Latest CVE Feed
-
7.2
HIGHCVE-2025-4615
An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and execute arbitrary commands. The security risk posed by this... Read more
- Published: Oct. 09, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Injection
-
4.8
MEDIUMCVE-2025-4614
An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to view session tokens of users authenticated to the firewall web UI. This may allow impersonation of users whose session tokens are leak... Read more
- Published: Oct. 09, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Information Disclosure
-
8.8
HIGHCVE-2025-11552
A vulnerability was identified in code-projects Online Complaint Site 1.0. This impacts an unknown function of the file /admin/category.php. Such manipulation of the argument Category leads to sql injection. It is possible to launch the attack remotely. T... Read more
- Published: Oct. 09, 2025
- Modified: Oct. 20, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-60267
In xckk v9.6, there is a SQL injection vulnerability in which the cond parameter in notice/list is not securely filtered, resulting in a SQL injection vulnerability.... Read more
Affected Products : xckk- Published: Oct. 09, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Injection
-
8.7
HIGHCVE-2025-11573
An infinite loop issue in Amazon.IonDotnet library versions <v1.3.2 may allow a threat actor to cause a denial of service through a specially crafted text input. To mitigate this issue, users should upgrade to version v1.3.2. As of August 20, 2025, this ... Read more
Affected Products :- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Denial of Service
-
9.8
CRITICALCVE-2025-11551
A vulnerability was determined in code-projects Student Result Manager 1.0. This affects an unknown function of the file src/students/Database.java. This manipulation of the argument roll/name/gpa causes sql injection. It is possible to initiate the attac... Read more
Affected Products : student_result_manager- Published: Oct. 09, 2025
- Modified: Oct. 20, 2025
- Vuln Type: Injection
-
7.1
HIGHCVE-2025-11550
A vulnerability was found in Tenda W12 3.0.0.6(3948). The impacted element is the function wifiScheduledSet of the file /goform/modules of the component HTTP Request Handler. The manipulation of the argument wifiScheduledSet results in null pointer derefe... Read more
- Published: Oct. 09, 2025
- Modified: Oct. 20, 2025
- Vuln Type: Denial of Service
-
6.1
MEDIUMCVE-2025-60304
code-projects Simple Scheduling System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Subject Description field.... Read more
Affected Products : simple_scheduling_system- Published: Oct. 09, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-60266
In xckk v9.6, there is a SQL injection vulnerability in which the orderBy parameter in address/list is not securely filtered, resulting in a SQL injection vulnerability.... Read more
Affected Products : xckk- Published: Oct. 09, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Injection
-
5.4
MEDIUMCVE-2025-60010
A password aging vulnerability in the RADIUS client of Juniper Networks Junos OS and Junos OS Evolved allows an authenticated, network-based attacker to access the device without enforcing the required password change. Affected devices allow logins by us... Read more
- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Authentication
-
6.1
MEDIUMCVE-2025-60009
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the CLI Configlet page that, when visited by another user, enables the at... Read more
Affected Products : junos_space- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2025-60006
Multiple instances of an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the CLI of Juniper Networks Junos OS Evolved could be used to elevate privileges and/or execute unauthorized commands. ... Read more
Affected Products : junos_os_evolved- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Injection
-
8.7
HIGHCVE-2025-60004
An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial-Of-Service (DoS). When an aff... Read more
- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Denial of Service
-
6.1
MEDIUMCVE-2025-60002
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Template Definitions page that, when visited by another user, enables the... Read more
Affected Products : junos_space- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-60001
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Generate Report page that, when visited by another user, enables the atta... Read more
Affected Products : junos_space- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-60000
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Generate Report page that, when visited by another user, enables the atta... Read more
Affected Products : junos_space- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-59999
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the API Access Profiles page that, when visited by another user, enables the ... Read more
Affected Products : junos_space- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-59998
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Archive Log screen that, when visited by another user, enables the attack... Read more
Affected Products : junos_space- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-59997
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the CLI Configlets pages that, when visited by another user, enable the attac... Read more
Affected Products : junos_space- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-59996
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Configuration View page that, when visited by another user, enables the a... Read more
Affected Products : junos_space- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Cross-Site Scripting