Latest CVE Feed
-
8.7
HIGHCVE-2026-22776
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.1, a Denial of Service (DoS) vulnerability exists in cpp-httplib due to the unsafe handling of compressed HTTP request bodies (Content-Encoding: gzip, ... Read more
Affected Products : cpp-httplib- Published: Jan. 12, 2026
- Modified: Jan. 15, 2026
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2026-24136
Saleor is an e-commerce platform. Versions 3.2.0 through 3.20.109, 3.21.0-a.0 through 3.21.44 and 3.22.0-a.0 through 3.22.28 have a n Insecure Direct Object Reference (IDOR) vulnerability that allows unauthenticated actors to extract sensitive information... Read more
Affected Products : saleor- Published: Jan. 24, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Information Disclosure
-
8.7
HIGHCVE-2026-24133
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addImage method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can p... Read more
Affected Products : jspdf- Published: Feb. 02, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2024-58339
LlamaIndex (run-llama/llama_index) versions up to and including 0.12.2 contain an uncontrolled resource consumption vulnerability in the VannaPack VannaQueryEngine implementation. The custom_query() logic generates SQL statements from a user-supplied prom... Read more
Affected Products : llamaindex- Published: Jan. 12, 2026
- Modified: Jan. 21, 2026
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2025-9282
A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. During execution of the Achilles Comprehensive limited storm tests, the device reboots unexpectedly, causing the Link State Monitor to go down for several seco... Read more
- Published: Jan. 20, 2026
- Modified: Feb. 02, 2026
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2021-47752
AWebServer GhostBuilding 18 contains a denial of service vulnerability that allows remote attackers to overwhelm the server by sending multiple concurrent HTTP requests. Attackers can generate high-volume requests to multiple endpoints including /mysqladm... Read more
Affected Products : awebserver- Published: Jan. 15, 2026
- Modified: Jan. 23, 2026
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2026-24139
MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below do not safeguard against authorization bypass, allowing guest users to download the complete application database. The application fails to properly valida... Read more
Affected Products : mytube- Published: Jan. 24, 2026
- Modified: Feb. 02, 2026
- Vuln Type: Authorization
-
8.7
HIGHCVE-2026-23625
OpenProject is an open-source, web-based project management software. Versions 16.3.0 through 16.6.4 are affected by a stored cross-site scripting vulnerability in the Roadmap view. OpenProject’s roadmap view renders the “Related work packages” list for e... Read more
Affected Products : openproject- Published: Jan. 19, 2026
- Modified: Feb. 02, 2026
- Vuln Type: Cross-Site Scripting
-
8.7
HIGHCVE-2020-37034
HelloWeb 2.0 contains an arbitrary file download vulnerability that allows remote attackers to download system files by manipulating filepath and filename parameters. Attackers can send crafted GET requests to download.asp with directory traversal to acce... Read more
Affected Products :- Published: Jan. 30, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Path Traversal
-
8.7
HIGHCVE-2025-9465
A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. During execution of the Achilles Comprehensive grammar tests, the device reboots unexpectedly, causing the Link State Monitor to go down for several seconds.... Read more
- Published: Jan. 20, 2026
- Modified: Feb. 02, 2026
- Vuln Type: Denial of Service
-
8.6
HIGHCVE-2026-22865
Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. When resolving dependencies in versions before 9.3.0, some exceptions were not treated as fatal errors and would not cause a repository to be disabled.... Read more
Affected Products : gradle- Published: Jan. 16, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Misconfiguration
-
8.6
HIGHCVE-2025-67963
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ovatheme Movie Booking movie-booking allows Path Traversal.This issue affects Movie Booking: from n/a through <= 1.1.5.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Path Traversal
-
8.6
HIGHCVE-2025-27378
AES contains a SQL injection vulnerability due to an inactive configuration that prevents the latest SQL parsing logic from being applied. When this configuration is not enabled, crafted input may be improperly handled, allowing attackers to inject and ex... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Injection
-
8.6
HIGHCVE-2025-69662
SQL injection vulnerability in geopandas before v.1.1.2 allows an attacker to obtain sensitive information via the to_postgis()` function being used to write GeoDataFrames to a PostgreSQL database.... Read more
Affected Products :- Published: Jan. 30, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Injection
-
8.6
HIGHCVE-2026-23493
Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the http_error_log file stores the $_COOKIE and $_SERVER variables, which means sensitive information such as database passwords, cookie session data, and other ... Read more
Affected Products : pimcore- Published: Jan. 15, 2026
- Modified: Jan. 20, 2026
- Vuln Type: Information Disclosure
-
8.6
HIGHCVE-2025-57793
Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by insufficient validation of user-supplied input in a web application component. Crafted input can be executed as part of backend database queries. The issue is exploit... Read more
Affected Products : blue- Published: Jan. 28, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Injection
-
8.6
HIGHCVE-2026-23512
SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, there is a Untrusted Search Path vulnerability when Advanced Options setting is trigger. The application executes notepad.exe without specifying an absolute path when using the Advance... Read more
- Published: Jan. 14, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Misconfiguration
-
8.6
HIGHCVE-2026-22816
Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. When resolving dependencies in versions before 9.3.0, some exceptions were not treated as fatal errors and would not cause a repository to be disabled.... Read more
Affected Products : gradle- Published: Jan. 16, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Supply Chain
-
8.6
HIGHCVE-2025-68901
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AivahThemes Anona anona allows Path Traversal.This issue affects Anona: from n/a through <= 8.0.... Read more
Affected Products :- Published: Jan. 22, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Path Traversal
-
8.6
HIGHCVE-2020-37137
PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'add_panel_form()' function that allows attackers to execute arbitrary code through an eval() function with unsanitized POST data. Attackers can exploit the vulnerability by sending ... Read more
Affected Products :- Published: Feb. 05, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Injection