Latest CVE Feed
-
5.6
MEDIUMCVE-2025-14267
Incomplete removal of sensitive information before transfer vulnerability in M-Files Corporation M-Files Server allows data leak exposure affecting versions before 25.12.15491.7... Read more
Affected Products : m-files_server- Published: Dec. 19, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-53710
Due to a product misconfiguration in certain deployment types, it was possible from different pods in the same namespace to communicate with each other. This issue resulted in bypass of access control due to the presence of a vulnerable endpoint in Foundr... Read more
Affected Products :- Published: Dec. 18, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Misconfiguration
-
4.3
MEDIUMCVE-2025-64282
Authorization Bypass Through User-Controlled Key vulnerability in RadiusTheme Radius Blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Radius Blocks: from n/a through 2.2.1.... Read more
Affected Products :- Published: Dec. 18, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-63043
Authorization Bypass Through User-Controlled Key vulnerability in PickPlugins Post Grid and Gutenberg Blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Grid and Gutenberg Blocks: from n/a through 2.3.19... Read more
Affected Products : post_grid- Published: Dec. 18, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Authorization
-
5.0
MEDIUMCVE-2025-62998
Insertion of Sensitive Information Into Sent Data vulnerability in WP Messiah WP AI CoPilot allows Retrieve Embedded Sensitive Data.This issue affects WP AI CoPilot: from n/a through 1.2.7.... Read more
Affected Products :- Published: Dec. 18, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Information Disclosure
-
6.8
MEDIUMCVE-2023-30971
Gotham Gaia application was found to be exposing multiple unauthenticated endpoints.... Read more
Affected Products :- Published: Dec. 19, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Authentication
-
7.5
HIGHCVE-2025-66909
Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an image decompression bomb denial of service vulnerability. The ExtendedOpenCVImage class in ai/djl/opencv/ExtendedOpenCVImage.java loads images using OpenCV's imread() function without valida... Read more
Affected Products :- Published: Dec. 19, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Denial of Service
-
6.3
MEDIUMCVE-2025-68161
The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName https://logging.apache.org/log4j/2.x/manual/appenders/network.html#SslConfiguratio... Read more
Affected Products :- Published: Dec. 18, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Misconfiguration
-
6.4
MEDIUMCVE-2025-67845
A Directory Traversal vulnerability in the Static Asset Proxy Endpoint in Mintlify Platform before 2025-11-15 allows remote attackers to inject arbitrary web script or HTML via a crafted URL containing path traversal sequences.... Read more
Affected Products :- Published: Dec. 19, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Path Traversal
-
8.6
HIGHCVE-2025-13008
An information disclosure vulnerability in M-Files Server before versions 25.12.15491.7, 25.8 LTS SR3, 25.2 LTS SR3 and 24.8 LTS SR5 allows an authenticated attacker using M-Files Web to capture session tokens of other active users.... Read more
Affected Products : m-files_server- Published: Dec. 19, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Information Disclosure
-
9.1
CRITICALCVE-2024-49587
Glutton V1 service endpoints were exposed without any authentication on Gotham stacks, this could have allowed users that did not have any permission to hit glutton backend directly and read/update/delete data. The affected service has been patched and au... Read more
Affected Products :- Published: Dec. 19, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Authentication
-
7.7
HIGHCVE-2025-68279
Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to read arbitrary files from the server file system using crafted symbolic links in the repository. Version 5.15.1 fixes the issue.... Read more
Affected Products : weblate- Published: Dec. 18, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Path Traversal
-
6.9
MEDIUMCVE-2025-14546
Versions of the package fastapi-sso before 0.19.0 are vulnerable to Cross-site Request Forgery (CSRF) due to the improper validation of the OAuth state parameter during the authentication callback. While the get_login_url method allows for state generatio... Read more
Affected Products :- Published: Dec. 19, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Cross-Site Request Forgery
-
9.9
CRITICALCVE-2025-64663
Custom Question Answering Elevation of Privilege Vulnerability... Read more
Affected Products : azure_cognitive_service_for_language- Published: Dec. 18, 2025
- Modified: Dec. 19, 2025
-
8.5
HIGHCVE-2023-53937
Hubstaff 1.6.14 contains a DLL search order hijacking vulnerability that allows attackers to replace a missing system32 wow64log.dll with a malicious library. Attackers can generate a custom DLL using Metasploit and place it in the system32 directory to o... Read more
Affected Products :- Published: Dec. 18, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Misconfiguration
-
5.4
MEDIUMCVE-2025-62961
Missing Authorization vulnerability in Sparkle WP Sparkle FSE allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sparkle FSE: from n/a through 1.0.9.... Read more
Affected Products :- Published: Dec. 18, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-66524
Apache NiFi 1.20.0 through 2.6.0 include the GetAsanaObject Processor, which requires integration with a configurable Distribute Map Cache Client Service for storing and retrieving state information. The GetAsanaObject Processor used generic Java Object s... Read more
Affected Products : nifi- Published: Dec. 19, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Misconfiguration
-
8.4
HIGHCVE-2023-53940
Codigo Markdown Editor 1.0.1 contains a code execution vulnerability that allows attackers to run arbitrary system commands by crafting a malicious markdown file. Attackers can embed a video source with an onerror event that executes shell commands throug... Read more
Affected Products :- Published: Dec. 18, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Injection
-
8.2
HIGHCVE-2025-11774
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the software keyboard function (hereinafter referred to as "keypad function") of Mitsubishi Electric GENESIS64 versions 10.97.2 CFR3 and prior, Mit... Read more
Affected Products : mc_works64- Published: Dec. 19, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Injection
-
5.3
MEDIUMCVE-2025-14910
A vulnerability was detected in Edimax BR-6208AC 1.02. This impacts the function handle_retr of the component FTP Daemon Service. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public and may be used. E... Read more
Affected Products :- Published: Dec. 19, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Path Traversal