Latest CVE Feed
-
5.6
MEDIUMCVE-2025-8074
Origin validation error vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.3-13973 allows local users to write arbitrary files with non-sensitive information via unspecified vectors.... Read more
Affected Products :- Published: Dec. 04, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Misconfiguration
-
9.3
CRITICALCVE-2025-13658
A vulnerability in Longwatch devices allows unauthenticated HTTP GET requests to execute arbitrary code via an exposed endpoint, due to the absence of code signing and execution controls. Exploitation results in SYSTEM-level privileges.... Read more
Affected Products :- Published: Dec. 02, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Authentication
-
8.6
HIGHCVE-2025-64298
NMIS/BioDose V22.02 and previous version installations where the embedded Microsoft SQLServer Express is used are exposed in the Windows share accessed by clients in networked installs. By default, this directory has insecure directory paths that allow ac... Read more
Affected Products :- Published: Dec. 02, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Misconfiguration
-
8.7
HIGHCVE-2025-62575
NMIS/BioDose V22.02 and previous versions rely on a Microsoft SQL Server database. The SQL user account 'nmdbuser' and other created accounts by default have the sysadmin role. This can lead to remote code execution through the use of certain built-in sto... Read more
Affected Products :- Published: Dec. 02, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Misconfiguration
-
5.3
MEDIUMCVE-2025-10304
The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the process_status_unlink() function in all versions up to, and including, 2.3.... Read more
Affected Products : everest_backup- Published: Dec. 03, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Authorization