Latest CVE Feed
-
5.3
MEDIUMCVE-2025-43797
In Liferay Portal 7.1.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions, the default membership type of a newly created site is “Open” which allo... Read more
- Published: Sep. 15, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Misconfiguration
-
0.0
NACVE-2023-53273
In the Linux kernel, the following vulnerability has been resolved: Drivers: vmbus: Check for channel allocation before looking up relids relid2channel() assumes vmbus channel array to be allocated when called. However, in cases such as kdump/kexec, not... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-59145
color-name is a JSON with CSS color names. On 8 September 2025, an npm publishing account for color-name was taken over after a phishing attack. Version 2.0.1 was published, functionally identical to the previous patch version, but with a malware payload ... Read more
Affected Products :- Published: Sep. 15, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Supply Chain
-
6.3
MEDIUMCVE-2025-55211
FreePBX is an open-source web-based graphical user interface. From 17.0.19.11 to before 17.0.21, authenticated users of the Administrator Control Panel (ACP) can run arbitrary shell commands by maliciously changing languages of the framework module. This ... Read more
Affected Products :- Published: Sep. 15, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-10477
A vulnerability was identified in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. The affected element is an unknown function of the file /Profilers/PriProfile/eligibility.php. Such manipulation of the argument Branch leads to... Read more
Affected Products :- Published: Sep. 15, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Injection
-
6.9
MEDIUMCVE-2025-43799
Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35, and older unsupported versions does not limit access to APIs before a us... Read more
- Published: Sep. 15, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Authorization
-
3.2
LOWCVE-2025-59437
The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value 0 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415. NOTE: in current vers... Read more
Affected Products : ip- Published: Sep. 16, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Server-Side Request Forgery
-
5.7
MEDIUMCVE-2025-26711
There is an unauthorized access vulnerability in ZTE T5400. Due to improper permission control of the Web module interface, an unauthorized attacker can obtain sensitive information through the interface.... Read more
Affected Products :- Published: Sep. 16, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-8446
The Blaze Demo Importer plugin for WordPress is vulnerable to unauthorized limited plugin install due to a missing capability check on the 'blaze_demo_importer_install_plugin' function in all versions up to, and including, 1.0.12. This makes it possible f... Read more
Affected Products :- Published: Sep. 16, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2025-7744
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Dolusoft Omaspot allows SQL Injection.This issue affects Omaspot: before 12.09.2025.... Read more
Affected Products :- Published: Sep. 16, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-59141
simple-swizzle swizzles function arguments. On 8 September 2025, the npm publishing account for simple-swizzle was taken over after a phishing attack. Version 0.2.3 was published, functionally identical to the previous patch version, but with a malware pa... Read more
Affected Products :- Published: Sep. 15, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Supply Chain
-
9.6
CRITICALCVE-2025-7743
Cleartext Transmission of Sensitive Information vulnerability in Dolusoft Omaspot allows Interception, Privilege Escalation.This issue affects Omaspot: before 12.09.2025.... Read more
Affected Products :- Published: Sep. 16, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Cryptography
-
0.0
NACVE-2023-53280
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue System crash when qla2x00_start_sp(sp) returns error code EGAIN and wake_up gets called for uninitialized wait queue sp->nvme_ls_wa... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2025-10471
A vulnerability was detected in ZKEACMS 4.3. Impacted is the function Proxy of the file src/ZKEACMS/Controllers/MediaController.cs. Performing manipulation of the argument url results in server-side request forgery. It is possible to initiate the attack r... Read more
Affected Products :- Published: Sep. 15, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Server-Side Request Forgery
-
5.0
MEDIUMCVE-2025-59397
Open Web Analytics (OWA) before 1.8.1 allows SQL injection.... Read more
Affected Products : open_web_analytics- Published: Sep. 15, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Injection
-
0.0
NACVE-2023-53281
In the Linux kernel, the following vulnerability has been resolved: drivers: staging: rtl8723bs: Fix locking in _rtw_join_timeout_handler() Commit 041879b12ddb ("drivers: staging: rtl8192bs: Fix deadlock in rtw_joinbss_event_prehandle()") besides fixing... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Race Condition
-
2.3
LOWCVE-2025-43792
Remote staging in Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not properly obtain t... Read more
- Published: Sep. 15, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Server-Side Request Forgery
-
8.5
HIGHCVE-2025-10203
Relative path traversal vulnerability due to improper input validation in Digilent WaveForms that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .DWF3WORK file. This vulnera... Read more
Affected Products :- Published: Sep. 15, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Path Traversal
-
0.0
NACVE-2023-53288
In the Linux kernel, the following vulnerability has been resolved: drm/client: Fix memory leak in drm_client_modeset_probe When a new mode is set to modeset->mode, the previous mode should be freed. This fixes the following kmemleak report: drm_mode_d... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-4688
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BGS Interactive SINAV.LINK Exam Result Module allows SQL Injection.This issue affects SINAV.LINK Exam Result Module: before 1.2.... Read more
Affected Products :- Published: Sep. 16, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Injection