Latest CVE Feed
-
9.8
CRITICALCVE-2026-22854
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap-buffer-overflow occurs in drive read when a server-controlled read length is used to read file data into an IRP output stream buffer without a hard upper bound, allow... Read more
Affected Products : freerdp- Published: Jan. 14, 2026
- Modified: Jan. 20, 2026
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2021-47755
Oliver Library Server v5 contains a file download vulnerability that allows unauthenticated attackers to access arbitrary system files through unsanitized input in the FileServlet endpoint. Attackers can exploit the vulnerability by manipulating the 'file... Read more
Affected Products : oliver_v5_library- Published: Jan. 15, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Path Traversal
-
9.8
CRITICALCVE-2025-60021
Remote command injection vulnerability in heap profiler builtin service in Apache bRPC ((all versions < 1.15.0)) on all platforms allows attacker to inject remote command. Root Cause: The bRPC heap profiler built-in service (/pprof/heap) does not valid... Read more
Affected Products : brpc- Published: Jan. 16, 2026
- Modified: Jan. 21, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2021-47854
DD-WRT version 45723 contains a buffer overflow vulnerability in the UPNP network discovery service that allows remote attackers to potentially execute arbitrary code. Attackers can send crafted M-SEARCH packets with oversized UUID payloads to trigger buf... Read more
Affected Products :- Published: Jan. 21, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2026-23519
RustCrypto CMOV provides conditional move CPU intrinsics which are guaranteed on major platforms to execute in constant-time and not be rewritten as branches by the compiler. Prior to 0.4.4, the thumbv6m-none-eabi (Cortex M0, M0+ and M1) compiler emits no... Read more
Affected Products : cmov- Published: Jan. 15, 2026
- Modified: Jan. 23, 2026
- Vuln Type: Cryptography
-
9.8
CRITICALCVE-2025-69992
phpgurukul News Portal Project V4.1 has File Upload Vulnerability via upload.php, which enables the upload of files of any format to the server without identity authentication.... Read more
Affected Products : news_portal- Published: Jan. 13, 2026
- Modified: Jan. 16, 2026
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-67913
Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Aruba HiSpeed Cache: from n/a through < 3.0.3.... Read more
Affected Products : aruba_hispeed_cache- Published: Jan. 08, 2026
- Modified: Jan. 20, 2026
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2025-14231
Buffer overflow in print job processing by WSD on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP67... Read more
Affected Products : mf1238_ii_firmware mf1643i_ii_firmware mf1643if_ii_firmware mf451dw_firmware mf452dw_firmware mf453dw_firmware mf455dw_firmware lbp1238_ii_firmware lbp236dw_firmware lbp237dw_firmware +28 more products- Published: Jan. 16, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-14234
Buffer overflow in CPCA list processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Seri... Read more
Affected Products : mf1238_ii_firmware mf1643i_ii_firmware mf1643if_ii_firmware mf451dw_firmware mf452dw_firmware mf453dw_firmware mf455dw_firmware lbp1238_ii_firmware lbp236dw_firmware lbp237dw_firmware +28 more products- Published: Jan. 16, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-14232
Buffer overflow in XML processing of XPS file in Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670... Read more
Affected Products : mf1238_ii_firmware mf1643i_ii_firmware mf1643if_ii_firmware mf451dw_firmware mf452dw_firmware mf453dw_firmware mf455dw_firmware lbp1238_ii_firmware lbp236dw_firmware lbp237dw_firmware +28 more products- Published: Jan. 16, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2026-1019
Police Statistics Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality.... Read more
Affected Products : police_statistics_database_system- Published: Jan. 16, 2026
- Modified: Jan. 23, 2026
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-14736
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.28.25. This is due to insufficient validation of user-supplied role values in the 'validate_value', 'pre_update_value', and... Read more
Affected Products : frontend_admin- Published: Jan. 09, 2026
- Modified: Jan. 13, 2026
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2022-50925
Prowise Reflect version 1.0.9 contains a remote keystroke injection vulnerability that allows attackers to send keyboard events through an exposed WebSocket on port 8082. Attackers can craft malicious web pages to inject keystrokes, opening applications a... Read more
Affected Products : reflect- Published: Jan. 13, 2026
- Modified: Jan. 30, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-67911
Deserialization of Untrusted Data vulnerability in Tribulant Software Newsletters newsletters-lite allows Object Injection.This issue affects Newsletters: from n/a through <= 4.11.... Read more
Affected Products :- Published: Jan. 08, 2026
- Modified: Jan. 20, 2026
- Vuln Type: Injection
-
9.8
CRITICAL- Published: Jan. 22, 2026
- Modified: Feb. 03, 2026
-
9.8
CRITICALCVE-2026-24770
RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In version 0.23.1 and possibly earlier versions, the MinerU parser contains a "Zip Slip" vulnerability, allowing an attacker to overwrite arbitrary files on the server (leading to Remo... Read more
Affected Products : ragflow- Published: Jan. 27, 2026
- Modified: Jan. 30, 2026
- Vuln Type: Path Traversal
-
9.8
CRITICALCVE-2023-54339
Webgrind 1.1 contains a remote command execution vulnerability that allows unauthenticated attackers to inject OS commands via the dataFile parameter in index.php. Attackers can execute arbitrary system commands by manipulating the dataFile parameter, suc... Read more
Affected Products : webgrind- Published: Jan. 13, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2020-37027
Sickbeard alpha contains a remote command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands through the extra scripts configuration. Attackers can set malicious commands in the extra scripts field and trigger proc... Read more
Affected Products :- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-67921
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VanKarWai Lobo lobo allows Blind SQL Injection.This issue affects Lobo: from n/a through < 2.8.6.... Read more
Affected Products :- Published: Jan. 08, 2026
- Modified: Jan. 20, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-69078
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Malta malta allows PHP Local File Inclusion.This issue affects Malta: from n/a through <= 1.3.3.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Path Traversal