Latest CVE Feed
-
8.2
HIGHCVE-2025-67070
A vulnerability exists in Intelbras CFTV IP NVD 9032 R Ftd V2.800.00IB00C.0.T, which allows an unauthenticated attacker to bypass the multi-factor authentication (MFA) mechanism during the password recovery process. This results in the ability to change t... Read more
Affected Products :- Published: Jan. 09, 2026
- Modified: Jan. 09, 2026
- Vuln Type: Authentication
-
8.2
HIGHCVE-2025-14180
In PHP versions 8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTR_EMULATE_PREPARES enabled, an invalid character sequence (such as \x99) in a prepared... Read more
Affected Products : php- Published: Dec. 27, 2025
- Modified: Jan. 09, 2026
- Vuln Type: Memory Corruption
-
8.2
HIGHCVE-2026-0656
The iPaymu Payment Gateway for WooCommerce plugin for WordPress is vulnerable to Missing Authentication in all versions up to, and including, 2.0.2 via the 'check_ipaymu_response' function. This is due to the plugin not validating webhook request authenti... Read more
Affected Products :- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Authentication
-
8.2
HIGHCVE-2025-58893
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Alright alright allows PHP Local File Inclusion.This issue affects Alright: from n/a through <= 1.6.1.... Read more
Affected Products : alright- Published: Dec. 18, 2025
- Modified: Jan. 05, 2026
- Vuln Type: Path Traversal
-
8.2
HIGHCVE-2025-53453
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Hygia hygia allows PHP Local File Inclusion.This issue affects Hygia: from n/a through <= 1.16.... Read more
Affected Products : hygia- Published: Dec. 18, 2025
- Modified: Jan. 05, 2026
- Vuln Type: Path Traversal
-
8.2
HIGHCVE-2026-22541
The massive sending of ICMP requests causes a denial of service on one of the boards from the EVCharger that allows control the EV interfaces. Since the board must be operating correctly for the charger to also function correctly.... Read more
Affected Products :- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Denial of Service
-
8.2
HIGHCVE-2026-21697
axios4go is a Go HTTP client library. Prior to version 0.6.4, a race condition vulnerability exists in the shared HTTP client configuration. The global `defaultClient` is mutated during request execution without synchronization, directly modifying the sha... Read more
Affected Products :- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Race Condition
-
8.2
HIGHCVE-2025-34468
libcoap versions up to and including 4.3.5, prior to commit 30db3ea, contain a stack-based buffer overflow in address resolution when attacker-controlled hostname data is copied into a fixed 256-byte stack buffer without proper bounds checking. A remote a... Read more
Affected Products : libcoap- Published: Dec. 31, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Memory Corruption
-
8.2
HIGHCVE-2019-25279
FaceSentry Access Control System 6.4.8 contains a cleartext password storage vulnerability that allows attackers to access unencrypted credentials in the device's SQLite database. Attackers can directly read sensitive login information stored in /faceGuar... Read more
Affected Products :- Published: Jan. 08, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Cryptography
-
8.2
HIGHCVE-2025-58894
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Good Mood good-mood allows PHP Local File Inclusion.This issue affects Good Mood: from n/a through <= 1.16.... Read more
Affected Products : good_mood- Published: Dec. 18, 2025
- Modified: Jan. 05, 2026
- Vuln Type: Path Traversal
-
8.2
HIGHCVE-2025-58929
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Pantry pantry allows PHP Local File Inclusion.This issue affects Pantry: from n/a through <= 1.4.... Read more
Affected Products : pantry- Published: Dec. 18, 2025
- Modified: Jan. 05, 2026
- Vuln Type: Path Traversal
-
8.1
HIGHCVE-2025-68979
Authorization Bypass Through User-Controlled Key vulnerability in SimpleCalendar Google Calendar Events google-calendar-events allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google Calendar Events: from n/a thro... Read more
Affected Products :- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Authorization
-
8.1
HIGHCVE-2025-69083
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Frappé allows PHP Local File Inclusion.This issue affects Frappé: from n/a through 1.8.... Read more
Affected Products :- Published: Jan. 06, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Path Traversal
-
8.1
HIGHCVE-2025-59384
A path traversal vulnerability has been reported to affect Qfiling. The remote attackers can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qfiling... Read more
Affected Products :- Published: Jan. 02, 2026
- Modified: Jan. 02, 2026
- Vuln Type: Path Traversal
-
8.1
HIGHCVE-2025-47411
A user with a legitimate non-administrator account can exploit a vulnerability in the user ID creation mechanism in Apache StreamPipes that allows them to swap the username of an existing user with that of an administrator. This vulnerability allows an ... Read more
Affected Products : streampipes- Published: Jan. 01, 2026
- Modified: Jan. 06, 2026
- Vuln Type: Authorization
-
8.1
HIGHCVE-2025-65110
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to versions 6.1.2 and 5.6.3, applications meeting two conditions are at risk of arbitrary JavaScript code execution, even if "... Read more
Affected Products : vega- Published: Jan. 05, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Cross-Site Scripting
-
8.1
HIGHCVE-2025-67936
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Curly curly allows PHP Local File Inclusion.This issue affects Curly: from n/a through < 3.3.... Read more
Affected Products :- Published: Jan. 08, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Path Traversal
-
8.1
HIGHCVE-2025-22715
Missing Authorization vulnerability in loopus WP Attractive Donations System - Easy Stripe & Paypal donations WP_AttractiveDonationsSystem allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Attractive Donations S... Read more
Affected Products :- Published: Jan. 08, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Authorization
-
8.1
HIGHCVE-2025-67935
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Optimize optimizewp allows PHP Local File Inclusion.This issue affects Optimize: from n/a through < 2.4.... Read more
Affected Products :- Published: Jan. 08, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Injection
-
8.1
HIGHCVE-2025-52863
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerab... Read more
- Published: Jan. 02, 2026
- Modified: Jan. 05, 2026
- Vuln Type: Memory Corruption