Latest CVE Feed
-
0.0
NACVE-2026-3277
The OpenID Connect (OIDC) authentication configuration in PowerShell Universal before 2026.1.3 stores the OIDC client secret in cleartext in the .universal/authentication.ps1 script, which allows an attacker with read access to that file to obtain the O... Read more
Affected Products :- Published: Feb. 27, 2026
- Modified: Feb. 27, 2026
- Vuln Type: Authentication
-
9.1
CRITICALCVE-2026-2750
Improper Input Validation vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centreon Open Tickets modules).This issue affects Centreon Open Tickets on Central Server: from all before 25.10; 24.10;24.04.... Read more
Affected Products :- Published: Feb. 27, 2026
- Modified: Feb. 27, 2026
- Vuln Type: Injection
-
9.9
CRITICALCVE-2026-2749
Vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centroen Open Ticket modules).This issue affects Centreon Open Tickets on Central Server: from all before 25.10.3, 24.10.8, 24.04.7.... Read more
Affected Products :- Published: Feb. 27, 2026
- Modified: Feb. 27, 2026
- Vuln Type: Information Disclosure
-
8.7
HIGHCVE-2026-2359
Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by dropping connection during file upload, potentially causing resource exhaustion.... Read more
Affected Products :- Published: Feb. 27, 2026
- Modified: Feb. 27, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2026-27831
rldns is an open source DNS server. Version 1.3 has a heap-based out-of-bounds read that leads to denial of service. Version 1.4 contains a patch for the issue.... Read more
Affected Products :- Published: Feb. 26, 2026
- Modified: Feb. 27, 2026
- Vuln Type: Memory Corruption
-
9.1
CRITICALCVE-2025-71056
Improper session management in GCOM EPON 1GE ONU version C00R371V00B01 allows attackers to execute a session hijacking attack via spoofing the IP address of an authenticated user.... Read more
Affected Products :- Published: Feb. 23, 2026
- Modified: Feb. 27, 2026
- Vuln Type: Authentication
-
6.4
MEDIUMCVE-2019-25312
InoERP 0.7.2 contains a persistent cross-site scripting vulnerability in the comment section that allows unauthenticated attackers to inject malicious scripts. Attackers can submit comments with JavaScript payloads that execute in other users' browsers, p... Read more
Affected Products : inoerp- Published: Feb. 11, 2026
- Modified: Feb. 27, 2026
- Vuln Type: Cross-Site Scripting
-
7.5
HIGHCVE-2020-37196
Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the application by providing an oversized registration key. Attackers can generate a 1000-character buffer payload and paste it into the registratio... Read more
Affected Products : domain_name_search_software- Published: Feb. 11, 2026
- Modified: Feb. 27, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2019-25346
TheSystem 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the 'server_name' parameter. Attackers can inject malicious SQL code like ' or '1=1 to retrieve unauthorized database records and potential... Read more
Affected Products : password_management_application- Published: Feb. 12, 2026
- Modified: Feb. 27, 2026
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2026-25963
Fleet is open source device management software. In versions prior to 4.80.1, a broken authorization check in Fleet’s certificate template deletion API could allow a team administrator to delete certificate templates belonging to other teams within the sa... Read more
Affected Products : fleet- Published: Feb. 26, 2026
- Modified: Feb. 27, 2026
- Vuln Type: Authorization
-
7.1
HIGHCVE-2026-27798
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability occurs when processing an image with small dimension using the `-wavelet-denoise... Read more
- Published: Feb. 26, 2026
- Modified: Feb. 27, 2026
- Vuln Type: Memory Corruption
-
4.4
MEDIUMCVE-2026-27799
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the DJVU image format handler. The vulnerability occurs due to integer... Read more
- Published: Feb. 26, 2026
- Modified: Feb. 27, 2026
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2019-25347
thesystem App 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the username parameter. Attackers can inject malicious SQL code like ' or '1=1 to the username field to gain unauthorized access to use... Read more
Affected Products : password_management_application- Published: Feb. 12, 2026
- Modified: Feb. 27, 2026
- Vuln Type: Injection
-
9.1
CRITICALCVE-2026-28215
hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, an unauthenticated attacker can overwrite the entire infrastructure configuration of a self-hosted Hoppscotch instance including OAuth provider credentials and SMTP setting... Read more
Affected Products : hoppscotch- Published: Feb. 26, 2026
- Modified: Feb. 27, 2026
- Vuln Type: Authentication
-
8.3
HIGHCVE-2026-28216
hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, any logged-in user can read, modify or delete another user's personal environment by ID. `user-environments.resolver.ts:82-109`, `updateUserEnvironment` mutation uses `@Use... Read more
Affected Products : hoppscotch- Published: Feb. 26, 2026
- Modified: Feb. 27, 2026
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2026-28217
hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, the `userCollection` GraphQL query accepts an arbitrary collection ID and returns the full collection data — including title, type, and the serialized `data` field containi... Read more
Affected Products : hoppscotch- Published: Feb. 26, 2026
- Modified: Feb. 27, 2026
- Vuln Type: Authorization
-
9.0
HIGHCVE-2026-3272
A vulnerability was determined in Tenda F453 1.0.0.3. Affected is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. This manipulation of the argument page causes buffer overflow. Remote exploitation of the attack i... Read more
- Published: Feb. 27, 2026
- Modified: Feb. 27, 2026
- Vuln Type: Memory Corruption
-
9.0
HIGHCVE-2026-3273
A vulnerability was identified in Tenda F453 1.0.0.3. Affected by this vulnerability is the function formWrlsafeset of the file /goform/AdvSetWrlsafeset of the component httpd. Such manipulation of the argument mit_ssid_index leads to buffer overflow. The... Read more
- Published: Feb. 27, 2026
- Modified: Feb. 27, 2026
- Vuln Type: Memory Corruption
-
9.0
HIGHCVE-2026-3274
A security flaw has been discovered in Tenda F453 1.0.0.3. Affected by this issue is the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Performing a manipulation of the argument page results in buffer overflow. The attack is pos... Read more
- Published: Feb. 27, 2026
- Modified: Feb. 27, 2026
- Vuln Type: Memory Corruption
-
9.0
HIGHCVE-2026-3275
A weakness has been identified in Tenda F453 1.0.0.3. This affects the function fromAddressNat of the file /goform/addressNat of the component httpd. Executing a manipulation of the argument entrys can lead to buffer overflow. The attack may be performed ... Read more
- Published: Feb. 27, 2026
- Modified: Feb. 27, 2026
- Vuln Type: Memory Corruption