CVEs

31,844 total · page 179 of 637

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2026-20649	Apple Inc. macOS	Hig	0.49	7.5	0.00	Feb 11, 2026	A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, watchOS 26.3. A user may be able to view sensitive user information.
CVE-2026-20641	Apple Inc. macOS	Hig	0.46	7.1	0.00	Feb 11, 2026	A privacy issue was addressed with improved checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An app may be able to identify what other apps…
CVE-2026-20628	Apple Inc. macOS	Hig	0.46	7.1	0.00	Feb 11, 2026	A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An app may be able to break out of…
CVE-2026-20626	Apple Inc. macOS	Hig	0.51	7.8	0.00	Feb 11, 2026	This issue was addressed with improved checks. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Tahoe 26.3, visionOS 26.3. A malicious app may be able to gain root privileges.
CVE-2026-20620	Apple Inc. macOS	Hig	0.50	7.7	0.00	Feb 11, 2026	An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. An attacker may be able to cause unexpected system termination or read kernel memory.
CVE-2026-20617	Apple Inc. macOS	Hig	0.46	7.0	0.00	Feb 11, 2026	A race condition was addressed with improved state handling. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An app may be able to gain root privileges.
CVE-2026-20616	Apple Inc. macOS	Hig	0.57	8.8	0.01	Feb 11, 2026	An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3. Processing a maliciously crafted USD file may lead to unexpected app termination.
CVE-2026-20615	Apple Inc. macOS	Hig	0.51	7.8	0.00	Feb 11, 2026	A path handling issue was addressed with improved validation. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3. An app may be able to gain root privileges.
CVE-2026-20614	Apple Inc. macOS	Hig	0.51	7.8	0.00	Feb 11, 2026	A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. An app may be able to gain root privileges.
CVE-2026-20611	Apple Inc. macOS	Hig	0.51	7.8	0.00	Feb 11, 2026	An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing a maliciously…
CVE-2026-20606	Apple Inc. macOS	Hig	0.46	7.1	0.00	Feb 11, 2026	This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. An app may be able to bypass certain Privacy preferences.
CVE-2025-46290	Apple Inc. macOS	Hig	0.49	7.5	0.01	Feb 11, 2026	A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.2, visionOS 26.2, watchOS 26.2. A remote attacker may be able to cause a denial-of-service.
CVE-2026-26029	Akutishevsky Sf Mcp Server	Hig	0.49	7.5	0.01	Feb 11, 2026	sf-mcp-server is an implementation of Salesforce MCP server for Claude for Desktop. A command injection vulnerability exists in sf-mcp-server due to unsafe use of child_process.exec when constructing Salesforce CLI commands with user-controlled input. Successful exploitation…
CVE-2026-26158	Busybox Busybox	Hig	0.46	7.0	0.00	Feb 11, 2026	A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar archive is extracted with elevated privileges, this…
CVE-2026-26157	Busybox Busybox	Hig	0.49	7.0	0.01	Feb 11, 2026	A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may write to files outside the intended directory. This can lead to arbitrary file…
CVE-2026-25990	Python (programming language) Pillow	Hig	0.42	7.5	0.00	Feb 11, 2026	Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, an out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.
CVE-2020-37215	Top Password MSN Password Recovery	Hig	0.49	7.5	0.00	Feb 11, 2026	MSN Password Recovery version 1.30 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized input in the registration code field. Attackers can generate a 9000-byte buffer of repeated characters and paste it into the…
CVE-2020-37214	The Control Group Voyager	Hig	0.42	7.5	0.01	Feb 11, 2026	Voyager 1.3.0 contains a directory traversal vulnerability that allows attackers to access sensitive system files by manipulating the asset path parameter. Attackers can exploit the path parameter in /admin/voyager-assets to read arbitrary files like /etc/passwd and .env…
CVE-2020-37213	DigitalVolcano TextCrawler Pro	Hig	0.49	7.5	0.00	Feb 11, 2026	TextCrawler Pro 3.1.1 contains a denial of service vulnerability that allows attackers to crash the application by sending an oversized buffer in the license key field. Attackers can generate a 6000-byte payload and paste it into the activation field to trigger an application…
CVE-2020-37203	Nsauditor Office Product Key Finder	Hig	0.49	7.5	0.00	Feb 11, 2026	Office Product Key Finder 1.5.4 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the registration code input. Attackers can create a specially crafted text file and paste it into the 'Name and Key' field to trigger an…
CVE-2020-37202	NetworkSleuth NetworkSleuth	Hig	0.49	7.5	0.00	Feb 11, 2026	NetworkSleuth 3.0.0.0 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character buffer payload and paste it into the registration key field to trigger an…
CVE-2020-37198	DigitalVolcano Duplicate Cleaner Pro	Hig	0.49	7.5	0.00	Feb 11, 2026	Duplicate Cleaner Pro 4.1.3 contains a denial of service vulnerability that allows attackers to crash the application by injecting an oversized buffer into the license key field. Attackers can generate a 6000-byte payload and paste it into the license activation field to trigger…
CVE-2020-37195	—	Hig	0.49	7.5	0.00	Feb 11, 2026	BlueAuditor 1.7.2.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Name' field to trigger an application crash.
