Latest CVE Feed
-
5.3
MEDIUMCVE-2025-66577
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to influence server-visible metadata, logging, and authorization decisions. An attacker can supply X... Read more
Affected Products : cpp-httplib- Published: Dec. 05, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Misconfiguration
-
10.0
CRITICALCVE-2025-66570
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to influence server-visible metadata, logging, and authorization decisions. An attacker can inject h... Read more
Affected Products : cpp-httplib- Published: Dec. 05, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Information Disclosure
-
7.0
HIGHCVE-2025-46603
Dell CloudBoost Virtual Appliance, versions 19.13.0.0 and prior, contains an Improper Restriction of Excessive Authentication Attempts vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to u... Read more
Affected Products :- Published: Dec. 05, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Authentication
-
8.2
HIGHCVE-2025-66566
yawkat LZ4 Java provides LZ4 compression for Java. Insufficient clearing of the output buffer in Java-based decompressor implementations in lz4-java 1.10.0 and earlier allows remote attackers to read previous buffer contents via crafted compressed input. ... Read more
Affected Products :- Published: Dec. 05, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Information Disclosure
-
8.9
HIGHCVE-2025-66562
TUUI is a desktop MCP client designed as a tool unitary utility integration. Prior to 1.3.4, a critical Remote Code Execution (RCE) vulnerability exists in Tuui due to an unsafe Cross-Site Scripting (XSS) flaw in the Markdown rendering component. Tuui all... Read more
Affected Products :- Published: Dec. 05, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Cross-Site Scripting
-
3.1
LOWCVE-2025-66558
Nextcloud Twofactor WebAuthn is the WebAuthn Two-Factor Provider for Nextcloud. Prior to 1.4.2 and 2.4.1, a missing ownership check allowed an attack to take-away a 2FA webauthn device when correctly guessing a 80-128 character long random string of lette... Read more
Affected Products : notes- Published: Dec. 05, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Authentication
-
5.4
MEDIUMCVE-2025-66557
Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.14.6 and 1.15.2, a bug in the permission logic allowed users with "Can share" permission to modify the p... Read more
Affected Products : notes- Published: Dec. 05, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Authorization
-
3.5
LOWCVE-2025-66556
Nextcloud talk is a video & audio conferencing app for Nextcloud. Prior to 20.1.8 and 21.1.2, a participant with chat permissions was able to delete poll drafts of other participants within the conversation based on their numeric ID. This vulnerability is... Read more
Affected Products : notes- Published: Dec. 05, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Authorization
-
3.5
LOWCVE-2025-66554
Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. Prior to 5.5.4, 6.0.6, and 7.2.5, a malicious user was able to modify their organisation and title field to load additional CSS files. Javascript... Read more
Affected Products : notes- Published: Dec. 05, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Misconfiguration
-
4.3
MEDIUMCVE-2025-66553
Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.7 and 0.9.4, authenticated users were able to view meta data of columns in other tables of the Tables app by modifying the numeric ID in a request. This vulnerabil... Read more
Affected Products : notes- Published: Dec. 05, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Authorization
-
6.3
MEDIUMCVE-2025-66551
Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.6 and 0.9.3, a malicious user was able to create their own table and then move a column to a victims table. This vulnerability is fixed in 0.8.6 and 0.9.3.... Read more
Affected Products : notes- Published: Dec. 05, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Authorization
-
2.4
LOWCVE-2025-66549
Nextcloud Desktop is the desktop sync client for Nextcloud. Prior to 3.16.5, when trying to manually lock a file inside an end-to-end encrypted directory, the path of the file was sent to the server unencrypted, making it possible for administrators to se... Read more
Affected Products : notes- Published: Dec. 05, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Information Disclosure
-
3.3
LOWCVE-2025-66548
Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.12.7, 1.14.4, and 1.15.1, file extension can be spoofed by using RTLO characters, tricking users into do... Read more
Affected Products : notes- Published: Dec. 05, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Misconfiguration
-
3.5
LOWCVE-2025-66545
Nextcloud Groupfolders provides admin-configured folders shared by everyone in a group or team. Prior to 14.0.11, 15.3.12, 16.0.15, 17.0.14, 18.1.8, 19.1.8, and 20.1.2, a user with read-only permission can restore a file from the trash bin. This vulnerabi... Read more
Affected Products : notes- Published: Dec. 05, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Authorization
-
2.7
LOWCVE-2025-66515
The Nextcloud Approval app allows approval or disapproval of files in the sidebar. Prior to 1.3.1 and 2.5.0, an authenticated user listed as a requester in a workflow can set another user’s file into the “pending approval” without access to the file by us... Read more
Affected Products : notes- Published: Dec. 05, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Authorization
-
3.5
LOWCVE-2025-66514
Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Prior to 5.5.3, a stored HTML injection in the Mail app's message list allowed an authenticated user to inject HTML into the email subjects. Javascript was correctly blocke... Read more
Affected Products : notes- Published: Dec. 05, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Injection
-
4.3
MEDIUMCVE-2025-66513
Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.9, 0.9.6, and 1.0.1, the information which table (numeric ID) is shared with which groups or users and the respective permissions was not limited to privileged use... Read more
Affected Products : notes- Published: Dec. 05, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Information Disclosure
-
5.1
MEDIUMCVE-2025-34266
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/plugin-config/addins/menus endpoint. When an authenticated user adds or edits an AddIns menu entry, the label and path values are... Read more
Affected Products :- Published: Dec. 05, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Cross-Site Scripting
-
5.1
MEDIUMCVE-2025-34265
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/rule-engines endpoint. When an authenticated user creates or updates a rule for an agent, the rule fields min, max, and unit are ... Read more
Affected Products :- Published: Dec. 05, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Cross-Site Scripting
-
5.1
MEDIUMCVE-2025-34264
Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting (XSS) vulnerability in the /rmm/v1/dog/{agentId} endpoint. When an authenticated user adds or edits Software Watchdog process rules for an agent, the monitored proc... Read more
Affected Products :- Published: Dec. 05, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Cross-Site Scripting