Latest CVE Feed
-
7.5
HIGHCVE-2024-5228
TP-Link Omada ER605 Comexe DDNS Response Handling Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Aut... Read more
- Published: May. 23, 2024
- Modified: Aug. 06, 2025
-
7.5
HIGHCVE-2024-5227
TP-Link Omada ER605 PPTP VPN username Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not req... Read more
- Published: May. 23, 2024
- Modified: Aug. 06, 2025
-
7.5
HIGHCVE-2025-20128
A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an integer underf... Read more
- Published: Jan. 22, 2025
- Modified: Aug. 06, 2025
- Vuln Type: Denial of Service
-
6.1
MEDIUMCVE-2025-8319
the BMA login interface allows arbitrary JavaScript or HTML to be written straight into the page’s Document Object Model via the error= URL parameter... Read more
Affected Products : message_archiver_firmware- Published: Jul. 30, 2025
- Modified: Aug. 06, 2025
- Vuln Type: Cross-Site Scripting
-
8.1
HIGHCVE-2020-3538
A vulnerability in a certain REST API endpoint of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to perform a path traversal attack on an affected device. The vulnerability is due to insufficient path... Read more
- Published: Nov. 18, 2024
- Modified: Aug. 06, 2025
-
5.4
MEDIUMCVE-2020-3420
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to conduct a cros... Read more
Affected Products : unified_communications_manager- Published: Nov. 18, 2024
- Modified: Aug. 06, 2025
-
6.5
MEDIUMCVE-2025-54656
** UNSUPPORTED WHEN ASSIGNED ** Improper Output Neutralization for Logs vulnerability in Apache Struts. This issue affects Apache Struts Extras: before 2. When using LookupDispatchAction, in some cases, Struts may print untrusted input to the logs witho... Read more
Affected Products : struts_extras- Published: Jul. 30, 2025
- Modified: Aug. 06, 2025
- Vuln Type: Information Disclosure
-
5.4
MEDIUMCVE-2025-46958
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more
- Published: Aug. 05, 2025
- Modified: Aug. 06, 2025
- Vuln Type: Cross-Site Scripting
-
8.6
HIGHCVE-2024-20271
A vulnerability in the IP packet processing of Cisco Access Point (AP) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validati... Read more
- Published: Mar. 27, 2024
- Modified: Aug. 06, 2025
-
5.3
MEDIUMCVE-2020-26062
A vulnerability in Cisco Integrated Management Controller could allow an unauthenticated, remote attacker to enumerate valid usernames within the vulnerable application. The vulnerability is due to differences in authentication responses sent back f... Read more
Affected Products : unified_computing_system- Published: Nov. 18, 2024
- Modified: Aug. 06, 2025
-
7.5
HIGHCVE-2023-39180
A flaw was found within the handling of SMB2_READ commands in the kernel ksmbd module. The issue results from not releasing memory after its effective lifetime. An attacker can leverage this to create a denial-of-service condition on affected installation... Read more
Affected Products : linux_kernel- Published: Nov. 18, 2024
- Modified: Aug. 06, 2025
-
7.5
HIGHCVE-2023-39179
A flaw was found within the handling of SMB2 read requests in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage thi... Read more
Affected Products : linux_kernel- Published: Nov. 18, 2024
- Modified: Aug. 06, 2025
-
7.5
HIGHCVE-2023-39176
A flaw was found within the parsing of SMB2 requests that have a transform header in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An at... Read more
Affected Products : linux_kernel- Published: Nov. 18, 2024
- Modified: Aug. 06, 2025
-
9.8
CRITICALCVE-2023-43091
A flaw was found in GNOME Maps, which is vulnerable to a code injection attack via its service.json configuration file. If the configuration file is malicious, it may execute arbitrary code.... Read more
Affected Products : gnome-maps- Published: Nov. 17, 2024
- Modified: Aug. 06, 2025
-
6.5
MEDIUMCVE-2025-0921
Execution with Unnecessary Privileges vulnerability in multiple services of Mitsubishi Electric Iconics Digital Solutions GENESIS64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS version 11.00, Mitsubishi Electric GENESIS64 all versio... Read more
Affected Products : mc_works64- Published: May. 15, 2025
- Modified: Aug. 06, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-51060
An issue was discovered in CPUID cpuz.sys 1.0.5.4. An attacker can use DeviceIoControl with the unvalidated parameters 0x9C402440 and 0x9C402444 as IoControlCodes to perform RDMSR and WRMSR, respectively. Through this process, the attacker can modify MSR_... Read more
Affected Products :- Published: Aug. 05, 2025
- Modified: Aug. 05, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-29745
A vulnerability affecting the scanning module in Emsisoft Anti-Malware prior to 2024.12 allows attackers on a remote server to obtain Net-NTLMv2 hash information via a specially created A2S (Emsisoft Custom Scan) extension file.... Read more
Affected Products :- Published: Aug. 05, 2025
- Modified: Aug. 05, 2025
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2025-43980
An issue was discovered on FIRSTNUM JC21A-04 devices through 2.01ME/FN. They enable the SSH service by default with the credentials of root/admin. The GUI doesn't offer a way to disable the account.... Read more
Affected Products :- Published: Aug. 05, 2025
- Modified: Aug. 05, 2025
- Vuln Type: Authentication
-
7.1
HIGHCVE-2025-7674
Improper Input Validation vulnerability in Roche Diagnostics navify Monitoring allows an attacker to manipulate input data, which may lead to a denial of service (DoS) due to negatively impacting the server's performance. This vulnerability has no impact ... Read more
Affected Products :- Published: Aug. 05, 2025
- Modified: Aug. 05, 2025
- Vuln Type: Denial of Service
-
7.4
HIGHCVE-2025-43978
Jointelli 5G CPE 21H01 firmware JY_21H01_A3_v1.36 devices allow (blind) OS command injection. Multiple endpoints are vulnerable, including /ubus/?flag=set_WPS_pin and /ubus/?flag=netAppStar1 and /ubus/?flag=set_wifi_cfgs. This allows an authenticated atta... Read more
Affected Products :- Published: Aug. 05, 2025
- Modified: Aug. 05, 2025
- Vuln Type: Injection