Latest CVE Feed
-
8.7
HIGHCVE-2026-25499
Terraform / OpenTofu Provider adds support for Proxmox Virtual Environment. Prior to version 0.93.1, in the SSH configuration documentation, the sudoer line suggested is insecure and can result in escaping the folder using ../, allowing any files on the s... Read more
Affected Products :- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Path Traversal
-
8.7
HIGHCVE-2025-9279
A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. During execution of the Achilles EtherNet/IP Step Limit Storm tests, the device reboots unexpectedly, causing the Link State Monitor to go down for several sec... Read more
- Published: Jan. 20, 2026
- Modified: Feb. 02, 2026
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2022-50899
Geonetwork 3.10 through 4.2.0 contains an XML external entity vulnerability in PDF rendering that allows attackers to retrieve arbitrary files from the server. Attackers can exploit the insecure XML parser by crafting a malicious XML document with externa... Read more
Affected Products :- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: XML External Entity
-
8.7
HIGHCVE-2025-14027
Multiple denial-of-service vulnerabilities exist in the affected product. These issues can be triggered through various crafted inputs, including malformed Class 3 messages, memory leak conditions, and other resource exhaustion scenarios. Exploitation may... Read more
Affected Products :- Published: Jan. 20, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2026-24480
QGIS is a free, open source, cross platform geographical information system (GIS) The repository contains a GitHub Actions workflow called "pre-commit checks" that, before commit 76a693cd91650f9b4e83edac525e5e4f90d954e9, was vulnerable to remote code exec... Read more
Affected Products :- Published: Jan. 27, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Information Disclosure
-
8.7
HIGHCVE-2020-36939
Cassandra Web 0.5.0 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating path traversal parameters. Attackers can exploit the disabled Rack::Protection module to read sensitive system f... Read more
Affected Products :- Published: Jan. 27, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Path Traversal
-
8.7
HIGHCVE-2025-68702
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses padLeft(32, '0') when it should use padLeft(64, '0') because SHA-256 produces 32 bytes which equates to 64 hex characters. This vulnerability ... Read more
Affected Products : jervis- Published: Jan. 13, 2026
- Modified: Jan. 20, 2026
- Vuln Type: Cryptography
-
8.7
HIGHCVE-2025-68703
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the salt is derived from sha256Sum(passphrase). Two encryption operations with the same password will have the same derived key. This vulnerability is fixe... Read more
Affected Products : jervis- Published: Jan. 13, 2026
- Modified: Jan. 20, 2026
- Vuln Type: Cryptography
-
8.7
HIGHCVE-2026-1330
MeetingHub developed by HAMASTAR Technology has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Path Traversal
-
8.7
HIGHCVE-2020-37093
Netis E1+ 1.2.32533 contains an information disclosure vulnerability that allows unauthenticated attackers to retrieve WiFi passwords through the netcore_get.cgi endpoint. Attackers can send a GET request to the endpoint to extract sensitive network crede... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Information Disclosure
-
8.7
HIGHCVE-2026-25514
FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.81, FacturaScripts contains a critical SQL injection vulnerability in the autocomplete functionality that allows authenticated attackers to extract s... Read more
Affected Products : facturascripts- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Injection
-
8.7
HIGHCVE-2025-41005
Imaster's MEMS Events CRM contains an SQL injection vulnerability in‘keyword’ parameter in ‘/memsdemo/exchange_offers.php’.... Read more
Affected Products :- Published: Jan. 12, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Injection
-
8.7
HIGHCVE-2025-41004
Imaster's Patient Records Management System is vulnerable to SQL Injection in the endpoint ‘/projects/hospital/admin/complaints.php’ through the ‘id’ parameter.... Read more
Affected Products :- Published: Jan. 12, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Injection
-
8.7
HIGHCVE-2022-50890
Owlfiles File Manager 12.0.1 contains a path traversal vulnerability in its built-in HTTP server that allows attackers to access system directories. Attackers can exploit the vulnerability by crafting GET requests with directory traversal sequences to acc... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Path Traversal
-
8.7
HIGHCVE-2020-37097
Edimax EW-7438RPn 1.13 contains an information disclosure vulnerability that exposes WiFi network configuration details through the wlencrypt_wiz.asp file. Attackers can access the script to retrieve sensitive information including WiFi network name and p... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Information Disclosure
-
8.7
HIGHCVE-2025-41078
Weaknesses in the authorization mechanisms of Viafirma Documents v3.7.129 allow an authenticated user without privileges to list and access other user data, use user creation, modification, and deletion features, and escalate privileges by impersonating o... Read more
- Published: Jan. 12, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Authorization
-
8.7
HIGHCVE-2025-9278
A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. After running a Burp Suite active scan, the device loses ICMP connectivity, causing the web application to become inaccessible.... Read more
- Published: Jan. 20, 2026
- Modified: Feb. 02, 2026
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2025-40944
A vulnerability has been identified in SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0) (All versions), SIMATIC ET 200MP IM 155-5 PN HF (6ES7155-5AA00-0AC0) (All versions >= V4.2.0), SIMATIC ET 200SP IM 155-6 MF HF (6ES7155-6MU00-0CN0) (All versions), SI... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2026-22787
html2pdf.js converts any webpage or element into a printable PDF entirely client-side. Prior to 0.14.0, html2pdf.js contains a cross-site scripting (XSS) vulnerability when given a text source rather than an element. This text is not sufficiently sanitize... Read more
Affected Products :- Published: Jan. 14, 2026
- Modified: Jan. 20, 2026
- Vuln Type: Cross-Site Scripting
-
8.7
HIGHCVE-2026-23953
Incus is a system container and virtual machine manager. In versions 6.20.0 and below, a user with the ability to launch a container with a custom YAML configuration (e.g a member of the ‘incus’ group) can create an environment variable containing newline... Read more
Affected Products : incus- Published: Jan. 22, 2026
- Modified: Jan. 30, 2026
- Vuln Type: Injection