Latest CVE Feed
-
7.5
HIGHCVE-2025-62753
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in MadrasThemes MAS Videos allows PHP Local File Inclusion.This issue affects MAS Videos: from n/a through 1.3.2.... Read more
Affected Products :- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-66877
Buffer overflow vulnerability in function dcputchar in decompile.c in libming 0.4.8.... Read more
Affected Products :- Published: Dec. 29, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-56427
Directory Traversal vulnerability in ComposioHQ v.0.7.20 allows a remote attacker to obtain sensitive information via the _download_file_or_dir function.... Read more
Affected Products : composio- Published: Dec. 04, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-66865
An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.... Read more
Affected Products :- Published: Dec. 29, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-66863
An issue was discovered in function d_discriminator in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.... Read more
Affected Products :- Published: Dec. 29, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-63951
An insecure deserialization vulnerability exists in the rss-mp3.php script of the MiczFlor RPi-Jukebox-RFID project through commit 4b2334f0ae0e87c0568876fc41c48c38aa9a7014 (2025-10-07). The 'rss' GET parameter receives data that is passed directly to the ... Read more
Affected Products : phoniebox- Published: Dec. 18, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-68148
FreshRSS is a free, self-hostable RSS aggregator. From version 1.27.0 to before 1.28.0, An attacker could globally deny access to feeds via proxy modifying to 429 Retry-After for a large list of feeds on given instance, making it unusable for majority of ... Read more
Affected Products : freshrss- Published: Dec. 27, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2019-25258
LogicalDOC Enterprise 7.7.4 contains multiple post-authentication file disclosure vulnerabilities that allow attackers to read arbitrary files through unverified 'suffix' and 'fileVersion' parameters. Attackers can exploit directory traversal techniques i... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-66869
Buffer overflow vulnerability in function strcat in asan_interceptors.cpp in libming 0.4.8.... Read more
Affected Products :- Published: Dec. 29, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-15196
A vulnerability was identified in code-projects Assessment Management 1.0. This affects an unknown part of the file login.php. Such manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploit is publicly av... Read more
Affected Products :- Published: Dec. 29, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2019-25253
KYOCERA Net Admin 3.4.0906 contains an XML External Entity (XXE) injection vulnerability in the Multi-Set Template Editor that allows unauthenticated attackers to read arbitrary system files. Attackers can craft a malicious XML file with external entity r... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: XML External Entity
-
7.5
HIGHCVE-2025-15142
A vulnerability was identified in 9786 phpok3w up to 901d96a06809fb28b17f3a4362c59e70411c933c. Impacted is an unknown function of the file show.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely... Read more
Affected Products :- Published: Dec. 28, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-15195
A vulnerability was determined in code-projects Assessment Management 1.0. Affected by this issue is some unknown functionality of the file /admin/add-module.php. This manipulation of the argument linked[] causes sql injection. The attack can be initiated... Read more
Affected Products :- Published: Dec. 29, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-68606
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPXPO PostX ultimate-post allows Retrieve Embedded Sensitive Data.This issue affects PostX: from n/a through <= 5.0.3.... Read more
Affected Products : postx- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2018-25129
SOCA Access Control System 180612 contains multiple insecure direct object reference vulnerabilities that allow attackers to access sensitive user credentials. Attackers can retrieve authenticated and unauthenticated user password hashes and pins through ... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Authentication
-
7.5
HIGHCVE-2025-67621
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in 10up Eight Day Week Print Workflow eight-day-week-print-workflow allows Retrieve Embedded Sensitive Data.This issue affects Eight Day Week Print Workflow: from n/a... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-66377
Pexip Infinity before 39.0 has Missing Authentication for a Critical Function in a product-internal API, allowing an attacker (who already has access to execute code on one node within a Pexip Infinity installation) to impact the operation of other nodes ... Read more
Affected Products : infinity- Published: Dec. 25, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Authentication
-
7.5
HIGHCVE-2025-15256
A vulnerability was identified in Edimax BR-6208AC 1.02/1.03. Affected is the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component Web-based Configuration Interface. The manipulation of the argument rootAPmac leads to command inje... Read more
Affected Products :- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-68516
Insertion of Sensitive Information Into Sent Data vulnerability in Essekia Tablesome tablesome allows Retrieve Embedded Sensitive Data.This issue affects Tablesome: from n/a through <= 1.1.35.1.... Read more
Affected Products : tablesome- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-68568
Missing Authorization vulnerability in integrationclaspo Popup Builder: Exit-Intent pop-up, Spin the Wheel, Newsletter signup, Email Capture & Lead Generation forms maker claspo allows Exploiting Incorrectly Configured Access Control Security Levels.T... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Authorization