Latest CVE Feed
-
9.4
CVSS31CVE-2025-53825
Dokploy is a free, self-hostable Platform as a Service (PaaS). Prior to version 0.24.3, an unauthenticated preview deployment vulnerability in Dokploy allows any user to execute arbitrary code and access sensitive environment variables by simply opening a... Read more
Affected Products :- Published: Jul. 14, 2025
- Modified: Jul. 15, 2025
-
9.3
CVSS31CVE-2025-41236
VMware ESXi, Workstation, and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter. A malicious actor with local administrative privileges on a virtual machine with VMXNET3 virtual network adapter may exploit this issue ... Read more
Affected Products :- Published: Jul. 15, 2025
- Modified: Jul. 15, 2025
-
9.3
CVSS31CVE-2025-41237
VMware ESXi, Workstation, and Fusion contain an integer-underflow in VMCI (Virtual Machine Communication Interface) that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to... Read more
Affected Products :- Published: Jul. 15, 2025
- Modified: Jul. 15, 2025
-
9.3
CVSS31CVE-2025-41238
VMware ESXi, Workstation, and Fusion contain a heap-overflow vulnerability in the PVSCSI (Paravirtualized SCSI) controller that leads to an out of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this i... Read more
Affected Products :- Published: Jul. 15, 2025
- Modified: Jul. 15, 2025
-
9.1
CVSS31CVE-2025-7341
The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the temp_file_delete() function in all versions up to, and i... Read more
Affected Products :- Published: Jul. 15, 2025
- Modified: Jul. 15, 2025
-
9.1
CVSS31CVE-2025-7360
The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation in the handle_files_upload() function in all versions up to, and ... Read more
Affected Products :- Published: Jul. 15, 2025
- Modified: Jul. 15, 2025
-
9.1
CVSS31CVE-2025-5393
The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the alone_import_pack_restore_data() function in all versions up to, and including, 7.8.3.... Read more
Affected Products :- Published: Jul. 15, 2025
- Modified: Jul. 15, 2025
-
9.0
CVSS31CVE-2025-53835
XWiki Rendering is a generic rendering system that converts textual input in a given syntax (wiki syntax, HTML, etc) into another syntax (XHTML, etc). Starting in version 5.4.5 and prior to version 14.10, the XHTML syntax depended on the `xdom+xml/current... Read more
Affected Products :- Published: Jul. 14, 2025
- Modified: Jul. 15, 2025
-
9.0
CVSS31CVE-2025-50067
Vulnerability in Oracle Application Express (component: Strategic Planner Starter App). Supported versions that are affected are 24.2.4 and 24.2.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromis... Read more
Affected Products :- Published: Jul. 15, 2025
- Modified: Jul. 15, 2025
-
8.8
CVSS31CVE-2025-7598
A vulnerability classified as critical was found in Tenda AX1803 1.0.0.1. Affected by this vulnerability is the function formSetWifiMacFilterCfg of the file /goform/setWifiFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer ... Read more
Affected Products : ax1803_firmware- Published: Jul. 14, 2025
- Modified: Jul. 15, 2025
-
8.8
CVSS31CVE-2025-7570
A vulnerability was found in UTT HiPER 840G up to 3.1.1-190328. It has been rated as critical. Affected by this issue is some unknown functionality of the file /goform/aspRemoteApConfTempSend. The manipulation of the argument remoteSrcTemp leads to buffer... Read more
Affected Products :- Published: Jul. 14, 2025
- Modified: Jul. 15, 2025
-
8.8
CVSS31CVE-2025-7550
A vulnerability was found in Tenda FH1201 1.2.0.14(408). It has been classified as critical. Affected is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer. The manipulation of the argument dips leads to stack-based buffer overflow. It is po... Read more
- Published: Jul. 13, 2025
- Modified: Jul. 15, 2025
-
8.8
CVSS31CVE-2025-7589
A vulnerability classified as critical was found in PHPGurukul Dairy Farm Shop Management System 1.3. This vulnerability affects unknown code of the file edit-company.php. The manipulation of the argument companyname leads to sql injection. The attack can... Read more
Affected Products : dairy_farm_shop_management_system- Published: Jul. 14, 2025
- Modified: Jul. 15, 2025
-
8.8
CVSS31CVE-2025-7597
A vulnerability classified as critical has been found in Tenda AX1803 1.0.0.1. Affected is the function formSetMacFilterCfg of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. It is possib... Read more
- Published: Jul. 14, 2025
- Modified: Jul. 15, 2025
-
8.8
CVSS31CVE-2025-7562
A vulnerability classified as critical has been found in PHPGurukul Online Fire Reporting System 1.2. Affected is an unknown function of the file /admin/new-requests.php. The manipulation of the argument teamid leads to sql injection. It is possible to la... Read more
Affected Products : online_fire_reporting_system- Published: Jul. 14, 2025
- Modified: Jul. 15, 2025
-
8.8
CVSS31CVE-2025-7559
A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2. It has been classified as critical. This affects an unknown part of the file /admin/bwdates-report-result.php. The manipulation of the argument fromdate/todate leads to sql injectio... Read more
Affected Products : online_fire_reporting_system- Published: Jul. 14, 2025
- Modified: Jul. 15, 2025
-
8.8
CVSS31CVE-2025-7551
A vulnerability was found in Tenda FH1201 1.2.0.14(408). It has been declared as critical. Affected by this vulnerability is the function fromPptpUserAdd of the file /goform/PPTPDClient. The manipulation of the argument modino/username leads to stack-base... Read more
- Published: Jul. 14, 2025
- Modified: Jul. 15, 2025
-
8.8
CVSS31CVE-2025-7571
A vulnerability classified as critical has been found in UTT HiPER 840G up to 3.1.1-190328. This affects an unknown part of the file /goform/aspApBasicConfigUrcp. The manipulation of the argument Username leads to buffer overflow. It is possible to initia... Read more
Affected Products :- Published: Jul. 14, 2025
- Modified: Jul. 15, 2025
-
8.8
CVSS31CVE-2025-7596
A vulnerability was found in Tenda FH1205 2.0.0.7(775). It has been rated as critical. This issue affects the function formWifiExtraSet of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. ... Read more
Affected Products : fh1205_firmware- Published: Jul. 14, 2025
- Modified: Jul. 15, 2025
-
8.8
CVSS31CVE-2025-7548
A vulnerability has been found in Tenda FH1201 1.2.0.14(408) and classified as critical. This vulnerability affects the function formSafeEmailFilter of the file /goform/SafeEmailFilter. The manipulation of the argument page leads to stack-based buffer ove... Read more
- Published: Jul. 13, 2025
- Modified: Jul. 15, 2025