Latest CVE Feed
-
8.4
HIGHCVE-2026-24930
UAF concurrency vulnerability in the graphics module. Impact: Successful exploitation of this vulnerability may affect availability.... Read more
Affected Products : harmonyos- Published: Feb. 06, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2026-0660
A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.... Read more
Affected Products : 3ds_max- Published: Feb. 04, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2026-24926
Out-of-bounds write vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability.... Read more
Affected Products : harmonyos- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2026-0661
A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.... Read more
Affected Products : 3ds_max- Published: Feb. 04, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2026-24466
Products provided by Oki Electric Industry Co., Ltd. and its OEM products (Ricoh Co., Ltd., Murata Machinery, Ltd.) register Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute ... Read more
Affected Products :- Published: Feb. 09, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Misconfiguration
-
8.4
HIGHCVE-2026-24882
In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys.... Read more
- Published: Jan. 27, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Memory Corruption
-
8.3
HIGHCVE-2025-13818
Local privilege escalation vulnerability via insecure temporary batch file execution in ESET Management Agent... Read more
Affected Products :- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Misconfiguration
-
8.3
HIGHCVE-2026-2188
A vulnerability was determined in UTT 进取 521G 3.1.1-190816. The impacted element is the function sub_446B18 of the file /goform/formPdbUpConfig. Executing a manipulation of the argument policyNames can lead to os command injection. It is possible to launc... Read more
Affected Products :- Published: Feb. 08, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Injection
-
8.3
HIGHCVE-2026-2118
A vulnerability was determined in UTT HiPER 810 1.7.4-141218. The impacted element is the function sub_4407D4 of the file /goform/formReleaseConnect of the component rehttpd. Executing a manipulation of the argument Isp_Name can lead to command injection.... Read more
Affected Products :- Published: Feb. 08, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Injection
-
8.3
HIGHCVE-2026-2155
A security flaw has been discovered in D-Link DIR-823X 250416. The affected element is the function sub_4208A0 of the file /goform/set_dmz of the component Configuration Handler. The manipulation of the argument dmz_host/dmz_enable results in os command i... Read more
Affected Products : dir-823x_firmware- Published: Feb. 08, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Injection
-
8.3
HIGHCVE-2026-2151
A vulnerability has been found in D-Link DIR-615 4.10. This affects an unknown part of the file adv_firewall.php of the component DMZ Host Feature. Such manipulation of the argument dmz_ipaddr leads to os command injection. The attack can be launched rem... Read more
Affected Products : dir-615_firmware- Published: Feb. 08, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Injection
-
8.3
HIGHCVE-2025-68137
EVerest is an EV charging software stack. Prior to version 2025.10.0, an integer overflow occurring in `SdpPacket::parse_header()` allows the current buffer length to be set to 7 after a complete header of size 8 has been read. The remaining length to rea... Read more
Affected Products : everest- Published: Jan. 21, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Memory Corruption
-
8.3
HIGHCVE-2026-2152
A vulnerability was found in D-Link DIR-615 4.10. This vulnerability affects unknown code of the file adv_routing.php of the component Web Configuration Interface. Performing a manipulation of the argument dest_ip/ submask/ gw results in os command inject... Read more
Affected Products : dir-615_firmware- Published: Feb. 08, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Injection
-
8.3
HIGHCVE-2026-2175
A weakness has been identified in D-Link DIR-823X 250416. This vulnerability affects the function sub_420618 of the file /goform/set_upnp. This manipulation of the argument upnp_enable causes os command injection. Remote exploitation of the attack is poss... Read more
Affected Products : dir-823x_firmware- Published: Feb. 08, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Injection
-
8.3
HIGHCVE-2026-2129
A vulnerability was found in D-Link DIR-823X 250416. Affected by this issue is some unknown functionality of the file /goform/set_ac_status. Performing a manipulation of the argument ac_ipaddr/ac_ipstatus/ap_randtime results in os command injection. The a... Read more
Affected Products : dir-823x_firmware- Published: Feb. 08, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Injection
-
8.3
HIGHCVE-2026-2142
A weakness has been identified in D-Link DIR-823X 250416. This vulnerability affects the function sub_420688 of the file /goform/set_qos. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been ... Read more
Affected Products : dir-823x_firmware- Published: Feb. 08, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Injection
-
8.3
HIGHCVE-2026-2143
A security vulnerability has been detected in D-Link DIR-823X 250416. This issue affects some unknown processing of the file /goform/set_ddns of the component DDNS Service. The manipulation of the argument ddnsType/ddnsDomainName/ddnsUserName/ddnsPwd lead... Read more
Affected Products : dir-823x_firmware- Published: Feb. 08, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Injection
-
8.3
HIGHCVE-2026-2192
A security vulnerability has been detected in Tenda AC9 15.03.06.42_multi. Affected by this vulnerability is the function formGetRebootTimer. Such manipulation of the argument sys.schedulereboot.start_time/sys.schedulereboot.end_time leads to stack-based ... Read more
Affected Products : ac9_firmware- Published: Feb. 08, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Memory Corruption
-
8.3
HIGHCVE-2026-23851
SiYuan is a personal knowledge management system. Versions prior to 3.5.4 contain a logic vulnerability in the /api/file/globalCopyFiles endpoint. The function allows authenticated users to copy files from any location on the server's filesystem into the ... Read more
Affected Products : siyuan- Published: Jan. 19, 2026
- Modified: Jan. 30, 2026
- Vuln Type: Path Traversal
-
8.3
HIGHCVE-2026-24808
Integer Overflow or Wraparound vulnerability in RawTherapee (rtengine modules). This vulnerability is associated with program files dcraw.Cc. This issue affects RawTherapee: through 5.11.... Read more
Affected Products :- Published: Jan. 27, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Memory Corruption