Latest CVE Feed
-
8.5
HIGHCVE-2020-37017
CodeMeter 6.60 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the CodeMeter Runtime Server service to inject ... Read more
Affected Products : codemeter- Published: Jan. 29, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Misconfiguration
-
6.9
MEDIUMCVE-2020-36944
ILIAS Learning Management System 4.3 contains a server-side request forgery vulnerability that allows attackers to read local files through portfolio PDF export functionality. Attackers can inject a script that uses XMLHttpRequest to retrieve local file c... Read more
Affected Products : ilias- Published: Jan. 28, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Server-Side Request Forgery
-
8.8
HIGHCVE-2020-36972
SmartBlog 2.0.1 contains a blind SQL injection vulnerability in the 'id_post' parameter of the details controller that allows attackers to extract database information. Attackers can systematically test and retrieve database contents by injecting crafted ... Read more
Affected Products : smartblog- Published: Jan. 28, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Injection
-
5.4
MEDIUMCVE-2025-67723
Discourse is an open source discussion platform. Versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 have a content-security-policy-mitigated cross-site scriptinv vulnerability on the Discourse Math plugin when using its KaTeX variant. This issue ... Read more
Affected Products : discourse- Published: Jan. 28, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-69601
A directory traversal (Zip Slip) vulnerability exists in the “Static Sites” feature of 66biolinks v44.0.0 by AltumCode. Uploaded ZIP archives are automatically extracted without validating or sanitizing file paths. An attacker can include traversal sequen... Read more
Affected Products : 66biolinks- Published: Jan. 28, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Path Traversal
-
9.1
CRITICALCVE-2025-69602
A session fixation vulnerability exists in 66biolinks v62.0.0 by AltumCode, where the application does not regenerate the session identifier after successful authentication. As a result, the same session cookie value is reused for users logging in from th... Read more
Affected Products : 66biolinks- Published: Jan. 28, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Authentication
-
8.8
HIGHCVE-2026-1544
A security flaw has been discovered in D-Link DIR-823X 250416. Impacted is the function sub_41E2A0 of the file /goform/set_mode. Performing a manipulation of the argument lan_gateway results in os command injection. The attack is possible to be carried ou... Read more
- Published: Jan. 28, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2026-1546
A security vulnerability has been detected in jishenghua jshERP up to 3.6. The impacted element is the function getBillItemByParam of the file /jshERP-boot/depotItem/importItemExcel of the component com.jsh.erp.datasource.mappers.DepotItemMapperEx. The ma... Read more
Affected Products : jsherp- Published: Jan. 28, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2026-1547
A vulnerability was detected in Totolink A7000R 4.1cu.4154. This affects the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument plugin_name results in command injection. It is possible to launch the attack remote... Read more
- Published: Jan. 28, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2026-24857
`bulk_extractor` is a digital forensics exploitation tool. Starting in version 1.4, `bulk_extractor`’s embedded unrar code has a heap‑buffer‑overflow in the RAR PPM LZ decoding path. A crafted RAR inside a disk image causes an out‑of‑bounds write in `Unpa... Read more
Affected Products : bulk_extractor- Published: Jan. 28, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2026-24888
Maker.js is a 2D vector line drawing and shape modeling for CNC and laser cutters. In versions up to and including 0.19.1, the `makerjs.extendObject` function copies properties from source objects without proper validation, potentially exposing applicatio... Read more
Affected Products : maker.js- Published: Jan. 28, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Misconfiguration
-
8.8
HIGHCVE-2026-1548
A flaw has been found in Totolink A7000R 4.1cu.4154. This impacts the function CloudACMunualUpdateUserdata of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument url causes command injection. The attack can be initiated remotely. The exploit ... Read more
- Published: Jan. 28, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Injection
-
5.3
MEDIUMCVE-2026-1549
A vulnerability was identified in jishenghua jshERP up to 3.6. Affected by this vulnerability is an unknown functionality of the file /jshERP-boot/plugin/uploadPluginConfigFile of the component PluginController. Such manipulation of the argument configFil... Read more
Affected Products : jsherp- Published: Jan. 28, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Path Traversal
-
5.3
MEDIUMCVE-2026-0398
Crafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor.... Read more
Affected Products : recursor- Published: Feb. 09, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Misconfiguration
-
8.5
HIGHCVE-2025-12772
Brocade SANnav before 2.4.0b logs the Brocade Fabric OS Switch admin password on the SANnav support save logs. When OOM occurs on a Brocade SANnav server, the call stack trace for the Brocade switch is also collected in the heap dump file which contains ... Read more
- Published: Feb. 02, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Information Disclosure
-
4.8
MEDIUMCVE-2026-2069
A flaw has been found in ggml-org llama.cpp up to 55abc39. Impacted is the function llama_grammar_advance_stack of the file llama.cpp/src/llama-grammar.cpp of the component GBNF Grammar Handler. This manipulation causes stack-based buffer overflow. The at... Read more
Affected Products : llama.cpp- Published: Feb. 06, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Memory Corruption
-
9.0
HIGHCVE-2026-2071
A vulnerability was found in UTT 进取 520W 1.7.7-180627. The impacted element is the function strcpy of the file /goform/formP2PLimitConfig. Performing a manipulation of the argument except results in buffer overflow. The attack is possible to be carried ou... Read more
Affected Products :- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2026-2074
A vulnerability was identified in O2OA up to 9.0.0. This impacts an unknown function of the file /x_program_center/jaxrs/mpweixin/check of the component HTTP POST Request Handler. The manipulation leads to xml external entity reference. It is possible to ... Read more
Affected Products : o2oa- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: XML External Entity
-
7.5
HIGHCVE-2026-2073
A vulnerability was determined in itsourcecode School Management System 1.0. This affects an unknown function of the file /ramonsys/user/index.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from rem... Read more
- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Injection
-
5.1
MEDIUMCVE-2020-37079
Wing FTP Server versions prior to 6.2.7 contain a cross-site request forgery (CSRF) vulnerability in the web administration interface that allows attackers to delete admin users. Attackers can craft a malicious HTML page with a hidden form to submit a req... Read more
Affected Products : wing_ftp_server- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Cross-Site Request Forgery