Latest CVE Feed
-
8.5
HIGHCVE-2025-3478
A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText Enterprise Security Manager. The vulnerability could be remotely exploited.... Read more
Affected Products :- Published: Aug. 25, 2025
- Modified: Aug. 25, 2025
- Vuln Type: Cross-Site Scripting
-
9.8
CRITICALCVE-2025-45968
An issue in System PDV v1.0 allows a remote attacker to obtain sensitive information via the hash parameter in a URL. The application contains an Insecure Direct Object Reference (IDOR) vulnerability, which occurs due to a lack of proper authorization che... Read more
Affected Products :- Published: Aug. 25, 2025
- Modified: Aug. 25, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-44178
DASAN GPON ONU H660WM H660WMR210825 is susceptible to improper access control under its default settings. Attackers can exploit this vulnerability to gain unauthorized access to sensitive information and modify its configuration via the UPnP protocol WAN ... Read more
Affected Products :- Published: Aug. 25, 2025
- Modified: Aug. 25, 2025
- Vuln Type: Authentication
-
6.5
MEDIUMCVE-2025-9413
A flaw has been found in lostvip-com ruoyi-go up to 2.1. This impacts the function SelectListByPage of the file modules/system/system_router.go. This manipulation of the argument orderByColumn/isAsc causes sql injection. The attack may be initiated remote... Read more
Affected Products :- Published: Aug. 25, 2025
- Modified: Aug. 25, 2025
- Vuln Type: Injection
-
9.4
CRITICALCVE-2025-53120
A path traversal vulnerability in unauthenticated upload functionality allows a malicious actor to upload binaries and scripts to the server’s configuration and web root directories, achieving remote code execution on the Unified PAM server.... Read more
Affected Products :- Published: Aug. 25, 2025
- Modified: Aug. 25, 2025
- Vuln Type: Path Traversal