Latest CVE Feed
-
8.6
HIGHCVE-2025-14046
An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed user-supplied HTML to inject DOM elements with IDs that collided with server-initialized data islands. These collisions could overwrite or shadow cri... Read more
Affected Products : enterprise_server- Published: Dec. 11, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Cross-Site Scripting
-
8.6
HIGHCVE-2025-26487
Server-Side Request Forgery (SSRF) vulnerability in Infinera MTC-9 version allows remote unauthenticated users to gain access to other network resources using HTTPS requests through the appliance used as a bridge.... Read more
- Published: Dec. 08, 2025
- Modified: Dec. 22, 2025
- Vuln Type: Server-Side Request Forgery
-
8.6
HIGHCVE-2025-14503
An overly-permissive IAM trust policy in the Harmonix on AWS framework may allow IAM principals in the same AWS account to escalate privileges via role assumption. The sample code for the EKS environment provisioning role is configured to trust the accoun... Read more
Affected Products :- Published: Dec. 15, 2025
- Modified: Dec. 17, 2025
- Vuln Type: Authorization
-
8.6
HIGHCVE-2025-68459
RG - AP180, Indoor Wall Plate Wireless AP AP180 series provided by Ruijie Networks Co., Ltd. contain an OS command injection vulnerability. An arbitrary OS command may be executed on the product by an attacker who logs in to the CLI service.... Read more
Affected Products :- Published: Dec. 18, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Injection
-
8.6
HIGHCVE-2025-66450
LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, when a user posts a question, the iconURL parameter of the POST request can be modified by an attacker. The malicious code is then stored in the chat which can then be sha... Read more
Affected Products : librechat- Published: Dec. 11, 2025
- Modified: Dec. 15, 2025
- Vuln Type: Cross-Site Scripting
-
8.6
HIGHCVE-2025-66635
Stack-based buffer overflow vulnerability exists in SEIKO EPSON Web Config. Specially crafted data input by a logged-in user may execute arbitrary code. As for the details of the affected products and versions, see the information provided by the vendor u... Read more
Affected Products :- Published: Dec. 16, 2025
- Modified: Dec. 22, 2025
- Vuln Type: Memory Corruption
-
8.6
HIGHCVE-2025-36743
SolarEdge SE3680H has an exposed debug/test interface accessible to unauthenticated actors, allowing disclosure of system internals and execution of debug commands.... Read more
- Published: Dec. 12, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Information Disclosure
-
8.6
HIGHCVE-2024-58282
Serendipity 2.5.0 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the media upload functionality. Attackers can exploit the file upload mechanism by creating a PHP shell with a ... Read more
Affected Products : serendipity- Published: Dec. 10, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Injection
-
8.6
HIGHCVE-2025-8083
The Preset configuration https://v2.vuetifyjs.com/en/features/presets feature of Vuetify is vulnerable to Prototype Pollution https://cheatsheetseries.owasp.org/cheatsheets/Prototype_Pollution_Prevention_Cheat_Sheet.html due to the internal 'mergeDeep... Read more
Affected Products :- Published: Dec. 12, 2025
- Modified: Dec. 15, 2025
- Vuln Type: Injection
-
8.6
HIGHCVE-2024-56838
A vulnerability has been identified in RUGGEDCOM ROX II family (All versions < V2.17.0). The SCEP client available in the affected device for secure certificate enrollment lacks validation of multiple fields. An attacker could leverage this scenario to ex... Read more
- Published: Dec. 09, 2025
- Modified: Dec. 11, 2025
- Vuln Type: Authentication
-
8.5
HIGHCVE-2023-53949
AspEmail 5.6.0.2 contains a binary permission vulnerability that allows local users to escalate privileges through the Persits Software EmailAgent service. Attackers can exploit full write permissions in the BIN directory to replace the service executable... Read more
Affected Products :- Published: Dec. 19, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Misconfiguration
-
8.5
HIGHCVE-2023-53954
ActFax 10.10 contains an unquoted service path vulnerability that allows local attackers to potentially escalate privileges by exploiting the ActiveFaxServiceNT service configuration. Attackers with write permissions to Program Files directories can injec... Read more
Affected Products : actfax- Published: Dec. 19, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Misconfiguration
-
8.5
HIGHCVE-2022-50688
Cobian Backup Gravity 11.2.0.582 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path in the CobianBackup11 service t... Read more
Affected Products :- Published: Dec. 22, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Misconfiguration
-
8.5
HIGHCVE-2022-50690
Wondershare MirrorGo 2.0.11.346 contains a local privilege escalation vulnerability due to incorrect file permissions on executable files. Unprivileged local users can replace the ElevationService.exe with a malicious file to execute arbitrary code with L... Read more
Affected Products :- Published: Dec. 22, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Misconfiguration
-
8.5
HIGHCVE-2025-14252
An Improper Access Control vulnerability in Advantech SUSI driver (susi.sys) allows attackers to read/write arbitrary memory, I/O ports, and MSRs, resulting in privilege escalation, arbitrary code execution, and information disclosure. This issue affects ... Read more
Affected Products :- Published: Dec. 16, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Authorization
-
8.5
HIGHCVE-2025-64701
QND Premium/Advance/Standard Ver.11.0.9i and prior contains a privilege escalation vulnerability, which may allow a user who can log in to a Windows system with the affected product to gain administrator privileges. As a result, sensitive information may ... Read more
Affected Products :- Published: Dec. 11, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Authentication
-
8.5
HIGHCVE-2025-64465
There is an out of bounds read vulnerability in NI LabVIEW in lvre!DataSizeTDR() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a ... Read more
Affected Products : labview- Published: Dec. 18, 2025
- Modified: Dec. 24, 2025
- Vuln Type: Information Disclosure
-
8.5
HIGHCVE-2025-14305
ListCheck.exe developed by Acer has a Local Privilege Escalation vulnerability. Authenticated local attackers can replace ListCheck.exe with a malicious executable of the same name, which will be executed by the system and result in privilege escalation.... Read more
Affected Products :- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Misconfiguration
-
8.5
HIGHCVE-2025-68130
tRPC allows users to build and consume fully typesafe APIs without schemas or code generation. Starting in version 10.27.0 and prior to versions 10.45.3 and 11.8.0, a A prototype pollution vulnerability exists in `@trpc/server`'s `formDataToObject` functi... Read more
Affected Products :- Published: Dec. 16, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Misconfiguration
-
8.5
HIGHCVE-2025-59947
NanoMQ is a messaging broker/bus for IoT Edge & SDV. Versions prior to 0.24.4 have a buffer overflow case while the PUBLISH packets trigger both shared subscription and vanila subscription. This is fixed in version 0.24.4. As a workaround, disable shared ... Read more
Affected Products :- Published: Dec. 15, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Memory Corruption