Latest CVE Feed
-
4.9
MEDIUMCVE-2020-26630
A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a special payload in the 'Doctor Specialization' field under the 'Go to Doctors' tab after logging in a... Read more
- Published: Jan. 10, 2024
- Modified: May. 22, 2025
-
5.7
MEDIUMCVE-2018-5448
Medtronic 2090 CareLink Programmer’s software deployment network contains a directory traversal vulnerability that could allow an attacker to read files on the system.... Read more
- Published: May. 04, 2018
- Modified: May. 22, 2025
-
5.3
MEDIUMCVE-2018-5446
Medtronic 2090 CareLink Programmer uses a per-product username and password that is stored in a recoverable format.... Read more
- Published: May. 04, 2018
- Modified: May. 22, 2025
-
8.0
HIGHCVE-2018-10596
Medtronic 2090 CareLink Programmer uses a virtual private network connection to securely download updates. It does not verify it is still connected to this virtual private network before downloading updates. The affected products initially establish an ... Read more
- Published: Jul. 03, 2018
- Modified: May. 22, 2025
-
8.3
HIGHCVE-2024-26139
OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Due to lack of certain security controls on the profile edit functionality, an authenticated attacker with low privileges can ga... Read more
Affected Products : opencti- Published: May. 23, 2024
- Modified: May. 22, 2025
-
7.5
HIGHCVE-2023-7064
The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.15.2 via deserialization of untrusted input from the vulnerable 'id' parameter in the 'auxin_template_cont... Read more
- Published: May. 02, 2024
- Modified: May. 22, 2025
-
6.6
MEDIUMCVE-2024-48987
Snipe-IT before 7.0.10 allows remote code execution (associated with cookie serialization) when an attacker knows the APP_KEY. This is exacerbated by .env files, available from the product's repository, that have default APP_KEY values.... Read more
Affected Products : snipe-it- Published: Oct. 11, 2024
- Modified: May. 22, 2025
-
4.8
MEDIUMCVE-2025-4860
A vulnerability classified as problematic has been found in D-Link DAP-2695 120b36r137_ALL_en_20210528. Affected is an unknown function of the file /adv_dhcps.php of the component Static Pool Settings Page. The manipulation of the argument f_mac leads to ... Read more
- Published: May. 18, 2025
- Modified: May. 22, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2024-1357
The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aux_timeline shortcode in all versions up to, and including, 2.15.5 due to insufficient input sanitization and output esca... Read more
- Published: Apr. 16, 2024
- Modified: May. 22, 2025
-
5.4
MEDIUMCVE-2024-52701
A stored cross-site scripting (XSS) vulnerability in the Configuration page of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page banner parameter.... Read more
Affected Products : piwigo- Published: Nov. 20, 2024
- Modified: May. 22, 2025
-
8.0
HIGHCVE-2024-51094
An issue in Snipe-IT v.7.0.13 build 15514 allows a low-privileged attacker to modify their profile name and inject a malicious payload into the "Name" field. When an administrator later accesses the People Management page, exports the data as a CSV file, ... Read more
Affected Products : snipe-it- Published: Nov. 12, 2024
- Modified: May. 22, 2025
-
8.8
HIGHCVE-2024-48311
Piwigo v14.5.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Edit album function.... Read more
Affected Products : piwigo- Published: Oct. 31, 2024
- Modified: May. 22, 2025
-
5.4
MEDIUMCVE-2024-46606
A cross-site scripting (XSS) vulnerability in the component /admin.php?page=photo of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field.... Read more
Affected Products : piwigo- Published: Oct. 16, 2024
- Modified: May. 22, 2025
-
6.1
MEDIUMCVE-2024-46605
A cross-site scripting (XSS) vulnerability in the component /admin.php?page=album of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field.... Read more
Affected Products : piwigo- Published: Oct. 16, 2024
- Modified: May. 22, 2025
-
8.5
HIGHCVE-2025-43595
An insecure file system permissions vulnerability in MSP360 Backup 4.3.1.115 allows a low privileged user to execute commands with root privileges in the 'Online Backup' folder. Upgrade to MSP360 Backup 4.4 (released on 2025-04-22).... Read more
Affected Products :- Published: May. 01, 2025
- Modified: May. 22, 2025
- Vuln Type: Misconfiguration
-
4.6
MEDIUMCVE-2018-18984
Medtronic CareLink and Encore Programmers do not encrypt or do not sufficiently encrypt sensitive PII and PHI information while at rest .... Read more
- Published: Dec. 14, 2018
- Modified: May. 22, 2025
-
5.3
MEDIUMCVE-2018-14781
Medtronic MiniMed MMT devices when paired with a remote controller and having the “easy bolus” and “remote bolus” options enabled (non-default), are vulnerable to a capture-replay attack. An attacker can capture the wireless transmissions between the re... Read more
Affected Products : 508_minimed_insulin_pump_firmware 522_paradigm_real-time_firmware 722_paradigm_real-time_firmware 523_paradigm_revel_firmware 723_paradigm_revel_firmware 523k_paradigm_revel_firmware 723k_paradigm_revel_firmware 551_minimed_530g_firmware 751_minimed_530g_firmware 508_minimed_insulin_pump +8 more products- Published: Aug. 13, 2018
- Modified: May. 22, 2025
-
5.3
MEDIUMCVE-2018-10634
Communications between Medtronic MiniMed MMT pumps and wireless accessories are transmitted in cleartext. A sufficiently skilled attacker could capture these transmissions and extract sensitive information, such as device serial numbers.... Read more
Affected Products : minimed_paradigm_revel_mmt-523k_firmware minimed_paradigm_revel_mmt-723k_firmware minimed_paradigm_revel_mmt-723_firmware minimed_530g_mmt-551_firmware minimed_paradigm_real-time_mmt-522_firmware minimed_paradigm_real-time_mmt-722_firmware minimed_530g_mmt-751_firmware minimed_paradigm_revel_mmt-523_firmware minimed_paradigm_508_insulin_pump_firmware minimed_paradigm_revel_mmt-523k +8 more products- Published: Aug. 13, 2018
- Modified: May. 22, 2025
-
5.9
MEDIUMCVE-2025-3516
The Simple Lightbox WordPress plugin before 2.9.4 does not validate and escape some of its attributes before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.... Read more
Affected Products : simple_lightbox- Published: May. 16, 2025
- Modified: May. 22, 2025
- Vuln Type: Cross-Site Scripting
-
7.5
HIGHCVE-2019-25220
Bitcoin Core before 24.0.1 allows remote attackers to cause a denial of service (daemon crash) via a flood of low-difficulty header chains (aka a "Chain Width Expansion" attack) because a node does not first verify that a presented chain has enough work b... Read more
Affected Products : bitcoin_core- Published: Nov. 18, 2024
- Modified: May. 22, 2025