Latest CVE Feed
-
8.5
HIGHCVE-2025-46810
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of openSUSE Tumbleweed traefik2 allows the traefik user to escalate to root. This issue affects Tumbleweed: from ? before 2.11.29.... Read more
Affected Products : mirrorcache- Published: Sep. 02, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Path Traversal
-
9.8
CRITICALCVE-2025-54857
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in SkyBridge BASIC MB-A130 Ver.1.5.8 and earlier. If exploited, a remote unauthenticated attacker may execute arbitrary OS commands with root privilege... Read more
Affected Products : skybridge_basic_mb-a130_firmware- Published: Sep. 01, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-6507
A vulnerability in the h2oai/h2o-3 repository allows attackers to exploit deserialization of untrusted data, potentially leading to arbitrary code execution and reading of system files. This issue affects the latest master branch version 3.47.0.99999. The... Read more
Affected Products : h2o- Published: Sep. 01, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Misconfiguration
-
8.6
HIGHCVE-2025-9573
The ns_backup extension through 13.0.2 for TYPO3 allows command injection.... Read more
Affected Products :- Published: Sep. 02, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Injection
-
6.9
MEDIUMCVE-2025-9570
The eHRD CTMS developed by Sunnet has an Arbitrary File Reading vulnerability, allowing remote attackers with administrator privileges to exploit Relative Path Traversal to download arbitrary system files.... Read more
Affected Products : ehrd_ctms- Published: Sep. 01, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Path Traversal
-
8.4
HIGHCVE-2025-9809
Out-of-bounds write in cdfs_open_cue_track in libretro libretro-common latest on all platforms allows remote attackers to execute arbitrary code via a crafted .cue file with a file path exceeding PATH_MAX_LENGTH that is copied using memcpy into a fixed-si... Read more
Affected Products :- Published: Sep. 01, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-52544
E3 Site Supervisor Control (firmware version < 2.31F01) has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can access any file from the E3 file sys... Read more
Affected Products :- Published: Sep. 02, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Path Traversal
-
5.8
MEDIUMCVE-2025-9802
A vulnerability was detected in RemoteClinic 2.0. This vulnerability affects unknown code of the file /staff/profile.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely.... Read more
Affected Products : remote_clinic- Published: Sep. 02, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Injection
-
6.9
MEDIUMCVE-2025-41030
Lack of authorisation in Deporsite by T-INNOVA. This vulnerability allows an unauthenticated attacker to obtain information from other users via GET ‘/ajax/TInnova_v2/Integrantes_Recurso_v2_1/llamadaAjax/buscarPersona’ using the ‘dni’ parameter.... Read more
Affected Products :- Published: Sep. 02, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Authorization
-
7.7
HIGHCVE-2025-52545
E3 Site Supervisor Control (firmware version < 2.31F01) RCI service contains an API call to read users info, which returns all usernames and password hashes for the application services.... Read more
Affected Products :- Published: Sep. 02, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Information Disclosure
-
8.7
HIGHCVE-2025-52547
E3 Site Supervisor Control (firmware version < 2.31F01) MGW contains an API call that lacks input validation. An attacker can use this command to continuously crash the application services.... Read more
Affected Products :- Published: Sep. 02, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Denial of Service
-
6.9
MEDIUMCVE-2025-41031
Lack of authorisation in Deporsite by T-INNOVA. This vulnerability allows an unauthenticated attacker to change other users' profile pictures via a POST request using the parameters ‘IdPersona’ and “Foto” in ‘/ajax/TInnova_c/FotoUsuario/llamadaAjax/upload... Read more
Affected Products :- Published: Sep. 02, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Authorization
-
9.3
CRITICALCVE-2025-6519
E3 Site Supervisor (firmware version < 2.31F01) has a default admin user "ONEDAY" with a daily generated password. An attacker can predictably generate the password for ONEDAY. The oneday user cannot be deleted or modified by any user.... Read more
Affected Products :- Published: Sep. 02, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Authentication
-
7.5
HIGHCVE-2025-7731
Cleartext Transmission of Sensitive Information vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote unauthenticated attacker to obtain credential information by intercepting SLMP communication messages, and read ... Read more
Affected Products : melsec_iq-fx5u-32mt\/es_firmware melsec_iq-fx5u-32mt\/ds_firmware melsec_iq-fx5u-32mt\/ess_firmware melsec_iq-fx5u-32mt\/dss_firmware melsec_iq-fx5u-32mr\/es_firmware melsec_iq-fx5u-32mr\/ds_firmware melsec_iq-fx5u-64mt\/es_firmware melsec_iq-fx5u-64mt\/ds_firmware melsec_iq-fx5u-64mt\/ess_firmware melsec_iq-fx5u-64mt\/dss_firmware +11 more products- Published: Sep. 01, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Information Disclosure
-
8.6
HIGHCVE-2025-52550
E3 Site Supervisor Control (firmware version < 2.31F01) firmware upgrade packages are unsigned. An attacker can forge malicious firmware upgrade packages. An attacker with admin access to the application services can install a malicious firmware upgrade.... Read more
Affected Products :- Published: Sep. 02, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Authentication
-
7.3
HIGHCVE-2025-7405
Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote unauthenticated attacker to read or write the device values of the product and stop the operation of the programs, ... Read more
Affected Products : melsec_iq-fx5u-32mt\/es_firmware melsec_iq-fx5u-32mt\/ds_firmware melsec_iq-fx5u-32mt\/ess_firmware melsec_iq-fx5u-32mt\/dss_firmware melsec_iq-fx5u-32mr\/es_firmware melsec_iq-fx5u-32mr\/ds_firmware melsec_iq-fx5u-64mt\/es_firmware melsec_iq-fx5u-64mt\/ds_firmware melsec_iq-fx5u-64mt\/ess_firmware melsec_iq-fx5u-64mt\/dss_firmware +11 more products- Published: Sep. 01, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Authentication
-
6.1
MEDIUMCVE-2025-9569
The eHRD developed by Sunnet has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.... Read more
Affected Products : ehrd_ctms- Published: Sep. 01, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Cross-Site Scripting
-
4.7
MEDIUMCVE-2025-0640
Authorization Bypass Through User-Controlled Key vulnerability in Akinsoft OctoCloud allows Resource Leak Exposure.This issue affects OctoCloud: from s1.09.02 before v1.11.01.... Read more
Affected Products :- Published: Sep. 02, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Authorization
-
8.2
HIGHCVE-2024-58259
A vulnerability has been identified within Rancher Manager in which it did not enforce request body size limits on certain public (unauthenticated) and authenticated API endpoints. This allows a malicious user to exploit this by sending excessively lar... Read more
Affected Products : rancher- Published: Sep. 02, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2025-5083
The Amministrazione Trasparente plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 9.0 due to insufficient input sanitization and output escaping. This makes it possible for authentic... Read more
Affected Products : amministrazione_trasparente- Published: Aug. 31, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Cross-Site Scripting