Latest CVE Feed
-
7.5
HIGHCVE-2025-50613
A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00475e1c function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wds_key_wep in the payload, which can cause the progr... Read more
- Published: Aug. 13, 2025
- Modified: Aug. 18, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-54472
Unlimited memory allocation in redis protocol parser in Apache bRPC (all versions < 1.14.1) on all platforms allows attackers to crash the service via network. Root Cause: In the bRPC Redis protocol parser code, memory for arrays or strings of correspo... Read more
Affected Products : brpc- Published: Aug. 14, 2025
- Modified: Aug. 18, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-48989
Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. O... Read more
Affected Products : tomcat- Published: Aug. 13, 2025
- Modified: Aug. 18, 2025
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2025-21472
Information disclosure while capturing logs as eSE debug messages are logged.... Read more
- Published: Aug. 06, 2025
- Modified: Aug. 18, 2025
- Vuln Type: Information Disclosure
-
7.8
HIGHCVE-2025-27067
Memory corruption while processing DDI call with invalid buffer.... Read more
Affected Products : wcd9380_firmware wcd9385_firmware fastconnect_6900_firmware fastconnect_7800_firmware wsa8840_firmware wsa8845_firmware wsa8845h_firmware wcd9380 wcd9385 sc8380xp_firmware +6 more products- Published: Aug. 06, 2025
- Modified: Aug. 18, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-27068
Memory corruption while processing an IOCTL command with an arbitrary address.... Read more
Affected Products : wcd9380_firmware wcd9385_firmware wsa8830_firmware wsa8835_firmware sm6250_firmware fastconnect_6200_firmware fastconnect_6900_firmware fastconnect_7800_firmware wsa8840_firmware wsa8845_firmware +22 more products- Published: Aug. 06, 2025
- Modified: Aug. 18, 2025
- Vuln Type: Memory Corruption
-
5.3
MEDIUMCVE-2025-55673
When a guest user accesses a chart in Apache Superset, the API response from the /chart/data endpoint includes a query field in its payload. This field contains the underlying query, which improperly discloses database schema information, such as table na... Read more
Affected Products : superset- Published: Aug. 14, 2025
- Modified: Aug. 18, 2025
- Vuln Type: Information Disclosure
-
7.8
HIGHCVE-2025-27069
Memory corruption while processing DDI command calls.... Read more
Affected Products : wcd9380_firmware wcd9385_firmware fastconnect_6900_firmware fastconnect_7800_firmware wsa8840_firmware wsa8845_firmware wsa8845h_firmware wcd9380 wcd9385 sc8380xp_firmware +6 more products- Published: Aug. 06, 2025
- Modified: Aug. 18, 2025
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2025-27072
Information disclosure while processing a packet at EAVB BE side with invalid header length.... Read more
Affected Products : qam8295p_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa6145p_firmware sa6150p_firmware sa6155p_firmware sa8145p_firmware sa8150p_firmware sa8155p_firmware +62 more products- Published: Aug. 06, 2025
- Modified: Aug. 18, 2025
- Vuln Type: Information Disclosure
-
7.8
HIGHCVE-2025-27075
Memory corruption while processing IOCTL command with larger buffer in Bluetooth Host.... Read more
Affected Products : aqt1000_firmware qca6391_firmware qca6420_firmware qca6430_firmware wcd9341_firmware wcd9380_firmware wcd9385_firmware wsa8810_firmware wsa8815_firmware wsa8830_firmware +62 more products- Published: Aug. 06, 2025
- Modified: Aug. 18, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-47324
Information disclosure while accessing and modifying the PIB file of a remote device via powerline.... Read more
- Published: Aug. 06, 2025
- Modified: Aug. 18, 2025
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2025-55674
A bypass of the DISALLOWED_SQL_FUNCTIONS security feature in Apache Superset allows for the execution of blocked SQL functions. An attacker can use a special inline block to circumvent the denylist. This allows a user with SQL Lab access to execute functi... Read more
Affected Products : superset- Published: Aug. 14, 2025
- Modified: Aug. 18, 2025
- Vuln Type: Injection
-
3.3
LOWCVE-2024-45674
IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11 stores potentially sensitive information in log files tha... Read more
- Published: Feb. 22, 2025
- Modified: Aug. 18, 2025
- Vuln Type: Information Disclosure
-
8.8
HIGHCVE-2025-25206
eLabFTW is an open source electronic lab notebook for research labs. Prior to version 5.1.15, an incorrect input validation could allow an authenticated user to read sensitive information, including login token or other content stored in the database. Thi... Read more
Affected Products : elabftw- Published: Feb. 14, 2025
- Modified: Aug. 18, 2025
- Vuln Type: Information Disclosure
-
4.2
MEDIUMCVE-2025-26603
Vim is a greatly improved version of the good old UNIX editor Vi. Vim allows to redirect screen messages using the `:redir` ex command to register, variables and files. It also allows to show the contents of registers using the `:registers` or `:display` ... Read more
- Published: Feb. 18, 2025
- Modified: Aug. 18, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2025-55675
Apache Superset contains an improper access control vulnerability in its /explore endpoint. A missing authorization check allows an authenticated user to discover metadata about datasources they do not have permission to access. By iterating through the d... Read more
Affected Products : superset- Published: Aug. 14, 2025
- Modified: Aug. 18, 2025
- Vuln Type: Authorization
-
9.9
CRITICALCVE-2025-20051
Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate input when patching and duplicating a board, which allows a user to read any arbitrary file on the system via duplicating a specially craf... Read more
- Published: Feb. 24, 2025
- Modified: Aug. 18, 2025
- Vuln Type: Path Traversal
-
9.1
CRITICALCVE-2025-0159
IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.... Read more
Affected Products : storage_virtualize- Published: Feb. 28, 2025
- Modified: Aug. 18, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-0160
IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.... Read more
Affected Products : storage_virtualize- Published: Feb. 28, 2025
- Modified: Aug. 18, 2025
- Vuln Type: Misconfiguration
-
5.4
MEDIUMCVE-2024-54179
IBM Business Automation Workflow and IBM Business Automation Workflow Enterprise Service Bus 24.0.0, 24.0.1 and earlier unsupported versions are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScr... Read more
Affected Products : business_automation_workflow- Published: Mar. 03, 2025
- Modified: Aug. 18, 2025
- Vuln Type: Cross-Site Scripting