Latest CVE Feed
-
8.7
HIGHCVE-2025-14027
Multiple denial-of-service vulnerabilities exist in the affected product. These issues can be triggered through various crafted inputs, including malformed Class 3 messages, memory leak conditions, and other resource exhaustion scenarios. Exploitation may... Read more
Affected Products :- Published: Jan. 20, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2021-47749
YouPHPTube <= 7.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to access arbitrary files by manipulating the 'lang' parameter in GET requests. Attackers can exploit the path traversal flaw in locale/function.php to i... Read more
Affected Products : youphptube- Published: Jan. 13, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Path Traversal
-
8.7
HIGHCVE-2026-0750
Improper Verification of Cryptographic Signature vulnerability in Drupal Drupal Commerce Paybox Commerce Paybox on Drupal 7.X allows Authentication Bypass.This issue affects Drupal Commerce Paybox: from 7-x-1.0 through 7.X-1.5.... Read more
Affected Products :- Published: Jan. 28, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Authentication
-
8.7
HIGHCVE-2022-50890
Owlfiles File Manager 12.0.1 contains a path traversal vulnerability in its built-in HTTP server that allows attackers to access system directories. Attackers can exploit the vulnerability by crafting GET requests with directory traversal sequences to acc... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Path Traversal
-
8.7
HIGHCVE-2025-14751
A low-privileged user can bypass account credentials without confirming the user's current authentication state, which may lead to unauthorized privilege escalation.... Read more
Affected Products : cmt-ctrl01_firmware- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authentication
-
8.7
HIGHCVE-2025-9465
A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. During execution of the Achilles Comprehensive grammar tests, the device reboots unexpectedly, causing the Link State Monitor to go down for several seconds.... Read more
- Published: Jan. 20, 2026
- Modified: Feb. 02, 2026
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2026-23625
OpenProject is an open-source, web-based project management software. Versions 16.3.0 through 16.6.4 are affected by a stored cross-site scripting vulnerability in the Roadmap view. OpenProject’s roadmap view renders the “Related work packages” list for e... Read more
Affected Products : openproject- Published: Jan. 19, 2026
- Modified: Feb. 02, 2026
- Vuln Type: Cross-Site Scripting
-
8.7
HIGHCVE-2026-23954
Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with a custom image (e.g a member of the ‘incus’ group) to use directory traversal or symbolic links in the templating f... Read more
Affected Products : incus- Published: Jan. 22, 2026
- Modified: Jan. 30, 2026
- Vuln Type: Path Traversal
-
8.7
HIGHCVE-2026-24817
Out-of-bounds Write vulnerability in praydog UEVR (dependencies/lua/src modules). This vulnerability is associated with program files ldebug.C, lvm.C. This issue affects UEVR: before 1.05.... Read more
Affected Products :- Published: Jan. 27, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Memory Corruption
-
8.7
HIGHCVE-2026-24740
Dozzle is a realtime log viewer for docker containers. Prior to version 9.0.3, a flaw in Dozzle’s agent-backed shell endpoints allows a user restricted by label filters (for example, `label=env=dev`) to obtain an interactive root shell in out‑of‑scope con... Read more
Affected Products : dozzle- Published: Jan. 27, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Authorization
-
8.7
HIGHCVE-2026-25560
WeKan versions prior to 8.19 contain an LDAP filter injection vulnerability in LDAP authentication. User-supplied username input is incorporated into LDAP search filters and DN-related values without adequate escaping, allowing an attacker to manipulate L... Read more
Affected Products :- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Injection
-
8.6
HIGHCVE-2025-8587
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AKCE Software Technology R&D Industry and Trade Inc. SKSPro allows SQL Injection.This issue affects SKSPro: through 07012026.... Read more
Affected Products :- Published: Feb. 02, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Injection
-
8.6
HIGHCVE-2026-23493
Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the http_error_log file stores the $_COOKIE and $_SERVER variables, which means sensitive information such as database passwords, cookie session data, and other ... Read more
Affected Products : pimcore- Published: Jan. 15, 2026
- Modified: Jan. 20, 2026
- Vuln Type: Information Disclosure
-
8.6
HIGHCVE-2026-0532
External Control of File Name or Path (CWE-73) combined with Server-Side Request Forgery (CWE-918) can allow an attacker to cause arbitrary file disclosure through a specially crafted credentials JSON payload in the Google Gemini connector configuration. ... Read more
Affected Products : kibana- Published: Jan. 14, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Path Traversal
-
8.6
HIGHCVE-2026-22865
Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. When resolving dependencies in versions before 9.3.0, some exceptions were not treated as fatal errors and would not cause a repository to be disabled.... Read more
Affected Products : gradle- Published: Jan. 16, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Misconfiguration
-
8.6
HIGHCVE-2026-24780
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.44, AutoGPT Platform's block execution endpoints (both main web API and ex... Read more
Affected Products : autogpt_platform- Published: Jan. 29, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Authentication
-
8.6
HIGHCVE-2026-1186
EAP Legislator is vulnerable to Path Traversal in file extraction functionality. Attacker can prepare zipx archive (default file type used by the Legislator application) and choose arbitrary path outside the intended directory (e.x. system startup) where ... Read more
Affected Products :- Published: Feb. 02, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Path Traversal
-
8.6
HIGHCVE-2026-24302
Azure Arc Elevation of Privilege Vulnerability... Read more
Affected Products : azure_arc- Published: Feb. 05, 2026
- Modified: Feb. 06, 2026
-
8.6
HIGHCVE-2026-22229
A command injection vulnerability may be exploited after the admin's authentication via the import of a crafted VPN client configuration file on the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative con... Read more
- Published: Feb. 02, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Injection
-
8.6
HIGHCVE-2026-23699
AP180 series with firmware versions prior to AP_RGOS 11.9(4)B1P8 contains an OS command injection vulnerability. If this vulnerability is exploited, arbitrary commands may be executed on the devices.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Injection