Latest CVE Feed
-
7.5
HIGHCVE-2022-50978
An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus (TCP).... Read more
Affected Products :- Published: Feb. 02, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-66960
An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the fs/ggml/gguf.go, function readGGUFV1String reads a string length from untrusted GGUF metadata... Read more
Affected Products : ollama- Published: Jan. 21, 2026
- Modified: Feb. 02, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2022-50977
An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via HTTP.... Read more
Affected Products :- Published: Feb. 02, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-66959
An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the GGUF decoder... Read more
Affected Products : ollama- Published: Jan. 21, 2026
- Modified: Feb. 02, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-69620
A path traversal in Moo Chan Song v4.5.7 allows attackers to cause a Denial of Service (DoS) via writing files to the internal storage.... Read more
Affected Products : office_reader- Published: Feb. 04, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2026-1522
A weakness has been identified in Open5GS up to 2.7.6. This vulnerability affects the function sgwc_s5c_handle_modify_bearer_response of the file src/sgwc/s5c-handler.c of the component SGWC. Executing a manipulation can lead to denial of service. The att... Read more
Affected Products : open5gs- Published: Jan. 28, 2026
- Modified: Feb. 02, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-53968
This vulnerability arises because there are no limitations on the number of authentication attempts a user can make. An attacker can exploit this weakness by continuously sending authentication requests, leading to a denial-of-service (DoS) condition. ... Read more
Affected Products : evmapa- Published: Jan. 22, 2026
- Modified: Feb. 02, 2026
- Vuln Type: Authentication
-
7.5
HIGHCVE-2025-56589
A Local File Inclusion (LFI) and a Server-Side Request Forgery (SSRF) vulnerability was found in the InsertFromHtmlString() function of the Apryse HTML2PDF SDK thru 11.6.0. These vulnerabilities could allow an attacker to read local files on the server or... Read more
Affected Products : html2pdf- Published: Jan. 22, 2026
- Modified: Feb. 02, 2026
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2026-20402
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User intera... Read more
- Published: Feb. 02, 2026
- Modified: Feb. 17, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2026-25128
fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 5.0.9 through 5.3.3, a RangeError vulnerability exists in the numeric entity processing of fast-xm... Read more
Affected Products : fast-xml-parser- Published: Jan. 30, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Misconfiguration
-
7.5
HIGHCVE-2025-69619
A path traversal in My Text Editor v1.6.2 allows attackers to cause a Denial of Service (DoS) via writing files to the internal storage.... Read more
Affected Products : my_teditor- Published: Feb. 05, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-40537
SolarWinds Web Help Desk was found to be susceptible to a hardcoded credentials vulnerability that, under certain situations, could allow access to administrative functions.... Read more
Affected Products : web_help_desk- Published: Jan. 28, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Authentication
-
7.5
HIGHCVE-2025-67853
A flaw was found in Moodle. A remote attacker could exploit a lack of proper rate limiting in the confirmation email service. This vulnerability allows attackers to more easily enumerate or guess user credentials, facilitating brute-force attacks against ... Read more
Affected Products : moodle- Published: Feb. 03, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Authentication
-
7.5
HIGHCVE-2025-68913
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in zozothemes Miion miion allows PHP Local File Inclusion.This issue affects Miion: from n/a through <= 1.2.7.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-70758
chetans9 core-php-admin-panel through commit a94a780d6 contains an authentication bypass vulnerability in includes/auth_validate.php. The application sends an HTTP redirect via header(Location:login.php) when a user is not authenticated but fails to call ... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Authentication
-
7.5
HIGHCVE-2025-70084
Directory traversal vulnerability in OpenSatKit 2.2.1 allows attackers to gain access to sensitive information or delete arbitrary files via crafted value to the FileUtil_GetFileInfo function.... Read more
Affected Products : opensatkit- Published: Feb. 11, 2026
- Modified: Feb. 17, 2026
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-70029
An issue in Sunbird-Ed SunbirdEd-portal v1.13.4 allows attackers to obtain sensitive information. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTP request options... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Misconfiguration
-
7.5
HIGHCVE-2026-25027
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Unicamp unicamp allows PHP Local File Inclusion.This issue affects Unicamp: from n/a through <= 2.7.1.... Read more
Affected Products : unicamp- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Injection
-
7.5
HIGHCVE-2020-37213
TextCrawler Pro 3.1.1 contains a denial of service vulnerability that allows attackers to crash the application by sending an oversized buffer in the license key field. Attackers can generate a 6000-byte payload and paste it into the activation field to t... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2020-37212
SpotMSN 2.4.6 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application cras... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Denial of Service