Latest CVE Feed
-
6.4
MEDIUMCVE-2025-68145
In mcp-server-git versions prior to 2025.12.17, when the server is started with the --repository flag to restrict operations to a specific repository path, it did not validate that repo_path arguments in subsequent tool calls were actually within that con... Read more
Affected Products :- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Path Traversal
-
7.1
HIGHCVE-2025-61736
Successful exploitation of this vulnerability could result in the product failing to re-establish communication once the certificate expires.... Read more
Affected Products :- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2022-23851
Netaxis API Orchestrator (APIO) before 0.19.3 allows server side template injection (SSTI).... Read more
Affected Products :- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Injection
-
6.6
MEDIUMCVE-2025-65855
The OTA firmware update mechanism in Netun Solutions HelpFlash IoT (firmware v18_178_221102_ASCII_PRO_1R5_50) uses hard-coded WiFi credentials identical across all devices and does not authenticate update servers or validate firmware signatures. An attack... Read more
Affected Products :- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Misconfiguration
-
9.8
CRITICALCVE-2025-67073
A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload (field `serviceName... Read more
Affected Products :- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Memory Corruption
-
1.7
LOWCVE-2025-66647
RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. A vulnerability was discovered in the IPv6 fragmentation reassembly implementation of RIOT OS v2025... Read more
Affected Products : riot- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-67493
Homarr is an open-source dashboard. Prior to version 1.45.3, it was possible to craft an input which allowed privilege escalation and getting access to groups of other users due to missing sanitization of inputs in ldap search query. The vulnerability cou... Read more
Affected Products :- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Authentication
-
6.8
MEDIUMCVE-2025-68129
Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as A... Read more
Affected Products : auth0- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Authentication
-
7.8
HIGHCVE-2025-27063
Memory corruption during video playback when video session open fails with time out error.... Read more
Affected Products :- Published: Dec. 18, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-47323
Memory corruption while routing GPR packets between user and root when handling large data packet.... Read more
Affected Products :- Published: Dec. 18, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-47387
Memory Corruption when processing IOCTLs for JPEG data without verification.... Read more
Affected Products :- Published: Dec. 18, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Memory Corruption
-
7.1
HIGHCVE-2023-53907
Bludit versions before 3.13.1 contain an authenticated file download vulnerability in the Backup Plugin that allows logged-in users to access arbitrary files. Attackers can exploit the plugin's download functionality by manipulating file path parameters t... Read more
Affected Products :- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Path Traversal
-
6.0
MEDIUMCVE-2025-14762
Missing cryptographic key commitment in the AWS SDK for Ruby may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's met... Read more
Affected Products :- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Cryptography
-
9.6
CRITICALCVE-2025-67787
An issue was discovered in 25.1.2 before 25.1.5. A Cross Site Scripting (XSS) issue in DriveLock Operations Center allows for session takeover over a network.... Read more
Affected Products :- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Cross-Site Scripting
-
7.7
HIGHCVE-2025-68432
Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Language Server Protocol (LSP) configurations from the `settings.json` file located within a project’s `.zed` subdirectory. A malicious L... Read more
Affected Products :- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Misconfiguration
-
7.7
HIGHCVE-2025-68433
Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Model Context Protocol (MCP) configurations from the `settings.json` file located within a project’s `.zed` subdirectory. A malicious MCP... Read more
Affected Products :- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2025-26381
Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to sensitive information.... Read more
Affected Products :- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Information Disclosure
-
9.9
CRITICALCVE-2025-67164
An authenticated arbitrary file upload vulnerability in the /storage/poc.php component of Pagekit CMS v1.0.18 allows attackers to execute arbitrary code via uploading a crafted PHP file.... Read more
Affected Products : pagekit- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-67165
An Insecure Direct Object Reference (IDOR) in Pagekit CMS v1.0.18 allows attackers to escalate privileges.... Read more
Affected Products : pagekit- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Authorization
-
7.2
HIGHCVE-2025-68460
Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a information disclosure vulnerability in the HTML style sanitizer.... Read more
Affected Products : webmail- Published: Dec. 18, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Information Disclosure