Latest CVE Feed
-
7.5
HIGHCVE-2025-52616
HCL Unica 12.1.10 can expose sensitive system information. An attacker could use this information to form an attack plan by leveraging known vulnerabilities in the application.... Read more
Affected Products : unica- Published: Oct. 12, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-32657
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Testimonial Slider And Showcase Pro testimonial-slider-showcase-pro allows PHP Local File Inclusion.This issue affects Tes... Read more
Affected Products :- Published: Oct. 22, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-62658
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation MediaWiki WatchAnalytics extension allows SQL Injection.This issue affects MediaWiki WatchAnalytics extension: 1.43, 1.44.... Read more
Affected Products :- Published: Oct. 20, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-64216
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeSphere SmartMag smart-mag allows PHP Local File Inclusion.This issue affects SmartMag: from n/a through <= 10.3.0.... Read more
Affected Products : smartmag- Published: Oct. 29, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-26781
An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 9110, W920, W930, Modem 5123, and Modem 5300. Incorrect handling of RLC AM PDUs leads to a Denial of S... Read more
Affected Products : exynos_980_firmware exynos_850_firmware exynos_1080_firmware exynos_2200_firmware exynos_1380_firmware exynos_1330_firmware exynos_9110_firmware exynos_w920_firmware exynos_980 exynos_990_firmware +16 more products- Published: Oct. 20, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-50951
FontForge v20230101 was discovered to contain a memory leak via the utf7toutf8_copy function at /fontforge/sfd.c.... Read more
- Published: Oct. 23, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-61105
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_link_info function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.... Read more
Affected Products : frrouting- Published: Oct. 27, 2025
- Modified: Nov. 03, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-61920
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JOSE implementation accepts unbounded JWS/JWT header and signature segments. A remote attacker can craft a token whose base64url‑encoded header or... Read more
Affected Products : authlib- Published: Oct. 10, 2025
- Modified: Nov. 03, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-61919
Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, `Rack::Request#POST` reads the entire request body into memory for `Content-Type: application/x-www-form-urlencoded`, calling `rack.input.read(nil)` without enforcin... Read more
Affected Products : rack- Published: Oct. 10, 2025
- Modified: Nov. 03, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-63461
Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ssid5g parameter in the urldecode function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.... Read more
- Published: Oct. 31, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-60201
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in aguilatechnologies WP Customer Area customer-area allows PHP Local File Inclusion.This issue affects WP Customer Area: from n/a throug... Read more
Affected Products :- Published: Nov. 06, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-27225
TRUfusion Enterprise through 7.10.4.0 exposes the /trufusionPortal/jsp/internal_admin_contact_login.jsp endpoint to unauthenticated users. This endpoint discloses sensitive internal information including PII to unauthenticated attackers.... Read more
Affected Products : trufusion_enterprise- Published: Oct. 27, 2025
- Modified: Oct. 31, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-52634
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION This issue affects HCL AION: 2.0.... Read more
Affected Products : aion- Published: Oct. 10, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-58188
Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.... Read more
Affected Products : go- Published: Oct. 29, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-41703
An unauthenticated remote attacker can cause a Denial of Service by turning off the output of the UPS via Modbus command.... Read more
Affected Products :- Published: Oct. 14, 2025
- Modified: Nov. 03, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-52630
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION.This issue affects AION: 2.0.... Read more
Affected Products : aion- Published: Oct. 10, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-60563
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetPortTr.... Read more
- Published: Oct. 24, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-62947
Insertion of Sensitive Information Into Sent Data vulnerability in publitio Publitio publitio allows Retrieve Embedded Sensitive Data.This issue affects Publitio: from n/a through <= 2.2.3.... Read more
Affected Products :- Published: Oct. 27, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-41020
Insecure direct object reference (IDOR) vulnerability in Sergestec's Exito v8.0. This vulnerability allows an attacker to access data belonging to other customers through the 'id' parameter in '/admin/ticket_a4.php'.... Read more
Affected Products : exito- Published: Oct. 16, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-11447
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.0 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an unauthenticated attacker to cause a denial of service condition by sending GraphQL request... Read more
Affected Products : gitlab- Published: Oct. 27, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Denial of Service