Latest CVE Feed
-
8.8
HIGHCVE-2025-13757
SQL Injection vulnerability in last usage logs in Devolutions Server.This issue affects Devolutions Server: through 2025.2.20, through 2025.3.8.... Read more
Affected Products : devolutions_server- Published: Nov. 27, 2025
- Modified: Dec. 03, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-66294
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a Server-Side Template Injection (SSTI) vulnerability exists in Grav that allows authenticated attackers with editor permissions to execute arbitrary commands on the server and, under certain cond... Read more
- Published: Dec. 01, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2019-25246
Beward N100 H.264 VGA IP Camera M2.1.6 contains an authenticated file disclosure vulnerability that allows attackers to read arbitrary system files via the 'READ.filePath' parameter. Attackers can exploit the fileread script or SendCGICMD API to access se... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 24, 2025
- Vuln Type: Information Disclosure
-
8.8
HIGHCVE-2019-25245
Ross Video DashBoard 8.5.1 contains an elevation of privileges vulnerability that allows authenticated users to modify executable files due to improper permission settings. Attackers can exploit the 'M' or 'C' flags for 'Authenticated Users' group to repl... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 24, 2025
- Vuln Type: Misconfiguration
-
8.8
HIGHCVE-2025-13065
The Starter Templates plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 4.4.41. This is due to insufficient file type validation detecting WXR files, allowing double extension files to bypass sanitization wh... Read more
Affected Products :- Published: Dec. 06, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Authentication
-
8.8
HIGHCVE-2025-44016
A vulnerability in TeamViewer DEX Client (former 1E client) - Content Distribution Service (NomadBranch.exe) prior version 25.11 for Windows allows malicious actors to bypass file integrity validation via a crafted request. By providing a valid hash for a... Read more
Affected Products :- Published: Dec. 11, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Misconfiguration
-
8.8
HIGHCVE-2025-66918
edoc-doctor-appointment-system v1.0.1 is vulnerable to Cross Site Scripting (XSS) in admin/add-session.php via the "title" parameter.... Read more
Affected Products : edoc-doctor-appointment-system- Published: Dec. 11, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Cross-Site Scripting
-
8.8
HIGHCVE-2019-25243
FaceSentry 6.4.8 contains an authenticated remote command injection vulnerability in pingTest.php and tcpPortTest.php scripts. Attackers can exploit unsanitized input parameters to inject and execute arbitrary shell commands with root privileges by manipu... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 24, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-66360
An issue was discovered in Logpoint before 7.7.0. An improperly configured access control policy exposes sensitive Logpoint internal service (Redis) information to li-admin users. This can lead to privilege escalation.... Read more
Affected Products : siem- Published: Nov. 28, 2025
- Modified: Dec. 03, 2025
- Vuln Type: Authorization
-
8.8
HIGHCVE-2025-13214
IBM Aspera Orchestrator 4.0.0 through 4.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.... Read more
- Published: Dec. 11, 2025
- Modified: Dec. 15, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-56088
OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the action_service in file /usr/lib/lua/luci/controller/admin/service.lua.... Read more
Affected Products :- Published: Dec. 11, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2018-25148
Microhard Systems IPn4G 1.1.0 contains multiple authenticated remote code execution vulnerabilities in the admin interface that allow attackers to create crontab jobs and modify system startup scripts. Attackers can exploit hidden admin features to execut... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 24, 2025
- Vuln Type: Authentication
-
8.8
HIGHCVE-2025-13638
Use after free in Media Stream in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)... Read more
- Published: Dec. 02, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-66429
An issue was discovered in cPanel 110 through 132. A directory traversal vulnerability within the Team Manager API allows for overwrite of an arbitrary file. This can allow for privilege escalation to the root user.... Read more
Affected Products : cpanel- Published: Dec. 11, 2025
- Modified: Dec. 15, 2025
- Vuln Type: Path Traversal
-
8.8
HIGHCVE-2025-13536
The Blubrry PowerPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, and including, 11.15.2. This is due to the plugin validating file extensions but not halting execution when... Read more
Affected Products : powerpress- Published: Nov. 27, 2025
- Modified: Dec. 01, 2025
- Vuln Type: Authentication
-
8.8
HIGHCVE-2025-12744
A flaw was found in the ABRT daemon’s handling of user-supplied mount information.ABRT copies up to 12 characters from an untrusted input and places them directly into a shell command (docker inspect %s) without proper validation. An unprivileged local us... Read more
Affected Products : automatic_bug_reporting_tool- Published: Dec. 03, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2023-53956
Flatnux 2021-03.25 contains an authenticated file upload vulnerability that allows administrative users to upload arbitrary PHP files through the file manager. Attackers with admin credentials can upload malicious PHP scripts to the web root directory, en... Read more
Affected Products :- Published: Dec. 19, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Authentication
-
8.8
HIGHCVE-2025-65471
An arbitrary file upload vulnerability in the /admin/manager.php component of EasyImages 2.0 v2.8.6 and below allows attackers to execute arbitrary code via uploading a crafted PHP file.... Read more
Affected Products : easyimages2.0- Published: Dec. 11, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Misconfiguration
-
8.8
HIGHCVE-2025-13094
The WP3D Model Import Viewer plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handle_import_file() function in all versions up to, and including, 1.0.7. This makes it possible for authenticated attack... Read more
Affected Products :- Published: Dec. 13, 2025
- Modified: Dec. 15, 2025
- Vuln Type: Authentication
-
8.8
HIGHCVE-2025-33208
NVIDIA TAO contains a vulnerability where an attacker may cause a resource to be loaded via an uncontrolled search path. A successful exploit of this vulnerability may lead to escalation of privileges, data tampering, denial of service, information disclo... Read more
Affected Products :- Published: Dec. 03, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Path Traversal