Latest CVE Feed
-
7.5
HIGHCVE-2025-56404
An issue was discovered in MariaDB MCP 0.1.0 allowing attackers to gain sensitive information via the SSE service as the SSE service lacks user validation.... Read more
Affected Products : model_context_protocol- Published: Sep. 10, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-56405
An issue was discovered in litmusautomation litmus-mcp-server thru 0.0.1 allowing unauthorized attackers to control the target's MCP service through the SSE protocol.... Read more
Affected Products : mcp_server- Published: Sep. 10, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Authentication
-
8.8
HIGHCVE-2025-56413
OS Command injection vulnerability in function OperateSSH in 1panel 2.0.8 allowing attackers to execute arbitrary commands via the operation parameter to the /api/v2/hosts/ssh/operate endpoint.... Read more
Affected Products : 1panel- Published: Sep. 10, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Injection
-
8.2
HIGHCVE-2025-43884
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially expl... Read more
Affected Products : powerprotect_data_manager- Published: Sep. 10, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Injection
-
5.4
MEDIUMCVE-2025-57540
A stored cross-site scripting (XSS) vulnerability exists in the WebAuthn Relying Party field within the Datacenter configuration of Proxmox Virtual Environment (PVE) 8.4. Authenticated users can inject JavaScript code that is later executed in the browser... Read more
Affected Products : virtual_environment- Published: Sep. 09, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Cross-Site Scripting
-
7.8
HIGHCVE-2025-10198
Sunshine for Windows, version v2025.122.141614, contains a DLL search-order hijacking vulnerability, allowing attackers to insert a malicious DLL in user-writeable PATH directories.... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Misconfiguration
-
7.8
HIGHCVE-2025-10199
A local privilege escalation vulnerability exists in Sunshine for Windows (version v2025.122.141614 and likely prior versions) due to an unquoted service path.... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Misconfiguration
-
7.5
HIGHCVE-2025-57078
Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the pppoeServerWhiteMacIndex parameter in the formModifyPppAuthWhiteMac function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Denial of Service
-
9.8
CRITICALCVE-2025-57085
Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the v17 parameter in the UploadCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-57086
Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the String parameter in the formDeleteMeshNode function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Denial of Service
-
10.0
CRITICALCVE-2025-55727
XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing escaping of the width parameter in the column macro allows remote code execution for a... Read more
Affected Products : pro_macros- Published: Sep. 09, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Injection
-
10.0
CRITICALCVE-2025-55728
XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing escaping of the classes parameter in the panel macro allows remote code execution for ... Read more
Affected Products : pro_macros- Published: Sep. 09, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-57060
Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the rules parameter in the dns_forward_rule_store function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Denial of Service
-
9.1
CRITICALCVE-2025-44594
halo v2.20.17 and before is vulnerable to server-side request forgery (SSRF) in /apis/uc.api.storage.halo.run/v1alpha1/attachments/-/upload-from-url.... Read more
Affected Products : halo- Published: Sep. 09, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Server-Side Request Forgery
-
5.1
MEDIUMCVE-2025-34178
In pfSense CE /suricata/suricata_app_parsers.php, the value of the policy_name parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticate... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Cross-Site Scripting
-
5.1
MEDIUMCVE-2025-34177
In pfSense CE /suricata/suricata_flow_stream.php, the value of the policy_name parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticate... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2025-34176
In pfSense CE /suricata/suricata_ip_reputation.php, the value of the iplist parameter is not sanitized of directory traversal-related strings/characters. This value is directly used in a file existence check operation. While the contents of the file canno... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Path Traversal
-
5.1
MEDIUMCVE-2025-34175
In pfSense CE /usr/local/www/suricata/suricata_filecheck.php, the value of the filehash parameter is directly displayed without sanitizing for HTML-related characters/strings. This can result in reflected cross-site scripting if the victim is authenticate... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Cross-Site Scripting
-
5.1
MEDIUMCVE-2025-34174
In pfSense CE /usr/local/www/status_traffic_totals.php, the value of the start-day parameter is not ensured to be a numeric value or sanitized of HTML-related characters/strings before being directly displayed in the input box. This value can be saved as ... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2025-34173
In pfSense CE /usr/local/www/snort/snort_ip_reputation.php, the value of the iplist parameter is not sanitized of directory traversal-related characters/strings before being used to check if a file exists. While the contents of the file cannot be read, th... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Path Traversal