CVE-2020-37194	Nsauditor Backup Key Recovery	Hig	0.49	7.5	0.00	Feb 11, 2026	Backup Key Recovery 2.2.5 contains a denial of service vulnerability that allows attackers to crash the application by supplying an overly long registration key. Attackers can generate a 1000-character payload file and paste it into the registration key field to trigger an…
CVE-2020-37193	—	Hig	0.49	7.5	0.00	Feb 11, 2026	ZIP Password Recovery 2.30 contains a denial of service vulnerability that allows attackers to crash the application by providing maliciously crafted input. Attackers can create a specially prepared text file with specific characters to trigger an application crash when…
CVE-2020-37191	Top Password MSN Password Recovery	Hig	0.49	7.5	0.00	Feb 11, 2026	Top Password Software Dialup Password Recovery 1.30 contains a denial of service vulnerability that allows attackers to crash the application by overflowing input fields. Attackers can trigger the vulnerability by inserting a large 5000-character payload into the User Name and…
CVE-2020-37190	Top Password MSN Password Recovery	Hig	0.49	7.5	0.00	Feb 11, 2026	Top Password Firefox Password Recovery 2.8 contains a denial of service vulnerability that allows attackers to crash the application by overflowing input fields. Attackers can trigger the vulnerability by inserting 5000 characters into the User Name or Registration Code input…
CVE-2020-37189	DigitalVolcano TaskCanvas	Hig	0.49	7.5	0.00	Feb 11, 2026	TaskCanvas 1.4.0 contains a denial of service vulnerability in the registration code input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the registration field to trigger an application crash.
CVE-2020-37188	Nsauditor SpotOutlook	Hig	0.49	7.5	0.00	Feb 11, 2026	SpotOutlook 1.2.6 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can overwrite the buffer by pasting 1000 'A' characters into the 'Name' field, causing the application to become…
CVE-2020-37187	—	Hig	0.49	7.5	0.00	Feb 11, 2026	SpotDialup 1.6.7 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Name' field to trigger an application crash.
CVE-2020-37185	Nsauditor Backup Key Recovery	Hig	0.49	7.5	0.00	Feb 11, 2026	Backup Key Recovery 2.2.5 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character payload and paste it into the registration name field to trigger an application…
CVE-2020-37182	Troglobit Redir	Hig	0.49	7.5	0.00	Feb 11, 2026	Redir 3.3 contains a stack overflow vulnerability in the doproxyconnect() function that allows attackers to crash the application by sending oversized input. Attackers can exploit the sprintf() buffer without proper length checking to overwrite memory and cause a segmentation…
CVE-2020-37180	Nsauditor GTalk Password Finder	Hig	0.49	7.5	0.00	Feb 11, 2026	GTalk Password Finder 2.2.1 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character payload and paste it into the 'Key' field to trigger an application crash.
CVE-2020-37179	APKF Product Key Finder	Hig	0.49	7.5	0.00	Feb 11, 2026	APKF Product Key Finder 2.5.8.0 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character payload and paste it into the registration name field to trigger an…
CVE-2020-37178	Keepass Password Safe	Hig	0.49	7.5	0.00	Feb 11, 2026	KeePass Password Safe versions before 2.44 contain a denial of service vulnerability in the help system's HTML handling. Attackers can trigger the vulnerability by dragging and dropping malicious HTML files into the help area, potentially causing application instability or crash.
