Latest CVE Feed
-
7.5
HIGHCVE-2025-67254
NagiosXI 2026R1.0.1 build 1762361101 is vulnerable to Directory Traversal in /admin/coreconfigsnapshots.php.... Read more
Affected Products :- Published: Dec. 29, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-25341
A vulnerability exists in the libxmljs 1.0.11 when parsing a specially crafted XML document. Accessing the internal _ref property on entity_ref and entity_decl nodes causes a segmentation fault, potentially leading to a denial-of-service (DoS).... Read more
Affected Products : libxmljs- Published: Dec. 26, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2024-42718
A path traversal vulnerability in Croogo CMS 4.0.7 allows remote attackers to read arbitrary files via a specially crafted path in the 'edit-file' parameter.... Read more
Affected Products : croogo- Published: Dec. 26, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-55065
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... Read more
Affected Products :- Published: Jan. 01, 2026
- Modified: Jan. 02, 2026
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-15422
A flaw has been found in EmpireSoft EmpireCMS up to 8.0. This issue affects the function egetip of the file e/class/connect.php of the component IP Address Handler. This manipulation causes protection mechanism failure. The attack may be initiated remotel... Read more
Affected Products : empirecms- Published: Jan. 02, 2026
- Modified: Jan. 07, 2026
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-15425
A vulnerability was determined in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /worksheet/del_user.jsp of the component HTTP GET Parameter Handler. Executing manipulation of the argument ID can lead to sql injection. The attack... Read more
Affected Products : ksoa- Published: Jan. 02, 2026
- Modified: Jan. 05, 2026
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-15426
A vulnerability was identified in jackying H-ui.admin up to 3.1. This affects an unknown function in the library /lib/webuploader/0.1.5/server/preview.php. The manipulation leads to unrestricted upload. The attack is possible to be carried out remotely. T... Read more
Affected Products :- Published: Jan. 02, 2026
- Modified: Jan. 02, 2026
- Vuln Type: Misconfiguration
-
7.5
HIGHCVE-2026-0546
A vulnerability was determined in code-projects Content Management System 1.0. This impacts an unknown function of the file search.php. This manipulation of the argument Value causes sql injection. The attack is possible to be carried out remotely. The ex... Read more
Affected Products : content_management_system- Published: Jan. 02, 2026
- Modified: Jan. 02, 2026
- Vuln Type: Injection
-
7.5
HIGHCVE-2024-25183
givanz VvvebJs 1.7.2 is vulnerable to Directory Traversal via scan.php.... Read more
Affected Products : vvvebjs- Published: Dec. 29, 2025
- Modified: Jan. 02, 2026
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-52196
Server-Side Request Forgery (SSRF) vulnerability in Ctera Portal 8.1.x (8.1.1417.24) allows remote attackers to induce the server to make arbitrary HTTP requests via a crafted HTML file containing an iframe.... Read more
Affected Products : ctera- Published: Dec. 16, 2025
- Modified: Jan. 02, 2026
- Vuln Type: Server-Side Request Forgery
-
7.5
HIGHCVE-2025-52582
An out-of-bounds read vulnerability exists in the Overlay::GrabOverlayFromPixelData functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerabil... Read more
Affected Products : grassroots_dicom- Published: Dec. 16, 2025
- Modified: Jan. 02, 2026
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-50681
igmpproxy 0.4 before commit 2b30c36 allows remote attackers to cause a denial of service (application crash) via a crafted IGMPv3 membership report packet with a malicious source address. Due to insufficient validation in the `recv_igmp()` function in src... Read more
Affected Products : igmpproxy- Published: Dec. 19, 2025
- Modified: Jan. 02, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-67015
Incorrect access control in Comtech EF Data CDM-625 / CDM-625A Advanced Satellite Modem with firmware v2.5.1 allows attackers to change the Administrator password and escalate privileges via sending a crafted POST request to /Forms/admin_access_1.... Read more
- Published: Dec. 26, 2025
- Modified: Jan. 02, 2026
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-67269
An integer underflow vulnerability exists in the `nextstate()` function in `gpsd/packet.c` of gpsd versions prior to commit `ffa1d6f40bca0b035fc7f5e563160ebb67199da7`. When parsing a NAVCOM packet, the payload length is calculated using `lexer->length = (... Read more
Affected Products :- Published: Jan. 02, 2026
- Modified: Jan. 06, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-65513
fetch-mcp v1.0.2 and before is vulnerable to Server-Side Request Forgery (SSRF) vulnerability, which allows attackers to bypass private IP validation and access internal network resources.... Read more
- Published: Dec. 09, 2025
- Modified: Jan. 02, 2026
- Vuln Type: Server-Side Request Forgery
-
7.5
HIGHCVE-2025-65512
A Server-Side Request Forgery (SSRF) vulnerability was discovered in the webpage-to-markdown conversion feature of markdownify-mcp v0.0.2 and before. This vulnerability allows an attacker to bypass private IP restrictions through hostname-based bypass and... Read more
- Published: Dec. 10, 2025
- Modified: Jan. 02, 2026
- Vuln Type: Server-Side Request Forgery
-
7.5
HIGHCVE-2025-68460
Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a information disclosure vulnerability in the HTML style sanitizer.... Read more
Affected Products : webmail- Published: Dec. 18, 2025
- Modified: Jan. 02, 2026
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-68131
cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) serialization format. Starting in version 3.0.0 and prior to version 5.8.0, whhen a CBORDecoder instance is reused across multiple decode operations, values marked wi... Read more
Affected Products : cbor2- Published: Dec. 31, 2025
- Modified: Jan. 02, 2026
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-67160
An issue in Vatilon v1.12.37-20240124 allows attackers to access sensitive directories and files via a directory traversal.... Read more
Affected Products :- Published: Jan. 02, 2026
- Modified: Jan. 06, 2026
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2026-0567
A vulnerability was detected in code-projects Content Management System 1.0. The affected element is an unknown function of the file /pages.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exp... Read more
Affected Products : content_management_system- Published: Jan. 02, 2026
- Modified: Jan. 02, 2026
- Vuln Type: Injection