Latest CVE Feed
-
6.5
MEDIUMCVE-2025-34241
Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxDeviceController.ajaxDeviceAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure... Read more
Affected Products : webaccess\/vpn- Published: Nov. 06, 2025
- Modified: Nov. 28, 2025
- Vuln Type: Injection
-
8.6
HIGHCVE-2025-34240
Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AppManagementController.appUpgradeAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclos... Read more
Affected Products : webaccess\/vpn- Published: Nov. 06, 2025
- Modified: Nov. 28, 2025
- Vuln Type: Injection
-
6.2
MEDIUMCVE-2025-34236
Advantech WebAccess/VPN versions prior to 1.1.5 contain a stored cross-site scripting (XSS) vulnerability via NetworksController.addNetworkAction(). Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arb... Read more
Affected Products : webaccess\/vpn- Published: Nov. 06, 2025
- Modified: Nov. 28, 2025
- Vuln Type: Cross-Site Scripting
-
6.3
MEDIUMCVE-2025-34237
Advantech WebAccess/VPN versions prior to 1.1.5 contain a stored cross-site scripting (XSS) vulnerability via StandaloneVpnClientsController.addStandaloneVpnClientAction(). Insufficient validation or escaping of user-supplied input may allow an attacker t... Read more
Affected Products : webaccess\/vpn- Published: Nov. 06, 2025
- Modified: Nov. 28, 2025
- Vuln Type: Cross-Site Scripting
-
9.8
CRITICALCVE-2025-65085
A Heap-based Buffer Overflow vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.207 and prior that could allow an attacker to disclose information or execute arbitrary code.... Read more
- Published: Nov. 25, 2025
- Modified: Nov. 28, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-65084
An Out-of-Bounds Write vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.207 and prior that could allow an attacker to disclose information or execute arbitrary code.... Read more
- Published: Nov. 25, 2025
- Modified: Nov. 28, 2025
- Vuln Type: Memory Corruption
-
4.6
MEDIUMCVE-2025-60917
A reflected cross-site scripting (XSS) vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted pay... Read more
Affected Products : openatlas- Published: Nov. 24, 2025
- Modified: Nov. 28, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-60916
A reflected cross-site scripting (XSS) vulnerability in the /overview/network/ endpoint of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted pay... Read more
Affected Products : openatlas- Published: Nov. 24, 2025
- Modified: Nov. 28, 2025
- Vuln Type: Cross-Site Scripting
-
8.1
HIGHCVE-2025-60915
An issue in the size query parameter (/views/file.py) of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute a path traversal via a crafted request.... Read more
Affected Products : openatlas- Published: Nov. 24, 2025
- Modified: Nov. 28, 2025
- Vuln Type: Path Traversal
-
4.6
MEDIUMCVE-2025-60914
Incorrect access control in Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to access sensitive information via sending a crafted GET request to the /display_logo endpoint.... Read more
Affected Products : openatlas- Published: Nov. 24, 2025
- Modified: Nov. 28, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-56423
An issue in Austrian Academy of Sciences (AW) Austrian Archaeological Institute OpenAtlas v.8.12.0 allows a remote attacker to obtain sensitive information via the login error messages... Read more
Affected Products : openatlas- Published: Nov. 24, 2025
- Modified: Nov. 28, 2025
- Vuln Type: Information Disclosure
-
4.3
MEDIUMCVE-2025-59454
In Apache CloudStack, a gap in access control checks affected the APIs - createNetworkACL - listNetworkACLs - listResourceDetails - listVirtualMachinesUsageHistory - listVolumesUsageHistory While these APIs were accessible only to authorized users, insuf... Read more
Affected Products : cloudstack- Published: Nov. 27, 2025
- Modified: Nov. 28, 2025
- Vuln Type: Authorization
-
6.3
MEDIUMCVE-2025-51736
File upload vulnerability in HCL Technologies Ltd. Unica 12.0.0.... Read more
Affected Products :- Published: Nov. 28, 2025
- Modified: Nov. 28, 2025
-
7.5
HIGHCVE-2025-51735
CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0.... Read more
Affected Products :- Published: Nov. 28, 2025
- Modified: Nov. 28, 2025
- Vuln Type: Injection
-
5.4
MEDIUMCVE-2025-51734
Cross-site scripting (XSS) vulnerability in HCL Technologies Ltd. Unica 12.0.0.... Read more
Affected Products :- Published: Nov. 28, 2025
- Modified: Nov. 28, 2025
- Vuln Type: Cross-Site Scripting
-
5.5
MEDIUMCVE-2025-51733
Cross-Site Request Forgery (CSRF) vulnerability in HCL Technologies Ltd. Unica 12.0.0.... Read more
Affected Products :- Published: Nov. 28, 2025
- Modified: Nov. 28, 2025
- Vuln Type: Cross-Site Request Forgery
-
2.4
LOWCVE-2025-13742
Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when {name} is used in an email template, it will be replaced with the buyer's name for the final email. If the name of the attendee contained HTML or Mark... Read more
Affected Products : pretix- Published: Nov. 27, 2025
- Modified: Nov. 28, 2025
- Vuln Type: Information Disclosure
-
8.8
HIGHCVE-2025-12183
Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input.... Read more
Affected Products :- Published: Nov. 28, 2025
- Modified: Nov. 28, 2025
- Vuln Type: Memory Corruption
-
9.3
CRITICALCVE-2025-33187
NVIDIA DGX Spark GB10 contains a vulnerability in SROOT, where an attacker could use privileged access to gain access to SoC protected areas. A successful exploit of this vulnerability might lead to code execution, information disclosure, data tampering, ... Read more
- Published: Nov. 25, 2025
- Modified: Nov. 28, 2025
- Vuln Type: Authorization
-
8.0
HIGHCVE-2025-33188
NVIDIA DGX Spark GB10 contains a vulnerability in hardware resources where an attacker could tamper with hardware controls. A successful exploit of this vulnerability might lead to information disclosure, data tampering, or denial of service.... Read more
- Published: Nov. 25, 2025
- Modified: Nov. 28, 2025
- Vuln Type: Information Disclosure