Latest CVE Feed
-
8.7
HIGHCVE-2025-59098
The Access Manager is offering a trace functionality to debug errors and issues with the device. The trace functionality is implemented as a simple TCP socket. A tool called TraceClient.exe, provided by dormakaba via the Access Manager web interface, is u... Read more
Affected Products :- Published: Jan. 26, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Information Disclosure
-
8.7
HIGHCVE-2022-50932
Kyocera Command Center RX ECOSYS M2035dn contains a directory traversal vulnerability that allows unauthenticated attackers to read sensitive system files by manipulating file paths under the /js/ path. Attackers can exploit the issue by sending requests ... Read more
Affected Products : command_center_rx- Published: Jan. 13, 2026
- Modified: Jan. 30, 2026
- Vuln Type: Path Traversal
-
8.7
HIGHCVE-2026-22243
EGroupware is a Web based groupware server written in PHP. A SQL Injection vulnerability exists in the core components of EGroupware prior to versions 23.1.20260113 and 26.0.20260113, specifically in the `Nextmatch` filter processing. The flaw allows auth... Read more
Affected Products : egroupware- Published: Jan. 28, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Injection
-
8.7
HIGHCVE-2026-24813
NULL Pointer Dereference vulnerability in abcz316 SKRoot-linuxKernelRoot (testRoot/jni/utils modules). This vulnerability is associated with program files cJSON.Cpp. This issue affects SKRoot-linuxKernelRoot.... Read more
Affected Products :- Published: Jan. 27, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Memory Corruption
-
8.7
HIGHCVE-2026-22776
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.1, a Denial of Service (DoS) vulnerability exists in cpp-httplib due to the unsafe handling of compressed HTTP request bodies (Content-Encoding: gzip, ... Read more
Affected Products : cpp-httplib- Published: Jan. 12, 2026
- Modified: Jan. 15, 2026
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2021-47749
YouPHPTube <= 7.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to access arbitrary files by manipulating the 'lang' parameter in GET requests. Attackers can exploit the path traversal flaw in locale/function.php to i... Read more
Affected Products : youphptube- Published: Jan. 13, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Path Traversal
-
8.7
HIGHCVE-2026-1465
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in anyrtcIO-Community anyRTC-RTMP-OpenSource (third_party/faad2-2.7/libfaad modules). This vulnerability is associated with program files bits.C, syntax.C. This issue a... Read more
Affected Products :- Published: Jan. 27, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Memory Corruption
-
8.7
HIGHCVE-2024-58340
LangChain versions up to and including 0.3.1 contain a regular expression denial-of-service (ReDoS) vulnerability in the MRKLOutputParser.parse() method (libs/langchain/langchain/agents/mrkl/output_parser.py). The parser applies a backtracking-prone regul... Read more
Affected Products : langchain- Published: Jan. 12, 2026
- Modified: Jan. 21, 2026
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2026-24665
The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a stored Cross-Site Scripting (XSS) vulnerability allows authenticated students to inject malicious JavaScript into uploaded assignment... Read more
Affected Products : openeclass- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Cross-Site Scripting
-
8.7
HIGHCVE-2025-41078
Weaknesses in the authorization mechanisms of Viafirma Documents v3.7.129 allow an authenticated user without privileges to list and access other user data, use user creation, modification, and deletion features, and escalate privileges by impersonating o... Read more
- Published: Jan. 12, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Authorization
-
8.7
HIGHCVE-2026-24740
Dozzle is a realtime log viewer for docker containers. Prior to version 9.0.3, a flaw in Dozzle’s agent-backed shell endpoints allows a user restricted by label filters (for example, `label=env=dev`) to obtain an interactive root shell in out‑of‑scope con... Read more
Affected Products : dozzle- Published: Jan. 27, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Authorization
-
8.7
HIGHCVE-2021-47850
Mini Mouse 9.2.0 contains a path traversal vulnerability that allows remote attackers to access arbitrary system files and directories through crafted HTTP requests. Attackers can retrieve sensitive files like win.ini and list contents of system directori... Read more
Affected Products : mini_mouse- Published: Jan. 21, 2026
- Modified: Feb. 02, 2026
- Vuln Type: Path Traversal
-
8.7
HIGHCVE-2025-60003
A Buffer Over-read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). When an affected device receives a BGP update wi... Read more
- Published: Jan. 15, 2026
- Modified: Jan. 23, 2026
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2025-40944
A vulnerability has been identified in SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0) (All versions), SIMATIC ET 200MP IM 155-5 PN HF (6ES7155-5AA00-0AC0) (All versions >= V4.2.0), SIMATIC ET 200SP IM 155-6 MF HF (6ES7155-6MU00-0CN0) (All versions), SI... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2026-1523
Path Traversal vulnerability in Digitek ADT1100 and Digitek DT950 from PRIMION DIGITEK, S.L.U (Azkoyen Group). This vulnerability allows an attacker to access arbitrary files in the server's file system, thet is, 'http://<host>/..%2F..% 2F..%2F..%2F..%2F.... Read more
Affected Products :- Published: Feb. 05, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Path Traversal
-
8.7
HIGHCVE-2026-22787
html2pdf.js converts any webpage or element into a printable PDF entirely client-side. Prior to 0.14.0, html2pdf.js contains a cross-site scripting (XSS) vulnerability when given a text source rather than an element. This text is not sufficiently sanitize... Read more
Affected Products :- Published: Jan. 14, 2026
- Modified: Jan. 20, 2026
- Vuln Type: Cross-Site Scripting
-
8.7
HIGHCVE-2025-68701
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses deterministic AES IV derivation from a passphrase. This vulnerability is fixed in 2.2.... Read more
Affected Products : jervis- Published: Jan. 13, 2026
- Modified: Jan. 20, 2026
- Vuln Type: Cryptography
-
8.7
HIGHCVE-2021-47865
ProFTPD 1.3.7a contains a denial of service vulnerability that allows attackers to overwhelm the server by creating multiple simultaneous FTP connections. Attackers can repeatedly establish connections using threading to exhaust server connection limits a... Read more
Affected Products : proftpd- Published: Jan. 21, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2026-23954
Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with a custom image (e.g a member of the ‘incus’ group) to use directory traversal or symbolic links in the templating f... Read more
Affected Products : incus- Published: Jan. 22, 2026
- Modified: Jan. 30, 2026
- Vuln Type: Path Traversal
-
8.7
HIGHCVE-2026-25514
FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.81, FacturaScripts contains a critical SQL injection vulnerability in the autocomplete functionality that allows authenticated attackers to extract s... Read more
Affected Products : facturascripts- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Injection