Latest CVE Feed
-
8.7
HIGHCVE-2025-34337
eGovFramework/egovframe-common-components versions up to and including 4.3.1 includes Web Editor image upload and related file delivery functionality that uses symmetric encryption to protect URL parameters, but exposes an encryption oracle that allows at... Read more
Affected Products :- Published: Nov. 19, 2025
- Modified: Nov. 19, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-11230
Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service via specially crafted JSON requests.... Read more
Affected Products :- Published: Nov. 19, 2025
- Modified: Nov. 19, 2025
- Vuln Type: Denial of Service
-
8.6
HIGHCVE-2025-10703
Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. The SpyAttribute connection option... Read more
Affected Products :- Published: Nov. 19, 2025
- Modified: Nov. 19, 2025
- Vuln Type: Injection
-
7.1
HIGHCVE-2025-12472
An attacker with a Looker Developer role could manipulate a LookML project to exploit a race condition during Git directory deletion, leading to arbitrary command execution on the Looker instance. Looker-hosted and Self-hosted were found to be vulnerab... Read more
Affected Products :- Published: Nov. 19, 2025
- Modified: Nov. 19, 2025
- Vuln Type: Race Condition
-
9.3
CRITICALCVE-2025-12592
Legacy Vivotek Device firmware uses default credetials for the root and user login accounts.... Read more
Affected Products :- Published: Nov. 19, 2025
- Modified: Nov. 19, 2025
- Vuln Type: Authentication