Latest CVE Feed
-
7.1
HIGHCVE-2025-62000
BullWall Ransomware Containment does not entirely inspect a file to determine if it is ransomware. An authenticated attacker could bypass detection by encrypting a file and leaving the first four bytes unaltered. Versions 4.6.0.0, 4.6.0.6, 4.6.0.7, and 4.... Read more
Affected Products :- Published: Dec. 18, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Misconfiguration
-
7.1
HIGHCVE-2025-65009
In WODESYS WD-R608U router (also known as WDR122B V2.0 and WDR28) admin password is stored in configuration file as plaintext and can be obtained by unauthorized user by direct references to the resource in question. The vendor was notified early about t... Read more
Affected Products :- Published: Dec. 18, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Information Disclosure
-
7.1
HIGHCVE-2025-61736
Successful exploitation of this vulnerability could result in the product failing to re-establish communication once the certificate expires.... Read more
Affected Products :- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Authentication
-
7.1
HIGHCVE-2025-57897
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in venusweb Logtik logtik allows Reflected XSS.This issue affects Logtik: from n/a through <= 2.3.... Read more
Affected Products :- Published: Dec. 18, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2025-65010
WODESYS WD-R608U router (also known as WDR122B V2.0 and WDR28) is vulnerable to Broken Access Control in initial configuration wizard.cgi endpoint. Malicious attacker can change admin panel password without authorization. The vulnerability can also be exp... Read more
Affected Products :- Published: Dec. 18, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Authentication
-
7.1
HIGHCVE-2025-65011
In WODESYS WD-R608U router (also known as WDR122B V2.0 and WDR28) an unauthorised user can view configuration files by directly referencing the resource in question. The vendor was notified early about this vulnerability, but didn't respond with the deta... Read more
Affected Products :- Published: Dec. 18, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Information Disclosure
-
7.1
HIGHCVE-2023-53944
EasyPHP Webserver 14.1 contains a path traversal vulnerability that allows remote users with low privileges to access files outside the document root by bypassing SecurityManager restrictions. Attackers can send GET requests with encoded directory travers... Read more
Affected Products : webserver- Published: Dec. 18, 2025
- Modified: Dec. 26, 2025
- Vuln Type: Path Traversal
-
7.1
HIGHCVE-2025-64207
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TieLabs Jannah jannah allows DOM-Based XSS.This issue affects Jannah: from n/a through <= 7.6.0.... Read more
Affected Products : jannah- Published: Dec. 18, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2023-49186
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in KlbTheme Machic Core allows DOM-Based XSS.This issue affects Machic Core: from n/a through 1.2.6.... Read more
Affected Products :- Published: Jan. 05, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2018-25146
Microhard Systems IPn4G 1.1.0 contains an undocumented vulnerability that allows authenticated attackers to list and manipulate running system processes. Attackers can send arbitrary signals to kill background processes and system services through a hidde... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Authorization
-
7.1
HIGHCVE-2025-66445
Authorization bypass vulnerability in Hitachi Infrastructure Analytics Advisor (Data Center Analytics component) and Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).This issue affects Hitachi Infrastructure Analytics Adviso... Read more
- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Authorization
-
7.1
HIGHCVE-2026-22245
Mastodon is a free, open-source social network server based on ActivityPub. By nature, Mastodon performs a lot of outbound requests to user-provided domains. Mastodon, however, has some protection mechanism to disallow requests to local IP addresses (unle... Read more
Affected Products : mastodon- Published: Jan. 08, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Server-Side Request Forgery
-
7.1
HIGHCVE-2025-68478
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, if an arbitrary path is specified in the request body's `fs_path`, the server serializes the Flow object into JSON and creates/overwrites a file at that... Read more
Affected Products : langflow- Published: Dec. 19, 2025
- Modified: Jan. 02, 2026
- Vuln Type: Path Traversal
-
7.1
HIGHCVE-2025-66835
TrueConf Client 8.5.2 is vulnerable to DLL hijacking via crafted wfapi.dll allowing local attackers to execute arbitrary code within the user's context.... Read more
Affected Products : trueconf- Published: Dec. 30, 2025
- Modified: Jan. 09, 2026
- Vuln Type: Misconfiguration
-
7.1
HIGHCVE-2025-8065
A buffer overflow vulnerability exists in the ONVIF XML parser of Tapo C200 V3. An unauthenticated attacker on the same local network segment can send specially crafted SOAP XML requests, causing memory overflow and device crash, resulting in denial-of-se... Read more
- Published: Dec. 20, 2025
- Modified: Jan. 08, 2026
- Vuln Type: Memory Corruption
-
7.1
HIGHCVE-2025-68697
n8n is an open source workflow automation platform. Prior to version 2.0.0, in self-hosted n8n instances where the Code node runs in legacy (non-task-runner) JavaScript execution mode, authenticated users with workflow editing access can invoke internal h... Read more
Affected Products : n8n- Published: Dec. 26, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Path Traversal
-
7.1
HIGHCVE-2025-49028
Cross-Site Request Forgery (CSRF) vulnerability in Zoho Mail Zoho ZeptoMail allows Stored XSS.This issue affects Zoho ZeptoMail: from n/a through 3.3.1.... Read more
Affected Products :- Published: Dec. 31, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Cross-Site Request Forgery
-
7.1
HIGHCVE-2024-30547
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Shazdeh Header Image Slider header-image-slider allows DOM-Based XSS.This issue affects Header Image Slider: from n/a through 0.3.... Read more
Affected Products :- Published: Jan. 06, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2026-21681
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Undefined Behavior runtime error. This vulnerabi... Read more
Affected Products :- Published: Jan. 07, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Memory Corruption
-
7.1
HIGHCVE-2025-49353
Cross-Site Request Forgery (CSRF) vulnerability in Marcin Kijak Noindex by Path allows Stored XSS.This issue affects Noindex by Path: from n/a through 1.0.... Read more
Affected Products :- Published: Dec. 31, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Cross-Site Request Forgery