Latest CVE Feed
-
9.8
CRITICALCVE-2025-15434
A vulnerability was detected in Yonyou KSOA 9.0. Affected is an unknown function of the file /kp/PrintZPYG.jsp. The manipulation of the argument zpjhid results in sql injection. It is possible to launch the attack remotely. The exploit is now public and m... Read more
Affected Products : ksoa- Published: Jan. 02, 2026
- Modified: Jan. 07, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-15211
A flaw has been found in code-projects Refugee Food Management System 1.0. Impacted is an unknown function of the file /home/refugee.php. Executing manipulation of the argument refNo/Fname/Lname/sex/age/contact/nationality_nid can lead to sql injection. T... Read more
Affected Products : refugee_food_management_system- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-60534
Blue Access Cobalt v02.000.195 suffers from an authentication bypass vulnerability, which allows an attacker to selectively proxy requests in order to operate functionality on the web application without the need to authenticate with legitimate credential... Read more
Affected Products :- Published: Jan. 06, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-14500
IceWarp14 X-File-Operation Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IceWarp. Authentication is not required to exploit this vulnerability. The... Read more
Affected Products : icewarp- Published: Dec. 23, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-33223
NVIDIA Isaac Launchable contains a vulnerability where an attacker could cause an execution with unnecessary privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, information disc... Read more
Affected Products : isaac_launchable- Published: Dec. 23, 2025
- Modified: Jan. 15, 2026
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2026-22189
Panda3D versions up to and including 1.10.16 egg-mkfont contains a stack-based buffer overflow vulnerability due to use of an unbounded sprintf() call with attacker-controlled input. When constructing glyph filenames, egg-mkfont formats a user-supplied gl... Read more
Affected Products : panda3d- Published: Jan. 07, 2026
- Modified: Jan. 12, 2026
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-15208
A security flaw has been discovered in code-projects Refugee Food Management System 1.0. Affected by this issue is some unknown functionality of the file /home/editrefugee.php. The manipulation of the argument rfid results in sql injection. The attack can... Read more
Affected Products : refugee_food_management_system- Published: Dec. 29, 2025
- Modified: Jan. 07, 2026
- Vuln Type: Injection
-
9.8
CRITICALCVE-2023-53980
ProjectSend r1605 contains a remote code execution vulnerability that allows attackers to upload malicious files by manipulating file extensions. Attackers can upload shell scripts with disguised extensions through the upload.process.php endpoint to execu... Read more
Affected Products : projectsend- Published: Dec. 22, 2025
- Modified: Dec. 26, 2025
- Vuln Type: Misconfiguration
-
9.8
CRITICALCVE-2019-25249
devolo dLAN 500 AV Wireless+ 3.1.0-1 contains an authentication bypass vulnerability that allows attackers to enable hidden services through the htmlmgr CGI script. Attackers can enable telnet and remote shell services, reboot the device, and gain root ac... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-14960
A security vulnerability has been detected in code-projects Simple Blood Donor Management System 1.0. Impacted is an unknown function of the file /editeddonor.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the at... Read more
Affected Products : simple_blood_donor_management_system- Published: Dec. 19, 2025
- Modified: Dec. 30, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-67913
Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Aruba HiSpeed Cache: from n/a through < 3.0.3.... Read more
Affected Products : aruba_hispeed_cache- Published: Jan. 08, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2025-51511
Cadmium CMS v.0.4.9 has a background arbitrary file upload vulnerability in /admin/content/filemanager/uploads.... Read more
Affected Products : cadmium_cms- Published: Dec. 23, 2025
- Modified: Jan. 06, 2026
- Vuln Type: Misconfiguration
-
9.8
CRITICALCVE-2025-15385
Insufficient Verification of Data Authenticity vulnerability in TECNO Mobile com.Afmobi.Boomplayer allows Authentication Bypass.This issue affects com.Afmobi.Boomplayer: 7.4.63.... Read more
Affected Products :- Published: Jan. 06, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-65212
An issue was discovered in NJHYST HY511 POE core before 2.1 and plugins before 0.1. The vulnerability stems from the device's insufficient cookie verification, allowing an attacker to directly request the configuration file address and download the core c... Read more
Affected Products :- Published: Jan. 06, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-14989
A vulnerability was identified in Campcodes Complete Online Beauty Parlor Management System 1.0. This issue affects some unknown processing of the file /admin/search-invoices.php. Such manipulation leads to sql injection. The attack can be launched remote... Read more
- Published: Dec. 21, 2025
- Modified: Dec. 30, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-67706
ArcGIS Server version 11.5 and earlier on Windows and Linux does not properly validate uploaded files file, which allows remote attackers to upload arbitrary files.... Read more
- Published: Dec. 31, 2025
- Modified: Jan. 06, 2026
- Vuln Type: Misconfiguration
-
9.8
CRITICALCVE-2025-67707
ArcGIS Server version 11.5 and earlier on Windows and Linux does not properly validate uploaded files file, which allows remote attackers to upload arbitrary files.... Read more
- Published: Dec. 31, 2025
- Modified: Jan. 06, 2026
- Vuln Type: Misconfiguration
-
9.8
CRITICALCVE-2018-25154
GNU Barcode 0.99 contains a buffer overflow vulnerability in its code 93 encoding process that allows attackers to trigger memory corruption. Attackers can exploit boundary errors during input file processing to potentially execute arbitrary code on the a... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-68990
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in xenioushk BWL Pro Voting Manager bwl-pro-voting-manager allows Blind SQL Injection.This issue affects BWL Pro Voting Manager: from n/a through <= 1.4.9.... Read more
Affected Products :- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2019-25296
The WP Cost Estimation plugin for WordPress is vulnerable to arbitrary file uploads and deletion due to missing file type validation in the lfb_upload_form and lfb_removeFile AJAX actions in versions up to, and including, 9.642. This makes it possible for... Read more
Affected Products :- Published: Jan. 08, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Misconfiguration