Latest CVE Feed
-
7.1
HIGHCVE-2025-62570
Improper access control in Windows Camera Frame Server Monitor allows an authorized attacker to disclose information locally.... Read more
- Published: Dec. 09, 2025
- Modified: Dec. 10, 2025
-
7.1
HIGHCVE-2025-14261
The Litmus platform uses JWT for authentication and authorization, but the secret being used for signing the JWT is only 6 bytes long at its core, which makes it extremely easy to crack.... Read more
Affected Products : litmus- Published: Dec. 08, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Authentication
-
7.1
HIGHCVE-2025-64893
DNG SDK versions 1.7.0 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure or application denial of service. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. E... Read more
- Published: Dec. 09, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Memory Corruption
-
7.1
HIGHCVE-2025-41745
An XSS vulnerability in pxc_portCntr2.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management (WBM). The vulnera... Read more
- Published: Dec. 09, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2025-41695
An XSS vulnerability in dyn_conn.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management (WBM). The vulnerabilit... Read more
- Published: Dec. 09, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2025-41748
An XSS vulnerability in pxc_Dot1xCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM). The vulnerabili... Read more
- Published: Dec. 09, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2025-41749
An XSS vulnerability in port_util.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management (WBM). The vulnerability ... Read more
- Published: Dec. 09, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2025-64784
DNG SDK versions 1.7.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure or application denial of service. An attacker could leverage this vulnerability to disclose sensitive memory information. Expl... Read more
- Published: Dec. 09, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Memory Corruption
-
7.1
HIGHCVE-2025-67534
Cross-Site Request Forgery (CSRF) vulnerability in Jacques Malgrange Rencontre rencontre allows Stored XSS.This issue affects Rencontre: from n/a through <= 3.13.7.... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Cross-Site Request Forgery
-
7.1
HIGHCVE-2025-41746
An XSS vulnerability in pxc_portSecCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management (WBM). The vulner... Read more
- Published: Dec. 09, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2025-21080
Improper export of android application components in Dynamic Lockscreen prior to SMR Dec-2025 Release 1 allows local attackers to access files with Dynamic Lockscreen's privilege.... Read more
Affected Products : android- Published: Dec. 02, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Authorization
-
7.1
HIGHCVE-2025-66563
Monkeytype is a minimalistic and customizable typing test. In 25.49.0 and earlier, there is improper handling of user input which allows an attacker to execute malicious javascript on anyone viewing a malicious quote submission. quote.text and quote.sourc... Read more
Affected Products : monkeytype- Published: Dec. 04, 2025
- Modified: Dec. 17, 2025
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2025-11699
nopCommerce v4.70 and prior, and version 4.80.3, does not invalidate session cookies after logout or session termination, allowing an attacker who has a a valid session cookie access to privileged endpoints (such as /admin) even after the legitimate use... Read more
Affected Products : nopcommerce- Published: Dec. 01, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Authentication
-
7.1
HIGHCVE-2025-58311
UAF vulnerability in the USB driver module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.... Read more
- Published: Nov. 28, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Memory Corruption
-
7.1
HIGHCVE-2025-66327
Race condition vulnerability in the network module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.... Read more
Affected Products : harmonyos- Published: Dec. 08, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Race Condition
-
7.1
HIGHCVE-2025-13769
WebITR developed by Uniong has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.... Read more
Affected Products : webitr- Published: Nov. 28, 2025
- Modified: Dec. 01, 2025
- Vuln Type: Injection
-
7.1
HIGHCVE-2025-13771
WebITR developed by Uniong has an Arbitrary File Read vulnerability, allowing authenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.... Read more
Affected Products : webitr- Published: Nov. 28, 2025
- Modified: Dec. 01, 2025
- Vuln Type: Path Traversal
-
7.1
HIGHCVE-2025-13353
In gokey versions <0.2.0, a flaw in the seed decryption logic resulted in passwords incorrectly being derived solely from the initial vector and the AES-GCM authentication tag of the key seed. This issue has been fixed in gokey version 0.2.0. This is... Read more
Affected Products : gokey- Published: Dec. 02, 2025
- Modified: Dec. 15, 2025
- Vuln Type: Cryptography
-
7.1
HIGHCVE-2021-47720
Orangescrum 1.8.0 contains an authenticated SQL injection vulnerability that allows authorized users to manipulate database queries through multiple vulnerable parameters. Attackers can inject malicious SQL code into parameters like old_project_id, projec... Read more
Affected Products : orangescrum- Published: Dec. 23, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Injection
-
7.1
HIGHCVE-2025-64315
Configuration defect vulnerability in the file management module. Impact: Successful exploitation of this vulnerability may affect app data confidentiality and integrity.... Read more
Affected Products : harmonyos- Published: Nov. 28, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Misconfiguration