Latest CVE Feed
-
7.8
HIGHCVE-2025-27053
Memory corruption during PlayReady APP usecase while processing TA commands.... Read more
Affected Products : aqt1000_firmware qam8295p_firmware qca6391_firmware qca6420_firmware qca6426_firmware qca6430_firmware qca6436_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware +628 more products- Published: Oct. 09, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-27054
Memory corruption while processing a malformed license file during reboot.... Read more
Affected Products : aqt1000_firmware qam8295p_firmware qca6391_firmware qca6420_firmware qca6426_firmware qca6430_firmware qca6436_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware +588 more products- Published: Oct. 09, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-47338
Memory corruption while processing escape commands from userspace.... Read more
Affected Products : wcd9380_firmware wcd9385_firmware fastconnect_6900_firmware fastconnect_7800_firmware wsa8840_firmware wsa8845_firmware wsa8845h_firmware wcd9380 wcd9385 sc8380xp_firmware +26 more products- Published: Oct. 09, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-47340
Memory corruption while processing IOCTL call to get the mapping.... Read more
Affected Products : wcd9380_firmware wcd9385_firmware fastconnect_6900_firmware fastconnect_7800_firmware wsa8840_firmware wsa8845_firmware wsa8845h_firmware wcd9380 wcd9385 sc8380xp_firmware +26 more products- Published: Oct. 09, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-47341
memory corruption while processing an image encoding completion event.... Read more
- Published: Oct. 09, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-47349
Memory corruption while processing an escape call.... Read more
Affected Products : wcd9380_firmware wcd9385_firmware fastconnect_6900_firmware fastconnect_7800_firmware wsa8840_firmware wsa8845_firmware wsa8845h_firmware wcd9380 wcd9385 sc8380xp_firmware +26 more products- Published: Oct. 09, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-47351
Memory corruption while processing user buffers.... Read more
Affected Products : wcd9385_firmware wcn3988_firmware wsa8810_firmware wsa8815_firmware wsa8830_firmware wsa8835_firmware wcd9370_firmware wcd9375_firmware wcn3950_firmware wsa8832_firmware +46 more products- Published: Oct. 09, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-47354
Memory corruption while allocating buffers in DSP service.... Read more
- Published: Oct. 09, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-47355
Memory corruption while invoking remote procedure IOCTL calls.... Read more
- Published: Oct. 09, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Memory Corruption
-
5.4
MEDIUMCVE-2016-15049
Nagios Log Server versions prior to 1.4.2 are vulnerable to cross-site scripting (XSS) in the Dashboards section when rendering log entries in the Logs table. Untrusted log content was not safely encoded for the output context, allowing attacker-controlle... Read more
Affected Products : log_server- Published: Oct. 30, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Cross-Site Scripting
-
8.8
HIGHCVE-2016-15050
Nagios XI versions prior to 5.2.4 contain a SQL injection vulnerability in the notification search functionality. User-supplied search parameters were incorporated into SQL statements without adequate parameterization or sanitation, allowing an authentica... Read more
- Published: Oct. 30, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Injection
-
5.4
MEDIUMCVE-2016-15051
Nagios XI versions prior to 5.2.4 are vulnerable to cross-site scripting (XSS) via the Reports interface through values from the startdate and enddate fields. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and e... Read more
- Published: Oct. 30, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2016-15052
Nagios XI versions prior to 5.2.4 are vulnerable to cross-site scripting (XSS) via the Menu System of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context... Read more
- Published: Oct. 30, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2016-15053
Nagios XI versions prior to 5.2.4 are vulnerable to cross-site scripting (XSS) via the “My Reports” listing of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in th... Read more
- Published: Oct. 30, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2018-25121
Nagios XI versions prior to 5.4.13 are vulnerable to cross-site scripting (XSS) via the Views page of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context... Read more
- Published: Oct. 30, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Cross-Site Scripting
-
8.8
HIGHCVE-2018-25122
Nagios XI versions prior to 5.4.13 contain a remote code execution vulnerability in the Component Download page. The download/import handler used unsafe command construction with attacker-controlled input and lacked sufficient validation and output encodi... Read more
- Published: Oct. 30, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Injection
-
8.5
HIGHCVE-2018-25123
Nagios XI versions prior to 5.5.7 contain a privilege escalation vulnerability in the MRTG graphing component. MRTG-related processes/scripts executed with excessive privileges, allowing a local attacker with limited system access to abuse file/command ex... Read more
- Published: Oct. 30, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Authorization
-
9.4
CRITICALCVE-2020-36856
Nagios XI versions prior to 5.6.14 contain an authenticated remote command execution vulnerability in the CCM command_test.php script. Insufficient validation of the `address` parameter allows an authenticated user with access to the Core Config Manager t... Read more
- Published: Oct. 30, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Injection
-
8.6
HIGHCVE-2020-36857
Nagios XI versions prior to 5.6.14 contain a post-authentication SQL injection vulnerability in the SNMP Trap Interface page. Exploitation requires an account with administrative privileges to access the affected interface. A user with administrative acce... Read more
- Published: Oct. 30, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Injection
-
5.4
MEDIUMCVE-2020-36858
Nagios Log Server versions prior to 2.1.6 contain cross-site scripting (XSS) vulnerabilities via the web interface on the Create User, Edit User, and Manage Host Lists pages. Insufficient validation or escaping of user-supplied input may allow an attacker... Read more
Affected Products : log_server- Published: Oct. 30, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Cross-Site Scripting