Latest CVE Feed
-
9.8
CRITICALCVE-2025-10437
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. Webpack Management System allows SQL Injection.This issue affects Webpack Management Sys... Read more
Affected Products :- Published: Nov. 19, 2025
- Modified: Nov. 19, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-11230
Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service via specially crafted JSON requests.... Read more
Affected Products :- Published: Nov. 19, 2025
- Modified: Nov. 19, 2025
- Vuln Type: Denial of Service
-
10.0
CRITICALCVE-2025-63224
The Itel DAB Encoder (IDEnc build 25aec8d) is vulnerable to Authentication Bypass due to improper JWT validation across devices. Attackers can reuse a valid JWT token obtained from one device to authenticate and gain administrative access to any other dev... Read more
Affected Products :- Published: Nov. 19, 2025
- Modified: Nov. 19, 2025
- Vuln Type: Authentication
-
7.5
HIGHCVE-2025-13395
A security flaw has been discovered in codehub666 94list up to 5831c8240e99a72b7d3508c79ef46ae4b96befe8. The impacted element is the function Login of the file /function.php. The manipulation results in sql injection. The attack can be launched remotely. ... Read more
Affected Products :- Published: Nov. 19, 2025
- Modified: Nov. 19, 2025
- Vuln Type: Injection
-
4.7
MEDIUMCVE-2025-0421
Improper Restriction of Rendered UI Layers or Frames vulnerability in Shopside Software Technologies Inc. Shopside allows iFrame Overlay.This issue affects Shopside: through 05022025.... Read more
Affected Products :- Published: Nov. 19, 2025
- Modified: Nov. 19, 2025
- Vuln Type: Misconfiguration