Latest CVE Feed
-
9.8
CRITICALCVE-2025-34271
Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the cluster manager component when requesting sensitive credentials from peer nodes over an unencrypted channel even when SSL/TLS is enabled in the product configuration. As a resul... Read more
Affected Products : log_server- Published: Oct. 30, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Information Disclosure
-
9.8
CRITICALCVE-2025-53252
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in zozothemes Zegen zegen allows PHP Local File Inclusion.This issue affects Zegen: from n/a through <= 1.1.9.... Read more
Affected Products : zegen- Published: Nov. 06, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Path Traversal
-
9.8
CRITICALCVE-2025-11499
The Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the set_featured_image_from_external_url() function in all versions up to... Read more
Affected Products :- Published: Nov. 01, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Misconfiguration
-
9.8
CRITICALCVE-2025-12617
A flaw has been found in itsourcecode Billing System 1.0. This affects an unknown function of the file /admin/app/login_crud.php. Executing manipulation of the argument Password can lead to sql injection. It is possible to launch the attack remotely. The ... Read more
Affected Products : billing_system- Published: Nov. 03, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-61304
OS command injection vulnerability in Dynatrace ActiveGate ping extension up to 1.016 via crafted ip address.... Read more
Affected Products :- Published: Nov. 05, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-12619
A vulnerability was found in Tenda A15 15.13.07.13. Affected is the function fromSetWirelessRepeat of the file /goform/openNetworkGateway. The manipulation of the argument wpapsk_crypto2_4g results in buffer overflow. The attack can be launched remotely. ... Read more
- Published: Nov. 03, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-12597
A vulnerability was detected in SourceCodester Best House Rental Management System 1.0. Affected by this vulnerability is the function save_category of the file /admin_class.php. Performing manipulation of the argument Name results in sql injection. The a... Read more
Affected Products : best_house_rental_management_system- Published: Nov. 02, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-12595
A weakness has been identified in Tenda AC23 16.03.07.52. This impacts the function formSetVirtualSer of the file /goform/SetVirtualServerCfg. This manipulation of the argument list causes buffer overflow. It is possible to initiate the attack remotely. T... Read more
- Published: Nov. 02, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-6520
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Abis Technology BAPSIS allows Blind SQL Injection.This issue affects BAPSIS: before 202510271606.... Read more
Affected Products : bapsis- Published: Oct. 31, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-13485
A security flaw has been discovered in itsourcecode Online File Management System 1.0. This issue affects some unknown processing of the file /ajax.php?action=login. The manipulation of the argument Username results in sql injection. The attack may be lau... Read more
Affected Products : file_management_system- Published: Nov. 21, 2025
- Modified: Nov. 24, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-12608
A security flaw has been discovered in itsourcecode Online Loan Management System 1.0. The affected element is an unknown function of the file /manage_user.php. Performing manipulation of the argument ID results in sql injection. The attack is possible to... Read more
Affected Products : online_loan_management_system- Published: Nov. 03, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-12682
The Easy Upload Files During Checkout plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing file type validation in the 'file_during_checkout' function in all versions up to, and including, 2.9.8. This makes it possible fo... Read more
Affected Products :- Published: Nov. 04, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Misconfiguration
-
9.8
CRITICALCVE-2025-12606
A vulnerability was determined in itsourcecode Online Loan Management System 1.0. This issue affects some unknown processing of the file /manage_borrower.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is ... Read more
Affected Products : online_loan_management_system- Published: Nov. 03, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-64281
An Authentication Bypass issue in CentralSquare Community Development 19.5.7 allows attackers to access the admin panel without admin credentials.... Read more
Affected Products :- Published: Nov. 12, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-8900
The Doccure Core plugin for WordPress is vulnerable to privilege escalation in versions up to, and excluding, 1.5.4. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'user_type' field. This ma... Read more
Affected Products :- Published: Nov. 03, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2025-12602
/etc/avahi/services/z9.service can be Arbitrarily Written.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.... Read more
- Published: Nov. 01, 2025
- Modified: Nov. 07, 2025
- Vuln Type: Path Traversal
-
9.8
CRITICALCVE-2025-12930
A vulnerability has been found in SourceCodester Food Ordering System 1.0. Affected is an unknown function of the file /view-ticket.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploi... Read more
Affected Products : food_ordering_system- Published: Nov. 10, 2025
- Modified: Nov. 18, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-64446
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative comm... Read more
Affected Products : fortiweb- Actively Exploited
- Published: Nov. 14, 2025
- Modified: Nov. 21, 2025
- Vuln Type: Path Traversal
-
9.8
CRITICALCVE-2025-8489
The King Addons for Elementor – Free Elements, Widgets, Templates, and Features for Elementor plugin for WordPress is vulnerable to privilege escalation in versions 24.12.92 to 51.1.14 . This is due to the plugin not properly restricting the roles that us... Read more
Affected Products :- Published: Oct. 31, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2025-60245
Deserialization of Untrusted Data vulnerability in WP User Manager WP User Manager wp-user-manager allows Object Injection.This issue affects WP User Manager: from n/a through <= 2.9.12.... Read more
Affected Products : wp_user_manager- Published: Nov. 06, 2025
- Modified: Nov. 17, 2025
- Vuln Type: Injection