Latest CVE Feed
-
6.3
MEDIUMCVE-2026-1685
A vulnerability was identified in D-Link DIR-823X 250416. This vulnerability affects the function sub_40AC74 of the component Login. Such manipulation leads to improper restriction of excessive authentication attempts. The attack may be performed from rem... Read more
Affected Products : dir-823x_firmware- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Authentication
-
8.3
HIGHCVE-2026-25117
pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit e33da14449a5abcff507e554f66e2141d6683b0a, missing sandboxing on `/workspace/*` routes allows challenge authors to inject arbitrary javascript which runs on the same orig... Read more
Affected Products :- Published: Jan. 29, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Cross-Site Scripting
-
8.5
HIGHCVE-2020-37059
Popcorn Time 6.2.1.14 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can insert malicious executables in Program Files (x86) or system root dire... Read more
Affected Products :- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Misconfiguration
-
7.5
HIGHCVE-2025-63649
An out-of-bounds read in the http_parser_transfer_encoding_chunked function (mk_server/mk_http_parser.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted POST request to the server.... Read more
Affected Products :- Published: Jan. 29, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2026-1625
A vulnerability was detected in D-Link DWR-M961 1.1.47. The impacted element is the function sub_4250E0 of the file /boafrm/formSmsManage of the component SMS Message. Performing a manipulation of the argument action_value results in command injection. Th... Read more
Affected Products : dwr-m961_firmware- Published: Jan. 29, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2026-24845
malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 0.10.0 and prior to version 1.20.3, malcontent could be made to expose Docker registry credentials if it scanned a specially crafted OCI i... Read more
Affected Products :- Published: Jan. 29, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Supply Chain
-
8.6
HIGHCVE-2025-4686
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kodmatic Computer Software Tourism Construction Industry and Trade Ltd. Co. Online Exam and Assessment allows SQL Injection.This issue affects Online Exa... Read more
Affected Products :- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2026-1638
A security flaw has been discovered in Tenda AC21 1.1.1.1/1.dmzip/16.03.08.16. The impacted element is the function mDMZSetCfg of the file /goform/mDMZSetCfg. The manipulation of the argument dmzIp results in command injection. The attack can be executed ... Read more
Affected Products : ac21_firmware- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Injection
-
7.6
HIGHCVE-2026-25116
Runtipi is a personal homeserver orchestrator. Starting in version 4.5.0 and prior to version 4.7.2, an unauthenticated Path Traversal vulnerability in the `UserConfigController` allows any remote user to overwrite the system's `docker-compose.yml` config... Read more
Affected Products :- Published: Jan. 29, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Path Traversal
-
7.1
HIGHCVE-2020-37108
PhpIX 2012 Professional contains a SQL injection vulnerability in the 'id' parameter of product_detail.php that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through the 'id' parameter to potentially extra... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Injection
-
8.4
HIGHCVE-2020-37029
FTPDummy 4.80 contains a local buffer overflow vulnerability in its preference file handling that allows attackers to execute arbitrary code. Attackers can craft a malicious preference file with carefully constructed shellcode to trigger a structured exce... Read more
Affected Products :- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2026-21418
Dell Unity, version(s) 5.5.2 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leadi... Read more
Affected Products : unity_operating_environment- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Injection
-
9.5
CRITICALCVE-2025-26385
Johnson Controls Metasys component listed below have Improper Neutralization of Special Elements used in a Command (Command Injection) Vulnerability . Successful exploitation of this vulnerability could allow remote SQL execution This issue affects ... Read more
Affected Products : metasys- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Injection
-
5.3
MEDIUMCVE-2026-25152
Backstage is an open framework for building developer portals, and @backstage/plugin-techdocs-node provides common node.js functionalities for TechDocs. In versions of @backstage/plugin-techdocs-node prior to 1.13.11 and 1.14.1, a path traversal vulnerabi... Read more
Affected Products : backstage- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Path Traversal
-
8.5
HIGHCVE-2020-37060
Atomic Alarm Clock 6.3 contains a local privilege escalation vulnerability in its service configuration that allows attackers to execute arbitrary code with SYSTEM privileges. Attackers can exploit the unquoted service path by placing a malicious executab... Read more
Affected Products :- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Misconfiguration
-
8.4
HIGHCVE-2020-37024
Nidesoft DVD Ripper 5.2.18 contains a local buffer overflow vulnerability in the License Code registration parameter that allows attackers to execute arbitrary code. Attackers can craft a malicious payload and paste it into the License Code field to trigg... Read more
Affected Products :- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Memory Corruption
-
5.3
MEDIUMCVE-2020-37026
Sickbeard alpha contains a cross-site request forgery vulnerability that allows attackers to disable authentication by submitting crafted configuration parameters. Attackers can trick users into submitting a malicious form that clears web username and pas... Read more
Affected Products :- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Cross-Site Request Forgery
-
9.8
CRITICALCVE-2020-37027
Sickbeard alpha contains a remote command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands through the extra scripts configuration. Attackers can set malicious commands in the extra scripts field and trigger proc... Read more
Affected Products :- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Injection
-
6.4
MEDIUMCVE-2019-25263
Zendesk SweetHawk Survey 1.6 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through support ticket submissions. Attackers can insert XSS payloads like script tags into ticket text that automatica... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2020-37105
PMB 5.6 contains a SQL injection vulnerability in the administration download script that allows authenticated attackers to execute arbitrary SQL commands through the 'logid' parameter. Attackers can leverage this vulnerability by sending crafted requests... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Injection