Latest CVE Feed
-
8.8
HIGHCVE-2025-62933
Cross-Site Request Forgery (CSRF) vulnerability in Prakash Awesome Testimonials awesome-testimonials allows Stored XSS.This issue affects Awesome Testimonials: from n/a through <= 2.2.1.... Read more
Affected Products :- Published: Oct. 27, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Cross-Site Request Forgery
-
8.8
HIGHCVE-2025-12486
Heimdall Data Database Proxy Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Heimdall Data Database Proxy. Minimal user interaction is required to ... Read more
Affected Products :- Published: Nov. 06, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Cross-Site Scripting
-
8.8
HIGHCVE-2025-24299
Improper input validation for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity at... Read more
Affected Products : computing_improvement_program- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Authorization
-
8.8
HIGHCVE-2025-24838
Improper privilege management for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexit... Read more
Affected Products : computing_improvement_program- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Authorization
-
8.8
HIGHCVE-2025-47773
Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site scripting when a dashboard is edited via an AJAX call. Versions 2.7.13 and 3.2.2 protect rendered HTML content.... Read more
Affected Products : itop- Published: Nov. 10, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Cross-Site Scripting
-
8.8
HIGHCVE-2022-50591
Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘ztp_config_id’ parameter to t... Read more
Affected Products : iview- Published: Nov. 06, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Authentication
-
8.8
HIGHCVE-2025-12347
A flaw has been found in MaxSite CMS up to 109. This issue affects some unknown processing of the file application/maxsite/admin/plugins/editor_files/save-file-ajax.php. Executing manipulation of the argument file_path/content can lead to unrestricted upl... Read more
- Published: Oct. 28, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Misconfiguration
-
8.8
HIGHCVE-2025-47932
Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site scripting when a dashboard is rendered via an AJAX call. Versions 2.7.13 and 3.2.2 sanitize the var responsible for the attack.... Read more
Affected Products : itop- Published: Nov. 10, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Cross-Site Scripting
-
8.8
HIGHCVE-2025-12432
Race in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more
- Published: Nov. 10, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-12727
Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more
- Published: Nov. 10, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-11905
A vulnerability was found in yanyutao0402 ChanCMS up to 3.3.2. This vulnerability affects the function getArticle of the file app\modules\cms\controller\gather.js. The manipulation results in code injection. The attack may be launched remotely. The exploi... Read more
Affected Products : chancms- Published: Oct. 17, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-49924
Incorrect Privilege Assignment vulnerability in Josh Kohlbach Wholesale Suite woocommerce-wholesale-prices allows Privilege Escalation.This issue affects Wholesale Suite: from n/a through <= 2.2.4.2.... Read more
Affected Products : wholesale_suite- Published: Oct. 22, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Authorization
-
8.8
HIGHCVE-2025-12263
A vulnerability was identified in code-projects Online Event Judging System 1.0. Affected is an unknown function of the file /edit_judge.php. The manipulation of the argument judge_id leads to sql injection. The attack may be initiated remotely. The explo... Read more
- Published: Oct. 27, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-11702
GitLab has remediated an issue in EE affecting all versions from 17.1 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker with specific permissions to hijack project runners from other projects.... Read more
Affected Products : gitlab- Published: Oct. 29, 2025
- Modified: Nov. 03, 2025
- Vuln Type: Authorization
-
8.8
HIGHCVE-2025-9164
Docker Desktop Installer.exe is vulnerable to DLL hijacking due to insecure DLL search order. The installer searches for required DLLs in the user's Downloads folder before checking system directories, allowing local privilege escalation through malicious... Read more
Affected Products : docker_desktop- Published: Oct. 27, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Misconfiguration
-
8.8
HIGHCVE-2025-12254
A vulnerability was identified in code-projects Online Event Judging System 1.0. Affected by this issue is some unknown functionality of the file /add_judge.php. Such manipulation of the argument fullname leads to sql injection. The attack may be launched... Read more
- Published: Oct. 27, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-48078
Cross-Site Request Forgery (CSRF) vulnerability in Norbert Slick Google Map slick-google-map allows Stored XSS.This issue affects Slick Google Map: from n/a through <= 0.3.... Read more
Affected Products :- Published: Nov. 06, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Cross-Site Request Forgery
-
8.8
HIGHCVE-2025-64108
Cursor is a code editor built for programming with AI. In versions 1.7.44 and below, various NTFS path quirks allow a prompt injection attacker to circumvent sensitive file protections and overwrite files which Cursor requires human approval to overwrite.... Read more
Affected Products : cursor- Published: Nov. 04, 2025
- Modified: Nov. 10, 2025
- Vuln Type: Path Traversal
-
8.8
HIGHCVE-2025-11909
A weakness has been identified in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. The impacted element is the function queryLast of the file /RepairRecord.do?Action=QueryLast. Executing manipulation of the argument orderField can lead to sql injection... Read more
Affected Products : streamax_crocus- Published: Oct. 17, 2025
- Modified: Oct. 31, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-12256
A weakness has been identified in code-projects Online Event Judging System 1.0. This vulnerability affects unknown code of the file /edit_contestant.php. Executing manipulation of the argument contestant_id can lead to sql injection. The attack can be ex... Read more
- Published: Oct. 27, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Injection