Latest CVE Feed
Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.
Malwarebytes AdwCleaner before v.8.7.0 runs as Administrator and performs an insecure log file delete operation in which the target location is user-controllable, allowing a non-admin user to escalat…
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in phpgurukul Gym Management System 1.0. This issue is present in the profile update functionality of the User Panel, specificall…
A vulnerability was found in Beetel 777VR1 up to 01.00.09. This affects an unknown function of the component Telnet Service/SSH Service. The manipulation results in insecure default initialization of…
A Server-Side Template Injection (SSTI) vulnerability in the Freemarker template engine of Datart v1.0.0-rc.3 allows authenticated attackers to execute arbitrary code via injecting crafted Freemarker…
An issue in Datart v1.0.0-rc.3 allows attackers to execute arbitrary code via the url parameter in the JDBC configuration
jizhicms 2.5.6 is vulnerable to SQL Injection in Article/deleteAll and Extmolds/deleteAll via the data parameter.
An issue in the TLS certification mechanism of Guardian Gryphon v01.06.0006.22 allows attackers to execute commands as root.
A vulnerability has been found in Beetel 777VR1 up to 01.00.09. The impacted element is an unknown function of the component Web Management Interface. The manipulation leads to hard-coded credentials…
OpenS100 (the reference implementation S-100 viewer) prior to commit 753cf29 contain a remote code execution vulnerability via an unrestricted Lua interpreter. The Portrayal Engine initializes Lua us…
An information exposure vulnerability in Datart v1.0.0-rc.3 allows authenticated attackers to access sensitive data via a custom H2 JDBC connection string.
Missing Authorization vulnerability in Smartypants SP Project & Document Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SP Project & Document Manag…
Missing Authorization vulnerability in Paul Custom Content by Country (by Shield Security) custom-content-by-country.This issue affects Custom Content by Country (by Shield Security): from n/a throug…
Use After Free vulnerability in Apache Arrow C++. This issue affects Apache Arrow C++ from 15.0.0 through 23.0.0. It can be triggered when reading an Arrow IPC file (but not an IPC stream) with pre-…
Dell Unisphere for PowerMax vApp, version(s) 9.2.4.x, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A low privileged attacker with …
Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Remote Code Inclusion.This issue affects Liderahenk: from 3.0.0…
A flaw has been found in Wavlink WL-NU516U1 up to 20251208. The affected element is the function singlePortForwardDelete of the file /cgi-bin/firewall.cgi. Executing a manipulation of the argument de…
The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and inc…
SQL injection vulnerability (SQLi) in Clicldeu SaaS, specifically in the generation of reports, which occurs when a previously authenticated remote attacker executes a malicious payload in the URL ge…
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in EKA Software Computer Information Advertising Services Ltd. Real Estate Script V5 (With Do…
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tumeva Internet Technologies Software Information Advertising and Consulting Services Trade Ltd. …