Latest CVE Feed
-
8.6
HIGHCVE-2025-2416
Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft LimonDesk allows Authentication Bypass.This issue affects LimonDesk: from s1.02.14 before v1.02.17.... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Authentication
-
4.6
MEDIUMCVE-2025-21035
Improper access control in Samsung Calendar prior to version 12.5.06.5 in Android 14 and 12.6.01.12 in Android 15 allows physical attackers to access data across multiple user profiles.... Read more
Affected Products : calendar- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2024-13071
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft e-Mutabakat allows Cross-Site Scripting (XSS).This issue affects e-Mutabakat: from 2.02.05 before v2.02.06.... Read more
Affected Products :- Published: Sep. 04, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Cross-Site Scripting
-
9.4
CRITICALCVE-2025-56752
A vulnerability in the Ruijie RG-ES series switch firmware ESW_1.0(1)B1P39 enables remote attackers to fully bypass authentication mechanisms, providing them with unrestricted access to alter administrative settings and potentially seize control of affect... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Authentication
-
4.7
MEDIUMCVE-2024-13073
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft TaskPano allows Cross-Site Scripting (XSS).This issue affects TaskPano: s1.06.04.... Read more
Affected Products :- Published: Sep. 04, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Cross-Site Scripting
-
7.2
HIGHCVE-2025-9519
The Easy Timer plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.1 via the plugin's shortcodes. This is due to insufficient restriction of shortcode attributes. This makes it possible for authenticated a... Read more
Affected Products :- Published: Sep. 04, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Authentication
-
4.7
MEDIUMCVE-2025-6785
Securing externally available CAN wires can easily allow physical access to the CAN bus, allowing possible injection of specially formed CAN messages to control remote start functions of the vehicle. Testing completed on Tesla Model 3 vehicles with softw... Read more
Affected Products : model_3_firmware- Published: Sep. 04, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Injection
-
8.6
HIGHCVE-2025-2411
Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft TaskPano allows Authentication Bypass.This issue affects TaskPano: from s1.06.04 before v1.06.06.... Read more
Affected Products :- Published: Sep. 04, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Authentication
-
6.5
MEDIUMCVE-2025-9934
A vulnerability was found in TOTOLINK X5000R 9.1.0cu.2415_B20250515. This affects the function sub_410C34 of the file /cgi-bin/cstecgi.cgi. Performing manipulation of the argument pid results in command injection. Remote exploitation of the attack is poss... Read more
Affected Products : x5000r_firmware- Published: Sep. 04, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-25048
IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 could allow an authenticated user to upload files to the system due to improper neutralization of sequences that can resolve to a restricted dire... Read more
Affected Products : jazz_foundation- Published: Sep. 04, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Path Traversal
-
6.5
MEDIUMCVE-2025-58593
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle Orbit Fox by ThemeIsle allows Stored XSS. This issue affects Orbit Fox by ThemeIsle: from n/a through 3.0.0.... Read more
Affected Products : orbit_fox- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2024-43184
IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thu... Read more
Affected Products : jazz_foundation- Published: Sep. 04, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Cross-Site Scripting
-
5.0
MEDIUMCVE-2025-58606
Missing Authorization vulnerability in CozyThemes SaasLauncher allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SaasLauncher: from n/a through 1.3.0.... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Authorization
-
5.9
MEDIUMCVE-2025-58631
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZEEN101 IssueM allows DOM-Based XSS. This issue affects IssueM: from n/a through 2.9.0.... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2025-20336
A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vu... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Information Disclosure
-
5.9
MEDIUMCVE-2025-58596
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in properfraction MailOptin allows Stored XSS. This issue affects MailOptin: from n/a through 1.2.75.0.... Read more
Affected Products : mailoptin- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Cross-Site Scripting
-
4.3
MEDIUMCVE-2025-58601
Missing Authorization vulnerability in RadiusTheme Classified Listing allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Classified Listing: from n/a through 5.0.6.... Read more
Affected Products : classified_listing- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-58603
Missing Authorization vulnerability in Surfer Surfer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Surfer: from n/a through 1.6.4.574.... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Authorization
-
8.4
HIGHCVE-2025-7388
It was possible to perform Remote Command Execution (RCE) via Java RMI interface in the OpenEdge AdminServer, allowing authenticated users to inject and execute OS commands under the delegated authority of the AdminServer process. An RMI interface permit... Read more
Affected Products : openedge- Published: Sep. 04, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Injection
-
5.4
MEDIUMCVE-2025-58641
Server-Side Request Forgery (SSRF) vulnerability in kamleshyadav Exit Intent Popup allows Server Side Request Forgery. This issue affects Exit Intent Popup: from n/a through 1.0.1.... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 04, 2025
- Vuln Type: Server-Side Request Forgery