Latest CVE Feed
-
8.7
HIGHCVE-2024-58309
xbtitFM 4.1.18 contains an unauthenticated SQL injection vulnerability that allows remote attackers to manipulate database queries by injecting malicious SQL code through the msgid parameter. Attackers can send crafted requests to /shoutedit.php with EXTR... Read more
Affected Products :- Published: Dec. 11, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Injection
-
8.7
HIGHCVE-2018-25136
FLIR Brickstream 3D+ 2.1.742.1842 contains an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can retrieve video stream images by directly accessing multiple image endpoints like middl... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 24, 2025
- Vuln Type: Authentication
-
8.7
HIGHCVE-2025-67718
Form.io is a combined Form and API platform for Serverless applications. Versions 3.5.6 and below and 4.0.0-rc.1 through 4.4.2 contain a flaw in path handling which could allow an attacker to access protected API endpoints by sending a crafted request pat... Read more
Affected Products : form.io- Published: Dec. 11, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Path Traversal
-
8.7
HIGHCVE-2025-12097
There is a relative path traversal vulnerability in the NI System Web Server that may result in information disclosure. Successful exploitation requires an attacker to send a specially crafted request to the NI System Web Server, allowing the attacker to... Read more
Affected Products : labview- Published: Dec. 04, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Path Traversal
-
8.7
HIGHCVE-2021-47709
COMMAX Smart Home System allows an unauthenticated attacker to change configuration and cause denial-of-service through the setconf endpoint. Attackers can trigger a denial-of-service scenario by sending a malformed request to the setconf endpoint.... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2024-58287
reNgine 2.2.0 contains a command injection vulnerability in the nmap_cmd parameter of scan engine configuration that allows authenticated attackers to execute arbitrary commands. Attackers can modify the nmap_cmd parameter with malicious base64-encoded pa... Read more
Affected Products :- Published: Dec. 11, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Injection
-
8.7
HIGHCVE-2023-53934
A denial of service vulnerability in Kentico Xperience allows attackers to launch DoS attacks via specially crafted requests to the GetResource handler. Improper input validation enables remote attackers to potentially disrupt service availability through... Read more
Affected Products : xperience- Published: Dec. 18, 2025
- Modified: Dec. 24, 2025
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2023-53896
D-Link DAP-1325 firmware version 1.01 contains a broken access control vulnerability that allows unauthenticated attackers to download device configuration settings without authentication. Attackers can exploit the /cgi-bin/ExportSettings.sh endpoint to r... Read more
- Published: Dec. 16, 2025
- Modified: Dec. 24, 2025
- Vuln Type: Authorization
-
8.7
HIGHCVE-2020-36887
SpinetiX Fusion Digital Signage 3.4.8 contains an unauthenticated information disclosure vulnerability in the database backup directory. Attackers can access the /content/files/backups/ endpoint to download sensitive backup files containing user credentia... Read more
Affected Products : fusion_digital_signage- Published: Dec. 10, 2025
- Modified: Dec. 17, 2025
- Vuln Type: Information Disclosure
-
8.7
HIGHCVE-2025-12807
A security issue was discovered in DataMosaix Private Cloud, allowing users with low privilege to perform sensitive database operations through exposed API endpoints.... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Authorization
-
8.7
HIGHCVE-2025-34457
wb2osz/direwolf (Dire Wolf) versions up to and including 1.8, prior to commit 694c954, contain a stack-based buffer overflow vulnerability in the function kiss_rec_byte() located in src/kiss_frame.c. When processing crafted KISS frames that reach the maxi... Read more
Affected Products :- Published: Dec. 22, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Memory Corruption
-
8.7
HIGHCVE-2019-25226
Dongyoung Media DM-AP240T/W wireless access points contain an unauthenticated configuration disclosure vulnerability in the /cgi-bin/sys_system_config management endpoint. The endpoint allows remote retrieval of a compressed configuration archive without ... Read more
Affected Products :- Published: Nov. 26, 2025
- Modified: Dec. 01, 2025
- Vuln Type: Information Disclosure
-
8.7
HIGHCVE-2025-12385
Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation. This issue affects us... Read more
Affected Products : qt- Published: Dec. 03, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2025-15015
Enterprise Cloud Database developed by Ragic has a Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.... Read more
Affected Products : enterprise_cloud_database- Published: Dec. 22, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Path Traversal
-
8.7
HIGHCVE-2021-47713
Hasura GraphQL 1.3.3 contains a denial of service vulnerability that allows attackers to overwhelm the service by crafting malicious GraphQL queries with excessive nested fields. Attackers can send repeated requests with extremely long query strings and m... Read more
Affected Products :- Published: Dec. 22, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2024-58300
Siklu MultiHaul TG series devices before version 2.0.0 contain an unauthenticated vulnerability that allows remote attackers to retrieve randomly generated credentials via a network request. Attackers can send a specific hex-encoded command to port 12777 ... Read more
Affected Products :- Published: Dec. 11, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Authentication
-
8.7
HIGHCVE-2020-36878
ReQuest Serious Play Media Player 3.0 contains an unauthenticated file disclosure vulnerability when input passed through the 'file' parameter in and script is not properly verified before being used to read web log files. Attackers can exploit this to di... Read more
Affected Products : serious_play- Published: Dec. 05, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Information Disclosure
-
8.7
HIGHCVE-2025-43875
Under certain circumstances a successful exploitation could result in access to the device.... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 24, 2025
- Vuln Type: Authorization
-
8.7
HIGHCVE-2025-61976
CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper check for unusual or exceptional conditions. If a remote attacker sends a specially crafted request to the Video Download interface, the system may become unresponsive.... Read more
- Published: Dec. 16, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2025-65952
Console is a network used to control Gorilla Tag mods' users and other users on the network. Prior to version 2.8.0, a path traversal vulnerability exists where complicated combinations of backslashes and periods can be used to escape the Gorilla Tag path... Read more
Affected Products :- Published: Nov. 25, 2025
- Modified: Dec. 01, 2025
- Vuln Type: Path Traversal