Latest CVE Feed
-
7.4
HIGHCVE-2026-21524
Exposure of sensitive information to an unauthorized actor in Azure Data Explorer allows an unauthorized attacker to disclose information over a network.... Read more
Affected Products : azure_data_explorer- Published: Jan. 22, 2026
- Modified: Feb. 03, 2026
-
7.4
HIGHCVE-2025-65098
Typebot is an open-source chatbot builder. In versions prior to 3.13.2, client-side script execution in Typebot allows stealing all stored credentials from any user. When a victim previews a malicious typebot by clicking "Run", JavaScript executes in thei... Read more
Affected Products : typebot- Published: Jan. 22, 2026
- Modified: Jan. 30, 2026
- Vuln Type: Cross-Site Scripting
-
7.4
HIGHCVE-2026-21932
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: AWT, JavaFX). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21... Read more
- Published: Jan. 20, 2026
- Modified: Jan. 30, 2026
-
7.4
HIGHCVE-2025-68134
EVerest is an EV charging software stack. Prior to version 2025.10.0, the use of the `assert` function to handle errors frequently causes the module to crash. This is particularly critical because the manager shuts down all other modules and exits when an... Read more
Affected Products : everest- Published: Jan. 21, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Denial of Service
-
7.4
HIGHCVE-2026-24052
Claude Code is an agentic coding tool. Prior to version 1.0.111, Claude Code contained insufficient URL validation in its trusted domain verification mechanism for WebFetch requests. The application used a startsWith() function to validate trusted domains... Read more
Affected Products : claude_code- Published: Feb. 03, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Server-Side Request Forgery
-
7.4
HIGHCVE-2026-26214
Galaxy FDS Android SDK (XiaoMi/galaxy-fds-sdk-android) version 3.0.8 and prior disable TLS hostname verification when HTTPS is enabled (the default configuration). In GalaxyFDSClientImpl.createHttpClient(), the SDK configures Apache HttpClient with SSLSoc... Read more
Affected Products :- Published: Feb. 12, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Misconfiguration
-
7.4
HIGHCVE-2026-1707
pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can obse... Read more
- Published: Feb. 05, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Information Disclosure
-
7.3
HIGHCVE-2026-0595
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.9 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to add unauthorized email addresses to victim... Read more
Affected Products : gitlab- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Cross-Site Scripting
-
7.3
HIGHCVE-2026-24045
Docmost is open-source collaborative wiki and documentation software. From g and before 0.25.0, the public share page functionality in Docmost does not properly HTML-escape page titles before inserting them into meta tags and the title tag. This allows St... Read more
Affected Products : docmost- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Cross-Site Scripting
-
7.3
HIGHCVE-2025-67850
A flaw was found in moodle. This vulnerability, known as Cross-Site Scripting (XSS), occurs due to insufficient checks on user-provided data in the formula editor's arithmetic expression fields. A remote attacker could inject malicious code into these fie... Read more
Affected Products : moodle- Published: Feb. 03, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Cross-Site Scripting
-
7.3
HIGHCVE-2025-52541
A DLL hijacking vulnerability in Vivado could allow a local attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Misconfiguration
-
7.3
HIGHCVE-2025-29951
A buffer overflow in the AMD Secure Processor (ASP) bootloader could allow an attacker to overwrite memory, potentially resulting in privilege escalation and arbitrary code execution.... Read more
Affected Products :- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Memory Corruption
-
7.3
HIGHCVE-2026-21248
Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 +4 more products- Published: Feb. 10, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Memory Corruption
-
7.3
HIGHCVE-2026-21235
Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2012_r2 +1 more products- Published: Feb. 10, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Memory Corruption
-
7.3
HIGHCVE-2025-14560
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized actions on behalf of ... Read more
Affected Products : gitlab- Published: Feb. 11, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Authorization
-
7.3
HIGHCVE-2025-67849
A flaw was found in Moodle. This cross-site scripting (XSS) vulnerability, caused by improper sanitization of AI prompt responses, allows attackers to inject malicious HTML or script into web pages. When other users view these compromised pages, their ses... Read more
Affected Products : moodle- Published: Feb. 03, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Cross-Site Scripting
-
7.3
HIGHCVE-2025-69185
Missing Authorization vulnerability in e-plugins Hotel Listing hotel-listing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hotel Listing: from n/a through <= 1.4.2.... Read more
Affected Products : hotel_directory- Published: Jan. 22, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Authorization
-
7.3
HIGHCVE-2025-15545
The backup restore function does not properly validate unexpected or unrecognized tags within the backup file. When such a crafted file is restored, the injected tag is interpreted by a shell, allowing execution of arbitrary commands with root privileges.... Read more
Affected Products :- Published: Jan. 29, 2026
- Modified: Jan. 31, 2026
- Vuln Type: Injection
-
7.3
HIGHCVE-2026-24672
The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting (XSS) vulnerability allows authenticated students to inject malicious JavaScript into user profile fields... Read more
- Published: Feb. 03, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Cross-Site Scripting
-
7.3
HIGHCVE-2025-27821
Out-of-bounds Write vulnerability in Apache Hadoop HDFS native client. This issue affects Apache Hadoop: from 3.2.0 before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue.... Read more
Affected Products : hadoop- Published: Jan. 26, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Memory Corruption