Latest CVE Feed
- 
                                
                                9.4CRITICALCVE-2025-59978An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to store script tags directly in web pages that, when viewed by another user, enable the attacker to e... Read more Affected Products : junos_space- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Cross-Site Scripting
 
- 
                                
                                9.8CRITICALCVE-2025-11549A vulnerability has been found in Tenda W12 3.0.0.6(3948). The affected element is the function wifiMacFilterSet of the file /goform/modules of the component HTTP Request Handler. The manipulation of the argument mac leads to stack-based buffer overflow. ... Read more - Published: Oct. 09, 2025
- Modified: Oct. 18, 2025
- Vuln Type: Memory Corruption
 
- 
                                
                                6.2MEDIUMCVE-2025-11371In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild. ... Read more Affected Products :- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Path Traversal
 
- 
                                
                                9.3CRITICALCVE-2017-20203NetSarang Xmanager Enterprise 5.0 Build 1232, Xmanager 5.0 Build 1045, Xshell 5.0 Build 1322, Xftp 5.0 Build 1218, and Xlpd 5.0 Build 1220 contain a malicious nssock2.dll that implements a multi-stage, DNS-based backdoor. The dormant library contacts a C2... Read more Affected Products :- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Supply Chain
 
- 
                                
                                7.5HIGHCVE-2025-61577D-Link DIR-816A2_FWv1.10CNB05 was discovered to contain a stack overflow via the statuscheckpppoeuser parameter in the dir_setWanWifi function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.... Read more Affected Products :- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Denial of Service
 
- 
                                
                                6.1MEDIUMCVE-2025-61532Cross Site Scripting vulnerability in SVX Portal v.2.7A to execute arbitrary code via the TG parameter on last_heard_page.php component... Read more Affected Products :- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Cross-Site Scripting
 
- 
                                
                                6.1MEDIUMCVE-2025-60302code-projects Client Details System 1.0 is vulnerable to Cross Site Scripting (XSS). When adding customer information, the client details system fills in malicious JavaScript code in the username field.... Read more Affected Products : client_details_system- Published: Oct. 09, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Cross-Site Scripting
 
- 
                                
                                6.5MEDIUMCVE-2025-60265In xckk v9.6, there is a SQL injection vulnerability in which the orderBy parameter in user/list is not securely filtered, resulting in a SQL injection vulnerability.... Read more Affected Products : xckk- Published: Oct. 09, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Injection
 
- 
                                
                                7.1HIGHCVE-2025-59976An arbitrary file download vulnerability in the web interface of Juniper Networks Junos Space allows a network-based authenticated attacker using a crafted GET method to access any file on the file system. Using specially crafted GET methods, an attacker ... Read more Affected Products : junos_space- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Path Traversal
 
- 
                                
                                8.7HIGHCVE-2025-59975An Uncontrolled Resource Consumption vulnerability in the HTTP daemon (httpd) of Juniper Networks Junos Space allows an unauthenticated network-based attacker flooding the device with inbound API calls to consume all resources on the system, leading to a ... Read more Affected Products : junos_space- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Denial of Service
 
- 
                                
                                9.3CRITICALCVE-2025-59974An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Junos Space Security Director allows an attacker to inject malicious scripts into the application, which are then stored and executed in the context o... Read more Affected Products :- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Cross-Site Scripting
 
- 
                                
                                8.6HIGHCVE-2025-59968A Missing Authorization vulnerability in the Juniper Networks Junos Space Security Director allows an unauthenticated network-based attacker to read or modify metadata via the web interface. Tampering with this metadata can result in managed SRX Seri... Read more Affected Products : junos- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Authorization
 
- 
                                
                                7.1HIGHCVE-2025-59967A NULL Pointer Dereference vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved on ACX7024, ACX7024X, ACX7100-32C, ACX7100-48L, ACX7348, ACX7509 devices allows an unauthenticated, adjacent attacker to cause a Den... Read more Affected Products : junos_os_evolved- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Denial of Service
 
- 
                                
                                8.7HIGHCVE-2025-59964A Use of Uninitialized Resource vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX4700 devices allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When forwarding-options sampling is ... Read more Affected Products : junos- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Denial of Service
 
- 
                                
                                6.0MEDIUMCVE-2025-59962An Access of Uninitialized Pointer vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved with BGP sharding configured allows an attacker triggering indirect next-hop updates, along with timing outside the att... Read more - Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Denial of Service
 
- 
                                
                                6.9MEDIUMCVE-2025-59958An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated, network-based attacker to cause impact to confidentiality and availab... Read more Affected Products : junos_os_evolved- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Denial of Service
 
- 
                                
                                7.0HIGHCVE-2025-59957An Origin Validation Error vulnerability in an insufficient protected file of Juniper Networks Junos OS on EX4600 Series and QFX5000 Series allows an unauthenticated attacker with physical access to the device to create a backdoor which allows complete co... Read more Affected Products : junos- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Misconfiguration
 
- 
                                
                                6.5MEDIUMCVE-2025-56426An issue WebKul Bagisto v.2.3.6 allows a remote attacker to execute arbitrary code via the Cart/Checkout API endpoint, specifically, the price calculation logic fails to validate quantity inputs properly.... Read more Affected Products :- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Injection
 
- 
                                
                                7.1HIGHCVE-2025-52961An Uncontrolled Resource Consumption vulnerability in the Connectivity Fault Management (CFM) daemon and the Connectivity Fault Management Manager (cfmman) of Juniper Networks Junos OS Evolved on PTX10001-36MR, PTX10002-36QDD, PTX10004, PTX10008, PTX10016... Read more Affected Products : junos_os_evolved- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Denial of Service
 
- 
                                
                                8.2HIGHCVE-2025-52960A Buffer Copy without Checking Size of Input vulnerability in the Session Initialization Protocol (SIP) ALG of Juniper Networks Junos OS on MX Series and SRX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). W... Read more Affected Products : junos- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Denial of Service
 
 
                         
                         
                         
                                             
                                            