Latest CVE Feed
-
8.8
HIGHCVE-2022-23092
The implementation of lib9p's handling of RWALK messages was missing a bounds check needed when unpacking the message contents. The missing check means that the receipt of a specially crafted message will cause lib9p to overwrite unrelated memory. The b... Read more
Affected Products : freebsd- Published: Feb. 15, 2024
- Modified: Jun. 04, 2025
-
4.0
MEDIUMCVE-2022-23091
A particular case of memory sharing is mishandled in the virtual memory system. This is very similar to SA-21:08.vm, but with a different root cause. An unprivileged local user process can maintain a mapping of a page after it is freed, allowing that pr... Read more
Affected Products : freebsd- Published: Feb. 15, 2024
- Modified: Jun. 04, 2025
-
7.7
HIGHCVE-2022-23090
The aio_aqueue function, used by the lio_listio system call, fails to release a reference to a credential in an error case. An attacker may cause the reference count to overflow, leading to a use after free (UAF).... Read more
Affected Products : freebsd- Published: Feb. 15, 2024
- Modified: Jun. 04, 2025
-
3.3
LOWCVE-2024-25941
The jail(2) system call has not limited a visiblity of allocated TTYs (the kern.ttys sysctl). This gives rise to an information leak about processes outside the current jail. Attacker can get information about TTYs allocated on the host or in other jail... Read more
Affected Products : freebsd- Published: Feb. 15, 2024
- Modified: Jun. 04, 2025
-
6.3
MEDIUMCVE-2024-25940
`bhyveload -h <host-path>` may be used to grant loader access to the <host-path> directory tree on the host. Affected versions of bhyveload(8) do not make any attempt to restrict loader's access to <host-path>, allowing the loader to read any file the ho... Read more
Affected Products : freebsd- Published: Feb. 15, 2024
- Modified: Jun. 04, 2025
-
6.5
MEDIUMCVE-2025-4353
A vulnerability, which was classified as critical, was found in Brilliance Golden Link Secondary System up to 20250424. Affected is an unknown function of the file /paraframework/queryTsDictionaryType.htm. The manipulation of the argument dictCn1 leads to... Read more
Affected Products :- Published: May. 06, 2025
- Modified: Jun. 04, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-4352
A vulnerability, which was classified as critical, has been found in Brilliance Golden Link Secondary System up to 20250424. This issue affects some unknown processing of the file /reprotframework/tcEntrFlowSelect.htm. The manipulation of the argument cus... Read more
Affected Products :- Published: May. 06, 2025
- Modified: Jun. 04, 2025
- Vuln Type: Injection
-
9.3
CRITICALCVE-2025-48951
Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. Versions 8.0.0-BETA3 prior to 8.3.1 contain a vulnerability due to insecure deserialization of cookie data. If exploited, since SDKs process cookie content without prior authentication, ... Read more
Affected Products : auth0- Published: Jun. 03, 2025
- Modified: Jun. 04, 2025
- Vuln Type: Authentication
-
8.3
HIGHCVE-2025-48881
Valtimo is a platform for Business Process Automation. In versions starting from 11.0.0.RELEASE to 11.3.3.RELEASE and 12.0.0.RELEASE to 12.12.0.RELEASE, all objects for which an object-management configuration exists can be listed, viewed, edited, created... Read more
Affected Products :- Published: May. 30, 2025
- Modified: Jun. 04, 2025
- Vuln Type: Authorization
-
8.8
HIGHCVE-2024-22899
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the syncNtpTime function.... Read more
Affected Products : vinchin_backup_and_recovery- Published: Feb. 02, 2024
- Modified: Jun. 04, 2025
-
5.3
MEDIUMCVE-2024-22646
An email address enumeration vulnerability exists in the password reset function of SEO Panel version 4.10.0. This allows an attacker to guess which emails exist on the system.... Read more
Affected Products : seo_panel- Published: Jan. 30, 2024
- Modified: Jun. 04, 2025
-
7.2
HIGHCVE-2024-22626
Complete Supplier Management System v1.0 is vulnerable to SQL Injection via /Supply_Management_System/admin/edit_retailer.php?id=.... Read more
Affected Products : supplier_management_system- Published: Jan. 16, 2024
- Modified: Jun. 04, 2025
-
5.8
MEDIUMCVE-2024-20513
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition for targeted users of the AnyConnect service on an affected... Read more
- Published: Oct. 02, 2024
- Modified: Jun. 04, 2025
-
5.9
MEDIUMCVE-2024-20509
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to hijack an AnyConnect VPN session or cause a denial of service (DoS) condition for... Read more
- Published: Oct. 02, 2024
- Modified: Jun. 04, 2025
-
7.5
HIGHCVE-2024-20502
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to insu... Read more
- Published: Oct. 02, 2024
- Modified: Jun. 04, 2025
-
8.6
HIGHCVE-2024-20501
Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. ... Read more
- Published: Oct. 02, 2024
- Modified: Jun. 04, 2025
-
7.5
HIGHCVE-2024-20500
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. This vu... Read more
- Published: Oct. 02, 2024
- Modified: Jun. 04, 2025
-
8.6
HIGHCVE-2024-20499
Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. ... Read more
- Published: Oct. 02, 2024
- Modified: Jun. 04, 2025
-
8.6
HIGHCVE-2024-20498
Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. ... Read more
- Published: Oct. 02, 2024
- Modified: Jun. 04, 2025
-
4.7
MEDIUMCVE-2022-23089
When dumping core and saving process information, proc_getargv() might return an sbuf which have a sbuf_len() of 0 or -1, which is not properly handled. An out-of-bound read can happen when user constructs a specially crafted ps_string, which in turn can... Read more
Affected Products : freebsd- Published: Feb. 15, 2024
- Modified: Jun. 04, 2025