Latest CVE Feed
-
8.2
HIGHCVE-2024-58259
A vulnerability has been identified within Rancher Manager in which it did not enforce request body size limits on certain public (unauthenticated) and authenticated API endpoints. This allows a malicious user to exploit this by sending excessively lar... Read more
Affected Products : rancher- Published: Sep. 02, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Denial of Service
-
4.7
MEDIUMCVE-2025-0640
Authorization Bypass Through User-Controlled Key vulnerability in Akinsoft OctoCloud allows Resource Leak Exposure.This issue affects OctoCloud: from s1.09.02 before v1.11.01.... Read more
Affected Products :- Published: Sep. 02, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Authorization
-
9.3
CRITICALCVE-2025-6519
E3 Site Supervisor (firmware version < 2.31F01) has a default admin user "ONEDAY" with a daily generated password. An attacker can predictably generate the password for ONEDAY. The oneday user cannot be deleted or modified by any user.... Read more
Affected Products :- Published: Sep. 02, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Authentication
-
8.6
HIGHCVE-2025-2412
Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft QR Menu allows Authentication Bypass.This issue affects QR Menu: from s1.05.07 before v1.05.12.... Read more
Affected Products :- Published: Sep. 01, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Authentication
-
9.3
CRITICALCVE-2009-20010
Dogfood CRM version 2.0.10 contains a remote command execution vulnerability in the spell.php script used by its mail subsystem. The vulnerability arises from unsanitized user input passed via a POST request to the data parameter, which is processed by th... Read more
Affected Products :- Published: Aug. 30, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Injection
-
7.6
HIGHCVE-2025-0165
IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data 4.8.4, 4.8.5, and 5.0.0 through 5.2.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delet... Read more
Affected Products : watsonx_orchestrate_cartridge_for_ibm_cloud_pak_for_data- Published: Aug. 30, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-5662
A deserialization vulnerability exists in the H2O-3 REST API (POST /99/ImportSQLTable) that affects all versions up to 3.46.0.7. This vulnerability allows remote code execution (RCE) due to improper validation of JDBC connection parameters when using a Ke... Read more
Affected Products : h2o- Published: Sep. 02, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Injection
-
5.5
MEDIUMCVE-2025-5083
The Amministrazione Trasparente plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 9.0 due to insufficient input sanitization and output escaping. This makes it possible for authentic... Read more
Affected Products : amministrazione_trasparente- Published: Aug. 31, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Cross-Site Scripting
-
5.1
MEDIUMCVE-2025-44017
"Gunosy" App contains a vulnerability where sensitive information may be included in the application's outbound communication. If a user accesses a crafted URL, an attacker may obtain the JWT (JSON Web Token).... Read more
Affected Products :- Published: Sep. 02, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Information Disclosure
-
8.7
HIGHCVE-2005-10004
Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graph_view.php script. An authenticated user can inject arbitrary shell commands via the graph_start GET parameter, which is improperly handled during graph rendering.... Read more
Affected Products : cacti- Published: Aug. 30, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Injection
-
8.1
HIGHCVE-2025-47696
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Solwin Blog Designer PRO.This issue affects Blog Designer PRO: from n/a through 3.4.7.... Read more
Affected Products :- Published: Aug. 31, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Path Traversal
-
4.3
MEDIUMCVE-2024-12914
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akınsoft QR Menü allows Cross-Site Scripting (XSS).This issue affects QR Menü: from s1.05.05 before v1.05.12.... Read more
Affected Products :- Published: Sep. 01, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Cross-Site Scripting
-
4.3
MEDIUMCVE-2024-12974
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft ProKuaför allows Cross-Site Scripting (XSS).This issue affects ProKuaför: from s1.02.07 before v1.02.08.... Read more
Affected Products :- Published: Sep. 02, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Cross-Site Scripting
-
7.8
HIGHCVE-2022-38691
In BootROM, there is a possible missing validation for Certificate Type 0. This could lead to local escalation of privilege with no additional execution privileges needed.... Read more
Affected Products :- Published: Sep. 01, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2022-38692
In BootROM, there is a missing size check for RSA keys in Certificate Type 0 validation. This could lead to memory buffer overflow without requiring additional execution privileges.... Read more
Affected Products :- Published: Sep. 01, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Memory Corruption
-
8.7
HIGHCVE-2012-10062
A vulnerability in XAMPP, developed by Apache Friends, version 1.7.3's default WebDAV configuration allows remote authenticated attackers to upload and execute arbitrary PHP code. The WebDAV service, accessible via /webdav/, accepts HTTP PUT requests usin... Read more
Affected Products : xampp- Published: Aug. 30, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Misconfiguration
-
4.7
MEDIUMCVE-2024-12973
Origin Validation Error vulnerability in Akinsoft OctoCloud allows HTTP Response Splitting, CAPEC - 87 - Forceful Browsing.This issue affects OctoCloud: from s1.09.01 before v1.11.01.... Read more
Affected Products :- Published: Sep. 02, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Misconfiguration
-
5.1
MEDIUMCVE-2025-52546
E3 Site Supervisor Control (firmware version < 2.31F01) has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can inject a stored XSS to the floorplan... Read more
Affected Products :- Published: Sep. 02, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Cross-Site Scripting
-
6.9
MEDIUMCVE-2025-52548
E3 Site Supervisor Control (firmware version < 2.31F01) contains a hidden API call in the application services that enables SSH and Shellinabox, which exist but are disabled by default. An attacker with admin access to the application services can utilize... Read more
Affected Products :- Published: Sep. 02, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Authentication
-
9.3
CRITICALCVE-2025-52551
E2 Facility Management Systems use a proprietary protocol that allows for unauthenticated file operations on any file in the file system.... Read more
Affected Products :- Published: Sep. 02, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Authentication