Latest CVE Feed
-
8.8
HIGHCVE-2025-11097
A vulnerability has been found in D-Link DIR-823X 250416. Impacted is an unknown function of the file /goform/set_device_name. The manipulation of the argument mac leads to command injection. The attack is possible to be carried out remotely. The exploit ... Read more
- Published: Sep. 28, 2025
- Modified: Oct. 02, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-11098
A vulnerability was found in D-Link DIR-823X 250416. The affected element is an unknown function of the file /goform/set_wifi_blacklists. The manipulation of the argument macList results in command injection. The attack may be performed from remote. The e... Read more
- Published: Sep. 28, 2025
- Modified: Oct. 02, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-11099
A vulnerability was determined in D-Link DIR-823X 250416. The impacted element is the function uci_del of the file /goform/delete_prohibiting. This manipulation of the argument delvalue causes command injection. It is possible to initiate the attack remot... Read more
- Published: Sep. 28, 2025
- Modified: Oct. 02, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-11100
A vulnerability was identified in D-Link DIR-823X 250416. This affects the function uci_set of the file /goform/set_wifi_blacklists. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit is publicly availa... Read more
- Published: Sep. 28, 2025
- Modified: Oct. 02, 2025
- Vuln Type: Injection
-
8.4
HIGHCVE-2025-59050
Greenshot is an open source Windows screenshot utility. Greenshot 1.3.300 and earlier deserializes attacker-controlled data received in a WM_COPYDATA message using BinaryFormatter.Deserialize without prior validation or authentication, allowing a local pr... Read more
- Published: Sep. 16, 2025
- Modified: Oct. 02, 2025
- Vuln Type: Memory Corruption
-
7.0
HIGHCVE-2025-53802
Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.... Read more
- Published: Sep. 09, 2025
- Modified: Oct. 02, 2025
-
7.8
HIGHCVE-2025-53801
Untrusted pointer dereference in Windows DWM allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +2 more products- Published: Sep. 09, 2025
- Modified: Oct. 02, 2025
-
7.8
HIGHCVE-2025-53800
No cwe for this issue in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 +3 more products- Published: Sep. 09, 2025
- Modified: Oct. 02, 2025
-
9.8
CRITICALCVE-2025-10459
A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown part of the file /admin/all-appointment.php. The manipulation of the argument delid results in sql injection. The attack can be executed remote... Read more
- Published: Sep. 15, 2025
- Modified: Oct. 02, 2025
- Vuln Type: Injection
-
5.5
MEDIUMCVE-2025-53799
Use of uninitialized resource in Windows Imaging Component allows an unauthorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 office windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 +10 more products- Published: Sep. 09, 2025
- Modified: Oct. 02, 2025
-
6.5
MEDIUMCVE-2025-53798
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.... Read more
- Published: Sep. 09, 2025
- Modified: Oct. 02, 2025
-
6.3
MEDIUMCVE-2025-49089
wangxutech MoneyPrinterTurbo 1.2.6 allows path traversal via /api/v1/download/ URIs such as /api/v1/download//etc/passwd.... Read more
- Published: Sep. 15, 2025
- Modified: Oct. 02, 2025
- Vuln Type: Path Traversal
-
5.3
MEDIUMCVE-2025-59474
Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission, allowing attackers without Overall/Read permission to list agent names thr... Read more
Affected Products : jenkins- Published: Sep. 17, 2025
- Modified: Oct. 02, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-59475
Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check for the authenticated user profile dropdown menu, allowing attackers without Overall/Read permission to obtain limited information about the Jenkins configuration by li... Read more
Affected Products : jenkins- Published: Sep. 17, 2025
- Modified: Oct. 02, 2025
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2025-53797
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.... Read more
- Published: Sep. 09, 2025
- Modified: Oct. 02, 2025
-
6.5
MEDIUMCVE-2025-53796
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.... Read more
- Published: Sep. 09, 2025
- Modified: Oct. 02, 2025
-
7.0
HIGHCVE-2025-49734
Improper restriction of communication channel to intended endpoints in Windows PowerShell allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 powershell windows_11_23h2 +4 more products- Published: Sep. 09, 2025
- Modified: Oct. 02, 2025
-
5.3
MEDIUMCVE-2025-59476
Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not restrict or transform the characters that can be inserted from user-specified content in log messages, allowing attackers able to control log message contents to insert line break characters, fol... Read more
Affected Products : jenkins- Published: Sep. 17, 2025
- Modified: Oct. 02, 2025
- Vuln Type: Information Disclosure
-
8.8
HIGHCVE-2025-11113
A vulnerability was detected in CodeAstro Online Leave Application 1.0. Affected is an unknown function of the file /signup.php. Performing manipulation of the argument city results in sql injection. The attack may be initiated remotely. The exploit is no... Read more
Affected Products : online_leave_application- Published: Sep. 28, 2025
- Modified: Oct. 02, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-11109
A vulnerability was identified in Campcodes Computer Sales and Inventory System 1.0. The affected element is an unknown function of the file /pages/us_edit.php?action=edit. The manipulation of the argument ID leads to sql injection. It is possible to init... Read more
Affected Products : computer_sales_and_inventory_system- Published: Sep. 28, 2025
- Modified: Oct. 02, 2025
- Vuln Type: Injection