Latest CVE Feed
-
7.8
HIGHCVE-2025-20798
In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ... Read more
- Published: Jan. 06, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-14417
pdfforge PDF Architect Launch Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of pdfforge PDF Architect. User interaction is required to exploit th... Read more
Affected Products : pdf_architect- Published: Dec. 23, 2025
- Modified: Jan. 02, 2026
- Vuln Type: Misconfiguration
-
7.8
HIGHCVE-2025-14419
pdfforge PDF Architect PDF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of pdfforge PDF Architect. User interaction is required to exploi... Read more
Affected Products : pdf_architect- Published: Dec. 23, 2025
- Modified: Jan. 02, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2026-21486
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below contain Use After Free, Heap-based Buffer Overflow and Integer Overflow or Wraparound and Out-of-bounds Write vulnerabilities in its CI... Read more
Affected Products : iccdev- Published: Jan. 06, 2026
- Modified: Jan. 12, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2026-21504
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to heap buffer overflow in the ToneMap parser. This issue has been ... Read more
Affected Products : iccdev- Published: Jan. 07, 2026
- Modified: Jan. 09, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-13714
Tencent MedicalNet generate_model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent MedicalNet. User interaction is required to ... Read more
Affected Products :- Published: Dec. 23, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Injection
-
7.8
HIGHCVE-2025-13706
Tencent PatrickStar merge_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent PatrickStar. User interaction is required... Read more
Affected Products :- Published: Dec. 23, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Injection
-
7.8
HIGHCVE-2025-14958
A security flaw has been discovered in floooh sokol up to 33e2271c431bf21de001e972f72da17a984da932. This vulnerability affects the function _sg_pipeline_common_init in the library sokol_gfx.h. Performing manipulation results in heap-based buffer overflow.... Read more
Affected Products : sokol- Published: Dec. 19, 2025
- Modified: Dec. 30, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-47380
Memory corruption while preprocessing IOCTLs in sensors.... Read more
Affected Products :- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-47356
Memory Corruption when multiple threads concurrently access and modify shared resources.... Read more
Affected Products :- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Race Condition
-
7.8
HIGHCVE-2025-47346
Memory corruption while processing a secure logging command in the trusted application.... Read more
Affected Products :- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-47393
Memory corruption when accessing resources in kernel driver.... Read more
Affected Products :- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-47388
Memory corruption while passing pages to DSP with an unaligned starting address.... Read more
Affected Products :- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2024-46062
Miniconda3 macOS installers before 23.11.0-1 contain a local privilege escalation vulnerability when installed outside the user's home directory. During installation, world-writable files are created and executed with root privileges. This flaw allows a l... Read more
- Published: Dec. 17, 2025
- Modified: Jan. 05, 2026
- Vuln Type: Misconfiguration
-
7.8
HIGHCVE-2025-15155
A vulnerability was detected in floooh sokol up to 16cbcc864012898793cd2bc57f802499a264ea40. The impacted element is the function _sg_pipeline_desc_defaults in the library sokol_gfx.h. The manipulation results in stack-based buffer overflow. The attack re... Read more
Affected Products : sokol- Published: Dec. 28, 2025
- Modified: Jan. 06, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2024-46060
Anaconda3 macOS installers before 2024.06-1 contain a local privilege escalation vulnerability when installed outside the user's home directory. During installation, world-writable files are created and executed with root privileges. This allows a local l... Read more
- Published: Dec. 17, 2025
- Modified: Jan. 05, 2026
- Vuln Type: Misconfiguration
-
7.8
HIGHCVE-2025-14026
Forcepoint One DLP Client, version 23.04.5642 (and possibly newer versions), includes a restricted version of Python 2.5.4 that prevents use of the ctypes library. ctypes is a foreign function interface (FFI) for Python, enabling calls to DLLs/shared libr... Read more
Affected Products :- Published: Jan. 06, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-13711
Tencent TFace eval Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent TFace. User interaction is required to exploit this vulnera... Read more
Affected Products : tface- Published: Dec. 23, 2025
- Modified: Jan. 12, 2026
- Vuln Type: Information Disclosure
-
7.8
HIGHCVE-2025-13709
Tencent TFace restore_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent TFace. User interaction is required to exploi... Read more
Affected Products : tface- Published: Dec. 23, 2025
- Modified: Jan. 12, 2026
- Vuln Type: Injection
-
7.8
HIGHCVE-2025-33212
NVIDIA NeMo Framework contains a vulnerability in model loading that could allow an attacker to exploit improper control mechanisms if a user loads a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, escala... Read more
Affected Products : nemo- Published: Dec. 16, 2025
- Modified: Jan. 09, 2026
- Vuln Type: Misconfiguration