Latest CVE Feed
-
7.8
HIGHCVE-2024-23155
A maliciously crafted MODEL file, when parsed in atf_asm_interface.dll through Autodesk applications, can be used to cause a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the co... Read more
- Published: Jun. 25, 2024
- Modified: May. 06, 2025
-
8.8
HIGHCVE-2024-37006
A maliciously crafted CATPRODUCT file, when parsed in CC5Dll.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execut... Read more
- Published: Jun. 25, 2024
- Modified: May. 06, 2025
-
8.8
HIGHCVE-2024-37005
A maliciously crafted X_B file, when parsed in pskernel.DLL through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash,read sensitive data, or execute arbitrary code in the context of ... Read more
- Published: Jun. 25, 2024
- Modified: May. 06, 2025
-
9.8
CRITICALCVE-2025-2737
A vulnerability was found in PHPGurukul Old Age Home Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/contactus.php. The manipulation of the argument pagetitle leads to sql injection. It is possibl... Read more
Affected Products : old_age_home_management_system- Published: Mar. 25, 2025
- Modified: May. 06, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-2738
A vulnerability was found in PHPGurukul Old Age Home Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/manage-scdetails.php. The manipulation of the argument namesc leads to sql injection. ... Read more
Affected Products : old_age_home_management_system- Published: Mar. 25, 2025
- Modified: May. 06, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-2739
A vulnerability was found in PHPGurukul Old Age Home Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/manage-services.php. The manipulation of the argument sertitle leads to sql injection.... Read more
Affected Products : old_age_home_management_system- Published: Mar. 25, 2025
- Modified: May. 06, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2024-37004
A maliciously crafted SLDPRT file, when parsed in ASMKERN229A.dll through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.... Read more
- Published: Jun. 25, 2024
- Modified: May. 06, 2025
-
9.4
CRITICALCVE-2025-30216
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. In versions 1.3.3 and pr... Read more
Affected Products : cryptolib- Published: Mar. 25, 2025
- Modified: May. 06, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2024-37003
A maliciously crafted DWG and SLDPRT file, when parsed in opennurbs.dll and ODXSW_DLL.dll through Autodesk applications, can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, ... Read more
- Published: Jun. 25, 2024
- Modified: May. 06, 2025
-
7.5
HIGHCVE-2025-29789
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.3.0 are vulnerable to Directory Traversal in the Load Code feature. Version 7.3.0 contains a patch for the issue.... Read more
Affected Products : openemr- Published: Mar. 25, 2025
- Modified: May. 06, 2025
- Vuln Type: Path Traversal
-
6.5
MEDIUMCVE-2024-23533
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an authenticated remote attacker to read sensitive information in memory. ... Read more
Affected Products : avalanche- Published: Apr. 19, 2024
- Modified: May. 06, 2025
-
7.5
HIGHCVE-2024-23532
An out-of-bounds Read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks. In certain conditions this could also lead to remote code execution. ... Read more
Affected Products : avalanche- Published: Apr. 19, 2024
- Modified: May. 06, 2025
-
7.5
HIGHCVE-2024-23531
An Integer Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to perform denial of service attacks. In certain rare conditions this could also lead to reading content from memor... Read more
Affected Products : avalanche- Published: Apr. 19, 2024
- Modified: May. 06, 2025
-
9.8
CRITICALCVE-2024-22061
A Heap Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to execute arbitrary commands ... Read more
Affected Products : avalanche- Published: Apr. 19, 2024
- Modified: May. 06, 2025
-
8.8
HIGHCVE-2024-24993
A Race Condition (TOCTOU) vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. ... Read more
Affected Products : avalanche- Published: Apr. 19, 2024
- Modified: May. 06, 2025
-
8.8
HIGHCVE-2024-24995
A Race Condition (TOCTOU) vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. ... Read more
Affected Products : avalanche- Published: Apr. 19, 2024
- Modified: May. 06, 2025
-
9.8
CRITICALCVE-2024-24996
A Heap overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to execute arbitrary commands. ... Read more
Affected Products : avalanche- Published: Apr. 19, 2024
- Modified: May. 06, 2025
-
9.8
CRITICALCVE-2023-6036
The Web3 WordPress plugin before 3.0.0 is vulnerable to an authentication bypass due to incorrect authentication checking in the login flow in functions 'handle_auth_request' and 'hadle_login_request'. This makes it possible for non authenticated attacker... Read more
Affected Products : web3_-_crypto_wallet_login_\&_nft_token_gating- EPSS Score: %46.58
- Published: Feb. 12, 2024
- Modified: May. 06, 2025
-
6.1
MEDIUMCVE-2023-52430
The caddy-security plugin 1.1.20 for Caddy allows reflected XSS via a GET request to a URL that contains an XSS payload and begins with either a /admin or /settings/mfa/delete/ substring.... Read more
- EPSS Score: %1.27
- Published: Feb. 12, 2024
- Modified: May. 06, 2025
-
9.8
CRITICALCVE-2023-46257
An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution.... Read more
- EPSS Score: %1.89
- Published: Dec. 19, 2023
- Modified: May. 06, 2025