Latest CVE Feed
-
7.5
HIGHCVE-2025-67014
Incorrect access control in DEV Systemtechnik GmbH DEV 7113 RF over Fiber Distribution System 32-0078 H.01 allows unauthenticated attackers to access an administrative endpoint.... Read more
Affected Products :- Published: Dec. 26, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-15142
A vulnerability was identified in 9786 phpok3w up to 901d96a06809fb28b17f3a4362c59e70411c933c. Impacted is an unknown function of the file show.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely... Read more
Affected Products :- Published: Dec. 28, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Injection
-
5.3
MEDIUMCVE-2025-15118
A security vulnerability has been detected in macrozheng mall up to 1.0.3. This vulnerability affects unknown code of the file /member/address/update/ of the component Member Endpoint. The manipulation leads to improper authorization. Remote exploitation ... Read more
Affected Products : mall- Published: Dec. 28, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Authorization
-
5.1
MEDIUMCVE-2025-15172
A security flaw has been discovered in SohuTV CacheCloud up to 3.2.0. This impacts the function preview of the file src/main/java/com/sohu/cache/web/controller/RedisConfigTemplateController.java. The manipulation results in cross site scripting. The attac... Read more
Affected Products :- Published: Dec. 29, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Cross-Site Scripting
-
5.1
MEDIUMCVE-2025-15171
A vulnerability was identified in SohuTV CacheCloud up to 3.2.0. This affects the function index of the file src/main/java/com/sohu/cache/web/controller/ServerController.java. The manipulation leads to cross site scripting. Remote exploitation of the atta... Read more
Affected Products :- Published: Dec. 29, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-14178
In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, a heap buffer overflow occurs in array_merge() when the total element count of packed arrays exceeds 32-bit limits or HT_MAX_SIZE, due ... Read more
Affected Products : php- Published: Dec. 27, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2025-15152
A vulnerability was identified in h-moses moga-mall up to 392d631a5ef15962a9bddeeb9f1269b9085473fa. This vulnerability affects the function addProduct of the file src/main/java/com/ms/product/controller/PmsProductController.java. Such manipulation of the ... Read more
Affected Products :- Published: Dec. 28, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Misconfiguration
-
8.6
HIGHCVE-2025-59887
Improper authentication of library files in the Eaton UPS Companion software installer could lead to arbitrary code execution of an attacker with the access to the software package. This security issue has been fixed in the latest version of EUC which is... Read more
Affected Products :- Published: Dec. 26, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Authentication
-
7.6
HIGHCVE-2025-2307
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Verisay Communication and Information Technology Industry and Trade Ltd. Co. Aidango allows Cross-Site Scripting (XSS).This issue affects Aidango:... Read more
Affected Products :- Published: Dec. 25, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-15146
A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. This impacts the function doUserList of the file src/main/java/com/sohu/cache/web/controller/UserManageController.java. Performing manipulation results in cross site scripting. The attack may ... Read more
Affected Products :- Published: Dec. 28, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Cross-Site Scripting
-
6.9
MEDIUMCVE-2025-15066
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Missing Authorization vulnerability in Innorix WP allows Path Traversal.This issue affects Innorix WP from All versions If the "exam" directory exists under the directory wher... Read more
Affected Products :- Published: Dec. 29, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Path Traversal
-
8.2
HIGHCVE-2025-14180
In PHP versions 8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTR_EMULATE_PREPARES enabled, an invalid character sequence (such as \x99) in a prepared... Read more
Affected Products : php- Published: Dec. 27, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Memory Corruption
-
6.3
MEDIUMCVE-2025-15151
A vulnerability was determined in TaleLin Lin-CMS up to 0.6.0. This affects an unknown part of the file /tests/config.py of the component Tests Folder. This manipulation of the argument username/password causes password in configuration file. The attack i... Read more
Affected Products :- Published: Dec. 28, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Misconfiguration
-
5.1
MEDIUMCVE-2025-65885
An issue was discovered in the Delight Custom Firmware (CFW) for Nokia Symbian Belle devices on Nokia 808 (Delight v1.8), Nokia N8 (Delight v6.7), Nokia E7 (Delight v1.3), Nokia C7 (Delight v6.7), Nokia 700 (Delight v1.2), Nokia 701 (Delight v1.1), Nokia ... Read more
Affected Products :- Published: Dec. 26, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Injection
-
5.1
MEDIUMCVE-2025-15174
A security vulnerability has been detected in SohuTV CacheCloud up to 3.2.0. Affected by this vulnerability is the function doAppAuditList of the file src/main/java/com/sohu/cache/web/controller/AppManageController.java. Such manipulation leads to cross s... Read more
Affected Products :- Published: Dec. 29, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Cross-Site Scripting
-
9.9
CRITICALCVE-2025-66203
StreamVault is a video download integration solution. Prior to version 251126, a Remote Code Execution (RCE) vulnerability exists in the stream-vault application (SpiritApplication). The application allows administrators to configure yt-dlp arguments via ... Read more
Affected Products :- Published: Dec. 27, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Injection
-
4.8
MEDIUMCVE-2025-15149
A vulnerability has been found in rawchen ecms up to b59d7feaa9094234e8aa6c8c6b290621ca575ded. Affected by this vulnerability is the function updateProductServlet of the file src/servlet/product/updateProductServlet.java of the component Add New Product P... Read more
Affected Products :- Published: Dec. 28, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Cross-Site Scripting
-
5.1
MEDIUMCVE-2025-15175
A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. Affected by this issue is the function doAppList/appCommandAnalysis of the file src/main/java/com/sohu/cache/web/controller/AppController.java. Performing manipulation results in cross site sc... Read more
Affected Products :- Published: Dec. 29, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Cross-Site Scripting
-
6.8
MEDIUMCVE-2025-15070
Exposure of Sensitive Information to an Unauthorized Actor, Missing Authorization vulnerability in Gmission Web Fax allows Authentication Abuse.This issue affects Web Fax: from 3.0 before 4.0.... Read more
Affected Products :- Published: Dec. 29, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Authentication
-
3.1
LOWCVE-2025-15141
A vulnerability was determined in Halo up to 2.21.10. This issue affects some unknown processing of the file /actuator of the component Configuration Handler. Executing manipulation can lead to information disclosure. The attack may be performed from remo... Read more
Affected Products :- Published: Dec. 28, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Information Disclosure