Latest CVE Feed
-
7.5
HIGHCVE-2025-14169
The FunnelKit - Funnel Builder for WooCommerce Checkout plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'opid' parameter in all versions up to, and including, 3.13.1.5 due to insufficient escaping on the user supplied paramete... Read more
Affected Products : funnelkit_automations- Published: Dec. 12, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-13474
Authorization Bypass Through User-Controlled Key vulnerability in Menulux Software Inc. Mobile App allows Exploitation of Trusted Identifiers.This issue affects Mobile App: before 9.5.8.... Read more
Affected Products :- Published: Dec. 16, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-1030
Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Utarit Informatics Services Inc. SoliClub allows Query System for Information.This issue affects SoliClub: from 5.2.4 before 5.3.7.... Read more
Affected Products :- Published: Dec. 18, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-12491
Senstar Symphony FetchStoredLicense Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Senstar Symphony. Authentication is not required to exploit this vulnerabil... Read more
Affected Products : symphony- Published: Dec. 23, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-63663
Incorrect access control in the /api/v1/conversations/*/files API of GT Edge AI Platform before v2.0.10 allows unauthorized attackers to access other users' uploaded files.... Read more
Affected Products :- Published: Dec. 22, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-63664
Incorrect access control in the /api/v1/conversations/*/messages API of GT Edge AI Platform before v2.0.10-dev allows unauthorized attackers to access other users' message history with AI agents.... Read more
Affected Products :- Published: Dec. 22, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-66117
Missing Authorization vulnerability in Ays Pro Easy Form easy-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form: from n/a through <= 2.7.8.... Read more
Affected Products : easy_form- Published: Dec. 18, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2024-9684
FreyrSCADA/IEC-60870-5-104 server v21.06.008 allows remote attackers to cause a denial of service by sending specific message sequences.... Read more
Affected Products :- Published: Dec. 23, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-66116
Insertion of Sensitive Information Into Sent Data vulnerability in UserElements Ultimate Member Widgets for Elementor ultimate-member-widgets-for-elementor allows Retrieve Embedded Sensitive Data.This issue affects Ultimate Member Widgets for Elementor: f... Read more
Affected Products :- Published: Dec. 18, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-64230
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP Chill Filr filr-protection allows Path Traversal.This issue affects Filr: from n/a through <= 1.2.10.... Read more
Affected Products : filr- Published: Dec. 18, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-60076
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jbhovik Ray Enterprise Translation lingotek-translation allows PHP Local File Inclusion.This issue affects Ray Enterprise Translation:... Read more
Affected Products :- Published: Dec. 18, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-13646
The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajax_unzip_file' function in versions 2.13.1 to 2.13.2. This makes it possible for authenticated attackers, with Author-level... Read more
Affected Products : modula_image_gallery- Published: Dec. 03, 2025
- Modified: Dec. 15, 2025
- Vuln Type: Race Condition
-
7.5
HIGHCVE-2025-14567
A weakness has been identified in haxxorsid Stock-Management-System up to fbbbf213e9c93b87183a3891f77e3cc7095f22b0. This affects an unknown function of the file /api/employees. Executing manipulation can lead to missing authentication. It is possible to l... Read more
Affected Products : stock-management-system- Published: Dec. 12, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Authentication
-
7.5
HIGHCVE-2024-45539
Out-of-bounds write vulnerability in cgi components in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to conduct denial-of-service attacks via unsp... Read more
- Published: Dec. 04, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-67493
Homarr is an open-source dashboard. Prior to version 1.45.3, it was possible to craft an input which allowed privilege escalation and getting access to groups of other users due to missing sanitization of inputs in ldap search query. The vulnerability cou... Read more
Affected Products :- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Authentication
-
7.5
HIGHCVE-2025-43494
A mail header parsing issue was addressed with improved checks. This issue is fixed in watchOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Tahoe 26.1, visionOS 26.1, macOS Sonoma 14.8.2, macOS Sequoia 15.7.2, iOS 26.1 and iPadOS 26.1. An attacker may be abl... Read more
- Published: Dec. 12, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-57210
Incorrect access control in the component ApiPayController.java of platform v1.0.0 allows attackers to access sensitive information via unspecified vectors.... Read more
Affected Products : platform- Published: Dec. 04, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-63662
Insecure permissions in the /api/v1/agents API of GT Edge AI Platform before v2.0.10-dev allows unauthorized attackers to access sensitive information.... Read more
Affected Products :- Published: Dec. 22, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-62753
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in MadrasThemes MAS Videos allows PHP Local File Inclusion.This issue affects MAS Videos: from n/a through 1.3.2.... Read more
Affected Products :- Published: Dec. 30, 2025
- Modified: Dec. 30, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2024-29371
In jose4j before 0.9.5, an attacker can cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant m... Read more
Affected Products :- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Denial of Service