Latest CVE Feed
-
7.3
HIGHCVE-2025-46355
Incorrect default permissions issue in PC Time Tracer prior to 5.2. If exploited, arbitrary code may be executed with SYSTEM privilege on Windows system where the product is running by a local authenticated attacker.... Read more
Affected Products :- Published: Jun. 03, 2025
- Modified: Jun. 04, 2025
- Vuln Type: Misconfiguration
-
6.9
MEDIUMCVE-2025-41428
Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in TimeWorks 10.0 to 10.3. If exploited, arbitrary JSON files on the server may be viewed by a remote unauthenticated attacker.... Read more
Affected Products :- Published: Jun. 03, 2025
- Modified: Jun. 04, 2025
- Vuln Type: Path Traversal
-
8.6
HIGHCVE-2025-21479
Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.... Read more
Affected Products : aqt1000_firmware qca6391_firmware sd855_firmware wcn3988_firmware wsa8810_firmware wsa8815_firmware wsa8830_firmware wsa8835_firmware qcm4490_firmware qcs4490_firmware +134 more products- Actively Exploited
- Published: Jun. 03, 2025
- Modified: Jun. 04, 2025
- Vuln Type: Memory Corruption
-
4.8
MEDIUMCVE-2025-4567
The Post Slider and Post Carousel with Post Vertical Scrolling Widget WordPress plugin before 3.2.10 does not validate and escape some of its Widget options before outputting them back in a page/post where the block is embed, which could allow users with... Read more
Affected Products : post_slider_and_post_carousel- Published: Jun. 03, 2025
- Modified: Aug. 01, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-3662
The FancyBox for WordPress plugin before 3.3.6 does not escape captions and titles attributes before using them to populate galleries' caption fields. The issue was received as a Contributor+ Stored XSS, however one of our researcher (Marc Montpas) escala... Read more
Affected Products : fancybox- Published: Jun. 03, 2025
- Modified: Jun. 05, 2025
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-3584
The Newsletter WordPress plugin before 8.8.2 does not sanitise and escape some of its Subscription settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is d... Read more
Affected Products : newsletter- Published: Jun. 03, 2025
- Modified: Jun. 05, 2025
- Vuln Type: Cross-Site Scripting
-
6.2
MEDIUMCVE-2025-31712
In cplog service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed.... Read more
- Published: Jun. 03, 2025
- Modified: Jun. 10, 2025
- Vuln Type: Memory Corruption
-
6.2
MEDIUMCVE-2025-31711
In cplog service, there is a possible system crash due to null pointer dereference. This could lead to local denial of service with no additional execution privileges needed.... Read more
- Published: Jun. 03, 2025
- Modified: Jun. 10, 2025
- Vuln Type: Denial of Service
-
8.4
HIGHCVE-2025-31710
In engineermode service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed.... Read more
- Published: Jun. 03, 2025
- Modified: Jun. 10, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-27038
Memory corruption while rendering graphics using Adreno GPU drivers in Chrome.... Read more
Affected Products : qca6391_firmware sw5100_firmware sw5100p_firmware wcd9385_firmware wcn3980_firmware wcn3988_firmware wsa8810_firmware wsa8815_firmware wsa8830_firmware wsa8835_firmware +78 more products- Actively Exploited
- Published: Jun. 03, 2025
- Modified: Jun. 04, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-27031
memory corruption while processing IOCTL commands, when the buffer in write loopback mode is accessed after being freed.... Read more
- Published: Jun. 03, 2025
- Modified: Aug. 20, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-27029
Transient DOS while processing the tone measurement response buffer when the response buffer is out of range.... Read more
Affected Products : wsa8830_firmware wsa8835_firmware ipq9008_firmware ipq9574_firmware qca8075_firmware qca8081_firmware qca8082_firmware qca8084_firmware qca8085_firmware qca8386_firmware +124 more products- Published: Jun. 03, 2025
- Modified: Aug. 20, 2025
- Vuln Type: Denial of Service
-
7.8
HIGHCVE-2025-21486
Memory corruption during dynamic process creation call when client is only passing address and length of shell binary.... Read more
- Published: Jun. 03, 2025
- Modified: Aug. 20, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-21485
Memory corruption while processing INIT and multimode invoke IOCTL calls on FastRPC.... Read more
- Published: Jun. 03, 2025
- Modified: Aug. 20, 2025
- Vuln Type: Memory Corruption
-
8.6
HIGHCVE-2025-21480
Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.... Read more
Affected Products : aqt1000_firmware qca6391_firmware sd855_firmware wcd9341_firmware wcd9380_firmware wcd9385_firmware wcn3988_firmware wsa8810_firmware wsa8815_firmware wsa8830_firmware +142 more products- Actively Exploited
- Published: Jun. 03, 2025
- Modified: Jun. 04, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-21463
Transient DOS while processing the EHT operation IE in the received beacon frame.... Read more
Affected Products :- Published: Jun. 03, 2025
- Modified: Jun. 04, 2025
- Vuln Type: Denial of Service
-
8.2
HIGHCVE-2024-53026
Information disclosure when an invalid RTCP packet is received during a VoLTE/VoWiFi IMS call.... Read more
Affected Products :- Published: Jun. 03, 2025
- Modified: Jun. 04, 2025
- Vuln Type: Information Disclosure
-
8.2
HIGHCVE-2024-53021
Information disclosure may occur while processing goodbye RTCP packet from network.... Read more
Affected Products :- Published: Jun. 03, 2025
- Modified: Jun. 04, 2025
- Vuln Type: Information Disclosure
-
8.2
HIGHCVE-2024-53020
Information disclosure may occur while decoding the RTP packet with invalid header extension from network.... Read more
Affected Products :- Published: Jun. 03, 2025
- Modified: Jun. 04, 2025
- Vuln Type: Information Disclosure
-
8.2
HIGHCVE-2024-53019
Information disclosure may occur while decoding the RTP packet with improper header length for number of contributing sources.... Read more
Affected Products : qca6696_firmware sa6155p_firmware sa8155p_firmware sa8195p_firmware sd_8_gen1_5g_firmware sw5100_firmware sw5100p_firmware wcd9341_firmware wcd9380_firmware wcd9385_firmware +152 more products- Published: Jun. 03, 2025
- Modified: Aug. 20, 2025
- Vuln Type: Information Disclosure