Latest CVE Feed
-
7.5
HIGHCVE-2025-52435
J2EE Misconfiguration: Data Transmission Without Encryption vulnerability in Apache NimBLE. Improper handling of Pause Encryption procedure on Link Layer results in a previously encrypted connection being left in un-encrypted state allowing an eavesdropp... Read more
Affected Products : nimble- Published: Jan. 10, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Misconfiguration
-
7.5
HIGHCVE-2025-68877
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CedCommerce CedCommerce Integration for Good Market allows PHP Local File Inclusion.This issue affects CedCommerce Integration for Goo... Read more
Affected Products :- Published: Dec. 29, 2025
- Modified: Jan. 20, 2026
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-53477
NULL Pointer Dereference vulnerability in Apache Nimble. Missing validation of HCI connection complete or HCI command TX buffer could lead to NULL pointer dereference. This issue requires disabled asserts and broken or bogus Bluetooth controller and thus... Read more
Affected Products : nimble- Published: Jan. 10, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-56225
fluidsynth-2.4.6 and earlier versions is vulnerable to Null pointer dereference in fluid_synth_monopoly.c, that can be triggered when loading an invalid midi file.... Read more
Affected Products : fluidsynth- Published: Jan. 09, 2026
- Modified: Jan. 23, 2026
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-68989
Insertion of Sensitive Information Into Sent Data vulnerability in Renzo Johnson Contact Form 7 Extension For Mailchimp contact-form-7-mailchimp-extension allows Retrieve Embedded Sensitive Data.This issue affects Contact Form 7 Extension For Mailchimp: f... Read more
Affected Products : contact_form_7_extension_for_mailchimp- Published: Dec. 30, 2025
- Modified: Jan. 20, 2026
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-63647
A NULL pointer dereference in the parse_meta function (src/httpd_daap.c) of owntone-server commit 334beb allows attackers to cause a Denial of Service (DoS) via sending a crafted DAAP request to the server.... Read more
Affected Products :- Published: Jan. 20, 2026
- Modified: Jan. 21, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-69223
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed ... Read more
Affected Products : aiohttp- Published: Jan. 05, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-68870
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in reDim GmbH CookieHint WP allows PHP Local File Inclusion.This issue affects CookieHint WP: from n/a through 1.0.0.... Read more
Affected Products :- Published: Dec. 29, 2025
- Modified: Jan. 20, 2026
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2021-47751
CuteEditor for PHP (now referred to as Rich Text Editor) 6.6 contains a directory traversal vulnerability in the browse template feature that allows attackers to write files to arbitrary web root directories. Attackers can exploit the ServerMapPath() func... Read more
Affected Products :- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-70651
Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow in the ssid parameter of the form_fast_setting_wifi_set function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.... Read more
Affected Products :- Published: Jan. 21, 2026
- Modified: Jan. 21, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-66862
A buffer overflow vulnerability in function gnu_special in file cplus-dem.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.... Read more
Affected Products : binutils- Published: Dec. 29, 2025
- Modified: Jan. 14, 2026
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-69227
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow for an infinite loop to occur when assert statements are bypassed, resulting in a DoS attack when processing a POST body. If optimizations are ... Read more
Affected Products : aiohttp- Published: Jan. 06, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-69228
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a request to be crafted in such a way that an AIOHTTP server's memory fills up uncontrollably during processing. If an application includes a h... Read more
Affected Products : aiohttp- Published: Jan. 06, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-66866
An issue was discovered in function d_abi_tags in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.... Read more
Affected Products : binutils- Published: Dec. 29, 2025
- Modified: Jan. 14, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-66863
An issue was discovered in function d_discriminator in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.... Read more
Affected Products : binutils- Published: Dec. 29, 2025
- Modified: Jan. 14, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-66865
An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.... Read more
Affected Products : binutils- Published: Dec. 29, 2025
- Modified: Jan. 14, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-67076
Directory traversal vulnerability in Omnispace Agora Project before 25.10 allowing unauthenticated attackers to read files on the system via the misc controller and the ExternalGetFile action. Only files with an extension can be read.... Read more
Affected Products : agora-project- Published: Jan. 15, 2026
- Modified: Jan. 21, 2026
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-63648
A NULL pointer dereference in the dacp_reply_playqueueedit_move function (src/httpd_dacp.c) of owntone-server commit b7e385f allows attackers to cause a Denial of Service (DoS) via sending a crafted DACP request to the server.... Read more
Affected Products :- Published: Jan. 20, 2026
- Modified: Jan. 21, 2026
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2026-21984
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure ... Read more
Affected Products : vm_virtualbox- Published: Jan. 20, 2026
- Modified: Jan. 21, 2026
-
7.5
HIGHCVE-2025-61557
nixseparatedebuginfod before v0.4.1 is vulnerable to Directory Traversal.... Read more
Affected Products : nixseparatedebuginfod- Published: Dec. 30, 2025
- Modified: Jan. 14, 2026
- Vuln Type: Path Traversal