Latest CVE Feed
-
9.1
CRITICALCVE-2023-43551
Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command.... Read more
Affected Products : aqt1000_firmware qca6391_firmware qca6420_firmware qca6426_firmware qca6430_firmware qca6436_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sd855_firmware +481 more products- Published: Jun. 03, 2024
- Modified: Aug. 11, 2025
-
7.5
HIGHCVE-2023-33089
Transient DOS when processing a NULL buffer while parsing WLAN vdev.... Read more
Affected Products : aqt1000_firmware qam8295p_firmware qca6391_firmware qca6420_firmware qca6426_firmware qca6430_firmware qca6436_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware +448 more products- Published: Dec. 05, 2023
- Modified: Aug. 11, 2025
-
7.8
HIGHCVE-2024-45553
Memory corruption can occur when process-specific maps are added to the global list. If a map is removed from the global list while another thread is using it for a process-specific task, issues may arise.... Read more
Affected Products : qam8295p_firmware qca6391_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa6155p_firmware sa8155p_firmware sa8195p_firmware sa8295p_firmware sd_8_gen1_5g_firmware +248 more products- Published: Jan. 06, 2025
- Modified: Aug. 11, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2024-45542
Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver.... Read more
Affected Products : aqt1000_firmware qca6391_firmware qca6420_firmware qca6430_firmware qca6595au_firmware wcd9341_firmware wcd9380_firmware wcd9385_firmware wsa8810_firmware wsa8815_firmware +94 more products- Published: Jan. 06, 2025
- Modified: Aug. 11, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2024-33055
Memory corruption while invoking IOCTL calls to unmap the DMA buffers.... Read more
Affected Products : qam8295p_firmware qca6574au_firmware qca6696_firmware sa6145p_firmware sa6150p_firmware sa6155p_firmware sa8145p_firmware sa8150p_firmware sa8155p_firmware sa8195p_firmware +70 more products- Published: Jan. 06, 2025
- Modified: Aug. 11, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2024-33041
Memory corruption when input parameter validation for number of fences is missing for fence frame IOCTL calls,... Read more
Affected Products : qam8295p_firmware qca6574au_firmware qca6696_firmware sa6145p_firmware sa6150p_firmware sa6155p_firmware sa8145p_firmware sa8150p_firmware sa8155p_firmware sa8195p_firmware +62 more products- Published: Jan. 06, 2025
- Modified: Aug. 11, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-27057
Transient DOS while handling beacon frames with invalid IE header length.... Read more
Affected Products : qam8295p_firmware qca6391_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa6155p_firmware sa8155p_firmware sa8195p_firmware sa8295p_firmware wcd9341_firmware +418 more products- Published: Jul. 08, 2025
- Modified: Aug. 11, 2025
- Vuln Type: Denial of Service
-
7.8
HIGHCVE-2025-27042
Memory corruption while processing video packets received from video firmware.... Read more
Affected Products : aqt1000_firmware qam8295p_firmware qca6391_firmware qca6420_firmware qca6426_firmware qca6430_firmware qca6436_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware +686 more products- Published: Jul. 08, 2025
- Modified: Aug. 11, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-21466
Memory corruption while processing a private escape command in an event trigger.... Read more
Affected Products : aqt1000_firmware qca6391_firmware qca6420_firmware qca6430_firmware wcd9341_firmware wcd9380_firmware wcd9385_firmware wsa8810_firmware wsa8815_firmware wsa8830_firmware +72 more products- Published: Jul. 08, 2025
- Modified: Aug. 11, 2025
- Vuln Type: Memory Corruption
-
9.1
CRITICALCVE-2025-21450
Cryptographic issue occurs due to use of insecure connection method while downloading.... Read more
Affected Products : qca6391_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sd_8_gen1_5g_firmware sw5100_firmware sw5100p_firmware wcd9380_firmware wcd9385_firmware wcn3980_firmware +208 more products- Published: Jul. 08, 2025
- Modified: Aug. 11, 2025
- Vuln Type: Cryptography
-
7.8
HIGHCVE-2023-22386
Memory Corruption in WLAN HOST while processing WLAN FW request to allocate memory.... Read more
Affected Products : qam8295p_firmware qca6391_firmware qca6426_firmware qca6436_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa6145p_firmware sa6150p_firmware sa6155p_firmware +431 more products- Published: Jul. 04, 2023
- Modified: Aug. 11, 2025
-
7.1
HIGHCVE-2024-47384
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Compress WP Compress – Image Optimizer [All-In-One] allows Reflected XSS.This issue affects WP Compress – Image Optimizer [All-In-One]: from n/... Read more
Affected Products : wp_compress- Published: Oct. 05, 2024
- Modified: Aug. 11, 2025
-
8.7
HIGHCVE-2025-21601
An Improper Following of Specification by Caller vulnerability in web management (J-Web, Captive Portal, 802.1X, Juniper Secure Connect (JSC) of Juniper Networks Junos OS on SRX Series, EX Series, MX240, MX480, MX960, QFX5120 Series, allows an unauthentic... Read more
Affected Products : junos- Published: Apr. 09, 2025
- Modified: Aug. 11, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-2539
The File Away plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax() function in all versions up to, and including, 3.9.9.0.1. This makes it possible for unauthenticated attackers, leveraging the ... Read more
Affected Products : file_away- Published: Mar. 20, 2025
- Modified: Aug. 11, 2025
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2025-40600
Use of Externally-Controlled Format String vulnerability in the SonicOS SSL VPN interface allows a remote unauthenticated attacker to cause service disruption.... Read more
Affected Products : sonicos nsa_2700 nsa_3700 nsa_4700 nsa_5700 nsa_6700 nssp_10700 nssp_11700 nssp_13700 tz270 +13 more products- Published: Jul. 29, 2025
- Modified: Aug. 11, 2025
- Vuln Type: Denial of Service
-
9.8
CRITICALCVE-2025-2512
The File Away plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check and missing file type validation in the upload() function in all versions up to, and including, 3.9.9.0.1. This makes it possible for unauthentica... Read more
Affected Products : file_away- Published: Mar. 19, 2025
- Modified: Aug. 11, 2025
- Vuln Type: Authentication
-
8.3
HIGHCVE-2025-26530
The question bank filter required additional sanitizing to prevent a reflected XSS risk.... Read more
Affected Products : moodle- Published: Feb. 24, 2025
- Modified: Aug. 11, 2025
- Vuln Type: Cross-Site Scripting
-
9.8
CRITICALCVE-2025-53606
Deserialization of Untrusted Data vulnerability in Apache Seata (incubating). This issue affects Apache Seata (incubating): 2.4.0. Users are recommended to upgrade to version 2.5.0, which fixes the issue.... Read more
Affected Products : seata- Published: Aug. 08, 2025
- Modified: Aug. 11, 2025
- Vuln Type: Misconfiguration
-
9.0
CRITICALCVE-2025-24936
The web application allows user input to pass unfiltered to a command executed on the underlying operating system. The vulnerable component is bound to the network stack and the set of possible attackers extends up to and including the entire Internet. A... Read more
Affected Products : wavesuite_noc- Published: Jul. 21, 2025
- Modified: Aug. 11, 2025
- Vuln Type: Injection
-
9.0
CRITICALCVE-2025-24937
File contents could be read from the local file system by an attacker. Additionally, malicious code could be inserted in the file, leading to a full compromise of the web application and the container it is running on. The vulnerable component is bound t... Read more
Affected Products : wavesuite_noc- Published: Jul. 21, 2025
- Modified: Aug. 11, 2025
- Vuln Type: Path Traversal