Latest CVE Feed
-
6.5
CVSS31CVE-2025-53820
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `index.php` endpoint of the WeGIA application prior to version 3.4.5. This ... Read more
Affected Products :- Published: Jul. 14, 2025
- Modified: Jul. 14, 2025
-
7.9
CVSS31CVE-2025-53819
Nix is a package manager for Linux and other Unix systems. Builds with Nix 2.30.0 on macOS were executed with elevated privileges (root), instead of the build users. The fix was applied to Nix 2.30.1. No known workarounds are available.... Read more
Affected Products :- Published: Jul. 14, 2025
- Modified: Jul. 14, 2025
-
0.0
NONECVE-2025-53818
GitHub Kanban MCP Server is a Model Context Protocol (MCP) server for managing GitHub issues in Kanban board format and streamlining LLM task management. Versions 0.3.0 and 0.4.0 of the MCP Server are written in a way that is vulnerable to command injecti... Read more
Affected Products :- Published: Jul. 14, 2025
- Modified: Jul. 14, 2025
-
0.0
NONECVE-2025-53643
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version... Read more
Affected Products :- Published: Jul. 14, 2025
- Modified: Jul. 14, 2025
-
0.0
NONECVE-2025-53640
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Starting in version 2.2 and prior to version 3.3.7, an endpoint used to display details of users listed in certain fields (such as ACLs) could... Read more
Affected Products :- Published: Jul. 14, 2025
- Modified: Jul. 14, 2025
-
7.6
CVSS31CVE-2025-27582
The Secure Password extension in One Identity Password Manager before 5.14.4 allows local privilege escalation. The issue arises from a flawed security hardening mechanism within the kiosk browser used to display the Password Self-Service site to end user... Read more
Affected Products :- Published: Jul. 14, 2025
- Modified: Jul. 14, 2025
-
0.0
NONECVE-2025-53639
MeterSphere is an open source continuous testing platform. Prior to version 3.6.5-lts, the sortField parameter in certain API endpoints is not properly validated or sanitized. An attacker can supply crafted input to inject and execute arbitrary SQL statem... Read more
Affected Products :- Published: Jul. 14, 2025
- Modified: Jul. 14, 2025
-
0.0
NONECVE-2025-53623
The Job Iteration API is an an extension for ActiveJob that make jobs interruptible and resumable Versions prior to 1.11.0 have an arbitrary code execution vulnerability in the `CsvEnumerator` class. This vulnerability can be exploited by an attacker to e... Read more
Affected Products :- Published: Jul. 14, 2025
- Modified: Jul. 14, 2025
-
7.4
CVSS31CVE-2025-53101
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick mogrify` command, specifying multiple consecutive `%d` format specifiers in a filename temp... Read more
Affected Products :- Published: Jul. 14, 2025
- Modified: Jul. 14, 2025
-
3.7
CVSS31CVE-2025-53019
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick stream` command, specifying multiple consecutive `%d` format specifiers in a filename templ... Read more
Affected Products :- Published: Jul. 14, 2025
- Modified: Jul. 14, 2025
-
7.5
CVSS31CVE-2025-53015
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0, infinite lines occur when writing during a specific XMP file conversion command. Version 7.1.2-0 fixes the issue.... Read more
Affected Products :- Published: Jul. 14, 2025
- Modified: Jul. 14, 2025
-
5.4
CVSS31CVE-2025-51660
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the lgid parameter at SEMCMS_Products.php.... Read more
Affected Products :- Published: Jul. 14, 2025
- Modified: Jul. 14, 2025
-
5.4
CVSS31CVE-2025-51659
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_Products.php.... Read more
Affected Products :- Published: Jul. 14, 2025
- Modified: Jul. 14, 2025
-
5.4
CVSS31CVE-2025-51658
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_InquiryView.php.... Read more
Affected Products :- Published: Jul. 14, 2025
- Modified: Jul. 14, 2025
-
5.4
CVSS31CVE-2025-51657
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the lgid parameter at SEMCMS_Link.php.... Read more
Affected Products :- Published: Jul. 14, 2025
- Modified: Jul. 14, 2025
-
5.4
CVSS31CVE-2025-51656
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_Link.php.... Read more
Affected Products :- Published: Jul. 14, 2025
- Modified: Jul. 14, 2025
-
5.4
CVSS31CVE-2025-51655
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Quanxian.php.... Read more
Affected Products :- Published: Jul. 14, 2025
- Modified: Jul. 14, 2025
-
5.4
CVSS31CVE-2025-51654
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Infocategories.php.... Read more
Affected Products :- Published: Jul. 14, 2025
- Modified: Jul. 14, 2025
-
5.4
CVSS31CVE-2025-51653
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_ct.php.... Read more
Affected Products :- Published: Jul. 14, 2025
- Modified: Jul. 14, 2025
-
5.4
CVSS31CVE-2025-51652
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Categories.php.... Read more
Affected Products :- Published: Jul. 14, 2025
- Modified: Jul. 14, 2025