Latest CVE Feed
-
8.5
HIGHCVE-2021-47828
BOOTP Turbo 2.0.0.1253 contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path to execute arbitrary code with elevated LocalSystem privileges during system startup or reboot.... Read more
Affected Products :- Published: Jan. 16, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Misconfiguration
-
8.4
HIGHCVE-2020-37042
Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in the 'Find Computer' feature that allows attackers to execute arbitrary code by overflowing the computer name input field. Attackers can craft a malicious payload that triggers... Read more
Affected Products :- Published: Jan. 30, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2020-37049
Frigate 3.36.0.9 contains a local buffer overflow vulnerability in the Command Line input field that allows attackers to execute arbitrary code. Attackers can craft a malicious payload to overflow the buffer, bypass DEP, and execute commands like launchin... Read more
Affected Products :- Published: Jan. 30, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2020-37025
Port Forwarding Wizard 4.8.0 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code through a long request in the Register feature. Attackers can craft a malicious payload with an egg tag and overwrite SEH handlers ... Read more
Affected Products :- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2026-20952
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
8.4
HIGHCVE-2025-13845
CWE-416: Use After Free vulnerability that could cause remote code execution when the end user imports the malicious project file (SSD file) into Rapsody.... Read more
Affected Products :- Published: Jan. 15, 2026
- Modified: Jan. 16, 2026
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2025-13444
OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the... Read more
Affected Products : loadmaster- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Injection
-
8.4
HIGHCVE-2025-9427
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Lemonsoft WordPress add on allows Cross-Site Scripting (XSS).This issue affects WordPress add on: 2025.7.1.... Read more
Affected Products :- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Cross-Site Scripting
-
8.4
HIGHCVE-2020-37001
Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in the Pack File feature that allows attackers to execute arbitrary code by overflowing the 'Archive To' input field. Attackers can craft a malicious payload that overwrites the ... Read more
Affected Products :- Published: Jan. 29, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2020-37029
FTPDummy 4.80 contains a local buffer overflow vulnerability in its preference file handling that allows attackers to execute arbitrary code. Attackers can craft a malicious preference file with carefully constructed shellcode to trigger a structured exce... Read more
Affected Products :- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2026-24016
The installer of ServerView Agents for Windows provided by Fsas Technologies Inc. may insecurely load Dynamic Link Libraries. Arbitrary code may be executed with the administrator privilege when the installer is executed.... Read more
Affected Products :- Published: Jan. 21, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Misconfiguration
-
8.4
HIGHCVE-2020-37013
Audio Playback Recorder 3.2.2 contains a local buffer overflow vulnerability in the eject and registration parameters that allows attackers to execute arbitrary code. Attackers can craft malicious payloads and overwrite Structured Exception Handler (SEH) ... Read more
Affected Products :- Published: Jan. 29, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2020-37040
Code Blocks 17.12 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting a malicious file name with Unicode characters. Attackers can trigger the vulnerability by pasting a specially crafted payload into... Read more
Affected Products :- Published: Jan. 30, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2024-14021
LlamaIndex (run-llama/llama_index) versions up to and including 0.11.6 contain an unsafe deserialization vulnerability in BGEM3Index.load_from_disk() in llama_index/indices/managed/bge_m3/base.py. The function uses pickle.load() to deserialize multi_embed... Read more
Affected Products : llamaindex- Published: Jan. 12, 2026
- Modified: Jan. 15, 2026
- Vuln Type: Injection
-
8.4
HIGHCVE-2021-47779
Dolibarr ERP-CRM 14.0.2 contains a stored cross-site scripting vulnerability in the ticket creation module that allows low-privilege users to inject malicious scripts. Attackers can craft a specially designed ticket message with embedded JavaScript that t... Read more
Affected Products :- Published: Jan. 16, 2026
- Modified: Jan. 16, 2026
- Vuln Type: Cross-Site Scripting
-
8.4
HIGHCVE-2021-47756
Laravel Valet versions 1.1.4 to 2.0.3 contain a local privilege escalation vulnerability that allows users to modify the valet command with root privileges. Attackers can edit the symlinked valet command to execute arbitrary code with root permissions wit... Read more
Affected Products :- Published: Jan. 16, 2026
- Modified: Jan. 16, 2026
- Vuln Type: Authentication
-
8.4
HIGHCVE-2025-58383
A vulnerability in Brocade Fabric OS versions before 9.2.1c2 could allow an administrator-level user to execute the bind command, to escalate privileges and bypass security controls allowing the execution of arbitrary commands.... Read more
Affected Products : fabric_operating_system- Published: Feb. 03, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Authorization
-
8.4
HIGHCVE-2025-59094
A local privilege escalation vulnerability has been identified in the Kaba exos 9300 System management application (d9sysdef.exe). Within this application it is possible to specify an arbitrary executable as well as the weekday and start time, when the sp... Read more
Affected Products :- Published: Jan. 26, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authentication
-
8.4
HIGHCVE-2025-14115
IBM Sterling Connect:Direct for UNIX Container 6.3.0.0 through 6.3.0.6 Interim Fix 016, and 6.4.0.0 through 6.4.0.3 Interim Fix 019 IBM® Sterling Connect:Direct for UNIX contains hard-coded credentials, such as a password or cryptographic key, which it us... Read more
Affected Products : sterling_connectdirect_for_unix_container- Published: Jan. 20, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cryptography
-
8.4
HIGHCVE-2025-13447
OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the... Read more
Affected Products : loadmaster- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Injection