Latest CVE Feed
-
8.8
HIGHCVE-2026-21633
A malicious actor with access to the adjacent network could obtain unauthorized access to a UniFi Protect Camera by exploiting a discovery protocol vulnerability in the Unifi Protect Application (Version 6.1.79 and earlier). Affected Products: ... Read more
Affected Products : unifi_protect- Published: Jan. 05, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Authentication
-
8.8
HIGHCVE-2025-15199
A security vulnerability has been detected in code-projects College Notes Uploading System 1.0. Impacted is an unknown function of the file /dashboard/userprofile.php. The manipulation of the argument image leads to unrestricted upload. Remote exploitatio... Read more
Affected Products : college_notes_uploading_system- Published: Dec. 29, 2025
- Modified: Jan. 05, 2026
- Vuln Type: Authentication
-
8.8
HIGHCVE-2026-22771
Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. Prior to 1.5.7 and 1.6.2, EnvoyExtensionPolicy Lua scripts executed by Envoy proxy can be used to leak the proxy's credentials. These... Read more
Affected Products : gateway- Published: Jan. 12, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Information Disclosure
-
8.8
HIGHCVE-2026-0855
Certain IP Camera models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.... Read more
Affected Products :- Published: Jan. 12, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-65817
LSC Smart Connect Indoor IP Camera 1.4.13 contains a RCE vulnerability in start_app.sh.... Read more
- Published: Dec. 22, 2025
- Modified: Jan. 06, 2026
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-15272
FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerabil... Read more
Affected Products : fontforge- Published: Dec. 31, 2025
- Modified: Jan. 07, 2026
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-15271
FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vu... Read more
Affected Products : fontforge- Published: Dec. 31, 2025
- Modified: Jan. 07, 2026
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-15389
VPN Firewall developed by QNO Technology has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server.... Read more
Affected Products :- Published: Dec. 31, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-66524
Apache NiFi 1.20.0 through 2.6.0 include the GetAsanaObject Processor, which requires integration with a configurable Distribute Map Cache Client Service for storing and retrieving state information. The GetAsanaObject Processor used generic Java Object s... Read more
Affected Products : nifi- Published: Dec. 19, 2025
- Modified: Jan. 08, 2026
- Vuln Type: Misconfiguration
-
8.8
HIGHCVE-2019-25246
Beward N100 H.264 VGA IP Camera M2.1.6 contains an authenticated file disclosure vulnerability that allows attackers to read arbitrary system files via the 'READ.filePath' parameter. Attackers can exploit the fileread script or SendCGICMD API to access se... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Information Disclosure
-
8.8
HIGHCVE-2019-25245
Ross Video DashBoard 8.5.1 contains an elevation of privileges vulnerability that allows authenticated users to modify executable files due to improper permission settings. Attackers can exploit the 'M' or 'C' flags for 'Authenticated Users' group to repl... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Misconfiguration
-
8.8
HIGHCVE-2025-15050
A security vulnerability has been detected in code-projects Student File Management System 1.0. This affects an unknown part of the file /save_file.php. Such manipulation of the argument File leads to unrestricted upload. The attack can be executed remote... Read more
Affected Products : student_file_management_system- Published: Dec. 24, 2025
- Modified: Dec. 30, 2025
- Vuln Type: Misconfiguration
-
8.8
HIGHCVE-2022-50793
SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an authenticated command injection vulnerability in the www-data-handler.php script that allows attackers to inject system commands through the 'services' POST parameter. Attackers can exploit this vulnerabilit... Read more
Affected Products : stream first_firmware first impact_firmware impact pulse_firmware pulse impact_eco_firmware impact_eco pulse_eco_firmware +8 more products- Published: Dec. 30, 2025
- Modified: Jan. 13, 2026
- Vuln Type: Injection
-
8.8
HIGHCVE-2018-25143
Microhard Systems IPn4G 1.1.0 contains a service vulnerability that allows authenticated users to enable a restricted SSH shell with a default 'msshc' user. Attackers can exploit a custom 'ping' command in the NcFTP environment to escape the restricted sh... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Authorization
-
8.8
HIGHCVE-2025-40942
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.4). Affected application contains a local privilege escalation vulnerability that could allow an attacker to run arbitrary code with elevated privileges.... Read more
Affected Products : telecontrol_server_basic- Published: Jan. 13, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Authorization
-
8.8
HIGHCVE-2026-21638
A malicious actor in Wi-Fi range of the affected product could leverage a vulnerability in the airMAX Wireless Protocol to achieve a remote code execution (RCE) within the affected product. Affected Products: UBB-XG (Version 1.2.2 and earlier) UDB... Read more
Affected Products : ubb ubb-xg ubb-xg_firmware udb-pro_firmware udb-pro udb-pro-sector_firmware udb-pro-sector ubb_firmware- Published: Jan. 08, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-36640
A vulnerability has been identified in the installation/uninstallation of the Nessus Agent Tray App on Windows Hosts which could lead to escalation of privileges.... Read more
Affected Products : nessus- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Authorization
-
8.8
HIGHCVE-2019-25254
KYOCERA Net Admin 3.4.0906 contains a cross-site request forgery vulnerability that allows attackers to create administrative users without proper request validation. Attackers can craft malicious web pages that automatically submit forms to add new admin... Read more
Affected Products : net_admin- Published: Dec. 24, 2025
- Modified: Jan. 16, 2026
- Vuln Type: Cross-Site Request Forgery
-
8.8
HIGHCVE-2019-25243
FaceSentry 6.4.8 contains an authenticated remote command injection vulnerability in pingTest.php and tcpPortTest.php scripts. Attackers can exploit unsanitized input parameters to inject and execute arbitrary shell commands with root privileges by manipu... Read more
- Published: Dec. 24, 2025
- Modified: Dec. 30, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2022-50892
VIAVIWEB Wallpaper Admin 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating login credentials. Attackers can exploit the login page by injecting 'admin' or 1=1-- - payload to gain unauthorized access ... Read more
Affected Products :- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Injection