Latest CVE Feed
-
7.0
HIGHCVE-2026-1227
CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause unauthorized disclosure of local files, interaction within the EBO system, or denial of service conditions when a local user uploads a specially crafted T... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 11, 2026
- Vuln Type: XML External Entity
-
7.0
HIGHCVE-2025-13905
CWE-276: Incorrect Default Permissions vulnerability exists that could cause privilege escalation through the reverse shell when one or more executable service binaries are modified in the installation folder by a local user with normal privilege upon s... Read more
Affected Products : ecostruxure_process_expert- Published: Jan. 29, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Authorization
-
7.0
HIGHCVE-2026-21517
Improper link resolution before file access ('link following') in Windows App for Mac allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_app_for_mac- Published: Feb. 10, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Path Traversal
-
7.0
HIGHCVE-2026-0714
A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an SPI bus. Exploitation requires invasive physical acces... Read more
Affected Products :- Published: Feb. 05, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Cryptography
-
7.0
HIGHCVE-2024-36320
Integer Overflow within atihdwt6.sys can allow a local attacker to cause out of bound read/write potentially leading to loss of confidentiality, integrity and availability... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Memory Corruption
-
7.0
HIGHCVE-2026-21237
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.... Read more
- Published: Feb. 10, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Race Condition
-
7.0
HIGHCVE-2026-1498
An LDAP Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from a connected LDAP authentication server through an exposed authentication or management web interface. This vulnera... Read more
Affected Products : fireware_os- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Injection
-
7.0
HIGHCVE-2025-59104
With physical access to the device and enough time an attacker is able to solder test leads to the debug footprint (or use the 6-Pin tag-connect cable). Thus, the attacker gains access to the bootloader, where the kernel command line can be changed. An at... Read more
Affected Products :- Published: Jan. 26, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authentication
-
7.0
HIGHCVE-2025-14295
Storing Passwords in a Recoverable Format vulnerability in Automated Logic WebCTRL on Windows, Carrier i-Vu on Windows. Storing Passwords in a Recoverable Format vulnerability (CWE-257) in the Web session management component allows an attacker to access ... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cryptography
-
7.0
HIGHCVE-2026-21508
Improper authentication in Windows Storage allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 +6 more products- Published: Feb. 10, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Authentication
-
7.0
HIGHCVE-2025-59105
With physical access to the device and enough time an attacker can desolder the flash memory, modify it and then reinstall it because of missing encryption. Thus, essential files, such as "/etc/passwd", as well as stored certificates, cryptographic keys, ... Read more
Affected Products :- Published: Jan. 26, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cryptography
-
7.0
HIGHCVE-2026-25087
Use After Free vulnerability in Apache Arrow C++. This issue affects Apache Arrow C++ from 15.0.0 through 23.0.0. It can be triggered when reading an Arrow IPC file (but not an IPC stream) with pre-buffering enabled, if the IPC file contains data with va... Read more
Affected Products :- Published: Feb. 17, 2026
- Modified: Feb. 17, 2026
- Vuln Type: Memory Corruption
-
7.0
HIGHCVE-2025-13917
WSS Agent, prior to 9.8.5, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from ... Read more
Affected Products :- Published: Jan. 28, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Authorization
-
7.0
HIGHCVE-2026-21242
Use after free in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.... Read more
- Published: Feb. 10, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Memory Corruption
-
7.0
HIGHCVE-2026-21253
Use after free in Mailslot File System allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 +6 more products- Published: Feb. 10, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Memory Corruption
-
7.0
HIGHCVE-2025-11002
7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerabilit... Read more
Affected Products : 7-zip- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Path Traversal
-
7.0
HIGHCVE-2026-21939
Vulnerability in the SQLcl component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.0. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where SQLcl executes to compromis... Read more
- Published: Jan. 20, 2026
- Modified: Jan. 29, 2026
-
7.0
HIGHCVE-2026-0775
npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged co... Read more
Affected Products : npm- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
-
7.0
HIGHCVE-2025-10279
In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions (0o777). This vulnerability allows an attacker with write access to the `/tmp` directory to exploit a race cond... Read more
Affected Products : mlflow- Published: Feb. 02, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Race Condition
-
6.9
MEDIUMCVE-2026-24818
Out-of-bounds Read vulnerability in praydog UEVR (dependencies/lua/src modules). This vulnerability is associated with program files lparser.C. This issue affects UEVR: before 1.05.... Read more
Affected Products :- Published: Jan. 27, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Memory Corruption