Latest CVE Feed
-
7.2
HIGHCVE-2025-14837
A vulnerability has been found in ZZCMS 2025. Affected by this issue is the function stripfxg of the file /admin/siteconfig.php of the component Backend Website Settings Module. Such manipulation of the argument icp leads to code injection. The attack can... Read more
Affected Products : zzcms- Published: Dec. 18, 2025
- Modified: Dec. 30, 2025
- Vuln Type: Injection
-
7.2
HIGHCVE-2025-15143
A security flaw has been discovered in EyouCMS up to 1.7.6. The affected element is an unknown function of the file /application/admin/logic/FilemanagerLogic.php of the component Backend Template Management. The manipulation of the argument content result... Read more
Affected Products : eyoucms- Published: Dec. 28, 2025
- Modified: Dec. 30, 2025
- Vuln Type: Injection
-
7.2
HIGHCVE-2022-50787
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x contains an unauthenticated stored cross-site scripting vulnerability in the username parameter that allows attackers to inject malicious scripts. Attackers can exploit the unvalidated username input to execute a... Read more
Affected Products :- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Cross-Site Scripting
-
7.2
HIGHCVE-2025-62578
DVP-12SE - Modbus/TCP Cleartext Transmission of Sensitive Information... Read more
Affected Products :- Published: Dec. 26, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Cryptography
-
7.2
HIGHCVE-2025-2515
A vulnerability was found in BlueChi, a multi-node systemd service controller used in RHIVOS. This flaw allows a user with root privileges on a managed node (qm) to create or override systemd service unit files that affect the host node. This issue can le... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Misconfiguration
-
7.2
HIGHCVE-2025-15138
A flaw has been found in prasathmani TinyFileManager up to 2.6. Affected by this issue is some unknown functionality of the file tinyfilemanager.php. This manipulation of the argument fullpath causes path traversal. Remote exploitation of the attack is po... Read more
Affected Products : tiny_file_manager- Published: Dec. 28, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Path Traversal
-
7.2
HIGHCVE-2025-15003
A vulnerability was found in SeaCMS up to 13.3. The impacted element is an unknown function of the file admin_video.php. Performing manipulation of the argument e_id results in sql injection. The attack is possible to be carried out remotely. The exploit ... Read more
Affected Products : seacms- Published: Dec. 22, 2025
- Modified: Dec. 30, 2025
- Vuln Type: Injection
-
7.2
HIGHCVE-2025-13387
The Kadence WooCommerce Email Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the customer name in all versions up to, and including, 1.5.17 due to insufficient input sanitization and output escaping. This makes it possible ... Read more
Affected Products : kadence_woocommerce_email_designer- Published: Dec. 02, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Cross-Site Scripting
-
7.2
HIGHCVE-2025-14939
A vulnerability was found in code-projects Online Appointment Booking System 1.0. Impacted is an unknown function of the file /admin/deletemanager.php. The manipulation of the argument managername results in sql injection. The attack may be performed from... Read more
Affected Products : online_appointment_booking_system- Published: Dec. 19, 2025
- Modified: Dec. 24, 2025
- Vuln Type: Injection
-
7.2
HIGHCVE-2018-25131
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 contains a stored cross-site scripting vulnerability in the configuration file upload functionality. Attackers can upload a malicious HTML file to that executes arbitrary JavaScript in a user's browser se... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Cross-Site Scripting
-
7.2
HIGHCVE-2025-13700
DreamFactory saveZipFile Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of DreamFactory. Authentication is required to exploit this vulnerability. The ... Read more
Affected Products :- Published: Dec. 23, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Injection
-
7.2
HIGHCVE-2025-14509
The Lucky Wheel for WooCommerce – Spin a Sale plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.1.13. This is due to the plugin using eval() to execute user-supplied input from the 'Conditional Tags' setting ... Read more
Affected Products :- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Injection
-
7.2
HIGHCVE-2021-47732
CMSimple 5.2 contains a stored cross-site scripting vulnerability in the Filebrowser External input field that allows attackers to inject malicious JavaScript. Attackers can place unfiltered JavaScript code that executes when users click on Page or Files ... Read more
Affected Products : cmsimple- Published: Dec. 23, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2025-68861
Missing Authorization vulnerability in Plugin Optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Plugin Optimizer: from n/a through 1.3.7.... Read more
Affected Products :- Published: Dec. 29, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Authorization
-
7.1
HIGHCVE-2018-25146
Microhard Systems IPn4G 1.1.0 contains an undocumented vulnerability that allows authenticated attackers to list and manipulate running system processes. Attackers can send arbitrary signals to kill background processes and system services through a hidde... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Authorization
-
7.1
HIGHCVE-2019-25256
VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers to access arbitrary system files through unvalidated 'ID' parameters. Attackers can exploit multiple Perl scripts like downloadsy... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Path Traversal
-
7.1
HIGHCVE-2018-25145
Microhard Systems IPn4G 1.1.0 contains a configuration file disclosure vulnerability that allows authenticated attackers to download sensitive system configuration files. Attackers can retrieve configuration files from multiple directories including '/www... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Information Disclosure
-
7.1
HIGHCVE-2025-66445
Authorization bypass vulnerability in Hitachi Infrastructure Analytics Advisor (Data Center Analytics component) and Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).This issue affects Hitachi Infrastructure Analytics Adviso... Read more
- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Authorization
-
7.1
HIGHCVE-2025-68878
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Prasadkirpekar Advanced Custom CSS allows Reflected XSS.This issue affects Advanced Custom CSS: from n/a through 1.1.0.... Read more
Affected Products :- Published: Dec. 29, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2025-68876
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in INVELITY Invelity SPS connect allows Reflected XSS.This issue affects Invelity SPS connect: from n/a through 1.0.8.... Read more
Affected Products :- Published: Dec. 29, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Cross-Site Scripting