Latest CVE Feed
-
7.2
HIGHCVE-2025-15312
Tanium addressed an improper output sanitization vulnerability in Tanium Appliance.... Read more
- Published: Feb. 05, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Information Disclosure
-
7.2
HIGHCVE-2026-23896
immich is a high performance self-hosted photo and video management solution. Prior to version 2.5.0, API keys can escalate their own permissions by calling the update endpoint, allowing a low-privilege API key to grant itself full administrative access t... Read more
Affected Products :- Published: Jan. 29, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Authorization
-
7.2
HIGHCVE-2019-25379
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains stored and reflected cross-site scripting vulnerabilities in the urlfilter.cgi endpoint that allow attackers to inject malicious scripts. Attackers can submit POST requests with script payloads in t... Read more
- Published: Feb. 16, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2026-25565
WeKan versions prior to 8.19 contain an authorization vulnerability where certain card update API paths validate only board read access rather than requiring write permission. This can allow users with read-only roles to perform card updates that should r... Read more
Affected Products : wekan- Published: Feb. 07, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authorization
-
7.1
HIGHCVE-2026-25503
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, type confusion allowed malformed ICC profiles to trigger undefined behavior when loading... Read more
Affected Products : iccdev- Published: Feb. 03, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Denial of Service
-
7.1
HIGHCVE-2020-37112
GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through unvalidated parameters. Attackers can exploit the 'month' parameter in the agenda module and other endpoints t... Read more
Affected Products : open_eclass_platform- Published: Feb. 03, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Injection
-
7.1
HIGHCVE-2026-24915
Out-of-bounds read issue in the media subsystem. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.... Read more
Affected Products : harmonyos- Published: Feb. 06, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Memory Corruption
-
7.1
HIGHCVE-2019-25299
RimbaLinux AhadPOS 1.11 contains a SQL injection vulnerability in the 'alamatCustomer' parameter that allows attackers to manipulate database queries through crafted POST requests. Attackers can exploit time-based and boolean-based blind SQL injection tec... Read more
Affected Products :- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Injection
-
7.1
HIGHCVE-2025-59902
HTML injection vulnerability in NICE Chat. This vulnerability allows an attacker to inject and render arbitrary HTML content in email transcripts by modifying the 'firstName' and 'lastName' parameters during a chat session. The injected HTML is included i... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2026-24902
TrustTunnel is an open-source VPN protocol with a server-side request forgery and and private network restriction bypass in versions prior to 0.9.114. In `tcp_forwarder.rs`, SSRF protection for `allow_private_network_connections = false` was only applied ... Read more
Affected Products : trusttunnel- Published: Jan. 29, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Server-Side Request Forgery
-
7.1
HIGHCVE-2026-25612
The internal locking mechanism of the MongoDB server uses an internal encoding of the resources in order to choose what lock to take. Collections may inadvertently collide with one another in this representation causing unavailability between them due to ... Read more
Affected Products : mongodb- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Denial of Service
-
7.1
HIGHCVE-2026-1847
Inserting certain large documents into a replica set could lead to replica set secondaries not being able to fetch the oplog from the primary. This could stall replication inside the replica set leading to server crash.... Read more
Affected Products : mongodb- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Denial of Service
-
7.1
HIGHCVE-2026-1849
MongoDB Server may experience an out-of-memory failure while evaluating expressions that produce deeply nested documents. The issue arises in recursive functions because the server does not periodically check the depth of the expression.... Read more
Affected Products : mongodb- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Denial of Service
-
7.1
HIGHCVE-2019-25298
html5_snmp 1.11 contains multiple SQL injection vulnerabilities that allow attackers to manipulate database queries through Router_ID and Router_IP parameters. Attackers can exploit error-based, time-based, and union-based injection techniques to potentia... Read more
Affected Products :- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Injection
-
7.1
HIGHCVE-2026-25610
An authorized user may trigger a server crash by running a $geoNear pipeline with certain invalid index hints.... Read more
Affected Products : mongodb- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Denial of Service
-
7.1
HIGHCVE-2026-25613
An authorized user may disable the MongoDB server by issuing a query against a collection that contains an invalid compound wildcard index.... Read more
Affected Products : mongodb- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Misconfiguration
-
7.1
HIGHCVE-2026-25155
Qwik is a performance focused javascript framework. Prior to version 1.12.0, a typo in the regular expression within isContentType causes incorrect parsing of certain Content-Type headers. This issue has been patched in version 1.12.0.... Read more
Affected Products : qwik- Published: Feb. 03, 2026
- Modified: Feb. 10, 2026
-
7.1
HIGHCVE-2025-67960
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in purethemes WorkScout-Core workscout-core allows Reflected XSS.This issue affects WorkScout-Core: from n/a through <= 1.7.06.... Read more
Affected Products : workscout_core- Published: Jan. 22, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2026-24431
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) display stored user account passwords in plaintext within the administrative web interface. Any user with access to the affected management pages can directly view credentials.... Read more
- Published: Jan. 26, 2026
- Modified: Jan. 28, 2026
- Vuln Type: Information Disclosure
-
7.1
HIGHCVE-2020-37154
eLection 2.0 contains an authenticated SQL injection vulnerability in the candidate management endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can leverage SQLMap to exploit the vulnerability, potentiall... Read more
Affected Products :- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Injection