Latest CVE Feed
-
9.8
CRITICALCVE-2025-54452
Improper Authentication vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.This issue affects MagicINFO 9 Server: less than 21.1080.0.... Read more
Affected Products : magicinfo_9_server- Published: Jul. 23, 2025
- Modified: Jul. 28, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-54451
Improper Control of Generation of Code ('Code Injection') vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.... Read more
Affected Products : magicinfo_9_server- Published: Jul. 23, 2025
- Modified: Jul. 28, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-54450
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.... Read more
Affected Products : magicinfo_9_server- Published: Jul. 23, 2025
- Modified: Jul. 28, 2025
- Vuln Type: Path Traversal
-
9.8
CRITICALCVE-2025-54449
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.... Read more
Affected Products : magicinfo_9_server- Published: Jul. 23, 2025
- Modified: Jul. 28, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-54448
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.... Read more
Affected Products : magicinfo_9_server- Published: Jul. 23, 2025
- Modified: Jul. 28, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-54447
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.... Read more
Affected Products : magicinfo_9_server- Published: Jul. 23, 2025
- Modified: Jul. 28, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-54446
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Upload a Web Shell to a Web Server.This issue affects MagicINFO 9 Server: less than 21.1080.0... Read more
Affected Products : magicinfo_9_server- Published: Jul. 23, 2025
- Modified: Jul. 28, 2025
- Vuln Type: Path Traversal
-
9.8
CRITICALCVE-2025-54445
Improper Restriction of XML External Entity Reference vulnerability in Samsung Electronics MagicINFO 9 Server allows Server Side Request Forgery.This issue affects MagicINFO 9 Server: less than 21.1080.0.... Read more
Affected Products : magicinfo_9_server- Published: Jul. 23, 2025
- Modified: Aug. 15, 2025
- Vuln Type: XML External Entity
-
9.8
CRITICALCVE-2025-54444
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.... Read more
Affected Products : magicinfo_9_server- Published: Jul. 23, 2025
- Modified: Jul. 30, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-54443
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Upload a Web Shell to a Web Server.This issue affects MagicINFO 9 Server: less than 21.1080.0... Read more
Affected Products : magicinfo_9_server- Published: Jul. 23, 2025
- Modified: Jul. 30, 2025
- Vuln Type: Path Traversal
-
9.8
CRITICALCVE-2025-54442
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.... Read more
Affected Products : magicinfo_9_server- Published: Jul. 23, 2025
- Modified: Jul. 30, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-54441
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.... Read more
Affected Products : magicinfo_9_server- Published: Jul. 23, 2025
- Modified: Jul. 30, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-54440
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.... Read more
Affected Products : magicinfo_9_server- Published: Jul. 23, 2025
- Modified: Jul. 30, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-54439
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.... Read more
Affected Products : magicinfo_9_server- Published: Jul. 23, 2025
- Modified: Jul. 30, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-54438
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Upload a Web Shell to a Web Server.This issue affects MagicINFO 9 Server: less than 21.1080.0... Read more
Affected Products : magicinfo_9_server- Published: Jul. 23, 2025
- Modified: Jul. 30, 2025
- Vuln Type: Path Traversal
-
7.7
HIGHCVE-2025-8021
All versions of the package files-bucket-server are vulnerable to Directory Traversal where an attacker can traverse the file system and access files outside of the intended directory.... Read more
Affected Products :- Published: Jul. 23, 2025
- Modified: Jul. 25, 2025
- Vuln Type: Path Traversal
-
8.8
HIGHCVE-2025-8020
All versions of the package private-ip are vulnerable to Server-Side Request Forgery (SSRF) where an attacker can provide an IP or hostname that resolves to a multicast IP address (224.0.0.0/4) which is not included as part of the private IP ranges in the... Read more
Affected Products : private-ip- Published: Jul. 23, 2025
- Modified: Jul. 25, 2025
- Vuln Type: Server-Side Request Forgery
-
5.3
MEDIUMCVE-2025-43881
Improper validation of specified quantity in input issue exists in Real-time Bus Tracking System versions prior to 1.1. If exploited, a denial of service (DoS) condition may be caused by an attacker who can log in to the administrative page of the affecte... Read more
Affected Products :- Published: Jul. 23, 2025
- Modified: Jul. 25, 2025
- Vuln Type: Denial of Service
-
5.9
MEDIUMCVE-2024-53288
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in NTP Region functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to inject ... Read more
- Published: Jul. 23, 2025
- Modified: Jul. 29, 2025
- Vuln Type: Cross-Site Scripting
-
5.9
MEDIUMCVE-2024-53287
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in VPN Setting functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to inject... Read more
- Published: Jul. 23, 2025
- Modified: Jul. 29, 2025
- Vuln Type: Cross-Site Scripting