Latest CVE Feed
-
7.5
HIGHCVE-2025-13724
The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'month' parameter in all versions up to, and including, 1.4.4 due to insufficient escaping on the user supplied parameter and lack of ... Read more
Affected Products : vikrentcar- Published: Dec. 02, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-41742
Sprecher Automations SPRECON-E-C, SPRECON-E-P, SPRECON-E-T3 is vulnerable to attack by an unauthorized remote attacker via default cryptographic keys. The use of these keys allows the attacker to read, modify, and write projects and data, or to access an... Read more
Affected Products :- Published: Dec. 02, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Cryptography
-
6.6
MEDIUMCVE-2025-11772
A carefully crafted DLL, copied to C:\ProgramData\Synaptics folder, allows a local user to execute arbitrary code with elevated privileges during driver installation.... Read more
Affected Products : fingerprint_driver- Published: Dec. 01, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2025-13835
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tyche Softwares Arconix Shortcodes allows Stored XSS.This issue affects Arconix Shortcodes: from n/a through 2.1.19.... Read more
Affected Products : arconix_shortcodes- Published: Dec. 01, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Cross-Site Scripting
-
8.6
HIGHCVE-2025-12465
A Blind SQL injection vulnerability has been identified in QuickCMS. Improper neutralization of input provided by a high-privileged user into aFilesDelete allows for Blind SQL Injection attacks. The vendor was notified early about this vulnerability, but... Read more
Affected Products : quick.cms- Published: Dec. 02, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Injection