Latest CVE Feed
-
7.5
HIGHCVE-2026-0692
The BlueSnap Payment Gateway for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.3.0. This is due to the plugin relying on WooCommerce's `WC_Geolocation::get_ip_address()` function to validat... Read more
Affected Products :- Published: Feb. 14, 2026
- Modified: Feb. 14, 2026
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-68017
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Antideo Antideo Email Validator antideo-email-validator allows Blind SQL Injection.This issue affects Antideo Email Validator: from n/a through <= 1.0.10... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 28, 2026
- Vuln Type: Injection
-
7.5
HIGHCVE-2026-22271
Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Transmission of Sensitive Information vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerabili... Read more
Affected Products : objectscale- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2026-20736
Gitea does not properly verify repository context when deleting attachments. A user who previously uploaded an attachment to a repository may be able to delete it after losing access to that repository by making the request through a different repository ... Read more
Affected Products : gitea- Published: Jan. 22, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Authorization
-
7.5
HIGHCVE-2026-23962
Mastodon is a free, open-source social network server based on ActivityPub. Mastodon versions before v4.3.18, v4.4.12, and v4.5.5 do not have a limit on the maximum number of poll options for remote posts, allowing attackers to create polls with a very la... Read more
Affected Products : mastodon- Published: Jan. 22, 2026
- Modified: Feb. 02, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-68907
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AivahThemes Hostme v2 hostmev2 allows Path Traversal.This issue affects Hostme v2: from n/a through <= 7.0.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2026-0911
The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the action_import_module() function in all versions up to, and including, 7.8.9.2. This mak... Read more
Affected Products : hustle- Published: Jan. 24, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authentication
-
7.5
HIGHCVE-2025-10024
Authorization Bypass Through User-Controlled Key vulnerability in EXERT Computer Technologies Software Ltd. Co. Education Management System allows Parameter Injection.This issue affects Education Management System: through 23.09.2025.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authorization
-
7.5
HIGHCVE-2026-24006
Seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, serialization of objects with extreme depth can exceed the maximum call stack limit. In version 1.4.1, Seroval intr... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2026-23965
sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A signature forgery vulnerability exists in the SM2 signature verification logic of sm-crypto prior to version 0.4.0. Under default configurations, an... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cryptography
-
7.5
HIGHCVE-2026-22258
Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, crafted DCERPC traffic can cause Suricata to expand a buffer w/o limits, leading to memory exhaustion and the process getting killed. While reported for DCERPC over UDP, it... Read more
Affected Products : suricata- Published: Jan. 27, 2026
- Modified: Jan. 30, 2026
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2026-23956
seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, overriding RegExp serialization with extremely large patterns can exhaust JavaScript runtime memory during deserial... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-70123
An improper input validation and protocol compliance vulnerability in free5GC v4.0.1 allows remote attackers to cause a denial of service. The UPF incorrectly accepts a malformed PFCP Association Setup Request, violating 3GPP TS 29.244. This places the UP... Read more
Affected Products :- Published: Feb. 13, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-70121
An array index out of bounds vulnerability in the AMF component of free5GC v4.0.1 allows remote attackers to cause a denial of service via a crafted 5GS Mobile Identity in a NAS Registration Request message. The issue occurs in the GetSUCI method (NAS_Mob... Read more
Affected Products :- Published: Feb. 13, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-13878
Malformed BRID/HHIT records can cause `named` to terminate unexpectedly. This issue affects BIND 9 versions 9.18.40 through 9.18.43, 9.20.13 through 9.20.17, 9.21.12 through 9.21.16, 9.18.40-S1 through 9.18.43-S1, and 9.20.13-S1 through 9.20.17-S1.... Read more
Affected Products : bind- Published: Jan. 21, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2026-23732
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, FastGlyph parsing trusts `cbData`/remaining length and never validates against the minimum size implied by `cx/cy`. A malicious server can trigger a client‑side glob... Read more
Affected Products : freerdp- Published: Jan. 19, 2026
- Modified: Jan. 28, 2026
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2026-1521
A security flaw has been discovered in Open5GS up to 2.7.6. This affects the function sgwc_s5c_handle_bearer_resource_failure_indication of the file src/sgwc/s5c-handler.c of the component SGWC. Performing a manipulation results in denial of service. The ... Read more
Affected Products : open5gs- Published: Jan. 28, 2026
- Modified: Feb. 02, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-70122
A heap buffer overflow vulnerability in the UPF component of free5GC v4.0.1 allows remote attackers to cause a denial of service via a crafted PFCP Session Modification Request. The issue occurs in the SDFFilterFields.UnmarshalBinary function (sdf-filter.... Read more
Affected Products :- Published: Feb. 13, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-66902
An input validation issue in in Pithikos websocket-server v.0.6.4 allows a remote attacker to obtain sensitive information or cause unexpected server behavior via the websocket_server/websocket_server.py, WebSocketServer._message_received components.... Read more
Affected Products : websocket_server- Published: Jan. 20, 2026
- Modified: Jan. 30, 2026
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2020-37134
UltraVNC Viewer 1.2.4.0 contains a denial of service vulnerability that allows attackers to crash the application by manipulating VNC Server input. Attackers can generate a malformed 256-byte payload and paste it into the VNC Server connection dialog to t... Read more
Affected Products :- Published: Feb. 05, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Denial of Service