CVE-2020-37177	Weird Solutions Bootpturbo	Hig	0.49	7.5	0.00	Feb 11, 2026	BOOTP Turbo 2.0 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Structured Exception Handler (SEH). Attackers can generate a malicious payload of 2196 bytes with specific byte patterns to trigger an application crash…
CVE-2020-37175	—	Hig	0.49	7.5	0.00	Feb 11, 2026	P2PWIFICAM2 for iOS 10.4.1 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the Camera ID input field. Attackers can paste a 257-character buffer into the Camera ID field to trigger an application crash on iOS devices.
CVE-2025-69871	Medusajs Medusa	Hig	0.53	8.1	0.00	Feb 11, 2026	A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in the registerUsage() function of the promotion module. The function performs a non-atomic read-check-update operation when enforcing promotion usage limits. This allows unauthenticated remote…
CVE-2026-2361	Dalibo Postgresql Anonymizer	Hig	0.52	8.0	0.00	Feb 11, 2026	PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code. When the anon.get_tablesample_ratio function is then called, the malicious code is executed with superuser…
CVE-2026-2360	Dalibo Postgresql Anonymizer	Hig	0.52	8.0	0.00	Feb 11, 2026	PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a custom operator in the public schema and place malicious code in that operator. This operator will later be executed with superuser privileges when the extension is…
CVE-2025-70029	Sunbird Sunbirded Portal	Hig	0.49	7.5	0.00	Feb 11, 2026	An issue in Sunbird-Ed SunbirdEd-portal v1.13.4 allows attackers to obtain sensitive information. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTP request options
CVE-2025-65480	Pacom Unison Client	Hig	0.57	8.8	0.01	Feb 11, 2026	An issue was discovered in Pacom Unison Client 5.13.1. Authenticated users can inject malicious scripts in the Report Templates which are executed when certain script conditions are fulfilled, leading to Remote Code Execution.
CVE-2025-65128	Shenzhen Zhibotong Electronics ZBT WE2001	Hig	0.53	8.1	0.00	Feb 11, 2026	A missing authentication mechanism in the web management API components of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows unauthenticated attackers on the local network to modify router and network configurations. By invoking operations whose names end with…
CVE-2026-1837	Libjxl Project Libjxl	Hig	0.49	7.5	0.00	Feb 11, 2026	A specially-crafted file can cause libjxl's decoder to write pixel data to uninitialized unallocated memory. Soon after that data from another uninitialized unallocated region is copied to pixel data. This can be done by requesting color transformation of grayscale images to…
CVE-2026-2344	Plunet Plunet BusinessManager	Hig	0.56	—	0.00	Feb 11, 2026	A vulnerability in Plunet Plunet BusinessManager allows unauthorized actions being performed on behalf of privileged users.This issue affects Plunet BusinessManager: 10.15.1
CVE-2026-2250	Massive Entertainment Wic	Hig	0.49	7.5	0.00	Feb 11, 2026	The /dbviewer/ web endpoint in METIS WIC devices is exposed without authentication. A remote attacker can access and export the internal telemetry SQLite database containing sensitive operational data. Additionally, the application is configured with debug mode enabled, causing…
CVE-2025-61969	AMD μProf	Hig	0.46	—	0.00	Feb 11, 2026	Incorrect permission assignment in AMD µProf may allow a local user-privileged attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
CVE-2025-52541	AMD Vivado	Hig	0.47	7.3	0.00	Feb 11, 2026	A DLL hijacking vulnerability in Vivado could allow a local attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
CVE-2025-48503	AMD AMD Software Installer	Hig	0.51	7.8	0.00	Feb 11, 2026	A DLL hijacking vulnerability in the AMD Software Installer could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
CVE-2024-36324	Intel Graphics Driver	Hig	0.57	8.8	0.00	Feb 11, 2026	Improper input validation in AMD Graphics Driver could allow an attacker to supply a specially crafted pointer, potentially leading to arbitrary code execution.

CVE-2026-20649HigFeb 11, 2026
Apple Inc.
macOS
risk 0.49cvss 7.5epss 0.00
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, watchOS 26.3. A user may be able to view sensitive user information.
