Latest CVE Feed
-
8.4
HIGHCVE-2025-59094
A local privilege escalation vulnerability has been identified in the Kaba exos 9300 System management application (d9sysdef.exe). Within this application it is possible to specify an arbitrary executable as well as the weekday and start time, when the sp... Read more
Affected Products :- Published: Jan. 26, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authentication
-
8.4
HIGHCVE-2021-47756
Laravel Valet versions 1.1.4 to 2.0.3 contain a local privilege escalation vulnerability that allows users to modify the valet command with root privileges. Attackers can edit the symlinked valet command to execute arbitrary code with root permissions wit... Read more
Affected Products :- Published: Jan. 16, 2026
- Modified: Jan. 16, 2026
- Vuln Type: Authentication
-
8.4
HIGHCVE-2020-37025
Port Forwarding Wizard 4.8.0 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code through a long request in the Register feature. Attackers can craft a malicious payload with an egg tag and overwrite SEH handlers ... Read more
Affected Products :- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2026-24016
The installer of ServerView Agents for Windows provided by Fsas Technologies Inc. may insecurely load Dynamic Link Libraries. Arbitrary code may be executed with the administrator privilege when the installer is executed.... Read more
Affected Products :- Published: Jan. 21, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Misconfiguration
-
8.4
HIGHCVE-2026-0661
A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.... Read more
Affected Products : 3ds_max- Published: Feb. 04, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2026-0861
Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the a... Read more
Affected Products : glibc- Published: Jan. 14, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2020-37036
RM Downloader 2.50.60 contains a local buffer overflow vulnerability in the 'Load' parameter that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload with an egg hunter technique to bypass memory prote... Read more
Affected Products :- Published: Jan. 30, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2025-13176
Planting a custom configuration file in ESET Inspect Connector allow load a malicious DLL.... Read more
Affected Products :- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Misconfiguration
-
8.4
HIGHCVE-2026-20944
Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to execute code locally.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 16, 2026
-
8.4
HIGHCVE-2026-20979
Improper privilege management in Settings prior to SMR Feb-2026 Release 1 allows local attackers to launch arbitrary activity with Settings privilege.... Read more
Affected Products : android- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Authorization
-
8.4
HIGHCVE-2026-0538
A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.... Read more
Affected Products : 3ds_max- Published: Feb. 04, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2026-20983
Improper export of android application components in Samsung Dialer prior to SMR Feb-2026 Release 1 allows local attackers to launch arbitrary activity with Samsung Dialer privilege.... Read more
Affected Products : android- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Authorization
-
8.4
HIGHCVE-2026-0537
A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.... Read more
Affected Products : 3ds_max- Published: Feb. 04, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2026-22031
@fastify/middie is the plugin that adds middleware support on steroids to Fastify. A security vulnerability exists in @fastify/middie prior to version 9.1.0 where middleware registered with a specific path prefix can be bypassed using URL-encoded characte... Read more
Affected Products :- Published: Jan. 19, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Path Traversal
-
8.4
HIGHCVE-2020-37142
10-Strike Network Inventory Explorer 8.54 contains a structured exception handler buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting SEH records. Attackers can craft a malicious payload targeting the 'Computer' pa... Read more
Affected Products :- Published: Feb. 05, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2025-12985
IBM Licensing Operator incorrectly assigns privileges to security critical files which could allow a local root escalation inside a container running the IBM Licensing Operator image.... Read more
Affected Products : license_metric_tool- Published: Jan. 20, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authorization
-
8.4
HIGHCVE-2026-24926
Out-of-bounds write vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability.... Read more
Affected Products : harmonyos- Published: Feb. 06, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2021-47881
dataSIMS Avionics ARINC 664-1 version 4.5.3 contains a local buffer overflow vulnerability that allows attackers to overwrite memory by manipulating the milstd1553result.txt file. Attackers can craft a malicious file with carefully constructed payload and... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2026-24884
Compressing is a compressing and uncompressing lib for node. In version 2.0.0 and 1.10.3 and prior, Compressing extracts TAR archives while restoring symbolic links without validating their targets. By embedding symlinks that resolve outside the intended ... Read more
Affected Products :- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Path Traversal
-
8.4
HIGHCVE-2026-24694
The installer for Roland Cloud Manager ver.3.1.19 and prior insecurely loads Dynamic Link Libraries (DLLs), which could allow an attacker to execute arbitrary code with the privileges of the application.... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Misconfiguration