Latest CVE Feed
-
7.5
HIGHCVE-2025-68148
FreshRSS is a free, self-hostable RSS aggregator. From version 1.27.0 to before 1.28.0, An attacker could globally deny access to feeds via proxy modifying to 429 Retry-After for a large list of feeds on given instance, making it unusable for majority of ... Read more
Affected Products : freshrss- Published: Dec. 27, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-15126
A weakness has been identified in JeecgBoot up to 3.9.0. Affected by this vulnerability is the function getPositionUserList of the file /sys/position/getPositionUserList. This manipulation of the argument positionId causes improper authorization. The atta... Read more
- Published: Dec. 28, 2025
- Modified: Dec. 30, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-15076
A weakness has been identified in Tenda CH22 1.0.0.1. Impacted is an unknown function of the file /public/. Executing manipulation can lead to path traversal. The attack can be launched remotely. The exploit has been made available to the public and could... Read more
- Published: Dec. 25, 2025
- Modified: Dec. 30, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-66869
Buffer overflow vulnerability in function strcat in asan_interceptors.cpp in libming 0.4.8.... Read more
Affected Products :- Published: Dec. 29, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2021-47712
A cryptography vulnerability in Kentico Xperience allows attackers to potentially manipulate URL hash values through existing hashing mechanisms. The hotfix introduces an additional security layer to prevent hash value reuse and potential exploitation.... Read more
Affected Products : xperience- Published: Dec. 18, 2025
- Modified: Dec. 24, 2025
- Vuln Type: Cryptography
-
7.5
HIGHCVE-2025-68036
Missing Authorization vulnerability in Emraan Cheema CubeWP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CubeWP: from n/a through 1.1.27.... Read more
Affected Products : cubewp- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-15196
A vulnerability was identified in code-projects Assessment Management 1.0. This affects an unknown part of the file login.php. Such manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploit is publicly av... Read more
Affected Products :- Published: Dec. 29, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-15142
A vulnerability was identified in 9786 phpok3w up to 901d96a06809fb28b17f3a4362c59e70411c933c. Impacted is an unknown function of the file show.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely... Read more
Affected Products :- Published: Dec. 28, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-15195
A vulnerability was determined in code-projects Assessment Management 1.0. Affected by this issue is some unknown functionality of the file /admin/add-module.php. This manipulation of the argument linked[] causes sql injection. The attack can be initiated... Read more
Affected Products :- Published: Dec. 29, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-15208
A security flaw has been discovered in code-projects Refugee Food Management System 1.0. Affected by this issue is some unknown functionality of the file /home/editrefugee.php. The manipulation of the argument rfid results in sql injection. The attack can... Read more
Affected Products : refugee_food_management_system- Published: Dec. 29, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2019-25258
LogicalDOC Enterprise 7.7.4 contains multiple post-authentication file disclosure vulnerabilities that allow attackers to read arbitrary files through unverified 'suffix' and 'fileVersion' parameters. Attackers can exploit directory traversal techniques i... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2019-25253
KYOCERA Net Admin 3.4.0906 contains an XML External Entity (XXE) injection vulnerability in the Multi-Set Template Editor that allows unauthenticated attackers to read arbitrary system files. Attackers can craft a malicious XML file with external entity r... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: XML External Entity
-
7.5
HIGHCVE-2024-9684
FreyrSCADA/IEC-60870-5-104 server v21.06.008 allows remote attackers to cause a denial of service by sending specific message sequences.... Read more
Affected Products :- Published: Dec. 23, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-65865
An integer overflow in eProsima Fast-DDS v3.3 allows attackers to cause a Denial of Service (DoS) via a crafted input.... Read more
Affected Products :- Published: Dec. 23, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-68494
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Leap13 Premium Addons for Elementor premium-addons-for-elementor allows Retrieve Embedded Sensitive Data.This issue affects Premium Addons for Elementor: from n/a ... Read more
Affected Products : premium_addons_for_elementor- Published: Dec. 24, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-68606
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPXPO PostX ultimate-post allows Retrieve Embedded Sensitive Data.This issue affects PostX: from n/a through <= 5.0.3.... Read more
Affected Products : postx- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-67111
An integer overflow in the RTPS protocol implementation of OpenDDS DDS before v3.33.0 allows attackers to cause a Denial of Service (DoS) via a crafted message.... Read more
Affected Products :- Published: Dec. 23, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2018-25129
SOCA Access Control System 180612 contains multiple insecure direct object reference vulnerabilities that allow attackers to access sensitive user credentials. Attackers can retrieve authenticated and unauthenticated user password hashes and pins through ... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Authentication
-
7.5
HIGHCVE-2025-15099
A vulnerability was identified in simstudioai sim up to 0.5.27. This vulnerability affects unknown code of the file apps/sim/lib/auth/internal.ts of the component CRON Secret Handler. The manipulation of the argument INTERNAL_API_SECRET leads to improper ... Read more
Affected Products : sim- Published: Dec. 26, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Authentication
-
7.5
HIGHCVE-2025-15053
A flaw has been found in code-projects Student Information System 1.0. This issue affects some unknown processing of the file /searchresults.php. Executing manipulation of the argument searchbox can lead to sql injection. The attack may be performed from ... Read more
Affected Products : student_information_system- Published: Dec. 24, 2025
- Modified: Dec. 30, 2025
- Vuln Type: Injection