CVE-2026-20641HigFeb 11, 2026
Apple Inc.
macOS
risk 0.46cvss 7.1epss 0.00
A privacy issue was addressed with improved checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An app may be able to identify what other apps…
CVE-2026-20628HigFeb 11, 2026
Apple Inc.
macOS
risk 0.46cvss 7.1epss 0.00
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An app may be able to break out of…
CVE-2026-20626HigFeb 11, 2026
Apple Inc.
macOS
risk 0.51cvss 7.8epss 0.00
This issue was addressed with improved checks. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Tahoe 26.3, visionOS 26.3. A malicious app may be able to gain root privileges.
CVE-2026-20620HigFeb 11, 2026
Apple Inc.
macOS
risk 0.50cvss 7.7epss 0.00
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. An attacker may be able to cause unexpected system termination or read kernel memory.
CVE-2026-20617HigFeb 11, 2026
Apple Inc.
macOS
risk 0.46cvss 7.0epss 0.00
A race condition was addressed with improved state handling. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An app may be able to gain root privileges.
CVE-2026-20616HigFeb 11, 2026
Apple Inc.
macOS
risk 0.57cvss 8.8epss 0.01
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3. Processing a maliciously crafted USD file may lead to unexpected app termination.
CVE-2026-20615HigFeb 11, 2026
Apple Inc.
macOS
risk 0.51cvss 7.8epss 0.00
A path handling issue was addressed with improved validation. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3. An app may be able to gain root privileges.
CVE-2026-20614HigFeb 11, 2026
Apple Inc.
macOS
risk 0.51cvss 7.8epss 0.00
A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. An app may be able to gain root privileges.
CVE-2026-20611HigFeb 11, 2026
Apple Inc.
macOS
risk 0.51cvss 7.8epss 0.00
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing a maliciously…
CVE-2026-20606HigFeb 11, 2026
Apple Inc.
macOS
risk 0.46cvss 7.1epss 0.00
This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. An app may be able to bypass certain Privacy preferences.
CVE-2025-46290HigFeb 11, 2026
Apple Inc.
macOS
risk 0.49cvss 7.5epss 0.01
A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.2, visionOS 26.2, watchOS 26.2. A remote attacker may be able to cause a denial-of-service.
CVE-2026-26029HigFeb 11, 2026
Akutishevsky
Sf Mcp Server
risk 0.49cvss 7.5epss 0.01
sf-mcp-server is an implementation of Salesforce MCP server for Claude for Desktop. A command injection vulnerability exists in sf-mcp-server due to unsafe use of child_process.exec when constructing Salesforce CLI commands with user-controlled input. Successful exploitation…
CVE-2026-26158HigFeb 11, 2026
Busybox
Busybox
risk 0.46cvss 7.0epss 0.00
A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar archive is extracted with elevated privileges, this…
CVE-2026-26157HigFeb 11, 2026
Busybox
Busybox
risk 0.49cvss 7.0epss 0.01
A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may write to files outside the intended directory. This can lead to arbitrary file…
CVE-2026-25990HigFeb 11, 2026
Python (programming language)
Pillow
risk 0.42cvss 7.5epss 0.00
Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, an out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.
CVE-2020-37215HigFeb 11, 2026
Top Password
MSN Password Recovery
risk 0.49cvss 7.5epss 0.00
MSN Password Recovery version 1.30 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized input in the registration code field. Attackers can generate a 9000-byte buffer of repeated characters and paste it into the…
CVE-2020-37214HigFeb 11, 2026
The Control Group
Voyager
risk 0.42cvss 7.5epss 0.01
Voyager 1.3.0 contains a directory traversal vulnerability that allows attackers to access sensitive system files by manipulating the asset path parameter. Attackers can exploit the path parameter in /admin/voyager-assets to read arbitrary files like /etc/passwd and .env…
CVE-2020-37213HigFeb 11, 2026
DigitalVolcano
TextCrawler Pro
risk 0.49cvss 7.5epss 0.00
TextCrawler Pro 3.1.1 contains a denial of service vulnerability that allows attackers to crash the application by sending an oversized buffer in the license key field. Attackers can generate a 6000-byte payload and paste it into the activation field to trigger an application…
CVE-2020-37203HigFeb 11, 2026
Nsauditor
Office Product Key Finder
risk 0.49cvss 7.5epss 0.00
Office Product Key Finder 1.5.4 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the registration code input. Attackers can create a specially crafted text file and paste it into the 'Name and Key' field to trigger an…
CVE-2020-37202HigFeb 11, 2026
NetworkSleuth
NetworkSleuth
risk 0.49cvss 7.5epss 0.00
NetworkSleuth 3.0.0.0 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character buffer payload and paste it into the registration key field to trigger an…
CVE-2020-37198HigFeb 11, 2026
DigitalVolcano
Duplicate Cleaner Pro
risk 0.49cvss 7.5epss 0.00
Duplicate Cleaner Pro 4.1.3 contains a denial of service vulnerability that allows attackers to crash the application by injecting an oversized buffer into the license key field. Attackers can generate a 6000-byte payload and paste it into the license activation field to trigger…
CVE-2020-37195HigFeb 11, 2026
risk 0.49cvss 7.5epss 0.00
BlueAuditor 1.7.2.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Name' field to trigger an application crash.
