Latest CVE Feed
-
9.3
CRITICALCVE-2012-10030
FreeFloat FTP Server contains multiple critical design flaws that allow unauthenticated remote attackers to upload arbitrary files to sensitive system directories. The server accepts empty credentials, defaults user access to the root of the C:\ drive, an... Read more
Affected Products : freefloat_ftp_server- Published: Aug. 05, 2025
- Modified: Aug. 06, 2025
- Vuln Type: Authentication
-
6.9
MEDIUMCVE-2012-10023
A stack-based buffer overflow vulnerability exists in FreeFloat FTP Server version 1.0.0. The server fails to properly validate input passed to the USER command, allowing remote attackers to overwrite memory and potentially execute arbitrary code. The fla... Read more
Affected Products : freefloat_ftp_server- Published: Aug. 05, 2025
- Modified: Aug. 06, 2025
- Vuln Type: Memory Corruption
-
8.7
HIGHCVE-2025-36557
When an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS)... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +3 more products- Published: May. 07, 2025
- Modified: Aug. 06, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-53629
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.23.0, incoming requests using Transfer-Encoding: chunked in the header can allocate memory arbitrarily in the server, potentially leading to its exhaustion. This ... Read more
- Published: Jul. 10, 2025
- Modified: Aug. 06, 2025
- Vuln Type: Denial of Service
-
8.8
HIGHCVE-2025-53628
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.20.1, cpp-httplib does not have a limit for a unique line, permitting an attacker to explore this to allocate memory arbitrarily. This vulnerability is fixed in 0... Read more
- Published: Jul. 10, 2025
- Modified: Aug. 06, 2025
- Vuln Type: Denial of Service
-
7.6
HIGHCVE-2025-26621
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.5.2, any user with the capability manage customizations can edit webhook that will execute javascript code. This can be abused to cause... Read more
Affected Products : opencti- Published: May. 19, 2025
- Modified: Aug. 06, 2025
-
7.5
HIGH- Published: Jun. 17, 2025
- Modified: Aug. 06, 2025
- Vuln Type: Information Disclosure
-
8.8
HIGHCVE-2025-5349
Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway... Read more
- Published: Jun. 17, 2025
- Modified: Aug. 06, 2025
- Vuln Type: Authentication
-
9.4
CRITICALCVE-2025-48952
NetAlertX is a network, presence scanner, and alert framework. Prior to version 25.6.7, a vulnerability in the authentication logic allows users to bypass password verification using SHA-256 magic hashes, due to loose comparison in PHP. In vulnerable vers... Read more
Affected Products : netalertx- Published: Jul. 04, 2025
- Modified: Aug. 06, 2025
- Vuln Type: Authentication
-
8.8
HIGHCVE-2024-42655
An access control issue in NanoMQ v0.21.10 allows attackers to bypass security restrictions and access sensitive system topic messages using MQTT wildcard characters.... Read more
Affected Products : nanomq- Published: Jul. 29, 2025
- Modified: Aug. 06, 2025
- Vuln Type: Authorization
-
8.6
HIGHCVE-2025-0320
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Secure Access Client for Windows... Read more
- Published: Jun. 17, 2025
- Modified: Aug. 06, 2025
- Vuln Type: Authorization
-
6.1
MEDIUMCVE-2025-1223
An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data in Citrix Secure Access Client for Mac... Read more
- Published: Feb. 20, 2025
- Modified: Aug. 06, 2025
- Vuln Type: Authorization
-
6.1
MEDIUMCVE-2025-1222
An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data in Citrix Secure Access Client for Mac... Read more
- Published: Feb. 20, 2025
- Modified: Aug. 06, 2025
- Vuln Type: Authorization
-
7.8
HIGHCVE-2025-6759
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Windows Virtual Delivery Agent for CVAD and Citrix DaaS... Read more
Affected Products : virtual_apps_and_desktops- Published: Jul. 08, 2025
- Modified: Aug. 06, 2025
- Vuln Type: Authorization
-
7.8
HIGHCVE-2025-4879
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows... Read more
Affected Products : workspace- Published: Jun. 17, 2025
- Modified: Aug. 06, 2025
- Vuln Type: Authorization
-
9.1
CRITICALCVE-2025-6087
A Server-Side Request Forgery (SSRF) vulnerability was identified in the @opennextjs/cloudflare package. The vulnerability stems from an unimplemented feature in the Cloudflare adapter for Open Next, which allowed unauthenticated users to proxy arbitrary ... Read more
- Published: Jun. 16, 2025
- Modified: Aug. 06, 2025
- Vuln Type: Server-Side Request Forgery
-
9.8
CRITICALCVE-2025-8274
A vulnerability classified as critical was found in Campcodes Online Recruitment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=save_recruitment_status. The manipulation of the argument... Read more
Affected Products : online_recruitment_management_system- Published: Jul. 28, 2025
- Modified: Aug. 06, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2024-49342
IBM Informix Dynamic Server 12.10 and 14.10 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.... Read more
Affected Products : informix_dynamic_server- Published: Jul. 28, 2025
- Modified: Aug. 06, 2025
- Vuln Type: Authentication
-
5.4
MEDIUMCVE-2024-49343
IBM Informix Dynamic Server 12.10 and 14.10 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.... Read more
Affected Products : informix_dynamic_server- Published: Jul. 28, 2025
- Modified: Aug. 06, 2025
- Vuln Type: Cross-Site Scripting
-
8.8
HIGHCVE-2025-8247
A vulnerability classified as critical has been found in Projectworlds Online Admission System 1.0. This affects an unknown part of the file /admin.php. The manipulation of the argument markof leads to sql injection. It is possible to initiate the attack ... Read more
Affected Products : online_admission_system- Published: Jul. 28, 2025
- Modified: Aug. 06, 2025
- Vuln Type: Injection