Latest CVE Feed
-
7.3
HIGHCVE-2025-62229
A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to a use-after-free condition. This can cause memory corrup... Read more
- Published: Oct. 30, 2025
- Modified: Nov. 11, 2025
- Vuln Type: Memory Corruption
-
7.3
HIGHCVE-2025-13204
npm package `expr-eval` is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution. The npm expr-eval-fork package resolves this issue.... Read more
Affected Products :- Published: Nov. 14, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Misconfiguration
-
7.3
HIGHCVE-2024-25621
containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and 2.2.0-beta.0 through 2.2.0-rc.1 have an overly broad default permission vulnerability. Directory paths `/var/lib/cont... Read more
Affected Products : containerd- Published: Nov. 06, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Misconfiguration
-
7.3
HIGHCVE-2025-7429
Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Mails Deleted or Moved report.... Read more
Affected Products : manageengine_exchange_reporter_plus- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Cross-Site Scripting
-
7.3
HIGHCVE-2025-60697
A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the `prog.cgi` and `rc` binaries. The `sub_4438A4` function in `prog.cgi` stores user-supplied DDNS parameters (`ServerAddress` and `Hostname`) in NVRA... Read more
- Published: Nov. 13, 2025
- Modified: Nov. 17, 2025
- Vuln Type: Injection
-
7.3
HIGHCVE-2025-46430
Dell Display and Peripheral Manager, versions prior to 2.1.2.12, contains an Execution with Unnecessary Privileges vulnerability in the Installer. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevati... Read more
Affected Products : display_and_peripheral_manager- Published: Nov. 10, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Authorization
-
7.3
HIGHCVE-2025-12409
A SQL injection vulnerability was discovered in Looker Studio that allowed for data exfiltration from BigQuery data sources. By creating a malicious report with native functions enabled, and having the victim access the report, an attacker could execute... Read more
Affected Products :- Published: Nov. 10, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Injection
-
7.3
HIGHCVE-2025-8485
An improper permissions vulnerability was reported in Lenovo App Store that could allow a local authenticated user to execute code with elevated privileges during installation of an application.... Read more
Affected Products : app_store- Published: Nov. 12, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Authorization
-
7.3
HIGHCVE-2025-7632
Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Public Folders report.... Read more
Affected Products : manageengine_exchange_reporter_plus- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Cross-Site Scripting
-
7.3
HIGHCVE-2025-64726
Socket Firewall is an HTTP/HTTPS proxy server that intercepts package manager requests and enforces security policies by blocking dangerous packages. Socket Firewall binary versions (separate from installers) prior to 0.15.5 are vulnerable to arbitrary co... Read more
Affected Products :- Published: Nov. 13, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Misconfiguration
-
7.3
HIGHCVE-2025-11962
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in DivvyDrive Information Technologies Inc. Digital Corporate Warehouse allows Stored XSS.This issue affects Digital Corporate Warehouse: before v.4.... Read more
Affected Products :- Published: Nov. 12, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Cross-Site Scripting
-
7.3
HIGHCVE-2025-10161
Improper Restriction of Excessive Authentication Attempts, Client-Side Enforcement of Server-Side Security, Reliance on Untrusted Inputs in a Security Decision vulnerability in Turkguven Software Technologies Inc. Perfektive allows Brute Force, Authentica... Read more
Affected Products :- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Authentication
-
7.3
HIGHCVE-2025-59504
Heap-based buffer overflow in Azure Monitor Agent allows an unauthorized attacker to execute code locally.... Read more
Affected Products : azure_monitor- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
-
7.3
HIGHCVE-2025-60698
A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1_FW102B02 within the `prog.cgi` and `rc` binaries. The `sub_432F60` function in `prog.cgi` stores user-supplied `SetSysLogSettings/IPAddress` values in NVRAM via `nvram... Read more
- Published: Nov. 13, 2025
- Modified: Nov. 17, 2025
- Vuln Type: Injection
-
7.3
HIGHCVE-2025-7430
Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Folder Message Count and Size report.... Read more
Affected Products : manageengine_exchange_reporter_plus- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Cross-Site Scripting
-
7.3
HIGHCVE-2025-62075
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ido Kobelkowsky Simple Payment simple-payment.This issue affects Simple Payment: from n/a through <= 2.4.6.... Read more
Affected Products :- Published: Nov. 06, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Injection
-
7.3
HIGHCVE-2025-12286
A weakness has been identified in VeePN up to 1.6.2. This affects an unknown function of the file C:\Program Files (x86)\VeePN\avservice\avservice.exe of the component AVService. This manipulation causes unquoted search path. The attack requires local acc... Read more
Affected Products :- Published: Oct. 27, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Misconfiguration
-
7.3
HIGHCVE-2025-10487
The Advanced Ads – Ad Manager & AdSense plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.0.12 via the select_one() function. This is due to the endpoint not properly restricting access to the AJAX endpoin... Read more
Affected Products : advanced_ads_-_ad_manager_\&_adsense- Published: Nov. 01, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Information Disclosure
-
7.3
HIGHCVE-2025-64104
LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). Prior to 2.0.11, LangGraph's SQLite store implementation contains SQL injection vulnerabilities using direct string con... Read more
Affected Products :- Published: Oct. 29, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Injection
-
7.3
HIGHCVE-2025-31133
runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-m... Read more
Affected Products : runc- Published: Nov. 06, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Misconfiguration