Latest CVE Feed
-
8.8
HIGHCVE-2020-37033
Infor Storefront B2B 1.0 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'usr_name' parameter in login requests. Attackers can exploit the vulnerability by injecting malicious SQL code into the 'usr_... Read more
Affected Products :- Published: Jan. 30, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Injection
-
8.8
HIGHCVE-2020-37023
Koken CMS 0.22.24 contains a file upload vulnerability that allows authenticated attackers to bypass file extension restrictions by renaming malicious PHP files. Attackers can upload PHP files with system command execution capabilities by manipulating the... Read more
Affected Products :- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Misconfiguration
-
8.8
HIGHCVE-2026-1551
A weakness has been identified in itsourcecode School Management System 1.0. This affects an unknown part of the file /ramonsys/course/controller.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remote... Read more
- Published: Jan. 29, 2026
- Modified: Feb. 02, 2026
- Vuln Type: Injection
-
8.8
HIGHCVE-2026-0766
Open WebUI load_tool_module_by_id Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open WebUI. Authentication is required to exploit this vulnerability... Read more
Affected Products : open_webui- Published: Jan. 23, 2026
- Modified: Jan. 30, 2026
-
8.8
HIGHCVE-2025-66176
There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision Access Control Products. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted pack... Read more
Affected Products : ds-k1t671_firmware ds-k1t341c_firmware ds-k1t671 ds-k1t341c ds-k1t331_firmware ds-k1t331 ds-k1t341a_firmware ds-k1t341a ds-k1t341b_firmware ds-k1t341b +46 more products- Published: Jan. 13, 2026
- Modified: Jan. 22, 2026
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2026-24747
PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's `weights_only` unpickler allows an attacker to craft a malicious checkpoint file (`.pth`) that, when loaded with `torch.load(..., weights_o... Read more
Affected Products : pytorch- Published: Jan. 27, 2026
- Modified: Jan. 30, 2026
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-69002
Deserialization of Untrusted Data vulnerability in designthemes OneLife onelife allows Object Injection.This issue affects OneLife: from n/a through <= 3.9.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 28, 2026
- Vuln Type: Injection
-
8.8
HIGHCVE-2020-37057
Online-Exam-System 2015 contains a SQL injection vulnerability in the feedback module that allows attackers to manipulate database queries through the 'fid' parameter. Attackers can inject malicious SQL code into the 'fid' parameter to potentially extract... Read more
Affected Products :- Published: Jan. 30, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Injection
-
8.8
HIGHCVE-2026-24788
RaspAP raspap-webgui versions prior to 3.3.6 contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed by a user who can log in to the product.... Read more
Affected Products : raspap- Published: Feb. 02, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-50007
Incorrect Privilege Assignment vulnerability in Jthemes xSmart xsmart allows Privilege Escalation.This issue affects xSmart: from n/a through <= 1.2.9.4.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authorization
-
8.8
HIGHCVE-2026-25059
OpenList Frontend is a UI component for OpenList. Prior to 4.1.10, the application contains path traversal vulnerability in multiple file operation handlers in server/handles/fsmanage.go. Filename components in req.Names are directly concatenated with val... Read more
Affected Products :- Published: Feb. 02, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Path Traversal
-
8.8
HIGHCVE-2026-2075
A security flaw has been discovered in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected is the function saveRolePermission of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\RoleController.java of the comp... Read more
Affected Products : warehouse- Published: Feb. 07, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authorization
-
8.8
HIGHCVE-2026-24411
iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior in CIccTagXmlSegmentedCurve::ToXml(). This occurs when user-controllable input is unsafe... Read more
Affected Products : iccdev- Published: Jan. 24, 2026
- Modified: Jan. 30, 2026
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2026-24406
iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a Heap Buffer Overflow vulnerability in CIccTagNamedColor2::SetSize(). This occurs when user-controllable i... Read more
Affected Products : iccdev- Published: Jan. 24, 2026
- Modified: Jan. 30, 2026
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2026-24410
iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior and Null Pointer Deference in CIccProfileXml::ParseBasic(). This occurs when user-contro... Read more
Affected Products : iccdev- Published: Jan. 24, 2026
- Modified: Jan. 30, 2026
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-67645
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.0.4 have a broken access control in the Profile Edit endpoint. An authenticated normal user can modify the request parameters (pub... Read more
Affected Products : openemr- Published: Jan. 28, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Authorization
-
8.8
HIGHCVE-2026-24404
iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, CIccXmlArrayType() contains a Null Pointer Dereference and Undefined Behavior vulnerability. This occurs whe... Read more
Affected Products : iccdev- Published: Jan. 24, 2026
- Modified: Jan. 30, 2026
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2026-20408
In wlan, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID... Read more
- Published: Feb. 02, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2020-37151
phpMyChat Plus 1.98 contains a SQL injection vulnerability in the deluser.php page through the pmc_username parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, and time-based blind SQL injectio... Read more
Affected Products :- Published: Feb. 05, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Injection
-
8.8
HIGHCVE-2026-24530
Missing Authorization vulnerability in sheepfish WebP Conversion webp-conversion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebP Conversion: from n/a through <= 2.1.... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 28, 2026
- Vuln Type: Authorization