Latest CVE Feed
-
9.3
CRITICALCVE-2025-49931
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CrocoBlock JetSearch jet-search allows Blind SQL Injection.This issue affects JetSearch: from n/a through <= 3.5.10.... Read more
Affected Products : jetsearch- Published: Oct. 22, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Injection
-
9.3
CRITICALCVE-2025-11534
The affected Raisecom devices allow SSH sessions to be established without completing user authentication. This could allow attackers to gain shell access without valid credentials.... Read more
Affected Products :- Published: Oct. 21, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Authentication
-
9.3
CRITICALCVE-2018-25117
VestaCP commit a3f0fa1 (2018-05-31) up to commit ee03eff (2018-06-13) contain embedded malicious code that resulted in a supply-chain compromise. New installations created from the compromised installer since at least May 2018 were subject to installation... Read more
Affected Products :- Published: Oct. 15, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Supply Chain
-
9.3
CRITICALCVE-2023-7325
Anheng Mingyu Operation and Maintenance Audit and Risk Control System up to 2023-08-10 contains a server-side request forgery (SSRF) vulnerability in the xmlrpc.sock handler. The product accepts specially crafted XML-RPC requests that can be used to instr... Read more
Affected Products :- Published: Oct. 30, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Server-Side Request Forgery
-
9.3
CRITICALCVE-2025-41028
A SQL Injection vulnerability has been found in Epsilon RH by Grupo Castilla. This vulnerability allows an attacker to retrieve, create, update and delete database via sending a POST request using the parameter ‘sEstadoUsr’ in ‘/epsilonnetws/WSAvisos.asmx... Read more
Affected Products :- Published: Oct. 20, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Injection
-
9.3
CRITICALCVE-2025-11462
Improper Link Resolution Before File Access in the AWS VPN Client for macOS versions 1.3.2- 5.2.0 allows a local user to execute code with elevated privileges. Insufficient validation checks on the log destination directory during log rotation could allow... Read more
Affected Products :- Published: Oct. 07, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Path Traversal
-
9.3
CRITICALCVE-2025-6893
An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network security appliances and routers. A flaw in broken access control has been identified in the /api/v1/setting/data endpoint of the affected device. This flaw allows... Read more
Affected Products : tn-4900_firmware- Published: Oct. 17, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Authorization
-
9.3
CRITICALCVE-2025-8536
A SQL injection vulnerability has been identified in DobryCMS. Improper neutralization of input provided by user into language functionality allows for SQL Injection attacks. This issue affects older branches of this software.... Read more
Affected Products :- Published: Oct. 24, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Injection
-
9.2
CRITICALCVE-2017-20205
Valve's Source SDK (source-sdk-2013)'s ragdoll model parsing logic contains a stack-based buffer overflow vulnerability.The tokenizer function `nexttoken` copies characters from an input string into a fixed-size stack buffer without performing bounds chec... Read more
Affected Products :- Published: Oct. 15, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Memory Corruption
-
9.2
CRITICALCVE-2025-64385
The equipment initially can be configured using the manufacturer's application, by Wi-Fi, by the web server or with the manufacturer’s software. Using the manufacturer's software, the device can be configured via UDP. Analyzing this communication, it has ... Read more
Affected Products : tcprs1plus- Published: Oct. 31, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Authentication
-
9.2
CRITICALCVE-2023-7305
SmartBI V8, V9, and V10 contain an unrestricted file upload vulnerability via the RMIServlet request handling logic. Under certain configurations or usage patterns, attackers can send specially crafted requests that cause the application to perform sensit... Read more
Affected Products :- Published: Oct. 15, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Misconfiguration
-
9.2
CRITICALCVE-2025-6338
There is an incomplete cleanup vulnerability in Qt Network's Schannel support on Windows which can lead to a Denial of Service over a long period.This issue affects Qt from 5.15.0 through 6.8.3, from 6.9.0 before 6.9.2.... Read more
Affected Products :- Published: Oct. 16, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Denial of Service
-
9.2
CRITICALCVE-2025-55089
In FileX before 6.4.2, the file support module for Eclipse Foundation ThreadX, there was a possible buffer overflow in the FileX RAM disk driver. It could cause a remote execurtion after receiving a crafted sequence of packets... Read more
Affected Products :- Published: Oct. 16, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Memory Corruption
-
9.2
CRITICALCVE-2025-64388
Denial of service of the web server through specific requests to this protocol... Read more
Affected Products : tcprs1plus- Published: Oct. 31, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Denial of Service
-
9.2
CRITICALCVE-2025-11899
Agentflow developed by Flowring has an Use of Hard-coded Cryptographic Key vulnerability, allowing unauthenticated remote attackers to exploit the fixed key to generate verification information, thereby logging into the system as any user. Attacker must f... Read more
Affected Products : agentflow- Published: Oct. 17, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Cryptography
-
9.1
CRITICALCVE-2025-46364
Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user with known password can run CLI Escape Vulnerability to gain control of system.... Read more
Affected Products :- Published: Nov. 05, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Authentication
-
9.1
CRITICALCVE-2025-52735
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Reflected XSS.This issue affects NextMove Lite: from n/a through <= 2.21.0.... Read more
Affected Products : nextmove- Published: Oct. 22, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Cross-Site Scripting
-
9.1
CRITICALCVE-2025-61235
An issue was discovered in Dataphone A920 v2025.07.161103. A custom packet based on public documentation can be crafted, where some fields can contain arbitrary or trivial data. Normally, such data should cause the device to reject the packet. However, du... Read more
Affected Products :- Published: Oct. 28, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Authentication
-
9.1
CRITICALCVE-2025-62717
Emlog is an open source website building system. In version 2.5.23, Emlog Pro is vulnerable to a session verification code error due to a clearing logic error. This means the verification code could be reused anywhere an email verification code is require... Read more
Affected Products : emlog- Published: Oct. 24, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Authentication
-
9.1
CRITICALCVE-2025-52734
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ERA404 CropRefine croprefine allows Reflected XSS.This issue affects CropRefine: from n/a through <= 1.2.1.... Read more
Affected Products :- Published: Oct. 22, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Cross-Site Scripting