Latest CVE Feed
-
9.8
CRITICALCVE-2026-2090
A vulnerability was determined in SourceCodester Online Class Record System 1.0. This issue affects some unknown processing of the file /admin/message/search.php. Executing a manipulation of the argument term can lead to sql injection. The attack can be e... Read more
Affected Products : online_class_record_system- Published: Feb. 07, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2020-36967
Zortam Mp3 Media Studio 27.60 contains a buffer overflow vulnerability in the library creation file selection process that allows remote code execution. Attackers can craft a malicious text file with shellcode to trigger a structured exception handler (SE... Read more
Affected Products :- Published: Jan. 28, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2026-23884
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, offscreen bitmap deletion leaves `gdi->drawing` pointing to freed memory, causing UAF when related update packets arrive. A malicious server can trigger a client‑sid... Read more
Affected Products : freerdp- Published: Jan. 19, 2026
- Modified: Jan. 28, 2026
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2026-23524
Laravel Reverb provides a real-time WebSocket communication backend for Laravel applications. In versions 1.6.3 and below, Reverb passes data from the Redis channel directly into PHP’s unserialize() function without restricting which classes can be instan... Read more
Affected Products : laravel- Published: Jan. 21, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2020-37027
Sickbeard alpha contains a remote command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands through the extra scripts configuration. Attackers can set malicious commands in the extra scripts field and trigger proc... Read more
Affected Products :- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-15467
Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code executio... Read more
Affected Products : openssl- Published: Jan. 27, 2026
- Modified: Feb. 02, 2026
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2020-36962
Tendenci 12.3.1 contains a CSV formula injection vulnerability in the contact form message field that allows attackers to inject malicious formulas during export. Attackers can submit crafted payloads like '=10+20+cmd|' /C calc'!A0' in the message field t... Read more
Affected Products : tendenci- Published: Jan. 28, 2026
- Modified: Feb. 02, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2026-1021
Police Statistics Database System developed by Gotac has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attacker to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.... Read more
Affected Products : police_statistics_database_system- Published: Jan. 16, 2026
- Modified: Jan. 23, 2026
- Vuln Type: Misconfiguration
-
9.8
CRITICALCVE-2021-47755
Oliver Library Server v5 contains a file download vulnerability that allows unauthenticated attackers to access arbitrary system files through unsanitized input in the FileServlet endpoint. Attackers can exploit the vulnerability by manipulating the 'file... Read more
Affected Products : oliver_v5_library- Published: Jan. 15, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Path Traversal
-
9.8
CRITICALCVE-2025-49055
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav WP Lead Capturing Pages wp-lead-capture allows Blind SQL Injection.This issue affects WP Lead Capturing Pages: from n/a through <= 2.5.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2026-1423
A vulnerability was determined in code-projects Online Examination System 1.0. Affected by this issue is some unknown functionality of the file /admin_pic.php. Executing a manipulation can lead to unrestricted upload. The attack may be performed from remo... Read more
Affected Products : online_examination_system- Published: Jan. 26, 2026
- Modified: Jan. 28, 2026
- Vuln Type: Misconfiguration
-
9.8
CRITICALCVE-2026-22853
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, RDPEAR’s NDR array reader does not perform bounds checking on the on‑wire element count and can write past the heap buffer allocated from hints, causing a heap buffer overfl... Read more
Affected Products : freerdp- Published: Jan. 14, 2026
- Modified: Jan. 20, 2026
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2026-1160
A security vulnerability has been detected in PHPGurukul Directory Management System 1.0. Impacted is an unknown function of the file /index.php of the component Search. The manipulation of the argument searchdata leads to sql injection. The attack may be... Read more
Affected Products : directory_management_system- Published: Jan. 19, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2026-0884
Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 22, 2026
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2026-1534
A weakness has been identified in code-projects Online Music Site 1.0. This affects an unknown function of the file /Administrator/PHP/AdminEditUser.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remo... Read more
Affected Products : online_music_site- Published: Jan. 28, 2026
- Modified: Feb. 02, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2026-0760
Foundation Agents MetaGPT deserialize_message Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foundation Agents MetaGPT. Authenticatio... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
-
9.8
CRITICALCVE-2026-24306
Improper access control in Azure Front Door (AFD) allows an unauthorized attacker to elevate privileges over a network.... Read more
Affected Products : azure_front_door- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
-
9.8
CRITICALCVE-2026-22249
Docmost is an open-source collaborative wiki and documentation software. From 0.21.0 to before 0.24.0, Docmost is vulnerable to Arbitrary File Write via Zip Import Feature (ZipSlip). In apps/server/src/integrations/import/utils/file.utils.ts, there are no... Read more
Affected Products : docmost- Published: Jan. 15, 2026
- Modified: Jan. 22, 2026
- Vuln Type: Path Traversal
-
9.8
CRITICALCVE-2026-22582
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement (MicrositeUrl module) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: befor... Read more
Affected Products :- Published: Jan. 24, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2026-1159
A weakness has been identified in itsourcecode Online Frozen Foods Ordering System 1.0. This issue affects some unknown processing of the file /order_online.php. Executing a manipulation of the argument product_name can lead to sql injection. The attack c... Read more
- Published: Jan. 19, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Injection