Latest CVE Feed
-
7.5
HIGHCVE-2025-65797
Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete registered identity providers, leading to an account takeover or Denial of Service (DoS).... Read more
Affected Products : memos- Published: Dec. 08, 2025
- Modified: Dec. 11, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-14327
Spoofing issue in the Downloads Panel component. This vulnerability affects Firefox < 146 and Thunderbird < 146.... Read more
- Published: Dec. 09, 2025
- Modified: Dec. 11, 2025
- Vuln Type: Authentication
-
7.5
HIGHCVE-2025-13339
The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.7.1 via the template_redirect() function. This makes it possible for unauthenticated attackers to read the contents of arbit... Read more
Affected Products :- Published: Dec. 10, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-65831
The application uses an insecure hashing algorithm (MD5) to hash passwords. If an attacker obtained a copy of these hashes, either through exploiting cloud services, performing TLS downgrade attacks on the traffic from a mobile device, or through another ... Read more
Affected Products :- Published: Dec. 10, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Cryptography
-
7.5
HIGHCVE-2025-14990
A security flaw has been discovered in Campcodes Complete Online Beauty Parlor Management System 1.0. Impacted is an unknown function of the file /admin/view-appointment.php. Performing manipulation of the argument viewid results in sql injection. The att... Read more
Affected Products : online_beauty_parlor_management_system- Published: Dec. 21, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-15165
A vulnerability has been found in itsourcecode Online Cake Ordering System 1.0. The impacted element is an unknown function of the file /updatecustomer.php?action=edit. The manipulation of the argument ID leads to sql injection. The attack may be initiate... Read more
Affected Products : online_cake_ordering_system- Published: Dec. 29, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-15166
A vulnerability was found in itsourcecode Online Cake Ordering System 1.0. This affects an unknown function of the file /updatesupplier.php?action=edit. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The... Read more
Affected Products : online_cake_ordering_system- Published: Dec. 29, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-12850
The My auctions allegro plugin for WordPress is vulnerable to SQL Injection via the ‘auction_id’ parameter in all versions up to, and including, 3.6.32 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the e... Read more
Affected Products :- Published: Dec. 05, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-68388
Allocation of resources without limits or throttling (CWE-770) allows an unauthenticated remote attacker to cause excessive allocation (CAPEC-130) of memory and CPU via the integration of malicious IPv4 fragments, leading to a degradation in Packetbeat.... Read more
Affected Products : packetbeat- Published: Dec. 18, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2024-42718
A path traversal vulnerability in Croogo CMS 4.0.7 allows remote attackers to read arbitrary files via a specially crafted path in the 'edit-file' parameter.... Read more
Affected Products : croogo- Published: Dec. 26, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2024-45539
Out-of-bounds write vulnerability in cgi components in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to conduct denial-of-service attacks via unsp... Read more
- Published: Dec. 04, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-57213
Incorrect access control in the component orderService.queryObject of platform v1.0.0 allows attackers to access sensitive information via a crafted request.... Read more
Affected Products : platform- Published: Dec. 04, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-65945
auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an improper signature verification vulnerability when using the HS256 algorithm under specific conditions. Applications ... Read more
Affected Products :- Published: Dec. 04, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Authentication
-
7.5
HIGHCVE-2025-14207
A vulnerability was identified in tushar-2223 Hotel-Management-System up to bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15. The impacted element is an unknown function of the file /admin/invoiceprint.php. The manipulation of the argument ID leads to sql injecti... Read more
Affected Products :- Published: Dec. 08, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-58478
Out-of-bounds write in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.... Read more
Affected Products : android- Published: Dec. 02, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-65878
The warehouse management system version 1.2 contains an arbitrary file read vulnerability. The endpoint `/file/showImageByPath` does not sanitize user-controlled path parameters. An attacker could exploit directory traversal to read arbitrary files on the... Read more
Affected Products : warehouse_management_system- Published: Dec. 05, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-11419
A flaw was found in Keycloak. This vulnerability allows an unauthenticated remote attacker to cause a denial of service (DoS) by repeatedly initiating TLS 1.2 client-initiated renegotiation requests to exhaust server CPU resources, making the service unav... Read more
Affected Products : keycloak- Published: Dec. 23, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-58479
Out-of-bounds read in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.... Read more
Affected Products : android- Published: Dec. 02, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-15127
A security vulnerability has been detected in FantasticLBP Hotels_Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. Affected by this issue is some unknown functionality of the file /controller/api/Room.php. Such manipulation of the argument hotelId l... Read more
Affected Products :- Published: Dec. 28, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-67111
An integer overflow in the RTPS protocol implementation of OpenDDS DDS before v3.33.0 allows attackers to cause a Denial of Service (DoS) via a crafted message.... Read more
Affected Products :- Published: Dec. 23, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Denial of Service