Latest CVE Feed
-
7.5
HIGHCVE-2025-11030
A vulnerability was detected in Tutorials-Website Employee Management System up to 611887d8f8375271ce8abc704507d46340837a60. Impacted is an unknown function of the file /admin/all-applied-leave.php of the component HTTP Request Handler. The manipulation r... Read more
Affected Products : employee_management_system- Published: Sep. 26, 2025
- Modified: Sep. 29, 2025
- Vuln Type: Authorization
-
8.8
HIGHCVE-2025-11029
A weakness has been identified in givanz Vvveb up to 1.0.7.2. This vulnerability affects unknown code. Executing manipulation can lead to cross-site request forgery. The attack can be executed remotely. The exploit has been made available to the public an... Read more
Affected Products : vvveb- Published: Sep. 26, 2025
- Modified: Oct. 07, 2025
- Vuln Type: Cross-Site Request Forgery
-
6.9
MEDIUMCVE-2025-59843
Flag Forge is a Capture The Flag (CTF) platform. From versions 2.0.0 to before 2.3.1, the public endpoint /api/user/[username] returns user email addresses in its JSON response. The problem has been patched in FlagForge version 2.3.1. The fix removes emai... Read more
Affected Products : flagforge- Published: Sep. 26, 2025
- Modified: Oct. 08, 2025
- Vuln Type: Information Disclosure
-
4.3
MEDIUMCVE-2025-59842
jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to version 4.4.8, links generated with LaTeX typesetters in Markdown files and Markdown cells in JupyterLab and Jupyter N... Read more
Affected Products : jupyterlab- Published: Sep. 26, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Misconfiguration
-
8.2
HIGHCVE-2025-59362
Squid through 7.1 mishandles ASN.1 encoding of long SNMP OIDs. This occurs in asn_build_objid in lib/snmplib/asn1.c.... Read more
Affected Products : squid- Published: Sep. 26, 2025
- Modified: Oct. 07, 2025
- Vuln Type: Misconfiguration
-
7.1
HIGHCVE-2025-58385
In DOXENSE WATCHDOC before 6.1.0.5094, private user puk codes can be disclosed for Active Directory registered users (there is hard-coded and predictable data).... Read more
Affected Products : watchdoc- Published: Sep. 26, 2025
- Modified: Oct. 07, 2025
- Vuln Type: Information Disclosure
-
6.8
MEDIUMCVE-2025-56463
Mercusys MW305R 3.30 and below is has a Transport Layer Security (TLS) certificate private key disclosure.... Read more
- Published: Sep. 26, 2025
- Modified: Oct. 07, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-11028
A security flaw has been discovered in givanz Vvveb up to 1.0.7.2. This affects an unknown part of the component Image Handler. Performing manipulation results in information disclosure. Remote exploitation of the attack is possible. The exploit has been ... Read more
Affected Products : vvveb- Published: Sep. 26, 2025
- Modified: Oct. 07, 2025
- Vuln Type: Information Disclosure
-
5.4
MEDIUMCVE-2025-11027
A vulnerability was identified in givanz Vvveb up to 1.0.7.2. Affected by this issue is some unknown functionality of the component SVG File Handler. Such manipulation leads to cross site scripting. The attack may be launched remotely. The exploit is publ... Read more
Affected Products : vvveb- Published: Sep. 26, 2025
- Modified: Oct. 07, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-6396
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Webbeyaz Website Design Website Software allows Cross-Site Scripting (XSS).This issue affects Website Software: through 2025.07.14.... Read more
Affected Products :- Published: Sep. 26, 2025
- Modified: Sep. 29, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-57292
Todoist v8484 contains a stored cross-site scripting (XSS) vulnerability in the avatar upload functionality. The application fails to properly validate the MIME type and sanitize image metadata.... Read more
Affected Products : todoist- Published: Sep. 26, 2025
- Modified: Oct. 07, 2025
- Vuln Type: Cross-Site Scripting
-
9.9
CRITICALCVE-2025-55187
In DriveLock 24.1.4 before 24.1.5, 24.2.5 before 24.2.6, and 25.1.2 before 25.1.4, attackers can gain elevated privileges.... Read more
Affected Products : drivelock- Published: Sep. 26, 2025
- Modified: Oct. 08, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-36326
IBM Cognos Controller 11.0.0 through 11.0.1, and IBM Controller 11.1.0 through 11.1.1 could allow an attacker to obtain sensitive information due to the use of hardcoded cryptographic keys for signing session cookies.... Read more
- Published: Sep. 26, 2025
- Modified: Oct. 03, 2025
- Vuln Type: Cryptography
-
7.5
HIGHCVE-2025-36274
IBM Aspera HTTP Gateway 2.0.0 through 2.3.1 stores sensitive information in clear text in easily obtainable files which can be read by an unauthenticated user.... Read more
Affected Products : aspera_http_gateway- Published: Sep. 26, 2025
- Modified: Sep. 29, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-11026
A vulnerability was determined in givanz Vvveb up to 1.0.7.2. Affected by this vulnerability is an unknown functionality of the component Configuration File Handler. This manipulation causes information disclosure. The attack may be initiated remotely. Th... Read more
Affected Products : vvveb- Published: Sep. 26, 2025
- Modified: Oct. 08, 2025
- Vuln Type: Information Disclosure
-
4.8
MEDIUMCVE-2025-11019
A vulnerability has been found in Total.js CMS up to 19.9.0. This impacts an unknown function of the component Files Menu. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public a... Read more
Affected Products :- Published: Sep. 26, 2025
- Modified: Sep. 29, 2025
- Vuln Type: Cross-Site Scripting
-
7.5
HIGHCVE-2025-11018
A flaw has been found in Four-Faith Water Conservancy Informatization Platform 1.0. This affects an unknown function of the file /sysRole/index.do/../../generalReport/download.do;usrlogout.do.do. Executing manipulation of the argument fileName can lead to... Read more
Affected Products : water_conservancy_informatization- Published: Sep. 26, 2025
- Modified: Oct. 08, 2025
- Vuln Type: Path Traversal
-
5.5
MEDIUMCVE-2025-11017
A vulnerability was detected in OGRECave Ogre up to 14.4.1. The impacted element is the function Ogre::LogManager::stream of the file /ogre/OgreMain/src/OgreLogManager.cpp. Performing manipulation of the argument mDefaultLog results in null pointer derefe... Read more
Affected Products : ogre- Published: Sep. 26, 2025
- Modified: Oct. 08, 2025
- Vuln Type: Memory Corruption
-
5.3
MEDIUMCVE-2025-11016
A security vulnerability has been detected in kalcaddle kodbox up to 1.61.09. The affected element is the function fileOut of the file app/controller/explorer/index.class.php. Such manipulation of the argument path leads to path traversal. The attack may ... Read more
Affected Products : kodbox- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Path Traversal
-
5.3
MEDIUMCVE-2025-11015
A weakness has been identified in OGRECave Ogre up to 14.4.1. Impacted is the function STBIImageCodec::encode of the file /ogre/PlugIns/STBICodec/src/OgreSTBICodec.cpp. This manipulation causes mismatched memory management routines. The attack is restrict... Read more
Affected Products : ogre- Published: Sep. 26, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Memory Corruption