Latest CVE Feed
-
3.4
LOWCVE-2025-42927
SAP NetWeaver AS Java application uses Adobe Document Service, installed with a vulnerable version of OpenSSL.Successful exploitation of known vulnerabilities in the outdated OpenSSL library would allow user with high system privileges to access and modif... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Cryptography
-
3.1
LOWCVE-2025-42914
Due to missing authorization checks, SAP HCM My Timesheet Fiori 2.0 application allows an authenticated attacker with in-depth system knowledge to escalate privileges and perform activities that are otherwise restricted, resulting in a low impact on the i... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-10116
A vulnerability was identified in SiempreCMS up to 1.3.6. This vulnerability affects unknown code of the file /docs/admin/file_upload.php. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit is publicly availab... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Misconfiguration
-
9.3
CRITICALCVE-2025-58450
pREST (PostgreSQL REST), is an API that delivers an application on top of a Postgres database. SQL injection is possible in versions prior to 2.0.0-rc3. The validation present in versions prior to 2.0.0-rc3 does not provide adequate protection from inject... Read more
Affected Products :- Published: Sep. 08, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Injection
-
8.7
HIGHCVE-2025-58449
Maho is a free and open source ecommerce platform. In Maho prior to 25.9.0, an authenticated staff user with access to the `Dashboard` and `Catalog\Manage Products` permissions can create a custom option on a listing with a file input field. By allowing f... Read more
Affected Products :- Published: Sep. 08, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Authentication
-
8.7
HIGHCVE-2025-58451
Cattown is a JavaScript markdown parser. Versions prior to 1.0.2 used regular expressions with inefficient, potentially exponential worst-case complexity. This could cause excessive CPU usage due to excessive backtracking on crafted inputs. In turn, the e... Read more
Affected Products :- Published: Sep. 08, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Denial of Service
-
9.8
CRITICALCVE-2025-9113
The Doccure theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'doccure_temp_upload_to_media' function in all versions up to, and including, 1.4.8. This makes it possible for unauthenticated attackers to... Read more
Affected Products :- Published: Sep. 08, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Misconfiguration
-
8.4
HIGHCVE-2025-53838
LinkAce is a self-hosted archive to collect website links. A stored cross-site scripting (XSS) vulnerability was discovered in versions prior to 2.1.9 that allows an attacker to inject arbitrary JavaScript, which is then executed in the context of a user'... Read more
Affected Products :- Published: Sep. 08, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Cross-Site Scripting
-
6.7
MEDIUMCVE-2025-43722
Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper privilege management vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.... Read more
Affected Products : powerscale_onefs- Published: Sep. 08, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Authorization
-
5.1
MEDIUMCVE-2025-43777
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13 and 2024.Q1.1 through 2024.Q1.19 exposes "Internal ... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Authentication
-
8.1
HIGHCVE-2025-42929
Due to missing input validation, an attacker with high privilege access to ABAP reports could delete the content of arbitrary database tables, if the tables are not protected by an authorization group. This leads to a high impact on integrity and availabi... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Injection
-
4.3
MEDIUMCVE-2025-42925
Due to the lack of randomness in assigning Object Identifiers in the SAP NetWeaver AS JAVA IIOP service, an authenticated attacker with low privileges could predict the identifiers by conducting a brute force search. By leveraging knowledge of several ide... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Information Disclosure
-
8.8
HIGHCVE-2025-9112
The Doccure theme for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'doccure_temp_file_uploader' function in all versions up to, and including, 1.4.8. This makes it possible for authenticated attackers, wit... Read more
Affected Products :- Published: Sep. 08, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Authentication
-
8.2
HIGHCVE-2025-33045
APTIOV contains vulnerabilities in the BIOS where a privileged user may cause “Write-what-where Condition” and “Exposure of Sensitive Information to an Unauthorized Actor” through local access. The successful exploitation of these vulnerabilities can lead... Read more
Affected Products : aptio_v- Published: Sep. 09, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Information Disclosure
-
7.2
HIGHCVE-2025-9951
A heap-buffer-overflow write exists in jpeg2000dec FFmpeg which allows an attacker to potentially gain remote code execution or cause denial of service via the channel definition cdef atom of JPEG2000.... Read more
Affected Products : ffmpeg- Published: Sep. 09, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2025-42917
SAP HCM Approve Timesheets Fiori 2.0 application does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This issue has a significant impact on the application's integrity, while confidentiality an... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-42912
SAP HCM My Timesheet Fiori 2.0 application does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This issue has a significant impact on the application's integrity, while confidentiality and avai... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-42923
Due to insufficient CSRF protection in SAP Fiori App Manage Work Center Groups, an authenticated user could be tricked by an attacker to send unintended request to the web server. This has low impact on integrity and no impact on confidentiality and avail... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Cross-Site Request Forgery
-
5.8
MEDIUMCVE-2025-10107
A vulnerability has been found in TRENDnet TEW-831DR 1.0 (601.130.1.1410). Impacted is an unknown function of the file /boafrm/formSysCmd. The manipulation of the argument sysHost leads to command injection. The attack is possible to be carried out remote... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Injection
-
4.8
MEDIUMCVE-2025-43778
A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.11, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 09, 2025
- Vuln Type: Cross-Site Scripting