Latest CVE Feed
-
9.8
CRITICALCVE-2025-66046
Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger the... Read more
Affected Products : libbiosig- Published: Dec. 11, 2025
- Modified: Dec. 17, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-65834
Meltytech Shotcut 25.10.31 is vulnerable to Buffer Overflow. A memory access violation occurs when processing MLT project files with manipulated width and height parameters. By setting these values to extremely large numbers, the application attempts to a... Read more
Affected Products :- Published: Dec. 16, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-14622
A security flaw has been discovered in code-projects Student File Management System 1.0. This vulnerability affects unknown code of the file /admin/save_user.php. The manipulation of the argument firstname results in sql injection. The attack can be execu... Read more
Affected Products : student_file_management_system- Published: Dec. 13, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-67530
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Besa besa allows PHP Local File Inclusion.This issue affects Besa: from n/a through <= 2.3.15.... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 11, 2025
- Vuln Type: Path Traversal
-
9.8
CRITICALCVE-2025-14639
A vulnerability was detected in itsourcecode Student Management System 1.0. Impacted is an unknown function of the file /uprec.php. Performing manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit is n... Read more
Affected Products : student_management_system- Published: Dec. 14, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-60178
Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms HubSpot gf-hubspot allows Object Injection.This issue affects WP Gravity Forms HubSpot: from n/a through <= 1.2.6.... Read more
Affected Products :- Published: Dec. 18, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-64725
Weblate is a web based localization tool. In versions prior to 5.15, it was possible to accept an invitation opened by a different user. Version 5.15. contains a patch. As a workaround, avoid leaving one's Weblate sessions with an invitation opened unatte... Read more
Affected Products : weblate- Published: Dec. 15, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-14733
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with... Read more
Affected Products : fireware firebox_m270 firebox_m290 firebox_m370 firebox_m390 firebox_m440 firebox_m470 firebox_m4800 firebox_m570 firebox_m5800 +25 more products- Actively Exploited
- Published: Dec. 19, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-43428
A configuration issue was addressed with additional restrictions. This issue is fixed in visionOS 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. Photos in the Hidden Photos Album may be viewed without authentication.... Read more
- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-14623
A weakness has been identified in code-projects Student File Management System 1.0. This issue affects some unknown processing of the file /admin/update_student.php. This manipulation of the argument stud_id causes sql injection. The attack is possible to... Read more
Affected Products : student_file_management_system- Published: Dec. 13, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-64236
Authentication Bypass Using an Alternate Path or Channel vulnerability in AmentoTech Tuturn allows Authentication Abuse.This issue affects Tuturn: from n/a before 3.6.... Read more
Affected Products :- Published: Dec. 18, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-68615
net-snmp is a SNMP application library, tools and daemon. Prior to versions 5.9.5 and 5.10.pre2, a specially crafted packet to an net-snmp snmptrapd daemon can cause a buffer overflow and the daemon to crash. This issue has been patched in versions 5.9.5 ... Read more
Affected Products : net-snmp- Published: Dec. 23, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2019-25249
devolo dLAN 500 AV Wireless+ 3.1.0-1 contains an authentication bypass vulnerability that allows attackers to enable hidden services through the htmlmgr CGI script. Attackers can enable telnet and remote shell services, reboot the device, and gain root ac... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-14640
A flaw has been found in code-projects Student File Management System 1.0. The affected element is an unknown function of the file /admin/save_student.php. Executing manipulation of the argument stud_no can lead to sql injection. The attack may be launche... Read more
Affected Products : student_file_management_system- Published: Dec. 14, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-14833
A security flaw has been discovered in code-projects Online Appointment Booking System 1.0. The impacted element is an unknown function of the file /admin/deletemanagerclinic.php. Performing manipulation of the argument clinic results in sql injection. Th... Read more
Affected Products : online_appointment_booking_system- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-14584
A vulnerability has been found in itsourcecode COVID Tracking System 1.0. Affected is an unknown function of the file /admin/login.php of the component Admin Login. The manipulation of the argument Username leads to sql injection. The attack may be initia... Read more
Affected Products : covid_tracking_system- Published: Dec. 12, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-13342
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthorized modification of arbitrary WordPress options in all versions up to, and including, 3.28.20. This is due to insufficient capability checks and input validation in the Action... Read more
Affected Products : frontend_admin- Published: Dec. 03, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2025-67518
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Accordion Slider PRO accordion_slider_pro allows Blind SQL Injection.This issue affects Accordion Slider PRO: from n/a through <= 1.2.... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 11, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2023-53874
GOM Player 2.3.90.5360 contains a buffer overflow vulnerability in the equalizer preset name input field that allows attackers to crash the application. Attackers can overwrite the preset name with 260 'A' characters to trigger a buffer overflow and cause... Read more
Affected Products : gom_player- Published: Dec. 15, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-14326
Use-after-free in the Audio/Video: GMP component. This vulnerability affects Firefox < 146 and Thunderbird < 146.... Read more
- Published: Dec. 09, 2025
- Modified: Dec. 11, 2025
- Vuln Type: Memory Corruption