Latest CVE Feed
-
8.5
HIGHCVE-2026-22222
An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(web modules) allows adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to gain full administrative control of the device, result... Read more
- Published: Feb. 02, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Injection
-
8.5
HIGHCVE-2026-22224
A command injection vulnerability may be exploited after the admin's authentication in the cloud communication interface on the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, r... Read more
- Published: Feb. 02, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Injection
-
8.4
HIGHCVE-2026-0660
A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.... Read more
Affected Products : 3ds_max- Published: Feb. 04, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2026-24882
In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys.... Read more
- Published: Jan. 27, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2026-24466
Products provided by Oki Electric Industry Co., Ltd. and its OEM products (Ricoh Co., Ltd., Murata Machinery, Ltd.) register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute ... Read more
Affected Products :- Published: Feb. 09, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Misconfiguration
-
8.4
HIGHCVE-2026-0661
A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.... Read more
Affected Products : 3ds_max- Published: Feb. 04, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2026-24926
Out-of-bounds write vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability.... Read more
Affected Products : harmonyos- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2025-36384
IBM Db2 for Windows 12.1.0 - 12.1.3 could allow a local user with filesystem access to escalate their privileges due to the use of an unquoted search path element.... Read more
Affected Products : db2- Published: Jan. 30, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Misconfiguration
-
8.4
HIGHCVE-2026-25593
OpenClaw is a personal AI assistant. Prior to 2026.1.20, an unauthenticated local client could use the Gateway WebSocket API to write config via config.apply and set unsafe cliPath values that were later used for command discovery, enabling command inject... Read more
Affected Products :- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Injection
-
8.4
HIGHCVE-2026-24930
UAF concurrency vulnerability in the graphics module. Impact: Successful exploitation of this vulnerability may affect availability.... Read more
Affected Products : harmonyos- Published: Feb. 06, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2021-47775
YouTube Video Grabber, now referred to as YouTube Downloader, 1.9.9.1 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the Structured Exception Handler. Attackers can craft a malicious payload of 712 ... Read more
Affected Products :- Published: Jan. 15, 2026
- Modified: Jan. 16, 2026
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2020-37025
Port Forwarding Wizard 4.8.0 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code through a long request in the Register feature. Attackers can craft a malicious payload with an egg tag and overwrite SEH handlers ... Read more
Affected Products :- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2020-37040
Code Blocks 17.12 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting a malicious file name with Unicode characters. Attackers can trigger the vulnerability by pasting a specially crafted payload into... Read more
Affected Products :- Published: Jan. 30, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2020-37024
Nidesoft DVD Ripper 5.2.18 contains a local buffer overflow vulnerability in the License Code registration parameter that allows attackers to execute arbitrary code. Attackers can craft a malicious payload and paste it into the License Code field to trigg... Read more
Affected Products :- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2025-13844
CWE-415: Double Free vulnerability exists that could cause heap memory corruption when the end user imports a malicious project file (SSD file) shared by the attacker into Rapsody.... Read more
Affected Products :- Published: Jan. 15, 2026
- Modified: Jan. 16, 2026
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2020-37013
Audio Playback Recorder 3.2.2 contains a local buffer overflow vulnerability in the eject and registration parameters that allows attackers to execute arbitrary code. Attackers can craft malicious payloads and overwrite Structured Exception Handler (SEH) ... Read more
Affected Products :- Published: Jan. 29, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2025-14115
IBM Sterling Connect:Direct for UNIX Container 6.3.0.0 through 6.3.0.6 Interim Fix 016, and 6.4.0.0 through 6.4.0.3 Interim Fix 019 IBM® Sterling Connect:Direct for UNIX contains hard-coded credentials, such as a password or cryptographic key, which it us... Read more
Affected Products : sterling_connectdirect_for_unix_container- Published: Jan. 20, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cryptography
-
8.4
HIGHCVE-2020-37042
Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in the 'Find Computer' feature that allows attackers to execute arbitrary code by overflowing the computer name input field. Attackers can craft a malicious payload that triggers... Read more
Affected Products :- Published: Jan. 30, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2020-37011
Gnome Fonts Viewer 3.34.0 contains a heap corruption vulnerability that allows attackers to trigger an out-of-bounds write by crafting a malicious TTF font file. Attackers can generate a specially crafted TTF file with an oversized pattern to cause an inf... Read more
Affected Products :- Published: Jan. 29, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2026-20953
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026