Latest CVE Feed
-
6.8
MEDIUMCVE-2025-6081
Insufficiently Protected Credentials in LDAP in Konica Minolta bizhub 227 Multifunction printers version GCQ-Y3 or earlier allows an attacker can reconfigure the target device to use an external LDAP service controlled by the attacker. If an LDAP password... Read more
Affected Products :- Published: Jul. 01, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Misconfiguration
-
5.3
MEDIUMCVE-2025-5967
A stored cross-site scripting vulnerability in ENS HX 10.0.4 allows a malicious user to inject arbitrary HTML into the ENS HX Malware Scan Name field, resulting in the exposure of sensitive data.... Read more
Affected Products :- Published: Jul. 01, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Cross-Site Scripting
-
9.0
HIGHCVE-2025-6940
A vulnerability classified as critical was found in TOTOLINK A702R 4.0.0-B20230721.1521. Affected by this vulnerability is an unknown functionality of the file /boafrm/formParentControl of the component HTTP POST Request Handler. The manipulation of the a... Read more
- Published: Jul. 01, 2025
- Modified: Jul. 07, 2025
- Vuln Type: Memory Corruption
-
9.0
HIGHCVE-2025-6939
A vulnerability classified as critical has been found in TOTOLINK A3002RU 3.0.0-B20230809.1615. Affected is an unknown function of the file /boafrm/formWlSiteSurvey of the component HTTP POST Request Handler. The manipulation of the argument submit-url le... Read more
- Published: Jul. 01, 2025
- Modified: Jul. 07, 2025
- Vuln Type: Memory Corruption
-
8.1
HIGHCVE-2024-49365
tiny-secp256k1 is a tiny secp256k1 native/JS wrapper. Prior to version 1.1.7, a malicious JSON-stringifyable message can be made passing on verify(), when global Buffer is the buffer package. This affects only environments where require('buffer') is the N... Read more
Affected Products :- Published: Jul. 01, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Misconfiguration
-
8.1
HIGHCVE-2024-49364
tiny-secp256k1 is a tiny secp256k1 native/JS wrapper. Prior to version 1.1.7, a private key can be extracted on signing a malicious JSON-stringifiable object, when global Buffer is the buffer package. This affects only environments where require('buffer')... Read more
Affected Products :- Published: Jul. 01, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Cryptography
-
4.4
MEDIUMCVE-2024-46993
Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions prior to 28.3.2, 29.3.3, and 30.0.3, the nativeImage.createFromPath() and nativeImage.createFromBuffer() functions call a func... Read more
Affected Products : electron- Published: Jul. 01, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-6938
A vulnerability was found in code-projects Simple Pizza Ordering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /editcus.php. The manipulation of the argument ID leads to sql injection. The attack may be ... Read more
Affected Products : simple_pizza_ordering_system- Published: Jul. 01, 2025
- Modified: Jul. 07, 2025
- Vuln Type: Injection
-
6.1
MEDIUMCVE-2025-53096
Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.628.4510, the web UI of Sunshine lacks protection against Clickjacking attacks. This vulnerability allows an attacker to embed the Sunshine interface within a malicious websit... Read more
Affected Products : sunshine- Published: Jul. 01, 2025
- Modified: Aug. 22, 2025
- Vuln Type: Cross-Site Request Forgery
-
9.6
CRITICALCVE-2025-53095
Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.628.4510, the web UI of Sunshine lacks protection against Cross-Site Request Forgery (CSRF) attacks. This vulnerability allows an attacker to craft a malicious web page that, ... Read more
Affected Products : sunshine- Published: Jul. 01, 2025
- Modified: Aug. 22, 2025
- Vuln Type: Cross-Site Request Forgery
-
8.2
HIGHCVE-2025-53003
The Janssen Project is an open-source identity and access management (IAM) platform. Prior to version 1.8.0, the Config API returns results without scope verification. This has a large internal surface attack area that exposes all sorts of information fro... Read more
Affected Products :- Published: Jul. 01, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Information Disclosure
-
7.8
HIGHCVE-2024-46992
Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From versions 30.0.0-alpha.1 to before 30.0.5 and 31.0.0-alpha.1 to before 31.0.0-beta.1, Electron is vulnerable to an ASAR Integrity bypa... Read more
Affected Products : electron- Published: Jul. 01, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Misconfiguration
-
9.8
CRITICALCVE-2025-6937
A vulnerability was found in code-projects Simple Pizza Ordering System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /large.php. The manipulation of the argument ID leads to sql injection. The attack can be in... Read more
Affected Products : simple_pizza_ordering_system- Published: Jul. 01, 2025
- Modified: Jul. 09, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-53005
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's PostgreSQL Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trig... Read more
Affected Products : dataease- Published: Jul. 01, 2025
- Modified: Jul. 16, 2025
- Vuln Type: Misconfiguration
-
5.4
MEDIUMCVE-2025-36056
IBM System Storage Virtualization Engine TS7700 3957 VED R5.4 8.54.2.17, R6.0 8.60.0.115, 3948 VED R5.4 8.54.2.17, R6.0 8.60.0.115, and 3948 VEF R6.0 8.60.0.115 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embe... Read more
Affected Products :- Published: Jul. 01, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-2141
IBM System Storage Virtualization Engine TS7700 3957 VED R5.4 8.54.2.17, R6.0 8.60.0.115, 3948 VED R5.4 8.54.2.17, R6.0 8.60.0.115, and 3948 VEF R6.0 8.60.0.115 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embe... Read more
Affected Products :- Published: Jul. 01, 2025
- Modified: Jul. 03, 2025
- Vuln Type: Cross-Site Scripting
-
9.8
CRITICALCVE-2025-6936
A vulnerability was found in code-projects Simple Pizza Ordering System 1.0. It has been classified as critical. This affects an unknown part of the file /addpro.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate t... Read more
Affected Products : simple_pizza_ordering_system- Published: Jul. 01, 2025
- Modified: Jul. 07, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-6935
A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /pages/payment_add.php. The manipulation of the argument cid leads to sql injection. The att... Read more
Affected Products : sales_and_inventory_system- Published: Jul. 01, 2025
- Modified: Jul. 07, 2025
- Vuln Type: Injection
-
6.3
MEDIUMCVE-2025-6932
A vulnerability, which was classified as problematic, was found in D-Link DCS-7517 up to 2.02.0. This affects the function g_F_n_GenPassForQlync of the file /bin/httpd of the component Qlync Password Generation Handler. The manipulation leads to use of ha... Read more
- Published: Jun. 30, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Misconfiguration
-
7.4
HIGHCVE-2025-6931
A vulnerability classified as problematic was found in D-Link DCS-6517 and DCS-7517 up to 2.02.0. Affected by this vulnerability is the function generate_pass_from_mac of the file /bin/httpd of the component Root Password Generation Handler. The manipulat... Read more
- Published: Jun. 30, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Cryptography