Latest CVE Feed
-
6.5
MEDIUMCVE-2025-30422
A buffer overflow was addressed with improved input validation. This issue is fixed in AirPlay audio SDK 2.7.1, AirPlay video SDK 3.6.0.126, CarPlay Communication Plug-in R18.1. An attacker on the local network may cause an unexpected app termination.... Read more
- Published: Apr. 30, 2025
- Modified: May. 12, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-4140
A vulnerability, which was classified as critical, has been found in Netgear EX6120 1.0.3.94. Affected by this issue is the function sub_30394. The manipulation of the argument host leads to buffer overflow. The attack may be launched remotely. The vendor... Read more
- Published: Apr. 30, 2025
- Modified: May. 12, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-4141
A vulnerability, which was classified as critical, was found in Netgear EX6200 1.0.3.94. This affects the function sub_3C03C. The manipulation of the argument host leads to buffer overflow. It is possible to initiate the attack remotely. The vendor was co... Read more
- Published: Apr. 30, 2025
- Modified: May. 12, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-4142
A vulnerability has been found in Netgear EX6200 1.0.3.94 and classified as critical. This vulnerability affects the function sub_3C8EC. The manipulation of the argument host leads to buffer overflow. The attack can be initiated remotely. The vendor was c... Read more
- Published: Apr. 30, 2025
- Modified: May. 12, 2025
- Vuln Type: Memory Corruption
-
6.1
MEDIUMCVE-2025-4143
The OAuth implementation in workers-oauth-provider that is part of MCP framework https://github.com/cloudflare/workers-mcp , did not correctly validate that redirect_uri was on the allowed list of redirect URIs for the given client registration. Fixed i... Read more
Affected Products : workers-oauth-provider- Published: May. 01, 2025
- Modified: May. 12, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-4144
PKCE was implemented in the OAuth implementation in workers-oauth-provider that is part of MCP framework https://github.com/cloudflare/workers-mcp . However, it was found that an attacker could cause the check to be skipped. Fixed in: https://gith... Read more
Affected Products : workers-oauth-provider- Published: May. 01, 2025
- Modified: May. 12, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-4145
A vulnerability, which was classified as critical, has been found in Netgear EX6200 1.0.3.94. This issue affects the function sub_3D0BC. The manipulation of the argument host leads to buffer overflow. The attack may be initiated remotely. The vendor was c... Read more
- Published: May. 01, 2025
- Modified: May. 12, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-4146
A vulnerability, which was classified as critical, was found in Netgear EX6200 1.0.3.94. Affected is the function sub_41940. The manipulation of the argument host leads to buffer overflow. It is possible to launch the attack remotely. The vendor was conta... Read more
- Published: May. 01, 2025
- Modified: May. 12, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-4147
A vulnerability has been found in Netgear EX6200 1.0.3.94 and classified as critical. Affected by this vulnerability is the function sub_47F7C. The manipulation of the argument host leads to buffer overflow. The attack can be launched remotely. The vendor... Read more
- Published: May. 01, 2025
- Modified: May. 12, 2025
- Vuln Type: Memory Corruption
-
8.1
HIGHCVE-2025-2816
The Page View Count plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the yellow_message_dontshow() function in versions 2.8.0 to 2.8.4. This makes it possible... Read more
Affected Products : page_view_count- Published: May. 01, 2025
- Modified: May. 12, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-2168
The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.... Read more
Affected Products : ultimate_store_kit- Published: May. 01, 2025
- Modified: May. 12, 2025
- Vuln Type: Cross-Site Request Forgery
-
9.8
CRITICALCVE-2025-4148
A vulnerability was found in Netgear EX6200 1.0.3.94 and classified as critical. Affected by this issue is the function sub_503FC. The manipulation of the argument host leads to buffer overflow. The attack may be launched remotely. The vendor was contacte... Read more
- Published: May. 01, 2025
- Modified: May. 12, 2025
- Vuln Type: Memory Corruption
-
6.1
MEDIUMCVE-2025-43854
DIFY is an open-source LLM app development platform. Prior to version 1.3.0, a clickjacking vulnerability was found in the default setup of the DIFY application, allowing malicious actors to trick users into clicking on elements of the web page without th... Read more
Affected Products : dify- Published: Apr. 28, 2025
- Modified: May. 12, 2025
- Vuln Type: Cross-Site Request Forgery
-
7.5
HIGHCVE-2025-43857
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is a possibility for denial of service by memory exhaustion when net-imap reads server responses. At any ti... Read more
Affected Products : net\- Published: Apr. 28, 2025
- Modified: May. 12, 2025
- Vuln Type: Denial of Service
-
9.8
CRITICALCVE-2023-42404
OneVision Workspace before WS23.1 SR1 (build w31.040) allows arbitrary Java EL execution.... Read more
Affected Products : workspace- Published: Apr. 28, 2025
- Modified: May. 12, 2025
- Vuln Type: Injection
-
6.1
MEDIUMCVE-2025-3929
An XSS issue was discovered in MDaemon Email Server version 25.0.1 and below. An attacker can send a specially crafted HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context o... Read more
- Published: Apr. 29, 2025
- Modified: May. 12, 2025
- Vuln Type: Cross-Site Scripting
-
7.5
HIGHCVE-2025-4065
A vulnerability was found in ScriptAndTools Online-Travling-System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/addadvertisement.php. The manipulation leads to improper access controls. The attack can b... Read more
Affected Products : online_traveling_system- Published: Apr. 29, 2025
- Modified: May. 12, 2025
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2025-4066
A vulnerability was found in ScriptAndTools Online-Travling-System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/addpackage.php. The manipulation leads to improper access controls. The attack may be init... Read more
Affected Products : online_traveling_system- Published: Apr. 29, 2025
- Modified: May. 12, 2025
- Vuln Type: Authorization
-
6.9
MEDIUMCVE-2025-4067
A vulnerability classified as critical has been found in ScriptAndTools Online-Travling-System 1.0. Affected is an unknown function of the file /admin/viewpackage.php. The manipulation leads to improper access controls. It is possible to launch the attack... Read more
Affected Products : online_traveling_system- Published: Apr. 29, 2025
- Modified: May. 12, 2025
- Vuln Type: Authorization
-
4.2
MEDIUMCVE-2025-46675
In NASA CryptoLib before 1.3.2, the key state is not checked before use, potentially leading to spacecraft hijacking.... Read more
Affected Products : cryptolib- Published: Apr. 27, 2025
- Modified: May. 12, 2025
- Vuln Type: Cryptography