Latest CVE Feed
-
6.5
MEDIUMCVE-2025-4353
A vulnerability, which was classified as critical, was found in Brilliance Golden Link Secondary System up to 20250424. Affected is an unknown function of the file /paraframework/queryTsDictionaryType.htm. The manipulation of the argument dictCn1 leads to... Read more
Affected Products :- Published: May. 06, 2025
- Modified: Jun. 04, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-4352
A vulnerability, which was classified as critical, has been found in Brilliance Golden Link Secondary System up to 20250424. This issue affects some unknown processing of the file /reprotframework/tcEntrFlowSelect.htm. The manipulation of the argument cus... Read more
Affected Products :- Published: May. 06, 2025
- Modified: Jun. 04, 2025
- Vuln Type: Injection
-
9.3
CRITICALCVE-2025-48951
Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. Versions 8.0.0-BETA3 prior to 8.3.1 contain a vulnerability due to insecure deserialization of cookie data. If exploited, since SDKs process cookie content without prior authentication, ... Read more
Affected Products : auth0- Published: Jun. 03, 2025
- Modified: Jun. 04, 2025
- Vuln Type: Authentication
-
8.3
HIGHCVE-2025-48881
Valtimo is a platform for Business Process Automation. In versions starting from 11.0.0.RELEASE to 11.3.3.RELEASE and 12.0.0.RELEASE to 12.12.0.RELEASE, all objects for which an object-management configuration exists can be listed, viewed, edited, created... Read more
Affected Products :- Published: May. 30, 2025
- Modified: Jun. 04, 2025
- Vuln Type: Authorization
-
8.8
HIGHCVE-2024-22899
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the syncNtpTime function.... Read more
Affected Products : vinchin_backup_and_recovery- Published: Feb. 02, 2024
- Modified: Jun. 04, 2025
-
5.3
MEDIUMCVE-2024-22646
An email address enumeration vulnerability exists in the password reset function of SEO Panel version 4.10.0. This allows an attacker to guess which emails exist on the system.... Read more
Affected Products : seo_panel- Published: Jan. 30, 2024
- Modified: Jun. 04, 2025
-
7.2
HIGHCVE-2024-22626
Complete Supplier Management System v1.0 is vulnerable to SQL Injection via /Supply_Management_System/admin/edit_retailer.php?id=.... Read more
Affected Products : supplier_management_system- Published: Jan. 16, 2024
- Modified: Jun. 04, 2025
-
5.8
MEDIUMCVE-2024-20513
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition for targeted users of the AnyConnect service on an affected... Read more
- Published: Oct. 02, 2024
- Modified: Jun. 04, 2025
-
5.9
MEDIUMCVE-2024-20509
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to hijack an AnyConnect VPN session or cause a denial of service (DoS) condition for... Read more
- Published: Oct. 02, 2024
- Modified: Jun. 04, 2025
-
7.5
HIGHCVE-2024-20502
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to insu... Read more
- Published: Oct. 02, 2024
- Modified: Jun. 04, 2025
-
8.6
HIGHCVE-2024-20501
Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. ... Read more
- Published: Oct. 02, 2024
- Modified: Jun. 04, 2025
-
7.5
HIGHCVE-2024-20500
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. This vu... Read more
- Published: Oct. 02, 2024
- Modified: Jun. 04, 2025
-
8.6
HIGHCVE-2024-20499
Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. ... Read more
- Published: Oct. 02, 2024
- Modified: Jun. 04, 2025
-
8.6
HIGHCVE-2024-20498
Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. ... Read more
- Published: Oct. 02, 2024
- Modified: Jun. 04, 2025
-
4.7
MEDIUMCVE-2022-23089
When dumping core and saving process information, proc_getargv() might return an sbuf which have a sbuf_len() of 0 or -1, which is not properly handled. An out-of-bound read can happen when user constructs a specially crafted ps_string, which in turn can... Read more
Affected Products : freebsd- Published: Feb. 15, 2024
- Modified: Jun. 04, 2025
-
6.1
MEDIUMCVE-2024-21728
An Open Redirect vulnerability was found in osTicky2 below 2.2.8. osTicky (osTicket Bridge) by SmartCalc is a Joomla 3.x extension that provides Joomla fronted integration with osTicket, a popular Support ticket system. The Open Redirect vulnerability all... Read more
Affected Products : osticky- Published: Feb. 15, 2024
- Modified: Jun. 04, 2025
-
6.1
MEDIUMCVE-2024-27184
Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not..... Read more
Affected Products : joomla\!- Published: Aug. 20, 2024
- Modified: Jun. 04, 2025
-
9.1
CRITICALCVE-2024-27185
The pagination class includes arbitrary parameters in links, leading to cache poisoning attack vectors.... Read more
Affected Products : joomla\!- Published: Aug. 20, 2024
- Modified: Jun. 04, 2025
-
6.1
MEDIUMCVE-2024-27186
The mail template feature lacks an escaping mechanism, causing XSS vectors in multiple extensions.... Read more
Affected Products : joomla\!- Published: Aug. 20, 2024
- Modified: Jun. 04, 2025
-
7.5
HIGHCVE-2024-27187
Improper Access Controls allows backend users to overwrite their username when disallowed.... Read more
Affected Products : joomla\!- Published: Aug. 20, 2024
- Modified: Jun. 04, 2025