Latest CVE Feed
-
7.5
HIGHCVE-2025-55753
An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures (~30 days in default configurations), to the backoff timer becoming 0. Attempts to renew the certificate then are repeated without delays until it succeed... Read more
Affected Products : http_server- Published: Dec. 05, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-66564
Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits (via a call to strings.Split) an optionally-provided OID (which is untrusted data) on periods. Similarly, function ap... Read more
Affected Products :- Published: Dec. 04, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-54849
A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted series of network requests can lead to a denial of service. An attacker can send a sequence of unaut... Read more
- Published: Dec. 01, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-64658
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate privileges locally.... Read more
- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
-
7.5
HIGHCVE-2025-64471
A use of password hash instead of password for authentication vulnerability [CWE-836] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 throug... Read more
Affected Products : fortiweb- Published: Dec. 09, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Authentication
-
7.5
HIGHCVE-2025-48592
In initDecoder of C2SoftDav1dDec.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more
Affected Products : android- Published: Dec. 08, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-65797
Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete registered identity providers, leading to an account takeover or Denial of Service (DoS).... Read more
Affected Products : memos- Published: Dec. 08, 2025
- Modified: Dec. 11, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-63076
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Dream-Theme The7 Elements dt-the7-core allows PHP Local File Inclusion.This issue affects The7 Elements: from n/a through <= 2.7.11.... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-14327
Spoofing issue in the Downloads Panel component. This vulnerability affects Firefox < 146 and Thunderbird < 146.... Read more
- Published: Dec. 09, 2025
- Modified: Dec. 11, 2025
- Vuln Type: Authentication
-
7.5
HIGHCVE-2024-56840
A vulnerability has been identified in RUGGEDCOM ROX II family (All versions < V2.17.0). Under certain conditions, IPsec may allow code injection in the affected device. An attacker could leverage this scenario to execute arbitrary code as root user.... Read more
- Published: Dec. 09, 2025
- Modified: Dec. 11, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-64085
A NULL pointer dereference vulnerability in the importDataObject() function of PDF-XChange Editor v10.7.3.401 allows attackers to cause a Denial of Service (DoS) via a crafted input.... Read more
Affected Products : pdf-xchange_editor- Published: Dec. 09, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-42877
SAP Web Dispatcher, Internet Communication Manager (ICM), and SAP Content Server allow an unauthenticated user to exploit logical errors that lead to a memory corruption vulnerability. This results in high impact on the availability with no impact on conf... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-63003
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in fuelthemes North - Required Plugin north-plugin allows PHP Local File Inclusion.This issue affects North - Required Plugin: from n/a t... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-65877
Lvzhou CMS before commit c4ea0eb9cab5f6739b2c87e77d9ef304017ed615 (2025-09-22) is vulnerable to SQL injection via the 'title' parameter in com.wanli.lvzhoucms.service.ContentService#findPage. The parameter is concatenated directly into a dynamic SQL query... Read more
Affected Products : lvzhou_cms- Published: Dec. 02, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-63074
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Dream-Theme The7 dt-the7 allows PHP Local File Inclusion.This issue affects The7: from n/a through <= 12.8.0.2.... Read more
Affected Products : the7- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-14309
NULL Pointer Dereference vulnerability in ravynsoft ravynos.This issue affects ravynos: through 0.5.2.... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-59030
An attacker can trigger the removal of cached records by sending a NOTIFY query over TCP.... Read more
Affected Products : recursor- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-48631
In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for expl... Read more
Affected Products : android- Published: Dec. 08, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-64214
Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MasterStudy LMS Pro: from n/a through < 4.7.16.... Read more
Affected Products :- Published: Dec. 18, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-64230
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Chill Filr filr-protection allows Path Traversal.This issue affects Filr: from n/a through <= 1.2.10.... Read more
Affected Products : filr- Published: Dec. 18, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Path Traversal