Latest CVE Feed
- 
                                
                                5.4MEDIUMCVE-2025-11616A missing validation check in FreeRTOS-Plus-TCP's ICMPv6 packet processing code can lead to an out-of-bounds read when receiving ICMPv6 packets of certain message types which are smaller than the expected size. These issues only affect applications using ... Read more Affected Products :- Published: Oct. 10, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Memory Corruption
 
- 
                                
                                5.5MEDIUMCVE-2025-11580A weakness has been identified in PowerJob up to 5.1.2. This affects the function list of the file /user/list. This manipulation causes missing authorization. The attack can be initiated remotely. The exploit has been made available to the public and coul... Read more Affected Products :- Published: Oct. 10, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Authorization
 
- 
                                
                                5.8MEDIUMCVE-2025-61780Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, a possible information disclosure vulnerability existed in `Rack::Sendfile` when running behind a proxy that supports `x-sendfile` headers (such as Nginx). Specially... Read more Affected Products : rack- Published: Oct. 10, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Information Disclosure
 
- 
                                
                                8.7HIGHCVE-2025-61689HTTP.jl is an HTTP client and server functionality for the Julia programming language. Prior to version 1.10.19, HTTP.jl did not validate header names/values for illegal characters, allowing CRLF-based header injection and response splitting. This enables... Read more Affected Products :- Published: Oct. 10, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Injection
 
- 
                                
                                4.1MEDIUMCVE-2025-60308code-projects Simple Online Hotel Reservation System 1.0 has a Cross Site Scripting (XSS) vulnerability in the Add Room function of the online hotel reservation system. Malicious JavaScript code is entered in the Description field, which can leak the admi... Read more Affected Products : simple_online_hotel_reservation_system- Published: Oct. 10, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Cross-Site Scripting
 
- 
                                
                                9.9CRITICALCVE-2025-60306code-projects Simple Car Rental System 1.0 has a permission bypass issue where low privilege users can forge high privilege sessions and perform sensitive operations.... Read more Affected Products : simple_car_rental_system- Published: Oct. 10, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Authentication
 
- 
                                
                                9.4CRITICALCVE-2025-60269JEEWMS 20250820 is vulnerable to SQL Injection in the exportXls function located in the src/main/java/org/jeecgframework/web/cgreport/controller/excel/CgExportExcelController.java file.... Read more Affected Products : jeewms- Published: Oct. 10, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Injection
 
- 
                                
                                9.8CRITICALCVE-2025-60307code-projects Computer Laboratory System 1.0 has a SQL injection vulnerability, where entering a universal password in the Password field on the login page can bypass login attempts.... Read more Affected Products : computer_laboratory_system- Published: Oct. 10, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Injection
 
- 
                                
                                8.8HIGHCVE-2025-60305SourceCodester Online Student Clearance System 1.0 is vulnerable to Incorrect Access Control. The application contains a logic flaw which allows low privilege users can forge high privileged sessions and perform sensitive operations.... Read more Affected Products : online_student_clearance_system- Published: Oct. 10, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Authentication
 
- 
                                
                                7.5HIGHCVE-2025-59530quic-go is an implementation of the QUIC protocol in Go. In versions prior to 0.49.0, 0.54.1, and 0.55.0, a misbehaving or malicious server can cause a denial-of-service (DoS) attack on the quic-go client by triggering an assertion failure, leading to a p... Read more Affected Products : quic-go- Published: Oct. 10, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Denial of Service
 
- 
                                
                                8.6HIGHCVE-2025-48043Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/authorizer/authorizer.ex and program routines 'Elixir.Ash.Policy.Authorizer':strict_filters/2. This ... Read more Affected Products : ash- Published: Oct. 10, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Authorization
 
- 
                                
                                7.3HIGHCVE-2025-60869Publii CMS v0.46.5 (build 17089) allows persistent Cross-Site Scripting (XSS) via unsanitized input in configuration fields such as "Site Description" and "Footer Follow Buttons". An attacker can inject arbitrary JavaScript, which is stored in the project... Read more Affected Products :- Published: Oct. 10, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Cross-Site Scripting
 
- 
                                
                                8.1HIGHCVE-2025-60378Stored HTML injection in RISE Ultimate Project Manager & CRM allows authenticated users to inject arbitrary HTML into invoices and messages. Injected content renders in emails, PDFs, and messaging/chat modules sent to clients or team members, enabling phi... Read more Affected Products :- Published: Oct. 10, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Cross-Site Scripting
 
- 
                                
                                6.1MEDIUMCVE-2025-8887Authorization Bypass Through User-Controlled Key, Missing Authorization, Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Usta Information Systems Inc. Aybs Interaktif allows Forceful Browsing, Parameter Injection, Input Data Ma... Read more Affected Products :- Published: Oct. 10, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Authorization
 
- 
                                
                                6.7MEDIUMCVE-2025-8886Incorrect Permission Assignment for Critical Resource, Exposure of Sensitive Information to an Unauthorized Actor, Missing Authorization, Incorrect Authorization vulnerability in Usta Information Systems Inc. Aybs Interaktif allows Privilege Abuse, Authen... Read more Affected Products :- Published: Oct. 10, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Authorization
 
- 
                                
                                6.1MEDIUMCVE-2025-61319ReNgine thru 2.2.0 is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability in the Vulnerabilities module. When scanning a target with an XSS payload, the unsanitized payload is rendered in the ReNgine web UI, resulting in arbitrary JavaScript e... Read more Affected Products :- Published: Oct. 10, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Cross-Site Scripting
 
- 
                                
                                6.5MEDIUMCVE-2025-61152python-jose thru 3.3.0 allows JWT tokens with 'alg=none' to be decoded and accepted without any cryptographic signature verification. A malicious actor can craft a forged token with arbitrary claims (e.g., is_admin=true) and bypass authentication checks, ... Read more Affected Products :- Published: Oct. 10, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Authentication
 
- 
                                
                                6.5MEDIUMCVE-2025-60868The Alt Redirect 1.6.3 addon for Statamic fails to consistently strip query string parameters when the "Query String Strip" feature is enabled. Case variations, encoded keys, and duplicates are not removed, allowing attackers to bypass sanitization. This ... Read more Affected Products :- Published: Oct. 10, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Misconfiguration
 
- 
                                
                                4.6MEDIUMCVE-2025-62239Cross-site scripting (XSS) vulnerability in workflow process builder in Liferay Portal 7.4.3.21 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 21 through update 92 allows remote authenticated at... Read more - Published: Oct. 10, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Cross-Site Scripting
 
- 
                                
                                4.8MEDIUMCVE-2025-62238Stored cross-site scripting (XSS) vulnerability on the Membership page in Account Settings in Liferay Portal 7.4.3.21 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 21 through update 92 allows r... Read more - Published: Oct. 10, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Cross-Site Scripting
 
 
                         
                         
                         
                                             
                                            