Latest CVE Feed
-
9.8
CRITICALCVE-2025-14653
A vulnerability was determined in itsourcecode Student Management System 1.0. Impacted is an unknown function of the file /addrecord.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit... Read more
Affected Products : student_management_system- Published: Dec. 14, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-36937
In AudioDecoder::HandleProduceRequest of audio_decoder.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed fo... Read more
Affected Products : android- Published: Dec. 11, 2025
- Modified: Dec. 15, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-14334
A flaw has been found in itsourcecode Student Management System 1.0. Affected is an unknown function of the file /new_adviser.php. Executing manipulation of the argument Name can lead to sql injection. The attack may be performed from remote. The exploit ... Read more
Affected Products : student_management_system- Published: Dec. 09, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-14337
A vulnerability was determined in itsourcecode Student Management System 1.0. This affects an unknown part of the file /new_grade.php. This manipulation of the argument grade causes sql injection. The attack can be initiated remotely. The exploit has been... Read more
Affected Products : student_management_system- Published: Dec. 09, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-67165
An Insecure Direct Object Reference (IDOR) in Pagekit CMS v1.0.18 allows attackers to escalate privileges.... Read more
Affected Products : pagekit- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2025-59385
An authentication bypass by spoofing vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to access resources which are not otherwise accessible without proper authentica... Read more
- Published: Dec. 16, 2025
- Modified: Dec. 17, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-67520
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tiny Solutions Media Library Tools media-library-tools allows SQL Injection.This issue affects Media Library Tools: from n/a through <= 1.6.15.... Read more
Affected Products : media_library_tools- Published: Dec. 09, 2025
- Modified: Dec. 11, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2024-14010
Typora 1.7.4 contains a command injection vulnerability in the PDF export preferences that allows attackers to execute arbitrary system commands. Attackers can inject malicious commands into the 'run command' input field during PDF export to achieve remot... Read more
Affected Products : typora- Published: Dec. 12, 2025
- Modified: Dec. 15, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-62863
Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 devices before 4.4.5.2, and AmpereOne M devices before 5.4.5.1 allow an incorrectly formed SMC call to UEFI-MM PCIe driver that could result in an out-of-bounds write within PCIe driver’s S-EL0 ... Read more
Affected Products :- Published: Dec. 16, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-64236
Authentication Bypass Using an Alternate Path or Channel vulnerability in AmentoTech Tuturn allows Authentication Abuse.This issue affects Tuturn: from n/a before 3.6.... Read more
Affected Products :- Published: Dec. 18, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-13583
A weakness has been identified in code-projects Question Paper Generator 1.0. This affects an unknown part of the file /signupscript.php of the component POST Parameter Handler. Executing manipulation of the argument Fname can lead to sql injection. The a... Read more
Affected Products : question_paper_generator- Published: Nov. 24, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-14156
The Fox LMS – WordPress LMS Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.5.1. This is due to the plugin not properly validating the 'role' parameter when creating new users via the `/fox-lms/v... Read more
Affected Products :- Published: Dec. 15, 2025
- Modified: Dec. 15, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-67073
A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload (field `serviceName... Read more
Affected Products :- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-13764
The WP CarDealer plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.16. This is due to the 'WP_CarDealer_User::process_register' function not restricting what user roles a user can register with. This make... Read more
Affected Products :- Published: Dec. 11, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-65826
The mobile application was found to contain stored credentials for the network it was developed on. If an attacker retrieved this, and found the physical location of the Wi-Fi network, they could gain unauthorized access to the Wi-Fi network of the vendor... Read more
Affected Products :- Published: Dec. 10, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Information Disclosure
-
9.8
CRITICALCVE-2022-23851
Netaxis API Orchestrator (APIO) before 0.19.3 allows server side template injection (SSTI).... Read more
Affected Products :- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-65834
Meltytech Shotcut 25.10.31 is vulnerable to Buffer Overflow. A memory access violation occurs when processing MLT project files with manipulated width and height parameters. By setting these values to extremely large numbers, the application attempts to a... Read more
Affected Products :- Published: Dec. 16, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-14514
A flaw has been found in Campcodes Supplier Management System 1.0. Affected is an unknown function of the file /admin/add_distributor.php. This manipulation of the argument txtDistributorAddress causes sql injection. The attack can be initiated remotely. ... Read more
Affected Products : supplier_management_system- Published: Dec. 11, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-14640
A flaw has been found in code-projects Student File Management System 1.0. The affected element is an unknown function of the file /admin/save_student.php. Executing manipulation of the argument stud_no can lead to sql injection. The attack may be launche... Read more
Affected Products : student_file_management_system- Published: Dec. 14, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-62864
Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 devices before 4.4.5.2, and AmpereOne M devices before 5.4.5.1 allow an incorrectly formed SMC call to UEFI-MM MMCommunicate service that could result in an out-of-bounds write within the UEFI-M... Read more
Affected Products :- Published: Dec. 16, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Memory Corruption