Latest CVE Feed
-
8.7
HIGHCVE-2026-24477
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. If AnythingLLM prior to version 1.10.0 is configured to use Qdrant as the vector database with an API key, this QdrantApiKey could ... Read more
Affected Products : anythingllm- Published: Jan. 27, 2026
- Modified: Jan. 28, 2026
- Vuln Type: Information Disclosure
-
8.7
HIGHCVE-2022-50890
Owlfiles File Manager 12.0.1 contains a path traversal vulnerability in its built-in HTTP server that allows attackers to access system directories. Attackers can exploit the vulnerability by crafting GET requests with directory traversal sequences to acc... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Path Traversal
-
8.7
HIGHCVE-2025-68698
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses PKCS1Encoding which is vulnerable to Bleichenbacher padding oracle attacks. Modern systems should use OAEP (Optimal Asymmetric Encryption Paddi... Read more
Affected Products : jervis- Published: Jan. 13, 2026
- Modified: Jan. 20, 2026
- Vuln Type: Cryptography
-
8.7
HIGHCVE-2025-68931
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, AES/CBC/PKCS5Padding lacks authentication, making it vulnerable to padding oracle attacks and ciphertext manipulation. This vulnerability is fixed in 2.2.... Read more
Affected Products : jervis- Published: Jan. 13, 2026
- Modified: Jan. 20, 2026
- Vuln Type: Cryptography
-
8.7
HIGHCVE-2025-68701
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses deterministic AES IV derivation from a passphrase. This vulnerability is fixed in 2.2.... Read more
Affected Products : jervis- Published: Jan. 13, 2026
- Modified: Jan. 20, 2026
- Vuln Type: Cryptography
-
8.7
HIGHCVE-2026-22787
html2pdf.js converts any webpage or element into a printable PDF entirely client-side. Prior to 0.14.0, html2pdf.js contains a cross-site scripting (XSS) vulnerability when given a text source rather than an element. This text is not sufficiently sanitize... Read more
Affected Products :- Published: Jan. 14, 2026
- Modified: Jan. 20, 2026
- Vuln Type: Cross-Site Scripting
-
8.7
HIGHCVE-2025-9281
A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. During execution of the Achilles Comprehensive step limit storm tests, the device reboots... Read more
- Published: Jan. 20, 2026
- Modified: Feb. 02, 2026
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2026-23954
Incus is a system container and virtual machine manager. Versions 6.21.0 and below allow a user with the ability to launch a container with a custom image (e.g a member of the ‘incus’ group) to use directory traversal or symbolic links in the templating f... Read more
Affected Products : incus- Published: Jan. 22, 2026
- Modified: Jan. 30, 2026
- Vuln Type: Path Traversal
-
8.7
HIGHCVE-2025-14751
A low-privileged user can bypass account credentials without confirming the user's current authentication state, which may lead to unauthorized privilege escalation.... Read more
Affected Products : cmt-ctrl01_firmware- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authentication
-
8.7
HIGHCVE-2026-24419
OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Error-Based SQL Injection vulnerability in the Prima Nota (Journal Entry) module's add.php file. The applicat... Read more
Affected Products : openstamanager- Published: Feb. 06, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Injection
-
8.7
HIGHCVE-2026-24480
QGIS is a free, open source, cross platform geographical information system (GIS) The repository contains a GitHub Actions workflow called "pre-commit checks" that, before commit 76a693cd91650f9b4e83edac525e5e4f90d954e9, was vulnerable to remote code exec... Read more
Affected Products :- Published: Jan. 27, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Information Disclosure
-
8.7
HIGHCVE-2020-37008
EasyPMS 1.0.0 contains an authentication bypass vulnerability that allows unprivileged users to manipulate SQL queries in JSON requests to access admin user information. Attackers can exploit weak input validation by injecting single quotes in ID paramete... Read more
Affected Products :- Published: Jan. 29, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Authentication
-
8.7
HIGHCVE-2026-24665
The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a stored Cross-Site Scripting (XSS) vulnerability allows authenticated students to inject malicious JavaScript into uploaded assignment... Read more
- Published: Feb. 03, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Cross-Site Scripting
-
8.7
HIGHCVE-2026-23625
OpenProject is an open-source, web-based project management software. Versions 16.3.0 through 16.6.4 are affected by a stored cross-site scripting vulnerability in the Roadmap view. OpenProject’s roadmap view renders the “Related work packages” list for e... Read more
Affected Products : openproject- Published: Jan. 19, 2026
- Modified: Feb. 02, 2026
- Vuln Type: Cross-Site Scripting
-
8.7
HIGHCVE-2026-24418
OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Error-Based SQL Injection vulnerability in the bulk operations handler for the Scadenzario (Payment Schedule)... Read more
Affected Products : openstamanager- Published: Feb. 06, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Injection
-
8.7
HIGHCVE-2020-37097
Edimax EW-7438RPn 1.13 contains an information disclosure vulnerability that exposes WiFi network configuration details through the wlencrypt_wiz.asp file. Attackers can access the script to retrieve sensitive information including WiFi network name and p... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Information Disclosure
-
8.7
HIGHCVE-2020-37085
VirtualTablet Server 3.0.2 contains a denial of service vulnerability that allows attackers to crash the service by sending oversized string payloads through the Thrift protocol. Attackers can exploit the vulnerability by sending a long string to the send... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2020-37034
HelloWeb 2.0 contains an arbitrary file download vulnerability that allows remote attackers to download system files by manipulating filepath and filename parameters. Attackers can send crafted GET requests to download.asp with directory traversal to acce... Read more
Affected Products :- Published: Jan. 30, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Path Traversal
-
8.7
HIGHCVE-2021-47849
Mini Mouse 9.3.0 contains a path traversal vulnerability that allows attackers to access sensitive system directories through the device information endpoint. Attackers can retrieve file lists from system directories like /usr, /etc, and /var by manipulat... Read more
Affected Products : mini_mouse- Published: Jan. 21, 2026
- Modified: Feb. 02, 2026
- Vuln Type: Path Traversal
-
8.7
HIGHCVE-2025-9466
A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. During execution of the Achilles EtherNet/IP and CIP grammar tests, the device reboots unexpectedly, causing the Link State Monitor to go down for several seco... Read more
- Published: Jan. 20, 2026
- Modified: Feb. 02, 2026
- Vuln Type: Denial of Service