Latest CVE Feed
-
5.3
MEDIUMCVE-2025-6920
A flaw was found in the authentication enforcement mechanism of a model inference API in ai-inference-server. All /v1/* endpoints are expected to enforce API key validation. However, the POST /invocations endpoint failed to do so, resulting in an authenti... Read more
Affected Products : ai_inference_server- Published: Jul. 01, 2025
- Modified: Aug. 18, 2025
-
6.5
MEDIUMCVE-2024-9453
A vulnerability was found in Red Hat OpenShift Jenkins. The bearer token is not obfuscated in the logs and potentially carries a high risk if those logs are centralized when collected. The token is typically valid for one year. This flaw allows a maliciou... Read more
- Published: Jul. 04, 2025
- Modified: Aug. 18, 2025
-
8.2
HIGHCVE-2025-36600
Dell Client Platform BIOS contains an Improper Access Control Applied to Mirrored or Aliased Memory Regions vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, lead... Read more
- Published: Jul. 08, 2025
- Modified: Aug. 18, 2025
-
6.5
MEDIUMCVE-2023-37405
IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, and 2.3.4.1 stores sensitive data in memory, that could be obtained by an unauthorized user.... Read more
- Published: Mar. 27, 2025
- Modified: Aug. 18, 2025
-
6.5
MEDIUMCVE-2025-55668
Session Fixation vulnerability in Apache Tomcat via rewrite valve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Older, EOL versions may also be affected. Users are recomm... Read more
Affected Products : tomcat- Published: Aug. 13, 2025
- Modified: Aug. 18, 2025
-
7.5
HIGHCVE-2025-50612
A buffer overflow vulnerability has been discovered in the Netis WF2880 v2.1.40207 in the FUN_004743f8 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wl_sec_set in the payload, which may cause the pr... Read more
- Published: Aug. 13, 2025
- Modified: Aug. 18, 2025
-
7.5
HIGHCVE-2025-50613
A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00475e1c function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wds_key_wep in the payload, which can cause the progr... Read more
- Published: Aug. 13, 2025
- Modified: Aug. 18, 2025
-
7.5
HIGHCVE-2025-54472
Unlimited memory allocation in redis protocol parser in Apache bRPC (all versions < 1.14.1) on all platforms allows attackers to crash the service via network. Root Cause: In the bRPC Redis protocol parser code, memory for arrays or strings of correspo... Read more
Affected Products : brpc- Published: Aug. 14, 2025
- Modified: Aug. 18, 2025
-
7.5
HIGHCVE-2025-48989
Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. O... Read more
Affected Products : tomcat- Published: Aug. 13, 2025
- Modified: Aug. 18, 2025
-
5.5
MEDIUMCVE-2025-21472
Information disclosure while capturing logs as eSE debug messages are logged.... Read more
- Published: Aug. 06, 2025
- Modified: Aug. 18, 2025
-
7.8
HIGHCVE-2025-27067
Memory corruption while processing DDI call with invalid buffer.... Read more
Affected Products : wcd9380_firmware wcd9385_firmware fastconnect_6900_firmware fastconnect_7800_firmware wsa8840_firmware wsa8845_firmware wsa8845h_firmware wcd9380 wcd9385 sc8380xp_firmware +6 more products- Published: Aug. 06, 2025
- Modified: Aug. 18, 2025
-
7.8
HIGHCVE-2025-27068
Memory corruption while processing an IOCTL command with an arbitrary address.... Read more
Affected Products : wcd9380_firmware wcd9385_firmware wsa8830_firmware wsa8835_firmware sm6250_firmware fastconnect_6200_firmware fastconnect_6900_firmware fastconnect_7800_firmware wsa8840_firmware wsa8845_firmware +22 more products- Published: Aug. 06, 2025
- Modified: Aug. 18, 2025
-
5.3
MEDIUMCVE-2025-55673
When a guest user accesses a chart in Apache Superset, the API response from the /chart/data endpoint includes a query field in its payload. This field contains the underlying query, which improperly discloses database schema information, such as table na... Read more
Affected Products : superset- Published: Aug. 14, 2025
- Modified: Aug. 18, 2025
-
7.8
HIGHCVE-2025-27069
Memory corruption while processing DDI command calls.... Read more
Affected Products : wcd9380_firmware wcd9385_firmware fastconnect_6900_firmware fastconnect_7800_firmware wsa8840_firmware wsa8845_firmware wsa8845h_firmware wcd9380 wcd9385 sc8380xp_firmware +6 more products- Published: Aug. 06, 2025
- Modified: Aug. 18, 2025
-
5.5
MEDIUMCVE-2025-27072
Information disclosure while processing a packet at EAVB BE side with invalid header length.... Read more
Affected Products : qam8295p_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa6145p_firmware sa6150p_firmware sa6155p_firmware sa8145p_firmware sa8150p_firmware sa8155p_firmware +62 more products- Published: Aug. 06, 2025
- Modified: Aug. 18, 2025
-
7.8
HIGHCVE-2025-27075
Memory corruption while processing IOCTL command with larger buffer in Bluetooth Host.... Read more
Affected Products : aqt1000_firmware qca6391_firmware qca6420_firmware qca6430_firmware wcd9341_firmware wcd9380_firmware wcd9385_firmware wsa8810_firmware wsa8815_firmware wsa8830_firmware +62 more products- Published: Aug. 06, 2025
- Modified: Aug. 18, 2025
-
7.5
HIGHCVE-2025-47324
Information disclosure while accessing and modifying the PIB file of a remote device via powerline.... Read more
- Published: Aug. 06, 2025
- Modified: Aug. 18, 2025
-
6.5
MEDIUMCVE-2025-55674
A bypass of the DISALLOWED_SQL_FUNCTIONS security feature in Apache Superset allows for the execution of blocked SQL functions. An attacker can use a special inline block to circumvent the denylist. This allows a user with SQL Lab access to execute functi... Read more
Affected Products : superset- Published: Aug. 14, 2025
- Modified: Aug. 18, 2025
-
3.3
LOWCVE-2024-45674
IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11 stores potentially sensitive information in log files tha... Read more
- Published: Feb. 22, 2025
- Modified: Aug. 18, 2025
-
8.8
HIGHCVE-2025-25206
eLabFTW is an open source electronic lab notebook for research labs. Prior to version 5.1.15, an incorrect input validation could allow an authenticated user to read sensitive information, including login token or other content stored in the database. Thi... Read more
Affected Products : elabftw- Published: Feb. 14, 2025
- Modified: Aug. 18, 2025