Latest CVE Feed
-
8.5
CVSS31CVE-2025-23267
NVIDIA Container Toolkit for all platforms contains a vulnerability in the update-ldcache hook, where an attacker could cause a link following by using a specially crafted container image. A successful exploit of this vulnerability might lead to data tamp... Read more
Affected Products :- Published: Jul. 17, 2025
- Modified: Jul. 17, 2025
-
8.3
CVSS31CVE-2025-54075
MDC is a tool to take regular Markdown and write documents interacting deeply with a Vue component. Prior to version 0.17.2, a remote script-inclusion / stored cross-site scripting vulnerability in @nuxtjs/mdc lets a Markdown author inject a `<base href="... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
8.2
CVSS31CVE-2025-52164
Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to store credentials in plaintext.... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
7.8
CVSS31CVE-2024-39289
A code execution vulnerability has been discovered in the Robot Operating System (ROS) 'rosparam' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability stems from the use of the eval() function to process unsanitized, user-suppl... Read more
Affected Products :- Published: Jul. 17, 2025
- Modified: Jul. 17, 2025
-
7.8
CVSS31CVE-2024-41148
A code injection vulnerability has been discovered in the Robot Operating System (ROS) 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the 'hz' verb, which reports the publishing rate of a t... Read more
Affected Products :- Published: Jul. 17, 2025
- Modified: Jul. 17, 2025
-
7.8
CVSS31CVE-2025-6232
An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying specific registry locations.... Read more
- Published: Jul. 17, 2025
- Modified: Jul. 17, 2025
-
7.8
CVSS31CVE-2025-6231
An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying an application configuration file.... Read more
- Published: Jul. 17, 2025
- Modified: Jul. 17, 2025
-
7.8
CVSS31CVE-2025-3753
A code execution vulnerability has been identified in the Robot Operating System (ROS) 'rosbag' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability arises from the use of the eval() function to process unsanitized, user-suppli... Read more
Affected Products :- Published: Jul. 17, 2025
- Modified: Jul. 17, 2025
-
7.8
CVSS31CVE-2024-39835
A code injection vulnerability has been identified in the Robot Operating System (ROS) 'roslaunch' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability arises from the use of the eval() method to process user-suppl... Read more
Affected Products :- Published: Jul. 17, 2025
- Modified: Jul. 17, 2025
-
7.8
CVSS31CVE-2024-41921
A code injection vulnerability has been discovered in the Robot Operating System (ROS) 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the 'echo' verb, which allows a user to introspect a RO... Read more
Affected Products :- Published: Jul. 17, 2025
- Modified: Jul. 17, 2025
-
7.8
CVSS31CVE-2025-0886
An incorrect permissions vulnerability was reported in Elliptic Labs Virtual Lock Sensor that could allow a local, authenticated user to escalate privileges.... Read more
Affected Products : elliptic_human_presence_detection_device_driver_for_p1_gen_7_type_21kv_21kw_laptop_thinkpad p14s_gen_5_type_21g2_21g3_laptops_thinkpad elliptic_human_presence_detection_device_driver_for_t14s_gen_5_type_21ls_21lt_laptop_thinkpad elliptic_human_presence_detection_device_driver_for_p16v_gen_1_type_21fc_21fd_laptop_thinkpad elliptic_human_presence_detection_device_driver_for_t16_gen_2_type_21k7_21k8_laptop_thinkpad elliptic_human_presence_detection_driver_for_t14s_gen_6_type_21m1_21m2_laptops_thinkpad elliptic_virtual_lock_sensor_service_for_p1_gen_6_type_21fv_21fw_laptop_thinkpad elliptic_human_presence_detection_device_driver_for_p16v_gen_2_type_21kx_21ky_laptops_thinkpad elliptic_virtual_lock_sensor_for_x13_yoga_gen_4_type_21f2_21f3_laptop_thinkpad elliptic_human_presence_detection_device_driver_for_t14s_gen_4_type_21f8_21f9_laptop_thinkpad +9 more products- Published: Jul. 17, 2025
- Modified: Jul. 17, 2025
-
7.6
CVSS31CVE-2025-23263
NVIDIA DOCA-Host and Mellanox OFED contain a vulnerability in the VGT+ feature, where an attacker on a VM might cause escalation of privileges and denial of service on the VLAN.... Read more
Affected Products :- Published: Jul. 17, 2025
- Modified: Jul. 17, 2025
-
7.6
CVSS31CVE-2025-6023
An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability was introduced in Grafana v11.5.0. The open redirect can be chained with path traversal vulnerabilities to achieve XSS. Fix... Read more
Affected Products : grafana- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
7.5
CVSS31CVE-2025-1713
When setting up interrupt remapping for legacy PCI(-X) devices, including PCI(-X) bridges, a lookup of the upstream bridge is required. This lookup, itself involving acquiring of a lock, is done in a context where acquiring that lock is unsafe. This can ... Read more
Affected Products : xen- Published: Jul. 17, 2025
- Modified: Jul. 17, 2025
-
7.5
CVSS31CVE-2025-7754
A vulnerability was found in code-projects Patient Record Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /xray_form.php. The manipulation of the argument itr_no leads to sql injection. The atta... Read more
Affected Products : patient_record_management_system- Published: Jul. 17, 2025
- Modified: Jul. 18, 2025
-
7.5
CVSS31CVE-2025-7438
The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'install_and_activate_plugin' function in all versions up to, and including, 4.7.9. This makes it possible for authenticat... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
7.5
CVSS31CVE-2025-7338
Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.2 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload ... Read more
Affected Products :- Published: Jul. 17, 2025
- Modified: Jul. 17, 2025
-
7.5
CVSS31CVE-2025-54073
mcp-package-docs is an MCP (Model Context Protocol) server that provides LLMs with efficient access to package documentation across multiple programming languages and language server protocol (LSP) capabilities. A command injection vulnerability exists in... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
7.5
CVSS31CVE-2025-7735
The Hospital Information System developed by UNIMAX has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.... Read more
Affected Products :- Published: Jul. 17, 2025
- Modified: Jul. 17, 2025
-
7.5
CVSS31CVE-2025-7472
A local privilege escalation vulnerability in the Intercept X for Windows installer prior version 1.22 can lead to a local user gaining system level privileges, if the installer is run as SYSTEM.... Read more
Affected Products :- Published: Jul. 17, 2025
- Modified: Jul. 17, 2025