Latest CVE Feed
-
9.8
CRITICALCVE-2025-6907
A vulnerability classified as critical was found in code-projects Car Rental System 1.0. This vulnerability affects unknown code of the file /book_car.php. The manipulation of the argument fname leads to sql injection. The attack can be initiated remotely... Read more
Affected Products : car_rental_system- Published: Jun. 30, 2025
- Modified: Jul. 01, 2025
- Vuln Type: Injection
-
6.1
MEDIUMCVE-2025-44141
A Cross-Site Scripting (XSS) vulnerability exists in the node creation form of Backdrop CMS 1.30.... Read more
Affected Products : backdrop- Published: Jun. 26, 2025
- Modified: Jul. 01, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-50350
PHPGurukul Pre-School Enrollment System Project v1.0 is vulnerable to Directory Traversal in manage-classes.php.... Read more
Affected Products : pre-school_enrollment_system- Published: Jun. 26, 2025
- Modified: Jul. 01, 2025
- Vuln Type: Path Traversal
-
5.4
MEDIUMCVE-2025-51671
A SQL injection vulnerability was discovered in the PHPGurukul Dairy Farm Shop Management System 1.3. The vulnerability allows remote attackers to execute arbitrary SQL code via the category and categorycode parameters in a POST request to the manage-cate... Read more
Affected Products : dairy_farm_shop_management_system- Published: Jun. 26, 2025
- Modified: Jul. 01, 2025
- Vuln Type: Injection
-
5.1
MEDIUMCVE-2025-6699
A vulnerability classified as problematic has been found in LabRedesCefetRJ WeGIA 3.4.0. This affects an unknown part of the file /html/funcionario/cadastro_funcionario.php of the component Cadastro de Funcionário. The manipulation of the argument Nome/So... Read more
Affected Products : wegia- Published: Jun. 26, 2025
- Modified: Jul. 01, 2025
- Vuln Type: Cross-Site Scripting
-
9.8
CRITICALCVE-2025-6836
A vulnerability classified as critical has been found in code-projects Library System 1.0. Affected is an unknown function of the file /profile.php. The manipulation of the argument phone leads to sql injection. It is possible to launch the attack remotel... Read more
Affected Products : library_system- Published: Jun. 29, 2025
- Modified: Jul. 01, 2025
- Vuln Type: Injection
-
6.2
MEDIUMCVE-2024-50929
Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to arbitrarily change the device type in the controller's memory, leading to a Denial of Service (DoS).... Read more
- Published: Dec. 10, 2024
- Modified: Jul. 01, 2025
-
6.5
MEDIUMCVE-2024-50928
Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to change the wakeup interval of end devices in controller memory, disrupting the device's communications with the controller.... Read more
- Published: Dec. 10, 2024
- Modified: Jul. 01, 2025
-
6.5
MEDIUMCVE-2024-50924
Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to cause disrupt communications between the controller and the device itself via repeatedly sending crafted packets to the controller.... Read more
- Published: Dec. 10, 2024
- Modified: Jul. 01, 2025
-
6.5
MEDIUMCVE-2024-50921
Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to cause a Denial of Service (DoS) via repeatedly sending crafted packets to the controller.... Read more
- Published: Dec. 10, 2024
- Modified: Jul. 01, 2025
-
8.8
HIGHCVE-2024-50920
Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to create a fake node via supplying crafted packets.... Read more
- Published: Dec. 10, 2024
- Modified: Jul. 01, 2025
-
8.8
HIGHCVE-2024-57376
Buffer Overflow vulnerability in D-Link DSR-150, DSR-150N, DSR-250, DSR-250N, DSR-500N, DSR-1000N from 3.13 to 3.17B901C allows unauthenticated users to execute remote code execution.... Read more
Affected Products : dsr-150_firmware dsr-150n_firmware dsr-250_firmware dsr-250n_firmware dsr-500_firmware dsr-1000n_firmware dsr-500 dsr-150n dsr-150 dsr-250 +2 more products- Published: Jan. 28, 2025
- Modified: Jul. 01, 2025
- Vuln Type: Memory Corruption
-
9.0
HIGHCVE-2025-0566
A vulnerability classified as critical has been found in Tenda AC15 15.13.07.13. This affects the function formSetDevNetName of the file /goform/SetDevNetName. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to in... Read more
- Published: Jan. 19, 2025
- Modified: Jul. 01, 2025
- Vuln Type: Memory Corruption
-
6.8
MEDIUMCVE-2025-31334
Issue that bypasses the "Mark of the Web" security warning function for files when opening a symbolic link that points to an executable file exists in WinRAR versions prior to 7.11. If a symbolic link specially crafted by an attacker is opened on the affe... Read more
Affected Products : winrar- Published: Apr. 03, 2025
- Modified: Jul. 01, 2025
- Vuln Type: Misconfiguration
-
7.8
HIGHCVE-2025-27688
Dell ThinOS 2408 and prior, contains an improper permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.... Read more
- Published: Mar. 18, 2025
- Modified: Jul. 01, 2025
- Vuln Type: Authorization
-
7.8
HIGHCVE-2025-26331
Dell ThinOS 2411 and prior, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code ... Read more
- Published: Mar. 07, 2025
- Modified: Jul. 01, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-6840
A vulnerability, which was classified as critical, was found in code-projects Product Inventory System 1.0. This affects an unknown part of the file /index.php of the component Login. The manipulation of the argument Username leads to sql injection. It is... Read more
Affected Products : product_inventory_system- Published: Jun. 29, 2025
- Modified: Jul. 01, 2025
- Vuln Type: Injection
-
7.8
HIGHCVE-2024-29645
Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary code via the parse_die function.... Read more
Affected Products : radare2- Published: Dec. 02, 2024
- Modified: Jul. 01, 2025
-
6.1
MEDIUMCVE-2024-54959
Nagios XI 2024R1.2.2 is vulnerable to a Cross-Site Request Forgery (CSRF) attack through the Favorites component, enabling POST-based Cross-Site Scripting (XSS).... Read more
Affected Products : nagios_xi- Published: Feb. 20, 2025
- Modified: Jul. 01, 2025
- Vuln Type: Cross-Site Request Forgery
-
6.1
MEDIUMCVE-2024-54958
Nagios XI 2024R1.2.2 is susceptible to a stored Cross-Site Scripting (XSS) vulnerability in the Tools page. This flaw allows an attacker to inject malicious scripts into the Tools interface, which are then stored and executed in the context of other users... Read more
Affected Products : nagios_xi- Published: Feb. 20, 2025
- Modified: Jul. 01, 2025
- Vuln Type: Cross-Site Scripting