Latest CVE Feed
-
8.8
HIGHCVE-2025-8928
A vulnerability was identified in code-projects Medical Store Management System 1.0. This affects an unknown part of the file UpdateMedicines.java of the component Update Medicines Page. The manipulation of the argument productNameTxt leads to sql injecti... Read more
Affected Products : medical_store_management_system- Published: Aug. 13, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Injection
-
9.2
CRITICALCVE-2025-34154
UnForm Server Manager versions prior to 10.1.12 expose an unauthenticated file read vulnerability via its log file analysis interface. The flaw resides in the arc endpoint, which accepts a fl parameter to specify the log file to be opened. Due to insuffic... Read more
Affected Products :- Published: Aug. 13, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Path Traversal
-
9.3
CRITICALCVE-2012-10060
Sysax Multi Server versions prior to 5.55 contains a stack-based buffer overflow in its SSH service. When a remote attacker supplies an overly long username during authentication, the server copies the input to a fixed-size stack buffer without proper bou... Read more
Affected Products :- Published: Aug. 13, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Memory Corruption
-
9.4
CRITICALCVE-2012-10059
Dolibarr ERP/CRM versions <= 3.1.1 and <= 3.2.0 contain a post-authenticated OS command injection vulnerability in its database backup feature. The export.php script fails to sanitize the sql_compat parameter, allowing authenticated users to inject arbitr... Read more
Affected Products :- Published: Aug. 13, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Injection
-
10.0
CRITICALCVE-2012-10058
RabidHamster R4 v1.25 contains a stack-based buffer overflow vulnerability due to unsafe use of sprintf() when logging malformed HTTP requests. A remote attacker can exploit this flaw by sending a specially crafted URI, resulting in arbitrary code executi... Read more
Affected Products :- Published: Aug. 13, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2012-10057
Lattice Semiconductor ispVM System v18.0.2 contains a buffer overflow vulnerability in its handling of .xcf project files. When parsing the version attribute of the ispXCF XML tag, the application fails to properly validate input length, allowing a specia... Read more
Affected Products :- Published: Aug. 13, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Memory Corruption
-
8.7
HIGHCVE-2012-10056
PHP Volunteer Management System v1.0.2 contains an arbitrary file upload vulnerability in its document upload functionality. Authenticated users can upload files to the mods/documents/uploads/ directory without any restriction on file type or extension. B... Read more
Affected Products :- Published: Aug. 13, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Authentication
-
9.3
CRITICALCVE-2012-10055
ComSndFTP FTP Server version 1.3.7 Beta contains a format string vulnerability in its handling of the USER command. By sending a specially crafted username containing format specifiers, a remote attacker can overwrite a hardcoded function pointer in memor... Read more
Affected Products :- Published: Aug. 13, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Memory Corruption
-
9.3
CRITICALCVE-2012-10054
Umbraco CMS versions prior to 4.7.1 are vulnerable to unauthenticated remote code execution via the codeEditorSave.asmx SOAP endpoint, which exposes a SaveDLRScript operation that permits arbitrary file uploads without authentication. By exploiting a path... Read more
Affected Products : umbraco_cms- Published: Aug. 13, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Path Traversal
-
10.0
CRITICALCVE-2011-10019
Spreecommerce versions prior to 0.60.2 contains a remote command execution vulnerability in its search functionality. The application fails to properly sanitize input passed via the search[send][] parameter, which is dynamically invoked using Ruby’s send ... Read more
Affected Products :- Published: Aug. 13, 2025
- Modified: Aug. 18, 2025
- Vuln Type: Injection
-
10.0
CRITICALCVE-2011-10018
myBB version 1.6.4 was distributed with an unauthorized backdoor embedded in the source code. The backdoor allowed remote attackers to execute arbitrary PHP code by injecting payloads into a specially crafted collapsed cookie. This vulnerability was intro... Read more
Affected Products : mybb- Published: Aug. 13, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Authentication
-
10.0
CRITICALCVE-2011-10017
Snort Report versions < 1.3.2 contains a remote command execution vulnerability in the nmap.php and nbtscan.php scripts. These scripts fail to properly sanitize user input passed via the target GET parameter, allowing attackers to inject arbitrary shell c... Read more
Affected Products :- Published: Aug. 13, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Injection
-
9.3
CRITICALCVE-2011-10016
Real Networks Netzip Classic version 7.5.1.86 is vulnerable to a stack-based buffer overflow when parsing a specially crafted ZIP archive. The vulnerability is triggered when the application attempts to process a file name within the archive that exceeds ... Read more
Affected Products :- Published: Aug. 13, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Memory Corruption
-
9.3
CRITICALCVE-2011-10015
Cytel Studio version 9.0 and earlier is vulnerable to a stack-based buffer overflow triggered by parsing a malformed .CY3 file. The vulnerability occurs when the application copies user-controlled strings into a fixed-size stack buffer (256 bytes) without... Read more
Affected Products :- Published: Aug. 13, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Memory Corruption
-
8.7
HIGHCVE-2011-10014
GTA San Andreas Multiplayer (SA-MP) server version 0.3.1.1 is vulnerable to a stack-based buffer overflow triggered by parsing a malformed server.cfg configuration file. The vulnerability allows local attackers to execute arbitrary code when the server bi... Read more
Affected Products :- Published: Aug. 13, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Memory Corruption
-
10.0
CRITICALCVE-2011-10013
Traq versions 2.0 through 2.3 contain a remote code execution vulnerability in the admincp/common.php script. The flawed authorization logic fails to halt execution after a failed access check, allowing unauthenticated users to reach admin-only functional... Read more
Affected Products :- Published: Aug. 13, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Authorization
-
8.4
HIGHCVE-2011-10012
NetOp (now part of Impero Software) Remote Control Client v9.5 is vulnerable to a stack-based buffer overflow when processing .dws configuration files. If a .dws file contains a string longer than 520 bytes, the application fails to perform proper bounds ... Read more
Affected Products :- Published: Aug. 13, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Memory Corruption
-
10.0
CRITICALCVE-2011-10011
WeBid 1.0.2 contains a remote code injection vulnerability in the converter.php script, where unsanitized input in the to parameter of a POST request is written directly into includes/currencies.php. This allows unauthenticated attackers to inject arbitra... Read more
Affected Products :- Published: Aug. 13, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Injection
-
9.4
CRITICALCVE-2011-10010
QuickShare File Server 1.2.1 contains a path traversal vulnerability in its FTP service due to improper sanitation of user-supplied file paths. Authenticated users can exploit this flaw by submitting crafted sequences to access or write files outside the ... Read more
Affected Products :- Published: Aug. 13, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Path Traversal
-
8.7
HIGHCVE-2011-10009
S40 CMS v0.4.2 contains a path traversal vulnerability in its index.php page handler. The p parameter is not properly sanitized, allowing attackers to traverse the file system and access arbitrary files outside the web root. This can be exploited remotely... Read more
Affected Products :- Published: Aug. 13, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Path Traversal