Latest CVE Feed
-
8.8
HIGHCVE-2024-13995
Nagios XI versions prior to 2024R1.1.2 may (confirmed in 2024R1.1 and 2024R1.1.1) disclose sensitive user account information (including API keys and hashed passwords) to authenticated users who should not have access to that data. Exposure of API keys or... Read more
- Published: Oct. 30, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Information Disclosure
-
8.8
HIGHCVE-2025-64109
Cursor is a code editor built for programming with AI. In versions and below, a vulnerability in the Cursor CLI Beta allowed an attacker to achieve remote code execution through the MCP (Model Context Protocol) server mechanism by uploading a malicious MC... Read more
Affected Products : cursor- Published: Nov. 05, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Misconfiguration
-
8.8
HIGHCVE-2025-8052
SQL Injection vulnerability in opentext Flipper allows SQL Injection. The vulnerability could allow a low privilege user to interact with the database in unintended ways and extract data by interacting with the HQL processor. This issue affects Flipper... Read more
Affected Products : flipper- Published: Oct. 20, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-62962
Cross-Site Request Forgery (CSRF) vulnerability in Andrea Landonio CloudSearch cloud-search allows Stored XSS.This issue affects CloudSearch: from n/a through <= 3.0.0.... Read more
Affected Products :- Published: Oct. 27, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Cross-Site Request Forgery
-
8.8
HIGHCVE-2025-11756
Use after free in Safe Browsing in Google Chrome prior to 141.0.7390.107 allowed a remote attacker who had compromised the renderer process to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)... Read more
- Published: Nov. 06, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2013-10073
Nagios XI versions prior to 2012R1.6 contain a shell command injection vulnerability in the Auto-Discovery tool. User-controlled input is passed to a shell without adequate sanitation or argument quoting, allowing an authenticated user with access to disc... Read more
- Published: Oct. 30, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-11905
A vulnerability was found in yanyutao0402 ChanCMS up to 3.3.2. This vulnerability affects the function getArticle of the file app\modules\cms\controller\gather.js. The manipulation results in code injection. The attack may be launched remotely. The exploi... Read more
Affected Products : chancms- Published: Oct. 17, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-64140
Jenkins Azure CLI Plugin 0.9 and earlier does not restrict which commands it executes on the Jenkins controller, allowing attackers with Item/Configure permission to execute arbitrary shell commands.... Read more
Affected Products :- Published: Oct. 29, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2020-36867
Nagios XI versions prior to 5.7.3 contain a command injection vulnerability in the report PDF download/export functionality. User-supplied values used in the PDF generation pipeline or the wrapper that invokes offline/pdf helper utilities were insufficien... Read more
- Published: Oct. 30, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-11724
The EM Beer Manager plugin for WordPress is vulnerable to arbitrary file upload leading to remote code execution in all versions up to, and including, 3.2.3. This is due to missing file type validation in the EMBM_Admin_Untappd_Import_image() function and... Read more
Affected Products :- Published: Nov. 04, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Authentication
-
8.8
HIGHCVE-2025-61196
An issue in BusinessNext CRMnext v.10.8.3.0 allows a remote attacker to execute arbitrary code via the comments input parameter.... Read more
Affected Products :- Published: Oct. 30, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-64184
Dosage is a comic strip downloader and archiver. When downloading comic images in versions 3.1 and below, Dosage constructs target file names from different aspects of the remote comic (page URL, image URL, page content, etc.). While the basename is prope... Read more
Affected Products :- Published: Nov. 07, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Path Traversal
-
8.8
HIGHCVE-2025-9428
Zohocorp ManageEngine Analytics Plus versions 6171 and prior are vulnerable to authenticated SQL Injection via the key update api.... Read more
Affected Products : manageengine_analytics_plus- Published: Oct. 21, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2024-14006
Nagios XI versions prior to 2024R1.2.2 contain a host header injection vulnerability. The application trusts the user-supplied HTTP Host header when constructing absolute URLs without sufficient validation. An unauthenticated, remote attacker can supply a... Read more
- Published: Oct. 30, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-10680
OpenVPN 2.7_alpha1 through 2.7_beta1 on POSIX based platforms allows a remote authenticated server to inject shell commands via DNS variables when --dns-updown is in use... Read more
Affected Products : openvpn- Published: Oct. 24, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-36361
IBM App Connect Enterprise 13.0.1.0 through 13.0.4.2, and 12.0.1.0 through 12.0.12.17 could allow an authenticated user to perform unauthorized actions on customer defined resources due to missing authorization.... Read more
Affected Products : app_connect_enterprise- Published: Oct. 24, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Authorization
-
8.8
HIGHCVE-2025-11909
A weakness has been identified in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. The impacted element is the function queryLast of the file /RepairRecord.do?Action=QueryLast. Executing manipulation of the argument orderField can lead to sql injection... Read more
Affected Products : streamax_crocus- Published: Oct. 17, 2025
- Modified: Oct. 31, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-11908
A security flaw has been discovered in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. The affected element is the function uploadFile of the file /FileDir.do?Action=Upload. Performing manipulation of the argument File results in unrestricted upload. ... Read more
Affected Products : streamax_crocus- Published: Oct. 17, 2025
- Modified: Oct. 31, 2025
- Vuln Type: Misconfiguration
-
8.8
HIGHCVE-2025-27074
Memory corruption while processing a GP command response.... Read more
- Published: Nov. 04, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-62496
A vulnerability exists in the QuickJS engine's BigInt string parsing logic (js_bigint_from_string) when attempting to create a BigInt from a string with an excessively large number of digits. The function calculates the necessary number of bits (n_bits) ... Read more
Affected Products : quickjs- Published: Oct. 16, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Memory Corruption