Latest CVE Feed
-
4.6
MEDIUMCVE-2023-20601
Improper input validation within RAS TA Driver can allow a local attacker to access out-of-bounds memory, potentially resulting in a denial-of-service condition.... Read more
Affected Products :- Published: Feb. 12, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2019-25340
SpotAuditor 5.3.2 contains a denial of service vulnerability in its Base64 decryption feature that allows attackers to crash the application by supplying an oversized buffer. Attackers can generate a malformed input file with 2000 repeated characters to t... Read more
Affected Products :- Published: Feb. 12, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Denial of Service
-
9.1
CRITICALCVE-2026-26214
Galaxy FDS Android SDK (XiaoMi/galaxy-fds-sdk-android) version 3.0.8 and prior disable TLS hostname verification when HTTPS is enabled (the default configuration). In GalaxyFDSClientImpl.createHttpClient(), the SDK configures Apache HttpClient with SSLSoc... Read more
Affected Products :- Published: Feb. 12, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Misconfiguration
-
8.4
HIGHCVE-2023-31323
Type confusion in the AMD Secure Processor (ASP) could allow an attacker to pass a malformed argument to the External Global Memory Interconnect Trusted Agent (XGMI TA) leading to a memory safety violation potentially resulting in loss of confidentiality,... Read more
Affected Products :- Published: Feb. 12, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Memory Corruption
-
8.6
HIGHCVE-2025-54756
BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series 5 prior to v9.0.166 use a default password that is guessable with knowledge of the device information. The latest release fixes this issue for new installations; users of ol... Read more
Affected Products :- Published: Feb. 12, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2019-25319
Domain Quester Pro 6.02 contains a stack overflow vulnerability that allows remote attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. Attackers can craft a malicious payload targeting the 'Domain Name Keywords... Read more
Affected Products :- Published: Feb. 12, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2026-26056
Yoke is a Helm-inspired infrastructure-as-code (IaC) package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller (ATC) component of Yoke. It allows users with CR create/update permissions to execute arbitrary WASM code in... Read more
Affected Products :- Published: Feb. 12, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Injection
-
6.0
MEDIUMCVE-2025-48023
A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. The affected products and versions are as fo... Read more
Affected Products :- Published: Feb. 13, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Denial of Service
-
8.8
HIGHCVE-2019-25320
E Learning Script 1.0 contains an authentication bypass vulnerability that allows attackers to access the dashboard without valid credentials by manipulating login parameters. Attackers can exploit the /login.php file by sending a specific payload '=''or'... Read more
Affected Products :- Published: Feb. 12, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Authentication
-
8.5
HIGHCVE-2019-25343
NextVPN 4.10 contains an insecure file permissions vulnerability that allows local users to modify executable files with full access rights. Attackers can replace system executables with malicious files to gain SYSTEM or Administrator privileges through u... Read more
Affected Products :- Published: Feb. 12, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Misconfiguration
-
6.0
MEDIUMCVE-2025-48020
A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. The affected products and versions are as fo... Read more
Affected Products :- Published: Feb. 13, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Denial of Service
-
7.3
HIGHCVE-2025-54519
A DLL hijacking vulnerability in Doc Nav could allow a local attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.... Read more
Affected Products :- Published: Feb. 12, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Misconfiguration
-
8.8
HIGHCVE-2025-61880
In Infoblox NIOS through 9.0.7, insecure deserialization can result in remote code execution.... Read more
Affected Products :- Published: Feb. 12, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Information Disclosure
-
6.0
MEDIUMCVE-2025-48019
A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. The affected products and versions are as fo... Read more
Affected Products :- Published: Feb. 13, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2019-25341
iNetTools for iOS 8.20 contains a denial of service vulnerability in the Whois feature that allows attackers to crash the application by manipulating input. Attackers can paste a specially crafted 98-character buffer into the Domain Name field to trigger ... Read more
Affected Products :- Published: Feb. 12, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Denial of Service
-
8.8
HIGHCVE-2019-25318
AVS Audio Converter 9.1.2.600 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by manipulating the output folder text input. Attackers can craft a malicious payload that overwrites stack memory and triggers a bind sh... Read more
Affected Products :- Published: Feb. 12, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Memory Corruption
-
6.7
MEDIUMCVE-2019-25334
Product Key Explorer 4.2.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by overflowing the registration name input field. Attackers can create a specially crafted text file with repeated characters to t... Read more
Affected Products :- Published: Feb. 12, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Denial of Service
-
0.0
NACVE-2025-70092
A cross-site scripting (XSS) vulnerability in the Item Kits function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Item Name parameter.... Read more
Affected Products :- Published: Feb. 12, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Cross-Site Scripting
-
6.0
MEDIUMCVE-2024-21961
Improper restriction of operations within the bounds of a memory buffer in PCIe® Link could allow an attacker with access to a guest virtual machine to potentially perform a denial of service attack against the host resulting in loss of availability.... Read more
Affected Products :- Published: Feb. 13, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-70886
An issue in halo v.2.22.4 and before allows a remote attacker to cause a denial of service via a crafted payload to the public comment submission endpoint... Read more
Affected Products :- Published: Feb. 12, 2026
- Modified: Feb. 13, 2026
- Vuln Type: Denial of Service