Latest CVE Feed
-
9.8
CRITICALCVE-2025-13773
The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.8.0 via the 'WooCommerce_Delivery_Notes::update' function. This is due to missing capability check in th... Read more
Affected Products : print_invoice_\&_delivery_notes_for_woocommerce- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-15008
A vulnerability was detected in Tenda WH450 1.0.0.18. This affects an unknown part of the file /goform/L7Port of the component HTTP Request Handler. Performing manipulation of the argument page results in stack-based buffer overflow. The attack may be ini... Read more
- Published: Dec. 22, 2025
- Modified: Dec. 30, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-15090
A vulnerability was found in UTT 进取 512W up to 1.7.7-171114. This vulnerability affects the function strcpy of the file /goform/formConfigNoticeConfig. The manipulation of the argument timestart results in buffer overflow. The attack may be performed from... Read more
- Published: Dec. 25, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-15198
A weakness has been identified in code-projects College Notes Uploading System 1.0. This issue affects some unknown processing of the file /login.php. Executing manipulation of the argument User can lead to sql injection. The attack may be launched remote... Read more
Affected Products : college_notes_uploading_system- Published: Dec. 29, 2025
- Modified: Jan. 05, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2022-50803
JM-DATA ONU JF511-TV version 1.0.67 uses default credentials that allow attackers to gain unauthorized access to the device with administrative privileges.... Read more
Affected Products :- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-68506
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Nawawi Jamili Docket Cache docket-cache allows PHP Local File Inclusion.This issue affects Docket Cache: from n/a through <= 24.07.03.... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Path Traversal
-
9.8
CRITICALCVE-2025-14961
A vulnerability was detected in code-projects Simple Blood Donor Management System 1.0. The affected element is an unknown function of the file /editedcampaign.php. The manipulation of the argument campaignname results in sql injection. The attack can be ... Read more
Affected Products : simple_blood_donor_management_system- Published: Dec. 19, 2025
- Modified: Dec. 30, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-68530
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in pavothemes Bookory bookory allows PHP Local File Inclusion.This issue affects Bookory: from n/a through <= 2.2.7.... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Path Traversal
-
9.8
CRITICALCVE-2017-20216
FLIR Thermal Camera PT-Series firmware version 8.0.0.64 contains multiple unauthenticated remote command injection vulnerabilities in the controllerFlirSystem.php script. Attackers can execute arbitrary system commands as root by exploiting unsanitized PO... Read more
Affected Products :- Published: Jan. 08, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2023-54327
Tinycontrol LAN Controller 1.58a contains an authentication bypass vulnerability that allows unauthenticated attackers to change admin passwords through a crafted API request. Attackers can exploit the /stm.cgi endpoint with a specially crafted authentica... Read more
- Published: Dec. 30, 2025
- Modified: Jan. 16, 2026
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-15196
A vulnerability was identified in code-projects Assessment Management 1.0. This affects an unknown part of the file login.php. Such manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploit is publicly av... Read more
Affected Products : assessment_management- Published: Dec. 29, 2025
- Modified: Jan. 07, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-15165
A vulnerability has been found in itsourcecode Online Cake Ordering System 1.0. The impacted element is an unknown function of the file /updatecustomer.php?action=edit. The manipulation of the argument ID leads to sql injection. The attack may be initiate... Read more
- Published: Dec. 29, 2025
- Modified: Dec. 30, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-68705
RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 to 1.0.0-alpha.78, RustFS contains a path traversal vulnerability in the /rustfs/rpc/read_file_stream endpoint. This issue has been patched in version 1.0.0-alpha.79.... Read more
Affected Products : rustfs- Published: Jan. 07, 2026
- Modified: Jan. 16, 2026
- Vuln Type: Path Traversal
-
9.8
CRITICALCVE-2019-25236
iSeeQ Hybrid DVR WH-H4 1.03R contains an unauthenticated vulnerability in the get_jpeg script that allows unauthorized access to live video streams. Attackers can retrieve video snapshots from specific camera channels by sending requests to the /cgi-bin/g... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-68565
Missing Authorization vulnerability in JayBee Twitch Player ttv-easy-embed-player allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Twitch Player: from n/a through <= 2.1.3.... Read more
Affected Products : twitch_player- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2025-60534
Blue Access Cobalt v02.000.195 suffers from an authentication bypass vulnerability, which allows an attacker to selectively proxy requests in order to operate functionality on the web application without the need to authenticate with legitimate credential... Read more
Affected Products :- Published: Jan. 06, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-14989
A vulnerability was identified in Campcodes Complete Online Beauty Parlor Management System 1.0. This issue affects some unknown processing of the file /admin/search-invoices.php. Such manipulation leads to sql injection. The attack can be launched remote... Read more
- Published: Dec. 21, 2025
- Modified: Dec. 30, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-14940
A vulnerability was determined in code-projects Scholars Tracking System 1.0. The affected element is an unknown function of the file /admin/delete_user.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack ... Read more
Affected Products : scholars_tracking_system- Published: Dec. 19, 2025
- Modified: Dec. 24, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-22708
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Mitech mitech allows PHP Local File Inclusion.This issue affects Mitech: from n/a through <= 2.3.4.... Read more
Affected Products :- Published: Jan. 08, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Path Traversal
-
9.8
CRITICALCVE-2025-14990
A security flaw has been discovered in Campcodes Complete Online Beauty Parlor Management System 1.0. Impacted is an unknown function of the file /admin/view-appointment.php. Performing manipulation of the argument viewid results in sql injection. The att... Read more
- Published: Dec. 21, 2025
- Modified: Dec. 30, 2025
- Vuln Type: Injection