Latest CVE Feed
-
9.4
CRITICALCVE-2025-62360
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users.Prior to 3.5.1, a SQL Injection vulnerability was identified in the /html/funcionario/dependente_documento.php endpoint, specifically in the id_dependente param... Read more
Affected Products : wegia- Published: Oct. 13, 2025
- Modified: Oct. 20, 2025
- Vuln Type: Injection
-
6.1
MEDIUMCVE-2025-62358
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1, the log parameter in configuracao_geral.php is vulnerable to Reflected Cross-Site Scripting (XSS). An attacker can inject arbitrary JavaScript,... Read more
Affected Products : wegia- Published: Oct. 13, 2025
- Modified: Oct. 20, 2025
- Vuln Type: Cross-Site Scripting
-
8.8
HIGHCVE-2025-62179
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1, a SQL Injection vulnerability was identified in the /html/funcionario/cadastro_funcionario_pessoa_existente.php endpoint, specifically in the c... Read more
Affected Products : wegia- Published: Oct. 13, 2025
- Modified: Oct. 20, 2025
- Vuln Type: Injection
-
8.7
HIGHCVE-2025-11362
Versions of the package pdfmake before 0.3.0-beta.17 are vulnerable to Allocation of Resources Without Limits or Throttling via repeatedly redirect URL in file embedding. An attacker can cause the application to crash or become unresponsive by providing c... Read more
- Published: Oct. 07, 2025
- Modified: Oct. 20, 2025
- Vuln Type: Denial of Service
-
9.8
CRITICALCVE-2025-11586
A vulnerability was determined in Tenda AC7 15.03.06.44. This affects an unknown function of the file /goform/setNotUpgrade. This manipulation of the argument newVersion causes stack-based buffer overflow. The attack is possible to be carried out remotely... Read more
- Published: Oct. 10, 2025
- Modified: Oct. 20, 2025
- Vuln Type: Memory Corruption
-
6.1
MEDIUMCVE-2025-62361
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.0, an Open Redirect vulnerability was identified in the control.php endpoint of the WeGIA application, specifically in the nextPage parameter (met... Read more
Affected Products : wegia- Published: Oct. 13, 2025
- Modified: Oct. 20, 2025
- Vuln Type: Misconfiguration
-
8.8
HIGHCVE-2025-11588
A vulnerability was identified in CodeAstro Gym Management System 1.0. This impacts an unknown function of the file /customer/index.php. Such manipulation of the argument fullname leads to sql injection. The attack may be performed from remote. The exploi... Read more
Affected Products : gym_management_system- Published: Oct. 10, 2025
- Modified: Oct. 20, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-61602
BigBlueButton is an open-source virtual classroom. A denial-of-service (DoS) vulnerability in versions prior to 3.0.13 allows any authenticated user to crash the chat functionality for all participants in a meeting by sending a malformed `reactionEmojiId`... Read more
Affected Products : bigbluebutton- Published: Oct. 09, 2025
- Modified: Oct. 20, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-61601
BigBlueButton is an open-source virtual classroom. A Denial of Service (DoS) vulnerability in versions prior to 3.0.13 allows any authenticated user to freeze or crash the entire server by abusing the polling feature's `Choices` response type. By submitti... Read more
Affected Products : bigbluebutton- Published: Oct. 09, 2025
- Modified: Oct. 20, 2025
- Vuln Type: Denial of Service
-
7.1
HIGHCVE-2025-55200
BigBlueButton is an open-source virtual classroom. In versions prior to 3.0.13, the "Shared Notes" feature contains a Stored Cross-Site Scripting (XSS) vulnerability with the input location being the "Username" field and the output location on the "Shared... Read more
Affected Products : bigbluebutton- Published: Oct. 09, 2025
- Modified: Oct. 20, 2025
- Vuln Type: Cross-Site Scripting
-
8.8
HIGHCVE-2025-11589
A security flaw has been discovered in CodeAstro Gym Management System 1.0. Affected is an unknown function of the file /admin/user-payment.php. Performing manipulation of the argument plan results in sql injection. It is possible to initiate the attack r... Read more
Affected Products : gym_management_system- Published: Oct. 10, 2025
- Modified: Oct. 20, 2025
- Vuln Type: Injection
-
9.9
CRITICALCVE-2025-61913
Flowise is a drag & drop user interface to build a customized large language model flow. In versions prior to 3.0.8, WriteFileTool and ReadFileTool in Flowise do not restrict file path access, allowing authenticated attackers to exploit this vulnerability... Read more
Affected Products : flowise- Published: Oct. 08, 2025
- Modified: Oct. 20, 2025
- Vuln Type: Path Traversal
-
8.8
HIGHCVE-2025-11590
A weakness has been identified in CodeAstro Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/equipment-entry.php. Executing manipulation of the argument ename can lead to sql injection. It is possibl... Read more
Affected Products : gym_management_system- Published: Oct. 11, 2025
- Modified: Oct. 20, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-55039
This issue affects Apache Spark versions before 3.4.4, 3.5.2 and 4.0.0. Apache Spark versions before 4.0.0, 3.5.2 and 3.4.4 use an insecure default network encryption cipher for RPC communication between nodes. When spark.network.crypto.enabled is se... Read more
Affected Products : spark- Published: Oct. 15, 2025
- Modified: Oct. 20, 2025
- Vuln Type: Cryptography
-
8.8
HIGHCVE-2025-11591
A security vulnerability has been detected in CodeAstro Gym Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/actions/delete-member.php. The manipulation of the argument ID leads to sql injection. The attack ca... Read more
Affected Products : gym_management_system- Published: Oct. 11, 2025
- Modified: Oct. 20, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-61581
** UNSUPPORTED WHEN ASSIGNED ** Inefficient Regular Expression Complexity vulnerability in Apache Traffic Control. This issue affects Apache Traffic Control: all versions. People with access to the management interface of the Traffic Router component co... Read more
Affected Products : traffic_control- Published: Oct. 16, 2025
- Modified: Oct. 20, 2025
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2025-8884
Authorization Bypass Through User-Controlled Key vulnerability in VHS Electronic Software Ltd. Co. ACE Center allows Privilege Abuse, Exploitation of Trusted Identifiers.This issue affects ACE Center: from 3.10.100.1768 before 3.10.161.2255.... Read more
Affected Products :- Published: Oct. 20, 2025
- Modified: Oct. 20, 2025
- Vuln Type: Authorization
-
7.8
HIGHCVE-2025-41390
An arbitrary code execution vulnerability exists in the git functionality of Truffle Security Co. TruffleHog 3.90.2. A specially crafted repository can lead to a arbitrary code execution. An attacker can provide a malicious respository to trigger this vul... Read more
Affected Products :- Published: Oct. 20, 2025
- Modified: Oct. 20, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-11592
A vulnerability was detected in CodeAstro Gym Management System 1.0. This affects an unknown part of the file /admin/edit-equipmentform.php. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit is ... Read more
Affected Products : gym_management_system- Published: Oct. 11, 2025
- Modified: Oct. 20, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-11593
A flaw has been found in CodeAstro Gym Management System 1.0. This vulnerability affects unknown code of the file /admin/actions/delete-equipment.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exp... Read more
Affected Products : gym_management_system- Published: Oct. 11, 2025
- Modified: Oct. 20, 2025
- Vuln Type: Injection