Latest CVE Feed
-
7.5
HIGHCVE-2025-7472
A local privilege escalation vulnerability in the Intercept X for Windows installer prior version 1.22 can lead to a local user gaining system level privileges, if the installer is run as SYSTEM.... Read more
Affected Products :- Published: Jul. 17, 2025
- Modified: Jul. 17, 2025
- Vuln Type: Authorization
-
6.9
MEDIUMCVE-2025-54070
OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 5.2.0 and prior to version 5.4.0, the `lastIndexOf(bytes,byte,uint256)` function of the `Bytes.sol` library may access uninitialized memory when the following t... Read more
Affected Products : openzeppelin_contracts- Published: Jul. 17, 2025
- Modified: Jul. 17, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-54068
Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property upda... Read more
Affected Products : livewire- Published: Jul. 17, 2025
- Modified: Aug. 27, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-53817
7-Zip is a file archiver with a high compression ratio. 7-Zip supports extracting from Compound Documents. Prior to version 25.0.0, a null pointer dereference in the Compound handler may lead to denial of service. Version 25.0.0 contains a fix cor the iss... Read more
Affected Products : 7-zip- Published: Jul. 17, 2025
- Modified: Aug. 21, 2025
-
7.5
HIGHCVE-2025-53816
7-Zip is a file archiver with a high compression ratio. Zeroes written outside heap buffer in RAR5 handler may lead to memory corruption and denial of service in versions of 7-Zip prior to 25.0.0. Version 25.0.0 contains a fix for the issue.... Read more
Affected Products : 7-zip- Published: Jul. 17, 2025
- Modified: Aug. 21, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-50240
nbcio-boot v1.0.3 was discovered to contain a SQL injection vulnerability via the userIds parameter at /sys/user/deleteRecycleBin.... Read more
Affected Products :- Published: Jul. 17, 2025
- Modified: Jul. 18, 2025
- Vuln Type: Injection
-
5.4
MEDIUMCVE-2025-46102
Cross Site Scripting vulnerability in Beakon Software Beakon Learning Management System Sharable Content Object Reference Model (SCORM) version V.5.4.3 allows a remote attacker to obtain sensitive information via the URL parameter... Read more
Affected Products :- Published: Jul. 17, 2025
- Modified: Jul. 17, 2025
- Vuln Type: Cross-Site Scripting
-
8.8
HIGHCVE-2024-13972
A vulnerability related to registry permissions in the Intercept X for Windows updater prior to Core Agent version 2024.3.2 can lead to a local user gaining SYSTEM level privileges during a product upgrade.... Read more
Affected Products :- Published: Jul. 17, 2025
- Modified: Aug. 03, 2025
- Vuln Type: Misconfiguration
-
9.8
CRITICALCVE-2025-7749
A vulnerability, which was classified as critical, has been found in code-projects Online Appointment Booking System 1.0. This issue affects some unknown processing of the file /admin/getmanagerregion.php. The manipulation of the argument city leads to sq... Read more
Affected Products : online_appointment_booking_system- Published: Jul. 17, 2025
- Modified: Jul. 18, 2025
- Vuln Type: Injection
-
5.1
MEDIUMCVE-2025-7748
A vulnerability classified as problematic was found in ZCMS 3.6.0. This vulnerability affects unknown code of the component Create Article Page. The manipulation of the argument Title leads to cross site scripting. The attack can be initiated remotely. Th... Read more
Affected Products :- Published: Jul. 17, 2025
- Modified: Jul. 17, 2025
- Vuln Type: Cross-Site Scripting
-
9.0
HIGHCVE-2025-7747
A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. This affects the function fromWizardHandle of the file /goform/WizardHandle of the component POST Request Handler. The manipulation of the argument PPW leads to buffer overflow.... Read more
- Published: Jul. 17, 2025
- Modified: Jul. 18, 2025
- Vuln Type: Memory Corruption
-
6.6
MEDIUMCVE-2025-53644
OpenCV is an Open Source Computer Vision Library. Versions prior to 4.12.0 have an uninitialized pointer variable on stack that may lead to arbitrary heap buffer write when reading crafted JPEG images. Version 4.12.0 fixes the vulnerability.... Read more
Affected Products : opencv- Published: Jul. 17, 2025
- Modified: Aug. 05, 2025
- Vuln Type: Memory Corruption
-
6.9
MEDIUMCVE-2025-53638
Solady is software that provides Solidity snippets with APIs. Starting in version 0.0.125 and prior to version 0.1.24, when an account is deployed via a proxy, using regular Solidity to call its initialization function may result in a silent failure, if t... Read more
Affected Products :- Published: Jul. 17, 2025
- Modified: Jul. 17, 2025
- Vuln Type: Misconfiguration
-
5.5
MEDIUMCVE-2025-51497
An issue was discovered in AdGuard plugin before 1.11.22 for Safari on MacOS. AdGaurd verbosely logged each url that Safari accessed when the plugin was active. These logs went into the MacOS general logs for any unsandboxed process to read. This may be d... Read more
Affected Products :- Published: Jul. 17, 2025
- Modified: Jul. 24, 2025
- Vuln Type: Information Disclosure
-
7.6
HIGHCVE-2025-23263
NVIDIA DOCA-Host and Mellanox OFED contain a vulnerability in the VGT+ feature, where an attacker on a VM might cause escalation of privileges and denial of service on the VLAN.... Read more
Affected Products :- Published: Jul. 17, 2025
- Modified: Jul. 17, 2025
- Vuln Type: Denial of Service
-
8.1
HIGHCVE-2024-32323
SQL Injection vulnerability in cnhcit.com Haichang OA v.1.0.0 allows a remote attacker to obtain sensitive information via the if parameter in hcit.project.rte.agents.UploadImages.class.... Read more
Affected Products :- Published: Jul. 17, 2025
- Modified: Jul. 24, 2025
- Vuln Type: Injection
-
3.4
LOWCVE-2025-7339
on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions `<1.1.0` may result in response headers being inadvertently modified when an array is passed to `response.writeHead()`. Users should upgrade t... Read more
Affected Products :- Published: Jul. 17, 2025
- Modified: Jul. 17, 2025
- Vuln Type: Misconfiguration
-
7.5
HIGHCVE-2025-7338
Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.2 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload ... Read more
Affected Products :- Published: Jul. 17, 2025
- Modified: Jul. 17, 2025
- Vuln Type: Denial of Service
-
9.8
CRITICALCVE-2025-53867
Island Lake WebBatch before 2025C allows Remote Code Execution via a crafted URL.... Read more
Affected Products :- Published: Jul. 17, 2025
- Modified: Jul. 24, 2025
-
9.8
CRITICALCVE-2025-52046
Totolink A3300R V17.0.0cu.596_B20250515 was found to contain a command injection vulnerability in the sub_4197C0 function via the mac and desc parameters. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a crafted requ... Read more
- Published: Jul. 17, 2025
- Modified: Jul. 24, 2025
- Vuln Type: Injection