Latest CVE Feed
-
7.5
HIGHCVE-2025-12082
Incorrect Authorization vulnerability in Drupal CivicTheme Design System allows Forceful Browsing.This issue affects CivicTheme Design System: from 0.0.0 before 1.12.0.... Read more
Affected Products : drupal- Published: Oct. 30, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-9954
Missing Authorization vulnerability in Drupal Acquia DAM allows Forceful Browsing.This issue affects Acquia DAM: from 0.0.0 before 1.1.5.... Read more
Affected Products : drupal- Published: Oct. 30, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-60551
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the next_page parameter in the function formDeviceReboot.... Read more
- Published: Oct. 24, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-62902
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThemeHunk WP Popup Builder wp-popup-builder allows Retrieve Embedded Sensitive Data.This issue affects WP Popup Builder: from n/a through <= 1.3.6.... Read more
Affected Products : wp_popup_builder- Published: Oct. 27, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-60549
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formAutoDetecWAN_wizard4.... Read more
- Published: Oct. 24, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-60571
D-Link DIR600LAx FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetQoS.... Read more
- Published: Oct. 24, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-60569
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetRoute.... Read more
- Published: Oct. 24, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-60556
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWizard1.... Read more
- Published: Oct. 24, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-60550
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formEasySetTimezone.... Read more
- Published: Oct. 24, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-60572
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formAdvNetwork.... Read more
- Published: Oct. 24, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-60568
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formAdvFirewall.... Read more
- Published: Oct. 24, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-60570
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formLogDnsquery.... Read more
- Published: Oct. 24, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-11451
The Auto Amazon Links – Amazon Associates Affiliate Plugin plugin for WordPress is vulnerable to arbitrary files reads in all versions up to, and including, 5.4.3 via the '/wp-json/wp/v2/aal_ajax_unit_loading' RST API endpoint. This makes it possible for ... Read more
Affected Products : auto_amazon_links- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-42940
SAP CommonCryptoLib does not perform necessary boundary checks during pre-authentication parsing of manipulated ASN.1 data over the network. This may result in memory corruption followed by an application crash, hence leading to a high impact on availabil... Read more
Affected Products : commoncryptolib- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-12938
A vulnerability was identified in projectworlds Online Admission System 1.0. Affected by this vulnerability is an unknown functionality of the file /process_login.php. The manipulation of the argument keywords leads to sql injection. The attack can be ini... Read more
Affected Products : online_admission_system- Published: Nov. 10, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-60241
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Premmerce Premmerce premmerce allows PHP Local File Inclusion.This issue affects Premmerce: from n/a through <= 1.3.19.... Read more
Affected Products : premmerce- Published: Nov. 06, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-61220
The incomplete verification mechanism in the AutoBizLine com.mysecondline.app 1.2.91 allows attackers to log in as other users and gain unauthorized access to their personal information.... Read more
Affected Products :- Published: Oct. 21, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Authentication
-
7.5
HIGHCVE-2025-43409
A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.2. An app may be able to access sensitive user data.... Read more
Affected Products : macos- Published: Nov. 04, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-60248
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WPClever WPC Product Options for WooCommerce wpc-product-options allows PHP Local File Inclusion.This issue affects WPC Product Option... Read more
Affected Products :- Published: Nov. 06, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-43502
A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 26.1 and iPadOS 26.1, Safari 26.1, visionOS 26.1. An app may be able to bypass certain Privacy preferences.... Read more
- Published: Nov. 04, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Information Disclosure