Latest CVE Feed
-
8.4
HIGHCVE-2025-61812
ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could allow a high privileged attacker to gain arbitrary code execution. Exploitation of this issue does not require user interaction.... Read more
Affected Products : coldfusion- Published: Dec. 10, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Injection
-
8.4
HIGHCVE-2025-66324
Input verification vulnerability in the compression and decompression module. Impact: Successful exploitation of this vulnerability may affect app data integrity.... Read more
Affected Products : harmonyos- Published: Dec. 08, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Injection
-
8.4
HIGHCVE-2024-45675
IBM Informix Dynamic Server 14.10 could allow a local user on the system to log into the Informix server as administrator without a password.... Read more
Affected Products : informix_dynamic_server- Published: Dec. 02, 2025
- Modified: Dec. 03, 2025
- Vuln Type: Authentication
-
8.4
HIGHCVE-2025-66237
DCIM dcTrack platforms utilize default and hard-coded credentials for access. An attacker could use these credentials to administer the database, escalate privileges on the platform or execute system commands on the host.... Read more
Affected Products :- Published: Dec. 04, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Authentication
-
8.4
HIGHCVE-2025-50360
A heap buffer overflow in compiler.c and compiler.h in Pepper language 0.1.1commit 961a5d9988c5986d563310275adad3fd181b2bb7. Malicious execution of a pepper source file(.pr) could lead to arbitrary code execution or Denial of Service.... Read more
Affected Products : pepper- Published: Dec. 03, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Memory Corruption
-
8.3
HIGHCVE-2025-58098
Apache HTTP Server 2.4.65 and earlier with Server Side Includes (SSI) enabled and mod_cgid (but not mod_cgi) passes the shell-escaped query string to #exec cmd="..." directives. This issue affects Apache HTTP Server before 2.4.66. Users are recommended ... Read more
Affected Products : http_server- Published: Dec. 05, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Injection
-
8.3
HIGHCVE-2025-65036
XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Prior to 1.27.1, the macro executes Velocity from the details pages without checking for permissions, which can lead to remote code execution. This... Read more
Affected Products : pro_macros- Published: Dec. 05, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Injection
-
8.3
HIGHCVE-2025-64057
Directory traversal vulnerability in Fanvil x210 V2 2.12.20 allows unauthenticated attackers on the local network to store files in arbitrary locations and potentially modify the system configuration or other unspecified impacts.... Read more
- Published: Dec. 05, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Path Traversal
-
8.3
HIGHCVE-2025-42620
In affected versions, vulnerability-lookup handled user-controlled content in comments and bundles in an unsafe way, which could lead to stored Cross-Site Scripting (XSS). On the backend, the related_vulnerabilities field of bundles accepted arbitr... Read more
Affected Products :- Published: Dec. 08, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Cross-Site Scripting
-
8.3
HIGHCVE-2025-13932
The SolisCloud API suffers from a Broken Access Control vulnerability, specifically an Insecure Direct Object Reference (IDOR), where any authenticated user can access detailed data of any plant by altering the plant_id in the request.... Read more
Affected Products :- Published: Dec. 04, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Authorization
-
8.3
HIGHCVE-2025-15162
A vulnerability was determined in Tenda WH450 1.0.0.18. Affected by this vulnerability is an unknown functionality of the file /goform/RouteStatic. Executing manipulation of the argument page can lead to stack-based buffer overflow. The attack can be exec... Read more
- Published: Dec. 29, 2025
- Modified: Dec. 30, 2025
- Vuln Type: Memory Corruption
-
8.3
HIGHCVE-2025-15161
A vulnerability was found in Tenda WH450 1.0.0.18. Affected is an unknown function of the file /goform/PPTPUserSetting. Performing manipulation of the argument delno results in stack-based buffer overflow. Remote exploitation of the attack is possible. Th... Read more
- Published: Dec. 28, 2025
- Modified: Dec. 30, 2025
- Vuln Type: Memory Corruption
-
8.3
HIGHCVE-2025-67843
A Server-Side Template Injection (SSTI) vulnerability in the MDX Rendering Engine in Mintlify Platform before 2025-11-15 allows remote attackers to execute arbitrary code via inline JSX expressions in an MDX file.... Read more
Affected Products :- Published: Dec. 19, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Injection
-
8.3
HIGHCVE-2025-15180
A vulnerability was identified in Tenda WH450 1.0.0.18. The affected element is an unknown function of the file /goform/webExcptypemanFilte of the component HTTP Request Handler. Such manipulation of the argument page leads to stack-based buffer overflow.... Read more
- Published: Dec. 29, 2025
- Modified: Dec. 30, 2025
- Vuln Type: Memory Corruption
-
8.3
HIGHCVE-2025-15160
A vulnerability has been found in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/PPTPServer. Such manipulation of the argument ip1 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been ... Read more
- Published: Dec. 28, 2025
- Modified: Dec. 30, 2025
- Vuln Type: Memory Corruption
-
8.3
HIGHCVE-2025-15178
A vulnerability was found in Tenda WH450 1.0.0.18. This issue affects some unknown processing of the file /goform/VirtualSer of the component HTTP Request Handler. The manipulation of the argument page results in stack-based buffer overflow. The attack ca... Read more
- Published: Dec. 29, 2025
- Modified: Dec. 30, 2025
- Vuln Type: Memory Corruption
-
8.3
HIGHCVE-2024-44599
FNT Command 13.4.0 is vulnerable to Directory Traversal.... Read more
Affected Products : fnt_command- Published: Dec. 15, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Path Traversal
-
8.3
HIGHCVE-2025-15177
A vulnerability has been found in Tenda WH450 1.0.0.18. This vulnerability affects unknown code of the file /goform/SetIpBind of the component HTTP Request Handler. The manipulation of the argument page leads to stack-based buffer overflow. The attack can... Read more
- Published: Dec. 29, 2025
- Modified: Dec. 30, 2025
- Vuln Type: Memory Corruption
-
8.3
HIGHCVE-2025-15179
A vulnerability was determined in Tenda WH450 1.0.0.18. Impacted is an unknown function of the file /goform/qossetting. This manipulation of the argument page causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been p... Read more
- Published: Dec. 29, 2025
- Modified: Dec. 30, 2025
- Vuln Type: Memory Corruption
-
8.3
HIGHCVE-2025-15163
A vulnerability was identified in Tenda WH450 1.0.0.18. Affected by this issue is some unknown functionality of the file /goform/SafeEmailFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack is possible to be carr... Read more
- Published: Dec. 29, 2025
- Modified: Dec. 30, 2025
- Vuln Type: Memory Corruption