Latest CVE Feed
-
8.8
HIGHCVE-2026-1150
A security flaw has been discovered in Totolink LR350 9.3.5u.6369_B20220309. Impacted is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument command results in command inje... Read more
- Published: Jan. 19, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Injection
-
8.8
HIGHCVE-2026-1149
A vulnerability was identified in Totolink LR350 9.3.5u.6369_B20220309. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument ip leads to command injection.... Read more
- Published: Jan. 19, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Injection
-
8.8
HIGHCVE-2026-1750
The Ecwid by Lightspeed Ecommerce Shopping Cart plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 7.0.7. This is due to a missing capability check in the 'save_custom_user_profile_fields' function. This makes... Read more
Affected Products :- Published: Feb. 15, 2026
- Modified: Feb. 15, 2026
- Vuln Type: Authorization
-
8.8
HIGHCVE-2025-69035
Deserialization of Untrusted Data vulnerability in strongholdthemes Dental Care CPT dentalcare-cpt allows Object Injection.This issue affects Dental Care CPT: from n/a through <= 20.2.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 28, 2026
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-33015
IBM Concert 1.0.0 through 2.1.0 is vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface.... Read more
Affected Products : concert- Published: Jan. 20, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Misconfiguration
-
8.8
HIGHCVE-2026-24054
Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In versions prior to 3.26.0, when a container image is malformed or contains no layers, containerd falls ba... Read more
Affected Products : kata_containers- Published: Jan. 29, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Misconfiguration
-
8.8
HIGHCVE-2026-2206
A security flaw has been discovered in WeKan up to 8.20. This vulnerability affects unknown code of the file server/methods/fixDuplicateLists.js of the component Administrative Repair Handler. Performing a manipulation results in improper access controls.... Read more
Affected Products : wekan- Published: Feb. 08, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Authorization
-
8.8
HIGHCVE-2026-25807
ZAI Shell is an autonomous SysOps agent designed to navigate, repair, and secure complex environments. Prior to 9.0.3, the P2P terminal sharing feature (share start) opens a TCP socket on port 5757 without any authentication mechanism. Any remote attacker... Read more
Affected Products :- Published: Feb. 09, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authentication
-
8.8
HIGHCVE-2019-25318
AVS Audio Converter 9.1.2.600 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by manipulating the output folder text input. Attackers can craft a malicious payload that overwrites stack memory and triggers a bind sh... Read more
Affected Products :- Published: Feb. 12, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2019-25320
E Learning Script 1.0 contains an authentication bypass vulnerability that allows attackers to access the dashboard without valid credentials by manipulating login parameters. Attackers can exploit the /login.php file by sending a specific payload '=''or'... Read more
Affected Products :- Published: Feb. 12, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Authentication
-
8.8
HIGHCVE-2025-67847
A flaw was found in Moodle. An attacker with access to the restore interface could trigger server-side execution of arbitrary code. This is due to insufficient validation of restore input, which leads to unintended interpretation by core restore routines.... Read more
Affected Products : moodle- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Injection
-
8.8
HIGHCVE-2026-22472
Missing Authorization vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form Builder: from n/a through <= 3.9.6.... Read more
Affected Products : easy_form_builder- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authorization
-
8.8
HIGHCVE-2026-0757
MCP Manager for Claude Desktop execute-command Command Injection Sandbox Escape Vulnerability. This vulnerability allows remote attackers to bypass the sandbox on affected installations of MCP Manager for Claude Desktop. User interaction is required to ex... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
-
8.8
HIGHCVE-2026-2077
A security vulnerability has been detected in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this issue is the function addRole/updateRole/deleteRole of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller... Read more
Affected Products : warehouse- Published: Feb. 07, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authorization
-
8.8
HIGHCVE-2026-23974
Missing Authorization vulnerability in uxper Golo golo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Golo: from n/a through < 1.7.5.... Read more
Affected Products : golo- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authorization
-
8.8
HIGHCVE-2026-0844
The Simple User Registration plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 6.7 due to insufficient restriction on the 'profile_save_field' function. This makes it possible for authenticated attackers, with mi... Read more
Affected Products : simple_user_registration- Published: Jan. 28, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Authorization
-
8.8
HIGHCVE-2026-1169
A security vulnerability has been detected in birkir prime up to 0.4.0.beta.0. This vulnerability affects unknown code. Such manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed publicly and... Read more
Affected Products : prime- Published: Jan. 19, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Cross-Site Request Forgery
-
8.8
HIGHCVE-2025-14386
The Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the 'generate_sso_url' and 'validate_sso_token' functions i... Read more
Affected Products :- Published: Jan. 28, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Authentication
-
8.8
HIGHCVE-2026-1730
The OS DataHub Maps plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'OS_DataHub_Maps_Admin::add_file_and_ext' function in all versions up to, and including, 1.8.3. This makes it possible for authen... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Authentication
-
8.8
HIGHCVE-2020-36945
WebDamn User Registration Login System contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login authentication by manipulating email credentials. Attackers can inject the payload '<email>' OR '1'='1' in both username an... Read more
Affected Products :- Published: Jan. 28, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Injection