Latest CVE Feed
-
7.5
CVSS31CVE-2025-30567
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wp01ru WP01 allows Path Traversal. This issue affects WP01: from n/a through 2.6.2.... Read more
Affected Products :- Published: Mar. 25, 2025
- Modified: Mar. 25, 2025
-
9.3
CVSS31CVE-2025-28904
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shamalli Web Directory Free allows Blind SQL Injection. This issue affects Web Directory Free: from n/a through 1.7.6.... Read more
Affected Products :- Published: Mar. 25, 2025
- Modified: Mar. 25, 2025
-
7.3
CVSS31CVE-2024-58104
A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected installations. Please note: an attacker must first obtain the ab... Read more
Affected Products :- Published: Mar. 25, 2025
- Modified: Mar. 25, 2025
-
5.9
CVSS31CVE-2024-31896
IBM SPSS Statistics 26.0, 27.0.1, 28.0.1, and 29.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.... Read more
Affected Products :- Published: Mar. 25, 2025
- Modified: Mar. 25, 2025
-
5.9
CVSS31CVE-2025-2312
A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead to disclosing sensitive data from the... Read more
Affected Products :- Published: Mar. 25, 2025
- Modified: Mar. 25, 2025
-
7.5
CVSS31CVE-2025-29313
Use of incorrectly resolved name or reference in OpenDaylight Service Function Chaining (SFC) Subproject SFC Sodium-SR4 and below allows attackers to cause a Denial of Service (DoS).... Read more
Affected Products :- Published: Mar. 24, 2025
- Modified: Mar. 25, 2025
-
7.3
CVSS31CVE-2024-58105
A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected installations. This CVE address an addtional bypass not covered ... Read more
Affected Products :- Published: Mar. 25, 2025
- Modified: Mar. 25, 2025
-
5.4
CVSS31CVE-2025-27809
Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unless the TLS client application calls mbedtls_ssl_set_hostname.... Read more
Affected Products :- Published: Mar. 25, 2025
- Modified: Mar. 25, 2025
-
9.8
CVSS31CVE-2025-2682
A vulnerability classified as critical has been found in PHPGurukul Bank Locker Management System 1.0. This affects an unknown part of the file /edit-subadmin.php?said=3. The manipulation of the argument mobilenumber leads to sql injection. It is possible... Read more
- Published: Mar. 24, 2025
- Modified: Mar. 25, 2025
-
0.0
NONECVE-2025-30214
Frappe is a full-stack web application framework. Prior to versions 14.89.0 and 15.51.0, making crafted requests could lead to information disclosure that could further lead to account takeover. Versions 14.89.0 and 15.51.0 fix the issue. There's no worka... Read more
Affected Products :- Published: Mar. 25, 2025
- Modified: Mar. 25, 2025
-
0.0
NONECVE-2025-30213
Frappe is a full-stack web application framework. Prior to versions 14.91.0 and 15.52.0, a system user was able to create certain documents in a specific way that could lead to remote code execution. Versions 14.9.1 and 15.52.0 contain a patch for the vul... Read more
Affected Products :- Published: Mar. 25, 2025
- Modified: Mar. 25, 2025
-
0.0
NONECVE-2025-30212
Frappe is a full-stack web application framework. An SQL Injection vulnerability has been identified in Frappe Framework prior to versions 14.89.0 and 15.51.0 which could allow a malicious actor to access sensitive information. Versions 14.89.0 and 15.51.... Read more
Affected Products :- Published: Mar. 25, 2025
- Modified: Mar. 25, 2025
-
7.8
CVSS30CVE-2025-2532
Luxion KeyShot USDC File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerabili... Read more
Affected Products :- Published: Mar. 25, 2025
- Modified: Mar. 25, 2025
-
7.8
CVSS30CVE-2025-2531
Luxion KeyShot DAE File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this ... Read more
Affected Products :- Published: Mar. 25, 2025
- Modified: Mar. 25, 2025
-
7.8
CVSS30CVE-2025-2530
Luxion KeyShot DAE File Parsing Access of Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit ... Read more
Affected Products :- Published: Mar. 25, 2025
- Modified: Mar. 25, 2025
-
8.8
CVSS31CVE-2025-29635
A command injection vulnerability in D-Link DIR-823X 240126 and 240802 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting via the corresponding function, triggering remote com... Read more
Affected Products :- Published: Mar. 25, 2025
- Modified: Mar. 25, 2025
-
8.1
CVSS31CVE-2025-29314
Insecure Shiro cookie configurations in OpenDaylight Service Function Chaining (SFC) Subproject SFC Sodium-SR4 and below allow attackers to access sensitive information via a man-in-the-middle attack.... Read more
Affected Products :- Published: Mar. 24, 2025
- Modified: Mar. 25, 2025
-
8.2
CVSS31CVE-2025-27147
The GLPI Inventory Plugin handles various types of tasks for GLPI agents, including network discovery and inventory (SNMP), software deployment, VMWare ESX host remote inventory, and data collection (files, Windows registry, WMI). Versions prior to 1.5.0 ... Read more
Affected Products :- Published: Mar. 25, 2025
- Modified: Mar. 25, 2025
-
6.5
CVSS31CVE-2025-26742
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab Gallery for Social Photo allows Stored XSS.This issue affects Gallery for Social Photo: from n/a through 1.0.0.35.... Read more
Affected Products :- Published: Mar. 25, 2025
- Modified: Mar. 25, 2025
-
3.5
CVSS31CVE-2025-1452
The Favorites WordPress plugin before 2.3.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for ... Read more
Affected Products :- Published: Mar. 25, 2025
- Modified: Mar. 25, 2025