Latest CVE Feed
-
7.5
HIGHCVE-2025-68062
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove MinimogWP minimog allows PHP Local File Inclusion.This issue affects MinimogWP: from n/a through <= 3.9.6.... Read more
Affected Products :- Published: Dec. 16, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-68068
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Stockholm stockholm allows PHP Local File Inclusion.This issue affects Stockholm: from n/a through <= 9.14.1.... Read more
Affected Products : stockholm- Published: Dec. 16, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-67726
Tornado is a Python web framework and asynchronous networking library. Versions 6.5.2 and below use an inefficient algorithm when parsing parameters for HTTP header values, potentially causing a DoS. The _parseparam function in httputil.py is used to pars... Read more
Affected Products : tornado- Published: Dec. 12, 2025
- Modified: Dec. 22, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-14068
The WPNakama plugin for WordPress is vulnerable to time-based SQL Injection via the 'order_by' parameter in all versions up to, and including, 0.6.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the exis... Read more
Affected Products :- Published: Dec. 12, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-13077
The افزونه پیامک ووکامرس فوق حرفه ای (جدید) payamito sms woocommerce plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'columns' parameter in all versions up to, and including, 1.3.5. This is due to insufficient escaping on the ... Read more
Affected Products :- Published: Dec. 13, 2025
- Modified: Dec. 15, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-14673
A vulnerability has been found in gmg137 snap7-rs up to 1.142.1. Affected is the function snap7_rs::client::S7Client::as_ct_write of the file /tests/snap7-rs/src/client.rs. The manipulation leads to heap-based buffer overflow. The attack can be initiated ... Read more
Affected Products :- Published: Dec. 14, 2025
- Modified: Dec. 15, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-14567
A weakness has been identified in haxxorsid Stock-Management-System up to fbbbf213e9c93b87183a3891f77e3cc7095f22b0. This affects an unknown function of the file /api/employees. Executing manipulation can lead to missing authentication. It is possible to l... Read more
Affected Products : stock-management-system- Published: Dec. 12, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Authentication
-
7.5
HIGHCVE-2025-64086
A NULL pointer dereference vulnerability in the util.readFileIntoStream component of PDF-XChange Editor v10.7.3.401 allows attackers to cause a Denial of Service (DoS) via a crafted input.... Read more
Affected Products : pdf-xchange_editor- Published: Dec. 09, 2025
- Modified: Dec. 11, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-14437
The Hummingbird Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.18.0 via the 'request' function. This makes it possible for unauthenticated attackers to extract sensitive data includ... Read more
Affected Products :- Published: Dec. 18, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-68061
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove EduMall edumall allows PHP Local File Inclusion.This issue affects EduMall: from n/a through <= 4.4.7.... Read more
Affected Products :- Published: Dec. 16, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-68065
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LiquidThemes Hub Core hub-core allows PHP Local File Inclusion.This issue affects Hub Core: from n/a through <= 5.0.8.... Read more
Affected Products :- Published: Dec. 16, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-68067
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Stockholm Core stockholm-core allows PHP Local File Inclusion.This issue affects Stockholm Core: from n/a through <= 2.4... Read more
Affected Products : stockholm_core- Published: Dec. 16, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-64258
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in wpweb Follow My Blog Post follow-my-blog-post allows Retrieve Embedded Sensitive Data.This issue affects Follow My Blog Post: from n/a through <= 2.3.9.... Read more
Affected Products :- Published: Dec. 18, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-65176
An issue was discovered in Dynatrace OneAgent before 1.325.47. When attempting to access a remote network share from a machine where OneAgent is installed and receiving a "STATUS_LOGON_FAILURE" error, the agent will retrieve every user token on the machin... Read more
Affected Products :- Published: Dec. 15, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Authentication
-
7.5
HIGHCVE-2025-65512
A Server-Side Request Forgery (SSRF) vulnerability was discovered in the webpage-to-markdown conversion feature of markdownify-mcp v0.0.2 and before. This vulnerability allows an attacker to bypass private IP restrictions through hostname-based bypass and... Read more
Affected Products : markdownify_mcp- Published: Dec. 10, 2025
- Modified: Dec. 17, 2025
- Vuln Type: Server-Side Request Forgery
-
7.5
HIGHCVE-2025-58877
Missing Authorization vulnerability in javothemes Javo Core javo-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Javo Core: from n/a through <= 3.0.0.529.... Read more
Affected Products : javo_core- Published: Dec. 18, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-13474
Authorization Bypass Through User-Controlled Key vulnerability in Menulux Software Inc. Mobile App allows Exploitation of Trusted Identifiers.This issue affects Mobile App: before 9.5.8.... Read more
Affected Products :- Published: Dec. 16, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-56430
Directory Traversal vulnerability in Fearless Geek Media FearlessCMS v.0.0.2-15 allows a remote attacker to cause a denial of service via the plugin-handler.php and the deleteDirectory function.... Read more
Affected Products : fearlesscms- Published: Dec. 10, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-43519
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3. An app may be able to access sensitive user data.... Read more
Affected Products : macos- Published: Dec. 12, 2025
- Modified: Dec. 17, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-64268
Missing Authorization vulnerability in Arraytics Timetics timetics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Timetics: from n/a through <= 1.0.44.... Read more
Affected Products : wp_timetics- Published: Dec. 18, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Authorization