Latest CVE Feed
-
7.5
HIGHCVE-2024-24844
Missing Authorization vulnerability in IdeaBox Creations PowerPack Pro for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PowerPack Pro for Elementor: from n/a through 2.10.6.... Read more
Affected Products : powerpack_addons_for_elementor- Published: Dec. 23, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2024-25183
givanz VvvebJs 1.7.2 is vulnerable to Directory Traversal via scan.php.... Read more
Affected Products :- Published: Dec. 29, 2025
- Modified: Dec. 30, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-13077
The افزونه پیامک ووکامرس فوق حرفه ای (جدید) payamito sms woocommerce plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'columns' parameter in all versions up to, and including, 1.3.5. This is due to insufficient escaping on the ... Read more
Affected Products :- Published: Dec. 13, 2025
- Modified: Dec. 15, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-14207
A vulnerability was identified in tushar-2223 Hotel-Management-System up to bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15. The impacted element is an unknown function of the file /admin/invoiceprint.php. The manipulation of the argument ID leads to sql injecti... Read more
Affected Products :- Published: Dec. 08, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-48631
In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for expl... Read more
Affected Products : android- Published: Dec. 08, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-64666
Improper input validation in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.... Read more
- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
-
7.5
HIGHCVE-2025-69200
phpMyFAQ is an open source FAQ web application. In versions prior to 4.0.16, an unauthenticated remote attacker can trigger generation of a configuration backup ZIP via `POST /api/setup/backup` and then download the generated ZIP from a web-accessible loc... Read more
Affected Products : phpmyfaq- Published: Dec. 29, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-11419
A flaw was found in Keycloak. This vulnerability allows an unauthenticated remote attacker to cause a denial of service (DoS) by repeatedly initiating TLS 1.2 client-initiated renegotiation requests to exhaust server CPU resources, making the service unav... Read more
Affected Products : keycloak- Published: Dec. 23, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-65513
fetch-mcp v1.0.2 and before is vulnerable to Server-Side Request Forgery (SSRF) vulnerability, which allows attackers to bypass private IP validation and access internal network resources.... Read more
- Published: Dec. 09, 2025
- Modified: Dec. 30, 2025
- Vuln Type: Server-Side Request Forgery
-
7.5
HIGHCVE-2025-11789
Out-of-bounds read vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The 'DownloadFile' function converts a parameter to an integer using 'atoi()' and then uses it as an index in the 'FilesDownload' array with '(&FilesDownload)[iVar2]'. If the param... Read more
- Published: Dec. 02, 2025
- Modified: Dec. 03, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-13295
Insertion of Sensitive Information Into Sent Data vulnerability in Argus Technology Inc. BILGER allows Choosing Message Identifier.This issue affects BILGER: before 2.4.9.... Read more
Affected Products :- Published: Dec. 02, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-68068
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Stockholm stockholm allows PHP Local File Inclusion.This issue affects Stockholm: from n/a through <= 9.14.1.... Read more
Affected Products : stockholm- Published: Dec. 16, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-68062
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove MinimogWP minimog allows PHP Local File Inclusion.This issue affects MinimogWP: from n/a through <= 3.9.6.... Read more
Affected Products :- Published: Dec. 16, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-61729
Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a c... Read more
Affected Products : go- Published: Dec. 02, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-66524
Apache NiFi 1.20.0 through 2.6.0 include the GetAsanaObject Processor, which requires integration with a configurable Distribute Map Cache Client Service for storing and retrieving state information. The GetAsanaObject Processor used generic Java Object s... Read more
Affected Products : nifi- Published: Dec. 19, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Misconfiguration
-
7.5
HIGHCVE-2025-65857
An issue was discovered in Xiongmai XM530 IP cameras on firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06. The GetStreamUri exposes RTSP URIs containing hardcoded credentials enabling direct unauthorized video stream access.... Read more
Affected Products :- Published: Dec. 22, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-13724
The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'month' parameter in all versions up to, and including, 1.4.4 due to insufficient escaping on the user supplied parameter and lack of ... Read more
Affected Products : vikrentcar- Published: Dec. 02, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-1721
IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory.... Read more
Affected Products : concert- Published: Dec. 26, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-25341
A vulnerability exists in the libxmljs 1.0.11 when parsing a specially crafted XML document. Accessing the internal _ref property on entity_ref and entity_decl nodes causes a segmentation fault, potentially leading to a denial-of-service (DoS).... Read more
Affected Products : libxmljs- Published: Dec. 26, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-63364
Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway Firmware V3.1.1.0: HW 4.3.2.1: Webpage V7.04T.07.002880.0301 was discovered to transmit Administrator credentials in plaintext.... Read more
- Published: Dec. 04, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Information Disclosure