Latest CVE Feed
-
7.5
HIGHCVE-2025-63074
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Dream-Theme The7 dt-the7 allows PHP Local File Inclusion.This issue affects The7: from n/a through <= 12.8.0.2.... Read more
Affected Products : the7- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-64460
An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in `django.core.serializers.xml_serializer.getInnerText()` allows a remote attacker to cause a potential denial-of-service attack triggering CPU ... Read more
Affected Products : django- Published: Dec. 02, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-14327
Spoofing issue in the Downloads Panel component. This vulnerability affects Firefox < 146 and Thunderbird < 146.... Read more
- Published: Dec. 09, 2025
- Modified: Dec. 11, 2025
- Vuln Type: Authentication
-
7.5
HIGHCVE-2025-48592
In initDecoder of C2SoftDav1dDec.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more
Affected Products : android- Published: Dec. 08, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-63076
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Dream-Theme The7 Elements dt-the7-core allows PHP Local File Inclusion.This issue affects The7 Elements: from n/a through <= 2.7.11.... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-65821
As UART download mode is still enabled on the ESP32 chip on which the firmware runs, an adversary can dump the flash from the device and retrieve sensitive information such as details about the current and previous Wi-Fi network from the NVS partition. Ad... Read more
Affected Products :- Published: Dec. 10, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Misconfiguration
-
7.5
HIGHCVE-2025-63895
An issue in the Bluetooth firmware of JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to cause a Denial of Service (DoS) via sending a crafted Link Manager Protocol (LMP) packet.... Read more
Affected Products :- Published: Dec. 10, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-65797
Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete registered identity providers, leading to an account takeover or Denial of Service (DoS).... Read more
Affected Products : memos- Published: Dec. 08, 2025
- Modified: Dec. 11, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-59030
An attacker can trigger the removal of cached records by sending a NOTIFY query over TCP.... Read more
Affected Products : recursor- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-64658
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate privileges locally.... Read more
- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
-
7.5
HIGHCVE-2025-15078
A vulnerability was detected in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /list_report.php. The manipulation of the argument sy results in sql injection. The attack may be launched remotely. The ex... Read more
Affected Products : student_management_system- Published: Dec. 25, 2025
- Modified: Dec. 25, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-14567
A weakness has been identified in haxxorsid Stock-Management-System up to fbbbf213e9c93b87183a3891f77e3cc7095f22b0. This affects an unknown function of the file /api/employees. Executing manipulation can lead to missing authentication. It is possible to l... Read more
Affected Products : stock-management-system- Published: Dec. 12, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Authentication
-
7.5
HIGHCVE-2025-15073
A vulnerability was determined in itsourcecode Online Frozen Foods Ordering System 1.0. This affects an unknown part of the file /contact_us.php. This manipulation of the argument Name causes sql injection. It is possible to initiate the attack remotely. ... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 24, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-15075
A security flaw has been discovered in itsourcecode Student Management System 1.0. This issue affects some unknown processing of the file /student_p.php. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remo... Read more
Affected Products : student_management_system- Published: Dec. 25, 2025
- Modified: Dec. 25, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-15074
A vulnerability was identified in itsourcecode Online Frozen Foods Ordering System 1.0. This vulnerability affects unknown code of the file /customer_details.php. Such manipulation leads to sql injection. It is possible to launch the attack remotely. The ... Read more
Affected Products :- Published: Dec. 25, 2025
- Modified: Dec. 25, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-15076
A weakness has been identified in Tenda CH22 1.0.0.1. Impacted is an unknown function of the file /public/. Executing manipulation can lead to path traversal. The attack can be launched remotely. The exploit has been made available to the public and could... Read more
Affected Products : ch22_firmware- Published: Dec. 25, 2025
- Modified: Dec. 25, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-15077
A security vulnerability has been detected in itsourcecode Student Management System 1.0. The affected element is an unknown function of the file /form137.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotel... Read more
Affected Products : student_management_system- Published: Dec. 25, 2025
- Modified: Dec. 25, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-66443
Pexip Infinity 35.0 through 38.1 before 39.0, in non-default configurations that use Direct Media for WebRTC, has Improper Input Validation in signalling that allows an attacker to trigger a software abort, resulting in a temporary denial of service.... Read more
Affected Products : infinity- Published: Dec. 25, 2025
- Modified: Dec. 25, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-32095
Pexip Infinity before 37.0 has improper input validation in signalling that allows a remote attacker to trigger a software abort via a crafted signalling message, resulting in a denial of service.... Read more
Affected Products : infinity- Published: Dec. 25, 2025
- Modified: Dec. 25, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-66379
Pexip Infinity before 39.0 has Improper Input Validation in the media implementation, allowing a remote attacker to trigger a software abort via a crafted media stream, resulting in a denial of service.... Read more
Affected Products : infinity- Published: Dec. 25, 2025
- Modified: Dec. 25, 2025
- Vuln Type: Denial of Service