Latest CVE Feed
-
8.1
HIGHCVE-2025-67507
Filament is a collection of full-stack components for accelerated Laravel development. Versions 4.0.0 through 4.3.0 contain a flaw in the handling of recovery codes for app-based multi-factor authentication, allowing the same recovery code to be reused in... Read more
Affected Products : filament- Published: Dec. 10, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Authentication
-
7.8
HIGHCVE-2025-67488
SiYuan is self-hosted, open source personal knowledge management software. Versions 0.0.0-20251202123337-6ef83b42c7ce and below contain function importZipMd which is vulnerable to ZipSlips, allowing an authenticated user to overwrite files on the system. ... Read more
Affected Products : siyuan- Published: Dec. 09, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Path Traversal
-
8.5
HIGHCVE-2021-47730
Selea Targa IP OCR-ANPR Camera contains a cross-site request forgery vulnerability that allows attackers to create administrative users without authentication. Attackers can craft a malicious web page that submits a form to add a new admin user with full ... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Cross-Site Request Forgery
-
8.7
HIGHCVE-2021-47705
COMMAX UMS Client ActiveX Control 1.7.0.2 contains a heap-based buffer overflow vulnerability that allows attackers to execute arbitrary code by providing excessively long string arrays through multiple functions. Attackers can exploit improper boundary v... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Memory Corruption
-
9.3
CRITICALCVE-2025-66039
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions are vulnerable to authentication bypass when the authentication type is set to "webserver." When providing an Authorization header with an arbitrary value, ... Read more
Affected Products : freepbx- Published: Dec. 09, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Authentication
-
2.4
LOWCVE-2025-13743
Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serialization. This poses a risk of leaking sensitive information in exported diagnostics, especially when access denied errors occurred.... Read more
Affected Products : desktop- Published: Dec. 09, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Information Disclosure
-
9.8
CRITICALCVE-2025-67506
PipesHub is a fully extensible workplace AI platform for enterprise search and workflow automation. Versions prior to 0.1.0-beta expose POST /api/v1/record/buffer/convert through missing authentication. The endpoint accepts a file upload and converts it t... Read more
Affected Products :- Published: Dec. 10, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Path Traversal
-
9.8
CRITICALCVE-2025-67489
@vitejs/plugin-rs provides React Server Components (RSC) support for Vite. Versions 0.5.5 and below are vulnerable to arbitrary remote code execution on the development server through unsafe dynamic imports in server function APIs (loadServerAction, decod... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Misconfiguration
-
9.3
CRITICALCVE-2021-47708
COMMAX Smart Home System CDP-1020n contains an SQL injection vulnerability that allows attackers to bypass authentication by injecting arbitrary SQL code through the 'id' parameter in 'loginstart.asp'. Attackers can exploit this by sending a POST request ... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Injection
-
9.9
CRITICALCVE-2023-53739
Tinycontrol LAN Controller v3 LK3 version 1.58a contains an unauthenticated vulnerability that allows remote attackers to download configuration backup files containing sensitive credentials. Attackers can retrieve the lk3_settings.bin file and extract ba... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Information Disclosure
-
6.9
MEDIUMCVE-2021-47723
STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can visit malicious web sites to trigger the forge request... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Cross-Site Request Forgery
-
8.7
HIGHCVE-2021-47709
COMMAX Smart Home System allows an unauthenticated attacker to change configuration and cause denial-of-service through the setconf endpoint. Attackers can trigger a denial-of-service scenario by sending a malformed request to the setconf endpoint.... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Denial of Service
-
8.5
HIGHCVE-2025-13152
A potential DLL hijacking vulnerability was reported in Lenovo One Client during an internal security assessment that could allow a local authenticated user to execute code with elevated privileges.... Read more
Affected Products : one_client- Published: Dec. 10, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Misconfiguration
-
4.3
MEDIUMCVE-2025-13125
Authorization Bypass Through User-Controlled Key vulnerability in Im Park Information Technology, Electronics, Press, Publishing and Advertising, Education Ltd. Co. DijiDemi allows Exploitation of Trusted Identifiers.This issue affects DijiDemi: through 2... Read more
Affected Products :- Published: Dec. 10, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-65815
A lack of security checks in the file import process of AB TECHNOLOGY Document Reader: PDF, DOC, PPT v65.0 allows attackers to execute a directory traversal.... Read more
Affected Products :- Published: Dec. 10, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Path Traversal
-
6.3
MEDIUMCVE-2025-9315
An unauthenticated device registration vulnerability, caused by Improperly Controlled Modification of Dynamically-Determined Object Attributes, has been identified in the MXsecurity Series. An unauthenticated remote attacker can exploit this vulnerability... Read more
Affected Products : mxsecurity- Published: Dec. 10, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Authentication
-
8.7
HIGHCVE-2025-12952
A privilege escalation vulnerability exists in Google Cloud's Dialogflow CX. Dialogflow agent developers with Webhook editor permission are able to configure Webhooks using Dialogflow service agent access token authentication. This allows the attacker t... Read more
Affected Products :- Published: Dec. 10, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Authorization
-
10.0
CRITICALCVE-2025-9056
Unprotected service in the AudioLink component allows a local attacker to overwrite system files via unauthorized service invocation.... Read more
Affected Products :- Published: Dec. 10, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Misconfiguration
-
9.4
CRITICALCVE-2025-13607
A malicious actor can access camera configuration information, including account credentials, without authenticating when accessing a vulnerable URL.... Read more
Affected Products :- Published: Dec. 10, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Authentication
-
6.9
MEDIUMCVE-2020-36884
BrightSign Digital Signage Diagnostic Web Server 8.2.26 and less contains an unauthenticated server-side request forgery vulnerability in the 'url' GET parameter of the Download Speed Test service. Attackers can specify external domains to bypass firewall... Read more
Affected Products :- Published: Dec. 10, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Server-Side Request Forgery