Latest CVE Feed
-
5.7
MEDIUMCVE-2025-20232
In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.3.2408.103, 9.2.2406.108, 9.2.2403.113, 9.1.2312.208 and 9.1.2308.212, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles coul... Read more
- Published: Mar. 26, 2025
- Modified: Jul. 21, 2025
- Vuln Type: Authorization
-
5.4
MEDIUMCVE-2025-20324
In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.7, and 9.1.10 and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.113, and 9.2.2406.119, a low-privileged user that does not hold the "admin" or "power" Splunk roles could create or overwri... Read more
- Published: Jul. 07, 2025
- Modified: Jul. 21, 2025
- Vuln Type: Authorization
-
9.0
CRITICALCVE-2024-8017
An XSS vulnerability exists in open-webui/open-webui versions <= 0.3.8, specifically in the function that constructs the HTML for tooltips. This vulnerability allows attackers to perform operations with the victim's privileges, such as stealing chat histo... Read more
Affected Products : open_webui- Published: Mar. 20, 2025
- Modified: Jul. 21, 2025
- Vuln Type: Cross-Site Scripting
-
8.4
HIGHCVE-2024-7990
A stored cross-site scripting (XSS) vulnerability exists in open-webui/open-webui version 0.3.8. The vulnerability is present in the `/api/v1/models/add` endpoint, where the model description field is improperly sanitized before being rendered in chat. Th... Read more
Affected Products : open_webui- Published: Mar. 20, 2025
- Modified: Jul. 21, 2025
- Vuln Type: Cross-Site Scripting
-
7.5
HIGHCVE-2024-7983
In version 0.3.8 of open-webui, an endpoint for converting markdown to HTML is exposed without authentication. A maliciously crafted markdown payload can cause the server to spend excessive time converting it, leading to a denial of service. The server be... Read more
Affected Products : open_webui- Published: Mar. 20, 2025
- Modified: Jul. 21, 2025
- Vuln Type: Denial of Service
-
7.7
HIGHCVE-2024-7959
The `/openai/models` endpoint in open-webui/open-webui version 0.3.8 is vulnerable to Server-Side Request Forgery (SSRF). An attacker can change the OpenAI URL to any URL without checks, causing the endpoint to send a request to the specified URL and retu... Read more
Affected Products : open_webui- Published: Mar. 20, 2025
- Modified: Jul. 21, 2025
- Vuln Type: Server-Side Request Forgery
-
9.6
CRITICALCVE-2024-7760
aimhubio/aim version 3.22.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the tracking server. The vulnerability is due to overly permissive CORS settings, allowing cross-origin requests from all origins. This enables CSRF attacks on all e... Read more
Affected Products : aim- Published: Mar. 20, 2025
- Modified: Jul. 21, 2025
- Vuln Type: Cross-Site Request Forgery
-
7.8
HIGHCVE-2025-21445
Memory corruption while copying the result to the transmission queue which is shared between the virtual machine and the host.... Read more
Affected Products : qam8295p_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa8295p_firmware qca6595_firmware qca6698aq_firmware sa8540p_firmware sa9000p_firmware qam8255p_firmware +44 more products- Published: Jul. 08, 2025
- Modified: Jul. 21, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-21444
Memory corruption while copying the result to the transmission queue in EMAC.... Read more
Affected Products : qam8295p_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa8295p_firmware qca6595_firmware qca6698aq_firmware sa8540p_firmware sa9000p_firmware qam8255p_firmware +44 more products- Published: Jul. 08, 2025
- Modified: Jul. 21, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-21426
Memory corruption while processing camera TPG write request.... Read more
Affected Products : wcd9380_firmware wcd9385_firmware wsa8830_firmware wsa8835_firmware ssg2115p_firmware ssg2125p_firmware sxr1230p_firmware wsa8832_firmware fastconnect_7800_firmware wcd9380 +10 more products- Published: Jul. 08, 2025
- Modified: Jul. 21, 2025
- Vuln Type: Memory Corruption
-
6.1
MEDIUMCVE-2025-47189
Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows XSS for authentication error data of certain user flows, a different vulnerability than CVE-2025-54392.... Read more
Affected Products :- Published: Jul. 17, 2025
- Modified: Jul. 21, 2025
- Vuln Type: Cross-Site Scripting
-
7.8
HIGHCVE-2025-27051
Memory corruption while processing command message in WLAN Host.... Read more
Affected Products : wcd9380_firmware wcd9385_firmware fastconnect_6900_firmware fastconnect_7800_firmware qcc2073_firmware qcc2076_firmware wsa8840_firmware wsa8845_firmware wsa8845h_firmware wcd9380 +10 more products- Published: Jul. 08, 2025
- Modified: Jul. 21, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-27044
Memory corruption while executing timestamp video decode command with large input values.... Read more
Affected Products : wcd9380_firmware wcd9385_firmware fastconnect_6900_firmware fastconnect_7800_firmware wsa8840_firmware wsa8845_firmware wsa8845h_firmware wcd9380 wcd9385 sc8380xp_firmware +6 more products- Published: Jul. 08, 2025
- Modified: Jul. 21, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-27058
Memory corruption while processing packet data with exceedingly large packet.... Read more
Affected Products : wcd9380_firmware wcd9385_firmware fastconnect_6900_firmware fastconnect_7800_firmware wsa8840_firmware wsa8845_firmware wsa8845h_firmware wcd9380 wcd9385 sc8380xp_firmware +6 more products- Published: Jul. 08, 2025
- Modified: Jul. 21, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-27056
Memory corruption during sub-system restart while processing clean-up to free up resources.... Read more
Affected Products : sw5100_firmware sw5100p_firmware wcd9380_firmware wsa8830_firmware wsa8835_firmware wsa8832_firmware fastconnect_7800_firmware wcd9390_firmware wcd9395_firmware wsa8840_firmware +40 more products- Published: Jul. 08, 2025
- Modified: Jul. 21, 2025
- Vuln Type: Memory Corruption
-
5.3
MEDIUMCVE-2024-45244
Hyperledger Fabric through 3.0.0 and 2.5.x through 2.5.9 do not verify that a request has a timestamp within the expected time window.... Read more
Affected Products : fabric- Published: Aug. 25, 2024
- Modified: Jul. 21, 2025
-
6.8
MEDIUMCVE-2025-1121
Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain root code execution and potentially unenroll enterprise-managed devices via a specially crafted ... Read more
Affected Products : chrome_os- Published: Mar. 07, 2025
- Modified: Jul. 21, 2025
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2025-25257
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and below 7.0.10 allows an unauthenticated attacker ... Read more
Affected Products : fortiweb- Actively Exploited
- Published: Jul. 17, 2025
- Modified: Jul. 21, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2024-38435
Unitronics Vision PLC – CWE-703: Improper Check or Handling of Exceptional Conditions may allow denial of service... Read more
- Published: Jul. 21, 2024
- Modified: Jul. 21, 2025
-
4.7
MEDIUMCVE-2025-25287
Lakeus is a simple skin made for MediaWiki. Starting in version 1.0.8 and prior to versions 1.3.1+REL1.39, 1.3.1+REL1.42, and 1.4.0, Lakeus is vulnerable to store cross-site scripting via malicious system messages, though editing the messages requires hig... Read more
Affected Products :- Published: Feb. 13, 2025
- Modified: Jul. 21, 2025
- Vuln Type: Cross-Site Scripting