Latest CVE Feed
-
8.4
HIGHCVE-2025-66271
Clone for Windows provided by ELECOM CO.,LTD. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Misconfiguration
-
8.4
HIGHCVE-2025-66627
Wasmi is a WebAssembly interpreter focused on constrained and embedded systems. In versions 0.41.0, 0.41.1, 0.42.0 through 0.47.1, 0.50.0 through 0.51.2 and 1.0.0, Wasmi's linear memory implementation leads to a Use After Free vulnerability, triggered by ... Read more
Affected Products : wasmi- Published: Dec. 09, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2025-50360
A heap buffer overflow in compiler.c and compiler.h in Pepper language 0.1.1commit 961a5d9988c5986d563310275adad3fd181b2bb7. Malicious execution of a pepper source file(.pr) could lead to arbitrary code execution or Denial of Service.... Read more
Affected Products : pepper- Published: Dec. 03, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2024-45675
IBM Informix Dynamic Server 14.10 could allow a local user on the system to log into the Informix server as administrator without a password.... Read more
Affected Products : informix_dynamic_server- Published: Dec. 02, 2025
- Modified: Dec. 03, 2025
- Vuln Type: Authentication
-
8.4
HIGHCVE-2025-40830
A vulnerability has been identified in SINEC Security Monitor (All versions < V4.10.0). The affected application does not have proper authorization checks for the file_transfer feature in ssmctl-client command. This could allow an authenticated, lowly pri... Read more
Affected Products : sinec_security_monitor- Published: Dec. 09, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Authorization
-
8.4
HIGHCVE-2025-67505
Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one req... Read more
Affected Products :- Published: Dec. 10, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Race Condition
-
8.3
HIGHCVE-2025-13932
The SolisCloud API suffers from a Broken Access Control vulnerability, specifically an Insecure Direct Object Reference (IDOR), where any authenticated user can access detailed data of any plant by altering the plant_id in the request.... Read more
Affected Products :- Published: Dec. 04, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Authorization
-
8.3
HIGHCVE-2025-64057
Directory traversal vulnerability in Fanvil x210 V2 2.12.20 allows unauthenticated attackers on the local network to store files in arbitrary locations and potentially modify the system configuration or other unspecified impacts.... Read more
- Published: Dec. 05, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Path Traversal
-
8.3
HIGHCVE-2025-42620
In affected versions, vulnerability-lookup handled user-controlled content in comments and bundles in an unsafe way, which could lead to stored Cross-Site Scripting (XSS). On the backend, the related_vulnerabilities field of bundles accepted arbitr... Read more
Affected Products :- Published: Dec. 08, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Cross-Site Scripting
-
8.3
HIGHCVE-2025-58098
Apache HTTP Server 2.4.65 and earlier with Server Side Includes (SSI) enabled and mod_cgid (but not mod_cgi) passes the shell-escaped query string to #exec cmd="..." directives. This issue affects Apache HTTP Server before 2.4.66. Users are recommended ... Read more
Affected Products : http_server- Published: Dec. 05, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Injection
-
8.3
HIGHCVE-2025-65036
XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Prior to 1.27.1, the macro executes Velocity from the details pages without checking for permissions, which can lead to remote code execution. This... Read more
Affected Products : pro_macros- Published: Dec. 05, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Injection
-
8.3
HIGHCVE-2025-15162
A vulnerability was determined in Tenda WH450 1.0.0.18. Affected by this vulnerability is an unknown functionality of the file /goform/RouteStatic. Executing manipulation of the argument page can lead to stack-based buffer overflow. The attack can be exec... Read more
- Published: Dec. 29, 2025
- Modified: Dec. 30, 2025
- Vuln Type: Memory Corruption
-
8.3
HIGHCVE-2025-15160
A vulnerability has been found in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/PPTPServer. Such manipulation of the argument ip1 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been ... Read more
- Published: Dec. 28, 2025
- Modified: Dec. 30, 2025
- Vuln Type: Memory Corruption
-
8.3
HIGHCVE-2025-14273
Mattermost versions 11.1.x <= 11.1.0, 11.0.x <= 11.0.5, 10.12.x <= 10.12.3, 10.11.x <= 10.11.7 with the Jira plugin enabled and Mattermost Jira plugin versions <=4.4.0 fail to enforce authentication and issue-key path restrictions in the Jira plugin, whic... Read more
Affected Products : mattermost_server- Published: Dec. 22, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Authentication
-
8.3
HIGHCVE-2025-15180
A vulnerability was identified in Tenda WH450 1.0.0.18. The affected element is an unknown function of the file /goform/webExcptypemanFilte of the component HTTP Request Handler. Such manipulation of the argument page leads to stack-based buffer overflow.... Read more
- Published: Dec. 29, 2025
- Modified: Dec. 30, 2025
- Vuln Type: Memory Corruption
-
8.3
HIGHCVE-2025-67843
A Server-Side Template Injection (SSTI) vulnerability in the MDX Rendering Engine in Mintlify Platform before 2025-11-15 allows remote attackers to execute arbitrary code via inline JSX expressions in an MDX file.... Read more
Affected Products :- Published: Dec. 19, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Injection
-
8.3
HIGHCVE-2025-15178
A vulnerability was found in Tenda WH450 1.0.0.18. This issue affects some unknown processing of the file /goform/VirtualSer of the component HTTP Request Handler. The manipulation of the argument page results in stack-based buffer overflow. The attack ca... Read more
- Published: Dec. 29, 2025
- Modified: Dec. 30, 2025
- Vuln Type: Memory Corruption
-
8.3
HIGHCVE-2025-15179
A vulnerability was determined in Tenda WH450 1.0.0.18. Impacted is an unknown function of the file /goform/qossetting. This manipulation of the argument page causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been p... Read more
- Published: Dec. 29, 2025
- Modified: Dec. 30, 2025
- Vuln Type: Memory Corruption
-
8.3
HIGHCVE-2025-15177
A vulnerability has been found in Tenda WH450 1.0.0.18. This vulnerability affects unknown code of the file /goform/SetIpBind of the component HTTP Request Handler. The manipulation of the argument page leads to stack-based buffer overflow. The attack can... Read more
- Published: Dec. 29, 2025
- Modified: Dec. 30, 2025
- Vuln Type: Memory Corruption
-
8.3
HIGHCVE-2024-44599
FNT Command 13.4.0 is vulnerable to Directory Traversal.... Read more
Affected Products : fnt_command- Published: Dec. 15, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Path Traversal