Latest CVE Feed
-
6.4
MEDIUMCVE-2021-47908
Ultimate POS 4.4 contains a persistent cross-site scripting vulnerability in the product name parameter that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability through product add or edit functions to execute arbi... Read more
Affected Products :- Published: Feb. 01, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Cross-Site Scripting
-
0.0
NACVE-2026-23035
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv mlx5e_priv is an unstable structure that can be memset(0) if profile attaching fails. Pass netdev to mlx5e_destroy_netdev... Read more
Affected Products : linux_kernel- Published: Jan. 31, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Misconfiguration
-
0.0
NACVE-2026-23036
In the Linux kernel, the following vulnerability has been resolved: btrfs: release path before iget_failed() in btrfs_read_locked_inode() In btrfs_read_locked_inode() if we fail to lookup the inode, we jump to the 'out' label with a path that has a read... Read more
Affected Products : linux_kernel- Published: Jan. 31, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Race Condition
-
5.4
MEDIUMCVE-2021-47920
WebMO Job Manager 20.0 contains a cross-site scripting vulnerability in search parameters that allows remote attackers to inject malicious script code. Attackers can exploit the filterSearch and filterSearchType parameters to perform non-persistent attack... Read more
Affected Products :- Published: Feb. 01, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Cross-Site Scripting
-
0.0
NACVE-2026-23039
In the Linux kernel, the following vulnerability has been resolved: drm/gud: fix NULL fb and crtc dereferences on USB disconnect On disconnect drm_atomic_helper_disable_all() is called which sets both the fb and crtc for a plane to NULL before invoking ... Read more
Affected Products : linux_kernel- Published: Jan. 31, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Memory Corruption
-
8.5
HIGHCVE-2020-37037
Avast SecureLine 5.5.522.0 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code t... Read more
Affected Products :- Published: Feb. 01, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Misconfiguration
-
4.3
MEDIUMCVE-2026-1165
The Popup Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.1.1. This is due to a flawed nonce implementation in the 'publish_unpublish_popupbox' function that verifies a self-created nonce rather... Read more
Affected Products :- Published: Jan. 31, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Cross-Site Request Forgery
-
7.2
HIGHCVE-2025-14554
The Sell BTC - Cryptocurrency Selling Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'orderform_data' AJAX action in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. T... Read more
Affected Products :- Published: Jan. 31, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Cross-Site Scripting
-
8.8
HIGHCVE-2026-24788
RaspAP raspap-webgui versions prior to 3.3.6 contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed by a user who can log in to the product.... Read more
Affected Products : raspap- Published: Feb. 02, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Injection
-
6.2
MEDIUMCVE-2026-1757
A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the progr... Read more
Affected Products :- Published: Feb. 02, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Memory Corruption
-
8.5
HIGHCVE-2020-37064
EPSON EasyMP Network Projection 2.81 contains an unquoted service path vulnerability in the EMP_NSWLSV service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\EPSON Projector... Read more
Affected Products :- Published: Feb. 01, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Misconfiguration
-
7.1
HIGHCVE-2022-50950
Webile 1.0.1 contains a directory traversal vulnerability that allows remote attackers to manipulate file system paths without authentication. Attackers can exploit path manipulation to access sensitive system directories and potentially compromise the mo... Read more
Affected Products :- Published: Feb. 01, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Path Traversal
-
6.4
MEDIUMCVE-2022-50951
WiFi File Transfer 1.0.8 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious script codes through file and folder names. Attackers can exploit the web server's input validation weakness to execute arbi... Read more
Affected Products :- Published: Feb. 01, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Cross-Site Scripting
-
9.8
CRITICALCVE-2020-37056
Crystal Shard http-protection 0.2.0 contains an IP spoofing vulnerability that allows attackers to bypass protection middleware by manipulating request headers. Attackers can hardcode consistent IP values across X-Forwarded-For, X-Client-IP, and X-Real-IP... Read more
Affected Products :- Published: Jan. 30, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Misconfiguration
-
6.4
MEDIUMCVE-2021-47885
Multiple payment terminal versions contain non-persistent cross-site scripting vulnerabilities in billing and payment information input fields. Attackers can inject malicious script code through vulnerable parameters to manipulate client-side requests and... Read more
Affected Products :- Published: Feb. 01, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Cross-Site Scripting
-
0.0
NACVE-2026-23032
In the Linux kernel, the following vulnerability has been resolved: null_blk: fix kmemleak by releasing references to fault configfs items When CONFIG_BLK_DEV_NULL_BLK_FAULT_INJECTION is enabled, the null-blk driver sets up fault injection support by cr... Read more
Affected Products : linux_kernel- Published: Jan. 31, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Misconfiguration
-
0.0
NACVE-2026-23023
In the Linux kernel, the following vulnerability has been resolved: idpf: fix memory leak in idpf_vport_rel() Free vport->rx_ptype_lkup in idpf_vport_rel() to avoid leaking memory during a reset. Reported by kmemleak: unreferenced object 0xff450acac838... Read more
Affected Products : linux_kernel- Published: Jan. 31, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2026-23017
In the Linux kernel, the following vulnerability has been resolved: idpf: fix error handling in the init_task on load If the init_task fails during a driver load, we end up without vports and netdevs, effectively failing the entire process. In that stat... Read more
Affected Products : linux_kernel- Published: Jan. 31, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Denial of Service
-
5.3
MEDIUMCVE-2025-15525
The Ajax Load More – Infinite Scroll, Load More, & Lazy Load plugin for WordPress is vulnerable to unauthorized access of data due to incorrect authorization on the parse_custom_args() function in all versions up to, and including, 7.8.1. This makes it po... Read more
Affected Products :- Published: Jan. 31, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Authorization
-
7.3
HIGHCVE-2026-25156
HotCRP is conference review software. HotCRP versions from October 2025 through January 2026 delivered documents of all types with inline Content-Disposition, causing them to be rendered in the user’s browser rather than downloaded. (The intended behavior... Read more
Affected Products : hotcrp- Published: Jan. 30, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Cross-Site Scripting