Latest CVE Feed
-
7.5
HIGHCVE-2026-23737
seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, improper input handling in the JSON deserialization component can lead to arbitrary JavaScript code execution. Expl... Read more
Affected Products :- Published: Jan. 21, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-52659
HCL AION version 2 is affected by a Cacheable HTTP Response vulnerability. This may lead to unintended storage of sensitive or dynamic content, potentially resulting in unauthorized access or information disclosure.... Read more
Affected Products : aion- Published: Jan. 19, 2026
- Modified: Jan. 30, 2026
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2026-23842
ChatterBot is a machine learning, conversational dialog engine for creating chat bots. ChatterBot versions up to 1.2.10 are vulnerable to a denial-of-service condition caused by improper database session and connection pool management. Concurrent invocati... Read more
Affected Products : chatterbot- Published: Jan. 19, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2026-1192
A vulnerability was determined in Tosei Online Store Management System ネット店舗管理システム 1.01. The affected element is an unknown function of the file /cgi-bin/imode_alldata.php. Executing a manipulation of the argument DevId can lead to command injection. The ... Read more
Affected Products :- Published: Jan. 19, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Injection
-
7.5
HIGHCVE-2026-1195
A weakness has been identified in MineAdmin 1.x/2.x. This impacts the function refresh of the file /system/refresh of the component JWT Token Handler. This manipulation causes insufficient verification of data authenticity. It is possible to initiate the ... Read more
Affected Products : mineadmin- Published: Jan. 20, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Authentication
-
7.5
HIGHCVE-2025-69420
Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed Time... Read more
Affected Products : openssl- Published: Jan. 27, 2026
- Modified: Feb. 02, 2026
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2026-23967
sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A signature malleability vulnerability exists in the SM2 signature verification logic of the sm-crypto library prior to version 0.3.14. An attacker ca... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cryptography
-
7.5
HIGHCVE-2026-1586
A flaw has been found in Open5GS up to 2.7.5. Impacted is the function ogs_gtp2_f_teid_to_ip of the file /sgwc/s11-handler.c of the component SGWC. Executing a manipulation can lead to denial of service. The attack may be performed from remote. The exploi... Read more
Affected Products : open5gs- Published: Jan. 29, 2026
- Modified: Feb. 02, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-15281
Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.... Read more
Affected Products : glibc- Published: Jan. 20, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2026-1975
A security flaw has been discovered in Free5GC up to 4.1.0. This impacts the function identityTriggerType of the file pfcp_reports.go. The manipulation results in null pointer dereference. The attack can be executed remotely. The exploit has been released... Read more
Affected Products : free5gc- Published: Feb. 06, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-70648
Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow in the security_5g parameter of the sub_727F4 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.... Read more
- Published: Jan. 21, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-70650
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the deviceList parameter of the formSetMacFilterCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.... Read more
- Published: Jan. 21, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2026-22402
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in pavothemes Triply triply allows PHP Local File Inclusion.This issue affects Triply: from n/a through <= 2.4.7.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-63051
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in sizam REHub Framework rehub-framework allows Retrieve Embedded Sensitive Data.This issue affects REHub Framework: from n/a through < 19.9.9.4.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 28, 2026
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2026-1257
The Administrative Shortcodes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.3.4 via the 'slug' attribute of the 'get_template' shortcode. This is due to insufficient path validation on user-supplied inp... Read more
Affected Products :- Published: Jan. 24, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-69313
Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostX: from n/a through <= 5.0.3.... Read more
Affected Products : postx- Published: Jan. 22, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-69319
Improper Control of Generation of Code ('Code Injection') vulnerability in Beaver Builder Beaver Builder beaver-builder-lite-version allows Code Injection.This issue affects Beaver Builder: from n/a through <= 2.9.4.1.... Read more
Affected Products : beaver_builder- Published: Jan. 22, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Injection
-
7.5
HIGHCVE-2026-23864
Multiple denial of service vulnerabilities exist in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack. The vulnerabilities are triggered by sending specially crafted H... Read more
Affected Products : react- Published: Jan. 26, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2026-22401
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in pavothemes Freshio freshio allows PHP Local File Inclusion.This issue affects Freshio: from n/a through <= 2.4.2.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2026-22464
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows PHP Local File Inclusion.This issue affects My auctions allegro: f... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Path Traversal