Latest CVE Feed
-
9.8
CRITICALCVE-2025-25257
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and below 7.0.10 allows an unauthenticated attacker ... Read more
Affected Products : fortiweb- Actively Exploited
- Published: Jul. 17, 2025
- Modified: Jul. 21, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2023-47356
Mingyu Security Gateway before v3.0-5.3p was discovered to contain a remote command execution (RCE) vulnerability via the log_type parameter at /log/fw_security.mds.... Read more
Affected Products :- Published: Jul. 17, 2025
- Modified: Jul. 24, 2025
- Vuln Type: Injection
-
8.1
HIGHCVE-2023-41566
OA EKP v16 was discovered to contain an arbitrary download vulnerability via the component /ui/sys_ui_extend/sysUiExtend.do. This vulnerability allows attackers to obtain the password of the background administrator and further obtain database permissions... Read more
Affected Products :- Published: Jul. 17, 2025
- Modified: Jul. 24, 2025
- Vuln Type: Information Disclosure
-
4.7
MEDIUMCVE-2025-54066
DiracX-Web is a web application that provides an interface to interact with the DiracX services. Prior to version 0.1.0-a8, an attacker can forge a request that they can pass to redirect an authenticated user to another arbitrary website. In the login pag... Read more
Affected Products :- Published: Jul. 17, 2025
- Modified: Jul. 17, 2025
- Vuln Type: Authentication
-
6.9
MEDIUMCVE-2025-54064
Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. The common Rucio helm-charts for the `rucio-server`, `rucio-ui`, and `rucio-webui` define the log forma... Read more
Affected Products :- Published: Jul. 17, 2025
- Modified: Jul. 17, 2025
- Vuln Type: Information Disclosure
-
9.4
CRITICALCVE-2025-54062
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.6 in the `/html/funcionario/profile_dependente.php` endpoint, specifically in th... Read more
Affected Products : wegia- Published: Jul. 17, 2025
- Modified: Jul. 30, 2025
- Vuln Type: Injection
-
9.4
CRITICALCVE-2025-54061
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.6 in the `idatendido_familiares` parameter of the `/html/funcionario/dependente_... Read more
Affected Products : wegia- Published: Jul. 17, 2025
- Modified: Jul. 30, 2025
- Vuln Type: Injection
-
9.4
CRITICALCVE-2025-54060
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.6 in the `idatendido_familiares` parameter of the `/html/funcionario/dependente_... Read more
Affected Products : wegia- Published: Jul. 17, 2025
- Modified: Jul. 30, 2025
- Vuln Type: Injection
-
9.4
CRITICALCVE-2025-54058
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.6 in the `idatendido_familiares` parameter of the `/html/funcionario/dependente_... Read more
Affected Products : wegia- Published: Jul. 17, 2025
- Modified: Jul. 30, 2025
- Vuln Type: Injection
-
6.1
MEDIUMCVE-2025-47189
Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows XSS for authentication error data of certain user flows, a different vulnerability than CVE-2025-54392.... Read more
Affected Products :- Published: Jul. 17, 2025
- Modified: Jul. 21, 2025
- Vuln Type: Cross-Site Scripting
-
9.4
CRITICALCVE-2025-53946
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.5 in the `id_funcionario` parameter of the `/html/saude/profile_paciente.php` en... Read more
Affected Products : wegia- Published: Jul. 17, 2025
- Modified: Jul. 30, 2025
- Vuln Type: Injection
-
6.1
MEDIUMCVE-2025-53941
Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Versions prior to 0.6.5 allow HTML form elements to be submitted, making the software vulnerable to HTML injection. Version 0.6.5 fixes the issue.... Read more
Affected Products :- Published: Jul. 17, 2025
- Modified: Jul. 17, 2025
- Vuln Type: Cross-Site Scripting
-
9.8
CRITICALCVE-2025-53928
MaxKB is an open-source AI assistant for enterprise. Prior to versions 1.10.9-lts and 2.0.0, a Remote Command Execution vulnerability exists in the MCP call. Versions 1.10.9-lts and 2.0.0 fix the issue.... Read more
Affected Products : maxkb- Published: Jul. 17, 2025
- Modified: Aug. 02, 2025
-
6.3
MEDIUMCVE-2025-53927
MaxKB is an open-source AI assistant for enterprise. Prior to version 2.0.0, the sandbox design rules can be bypassed because MaxKB only restricts the execution permissions of files in a specific directory. Therefore, an attacker can use the `shutil.copy2... Read more
Affected Products : maxkb- Published: Jul. 17, 2025
- Modified: Aug. 02, 2025
- Vuln Type: Misconfiguration
-
9.1
CRITICALCVE-2025-53909
mailcow: dockerized is an open source groupware/email suite based on docker. A Server-Side Template Injection (SSTI) vulnerability exists in versions prior to 2025-07 in the notification template system used by mailcow for sending quota and quarantine ale... Read more
Affected Products : mailcow\- Published: Jul. 17, 2025
- Modified: Jul. 17, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-51630
TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a buffer overflow via the ePort parameter in the function setIpPortFilterRules.... Read more
- Published: Jul. 17, 2025
- Modified: Jul. 18, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2025-40924
Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely. The session id is generated from a (usually SHA-1) hash of a simple counter, the epoch time, the built-in rand function, the PID and the current Catalyst context. Th... Read more
Affected Products :- Published: Jul. 17, 2025
- Modified: Jul. 17, 2025
- Vuln Type: Cryptography
-
7.5
HIGHCVE-2025-1713
When setting up interrupt remapping for legacy PCI(-X) devices, including PCI(-X) bridges, a lookup of the upstream bridge is required. This lookup, itself involving acquiring of a lock, is done in a context where acquiring that lock is unsafe. This can ... Read more
Affected Products : xen- Published: Jul. 17, 2025
- Modified: Jul. 17, 2025
- Vuln Type: Race Condition
-
5.1
MEDIUMCVE-2025-5346
Bluebird devices contain a pre-loaded barcode scanner application. This application exposes an unsecured broadcast receiver "kr.co.bluebird.android.bbsettings.BootReceiver". A local attacker can call the receiver to overwrite file containing ".json" keywo... Read more
Affected Products :- Published: Jul. 17, 2025
- Modified: Jul. 17, 2025
- Vuln Type: Path Traversal
-
6.3
MEDIUMCVE-2025-5345
Bluebird devices contain a pre-loaded file manager application. This application exposes an unsecured service provider "com.bluebird.system.koreanpost.IsdcardRemoteService". A local attacker can bind to the AIDL-type service to copy and delete arbitrary f... Read more
Affected Products :- Published: Jul. 17, 2025
- Modified: Jul. 17, 2025
- Vuln Type: Authorization