Latest CVE Feed
-
9.8
CRITICALCVE-2025-36846
An issue was discovered in Eveo URVE Web Manager 27.02.2025. The application exposes a /_internal/pc/vpro.php localhost endpoint to unauthenticated users that is vulnerable to OS Command Injection. The endpoint takes an input parameter that is passed dire... Read more
Affected Products : urve_web_manager- Published: Jul. 21, 2025
- Modified: Sep. 12, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-54874
OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG 2.5.3 and earlier, a call to opj_jp2_read_header may lead to OOB heap memory write when the data stream p_stream is too short and p_image is not initialized.... Read more
Affected Products : openjpeg- Published: Aug. 05, 2025
- Modified: Sep. 12, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2025-8347
A vulnerability, which was classified as critical, was found in Kehua Charging Pile Cloud Platform 1.0. This affects an unknown part of the file /sys/task/findAllTask. The manipulation leads to sql injection. It is possible to initiate the attack remotely... Read more
Affected Products : charging_pile_cloud_platform- Published: Jul. 31, 2025
- Modified: Sep. 12, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-8348
A vulnerability has been found in Kehua Charging Pile Cloud Platform 1.0 and classified as critical. This vulnerability affects unknown code of the file /home. The manipulation leads to improper authentication. The attack can be initiated remotely. The ex... Read more
Affected Products : charging_pile_cloud_platform- Published: Jul. 31, 2025
- Modified: Sep. 12, 2025
- Vuln Type: Authentication
-
5.3
MEDIUMCVE-2025-54832
OPEXUS FOIAXpress Public Access Link (PAL), version v11.1.0, allows an authenticated user to add entries to the list of states and territories.... Read more
Affected Products : foiaxpress_public_access_link- Published: Jul. 31, 2025
- Modified: Sep. 12, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-54833
OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows attackers to bypass account-lockout and CAPTCHA protections. Unauthenticated remote attackers can more easily brute force passwords.... Read more
Affected Products : foiaxpress_public_access_link- Published: Jul. 31, 2025
- Modified: Sep. 12, 2025
- Vuln Type: Authentication
-
6.9
MEDIUMCVE-2025-54834
OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows an unauthenticated, remote attacker to query the /App/CreateRequest.aspx endpoint to check for the existence of valid usernames. There are no rate-limiting mechanisms in place.... Read more
Affected Products : foiaxpress_public_access_link- Published: Jul. 31, 2025
- Modified: Sep. 12, 2025
- Vuln Type: Authentication
-
5.8
MEDIUMCVE-2025-8280
The Contact Form 7 reCAPTCHA WordPress plugin through 1.2.0 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers.... Read more
Affected Products :- Published: Sep. 12, 2025
- Modified: Sep. 12, 2025
- Vuln Type: Cross-Site Scripting
-
5.1
MEDIUMCVE-2025-43787
A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q3.0, 2025.Q2.0 through 2025.Q2.12, 2025.Q1.0 through 2025.Q1.17, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through... Read more
- Published: Sep. 12, 2025
- Modified: Sep. 12, 2025
- Vuln Type: Cross-Site Scripting
-
3.5
LOWCVE-2025-3650
The jQuery Colorbox WordPress plugin through 4.6.3 uses the colorbox library, which does not sanitize title attributes on links before using them, allowing users with at least the contributor role to conduct XSS attacks against administrators.... Read more
Affected Products :- Published: Sep. 12, 2025
- Modified: Sep. 12, 2025
- Vuln Type: Cross-Site Scripting
-
8.8
HIGHCVE-2025-55227
Improper neutralization of special elements used in a command ('command injection') in SQL Server allows an authorized attacker to elevate privileges over a network.... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
-
7.5
HIGHCVE-2025-54919
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 +1 more products- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
-
8.4
HIGHCVE-2025-54910
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
-
7.8
HIGHCVE-2025-54908
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office 365_apps powerpoint office_long_term_servicing_channel office_2024 office_2021 office_2019 powerpoint_2016- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
-
7.8
HIGHCVE-2025-54907
Heap-based buffer overflow in Microsoft Office Visio allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office 365_apps office_long_term_servicing_channel office_2024 office_2021 office_2019- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
-
7.1
HIGHCVE-2025-54905
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to disclose information locally.... Read more
Affected Products : sharepoint_enterprise_server office word sharepoint_server 365_apps office_long_term_servicing_channel office_macos_2024 office_macos_2021 sharepoint_server_2016 word_2016 +4 more products- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
-
7.8
HIGHCVE-2025-54904
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office 365_apps excel office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 +1 more products- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
-
9.8
CRITICALCVE-2025-26062
An access control issue in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows unauthenticated attackers to access the router's settings file and obtain potentially sensitive information from the current settings.... Read more
- Published: Jul. 31, 2025
- Modified: Sep. 12, 2025
- Vuln Type: Information Disclosure
-
7.8
HIGHCVE-2025-54903
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office 365_apps excel office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 +1 more products- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025
-
7.8
HIGHCVE-2025-54900
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office 365_apps excel office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 +1 more products- Published: Sep. 09, 2025
- Modified: Sep. 12, 2025