Latest CVE Feed
-
8.6
HIGHCVE-2025-10703
Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. The SpyAttribute connection option... Read more
Affected Products :- Published: Nov. 19, 2025
- Modified: Nov. 19, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-10437
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. Webpack Management System allows SQL Injection.This issue affects Webpack Management Sys... Read more
Affected Products :- Published: Nov. 19, 2025
- Modified: Nov. 19, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-63218
The Axel Technology WOLF1MS and WOLF2MS devices (firmware versions 0.8.5 to 1.0.3) are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create... Read more
Affected Products :- Published: Nov. 19, 2025
- Modified: Nov. 19, 2025
- Vuln Type: Authentication
-
8.7
HIGHCVE-2025-34337
eGovFramework/egovframe-common-components versions up to and including 4.3.1 includes Web Editor image upload and related file delivery functionality that uses symmetric encryption to protect URL parameters, but exposes an encryption oracle that allows at... Read more
Affected Products :- Published: Nov. 19, 2025
- Modified: Nov. 19, 2025
- Vuln Type: Information Disclosure
-
6.9
MEDIUMCVE-2025-34336
eGovFramework/egovframe-common-components versions up to and including 4.3.1 contain an unauthenticated file upload vulnerability via the /utl/wed/insertImage.do and /utl/wed/insertImageCk.do image upload endpoints. These controllers accept multipart requ... Read more
Affected Products :- Published: Nov. 19, 2025
- Modified: Nov. 19, 2025
- Vuln Type: Misconfiguration