Latest CVE Feed
-
8.6
HIGHCVE-2025-55221
A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP USB Function functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted network packet can lead to a denial of service. An attacker can send an unauthenticated... Read more
- Published: Dec. 01, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Denial of Service
-
8.6
HIGHCVE-2025-64298
NMIS/BioDose V22.02 and previous version installations where the embedded Microsoft SQLServer Express is used are exposed in the Windows share accessed by clients in networked installs. By default, this directory has insecure directory paths that allow ac... Read more
Affected Products :- Published: Dec. 02, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Misconfiguration
-
8.6
HIGHCVE-2025-34297
KissFFT versions prior to the fix commit 1b083165 contain an integer overflow in kiss_fft_alloc() in kiss_fft.c on platforms where size_t is 32-bit. The nfft parameter is not validated before being used in a size calculation (sizeof(kiss_fft_cpx) * (nfft ... Read more
Affected Products :- Published: Dec. 01, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Memory Corruption
-
8.5
HIGHCVE-2025-34416
MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIPO.DLL from its installation directory without sufficient integri... Read more
Affected Products : mailenable- Published: Dec. 10, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Misconfiguration
-
8.5
HIGHCVE-2025-63526
A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System within the abs.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious ... Read more
Affected Products : blood_bank_management_system- Published: Dec. 01, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Cross-Site Scripting
-
8.5
HIGHCVE-2025-14443
A flaw was found in ose-openshift-apiserver. This vulnerability allows internal network enumeration, service discovery, limited information disclosure, and potential denial-of-service (DoS) through Server-Side Request Forgery (SSRF) due to missing IP addr... Read more
Affected Products :- Published: Dec. 16, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Server-Side Request Forgery
-
8.5
HIGHCVE-2025-63527
A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the updateprofile.php and hprofile.php components. The application fails to properly sanitize or encode user-supplied input before rendering it in response. A... Read more
Affected Products : blood_bank_management_system- Published: Dec. 01, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Cross-Site Scripting
-
8.5
HIGHCVE-2025-66300
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A low privilege user account with page editing privilege can read any server files using "Frontmatter" form. This includes Grav user account files (/grav/user/accounts/*.yaml), which store hashed ... Read more
- Published: Dec. 01, 2025
- Modified: Dec. 03, 2025
- Vuln Type: Information Disclosure
-
8.5
HIGHCVE-2025-63533
A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the updateprofile.php and rprofile.php components. The application fails to properly sanitize or encode user-supplied input before rendering it in response. A... Read more
Affected Products : blood_bank_management_system- Published: Dec. 01, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Cross-Site Scripting
-
8.5
HIGHCVE-2025-63534
A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the login.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject mali... Read more
Affected Products : blood_bank_management_system- Published: Dec. 01, 2025
- Modified: Dec. 03, 2025
- Vuln Type: Cross-Site Scripting
-
8.5
HIGHCVE-2025-66412
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 21.0.2, 20.3.15, and 19.2.17, A Stored Cross-Site Scripting (XSS) vulnerability has been identified in the Angular... Read more
Affected Products : angular- Published: Dec. 01, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Cross-Site Scripting
-
8.5
HIGHCVE-2020-36879
Flexsense DiskBoss 11.7.28 allows unauthenticated attackers to elevate their privileges using any of its services, enabling remote code execution during startup or reboot with escalated privileges. Attackers can exploit the unquoted service path vulnerabi... Read more
- Published: Dec. 05, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Authentication
-
8.5
HIGHCVE-2024-58278
perl2exe <= V30.10C contains an arbitrary code execution vulnerability that allows local authenticated attackers to execute malicious scripts. Attackers can control the 0th argument of packed executables to execute another executable, allowing them to byp... Read more
Affected Products :- Published: Dec. 04, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Authentication
-
8.5
HIGHCVE-2025-59373
A local privilege escalation vulnerability exists in the restore mechanism of ASUS System Control Interface. It can be triggered when an unprivileged actor copies files without proper validation into protected system paths, potentially leading to arb... Read more
Affected Products : myasus- Published: Nov. 25, 2025
- Modified: Nov. 25, 2025
- Vuln Type: Path Traversal
-
8.5
HIGHCVE-2022-50690
Wondershare MirrorGo 2.0.11.346 contains a local privilege escalation vulnerability due to incorrect file permissions on executable files. Unprivileged local users can replace the ElevationService.exe with a malicious file to execute arbitrary code with L... Read more
Affected Products :- Published: Dec. 22, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Misconfiguration
-
8.5
HIGHCVE-2023-53947
OCS Inventory NG 2.3.0.0 contains an unquoted service path vulnerability that allows local attackers to escalate privileges to system level. Attackers can place a malicious executable in the unquoted service path and trigger the service restart to execute... Read more
Affected Products :- Published: Dec. 19, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Misconfiguration
-
8.5
HIGHCVE-2025-34352
JumpCloud Remote Assist for Windows versions prior to 0.317.0 include an uninstaller that is invoked by the JumpCloud Windows Agent as NT AUTHORITY\SYSTEM during agent uninstall or update operations. The Remote Assist uninstaller performs privileged creat... Read more
Affected Products :- Published: Dec. 02, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Race Condition
-
8.5
HIGHCVE-2025-62155
New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to version 0.9.6, a recently patched SSRF vulnerability contains a bypass method that can bypass the existing security fix and still allow SSRF ... Read more
Affected Products :- Published: Nov. 25, 2025
- Modified: Nov. 25, 2025
- Vuln Type: Server-Side Request Forgery
-
8.5
HIGHCVE-2023-53973
Zillya Total Security 3.0.2367.0 contains a privilege escalation vulnerability that allows low-privileged users to copy files to unauthorized system locations using the quarantine module. Attackers can leverage symbolic link techniques to restore quaranti... Read more
Affected Products :- Published: Dec. 22, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Path Traversal
-
8.5
HIGHCVE-2022-50688
Cobian Backup Gravity 11.2.0.582 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path in the CobianBackup11 service t... Read more
Affected Products :- Published: Dec. 22, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Misconfiguration