Latest CVE Feed
-
7.2
HIGHCVE-2025-14855
The SureForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form field parameters in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticate... Read more
Affected Products :- Published: Dec. 21, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Cross-Site Scripting
-
7.2
HIGHCVE-2025-68460
Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a information disclosure vulnerability in the HTML style sanitizer.... Read more
Affected Products : webmail- Published: Dec. 18, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Information Disclosure
-
7.2
HIGHCVE-2025-14899
A weakness has been identified in CodeAstro Real Estate Management System 1.0. This impacts an unknown function of the file /admin/stateadd.php of the component Administrator Endpoint. This manipulation causes sql injection. The attack may be initiated re... Read more
Affected Products : real_estate_management_system- Published: Dec. 19, 2025
- Modified: Dec. 24, 2025
- Vuln Type: Injection
-
7.2
HIGHCVE-2025-14729
A vulnerability was identified in CTCMS Content Management System up to 2.1.2. The affected element is the function Save of the file /ctcms/libs/Ct_App.php of the component Backend App Configuration Module. The manipulation of the argument CT_App_Paytype ... Read more
Affected Products : ctcms- Published: Dec. 15, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Injection
-
7.2
HIGHCVE-2025-14509
The Lucky Wheel for WooCommerce – Spin a Sale plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.1.13. This is due to the plugin using eval() to execute user-supplied input from the 'Conditional Tags' setting ... Read more
Affected Products :- Published: Dec. 30, 2025
- Modified: Dec. 30, 2025
- Vuln Type: Injection
-
7.2
HIGHCVE-2025-15143
A security flaw has been discovered in EyouCMS up to 1.7.6. The affected element is an unknown function of the file /application/admin/logic/FilemanagerLogic.php of the component Backend Template Management. The manipulation of the argument content result... Read more
Affected Products : eyoucms- Published: Dec. 28, 2025
- Modified: Dec. 30, 2025
- Vuln Type: Injection
-
7.2
HIGHCVE-2022-50787
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x contains an unauthenticated stored cross-site scripting vulnerability in the username parameter that allows attackers to inject malicious scripts. Attackers can exploit the unvalidated username input to execute a... Read more
Affected Products :- Published: Dec. 30, 2025
- Modified: Dec. 30, 2025
- Vuln Type: Cross-Site Scripting
-
7.2
HIGHCVE-2025-13700
DreamFactory saveZipFile Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of DreamFactory. Authentication is required to exploit this vulnerability. The ... Read more
Affected Products :- Published: Dec. 23, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Injection
-
7.2
HIGHCVE-2025-2515
A vulnerability was found in BlueChi, a multi-node systemd service controller used in RHIVOS. This flaw allows a user with root privileges on a managed node (qm) to create or override systemd service unit files that affect the host node. This issue can le... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Misconfiguration
-
7.2
HIGHCVE-2025-59697
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to escalate privileges by editing the Legacy GRUB bootloader configuration to start a root shell upon boot of the host OS. This is cal... Read more
- Published: Dec. 02, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Authentication
-
7.2
HIGHCVE-2025-14837
A vulnerability has been found in ZZCMS 2025. Affected by this issue is the function stripfxg of the file /admin/siteconfig.php of the component Backend Website Settings Module. Such manipulation of the argument icp leads to code injection. The attack can... Read more
Affected Products : zzcms- Published: Dec. 18, 2025
- Modified: Dec. 30, 2025
- Vuln Type: Injection
-
7.2
HIGHCVE-2025-14939
A vulnerability was found in code-projects Online Appointment Booking System 1.0. Impacted is an unknown function of the file /admin/deletemanager.php. The manipulation of the argument managername results in sql injection. The attack may be performed from... Read more
Affected Products : online_appointment_booking_system- Published: Dec. 19, 2025
- Modified: Dec. 24, 2025
- Vuln Type: Injection
-
7.2
HIGHCVE-2018-25131
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 contains a stored cross-site scripting vulnerability in the configuration file upload functionality. Attackers can upload a malicious HTML file to that executes arbitrary JavaScript in a user's browser se... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Cross-Site Scripting
-
7.2
HIGHCVE-2025-15138
A flaw has been found in prasathmani TinyFileManager up to 2.6. Affected by this issue is some unknown functionality of the file tinyfilemanager.php. This manipulation of the argument fullpath causes path traversal. Remote exploitation of the attack is po... Read more
Affected Products : tiny_file_manager- Published: Dec. 28, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Path Traversal
-
7.2
HIGHCVE-2025-13387
The Kadence WooCommerce Email Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the customer name in all versions up to, and including, 1.5.17 due to insufficient input sanitization and output escaping. This makes it possible ... Read more
Affected Products : kadence_woocommerce_email_designer- Published: Dec. 02, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Cross-Site Scripting
-
7.2
HIGHCVE-2025-13592
The Advanced Ads plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.0.14 via the 'change-ad__content' shortcode parameter. This allows authenticated attackers with editor-level permissions or above, to execute ... Read more
Affected Products : advanced_ads_-_ad_manager_\&_adsense- Published: Dec. 29, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Injection
-
7.2
HIGHCVE-2025-62578
DVP-12SE - Modbus/TCP Cleartext Transmission of Sensitive Information... Read more
Affected Products :- Published: Dec. 26, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Cryptography
-
7.2
HIGHCVE-2021-47732
CMSimple 5.2 contains a stored cross-site scripting vulnerability in the Filebrowser External input field that allows attackers to inject malicious JavaScript. Attackers can place unfiltered JavaScript code that executes when users click on Page or Files ... Read more
Affected Products : cmsimple- Published: Dec. 23, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Cross-Site Scripting
-
7.2
HIGHCVE-2025-15003
A vulnerability was found in SeaCMS up to 13.3. The impacted element is an unknown function of the file admin_video.php. Performing manipulation of the argument e_id results in sql injection. The attack is possible to be carried out remotely. The exploit ... Read more
Affected Products : seacms- Published: Dec. 22, 2025
- Modified: Dec. 30, 2025
- Vuln Type: Injection
-
7.1
HIGHCVE-2025-13353
In gokey versions <0.2.0, a flaw in the seed decryption logic resulted in passwords incorrectly being derived solely from the initial vector and the AES-GCM authentication tag of the key seed. This issue has been fixed in gokey version 0.2.0. This is... Read more
Affected Products : gokey- Published: Dec. 02, 2025
- Modified: Dec. 15, 2025
- Vuln Type: Cryptography