Latest CVE Feed
-
6.9
MEDIUMCVE-2025-6999
An HTTP Request Smuggling [CWE-444] vulnerability in the Authentication portal of WatchGuard Fireware OS allows a remote attacker to evade request parameter sanitation and perform a reflected self-Cross-Site Scripting (XSS) attack.This issue affects Firew... Read more
Affected Products : fireware_os- Published: Sep. 15, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Cross-Site Request Forgery
-
2.1
LOWCVE-2025-43798
Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35 allows a time-based one-time password (TOTP) to be used multiple times during the validity period, which allows attackers with access to a user’s TOT... Read more
Affected Products : dxp- Published: Sep. 15, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-4688
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BGS Interactive SINAV.LINK Exam Result Module allows SQL Injection.This issue affects SINAV.LINK Exam Result Module: before 1.2.... Read more
Affected Products :- Published: Sep. 16, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2024-12913
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Megatek Communication System Azora Wireless Network Management allows SQL Injection.This issue affects Azora Wireless Network Management: through 2025091... Read more
Affected Products :- Published: Sep. 16, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Injection
-
3.5
LOWCVE-2025-26710
There is an an information disclosure vulnerability in ZTE T5400. Due to improper configuration of the access control mechanism, attackers can obtain information through interfaces without authorization, causing the risk of information disclosure.... Read more
Affected Products :- Published: Sep. 16, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Information Disclosure
-
8.8
HIGHCVE-2025-59142
color-string is a parser and generator for CSS color strings. On 8 September 2025, the npm publishing account for color-string was taken over after a phishing attack. Version 2.1.1 was published, functionally identical to the previous patch version, but w... Read more
Affected Products : color-string- Published: Sep. 15, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Supply Chain
-
5.5
MEDIUMCVE-2025-10472
A vulnerability has been found in harry0703 MoneyPrinterTurbo up to 1.2.6. The impacted element is the function download_video/stream_video of the file app/controllers/v1/video.py of the component URL Handler. The manipulation of the argument file_path le... Read more
Affected Products :- Published: Sep. 15, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Path Traversal
-
8.6
HIGHCVE-2024-12367
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vegagrup Software Vega Master allows Directory Indexing.This issue affects Vega Master: from v.1.12.35 through 20250916. NOTE: The vendor did not inform about th... Read more
Affected Products :- Published: Sep. 16, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Information Disclosure
-
9.6
CRITICALCVE-2025-7743
Cleartext Transmission of Sensitive Information vulnerability in Dolusoft Omaspot allows Interception, Privilege Escalation.This issue affects Omaspot: before 12.09.2025.... Read more
Affected Products :- Published: Sep. 16, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Cryptography
-
6.5
MEDIUMCVE-2025-5518
Authorization Bypass Through User-Controlled Key vulnerability with user privileges in ArgusTech BILGER allows Exploitation of Trusted Identifiers.This issue affects BILGER: before 2.4.6.... Read more
Affected Products :- Published: Sep. 16, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Authorization
-
0.0
NACVE-2023-53298
In the Linux kernel, the following vulnerability has been resolved: nfc: fix memory leak of se_io context in nfc_genl_se_io The callback context for sending/receiving APDUs to/from the selected secure element is allocated inside nfc_genl_se_io and suppo... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2023-53294
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix null-ptr-deref on inode->i_op in ntfs_lookup() Syzbot reported a null-ptr-deref bug: ntfs3: loop0: Different NTFS' sector size (1024) and media sector size (512) ntfs3: l... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Misconfiguration
-
0.0
NACVE-2023-53270
In the Linux kernel, the following vulnerability has been resolved: ext4: fix i_disksize exceeding i_size problem in paritally written case It is possible for i_disksize can exceed i_size, triggering a warning. generic_perform_write copied = iov_iter_... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Race Condition
-
8.8
HIGHCVE-2025-59331
is-arrayish checks if an object can be used like an Array. On 8 September 2025, an npm publishing account for is-arrayish was taken over after a phishing attack. Version 0.3.3 was published, functionally identical to the previous patch version, but with a... Read more
Affected Products :- Published: Sep. 15, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Supply Chain
-
8.8
HIGHCVE-2025-59140
backlash parses collected strings with escapes. On 8 September 2025, the npm publishing account for backslash was taken over after a phishing attack. Version 0.2.1 was published, functionally identical to the previous patch version, but with a malware pay... Read more
Affected Products :- Published: Sep. 15, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Supply Chain
-
5.3
MEDIUMCVE-2025-58172
drawnix is an all in one open-source whiteboard tool. In drawnix versions through 0.2.1, a cross-site scripting (XSS) vulnerability exists in the debug logging functionality. User controlled content is inserted directly into the DOM via innerHTML without ... Read more
Affected Products :- Published: Sep. 15, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Cross-Site Scripting
-
5.7
MEDIUMCVE-2025-26711
There is an unauthorized access vulnerability in ZTE T5400. Due to improper permission control of the Web module interface, an unauthorized attacker can obtain sensitive information through the interface.... Read more
Affected Products :- Published: Sep. 16, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Authorization
-
0.0
NACVE-2023-53300
In the Linux kernel, the following vulnerability has been resolved: media: hi846: Fix memleak in hi846_init_controls() hi846_init_controls doesn't clean the allocated ctrl_hdlr in case there is a failure, which causes memleak. Add v4l2_ctrl_handler_free... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 16, 2025
-
0.0
NACVE-2023-53287
In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: Put the cdns set active part outside the spin lock The device may be scheduled during the resume process, so this cannot appear in atomic operations. Since pm_runtime_set_ac... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Race Condition
-
0.0
NACVE-2023-53285
In the Linux kernel, the following vulnerability has been resolved: ext4: add bounds checking in get_max_inline_xattr_value_size() Normally the extended attributes in the inode body would have been checked when the inode is first opened, but if someone ... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Memory Corruption