Latest CVE Feed
Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.
Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.1.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and @nuxt/nitro-server versions 3.20.0 to before 3.21.6 and 4.0.…
Nuxt is an open-source web development framework for Vue.js. In @nuxt/rspack-builder and @nuxt/webpack-builder versions 3.15.4 to before 3.21.6, and 4.0.0-alpha.1 to before 4.4.6, there is an incompl…
Nuxt is an open-source web development framework for Vue.js. From versions 3.4.3 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, navigateTo() with external: true generates a server-side HTML redi…
The system stores the username and password from the login form after submitting the request. This could allow an attacker with access to the platform to return to the browser and view the login cred…
A security flaw has been discovered in PbootCMS up to 3.2.12. This vulnerability affects the function retrieve of the file apps/home/controller/MemberController.php of the component Password Handler.…
A vulnerability was identified in Groww Stock, Mutual Fund, Gold App up to 20260805 on Android. This affects an unknown part of the component WebView URL Handler. The manipulation leads to improper a…
MobaXterm Personal Edition (Portable), in its 26.3 version (Build 5154), allows arbitrary code execution by loading a malicious DLL located in the same directory as the portable executable. Because t…
MobaXterm Personal Edition (Portable), in its 26.3 version (Build 5154), allows arbitrary code execution by loading malicious DLLs from a temporary directory that is predictable and can be modified b…
Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying deri…
Quest Bot is an opensource Discord Bot. Prior to version 1.1.8, any user who can access the ticket panel can repeatedly create new ticket channels. The latest release still creates a new database tic…
Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the latest release suppresses mentions when creating, unbanning, unwarning, kicking, muting, and unmuting, but stored warning reasons a…
Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, a moderator with the relevant Discord permission bit can use the bot to moderate users above them in the Discord role hierarchy, as lon…
Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the automod add command trims user input but does not reject an empty result. Adding a rule containing only whitespace stores an empty …
Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the purge and slowmode commands check only guild-level permissions on the invoking member. They do not check the member’s effective per…
A Missing Required Cryptographic Step vulnerability has been identified in Moxa's embedded Linux firmware for industrial computers and controllers. This vulnerability represents an incomplete remedia…
The iRM-IEI Remote Management developed by IEI Integration Corp has a Hardcoded Credentials vulnerability, allowing unauthenticated remote attackers to exploit hard-coded credentials to gain adminis…
The iRM-IEI Remote Management developed by IEI Integration Corp has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to exploit a specific functionality to obtain par…
There is no restriction on the amount of attachment headers that a message can contain when being deserialized by Apache CXF, which can lead to uncontrolled resource consumption or a denial of servic…
A vulnerability in Apache CXF's JwsJsonContainerRequestFilter can be exploited to cause CXF to process metadata that was not authenticated by the accepted signature. This can bypass the application's…
A JNDI Injection vulnerability has been discovered in Apache CXF's JCA integration module, which can allow for code execution, if an attacker is able to manipulate the JCA deployment descriptor (ra.x…