Latest CVE Feed
-
8.6
HIGHCVE-2024-8527
Open Redirect in URL parameter in Automated Logic WebCTRL and Carrier i-Vu versions 6.0, 6.5, 7.0, 8.0, 8.5, 9.0 may allow attackers to exploit user sessions.... Read more
Affected Products :- Published: Nov. 19, 2025
- Modified: Nov. 19, 2025
- Vuln Type: Misconfiguration
-
8.7
HIGHCVE-2025-34337
eGovFramework/egovframe-common-components versions up to and including 4.3.1 includes Web Editor image upload and related file delivery functionality that uses symmetric encryption to protect URL parameters, but exposes an encryption oracle that allows at... Read more
Affected Products :- Published: Nov. 19, 2025
- Modified: Nov. 19, 2025
- Vuln Type: Information Disclosure
-
6.0
MEDIUMCVE-2025-12743
The Looker endpoint for generating new projects from database connections allows users to specify "looker" as a connection name, which is a reserved internal name for Looker's internal MySQL database. The schemas parameter is vulnerable to SQL injection, ... Read more
Affected Products :- Published: Nov. 19, 2025
- Modified: Nov. 19, 2025
- Vuln Type: Injection
-
5.4
MEDIUMCVE-2024-8528
Reflected XSS using a specific URL in Automated Logic WebCTRL and Carrier i-VU can allow delivery of malicious payload due to a specific GET parameter not being sanitized.... Read more
Affected Products :- Published: Nov. 19, 2025
- Modified: Nov. 19, 2025
- Vuln Type: Cross-Site Scripting
-
9.8
CRITICALCVE-2025-63218
The Axel Technology WOLF1MS and WOLF2MS devices (firmware versions 0.8.5 to 1.0.3) are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create... Read more
Affected Products :- Published: Nov. 19, 2025
- Modified: Nov. 19, 2025
- Vuln Type: Authentication