Latest CVE Feed
-
9.8
CRITICALCVE-2020-37052
AirControl 1.4.2 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through malicious Java expression injection. Attackers can exploit the /.seam endpoint by craftin... Read more
Affected Products :- Published: Jan. 30, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2023-54330
Inbit Messenger versions 4.6.0 to 4.9.0 contain a remote stack-based buffer overflow vulnerability that allows unauthenticated attackers to execute arbitrary code by sending malformed network packets. Attackers can craft a specially designed payload targe... Read more
Affected Products : inbit_messenger- Published: Jan. 13, 2026
- Modified: Jan. 30, 2026
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2026-22584
Improper Control of Generation of Code ('Code Injection') vulnerability in Salesforce Uni2TS on MacOS, Windows, Linux allows Leverage Executable Code in Non-Executable Files.This issue affects Uni2TS: through 1.2.0.... Read more
Affected Products : uni2ts- Published: Jan. 09, 2026
- Modified: Jan. 22, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2026-22586
Hard-coded Cryptographic Key vulnerability in Salesforce Marketing Cloud Engagement (CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, View As Webpage modules) allows Web Services Protocol Manipulation. This issue affects... Read more
Affected Products :- Published: Jan. 24, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cryptography
-
9.8
CRITICALCVE-2026-1534
A weakness has been identified in code-projects Online Music Site 1.0. This affects an unknown function of the file /Administrator/PHP/AdminEditUser.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remo... Read more
Affected Products : online_music_site- Published: Jan. 28, 2026
- Modified: Feb. 02, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2023-54339
Webgrind 1.1 contains a remote command execution vulnerability that allows unauthenticated attackers to inject OS commands via the dataFile parameter in index.php. Attackers can execute arbitrary system commands by manipulating the dataFile parameter, suc... Read more
Affected Products : webgrind- Published: Jan. 13, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2026-22249
Docmost is an open-source collaborative wiki and documentation software. From 0.21.0 to before 0.24.0, Docmost is vulnerable to Arbitrary File Write via Zip Import Feature (ZipSlip). In apps/server/src/integrations/import/utils/file.utils.ts, there are no... Read more
Affected Products : docmost- Published: Jan. 15, 2026
- Modified: Jan. 22, 2026
- Vuln Type: Path Traversal
-
9.8
CRITICALCVE-2025-56590
An issue was discovered in the InsertFromURL() function of the Apryse HTML2PDF SDK thru 11.10. This vulnerability could allow an attacker to execute arbitrary operating system commands on the local server.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2022-50922
Audio Conversion Wizard v2.01 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory with a specially crafted registration code. Attackers can generate a payload that overwrites the application's mem... Read more
Affected Products :- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2021-47774
Kingdia CD Extractor 3.0.2 contains a buffer overflow vulnerability in the registration name field that allows attackers to execute arbitrary code. Attackers can craft a malicious payload exceeding 256 bytes to overwrite Structured Exception Handler and g... Read more
Affected Products :- Published: Jan. 15, 2026
- Modified: Jan. 16, 2026
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-69991
phpgurukul News Portal Project V4.1 is vulnerable to SQL Injection in check_availablity.php.... Read more
Affected Products : news_portal- Published: Jan. 13, 2026
- Modified: Jan. 16, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-50003
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Amuli amuli allows PHP Local File Inclusion.This issue affects Amuli: from n/a through <= 2.3.0.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Path Traversal
-
9.8
CRITICALCVE-2023-7334
Changjetong T+ versions up to and including 16.x contain a .NET deserialization vulnerability in an AjaxPro endpoint that can lead to remote code execution. A remote attacker can send a crafted request to /tplus/ajaxpro/Ufida.T.CodeBehind._PriorityLevel,A... Read more
Affected Products : t\+- Published: Jan. 15, 2026
- Modified: Jan. 23, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-47855
An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in Fortinet FortiFone 7.0.0 through 7.0.1, FortiFone 3.0.13 through 3.0.23 allows an unauthenticated attacker to obtain the device configuration via crafted HTTP or HTTP... Read more
Affected Products :- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Information Disclosure
-
9.8
CRITICALCVE-2026-22213
RIOT OS versions up to and including 2026.01-devel-317 contain a stack-based buffer overflow vulnerability in the tapslip6 utility. The vulnerability is caused by unsafe string concatenation in the devopen() function, which constructs a device path using ... Read more
Affected Products : riot- Published: Jan. 12, 2026
- Modified: Jan. 21, 2026
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2021-47781
Cmder Console Emulator 1.3.18 contains a buffer overflow vulnerability that allows attackers to trigger a denial of service condition through a maliciously crafted .cmd file. Attackers can create a specially constructed .cmd file with repeated characters ... Read more
Affected Products :- Published: Jan. 15, 2026
- Modified: Jan. 16, 2026
- Vuln Type: Denial of Service
-
9.8
CRITICALCVE-2026-24830
Integer Overflow or Wraparound vulnerability in Ralim IronOS.This issue affects IronOS: before v2.23-rc2.... Read more
Affected Products :- Published: Jan. 27, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2026-24531
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Prowess prowess allows PHP Local File Inclusion.This issue affects Prowess: from n/a through <= 2.3.... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Path Traversal
-
9.8
CRITICALCVE-2025-62581
Delta Electronics DIAView has multiple vulnerabilities.... Read more
Affected Products : diaview- Published: Jan. 16, 2026
- Modified: Jan. 20, 2026
-
9.8
CRITICALCVE-2020-37124
B64dec 1.1.2 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) with crafted input. Attackers can leverage an egg hunter technique and carefully constructed payload to... Read more
Affected Products :- Published: Feb. 05, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Memory Corruption