Latest CVE Feed
-
6.5
MEDIUMCVE-2025-32386
Helm is a tool for managing Charts. A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed (e.g., >800x difference). When Helm loads this specially crafted chart, memory can be exhausted ca... Read more
Affected Products : helm- Published: Apr. 09, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-9742
A vulnerability was identified in code-projects Human Resource Integrated System 1.0. This issue affects some unknown processing of the file /login.php. Such manipulation of the argument user/pass leads to sql injection. It is possible to launch the attac... Read more
- Published: Aug. 31, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-9743
A security flaw has been discovered in code-projects Human Resource Integrated System 1.0. Impacted is an unknown function of the file login_attendance2.php. Performing manipulation of the argument employee_id/date results in sql injection. The attack can... Read more
- Published: Aug. 31, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Injection
-
6.1
MEDIUMCVE-2025-9433
A vulnerability was found in mtons mblog up to 3.5.0. The impacted element is an unknown function of the file /admin/user/list of the component Admin Panel. Performing manipulation of the argument Name results in cross site scripting. The attack may be in... Read more
Affected Products : mblog- Published: Aug. 26, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Cross-Site Scripting
-
7.5
HIGHCVE-2025-9461
A weakness has been identified in diyhi bbs up to 6.8. The impacted element is an unknown function of the file src/main/java/cms/web/action/filePackage/FilePackageManageAction.java of the component File Compression Handler. This manipulation of the argume... Read more
Affected Products : bbs- Published: Aug. 26, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Information Disclosure
-
6.1
MEDIUMCVE-2025-1139
IBM Edge Application Manager 4.5 could allow a local user to read or modify resources that they should not have authorization to access due to incorrect permission assignment.... Read more
Affected Products : edge_application_manager- Published: Aug. 20, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Authorization
-
5.4
MEDIUMCVE-2025-1142
IBM Edge Application Manager 4.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.... Read more
Affected Products : edge_application_manager- Published: Aug. 20, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Server-Side Request Forgery
-
7.3
HIGHCVE-2025-8612
AOMEI Backupper Workstation Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of AOMEI Backupper Workstation. An attacker must first obtain the ability to ex... Read more
Affected Products : backupper_workstation- Published: Aug. 20, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Authorization
-
8.6
HIGHCVE-2025-53547
Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Fields in a Chart.yaml file, that are c... Read more
Affected Products : helm- Published: Jul. 08, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Misconfiguration
-
7.8
HIGHCVE-2025-38743
Dell iDRAC Service Module (iSM), versions prior to 6.0.3.0, contains a Buffer Access with Incorrect Length Value vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevati... Read more
Affected Products : emc_idrac_service_module- Published: Aug. 21, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-9533
A vulnerability has been found in TOTOLINK T10 4.1.8cu.5241_B20210927. Affected is an unknown function of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to improper authentication. The attack can be initiated... Read more
- Published: Aug. 27, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-3831
Log files uploaded during troubleshooting by the Harmony SASE agent may have been accessible to unauthorized parties.... Read more
Affected Products : harmony_sase- Published: Aug. 12, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Information Disclosure
-
5.8
MEDIUMCVE-2025-9920
A security flaw has been discovered in Campcodes Recruitment Management System 1.0. This impacts the function include of the file /admin/index.php. The manipulation of the argument page results in file inclusion. It is possible to launch the attack remote... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-9919
A vulnerability was identified in 1000projects Beauty Parlour Management System 1.0. This affects an unknown function of the file /admin/bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible t... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Injection
-
5.1
MEDIUMCVE-2025-9845
A vulnerability has been found in code-projects Fruit Shop Management System 1.0. Affected by this vulnerability is an unknown functionality of the file products.php. Such manipulation of the argument product_code/gen_name/product_name/supplier leads to c... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2025-9835
A vulnerability has been found in macrozheng mall up to 1.0.3. This affects the function cancelOrder of the file /order/cancelUserOrder. The manipulation of the argument orderId leads to authorization bypass. The attack can be initiated remotely. The expl... Read more
Affected Products : mall- Published: Sep. 02, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Authorization
-
5.1
MEDIUMCVE-2025-9834
A flaw has been found in PHPGurukul Small CRM 4.0. Affected by this issue is some unknown functionality of the file /registration.php. Executing manipulation of the argument Username can lead to cross site scripting. It is possible to launch the attack re... Read more
Affected Products : small_crm- Published: Sep. 02, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Cross-Site Scripting
-
7.5
HIGHCVE-2025-9833
A vulnerability was detected in SourceCodester Online Farm Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /Login/login.php. Performing manipulation of the argument uname results in sql injection. It is possib... Read more
Affected Products :- Published: Sep. 02, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-9830
A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown function of the file /admin/add-customer-services.php. The manipulation of the argument sids[] results in sql injection. The attack can be exec... Read more
Affected Products : beauty_parlour_management_system- Published: Sep. 02, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Injection
-
5.3
MEDIUMCVE-2025-9676
A vulnerability was identified in NCSOFT Universe App up to 1.3.0. Impacted is an unknown function of the file AndroidManifest.xml of the component com.ncsoft.universeapp. The manipulation leads to improper export of android application components. Local ... Read more
Affected Products :- Published: Aug. 29, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Misconfiguration