Latest CVE Feed
-
7.1
HIGHCVE-2026-23976
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Chill Modula Image Gallery modula-best-grid-gallery allows Stored XSS.This issue affects Modula Image Gallery: from n/a through <= 2.13.4.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2025-55131
A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the `vm` module with the timeout option. Under specific timing conditions, buffers allocated with `Buffer.alloc` and other `TypedArray... Read more
Affected Products : node.js- Published: Jan. 20, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Memory Corruption
-
7.1
HIGHCVE-2025-69054
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in highwarden Super Logos Showcase superlogoshowcase-wp allows Reflected XSS.This issue affects Super Logos Showcase: from n/a through <= 2.8.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2025-67949
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designingmedia Hostiko hostiko allows Reflected XSS.This issue affects Hostiko: from n/a through < 94.3.6.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2025-71178
Crucial Storage Executive installer versions prior to 11.08.082025.00 contain a DLL preloading vulnerability. During installation, the installer runs with elevated privileges and loads Windows DLLs using an uncontrolled search path, which can cause a mali... Read more
Affected Products :- Published: Jan. 26, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Misconfiguration
-
7.1
HIGHCVE-2025-68008
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mndpsingh287 WP Mail wp-mail allows Reflected XSS.This issue affects WP Mail: from n/a through <= 1.3.... Read more
Affected Products : wp_mail- Published: Jan. 22, 2026
- Modified: Jan. 28, 2026
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2025-69056
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e-plugins Hotel Listing hotel-listing allows Reflected XSS.This issue affects Hotel Listing: from n/a through <= 1.4.0.... Read more
Affected Products : hotel_directory- Published: Jan. 22, 2026
- Modified: Jan. 28, 2026
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2020-36968
M/Monit 3.7.4 contains an authentication vulnerability that allows authenticated attackers to retrieve user password hashes through an administrative API endpoint. Attackers can send requests to the /api/1/admin/users/list and /api/1/admin/users/get endpo... Read more
Affected Products : m\/monit- Published: Jan. 28, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Authentication
-
7.1
HIGHCVE-2026-22355
Cross-Site Request Forgery (CSRF) vulnerability in gregmolnar Simple XML Sitemap simple-xml-sitemap allows Stored XSS.This issue affects Simple XML Sitemap: from n/a through <= 1.3.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Cross-Site Request Forgery
-
7.1
HIGHCVE-2020-37105
PMB 5.6 contains a SQL injection vulnerability in the administration download script that allows authenticated attackers to execute arbitrary SQL commands through the 'logid' parameter. Attackers can leverage this vulnerability by sending crafted requests... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Injection
-
7.1
HIGHCVE-2025-12679
A vulnerability in Brocade SANnav before 2.4.0b prints the Password-Based Encryption (PBE) key in plaintext in the system audit log file. The vulnerability could allow a remote authenticated attacker with access to the audit logs to access the pbe key.... Read more
- Published: Feb. 02, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Information Disclosure
-
7.1
HIGHCVE-2025-68839
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Remi Corson Easy Theme Options easy-theme-options allows Reflected XSS.This issue affects Easy Theme Options: from n/a through <= 1.0.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2025-11142
The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account.... Read more
Affected Products : axis_os- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Injection
-
7.1
HIGHCVE-2020-37005
TimeClock Software 1.01 contains an authenticated time-based SQL injection vulnerability that allows attackers to enumerate valid usernames by manipulating the 'notes' parameter. Attackers can inject conditional time delays in the add_entry.php endpoint t... Read more
Affected Products :- Published: Jan. 29, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Injection
-
7.1
HIGHCVE-2025-69003
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QantumThemes KenthaRadio qt-kentharadio allows Reflected XSS.This issue affects KenthaRadio: from n/a through <= 2.2.0.... Read more
Affected Products : kentharadio- Published: Jan. 22, 2026
- Modified: Jan. 28, 2026
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2025-67952
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Tour grandtour allows Reflected XSS.This issue affects Grand Tour: from n/a through < 5.6.2.... Read more
Affected Products : grand_tour- Published: Jan. 22, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2025-67943
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Reflected XSS.This issue affects My auctions allegro: from n/a through <= 3.6.32.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 28, 2026
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2025-68835
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in matiskiba Ravpage ravpage allows Reflected XSS.This issue affects Ravpage: from n/a through <= 2.33.... Read more
Affected Products : ravpage- Published: Jan. 22, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2025-54373
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.0.4 have a vulnerability where sensitive data is unintentionally revealed to unauthorized parties. Contents of Clinical Notes and ... Read more
Affected Products : openemr- Published: Jan. 28, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Authorization
-
7.1
HIGHCVE-2026-20611
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. ... Read more
- Published: Feb. 11, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Memory Corruption