Latest CVE Feed
-
10.0
CRITICALCVE-2024-39754
A static login vulnerability exists in the wctrls functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of network packets can lead to root access. An attacker can send packets to trigger this vulnerability.... Read more
- Published: Jan. 14, 2025
- Modified: Aug. 21, 2025
-
7.5
HIGHCVE-2018-25032
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.... Read more
Affected Products : fedora debian_linux active_iq_unified_manager h410c_firmware ontap_select_deploy_administration_utility macos mariadb oncommand_workflow_automation e-series_santricity_os_controller h300s_firmware +29 more products- EPSS Score: %0.09
- Published: Mar. 25, 2022
- Modified: Aug. 21, 2025
-
9.8
CRITICALCVE-2025-5309
The chat feature within Remote Support (RS) and Privileged Remote Access (PRA) is vulnerable to a Server-Side Template Injection vulnerability which can lead to remote code execution.... Read more
- Published: Jun. 16, 2025
- Modified: Aug. 21, 2025
-
9.8
CRITICALCVE-2025-1113
A vulnerability was found in taisan tarzan-cms up to 1.0.0. It has been rated as critical. This issue affects the function upload of the file /admin#themes of the component Add Theme Handler. The manipulation leads to deserialization. The attack may be in... Read more
Affected Products : tarzan-cms- Published: Feb. 07, 2025
- Modified: Aug. 21, 2025
-
7.8
HIGHCVE-2025-6035
A flaw was found in GIMP. An integer overflow vulnerability exists in the GIMP "Despeckle" plug-in. The issue occurs due to unchecked multiplication of image dimensions, such as width, height, and bytes-per-pixel (img_bpp), which can result in allocating... Read more
- Published: Jun. 13, 2025
- Modified: Aug. 21, 2025
-
7.5
HIGHCVE-2025-48807
Improper restriction of communication channel to intended endpoints in Windows Hyper-V allows an authorized attacker to execute code locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 +3 more products- Published: Aug. 12, 2025
- Modified: Aug. 21, 2025
-
7.5
HIGHCVE-2025-1759
IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory.... Read more
Affected Products : concert- Published: Aug. 18, 2025
- Modified: Aug. 21, 2025
-
7.5
HIGHCVE-2024-49827
IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to excessive data exposure, allowing attackers to access sensitive information without proper filtering.... Read more
Affected Products : concert- Published: Aug. 18, 2025
- Modified: Aug. 21, 2025
-
6.2
MEDIUMCVE-2025-43201
This issue was addressed with improved checks. This issue is fixed in Apple Music Classical 2.3 for Android. An app may be able to unexpectedly leak a user's credentials.... Read more
Affected Products : music_classical- Published: Aug. 15, 2025
- Modified: Aug. 21, 2025
-
4.3
MEDIUMCVE-2025-8996
Missing Authorization vulnerability in Drupal Layout Builder Advanced Permissions allows Forceful Browsing.This issue affects Layout Builder Advanced Permissions: from 0.0.0 before 2.2.0.... Read more
Affected Products : layout_builder_advanced_permissions- Published: Aug. 15, 2025
- Modified: Aug. 21, 2025
-
9.8
CRITICALCVE-2025-8995
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator Login allows Authentication Bypass.This issue affects Authenticator Login: from 0.0.0 before 2.1.4.... Read more
Affected Products : authenticator_login- Published: Aug. 15, 2025
- Modified: Aug. 21, 2025
-
8.8
HIGHCVE-2025-8675
Server-Side Request Forgery (SSRF) vulnerability in Drupal AI SEO Link Advisor allows Server Side Request Forgery.This issue affects AI SEO Link Advisor: from 0.0.0 before 1.0.6.... Read more
Affected Products : ai_seo_link_advisor- Published: Aug. 15, 2025
- Modified: Aug. 21, 2025
-
7.5
HIGHCVE-2025-53817
7-Zip is a file archiver with a high compression ratio. 7-Zip supports extracting from Compound Documents. Prior to version 25.0.0, a null pointer dereference in the Compound handler may lead to denial of service. Version 25.0.0 contains a fix cor the iss... Read more
Affected Products : 7-zip- Published: Jul. 17, 2025
- Modified: Aug. 21, 2025
-
7.5
HIGHCVE-2025-53816
7-Zip is a file archiver with a high compression ratio. Zeroes written outside heap buffer in RAR5 handler may lead to memory corruption and denial of service in versions of 7-Zip prior to 25.0.0. Version 25.0.0 contains a fix for the issue.... Read more
Affected Products : 7-zip- Published: Jul. 17, 2025
- Modified: Aug. 21, 2025
-
7.5
HIGHCVE-2024-42490
authentik is an open-source Identity Provider. Several API endpoints can be accessed by users without correct authentication/authorization. The main API endpoints affected by this are /api/v3/crypto/certificatekeypairs/<uuid>/view_certificate/, /api/v3/cr... Read more
Affected Products : authentik- Published: Aug. 22, 2024
- Modified: Aug. 21, 2025
-
9.0
CRITICALCVE-2024-47070
authentik is an open-source identity provider. A vulnerability that exists in versions prior to 2024.8.3 and 2024.6.5 allows bypassing password login by adding X-Forwarded-For header with an unparsable IP address, e.g. `a`. This results in a possibility o... Read more
Affected Products : authentik- Published: Sep. 27, 2024
- Modified: Aug. 21, 2025
-
6.5
MEDIUMCVE-2024-47077
authentik is an open-source identity provider. Prior to versions 2024.8.3 and 2024.6.5, access tokens issued to one application can be stolen by that application and used to impersonate the user against any other proxy provider. Also, a user can steal an ... Read more
Affected Products : authentik- Published: Sep. 27, 2024
- Modified: Aug. 21, 2025
-
7.5
HIGHCVE-2025-33090
IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to cause a denial of service using a specially crafted regular expression that would cause excessive resource consumption.... Read more
Affected Products : concert- Published: Aug. 18, 2025
- Modified: Aug. 21, 2025
-
8.8
HIGHCVE-2025-36120
IBM Storage Virtualize 8.4, 8.5, 8.6, and 8.7 could allow an authenticated user to escalate their privileges in an SSH session due to incorrect authorization checks to access resources.... Read more
Affected Products : storage_virtualize- Published: Aug. 18, 2025
- Modified: Aug. 21, 2025
-
7.2
HIGHCVE-2024-52287
authentik is an open-source identity provider. When using the client_credentials or device_code OAuth grants, it was possible for an attacker to get a token from authentik with scopes that haven't been configured in authentik. authentik 2024.8.5 and 2024.... Read more
Affected Products : authentik- Published: Nov. 21, 2024
- Modified: Aug. 21, 2025