Latest CVE Feed
-
6.5
MEDIUMCVE-2025-53809
Improper input validation in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to deny service over a network.... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 22, 2025
-
4.2
MEDIUMCVE-2025-59455
In JetBrains TeamCity before 2025.07.2 project isolation bypass was possible due to race condition... Read more
Affected Products : teamcity- Published: Sep. 17, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Race Condition
-
5.5
MEDIUMCVE-2025-59456
In JetBrains TeamCity before 2025.07.2 path traversal was possible during project archive upload... Read more
Affected Products : teamcity- Published: Sep. 17, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Path Traversal
-
7.7
HIGHCVE-2025-59457
In JetBrains TeamCity before 2025.07.2 missing Git URL validation allowed credential leakage on Windows... Read more
Affected Products : teamcity- Published: Sep. 17, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Information Disclosure
-
8.8
HIGHCVE-2025-10483
A flaw has been found in SourceCodester Online Student File Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/save_user.php. This manipulation of the argument firstname causes sql injection. The attack is... Read more
Affected Products : online_student_file_management_system- Published: Sep. 15, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-10482
A vulnerability was detected in SourceCodester Online Student File Management System 1.0. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely... Read more
Affected Products : online_student_file_management_system- Published: Sep. 15, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Injection
-
0.0
NACVE-2025-57431
The Sound4 PULSE-ECO AES67 1.22 web-based management interface is vulnerable to Remote Code Execution (RCE) via a malicious firmware update package. The update mechanism fails to validate the integrity of manual.sh, allowing an attacker to inject arbitrar... Read more
Affected Products :- Published: Sep. 22, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Misconfiguration
-
0.0
NACVE-2025-10807
A security flaw has been discovered in Campcodes Online Beauty Parlor Management System 1.0. This issue affects some unknown processing of the file /admin/edit-customer-detailed.php. The manipulation of the argument editid results in sql injection. The at... Read more
Affected Products :- Published: Sep. 22, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-10481
A security vulnerability has been detected in SourceCodester Online Student File Management System 1.0. This impacts an unknown function of the file /remove_file.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the a... Read more
Affected Products : online_student_file_management_system- Published: Sep. 15, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-10480
A weakness has been identified in SourceCodester Online Student File Management System 1.0. This affects an unknown function of the file /save_file.php. Executing manipulation can lead to unrestricted upload. The attack may be launched remotely. The explo... Read more
Affected Products : online_student_file_management_system- Published: Sep. 15, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2025-10059
An improper setting of the lsid field on any sharded query can cause a crash in MongoDB routers. This issue occurs when a generic argument (lsid) is provided in a case when it is not applicable. This affects MongoDB Server v6.0 versions prior to 6.0.x, Mo... Read more
Affected Products : mongodb- Published: Sep. 05, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Denial of Service
-
0.0
NACVE-2025-57434
Creacast Creabox Manager contains a critical authentication flaw that allows an attacker to bypass login validation. The system grants access when the username is creabox and the password begins with the string creacast, regardless of what follows.... Read more
Affected Products :- Published: Sep. 22, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Authentication
-
8.8
HIGHCVE-2025-10201
Inappropriate implementation in Mojo in Google Chrome on Android, Linux, ChromeOS prior to 140.0.7339.127 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: High)... Read more
- Published: Sep. 10, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Misconfiguration
-
8.8
HIGHCVE-2025-10200
Use after free in Serviceworker in Google Chrome on Desktop prior to 140.0.7339.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)... Read more
- Published: Sep. 10, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-10602
A vulnerability was found in SourceCodester Online Exam Form Submission 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/delete_s1.php. Performing manipulation of the argument ID results in sql injection. The attack can b... Read more
- Published: Sep. 17, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-10563
A vulnerability has been found in Campcodes Grocery Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=save_category. Such manipulation of the argument ID leads to sql injection. The attack can be executed remote... Read more
Affected Products : grocery_sales_and_inventory_system- Published: Sep. 16, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Injection
-
0.0
NACVE-2025-10806
A vulnerability was identified in Campcodes Online Beauty Parlor Management System 1.0. This vulnerability affects unknown code of the file /admin/bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. The at... Read more
Affected Products :- Published: Sep. 22, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Injection
-
6.4
MEDIUMCVE-2025-48007
Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice (Extension:BlueSpiceAvatars) allows Cross-Site Scripting (XSS). This issue affects BlueSpice: from 5 through 5.1.1.... Read more
Affected Products : bluespice- Published: Sep. 19, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-46703
Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice (Extension:AtMentions) allows Cross-Site Scripting (XSS). This issue affects BlueSpice: from 5 through 5.1.1.... Read more
Affected Products : bluespice- Published: Sep. 19, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Cross-Site Scripting
-
5.9
MEDIUMCVE-2025-58114
Improper Input Validation vulnerability in Hallo Welt! GmbH BlueSpice (Extension:CognitiveProcessDesigner) allows Cross-Site Scripting (XSS).This issue affects BlueSpice: from 5 through 5.1.1.... Read more
Affected Products : bluespice- Published: Sep. 19, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Cross-Site Scripting