Latest CVE Feed
-
9.8
CRITICALCVE-2025-9791
A weakness has been identified in Tenda AC20 16.03.08.05. This vulnerability affects unknown code of the file /goform/fromAdvSetMacMtuWan. This manipulation of the argument wanMTU causes stack-based buffer overflow. Remote exploitation of the attack is po... Read more
- Published: Sep. 01, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Memory Corruption
-
7.0
HIGHCVE-2025-9778
A security vulnerability has been detected in Tenda W12 up to 3.0.0.6(3948). Affected is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. The manipulation leads to hard-coded credentials. An attack has to be approa... Read more
- Published: Sep. 01, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-9772
A vulnerability was detected in RemoteClinic up to 2.0. This affects an unknown part of the file /staff/edit.php. Performing manipulation of the argument image results in unrestricted upload. The attack can be initiated remotely. The exploit is now public... Read more
Affected Products : remote_clinic- Published: Sep. 01, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Authentication
-
6.1
MEDIUMCVE-2025-9773
A flaw has been found in RemoteClinic up to 2.0. This vulnerability affects unknown code of the file /staff/edit.php. Executing manipulation of the argument Last Name can lead to cross site scripting. The attack can be launched remotely. The exploit has b... Read more
Affected Products : remote_clinic- Published: Sep. 01, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Cross-Site Scripting
-
5.0
MEDIUMCVE-2025-9774
A vulnerability has been found in RemoteClinic up to 2.0. This issue affects some unknown processing of the file /patients/edit-patient.php. The manipulation of the argument Email leads to information disclosure. The attack may be initiated remotely. The ... Read more
Affected Products : remote_clinic- Published: Sep. 01, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Information Disclosure
-
8.5
HIGHCVE-2025-9815
A weakness has been identified in alaneuler batteryKid up to 2.1 on macOS. The affected element is an unknown function of the file PrivilegeHelper/PrivilegeHelper.swift of the component NSXPCListener. This manipulation causes missing authentication. It is... Read more
- Published: Sep. 02, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Authentication
-
5.4
MEDIUMCVE-2025-9867
Inappropriate implementation in Downloads in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)... Read more
- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Misconfiguration
-
8.8
HIGHCVE-2025-9866
Inappropriate implementation in Extensions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)... Read more
- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Misconfiguration
-
5.4
MEDIUMCVE-2025-9865
Inappropriate implementation in Toolbar in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Me... Read more
- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Information Disclosure
-
8.8
HIGHCVE-2025-9864
Use after free in V8 in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more
- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-9775
A vulnerability was found in RemoteClinic up to 2.0. Impacted is an unknown function of the file /staff/edit-my-profile.php. The manipulation of the argument image results in unrestricted upload. The attack may be launched remotely. The exploit has been m... Read more
Affected Products : remote_clinic- Published: Sep. 01, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Authentication
-
5.4
MEDIUMCVE-2023-21481
Improper URL input validation vulnerability in Samsung Account application prior to version 14.1.0.0 allows remote attackers to get sensitive information.... Read more
Affected Products : account- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Information Disclosure
-
4.3
MEDIUMCVE-2025-9273
CData API Server MySQL Misconfiguration Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of CData API Server. Authentication is required to exploit this vulnerabil... Read more
Affected Products :- Published: Sep. 02, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Misconfiguration
-
6.9
MEDIUMCVE-2025-57806
Local Deep Research is an AI-powered research assistant for deep, iterative research. Versions 0.2.0 through 0.6.7 stored confidential information, including API keys, in a local SQLite database without encryption. This behavior was not clearly documented... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Information Disclosure
-
7.7
HIGHCVE-2025-9785
PaperCut Print Deploy is an optional component that integrates with PaperCut NG/MF which simplifies printer deployment and management. When the component is deployed to an environment, the customer has an option to configure the system to use a self-signe... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2025-9260
The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to PHP Object Injection in versions 5.1.16 to 6.1.1 via deserialization of untrusted input in the parseUserProperties function. T... Read more
Affected Products : contact_form- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Misconfiguration
-
2.7
LOWCVE-2025-9821
SummaryUsers with webhook permissions can conduct SSRF via webhooks. If they have permission to view the webhook logs, the (partial) request response is also disclosed DetailsWhen sending webhooks, the destination is not validated, causing SSRF. Impact... Read more
Affected Products : mautic- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Server-Side Request Forgery
-
8.8
HIGHCVE-2025-8663
Insertion of Sensitive Information into Log File vulnerability in upKeeper Solutions upKeeper Manager allows Use of Known Domain Credentials.This issue affects upKeeper Manager: from 5.0.0 before 5.2.12.... Read more
Affected Products : upkeeper_manager- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Information Disclosure
-
7.2
HIGHCVE-2025-8613
Vacron Camera ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Vacron Camera devices. Authentication is required to exploit this vulnerability. T... Read more
Affected Products :- Published: Sep. 02, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Injection
-
7.8
HIGHCVE-2025-7975
Anritsu ShockLine CHX File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Anritsu ShockLine. User interaction is required to exploit this v... Read more
Affected Products :- Published: Sep. 02, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Path Traversal