS.This issue affects Universal Video Player: from n/a through <= 3.8.4.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 28, 2026
- Vuln Type: Cross-Site Scripting