Latest CVE Feed
-
9.1
CRITICALCVE-2026-22264
Suricata is a network IDS, IPS and NSM engine. Prior to version 8.0.3 and 7.0.14, an unsigned integer overflow can lead to a heap use-after-free condition when generating excessive amounts of alerts for a single packet. Versions 8.0.3 and 7.0.14 contain a... Read more
Affected Products : suricata- Published: Jan. 27, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Memory Corruption
-
9.1
CRITICALCVE-2026-23846
Tugtainer is a self-hosted app for automating updates of Docker containers. In versions prior to 1.16.1, the password authentication mechanism transmits passwords via URL query parameters instead of the HTTP request body. This causes passwords to be logge... Read more
Affected Products : tugtainer- Published: Jan. 19, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Information Disclosure
-
9.1
CRITICALCVE-2026-20750
Gitea does not properly validate project ownership in organization project operations. A user with project write access in one organization may be able to modify projects belonging to a different organization.... Read more
Affected Products : gitea- Published: Jan. 22, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Authorization
-
9.1
CRITICALCVE-2026-24346
Use of well-known default credentials in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to access protected areas in the web application... Read more
- Published: Jan. 27, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Authentication
-
9.1
CRITICALCVE-2026-0498
SAP S/4HANA (Private Cloud and On-Premise) allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS commands into the system, bypassing essential ... Read more
Affected Products : s\/4_hana- Published: Jan. 13, 2026
- Modified: Jan. 22, 2026
- Vuln Type: Injection
-
9.1
CRITICALCVE-2025-62741
Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Pool Services pool-services allows Server Side Request Forgery.This issue affects Pool Services: from n/a through <= 3.3.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Server-Side Request Forgery
-
9.1
CRITICALCVE-2025-14829
The E-xact | Hosted Payment | WordPress plugin through 2.0 is vulnerable to arbitrary file deletion due to insufficient file path validation. This makes it possible for unauthenticated attackers to delete arbitrary files on the server.... Read more
Affected Products :- Published: Jan. 13, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Path Traversal
-
9.1
CRITICALCVE-2023-54337
Sysax Multi Server 6.95 contains a denial of service vulnerability in the administrative password field that allows attackers to crash the application. Attackers can overwrite the password field with 800 bytes of repeated characters to trigger an applicat... Read more
Affected Products : multi_server- Published: Jan. 13, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Denial of Service
-
9.1
CRITICALCVE-2025-11250
Zohocorp ManageEngine ADSelfService Plus versions before 6519 are vulnerable to Authentication Bypass due to improper filter configurations.... Read more
Affected Products : manageengine_adselfservice_plus- Published: Jan. 13, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Authentication
-
9.1
CRITICALCVE-2026-0491
SAP Landscape Transformation allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS commands into the system, bypassing essential authorization ... Read more
Affected Products :- Published: Jan. 13, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Injection
-
9.1
CRITICALCVE-2026-22859
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, the URBDRC client does not perform bounds checking on server‑supplied MSUSB_INTERFACE_DESCRIPTOR values and uses them as indices in libusb_udev_complete_msconfig_setup, caus... Read more
Affected Products : freerdp- Published: Jan. 14, 2026
- Modified: Jan. 20, 2026
- Vuln Type: Memory Corruption
-
9.0
HIGHCVE-2026-2187
A vulnerability was found in Tenda RX3 16.03.13.11. The affected element is the function set_qosMib_list of the file /goform/formSetQosBand. Performing a manipulation of the argument list results in stack-based buffer overflow. It is possible to initiate ... Read more
Affected Products :- Published: Feb. 08, 2026
- Modified: Feb. 08, 2026
- Vuln Type: Memory Corruption
-
9.0
HIGHCVE-2026-2186
A vulnerability has been found in Tenda RX3 16.03.13.11. Impacted is the function fromSetIpMacBind of the file /goform/SetIpMacBind. Such manipulation of the argument list leads to stack-based buffer overflow. The attack may be performed from remote. The ... Read more
Affected Products :- Published: Feb. 08, 2026
- Modified: Feb. 08, 2026
- Vuln Type: Memory Corruption
-
9.0
HIGHCVE-2026-1328
A vulnerability was detected in Totolink NR1800X 9.1.0u.6279_B20210910. Impacted is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Performing a manipulation of the argument ssid results in buffer overflow... Read more
- Published: Jan. 22, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Memory Corruption
-
9.0
HIGHCVE-2026-2185
A flaw has been found in Tenda RX3 16.03.13.11. This issue affects the function set_device_name of the file /goform/setBlackRule of the component MAC Filtering Configuration Endpoint. This manipulation of the argument devName/mac causes stack-based buffer... Read more
Affected Products :- Published: Feb. 08, 2026
- Modified: Feb. 08, 2026
- Vuln Type: Memory Corruption
-
9.0
HIGHCVE-2026-1329
A flaw has been found in Tenda AX1803 1.0.0.1. The affected element is the function fromGetWifiGuestBasic of the file /goform/WifiGuestSet. Executing a manipulation of the argument guestWrlPwd/guestEn/guestSsid/hideSsid/guestSecurity can lead to stack-bas... Read more
- Published: Jan. 22, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Memory Corruption
-
9.0
HIGHCVE-2026-2181
A security flaw has been discovered in Tenda RX3 16.03.13.11. Affected by this vulnerability is an unknown functionality of the file /goform/openSchedWifi. Performing a manipulation of the argument schedStartTime/schedEndTime results in stack-based buffer... Read more
Affected Products :- Published: Feb. 08, 2026
- Modified: Feb. 08, 2026
- Vuln Type: Memory Corruption
-
9.0
HIGHCVE-2026-2180
A vulnerability was identified in Tenda RX3 16.03.13.11. Affected is an unknown function of the file /goform/fast_setting_wifi_set. Such manipulation of the argument ssid_5g leads to stack-based buffer overflow. The attack can be launched remotely. The ex... Read more
Affected Products :- Published: Feb. 08, 2026
- Modified: Feb. 08, 2026
- Vuln Type: Memory Corruption
-
9.0
HIGHCVE-2026-1143
A weakness has been identified in TOTOLINK A3700R 9.1.2u.5822_B20200513. This affects the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument ssid can lead to buffer overflow. The attack may be launched ... Read more
- Published: Jan. 19, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Memory Corruption
-
9.0
HIGHCVE-2026-0841
A vulnerability was detected in UTT 进取 520W 1.7.7-180627. Affected by this issue is the function strcpy of the file /goform/formPictureUrl. The manipulation of the argument importpictureurl results in buffer overflow. It is possible to launch the attack r... Read more
- Published: Jan. 11, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Memory Corruption