Latest CVE Feed
-
6.3
MEDIUMCVE-2025-26620
Duende.AccessTokenManagement is a set of .NET libraries that manage OAuth and OpenId Connect access tokens. Duende.AccessTokenManagement contains a race condition when requesting access tokens using the client credentials flow. Concurrent requests to obta... Read more
Affected Products :- Published: Feb. 18, 2025
- Modified: Feb. 18, 2025
- Vuln Type: Race Condition
-
4.2
MEDIUMCVE-2025-26058
Webkul QloApps v1.6.1 exposes authentication tokens in URLs during redirection. When users access the admin panel or other protected areas, the application appends sensitive authentication tokens directly to the URL.... Read more
Affected Products : qloapps- Published: Feb. 18, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Authentication
-
5.3
MEDIUMCVE-2025-25300
smartbanner.js is a customizable smart app banner for iOS and Android. Prior to version 1.14.1, clicking on smartbanner `View` link and navigating to 3rd party page leaves `window.opener` exposed. It may allow hostile third parties to abuse `window.opener... Read more
Affected Products :- Published: Feb. 18, 2025
- Modified: Feb. 18, 2025
- Vuln Type: Information Disclosure
-
8.1
HIGHCVE-2024-56883
Sage DPW before 2024_12_001 is vulnerable to Incorrect Access Control. The implemented role-based access controls are not always enforced on the server side. Low-privileged Sage users with employee role privileges can create external courses for other emp... Read more
Affected Products :- Published: Feb. 18, 2025
- Modified: Feb. 19, 2025
- Vuln Type: Authorization
-
5.4
MEDIUMCVE-2024-56882
Sage DPW before 2024_12_000 is vulnerable to Cross Site Scripting (XSS). Low-privileged Sage users with employee role privileges can permanently store JavaScript code in the Kurstitel and Kurzinfo input fields. The injected payload is executed for each au... Read more
Affected Products :- Published: Feb. 18, 2025
- Modified: Feb. 19, 2025
- Vuln Type: Cross-Site Scripting
-
8.0
HIGHCVE-2024-51505
An issue was discovered in Atos Eviden IDRA before 2.7.1. A highly trusted role (Config Admin) could leverage a race condition to escalate privileges.... Read more
Affected Products :- Published: Feb. 18, 2025
- Modified: Feb. 18, 2025
- Vuln Type: Race Condition
-
7.5
HIGHCVE-2024-50609
An issue was discovered in Fluent Bit 3.1.9. When the OpenTelemetry input plugin is running and listening on an IP address and port, one can send a packet with Content-Length: 0 and it crashes the server. Improper handling of the case when Content-Length ... Read more
Affected Products : fluent_bit- Published: Feb. 18, 2025
- Modified: Apr. 22, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2024-50608
An issue was discovered in Fluent Bit 3.1.9. When the Prometheus Remote Write input plugin is running and listening on an IP address and port, one can send a packet with Content-Length: 0 and it crashes the server. Improper handling of the case when Conte... Read more
Affected Products : fluent_bit- Published: Feb. 18, 2025
- Modified: Apr. 22, 2025
- Vuln Type: Denial of Service
-
3.8
LOWCVE-2024-4028
A vulnerability was found in Keycloak. This issue may allow a privileged attacker to use a malicious payload as the permission while creating items (Resource and Permissions) from the admin console, leading to a stored cross-site scripting (XSS) attack.... Read more
- Published: Feb. 18, 2025
- Modified: Feb. 18, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2024-49589
Foundry Artifacts was found to be vulnerable to a Denial Of Service attack due to disk being potentially filled up based on an user supplied argument (size).... Read more
Affected Products :- Published: Feb. 18, 2025
- Modified: Feb. 18, 2025
- Vuln Type: Denial of Service
-
6.8
MEDIUMCVE-2024-39328
Insecure Permissions in Atos Eviden IDRA and IDCA before 2.7.0. A highly trusted role (Config Admin) could exceed their configuration privileges in a multi-partition environment and access some confidential data. Data integrity and availability is not at ... Read more
Affected Products :- Published: Feb. 18, 2025
- Modified: Feb. 18, 2025
- Vuln Type: Authorization
-
6.4
MEDIUMCVE-2022-41545
The administrative web interface of a Netgear C7800 Router running firmware version 6.01.07 (and possibly others) authenticates users via basic authentication, with an HTTP header containing a base64 value of the plaintext username and password. Because t... Read more
- Published: Feb. 18, 2025
- Modified: Jun. 06, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2024-55460
A time-based SQL injection vulnerability in the login page of BoardRoom Limited Dividend Distribution Tax Election System Version v2.0 allows attackers to execute arbitrary code via a crafted input.... Read more
Affected Products :- Published: Feb. 18, 2025
- Modified: Feb. 19, 2025
- Vuln Type: Injection
-
9.9
CRITICALCVE-2024-39327
Incorrect Access Control vulnerability in Atos Eviden IDRA before 2.6.1 could allow the possibility to obtain CA signing in an illegitimate way.... Read more
Affected Products :- Published: Feb. 18, 2025
- Modified: Mar. 17, 2025
- Vuln Type: Authorization
-
6.7
MEDIUMCVE-2025-22207
Improperly built order clauses lead to a SQL injection vulnerability in the backend task list of com_scheduler.... Read more
Affected Products : joomla\!- Published: Feb. 18, 2025
- Modified: Feb. 18, 2025
- Vuln Type: Injection
-
7.8
HIGHCVE-2025-21703
In the Linux kernel, the following vulnerability has been resolved: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() qdisc_tree_reduce_backlog() notifies parent qdisc only if child qdisc becomes empty, therefore we need to reduce the backlog... Read more
Affected Products : linux_kernel- Published: Feb. 18, 2025
- Modified: Mar. 24, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-21702
In the Linux kernel, the following vulnerability has been resolved: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 Expected behaviour: In case we reach scheduler's limit, pfifo_tail_enqueue() will drop a packet in scheduler's queue and decreas... Read more
Affected Products : linux_kernel- Published: Feb. 18, 2025
- Modified: Mar. 13, 2025
- Vuln Type: Information Disclosure
-
9.8
CRITICALCVE-2024-57049
A vulnerability in the TP-Link Archer c20 router with firmware version V6.6_230412 and earlier permits unauthorized individuals to bypass the authentication of some interfaces under the /cgi directory. When adding Referer: http://tplinkwifi.net to the the... Read more
- Published: Feb. 18, 2025
- Modified: Jun. 06, 2025
- Vuln Type: Authentication
-
8.8
HIGHCVE-2024-57046
A vulnerability in the Netgear DGN2200 router with firmware version v1.0.0.46 and earlier permits unauthorized individuals to bypass the authentication. When adding "?x=1.gif" to the the requested url, it will be recognized as passing the authentication.... Read more
- Published: Feb. 18, 2025
- Modified: Jul. 07, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2024-57045
A vulnerability in the D-Link DIR-859 router with firmware version A3 1.05 and earlier permits unauthorized individuals to bypass the authentication. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page.... Read more
- Published: Feb. 18, 2025
- Modified: May. 21, 2025
- Vuln Type: Authentication