Latest CVE Feed
-
7.5
HIGHCVE-2025-29089
An issue in TP-Link AX10 Ax1500 v.1.3.10 Build (20230130) allows a remote attacker to obtain sensitive information... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-10164
A security flaw has been discovered in lmsys sglang 0.4.6. Affected by this vulnerability is the function main of the file /update_weights_from_tensor. The manipulation of the argument serialized_named_tensors results in deserialization. The attack can be... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Misconfiguration
-
9.8
CRITICALCVE-2025-58462
OPEXUS FOIAXpress Public Access Link (PAL) before version 11.13.1.0 allows SQL injection via SearchPopularDocs.aspx. A remote, unauthenticated attacker could read, write, or delete any content in the underlying database.... Read more
Affected Products : foiaxpress_public_access_link- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Injection
-
7.1
HIGHCVE-2025-58991
Cross-Site Request Forgery (CSRF) vulnerability in Cristiano Zanca WooCommerce Booking Bundle Hours allows Stored XSS. This issue affects WooCommerce Booking Bundle Hours: from n/a through 0.7.4.... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Cross-Site Request Forgery
-
5.3
MEDIUMCVE-2025-58980
Missing Authorization vulnerability in recorp Export WP Page to Static HTML/CSS allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Export WP Page to Static HTML/CSS: from n/a through 4.1.0.... Read more
Affected Products : export_wp_page_to_static_html\/css- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-54107
Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +7 more products- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
-
4.3
MEDIUMCVE-2025-59005
Missing Authorization vulnerability in frenify Categorify allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Categorify: from n/a through 1.0.7.5.... Read more
Affected Products : categorify- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Authorization
-
7.0
HIGHCVE-2025-53802
Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
-
4.8
MEDIUMCVE-2025-54101
Use after free in Windows SMBv3 Client allows an authorized attacker to execute code over a network.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +3 more products- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
-
5.4
MEDIUMCVE-2025-58981
Missing Authorization vulnerability in Equalize Digital Accessibility Checker by Equalize Digital allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Accessibility Checker by Equalize Digital: from n/a through 1.31.... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Authorization
-
5.9
MEDIUMCVE-2025-58983
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stefano Lissa Include Me allows Stored XSS. This issue affects Include Me: from n/a through 1.3.2.... Read more
Affected Products : include_me- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Cross-Site Scripting
-
7.6
HIGHCVE-2025-59008
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PressTigers ZIP Code Based Content Protection allows SQL Injection. This issue affects ZIP Code Based Content Protection: from n/a through 1.0.0.... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Injection
-
8.1
HIGHCVE-2025-54709
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxper Sala. This issue affects Sala: from n/a through 1.1.6.... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Path Traversal
-
5.8
MEDIUMCVE-2025-9996
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause the execution of any shell command when executing a netstat command using BLMon Console in an SSH session.... Read more
Affected Products :- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Injection
-
4.9
MEDIUMCVE-2025-58977
Server-Side Request Forgery (SSRF) vulnerability in Rhys Wynne WP eBay Product Feeds allows Server Side Request Forgery. This issue affects WP eBay Product Feeds: from n/a through 3.4.8.... Read more
Affected Products : wp_ebay_product_feeds- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Server-Side Request Forgery
-
4.3
MEDIUMCVE-2025-54917
Protection mechanism failure in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +7 more products- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
-
7.8
HIGHCVE-2025-54902
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
Affected Products : 365_apps office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 office_2019- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
-
5.5
MEDIUMCVE-2025-53803
Generation of error message containing sensitive information in Windows Kernel allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +5 more products- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
-
6.5
MEDIUMCVE-2025-54096
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025
-
7.0
HIGHCVE-2025-54093
Time-of-check time-of-use (toctou) race condition in Windows TCP/IP allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +7 more products- Published: Sep. 09, 2025
- Modified: Sep. 11, 2025