Latest CVE Feed
-
9.8
CRITICALCVE-2020-36967
Zortam Mp3 Media Studio 27.60 contains a buffer overflow vulnerability in the library creation file selection process that allows remote code execution. Attackers can craft a malicious text file with shellcode to trigger a structured exception handler (SE... Read more
Affected Products :- Published: Jan. 28, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2026-23519
RustCrypto CMOV provides conditional move CPU intrinsics which are guaranteed on major platforms to execute in constant-time and not be rewritten as branches by the compiler. Prior to 0.4.4, the thumbv6m-none-eabi (Cortex M0, M0+ and M1) compiler emits no... Read more
Affected Products : cmov- Published: Jan. 15, 2026
- Modified: Jan. 23, 2026
- Vuln Type: Cryptography
-
9.8
CRITICALCVE-2026-2195
A vulnerability has been found in code-projects Online Reviewer System 1.0. This vulnerability affects unknown code of the file /system/system/admins/assessments/pretest/questions-view.php. The manipulation of the argument ID leads to sql injection. The a... Read more
Affected Products : online_reviewer_system- Published: Feb. 09, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-54003
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Depot depot allows PHP Local File Inclusion.This issue affects Depot: from n/a through <= 1.16.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-64087
A Server-Side Template Injection (SSTI) vulnerability in the FreeMarker component of opensagres XDocReport v1.0.0 to v2.1.0 allows attackers to execute arbitrary code via injecting crafted template expressions.... Read more
Affected Products : xdocreport- Published: Jan. 20, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2026-1324
A vulnerability was identified in Sangfor Operation and Maintenance Management System up to 3.0.12. Affected by this issue is the function SessionController of the file /isomp-protocol/protocol/session of the component SSH Protocol Handler. The manipulati... Read more
Affected Products : operation_and_maintenance_security_management_system- Published: Jan. 22, 2026
- Modified: Jan. 30, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2026-24436
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) do not enforce rate limiting or account lockout mechanisms on authentication endpoints. This allows attackers to perform unrestricted brute-force attempts against administrativ... Read more
- Published: Jan. 26, 2026
- Modified: Jan. 28, 2026
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2026-22249
Docmost is an open-source collaborative wiki and documentation software. From 0.21.0 to before 0.24.0, Docmost is vulnerable to Arbitrary File Write via Zip Import Feature (ZipSlip). In apps/server/src/integrations/import/utils/file.utils.ts, there are no... Read more
Affected Products : docmost- Published: Jan. 15, 2026
- Modified: Jan. 22, 2026
- Vuln Type: Path Traversal
-
9.8
CRITICALCVE-2026-24306
Improper access control in Azure Front Door (AFD) allows an unauthorized attacker to elevate privileges over a network.... Read more
Affected Products : azure_front_door- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
-
9.8
CRITICALCVE-2026-1535
A security vulnerability has been detected in code-projects Online Music Site 1.0. This impacts an unknown function of the file /Administrator/PHP/AdminReply.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the at... Read more
Affected Products : online_music_site- Published: Jan. 28, 2026
- Modified: Feb. 02, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2026-1414
A vulnerability was determined in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This impacts the function getInformation of the file /equipment/get_Information of the component HTTP POST Request Handler. Executing a manipulati... Read more
Affected Products : operation_and_maintenance_security_management_system- Published: Jan. 26, 2026
- Modified: Jan. 30, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2026-2158
A vulnerability was detected in code-projects Student Web Portal 1.0. This impacts an unknown function of the file /check_user.php. Performing a manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely... Read more
Affected Products : student_web_portal- Published: Feb. 08, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2026-1422
A vulnerability was found in code-projects Online Examination System 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php of the component Login Page. Performing a manipulation of the argument User results in sql injectio... Read more
Affected Products : online_examination_system- Published: Jan. 26, 2026
- Modified: Jan. 28, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2026-2196
A vulnerability was found in code-projects Online Reviewer System 1.0. This issue affects some unknown processing of the file /system/system/admins/assessments/pretest/exam-update.php. The manipulation of the argument test_id results in sql injection. The... Read more
Affected Products : online_reviewer_system- Published: Feb. 09, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2026-0760
Foundation Agents MetaGPT deserialize_message Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foundation Agents MetaGPT. Authenticatio... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
-
9.8
CRITICALCVE-2026-0770
Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required ... Read more
Affected Products : langflow- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2026-1130
A flaw has been found in Yonyou KSOA 9.0. This issue affects some unknown processing of the file /worksheet/worksadd_plan.jsp of the component HTTP GET Parameter Handler. This manipulation of the argument ID causes sql injection. It is possible to initiat... Read more
Affected Products : ksoa- Published: Jan. 19, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2026-2174
A security flaw has been discovered in code-projects Contact Management System 1.0. This affects an unknown part of the component CRUD Endpoint. The manipulation of the argument ID results in improper authentication. The attack may be launched remotely.... Read more
Affected Products : contact_management_system- Published: Feb. 08, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-62581
Delta Electronics DIAView has multiple vulnerabilities.... Read more
Affected Products : diaview- Published: Jan. 16, 2026
- Modified: Jan. 20, 2026
-
9.8
CRITICALCVE-2025-66417
GLPI is a free asset and IT management software package. From 11.0.0, < 11.0.3, an unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fixed in 11.0.3.... Read more
Affected Products : glpi- Published: Jan. 15, 2026
- Modified: Jan. 21, 2026
- Vuln Type: Injection