Latest CVE Feed
-
9.8
CRITICALCVE-2020-36964
YATinyWinFTP contains a denial of service vulnerability that allows attackers to crash the FTP service by sending a 272-byte buffer with a trailing space. Attackers can exploit the service by connecting and sending a malformed command that triggers a buff... Read more
Affected Products :- Published: Jan. 28, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Denial of Service
-
9.8
CRITICALCVE-2021-47819
ProjeQtOr Project Management 9.1.4 contains a file upload vulnerability that allows guest users to upload malicious PHP files with arbitrary code execution capabilities. Attackers can upload a PHP script through the profile attachment section and execute ... Read more
Affected Products :- Published: Jan. 15, 2026
- Modified: Jan. 16, 2026
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2026-24061
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.... Read more
- Actively Exploited
- Published: Jan. 21, 2026
- Modified: Jan. 30, 2026
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-15502
A vulnerability was identified in Sangfor Operation and Maintenance Management System up to 3.0.8. The affected element is the function SessionController of the file /isomp-protocol/protocol/session. Such manipulation of the argument Hostname leads to os ... Read more
Affected Products : operation_and_maintenance_security_management_system- Published: Jan. 10, 2026
- Modified: Jan. 22, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2026-22708
Cursor is a code editor built for programming with AI. Prior to 2.3, hen the Cursor Agent is running in Auto-Run Mode with Allowlist mode enabled, certain shell built-ins can still be executed without appearing in the allowlist and without requiring user ... Read more
Affected Products : cursor- Published: Jan. 14, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Misconfiguration
-
9.8
CRITICALCVE-2026-0773
Upsonic Cloudpickle Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Upsonic. Authentication is not required to exploit this vulnerabil... Read more
Affected Products : upsonic- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
-
9.8
CRITICALCVE-2026-0906
Incorrect security UI in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)... Read more
- Published: Jan. 20, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Information Disclosure
-
9.8
CRITICALCVE-2025-69764
Tenda AX3 firmware v16.03.12.11 contains a stack-based buffer overflow in the formGetIptv function due to improper handling of the stbpvid stack buffer, which may result in memory corruption and remote code execution.... Read more
- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2022-50894
VIAVIWEB Wallpaper Admin 1.0 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the img_id parameter. Attackers can send GET requests to edit_gallery_image.php with mali... Read more
Affected Products : wallpaper_admin- Published: Jan. 13, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2026-23760
SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and fails to verify the existing password or a reset token when re... Read more
Affected Products : smartermail- Actively Exploited
- Published: Jan. 22, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2026-20045
A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unity Conne... Read more
- Actively Exploited
- Published: Jan. 21, 2026
- Modified: Jan. 22, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2023-54335
eXtplorer 2.1.14 contains an authentication bypass vulnerability that allows attackers to login without a password by manipulating the login request. Attackers can exploit this flaw to upload malicious PHP files and execute remote commands on the vulnerab... Read more
Affected Products : extplorer- Published: Jan. 13, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-69270
Information Exposure Through Query Strings in GET Request vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Session Hijacking.This issue affects DX NetOps Spectrum: 24.3.8 and earlier.... Read more
- Published: Jan. 12, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Information Disclosure
-
9.8
CRITICALCVE-2025-40554
SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk.... Read more
Affected Products : web_help_desk- Published: Jan. 28, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-15493
A flaw has been found in RainyGao DocSys up to 2.02.36. The impacted element is an unknown function of the file src/com/DocSystem/mapping/ReposAuthMapper.xml. Executing a manipulation of the argument searchWord can lead to sql injection. It is possible to... Read more
Affected Products : docsys- Published: Jan. 09, 2026
- Modified: Jan. 22, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2026-23519
RustCrypto CMOV provides conditional move CPU intrinsics which are guaranteed on major platforms to execute in constant-time and not be rewritten as branches by the compiler. Prior to 0.4.4, the thumbv6m-none-eabi (Cortex M0, M0+ and M1) compiler emits no... Read more
Affected Products : cmov- Published: Jan. 15, 2026
- Modified: Jan. 23, 2026
- Vuln Type: Cryptography
-
9.8
CRITICALCVE-2026-24423
SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API method. The attacker could point the SmarterMail to the malicious HTTP server, which serves the malicious OS comma... Read more
Affected Products : smartermail- Actively Exploited
- Published: Jan. 23, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2021-47875
GeoGebra CAS Calculator 6.0.631.0 contains a denial of service vulnerability that allows attackers to crash the application by generating a large buffer overflow. Attackers can create a payload with 8000 repeated characters and paste it into the calculato... Read more
Affected Products :- Published: Jan. 21, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Denial of Service
-
9.8
CRITICALCVE-2020-36967
Zortam Mp3 Media Studio 27.60 contains a buffer overflow vulnerability in the library creation file selection process that allows remote code execution. Attackers can craft a malicious text file with shellcode to trigger a structured exception handler (SE... Read more
Affected Products :- Published: Jan. 28, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2026-1178
A security vulnerability has been detected in Yonyou KSOA 9.0. Affected by this issue is some unknown functionality of the file /kmf/select.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument folderid leads to sql injection. ... Read more
Affected Products : ksoa- Published: Jan. 19, 2026
- Modified: Feb. 05, 2026