Latest CVE Feed
-
7.8
HIGHCVE-2025-14403
PDFsam Enhanced Launch Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDFsam Enhanced. User interaction is required to exploit this vulnerabili... Read more
Affected Products :- Published: Dec. 23, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Misconfiguration
-
7.8
HIGHCVE-2025-13713
Tencent Hunyuan3D-1 load_pretrained Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent Hunyuan3D-1. User interaction is required ... Read more
Affected Products :- Published: Dec. 23, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-66497
A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing PRC data. When opening a PDF file containing malformed or specially crafted PRC content, out-of-bounds memory acces... Read more
- Published: Dec. 19, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-47350
Memory corruption while handling concurrent memory mapping and unmapping requests from a user-space application.... Read more
Affected Products : wcd9380_firmware wcd9385_firmware fastconnect_6900_firmware fastconnect_7800_firmware qca0000_firmware wsa8840_firmware wsa8845_firmware wsa8845h_firmware wcd9380 wcd9385 +26 more products- Published: Dec. 18, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-14406
Soda PDF Desktop Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Soda PDF Desktop. An attacker must first obtain the ability to execut... Read more
Affected Products :- Published: Dec. 23, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Misconfiguration
-
7.8
HIGHCVE-2025-36936
In GetTachyonCommand of tachyon_server_common.h, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploi... Read more
Affected Products : android- Published: Dec. 11, 2025
- Modified: Dec. 15, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-36935
In trusty_ffa_mem_reclaim of shared-mem-smcall.c, there is a possible memory corruption due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploita... Read more
Affected Products : android- Published: Dec. 11, 2025
- Modified: Dec. 15, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-36932
In tracepoint_msg_handler of cpm/google/lib/tracepoint/tracepoint_ipc.c, there is a possible memory overwrite due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interacti... Read more
Affected Products : android- Published: Dec. 11, 2025
- Modified: Dec. 15, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-13712
Tencent HunyuanDiT merge Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent HunyuanDiT. User interaction is required to exploit t... Read more
Affected Products :- Published: Dec. 23, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Misconfiguration
-
7.8
HIGHCVE-2025-13662
Improper verification of cryptographic signatures in the patch management component of Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary code. User Interaction is required.... Read more
Affected Products : endpoint_manager- Published: Dec. 09, 2025
- Modified: Dec. 11, 2025
- Vuln Type: Cryptography
-
7.8
HIGHCVE-2025-66499
A heap-based buffer overflow vulnerability exists in the PDF parsing of Foxit PDF Reader when processing specially crafted JBIG2 data. An integer overflow in the calculation of the image buffer size may occur, potentially allowing a remote attacker to exe... Read more
- Published: Dec. 19, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-54305
An issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. One of the middlewares included in this application, LocalhostAuthMiddleware, authenticates users as ionadmin if the REMOTE_ADDR property in request.META is set to 127.0... Read more
Affected Products : torrent_suite_software- Published: Dec. 04, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Authentication
-
7.8
HIGHCVE-2025-43510
A memory corruption issue was addressed with improved lock state checking. This issue is fixed in watchOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Tahoe 26.1, visionOS 26.1, tvOS 26.1, macOS Sonoma 14.8.2, macOS Sequoia 15.7.2, iOS 26.1 and iPadOS 26.1. ... Read more
- Published: Dec. 12, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-14496
RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the... Read more
Affected Products :- Published: Dec. 23, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Authorization
-
7.8
HIGHCVE-2025-14423
GIMP LBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in th... Read more
Affected Products : gimp- Published: Dec. 23, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-66431
WebPros Plesk before 18.0.73.5 and 18.0.74 before 18.0.74.2 on Linux allows remote authenticated users to execute arbitrary code as root via domain creation. The attacker needs "Create and manage sites" with "Domains management" and "Subdomains management... Read more
Affected Products : plesk- Published: Dec. 03, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Authorization
-
7.8
HIGHCVE-2025-66476
Vim is an open source, command line text editor. Prior to version 9.1.1947, an uncontrolled search path vulnerability on Windows allows Vim to execute malicious executables placed in the current working directory for the current edited file. On Windows, w... Read more
Affected Products : vim- Published: Dec. 02, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Misconfiguration
-
7.8
HIGHCVE-2025-47320
Memory corruption while processing MFC channel configuration during music playback.... Read more
Affected Products :- Published: Dec. 18, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-54158
Missing authentication for critical function vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.2-13960 allows local users to execute arbitrary code via unspecified vectors.... Read more
Affected Products :- Published: Dec. 04, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Authentication
-
7.8
HIGHCVE-2025-20768
In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: A... Read more
- Published: Dec. 02, 2025
- Modified: Dec. 03, 2025
- Vuln Type: Memory Corruption