Latest CVE Feed
-
5.3
MEDIUMCVE-2026-1549
A vulnerability was identified in jishenghua jshERP up to 3.6. Affected by this vulnerability is an unknown functionality of the file /jshERP-boot/plugin/uploadPluginConfigFile of the component PluginController. Such manipulation of the argument configFil... Read more
Affected Products : jsherp- Published: Jan. 28, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Path Traversal
-
5.3
MEDIUMCVE-2026-0398
Crafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor.... Read more
Affected Products : recursor- Published: Feb. 09, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Misconfiguration
-
8.5
HIGHCVE-2025-12772
Brocade SANnav before 2.4.0b logs the Brocade Fabric OS Switch admin password on the SANnav support save logs. When OOM occurs on a Brocade SANnav server, the call stack trace for the Brocade switch is also collected in the heap dump file which contains ... Read more
- Published: Feb. 02, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Information Disclosure
-
7.4
HIGHCVE-2025-68621
Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on building large personal knowledge bases. Prior to 0.101.0, a critical timing attack vulnerability in Trilium's sync authentication endpoint allows unauthen... Read more
Affected Products :- Published: Feb. 06, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Authentication
-
8.8
HIGHCVE-2020-37141
AMSS++ version 4.31 contains a SQL injection vulnerability in the mail module's maildetail.php script through the 'id' parameter. Attackers can manipulate the 'id' parameter in /modules/mail/main/maildetail.php to inject malicious SQL queries and potentia... Read more
Affected Products :- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2020-37159
Parallaxis Cuckoo Clock 5.0 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory registers in the alarm scheduling feature. Attackers can craft a malicious payload exceeding 260 bytes to overwrite ... Read more
Affected Products :- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Memory Corruption
-
7.7
HIGHCVE-2026-25757
Spree is an open source e-commerce solution built with Ruby on Rails. Prior to versions 5.0.8, 5.1.10, 5.2.7, and 5.3.2, unauthenticated users can view completed guest orders by Order ID. This issue may lead to disclosure of PII of guest users (including ... Read more
Affected Products : spree- Published: Feb. 06, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Information Disclosure
-
6.4
MEDIUMCVE-2025-15267
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bt_bb_accordion_item shortcode in all versions up to, and including, 5.5.7 due to insufficient input sanitization and output escaping on user supplied... Read more
Affected Products : bold_page_builder- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Cross-Site Scripting
-
9.3
CRITICALCVE-2020-37135
AMSS++ 4.7 contains an authentication bypass vulnerability that allows attackers to access administrative accounts using hardcoded credentials. Attackers can log in with the default admin username and password '1234' to gain unauthorized administrative ac... Read more
Affected Products : amss\+\+- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Authentication
-
6.4
MEDIUMCVE-2025-12159
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bt_bb_raw_content shortcode in all versions up to, and including, 5.4.8 due to insufficient input sanitization and output escaping on user supplied at... Read more
Affected Products : bold_page_builder- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Cross-Site Scripting
-
9.8
CRITICALCVE-2020-37161
Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the registration name field with malicious payload. Attackers can craft a specially designed payload to trigger remote co... Read more
Affected Products :- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2020-37162
Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability in the registration key input that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload of 1608 bytes to trigger a stack-based buff... Read more
Affected Products :- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2020-37163
QuickDate 1.3.2 contains a SQL injection vulnerability that allows remote attackers to manipulate database queries through the '_located' parameter in the find_matches endpoint. Attackers can inject UNION-based SQL statements to extract database informati... Read more
Affected Products :- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Injection
-
7.5
HIGHCVE-2020-37109
aSc TimeTables 2020.11.4 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Subject title field with a large buffer. Attackers can generate a 1000-character buffer and paste it into the Subject tit... Read more
Affected Products :- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Denial of Service
-
8.5
HIGHCVE-2020-37160
SprintWork 2.3.1 contains multiple local privilege escalation vulnerabilities through insecure file, service, and folder permissions on Windows systems. Local unprivileged users can exploit missing executable files and weak service configurations to creat... Read more
Affected Products :- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Authorization
-
8.7
HIGHCVE-2020-37157
DBPower C300 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive credentials through an unprotected configuration backup endpoint. Attackers can download the configuration file and extrac... Read more
Affected Products :- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Information Disclosure
-
8.0
HIGHCVE-2026-25804
Antrea is a Kubernetes networking solution intended to be Kubernetes native. Prior to versions 2.3.2 and 2.4.3, Antrea's network policy priority assignment system has a uint16 arithmetic overflow bug that causes incorrect OpenFlow priority calculations wh... Read more
Affected Products :- Published: Feb. 06, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Misconfiguration
-
7.5
HIGHCVE-2026-25762
AdonisJS is a TypeScript-first web framework. Prior to versions 10.1.3 and 11.0.0-next.9, a denial of service (DoS) vulnerability exists in the multipart file handling logic of @adonisjs/bodyparser. When processing file uploads, the multipart parser may a... Read more
Affected Products :- Published: Feb. 06, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Denial of Service
-
6.8
MEDIUMCVE-2025-31990
Rate limiting for certain API calls is not being enforced, making HCL Velocity vulnerable to Denial of Service (DoS) attacks. An attacker could flood the system with a large number of requests, overwhelming its resources and causing it to become unrespon... Read more
Affected Products :- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Denial of Service
-
9.8
CRITICALCVE-2026-25803
3DP-MANAGER is an inbound generator for 3x-ui. In version 2.0.1 and prior, the application automatically creates an administrative account with known default credentials (admin/admin) upon the first initialization. Attackers with network access to the app... Read more
Affected Products :- Published: Feb. 06, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Authentication