Latest CVE Feed
-
7.2
HIGHCVE-2025-14898
A security flaw has been discovered in CodeAstro Real Estate Management System 1.0. This affects an unknown function of the file /admin/userbuilderdelete.php of the component Administrator Endpoint. The manipulation results in sql injection. The attack ca... Read more
Affected Products : real_estate_management_system- Published: Dec. 19, 2025
- Modified: Dec. 24, 2025
- Vuln Type: Injection
-
7.2
HIGHCVE-2025-14899
A weakness has been identified in CodeAstro Real Estate Management System 1.0. This impacts an unknown function of the file /admin/stateadd.php of the component Administrator Endpoint. This manipulation causes sql injection. The attack may be initiated re... Read more
Affected Products : real_estate_management_system- Published: Dec. 19, 2025
- Modified: Dec. 24, 2025
- Vuln Type: Injection
-
7.2
HIGHCVE-2025-15169
A weakness has been identified in BiggiDroid Simple PHP CMS 1.0. Affected by this issue is some unknown functionality of the file /admin/editsite.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be performed from re... Read more
Affected Products : simple_php_cms- Published: Dec. 29, 2025
- Modified: Jan. 02, 2026
- Vuln Type: Injection
-
7.2
HIGHCVE-2025-58770
APTIOV contains a vulnerability in BIOS where a user may cause “Improper Handling of Insufficient Permissions or Privileges” by local access. Successful exploitation of this vulnerability can lead to escalation of authorization and potentially impact Inte... Read more
Affected Products : aptio_v- Published: Dec. 12, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Authorization
-
7.2
HIGHCVE-2025-14648
A security vulnerability has been detected in DedeBIZ up to 6.5.9. Affected by this vulnerability is an unknown functionality of the file /src/admin/catalog_add.php. Such manipulation leads to command injection. It is possible to launch the attack remotel... Read more
Affected Products : dedebiz- Published: Dec. 14, 2025
- Modified: Dec. 22, 2025
- Vuln Type: Injection
-
7.2
HIGHCVE-2025-64122
Insufficiently Protected Credentials vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows Signature Spoofing by Key Theft.This issue affects Multi-Stack Controller (MSC): through 2.5.1.... Read more
Affected Products :- Published: Jan. 02, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Cryptography
-
7.2
HIGHCVE-2025-14731
A weakness has been identified in CTCMS Content Management System up to 2.1.2. This affects an unknown function in the library /ctcms/apps/libraries/CT_Parser.php of the component Frontend/Template Management Module. This manipulation causes improper neut... Read more
Affected Products : ctcms- Published: Dec. 16, 2025
- Modified: Dec. 24, 2025
- Vuln Type: Injection
-
7.2
HIGHCVE-2025-52600
Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered a vulnerability in camera video analytics that Improper input validation. This vulnerability could allow an ... Read more
Affected Products : pnm-7000vd_firmware pnm-7002vd_firmware pnm-9000vd_firmware pnm-9000vq_firmware pnm-9002vq_firmware pnm-9080vq_firmware pnm-9081vq_firmware pnm-9084qz_firmware pnm-9084qz1_firmware pnm-9084rqz_firmware +502 more products- Published: Dec. 26, 2025
- Modified: Jan. 07, 2026
- Vuln Type: Injection
-
7.2
HIGHCVE-2021-47732
CMSimple 5.2 contains a stored cross-site scripting vulnerability in the Filebrowser External input field that allows attackers to inject malicious JavaScript. Attackers can place unfiltered JavaScript code that executes when users click on Page or Files ... Read more
Affected Products : cmsimple- Published: Dec. 23, 2025
- Modified: Jan. 05, 2026
- Vuln Type: Cross-Site Scripting
-
7.2
HIGHCVE-2025-14966
A vulnerability was determined in FastAdmin up to 1.7.0.20250506. Affected is the function selectpage of the file application/common/controller/Backend.php of the component Backend Controller. Executing manipulation of the argument custom/searchField can ... Read more
Affected Products : fastadmin- Published: Dec. 19, 2025
- Modified: Jan. 08, 2026
- Vuln Type: Injection
-
7.2
HIGHCVE-2025-67172
RiteCMS v3.1.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the parse_special_tags() function.... Read more
Affected Products : ritecms- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Injection
-
7.2
HIGHCVE-2025-5965
In the backup parameters, a user with high privilege is able to concatenate custom instructions to the backup setup. Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Centreon Infra Monitoring (Bac... Read more
Affected Products :- Published: Jan. 05, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Injection
-
7.2
HIGHCVE-2025-13307
The Ocean Modal Window WordPress plugin before 2.3.3 is vulnerable to Remote Code Execution via the modal display logic. These modals can be displayed under user-controlled conditions that Editors and Administrators can set (edit_pages capability). The co... Read more
Affected Products :- Published: Dec. 19, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Injection
-
7.2
HIGHCVE-2025-64676
'.../...//' in Microsoft Purview allows an authorized attacker to execute code over a network.... Read more
- Published: Dec. 18, 2025
- Modified: Jan. 06, 2026
-
7.2
HIGHCVE-2025-66921
A Cross-site scripting (XSS) vulnerability in Create/Update Item(s) Module in Open Source Point of Sale v3.4.1 allows remote attackers to inject arbitrary web script or HTML via the "name" parameter.... Read more
Affected Products : open_source_point_of_sale- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Cross-Site Scripting
-
7.2
HIGHCVE-2025-15197
A security flaw has been discovered in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. This vulnerability affects unknown code of the file /admin/editposts.php. Performing manipulation of the argument image results in unrestricted... Read more
- Published: Dec. 29, 2025
- Modified: Jan. 07, 2026
- Vuln Type: Misconfiguration
-
7.2
HIGHCVE-2025-14509
The Lucky Wheel for WooCommerce – Spin a Sale plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.1.13. This is due to the plugin using eval() to execute user-supplied input from the 'Conditional Tags' setting ... Read more
Affected Products :- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Injection
-
7.2
HIGHCVE-2026-21873
NiceGUI is a Python-based UI framework. From versions 2.22.0 to 3.4.1, an unsafe implementation in the pushstate event listener used by ui.sub_pages allows an attacker to manipulate the fragment identifier of the URL, which they can do despite being cross... Read more
Affected Products : nicegui- Published: Jan. 08, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Cross-Site Scripting
-
7.2
HIGHCVE-2025-68461
Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting (XSS) vulnerability via the animate tag in an SVG document.... Read more
Affected Products : webmail- Published: Dec. 18, 2025
- Modified: Jan. 02, 2026
- Vuln Type: Cross-Site Scripting
-
7.2
HIGHCVE-2025-13592
The Advanced Ads plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.0.14 via the 'change-ad__content' shortcode parameter. This allows authenticated attackers with editor-level permissions or above, to execute ... Read more
Affected Products : advanced_ads_-_ad_manager_\&_adsense- Published: Dec. 29, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Injection