Latest CVE Feed
-
8.5
HIGHCVE-2021-47823
Acer ePowerSvc 6.0.3008.0 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code th... Read more
Affected Products :- Published: Jan. 16, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Misconfiguration
-
8.5
HIGHCVE-2020-36952
IObit Uninstaller 10 Pro contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted service path in the IObit Uninstaller Service to insert malici... Read more
Affected Products :- Published: Jan. 26, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Misconfiguration
-
8.4
HIGHCVE-2019-25332
FTP Commander Pro 8.03 contains a local stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting the EIP register through a custom command input. Attackers can craft a malicious payload of 4108 bytes to overwrite memory ... Read more
Affected Products :- Published: Feb. 12, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2026-24016
The installer of ServerView Agents for Windows provided by Fsas Technologies Inc. may insecurely load Dynamic Link Libraries. Arbitrary code may be executed with the administrator privilege when the installer is executed.... Read more
Affected Products :- Published: Jan. 21, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Misconfiguration
-
8.4
HIGHCVE-2026-0710
A flaw was found in SIPp. A remote attacker could exploit this by sending specially crafted Session Initiation Protocol (SIP) messages during an active call. This vulnerability, a NULL pointer dereference, can cause the application to crash, leading to a ... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
-
8.4
HIGHCVE-2021-47756
Laravel Valet versions 1.1.4 to 2.0.3 contain a local privilege escalation vulnerability that allows users to modify the valet command with root privileges. Attackers can edit the symlinked valet command to execute arbitrary code with root permissions wit... Read more
Affected Products :- Published: Jan. 16, 2026
- Modified: Jan. 16, 2026
- Vuln Type: Authentication
-
8.4
HIGHCVE-2021-47779
Dolibarr ERP-CRM 14.0.2 contains a stored cross-site scripting vulnerability in the ticket creation module that allows low-privilege users to inject malicious scripts. Attackers can craft a specially designed ticket message with embedded JavaScript that t... Read more
Affected Products :- Published: Jan. 16, 2026
- Modified: Jan. 16, 2026
- Vuln Type: Cross-Site Scripting
-
8.4
HIGHCVE-2021-47775
YouTube Video Grabber, now referred to as YouTube Downloader, 1.9.9.1 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the Structured Exception Handler. Attackers can craft a malicious payload of 712 ... Read more
Affected Products :- Published: Jan. 15, 2026
- Modified: Jan. 16, 2026
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2025-13844
CWE-415: Double Free vulnerability exists that could cause heap memory corruption when the end user imports a malicious project file (SSD file) shared by the attacker into Rapsody.... Read more
Affected Products :- Published: Jan. 15, 2026
- Modified: Jan. 16, 2026
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2025-58383
A vulnerability in Brocade Fabric OS versions before 9.2.1c2 could allow an administrator-level user to execute the bind command, to escalate privileges and bypass security controls allowing the execution of arbitrary commands.... Read more
Affected Products : fabric_operating_system- Published: Feb. 03, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Authorization
-
8.4
HIGHCVE-2025-12985
IBM Licensing Operator incorrectly assigns privileges to security critical files which could allow a local root escalation inside a container running the IBM Licensing Operator image.... Read more
Affected Products : license_metric_tool- Published: Jan. 20, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authorization
-
8.4
HIGHCVE-2021-47881
dataSIMS Avionics ARINC 664-1 version 4.5.3 contains a local buffer overflow vulnerability that allows attackers to overwrite memory by manipulating the milstd1553result.txt file. Attackers can craft a malicious file with carefully constructed payload and... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2026-22037
The @fastify/express plugin adds full Express compatibility to Fastify. A security vulnerability exists in @fastify/express prior to version 4.0.3 where middleware registered with a specific path prefix can be bypassed using URL-encoded characters (e.g., ... Read more
Affected Products :- Published: Jan. 19, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Path Traversal
-
8.4
HIGHCVE-2026-22031
@fastify/middie is the plugin that adds middleware support on steroids to Fastify. A security vulnerability exists in @fastify/middie prior to version 9.1.0 where middleware registered with a specific path prefix can be bypassed using URL-encoded characte... Read more
Affected Products :- Published: Jan. 19, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Path Traversal
-
8.4
HIGHCVE-2020-37029
FTPDummy 4.80 contains a local buffer overflow vulnerability in its preference file handling that allows attackers to execute arbitrary code. Attackers can craft a malicious preference file with carefully constructed shellcode to trigger a structured exce... Read more
Affected Products :- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2020-37013
Audio Playback Recorder 3.2.2 contains a local buffer overflow vulnerability in the eject and registration parameters that allows attackers to execute arbitrary code. Attackers can craft malicious payloads and overwrite Structured Exception Handler (SEH) ... Read more
Affected Products :- Published: Jan. 29, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2020-37040
Code Blocks 17.12 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting a malicious file name with Unicode characters. Attackers can trigger the vulnerability by pasting a specially crafted payload into... Read more
Affected Products :- Published: Jan. 30, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2025-13845
CWE-416: Use After Free vulnerability that could cause remote code execution when the end user imports the malicious project file (SSD file) into Rapsody.... Read more
Affected Products :- Published: Jan. 15, 2026
- Modified: Jan. 16, 2026
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2025-59094
A local privilege escalation vulnerability has been identified in the Kaba exos 9300 System management application (d9sysdef.exe). Within this application it is possible to specify an arbitrary executable as well as the weekday and start time, when the sp... Read more
Affected Products :- Published: Jan. 26, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authentication
-
8.4
HIGHCVE-2020-37049
Frigate 3.36.0.9 contains a local buffer overflow vulnerability in the Command Line input field that allows attackers to execute arbitrary code. Attackers can craft a malicious payload to overflow the buffer, bypass DEP, and execute commands like launchin... Read more
Affected Products :- Published: Jan. 30, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Memory Corruption