Latest CVE Feed
-
6.2
MEDIUMCVE-2026-1757
A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the progr... Read more
Affected Products :- Published: Feb. 02, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Memory Corruption
-
5.4
MEDIUMCVE-2026-1251
The SupportCandy – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.4.4 via the 'add_reply' function due to missing validation on a user controlled key... Read more
Affected Products : supportcandy- Published: Jan. 31, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Authorization
-
8.5
HIGHCVE-2020-37055
SpyHunter 4 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path by placing malicious executables in specific file sy... Read more
Affected Products :- Published: Feb. 01, 2026
- Modified: Feb. 03, 2026
-
6.5
MEDIUMCVE-2022-50980
A unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via CAN.... Read more
Affected Products :- Published: Feb. 02, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Denial of Service
-
8.8
HIGHCVE-2022-50975
An unauthenticated remote attacker is able to use an existing session id of a logged in user and gain full access to the device if configuration via ethernet is enabled.... Read more
Affected Products :- Published: Feb. 02, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Authentication
-
8.2
HIGHCVE-2026-1117
A vulnerability in the `lollms_generation_events.py` component of parisneo/lollms version 5.9.0 allows unauthenticated access to sensitive Socket.IO events. The `add_events` function registers event handlers such as `generate_text`, `cancel_generation`, `... Read more
- Published: Feb. 02, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Authentication
-
0.0
NACVE-2026-23020
In the Linux kernel, the following vulnerability has been resolved: net: 3com: 3c59x: fix possible null dereference in vortex_probe1() pdev can be null and free_ring: can be called in 1297 with a null pdev.... Read more
Affected Products : linux_kernel- Published: Jan. 31, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-71181
In the Linux kernel, the following vulnerability has been resolved: rust_binder: remove spin_lock() in rust_shrink_free_page() When forward-porting Rust Binder to 6.18, I neglected to take commit fb56fdf8b9a2 ("mm/list_lru: split the lock to per-cgroup ... Read more
Affected Products : linux_kernel- Published: Jan. 31, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Race Condition
-
6.5
MEDIUMCVE-2026-0683
The SupportCandy – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to SQL Injection via the Number-type custom field filter in all versions up to, and including, 3.4.4. This is due to insufficient escaping on the user-supplied... Read more
Affected Products : supportcandy- Published: Jan. 31, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Injection
-
8.8
HIGHCVE-2020-37035
e-Learning PHP Script 0.1.0 contains a SQL injection vulnerability in the search functionality that allows attackers to manipulate database queries through unvalidated user input. Attackers can inject malicious SQL code in the 'search' parameter to potent... Read more
Affected Products :- Published: Jan. 30, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Injection
-
8.7
HIGHCVE-2020-37034
HelloWeb 2.0 contains an arbitrary file download vulnerability that allows remote attackers to download system files by manipulating filepath and filename parameters. Attackers can send crafted GET requests to download.asp with directory traversal to acce... Read more
Affected Products :- Published: Jan. 30, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2020-37039
Frigate 2.02 contains a denial of service vulnerability that allows attackers to crash the application by sending oversized input to the command line interface. Attackers can generate a payload of 8000 repeated characters and paste it into the application... Read more
Affected Products :- Published: Jan. 30, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Denial of Service
-
8.5
HIGHCVE-2020-37100
Sync Breeze Enterprise 12.4.18 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path by placing malicious executables in specif... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Misconfiguration
-
0.0
NONECVE-2025-67484
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiFormatXml.Php. This issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1.... Read more
Affected Products : mediawiki- Published: Feb. 03, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Information Disclosure
-
1.3
LOWCVE-2025-61658
Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files src/GlobalContributions/GlobalContributionsPager.Php. This issue affects CheckUser: from * before 1.43.4, 1.44.1.... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Information Disclosure
-
7.1
HIGHCVE-2025-59902
HTML injection vulnerability in NICE Chat. This vulnerability allows an attacker to inject and render arbitrary HTML content in email transcripts by modifying the 'firstName' and 'lastName' parameters during a chat session. The injected HTML is included i... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Cross-Site Scripting
-
7.7
HIGHCVE-2026-21862
RustFS is a distributed object storage system built in Rust. Prior to version alpha.78, IP-based access control can be bypassed: get_condition_values trusts client-supplied X-Forwarded-For/X-Real-Ip without verifying a trusted proxy, so any reachable clie... Read more
Affected Products : rustfs- Published: Feb. 03, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Misconfiguration
-
8.1
HIGHCVE-2026-1375
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object References (IDOR) in all versions up to, and including, 3.9.5. This is due to missing object-level authorization checks in the `course_list_b... Read more
Affected Products : tutor_lms- Published: Feb. 03, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2026-1371
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.9.5. This is due to missing authorization checks in the `ajax_coupon_details()` function, whi... Read more
Affected Products : tutor_lms- Published: Feb. 03, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Authorization
-
5.1
MEDIUMCVE-2026-24449
For WRC-X1500GS-B and WRC-X1500GSA-B, the initial passwords can be calculated easily from the system information.... Read more
- Published: Feb. 03, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Authentication