Latest CVE Feed
-
5.7
MEDIUMCVE-2025-7013
Authorization Bypass Through User-Controlled Key vulnerability in QR Menu Pro Smart Menu Systems Menu Panel allows Exploitation of Trusted Identifiers.This issue affects Menu Panel: through 29012026. NOTE: The vendor was contacted early about this discl... Read more
Affected Products :- Published: Jan. 29, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Authorization
-
8.2
HIGHCVE-2020-37006
berliCRM 1.0.24 contains a SQL injection vulnerability in the 'src_record' parameter that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through a crafted POST request to the index.php endpoint to potential... Read more
Affected Products :- Published: Jan. 29, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Injection
-
7.8
HIGHCVE-2025-33219
NVIDIA Display Driver for Linux contains a vulnerability in the NVIDIA kernel module where an attacker could cause an integer overflow or wraparound. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data t... Read more
- Published: Jan. 28, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Memory Corruption
-
8.5
HIGHCVE-2020-36985
IP Watcher 3.0.0.30 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be lau... Read more
Affected Products :- Published: Jan. 28, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Misconfiguration
-
0.0
NACVE-2026-23014
In the Linux kernel, the following vulnerability has been resolved: perf: Ensure swevent hrtimer is properly destroyed With the change to hrtimer_try_to_cancel() in perf_swevent_cancel_hrtimer() it appears possible for the hrtimer to still be active by ... Read more
Affected Products : linux_kernel- Published: Jan. 28, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Race Condition
-
7.8
HIGHCVE-2025-33220
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause heap memory access after the memory is freed. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, ... Read more
- Published: Jan. 28, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Memory Corruption
-
8.5
HIGHCVE-2020-36989
ForensiT AppX Management Service 2.2.0.4 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to... Read more
Affected Products :- Published: Jan. 28, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Misconfiguration
-
5.5
MEDIUMCVE-2025-33237
NVIDIA HD Audio Driver for Windows contains a vulnerability where an attacker could exploit a NULL pointer dereference issue. A successful exploit of this vulnerability might lead to a denial of service.... Read more
Affected Products : geforce- Published: Jan. 28, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Denial of Service
-
7.8
HIGHCVE-2025-33218
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where an attacker could cause an integer overflow. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, d... Read more
- Published: Jan. 28, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Memory Corruption
-
5.7
MEDIUMCVE-2025-7014
Session Fixation vulnerability in QR Menu Pro Smart Menu Systems Menu Panel allows Session Hijacking.This issue affects Menu Panel: through 29012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.... Read more
Affected Products :- Published: Jan. 29, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Authentication
-
8.2
HIGHCVE-2025-7713
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Global Interactive Design Media Software Inc. Content Management System (CMS) allows XSS Through HTTP Headers.This issue affects Content Managemen... Read more
Affected Products :- Published: Jan. 29, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Cross-Site Scripting
-
9.8
CRITICALCVE-2020-37002
Ajenti 2.1.36 contains an authentication bypass vulnerability that allows remote attackers to execute arbitrary commands after successful login. Attackers can leverage the /api/terminal/create endpoint to send a netcat reverse shell payload targeting a sp... Read more
Affected Products :- Published: Jan. 29, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Authentication
-
8.4
HIGHCVE-2020-36970
PMB 5.6 contains a local file disclosure vulnerability in getgif.php that allows attackers to read arbitrary system files by manipulating the 'chemin' parameter. Attackers can exploit the unsanitized file path input to access sensitive files like /etc/pas... Read more
Affected Products :- Published: Jan. 28, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Path Traversal
-
6.9
MEDIUMCVE-2025-55704
Hidden functionality issue exists in multiple MFPs provided by Brother Industries, Ltd., which may allow an attacker to obtain the logs of the affected product and obtain sensitive information within the logs.... Read more
Affected Products :- Published: Jan. 29, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2026-1616
The $uri$args concatenation in nginx configuration file present in Open Security Issue Management (OSIM) prior v2025.9.0 allows path traversal attacks via query parameters.... Read more
Affected Products :- Published: Jan. 29, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Path Traversal
-
7.0
HIGHCVE-2025-13905
CWE-276: Incorrect Default Permissions vulnerability exists that could cause privilege escalation through the reverse shell when one or more executable service binaries are modified in the installation folder by a local user with normal privilege upon s... Read more
Affected Products : ecostruxure_process_expert- Published: Jan. 29, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Authorization
-
6.7
MEDIUMCVE-2025-13918
Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain e... Read more
Affected Products :- Published: Jan. 28, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Authorization
-
8.5
HIGHCVE-2020-37020
SonarQube 8.3.1 contains an unquoted service path vulnerability that allows local attackers to gain SYSTEM privileges by exploiting the service executable path. Attackers can replace the wrapper.exe in the service path with a malicious executable to execu... Read more
Affected Products :- Published: Jan. 29, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Misconfiguration
-
8.0
HIGHCVE-2025-7016
Improper Access Control vulnerability in Akın Software Computer Import Export Industry and Trade Ltd. QR Menu allows Authentication Abuse.This issue affects QR Menu: before s1.05.12.... Read more
Affected Products :- Published: Jan. 29, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Authentication
-
8.8
HIGHCVE-2026-24835
Podman Desktop is a graphical tool for developing on containers and Kubernetes. A critical authentication bypass vulnerability in Podman Desktop prior to version 1.25.1 allows any extension to completely circumvent permission checks and gain unauthorized ... Read more
Affected Products :- Published: Jan. 28, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Authentication