Latest CVE Feed
- 
                                
                                2.2LOWCVE-2025-59447The YoSmart YoLink Smart Hub device 0382 exposes a UART debug interface. An attacker with direct physical access can leverage this interface to read a boot log, which includes network access credentials.... Read more Affected Products :- Published: Oct. 06, 2025
- Modified: Oct. 08, 2025
- Vuln Type: Information Disclosure
 
- 
                                
                                9.8CRITICALCVE-2025-11346A vulnerability has been found in ILIAS up to 8.23/9.13/10.1. This affects the function unserialize of the component Base64 Decoding Handler. Such manipulation of the argument f_settings leads to deserialization. It is possible to launch the attack remote... Read more Affected Products : ilias- Published: Oct. 06, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Injection
 
- 
                                
                                3.6LOWCVE-2025-61985ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.... Read more Affected Products : openssh- Published: Oct. 06, 2025
- Modified: Oct. 08, 2025
- Vuln Type: Misconfiguration
 
- 
                                
                                3.6LOWCVE-2025-61984ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansio... Read more Affected Products : openssh- Published: Oct. 06, 2025
- Modified: Oct. 08, 2025
- Vuln Type: Authentication
 
- 
                                
                                9.8CRITICALCVE-2025-11345A flaw has been found in ILIAS up to 8.23/9.13/10.1. Affected by this issue is the function unserialize of the component Test Import. This manipulation causes deserialization. It is possible to initiate the attack remotely. Upgrading to version 8.24, 9.14... Read more Affected Products : ilias- Published: Oct. 06, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Injection
 
- 
                                
                                9.8CRITICALCVE-2025-11344A vulnerability was detected in ILIAS up to 8.23/9.13/10.1. Affected by this vulnerability is an unknown functionality of the component Certificate Import Handler. The manipulation results in Remote Code Execution. The attack may be performed from remote.... Read more Affected Products : ilias- Published: Oct. 06, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Denial of Service
 
- 
                                
                                7.5HIGHCVE-2025-6985The HTMLSectionSplitter class in langchain-text-splitters version 0.3.8 is vulnerable to XML External Entity (XXE) attacks due to unsafe XSLT parsing. This vulnerability arises because the class allows the use of arbitrary XSLT stylesheets, which are pars... Read more Affected Products : langchain- Published: Oct. 06, 2025
- Modified: Oct. 08, 2025
- Vuln Type: XML External Entity
 
- 
                                
                                9.8CRITICALCVE-2025-57515A SQL injection vulnerability has been identified in Uniclare Student Portal v2. This flaw allows remote attackers to inject arbitrary SQL commands via vulnerable input fields, enabling the execution of time-delay functions to infer database responses.... Read more Affected Products :- Published: Oct. 06, 2025
- Modified: Oct. 08, 2025
- Vuln Type: Injection
 
- 
                                
                                6.1MEDIUMCVE-2025-56382A stored Cross-site scripting (XSS) vulnerability exists in the Customer Management Module of LionCoders SalePro POS 5.4.8. An authenticated attacker can inject arbitrary web script or HTML via the 'Customer Name' parameter when creating or editing custom... Read more Affected Products : salepro_pos- Published: Oct. 06, 2025
- Modified: Oct. 15, 2025
- Vuln Type: Cross-Site Scripting
 
- 
                                
                                5.4MEDIUMCVE-2025-28129Phpgurukul Hostel Management System 2.1 is vulnerable to clickjacking.... Read more Affected Products : hostel_management_system- Published: Oct. 06, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Cross-Site Request Forgery
 
- 
                                
                                8.6HIGHCVE-2025-11343A security vulnerability has been detected in code-projects Student Crud Operation 3.3. Affected is an unknown function of the file delete.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. ... Read more Affected Products : crud_operation_system- Published: Oct. 06, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Injection
 
- 
                                
                                9.8CRITICALCVE-2025-11342A weakness has been identified in code-projects Online Course Registration 1.0. This impacts an unknown function of the file /admin/edit-course.php. Executing manipulation of the argument coursecode can lead to sql injection. The attack can be executed re... Read more Affected Products : online_course_registration_site- Published: Oct. 06, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Injection
 
- 
                                
                                9.3CRITICALCVE-2025-61778Akka.NET is a .NET port of the Akka project from the Scala / Java community. In all versions of Akka.Remote from v1.2.0 to v1.5.51, TLS could be enabled via our `akka.remote.dot-netty.tcp` transport and this would correctly enforce private key validation ... Read more Affected Products :- Published: Oct. 06, 2025
- Modified: Oct. 08, 2025
- Vuln Type: Authentication
 
- 
                                
                                9.4CRITICALCVE-2025-61777Flag Forge is a Capture The Flag (CTF) platform. Starting in version 2.0.0 and prior to version 2.3.2, the `/api/admin/badge-templates` (GET) and `/api/admin/badge-templates/create` (POST) endpoints previously allowed access without authentication or auth... Read more Affected Products : flagforge- Published: Oct. 06, 2025
- Modified: Oct. 08, 2025
- Vuln Type: Authentication
 
- 
                                
                                6.1MEDIUMCVE-2025-61769Emlog is an open source website building system. A cross-site scripting (XSS) vulnerability in emlog up to and including version 2.5.22 allows authenticated remote attackers to inject arbitrary web script or HTML via the file upload functionality. As an a... Read more Affected Products : emlog- Published: Oct. 06, 2025
- Modified: Oct. 09, 2025
- Vuln Type: Cross-Site Scripting
 
- 
                                
                                6.5MEDIUMCVE-2025-61766Bucket is a MediaWiki extension to store and retrieve structured data on articles. Prior to version 1.0.0, infinite recursion can occur if a user queries a bucket using the `!=` comparator. This will result in PHP's call stack limit exceeding, and/or incr... Read more Affected Products :- Published: Oct. 06, 2025
- Modified: Oct. 08, 2025
- Vuln Type: Denial of Service
 
- 
                                
                                5.7MEDIUMCVE-2025-60969Directory Traversal vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0076-000 Ver 4.00 allows attackers to gain sensitive information.... Read more - Published: Oct. 06, 2025
- Modified: Oct. 10, 2025
- Vuln Type: Path Traversal
 
- 
                                
                                7.3HIGHCVE-2025-60967Cross Site Scripting (XSS) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0076-000 Ver 4.00 allows attackers to gain sensitive information.... Read more - Published: Oct. 06, 2025
- Modified: Oct. 10, 2025
- Vuln Type: Cross-Site Scripting
 
- 
                                
                                9.1CRITICALCVE-2025-60965OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, gain sensitive information, and pos... Read more - Published: Oct. 06, 2025
- Modified: Oct. 10, 2025
- Vuln Type: Injection
 
- 
                                
                                9.1CRITICALCVE-2025-60964OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, gain sensitive information, and pos... Read more - Published: Oct. 06, 2025
- Modified: Oct. 10, 2025
- Vuln Type: Injection
 
 
                         
                         
                         
                                             
                                            