Latest CVE Feed
-
7.5
HIGHCVE-2024-11172
A vulnerability in danny-avila/librechat version git a1647d7 allows an unauthenticated attacker to cause a denial of service by sending a crafted payload to the server. The middleware `checkBan` is not surrounded by a try-catch block, and an unhandled exc... Read more
Affected Products : librechat- Published: Mar. 20, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Denial of Service
-
8.8
HIGHCVE-2025-49673
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Memory Corruption
-
5.4
MEDIUMCVE-2025-51657
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the lgid parameter at SEMCMS_Link.php.... Read more
Affected Products : semcms- Published: Jul. 14, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-49672
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2024-31141
Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Apache Kafka Clients. Apache Kafka Clients accept configuration data for customizing behavior, and includes ConfigProvider plugins in order to manipulate ... Read more
Affected Products : kafka- Published: Nov. 19, 2024
- Modified: Jul. 15, 2025
-
5.4
MEDIUMCVE-2025-51658
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_InquiryView.php.... Read more
Affected Products : semcms- Published: Jul. 14, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-49671
Exposure of sensitive information to an unauthorized actor in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2025-49670
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Memory Corruption
-
5.4
MEDIUMCVE-2025-51659
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_Products.php.... Read more
Affected Products : semcms- Published: Jul. 14, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-49669
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Memory Corruption
-
8.1
HIGHCVE-2024-36263
** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: all versions. As this project is retired... Read more
Affected Products : submarine- Published: Jun. 12, 2024
- Modified: Jul. 15, 2025
-
8.8
HIGHCVE-2025-49668
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.... Read more
- Published: Jul. 08, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2024-36471
Import functionality is vulnerable to DNS rebinding attacks between verification and processing of the URL. Project administrators can run these imports, which could cause Allura to read from internal services and expose them. This issue affects Apache ... Read more
Affected Products : allura- Published: Jun. 10, 2024
- Modified: Jul. 15, 2025
-
4.3
MEDIUMCVE-2024-46901
Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository. All ... Read more
- Published: Dec. 09, 2024
- Modified: Jul. 15, 2025
-
8.3
HIGHCVE-2022-41137
Apache Hive Metastore (HMS) uses SerializationUtilities#deserializeObjectWithTypeInformation method when filtering and fetching partitions that is unsafe and can lead to Remote Code Execution (RCE) since it allows the deserialization of arbitrary data. I... Read more
Affected Products : hive- Published: Dec. 05, 2024
- Modified: Jul. 15, 2025
-
7.8
HIGHCVE-2025-49667
Double free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +8 more products- Published: Jul. 08, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Memory Corruption
-
5.4
MEDIUMCVE-2025-51660
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the lgid parameter at SEMCMS_Products.php.... Read more
Affected Products : semcms- Published: Jul. 14, 2025
- Modified: Jul. 15, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2024-52338
Deserialization of untrusted data in IPC and Parquet readers in the Apache Arrow R package versions 4.0.0 through 16.1.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources (... Read more
Affected Products : arrow- Published: Nov. 28, 2024
- Modified: Jul. 15, 2025
-
9.8
CRITICALCVE-2024-53677
File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. This issue ... Read more
Affected Products : struts- Published: Dec. 11, 2024
- Modified: Jul. 15, 2025
-
9.8
CRITICALCVE-2024-53947
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Superset. Specifically, certain engine-specific functions are not checked, which allows attackers to bypass Apache Superset's SQL authorization. T... Read more
Affected Products : superset- Published: Dec. 09, 2024
- Modified: Jul. 15, 2025