Latest CVE Feed
-
5.4
MEDIUMCVE-2025-51656
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_Link.php.... Read more
Affected Products : semcms- Published: Jul. 14, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2024-10714
A vulnerability in binary-husky/gpt_academic version 3.83 allows an attacker to cause a Denial of Service (DoS) by adding excessive characters to the end of a multipart boundary during file upload. This results in the server continuously processing each c... Read more
Affected Products : gpt_academic- Published: Mar. 20, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2024-11169
An unhandled exception in danny-avila/librechat version 3c94ff2 can lead to a server crash. The issue occurs when the fs module throws an exception while handling file uploads. An unauthenticated user can trigger this exception by sending a specially craf... Read more
Affected Products : librechat- Published: Mar. 20, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Denial of Service
-
8.8
HIGHCVE-2025-49674
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2024-11170
A vulnerability in danny-avila/librechat version git 81f2936 allows for path traversal due to improper sanitization of file paths by the multer middleware. This can lead to arbitrary file write and potentially remote code execution. The issue is fixed in ... Read more
Affected Products : librechat- Published: Mar. 20, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2024-11171
In danny-avila/librechat version git 0c2a583, there is an improper input validation vulnerability. The application uses multer middleware for handling multipart file uploads. When using in-memory storage (the default setting for multer), there is no limit... Read more
Affected Products : librechat- Published: Mar. 20, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2024-11172
A vulnerability in danny-avila/librechat version git a1647d7 allows an unauthenticated attacker to cause a denial of service by sending a crafted payload to the server. The middleware `checkBan` is not surrounded by a try-catch block, and an unhandled exc... Read more
Affected Products : librechat- Published: Mar. 20, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Denial of Service
-
8.8
HIGHCVE-2025-49673
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Memory Corruption
-
5.4
MEDIUMCVE-2025-51657
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the lgid parameter at SEMCMS_Link.php.... Read more
Affected Products : semcms- Published: Jul. 14, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-49672
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2024-31141
Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Apache Kafka Clients. Apache Kafka Clients accept configuration data for customizing behavior, and includes ConfigProvider plugins in order to manipulate ... Read more
Affected Products : kafka- Published: Nov. 19, 2024
- Modified: Jul. 15, 2025
-
5.4
MEDIUMCVE-2025-51658
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_InquiryView.php.... Read more
Affected Products : semcms- Published: Jul. 14, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-49671
Exposure of sensitive information to an unauthorized actor in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2025-49670
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Memory Corruption
-
5.4
MEDIUMCVE-2025-51659
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_Products.php.... Read more
Affected Products : semcms- Published: Jul. 14, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-49669
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Memory Corruption
-
8.1
HIGHCVE-2024-36263
** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: all versions. As this project is retired... Read more
Affected Products : submarine- Published: Jun. 12, 2024
- Modified: Jul. 15, 2025
-
8.8
HIGHCVE-2025-49668
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2024-36471
Import functionality is vulnerable to DNS rebinding attacks between verification and processing of the URL. Project administrators can run these imports, which could cause Allura to read from internal services and expose them. This issue affects Apache ... Read more
Affected Products : allura- Published: Jun. 10, 2024
- Modified: Jul. 15, 2025
-
4.3
MEDIUMCVE-2024-46901
Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository. All ... Read more
- Published: Dec. 09, 2024
- Modified: Jul. 15, 2025