Latest CVE Feed
-
2.3
LOWCVE-2025-44015
A command injection vulnerability has been reported to affect HybridDesk Station. If an attacker gains local network access, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following v... Read more
Affected Products :- Published: Aug. 29, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Injection
-
6.4
MEDIUMCVE-2025-9500
The TablePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘shortcode_debug’ parameter in all versions up to, and including, 3.2 due to insufficient input sanitization and output escaping. This makes it possible for authentic... Read more
Affected Products : tablepress- Published: Aug. 30, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-9499
The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's oceanwp_library shortcode in all versions up to, and including, 2.4.9 due to insufficient input sanitization and output escaping on user supplied attributes... Read more
Affected Products : ocean_extra- Published: Aug. 30, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Cross-Site Scripting
-
8.8
HIGHCVE-2025-34165
A stack-based buffer overflow vulnerability in NetSupport Manager 14.x versions prior to 14.12.0000 allows a remote, unauthenticated attacker to cause a denial of service (DoS) or potentially leak a limited amount of memory.... Read more
Affected Products :- Published: Aug. 30, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Memory Corruption
-
9.3
CRITICALCVE-2025-54942
A missing authentication for critical function vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to access deployment functionality without prior authentication.... Read more
Affected Products :- Published: Aug. 30, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Authentication
-
2.3
LOWCVE-2025-58160
tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI es... Read more
Affected Products :- Published: Aug. 29, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Misconfiguration
-
4.2
MEDIUMCVE-2025-58067
Basecamp's Google Sign-In adds Google sign-in to Rails applications. Prior to version 1.3.1, it is possible to redirect a user to another origin if the "proceed_to" value in the session store is set to a protocol-relative URL. Normally the value of this U... Read more
Affected Products :- Published: Aug. 29, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Misconfiguration
-
8.8
HIGHCVE-2025-34164
A heap-based buffer overflow vulnerability in NetSupport Manager 14.x versions prior to 14.12.0000 allows a remote, unauthenticated attacker to cause a denial of service (DoS) or potentially result in arbitrary code execution.... Read more
Affected Products :- Published: Aug. 30, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Memory Corruption
-
10.0
CRITICALCVE-2010-10016
BS.Player version 2.57 (build 1051) contains a vulnerability in its playlist import functionality. When processing .m3u files, the application fails to properly validate the length of playlist entries, resulting in a buffer overflow condition. This flaw o... Read more
Affected Products :- Published: Aug. 30, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Memory Corruption
-
9.3
CRITICALCVE-2009-20009
Belkin Bulldog Plus version 4.0.2 build 1219 contains a stack-based buffer overflow vulnerability in its web service authentication handler. When a specially crafted HTTP request is sent with an oversized Authorization header, the application fails to pro... Read more
Affected Products :- Published: Aug. 30, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Memory Corruption
-
8.6
HIGHCVE-2025-0610
Cross-Site Request Forgery (CSRF) vulnerability in Akınsoft QR Menü allows Cross Site Request Forgery.This issue affects QR Menü: from s1.05.06 before v1.05.12.... Read more
Affected Products :- Published: Sep. 01, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Cross-Site Request Forgery
-
9.8
CRITICALCVE-2025-5662
A deserialization vulnerability exists in the H2O-3 REST API (POST /99/ImportSQLTable) that affects all versions up to 3.46.0.7. This vulnerability allows remote code execution (RCE) due to improper validation of JDBC connection parameters when using a Ke... Read more
Affected Products : h2o- Published: Sep. 02, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Injection
-
7.8
HIGHCVE-2022-38695
In BootRom, there's a possible unchecked command index. This could lead to local escalation of privilege with no additional execution privileges needed.... Read more
Affected Products :- Published: Sep. 01, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2022-38696
In BootRom, there's a possible missing payload size check. This could lead to memory buffer overflow without requiring additional execution privileges.... Read more
Affected Products :- Published: Sep. 01, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Memory Corruption
-
9.2
CRITICALCVE-2025-52549
E3 Site Supervisor Control (firmware version < 2.31F01) generates the root linux password on each boot. An attacker can generate the root linux password for a vulnerable device based on known or easy to fetch parameters.... Read more
Affected Products :- Published: Sep. 02, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Cryptography
-
5.3
MEDIUMCVE-2025-52543
E3 Site Supervisor Control (firmware version < 2.31F01) application services (MGW and RCI) uses client side hashing for authentication. An attacker can authenticate by obtaining only the password hash.... Read more
Affected Products :- Published: Sep. 02, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Authentication
-
5.8
MEDIUMCVE-2025-58318
Delta Electronics DIAView has an authentication bypass vulnerability.... Read more
Affected Products :- Published: Sep. 01, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Authentication
-
6.1
MEDIUMCVE-2025-9568
The eHRD developed by Sunnet has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.... Read more
Affected Products : ehrd_ctms- Published: Sep. 01, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Cross-Site Scripting
-
4.3
MEDIUMCVE-2024-12914
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akınsoft QR Menü allows Cross-Site Scripting (XSS).This issue affects QR Menü: from s1.05.05 before v1.05.12.... Read more
Affected Products :- Published: Sep. 01, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Cross-Site Scripting
-
4.3
MEDIUMCVE-2024-12974
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft ProKuaför allows Cross-Site Scripting (XSS).This issue affects ProKuaför: from s1.02.07 before v1.02.08.... Read more
Affected Products :- Published: Sep. 02, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Cross-Site Scripting