Latest CVE Feed
-
7.4
HIGHCVE-2026-0723
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an individual with existing knowledge of a victim's credential ID to bypass two-factor authen... Read more
Affected Products : gitlab- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authentication
-
7.4
HIGHCVE-2026-20853
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows WalletService allows an unauthorized attacker to elevate privileges locally.... Read more
- Published: Jan. 13, 2026
- Modified: Jan. 15, 2026
-
7.3
HIGHCVE-2025-66003
An External Control of File Name or Path vulnerability in smb4k allowsl ocal users to perform a local root exploit via smb4k mounthelper if they can access and control the contents of a Samba shareThis issue affects smb4k: from ? before 4.0.5.... Read more
Affected Products :- Published: Jan. 08, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Path Traversal
-
7.3
HIGHCVE-2025-67246
A local information disclosure vulnerability exists in the Ludashi driver before 5.1025 due to a lack of access control in the IOCTL handler. This driver exposes a device interface accessible to a normal user and handles attacker-controlled structures con... Read more
Affected Products : ludashi_driver- Published: Jan. 15, 2026
- Modified: Jan. 23, 2026
- Vuln Type: Information Disclosure
-
7.3
HIGHCVE-2025-68619
Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 of the appstore interface allow administrators to install npm packages through a REST API endpoint. While the endpoint validates that the package name e... Read more
Affected Products : signal_k_server- Published: Jan. 01, 2026
- Modified: Jan. 06, 2026
- Vuln Type: Supply Chain
-
7.3
HIGHCVE-2025-33230
NVIDIA Nsight Systems for Linux contains a vulnerability in the .run installer, where an attacker could cause an OS command injection by supplying a malicious string to the installation path. A successful exploit of this vulnerability might lead to escala... Read more
Affected Products : cuda_toolkit- Published: Jan. 20, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Injection
-
7.3
HIGHCVE-2026-22241
The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, an arbitrary file upload vulnerability in the theme import functionality enables an attacker with administrative privileges to upload a... Read more
Affected Products : openeclass- Published: Jan. 08, 2026
- Modified: Jan. 23, 2026
- Vuln Type: Misconfiguration
-
7.3
HIGHCVE-2025-36418
IBM ApplinX 11.1 is vulnerable due to a privilege escalation vulnerability due to improper verification of JWT tokens. An attacker may be able to craft or modify a JSON web token in order to impersonate another user or to elevate their privileges.... Read more
Affected Products : applinx- Published: Jan. 20, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authentication
-
7.3
HIGHCVE-2026-22786
Gin-vue-admin is a backstage management system based on vue and gin. Gin-vue-admin <= v2.8.7 has a path traversal vulnerability in the breakpoint resume upload functionality. Attacker can upload any files on any directory. In the breakpoint_continue.go fi... Read more
Affected Products : gin-vue-admin- Published: Jan. 12, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Path Traversal
-
7.3
HIGHCVE-2026-21892
Parsl is a Python parallel scripting library. A SQL Injection vulnerability exists in the parsl-visualize component of versions prior to 2026.01.05. The application constructs SQL queries using unsafe string formatting (Python % operator) with user-suppli... Read more
Affected Products : parsl- Published: Jan. 08, 2026
- Modified: Jan. 20, 2026
- Vuln Type: Injection
-
7.3
HIGHCVE-2025-33229
NVIDIA Nsight Visual Studio for Windows contains a vulnerability in Nsight Monitor where an attacker can execute arbitrary code with the same privileges as the NVIDIA Nsight Visual Studio Edition Monitor application. A successful exploit of this vulnerabi... Read more
Affected Products : cuda_toolkit- Published: Jan. 20, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Memory Corruption
-
7.3
HIGHCVE-2026-0615
The Librarian `supervisord` status page can be retrieved by the `web_fetch` tool, which can be used to retrieve running processes within TheLibrarian backend. The vendor has fixed the vulnerability in all affected versions.... Read more
Affected Products : the_librarian- Published: Jan. 16, 2026
- Modified: Jan. 23, 2026
-
7.3
HIGHCVE-2026-0776
Discord Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Discord Client. An attacker must first obtain the ability to execute lo... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
-
7.3
HIGHCVE-2025-33228
NVIDIA Nsight Systems contains a vulnerability in the gfx_hotspot recipe, where an attacker could cause an OS command injection by supplying a malicious string to the process_nsys_rep_cli.py script if the script is invoked manually. A successful exploit o... Read more
Affected Products : cuda_toolkit- Published: Jan. 20, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Injection
-
7.3
HIGHCVE-2025-55705
This vulnerability occurs when the system permits multiple simultaneous connections to the backend using the same charging station ID. This can result in unauthorized access, data inconsistency, or potential manipulation of charging sessions. The lack ... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authentication
-
7.3
HIGHCVE-2026-21897
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, ... Read more
Affected Products : cryptolib- Published: Jan. 10, 2026
- Modified: Jan. 15, 2026
- Vuln Type: Memory Corruption
-
7.3
HIGHCVE-2025-3646
Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an authorization bypass vulnerability that allows unauthorized users to add users as shared owners to any device by exploiting missing permission checks. Attackers can send requests to the ... Read more
Affected Products :- Published: Jan. 04, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Authorization
-
7.3
HIGHCVE-2026-23988
Rufus is a utility that helps format and create bootable USB flash drives. Versions 4.11 and below contain a race condition (TOCTOU) in src/net.c during the creation, validation, and execution of the Fido PowerShell script. Since Rufus runs with elevated ... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Race Condition
-
7.3
HIGHCVE-2026-23960
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.6.17 and 3.7.8, stored XSS in the artifact directory listing allows any workflow author to execute arbitrary JavaScript in... Read more
Affected Products : argo_workflows- Published: Jan. 21, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting
-
7.3
HIGHCVE-2026-23880
OnboardLite is a comprehensive membership lifecycle platform built for student organizations at the University of Central Florida. Versions of the software prior to commit 1d32081a66f21bcf41df1ecb672490b13f6e429f have a stored cross-site scripting vulnera... Read more
Affected Products :- Published: Jan. 19, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Scripting