Latest CVE Feed
-
6.9
MEDIUMCVE-2025-43018
Certain HP LaserJet Pro printers may be vulnerable to information disclosure when a non-authenticated user queries a device’s local address book.... Read more
Affected Products :- Published: Jul. 30, 2025
- Modified: Jul. 31, 2025
-
6.1
MEDIUMCVE-2024-45515
An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A Cross-Site Scripting (XSS) vulnerability exists in Zimbra webmail due to insufficient validation of the content type metadata when importing files into the briefcase. Attackers can expl... Read more
Affected Products : collaboration- Published: Jul. 30, 2025
- Modified: Aug. 07, 2025
-
6.9
MEDIUMCVE-2025-54572
The Ruby SAML library is for implementing the client side of a SAML authorization. In versions 1.18.0 and below, a denial-of-service vulnerability exists in ruby-saml even with the message_max_bytesize setting configured. The vulnerability occurs because ... Read more
Affected Products : ruby-saml- Published: Jul. 30, 2025
- Modified: Jul. 31, 2025
-
9.1
CRITICALCVE-2025-54430
dedupe is a python library that uses machine learning to perform fuzzy matching, deduplication and entity resolution quickly on structured data. Before commit 3f61e79, a critical severity vulnerability has been identified within the .github/workflows/benc... Read more
Affected Products :- Published: Jul. 30, 2025
- Modified: Jul. 31, 2025
-
5.3
MEDIUMCVE-2025-54425
Umbraco is an ASP.NET CMS. In versions 13.0.0 through 13.9.2, 15.0.0 through 15.4.1 and 16.0.0 through 16.1.0, the content delivery API can be restricted from public access where an API key must be provided in a header to authorize the request. It's also ... Read more
Affected Products : umbraco_cms- Published: Jul. 30, 2025
- Modified: Jul. 31, 2025
-
5.2
MEDIUMCVE-2025-54410
Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. A firewalld vulnerability affects Moby releases before 28.0.0. When firew... Read more
Affected Products : moby- Published: Jul. 30, 2025
- Modified: Aug. 22, 2025
-
5.1
MEDIUMCVE-2025-54388
Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. In versions 28.2.0 through 28.3.2, when the firewalld service is reloaded... Read more
Affected Products : moby- Published: Jul. 30, 2025
- Modified: Jul. 31, 2025
-
6.5
MEDIUMCVE-2025-53008
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 9.3.1 through 10.0.19, a connected user can use a ma... Read more
Affected Products : glpi- Published: Jul. 30, 2025
- Modified: Aug. 04, 2025
-
6.5
MEDIUMCVE-2025-52897
GLPI is a Free Asset and IT Management Software package. In versions 9.1.0 through 10.0.18, an unauthenticated user can send a malicious link to attempt a phishing attack from the planning feature. This is fixed in version 10.0.19.... Read more
Affected Products : glpi- Published: Jul. 30, 2025
- Modified: Aug. 04, 2025
-
5.0
MEDIUMCVE-2025-52567
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In versions 0.84 through 10.0.18, usage of RSS feeds or external calendars when planning is subject to SSRF exploi... Read more
Affected Products : glpi- Published: Jul. 30, 2025
- Modified: Aug. 04, 2025
-
9.8
CRITICALCVE-2025-8326
A vulnerability classified as critical has been found in code-projects Exam Form Submission 1.0. Affected is an unknown function of the file /admin/delete_s7.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the att... Read more
Affected Products : exam_form_submission- Published: Jul. 30, 2025
- Modified: Aug. 05, 2025
-
5.4
MEDIUMCVE-2025-47001
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be e... Read more
- Published: Jul. 30, 2025
- Modified: Aug. 04, 2025
-
4.9
MEDIUMCVE-2025-6348
The Smart Slider 3 plugin for WordPress is vulnerable to time-based SQL Injection via the ‘sliderid’ parameter in all versions up to, and including, 3.5.1.28 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on... Read more
Affected Products : smart_slider_3- Published: Jul. 30, 2025
- Modified: Jul. 31, 2025
-
5.9
MEDIUMCVE-2025-1394
Failure to handle the error status returned by the buffer management APIs in SiLabs EmberZNet Zigbee stack may result in data leaks or potential Denial of Service (DoS).... Read more
Affected Products :- Published: Jul. 30, 2025
- Modified: Jul. 31, 2025
-
5.9
MEDIUMCVE-2025-1221
A Zigbee Radio Co-Processor (RCP), which is using SiLabs EmberZNet Zigbee stack, was unable to send messages to the host system (CPCd) due to heavy Zigbee traffic, resulting in a Denial of Service (DoS) attack, Only hard reset will bring the device to nor... Read more
Affected Products :- Published: Jul. 30, 2025
- Modified: Jul. 31, 2025
-
0.0
NACVE-2025-38498
In the Linux kernel, the following vulnerability has been resolved: do_change_type(): refuse to operate on unmounted/not ours mounts Ensure that propagation settings can only be changed for mounts located in the caller's mount namespace. This change ali... Read more
Affected Products : linux_kernel- Published: Jul. 30, 2025
- Modified: Jul. 31, 2025
-
8.8
HIGHCVE-2025-8323
The e-School from Ventem has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.... Read more
Affected Products :- Published: Jul. 30, 2025
- Modified: Jul. 31, 2025
-
8.8
HIGHCVE-2025-8322
The e-School from Ventem has a Missing Authorization vulnerability, allowing remote attackers with regular privilege to access administrator functions, including creating, modifying, and deleting accounts. They can even escalate any account to system admi... Read more
Affected Products :- Published: Jul. 30, 2025
- Modified: Jul. 31, 2025
-
8.8
HIGHCVE-2025-8292
Use after free in Media Stream in Google Chrome prior to 138.0.7204.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more
- Published: Jul. 30, 2025
- Modified: Aug. 01, 2025
-
6.8
MEDIUMCVE-2025-8321
Tesla Wall Connector Firmware Downgrade Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Tesla Wall Connector devices. Authentication is not required to exploit this vulnerability... Read more
- Published: Jul. 30, 2025
- Modified: Aug. 12, 2025