Latest CVE Feed
-
7.5
HIGHCVE-2025-15109
A flaw has been found in jackq XCMS up to 3fab5342cc509945a7ce1b8ec39d19f701b89261. This impacts an unknown function of the file Public/javascripts/admin/plupload-2.1.2/examples/upload.php. This manipulation causes unrestricted upload. It is possible to i... Read more
Affected Products : xcms- Published: Dec. 27, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Misconfiguration
-
9.3
CRITICALCVE-2025-13158
Prototype pollution vulnerability in apidoc-core versions 0.2.0 and all subsequent versions allows remote attackers to modify JavaScript object prototypes via malformed data structures, including the “define” property processed by the application, potenti... Read more
Affected Products :- Published: Dec. 26, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Misconfiguration
-
5.3
MEDIUMCVE-2025-15156
A flaw has been found in omec-project UPF up to 2.1.3-dev. This affects the function handleSessionEstablishmentRequest of the file /pfcpiface/pfcpiface/messages_session.go of the component PFCP Session Establishment Request Handler. This manipulation caus... Read more
Affected Products :- Published: Dec. 28, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-59946
NanoMQ MQTT Broker (NanoMQ) is an Edge Messaging Platform. Prior to version 0.24.2, there is a classical data racing issue about sub info list which could result in heap use after free crash. This issue has been patched in version 0.24.2.... Read more
Affected Products :- Published: Dec. 27, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Race Condition