Latest CVE Feed
-
9.3
CRITICALCVE-2025-1987
A Cross-Site Scripting (XSS) vulnerability has been identified in Psono-Client’s handling of vault entries of type website_password and bookmark, as used in Bitdefender SecurePass. The client does not properly sanitize the URL field in these entries. As a... Read more
- Published: Jun. 21, 2025
- Modified: Jul. 30, 2025
- Vuln Type: Cross-Site Scripting
-
9.3
CRITICALCVE-2024-10044
A Server-Side Request Forgery (SSRF) vulnerability exists in the POST /worker_generate_stream API endpoint of the Controller API Server in lm-sys/fastchat, as of commit e208d5677c6837d590b81cb03847c0b9de100765. This vulnerability allows attackers to explo... Read more
Affected Products : fastchat- Published: Dec. 30, 2024
- Modified: Jul. 29, 2025
-
9.3
CRITICALCVE-2022-4978
Remote Control Server, maintained by Steppschuh, 3.1.1.12 allows unauthenticated remote code execution when authentication is disabled, which is the default configuration. The server exposes a custom UDP-based control protocol that accepts remote keyboard... Read more
Affected Products :- Published: Jul. 23, 2025
- Modified: Jul. 25, 2025
- Vuln Type: Authentication
-
9.3
CRITICALCVE-2025-6185
Leviton AcquiSuite and Energy Monitoring Hub are susceptible to a cross-site scripting vulnerability, allowing an attacker to craft a malicious payload in URL parameters, which would execute in a client browser when accessed by a user, steal session t... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 22, 2025
- Vuln Type: Cross-Site Scripting
-
9.3
CRITICALCVE-2025-34117
A remote code execution vulnerability exists in multiple Netcore and Netis routers models with firmware released prior to August 2014 due to the presence of an undocumented backdoor listener on UDP port 53413. Exact version boundaries remain undocumented.... Read more
Affected Products :- Published: Jul. 16, 2025
- Modified: Jul. 17, 2025
- Vuln Type: Authentication
-
9.3
CRITICALCVE-2025-25034
A PHP object injection vulnerability exists in SugarCRM versions prior to 6.5.24, 6.7.13, 7.5.2.5, 7.6.2.2, and 7.7.1.0 due to improper validation of PHP serialized input in the SugarRestSerialize.php script. The vulnerable code fails to sanitize the rest... Read more
Affected Products : sugarcrm- Published: Jun. 20, 2025
- Modified: Jul. 16, 2025
- Vuln Type: Injection
-
9.3
CRITICALCVE-2025-34101
An unauthenticated command injection vulnerability exists in Serviio Media Server versions 1.4 through 1.8 on Windows, in the /rest/action API endpoint exposed by the console component (default port 23423). The checkStreamUrl method accepts a VIDEO parame... Read more
Affected Products :- Published: Jul. 10, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Injection
-
9.3
CRITICALCVE-2025-34102
A remote code execution vulnerability exists in CryptoLog (PHP version, discontinued since 2009) due to a chained exploitation of SQL injection and command injection vulnerabilities. An unauthenticated attacker can gain shell access as the web server user... Read more
Affected Products :- Published: Jul. 10, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Injection
-
9.3
CRITICALCVE-2025-34095
An OS command injection vulnerability exists in Mako Server versions 2.5 and 2.6, specifically within the tutorial interface provided by the examples/save.lsp endpoint. An unauthenticated attacker can send a crafted PUT request containing arbitrary Lua os... Read more
Affected Products :- Published: Jul. 10, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Injection
-
9.3
HIGHCVE-2016-2492
The MediaTek power-management driver in Android before 2016-06-01 on Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 28085410.... Read more
- EPSS Score: %0.04
- Published: Jun. 13, 2016
- Modified: Apr. 12, 2025
-
9.3
HIGHCVE-2008-2160
Multiple unspecified vulnerabilities in the JPEG (GDI+) and GIF image processing in Microsoft Windows CE 5.0 allow remote attackers to execute arbitrary code via crafted (1) JPEG and (2) GIF images.... Read more
- EPSS Score: %43.77
- Published: May. 12, 2008
- Modified: Apr. 09, 2025
-
9.3
HIGHCVE-2016-2432
The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus 6 and Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 25913059.... Read more
- EPSS Score: %0.04
- Published: May. 09, 2016
- Modified: Apr. 12, 2025
-
9.3
HIGHCVE-2016-3869
The Broadcom Wi-Fi driver in Android before 2016-09-05 on Nexus 5, Nexus 6, Nexus 6P, Nexus 9, Nexus Player, and Pixel C devices allows attackers to gain privileges via a crafted application, aka Android internal bug 29009982 and Broadcom internal bug RB#... Read more
Affected Products : android- EPSS Score: %0.13
- Published: Sep. 11, 2016
- Modified: Apr. 12, 2025
-
9.3
HIGHCVE-2010-3101
Directory traversal vulnerability in FTPx Corp FTP Explorer 10.5.19.1 for Windows, and probably earlier versions, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename.... Read more
Affected Products : ftp_explorer- EPSS Score: %0.18
- Published: Aug. 21, 2010
- Modified: Apr. 11, 2025
-
9.3
HIGHCVE-2018-7923
Huawei ALP-L09 smart phones with versions earlier than ALP-L09 8.0.0.150(C432) have an insufficient input validation vulnerability due to lack of parameter check. An attacker tricks the user who has root privilege to install a crafted application, the app... Read more
- EPSS Score: %0.12
- Published: Sep. 12, 2018
- Modified: Nov. 21, 2024
-
9.3
CRITICALCVE-2023-50254
Deepin Linux's default document reader `deepin-reader` software suffers from a serious vulnerability in versions prior to 6.0.7 due to a design flaw that leads to remote command execution via crafted docx document. This is a file overwrite vulnerability. ... Read more
- EPSS Score: %8.85
- Published: Dec. 22, 2023
- Modified: Nov. 21, 2024
-
9.3
HIGHCVE-2009-0491
Stack-based buffer overflow in Elecard MPEG Player 5.5 build 15884.081218 allows remote attackers to execute arbitrary code via a M3U file containing a long URL.... Read more
Affected Products : elecard_mpeg_player- EPSS Score: %7.33
- Published: Feb. 10, 2009
- Modified: Apr. 09, 2025
-
9.3
HIGHCVE-1999-0704
Buffer overflow in Berkeley automounter daemon (amd) logging facility provided in the Linux am-utils package and others.... Read more
- EPSS Score: %4.18
- Published: Sep. 16, 1999
- Modified: Apr. 03, 2025
-
9.3
HIGHCVE-2003-1336
Buffer overflow in mIRC before 6.11 allows remote attackers to execute arbitrary code via a long irc:// URL.... Read more
Affected Products : mirc- EPSS Score: %66.55
- Published: Dec. 31, 2003
- Modified: Apr. 03, 2025
-
9.3
HIGHCVE-2006-6261
Buffer overflow in Quintessential Player 4.50.1.82 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) M3u or (2) M3u-8 file; or a (3) crafted PLS file with a long value in the (a)... Read more
Affected Products : windows_2000 windows_xp windows_95 windows_98 windows_nt windows_me quintessential_player- EPSS Score: %6.16
- Published: Dec. 04, 2006
- Modified: Apr. 09, 2025