Latest CVE Feed
-
7.1
HIGHCVE-2025-66027
Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.6, an information disclosure vulnerability exposes participant details, including names and email addresses through the /api/trpc/polls.get,polls.participants.list endpoint, ... Read more
Affected Products : rallly- Published: Nov. 29, 2025
- Modified: Dec. 03, 2025
- Vuln Type: Information Disclosure
-
7.1
HIGHCVE-2018-25145
Microhard Systems IPn4G 1.1.0 contains a configuration file disclosure vulnerability that allows authenticated attackers to download sensitive system configuration files. Attackers can retrieve configuration files from multiple directories including '/www... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 24, 2025
- Vuln Type: Information Disclosure
-
7.1
HIGHCVE-2025-65097
RomM (ROM Manager) allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. Prior to 4.4.1 and 4.4.1-beta.2, an Authenticated User can delete collections belonging to other users by directly sending a DEL... Read more
Affected Products :- Published: Dec. 03, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Authorization
-
7.1
HIGHCVE-2025-66220
Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, Envoy’s mTLS certificate matcher for match_typed_subject_alt_names may incorrectly treat certificates containing an embedded null byte (\0) inside an ... Read more
Affected Products : envoy- Published: Dec. 03, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Authentication
-
7.1
HIGHCVE-2025-66563
Monkeytype is a minimalistic and customizable typing test. In 25.49.0 and earlier, there is improper handling of user input which allows an attacker to execute malicious javascript on anyone viewing a malicious quote submission. quote.text and quote.sourc... Read more
Affected Products : monkeytype- Published: Dec. 04, 2025
- Modified: Dec. 17, 2025
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2021-47720
Orangescrum 1.8.0 contains an authenticated SQL injection vulnerability that allows authorized users to manipulate database queries through multiple vulnerable parameters. Attackers can inject malicious SQL code into parameters like old_project_id, projec... Read more
Affected Products : orangescrum- Published: Dec. 23, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Injection
-
7.1
HIGHCVE-2025-11699
nopCommerce v4.70 and prior, and version 4.80.3, does not invalidate session cookies after logout or session termination, allowing an attacker who has a a valid session cookie access to privileged endpoints (such as /admin) even after the legitimate use... Read more
Affected Products : nopcommerce- Published: Dec. 01, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Authentication
-
7.0
HIGHCVE-2025-68617
FluidSynth is a software synthesizer based on the SoundFont 2 specifications. From versions 2.5.0 to before 2.5.2, a race condition during unloading of a DLS file can trigger a heap-based use-after-free. A concurrently running thread may be pending to unl... Read more
Affected Products : fluidsynth- Published: Dec. 23, 2025
- Modified: Dec. 24, 2025
- Vuln Type: Race Condition
-
7.0
HIGHCVE-2025-42616
Some endpoints in vulnerability-lookup that modified application state (e.g. changing database entries, user data, configurations, or other privileged actions) may have been accessible via HTTP GET requests without requiring a CSRF token. This flaw lea... Read more
Affected Products :- Published: Dec. 08, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Cross-Site Request Forgery
-
7.0
HIGHCVE-2025-14402
PDFsam Enhanced DOC File Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDFsam Enhanced. User interaction is required to exploit this vulnerabi... Read more
Affected Products :- Published: Dec. 23, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Misconfiguration
-
7.0
HIGHCVE-2025-14404
PDFsam Enhanced XLS File Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDFsam Enhanced. User interaction is required to exploit this vulnerabi... Read more
Affected Products :- Published: Dec. 23, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Misconfiguration
-
7.0
HIGHCVE-2025-13699
MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MariaDB. Interaction with the mariadb-dump utility is required to explo... Read more
Affected Products : mariadb- Published: Dec. 23, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Path Traversal
-
7.0
HIGHCVE-2025-14416
pdfforge PDF Architect DOC File Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of pdfforge PDF Architect. User interaction is required to exploit ... Read more
Affected Products :- Published: Dec. 23, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Misconfiguration
-
7.0
HIGHCVE-2025-14418
pdfforge PDF Architect XLS File Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of pdfforge PDF Architect. User interaction is required to exploit ... Read more
Affected Products :- Published: Dec. 23, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Information Disclosure
-
7.0
HIGHCVE-2025-46603
Dell CloudBoost Virtual Appliance, versions 19.13.0.0 and prior, contains an Improper Restriction of Excessive Authentication Attempts vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to u... Read more
Affected Products :- Published: Dec. 05, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Authentication
-
7.0
HIGHCVE-2023-53902
WebsiteBaker 2.13.3 contains a directory traversal vulnerability that allows authenticated attackers to delete arbitrary files by manipulating directory path parameters. Attackers can send crafted GET requests to /admin/media/delete.php with directory tra... Read more
Affected Products : websitebaker- Published: Dec. 16, 2025
- Modified: Dec. 24, 2025
- Vuln Type: Path Traversal
-
7.0
HIGHCVE-2025-14415
Soda PDF Desktop Launch Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerabi... Read more
Affected Products :- Published: Dec. 23, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Misconfiguration
-
7.0
HIGHCVE-2025-13492
A potential security vulnerability has been identified in HP Image Assistant for versions prior to 5.3.3. The vulnerability could potentially allow a local attacker to escalate privileges via a race condition when installing packages.... Read more
- Published: Dec. 03, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Race Condition
-
7.0
HIGHCVE-2025-62469
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.... Read more
- Published: Dec. 09, 2025
- Modified: Dec. 12, 2025
-
7.0
HIGHCVE-2025-62569
Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 windows_11_25h2- Published: Dec. 09, 2025
- Modified: Dec. 12, 2025