Latest CVE Feed
-
7.5
HIGHCVE-2025-46685
Dell SupportAssist OS Recovery, versions prior to 5.5.15.1, contain a Creation of Temporary File With Insecure Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of pri... Read more
Affected Products : supportassist_os_recovery- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Misconfiguration
-
7.5
HIGHCVE-2026-22245
Mastodon is a free, open-source social network server based on ActivityPub. By nature, Mastodon performs a lot of outbound requests to user-provided domains. Mastodon, however, has some protection mechanism to disallow requests to local IP addresses (unle... Read more
Affected Products : mastodon- Published: Jan. 08, 2026
- Modified: Jan. 15, 2026
- Vuln Type: Server-Side Request Forgery
-
7.5
HIGHCVE-2025-13928
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an unauthenticated user to cause a denial of service condition by exploiting incorrect author... Read more
Affected Products : gitlab- Published: Jan. 22, 2026
- Modified: Jan. 22, 2026
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-13927
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.9 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an unauthenticated user to create a denial of service condition by sending crafted requests w... Read more
Affected Products : gitlab- Published: Jan. 22, 2026
- Modified: Jan. 22, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-66960
An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the fs/ggml/gguf.go, function readGGUFV1String reads a string length from untrusted GGUF metadata... Read more
Affected Products :- Published: Jan. 21, 2026
- Modified: Jan. 22, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-10024
Authorization Bypass Through User-Controlled Key vulnerability in EXERT Computer Technologies Software Ltd. Co. Education Management System allows Parameter Injection.This issue affects Education Management System: through 23.09.2025.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 22, 2026
- Vuln Type: Authorization
-
7.5
HIGHCVE-2026-23962
Mastodon is a free, open-source social network server based on ActivityPub. Mastodon versions before v4.3.18, v4.4.12, and v4.5.5 do not have a limit on the maximum number of poll options for remote posts, allowing attackers to create polls with a very la... Read more
Affected Products : mastodon- Published: Jan. 22, 2026
- Modified: Jan. 22, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2020-36922
Sony BRAVIA Digital Signage 1.7.8 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive system details through API endpoints. Attackers can retrieve network interface information, server configurations,... Read more
Affected Products : bravia_signage- Published: Jan. 06, 2026
- Modified: Jan. 22, 2026
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2026-20919
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 +5 more products- Published: Jan. 13, 2026
- Modified: Jan. 15, 2026
-
7.5
HIGHCVE-2020-36924
Sony BRAVIA Digital Signage 1.7.8 contains a remote file inclusion vulnerability that allows attackers to inject arbitrary client-side scripts through the content material URL parameter. Attackers can exploit this vulnerability to hijack user sessions, ex... Read more
Affected Products : bravia_signage- Published: Jan. 06, 2026
- Modified: Jan. 22, 2026
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-70986
Incorrect access control in the selectDept function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily access sensitive department data.... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 23, 2026
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-70753
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the security_5g parameter of the sub_4CA50 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 16, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2026-0612
The Librarian contains a information leakage vulnerability through the `web_fetch` tool, which can be used to retrieve arbitrary external content provided by an attacker, which can be used to proxy requests through The Librarian infrastructure. The vendor... Read more
Affected Products : the_librarian- Published: Jan. 16, 2026
- Modified: Jan. 23, 2026
- Vuln Type: Server-Side Request Forgery
-
7.5
HIGHCVE-2025-59465
A malformed `HTTP/2 HEADERS` frame with oversized, invalid `HPACK` data can cause Node.js to crash by triggering an unhandled `TLSSocket` error `ECONNRESET`. Instead of safely closing the connection, the process crashes, enabling a remote denial of servic... Read more
Affected Products : node.js- Published: Jan. 20, 2026
- Modified: Jan. 21, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-68438
In Apache Airflow versions before 3.1.6, when rendered template fields in a Dag exceed [core] max_templated_field_length, sensitive values could be exposed in cleartext in the Rendered Templates UI. This occurred because serialization of those fields used... Read more
Affected Products : airflow- Published: Jan. 16, 2026
- Modified: Jan. 21, 2026
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-68675
In Apache Airflow versions before 3.1.6, the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically mas... Read more
Affected Products : airflow- Published: Jan. 16, 2026
- Modified: Jan. 21, 2026
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-66902
An input validation issue in in Pithikos websocket-server v.0.6.4 allows a remote attacker to obtain sensitive information or cause unexpected server behavior via the websocket_server/websocket_server.py, WebSocketServer._message_received components.... Read more
Affected Products :- Published: Jan. 20, 2026
- Modified: Jan. 21, 2026
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-56225
fluidsynth-2.4.6 and earlier versions is vulnerable to Null pointer dereference in fluid_synth_monopoly.c, that can be triggered when loading an invalid midi file.... Read more
Affected Products : fluidsynth- Published: Jan. 09, 2026
- Modified: Jan. 23, 2026
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2026-22045
Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.35 and 3.6.7, there is a potential vulnerability in Traefik ACME TLS certificates' automatic generation: the ACME TLS-ALPN fast path can allow unauthenticated clients to tie up go routines ... Read more
Affected Products : traefik- Published: Jan. 15, 2026
- Modified: Jan. 23, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2026-21889
Weblate is a web based localization tool. Prior to 5.15.2, the screenshot images were served directly by the HTTP server without proper access control. This could allow an unauthenticated user to access screenshots after guessing their filename. This vuln... Read more
Affected Products : weblate- Published: Jan. 14, 2026
- Modified: Jan. 23, 2026
- Vuln Type: Information Disclosure