Latest CVE Feed
-
6.7
MEDIUMCVE-2025-55301
The Scratch Channel is a news website. In version 1, it is possible to go to application in devtools and click local storage to edit the account's username locally. This issue has been patched in version 1.1.... Read more
Affected Products :- Published: Aug. 25, 2025
- Modified: Aug. 25, 2025
- Vuln Type: Authentication
-
7.3
HIGHCVE-2025-5191
An Unquoted Search Path vulnerability has been identified in the utility for Moxa’s industrial computers (Windows). Due to the unquoted path configuration in the SerialInterfaceService.exe utility, a local attacker with limited privileges could place a ma... Read more
Affected Products :- Published: Aug. 25, 2025
- Modified: Aug. 25, 2025
- Vuln Type: Misconfiguration
-
10.0
CRITICALCVE-2025-9118
A path traversal vulnerability in the NPM package installation process of Google Cloud Dataform allows a remote attacker to read and write files in other customers' repositories via a maliciously crafted package.json file.... Read more
Affected Products :- Published: Aug. 25, 2025
- Modified: Aug. 25, 2025
- Vuln Type: Path Traversal
-
4.8
MEDIUMCVE-2025-9416
A security flaw has been discovered in oitcode samarium up to 0.9.6. This vulnerability affects unknown code of the file /cms/webpage/ of the component Pages Image Handler. The manipulation results in cross site scripting. The attack may be performed from... Read more
Affected Products : samarium- Published: Aug. 25, 2025
- Modified: Aug. 25, 2025
- Vuln Type: Cross-Site Scripting
-
8.6
HIGHCVE-2025-5302
A denial of service vulnerability exists in the JSONReader component of the run-llama/llama_index repository, specifically in version v0.12.37. The vulnerability is caused by uncontrolled recursion when parsing deeply nested JSON files, which can lead to ... Read more
Affected Products : llamaindex- Published: Aug. 25, 2025
- Modified: Aug. 25, 2025
- Vuln Type: Denial of Service
-
5.7
MEDIUMCVE-2025-8997
An Information Exposure vulnerability has been identified in OpenText Enterprise Security Manager. The vulnerability could be remotely exploited.... Read more
Affected Products :- Published: Aug. 25, 2025
- Modified: Aug. 25, 2025
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-5514
Improper Handling of Length Parameter Inconsistency vulnerability in web server function on Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote unauthenticated attacker to delay the processing of the web server function and preve... Read more
Affected Products : melsec_iq-fx5u-32mt\/es_firmware melsec_iq-fx5u-32mt\/ds_firmware melsec_iq-fx5u-32mt\/ess_firmware melsec_iq-fx5u-32mt\/dss_firmware melsec_iq-fx5u-32mr\/es_firmware melsec_iq-fx5u-32mr\/ds_firmware melsec_iq-fx5u-64mt\/es_firmware melsec_iq-fx5u-64mt\/ds_firmware melsec_iq-fx5u-64mt\/ess_firmware melsec_iq-fx5u-64mt\/dss_firmware +11 more products- Published: Aug. 25, 2025
- Modified: Aug. 25, 2025
- Vuln Type: Denial of Service
-
5.3
MEDIUMCVE-2025-9409
A security flaw has been discovered in lostvip-com ruoyi-go up to 2.1. Impacted is the function DownloadTmp/DownloadUpload of the file modules/system/controller/CommonController.go. Performing manipulation of the argument fileName results in path traversa... Read more
Affected Products :- Published: Aug. 25, 2025
- Modified: Aug. 25, 2025
- Vuln Type: Path Traversal
-
9.8
CRITICALCVE-2025-53118
An authentication bypass vulnerability exists which allows an unauthenticated attacker to control administrator backup functions, leading to compromise of passwords, secrets, and application session tokens stored by the Unified PAM.... Read more
Affected Products :- Published: Aug. 25, 2025
- Modified: Aug. 25, 2025
- Vuln Type: Authentication