Latest CVE Feed
-
9.8
CRITICALCVE-2025-54485
A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a maliciou... Read more
Affected Products : libbiosig- Published: Aug. 25, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-54484
A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a maliciou... Read more
Affected Products : libbiosig- Published: Aug. 25, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-54483
A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a maliciou... Read more
Affected Products : libbiosig- Published: Aug. 25, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-54482
A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a maliciou... Read more
Affected Products : libbiosig- Published: Aug. 25, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-54481
A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a maliciou... Read more
Affected Products : libbiosig- Published: Aug. 25, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-54480
A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a maliciou... Read more
Affected Products : libbiosig- Published: Aug. 25, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-54462
A heap-based buffer overflow vulnerability exists in the Nex parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted .nex file can lead to arbitrary code execution. An attacker can provide a malicious ... Read more
Affected Products : libbiosig- Published: Aug. 25, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Memory Corruption
-
9.3
CRITICALCVE-2025-54943
A missing authorization vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to perform unauthorized application deployment due to the absence of proper access control checks.... Read more
Affected Products :- Published: Aug. 30, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Authorization
-
6.9
MEDIUMCVE-2025-54944
An unrestricted upload of file with dangerous type vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to write malicious code in a specific file, which may lead to arbitrary code execution.... Read more
Affected Products :- Published: Aug. 30, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Misconfiguration
-
1.9
LOWCVE-2025-58156
Centurion ERP is an ERP with a focus on ITSM and automation. In versions starting from 1.12.0 to before 1.21.0, an authenticated user can view all authentication token details within the database. This includes the actual token, although only the hashed t... Read more
Affected Products : centurion_erp- Published: Aug. 29, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Information Disclosure
-
4.3
MEDIUMCVE-2025-9618
The Related Posts Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unaut... Read more
Affected Products :- Published: Aug. 30, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Cross-Site Request Forgery
-
5.3
MEDIUMCVE-2025-58066
nptd-rs is a tool for synchronizing your computer's clock, implementing the NTP and NTS protocols. In versions between 1.2.0 and 1.6.1 inclusive servers which allow non-NTS traffic are affected by a denial of service vulnerability, where an attacker can i... Read more
Affected Products : ntpd-rs- Published: Aug. 29, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Denial of Service
-
8.8
HIGHCVE-2025-34165
A stack-based buffer overflow vulnerability in NetSupport Manager 14.x versions prior to 14.12.0000 allows a remote, unauthenticated attacker to cause a denial of service (DoS) or potentially leak a limited amount of memory.... Read more
Affected Products :- Published: Aug. 30, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-34164
A heap-based buffer overflow vulnerability in NetSupport Manager 14.x versions prior to 14.12.0000 allows a remote, unauthenticated attacker to cause a denial of service (DoS) or potentially result in arbitrary code execution.... Read more
Affected Products :- Published: Aug. 30, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Memory Corruption
-
9.3
CRITICALCVE-2025-54942
A missing authentication for critical function vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to access deployment functionality without prior authentication.... Read more
Affected Products :- Published: Aug. 30, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Authentication
-
5.3
MEDIUMCVE-2025-9671
A weakness has been identified in UAB Paytend App up to 2.1.9 on Android. This impacts an unknown function of the file AndroidManifest.xml of the component com.passport.cash. Executing manipulation can lead to improper export of android application compon... Read more
Affected Products :- Published: Aug. 29, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Misconfiguration
-
4.2
MEDIUMCVE-2025-58067
Basecamp's Google Sign-In adds Google sign-in to Rails applications. Prior to version 1.3.1, it is possible to redirect a user to another origin if the "proceed_to" value in the session store is set to a protocol-relative URL. Normally the value of this U... Read more
Affected Products :- Published: Aug. 29, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Misconfiguration
-
5.3
MEDIUMCVE-2025-29882
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have already fi... Read more
- Published: Aug. 29, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Denial of Service
-
5.1
MEDIUMCVE-2025-33032
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We ha... Read more
- Published: Aug. 29, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-9669
A vulnerability has been found in Jinher OA 1.0. This issue affects some unknown processing of the file GetTreeDate.aspx. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been discl... Read more
Affected Products : jinher_oa- Published: Aug. 29, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Injection