Latest CVE Feed
-
9.8
CRITICALCVE-2021-32292
An issue was discovered in json-c from 20200420 (post 0.14 unreleased code) through 0.15-20200726. A stack-buffer-overflow exists in the auxiliary sample program json_parse which is located in the function parseit.... Read more
- Published: Aug. 22, 2023
- Modified: Jun. 25, 2025
-
7.8
HIGHCVE-2025-0289
Various Paragon Software products contain an insecure kernel resource access vulnerability facilitated by the driver not validating the MappedSystemVa pointer before passing it to HalReturnToFirmware, which can allows an attacker the ability to compromise... Read more
- Published: Mar. 03, 2025
- Modified: Jun. 25, 2025
- Vuln Type: Authorization
-
7.8
HIGHCVE-2025-0288
Various Paragon Software products contain an arbitrary kernel memory vulnerability within biontdrv.sys, facilitated by the memmove function, which does not validate or sanitize user controlled input, allowing an attacker the ability to write arbitrary ker... Read more
- Published: Mar. 03, 2025
- Modified: Jun. 25, 2025
- Vuln Type: Memory Corruption
-
5.1
MEDIUMCVE-2025-0287
Various Paragon Software products contain a null pointer dereference vulnerability within biontdrv.sys that is caused by a lack of a valid MasterLrp structure in the input buffer, allowing an attacker to execute arbitrary code in the kernel, facilitating ... Read more
- Published: Mar. 03, 2025
- Modified: Jun. 25, 2025
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2025-0286
Various Paragon Software products contain an arbitrary kernel memory write vulnerability within biontdrv.sys that is caused by a failure to properly validate the length of user supplied data, which can allow an attacker to execute arbitrary code on the vi... Read more
- Published: Mar. 03, 2025
- Modified: Jun. 25, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-0285
Various Paragon Software products contain an arbitrary kernel memory mapping vulnerability within biontdrv.sys that is caused by a failure to properly validate the length of user supplied data, which can allow an attacker to perform privilege escalation e... Read more
- Published: Mar. 03, 2025
- Modified: Jun. 25, 2025
- Vuln Type: Memory Corruption
-
10.0
CRITICALCVE-2025-48827
vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers' methods when running on PHP 8.1 or later, as demonstrated by the /api.php?method=protectedMethod pattern, as exploited in the wild in M... Read more
Affected Products : vbulletin- Published: May. 27, 2025
- Modified: Jun. 25, 2025
- Vuln Type: Authorization
-
5.5
MEDIUMCVE-2025-24814
Core creation allows users to replace "trusted" configset files with arbitrary configuration Solr instances that (1) use the "FileSystemConfigSetService" component (the default in "standalone" or "user-managed" mode), and (2) are running without authenti... Read more
Affected Products : solr- Published: Jan. 27, 2025
- Modified: Jun. 25, 2025
- Vuln Type: Misconfiguration
-
9.0
CRITICALCVE-2025-48828
Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing Template Conditionals in the template engine. By crafting template code in an alternative PHP function invocation syntax, such as the "var_dump"("test") syntax, atta... Read more
Affected Products : vbulletin- Published: May. 27, 2025
- Modified: Jun. 25, 2025
- Vuln Type: Authentication
-
6.5
MEDIUMCVE-2025-22377
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400. A Heap-based Out-of-Bounds Write exists i... Read more
- Published: May. 27, 2025
- Modified: Jun. 25, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2024-49197
An issue was discovered in Wi-Fi in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, W920, W930, and W1000. Lack of a boundary check in STOP_KEEP_ALIVE_OFFLOAD leads to out-of-bounds access.... Read more
Affected Products : exynos_980_firmware exynos_850_firmware exynos_1080_firmware exynos_1280_firmware exynos_1380_firmware exynos_1330_firmware exynos_w920_firmware exynos_980 exynos_850 exynos_1080 +10 more products- Published: May. 27, 2025
- Modified: Jun. 25, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2025-4493
Improper privilege assignment in PAM JIT privilege sets in Devolutions Server allows a PAM user to perform PAM JIT requests on unauthorized groups by exploiting a user interface issue. This issue affects the following versions : * Devolutions Ser... Read more
Affected Products : devolutions_server- Published: May. 28, 2025
- Modified: Jun. 25, 2025
- Vuln Type: Authorization
-
5.4
MEDIUMCVE-2025-29632
Buffer Overflow vulnerability in Free5gc v.4.0.0 allows a remote attacker to cause a denial of service via the AMF, NGAP, security.go, handler_generated.go, handleInitialUEMessageMain, DecodePlainNasNoIntegrityCheck, GetSecurityHeaderType components... Read more
Affected Products : free5gc- Published: May. 29, 2025
- Modified: Jun. 25, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2024-12224
Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to a... Read more
Affected Products : idna- Published: May. 30, 2025
- Modified: Jun. 25, 2025
- Vuln Type: Information Disclosure
-
4.8
MEDIUMCVE-2025-4415
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Piwik PRO allows Cross-Site Scripting (XSS).This issue affects Piwik PRO: from 0.0.0 before 1.3.2.... Read more
Affected Products : piwik_pro- Published: May. 21, 2025
- Modified: Jun. 25, 2025
- Vuln Type: Cross-Site Scripting
-
6.3
MEDIUMCVE-2024-54252
Missing Authorization vulnerability in Pinpoint Booking System allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinpoint Booking System: from n/a through 2.9.9.5.6.... Read more
Affected Products : pinpoint_booking_system- Published: Dec. 13, 2024
- Modified: Jun. 25, 2025
-
8.1
HIGHCVE-2023-4761
Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)... Read more
- Published: Sep. 05, 2023
- Modified: Jun. 25, 2025
-
6.5
MEDIUMCVE-2025-26784
An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400. The lack of a length check leads to out-... Read more
- Published: May. 14, 2025
- Modified: Jun. 25, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-26785
An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400. The lack of a length check leads to out-... Read more
- Published: May. 14, 2025
- Modified: Jun. 25, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-47701
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Restrict route by IP allows Cross Site Request Forgery.This issue affects Restrict route by IP: from 0.0.0 before 1.3.0.... Read more
Affected Products : restrict_route_by_ip- Published: May. 14, 2025
- Modified: Jun. 25, 2025
- Vuln Type: Cross-Site Request Forgery