Latest CVE Feed
-
7.2
HIGHCVE-2025-8575
The LWS Cleaner plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'lws_cl_delete_file' function in all versions up to, and including, 2.4.1.3. This makes it possible for authenticated attackers, ... Read more
Affected Products : lws_cleaner- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Path Traversal
-
6.9
MEDIUMCVE-2025-10267
NUP Portal developed by NewType Infortech has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly upload files. If the attacker manages to bypass the file extension restrictions, they could upload a webshell and e... Read more
Affected Products :- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Authentication
-
6.3
MEDIUMCVE-2025-55996
Viber Desktop 25.6.0 is vulnerable to HTML Injection via the text parameter of the message compose/forward interface... Read more
Affected Products :- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Injection
-
0.0
NACVE-2022-50248
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix double free on tx path. We see kernel crashes and lockups and KASAN errors related to ax210 firmware crashes. One of the KASAN dumps pointed at the tx path, and... Read more
Affected Products : linux_kernel- Published: Sep. 15, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Memory Corruption
-
5.8
MEDIUMCVE-2025-8280
The Contact Form 7 reCAPTCHA WordPress plugin through 1.2.0 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers.... Read more
Affected Products :- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Cross-Site Scripting
-
9.8
CRITICALCVE-2025-9556
Langchaingo supports the use of jinja2 syntax when parsing prompts, which is in turn parsed using the gonja library v1.5.3. Gonja supports include and extends syntax to read files, which leads to a server side template injection vulnerability within lang... Read more
Affected Products :- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-10433
A vulnerability was determined in 1Panel-dev MaxKB up to 2.0.2/2.1.0. This issue affects some unknown processing of the file /admin/api/workspace/default/tool/debug. Executing manipulation of the argument code can lead to deserialization. The attack can b... Read more
Affected Products : maxkb- Published: Sep. 15, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Injection
-
6.3
MEDIUMCVE-2025-58781
WTW-EAGLE App does not properly validate server certificates, which may allow a man-in-the-middle attacker to monitor encrypted traffic.... Read more
Affected Products :- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Cryptography
-
8.0
HIGHCVE-2025-57577
An issue in H3C Device R365V300R004 allows a remote attacker to execute arbitrary code via the default password. NOTE: the Supplier's position is that their "product lines enforce or clearly prompt users to change any initial credentials upon first use. A... Read more
Affected Products :- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Authentication
-
5.9
MEDIUMCVE-2025-59058
httpsig-rs is a Rust implementation of IETF RFC 9421 http message signatures. Prior to version 0.0.19, the HMAC signature comparison is not timing-safe. This makes anyone who uses HS256 signature verification vulnerable to a timing attack that allows the ... Read more
Affected Products :- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Cryptography
-
5.3
MEDIUMCVE-2025-10148
curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malici... Read more
Affected Products : curl- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Misconfiguration
-
5.5
MEDIUMCVE-2025-10288
A vulnerability was found in roncoo roncoo-pay up to 9428382af21cd5568319eae7429b7e1d0332ff40. The impacted element is an unknown function of the file /user/info/list. Performing manipulation results in improper authentication. It is possible to initiate ... Read more
Affected Products :- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Authentication
-
9.3
CRITICALCVE-2025-10365
The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. This device exposes a web management interface on port 80. This web management interface can be used by administrators to control product features, setup netw... Read more
Affected Products :- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Injection
-
0.0
NACVE-2022-50235
In the Linux kernel, the following vulnerability has been resolved: NFSD: Protect against send buffer overflow in NFSv2 READDIR Restore the previous limit on the @count argument to prevent a buffer overflow attack.... Read more
Affected Products : linux_kernel- Published: Sep. 15, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-39793
In the Linux kernel, the following vulnerability has been resolved: io_uring/memmap: cast nr_pages to size_t before shifting If the allocated size exceeds UINT_MAX, then it's necessary to cast the mr->nr_pages value to size_t to prevent it from overflow... Read more
Affected Products : linux_kernel- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2022-50252
In the Linux kernel, the following vulnerability has been resolved: igb: Do not free q_vector unless new one was allocated Avoid potential use-after-free condition under memory pressure. If the kzalloc() fails, q_vector will be freed but left in the ori... Read more
Affected Products : linux_kernel- Published: Sep. 15, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2022-50254
In the Linux kernel, the following vulnerability has been resolved: media: ov8865: Fix an error handling path in ov8865_probe() The commit in Fixes also introduced some new error handling which should goto the existing error handling path. Otherwise som... Read more
Affected Products : linux_kernel- Published: Sep. 15, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Misconfiguration
-
0.0
NACVE-2022-50255
In the Linux kernel, the following vulnerability has been resolved: tracing: Fix reading strings from synthetic events The follow commands caused a crash: # cd /sys/kernel/tracing # echo 's:open char file[]' > dynamic_events # echo 'hist:keys=com... Read more
Affected Products : linux_kernel- Published: Sep. 15, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2022-50240
In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF of alloc->vma in race with munmap() In commit 720c24192404 ("ANDROID: binder: change down_write to down_read") binder assumed the mmap read lock is sufficient to protect... Read more
Affected Products : linux_kernel- Published: Sep. 15, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Race Condition
-
0.0
NACVE-2022-50236
In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: Fix crash on isr after kexec() If the system is rebooted via isr(), the IRQ handler might be triggered before the domain is initialized. Resulting on an invalid memory a... Read more
Affected Products : linux_kernel- Published: Sep. 15, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Memory Corruption