Latest CVE Feed
-
8.4
HIGHCVE-2020-37040
Code Blocks 17.12 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting a malicious file name with Unicode characters. Attackers can trigger the vulnerability by pasting a specially crafted payload into... Read more
Affected Products :- Published: Jan. 30, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2026-20952
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
-
8.4
HIGHCVE-2026-24926
Out-of-bounds write vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability.... Read more
Affected Products : harmonyos- Published: Feb. 06, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2026-24930
UAF concurrency vulnerability in the graphics module. Impact: Successful exploitation of this vulnerability may affect availability.... Read more
Affected Products : harmonyos- Published: Feb. 06, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2020-37029
FTPDummy 4.80 contains a local buffer overflow vulnerability in its preference file handling that allows attackers to execute arbitrary code. Attackers can craft a malicious preference file with carefully constructed shellcode to trigger a structured exce... Read more
Affected Products :- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2026-0660
A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.... Read more
Affected Products : 3ds_max- Published: Feb. 04, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2026-24882
In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys.... Read more
- Published: Jan. 27, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2025-13845
CWE-416: Use After Free vulnerability that could cause remote code execution when the end user imports the malicious project file (SSD file) into Rapsody.... Read more
Affected Products :- Published: Jan. 15, 2026
- Modified: Jan. 16, 2026
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2020-37036
RM Downloader 2.50.60 contains a local buffer overflow vulnerability in the 'Load' parameter that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload with an egg hunter technique to bypass memory prote... Read more
Affected Products :- Published: Jan. 30, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2025-12985
IBM Licensing Operator incorrectly assigns privileges to security critical files which could allow a local root escalation inside a container running the IBM Licensing Operator image.... Read more
Affected Products : license_metric_tool- Published: Jan. 20, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authorization
-
8.4
HIGHCVE-2026-0661
A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.... Read more
Affected Products : 3ds_max- Published: Feb. 04, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2020-37013
Audio Playback Recorder 3.2.2 contains a local buffer overflow vulnerability in the eject and registration parameters that allows attackers to execute arbitrary code. Attackers can craft malicious payloads and overwrite Structured Exception Handler (SEH) ... Read more
Affected Products :- Published: Jan. 29, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2026-23755
D-Link D-View 8 versions 2.0.1.107 and below contain an uncontrolled search path vulnerability in the installer. When executed with elevated privileges via UAC, the installer attempts to load version.dll from its execution directory, allowing DLL preloadi... Read more
Affected Products : d-view_8- Published: Jan. 21, 2026
- Modified: Jan. 30, 2026
- Vuln Type: Misconfiguration
-
8.4
HIGHCVE-2026-25924
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a security control bypass vulnerability in Kanboard allows an authenticated administrator to achieve full Remote Code Execution (RCE). Although the application correct... Read more
Affected Products : kanboard- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Authentication
-
8.4
HIGHCVE-2020-37001
Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in the Pack File feature that allows attackers to execute arbitrary code by overflowing the 'Archive To' input field. Attackers can craft a malicious payload that overwrites the ... Read more
Affected Products :- Published: Jan. 29, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2026-24016
The installer of ServerView Agents for Windows provided by Fsas Technologies Inc. may insecurely load Dynamic Link Libraries. Arbitrary code may be executed with the administrator privilege when the installer is executed.... Read more
Affected Products :- Published: Jan. 21, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Misconfiguration
-
8.4
HIGHCVE-2025-36384
IBM Db2 for Windows 12.1.0 - 12.1.3 could allow a local user with filesystem access to escalate their privileges due to the use of an unquoted search path element.... Read more
Affected Products : db2- Published: Jan. 30, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Misconfiguration
-
8.4
HIGHCVE-2026-22037
The @fastify/express plugin adds full Express compatibility to Fastify. A security vulnerability exists in @fastify/express prior to version 4.0.3 where middleware registered with a specific path prefix can be bypassed using URL-encoded characters (e.g., ... Read more
Affected Products :- Published: Jan. 19, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Path Traversal
-
8.4
HIGHCVE-2020-37011
Gnome Fonts Viewer 3.34.0 contains a heap corruption vulnerability that allows attackers to trigger an out-of-bounds write by crafting a malicious TTF font file. Attackers can generate a specially crafted TTF file with an oversized pattern to cause an inf... Read more
Affected Products :- Published: Jan. 29, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Memory Corruption
-
8.3
HIGHCVE-2026-0603
A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection vulnerability by providing specially crafted, unsanitized non-alphanumeric characters in the ID column when the InlineIdsOrClauseBuilder is use... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Injection