Latest CVE Feed
-
7.5
HIGHCVE-2026-1129
A vulnerability was detected in Yonyou KSOA 9.0. This vulnerability affects unknown code of the file /worksheet/worksadd.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument ID results in sql injection. The attack may be perfo... Read more
Affected Products : ksoa- Published: Jan. 19, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-56589
A Local File Inclusion (LFI) and a Server-Side Request Forgery (SSRF) vulnerability was found in the InsertFromHtmlString() function of the Apryse HTML2PDF SDK thru 11.6.0. These vulnerabilities could allow an attacker to read local files on the server or... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2026-22190
Panda3D versions up to and including 1.10.16 egg-mkfont contains an uncontrolled format string vulnerability. The -gp (glyph pattern) command-line option is used directly as the format string for sprintf() with only a single argument supplied. If an attac... Read more
Affected Products : panda3d- Published: Jan. 07, 2026
- Modified: Jan. 12, 2026
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-70744
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the cloneType parameter of the sub_65B5C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.... Read more
- Published: Jan. 15, 2026
- Modified: Jan. 20, 2026
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-67419
A Denial of Service (DoS) vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to exhaust the application server's resources via the "GET /images" API. The application fails to limit the height of the use-element shadow tree or the d... Read more
Affected Products : evershop- Published: Jan. 05, 2026
- Modified: Jan. 12, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2026-21507
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have an infinite loop in the IccProfile.cpp function, CalcProfileID. This issue is fixed in version 2.3.1.1.... Read more
Affected Products : iccdev- Published: Jan. 06, 2026
- Modified: Jan. 12, 2026
-
7.5
HIGHCVE-2025-15432
A vulnerability has been found in yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3. This vulnerability affects the function downloadShowFile of the file /file/downloadShowFile.action of the component com.yeqifu.sys.controller.FileController... Read more
- Published: Jan. 02, 2026
- Modified: Jan. 12, 2026
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-71021
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the serverName parameter of the sub_65A28 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.... Read more
- Published: Jan. 14, 2026
- Modified: Jan. 20, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-15176
A flaw has been found in Open5GS up to 2.7.5. This affects the function decode_ipv6_header/ogs_pfcp_pdr_rule_find_by_packet of the file lib/pfcp/rule-match.c of the component PFCP Session Establishment Request Handler. Executing manipulation can lead to r... Read more
Affected Products : open5gs- Published: Dec. 29, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2022-50692
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an insufficient session expiration vulnerability that allows attackers to reuse old session credentials. Attackers can exploit weak session management to potentially hijack active user sessions ... Read more
Affected Products : stream first_firmware first impact_firmware impact pulse_firmware pulse impact_eco_firmware impact_eco pulse_eco_firmware +8 more products- Published: Dec. 30, 2025
- Modified: Jan. 20, 2026
- Vuln Type: Authentication
-
7.5
HIGHCVE-2025-13493
The Latest Registered Users plugin for WordPress is vulnerable to unauthorized user data export in all versions up to, and including, 1.4. This is due to missing authorization and nonce validation in the rnd_handle_form_submit function hooked to both admi... Read more
Affected Products :- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-56424
An issue in Insiders Technologies GmbH e-invoice pro before release 1 Service Pack 2 allows a remote attacker to cause a denial of service via a crafted script... Read more
Affected Products : e-invoice_pro- Published: Jan. 08, 2026
- Modified: Jan. 12, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-13457
The WooCommerce Square plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.1 via the get_token_by_id function due to missing validation on a user controlled key. This makes it possible for unau... Read more
Affected Products : woocommerce_square- Published: Jan. 10, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-70304
A buffer overflow in the vobsub_get_subpic_duration() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted packet.... Read more
Affected Products : gpac- Published: Jan. 15, 2026
- Modified: Jan. 23, 2026
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2021-47831
Sandboxie 5.49.7 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the container folder input field. Attackers can paste a large buffer of repeated characters into the Sandbox container folder setting... Read more
Affected Products : sandboxie- Published: Jan. 16, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-67274
An issue in continuous.software aangine v.2025.2 allows a remote attacker to obtain sensitive information via the excel-integration-service template download module, integration-persistence-service job listing module, portfolio-item-service data retrieval... Read more
Affected Products :- Published: Jan. 26, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-69908
An unauthenticated information disclosure vulnerability in Newgen OmniApp allows attackers to enumerate valid privileged usernames via a publicly accessible client-side JavaScript resource.... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-46685
Dell SupportAssist OS Recovery, versions prior to 5.5.15.1, contain a Creation of Temporary File With Insecure Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of pri... Read more
Affected Products : supportassist_os_recovery- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Misconfiguration
-
7.5
HIGHCVE-2025-70308
An out-of-bounds read in the GSF demuxer filter component of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted .gsf file.... Read more
Affected Products : gpac- Published: Jan. 15, 2026
- Modified: Jan. 23, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2026-22773
vLLM is an inference and serving engine for large language models (LLMs). In versions from 0.6.4 to before 0.12.0, users can crash the vLLM engine serving multimodal models that use the Idefics3 vision model implementation by sending a specially crafted 1... Read more
Affected Products : vllm- Published: Jan. 10, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Denial of Service