Latest CVE Feed
-
8.5
HIGHCVE-2025-23408
Weak Password Requirements vulnerability in Apache Fineract. This issue affects Apache Fineract: through 1.10.1. The issue is fixed in version 1.11.0. Users are encouraged to upgrade to version 1.13.0, the latest release.... Read more
Affected Products : fineract- Published: Dec. 12, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Authentication
-
8.5
HIGHCVE-2025-14314
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Roxnor PopupKit popup-builder-block allows Blind SQL Injection.This issue affects PopupKit: from n/a through <= 2.1.5.... Read more
Affected Products :- Published: Dec. 18, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Injection
-
8.5
HIGHCVE-2025-64468
There is a use-after-free vulnerability in sentry!sentry_span_set_data() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to ... Read more
Affected Products : labview- Published: Dec. 18, 2025
- Modified: Dec. 24, 2025
- Vuln Type: Memory Corruption
-
8.5
HIGHCVE-2025-68130
tRPC allows users to build and consume fully typesafe APIs without schemas or code generation. Starting in version 10.27.0 and prior to versions 10.45.3 and 11.8.0, a A prototype pollution vulnerability exists in `@trpc/server`'s `formDataToObject` functi... Read more
Affected Products :- Published: Dec. 16, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Misconfiguration
-
8.5
HIGHCVE-2025-64701
QND Premium/Advance/Standard Ver.11.0.9i and prior contains a privilege escalation vulnerability, which may allow a user who can log in to a Windows system with the affected product to gain administrator privileges. As a result, sensitive information may ... Read more
Affected Products :- Published: Dec. 11, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Authentication
-
8.5
HIGHCVE-2025-64462
There is an out of bounds read vulnerability in NI LabVIEW in LVResFile::RGetMemFileHandle() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attack... Read more
Affected Products : labview- Published: Dec. 18, 2025
- Modified: Dec. 24, 2025
- Vuln Type: Information Disclosure
-
8.5
HIGHCVE-2025-64463
There is an out of bounds read vulnerability in NI LabVIEW in LVResource::DetachResource() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker... Read more
Affected Products : labview- Published: Dec. 18, 2025
- Modified: Dec. 24, 2025
- Vuln Type: Memory Corruption
-
8.5
HIGHCVE-2021-47730
Selea Targa IP OCR-ANPR Camera contains a cross-site request forgery vulnerability that allows attackers to create administrative users without authentication. Attackers can craft a malicious web page that submits a form to add a new admin user with full ... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Cross-Site Request Forgery
-
8.5
HIGHCVE-2023-53954
ActFax 10.10 contains an unquoted service path vulnerability that allows local attackers to potentially escalate privileges by exploiting the ActiveFaxServiceNT service configuration. Attackers with write permissions to Program Files directories can injec... Read more
Affected Products : actfax- Published: Dec. 19, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Misconfiguration
-
8.5
HIGHCVE-2025-64465
There is an out of bounds read vulnerability in NI LabVIEW in lvre!DataSizeTDR() when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a ... Read more
Affected Products : labview- Published: Dec. 18, 2025
- Modified: Dec. 24, 2025
- Vuln Type: Information Disclosure
-
8.5
HIGHCVE-2023-53912
USB Flash Drives Control 4.1.0.0 contains an unquoted service path vulnerability in its service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\USB Flash Drives ... Read more
Affected Products :- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Misconfiguration
-
8.5
HIGHCVE-2023-53946
Arcsoft PhotoStudio 6.0.0.172 contains an unquoted service path vulnerability in the ArcSoft Exchange Service that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted path and trigger the service to ex... Read more
Affected Products : photostudio- Published: Dec. 19, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Misconfiguration
-
8.5
HIGHCVE-2025-34396
MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAINFY.DLL from its application directo without sufficient integrity... Read more
Affected Products : mailenable- Published: Dec. 09, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Misconfiguration
-
8.5
HIGHCVE-2025-34420
MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIAM.DLL from its installation directory without sufficient integri... Read more
Affected Products : mailenable- Published: Dec. 10, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Misconfiguration
-
8.5
HIGHCVE-2025-65958
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.37, a Server-Side Request Forgery (SSRF) vulnerability in Open WebUI allows any authenticated user to force the server to make HTTP requests to... Read more
Affected Products : open_webui- Published: Dec. 04, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Server-Side Request Forgery
-
8.5
HIGHCVE-2025-34421
MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAISP.DLL from its installation directory without sufficient integri... Read more
Affected Products : mailenable- Published: Dec. 10, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Misconfiguration
-
8.5
HIGHCVE-2025-34424
MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIDP.DLL from its installation directory without sufficient integri... Read more
Affected Products : mailenable- Published: Dec. 10, 2025
- Modified: Dec. 17, 2025
- Vuln Type: Misconfiguration
-
8.5
HIGHCVE-2025-12046
A DLL hijacking vulnerability was reported in the Lenovo App Store and Lenovo Browser applications that could allow a local authenticated user to execute code with elevated privileges under certain conditions.... Read more
- Published: Dec. 10, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Misconfiguration
-
8.5
HIGHCVE-2025-13152
A potential DLL hijacking vulnerability was reported in Lenovo One Client during an internal security assessment that could allow a local authenticated user to execute code with elevated privileges.... Read more
Affected Products : one_client- Published: Dec. 10, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Misconfiguration
-
8.5
HIGHCVE-2025-34423
MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIAU.DLL from its installation directory without sufficient integri... Read more
Affected Products : mailenable- Published: Dec. 10, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Misconfiguration