Latest CVE Feed
-
7.5
HIGHCVE-2019-25253
KYOCERA Net Admin 3.4.0906 contains an XML External Entity (XXE) injection vulnerability in the Multi-Set Template Editor that allows unauthenticated attackers to read arbitrary system files. Attackers can craft a malicious XML file with external entity r... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: XML External Entity
-
7.5
HIGHCVE-2025-67015
Incorrect access control in Comtech EF Data CDM-625 / CDM-625A Advanced Satellite Modem with firmware v2.5.1 allows attackers to change the Administrator password and escalate privileges via sending a crafted POST request to /Forms/admin_access_1.... Read more
Affected Products :- Published: Dec. 26, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-15195
A vulnerability was determined in code-projects Assessment Management 1.0. Affected by this issue is some unknown functionality of the file /admin/add-module.php. This manipulation of the argument linked[] causes sql injection. The attack can be initiated... Read more
Affected Products :- Published: Dec. 29, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2019-25258
LogicalDOC Enterprise 7.7.4 contains multiple post-authentication file disclosure vulnerabilities that allow attackers to read arbitrary files through unverified 'suffix' and 'fileVersion' parameters. Attackers can exploit directory traversal techniques i... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-13806
A security vulnerability has been detected in nutzam NutzBoot up to 2.6.0-SNAPSHOT. This impacts an unknown function of the file nutzboot-demo/nutzboot-demo-simple/nutzboot-demo-simple-web3j/src/main/java/io/nutz/demo/simple/module/EthModule.java of the c... Read more
Affected Products :- Published: Dec. 01, 2025
- Modified: Dec. 01, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-58478
Out-of-bounds write in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.... Read more
Affected Products : android- Published: Dec. 02, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-48704
Pexip Infinity 35.0 through 37.2 before 38.0 has Improper Input Validation in signalling that allows an attacker to trigger a software abort, resulting in a denial of service.... Read more
Affected Products : infinity- Published: Dec. 25, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-65637
A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer() to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too lon... Read more
Affected Products : logrus- Published: Dec. 04, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-66377
Pexip Infinity before 39.0 has Missing Authentication for a Critical Function in a product-internal API, allowing an attacker (who already has access to execute code on one node within a Pexip Infinity installation) to impact the operation of other nodes ... Read more
Affected Products : infinity- Published: Dec. 25, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Authentication
-
7.5
HIGHCVE-2025-1721
IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory.... Read more
Affected Products : concert- Published: Dec. 26, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-13810
A vulnerability was found in jsnjfz WebStack-Guns 1.0. This affects the function renderPicture of the file src/main/java/com/jsnjfz/manage/modular/system/controller/KaptchaController.java. Performing manipulation results in path traversal. It is possible ... Read more
Affected Products : webstack-guns- Published: Dec. 01, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-15140
A vulnerability was found in saiftheboss7 onlinemcqexam up to 0e56806132971e49721db3ef01868098c7b42ada. This vulnerability affects unknown code of the file /admin/quesadd.php. Performing manipulation of the argument ans1/ans2 results in sql injection. The... Read more
Affected Products :- Published: Dec. 28, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-33201
NVIDIA Triton Inference Server contains a vulnerability where an attacker may cause an improper check for unusual or exceptional conditions issue by sending extra large payloads. A successful exploit of this vulnerability may lead to denial of service.... Read more
- Published: Dec. 03, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-61619
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed... Read more
- Published: Dec. 01, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-13803
A vulnerability was identified in MediaCrush 1.0.0/1.0.1. The affected element is an unknown function of the file /mediacrush/paths.py of the component Header Handler. Such manipulation of the argument Host leads to improper neutralization of http headers... Read more
Affected Products :- Published: Dec. 01, 2025
- Modified: Dec. 01, 2025
- Vuln Type: Cross-Site Scripting
-
7.5
HIGHCVE-2025-15008
A vulnerability was detected in Tenda WH450 1.0.0.18. This affects an unknown part of the file /goform/L7Port of the component HTTP Request Handler. Performing manipulation of the argument page results in stack-based buffer overflow. The attack may be ini... Read more
Affected Products : wh450_firmware- Published: Dec. 22, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-11131
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed... Read more
- Published: Dec. 01, 2025
- Modified: Dec. 01, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2021-47712
A cryptography vulnerability in Kentico Xperience allows attackers to potentially manipulate URL hash values through existing hashing mechanisms. The hotfix introduces an additional security layer to prevent hash value reuse and potential exploitation.... Read more
Affected Products : xperience- Published: Dec. 18, 2025
- Modified: Dec. 24, 2025
- Vuln Type: Cryptography
-
7.5
HIGHCVE-2025-65945
auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an improper signature verification vulnerability when using the HS256 algorithm under specific conditions. Applications ... Read more
Affected Products :- Published: Dec. 04, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Authentication
-
7.5
HIGHCVE-2025-57403
Cola Dnslog v1.3.2 is vulnerable to Directory Traversal. When a DNS query for a TXT record is processed, the application concatenates the requested URL (or a portion of it) directly with a base path using os.path.join. This bypass allows directory travers... Read more
Affected Products :- Published: Dec. 26, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Path Traversal