Latest CVE Feed
-
7.5
HIGHCVE-2020-37211
SpotIM 2.2 contains a denial of service vulnerability that allows attackers to crash the application by inputting a large buffer in the registration name field. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger ... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Denial of Service
-
7.6
HIGHCVE-2025-64487
Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a privilege escalation vulnerability exists in the Outline document management system due to inconsistent authorization checks between user and group membership management e... Read more
Affected Products : outline- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Authorization
-
7.5
HIGHCVE-2020-37197
Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character buffer payload and paste it into the registration nam... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2020-37199
NBMonitor 1.6.6.0 contains a denial of service vulnerability in its registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Key' field to trigger an application c... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2020-37198
Duplicate Cleaner Pro 4.1.3 contains a denial of service vulnerability that allows attackers to crash the application by injecting an oversized buffer into the license key field. Attackers can generate a 6000-byte payload and paste it into the license act... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Denial of Service
-
6.9
MEDIUMCVE-2020-37156
BloodX 1.0 contains an authentication bypass vulnerability in login.php that allows attackers to access the dashboard without valid credentials. Attackers can exploit the vulnerability by sending a crafted payload with '=''or' parameters to bypass login a... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Authentication
-
7.5
HIGHCVE-2020-37193
ZIP Password Recovery 2.30 contains a denial of service vulnerability that allows attackers to crash the application by providing maliciously crafted input. Attackers can create a specially prepared text file with specific characters to trigger an applica... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Denial of Service
-
5.1
MEDIUMCVE-2019-25313
FlexNet Publisher 11.12.1 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without authentication. Attackers can craft a malicious HTML form to trick authenticated users into submitting a req... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Cross-Site Request Forgery
-
7.5
HIGHCVE-2020-37191
Top Password Software Dialup Password Recovery 1.30 contains a denial of service vulnerability that allows attackers to crash the application by overflowing input fields. Attackers can trigger the vulnerability by inserting a large 5000-character payload ... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Denial of Service
-
4.3
MEDIUMCVE-2026-25633
Statamic is a, Laravel + Git powered CMS designed for building websites. Prior to 5.73.6 and 6.2.5, users without permission to view assets are able are able to download them and view their metadata. Logged-out users and users without permission to access... Read more
Affected Products : statamic- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Authorization
-
7.5
HIGHCVE-2020-37201
NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration name input that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application cr... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2020-37202
NetworkSleuth 3.0.0.0 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character buffer payload and paste it into the registration key field... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Denial of Service
-
9.8
CRITICALCVE-2020-37184
Allok Video Converter 4.6.1217 contains a stack overflow vulnerability in the License Name input field that allows attackers to execute arbitrary code. Attackers can craft a specially designed payload to overwrite SEH handlers and execute system commands ... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Memory Corruption
-
7.1
HIGHCVE-2026-25999
Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to 2.10.2, there is an improper access control vulnerability that allows unauthorized users to trigger a reset or deletion of metadata for any tenant. By sending a crafted ... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Authorization
-
7.5
HIGHCVE-2020-37194
Backup Key Recovery 2.2.5 contains a denial of service vulnerability that allows attackers to crash the application by supplying an overly long registration key. Attackers can generate a 1000-character payload file and paste it into the registration key f... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Denial of Service
-
8.1
HIGHCVE-2026-25994
PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, a buffer overflow vulnerability exists in PJNATH ICE Session when processing credentials with excessively long usernames.... Read more
Affected Products : pjsip- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2020-37206
ShareAlarmPro contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character buffer payload to trigger an application crash when pasted into the... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2026-25759
Statmatic is a Laravel and Git powered content management system (CMS). From 6.0.0 to before 6.2.3, a stored XSS vulnerability in content titles allows authenticated users with content creation permissions to inject malicious JavaScript that executes when... Read more
Affected Products : statamic- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Cross-Site Scripting
-
8.6
HIGHCVE-2026-25935
Vikunja is a todo-app to organize your life. Prior to 1.1.0, TaskGlanceTooltip.vue temporarily creates a div and sets the innerHtml to the description. Since there is no escaping on either the server or client side, a malicious user can share a project, c... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Cross-Site Scripting
-
8.7
HIGHCVE-2020-37104
ASTPP 4.0.1 contains an information disclosure vulnerability that allows unauthenticated attackers to download database backup files by predicting backup filename patterns. Attackers can generate a list of 6-digit PIN combinations and fuzz the backup down... Read more
Affected Products :- Published: Feb. 11, 2026
- Modified: Feb. 12, 2026
- Vuln Type: Information Disclosure