Latest CVE Feed
- 
                                
                                9.8CRITICALCVE-2025-55086In NetXDuo version before 6.4.4, a networking support module for Eclipse Foundation ThreadX, in the DHCPV6 client there was an unchecked index extracting the server DUID from the server reply. With a crafted packet, an attacker could cause an out of memor... Read more Affected Products : threadx_netx_duo- Published: Oct. 20, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Memory Corruption
 
- 
                                
                                9.8CRITICALCVE-2025-60554D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetEnableWizard.... Read more Affected Products :- Published: Oct. 24, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Memory Corruption
 
- 
                                
                                9.8CRITICALCVE-2025-43995Dell Storage Center - Dell Storage Manager, version(s) 20.1.21, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. Authe... Read more Affected Products : dell_storage_manager- Published: Oct. 24, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Authentication
 
- 
                                
                                9.8CRITICALCVE-2025-61757Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network ac... Read more Affected Products : identity_manager- Published: Oct. 21, 2025
- Modified: Oct. 24, 2025
 
- 
                                
                                9.8CRITICALCVE-2025-53072Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access ... Read more Affected Products : marketing- Published: Oct. 21, 2025
- Modified: Oct. 24, 2025
 
- 
                                
                                9.8CRITICALCVE-2025-60232Deserialization of Untrusted Data vulnerability in quantumcloud KBx Pro Ultimate knowledgebase-helpdesk-pro allows Object Injection.This issue affects KBx Pro Ultimate: from n/a through <= 8.0.5.... Read more Affected Products :- Published: Oct. 22, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Injection
 
- 
                                
                                9.8CRITICALCVE-2025-7851An attacker may obtain the root shell on the underlying OS system with the restricted conditions on Omada gateways.... Read more Affected Products : er7206_firmware er7206 er8411_firmware er8411 er7412-m2_firmware er7412-m2 er707-m2_firmware er707-m2 er605_firmware er605 +16 more products- Published: Oct. 21, 2025
- Modified: Oct. 24, 2025
 
- 
                                
                                9.8CRITICALCVE-2025-11253Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aksis Technology Inc. Netty ERP allows SQL Injection.This issue affects Netty ERP: before V.1.1000.... Read more Affected Products :- Published: Oct. 24, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Injection
 
- 
                                
                                9.8CRITICALCVE-2025-6440The WooCommerce Designer Pro plugin for WordPress, used by the Pricom - Printing Company & Design Services WordPress theme, is vulnerable to arbitrary file uploads due to missing file type validation in the 'wcdp_save_canvas_design_ajax' function in all v... Read more Affected Products :- Published: Oct. 24, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Misconfiguration
 
- 
                                
                                9.8CRITICALCVE-2025-11108A vulnerability was determined in code-projects Simple Scheduling System 1.0. Impacted is an unknown function of the file /schedulingsystem/addroom.php. Executing manipulation of the argument room can lead to sql injection. The attack may be performed fro... Read more - Published: Sep. 28, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Injection
 
- 
                                
                                9.8CRITICALCVE-2025-11107A vulnerability was found in code-projects Simple Scheduling System 1.0. This issue affects some unknown processing of the file /schedulingsystem/addcourse.php. Performing manipulation of the argument corcode results in sql injection. The attack is possib... Read more - Published: Sep. 28, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Injection
 
- 
                                
                                9.8CRITICALCVE-2025-11105A flaw has been found in code-projects Simple Scheduling System 1.0. This affects an unknown part of the file /schedulingsystem/addsubject.php. This manipulation of the argument subcode causes sql injection. Remote exploitation of the attack is possible. ... Read more - Published: Sep. 28, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Injection
 
- 
                                
                                9.8CRITICALCVE-2025-11074A flaw has been found in code-projects Project Monitoring System 1.0. The impacted element is an unknown function of the file /login.php. This manipulation of the argument username/password causes sql injection. The attack may be initiated remotely. The e... Read more - Published: Sep. 27, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Injection
 
- 
                                
                                9.8CRITICALCVE-2025-11037A security flaw has been discovered in code-projects E-Commerce Website 1.0. This impacts an unknown function of the file /pages/admin_index_search.php. Performing manipulation of the argument Search results in sql injection. The attack may be initiated r... Read more - Published: Sep. 26, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Injection
 
- 
                                
                                9.8CRITICALCVE-2025-11036A vulnerability was identified in code-projects E-Commerce Website 1.0. This affects an unknown function of the file /pages/admin_account_update.php. Such manipulation of the argument user_id leads to sql injection. The attack can be launched remotely. Th... Read more - Published: Sep. 26, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Injection
 
- 
                                
                                9.8CRITICALCVE-2025-11094A security vulnerability has been detected in code-projects E-Commerce Website 1.0. This affects an unknown part of the file /pages/admin_product_details.php. Such manipulation of the argument prod_id leads to sql injection. The attack may be launched rem... Read more - Published: Sep. 28, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Injection
 
- 
                                
                                9.8CRITICALCVE-2025-49935Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in xtemos WoodMart woodmart allows PHP Local File Inclusion.This issue affects WoodMart: from n/a through < 8.3.2.... Read more Affected Products : woodmart- Published: Oct. 22, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Injection
 
- 
                                
                                9.8CRITICALCVE-2025-58967Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Businext businext allows PHP Local File Inclusion.This issue affects Businext: from n/a through < 2.4.4.... Read more Affected Products :- Published: Oct. 22, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Path Traversal
 
- 
                                
                                9.8CRITICALCVE-2025-58958Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove SmilePure smilepure allows PHP Local File Inclusion.This issue affects SmilePure: from n/a through < 1.8.5.... Read more Affected Products :- Published: Oct. 22, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Path Traversal
 
- 
                                
                                9.8CRITICALCVE-2025-53037Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vuln... Read more Affected Products : financial_services_analytical_applications_infrastructure- Published: Oct. 21, 2025
- Modified: Oct. 23, 2025
 
 
                         
                         
                         
                                             
                                            