Latest CVE Feed
-
6.5
MEDIUMCVE-2025-8529
A vulnerability classified as critical was found in cloudfavorites favorites-web up to 1.3.0. Affected by this vulnerability is the function getCollectLogoUrl of the file app/src/main/java/com/favorites/web/CollectController.java. The manipulation of the ... Read more
Affected Products : favorites-web- Published: Aug. 04, 2025
- Modified: Aug. 05, 2025
- Vuln Type: Server-Side Request Forgery
-
5.5
MEDIUMCVE-2025-2810
A low privileged local attacker can abuse the affected service by using a hardcoded cryptographic key.... Read more
Affected Products :- Published: Aug. 05, 2025
- Modified: Aug. 05, 2025
- Vuln Type: Cryptography
-
5.3
MEDIUMCVE-2025-5988
A flaw was found in the Ansible aap-gateway. Cross-site request forgery (CSRF) origin checking is not done on requests from the gateway to external components, such as the controller, hub, and eda.... Read more
Affected Products :- Published: Aug. 04, 2025
- Modified: Aug. 05, 2025
- Vuln Type: Cross-Site Request Forgery
-
2.0
LOWCVE-2025-4599
The fragment preview functionality in Liferay Portal 7.4.3.61 through 7.4.3.132, and Liferay DXP 2024.Q4.1 through 2024.Q4.5, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.13 and 7.4 update 61 through update 92 was ... Read more
- Published: Aug. 04, 2025
- Modified: Aug. 05, 2025
- Vuln Type: Cross-Site Scripting
-
6.7
MEDIUMCVE-2025-30097
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Ne... Read more
Affected Products :- Published: Aug. 04, 2025
- Modified: Aug. 05, 2025
- Vuln Type: Injection
-
6.7
MEDIUMCVE-2025-30098
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Ne... Read more
Affected Products :- Published: Aug. 04, 2025
- Modified: Aug. 05, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-36594
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Authenticat... Read more
Affected Products :- Published: Aug. 04, 2025
- Modified: Aug. 05, 2025
- Vuln Type: Authentication
-
8.6
HIGHCVE-2025-44643
Certain Draytek products are affected by Insecure Configuration. This affects AP903 v1.4.18 and AP912C v1.4.9 and AP918R v1.4.9. The setting of the password property in the ripd.conf configuration file sets a hardcoded weak password, posing a security ris... Read more
Affected Products :- Published: Aug. 04, 2025
- Modified: Aug. 05, 2025
- Vuln Type: Misconfiguration
-
9.8
CRITICALCVE-2025-51536
Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 as discovered to contain a hardcoded Administrator password.... Read more
Affected Products :- Published: Aug. 04, 2025
- Modified: Aug. 05, 2025
- Vuln Type: Authentication
-
5.5
MEDIUMCVE-2025-8516
A vulnerability was found in Kingdee Cloud-Starry-Sky Enterprise Edition up to 8.2. It has been classified as problematic. Affected is the function BaseServiceFactory.getFileUploadService.deleteFileAction of the file K3Cloud\BBCMallSite\WEB-INF\lib\Kingde... Read more
Affected Products :- Published: Aug. 04, 2025
- Modified: Aug. 05, 2025
- Vuln Type: Path Traversal
-
9.0
CRITICALCVE-2025-44963
RUCKUS Network Director (RND) before 4.5 allows spoofing of an administrator JWT by an attacker who knows the hardcoded value of a certain secret key.... Read more
Affected Products :- Published: Aug. 04, 2025
- Modified: Aug. 05, 2025
- Vuln Type: Authentication
-
6.5
MEDIUMCVE-2024-45183
An issue was discovered in Samsung Mobile Processor Exynos 2100, 1280, 2200, 1330, 1380, 1480, and 2400. A lack of a JPEG length check leads to an out-of-bound write.... Read more
Affected Products :- Published: Aug. 04, 2025
- Modified: Aug. 05, 2025
- Vuln Type: Memory Corruption
-
8.3
HIGHCVE-2025-21120
Dell Avamar, versions prior to 19.12 with patch 338905, excluding version 19.10SP1 with patch 338904, contains a Trusting HTTP Permission Methods on the Server-Side vulnerability in Security. A low privileged attacker with remote access could potentially ... Read more
Affected Products :- Published: Aug. 04, 2025
- Modified: Aug. 05, 2025
- Vuln Type: Misconfiguration
-
7.5
HIGHCVE-2025-38741
Dell Enterprise SONiC OS, version 4.5.0, contains a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication.... Read more
Affected Products : enterprise_sonic_distribution- Published: Aug. 04, 2025
- Modified: Aug. 05, 2025
- Vuln Type: Cryptography
-
6.9
MEDIUMCVE-2025-4604
The vulnerable code can bypass the Captcha check in Liferay Portal 7.4.3.80 through 7.4.3.132, and Liferay DXP 2024.Q1.1 through 2024.Q1.19, 2024.Q2.0 through 2024.Q2.13, 2024.Q3.0 through 2024.Q3.13, 2024.Q4.0 through 2024.Q4.7, 2025.Q1.0 through 2025.Q1... Read more
- Published: Aug. 04, 2025
- Modified: Aug. 05, 2025
- Vuln Type: Authentication
-
1.0
LOWCVE-2025-7844
Exporting a TPM based RSA key larger than 2048 bits from the TPM could overrun a stack buffer if the default `MAX_RSA_KEY_BITS=2048` is used. If your TPM 2.0 module supports RSA key sizes larger than 2048 bit and your applications supports creating or imp... Read more
Affected Products :- Published: Aug. 04, 2025
- Modified: Aug. 05, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-27212
An Improper Input Validation in certain UniFi Access devices could allow a Command Injection by a malicious actor with access to UniFi Access management network. Affected Products: UniFi Access Reader Pro (Version 2.14.21 and earlier) UniFi Acce... Read more
Affected Products :- Published: Aug. 04, 2025
- Modified: Aug. 05, 2025
- Vuln Type: Injection
-
10.0
CRITICALCVE-2025-54119
ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. In versions 5.22.9 and below, improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code us... Read more
Affected Products : adodb- Published: Aug. 05, 2025
- Modified: Aug. 05, 2025
- Vuln Type: Injection
-
4.8
MEDIUMCVE-2025-8554
A vulnerability, which was classified as problematic, has been found in atjiu pybbs up to 6.0.0. This issue affects some unknown processing of the file /admin/user/list. The manipulation of the argument Username leads to cross site scripting. The attack m... Read more
Affected Products :- Published: Aug. 05, 2025
- Modified: Aug. 05, 2025
- Vuln Type: Cross-Site Scripting
-
5.1
MEDIUMCVE-2025-8551
A vulnerability was found in atjiu pybbs up to 6.0.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/comment/list. The manipulation of the argument Username leads to cross site scripting. The atta... Read more
Affected Products :- Published: Aug. 05, 2025
- Modified: Aug. 05, 2025
- Vuln Type: Cross-Site Scripting