Latest CVE Feed
-
8.1
HIGHCVE-2025-58948
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Aromatica aromatica allows PHP Local File Inclusion.This issue affects Aromatica: from n/a through <= 1.8.... Read more
Affected Products : aromatica- Published: Dec. 18, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Path Traversal
-
8.1
HIGHCVE-2025-58949
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Spock spock allows PHP Local File Inclusion.This issue affects Spock: from n/a through <= 1.17.... Read more
Affected Products : spock- Published: Dec. 18, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Path Traversal
-
8.1
HIGHCVE-2025-58950
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Lione lione allows PHP Local File Inclusion.This issue affects Lione: from n/a through <= 1.16.... Read more
Affected Products : lione- Published: Dec. 18, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Path Traversal
-
8.1
HIGHCVE-2025-68517
Missing Authorization vulnerability in Essekia Tablesome tablesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tablesome: from n/a through <= 1.1.35.1.... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 24, 2025
- Vuln Type: Authorization
-
8.1
HIGHCVE-2025-68578
Missing Authorization vulnerability in Addonify Addonify addonify-quick-view allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Addonify: from n/a through <= 2.0.4.... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 24, 2025
- Vuln Type: Authorization
-
8.1
HIGHCVE-2025-68603
Missing Authorization vulnerability in Marketing Fire Editorial Calendar editorial-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Editorial Calendar: from n/a through <= 3.8.8.... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 24, 2025
- Vuln Type: Authorization
-
8.1
HIGHCVE-2025-13614
The Cool Tag Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cool_tag_cloud' shortcode in all versions up to, and including, 2.29 due to insufficient input sanitization and output escaping on user supplied attribu... Read more
Affected Products : cool_tag_cloud- Published: Dec. 05, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Cross-Site Scripting
-
8.1
HIGHCVE-2025-13813
A vulnerability was identified in moxi159753 Mogu Blog v2 up to 5.2. This issue affects some unknown processing of the file /storage/ of the component Storage Management Endpoint. The manipulation leads to missing authorization. The attack can be initiate... Read more
Affected Products : mogublog- Published: Dec. 01, 2025
- Modified: Dec. 03, 2025
- Vuln Type: Authorization
-
8.1
HIGHCVE-2025-57489
Incorrect access control in the SDAgent component of Shirt Pocket SuperDuper! v3.10 allows attackers to escalate privileges to root due to the improper use of a setuid binary.... Read more
Affected Products : superduper\!- Published: Dec. 01, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Authorization
-
8.1
HIGHCVE-2025-58709
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Legacy legacy allows PHP Local File Inclusion.This issue affects Legacy: from n/a through <= 1.9.... Read more
Affected Products : legacy- Published: Dec. 18, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Path Traversal
-
8.1
HIGHCVE-2025-12851
The My auctions allegro plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.32 via the 'controller' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on ... Read more
Affected Products :- Published: Dec. 05, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Path Traversal
-
8.1
HIGHCVE-2025-58925
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Neptunus neptunus allows PHP Local File Inclusion.This issue affects Neptunus: from n/a through <= 1.0.11.... Read more
Affected Products : neptunus- Published: Dec. 18, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Path Traversal
-
8.1
HIGHCVE-2025-58923
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Critique critique allows PHP Local File Inclusion.This issue affects Critique: from n/a through <= 1.17.... Read more
Affected Products : critique- Published: Dec. 18, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Path Traversal
-
8.1
HIGHCVE-2025-42615
In affected versions, vulnerability-lookup did not track or limit failed One-Time Password (OTP) attempts during Two-Factor Authentication (2FA) verification. An attacker who already knew or guessed a valid username and password could submit an arbitra... Read more
Affected Products :- Published: Dec. 08, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Authentication
-
8.1
HIGHCVE-2025-14111
A security vulnerability has been detected in Rarlab RAR App up to 7.11 Build 127 on Android. This affects an unknown part of the component com.rarlab.rar. Such manipulation leads to path traversal. It is possible to launch the attack remotely. Attacks of... Read more
- Published: Dec. 05, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Path Traversal
-
8.1
HIGHCVE-2025-58706
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Woo Hoo woohoo allows PHP Local File Inclusion.This issue affects Woo Hoo: from n/a through <= 1.25.... Read more
Affected Products : woo_hoo- Published: Dec. 18, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Path Traversal
-
8.1
HIGHCVE-2025-58927
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Stallion stallion allows PHP Local File Inclusion.This issue affects Stallion: from n/a through <= 1.17.... Read more
Affected Products : stallion- Published: Dec. 18, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Path Traversal
-
8.1
HIGHCVE-2025-12819
Untrusted search path in auth_query connection handler in PgBouncer before 1.25.1 allows an unauthenticated attacker to execute arbitrary SQL during authentication via a malicious search_path parameter in the StartupMessage.... Read more
Affected Products : pgbouncer- Published: Dec. 03, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Injection
-
8.1
HIGHCVE-2025-68587
Missing Authorization vulnerability in Bob Watu Quiz watu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Watu Quiz: from n/a through <= 3.4.5.... Read more
Affected Products : watu_quiz- Published: Dec. 24, 2025
- Modified: Dec. 24, 2025
- Vuln Type: Authorization
-
8.1
HIGHCVE-2025-53447
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Assembly assembly allows PHP Local File Inclusion.This issue affects Assembly: from n/a through <= 1.1.... Read more
Affected Products : assembly- Published: Dec. 18, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Path Traversal