Latest CVE Feed
-
7.7
HIGHCVE-2025-52545
E3 Site Supervisor Control (firmware version < 2.31F01) RCI service contains an API call to read users info, which returns all usernames and password hashes for the application services.... Read more
Affected Products :- Published: Sep. 02, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Information Disclosure
-
4.3
MEDIUMCVE-2024-12972
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft OctoCloud allows Cross-Site Scripting (XSS).This issue affects OctoCloud: from s1.09.01 before v1.11.01.... Read more
Affected Products :- Published: Sep. 02, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Cross-Site Scripting
-
8.8
HIGHCVE-2025-52544
E3 Site Supervisor Control (firmware version < 2.31F01) has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can access any file from the E3 file sys... Read more
Affected Products :- Published: Sep. 02, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Path Traversal
-
6.3
MEDIUMCVE-2024-12924
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Akınsoft QR Menü allows Forceful Browsing, Phishing.This issue affects QR Menü: from s1.05.05 before v1.05.12.... Read more
Affected Products :- Published: Sep. 01, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Misconfiguration
-
8.6
HIGHCVE-2025-2413
Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft ProKuafor allows Authentication Bypass.This issue affects ProKuafor: from s1.02.08 before v1.02.08.... Read more
Affected Products :- Published: Sep. 02, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Authentication
-
5.5
MEDIUMCVE-2025-5083
The Amministrazione Trasparente plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 9.0 due to insufficient input sanitization and output escaping. This makes it possible for authentic... Read more
Affected Products : amministrazione_trasparente- Published: Aug. 31, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Cross-Site Scripting
-
5.5
MEDIUMCVE-2025-9801
A security vulnerability has been detected in SimStudioAI sim up to ed9b9ad83f1a7c61f4392787fb51837d34eeb0af. This affects an unknown part. The manipulation of the argument filePath leads to path traversal. Remote exploitation of the attack is possible. T... Read more
Affected Products : sim- Published: Sep. 01, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Path Traversal
-
9.3
CRITICALCVE-2025-52551
E2 Facility Management Systems use a proprietary protocol that allows for unauthenticated file operations on any file in the file system.... Read more
Affected Products :- Published: Sep. 02, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Authentication
-
5.1
MEDIUMCVE-2025-52546
E3 Site Supervisor Control (firmware version < 2.31F01) has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can inject a stored XSS to the floorplan... Read more
Affected Products :- Published: Sep. 02, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Cross-Site Scripting
-
4.7
MEDIUMCVE-2024-12973
Origin Validation Error vulnerability in Akinsoft OctoCloud allows HTTP Response Splitting, CAPEC - 87 - Forceful Browsing.This issue affects OctoCloud: from s1.09.01 before v1.11.01.... Read more
Affected Products :- Published: Sep. 02, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Misconfiguration
-
6.8
MEDIUMCVE-2025-9810
TOCTOU in linenoiseHistorySave in linenoise allows local attackers to overwrite arbitrary files and change permissions via a symlink race between fopen("w") on the history path and subsequent chmod() on the same path.... Read more
Affected Products :- Published: Sep. 01, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Race Condition
-
9.8
CRITICALCVE-2025-54857
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in SkyBridge BASIC MB-A130 Ver.1.5.8 and earlier. If exploited, a remote unauthenticated attacker may execute arbitrary OS commands with root privilege... Read more
Affected Products : skybridge_basic_mb-a130_firmware- Published: Sep. 01, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-5662
A deserialization vulnerability exists in the H2O-3 REST API (POST /99/ImportSQLTable) that affects all versions up to 3.46.0.7. This vulnerability allows remote code execution (RCE) due to improper validation of JDBC connection parameters when using a Ke... Read more
Affected Products : h2o- Published: Sep. 02, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Injection
-
8.6
HIGHCVE-2009-20008
Green Dam Youth Escort version 3.17 is vulnerable to a stack-based buffer overflow when processing overly long URLs. The flaw resides in the URL filtering component, which fails to properly validate input length before copying user-supplied data into a fi... Read more
Affected Products :- Published: Aug. 30, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Memory Corruption
-
8.7
HIGHCVE-2012-10062
A vulnerability in XAMPP, developed by Apache Friends, version 1.7.3's default WebDAV configuration allows remote authenticated attackers to upload and execute arbitrary PHP code. The WebDAV service, accessible via /webdav/, accepts HTTP PUT requests usin... Read more
Affected Products : xampp- Published: Aug. 30, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Misconfiguration
-
10.0
CRITICALCVE-2009-20011
ContentKeeper Web Appliance (now maintained by Impero Software) versions prior to 125.10 are vulnerable to remote command execution due to insecure handling of file uploads via the mimencode CGI utility. The vulnerability allows unauthenticated attackers ... Read more
Affected Products :- Published: Aug. 30, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Authentication
-
5.1
MEDIUMCVE-2025-44017
"Gunosy" App contains a vulnerability where sensitive information may be included in the application's outbound communication. If a user accesses a crafted URL, an attacker may obtain the JWT (JSON Web Token).... Read more
Affected Products :- Published: Sep. 02, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Information Disclosure
-
8.6
HIGHCVE-2025-0610
Cross-Site Request Forgery (CSRF) vulnerability in Akınsoft QR Menü allows Cross Site Request Forgery.This issue affects QR Menü: from s1.05.06 before v1.05.12.... Read more
Affected Products :- Published: Sep. 01, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Cross-Site Request Forgery
-
4.3
MEDIUMCVE-2024-12914
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akınsoft QR Menü allows Cross-Site Scripting (XSS).This issue affects QR Menü: from s1.05.05 before v1.05.12.... Read more
Affected Products :- Published: Sep. 01, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Cross-Site Scripting
-
4.3
MEDIUMCVE-2024-12974
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft ProKuaför allows Cross-Site Scripting (XSS).This issue affects ProKuaför: from s1.02.07 before v1.02.08.... Read more
Affected Products :- Published: Sep. 02, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Cross-Site Scripting