Latest CVE Feed
-
8.2
HIGHCVE-2026-0805
An input neutralization vulnerability in the Backup Configuration component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal.... Read more
Affected Products : crafty_controller- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Path Traversal
-
5.5
MEDIUMCVE-2026-1683
A vulnerability has been found in Free5GC SMF up to 4.1.0. Affected by this vulnerability is the function HandlePfcpSessionReportRequest of the file internal/pfcp/handler/handler.go of the component PFCP. The manipulation leads to denial of service. Remot... Read more
Affected Products : smf- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Denial of Service
-
7.1
HIGHCVE-2026-1680
Improper access control in the WCF endpoint in Edgemo (now owned by Danoffice IT) Local Admin Service 1.2.7.23180 on Windows allows a local user to escalate their privileges to local administrator via direct communication with the LocalAdminService.exe na... Read more
Affected Products :- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Authorization
-
4.6
MEDIUMCVE-2025-9226
Zohocorp ManageEngine OpManager, NetFlow Analyzer, and OpUtils versions prior to 128582 are affected by a stored cross-site scripting vulnerability in the Subnet Details.... Read more
- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Cross-Site Scripting
-
7.0
HIGHCVE-2026-1498
An LDAP Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from a connected LDAP authentication server through an exposed authentication or management web interface. This vulnera... Read more
Affected Products : fireware_os- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Injection
-
1.7
LOWCVE-2025-64438
Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, a remotely triggerable Out-of-Memory (OOM) denial-of-service exists in Fast -DDS when proce... Read more
Affected Products : fast_dds- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Denial of Service
-
6.9
MEDIUMCVE-2020-37077
Booked Scheduler 2.7.7 contains a directory traversal vulnerability in the manage_email_templates.php script that allows authenticated administrators to access unauthorized files. Attackers can exploit the vulnerable 'tn' parameter to read files outside t... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Path Traversal
-
5.3
MEDIUMCVE-2020-37096
Edimax EW-7438RPn 1.13 contains a cross-site request forgery vulnerability in the MAC filtering configuration interface. Attackers can craft malicious web pages to trick users into adding unauthorized MAC addresses to the device's filtering rules without ... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Cross-Site Request Forgery
-
9.8
CRITICALCVE-2020-37067
Filetto 1.0 FTP server contains a denial of service vulnerability in the FEAT command processing that allows attackers to crash the service. Attackers can send an oversized FEAT command with 11,008 bytes of repeated characters to trigger a buffer overflow... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Denial of Service
-
9.8
CRITICALCVE-2020-37065
StreamRipper32 version 2.6 contains a buffer overflow vulnerability in the Station/Song Section that allows attackers to overwrite memory by manipulating the SongPattern input. Attackers can craft a malicious payload exceeding 256 bytes to potentially exe... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2020-37066
GoldWave 5.70 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting malicious input in the File Open URL dialog. Attackers can generate a specially crafted text file with Unicode-encoded shellcode to trigger ... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2019-25260
OXID eShop versions 6.x prior to 6.3.4 contains a SQL injection vulnerability in the 'sorting' parameter that allows attackers to insert malicious database content. Attackers can exploit the vulnerability by manipulating the sorting parameter to inject PH... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Injection
-
7.8
HIGHCVE-2026-24149
NVIDIA Megatron-LM for all platforms contains a vulnerability in a script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, infor... Read more
Affected Products : megatron-lm- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Injection
-
8.8
HIGHCVE-2020-37078
i-doit Open Source CMDB 1.14.1 contains a file deletion vulnerability in the import module that allows authenticated attackers to delete arbitrary files by manipulating the delete_import parameter. Attackers can send a POST request to the import module wi... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Path Traversal
-
8.8
HIGHCVE-2025-15368
The SportsPress plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.7.26 via shortcodes 'template_name' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissi... Read more
Affected Products : sportspress- Published: Feb. 04, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Path Traversal
-
9.8
CRITICALCVE-2025-5329
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Martcode Software Inc. Delta Course Automation allows SQL Injection.This issue affects Delta Course Automation: through 04022026. NOTE: The vendor was c... Read more
Affected Products :- Published: Feb. 04, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Injection
-
5.3
MEDIUMCVE-2025-15507
The Magic Import Document Extractor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_sync_usage() function in all versions up to, and including, 1.0.4. This makes it possible for unauthe... Read more
Affected Products :- Published: Feb. 04, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2020-37070
CloudMe 1.11.2 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary code through crafted network packets. Attackers can exploit the vulnerability by sending a specially crafted payload to the CloudMe service running o... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Memory Corruption
-
9.3
CRITICALCVE-2026-1341
Avation Light Engine Pro exposes its configuration and control interface without any authentication or access control.... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Authentication
-
6.5
MEDIUMCVE-2026-24514
A security issue was discovered in ingress-nginx where the validating admission controller feature is subject to a denial of service condition. By sending large requests to the validating admission controller, an attacker can cause memory consumption, whi... Read more
Affected Products : ingress-nginx- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Denial of Service