Latest CVE Feed
-
9.1
CRITICALCVE-2025-53618
An out-of-bounds read vulnerability exists in the JPEGBITSCodec::InternalCode functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability.Th... Read more
Affected Products : grassroots_dicom- Published: Dec. 16, 2025
- Modified: Jan. 02, 2026
- Vuln Type: Information Disclosure
-
9.1
CRITICALCVE-2025-68398
Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to overwrite Git configuration remotely and override some of its behavior. Version 5.15.1 fixes the issue.... Read more
Affected Products : weblate- Published: Dec. 18, 2025
- Modified: Jan. 02, 2026
- Vuln Type: Misconfiguration
-
9.1
CRITICALCVE-2025-53619
An out-of-bounds read vulnerability exists in the JPEGBITSCodec::InternalCode functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability.Th... Read more
Affected Products : grassroots_dicom- Published: Dec. 16, 2025
- Modified: Jan. 02, 2026
- Vuln Type: Information Disclosure
-
9.1
CRITICALCVE-2025-66131
Missing Authorization vulnerability in yaadsarig Yaad Sarig Payment Gateway For WC yaad-sarig-payment-gateway-for-wc allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Yaad Sarig Payment Gateway For WC: from n/a thr... Read more
Affected Products :- Published: Dec. 16, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Authorization
-
9.1
CRITICALCVE-2025-11540
Path Traversal vulnerability in Sharp Display Solutions projectors allows a attacker may access and read any files within the projector.... Read more
Affected Products :- Published: Dec. 22, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Path Traversal
-
9.1
CRITICALCVE-2024-25181
A critical vulnerability has been identified in givanz VvvebJs 1.7.2, which allows both Server-Side Request Forgery (SSRF) and arbitrary file reading. The vulnerability stems from improper handling of user-supplied URLs in the "file_get_contents" function... Read more
Affected Products :- Published: Dec. 29, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Server-Side Request Forgery
-
9.1
CRITICAL- Published: Dec. 12, 2025
- Modified: Dec. 15, 2025
- Vuln Type: Authorization
-
9.1
CRITICALCVE-2025-56332
Authentication Bypass in fosrl/pangolin v1.6.2 and before allows attackers to access Pangolin resource via Insecure Default Configuration... Read more
Affected Products :- Published: Dec. 30, 2025
- Modified: Jan. 02, 2026
- Vuln Type: Authentication
-
9.1
CRITICALCVE-2025-15359
DVP-12SE11T - Out-of-bound memory write Vulnerability... Read more
Affected Products :- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Memory Corruption
-
9.1
CRITICALCVE-2025-42928
Under certain conditions, a high privileged user could exploit a deserialization vulnerability in SAP jConnect to launch remote code execution. The system may be vulnerable when specially crafted input is used to exploit the vulnerability resulting in hig... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Injection
-
9.1
CRITICALCVE-2025-34449
Genymobile/scrcpy versions up to and including 3.3.3, prior to commit 3e40b24, contain a buffer overflow vulnerability in the sc_device_msg_deserialize() function. A compromised device can send crafted messages that cause out-of-bounds reads, which may re... Read more
Affected Products : scrcpy- Published: Dec. 18, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Memory Corruption
-
9.1
CRITICALCVE-2025-67623
Server-Side Request Forgery (SSRF) vulnerability in 6Storage 6Storage Rentals 6storage-rentals allows Server Side Request Forgery.This issue affects 6Storage Rentals: from n/a through <= 2.19.9.... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Server-Side Request Forgery
-
9.1
CRITICALCVE-2025-14850
Advantech WebAccess/SCADA is vulnerable to directory traversal, which may allow an attacker to delete arbitrary files.... Read more
Affected Products : webaccess\/scada- Published: Dec. 18, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Path Traversal
-
9.1
CRITICALCVE-2025-65319
When using the attachment interaction functionality, Blue Mail 1.140.103 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms of both Windows OS and third-party ... Read more
Affected Products : bluemail- Published: Dec. 16, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Misconfiguration
-
9.1
CRITICALCVE-2025-65318
When using the attachment interaction functionality, Canary Mail 5.1.40 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms of both Windows OS and third-party s... Read more
Affected Products : canary_mail- Published: Dec. 16, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Misconfiguration
-
9.1
CRITICALCVE-2025-65548
NUT-14 allows cashu tokens to be created with a preimage hash. However, nutshell (cashubtc/nuts) before 0.18.0 do not validate the size of preimage when the token is spent. The preimage is stored by the mint and attacker can exploit this vulnerability to ... Read more
- Published: Dec. 08, 2025
- Modified: Dec. 15, 2025
- Vuln Type: Denial of Service
-
9.1
CRITICALCVE-2025-69288
Titra is open source project time tracking software. Prior to version 0.99.49, Titra allows any authenticated Admin user to modify the timeEntryRule in the database. The value is then passed to a NodeVM value to execute as code. Without sanitization, it l... Read more
Affected Products :- Published: Dec. 31, 2025
- Modified: Jan. 02, 2026
- Vuln Type: Injection
-
9.1
CRITICALCVE-2025-68535
Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through <= 3.5.7.1.... Read more
Affected Products : sunshine_photo_cart- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Authorization
-
9.1
CRITICALCVE-2025-68508
Missing Authorization vulnerability in Brave Brave brave-popup-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brave: from n/a through <= 0.8.3.... Read more
Affected Products : brave- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Authorization
-
9.1
CRITICALCVE-2025-68500
Server-Side Request Forgery (SSRF) vulnerability in bdthemes Prime Slider – Addons For Elementor bdthemes-prime-slider-lite allows Server Side Request Forgery.This issue affects Prime Slider – Addons For Elementor: from n/a through <= 4.0.10.... Read more
Affected Products : prime_slider- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Server-Side Request Forgery