Latest CVE Feed
Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.
HaPe PKH 1.1 contains a cross-site request forgery vulnerability that allows attackers to change administrator passwords by submitting forged requests to the user update endpoint. Attackers can craft…
HaPe PKH 1.1 contains multiple SQL injection vulnerabilities in admin/media.php that allow attackers to manipulate database queries by injecting SQL code through the 'id' parameter. An unauthenticate…
E-Registrasi Pencak Silat 18.10 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id_partai parame…
Wikidforum 2.20 contains a cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted HTML in the reply_text parameter. Attackers can pos…
Free MP3 CD Ripper 2.8 contains a stack-based buffer overflow vulnerability in WMA file processing that allows local attackers to bypass DEP protection via structured exception handling manipulation.…
Zechat 1.5 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the uname parameter. Attackers can send crafted …
The WP Travel Pro plugin for WordPress is vulnerable to arbitrary user deletion via the /wp-json/wp-travel/v1/travel-guide/{user_id} REST API endpoint in all versions up to, and including, 10.6.0. Th…
mcp-security provides Security and Authorization support for Model Context Protocol in Spring AI. Prior to 0.1.9, the mcp-security framework fails to implement the mandatory SSRF mitigations outlined…
Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, Mermaid's default configuration allows injecting CSS that applies…
Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-service attack when rendering gantt charts, i…
Falco Solutions PHPPageBuilder v0.31.0 contains an unrestricted file upload vulnerability in the pagemanager/pagebuilder module that allows remote attackers to upload arbitrary files and achieve remo…
A vulnerability was identified in TRENDnet TEW-432BRP 3.10B20. Affected by this issue is the function formWPS of the file /goform/formWPS. Such manipulation of the argument peerPin leads to stack-bas…
A vulnerability was determined in TRENDnet TEW-432BRP 3.10B20. Affected by this vulnerability is the function formSetRoute of the file /goform/formSetRoute. This manipulation of the argument ip/mask/…
manga-image-translator contains a remote code execution vulnerability in the shared API server mode due to unsafe deserialization of untrusted pickle data in the share.py module, where the /execute/{…
Improper handling of physical conditions in the bike-shutdown control of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows a physical attacker with access to the Wireless Control Modul…
Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. T…
Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. T…
Expected behavior violation in the in-vehicle network of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the motorcycle's anti-theft shutdown b…
WWBN AVideo is an open source video platform. In 29.0 and earlier, plugin/AuthorizeNet/processPayment.json.php credits the logged-in user's wallet based only on the attacker-controlled amount POST pa…
WWBN AVideo is an open source video platform. In 29.0 and earlier, AVideo stores category descriptions from user input and later renders category_description as raw HTML in the Gallery view. A user w…