Latest CVE Feed
-
4.3
MEDIUMCVE-2025-20195
A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a CSRF attack and execute commands on the CLI of an affected device. This vulnerability is due to insufficient CS... Read more
Affected Products : ios_xe- Published: May. 07, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Cross-Site Request Forgery
-
5.3
MEDIUMCVE-2025-20196
A vulnerability in the Cisco IOx application hosting environment of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Cisco IOx application hosting environment to stop responding, resulting in a deni... Read more
Affected Products : ios_xe ios cgr1000_firmware ic3000_industrial_compute_gateway_firmware ir510_wpan_firmware ic3000_industrial_compute_gateway 829_industrial_integrated_services_router_firmware 807_industrial_integrated_services_router_firmware 809_industrial_integrated_services_router_firmware 829_industrial_integrated_services_router +43 more products- Published: May. 07, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Denial of Service
-
8.8
HIGHCVE-2023-33538
TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm .... Read more
Affected Products : tl-wr841n_firmware tl-wr940n_firmware tl-wr740n_firmware tl-wr841n tl-wr740n tl-wr940n- Actively Exploited
- EPSS Score: %90.79
- Published: Jun. 07, 2023
- Modified: Jul. 11, 2025
-
8.2
HIGHCVE-2025-20200
A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating system of an affected device. This vulnerability is due to insufficient i... Read more
Affected Products : ios_xe- Published: May. 07, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Authorization
-
9.1
CRITICALCVE-2025-20221
A vulnerability in the packet filtering features of Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to bypass Layer 3 and Layer 4 traffic filters. This vulnerability is due to improper traffic filtering conditions on an af... Read more
Affected Products : ios_xe- Published: May. 07, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2025-45857
EDIMAX CV7428NS v1.20 was discovered to contain a remote code execution (RCE) vulnerability via the command parameter in the mp function.... Read more
- Published: May. 13, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Injection
-
5.4
MEDIUMCVE-2025-46825
Kanboard is project management software that focuses on the Kanban methodology. Versions 1.2.26 through 1.2.44 have a Stored Cross-Site Scripting (XSS) Vulnerability in the `name` parameter of the `http://localhost/?controller=ProjectCreationController&ac... Read more
Affected Products : kanboard- Published: May. 12, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Cross-Site Scripting
-
9.8
CRITICALCVE-2025-3484
MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MedDream PACS Server. Authentication is not required... Read more
Affected Products : pacs_server- Published: May. 22, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-3483
MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MedDream PACS Server. Authentication is not required... Read more
Affected Products : pacs_server- Published: May. 22, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-3482
MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MedDream PACS Server. Authentication is not required... Read more
Affected Products : pacs_server- Published: May. 22, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-3481
MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MedDream PACS Server. Authentication is not required... Read more
Affected Products : pacs_server- Published: May. 22, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-25271
An unauthenticated adjacent attacker is able to configure a new OCPP backend, due to insecure defaults for the configuration interface.... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Misconfiguration
-
9.8
CRITICALCVE-2025-25270
An unauthenticated remote attacker can alter the device configuration in a way to get remote code execution as root with specific configurations.... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Authentication
-
8.4
HIGHCVE-2025-25269
An unauthenticated local attacker can inject a command that is subsequently executed as root, leading to a privilege escalation.... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-25268
An unauthenticated adjacent attacker can modify configuration by sending specific requests to an API-endpoint resulting in read and write access due to missing authentication.... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Authentication
-
5.3
MEDIUMCVE-2025-24002
An unauthenticated remote attacker can use MQTT messages to crash a service on charging stations complying with German Calibration Law, resulting in a temporary denial-of-service for these stations until they got restarted by the watchdog.... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Denial of Service
-
8.2
HIGHCVE-2025-24003
An unauthenticated remote attacker can use MQTT messages to trigger out-of-bounds writes in charging stations complying with German Calibration Law, resulting in a loss of integrity for only EichrechtAgents and potential denial-of-service for these statio... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Memory Corruption
-
5.2
MEDIUMCVE-2025-24004
A physical attacker with access to the device display via USB-C can send a message to the device which triggers an unsecure copy to a buffer resulting in loss of integrity and a temporary denial-of-service for the stations until they got restarted by the ... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-24005
A local attacker with a local user account can leverage a vulnerable script via SSH to escalate privileges to root due to improper input validation.... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Authorization
-
7.8
HIGHCVE-2025-24006
A low privileged local attacker can leverage insecure permissions via SSH on the affected devices to escalate privileges to root.... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Authorization