Latest CVE Feed
-
7.2
HIGHCVE-2025-49379
Incorrect Privilege Assignment vulnerability in silverplugins217 Custom Fields Account Registration For Woocommerce custom-fields-account-registration-for-woocommerce allows Privilege Escalation.This issue affects Custom Fields Account Registration For Wo... Read more
Affected Products :- Published: Dec. 18, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Authorization
-
7.2
HIGHCVE-2025-64987
A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Explorer-TachyonCore-CheckSimpleIoC instruction. Improper input validation, allowing authenticated attackers with Actioner privileges to inject ... Read more
Affected Products :- Published: Dec. 11, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Injection
-
7.2
HIGHCVE-2025-67172
RiteCMS v3.1.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the parse_special_tags() function.... Read more
Affected Products : ritecms- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Injection
-
7.2
HIGHCVE-2025-14530
A vulnerability has been found in SourceCodester Real Estate Property Listing App 1.0. The impacted element is an unknown function of the file /admin/property.php. Such manipulation of the argument image leads to unrestricted upload. It is possible to lau... Read more
Affected Products : real_estate_property_listing_app- Published: Dec. 11, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Misconfiguration
-
7.2
HIGHCVE-2025-64986
A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Explorer-TachyonCore-DevicesListeningOnAPort instruction prior V21. Improper input validation, allowing authenticated attackers with Actioner pr... Read more
Affected Products :- Published: Dec. 11, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Injection
-
7.2
HIGHCVE-2025-61739
Due to Nonce reuse, attackers can perform reply attack or decrypt captured packets.... Read more
Affected Products :- Published: Dec. 22, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Cryptography
-
7.2
HIGHCVE-2025-13645
The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajax_unzip_file' function in versions 2.13.1 to 2.13.2. This makes it possible for authenticated attackers, with Author... Read more
Affected Products : modula_image_gallery- Published: Dec. 03, 2025
- Modified: Dec. 15, 2025
- Vuln Type: Path Traversal
-
7.2
HIGHCVE-2025-66396
ChurchCRM is an open-source church management system. Prior to version 6.5.3, a SQL injection vulnerability exists in the `src/UserEditor.php` file. When an administrator saves a user's configuration settings, the keys of the `type` POST parameter array a... Read more
Affected Products : churchcrm- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Injection
-
7.2
HIGHCVE-2025-55707
Incorrect Privilege Assignment vulnerability in WPXPO PostX ultimate-post allows Privilege Escalation.This issue affects PostX: from n/a through <= 4.1.35.... Read more
Affected Products : postx- Published: Dec. 18, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Authorization
-
7.2
HIGHCVE-2025-68111
ChurchCRM is an open-source church management system. In versions prior to 6.5.3, a SQL injection vulnerability exists in the `eGive.php` file within the "ReImport" functionality. An authenticated user with finance privileges can execute arbitrary SQL que... Read more
Affected Products : churchcrm- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Injection
-
7.2
HIGHCVE-2025-54306
An issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. A remote code execution vulnerability exists in the network configuration functionality, stemming from insufficient input validation when processing network configuratio... Read more
Affected Products : torrent_suite_software- Published: Dec. 04, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Injection
-
7.2
HIGHCVE-2025-68461
Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting (XSS) vulnerability via the animate tag in an SVG document.... Read more
Affected Products : webmail- Published: Dec. 18, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Cross-Site Scripting
-
7.2
HIGHCVE-2025-67818
An issue was discovered in Weaviate OSS before 1.33.4. An attacker with access to insert data into the database can craft an entry name with an absolute path (e.g., /etc/...) or use parent directory traversal (../../..) to escape the restore root when a b... Read more
Affected Products : weaviate- Published: Dec. 12, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Path Traversal
-
7.2
HIGHCVE-2025-67751
ChurchCRM is an open-source church management system. Prior to version 6.5.0, a SQL injection vulnerability exists in the `EventEditor.php` file. When creating a new event and selecting an event type, the `EN_tyid` POST parameter is not sanitized. This al... Read more
Affected Products : churchcrm- Published: Dec. 16, 2025
- Modified: Dec. 17, 2025
- Vuln Type: Injection
-
7.2
HIGHCVE-2025-64676
'.../...//' in Microsoft Purview allows an authorized attacker to execute code over a network.... Read more
Affected Products : office_purview- Published: Dec. 18, 2025
- Modified: Dec. 19, 2025
-
7.2
HIGHCVE-2025-14641
A flaw has been found in code-projects Computer Laboratory System 1.0. This issue affects some unknown processing of the file admin/admin_pic.php. This manipulation of the argument image causes unrestricted upload. The attack may be initiated remotely. Th... Read more
Affected Products : computer_laboratory_system- Published: Dec. 14, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Misconfiguration
-
7.2
HIGHCVE-2021-47703
OpenBMCS 2.4 contains an unauthenticated SSRF vulnerability that allows attackers to bypass firewalls and initiate service and network enumeration on the internal network through the affected application, allowing hijacking of current sessions. Attackers ... Read more
Affected Products : openbmcs- Published: Dec. 09, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Server-Side Request Forgery
-
7.2
HIGHCVE-2025-14897
A vulnerability was identified in CodeAstro Real Estate Management System 1.0. The impacted element is an unknown function of the file /admin/useragentdelete.php of the component Administrator Endpoint. The manipulation leads to sql injection. The attack ... Read more
Affected Products : real_estate_management_system- Published: Dec. 19, 2025
- Modified: Dec. 24, 2025
- Vuln Type: Injection
-
7.2
HIGHCVE-2025-14648
A security vulnerability has been detected in DedeBIZ up to 6.5.9. Affected by this vulnerability is an unknown functionality of the file /src/admin/catalog_add.php. Such manipulation leads to command injection. It is possible to launch the attack remotel... Read more
Affected Products : dedebiz- Published: Dec. 14, 2025
- Modified: Dec. 22, 2025
- Vuln Type: Injection
-
7.2
HIGHCVE-2025-13307
The Ocean Modal Window WordPress plugin before 2.3.3 is vulnerable to Remote Code Execution via the modal display logic. These modals can be displayed under user-controlled conditions that Editors and Administrators can set (edit_pages capability). The co... Read more
Affected Products :- Published: Dec. 19, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Injection