Latest CVE Feed
-
7.1
HIGHCVE-2026-1680
Improper access control in the WCF endpoint in Edgemo (now owned by Danoffice IT) Local Admin Service 1.2.7.23180 on Windows allows a local user to escalate their privileges to local administrator via direct communication with the LocalAdminService.exe na... Read more
Affected Products :- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2026-1624
A security vulnerability has been detected in D-Link DWR-M961 1.1.47. The affected element is an unknown function of the file /boafrm/formLtefotaUpgradeFibocom. Such manipulation of the argument fota_url leads to command injection. The attack can be launc... Read more
Affected Products : dwr-m961_firmware- Published: Jan. 29, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Injection
-
8.5
HIGHCVE-2020-37058
Andrea ST Filters Service 1.0.64.7 contains an unquoted service path vulnerability in its Windows service configuration. Local attackers can exploit the unquoted path to inject malicious code that will execute with elevated LocalSystem privileges during s... Read more
Affected Products :- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Misconfiguration
-
4.6
MEDIUMCVE-2026-22625
Improper handling of filenames in certain HIKSEMI NAS products may lead to the exposure of sensitive system files.... Read more
Affected Products :- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Information Disclosure
-
4.3
MEDIUMCVE-2025-15322
Tanium addressed an improper access controls vulnerability in Tanium Server.... Read more
Affected Products : server- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Authorization
-
3.1
LOWCVE-2025-15288
Tanium addressed an improper access controls vulnerability in Interact.... Read more
Affected Products : service_interact- Published: Jan. 29, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Authorization
-
8.4
HIGHCVE-2025-13176
Planting a custom configuration file in ESET Inspect Connector allow load a malicious DLL.... Read more
Affected Products :- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Misconfiguration
-
4.3
MEDIUMCVE-2026-22624
Due to inadequate access control, authenticated users of certain HIKSEMI NAS products can manipulate other users' file resources without proper authorization.... Read more
Affected Products :- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Authorization
-
7.2
HIGHCVE-2026-0709
Some Hikvision Wireless Access Points are vulnerable to authenticated command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devic... Read more
Affected Products :- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Injection
-
8.8
HIGHCVE-2020-37032
Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows authenticated users to execute system commands. Attackers can leverage the console to send POST requests with malicious commands that trigger ope... Read more
Affected Products : wing_ftp_server- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Injection
-
7.1
HIGHCVE-2026-24902
TrustTunnel is an open-source VPN protocol with a server-side request forgery and and private network restriction bypass in versions prior to 0.9.114. In `tcp_forwarder.rs`, SSRF protection for `allow_private_network_connections = false` was only applied ... Read more
Affected Products :- Published: Jan. 29, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Server-Side Request Forgery
-
6.6
MEDIUMCVE-2026-24905
Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. The `ig` binary provides a subcommand for image building, used to generate custom gadget OCI images. A part of th... Read more
Affected Products :- Published: Jan. 29, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Injection
-
8.2
HIGHCVE-2026-1610
A vulnerability was found in Tenda AX12 Pro V2 16.03.49.24_cn. Affected by this issue is some unknown functionality of the component Telnet Service. Performing a manipulation results in hard-coded credentials. The attack is possible to be carried out remo... Read more
Affected Products :- Published: Jan. 29, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Authentication
-
7.1
HIGHCVE-2026-25126
PolarLearn is a free and open-source learning program. Prior to version 0-PRERELEASE-15, the vote API route (`POST /api/v1/forum/vote`) trusts the JSON body’s `direction` value without runtime validation. TypeScript types are not enforced at runtime, so a... Read more
Affected Products :- Published: Jan. 29, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2026-1453
A missing authentication for critical function vulnerability in KiloView Encoder Series could allow an unauthenticated attacker to create or delete administrator accounts. This vulnerability can grant the attacker full administrative control over the prod... Read more
Affected Products :- Published: Jan. 29, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Authentication
-
8.5
HIGHCVE-2026-1457
An authenticated buffer handling flaw in TP-Link VIGI C385 V1 Web API lacking input sanitization, may allow memory corruption leading to remote code execution. Authenticated attackers may trigger buffer overflow and potentially execute arbitrary code with... Read more
Affected Products :- Published: Jan. 29, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-63650
An out-of-bounds read in the mk_ptr_to_buf in mk_core function (mk_memory.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.... Read more
Affected Products :- Published: Jan. 29, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Denial of Service
-
6.9
MEDIUMCVE-2024-9432
Cleartext Storage of Sensitive Information vulnerability in OpenText™ Vertica allows Retrieve Embedded Sensitive Data. The vulnerability could read Vertica agent plaintext apikey.This issue affects Vertica versions: 23.X, 24.X, 25.X.... Read more
Affected Products : vertica- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2026-1638
A security flaw has been discovered in Tenda AC21 1.1.1.1/1.dmzip/16.03.08.16. The impacted element is the function mDMZSetCfg of the file /goform/mDMZSetCfg. The manipulation of the argument dmzIp results in command injection. The attack can be executed ... Read more
Affected Products : ac21_firmware- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Injection
-
9.1
CRITICALCVE-2026-22806
vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and cluster sharing. Prior to versions 4.6.0, 4.5.4, 4.4.2, and 4.3.10, when an access key is created with a limited scope, the scope can be bypassed to access ... Read more
Affected Products :- Published: Jan. 29, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Authorization