Latest CVE Feed
-
2.1
LOWCVE-2025-58352
Weblate is a web based localization tool. Versions lower than 5.13.1 contain a vulnerability that causes long session expiry during the second factor verification. The long session expiry could be used to circumvent rate limiting of the second factor. Th... Read more
Affected Products : weblate- Published: Sep. 05, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Authentication
-
7.2
HIGHCVE-2025-58179
Astro is a web framework for content-driven websites. Versions 11.0.3 through 12.6.5 are vulnerable to SSRF when using Astro's Cloudflare adapter. When configured with output: 'server' while using the default imageService: 'compile', the generated image o... Read more
Affected Products :- Published: Sep. 05, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Server-Side Request Forgery
-
5.1
MEDIUMCVE-2025-55739
api is a module for FreePBX@, which is an open source GUI that controls and manages Asterisk© (PBX). In versions lower than 15.0.13, 16.0.2 through 16.0.14, 17.0.1 and 17.0.2, there is an identical OAuth private key used across multiple systems that insta... Read more
Affected Products :- Published: Sep. 05, 2025
- Modified: Sep. 05, 2025
- Vuln Type: Authentication
-
6.5
MEDIUMCVE-2024-41206
A stack-based buffer over-read in tsMuxer version nightly-2024-03-14-01-51-12 allows attackers to cause Information Disclosure via a crafted TS video file.... Read more
Affected Products : tsmuxer- Published: Nov. 14, 2024
- Modified: Sep. 05, 2025
-
8.8
HIGHCVE-2024-41209
A heap-based buffer overflow in tsMuxer version nightly-2024-03-14-01-51-12 allows attackers to cause Denial of Service (DoS) and Code Execution via a crafted MOV video file.... Read more
Affected Products : tsmuxer- Published: Nov. 14, 2024
- Modified: Sep. 05, 2025
-
6.5
MEDIUMCVE-2024-41217
A heap-based buffer overflow in tsMuxer version nightly-2024-05-10-02-00-45 allows attackers to cause Denial of Service (DoS) via a crafted MKV video file.... Read more
Affected Products : tsmuxer- Published: Nov. 14, 2024
- Modified: Sep. 05, 2025
-
6.5
MEDIUMCVE-2024-49776
A negative-size-param in tsMuxer version nightly-2024-04-05-01-53-02 allows attackers to cause Denial of Service (DoS) via a crafted TS video file.... Read more
Affected Products : tsmuxer- Published: Nov. 14, 2024
- Modified: Sep. 05, 2025
-
8.8
HIGHCVE-2024-49777
A heap-based buffer overflow in tsMuxer version nightly-2024-03-14-01-51-12 allows attackers to cause Denial of Service (DoS), Information Disclosure and Code Execution via a crafted MKV video file.... Read more
Affected Products : tsmuxer- Published: Nov. 14, 2024
- Modified: Sep. 05, 2025
-
8.8
HIGHCVE-2024-49778
A heap-based buffer overflow in tsMuxer version nightly-2024-05-12-02-01-18 allows attackers to cause Denial of Service (DoS) and Code Execution via a crafted MOV video file.... Read more
Affected Products : tsmuxer- Published: Nov. 14, 2024
- Modified: Sep. 05, 2025
-
6.5
MEDIUMCVE-2024-52520
Nextcloud Server is a self hosted personal cloud system. Due to a pre-flighted HEAD request, the link reference provider could be tricked into downloading bigger websites than intended, to find open-graph data. It is recommended that the Nextcloud Server ... Read more
- Published: Nov. 15, 2024
- Modified: Sep. 05, 2025
-
5.7
MEDIUMCVE-2024-52509
Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. The Nextcloud mail app incorrectly allowed attaching shared files without download permissions as attachments. This allowed users to send them the files to themselves and t... Read more
- Published: Nov. 15, 2024
- Modified: Sep. 04, 2025
-
9.8
CRITICALCVE-2024-10934
In OpenBSD 7.5 before errata 008 and OpenBSD 7.4 before errata 021, avoid possible mbuf double free in NFS client and server implementation, do not use uninitialized variable in error handling of NFS server.... Read more
- Published: Nov. 15, 2024
- Modified: Sep. 04, 2025
-
8.8
HIGHCVE-2024-51503
A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected machine. In certain circumstances, attackers that have legitim... Read more
Affected Products : deep_security_agent- Published: Nov. 19, 2024
- Modified: Sep. 04, 2025
-
7.5
HIGHCVE-2024-52802
RIOT is an operating system for internet of things (IoT) devices. In version 2024.04 and prior, the function `_parse_advertise`, located in `/sys/net/application_layer/dhcpv6/client.c`, has no minimum header length check for `dhcpv6_opt_t` after processin... Read more
Affected Products : riot- Published: Nov. 22, 2024
- Modified: Sep. 04, 2025
-
6.1
MEDIUMCVE-2025-55305
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions below 35.7.5, 36.0.0-alpha.1 through 36.8.0, 37.0.0-alpha.1 through 37.3.1 and 38.0.0-alpha.1 through 38.0.0-beta.6, ASAR Integrity Bypass ... Read more
Affected Products : electron- Published: Sep. 04, 2025
- Modified: Sep. 04, 2025
-
9.0
CRITICALCVE-2025-55244
Azure Bot Service Elevation of Privilege Vulnerability... Read more
Affected Products : azure_bot_service- Published: Sep. 04, 2025
- Modified: Sep. 04, 2025
-
6.5
MEDIUMCVE-2025-55242
Exposure of sensitive information to an unauthorized actor in Xbox allows an unauthorized attacker to disclose information over a network.... Read more
Affected Products : xbox_gaming_services- Published: Sep. 04, 2025
- Modified: Sep. 04, 2025
-
9.0
CRITICALCVE-2025-55241
Azure Entra Elevation of Privilege Vulnerability... Read more
Affected Products : microsoft_entra_id- Published: Sep. 04, 2025
- Modified: Sep. 04, 2025
-
7.5
HIGHCVE-2025-55238
Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability... Read more
Affected Products : dynamics_365_fasttrack_implementation- Published: Sep. 04, 2025
- Modified: Sep. 04, 2025
-
5.1
MEDIUMCVE-2025-55209
contactmanager is a module for FreePBX@, which is an open source GUI that controls and manages Asterisk© (PBX). In versions 15.0.14 and below, 16.0.0 through 16.0.26.4 and 17.0.0 through 17.0.5, a stored cross-site scripting (XSS) vulnerability in FreePB... Read more
Affected Products :- Published: Sep. 04, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Cross-Site Scripting