Latest CVE Feed
-
7.5
HIGHCVE-2025-64216
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeSphere SmartMag smart-mag allows PHP Local File Inclusion.This issue affects SmartMag: from n/a through <= 10.3.0.... Read more
Affected Products : smartmag- Published: Oct. 29, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-43449
The issue was addressed with improved handling of caches. This issue is fixed in iOS 26.1 and iPadOS 26.1. A malicious app may be able to track users between installs.... Read more
- Published: Nov. 04, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-9954
Missing Authorization vulnerability in Drupal Acquia DAM allows Forceful Browsing.This issue affects Acquia DAM: from 0.0.0 before 1.1.5.... Read more
Affected Products : drupal- Published: Oct. 30, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-21075
Out-of-bounds write in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory.... Read more
Affected Products : android- Published: Nov. 05, 2025
- Modified: Nov. 07, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-61116
AdForest - Classified Android App version 4.0.12 (package name scriptsbundle.adforest), developed by Muhammad Jawad Arshad, contains an improper access control vulnerability in its authentication mechanism. The app uses a Base64-encoded email address as t... Read more
Affected Products :- Published: Oct. 30, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Authentication
-
7.5
HIGHCVE-2025-61119
Kanova Android App version 1.0.27 (package name com.karelane), developed by Karely L.L.C., contains improper access control vulnerabilities. Attackers may gain unauthorized access to user details and obtain group information, including entry codes, by man... Read more
Affected Products :- Published: Oct. 30, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-54332
An issue was discovered in NPU in Samsung Mobile Processor Exynos 1380 through July 2025. There is a NULL Pointer Dereference of profiler.node in the npu_vertex_profileoff function.... Read more
- Published: Nov. 04, 2025
- Modified: Nov. 07, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-60200
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress LearnPress Export Import learnpress-import-export allows PHP Local File Inclusion.This issue affects LearnPress Export Impor... Read more
Affected Products : learnpress- Published: Nov. 06, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-60858
Reolink Video Doorbell Wi-Fi DB_566128M5MP_W stores and transmits DDNS credentials in plaintext within its configuration and update scripts, allowing attackers to intercept or extract sensitive information.... Read more
Affected Products :- Published: Oct. 28, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-63561
Summer Pearl Group Vacation Rental Management Platform prior to 1.0.2 is susceptible to a Slowloris-style Denial-of-Service (DoS) condition in the HTTP connection handling layer, where an attacker that opens and maintains many slow or partially-completed ... Read more
Affected Products : vacation_rental_management_platform- Published: Oct. 31, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-12501
Integer overflow in GameMaker IDE below 2024.14.0 version can lead to can lead to application crashes through denial-of-service attacks (DoS). GameMaker users who use the network_create_server() function in their projects are urged to update and recompil... Read more
Affected Products :- Published: Oct. 31, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-63248
DWSurvey 6.14.0 is vulnerable to Incorrect Access Control. When deleting a questionnaire, replacing the questionnaire ID with the ID of another questionnaire can enable the deletion of other questionnaires.... Read more
Affected Products :- Published: Nov. 05, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-62785
Wazuh is a free and open source platform used for threat prevention, detection, and response. fillData() implementation does not check whether value is NULL or not before calling os_strdup() on it. A compromised agent can cause a crash of analysisd by sen... Read more
Affected Products : wazuh- Published: Oct. 29, 2025
- Modified: Nov. 03, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-61099
FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the opaque_info_detail function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LS Update packet.... Read more
Affected Products : frrouting- Published: Oct. 27, 2025
- Modified: Nov. 03, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-41703
An unauthenticated remote attacker can cause a Denial of Service by turning off the output of the UPS via Modbus command.... Read more
Affected Products :- Published: Oct. 14, 2025
- Modified: Nov. 03, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-64364
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Masterstudy masterstudy allows PHP Local File Inclusion.This issue affects Masterstudy: from n/a through < 4.8.126.... Read more
Affected Products :- Published: Oct. 31, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-12270
A vulnerability was determined in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. The impacted element is an unknown function of the file /api/v1/assignments/{assignment_id}/tasks/{task_id}/sub_file of the component Student Assignment Submissio... Read more
Affected Products : learnhouse- Published: Oct. 27, 2025
- Modified: Oct. 31, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-64363
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SeventhQueen Kleo kleo allows PHP Local File Inclusion.This issue affects Kleo: from n/a through < 5.5.0.... Read more
Affected Products :- Published: Oct. 31, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-11232
To trigger the issue, three configuration parameters must have specific settings: "hostname-char-set" must be left at the default setting, which is "[^A-Za-z0-9.-]"; "hostname-char-replacement" must be empty (the default); and "ddns-qualifying-suffix" mus... Read more
Affected Products : kea- Published: Oct. 29, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Misconfiguration
-
7.5
HIGHCVE-2025-61115
ABC Fine Wine & Spirits Android App version v.11.27.5 and before (package name com.cta.abcfinewineandspirits), developed by ABC Liquors, Inc., contains an improper access control vulnerability in its login mechanism. The application does not properly vali... Read more
Affected Products :- Published: Oct. 30, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Authentication