Latest CVE Feed
-
3.3
LOWCVE-2023-3666
The Sticky Side Buttons WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disall... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Cross-Site Scripting
-
8.5
HIGHCVE-2025-57778
There is an out of bounds write vulnerability due to improper bounds checking resulting in an invalid source address when parsing a DSB file with Digilent DASYLab. This vulnerability may result in arbitrary code execution. Successful exploitation requir... Read more
Affected Products :- Published: Sep. 02, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Memory Corruption
-
8.5
HIGHCVE-2025-57774
There is an out of bounds write vulnerability due to improper bounds checking resulting in invalid data when parsing a DSB file with Digilent DASYLab. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacke... Read more
Affected Products :- Published: Sep. 02, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Memory Corruption
-
7.9
HIGHCVE-2023-21477
Access of Memory Location After End of Buffer vulnerability in TIGERF trustlet prior to SMR Apr-2023 Release 1 allows local attackers to access protected data.... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Memory Corruption
-
7.2
HIGHCVE-2025-8613
Vacron Camera ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Vacron Camera devices. Authentication is required to exploit this vulnerability. T... Read more
Affected Products :- Published: Sep. 02, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Injection
-
5.3
MEDIUMCVE-2025-58210
Missing Authorization vulnerability in ThemeMove Makeaholic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Makeaholic: from n/a through 1.8.5.... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Authorization
-
6.1
MEDIUMCVE-2025-55473
Asian Arts Talents Foundation (AATF) Website v5.1.x and Docker version 2024.12.8.1 are vulnerable to Cross Site Scripting (XSS). The vulnerability exists in the /ip.php endpoint, which processes and displays the X-Forwarded-For HTTP header without proper ... Read more
Affected Products :- Published: Sep. 02, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2023-21482
Missing authorization vulnerability in Camera prior to versions 11.1.02.18 in Android 11, 12.1.03.8 in Android 12 and 13.1.01.4 in Android 13 allows physical attackers to install package through Galaxy store before completion of Setup wizard.... Read more
Affected Products : camera- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Authorization
-
8.5
HIGHCVE-2025-9188
There is a deserialization of untrusted data vulnerability in Digilent DASYLab. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted DSB file. The vulnerabilit... Read more
Affected Products :- Published: Sep. 02, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Injection
-
4.6
MEDIUMCVE-2025-21035
Improper access control in Samsung Calendar prior to version 12.5.06.5 in Android 14 and 12.6.01.12 in Android 15 allows physical attackers to access data across multiple user profiles.... Read more
Affected Products : calendar- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-36162
IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) 8.1 before 8.1.2.2 could allow an authenticated user to obtain sensitive information about configuration on the system.... Read more
Affected Products : urbancode_deploy- Published: Sep. 02, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Information Disclosure
-
8.5
HIGHCVE-2025-57775
There is a heap-based Buffer Overflow vulnerability due to improper bounds checking when parsing a DSB file with Digilent DASYLab. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to o... Read more
Affected Products :- Published: Sep. 02, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Memory Corruption
-
6.3
MEDIUMCVE-2025-9828
A vulnerability was determined in Tenda CP6 11.10.00.243. The affected element is the function sub_2B7D04 of the component uhttp. Executing manipulation can lead to risky cryptographic algorithm. The attack may be launched remotely. This attack is charact... Read more
Affected Products :- Published: Sep. 02, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Cryptography
-
8.5
HIGHCVE-2025-57777
There is an out of bounds write vulnerability due to improper bounds checking in displ2.dll when parsing a DSB file with Digilent DASYLab. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to get a u... Read more
Affected Products :- Published: Sep. 02, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Memory Corruption
-
4.3
MEDIUMCVE-2024-13064
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft MyRezzta allows Cross-Site Scripting (XSS).This issue affects MyRezzta: from s2.02.02 before v2.05.01.... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2023-21479
Improper authorization in Smart suggestions prior to SMR Apr-2023 Release 1 in Android 13 and 4.1.01.0 in Android 12 allows remote attackers to register a schedule.... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Authorization
-
5.5
MEDIUMCVE-2025-9842
A vulnerability was detected in Das Parking Management System 停车场管理系统 6.2.0. This impacts an unknown function of the file /Operator/Search. The manipulation results in information disclosure. The attack may be performed from remote. The exploit is now pub... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Information Disclosure
-
9.8
CRITICALCVE-2025-1740
Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft MyRezzta allows Authentication Bypass, Password Recovery Exploitation, Brute Force.This issue affects MyRezzta: from s2.03.01 before v2.05.01.... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Authentication
-
8.5
HIGHCVE-2025-57776
There is an out of bounds write vulnerability due to improper bounds checking resulting in an invalid address when parsing a DSB file with Digilent DASYLab. This vulnerability may result in arbitrary code execution. Successful exploitation requires an a... Read more
Affected Products :- Published: Sep. 02, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-9276
Cockroach Labs cockroach-k8s-request-cert Empty Root Password Authentication Bypass Vulnerability. This vulnerability could allow remote attackers to bypass authentication on systems that use the affected version of the Cockroach Labs cockroach-k8s-reques... Read more
Affected Products :- Published: Sep. 02, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Authentication