Latest CVE Feed
-
4.2
MEDIUMCVE-2018-12332
Incomplete Cleanup vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to compromise authentication and encryption keys via a compromised host PC after a reset.... Read more
- Published: Jun. 17, 2018
- Modified: Nov. 21, 2024
-
4.2
MEDIUMCVE-2025-1540
An issue has been discovered in GitLab CE/EE for Self-Managed and Dedicated instances affecting all versions from 17.5 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2. It was possible for a user added as an External to read and clone inter... Read more
Affected Products : gitlab- Published: Mar. 06, 2025
- Modified: Aug. 06, 2025
- Vuln Type: Authorization
-
4.2
MEDIUMCVE-2019-3828
Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.... Read more
Affected Products : ansible- Published: Mar. 27, 2019
- Modified: Nov. 21, 2024
-
4.2
MEDIUMCVE-2025-2571
Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fail to clear Google OAuth credentials when converting user accounts to bot accounts, allowing attackers to gain unauthorized access to bot accounts via the Google... Read more
Affected Products : mattermost_server- Published: May. 30, 2025
- Modified: May. 30, 2025
- Vuln Type: Authentication
-
4.2
MEDIUMCVE-2025-49193
The application fails to implement several security headers. These headers help increase the overall security level of the web application by e.g., preventing the application to be displayed in an iFrame (Clickjacking attacks) or not executing injected ma... Read more
Affected Products :- Published: Jun. 12, 2025
- Modified: Jun. 12, 2025
- Vuln Type: Misconfiguration
-
4.2
MEDIUMCVE-2024-56998
PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) in /edit-profile.php via the parameter $address.... Read more
- Published: Jan. 21, 2025
- Modified: Apr. 09, 2025
- Vuln Type: Cross-Site Scripting
-
4.2
MEDIUMCVE-2024-56997
PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) in /doctor/index.php via the 'Email' parameter.... Read more
Affected Products : hospital_management_system- Published: Jan. 21, 2025
- Modified: Apr. 09, 2025
- Vuln Type: Cross-Site Scripting
-
4.2
MEDIUMCVE-2024-7096
A privilege escalation vulnerability exists in multiple [Vendor Name] products due to a business logic flaw in SOAP admin services. A malicious actor can create a new user with elevated permissions only when all of the following conditions are met: * S... Read more
Affected Products :- Published: May. 30, 2025
- Modified: May. 30, 2025
- Vuln Type: Authorization
-
4.2
MEDIUMCVE-2025-53543
Kestra is an event-driven orchestration platform. The error message in execution "Overview" tab is vulnerable to stored XSS due to improper handling of HTTP response received. This vulnerability is fixed in 0.22.0.... Read more
Affected Products :- Published: Jul. 07, 2025
- Modified: Jul. 08, 2025
- Vuln Type: Cross-Site Scripting
-
4.2
MEDIUMCVE-2025-26058
Webkul QloApps v1.6.1 exposes authentication tokens in URLs during redirection. When users access the admin panel or other protected areas, the application appends sensitive authentication tokens directly to the URL.... Read more
Affected Products : qloapps- Published: Feb. 18, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Authentication
-
4.2
MEDIUMCVE-2025-53021
A session fixation vulnerability in Moodle 3.x through 3.11.18 allows unauthenticated attackers to hijack user sessions via the sesskey parameter. The sesskey can be obtained without authentication and reused within the OAuth2 login flow, resulting in the... Read more
Affected Products : moodle- Published: Jun. 24, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Authentication
-
4.2
MEDIUMCVE-2018-8315
An information disclosure vulnerability exists when the browser scripting engine improperly handle object types, aka "Microsoft Scripting Engine Information Disclosure Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet... Read more
- Published: Sep. 13, 2018
- Modified: Nov. 21, 2024
-
4.2
MEDIUMCVE-2019-2787
Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Automount). Supported versions that are affected are 11.4 and 10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via ... Read more
- Published: Jul. 23, 2019
- Modified: Nov. 21, 2024
-
4.2
MEDIUMCVE-2023-45803
urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request ... Read more
- Published: Oct. 17, 2023
- Modified: Feb. 13, 2025
-
4.2
MEDIUMCVE-2023-42934
An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app with root privileges may be able to access private information.... Read more
- Published: Jan. 10, 2024
- Modified: Jun. 20, 2025
-
4.2
MEDIUMCVE-2020-13464
The flash memory readout protection in China Key Systems & Integrated Circuit CKS32F103 devices allows physical attackers to extract firmware via the debug interface by utilizing the CPU or DMA module.... Read more
- Published: Aug. 31, 2020
- Modified: Nov. 21, 2024
-
4.2
MEDIUMCVE-2024-41965
Vim is an open source command line text editor. double-free in dialog_changed() in Vim < v9.1.0648. When abandoning a buffer, Vim may ask the user what to do with the modified buffer. If the user wants the changed buffer to be saved, Vim may create a new ... Read more
Affected Products : vim- Published: Aug. 01, 2024
- Modified: Nov. 21, 2024
-
4.2
MEDIUMCVE-2020-10575
An issue was discovered in Janus through 0.9.1. plugins/janus_videocall.c in the VideoCall plugin mishandles session management because a race condition causes some references to be freed too early or too many times.... Read more
Affected Products : janus- Published: Mar. 14, 2020
- Modified: Nov. 21, 2024
-
4.2
MEDIUMCVE-2023-45920
Xfig v3.2.8 was discovered to contain a NULL pointer dereference when calling XGetWMHints(). NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server or win... Read more
Affected Products :- Published: Mar. 27, 2024
- Modified: Nov. 21, 2024
-
4.2
MEDIUMCVE-2023-36559
Microsoft Edge (Chromium-based) Spoofing Vulnerability... Read more
Affected Products : edge_chromium- Published: Oct. 13, 2023
- Modified: Dec. 12, 2024