Latest CVE Feed
-
4.9
MEDIUMCVE-2025-53609
A Relative Path Traversal vulnerability [CWE-23] in FortiWeb 7.6.0 through 7.6.4, 7.4.0 through 7.4.8, 7.2.0 through 7.2.11, 7.0.2 through 7.0.11 may allow an authenticated attacker to perform an arbitrary file read on the underlying system via crafted re... Read more
Affected Products : fortiweb- Published: Sep. 09, 2025
- Modified: Sep. 10, 2025
- Vuln Type: Path Traversal
-
5.9
MEDIUMCVE-2025-30218
Next.js is a React framework for building full-stack web applications. To mitigate CVE-2025-29927, Next.js validated the x-middleware-subrequest-id which persisted across multiple incoming requests. However, this subrequest ID is sent to all requests, eve... Read more
Affected Products : next.js- Published: Apr. 02, 2025
- Modified: Sep. 10, 2025
- Vuln Type: Misconfiguration
-
8.1
HIGHCVE-2025-58370
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions below 3.26.0 contain a vulnerability in the command parsing logic where the Bash parameter expansion and indirect reference were not handled correctly. If the agent w... Read more
Affected Products : roo_code- Published: Sep. 05, 2025
- Modified: Sep. 10, 2025
- Vuln Type: Injection
-
6.7
MEDIUMCVE-2024-45325
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet FortiDDoS-F version 7.0.0 through 7.02 and before 6.6.3 may allow a privileged attacker to execute unauthorized code or comm... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 10, 2025
- Vuln Type: Injection
-
5.4
MEDIUMCVE-2025-9715
A vulnerability was found in O2OA up to 10.0-410. Affected is an unknown function of the file /x_cms_assemble_control/jaxrs/script of the component Personal Profile Page. The manipulation of the argument name/alias/description results in cross site script... Read more
Affected Products : o2oa- Published: Aug. 31, 2025
- Modified: Sep. 10, 2025
- Vuln Type: Cross-Site Scripting
-
8.8
HIGHCVE-2025-8302
Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Realtek rtl81xx SDK Wi-Fi driver. An attacker must ... Read more
- Published: Sep. 02, 2025
- Modified: Sep. 10, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-8300
Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Realtek rtl81xx SDK Wi-Fi driver. An attacker must ... Read more
- Published: Sep. 02, 2025
- Modified: Sep. 10, 2025
- Vuln Type: Memory Corruption
-
3.8
LOWCVE-2025-8298
Realtek RTL8811AU rtwlanu.sys N6CQueryInformationHandleCustomized11nOids Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of Realtek RTL8811AU dr... Read more
- Published: Sep. 02, 2025
- Modified: Sep. 10, 2025
- Vuln Type: Information Disclosure
-
7.8
HIGHCVE-2025-8301
Realtek RTL8811AU rtwlanu.sys N6CSet_DOT11_CIPHER_DEFAULT_KEY Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Realtek RTL8811AU drivers. An ... Read more
- Published: Sep. 02, 2025
- Modified: Sep. 10, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-8299
Realtek rtl81xx SDK Wi-Fi Driver MgntActSet_TEREDO_SET_RS_PACKET Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Realtek rtl81xx SDK Wi-Fi d... Read more
- Published: Sep. 02, 2025
- Modified: Sep. 10, 2025
- Vuln Type: Memory Corruption
-
7.7
HIGHCVE-2025-53781
Exposure of sensitive information to an unauthorized actor in Azure Virtual Machines allows an authorized attacker to disclose information over a network.... Read more
- Published: Aug. 12, 2025
- Modified: Sep. 10, 2025
- Vuln Type: Information Disclosure
-
8.2
HIGHCVE-2025-55163
Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to MadeYouReset DDoS. This is a logical vulnerability in the HTTP/2 protocol, that uses malformed HTTP/2 control fra... Read more
Affected Products : netty- Published: Aug. 13, 2025
- Modified: Sep. 10, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-5824
Autel MaxiCharger AC Wallbox Commercial Origin Validation Error Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Autel MaxiCharger AC Wallbox Commercial. An att... Read more
Affected Products : maxicharger_ac_elite_business_c50_firmware maxicharger_ac_elite_business_c50 maxicharger_ac_pro_firmware maxicharger_ac_pro maxicharger_ac_ultra_firmware maxicharger_ac_ultra maxicharger_dc_compact_mobile_firmware maxicharger_dc_compact_mobile maxicharger_dc_compact_pedestal_firmware maxicharger_dc_compact_pedestal +8 more products- Published: Jun. 25, 2025
- Modified: Sep. 10, 2025
- Vuln Type: Authentication
