Latest CVE Feed
-
9.3
CRITICALCVE-2009-20010
Dogfood CRM version 2.0.10 contains a remote command execution vulnerability in the spell.php script used by its mail subsystem. The vulnerability arises from unsanitized user input passed via a POST request to the data parameter, which is processed by th... Read more
Affected Products :- Published: Aug. 30, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Injection
-
7.4
HIGHCVE-2025-41690
A low-privileged attacker in bluetooth range may be able to access the password of a higher-privilege user (Maintenance) by viewing the device’s event log. This vulnerability could allow the Operator to authenticate as the Maintenance user, thereby gainin... Read more
Affected Products :- Published: Sep. 02, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Information Disclosure
-
7.8
HIGHCVE-2022-38694
In BootRom, there is a possible unchecked write address. This could lead to local escalation of privilege with no additional execution privileges needed.... Read more
Affected Products :- Published: Sep. 01, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Memory Corruption
-
4.3
MEDIUMCVE-2024-12914
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akınsoft QR Menü allows Cross-Site Scripting (XSS).This issue affects QR Menü: from s1.05.05 before v1.05.12.... Read more
Affected Products :- Published: Sep. 01, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Cross-Site Scripting
-
9.8
CRITICALCVE-2025-6507
A vulnerability in the h2oai/h2o-3 repository allows attackers to exploit deserialization of untrusted data, potentially leading to arbitrary code execution and reading of system files. This issue affects the latest master branch version 3.47.0.99999. The... Read more
Affected Products : h2o- Published: Sep. 01, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Misconfiguration
-
4.3
MEDIUMCVE-2024-12972
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft OctoCloud allows Cross-Site Scripting (XSS).This issue affects OctoCloud: from s1.09.01 before v1.11.01.... Read more
Affected Products :- Published: Sep. 02, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Cross-Site Scripting
-
7.7
HIGHCVE-2024-52284
Unauthorized disclosure of sensitive data: Any user with `GET` or `LIST` permissions on `BundleDeployment` resources could retrieve Helm values containing credentials or other secrets.... Read more
Affected Products : rancher- Published: Sep. 02, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-52543
E3 Site Supervisor Control (firmware version < 2.31F01) application services (MGW and RCI) uses client side hashing for authentication. An attacker can authenticate by obtaining only the password hash.... Read more
Affected Products :- Published: Sep. 02, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Authentication
-
6.9
MEDIUMCVE-2025-41030
Lack of authorisation in Deporsite by T-INNOVA. This vulnerability allows an unauthenticated attacker to obtain information from other users via GET ‘/ajax/TInnova_v2/Integrantes_Recurso_v2_1/llamadaAjax/buscarPersona’ using the ‘dni’ parameter.... Read more
Affected Products :- Published: Sep. 02, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Authorization
-
9.2
CRITICALCVE-2025-52549
E3 Site Supervisor Control (firmware version < 2.31F01) generates the root linux password on each boot. An attacker can generate the root linux password for a vulnerable device based on known or easy to fetch parameters.... Read more
Affected Products :- Published: Sep. 02, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Cryptography
-
6.9
MEDIUMCVE-2025-41031
Lack of authorisation in Deporsite by T-INNOVA. This vulnerability allows an unauthenticated attacker to change other users' profile pictures via a POST request using the parameters ‘IdPersona’ and “Foto” in ‘/ajax/TInnova_c/FotoUsuario/llamadaAjax/upload... Read more
Affected Products :- Published: Sep. 02, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Authorization
-
8.4
HIGHCVE-2010-10017
WM Downloader version 3.1.2.2 is vulnerable to a buffer overflow when processing a specially crafted .m3u playlist file. The application fails to properly validate input length, allowing an attacker to overwrite structured exception handler (SEH) records ... Read more
Affected Products :- Published: Aug. 30, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2022-38696
In BootRom, there's a possible missing payload size check. This could lead to memory buffer overflow without requiring additional execution privileges.... Read more
Affected Products :- Published: Sep. 01, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Memory Corruption
-
8.6
HIGHCVE-2025-2413
Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft ProKuafor allows Authentication Bypass.This issue affects ProKuafor: from s1.02.08 before v1.02.08.... Read more
Affected Products :- Published: Sep. 02, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Authentication
-
8.7
HIGHCVE-2005-10004
Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graph_view.php script. An authenticated user can inject arbitrary shell commands via the graph_start GET parameter, which is improperly handled during graph rendering.... Read more
Affected Products : cacti- Published: Aug. 30, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Injection
-
6.1
MEDIUMCVE-2025-9569
The eHRD developed by Sunnet has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.... Read more
Affected Products : ehrd_ctms- Published: Sep. 01, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2024-32589
Missing Authorization vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.5.3.... Read more
Affected Products : barcode_scanner_and_inventory_manager- Published: Aug. 31, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Authorization
-
4.8
MEDIUMCVE-2025-9797
A vulnerability was determined in mrvautin expressCart up to b31302f4e99c3293bd742c6d076a721e168118b0. This impacts an unknown function of the file /admin/product/edit/ of the component Edit Product Page. This manipulation causes injection. The attack can... Read more
Affected Products :- Published: Sep. 01, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Injection
-
8.6
HIGHCVE-2025-52550
E3 Site Supervisor Control (firmware version < 2.31F01) firmware upgrade packages are unsigned. An attacker can forge malicious firmware upgrade packages. An attacker with admin access to the application services can install a malicious firmware upgrade.... Read more
Affected Products :- Published: Sep. 02, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Authentication
-
8.5
HIGHCVE-2025-46810
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of openSUSE Tumbleweed traefik2 allows the traefik user to escalate to root. This issue affects Tumbleweed: from ? before 2.11.29.... Read more
Affected Products : mirrorcache- Published: Sep. 02, 2025
- Modified: Sep. 02, 2025
- Vuln Type: Path Traversal