Latest CVE Feed
-
7.1
HIGHCVE-2024-41354
phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/admin/widgets/edit.php... Read more
Affected Products : phpipam- Published: Jul. 26, 2024
- Modified: Apr. 23, 2025
-
5.4
MEDIUMCVE-2024-55093
phpIPAM through 1.7.3 has a reflected Cross-Site Scripting (XSS) vulnerability in the install scripts.... Read more
Affected Products : phpipam- Published: Mar. 31, 2025
- Modified: Apr. 23, 2025
- Vuln Type: Cross-Site Scripting
-
7.2
HIGHCVE-2025-29181
FOXCMS <= V1.25 is vulnerable to SQL Injection via $param['title'] in /admin/util/Field.php.... Read more
Affected Products : foxcms- Published: Apr. 17, 2025
- Modified: Apr. 23, 2025
- Vuln Type: Injection
-
7.2
HIGHCVE-2025-29661
Litepubl CMS <= 7.0.9 is vulnerable to RCE in admin/service/run.... Read more
Affected Products : litepubl_cms- Published: Apr. 17, 2025
- Modified: Apr. 23, 2025
- Vuln Type: Misconfiguration
-
7.5
HIGHCVE-2025-32415
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a craft... Read more
Affected Products : libxml2- Published: Apr. 17, 2025
- Modified: Apr. 23, 2025
- Vuln Type: Memory Corruption
-
6.1
MEDIUM- Published: Dec. 07, 2022
- Modified: Apr. 23, 2025
-
5.4
MEDIUM- Published: Dec. 07, 2022
- Modified: Apr. 23, 2025
-
8.8
HIGHCVE-2022-45915
ILIAS before 7.16 allows OS Command Injection.... Read more
Affected Products : ilias- Published: Dec. 07, 2022
- Modified: Apr. 23, 2025
-
9.8
CRITICALCVE-2022-45550
AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE).... Read more
Affected Products : ayacms- Published: Dec. 07, 2022
- Modified: Apr. 23, 2025
-
8.8
HIGHCVE-2022-38144
Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpForo Forum plugin <= 2.0.5 at WordPress.... Read more
Affected Products : wpforo_forum- Published: Sep. 09, 2022
- Modified: Apr. 23, 2025
-
9.8
CRITICALCVE-2022-32207
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the... Read more
Affected Products : fedora debian_linux curl hci_management_node solidfire macos element_software h300s_firmware h500s_firmware h700s_firmware +9 more products- Published: Jul. 07, 2022
- Modified: Apr. 23, 2025
-
7.8
HIGHCVE-2022-2962
A DMA reentrancy issue was found in the Tulip device emulation in QEMU. When Tulip reads or writes to the rx/tx descriptor or copies the rx/tx frame, it doesn't check whether the destination address is its own MMIO address. This can cause the device to tr... Read more
Affected Products : qemu- Published: Sep. 13, 2022
- Modified: Apr. 23, 2025
-
5.5
MEDIUMCVE-2022-2380
The Linux kernel was found vulnerable out of bounds memory access in the drivers/video/fbdev/sm712fb.c:smtcfb_read() function. The vulnerability could result in local attackers being able to crash the kernel.... Read more
Affected Products : linux_kernel- Published: Jul. 13, 2022
- Modified: Apr. 23, 2025
-
7.5
HIGHCVE-2022-1199
A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-after-free vulnerability.... Read more
Affected Products : linux_kernel enterprise_linux active_iq_unified_manager h410c_firmware h300s_firmware h500s_firmware h700s_firmware h410s_firmware h300s h410s +3 more products- Published: Aug. 29, 2022
- Modified: Apr. 23, 2025
-
8.8
HIGHCVE-2025-3620
Use after free in USB in Google Chrome prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more
- Published: Apr. 16, 2025
- Modified: Apr. 23, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2025-29450
An issue in twonav v.2.1.18-20241105 allows a remote attacker to obtain sensitive information via the site settings component.... Read more
Affected Products : twonav- Published: Apr. 17, 2025
- Modified: Apr. 23, 2025
- Vuln Type: Information Disclosure
-
7.6
HIGHCVE-2025-29451
An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the Mail Setting component.... Read more
Affected Products : seo_panel- Published: Apr. 17, 2025
- Modified: Apr. 23, 2025
- Vuln Type: Information Disclosure
-
7.6
HIGHCVE-2025-29452
An issue in Seo Panel 4.11.0 allows a remote attacker to obtain sensitive information via the Proxy Manager component.... Read more
Affected Products : seo_panel- Published: Apr. 17, 2025
- Modified: Apr. 23, 2025
- Vuln Type: Information Disclosure
-
5.4
MEDIUMCVE-2024-2346
The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.6.3 via folder deletion due to missing validation on a user controlled key. This m... Read more
Affected Products : filebird- Published: May. 02, 2024
- Modified: Apr. 23, 2025
-
9.8
CRITICALCVE-2025-3783
A vulnerability classified as critical was found in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /add-product.php. The manipulation of the argument Avatar leads to ... Read more
- Published: Apr. 18, 2025
- Modified: Apr. 23, 2025
- Vuln Type: Authentication