Latest CVE Feed
-
7.5
HIGHCVE-2025-15264
A vulnerability was determined in FeehiCMS up to 2.1.1. Impacted is an unknown function of the file frontend/web/timthumb.php of the component TimThumb. Executing manipulation of the argument src can lead to server-side request forgery. The attack can be ... Read more
Affected Products : feehicms- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Server-Side Request Forgery
-
7.5
HIGHCVE-2025-68988
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in o2oe E-Invoice App Malaysia einvoiceapp-malaysia allows Retrieve Embedded Sensitive Data.This issue affects E-Invoice App Malaysia: from n/a through <= 1.1.0.... Read more
Affected Products :- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-66863
An issue was discovered in function d_discriminator in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.... Read more
Affected Products :- Published: Dec. 29, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-66862
A buffer overflow vulnerability in function gnu_special in file cplus-dem.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.... Read more
Affected Products :- Published: Dec. 29, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-69235
Whale browser before 4.35.351.12 allows an attacker to bypass the Same-Origin Policy in a sidebar environment.... Read more
Affected Products : whale- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Misconfiguration
-
7.5
HIGHCVE-2025-15424
A vulnerability was found in Yonyou KSOA 9.0. The affected element is an unknown function of the file /worksheet/agent_worksdel.jsp of the component HTTP GET Parameter Handler. Performing manipulation of the argument ID results in sql injection. Remote ex... Read more
Affected Products :- Published: Jan. 02, 2026
- Modified: Jan. 02, 2026
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-67621
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in 10up Eight Day Week Print Workflow eight-day-week-print-workflow allows Retrieve Embedded Sensitive Data.This issue affects Eight Day Week Print Workflow: from n/a... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-15408
A vulnerability was found in code-projects Online Guitar Store 1.0. Affected is an unknown function of the file /admin/Create_product.php. Performing manipulation of the argument dre_title results in sql injection. The attack is possible to be carried out... Read more
Affected Products :- Published: Jan. 01, 2026
- Modified: Jan. 01, 2026
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-15263
A weakness has been identified in BiggiDroid Simple PHP CMS 1.0. Affected is an unknown function of the file /admin/login.php of the component Admin Login. Executing manipulation of the argument Username can lead to sql injection. The attack can be execut... Read more
Affected Products :- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-65831
The application uses an insecure hashing algorithm (MD5) to hash passwords. If an attacker obtained a copy of these hashes, either through exploiting cloud services, performing TLS downgrade attacks on the traffic from a mobile device, or through another ... Read more
Affected Products : meatmeet- Published: Dec. 10, 2025
- Modified: Dec. 30, 2025
- Vuln Type: Cryptography
-
7.5
HIGHCVE-2025-15420
A security vulnerability has been detected in Yonyou KSOA 9.0. This affects an unknown part of the file /worksheet/agent_work_report.jsp. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has bee... Read more
Affected Products :- Published: Jan. 02, 2026
- Modified: Jan. 02, 2026
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-15421
A vulnerability was detected in Yonyou KSOA 9.0. This vulnerability affects unknown code of the file /worksheet/agent_worksadd.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument ID results in sql injection. The attack can be... Read more
Affected Products :- Published: Jan. 02, 2026
- Modified: Jan. 02, 2026
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-68516
Insertion of Sensitive Information Into Sent Data vulnerability in Essekia Tablesome tablesome allows Retrieve Embedded Sensitive Data.This issue affects Tablesome: from n/a through <= 1.1.35.1.... Read more
Affected Products : tablesome- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-68544
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Thembay Diza allows PHP Local File Inclusion.This issue affects Diza: from n/a through 1.3.15.... Read more
Affected Products :- Published: Dec. 23, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-63950
An insecure deserialization vulnerability exists in the download.php script of the to3k Twittodon application through commit b1c58a7d1dc664b38deb486ca290779621342c0b (2023-02-28). The 'obj' parameter receives base64-encoded data that is passed directly to... Read more
Affected Products : twittodon- Published: Dec. 18, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-64666
Improper input validation in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.... Read more
- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
-
7.5
HIGHCVE-2025-13077
The افزونه پیامک ووکامرس فوق حرفه ای (جدید) payamito sms woocommerce plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'columns' parameter in all versions up to, and including, 1.3.5. This is due to insufficient escaping on the ... Read more
Affected Products :- Published: Dec. 13, 2025
- Modified: Dec. 15, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-63757
Integer overflow vulnerability in the yuv2ya16_X_c_template function in libswscale/output.c in FFmpeg 8.0.... Read more
Affected Products : ffmpeg- Published: Dec. 18, 2025
- Modified: Dec. 30, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-66909
Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an image decompression bomb denial of service vulnerability. The ExtendedOpenCVImage class in ai/djl/opencv/ExtendedOpenCVImage.java loads images using OpenCV's imread() function without valida... Read more
Affected Products :- Published: Dec. 19, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-66116
Insertion of Sensitive Information Into Sent Data vulnerability in UserElements Ultimate Member Widgets for Elementor ultimate-member-widgets-for-elementor allows Retrieve Embedded Sensitive Data.This issue affects Ultimate Member Widgets for Elementor: f... Read more
Affected Products :- Published: Dec. 18, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Information Disclosure