Latest CVE Feed
-
9.8
CRITICALCVE-2025-14440
The JAY Login & Register plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.4.01. This is due to incorrect authentication checking in the 'jay_login_register_process_switch_back' function with the 'jay_login_re... Read more
Affected Products :- Published: Dec. 13, 2025
- Modified: Dec. 15, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-65213
MooreThreads torch_musa through all versions contains an unsafe deserialization vulnerability in torch_musa.utils.compare_tool. The compare_for_single_op() and nan_inf_track_for_single_op() functions use pickle.load() on user-controlled file paths without... Read more
Affected Products :- Published: Dec. 15, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2023-53874
GOM Player 2.3.90.5360 contains a buffer overflow vulnerability in the equalizer preset name input field that allows attackers to crash the application. Attackers can overwrite the preset name with 260 'A' characters to trigger a buffer overflow and cause... Read more
Affected Products : gom_player- Published: Dec. 15, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-14647
A weakness has been identified in code-projects Computer Book Store 1.0. Affected is an unknown function of the file /admin_delete.php. This manipulation of the argument bookisbn causes sql injection. It is possible to initiate the attack remotely. The ex... Read more
Affected Products : computer_book_store- Published: Dec. 14, 2025
- Modified: Dec. 22, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-60090
Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Insightly gf-insightly allows Object Injection.This issue affects WP Gravity Forms Insightly: from n/a through <= 1.1.6.... Read more
Affected Products :- Published: Dec. 18, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-65820
An issue was discovered in Meatmeet Android Mobile Application 1.1.2.0. An exported activity can be spawned with the mobile application which opens a hidden page. This page, which is not available through the normal flows of the application, contains seve... Read more
Affected Products : meatmeet- Published: Dec. 10, 2025
- Modified: Dec. 17, 2025
- Vuln Type: Information Disclosure
-
9.8
CRITICALCVE-2025-67165
An Insecure Direct Object Reference (IDOR) in Pagekit CMS v1.0.18 allows attackers to escalate privileges.... Read more
Affected Products : pagekit- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2025-66048
Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger the... Read more
Affected Products : libbiosig- Published: Dec. 11, 2025
- Modified: Dec. 17, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-14571
A vulnerability has been found in projectworlds Advanced Library Management System 1.0. Affected by this issue is some unknown functionality of the file /borrow_book.php. Such manipulation of the argument roll_number leads to sql injection. The attack may... Read more
Affected Products : advanced_library_management_system- Published: Dec. 12, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-14622
A security flaw has been discovered in code-projects Student File Management System 1.0. This vulnerability affects unknown code of the file /admin/save_user.php. The manipulation of the argument firstname results in sql injection. The attack can be execu... Read more
Affected Products : student_file_management_system- Published: Dec. 13, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-66440
An issue was discovered in Frappe ERPNext through 15.89.0. Function get_outstanding_reference_documents() at erpnext/accounts/doctype/payment_entry/payment_entry.py is vulnerable to SQL Injection. It allows an attacker to extract arbitrary data from the d... Read more
Affected Products :- Published: Dec. 15, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-14644
A vulnerability was determined in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /update_subject.php. Executing manipulation of the argument ID can lead to sql injection. The attack can be executed remo... Read more
Affected Products : student_management_system- Published: Dec. 14, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-14860
Use-after-free in the Disability Access APIs component. This vulnerability affects Firefox < 146.0.1.... Read more
Affected Products : firefox- Published: Dec. 18, 2025
- Modified: Dec. 30, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-64236
Authentication Bypass Using an Alternate Path or Channel vulnerability in AmentoTech Tuturn allows Authentication Abuse.This issue affects Tuturn: from n/a before 3.6.... Read more
Affected Products :- Published: Dec. 18, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-29268
ALLNET ALL-RUT22GW v3.3.8 was discovered to store hardcoded credentials in the libicos.so library.... Read more
- Published: Dec. 04, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-14585
A vulnerability was found in itsourcecode COVID Tracking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/?page=zone. The manipulation of the argument ID results in sql injection. The attack may be launched remotel... Read more
Affected Products : covid_tracking_system- Published: Dec. 12, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-14649
A vulnerability was detected in itsourcecode Online Cake Ordering System 1.0. Affected by this issue is some unknown functionality of the file /cakeshop/supplier.php. Performing manipulation of the argument supplier results in sql injection. The attack ca... Read more
- Published: Dec. 14, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-66438
A Server-Side Template Injection (SSTI) vulnerability exists in the Frappe ERPNext through 15.89.0 Print Format rendering mechanism. Specifically, the API frappe.www.printview.get_html_and_style() triggers the rendering of the html field inside a Print Fo... Read more
Affected Products :- Published: Dec. 15, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-14224
A vulnerability was found in Yottamaster DM2, DM3 and DM200 up to 1.2.23/1.9.12. Affected by this issue is some unknown functionality of the component File Upload. Performing manipulation results in path traversal. Remote exploitation of the attack is pos... Read more
- Published: Dec. 08, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Path Traversal
-
9.8
CRITICALCVE-2025-14653
A vulnerability was determined in itsourcecode Student Management System 1.0. Impacted is an unknown function of the file /addrecord.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit... Read more
Affected Products : student_management_system- Published: Dec. 14, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Injection