Latest CVE Feed
-
7.5
HIGHCVE-2025-0149
Insufficient verification of data authenticity in some Zoom Workplace Apps may allow an unprivileged user to conduct a denial of service via network access.... Read more
- Published: Mar. 11, 2025
- Modified: Aug. 19, 2025
- Vuln Type: Denial of Service
-
7.8
HIGHCVE-2025-25175
A vulnerability has been identified in Simcenter Femap V2401 (All versions < V2401.0003), Simcenter Femap V2406 (All versions < V2406.0002). The affected application contains a memory corruption vulnerability while parsing specially crafted .NEU files. T... Read more
Affected Products : simcenter_femap- Published: Mar. 13, 2025
- Modified: Aug. 19, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2023-4458
A flaw was found within the parsing of extended attributes in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage thi... Read more
Affected Products : linux_kernel- Published: Nov. 14, 2024
- Modified: Aug. 19, 2025
-
6.5
MEDIUMCVE-2024-45556
Cryptographic issue may arise because the access control configuration permits Linux to read key registers in TCSR.... Read more
Affected Products : sd_8_gen1_5g_firmware wcd9380_firmware wcd9385_firmware wcn3980_firmware wsa8830_firmware wsa8835_firmware ipq9008_firmware ipq9574_firmware qca8075_firmware qca8081_firmware +110 more products- Published: Apr. 07, 2025
- Modified: Aug. 19, 2025
- Vuln Type: Cryptography
-
7.8
HIGHCVE-2024-45557
Memory corruption can occur when TME processes addresses from TZ and MPSS requests without proper validation.... Read more
Affected Products : sd_8_gen1_5g_firmware wcd9380_firmware wcd9385_firmware wcn3988_firmware wsa8810_firmware wsa8815_firmware wsa8830_firmware wsa8835_firmware ar8035_firmware qca6584au_firmware +112 more products- Published: Apr. 07, 2025
- Modified: Aug. 19, 2025
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2023-52927
In the Linux kernel, the following vulnerability has been resolved: netfilter: allow exp not to be removed in nf_ct_find_expectation Currently nf_conntrack_in() calling nf_ct_find_expectation() will remove the exp from the hash table. However, in some s... Read more
Affected Products : linux_kernel- Published: Mar. 14, 2025
- Modified: Aug. 19, 2025
- Vuln Type: Misconfiguration
-
7.8
HIGHCVE-2025-21421
Memory corruption while processing escape code in API.... Read more
Affected Products : aqt1000_firmware qca6391_firmware qca6420_firmware qca6430_firmware wcd9341_firmware wcd9380_firmware wcd9385_firmware wsa8810_firmware wsa8815_firmware wsa8830_firmware +80 more products- Published: Apr. 07, 2025
- Modified: Aug. 19, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-21423
Memory corruption occurs when handling client calls to EnableTestMode through an Escape call.... Read more
Affected Products : aqt1000_firmware qca6391_firmware qca6420_firmware qca6430_firmware wcd9341_firmware wcd9380_firmware wcd9385_firmware wsa8810_firmware wsa8815_firmware wsa8830_firmware +80 more products- Published: Apr. 07, 2025
- Modified: Aug. 19, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-21425
Memory corruption may occur due top improper access control in HAB process.... Read more
Affected Products : qam8295p_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa6145p_firmware sa6150p_firmware sa6155p_firmware sa8145p_firmware sa8150p_firmware sa8155p_firmware +56 more products- Published: Apr. 07, 2025
- Modified: Aug. 19, 2025
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2025-21431
Information disclosure may be there when a guest VM is connected.... Read more
Affected Products : qam8295p_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa6145p_firmware sa6150p_firmware sa6155p_firmware sa8145p_firmware sa8150p_firmware sa8155p_firmware +62 more products- Published: Apr. 07, 2025
- Modified: Aug. 19, 2025
- Vuln Type: Information Disclosure
-
7.8
HIGHCVE-2025-21442
Memory corruption while transmitting packet mapping information with invalid header payload size.... Read more
Affected Products : qam8295p_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa8295p_firmware qca6595_firmware qca6698aq_firmware sa8540p_firmware sa9000p_firmware qam8255p_firmware +42 more products- Published: Apr. 07, 2025
- Modified: Aug. 19, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-21443
Memory corruption while processing message content in eAVB.... Read more
Affected Products : qam8295p_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa6145p_firmware sa6150p_firmware sa6155p_firmware sa8145p_firmware sa8150p_firmware sa8155p_firmware +62 more products- Published: Apr. 07, 2025
- Modified: Aug. 19, 2025
- Vuln Type: Memory Corruption
-
6.3
MEDIUMCVE-2024-49825
IBM Robotic Process Automation and Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.20 and 23.0.0 through 23.0.20 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system.... Read more
- Published: Apr. 14, 2025
- Modified: Aug. 19, 2025
- Vuln Type: Authentication
-
7.5
HIGHCVE-2024-22314
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.12 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.... Read more
Affected Products : storage_defender_resiliency_service- Published: Apr. 16, 2025
- Modified: Aug. 19, 2025
- Vuln Type: Cryptography
-
8.1
HIGHCVE-2020-10650
A deserialization flaw was discovered in jackson-databind through 2.9.10.4. It could allow an unauthenticated user to perform code execution via ignite-jta or quartz-core: org.apache.ignite.cache.jta.jndi.CacheJndiTmLookup, org.apache.ignite.cache.jta.jnd... Read more
- Published: Dec. 26, 2022
- Modified: Aug. 19, 2025
-
8.0
HIGHCVE-2022-21661
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, there can be cases where SQL injection is possible through plugins or themes that use it in a certai... Read more
- Published: Jan. 06, 2022
- Modified: Aug. 19, 2025
-
7.8
HIGHCVE-2025-6230
A SQL injection vulnerability was reported in Lenovo Vantage that could allow a local attacker to modify the local SQLite database and execute limited SQLite commands.... Read more
- Published: Jul. 17, 2025
- Modified: Aug. 19, 2025
- Vuln Type: Injection
-
8.5
HIGHCVE-2025-7848
A memory corruption vulnerability due to improper input validation in lvpict.cpp exists in NI LabVIEW that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerabil... Read more
Affected Products : labview- Published: Jul. 29, 2025
- Modified: Aug. 19, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2024-8927
In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be con... Read more
- Published: Oct. 08, 2024
- Modified: Aug. 19, 2025
-
3.3
LOWCVE-2024-9026
In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catch_workers_output = yes, it may be possible to pollute the final log or remove up to 4 character... Read more
- Published: Oct. 08, 2024
- Modified: Aug. 19, 2025