Latest CVE Feed
-
7.5
HIGHCVE-2026-0786
ALGO 8180 IP Audio Alerter SCI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to explo... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-63649
An out-of-bounds read in the http_parser_transfer_encoding_chunked function (mk_server/mk_http_parser.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted POST request to the server.... Read more
Affected Products :- Published: Jan. 29, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2026-0911
The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the action_import_module() function in all versions up to, and including, 7.8.9.2. This mak... Read more
Affected Products : hustle- Published: Jan. 24, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authentication
-
7.5
HIGHCVE-2025-65889
A type validation flaw in the flow.dstack() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.... Read more
Affected Products : oneflow- Published: Jan. 28, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2026-1689
A vulnerability was detected in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon. The impacted element is the function checkUserFromLanOrWan of the file /boaform/admin/formLogin of the component Login Interface. The manipulation of the argument Host results... Read more
- Published: Jan. 30, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-15539
A vulnerability was determined in Open5GS up to 2.7.6. Impacted is the function sgwc_s11_handle_downlink_data_notification_ack of the file src/sgwc/s11-handler.c of the component sgwc. This manipulation causes denial of service. The attack can be initiate... Read more
Affected Products : open5gs- Published: Jan. 19, 2026
- Modified: Feb. 10, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2020-37178
KeePass Password Safe versions before 2.44 contain a denial of service vulnerability in the help system's HTML handling. Attackers can trigger the vulnerability by dragging and dropping malicious HTML files into the help area, potentially causing applicat... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2026-1976
A weakness has been identified in Free5GC up to 4.1.0. Affected is the function SessionDeletionResponse of the component SMF. This manipulation causes null pointer dereference. The attack is possible to be carried out remotely. The exploit has been made a... Read more
Affected Products : free5gc- Published: Feb. 06, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2026-24536
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in webpushr Webpushr webpushr-web-push-notifications allows Retrieve Embedded Sensitive Data.This issue affects Webpushr: from n/a through <= 4.38.0.... Read more
Affected Products : web_push_notifications- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2026-1740
A vulnerability was found in EFM ipTIME A8004T 14.18.2. This impacts the function httpcon_check_session_url of the file /cgi/timepro.cgi of the component Hidden Hiddenloginsetup Interface. The manipulation results in improper authentication. The attack ma... Read more
Affected Products :- Published: Feb. 02, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Authentication
-
7.5
HIGHCVE-2025-66720
Null pointer dereference in free5gc pcf 1.4.0 in file internal/sbi/processor/ampolicy.go in function HandleDeletePoliciesPolAssoId.... Read more
Affected Products : pcf- Published: Jan. 23, 2026
- Modified: Feb. 11, 2026
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2026-24828
Missing Release of Memory after Effective Lifetime vulnerability in Is-Daouda is-Engine.This issue affects is-Engine: before 3.3.4.... Read more
Affected Products :- Published: Jan. 27, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-59471
A denial of service vulnerability exists in self-hosted Next.js applications that have `remotePatterns` configured for the Image Optimizer. The image optimization endpoint (`/_next/image`) loads external images entirely into memory without enforcing a max... Read more
Affected Products : next.js- Published: Jan. 26, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2026-23864
Multiple denial of service vulnerabilities exist in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack. The vulnerabilities are triggered by sending specially crafted H... Read more
Affected Products : react- Published: Jan. 26, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2026-22271
Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Transmission of Sensitive Information vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerabili... Read more
Affected Products : objectscale- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-70650
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the deviceList parameter of the formSetMacFilterCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.... Read more
- Published: Jan. 21, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-70651
Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow in the ssid parameter of the form_fast_setting_wifi_set function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.... Read more
- Published: Jan. 21, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-59466
We have identified a bug in Node.js error handling where "Maximum call stack size exceeded" errors become uncatchable when `async_hooks.createHook()` is enabled. Instead of reaching `process.on('uncaughtException')`, the process terminates, making the cra... Read more
Affected Products : node.js- Published: Jan. 20, 2026
- Modified: Jan. 30, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-70648
Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow in the security_5g parameter of the sub_727F4 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.... Read more
- Published: Jan. 21, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-15349
Anritsu ShockLine SCPI Race Condition Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Anritsu ShockLine. Authentication is not required to exploit this vulner... Read more
Affected Products : shockline- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026