Latest CVE Feed
-
7.8
HIGHCVE-2025-50892
The eudskacs.sys driver version 20250328 shipped with EaseUs Todo Backup 1.2.0.1 fails to properly validate privileges for I/O requests (IRP_MJ_READ/IRP_MJ_WRITE) sent to its device object. This allows a local, low-privileged attacker to perform arbitrary... Read more
Affected Products :- Published: Sep. 10, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Information Disclosure
-
8.8
HIGHCVE-2025-9018
The Time Tracker plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'tt_update_table_function' and 'tt_delete_record_function' functions in all versions up to, and including, 3.1.0. Th... Read more
Affected Products :- Published: Sep. 11, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2025-10226
Dependency on Vulnerable Third-Party Component (CWE-1395) in the PostgreSQL backend in AxxonSoft Axxon One 2.0.8 and earlier on Windows and Linux allows a remote attacker to escalate privileges, execute arbitrary code, or cause denial-of-service via explo... Read more
Affected Products :- Published: Sep. 10, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Supply Chain
-
4.3
MEDIUMCVE-2025-9632
The PhpList Subber plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the bulk_action_handler function. This makes it possible for unauthentic... Read more
Affected Products :- Published: Sep. 11, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Cross-Site Request Forgery
-
8.8
HIGHCVE-2025-9059
The Altiris Core Agent Updater package (AeXNSC.exe) is prone to an elevation of privileges vulnerability through DLL hijacking.... Read more
Affected Products :- Published: Sep. 11, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Misconfiguration
-
8.4
HIGHCVE-2025-55976
Intelbras IWR 3000N 1.9.8 exposes the Wi-Fi password in plaintext via the /api/wireless endpoint. Any unauthenticated user on the local network can directly obtain the Wi-Fi network password by querying this endpoint.... Read more
Affected Products :- Published: Sep. 10, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-8696
If an unauthenticated user sends a large amount of data to the Stork UI, it may cause memory and disk use problems for the system running the Stork server. This issue affects Stork versions 1.0.0 through 2.3.0.... Read more
Affected Products : stork- Published: Sep. 10, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Denial of Service
-
6.2
MEDIUMCVE-2025-43784
Improper Access Control vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.8, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows guest users to obtain object entries information via the API Bu... Read more
- Published: Sep. 10, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Authorization
-
7.1
HIGHCVE-2025-48041
Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects OTP form OTP ... Read more
Affected Products : erlang\/otp- Published: Sep. 11, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Denial of Service
-
6.9
MEDIUMCVE-2025-48040
Uncontrolled Resource Consumption vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects OTP form OTP 17.0 until OTP 28.0... Read more
Affected Products : erlang\/otp- Published: Sep. 11, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Denial of Service
-
5.3
MEDIUMCVE-2025-48039
Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects... Read more
Affected Products : erlang\/otp- Published: Sep. 11, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Denial of Service
-
4.8
MEDIUMCVE-2025-10245
A security flaw has been discovered in Display Painéis TGA up to 7.1.41. Affected by this issue is some unknown functionality of the file /gallery/rename of the component Galeria Page. The manipulation of the argument current_folder results in path traver... Read more
Affected Products :- Published: Sep. 11, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Path Traversal
-
5.3
MEDIUMCVE-2025-48038
Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects... Read more
Affected Products : erlang\/otp- Published: Sep. 11, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Denial of Service
-
5.3
MEDIUMCVE-2025-10236
A vulnerability has been found in binary-husky gpt_academic up to 3.91. Impacted is the function merge_tex_files_ of the file crazy_functions/latex_fns/latex_toolbox.py of the component LaTeX File Handler. Such manipulation of the argument \input{} leads ... Read more
Affected Products : gpt_academic- Published: Sep. 11, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Path Traversal
-
4.8
MEDIUMCVE-2025-10234
A vulnerability was detected in Scada-LTS up to 2.7.8.1. This vulnerability affects unknown code of the file /data_point_edit.shtm of the component Data Point Edit Module. The manipulation of the argument Text Renderer properties results in cross site scr... Read more
Affected Products : scada-lts- Published: Sep. 11, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Cross-Site Scripting
-
7.5
HIGHCVE-2025-59049
Mockoon provides way to design and run mock APIs. Prior to version 9.2.0, a mock API configuration for static file serving follows the same approach presented in the documentation page, where the server filename is generated via templating features from u... Read more
Affected Products :- Published: Sep. 10, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Path Traversal
-
5.1
MEDIUMCVE-2025-43783
Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.3.73 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through 2024.Q3.1, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 7.4 update 73 through update 92 allows remote attacke... Read more
- Published: Sep. 10, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2025-10229
A vulnerability has been found in Freshwork up to 1.2.3. This impacts an unknown function of the file /api/v2/logout. Such manipulation of the argument post_logout_redirect_uri leads to open redirect. The attack can be executed remotely. The exploit has b... Read more
Affected Products :- Published: Sep. 10, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Misconfiguration
-
7.1
HIGHCVE-2025-59052
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Angular uses a DI container (the "platform injector") to hold request-specific state during server-side rendering. For hist... Read more
Affected Products : angular- Published: Sep. 10, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Misconfiguration
-
2.6
LOWCVE-2025-10216
A vulnerability was detected in GrandNode up to 2.3.0. The impacted element is an unknown function of the file /checkout/ConfirmOrder/ of the component Voucher Handler. The manipulation of the argument giftvouchercouponcode results in race condition. The ... Read more
Affected Products :- Published: Sep. 10, 2025
- Modified: Sep. 11, 2025
- Vuln Type: Race Condition