Latest CVE Feed
-
7.5
HIGHCVE-2020-37107
Core FTP LE 2.2 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the account field with a large buffer. Attackers can create a text file with 20,000 repeated characters and paste it into the account ... Read more
Affected Products :- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Denial of Service
-
8.8
HIGHCVE-2020-37163
QuickDate 1.3.2 contains a SQL injection vulnerability that allows remote attackers to manipulate database queries through the '_located' parameter in the find_matches endpoint. Attackers can inject UNION-based SQL statements to extract database informati... Read more
Affected Products :- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Injection
-
6.7
MEDIUMCVE-2020-37171
TapinRadio 2.12.3 contains a denial of service vulnerability in the application proxy username configuration that allows local attackers to crash the application. Attackers can overwrite the username field with 10,000 bytes of arbitrary data to trigger an... Read more
Affected Products :- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Denial of Service
-
6.7
MEDIUMCVE-2020-37170
TapinRadio 2.12.3 contains a denial of service vulnerability in the application proxy address configuration that allows local attackers to crash the application. Attackers can overwrite the address field with 3000 bytes of arbitrary data to trigger an app... Read more
Affected Products :- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2026-25644
DataHub is an open-source metadata platform. Prior to version 1.3.1.8, the LDAP ingestion source is vulnerable to MITM attack through TLS downgrade. This issue has been patched in version 1.3.1.8.... Read more
Affected Products : datahub- Published: Feb. 06, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Misconfiguration
-
8.7
HIGHCVE-2020-37157
DBPower C300 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive credentials through an unprotected configuration backup endpoint. Attackers can download the configuration file and extrac... Read more
Affected Products :- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Information Disclosure
-
6.9
MEDIUMCVE-2020-37166
AbsoluteTelnet 11.12 contains a denial of service vulnerability in the SSH2 username input field that allows local attackers to crash the application. Attackers can overwrite the username field with a 1000-byte buffer, causing the application to become un... Read more
Affected Products :- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2020-37122
SpotFTP-FTP Password Recover 2.4.8 contains a denial of service vulnerability that allows attackers to crash the application by generating a large buffer overflow. Attackers can create a text file with 1000 'Z' characters and input it as a registration co... Read more
Affected Products :- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Denial of Service
-
4.8
MEDIUMCVE-2026-2069
A flaw has been found in ggml-org llama.cpp up to 55abc39. Impacted is the function llama_grammar_advance_stack of the file llama.cpp/src/llama-grammar.cpp of the component GBNF Grammar Handler. This manipulation causes stack-based buffer overflow. The at... Read more
Affected Products : llama.cpp- Published: Feb. 06, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Memory Corruption
-
5.3
MEDIUMCVE-2020-37106
Business Live Chat Software 1.0 contains a cross-site request forgery vulnerability that allows attackers to change user account roles without authentication. Attackers can craft a malicious HTML form to modify user privileges by submitting a POST request... Read more
Affected Products :- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Cross-Site Request Forgery
-
8.7
HIGHCVE-2020-37146
ACE Security WiP-90113 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration files. Attackers can access the camera's configuration backup by sending a GET request to the /con... Read more
Affected Products :- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Information Disclosure
-
6.7
MEDIUMCVE-2020-37165
AbsoluteTelnet 11.12 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized license name. Attackers can generate a 2500-character payload and paste it into the license name field to trigge... Read more
Affected Products :- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Denial of Service
-
9.8
CRITICALCVE-2020-37162
Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability in the registration key input that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload of 1608 bytes to trigger a stack-based buff... Read more
Affected Products :- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Memory Corruption
-
4.8
MEDIUMCVE-2026-2201
A security vulnerability has been detected in ZeroWdd studentmanager up to 2151560fc0a50ec00426785ec1e01a3763b380d9. This impacts the function addLeave of the file src/main/java/com/wdd/studentmanager/controller/LeaveController.java. The manipulation of t... Read more
Affected Products : studentmanager- Published: Feb. 09, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2026-2183
A security vulnerability has been detected in Great Developers Certificate Generation System up to 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73. This affects an unknown part of the file /restructured/csv.php. The manipulation leads to unrestricted upload. Rem... Read more
Affected Products :- Published: Feb. 08, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Misconfiguration
-
4.8
MEDIUMCVE-2026-2200
A weakness has been identified in heyewei JFinalCMS 5.0.0. This affects an unknown function of the file /admin/admin/save of the component API Endpoint. Executing a manipulation can lead to cross site scripting. The attack can be launched remotely. The ex... Read more
Affected Products : jfinalcms- Published: Feb. 09, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Cross-Site Scripting
-
9.8
CRITICALCVE-2026-22903
An unauthenticated remote attacker can send a crafted HTTP request containing an overly long SESSIONID cookie. This can trigger a stack buffer overflow in the modified lighttpd server, causing it to crash and potentially enabling remote code execution due... Read more
Affected Products :- Published: Feb. 09, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2026-2108
A vulnerability was determined in jsbroks COCO Annotator up to 0.11.1. This impacts an unknown function of the file /api/info/long_task of the component Endpoint. This manipulation causes denial of service. The attack may be initiated remotely. The exploi... Read more
Affected Products : coco_annotator- Published: Feb. 07, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Denial of Service
-
9.8
CRITICALCVE-2026-22904
Improper length handling when parsing multiple cookie fields (including TRACKID) allows an unauthenticated remote attacker to send oversized cookie values and trigger a stack buffer overflow, resulting in a denial‑of‑service condition and possible remote ... Read more
Affected Products :- Published: Feb. 09, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2026-22905
An unauthenticated remote attacker can bypass authentication by exploiting insufficient URI validation and using path traversal sequences (e.g., /js/../cgi-bin/post.cgi), gaining unauthorized access to protected CGI endpoints and configuration downloads.... Read more
Affected Products :- Published: Feb. 09, 2026
- Modified: Feb. 09, 2026
- Vuln Type: Path Traversal