Latest CVE Feed
-
7.0
HIGHCVE-2025-10279
In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions (0o777). This vulnerability allows an attacker with write access to the `/tmp` directory to exploit a race cond... Read more
Affected Products : mlflow- Published: Feb. 02, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Race Condition
-
7.5
HIGHCVE-2026-0599
A vulnerability in huggingface/text-generation-inference version 3.3.6 allows unauthenticated remote attackers to exploit unbounded external image fetching during input validation in VLM mode. The issue arises when the router scans inputs for Markdown ima... Read more
Affected Products :- Published: Feb. 02, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Denial of Service
-
8.4
HIGHCVE-2020-37040
Code Blocks 17.12 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting a malicious file name with Unicode characters. Attackers can trigger the vulnerability by pasting a specially crafted payload into... Read more
Affected Products :- Published: Jan. 30, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Memory Corruption
-
6.4
MEDIUMCVE-2022-50797
Stripe Green Downloads Wordpress Plugin 2.03 contains a persistent cross-site scripting vulnerability allowing remote attackers to inject malicious scripts in button label fields. Attackers can exploit input parameters to execute arbitrary scripts, potent... Read more
Affected Products :- Published: Feb. 01, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Cross-Site Scripting
-
8.5
HIGHCVE-2020-37062
DHCP Turbo 4.61298 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code by exploiting the service binary path. Attackers can place malicious executables in the service path to gain elevated priv... Read more
Affected Products :- Published: Feb. 01, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Misconfiguration
-
5.3
MEDIUMCVE-2020-37046
Sistem Informasi Pengumuman Kelulusan Online 1.0 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized admin users through the tambahuser.php endpoint. Attackers can craft a malicious HTML form to submit admin crede... Read more
Affected Products :- Published: Jan. 30, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Cross-Site Request Forgery
-
5.1
MEDIUMCVE-2020-37054
Navigate CMS 2.8.7 contains a cross-site request forgery vulnerability that allows attackers to upload malicious extensions through a crafted HTML page. Attackers can trick authenticated administrators into executing arbitrary file uploads by leveraging t... Read more
Affected Products :- Published: Jan. 30, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Cross-Site Request Forgery
-
8.8
HIGHCVE-2020-37057
Online-Exam-System 2015 contains a SQL injection vulnerability in the feedback module that allows attackers to manipulate database queries through the 'fid' parameter. Attackers can inject malicious SQL code into the 'fid' parameter to potentially extract... Read more
Affected Products :- Published: Jan. 30, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Injection
-
5.5
MEDIUMCVE-2026-1739
A vulnerability has been found in Free5GC pcf up to 1.4.1. This affects the function HandleCreateSmPolicyRequest of the file internal/sbi/processor/smpolicy.go. The manipulation leads to null pointer dereference. The attack is possible to be carried out r... Read more
Affected Products :- Published: Feb. 02, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2020-37033
Infor Storefront B2B 1.0 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'usr_name' parameter in login requests. Attackers can exploit the vulnerability by injecting malicious SQL code into the 'usr_... Read more
Affected Products :- Published: Jan. 30, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Injection
-
8.8
HIGHCVE-2020-37051
Online-Exam-System 2015 contains a time-based blind SQL injection vulnerability in the feedback form that allows attackers to extract database password hashes. Attackers can exploit the 'feed.php' endpoint by crafting malicious payload requests that use t... Read more
Affected Products :- Published: Jan. 30, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2020-37052
AirControl 1.4.2 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through malicious Java expression injection. Attackers can exploit the /.seam endpoint by craftin... Read more
Affected Products :- Published: Jan. 30, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Injection
-
7.5
HIGHCVE-2020-37038
Code Blocks 20.03 contains a denial of service vulnerability that allows attackers to crash the application by manipulating input in the FSymbols search field. Attackers can paste a large payload of 5000 repeated characters into the search field to trigge... Read more
Affected Products :- Published: Jan. 30, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Denial of Service
-
0.0
NACVE-2026-23015
In the Linux kernel, the following vulnerability has been resolved: gpio: mpsse: fix reference leak in gpio_mpsse_probe() error paths The reference obtained by calling usb_get_dev() is not released in the gpio_mpsse_probe() error paths. Fix that by usin... Read more
Affected Products : linux_kernel- Published: Jan. 31, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2026-23018
In the Linux kernel, the following vulnerability has been resolved: btrfs: release path before initializing extent tree in btrfs_read_locked_inode() In btrfs_read_locked_inode() we are calling btrfs_init_file_extent_tree() while holding a path with a re... Read more
Affected Products : linux_kernel- Published: Jan. 31, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Race Condition
-
0.0
NACVE-2026-23028
In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix kvm_device leak in kvm_ipi_destroy() In kvm_ioctl_create_device(), kvm_device has allocated memory, kvm_device->destroy() seems to be supposed to free its kvm_device... Read more
Affected Products : linux_kernel- Published: Jan. 31, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Memory Corruption
-
8.5
HIGHCVE-2020-37061
BOOTP Turbo 2.0.1214 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted executable path to inject malicious code that will b... Read more
Affected Products :- Published: Feb. 01, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Misconfiguration
-
5.5
MEDIUMCVE-2026-1734
A security flaw has been discovered in Zhong Bang CRMEB up to 5.6.3. This vulnerability affects unknown code of the file crmeb/app/api/controller/v1/CrontabController.php of the component crontab Endpoint. The manipulation results in missing authorization... Read more
Affected Products : crmeb- Published: Feb. 02, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Authorization
-
4.6
MEDIUMCVE-2026-1735
A weakness has been identified in Yealink MeetingBar A30 133.321.0.3. This issue affects some unknown processing of the component Diagnostic Handler. This manipulation causes command injection. It is feasible to perform the attack on the physical device. ... Read more
Affected Products :- Published: Feb. 02, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Injection
-
5.5
MEDIUMCVE-2026-1738
A flaw has been found in Open5GS up to 2.7.6. The impacted element is the function sgwc_tunnel_add of the file /src/sgwc/context.c of the component SGWC. Executing a manipulation of the argument pdr can lead to reachable assertion. The attack can be execu... Read more
Affected Products : open5gs- Published: Feb. 02, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Misconfiguration