Latest CVE Feed
-
3.7
LOWCVE-2025-68157
Webpack is a module bundler. From version 5.49.0 to before 5.104.0, when experiments.buildHttp is enabled, webpack’s HTTP(S) resolver (HttpUriPlugin) enforces allowedUris only for the initial URL, but does not re-validate allowedUris after following HTTP ... Read more
Affected Products :- Published: Feb. 05, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Server-Side Request Forgery
-
7.5
HIGHCVE-2026-2011
A vulnerability was found in itsourcecode Student Management System 1.0. The affected element is an unknown function of the file /ramonsys/enrollment/controller.php. The manipulation of the argument ID results in sql injection. The attack can be launched ... Read more
Affected Products :- Published: Feb. 06, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Injection
-
7.8
HIGHCVE-2026-0662
A maliciously crafted project directory, when opening a max file in Autodesk 3ds Max, could lead to execution of arbitrary code in the context of the current process due to an Untrusted Search Path being utilized.... Read more
Affected Products : 3ds_max- Published: Feb. 04, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Misconfiguration
-
6.8
MEDIUMCVE-2026-23794
Reflected XSS in Apache Syncope's Enduser Login page. An attacker that tricks a legitimate user into clicking a malicious link and logging in to Syncope Enduser could steal that user's credentials. This issue affects Apache Syncope: from 3.0 through 3.0.... Read more
Affected Products : syncope- Published: Feb. 03, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Cross-Site Scripting
-
4.9
MEDIUMCVE-2026-23795
Improper Restriction of XML External Entity Reference vulnerability in Apache Syncope Console. An administrator with adequate entitlements to create or edit Keymaster parameters via Console can construct malicious XML text to launch an XXE attack, thereby... Read more
Affected Products : syncope- Published: Feb. 03, 2026
- Modified: Feb. 06, 2026
- Vuln Type: XML External Entity
-
7.5
HIGHCVE-2026-24735
Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 1.7.1. An unauthenticated API endpoint incorrectly exposes full revision history for deleted content. This allows... Read more
Affected Products : answer- Published: Feb. 04, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Information Disclosure
-
7.8
HIGHCVE-2026-24765
PHPUnit is a testing framework for PHP. A vulnerability has been discovered in versions prior to 12.5.8, 11.5.50, 10.5.62, 9.6.33, and 8.5.52 involving unsafe deserialization of code coverage data in PHPT test execution. The vulnerability exists in the `c... Read more
Affected Products : phpunit- Published: Jan. 27, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Injection
-
5.0
MEDIUMCVE-2026-1446
There is a Cross‑Site Scripting (XSS) issue in Esri ArcGIS Pro versions 3.6.0 and earlier. ArcGIS Pro is a desktop application, and exploitation is limited to local users interacting with the application; no privileged role or elevated permissions are req... Read more
Affected Products : arcgis_pro- Published: Jan. 26, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Cross-Site Scripting
-
8.8
HIGHCVE-2025-15080
Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric MELSEC iQ-R Series R08PCPU, R16PCPU, R32PCPU, and R120PCPU allows an unauthenticated attacker to read device data or part of a control program from the affected produc... Read more
Affected Products :- Published: Feb. 05, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Information Disclosure
-
4.6
MEDIUMCVE-2026-25068
alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder. The tplg_decode_control_mixer1() function reads the num_channels field from untrusted .tplg data and... Read more
Affected Products :- Published: Jan. 29, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2020-37121
CODE::BLOCKS 16.01 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler with crafted Unicode characters. Attackers can create a malicious M3U playlist file with 536 bytes of b... Read more
Affected Products :- Published: Feb. 05, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2026-0536
A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.... Read more
Affected Products : 3ds_max- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Memory Corruption
-
6.1
MEDIUMCVE-2025-56451
Cross site scripting vulnerability in seeyon Zhiyuan A8+ Collaborative Management Software 7.0 via the topValue parameter to the seeyon/main.do endpoint.... Read more
Affected Products : a8\+_collaborative_management- Published: Jan. 16, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Cross-Site Scripting
-
7.5
HIGHCVE-2025-69581
An issue was discovered in Chamillo LMS 1.11.2. The Social Network /personal_data endpoint exposes full sensitive user information even after logout because proper cache-control is missing. Using the browser back button restores all personal data, allowin... Read more
Affected Products : chamilo_lms- Published: Jan. 16, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Information Disclosure
-
9.0
CRITICALCVE-2026-23520
Arcane provides modern docker management. Prior to 1.13.0, Arcane has a command injection in the updater service. Arcane’s updater service supported lifecycle labels com.getarcaneapp.arcane.lifecycle.pre-update and com.getarcaneapp.arcane.lifecycle.post-u... Read more
Affected Products : arcane- Published: Jan. 15, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Injection
-
6.9
MEDIUMCVE-2026-20977
Improper access control in Emergency Sharing prior to SMR Feb-2026 Release 1 allows local attackers to interrupt its functioning.... Read more
Affected Products : android- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Authorization
-
6.1
MEDIUMCVE-2026-20978
Improper authorization in KnoxGuardManager prior to SMR Feb-2026 Release 1 allows local attackers to bypass the persistence configuration of the application.... Read more
Affected Products : android- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Authorization
-
8.4
HIGHCVE-2026-20983
Improper export of android application components in Samsung Dialer prior to SMR Feb-2026 Release 1 allows local attackers to launch arbitrary activity with Samsung Dialer privilege.... Read more
Affected Products : android- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Authorization
-
6.8
MEDIUMCVE-2026-20982
Path traversal in ShortcutService prior to SMR Feb-2026 Release 1 allows privileged local attacker to create file with system privilege.... Read more
Affected Products : android- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Path Traversal
-
6.6
MEDIUMCVE-2026-20981
Improper input validation in FacAtFunction prior to SMR Feb-2026 Release 1 allows privileged physical attacker to execute arbitrary command with system privilege.... Read more
Affected Products : android- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Injection