Latest CVE Feed
-
9.8
CRITICALCVE-2020-36948
VestaCP 0.9.8-26 contains a session token vulnerability in the LoginAs module that allows remote attackers to manipulate authentication tokens. Attackers can exploit insufficient token validation to access user accounts and perform unauthorized login requ... Read more
Affected Products :- Published: Jan. 27, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Authentication
-
7.1
HIGHCVE-2020-36947
LibreNMS 1.46 contains an authenticated SQL injection vulnerability in the MAC accounting graph endpoint that allows remote attackers to extract database information. Attackers can exploit the vulnerability by manipulating the 'sort' parameter with crafte... Read more
Affected Products : librenms- Published: Jan. 27, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Injection
-
8.7
HIGHCVE-2020-36946
SyncBreeze 10.0.28 contains a denial of service vulnerability in the login endpoint that allows remote attackers to crash the service. Attackers can send an oversized payload in the login request to overwhelm the application and potentially disrupt servic... Read more
Affected Products :- Published: Jan. 27, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Denial of Service
-
9.8
CRITICALCVE-2020-36941
Knockpy 4.1.1 contains a CSV injection vulnerability that allows attackers to inject malicious formulas into CSV reports through unfiltered server headers. Attackers can manipulate server response headers to include spreadsheet formulas that will execute ... Read more
Affected Products :- Published: Jan. 27, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2020-36940
Easy CD & DVD Cover Creator 4.13 contains a buffer overflow vulnerability in the serial number input field that allows attackers to crash the application. Attackers can generate a 6000-byte payload and paste it into the serial number field to trigger an a... Read more
Affected Products :- Published: Jan. 27, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Memory Corruption
-
6.7
MEDIUMCVE-2025-47334
Memory corruption while processing shared command buffer packet between camera userspace and kernel.... Read more
Affected Products : qca6391_firmware qca6595au_firmware sd_8_gen1_5g_firmware sw5100_firmware sw5100p_firmware wcd9380_firmware wcd9385_firmware wcn3980_firmware wcn3988_firmware wsa8810_firmware +282 more products- Published: Jan. 07, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Memory Corruption
-
6.7
MEDIUMCVE-2025-47335
Memory corruption while parsing clock configuration data for a specific hardware type.... Read more
Affected Products : wcd9380_firmware wcd9385_firmware wsa8830_firmware wsa8835_firmware qca6698aq_firmware qcm6490_firmware qcs6490_firmware wcd9370_firmware wcd9375_firmware wsa8832_firmware +80 more products- Published: Jan. 07, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Memory Corruption
-
6.7
MEDIUMCVE-2025-47336
Memory corruption while performing sensor register read operations.... Read more
Affected Products : wsa8830_firmware wsa8835_firmware wsa8832_firmware fastconnect_7800_firmware wcd9395_firmware wsa8840_firmware wsa8845_firmware wsa8845h_firmware wsa8830 wsa8835 +26 more products- Published: Jan. 07, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Memory Corruption
-
6.7
MEDIUMCVE-2025-47337
Memory corruption while accessing a synchronization object during concurrent operations.... Read more
Affected Products : qca6391_firmware wcd9380_firmware wcd9385_firmware wsa8830_firmware wsa8835_firmware qca6698aq_firmware qcm6490_firmware qcn9011_firmware qcn9012_firmware qcs6490_firmware +118 more products- Published: Jan. 07, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-66518
Any client who can access to Apache Kyuubi Server via Kyuubi frontend protocols can bypass server-side config kyuubi.session.local.dir.allow.list and use local files which are not listed in the config. This issue affects Apache Kyuubi: from 1.6.0 through... Read more
Affected Products : kyuubi- Published: Jan. 05, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Misconfiguration
-
6.3
MEDIUMCVE-2025-14017
When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification ... Read more
Affected Products : curl- Published: Jan. 08, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Misconfiguration
-
7.8
HIGHCVE-2025-47339
Memory corruption while deinitializing a HDCP session.... Read more
Affected Products : qam8295p_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa6145p_firmware sa6150p_firmware sa6155p_firmware sa8145p_firmware sa8150p_firmware sa8155p_firmware +360 more products- Published: Jan. 07, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Memory Corruption
-
6.7
MEDIUMCVE-2025-47344
Memory corruption while handling sensor utility operations.... Read more
Affected Products : qca6574au_firmware qca6595au_firmware qca6696_firmware sa6155p_firmware sa8155p_firmware sa8195p_firmware wcd9380_firmware wcd9385_firmware wcn3988_firmware wsa8810_firmware +154 more products- Published: Jan. 07, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2025-47345
Cryptographic issue may occur while encrypting license data.... Read more
Affected Products : qam8295p_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa8295p_firmware wcd9380_firmware wcd9385_firmware wcn3988_firmware wsa8810_firmware wsa8815_firmware +200 more products- Published: Jan. 07, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Cryptography
-
7.8
HIGHCVE-2025-47346
Memory corruption while processing a secure logging command in the trusted application.... Read more
Affected Products : qam8295p_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa6145p_firmware sa6150p_firmware sa6155p_firmware sa8145p_firmware sa8150p_firmware sa8155p_firmware +216 more products- Published: Jan. 07, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-47348
Memory corruption while processing identity credential operations in the trusted application.... Read more
Affected Products : aqt1000_firmware qam8295p_firmware qca6391_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa6145p_firmware sa6150p_firmware sa6155p_firmware sa8145p_firmware +398 more products- Published: Jan. 07, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Memory Corruption
-
8.7
HIGHCVE-2026-24740
Dozzle is a realtime log viewer for docker containers. Prior to version 9.0.3, a flaw in Dozzle’s agent-backed shell endpoints allows a user restricted by label filters (for example, `label=env=dev`) to obtain an interactive root shell in out‑of‑scope con... Read more
Affected Products : dozzle- Published: Jan. 27, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Authorization
-
5.9
MEDIUMCVE-2026-24738
gmrtd is a Go library for reading Machine Readable Travel Documents (MRTDs). Prior to version 0.17.2, ReadFile accepts TLVs with lengths that can range up to 4GB, which can cause unconstrained resource consumption in both memory and cpu cycles. ReadFile c... Read more
Affected Products :- Published: Jan. 27, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Denial of Service
-
9.1
CRITICALCVE-2026-24736
Squidex is an open source headless content management system and content management hub. Versions of the application up to and including 7.21.0 allow users to define "Webhooks" as actions within the Rules engine. The url parameter in the webhook configura... Read more
Affected Products :- Published: Jan. 27, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Server-Side Request Forgery
-
6.5
MEDIUMCVE-2026-24623
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in saeros1984 Neoforum neoforum allows Reflected XSS.This issue affects Neoforum: from n/a through <= 1.0.... Read more
Affected Products :- Published: Jan. 23, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Cross-Site Scripting