-
6.5
MEDIUMCVE-2025-5823
Autel MaxiCharger AC Wallbox Commercial Serial Number Exposed Dangerous Method Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autel MaxiCharger AC Wallbox Com... Read more
Affected Products : maxicharger_ac_elite_business_c50_firmware maxicharger_ac_elite_business_c50 maxicharger_ac_pro_firmware maxicharger_ac_pro maxicharger_ac_ultra_firmware maxicharger_ac_ultra maxicharger_dc_compact_mobile_firmware maxicharger_dc_compact_mobile maxicharger_dc_compact_pedestal_firmware maxicharger_dc_compact_pedestal +8 more products- Published: Jun. 25, 2025
- Modified: Sep. 10, 2025
- Vuln Type: Authentication
-
8.8
HIGHCVE-2025-5822
Autel MaxiCharger AC Wallbox Commercial Technician API Incorrect Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of Autel MaxiCharger AC Wallbox Commercial charg... Read more
Affected Products : maxicharger_ac_elite_business_c50_firmware maxicharger_ac_elite_business_c50 maxicharger_ac_pro_firmware maxicharger_ac_pro maxicharger_ac_ultra_firmware maxicharger_ac_ultra maxicharger_dc_compact_mobile_firmware maxicharger_dc_compact_mobile maxicharger_dc_compact_pedestal_firmware maxicharger_dc_compact_pedestal +8 more products- Published: Jun. 25, 2025
- Modified: Sep. 10, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-5825
Autel MaxiCharger AC Wallbox Commercial Firmware Downgrade Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Wallbox Commercial charging st... Read more
Affected Products : maxicharger_ac_elite_business_c50_firmware maxicharger_ac_elite_business_c50 maxicharger_ac_pro_firmware maxicharger_ac_pro maxicharger_ac_ultra_firmware maxicharger_ac_ultra maxicharger_dc_compact_mobile_firmware maxicharger_dc_compact_mobile maxicharger_dc_compact_pedestal_firmware maxicharger_dc_compact_pedestal +8 more products- Published: Jun. 25, 2025
- Modified: Sep. 10, 2025
- Vuln Type: Misconfiguration
-
6.3
MEDIUMCVE-2025-5826
Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Misinterpretation of Input Vulnerability. This vulnerability allows network-adjacent attackers to inject arbitrary AT commands on affected installations of Autel MaxiCharger AC Wallbox Commerci... Read more
Affected Products : maxicharger_ac_elite_business_c50_firmware maxicharger_ac_elite_business_c50 maxicharger_ac_pro_firmware maxicharger_ac_pro maxicharger_ac_ultra_firmware maxicharger_ac_ultra maxicharger_dc_compact_mobile_firmware maxicharger_dc_compact_mobile maxicharger_dc_compact_pedestal_firmware maxicharger_dc_compact_pedestal +8 more products- Published: Jun. 25, 2025
- Modified: Sep. 10, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-5827
Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC... Read more
Affected Products : maxicharger_ac_elite_business_c50_firmware maxicharger_ac_elite_business_c50 maxicharger_ac_pro_firmware maxicharger_ac_pro maxicharger_ac_ultra_firmware maxicharger_ac_ultra maxicharger_dc_compact_mobile_firmware maxicharger_dc_compact_mobile maxicharger_dc_compact_pedestal_firmware maxicharger_dc_compact_pedestal +8 more products- Published: Jun. 25, 2025
- Modified: Sep. 10, 2025
- Vuln Type: Memory Corruption
-
6.8
MEDIUMCVE-2025-5828
Autel MaxiCharger AC Wallbox Commercial wLength Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Wallbox Commercial EV c... Read more
Affected Products : maxicharger_ac_elite_business_c50_firmware maxicharger_ac_elite_business_c50 maxicharger_ac_pro_firmware maxicharger_ac_pro maxicharger_ac_ultra_firmware maxicharger_ac_ultra maxicharger_dc_compact_mobile_firmware maxicharger_dc_compact_mobile maxicharger_dc_compact_pedestal_firmware maxicharger_dc_compact_pedestal +8 more products- Published: Jun. 25, 2025
- Modified: Sep. 10, 2025
- Vuln Type: Memory Corruption
-
6.8
MEDIUMCVE-2025-5829
Autel MaxiCharger AC Wallbox Commercial autocharge Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected affected installations of Autel MaxiCharger A... Read more
Affected Products : maxicharger_ac_elite_business_c50_firmware maxicharger_ac_elite_business_c50 maxicharger_ac_pro_firmware maxicharger_ac_pro maxicharger_ac_ultra_firmware maxicharger_ac_ultra maxicharger_dc_compact_mobile_firmware maxicharger_dc_compact_mobile maxicharger_dc_compact_pedestal_firmware maxicharger_dc_compact_pedestal +8 more products- Published: Jun. 25, 2025
- Modified: Sep. 10, 2025
- Vuln Type: Memory Corruption