CVE-2020-37194HigFeb 11, 2026
Nsauditor
Backup Key Recovery
risk 0.49cvss 7.5epss 0.00
Backup Key Recovery 2.2.5 contains a denial of service vulnerability that allows attackers to crash the application by supplying an overly long registration key. Attackers can generate a 1000-character payload file and paste it into the registration key field to trigger an…
CVE-2020-37193HigFeb 11, 2026
risk 0.49cvss 7.5epss 0.00
ZIP Password Recovery 2.30 contains a denial of service vulnerability that allows attackers to crash the application by providing maliciously crafted input. Attackers can create a specially prepared text file with specific characters to trigger an application crash when…
CVE-2020-37191HigFeb 11, 2026
Top Password
MSN Password Recovery
risk 0.49cvss 7.5epss 0.00
Top Password Software Dialup Password Recovery 1.30 contains a denial of service vulnerability that allows attackers to crash the application by overflowing input fields. Attackers can trigger the vulnerability by inserting a large 5000-character payload into the User Name and…
CVE-2020-37190HigFeb 11, 2026
Top Password
MSN Password Recovery
risk 0.49cvss 7.5epss 0.00
Top Password Firefox Password Recovery 2.8 contains a denial of service vulnerability that allows attackers to crash the application by overflowing input fields. Attackers can trigger the vulnerability by inserting 5000 characters into the User Name or Registration Code input…
CVE-2020-37189HigFeb 11, 2026
DigitalVolcano
TaskCanvas
risk 0.49cvss 7.5epss 0.00
TaskCanvas 1.4.0 contains a denial of service vulnerability in the registration code input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the registration field to trigger an application crash.
CVE-2020-37188HigFeb 11, 2026
Nsauditor
SpotOutlook
risk 0.49cvss 7.5epss 0.00
SpotOutlook 1.2.6 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can overwrite the buffer by pasting 1000 'A' characters into the 'Name' field, causing the application to become…
CVE-2020-37187HigFeb 11, 2026
risk 0.49cvss 7.5epss 0.00
SpotDialup 1.6.7 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Name' field to trigger an application crash.
CVE-2020-37185HigFeb 11, 2026
Nsauditor
Backup Key Recovery
risk 0.49cvss 7.5epss 0.00
Backup Key Recovery 2.2.5 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character payload and paste it into the registration name field to trigger an application…
CVE-2020-37182HigFeb 11, 2026
Troglobit
Redir
risk 0.49cvss 7.5epss 0.00
Redir 3.3 contains a stack overflow vulnerability in the doproxyconnect() function that allows attackers to crash the application by sending oversized input. Attackers can exploit the sprintf() buffer without proper length checking to overwrite memory and cause a segmentation…
CVE-2020-37180HigFeb 11, 2026
Nsauditor
GTalk Password Finder
risk 0.49cvss 7.5epss 0.00
GTalk Password Finder 2.2.1 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character payload and paste it into the 'Key' field to trigger an application crash.
CVE-2020-37179HigFeb 11, 2026
APKF
Product Key Finder
risk 0.49cvss 7.5epss 0.00
APKF Product Key Finder 2.5.8.0 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character payload and paste it into the registration name field to trigger an…
CVE-2020-37178HigFeb 11, 2026
Keepass
Password Safe
risk 0.49cvss 7.5epss 0.00
KeePass Password Safe versions before 2.44 contain a denial of service vulnerability in the help system's HTML handling. Attackers can trigger the vulnerability by dragging and dropping malicious HTML files into the help area, potentially causing application instability or crash.
