Latest CVE Feed
-
5.3
MEDIUMCVE-2025-54786
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 7.14.6 and 8.8.0, the broken authentication in the legacy iCal service allows unauthenticated access to meeting data. An unauthenticated ... Read more
Affected Products : suitecrm- Published: Aug. 07, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Authentication
-
8.8
HIGHCVE-2025-54788
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions and below, the InboundEmail module allows the arbitrary execution of queries in the backend database, leading to SQL injection. This can ... Read more
Affected Products : suitecrm- Published: Aug. 07, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Injection
-
6.1
MEDIUMCVE-2024-52680
EyouCMS 1.6.7 is vulnerable to Cross Site Scripting (XSS) in /login.php?m=admin&c=System&a=web&lang=cn.... Read more
Affected Products : eyoucms- Published: Aug. 07, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-50952
openjpeg v 2.5.0 was discovered to contain a NULL pointer dereference via the component /openjp2/dwt.c.... Read more
Affected Products : openjpeg- Published: Aug. 07, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Memory Corruption
-
3.7
LOWCVE-2024-56339
IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 could allow a remote attacker to bypass security restrictions caused by a failure to honor security configuration.... Read more
Affected Products : websphere_application_server- Published: Aug. 07, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Misconfiguration
-
6.6
MEDIUMCVE-2025-44779
An issue in Ollama v0.1.33 allows attackers to delete arbitrary files via sending a crafted packet to the endpoint /api/pull.... Read more
Affected Products : ollama- Published: Aug. 07, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Path Traversal
-
8.7
HIGHCVE-2025-7054
Cloudflare quiche was discovered to be vulnerable to an infinite loop when sending packets containing RETIRE_CONNECTION_ID frames. QUIC connections possess a set of connection identifiers (IDs); see Section 5.1 of RFC 9000 https://datatracker.ietf.org/d... Read more
Affected Products : quiche- Published: Aug. 07, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Denial of Service
-
9.8
CRITICALCVE-2025-50692
FoxCMS <=v1.2.5 is vulnerable to Code Execution in admin/template_file/editFile.html.... Read more
Affected Products : foxcms- Published: Aug. 07, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-48913
If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restricted to reject those protocols, removing this possibility. Users ... Read more
Affected Products : cxf- Published: Aug. 08, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Misconfiguration
-
7.5
HIGHCVE-2023-38264
The IBM SDK, Java Technology Edition's Object Request Broker (ORB) 7.1.0.0 through 7.1.5.21 and 8.0.0.0 through 8.0.8.21 is vulnerable to a denial of service attack in some circumstances due to improper enforcement of the JEP 290 MaxRef and MaxDepth deser... Read more
- Published: May. 14, 2024
- Modified: Aug. 14, 2025
-
9.8
CRITICALCVE-2023-43040
IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to perform unauthorized actions in RGW for Ceph due to improper bucket access. IBM X-Force ID: 266807.... Read more
Affected Products : storage_fusion_hci- Published: May. 14, 2024
- Modified: Aug. 14, 2025
-
7.8
HIGHCVE-2023-51636
Avira Prime Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avira Prime. An attacker must first obtain the ability to execute low-privileged code on the... Read more
Affected Products : avira_prime- Published: May. 22, 2024
- Modified: Aug. 14, 2025
-
9.8
CRITICALCVE-2023-51637
Sante PACS Server PG Patient Query SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante PACS Server PG. Authentication is not required to exploit this vu... Read more
Affected Products : sante_pacs_server- Published: May. 22, 2024
- Modified: Aug. 14, 2025
-
7.3
HIGHCVE-2024-4454
WithSecure Elements Endpoint Protection Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of WithSecure Elements Endpoint Protection. User interaction on the... Read more
Affected Products : windows client_security elements_endpoint_protection email_and_server_security server_security- Published: May. 22, 2024
- Modified: Aug. 14, 2025
-
8.7
HIGHCVE-2024-10383
An issue has been discovered in the gitlab-web-ide-vscode-fork component distributed over CDN affecting all versions prior to 1.89.1-1.0.0-dev-20241118094343and used by all versions of GitLab CE/EE starting from 15.11 prior to 17.3 and which also temporar... Read more
- Published: Feb. 07, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Cross-Site Scripting
-
4.3
MEDIUMCVE-2024-51461
IBM QRadar WinCollect Agent 10.0 through 10.1.13 could allow a remote attacker to cause a denial of service by interrupting an HTTP request that could consume memory resources.... Read more
Affected Products : qradar_wincollect- Published: Apr. 11, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Denial of Service
-
4.0
MEDIUMCVE-2024-22338
IBM Security Verify Access OIDC Provider 22.09 through 23.03 could disclose sensitive information to a local user due to hazardous input validation. IBM X-Force ID: 279978.... Read more
Affected Products : security_verify_access_oidc_provider- Published: May. 31, 2024
- Modified: Aug. 14, 2025
-
6.3
MEDIUMCVE-2024-37312
user_oidc app is an OpenID Connect user backend for Nextcloud. Missing access control on the ID4me endpoint allows an attacker to register an account eventually getting access to data that is available to all registered users. It is recommended that the O... Read more
- Published: Jun. 14, 2024
- Modified: Aug. 14, 2025
-
5.5
MEDIUMCVE-2025-1998
IBM UrbanCode Deploy (UCD) through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 stores potentially sensitive authentication token information in log files that could be read by a loc... Read more
- Published: Mar. 27, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Information Disclosure
-
5.4
MEDIUMCVE-2025-1997
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 could allow unauthorized access to other services or potential exposure of sen... Read more
- Published: Mar. 27, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Authentication