Latest CVE Feed
-
9.8
CRITICALCVE-2025-59870
HCL MyXalytics is affected by improper management of a static JWT signing secret in the web application, where the secret lacks rotation , introducing a security risk... Read more
- Published: Jan. 16, 2026
- Modified: Jan. 23, 2026
- Vuln Type: Cryptography
-
9.8
CRITICALCVE-2026-24531
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Prowess prowess allows PHP Local File Inclusion.This issue affects Prowess: from n/a through <= 2.3.... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Path Traversal
-
9.8
CRITICALCVE-2020-37067
Filetto 1.0 FTP server contains a denial of service vulnerability in the FEAT command processing that allows attackers to crash the service. Attackers can send an oversized FEAT command with 11,008 bytes of repeated characters to trigger a buffer overflow... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Denial of Service
-
9.8
CRITICALCVE-2026-0770
Langflow exec_globals Inclusion of Functionality from Untrusted Control Sphere Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required ... Read more
Affected Products : langflow- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-69565
code-projects Mobile Shop Management System 1.0 is vulnerable to File Upload in /ExAddProduct.php.... Read more
Affected Products : mobile_shop_management_system- Published: Jan. 27, 2026
- Modified: Feb. 03, 2026
-
9.8
CRITICALCVE-2026-24465
Stack-based buffer overflow vulnerability exists in ELECOM wireless LAN access point devices. A crafted packet may lead to arbitrary code execution.... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2026-2161
A vulnerability was found in itsourcecode Directory Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/forget-password.php. The manipulation of the argument email results in sql injection. The attack can be laun... Read more
Affected Products : directory_management_system- Published: Feb. 08, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-69981
FUXA v1.2.7 contains an Unrestricted File Upload vulnerability in the `/api/upload` API endpoint. The endpoint lacks authentication mechanisms, allowing unauthenticated remote attackers to upload arbitrary files. This can be exploited to overwrite critica... Read more
Affected Products : fuxa- Published: Feb. 03, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2026-2132
A security flaw has been discovered in code-projects Online Music Site 1.0. This issue affects some unknown processing of the file /Administrator/PHP/AdminUpdateCategory.php. The manipulation of the argument txtcat results in sql injection. The attack can... Read more
Affected Products : online_music_site- Published: Feb. 08, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2021-47901
Dirsearch 0.4.1 contains a CSV injection vulnerability when using the --csv-report flag that allows attackers to inject formulas through redirected endpoints. Attackers can craft malicious server redirects with comma-separated paths containing Excel formu... Read more
Affected Products :- Published: Jan. 27, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2026-2133
A weakness has been identified in code-projects Online Music Site 1.0. Impacted is an unknown function of the file /Administrator/PHP/AdminUpdateCategory.php. This manipulation of the argument txtimage causes unrestricted upload. The attack is possible to... Read more
Affected Products : online_music_site- Published: Feb. 08, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Misconfiguration
-
9.8
CRITICALCVE-2026-0773
Upsonic Cloudpickle Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Upsonic. Authentication is not required to exploit this vulnerabil... Read more
Affected Products : upsonic- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
-
9.8
CRITICALCVE-2025-50002
Unrestricted Upload of File with Dangerous Type vulnerability in Farost Energia energia allows Upload a Web Shell to a Web Server.This issue affects Energia: from n/a through <= 1.1.2.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Misconfiguration
-
9.8
CRITICALCVE-2025-14235
Buffer overflow in XPS font fpgm data processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP... Read more
Affected Products : mf1238_ii_firmware mf1643i_ii_firmware mf1643if_ii_firmware mf451dw_firmware mf452dw_firmware mf453dw_firmware mf455dw_firmware lbp1238_ii_firmware lbp236dw_firmware lbp237dw_firmware +28 more products- Published: Jan. 16, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2026-24515
In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.... Read more
Affected Products : libexpat- Published: Jan. 23, 2026
- Modified: Feb. 05, 2026
- Vuln Type: XML External Entity
-
9.8
CRITICALCVE-2025-67856
A flaw was found in Moodle. An authorization logic flaw, specifically due to incomplete role checks during the badge awarding process, allowed badges to be granted without proper verification. This could enable unauthorized users to obtain badges they are... Read more
Affected Products : moodle- Published: Feb. 03, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2026-2174
A security flaw has been discovered in code-projects Contact Management System 1.0. This affects an unknown part of the component CRUD Endpoint. The manipulation of the argument ID results in improper authentication. The attack may be launched remotely.... Read more
Affected Products : contact_management_system- Published: Feb. 08, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2026-2225
A flaw has been found in itsourcecode News Portal Project 1.0. This vulnerability affects unknown code of the file /admin/index.php of the component Administrator Login. This manipulation of the argument email causes sql injection. The attack can be initi... Read more
Affected Products : news_portal_project- Published: Feb. 09, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2026-1413
A vulnerability was found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function portValidate of the file /fort/ip_and_port/port_validate of the component HTTP POST Request Handler. Performing a manipulatio... Read more
Affected Products : operation_and_maintenance_security_management_system- Published: Jan. 26, 2026
- Modified: Jan. 30, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-67135
Weak Security in the PF-50 1.2 keyfob of PGST PG107 Alarm System 1.25.05.hf allows attackers to compromise access control via a code replay attack.... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Authentication