Latest CVE Feed
-
8.8
HIGHCVE-2026-1544
A security flaw has been discovered in D-Link DIR-823X 250416. Impacted is the function sub_41E2A0 of the file /goform/set_mode. Performing a manipulation of the argument lan_gateway results in os command injection. The attack is possible to be carried ou... Read more
- Published: Jan. 28, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Injection
-
8.8
HIGHCVE-2020-36972
SmartBlog 2.0.1 contains a blind SQL injection vulnerability in the 'id_post' parameter of the details controller that allows attackers to extract database information. Attackers can systematically test and retrieve database contents by injecting crafted ... Read more
Affected Products : smartblog- Published: Jan. 28, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Injection
-
8.8
HIGHCVE-2026-24367
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler traveler allows Blind SQL Injection.This issue affects Traveler: from n/a through < 3.2.8.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-67966
Incorrect Privilege Assignment vulnerability in e-plugins Lawyer Directory lawyer-directory allows Privilege Escalation.This issue affects Lawyer Directory: from n/a through <= 1.3.3.... Read more
Affected Products : lawyer_directory- Published: Jan. 22, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Authorization
-
8.8
HIGHCVE-2026-25922
authentik is an open-source identity provider. Prior to 2025.8.6, 2025.10.4, and 2025.12.4, when using a SAML Source that has the option Verify Assertion Signature under Verification Certificate enabled and not Verify Response Signature, or does not have ... Read more
Affected Products : authentik- Published: Feb. 12, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Authentication
-
8.8
HIGHCVE-2025-54002
Missing Authorization vulnerability in Jthemes xSmart xsmart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects xSmart: from n/a through <= 1.2.9.4.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authorization
-
8.7
HIGHCVE-2025-9283
A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. During execution of the Achilles EtherNet/IP Step Limits Storms tests, the device reboots unexpectedly, causing the Link State Monitor to go down for several s... Read more
- Published: Jan. 20, 2026
- Modified: Feb. 02, 2026
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2020-37214
Voyager 1.3.0 contains a directory traversal vulnerability that allows attackers to access sensitive system files by manipulating the asset path parameter. Attackers can exploit the path parameter in /admin/voyager-assets to read arbitrary files like /etc... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Path Traversal
-
8.7
HIGHCVE-2025-9278
A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. After running a Burp Suite active scan, the device loses ICMP connectivity, causing the web application to become inaccessible.... Read more
- Published: Jan. 20, 2026
- Modified: Feb. 02, 2026
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2020-37157
DBPower C300 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive credentials through an unprotected configuration backup endpoint. Attackers can download the configuration file and extrac... Read more
Affected Products :- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Information Disclosure
-
8.7
HIGHCVE-2026-26235
JUNG Smart Visu Server 1.1.1050 contains a denial of service vulnerability that allows unauthenticated attackers to remotely shutdown or reboot the server. Attackers can send a single POST request to trigger the server reboot without requiring any authent... Read more
Affected Products :- Published: Feb. 12, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2020-37146
ACE Security WiP-90113 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration files. Attackers can access the camera's configuration backup by sending a GET request to the /con... Read more
Affected Products :- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Information Disclosure
-
8.7
HIGHCVE-2026-1837
A specially-crafted file can cause libjxl's decoder to write pixel data to uninitialized unallocated memory. Soon after that data from another uninitialized unallocated region is copied to pixel data. This can be done by requesting color transformation o... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Memory Corruption
-
8.7
HIGHCVE-2025-69215
OpenSTAManager is an open source management software for technical assistance and invoicing. In version 2.9.8 and prior, there is a SQL Injection vulnerability in the Stampe Module. At time of publication, no known patch exists.... Read more
Affected Products : openstamanager- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Injection
-
8.7
HIGHCVE-2023-20514
Improper handling of parameters in the AMD Secure Processor (ASP) could allow a privileged attacker to pass an arbitrary memory value to functions in the trusted execution environment resulting in arbitrary code execution... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Memory Corruption
-
8.7
HIGHCVE-2026-23954
Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with a custom image (e.g a member of the ‘incus’ group) to use directory traversal or symbolic links in the templating f... Read more
Affected Products : incus- Published: Jan. 22, 2026
- Modified: Jan. 30, 2026
- Vuln Type: Path Traversal
-
8.7
HIGHCVE-2026-25611
A series of specifically crafted, unauthenticated messages can exhaust available memory and crash a MongoDB server.... Read more
Affected Products : mongodb- Published: Feb. 10, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2025-9465
A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. During execution of the Achilles Comprehensive grammar tests, the device reboots unexpectedly, causing the Link State Monitor to go down for several seconds.... Read more
- Published: Jan. 20, 2026
- Modified: Feb. 02, 2026
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2026-25139
RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. In version 2025.10 and prior, multiple out-of-bounds read allow any unauthenticated user, with abil... Read more
Affected Products : riot- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Memory Corruption
-
8.7
HIGHCVE-2026-2337
A vulnerability in Plunet Plunet BusinessManager allows session hijacking, data theft, unauthorized actions on behalf of the user.This issue affects Plunet BusinessManager: 10.15.1.... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Authentication