Latest CVE Feed
-
7.8
HIGHCVE-2025-66411
Coder allows organizations to provision remote development environments via Terraform. Prior to 2.26.5, 2.27.7, and 2.28.4, Workspace Agent manifests containing sensitive values were logged in plaintext unsanitized. An attacker with limited local access t... Read more
Affected Products : coder- Published: Dec. 03, 2025
- Modified: Dec. 03, 2025
- Vuln Type: Information Disclosure
-
5.0
MEDIUMCVE-2025-66406
Step CA is an online certificate authority for secure, automated certificate management for DevOps. Prior to 0.29.0, there is an improper authorization check for SSH certificate revocation. This affects deployments configured with the SSHPOP provisioner. ... Read more
Affected Products :- Published: Dec. 03, 2025
- Modified: Dec. 03, 2025
- Vuln Type: Authorization
-
0.0
NACVE-2025-65345
alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The zip/archiving functionality allows an attacker to create archives containing files and directories outside the intended scope due to improper path validation.... Read more
Affected Products :- Published: Dec. 03, 2025
- Modified: Dec. 03, 2025
- Vuln Type: Path Traversal
-
7.1
HIGHCVE-2025-65097
RomM (ROM Manager) allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. Prior to 4.4.1 and 4.4.1-beta.2, an Authenticated User can delete collections belonging to other users by directly sending a DEL... Read more
Affected Products :- Published: Dec. 03, 2025
- Modified: Dec. 03, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-65096
RomM (ROM Manager) allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. Prior to 4.4.1 and 4.4.1-beta.2, users can read private collections / smart collections belonging to other users by directly acc... Read more
Affected Products :- Published: Dec. 03, 2025
- Modified: Dec. 03, 2025
- Vuln Type: Authorization
-
7.6
HIGHCVE-2025-65027
RomM (ROM Manager) allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. RomM contains multiple unrestricted file upload vulnerabilities that allow authenticated users to upload malicious SVG or HTML f... Read more
Affected Products :- Published: Dec. 03, 2025
- Modified: Dec. 03, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-61727
An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *... Read more
Affected Products :- Published: Dec. 03, 2025
- Modified: Dec. 03, 2025
- Vuln Type: Misconfiguration
-
5.1
MEDIUMCVE-2025-50361
Buffer Overflow was found in SmallBASIC community SmallBASIC with SDL Before v12_28, and commit sha:298a1d495355959db36451e90a0ac74bcc5593fe in the function main.cpp, which can lead to potential information leakage and crash.... Read more
Affected Products :- Published: Dec. 03, 2025
- Modified: Dec. 03, 2025
- Vuln Type: Memory Corruption
-
4.6
MEDIUMCVE-2025-13086
Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.7_rc1 allows an attacker to open a session from a different IP address which did not initiate the connection resulting in a denial of service for the originating client... Read more
Affected Products : openvpn- Published: Dec. 03, 2025
- Modified: Dec. 03, 2025
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2025-12385
Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation. This issue affects us... Read more
Affected Products : qt- Published: Dec. 03, 2025
- Modified: Dec. 03, 2025
- Vuln Type: Denial of Service
-
9.6
CRITICALCVE-2025-66222
DeepChat is a smart assistant uses artificial intelligence. In 0.5.0 and earlier, there is a Stored Cross-Site Scripting (XSS) vulnerability in the Mermaid diagram renderer allows an attacker to execute arbitrary JavaScript within the application context.... Read more
Affected Products : deepchat- Published: Dec. 03, 2025
- Modified: Dec. 03, 2025
- Vuln Type: Cross-Site Scripting
-
5.0
MEDIUMCVE-2025-66220
Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, Envoy’s mTLS certificate matcher for match_typed_subject_alt_names may incorrectly treat certificates containing an embedded null byte (\0) inside an ... Read more
Affected Products : envoy- Published: Dec. 03, 2025
- Modified: Dec. 03, 2025
- Vuln Type: Authentication
-
7.2
HIGHCVE-2025-66208
Collabora Online - Built-in CODE Server (richdocumentscode) provides a built-in server with all of the document editing features of Collabora Online. In versions prior to 25.04.702, Collabora Online has a Configuration-Dependent RCE (OS Command Injection)... Read more
Affected Products : online- Published: Dec. 03, 2025
- Modified: Dec. 03, 2025
- Vuln Type: Injection
-
8.7
HIGHCVE-2025-66032
Claude Code is an agentic coding tool. Prior to 1.0.93, Due to errors in parsing shell commands related to $IFS and short CLI flags, it was possible to bypass the Claude Code read-only validation and trigger arbitrary code execution. Reliably exploiting t... Read more
Affected Products : claude_code- Published: Dec. 03, 2025
- Modified: Dec. 03, 2025
- Vuln Type: Injection
-
5.5
MEDIUMCVE-2025-63402
An issue in HCL Technologies Limited HCLTech GRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via APIs do not enforcing limits on the number or size of requests... Read more
Affected Products :- Published: Dec. 03, 2025
- Modified: Dec. 03, 2025
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2025-63401
Cross Site Scripting vulnerability in HCL Technologies Limited HCLTech DRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via missing directives... Read more
Affected Products :- Published: Dec. 03, 2025
- Modified: Dec. 03, 2025
- Vuln Type: Cross-Site Scripting
-
8.4
HIGHCVE-2025-50360
A heap buffer overflow in compiler.c and compiler.h in Pepper language 0.1.1commit 961a5d9988c5986d563310275adad3fd181b2bb7. Malicious execution of a pepper source file(.pr) could lead to arbitrary code execution or Denial of Service.... Read more
Affected Products :- Published: Dec. 03, 2025
- Modified: Dec. 03, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-33211
NVIDIA Triton Server for Linux contains a vulnerability where an attacker may cause an improper validation of specified quantity in input. A successful exploit of this vulnerability may lead to denial of service.... Read more
Affected Products : triton_inference_server- Published: Dec. 03, 2025
- Modified: Dec. 03, 2025
- Vuln Type: Denial of Service
-
8.8
HIGHCVE-2025-33208
NVIDIA TAO contains a vulnerability where an attacker may cause a resource to be loaded via an uncontrolled search path. A successful exploit of this vulnerability may lead to escalation of privileges, data tampering, denial of service, information disclo... Read more
Affected Products :- Published: Dec. 03, 2025
- Modified: Dec. 03, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-33201
NVIDIA Triton Inference Server contains a vulnerability where an attacker may cause an improper check for unusual or exceptional conditions issue by sending extra large payloads. A successful exploit of this vulnerability may lead to denial of service.... Read more
Affected Products : triton_inference_server- Published: Dec. 03, 2025
- Modified: Dec. 03, 2025
- Vuln Type: Denial of Service