Latest CVE Feed
-
7.5
HIGHCVE-2025-15097
A vulnerability was found in Alteryx Server. Affected by this issue is some unknown functionality of the file /gallery/api/status/. Performing manipulation results in improper authentication. The attack is possible to be carried out remotely. The exploit ... Read more
Affected Products :- Published: Dec. 26, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Authentication
-
7.5
HIGHCVE-2025-32096
Pexip Infinity 33.0 through 37.0 before 37.1 has improper input validation in signaling that allows an attacker to trigger a software abort, resulting in a denial of service.... Read more
- Published: Dec. 25, 2025
- Modified: Jan. 05, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-68494
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor allows Retrieve Embedded Sensitive Data.This issue affects Premium Addons for Elementor: from n/a ... Read more
Affected Products : premium_addons_for_elementor- Published: Dec. 24, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-15053
A flaw has been found in code-projects Student Information System 1.0. This issue affects some unknown processing of the file /searchresults.php. Executing manipulation of the argument searchbox can lead to sql injection. The attack may be performed from ... Read more
Affected Products : student_information_system- Published: Dec. 24, 2025
- Modified: Dec. 30, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-15247
A vulnerability was identified in gmg137 snap7-rs up to 153d3e8c16decd7271e2a5b2e3da4d6f68589424. Affected by this issue is the function snap7_rs::client::S7Client::download of the file client.rs. Such manipulation leads to heap-based buffer overflow. The... Read more
Affected Products :- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-15420
A security vulnerability has been detected in Yonyou KSOA 9.0. This affects an unknown part of the file /worksheet/agent_work_report.jsp. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has bee... Read more
Affected Products :- Published: Jan. 02, 2026
- Modified: Jan. 05, 2026
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-46255
Missing Authorization vulnerability in Marketing Fire LLC LoginWP - Pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LoginWP - Pro: from n/a through 4.0.8.5.... Read more
Affected Products :- Published: Jan. 05, 2026
- Modified: Jan. 05, 2026
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-15425
A vulnerability was determined in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /worksheet/del_user.jsp of the component HTTP GET Parameter Handler. Executing manipulation of the argument ID can lead to sql injection. The attack... Read more
Affected Products :- Published: Jan. 02, 2026
- Modified: Jan. 05, 2026
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-15426
A vulnerability was identified in jackying H-ui.admin up to 3.1. This affects an unknown function in the library /lib/webuploader/0.1.5/server/preview.php. The manipulation leads to unrestricted upload. The attack is possible to be carried out remotely. T... Read more
Affected Products :- Published: Jan. 02, 2026
- Modified: Jan. 02, 2026
- Vuln Type: Misconfiguration
-
7.5
HIGHCVE-2025-66862
A buffer overflow vulnerability in function gnu_special in file cplus-dem.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.... Read more
Affected Products :- Published: Dec. 29, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2026-0567
A vulnerability was detected in code-projects Content Management System 1.0. The affected element is an unknown function of the file /pages.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exp... Read more
Affected Products : content_management_system- Published: Jan. 02, 2026
- Modified: Jan. 02, 2026
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-63663
Incorrect access control in the /api/v1/conversations/*/files API of GT Edge AI Platform before v2.0.10 allows unauthorized attackers to access other users' uploaded files.... Read more
Affected Products : gt_edge_ai- Published: Dec. 22, 2025
- Modified: Jan. 05, 2026
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-63664
Incorrect access control in the /api/v1/conversations/*/messages API of GT Edge AI Platform before v2.0.10-dev allows unauthorized attackers to access other users' message history with AI agents.... Read more
Affected Products : gt_edge_ai- Published: Dec. 22, 2025
- Modified: Jan. 05, 2026
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-63662
Insecure permissions in the /api/v1/agents API of GT Edge AI Platform before v2.0.10-dev allows unauthorized attackers to access sensitive information.... Read more
Affected Products : gt_edge_ai- Published: Dec. 22, 2025
- Modified: Jan. 05, 2026
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-63895
An issue in the Bluetooth firmware of JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to cause a Denial of Service (DoS) via sending a crafted Link Manager Protocol (LMP) packet.... Read more
- Published: Dec. 10, 2025
- Modified: Jan. 02, 2026
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-63094
XiangShan Nanhu V2 and XiangShan Kunmighu V3 were discovered to use speculative execution and indirect branch prediction, allowing attackers to access sensitive information via side-channel analysis of the data cache.... Read more
Affected Products : xiangshan- Published: Dec. 10, 2025
- Modified: Jan. 02, 2026
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2022-50788
SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive log files. Attackers can directly browse the /log directory to retrieve system and sensitive information without... Read more
Affected Products : stream- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-65857
An issue was discovered in Xiongmai XM530 IP cameras on firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06. The GetStreamUri exposes RTSP URIs containing hardcoded credentials enabling direct unauthorized video stream access.... Read more
- Published: Dec. 22, 2025
- Modified: Jan. 05, 2026
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-66378
Pexip Infinity 38.0 and 38.1 before 39.0 has insufficient access control in the RTMP implementation, allowing an attacker to disconnect RTMP streams traversing a Proxy Node.... Read more
- Published: Dec. 25, 2025
- Modified: Jan. 05, 2026
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-66379
Pexip Infinity before 39.0 has Improper Input Validation in the media implementation, allowing a remote attacker to trigger a software abort via a crafted media stream, resulting in a denial of service.... Read more
- Published: Dec. 25, 2025
- Modified: Jan. 05, 2026
- Vuln Type: Denial of Service