Latest CVE Feed
-
9.8
CRITICALCVE-2026-22585
Use of a Broken or Risky Cryptographic Algorithm vulnerability in Salesforce Marketing Cloud Engagement (CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, View As Webpage modules) allows Web Services Protocol Manipulation... Read more
Affected Products :- Published: Jan. 24, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cryptography
-
9.8
CRITICALCVE-2026-22852
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client when processing Audio Input (AUDIN) format lists. audin_process_formats reuses callback... Read more
Affected Products : freerdp- Published: Jan. 14, 2026
- Modified: Jan. 20, 2026
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2022-50905
e107 CMS version 3.2.1 contains multiple vulnerabilities that allow cross-site scripting (XSS) attacks. The first vulnerability is a reflected XSS that occurs in the news comment functionality when authenticated users interact with the comment form. An at... Read more
Affected Products : e107- Published: Jan. 13, 2026
- Modified: Jan. 21, 2026
- Vuln Type: Cross-Site Scripting
-
9.8
CRITICALCVE-2021-47875
GeoGebra CAS Calculator 6.0.631.0 contains a denial of service vulnerability that allows attackers to crash the application by generating a large buffer overflow. Attackers can create a payload with 8000 repeated characters and paste it into the calculato... Read more
Affected Products :- Published: Jan. 21, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Denial of Service
-
9.8
CRITICALCVE-2026-1119
A flaw has been found in itsourcecode Society Management System 1.0. The affected element is an unknown function of the file /admin/delete_activity.php. Executing a manipulation of the argument activity_id can lead to sql injection. It is possible to laun... Read more
Affected Products : society_management_system- Published: Jan. 18, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2026-1122
A vulnerability was determined in Yonyou KSOA 9.0. This impacts an unknown function of the file /worksheet/work_info.jsp of the component HTTP GET Parameter Handler. This manipulation of the argument ID causes sql injection. The attack may be initiated re... Read more
Affected Products : ksoa- Published: Jan. 18, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2026-0906
Incorrect security UI in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)... Read more
- Published: Jan. 20, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Information Disclosure
-
9.8
CRITICALCVE-2026-23534
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the ClearCodec bands decode path when crafted band coordinates allow writes past the end of the destination surface buff... Read more
Affected Products : freerdp- Published: Jan. 19, 2026
- Modified: Jan. 28, 2026
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2026-22582
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement (MicrositeUrl module) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: befor... Read more
Affected Products :- Published: Jan. 24, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2026-22583
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement (CloudPagesUrl module) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: befo... Read more
Affected Products :- Published: Jan. 24, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-69052
Missing Authorization vulnerability in FmeAddons Registration & Login with Mobile Phone Number for WooCommerce registration-login-with-mobile-phone-number allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Registrat... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2026-22854
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap-buffer-overflow occurs in drive read when a server-controlled read length is used to read file data into an IRP output stream buffer without a hard upper bound, allow... Read more
Affected Products : freerdp- Published: Jan. 14, 2026
- Modified: Jan. 20, 2026
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-65482
An XML External Entity (XXE) vulnerability in opensagres XDocReport v0.9.2 to v2.0.3 allows attackers to execute arbitrary code via uploading a crafted .docx file.... Read more
Affected Products : xdocreport- Published: Jan. 20, 2026
- Modified: Feb. 03, 2026
- Vuln Type: XML External Entity
-
9.8
CRITICALCVE-2026-0769
Langflow eval_custom_component_code Eval Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerabilit... Read more
Affected Products : langflow- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
-
9.8
CRITICALCVE-2026-0759
Katana Network Development Starter Kit executeCommand Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Katana Network Development Starter Kit. Authenti... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
-
9.8
CRITICALCVE-2025-69270
Information Exposure Through Query Strings in GET Request vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Session Hijacking.This issue affects DX NetOps Spectrum: 24.3.8 and earlier.... Read more
- Published: Jan. 12, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Information Disclosure
-
9.8
CRITICALCVE-2026-0920
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Administrative User Creation in all versions up to, and including, 1.5.6.3. This is due to the 'ajax_register_handle' function not restricting what user roles a user can registe... Read more
Affected Products : element_kit_for_elementor- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2026-22871
GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, there is a path traversal vulnerability exists in GuardDog's safe_extract() function that allows malicious PyPI packages to write arbitrary files outside the intended extraction d... Read more
Affected Products : guarddog- Published: Jan. 13, 2026
- Modified: Jan. 21, 2026
- Vuln Type: Path Traversal
-
9.8
CRITICALCVE-2025-68670
xrdp is an open source RDP server. xrdp before v0.10.5 contains an unauthenticated stack-based buffer overflow vulnerability. The issue stems from improper bounds checking when processing user domain information during the connection sequence. If exploite... Read more
- Published: Jan. 27, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2026-21227
Improper limitation of a pathname to a restricted directory ('path traversal') in Azure Logic Apps allows an unauthorized attacker to elevate privileges over a network.... Read more
Affected Products : azure_logic_apps- Published: Jan. 22, 2026
- Modified: Feb. 03, 2026