Latest CVE Feed
-
8.5
HIGHCVE-2025-14459
A flaw was found in KubeVirt Containerized Data Importer (CDI). This vulnerability allows a user to clone PersistentVolumeClaims (PVCs) from unauthorized namespaces, resulting in unauthorized access to data via the DataImportCron PVC source mechanism.... Read more
Affected Products :- Published: Jan. 26, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Authorization
-
8.5
HIGHCVE-2026-1777
The Amazon SageMaker Python SDK before v3.2.0 and v2.256.0 includes the ModelBuilder HMAC signing key in the cleartext response elements of the DescribeTrainingJob function. A third party with permissions to both call this API and permissions to modify ob... Read more
Affected Products :- Published: Feb. 02, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Information Disclosure
-
8.5
HIGHCVE-2020-36953
MiniTool ShadowMaker 3.2 contains an unquoted service path vulnerability in the MTAgentService that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\MiniTool ShadowMaker\AgentServic... Read more
Affected Products :- Published: Jan. 26, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Misconfiguration
-
8.5
HIGHCVE-2020-36985
IP Watcher 3.0.0.30 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be lau... Read more
Affected Products :- Published: Jan. 28, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Misconfiguration
-
8.5
HIGHCVE-2020-36984
EPSON 1.124 contains an unquoted service path vulnerability in the SENADB service that allows local attackers to execute code with elevated system privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\EPSON_P2B\Printer Software\Sta... Read more
Affected Products :- Published: Jan. 28, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Misconfiguration
-
8.5
HIGHCVE-2026-25022
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Blind SQL Injection.This issue affects KiviCare: from n/a through <= 3.6.16.... Read more
Affected Products : kivicare- Published: Feb. 03, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Injection
-
8.5
HIGHCVE-2025-58741
Insufficiently Protected Credentials vulnerability in the Credential Field of Milner ImageDirector Capture allows retrieval of credential material and enables database access.This issue affects ImageDirector Capture: from 7.0.9 through 7.6.3.25808.... Read more
Affected Products :- Published: Jan. 20, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authentication
-
8.5
HIGHCVE-2020-37048
Iskysoft Application Framework Service 2.4.3.241 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration t... Read more
Affected Products :- Published: Feb. 01, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Misconfiguration
-
8.5
HIGHCVE-2025-59901
Disk Pulse Enterprise v10.4.18 has an authenticated reflected XSS vulnerability in the '/monitor_directory?sid=' endpoint, caused by insufficient validation of the 'monitor_directory' parameter sent by POST. An attacker could exploit this weakness to send... Read more
Affected Products : vx_search- Published: Jan. 28, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Cross-Site Scripting
-
8.5
HIGHCVE-2026-25054
n8n is an open source workflow automation platform. Prior to versions 1.123.9 and 2.2.1, a Cross-Site Scripting (XSS) vulnerability existed in a markdown rendering component used in n8n's interface, including workflow sticky notes and other areas that sup... Read more
Affected Products : n8n- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Cross-Site Scripting
-
8.5
HIGHCVE-2026-1260
Invalid memory access in Sentencepiece versions less than 0.2.1 when using a vulnerable model file, which is not created in the normal training procedure.... Read more
Affected Products : sentencepiece- Published: Jan. 22, 2026
- Modified: Jan. 30, 2026
- Vuln Type: Memory Corruption
-
8.5
HIGHCVE-2021-47864
OSAS Traverse Extension 11 contains an unquoted service path vulnerability in the TravExtensionHostSvc service running with LocalSystem privileges. Attackers can exploit the unquoted path to inject and execute malicious code by placing executable files in... Read more
Affected Products :- Published: Jan. 21, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Path Traversal
-
8.5
HIGHCVE-2020-37037
Avast SecureLine 5.5.522.0 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code t... Read more
Affected Products :- Published: Feb. 01, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Misconfiguration
-
8.5
HIGHCVE-2025-12772
Brocade SANnav before 2.4.0b logs the Brocade Fabric OS Switch admin password on the SANnav support save logs. When OOM occurs on a Brocade SANnav server, the call stack trace for the Brocade switch is also collected in the heap dump file which contains ... Read more
- Published: Feb. 02, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Information Disclosure
-
8.5
HIGHCVE-2021-47887
OKI Print Job Accounting 4.4.10 contains an unquoted service path vulnerability in the OkiJaSvc service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Okidata\Print Job Accou... Read more
Affected Products :- Published: Jan. 21, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Misconfiguration
-
8.5
HIGHCVE-2021-47886
Pingzapper 2.3.1 contains an unquoted service path vulnerability in the PingzapperSvc service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\Pingzapper\PZService.exe' t... Read more
Affected Products :- Published: Jan. 21, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Misconfiguration
-
8.5
HIGHCVE-2021-47869
Brother BRAdmin Professional 3.75 contains an unquoted service path vulnerability in the BRA_Scheduler service that allows local users to potentially execute arbitrary code. Attackers can place a malicious executable named 'BRAdmin' in the C:\Program File... Read more
Affected Products :- Published: Jan. 21, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Misconfiguration
-
8.5
HIGHCVE-2021-47863
MacPaw Encrypto 1.0.1 contains an unquoted service path vulnerability in its Encrypto Service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files\Encrypto\ to inject ... Read more
Affected Products :- Published: Jan. 21, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Misconfiguration
-
8.5
HIGHCVE-2020-37102
Adaware Web Companion 4.9.2159 contains an unquoted service path vulnerability in the WCAssistantService that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Misconfiguration
-
8.5
HIGHCVE-2020-37098
Disk Sorter Enterprise 12.4.16 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious ... Read more
Affected Products : disk_sorter- Published: Feb. 03, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Misconfiguration