Latest CVE Feed
-
8.8
HIGHCVE-2025-54405
Multiple OS command injection vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to t... Read more
- Published: Oct. 07, 2025
- Modified: Oct. 09, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-54404
Multiple OS command injection vulnerabilities exist in the swctrl functionality of Planet WGR-500 v1.3411b190912. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerab... Read more
- Published: Oct. 07, 2025
- Modified: Oct. 09, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-54403
Multiple OS command injection vulnerabilities exist in the swctrl functionality of Planet WGR-500 v1.3411b190912. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerab... Read more
- Published: Oct. 07, 2025
- Modified: Oct. 09, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-54402
Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based buffer overflow. An attacker can send a series of HTTP reques... Read more
- Published: Oct. 07, 2025
- Modified: Oct. 09, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-54401
Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based buffer overflow. An attacker can send a series of HTTP reques... Read more
- Published: Oct. 07, 2025
- Modified: Oct. 09, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-54400
Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based buffer overflow. An attacker can send a series of HTTP reques... Read more
- Published: Oct. 07, 2025
- Modified: Oct. 09, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-54399
Multiple stack-based buffer overflow vulnerabilities exist in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to stack-based buffer overflow. An attacker can send a series of HTTP reques... Read more
- Published: Oct. 07, 2025
- Modified: Oct. 09, 2025
- Vuln Type: Memory Corruption
-
5.3
MEDIUMCVE-2025-53476
A denial of service vulnerability exists in the ModbusTCP server functionality of OpenPLC _v3 a931181e8b81e36fadf7b74d5cba99b73c3f6d58. A specially crafted series of network connections can lead to the server not processing subsequent Modbus requests. An ... Read more
Affected Products : openplc_v3_firmware- Published: Oct. 07, 2025
- Modified: Oct. 08, 2025
- Vuln Type: Denial of Service
-
7.8
HIGHCVE-2025-50505
Clash Verge Rev thru 2.2.3 forces the installation of system services(clash-verge-service) by default and exposes key functions through the unauthorized HTTP API `/start_clash`, allowing local users to submit arbitrary bin_path parameters and pass them di... Read more
Affected Products :- Published: Oct. 07, 2025
- Modified: Oct. 08, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-48826
A format string vulnerability exists in the formPingCmd functionality of Planet WGR-500 v1.3411b190912. A specially crafted series of HTTP requests can lead to memory corruption. An attacker can send a series of HTTP requests to trigger this vulnerability... Read more
- Published: Oct. 07, 2025
- Modified: Oct. 09, 2025
- Vuln Type: Memory Corruption
-
5.4
MEDIUMCVE-2025-37728
Insufficiently Protected Credentials in the Crowdstrike connector can lead to Crowdstrike credentials being leaked. A malicious user can access cached credentials from a Crowdstrike connector in another space by creating and running a Crowdstrike connecto... Read more
Affected Products : kibana- Published: Oct. 07, 2025
- Modified: Oct. 08, 2025
- Vuln Type: Information Disclosure
-
8.7
HIGHCVE-2025-25009
Improper Neutralization of Input During Web Page Generation in Kibana can lead to Stored XSS via case file upload.... Read more
Affected Products : kibana- Published: Oct. 07, 2025
- Modified: Oct. 08, 2025
- Vuln Type: Cross-Site Scripting
-
9.8
CRITICALCVE-2025-11397
A security flaw has been discovered in SourceCodester Hotel and Lodge Management System 1.0. The affected element is an unknown function of the file /login.php. Performing manipulation of the argument email results in sql injection. The attack may be init... Read more
Affected Products : hotel_and_lodge_management_system- Published: Oct. 07, 2025
- Modified: Oct. 09, 2025
- Vuln Type: Injection
-
8.5
HIGHCVE-2021-22291
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ABB EIBPORT V3 KNX, ABB EIBPORT V3 KNX GSM.This issue affects EIBPORT V3 KNX: before 3.9.2; EIBPORT V3 KNX GSM: before 3.9.2.... Read more
Affected Products :- Published: Oct. 07, 2025
- Modified: Oct. 08, 2025
- Vuln Type: Cross-Site Scripting
-
8.1
HIGHCVE-2025-40889
A path traversal vulnerability was discovered in the Time Machine functionality due to missing validation of two input parameters. An authenticated user with limited privileges, by issuing a specifically-crafted request, can potentially alter the structur... Read more
- Published: Oct. 07, 2025
- Modified: Oct. 09, 2025
- Vuln Type: Path Traversal
-
6.5
MEDIUMCVE-2025-40888
A SQL Injection vulnerability was discovered in the CLI functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, pote... Read more
- Published: Oct. 07, 2025
- Modified: Oct. 09, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-40887
A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, po... Read more
- Published: Oct. 07, 2025
- Modified: Oct. 09, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-40886
A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SQL statements on the DBMS used by the web application, potential... Read more
- Published: Oct. 07, 2025
- Modified: Oct. 09, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-40885
A SQL Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web applica... Read more
- Published: Oct. 07, 2025
- Modified: Oct. 09, 2025
- Vuln Type: Injection
-
5.3
MEDIUMCVE-2025-40676
Insecure Direct Object Reference (IDOR) in Negotiator v3.15.2 from Biobanking and Biomolecular Resources - European Research Infrastructure (BBMRI-ERIC). This vulnerability allows an attacker to access or modify unauthorised resources by manipulating requ... Read more
Affected Products :- Published: Oct. 07, 2025
- Modified: Oct. 08, 2025
- Vuln Type: Authorization