Latest CVE Feed
-
8.8
HIGHCVE-2026-24840
Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, a hardcoded credential in the provided installation script (located at https://dokploy.com/install.sh, line 154) uses a hardcoded password when creating the databa... Read more
Affected Products : dokploy- Published: Jan. 28, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Misconfiguration
-
8.8
HIGHCVE-2021-47758
Chikitsa Patient Management System 2.0.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious PHP plugins through the module upload functionality. Authenticated attackers can generate and upload a ZIP plu... Read more
Affected Products : patient_management_system- Published: Jan. 15, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-10314
Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation FREQSHIP-mini for Windows versions 8.0.0 to 8.0.2 allows a local attacker to execute arbitrary code with system privileges by replacing service executable files (EXE) or DLLs i... Read more
Affected Products :- Published: Feb. 05, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Misconfiguration
-
8.8
HIGHCVE-2026-24854
ChurchCRM is an open-source church management system. A SQL Injection vulnerability exists in endpoint `/PaddleNumEditor.php` in ChurchCRM prior to version 6.7.2. Any authenticated user, including one with zero assigned permissions, can exploit SQL inject... Read more
Affected Products : churchcrm- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Injection
-
8.8
HIGHCVE-2020-36938
WinAVR version 20100110 contains an insecure permissions vulnerability that allows authenticated users to modify system files and executables. Attackers can leverage the overly permissive access controls to potentially modify critical DLLs and executable ... Read more
Affected Products :- Published: Jan. 27, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Authorization
-
8.8
HIGHCVE-2025-31413
Cross-Site Request Forgery (CSRF) vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Cross Site Request Forgery.This issue affects Element Pack Elementor Addons: from n/a through <= 8.3.13.... Read more
Affected Products : element_pack- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Cross-Site Request Forgery
-
8.8
HIGHCVE-2020-37116
GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the platform can remotely access phpMyAdmin and, after uploading a shell, view the config.php file to obtain the MySQL password, leading t... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Authentication
-
8.8
HIGHCVE-2025-69182
Incorrect Privilege Assignment vulnerability in e-plugins Institutions Directory institutions-directory allows Privilege Escalation.This issue affects Institutions Directory: from n/a through <= 1.3.4.... Read more
Affected Products : institutions_directory- Published: Jan. 22, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Authorization
-
8.8
HIGHCVE-2025-69292
Incorrect Privilege Assignment vulnerability in e-plugins WP Membership wp-membership allows Privilege Escalation.This issue affects WP Membership: from n/a through <= 1.6.4.... Read more
Affected Products : wp_membership- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Authorization
-
8.8
HIGHCVE-2020-37078
i-doit Open Source CMDB 1.14.1 contains a file deletion vulnerability in the import module that allows authenticated attackers to delete arbitrary files by manipulating the delete_import parameter. Attackers can send a POST request to the import module wi... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Path Traversal
-
8.8
HIGHCVE-2025-69516
A Server-Side Template Injection (SSTI) vulnerability in the /reporting/templates/preview/ endpoint of Amidaware Tactical RMM, affecting versions equal to or earlier than v1.3.1, allows low-privileged users with Report Viewer or Report Manager permissions... Read more
Affected Products :- Published: Jan. 29, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Injection
-
8.8
HIGHCVE-2020-37073
Victor CMS 1.0 contains an authenticated file upload vulnerability that allows administrators to upload PHP files with arbitrary content through the user_image parameter. Attackers can upload a malicious PHP shell to the /img/ directory and execute system... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Path Traversal
-
8.8
HIGHCVE-2022-50907
e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrative users to bypass upload restrictions and execute PHP files. Attackers can upload malicious PHP files to parent directories by manipulating the upload URL p... Read more
Affected Products : e107- Published: Jan. 13, 2026
- Modified: Jan. 16, 2026
- Vuln Type: Authentication
-
8.8
HIGHCVE-2025-68899
Deserialization of Untrusted Data vulnerability in designthemes Vivagh vivagh allows Object Injection.This issue affects Vivagh: from n/a through <= 2.4.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Injection
-
8.8
HIGHCVE-2020-36969
M/Monit 3.7.4 contains a privilege escalation vulnerability that allows authenticated users to modify user permissions by manipulating the admin parameter. Attackers can send a POST request to the /api/1/admin/users/update endpoint with a crafted payload ... Read more
Affected Products : m\/monit- Published: Jan. 28, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Authorization
-
8.8
HIGHCVE-2025-69035
Deserialization of Untrusted Data vulnerability in strongholdthemes Dental Care CPT dentalcare-cpt allows Object Injection.This issue affects Dental Care CPT: from n/a through <= 20.2.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 28, 2026
- Vuln Type: Injection
-
8.8
HIGHCVE-2026-22861
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Prior to 2.3.1.2, There is a heap-based buffer overflow in SIccCalcOp::Describe()... Read more
Affected Products : iccdev- Published: Jan. 13, 2026
- Modified: Jan. 16, 2026
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-68707
An authentication bypass vulnerability in the Tongyu AX1800 Wi-Fi 6 Router with firmware 1.0.0 allows unauthenticated network-adjacent attackers to perform arbitrary configuration changes without providing credentials, as long as a valid admin session is ... Read more
Affected Products :- Published: Jan. 13, 2026
- Modified: Jan. 16, 2026
- Vuln Type: Authentication
-
8.8
HIGHCVE-2026-0492
SAP HANA database is vulnerable to privilege escalation allowing an attacker with valid credentials of any user to switch to another user potentially gaining administrative access. This exploit could result in a total compromise of the system�s confidenti... Read more
Affected Products : hana_database- Published: Jan. 13, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Authorization
-
8.8
HIGHCVE-2026-0803
A vulnerability was found in PHPGurukul Online Course Registration System up to 3.1. This affects an unknown part of the file /enroll.php. The manipulation of the argument studentregno/Pincode/session/department/level/course/sem results in sql injection. ... Read more
Affected Products : online_course_registration_system- Published: Jan. 09, 2026
- Modified: Jan. 22, 2026
- Vuln Type: Injection