Latest CVE Feed
-
4.9
MEDIUMCVE-2025-65955
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-9 and 6.9.13-34, there is a vulnerability in ImageMagick’s Magick++ layer that manifests when Options::fontFamily is invoked with an empty string... Read more
Affected Products :- Published: Dec. 02, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-66476
Vim is an open source, command line text editor. Prior to version 9.1.1947, an uncontrolled search path vulnerability on Windows allows Vim to execute malicious executables placed in the current working directory for the current edited file. On Windows, w... Read more
Affected Products :- Published: Dec. 02, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Misconfiguration
-
8.9
HIGHCVE-2025-66399
Cacti is an open source performance and fault management framework. Prior to 1.2.29, there is an input-validation flaw in the SNMP device configuration functionality. An authenticated Cacti user can supply crafted SNMP community strings containing control... Read more
Affected Products :- Published: Dec. 02, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-65877
Lvzhou CMS before commit c4ea0eb9cab5f6739b2c87e77d9ef304017ed615 (2025-09-22) is vulnerable to SQL injection via the 'title' parameter in com.wanli.lvzhoucms.service.ContentService#findPage. The parameter is concatenated directly into a dynamic SQL query... Read more
Affected Products :- Published: Dec. 02, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-65657
FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted File Upload in Ad Management. FeehiCMS version 2.1.1 allows authenticated remote attackers to upload files that the server later executes (or stores in an executable location) without suf... Read more
Affected Products :- Published: Dec. 02, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Authentication
-
6.5
MEDIUMCVE-2025-65380
PHPGurukul Billing System 1.0 is vulnerable to SQL Injection in the admin/index.php endpoint. Specifically, the username parameter accepts unvalidated user input, which is then concatenated directly into a backend SQL query.... Read more
Affected Products :- Published: Dec. 02, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-65379
PHPGurukul Billing System 1.0 is vulnerable to SQL Injection in the /admin/password-recovery.php endpoint. Specifically, the username and mobileno parameters accepts unvalidated user input, which is then concatenated directly into a backend SQL query.... Read more
Affected Products :- Published: Dec. 02, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-64460
An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. Algorithmic complexity in `django.core.serializers.xml_serializer.getInnerText()` allows a remote attacker to cause a potential denial-of-service attack triggering CPU ... Read more
Affected Products : django- Published: Dec. 02, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-61729
Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a c... Read more
Affected Products :- Published: Dec. 02, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Denial of Service
-
5.3
MEDIUMCVE-2025-55181
Sending an HTTP request/response body with greater than 2^31 bytes triggers an infinite loop in proxygen::coro::HTTPQuicCoroSession which blocks the backing event loop and unconditionally appends data to a std::vector per-loop iteration. This issue leads ... Read more
Affected Products :- Published: Dec. 02, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Denial of Service
-
5.3
MEDIUMCVE-2025-13637
Inappropriate implementation in Downloads in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass download protections via a crafted HTML page. (Chromium security severity: Low)... Read more
Affected Products :- Published: Dec. 02, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Misconfiguration
-
5.3
MEDIUMCVE-2025-13636
Inappropriate implementation in Split View in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted domain name. (Chromium security severity: Low)... Read more
Affected Products :- Published: Dec. 02, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Misconfiguration
-
4.0
MEDIUMCVE-2025-13635
Inappropriate implementation in Downloads in Google Chrome prior to 143.0.7499.41 allowed a local attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)... Read more
Affected Products :- Published: Dec. 02, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Misconfiguration
-
4.0
MEDIUMCVE-2025-13634
Inappropriate implementation in Downloads in Google Chrome on Windows prior to 143.0.7499.41 allowed a local attacker to bypass mark of the web via a crafted HTML page. (Chromium security severity: Medium)... Read more
Affected Products :- Published: Dec. 02, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Misconfiguration
-
5.4
MEDIUMCVE-2025-13632
Inappropriate implementation in DevTools in Google Chrome prior to 143.0.7499.41 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. (Chromium security severity:... Read more
Affected Products :- Published: Dec. 02, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2025-66307
This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a user enumeration and email disclosure vulnerability exists in Grav. The "Forgot Password" f... Read more
Affected Products : grav- Published: Dec. 01, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Information Disclosure
-
4.3
MEDIUMCVE-2025-66306
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, there is an IDOR (Insecure Direct Object Reference) vulnerability in the Grav CMS Admin Panel which allows low-privilege users to access sensitive information from other accounts. Although direct ... Read more
Affected Products : grav- Published: Dec. 01, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Authorization
-
6.9
MEDIUMCVE-2025-66305
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a Denial of Service (DoS) vulnerability was identified in the "Languages" submenu of the Grav admin configuration panel (/admin/config/system). Specifically, the Supported parameter fails to prope... Read more
Affected Products : grav- Published: Dec. 01, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Denial of Service
-
6.2
MEDIUMCVE-2025-66304
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, users with read access on the user account management section of the admin panel can view the password hashes of all users, including the admin user. This exposure can potentially lead to privileg... Read more
Affected Products : grav- Published: Dec. 01, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Information Disclosure
-
8.4
HIGHCVE-2025-64778
NMIS/BioDose software V22.02 and previous versions contain executable binaries with plain text hard-coded passwords. These hard-coded passwords could allow unauthorized access to both the application and database.... Read more
Affected Products :- Published: Dec. 02, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Authentication