Latest CVE Feed
-
9.4
CRITICALCVE-2012-10039
ZEN Load Balancer versions 2.0 and 3.0-rc1 contain a command injection vulnerability in content2-2.cgi. The filelog parameter is passed directly into a backtick-delimited exec() call without sanitation. An authenticated attacker can inject arbitrary shell... Read more
Affected Products :- Published: Aug. 11, 2025
- Modified: Aug. 11, 2025
- Vuln Type: Injection
-
9.4
CRITICALCVE-2012-10040
Openfiler v2.x contains a command injection vulnerability in the system.html page. The device parameter is used to instantiate a NetworkCard object, whose constructor in network.inc calls exec() with unsanitized input. An authenticated attacker can exploi... Read more
Affected Products : openfiler- Published: Aug. 11, 2025
- Modified: Aug. 11, 2025
- Vuln Type: Injection
-
9.4
CRITICALCVE-2025-6030
Use of fixed learning codes, one code to lock the car and the other code to unlock it, in the Key Fob Transmitter in Cyclone Matrix TRF Smart Keyless Entry System, which allows a replay attack. Research was completed on the 2024 KIA Soluto. Attack conf... Read more
Affected Products :- Published: Jun. 13, 2025
- Modified: Jun. 16, 2025
- Vuln Type: Cryptography
-
9.4
CRITICALCVE-2025-1268
Out-of-bounds vulnerability in EMF Recode processing of Generic Plus PCL6 Printer Driver / Generic Plus UFR II Printer Driver / Generic Plus LIPS4 Printer Driver / Generic Plus LIPSLX Printer Driver / Generic Plus PS Printer Driver / Generic FAX Printer D... Read more
Affected Products :- Published: Mar. 31, 2025
- Modified: Jun. 16, 2025
- Vuln Type: Memory Corruption
-
9.4
CRITICALCVE-2025-34104
An authenticated remote code execution vulnerability exists in Piwik (now Matomo) versions prior to 3.0.3 via the plugin upload mechanism. In vulnerable versions, an authenticated user with Superuser privileges can upload and activate a malicious plugin (... Read more
Affected Products :- Published: Jul. 15, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Authentication
-
9.4
CRITICALCVE-2025-53946
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.5 in the `id_funcionario` parameter of the `/html/saude/profile_paciente.php` en... Read more
Affected Products : wegia- Published: Jul. 17, 2025
- Modified: Jul. 30, 2025
- Vuln Type: Injection
-
9.4
CRITICALCVE-2025-54060
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.6 in the `idatendido_familiares` parameter of the `/html/funcionario/dependente_... Read more
Affected Products : wegia- Published: Jul. 17, 2025
- Modified: Jul. 30, 2025
- Vuln Type: Injection
-
9.4
CRITICALCVE-2025-54061
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.6 in the `idatendido_familiares` parameter of the `/html/funcionario/dependente_... Read more
Affected Products : wegia- Published: Jul. 17, 2025
- Modified: Jul. 30, 2025
- Vuln Type: Injection
-
9.4
CRITICALCVE-2025-7783
Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files lib/form_data.Js. This issue affects form-data: < 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3.... Read more
Affected Products : form-data- Published: Jul. 18, 2025
- Modified: Jul. 22, 2025
- Vuln Type: Misconfiguration
-
9.4
CRITICALCVE-2025-29757
An incorrect authorisation check in the the 'plant transfer' function of the Growatt cloud service allowed a malicous attacker with a valid account to transfer any plant into his/her account.... Read more
Affected Products :- Published: Jul. 19, 2025
- Modified: Jul. 22, 2025
- Vuln Type: Authorization
-
9.4
CRITICALCVE-2024-41789
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not sanitize the language parameter in specific POST requests. This could allow an authenticated remote attacker to execute ... Read more
Affected Products :- Published: Apr. 08, 2025
- Modified: Apr. 08, 2025
- Vuln Type: Authentication
-
9.4
CRITICALCVE-2024-41790
A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). The web interface of affected devices does not sanitize the region parameter in specific POST requests. This could allow an authenticated remote attacker to execute ar... Read more
Affected Products :- Published: Apr. 08, 2025
- Modified: Apr. 08, 2025
- Vuln Type: Authentication
-
9.4
CRITICALCVE-2025-3114
Code Execution via Malicious Files: Attackers can create specially crafted files with embedded code that may execute without adequate security validation, potentially leading to system compromise. Sandbox Bypass Vulnerability: A flaw in the TERR security... Read more
Affected Products :- Published: Apr. 09, 2025
- Modified: Apr. 15, 2025
- Vuln Type: Misconfiguration
-
9.4
CRITICALCVE-2025-36852
A critical security vulnerability exists in remote cache extensions for common build systems utilizing bucket-based remote cache (such as those using Amazon S3, Google Cloud Storage, or similar object storage) that allows any contributor with pull request... Read more
Affected Products : nx-remotecache-azure nx-remotecache-custom azure-cache gcs-cache s3-cache shared-fs-cache nx-remotecache-minio- Published: Jun. 10, 2025
- Modified: Jun. 12, 2025
- Vuln Type: Supply Chain
-
9.4
CRITICALCVE-2025-48047
An authenticated user can perform command injection via unsanitized input to the NetFax Server’s ping functionality via the /test.php endpoint.... Read more
Affected Products :- Published: May. 29, 2025
- Modified: May. 29, 2025
- Vuln Type: Injection
-
9.4
CRITICALCVE-2025-49008
Atheos is a self-hosted browser-based cloud integrated development environment. Prior to version 6.0.4, improper use of `escapeshellcmd()` in `/components/codegit/traits/execute.php` allows argument injection, leading to arbitrary command execution. Atheo... Read more
Affected Products :- Published: Jun. 05, 2025
- Modified: Jun. 05, 2025
- Vuln Type: Injection
-
9.4
CRITICALCVE-2025-3321
A predefined administrative account is not documented and cannot be deactivated. This account cannot be misused from the network, only by local users on the server.... Read more
Affected Products : onlinesuite_application_package- Published: Jun. 06, 2025
- Modified: Jun. 06, 2025
- Vuln Type: Authentication
-
9.4
CRITICALCVE-2024-48849
Missing Origin Validation in WebSockets vulnerability in FLXEON. Session management was not sufficient to prevent unauthorized HTTPS requests. This issue affects FLXEON: through <= 9.3.4.... Read more
Affected Products :- Published: Jan. 29, 2025
- Modified: Jan. 29, 2025
- Vuln Type: Authentication
-
9.4
CRITICALCVE-2024-48852
Insertion of Sensitive Information into Log File vulnerability observed in FLEXON. Some information may be improperly disclosed through https access. This issue affects FLXEON through <= 9.3.4.... Read more
Affected Products :- Published: Jan. 29, 2025
- Modified: Jan. 29, 2025
- Vuln Type: Information Disclosure
-
9.4
CRITICALCVE-2025-22140
WeGIA is a web manager for charitable institutions. A SQL Injection vulnerability was identified in the /html/funcionario/dependente_listar_um.php endpoint, specifically in the id_dependente parameter. This vulnerability allows attackers to execute arbitr... Read more
Affected Products : wegia- Published: Jan. 08, 2025
- Modified: Apr. 09, 2025
- Vuln Type: Injection