Latest CVE Feed
-
7.5
HIGHCVE-2025-60569
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetRoute.... Read more
- Published: Oct. 24, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-60556
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWizard1.... Read more
- Published: Oct. 24, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-60550
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formEasySetTimezone.... Read more
- Published: Oct. 24, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-60572
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formAdvNetwork.... Read more
- Published: Oct. 24, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-43424
The issue was addressed with improved bounds checks. This issue is fixed in iOS 26.1 and iPadOS 26.1. A malicious HID device may cause an unexpected process crash.... Read more
- Published: Nov. 04, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-60568
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formAdvFirewall.... Read more
- Published: Oct. 24, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-60570
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formLogDnsquery.... Read more
- Published: Oct. 24, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-64430
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions 4.2.0 through 7.5.3, and 8.0.0 through 8.3.1-alpha.1, there is a Server-Side Request Forgery (SSRF) vulnerability in the file upload functi... Read more
Affected Products : parse-server- Published: Nov. 07, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Server-Side Request Forgery
-
7.5
HIGHCVE-2025-13063
A flaw has been found in DinukaNavaratna Dee Store 1.0. Affected is an unknown function. Executing manipulation can lead to missing authorization. The attack may be performed from remote. The exploit has been published and may be used. Multiple endpoints ... Read more
Affected Products :- Published: Nov. 12, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-60204
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Josh Kohlbach WooCommerce Store Toolkit woocommerce-store-toolkit allows PHP Local File Inclusion.This issue affects WooCommerce Store... Read more
Affected Products : store_toolkit_for_woocommerce- Published: Nov. 06, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-11451
The Auto Amazon Links – Amazon Associates Affiliate Plugin plugin for WordPress is vulnerable to arbitrary files reads in all versions up to, and including, 5.4.3 via the '/wp-json/wp/v2/aal_ajax_unit_loading' RST API endpoint. This makes it possible for ... Read more
Affected Products : auto_amazon_links- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-42940
SAP CommonCryptoLib does not perform necessary boundary checks during pre-authentication parsing of manipulated ASN.1 data over the network. This may result in memory corruption followed by an application crash, hence leading to a high impact on availabil... Read more
Affected Products : commoncryptolib- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-12938
A vulnerability was identified in projectworlds Online Admission System 1.0. Affected by this vulnerability is an unknown functionality of the file /process_login.php. The manipulation of the argument keywords leads to sql injection. The attack can be ini... Read more
Affected Products : online_admission_system- Published: Nov. 10, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-61220
The incomplete verification mechanism in the AutoBizLine com.mysecondline.app 1.2.91 allows attackers to log in as other users and gain unauthorized access to their personal information.... Read more
Affected Products :- Published: Oct. 21, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Authentication
-
7.5
HIGHCVE-2025-62792
Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.12.0, a buffer over-read occurs in w_expression_match() when strlen() is called on str_test, because the corresponding buffer is not being properly NU... Read more
Affected Products : wazuh- Published: Oct. 29, 2025
- Modified: Nov. 03, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-64509
Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.6, a specially crafted Brotli-compressed envelope can cause Bugsink to spend excessive CPU time in decompression, leading to denial of service. This can be done if the DSN is known, wh... Read more
Affected Products :- Published: Nov. 10, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-60704
Missing cryptographic step in Windows Kerberos allows an unauthorized attacker to elevate privileges over a network.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_23h2 +6 more products- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
7.5
HIGHCVE-2025-52512
An issue was discovered in Samsung Mobile Processor Exynos 2400, 1580, 2500. A race condition in the HTS driver results in out-of-bounds memory access, leading to a denial of service.... Read more
Affected Products : exynos_2400_firmware exynos_2400 exynos_1580_firmware exynos_1580 exynos_2500_firmware exynos_2500- Published: Nov. 04, 2025
- Modified: Nov. 07, 2025
- Vuln Type: Race Condition
-
7.5
HIGHCVE-2025-43502
A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 26.1 and iPadOS 26.1, Safari 26.1, visionOS 26.1. An app may be able to bypass certain Privacy preferences.... Read more
- Published: Nov. 04, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-43469
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to access sensitive user data.... Read more
Affected Products : macos- Published: Nov. 04, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Authorization