Latest CVE Feed
-
7.8
HIGHCVE-2025-33251
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.... Read more
Affected Products : nemo- Published: Feb. 18, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Injection
-
7.8
HIGHCVE-2026-21514
Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.... Read more
Affected Products : 365_apps office_long_term_servicing_channel office_macos_2024 office_macos_2021 office_2024 office_2021- Actively Exploited
- Published: Feb. 10, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Authorization
-
7.8
HIGHCVE-2026-25143
melange allows users to build apk packages using declarative pipelines. From version 0.10.0 to before 0.40.3, an attacker who can influence inputs to the patch pipeline could execute arbitrary shell commands on the build host. The patch pipeline in pkg/bu... Read more
Affected Products : melange- Published: Feb. 04, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Injection
-
7.8
HIGHCVE-2025-33246
NVIDIA NeMo Framework for all platforms contains a vulnerability in the ASR Evaluator utility, where a user could cause a command injection by supplying crafted input to a configuration parameter. A successful exploit of this vulnerability might lead to c... Read more
Affected Products : nemo- Published: Feb. 18, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Injection
-
7.8
HIGHCVE-2025-33236
NVIDIA NeMo Framework contains a vulnerability where malicious data created by an attacker could cause code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tamp... Read more
Affected Products : nemo- Published: Feb. 18, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Injection
-
7.8
HIGHCVE-2025-60038
A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically... Read more
Affected Products :- Published: Feb. 18, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Injection
-
7.8
HIGHCVE-2025-60035
A vulnerability has been identified in the OPC.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file... Read more
Affected Products :- Published: Feb. 18, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2026-21259
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to elevate privileges locally.... Read more
- Published: Feb. 10, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-60037
A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically... Read more
Affected Products :- Published: Feb. 18, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Information Disclosure
-
7.8
HIGHCVE-2025-15351
Anritsu VectorStar CHX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Anritsu VectorStar. User interaction is required t... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
-
7.8
HIGHCVE-2026-0758
mcp-server-siri-shortcuts shortcutName Command Injection Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of mcp-server-siri-shortcuts. An attacker must first obtain the ability... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
-
7.8
HIGHCVE-2026-21418
Dell Unity, version(s) 5.5.2 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leadi... Read more
Affected Products : unity_operating_environment- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Injection
-
7.8
HIGHCVE-2026-20412
In cameraisp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID... Read more
- Published: Feb. 02, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2026-1418
A security vulnerability has been detected in GPAC up to 2.4.0. This affects the function gf_text_import_srt_bifs of the file src/scene_manager/text_to_bifs.c of the component SRT Subtitle Import. Such manipulation leads to out-of-bounds write. The attack... Read more
Affected Products : gpac- Published: Jan. 26, 2026
- Modified: Jan. 28, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-60865
Insecure Permissions vulnerability in avanquest Driver Updater v.9.1.57803.1174 allows a local attacker to escalate privileges via the Driver Updater Service windows component.... Read more
Affected Products : pc_helpsoft_driver_updater- Published: Feb. 03, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authorization
-
7.8
HIGHCVE-2026-24669
The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, an insecure password reset mechanism allows local attackers to reuse a valid password reset token after it has already been used, enabl... Read more
- Published: Feb. 03, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Authentication
-
7.8
HIGHCVE-2025-33233
NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability where an attacker could cause code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tam... Read more
Affected Products :- Published: Jan. 20, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Injection
-
7.8
HIGHCVE-2025-41727
A local low privileged attacker can bypass the authentication of the Device Manager user interface, allowing them to perform privileged operations and gain administrator access.... Read more
Affected Products :- Published: Jan. 27, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Authentication
-
7.8
HIGHCVE-2025-15062
Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerab... Read more
Affected Products : sketchup- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
-
7.8
HIGHCVE-2025-15348
Anritsu ShockLine CHX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Anritsu ShockLine. User interaction is required to ... Read more
Affected Products : shockline- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026