Latest CVE Feed
-
9.8
CRITICALCVE-2025-3481
MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MedDream PACS Server. Authentication is not required... Read more
Affected Products : pacs_server- Published: May. 22, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-25271
An unauthenticated adjacent attacker is able to configure a new OCPP backend, due to insecure defaults for the configuration interface.... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Misconfiguration
-
9.8
CRITICALCVE-2025-25270
An unauthenticated remote attacker can alter the device configuration in a way to get remote code execution as root with specific configurations.... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Authentication
-
8.4
HIGHCVE-2025-25269
An unauthenticated local attacker can inject a command that is subsequently executed as root, leading to a privilege escalation.... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-25268
An unauthenticated adjacent attacker can modify configuration by sending specific requests to an API-endpoint resulting in read and write access due to missing authentication.... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Authentication
-
5.3
MEDIUMCVE-2025-24002
An unauthenticated remote attacker can use MQTT messages to crash a service on charging stations complying with German Calibration Law, resulting in a temporary denial-of-service for these stations until they got restarted by the watchdog.... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Denial of Service
-
8.2
HIGHCVE-2025-24003
An unauthenticated remote attacker can use MQTT messages to trigger out-of-bounds writes in charging stations complying with German Calibration Law, resulting in a loss of integrity for only EichrechtAgents and potential denial-of-service for these statio... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Memory Corruption
-
5.2
MEDIUMCVE-2025-24004
A physical attacker with access to the device display via USB-C can send a message to the device which triggers an unsecure copy to a buffer resulting in loss of integrity and a temporary denial-of-service for the stations until they got restarted by the ... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-24005
A local attacker with a local user account can leverage a vulnerable script via SSH to escalate privileges to root due to improper input validation.... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Authorization
-
7.8
HIGHCVE-2025-24006
A low privileged local attacker can leverage insecure permissions via SSH on the affected devices to escalate privileges to root.... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Authorization
-
4.0
MEDIUMCVE-2024-58114
Resource allocation control failure vulnerability in the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability.... Read more
Affected Products : harmonyos- Published: Jun. 06, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Denial of Service
-
3.3
LOWCVE-2020-9250
There is an insufficient authentication vulnerability in some Huawei smart phone. An unauthenticated, local attacker can crafts software package to exploit this vulnerability. Due to insufficient verification, successful exploitation may impact the servic... Read more
- Published: Dec. 20, 2024
- Modified: Jul. 11, 2025
-
4.8
MEDIUMCVE-2025-5125
The Custom Post Carousels with Owl WordPress plugin before 1.4.12 uses the featherlight library and makes use of the data-featherlight attribute without sanitizing before using it.... Read more
Affected Products : custom_post_carousels_with_owl- Published: Jun. 20, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Misconfiguration
-
8.6
HIGHCVE-2022-32144
There is an insufficient input verification vulnerability in Huawei product. Successful exploitation of this vulnerability may lead to service abnormal. (Vulnerability ID: HWPSIRT-2022-76192) This vulnerability has been assigned a Common Vulnerabilities ... Read more
- Published: Dec. 20, 2024
- Modified: Jul. 11, 2025
-
6.1
MEDIUMCVE-2025-48700
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0 and 10.0 and 10.1. A Cross-Site Scripting (XSS) vulnerability in the Zimbra Classic UI allows attackers to execute arbitrary JavaScript within the user's session, potentially leading to ... Read more
Affected Products : zimbra_collaboration_suite- Published: Jun. 23, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-5488
The WP Masonry & Infinite Scroll plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wmis' shortcode in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping on user supplied attr... Read more
Affected Products : wp_masonry_\&_infinite_scroll- Published: Jun. 26, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Cross-Site Scripting
-
8.8
HIGHCVE-2025-48906
Authentication bypass vulnerability in the DSoftBus module Impact: Successful exploitation of this vulnerability may affect availability.... Read more
Affected Products : harmonyos- Published: Jun. 06, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Authentication
-
6.4
MEDIUMCVE-2025-5540
The Event RSVP and Simple Event Management Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'emd_mb_meta' shortcode in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output esca... Read more
Affected Products : event_rsvp_and_simple_event_management- Published: Jun. 26, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Cross-Site Scripting
-
8.1
HIGHCVE-2025-48905
Wasm exception capture vulnerability in the arkweb v8 module Impact: Successful exploitation of this vulnerability may cause the failure to capture specific Wasm exception types.... Read more
Affected Products : harmonyos- Published: Jun. 06, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Denial of Service
-
6.2
MEDIUMCVE-2025-48904
Vulnerability that cards can call unauthorized APIs in the FRS process Impact: Successful exploitation of this vulnerability may affect availability.... Read more
Affected Products : harmonyos- Published: Jun. 06, 2025
- Modified: Jul. 11, 2025
- Vuln Type: Authorization