Latest CVE Feed
-
9.5
CRITICALCVE-2025-2516
The use of a weak cryptographic key pair in the signature verification process in WPS Office (Kingsoft) on Windows allows an attacker who successfully recovered the private key to sign components. As older versions of WPS Office did not validate the upda... Read more
Affected Products : wps_office- Published: Mar. 27, 2025
- Modified: Mar. 27, 2025
- Vuln Type: Cryptography
-
9.5
CRITICALCVE-2025-47292
Cap Collectif is an online decision making platform that integrates several tools. Before commit 812f2a7d271b76deab1175bdaf2be0b8102dd198, the `DebateAlternateArgumentsResolver` deserializes a `Cursor`, allowing any classes and which can be controlled by ... Read more
Affected Products :- Published: May. 14, 2025
- Modified: May. 16, 2025
- Vuln Type: Authentication
-
9.5
CRITICALCVE-2024-50388
An OS command injection vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to execute commands. We have already fixed the vulnerability in the following version: HBS 3 Hybrid B... Read more
Affected Products :- Published: Dec. 06, 2024
- Modified: Dec. 06, 2024
-
9.5
CRITICALCVE-2024-1243
Improper input validation in the Wazuh agent for Windows prior to version 4.8.0 allows an attacker with control over the Wazuh server or agent key to configure the agent to connect to a malicious UNC path. This results in the leakage of the machine accoun... Read more
Affected Products : wazuh- Published: Jun. 11, 2025
- Modified: Jun. 12, 2025
- Vuln Type: Misconfiguration
-
9.5
CRITICALCVE-2024-52329
ECOVACS HOME mobile app plugins for specific robots do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic and obtain authentication tokens.... Read more
Affected Products :- Published: Jan. 23, 2025
- Modified: Jan. 23, 2025
- Vuln Type: Misconfiguration
-
9.5
CRITICALCVE-2024-50389
A SQL injection vulnerability has been reported to affect QuRouter. If exploited, the vulnerability could allow remote attackers to inject malicious code. We have already fixed the vulnerability in the following version: QuRouter 2.4.5.032 and later... Read more
Affected Products :- Published: Dec. 06, 2024
- Modified: Dec. 06, 2024
-
9.5
CRITICALCVE-2024-48860
An OS command injection vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow remote attackers to execute commands. We have already fixed the vulnerability in the following version: QuRouter 2.4.3... Read more
Affected Products :- Published: Nov. 22, 2024
- Modified: Nov. 22, 2024
-
9.5
CRITICALCVE-2024-48853
An escalation of privilege vulnerability in ASPECT could provide an attacker root access to a server when logged in as a "non" root ASPECT user. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3... Read more
Affected Products :- Published: May. 22, 2025
- Modified: May. 23, 2025
-
9.5
CRITICALCVE-2024-9487
An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed resulting in unauthorized provisioning of users and access to the instance. Exploitation requi... Read more
Affected Products : enterprise_server- Published: Oct. 10, 2024
- Modified: Nov. 15, 2024
-
9.5
CRITICALCVE-2025-4318
The AWS Amplify Studio UI component property expressions in the aws-amplify/amplify-codegen-ui package lack input validation. This could potentially allow an authenticated user who has access to create or modify components to run arbitrary JavaScript code... Read more
Affected Products :- Published: May. 05, 2025
- Modified: Jul. 18, 2025
- Vuln Type: Cross-Site Scripting
-
9.5
CRITICALCVE-2025-34069
An authentication bypass vulnerability exists in GFI Kerio Control 9.4.5 due to insecure default proxy configuration and weak access control in the GFIAgent service. The non-transparent proxy on TCP port 3128 can be used to forward unauthenticated request... Read more
Affected Products :- Published: Jul. 02, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Authentication
-
9.5
CRITICALCVE-2025-5333
Remote attackers can execute arbitrary code in the context of the vulnerable service process.... Read more
Affected Products :- Published: Jul. 06, 2025
- Modified: Jul. 08, 2025
-
9.5
CRITICALCVE-2024-52577
In Apache Ignite versions from 2.6.0 and before 2.17.0, configured Class Serialization Filters are ignored for some Ignite endpoints. The vulnerability could be exploited if an attacker manually crafts an Ignite message containing a vulnerable object whos... Read more
Affected Products : ignite- Published: Feb. 14, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Misconfiguration
-
9.5
CRITICALCVE-2025-24971
DumpDrop is a stupid simple file upload application that provides an interface for dragging and dropping files. An OS Command Injection vulnerability was discovered in the DumbDrop application, `/upload/init` endpoint. This vulnerability could allow an at... Read more
Affected Products :- Published: Feb. 04, 2025
- Modified: Feb. 04, 2025
- Vuln Type: Injection
-
9.5
CRITICALCVE-2025-50121
A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause unauthenticated remote code execution when a malicious folder is created over the web interface HTTP when enabled. H... Read more
Affected Products :- Published: Jul. 11, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Injection
-
9.5
CRITICALCVE-2024-13503
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Newtec NTC2218, NTC2250, NTC2299 on Linux, PowerPC, ARM (Updating signaling process in the swdownload binary modules) allows Local Execution of Code, Remote Code Inclu... Read more
Affected Products :- Published: Jan. 17, 2025
- Modified: Jan. 17, 2025
- Vuln Type: Memory Corruption
-
9.5
CRITICALCVE-2024-52330
ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic, possibly modifying firmware updates.... Read more
Affected Products :- Published: Jan. 23, 2025
- Modified: Jan. 23, 2025
- Vuln Type: Misconfiguration
-
9.5
CRITICALCVE-2024-1244
Improper input validation in the OSSEC HIDS agent for Windows prior to version 3.8.0 allows an attacker in with control over the OSSEC server or in possession of the agent's key to configure the agent to connect to a malicious UNC path. This results in th... Read more
Affected Products :- Published: Jun. 11, 2025
- Modified: Jun. 12, 2025
- Vuln Type: Misconfiguration
-
9.5
CRITICALCVE-2025-52464
Meshtastic is an open source mesh networking solution. In versions from 2.5.0 to before 2.6.11, the flashing procedure of several hardware vendors was resulting in duplicated public/private keys. Additionally, the Meshtastic was failing to properly initia... Read more
Affected Products : meshtastic_firmware- Published: Jun. 19, 2025
- Modified: Jun. 23, 2025
- Vuln Type: Cryptography
-
9.5
CRITICALCVE-2013-10043
A vulnerability exists in OAstium VoIP PBX astium-confweb-2.1-25399 and earlier, where improper input validation in the logon.php script allows an attacker to bypass authentication via SQL injection. Once authenticated as an administrator, the attacker ca... Read more
Affected Products :- Published: Jul. 31, 2025
- Modified: Jul. 31, 2025
- Vuln Type: Injection