Latest CVE Feed
-
7.5
HIGHCVE-2025-20761
In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interac... Read more
- Published: Jan. 06, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2021-47793
Telegram Desktop 2.9.2 contains a denial of service vulnerability that allows attackers to crash the application by sending an oversized message payload. Attackers can generate a 9 million byte buffer and paste it into the messaging interface to trigger a... Read more
Affected Products :- Published: Jan. 16, 2026
- Modified: Jan. 16, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2026-24635
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in DevsBlink EduBlink Core edublink-core allows PHP Local File Inclusion.This issue affects EduBlink Core: from n/a through <= 2.0.7.... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 23, 2026
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-71024
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the serviceName2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 16, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-20762
In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interac... Read more
- Published: Jan. 06, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-66864
An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.... Read more
Affected Products : binutils- Published: Dec. 29, 2025
- Modified: Jan. 14, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2026-20934
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 +5 more products- Published: Jan. 13, 2026
- Modified: Jan. 16, 2026
-
7.5
HIGHCVE-2026-21908
A Use After Free vulnerability was identified in the 802.1X authentication daemon (dot1xd) of Juniper Networks Junos OS and Junos OS Evolved that could allow an authenticated, network-adjacent attacker flapping a port to crash the dot1xd process, leading ... Read more
- Published: Jan. 15, 2026
- Modified: Jan. 23, 2026
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-43706
An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2400, 1580, 9110, W920, W930, Modem 5123, and Modem 5400. Incorrect handling of RRC packets leads to a Denial of Service.... Read more
Affected Products : exynos_980_firmware exynos_850_firmware exynos_1080_firmware exynos_9110_firmware exynos_w920_firmware exynos_980 exynos_990_firmware exynos_990 exynos_850 exynos_1080 +12 more products- Published: Jan. 05, 2026
- Modified: Jan. 09, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-13029
The Knowband Mobile App Builder WordPress plugin before 3.0.0 does not have authorisation when deleting users via its REST API, allowing unauthenticated attackers to delete arbitrary users.... Read more
Affected Products :- Published: Dec. 31, 2025
- Modified: Jan. 02, 2026
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-57156
NULL pointer dereference in the dacp_reply_playqueueedit_clear function in src/httpd_dacp.c in owntone-server through commit 6d604a1 (newer commit after version 28.12) allows remote attackers to cause a Denial of Service (crash).... Read more
Affected Products :- Published: Jan. 20, 2026
- Modified: Jan. 21, 2026
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2020-36921
RED-V Super Digital Signage System 5.1.1 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive webserver log files. Attackers can visit multiple endpoints to retrieve system resources and debug log info... Read more
Affected Products :- Published: Jan. 06, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-66869
Buffer overflow vulnerability in function strcat in asan_interceptors.cpp in libming 0.4.8.... Read more
Affected Products : libming- Published: Dec. 29, 2025
- Modified: Jan. 15, 2026
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-29847
A vulnerability in Apache Linkis. Problem Description When using the JDBC engine and da When using the JDBC engine and data source functionality, if the URL parameter configured on the frontend has undergone multiple rounds of URL encoding, it may bypass... Read more
Affected Products : linkis- Published: Jan. 19, 2026
- Modified: Jan. 20, 2026
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-59467
A Cross-Site Scripting (XSS) vulnerability in the UCRM Argentina AFIP invoices Plugin (v1.2.0 and earlier) could allow privilege escalation if an Administrator is tricked into visiting a crafted malicious page. This plugin is disabled by default. Affe... Read more
Affected Products :- Published: Jan. 05, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Cross-Site Scripting
-
7.5
HIGHCVE-2025-71025
Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the cloneType2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 16, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-66723
inMusic Brands Engine DJ before 4.3.4 suffers from Insecure Permissions due to exposed HTTP service in the Remote Library, which allows attackers to access all files and network paths.... Read more
- Published: Dec. 30, 2025
- Modified: Jan. 05, 2026
- Vuln Type: Misconfiguration
-
7.5
HIGHCVE-2025-67303
An issue in ComfyUI-Manager prior to version 3.38 allowed remote attackers to potentially manipulate its configuration and critical data. This was due to the application storing its files in an insufficiently protected location that was accessible via the... Read more
Affected Products :- Published: Jan. 05, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Misconfiguration
-
7.5
HIGHCVE-2026-22920
The device's passwords have not been adequately salted, making them vulnerable to password extraction attacks.... Read more
- Published: Jan. 15, 2026
- Modified: Jan. 23, 2026
- Vuln Type: Cryptography
-
7.5
HIGHCVE-2021-47786
Redragon Gaming Mouse driver contains a kernel-level vulnerability that allows attackers to trigger a denial of service by sending malformed IOCTL requests. Attackers can send a crafted 2000-byte buffer with specific byte patterns to the REDRAGON_MOUSE de... Read more
Affected Products :- Published: Jan. 16, 2026
- Modified: Jan. 16, 2026
- Vuln Type: Denial of Service