Latest CVE Feed
-
8.8
HIGHCVE-2025-8299
Realtek rtl81xx SDK Wi-Fi Driver MgntActSet_TEREDO_SET_RS_PACKET Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Realtek rtl81xx SDK Wi-Fi d... Read more
- Published: Sep. 02, 2025
- Modified: Sep. 10, 2025
- Vuln Type: Memory Corruption
-
7.7
HIGHCVE-2025-53781
Exposure of sensitive information to an unauthorized actor in Azure Virtual Machines allows an authorized attacker to disclose information over a network.... Read more
- Published: Aug. 12, 2025
- Modified: Sep. 10, 2025
- Vuln Type: Information Disclosure
-
8.2
HIGHCVE-2025-55163
Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to MadeYouReset DDoS. This is a logical vulnerability in the HTTP/2 protocol, that uses malformed HTTP/2 control fra... Read more
Affected Products : netty- Published: Aug. 13, 2025
- Modified: Sep. 10, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-5824
Autel MaxiCharger AC Wallbox Commercial Origin Validation Error Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Autel MaxiCharger AC Wallbox Commercial. An att... Read more
Affected Products : maxicharger_ac_elite_business_c50_firmware maxicharger_ac_elite_business_c50 maxicharger_ac_pro_firmware maxicharger_ac_pro maxicharger_ac_ultra_firmware maxicharger_ac_ultra maxicharger_dc_compact_mobile_firmware maxicharger_dc_compact_mobile maxicharger_dc_compact_pedestal_firmware maxicharger_dc_compact_pedestal +8 more products- Published: Jun. 25, 2025
- Modified: Sep. 10, 2025
- Vuln Type: Authentication
-
6.5
MEDIUMCVE-2025-5823
Autel MaxiCharger AC Wallbox Commercial Serial Number Exposed Dangerous Method Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autel MaxiCharger AC Wallbox Com... Read more
Affected Products : maxicharger_ac_elite_business_c50_firmware maxicharger_ac_elite_business_c50 maxicharger_ac_pro_firmware maxicharger_ac_pro maxicharger_ac_ultra_firmware maxicharger_ac_ultra maxicharger_dc_compact_mobile_firmware maxicharger_dc_compact_mobile maxicharger_dc_compact_pedestal_firmware maxicharger_dc_compact_pedestal +8 more products- Published: Jun. 25, 2025
- Modified: Sep. 10, 2025
- Vuln Type: Authentication
-
8.8
HIGHCVE-2025-5822
Autel MaxiCharger AC Wallbox Commercial Technician API Incorrect Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of Autel MaxiCharger AC Wallbox Commercial charg... Read more
Affected Products : maxicharger_ac_elite_business_c50_firmware maxicharger_ac_elite_business_c50 maxicharger_ac_pro_firmware maxicharger_ac_pro maxicharger_ac_ultra_firmware maxicharger_ac_ultra maxicharger_dc_compact_mobile_firmware maxicharger_dc_compact_mobile maxicharger_dc_compact_pedestal_firmware maxicharger_dc_compact_pedestal +8 more products- Published: Jun. 25, 2025
- Modified: Sep. 10, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-5825
Autel MaxiCharger AC Wallbox Commercial Firmware Downgrade Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Wallbox Commercial charging st... Read more
Affected Products : maxicharger_ac_elite_business_c50_firmware maxicharger_ac_elite_business_c50 maxicharger_ac_pro_firmware maxicharger_ac_pro maxicharger_ac_ultra_firmware maxicharger_ac_ultra maxicharger_dc_compact_mobile_firmware maxicharger_dc_compact_mobile maxicharger_dc_compact_pedestal_firmware maxicharger_dc_compact_pedestal +8 more products- Published: Jun. 25, 2025
- Modified: Sep. 10, 2025
- Vuln Type: Misconfiguration
-
6.3
MEDIUMCVE-2025-5826
Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Misinterpretation of Input Vulnerability. This vulnerability allows network-adjacent attackers to inject arbitrary AT commands on affected installations of Autel MaxiCharger AC Wallbox Commerci... Read more
Affected Products : maxicharger_ac_elite_business_c50_firmware maxicharger_ac_elite_business_c50 maxicharger_ac_pro_firmware maxicharger_ac_pro maxicharger_ac_ultra_firmware maxicharger_ac_ultra maxicharger_dc_compact_mobile_firmware maxicharger_dc_compact_mobile maxicharger_dc_compact_pedestal_firmware maxicharger_dc_compact_pedestal +8 more products- Published: Jun. 25, 2025
- Modified: Sep. 10, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-5827
Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC... Read more
Affected Products : maxicharger_ac_elite_business_c50_firmware maxicharger_ac_elite_business_c50 maxicharger_ac_pro_firmware maxicharger_ac_pro maxicharger_ac_ultra_firmware maxicharger_ac_ultra maxicharger_dc_compact_mobile_firmware maxicharger_dc_compact_mobile maxicharger_dc_compact_pedestal_firmware maxicharger_dc_compact_pedestal +8 more products- Published: Jun. 25, 2025
- Modified: Sep. 10, 2025
- Vuln Type: Memory Corruption
-
6.8
MEDIUMCVE-2025-5828
Autel MaxiCharger AC Wallbox Commercial wLength Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Wallbox Commercial EV c... Read more
