Latest CVE Feed
-
0.0
NACVE-2026-24783
soroban-fixed-point-math is a fixed-point math library for Soroban smart contacts. In versions 1.3.0 and 1.4.0, the `mulDiv(x, y, z)` function incorrectly handled cases where both the intermediate product $x * y$ and the divisor $z$ were negative. The log... Read more
Affected Products :- Published: Jan. 27, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Misconfiguration
-
6.7
MEDIUMCVE-2025-47334
Memory corruption while processing shared command buffer packet between camera userspace and kernel.... Read more
Affected Products : qca6391_firmware qca6595au_firmware sd_8_gen1_5g_firmware sw5100_firmware sw5100p_firmware wcd9380_firmware wcd9385_firmware wcn3980_firmware wcn3988_firmware wsa8810_firmware +282 more products- Published: Jan. 07, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2026-24779
vLLM is an inference and serving engine for large language models (LLMs). Prior to version 0.14.1, a Server-Side Request Forgery (SSRF) vulnerability exists in the `MediaConnector` class within the vLLM project's multimodal feature set. The load_from_url ... Read more
Affected Products :- Published: Jan. 27, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Server-Side Request Forgery
-
0.0
NACVE-2026-24778
Ghost is an open source content management system. In Ghost versions 5.43.0 through 5.12.04 and 6.0.0 through 6.14.0, an attacker was able to craft a malicious link that, when accessed by an authenticated staff user or member, would execute JavaScript wit... Read more
Affected Products :- Published: Jan. 27, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Cross-Site Scripting
-
0.0
NACVE-2026-24770
RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In version 0.23.1 and possibly earlier versions, the MinerU parser contains a "Zip Slip" vulnerability, allowing an attacker to overwrite arbitrary files on the server (leading to Remo... Read more
Affected Products :- Published: Jan. 27, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Path Traversal
-
6.7
MEDIUMCVE-2025-47335
Memory corruption while parsing clock configuration data for a specific hardware type.... Read more
Affected Products : wcd9380_firmware wcd9385_firmware wsa8830_firmware wsa8835_firmware qca6698aq_firmware qcm6490_firmware qcs6490_firmware wcd9370_firmware wcd9375_firmware wsa8832_firmware +80 more products- Published: Jan. 07, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Memory Corruption
-
6.7
MEDIUMCVE-2025-47336
Memory corruption while performing sensor register read operations.... Read more
Affected Products : wsa8830_firmware wsa8835_firmware wsa8832_firmware fastconnect_7800_firmware wcd9395_firmware wsa8840_firmware wsa8845_firmware wsa8845h_firmware wsa8830 wsa8835 +26 more products- Published: Jan. 07, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Memory Corruption
-
6.7
MEDIUMCVE-2025-47337
Memory corruption while accessing a synchronization object during concurrent operations.... Read more
Affected Products : qca6391_firmware wcd9380_firmware wcd9385_firmware wsa8830_firmware wsa8835_firmware qca6698aq_firmware qcm6490_firmware qcn9011_firmware qcn9012_firmware qcs6490_firmware +118 more products- Published: Jan. 07, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2026-24765
PHPUnit is a testing framework for PHP. A vulnerability has been discovered in versions prior to 12.5.8, 11.5.50, 10.5.62, 9.6.33, and 8.5.52 involving unsafe deserialization of code coverage data in PHPT test execution. The vulnerability exists in the `c... Read more
Affected Products :- Published: Jan. 27, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-66518
Any client who can access to Apache Kyuubi Server via Kyuubi frontend protocols can bypass server-side config kyuubi.session.local.dir.allow.list and use local files which are not listed in the config. This issue affects Apache Kyuubi: from 1.6.0 through... Read more
Affected Products : kyuubi- Published: Jan. 05, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Misconfiguration
-
6.3
MEDIUMCVE-2025-14017
When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification ... Read more
Affected Products : curl- Published: Jan. 08, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Misconfiguration
-
7.8
HIGHCVE-2025-47339
Memory corruption while deinitializing a HDCP session.... Read more
Affected Products : qam8295p_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa6145p_firmware sa6150p_firmware sa6155p_firmware sa8145p_firmware sa8150p_firmware sa8155p_firmware +360 more products- Published: Jan. 07, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Memory Corruption
-
6.7
MEDIUMCVE-2025-47344
Memory corruption while handling sensor utility operations.... Read more
Affected Products : qca6574au_firmware qca6595au_firmware qca6696_firmware sa6155p_firmware sa8155p_firmware sa8195p_firmware wcd9380_firmware wcd9385_firmware wcn3988_firmware wsa8810_firmware +154 more products- Published: Jan. 07, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2026-24748
Kargo manages and automates the promotion of software artifacts. Prior to versions 1.8.7, 1.7.7, and 1.6.3, a bug was found with authentication checks on the `GetConfig()` API endpoint. This allowed unauthenticated users to access this endpoint by specify... Read more
Affected Products :- Published: Jan. 27, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Authentication
-
8.4
HIGHCVE-2025-47345
Cryptographic issue may occur while encrypting license data.... Read more
Affected Products : qam8295p_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa8295p_firmware wcd9380_firmware wcd9385_firmware wcn3988_firmware wsa8810_firmware wsa8815_firmware +200 more products- Published: Jan. 07, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Cryptography
-
7.8
HIGHCVE-2025-47346
Memory corruption while processing a secure logging command in the trusted application.... Read more
Affected Products : qam8295p_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa6145p_firmware sa6150p_firmware sa6155p_firmware sa8145p_firmware sa8150p_firmware sa8155p_firmware +216 more products- Published: Jan. 07, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-47348
Memory corruption while processing identity credential operations in the trusted application.... Read more
Affected Products : aqt1000_firmware qam8295p_firmware qca6391_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa6145p_firmware sa6150p_firmware sa6155p_firmware sa8145p_firmware +398 more products- Published: Jan. 07, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2026-24858
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, For... Read more
Affected Products :- Published: Jan. 27, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Authentication
-
8.7
HIGHCVE-2026-24740
Dozzle is a realtime log viewer for docker containers. Prior to version 9.0.3, a flaw in Dozzle’s agent-backed shell endpoints allows a user restricted by label filters (for example, `label=env=dev`) to obtain an interactive root shell in out‑of‑scope con... Read more
Affected Products :- Published: Jan. 27, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Authorization
-
5.9
MEDIUMCVE-2026-24738
gmrtd is a Go library for reading Machine Readable Travel Documents (MRTDs). Prior to version 0.17.2, ReadFile accepts TLVs with lengths that can range up to 4GB, which can cause unconstrained resource consumption in both memory and cpu cycles. ReadFile c... Read more
Affected Products :- Published: Jan. 27, 2026
- Modified: Jan. 27, 2026
- Vuln Type: Denial of Service