Latest CVE Feed
-
9.0
HIGHCVE-2025-9526
A vulnerability has been found in Linksys E1700 1.0.0.4.003. Affected by this issue is the function setSysAdm of the file /goform/setSysAdm. Such manipulation of the argument rm_port leads to stack-based buffer overflow. The attack can be launched remotel... Read more
Affected Products :- Published: Aug. 27, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Memory Corruption
-
10.0
CRITICALCVE-2025-34163
Dongsheng Logistics Software exposes an unauthenticated endpoint at /CommMng/Print/UploadMailFile that fails to enforce proper file type validation and access control. An attacker can upload arbitrary files, including executable scripts such as .ashx, via... Read more
Affected Products :- Published: Aug. 27, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Authentication
-
8.7
HIGHCVE-2023-7307
Sangfor Behavior Management System (also referred to as DC Management System in Chinese-language documentation) contains an XML external entity (XXE) injection vulnerability in the /src/sangforindex endpoint. A remote unauthenticated attacker can submit c... Read more
Affected Products :- Published: Aug. 27, 2025
- Modified: Aug. 29, 2025
- Vuln Type: XML External Entity
-
5.3
MEDIUMCVE-2025-7956
The Ajax Search Lite plugin for WordPress is vulnerable to Basic Information Exposure due to missing authorization in its AJAX search handler in all versions up to, and including, 4.13.1. This makes it possible for unauthenticated attackers to issue repea... Read more
Affected Products :- Published: Aug. 28, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Information Disclosure