Latest CVE Feed
-
2.3
LOWCVE-2025-44015
A command injection vulnerability has been reported to affect HybridDesk Station. If an attacker gains local network access, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following v... Read more
Affected Products :- Published: Aug. 29, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-34165
A stack-based buffer overflow vulnerability in NetSupport Manager 14.x versions prior to 14.12.0000 allows a remote, unauthenticated attacker to cause a denial of service (DoS) or potentially leak a limited amount of memory.... Read more
Affected Products :- Published: Aug. 30, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Memory Corruption
-
7.1
HIGHCVE-2025-22483
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application d... Read more
Affected Products :- Published: Aug. 29, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Cross-Site Scripting
-
4.2
MEDIUMCVE-2025-58067
Basecamp's Google Sign-In adds Google sign-in to Rails applications. Prior to version 1.3.1, it is possible to redirect a user to another origin if the "proceed_to" value in the session store is set to a protocol-relative URL. Normally the value of this U... Read more
Affected Products :- Published: Aug. 29, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Misconfiguration
-
6.4
MEDIUMCVE-2025-9500
The TablePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘shortcode_debug’ parameter in all versions up to, and including, 3.2 due to insufficient input sanitization and output escaping. This makes it possible for authentic... Read more
Affected Products : tablepress- Published: Aug. 30, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Cross-Site Scripting
-
4.6
MEDIUMCVE-2025-43773
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.18 and 7.4 GA through update 92 has a secu... Read more
- Published: Aug. 29, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-9669
A vulnerability has been found in Jinher OA 1.0. This issue affects some unknown processing of the file GetTreeDate.aspx. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been discl... Read more
Affected Products : jinher_oa- Published: Aug. 29, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Injection
-
0.0
NACVE-2025-38677
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid out-of-boundary access in dnode page As Jiaming Zhang reported: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x1c1/0x2a0 lib/dump_stack.c:120 ... Read more
Affected Products : linux_kernel- Published: Aug. 30, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2025-9670
A security flaw has been discovered in mixmark-io turndown up to 7.2.1. This affects an unknown function of the file src/commonmark-rules.js. Performing manipulation results in inefficient regular expression complexity. It is possible to initiate the atta... Read more
Affected Products :- Published: Aug. 29, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Denial of Service
-
8.8
HIGHCVE-2025-34164
A heap-based buffer overflow vulnerability in NetSupport Manager 14.x versions prior to 14.12.0000 allows a remote, unauthenticated attacker to cause a denial of service (DoS) or potentially result in arbitrary code execution.... Read more
Affected Products :- Published: Aug. 30, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-58158
Harness Open Source is an end-to-end developer platform with Source Control Management, CI/CD Pipelines, Hosted Developer Environments, and Artifact Registries. Prior to version 3.3.0, Open Source Harness git LFS server (Gitness) exposes api to retrieve a... Read more
Affected Products :- Published: Aug. 29, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Path Traversal
-
6.4
MEDIUMCVE-2025-9499
The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's oceanwp_library shortcode in all versions up to, and including, 2.4.9 due to insufficient input sanitization and output escaping on user supplied attributes... Read more
Affected Products : ocean_extra- Published: Aug. 30, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2025-9673
A vulnerability was detected in Kakao 헤이카카오 Hey Kakao App up to 2.17.4 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.kakao.i.connect. The manipulation results in improper export... Read more
Affected Products :- Published: Aug. 29, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Misconfiguration
-
7.0
HIGHCVE-2025-52861
A path traversal vulnerability has been reported to affect VioStor. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerabil... Read more
Affected Products :- Published: Aug. 29, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Path Traversal
-
5.1
MEDIUMCVE-2025-9688
A security vulnerability has been detected in Mupen64Plus up to 2.6.0. The affected element is the function write_is_viewer of the file src/device/cart/is_viewer.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely... Read more
Affected Products :- Published: Aug. 30, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Memory Corruption
-
4.7
MEDIUMCVE-2025-0670
Authorization Bypass Through User-Controlled Key vulnerability in Akinsoft ProKuafor allows Resource Leak Exposure.This issue affects ProKuafor: from s1.02.07 before v1.02.08.... Read more
Affected Products :- Published: Sep. 02, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Authorization
-
8.6
HIGHCVE-2025-9573
The ns_backup extension through 13.0.2 for TYPO3 allows command injection.... Read more
Affected Products :- Published: Sep. 02, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Injection
-
7.8
HIGHCVE-2022-38695
In BootRom, there's a possible unchecked command index. This could lead to local escalation of privilege with no additional execution privileges needed.... Read more
Affected Products :- Published: Sep. 01, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2022-38692
In BootROM, there is a missing size check for RSA keys in Certificate Type 0 validation. This could lead to memory buffer overflow without requiring additional execution privileges.... Read more
Affected Products :- Published: Sep. 01, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Memory Corruption
-
6.9
MEDIUMCVE-2025-41031
Lack of authorisation in Deporsite by T-INNOVA. This vulnerability allows an unauthenticated attacker to change other users' profile pictures via a POST request using the parameters ‘IdPersona’ and “Foto” in ‘/ajax/TInnova_c/FotoUsuario/llamadaAjax/upload... Read more
Affected Products :- Published: Sep. 02, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Authorization