Latest CVE Feed
-
5.3
MEDIUMCVE-2025-15507
The Magic Import Document Extractor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_sync_usage() function in all versions up to, and including, 1.0.4. This makes it possible for unauthe... Read more
Affected Products :- Published: Feb. 04, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Authorization
-
1.7
LOWCVE-2025-64438
Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, a remotely triggerable Out-of-Memory (OOM) denial-of-service exists in Fast -DDS when proce... Read more
Affected Products : fast_dds- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Denial of Service
-
1.7
LOWCVE-2025-62602
Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sen... Read more
Affected Products : fast_dds- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Denial of Service
-
5.3
MEDIUMCVE-2026-1801
A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling vulnerability arises from non-RFC-compliant parsing in the soup_filter_input_stream_read_line() logic, where libsoup accepts malformed chunk headers, such as lone line... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2026-1810
A vulnerability was detected in bolo-blog bolo-solo up to 2.6.4. The impacted element is the function unpackFilteredZip of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component ZIP File Handler. Performing a manipulation of t... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Path Traversal
-
9.8
CRITICALCVE-2020-37069
Konica Minolta FTP Utility 1.0 contains a buffer overflow vulnerability in the NLST command that allows attackers to overwrite system registers. Attackers can send an oversized buffer of 1500 'A' characters to crash the FTP server and potentially execute ... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Memory Corruption
-
1.7
LOWCVE-2025-64098
Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sen... Read more
Affected Products : fast_dds- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Denial of Service
-
7.1
HIGHCVE-2020-37081
Fishing Reservation System 7.5 contains multiple remote SQL injection vulnerabilities in admin.php, cart.php, and calendar.php that allow attackers to inject malicious SQL commands. Attackers can exploit vulnerable parameters like uid, pid, type, m, y, an... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Injection
-
8.8
HIGHCVE-2020-37083
PHP AddressBook 9.0.0.1 contains a time-based blind SQL injection vulnerability that allows remote attackers to manipulate database queries through the 'id' parameter. Attackers can inject crafted SQL statements with time delays to extract information by ... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Injection
-
5.3
MEDIUMCVE-2020-37091
Maian Support Helpdesk 4.3 contains a cross-site request forgery vulnerability that allows attackers to create administrative accounts without authentication. Attackers can craft malicious HTML forms to add admin users and upload PHP files with unrestrict... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Cross-Site Request Forgery
-
5.1
MEDIUMCVE-2020-37087
Easy Transfer Wifi Transfer v1.7 for iOS contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts by manipulating the oldPath, newPath, and path parameters in Create Folder and Move/Edit functions. ... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-36094
IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 007 could allow an authenticated user to cause a denial of service or corrupt existing data due to th... Read more
Affected Products : cloud_pak_for_business_automation- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2026-1811
A flaw has been found in bolo-blog bolo-solo up to 2.6.4. This affects the function importFromMarkdown of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component Filename Handler. Executing a manipulation of the argument File c... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Path Traversal
-
5.4
MEDIUMCVE-2025-36033
IBM Engineering Lifecycle Management - Global Configuration Management 7.0.3 through 7.0.3 Interim Fix 017, and 7.1.0 through 7.1.0 Interim Fix 004 IBM Global Configuration Management is vulnerable to cross-site scripting. This vulnerability allows an aut... Read more
Affected Products : engineering_lifecycle_management___global_configuration_management- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2026-24514
A security issue was discovered in ingress-nginx where the validating admission controller feature is subject to a denial of service condition. By sending large requests to the validating admission controller, an attacker can cause memory consumption, whi... Read more
Affected Products : ingress-nginx- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Denial of Service
-
9.8
CRITICALCVE-2020-37074
Remote Desktop Audit 2.3.0.157 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code during the Add Computers Wizard file import process. Attackers can craft a malicious payload file to trigger a structured exception han... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Memory Corruption
-
6.7
MEDIUMCVE-2025-14740
Docker Desktop for Windows contains multiple incorrect permission assignment vulnerabilities in the installer's handling of the C:\ProgramData\DockerDesktop directory. The installer creates this directory without proper ownership verification, creating tw... Read more
Affected Products : desktop- Published: Feb. 04, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Misconfiguration
-
9.8
CRITICALCVE-2020-37075
LanSend 3.2 contains a buffer overflow vulnerability in the Add Computers Wizard file import functionality that allows remote attackers to execute arbitrary code. Attackers can craft a malicious payload file to trigger a structured exception handler (SEH)... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2020-37066
GoldWave 5.70 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting malicious input in the File Open URL dialog. Attackers can generate a specially crafted text file with Unicode-encoded shellcode to trigger ... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2019-25260
OXID eShop versions 6.x prior to 6.3.4 contains a SQL injection vulnerability in the 'sorting' parameter that allows attackers to insert malicious database content. Attackers can exploit the vulnerability by manipulating the sorting parameter to inject PH... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Injection