CVE-2020-37177HigFeb 11, 2026
Weird Solutions
Bootpturbo
risk 0.49cvss 7.5epss 0.00
BOOTP Turbo 2.0 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Structured Exception Handler (SEH). Attackers can generate a malicious payload of 2196 bytes with specific byte patterns to trigger an application crash…
CVE-2020-37175HigFeb 11, 2026
risk 0.49cvss 7.5epss 0.00
P2PWIFICAM2 for iOS 10.4.1 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the Camera ID input field. Attackers can paste a 257-character buffer into the Camera ID field to trigger an application crash on iOS devices.
CVE-2025-69871HigFeb 11, 2026
Medusajs
Medusa
risk 0.53cvss 8.1epss 0.00
A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in the registerUsage() function of the promotion module. The function performs a non-atomic read-check-update operation when enforcing promotion usage limits. This allows unauthenticated remote…
CVE-2026-2361HigFeb 11, 2026
Dalibo
Postgresql Anonymizer
risk 0.52cvss 8.0epss 0.00
PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code. When the anon.get_tablesample_ratio function is then called, the malicious code is executed with superuser…
CVE-2026-2360HigFeb 11, 2026
Dalibo
Postgresql Anonymizer
risk 0.52cvss 8.0epss 0.00
PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a custom operator in the public schema and place malicious code in that operator. This operator will later be executed with superuser privileges when the extension is…
CVE-2025-70029HigFeb 11, 2026
Sunbird
Sunbirded Portal
risk 0.49cvss 7.5epss 0.00
An issue in Sunbird-Ed SunbirdEd-portal v1.13.4 allows attackers to obtain sensitive information. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTP request options
CVE-2025-65480HigFeb 11, 2026
Pacom
Unison Client
risk 0.57cvss 8.8epss 0.01
An issue was discovered in Pacom Unison Client 5.13.1. Authenticated users can inject malicious scripts in the Report Templates which are executed when certain script conditions are fulfilled, leading to Remote Code Execution.
CVE-2025-65128HigFeb 11, 2026
Shenzhen Zhibotong Electronics
ZBT WE2001
risk 0.53cvss 8.1epss 0.00
A missing authentication mechanism in the web management API components of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows unauthenticated attackers on the local network to modify router and network configurations. By invoking operations whose names end with…
CVE-2026-1837HigFeb 11, 2026
Libjxl Project
Libjxl
risk 0.49cvss 7.5epss 0.00
A specially-crafted file can cause libjxl's decoder to write pixel data to uninitialized unallocated memory. Soon after that data from another uninitialized unallocated region is copied to pixel data. This can be done by requesting color transformation of grayscale images to…
CVE-2026-2344HigFeb 11, 2026
Plunet
Plunet BusinessManager
risk 0.56cvss —epss 0.00
A vulnerability in Plunet Plunet BusinessManager allows unauthorized actions being performed on behalf of privileged users.This issue affects Plunet BusinessManager: 10.15.1
CVE-2026-2250HigFeb 11, 2026
Massive Entertainment
Wic
risk 0.49cvss 7.5epss 0.00
The /dbviewer/ web endpoint in METIS WIC devices is exposed without authentication. A remote attacker can access and export the internal telemetry SQLite database containing sensitive operational data. Additionally, the application is configured with debug mode enabled, causing…
CVE-2025-61969HigFeb 11, 2026
AMD
μProf
risk 0.46cvss —epss 0.00
Incorrect permission assignment in AMD µProf may allow a local user-privileged attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
CVE-2025-52541HigFeb 11, 2026
AMD
Vivado
risk 0.47cvss 7.3epss 0.00
A DLL hijacking vulnerability in Vivado could allow a local attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
CVE-2025-48503HigFeb 11, 2026
AMD
AMD Software Installer
risk 0.51cvss 7.8epss 0.00
A DLL hijacking vulnerability in the AMD Software Installer could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
CVE-2024-36324HigFeb 11, 2026
Intel
Graphics Driver
risk 0.57cvss 8.8epss 0.00
Improper input validation in AMD Graphics Driver could allow an attacker to supply a specially crafted pointer, potentially leading to arbitrary code execution.