Affected Products : maxicharger_ac_elite_business_c50_firmware maxicharger_ac_elite_business_c50 maxicharger_ac_pro_firmware maxicharger_ac_pro maxicharger_ac_ultra_firmware maxicharger_ac_ultra maxicharger_dc_compact_mobile_firmware maxicharger_dc_compact_mobile maxicharger_dc_compact_pedestal_firmware maxicharger_dc_compact_pedestal +8 more products- Published: Jun. 25, 2025
- Modified: Sep. 10, 2025
- Vuln Type: Memory Corruption
-
6.8
MEDIUMCVE-2025-5829
Autel MaxiCharger AC Wallbox Commercial autocharge Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected affected installations of Autel MaxiCharger A... Read more
Affected Products : maxicharger_ac_elite_business_c50_firmware maxicharger_ac_elite_business_c50 maxicharger_ac_pro_firmware maxicharger_ac_pro maxicharger_ac_ultra_firmware maxicharger_ac_ultra maxicharger_dc_compact_mobile_firmware maxicharger_dc_compact_mobile maxicharger_dc_compact_pedestal_firmware maxicharger_dc_compact_pedestal +8 more products- Published: Jun. 25, 2025
- Modified: Sep. 10, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-5830
Autel MaxiCharger AC Wallbox Commercial DLB_SlaveRegister Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Wall... Read more
Affected Products : maxicharger_ac_elite_business_c50_firmware maxicharger_ac_elite_business_c50 maxicharger_ac_pro_firmware maxicharger_ac_pro maxicharger_ac_ultra_firmware maxicharger_ac_ultra maxicharger_dc_compact_mobile_firmware maxicharger_dc_compact_mobile maxicharger_dc_compact_pedestal_firmware maxicharger_dc_compact_pedestal +8 more products- Published: Jun. 25, 2025
- Modified: Sep. 10, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-6678
Autel MaxiCharger AC Wallbox Commercial PIN Missing Authentication Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autel MaxiCharger AC Wallbox Commercial char... Read more
Affected Products : maxicharger_ac_elite_business_c50_firmware maxicharger_ac_elite_business_c50 maxicharger_ac_pro_firmware maxicharger_ac_pro maxicharger_ac_ultra_firmware maxicharger_ac_ultra maxicharger_dc_compact_mobile_firmware maxicharger_dc_compact_mobile maxicharger_dc_compact_pedestal_firmware maxicharger_dc_compact_pedestal +8 more products- Published: Jun. 25, 2025
- Modified: Sep. 10, 2025
- Vuln Type: Authentication
-
4.8
MEDIUMCVE-2025-8919
A vulnerability was determined in Portabilis i-Diario up to 1.6. Affected is an unknown function of the file /objetivos-de-aprendizagem-e-habilidades of the component History Page. The manipulation of the argument código/objetivo habilidade leads to cross... Read more
Affected Products : i-diario- Published: Aug. 13, 2025
- Modified: Sep. 10, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-8920
A vulnerability was identified in Portabilis i-Diario 1.6. Affected by this vulnerability is an unknown functionality of the file /dicionario-de-termos-bncc of the component Dicionário de Termos BNCC Page. The manipulation of the argument Planos de ensino... Read more
Affected Products : i-diario- Published: Aug. 13, 2025
- Modified: Sep. 10, 2025
- Vuln Type: Cross-Site Scripting
-
9.1
CRITICALCVE-2025-54576
OAuth2-Proxy is an open-source tool that can act as either a standalone reverse proxy or a middleware component integrated into existing reverse proxy or load balancer setups. In versions 7.10.0 and below, oauth2-proxy deployments are vulnerable when usin... Read more
Affected Products : oauth2_proxy- Published: Jul. 30, 2025
- Modified: Sep. 10, 2025
- Vuln Type: Authentication
-
7.8
HIGHCVE-2025-8614
NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privile... Read more
Affected Products : nomachine- Published: Sep. 02, 2025
- Modified: Sep. 10, 2025
- Vuln Type: Misconfiguration
-
6.3
MEDIUMCVE-2025-9109
A security flaw has been discovered in Portabilis i-Diario up to 1.5.0. Affected by this vulnerability is an unknown functionality of the file /password/email of the component Password Recovery Endpoint. The manipulation results in observable response dis... Read more
Affected Products : i-diario- Published: Aug. 18, 2025
- Modified: Sep. 10, 2025
- Vuln Type: Authentication
-
5.5
MEDIUMCVE-2025-55296
librenms is a community-based GPL-licensed network monitoring system. A stored Cross-Site Scripting (XSS) vulnerability exists in LibreNMS (<= 25.6.0) in the Alert Template creation feature. This allows a user with the admin role to inject malicious JavaS... Read more
Affected Products : librenms- Published: Aug. 18, 2025
- Modified: Sep. 10, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-20269
A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, low-privileged, remote attacker to retrieve arbitrary files from the underlying file sy... Read more
- Published: Aug. 20, 2025
- Modified: Sep. 10, 2025
- Vuln Type: Path Traversal