Latest CVE Feed
-
7.5
HIGHCVE-2025-15408
A vulnerability was found in code-projects Online Guitar Store 1.0. Affected is an unknown function of the file /admin/Create_product.php. Performing manipulation of the argument dre_title results in sql injection. The attack is possible to be carried out... Read more
Affected Products :- Published: Jan. 01, 2026
- Modified: Jan. 01, 2026
- Vuln Type: Injection
-
7.5
HIGHCVE-2024-42718
A path traversal vulnerability in Croogo CMS 4.0.7 allows remote attackers to read arbitrary files via a specially crafted path in the 'edit-file' parameter.... Read more
Affected Products : croogo- Published: Dec. 26, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-25341
A vulnerability exists in the libxmljs 1.0.11 when parsing a specially crafted XML document. Accessing the internal _ref property on entity_ref and entity_decl nodes causes a segmentation fault, potentially leading to a denial-of-service (DoS).... Read more
Affected Products : libxmljs- Published: Dec. 26, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-67254
NagiosXI 2026R1.0.1 build 1762361101 is vulnerable to Directory Traversal in /admin/coreconfigsnapshots.php.... Read more
Affected Products :- Published: Dec. 29, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-68870
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in reDim GmbH CookieHint WP allows PHP Local File Inclusion.This issue affects CookieHint WP: from n/a through 1.0.0.... Read more
Affected Products :- Published: Dec. 29, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-68996
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebCodingPlace Responsive Posts Carousel Pro responsive-posts-carousel-pro allows PHP Local File Inclusion.This issue affects Responsi... Read more
Affected Products :- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-68989
Insertion of Sensitive Information Into Sent Data vulnerability in Renzo Johnson Contact Form 7 Extension For Mailchimp contact-form-7-mailchimp-extension allows Retrieve Embedded Sensitive Data.This issue affects Contact Form 7 Extension For Mailchimp: f... Read more
Affected Products : contact_form_7_extension_for_mailchimp- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-68988
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in o2oe E-Invoice App Malaysia einvoiceapp-malaysia allows Retrieve Embedded Sensitive Data.This issue affects E-Invoice App Malaysia: from n/a through <= 1.1.0.... Read more
Affected Products :- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-12562
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an unauthenticated user to create a denial of service condition by sending crafted GraphQL q... Read more
Affected Products : gitlab- Published: Dec. 11, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-15176
A flaw has been found in Open5GS up to 2.7.5. This affects the function decode_ipv6_header/ogs_pfcp_pdr_rule_find_by_packet of the file lib/pfcp/rule-match.c of the component PFCP Session Establishment Request Handler. Executing manipulation can lead to r... Read more
Affected Products : open5gs- Published: Dec. 29, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2022-50692
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an insufficient session expiration vulnerability that allows attackers to reuse old session credentials. Attackers can exploit weak session management to potentially hijack active user sessions ... Read more
Affected Products :- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Authentication
-
7.5
HIGHCVE-2025-66862
A buffer overflow vulnerability in function gnu_special in file cplus-dem.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.... Read more
Affected Products :- Published: Dec. 29, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-14501
Sante PACS Server HTTP Content-Length Header Handling NULL Pointer Dereference Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authenticati... Read more
Affected Products : sante_pacs_server- Published: Dec. 23, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-68494
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor allows Retrieve Embedded Sensitive Data.This issue affects Premium Addons for Elementor: from n/a ... Read more
Affected Products : premium_addons_for_elementor- Published: Dec. 24, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-68606
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPXPO PostX ultimate-post allows Retrieve Embedded Sensitive Data.This issue affects PostX: from n/a through <= 5.0.3.... Read more
Affected Products : postx- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2022-50800
H3C SSL VPN contains a user enumeration vulnerability that allows attackers to identify valid usernames through the 'txtUsrName' POST parameter. Attackers can submit different usernames to the login_submit.cgi endpoint and analyze response messages to dis... Read more
Affected Products :- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Authentication
-
7.5
HIGHCVE-2025-15256
A vulnerability was identified in Edimax BR-6208AC 1.02/1.03. Affected is the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component Web-based Configuration Interface. The manipulation of the argument rootAPmac leads to command inje... Read more
Affected Products :- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2019-25253
KYOCERA Net Admin 3.4.0906 contains an XML External Entity (XXE) injection vulnerability in the Multi-Set Template Editor that allows unauthenticated attackers to read arbitrary system files. Attackers can craft a malicious XML file with external entity r... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: XML External Entity
-
7.5
HIGHCVE-2025-69200
phpMyFAQ is an open source FAQ web application. In versions prior to 4.0.16, an unauthenticated remote attacker can trigger generation of a configuration backup ZIP via `POST /api/setup/backup` and then download the generated ZIP from a web-accessible loc... Read more
Affected Products : phpmyfaq- Published: Dec. 29, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2019-25258
LogicalDOC Enterprise 7.7.4 contains multiple post-authentication file disclosure vulnerabilities that allow attackers to read arbitrary files through unverified 'suffix' and 'fileVersion' parameters. Attackers can exploit directory traversal techniques i... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Path Traversal