Total CVEs

142,714

Critical Severity

4,025

High Severity

14,400

Last 7 Days

1,392
Quick preset (or use dates below)
Clear Filters
Showing 14,181 - 14,200 of 14,400 CVEs
CVE-2025-15264 HIGH - 7.3

A vulnerability was determined in FeehiCMS up to 2.1.1. Impacted is an unknown function of the file frontend/web/timthumb.php of the component TimThumb. Executing manipulation of the argument src can lead to server-side request forgery. The attack can be launched remotely. The exploit has been publi...

Vendor: feehi
Product: feehicms
Published: Dec 30, 2025
Source: NVD
CVE-2025-65411 HIGH - 7.5

A NULL pointer dereference in the src/path.c component of GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service (DoS) via injecting a crafted payload into the search_path parameter.

Vendor: unrtf_project
Product: unrtf
Published: Dec 30, 2025
Source: NVD
CVE-2025-65409 HIGH - 7.5

A divide-by-zero in the encryption/decryption routines of GNU Recutils v1.9 allows attackers to cause a Denial of Service (DoS) via inputting an empty value as a password.

Vendor: gnu
Product: recutils
Published: Dec 30, 2025
Source: NVD
CVE-2025-15262 HIGH - 7.2

A security flaw has been discovered in BiggiDroid Simple PHP CMS 1.0. This impacts an unknown function of the file /admin/edit.php of the component Site Logo Handler. Performing manipulation of the argument image results in unrestricted upload. Remote exploitation of the attack is possible. The expl...

Vendor: biggidroid
Product: simple_php_cms
Published: Dec 30, 2025
Source: NVD
CVE-2025-69204 HIGH - 7.5

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, in the WriteSVGImage function, using an int variable to store number_attributes caused an integer overflow. This, in turn, triggered a buffer overflow and caused a DoS attack. Ve...

Vendor: imagemagick
Product: imagemagick
Published: Dec 30, 2025
Source: NVD
CVE-2025-68618 HIGH - 7.5

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, using Magick to read a malicious SVG file resulted in a DoS attack. Version 7.1.2-12 fixes the issue.

Vendor: imagemagick
Product: imagemagick
Published: Dec 30, 2025
Source: NVD
CVE-2025-59129 HIGH - 7.6

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Appointify allows Blind SQL Injection.This issue affects Appointify: from n/a through 1.0.8.

Published: Dec 30, 2025
Source: NVD
CVE-2025-61557 HIGH - 7.5

nixseparatedebuginfod before v0.4.1 is vulnerable to Directory Traversal.

Vendor: symphorien
Product: nixseparatedebuginfod
Published: Dec 30, 2025
Source: NVD
CVE-2025-15254 HIGH - 8.8

A vulnerability was found in Tenda W6-S 1.0.0.4(510). This affects the function TendaAte of the file /goform/ate of the component ATE Service. Performing manipulation results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used.

Vendor: tenda
Product: w6-s_firmware
Published: Dec 30, 2025
Source: NVD
CVE-2025-15253 HIGH - 8.8

A vulnerability has been found in Tenda M3 1.0.0.13(4903). The impacted element is an unknown function of the file /goform/exeCommand. Such manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public an...

Vendor: tenda
Product: m3_firmware
Published: Dec 30, 2025
Source: NVD
CVE-2025-15252 HIGH - 8.8

A flaw has been found in Tenda M3 1.0.0.13(4903). The affected element is the function formSetRemoteDhcpForAp of the file /goform/setDhcpAP. This manipulation of the argument startip/endip/leasetime/gateway/dns1/dns2 causes stack-based buffer overflow. The attack can be initiated remotely. The explo...

Vendor: tenda
Product: m3_firmware
Published: Dec 30, 2025
Source: NVD
CVE-2025-14509 HIGH - 7.2

The Lucky Wheel for WooCommerce โ€“ Spin a Sale plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.1.13. This is due to the plugin using eval() to execute user-supplied input from the 'Conditional Tags' setting without proper validation or saniti...

Published: Dec 30, 2025
Source: NVD
CVE-2025-69034 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Lekker lekker allows PHP Local File Inclusion.This issue affects Lekker: from n/a through <= 1.8.

Published: Dec 30, 2025
Source: NVD
CVE-2025-68996 HIGH - 7.5

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebCodingPlace Responsive Posts Carousel Pro responsive-posts-carousel-pro allows PHP Local File Inclusion.This issue affects Responsive Posts Carousel Pro: from n/a thr...

Published: Dec 30, 2025
Source: NVD
CVE-2025-68989 HIGH - 7.5

Insertion of Sensitive Information Into Sent Data vulnerability in Renzo Johnson Contact Form 7 Extension For Mailchimp contact-form-7-mailchimp-extension allows Retrieve Embedded Sensitive Data.This issue affects Contact Form 7 Extension For Mailchimp: from n/a through <= 0.9.49.

Published: Dec 30, 2025
Source: NVD
CVE-2025-68988 HIGH - 7.5

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in o2oe E-Invoice App Malaysia einvoiceapp-malaysia allows Retrieve Embedded Sensitive Data.This issue affects E-Invoice App Malaysia: from n/a through <= 1.1.0.

Published: Dec 30, 2025
Source: NVD
CVE-2025-68982 HIGH - 8.1

Missing Authorization vulnerability in designthemes DesignThemes LMS Addon designthemes-lms-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DesignThemes LMS Addon: from n/a through <= 2.6.

Published: Dec 30, 2025
Source: NVD
CVE-2025-68981 HIGH - 8.8

Missing Authorization vulnerability in designthemes HomeFix Elementor Portfolio homefix-ele-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HomeFix Elementor Portfolio: from n/a through <= 1.0.1.

Published: Dec 30, 2025
Source: NVD
CVE-2025-68980 HIGH - 8.1

Missing Authorization vulnerability in designthemes WeDesignTech Portfolio wedesigntech-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WeDesignTech Portfolio: from n/a through <= 1.0.2.

Published: Dec 30, 2025
Source: NVD
CVE-2025-68979 HIGH - 8.1

Authorization Bypass Through User-Controlled Key vulnerability in SimpleCalendar Google Calendar Events google-calendar-events allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google Calendar Events: from n/a through <= 3.5.9.

Published: Dec 30, 2025
Source: NVD