Latest CVE Feed
-
8.2
HIGHCVE-2025-57882
An improper resource shutdown or release vulnerability has been identified in the Click Plus C2-03CPU-2 device running firmware version 3.60. The vulnerability allows an unauthenticated attacker to perform a denial-of-service attack by exhausting all avai... Read more
Affected Products :- Published: Sep. 23, 2025
- Modified: Sep. 24, 2025
- Vuln Type: Denial of Service
-
6.4
MEDIUMCVE-2025-60020
nncp before 8.12.0 allows path traversal (for reading or writing) during freqing and file saving via a crafted path in packet data.... Read more
Affected Products :- Published: Sep. 24, 2025
- Modified: Sep. 24, 2025
- Vuln Type: Path Traversal
-
7.0
HIGHCVE-2025-52905
Improper Input Validation vulnerability in TOTOLINK X6000R allows Flooding.This issue affects X6000R: through V9.4.0cu.1360_B20241207.... Read more
Affected Products : x6000r_firmware- Published: Sep. 23, 2025
- Modified: Sep. 24, 2025
- Vuln Type: Denial of Service
-
7.3
HIGHCVE-2025-59534
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.2, ... Read more
Affected Products : cryptolib- Published: Sep. 23, 2025
- Modified: Sep. 24, 2025
- Vuln Type: Injection
-
9.0
HIGHCVE-2025-10838
A vulnerability was identified in Tenda AC21 16.03.08.16. The affected element is the function sub_45BB10 of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to buffer overflow. It is possible to initiate the attack remo... Read more
Affected Products : ac21_firmware- Published: Sep. 23, 2025
- Modified: Sep. 24, 2025
- Vuln Type: Memory Corruption
-
5.0
MEDIUMCVE-2024-21927
Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to use certain special characters in manipulated Redfish® API commands, causing service processes like OpenBMC to crash and reset, potentially resulti... Read more
Affected Products :- Published: Sep. 23, 2025
- Modified: Sep. 24, 2025
- Vuln Type: Denial of Service
-
5.3
MEDIUMCVE-2025-43819
A Insufficient Session Expiration vulnerability in the Liferay Portal 7.4.3.121 through 7.3.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.3, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, and 2024.Q1.1 through 2024.Q1.12 is allow an remote... Read more
- Published: Sep. 24, 2025
- Modified: Sep. 24, 2025
- Vuln Type: Authentication
-
3.3
LOWCVE-2025-23255
NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary where a user may cause an out-of-bounds read by passing a malformed ELF file to cuobjdump. A successful exploit of this vulnerability may lead to a partial denial of se... Read more
Affected Products : cuda_toolkit- Published: Sep. 24, 2025
- Modified: Sep. 24, 2025
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-41716
The web application allows an unauthenticated remote attacker to learn information about existing user accounts with their corresponding role due to missing authentication for critical function.... Read more
Affected Products :- Published: Sep. 24, 2025
- Modified: Sep. 24, 2025
- Vuln Type: Authentication
-
0.0
NACVE-2024-58241
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Disable works on hci_unregister_dev This make use of disable_work_* on hci_unregister_dev since the hci_dev is about to be freed new submissions are not disarable.... Read more
Affected Products : linux_kernel- Published: Sep. 24, 2025
- Modified: Sep. 24, 2025
-
6.9
MEDIUMCVE-2025-43779
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2024.Q1.1 through 2024.Q1.18 and 7.4 GA through update 92 allows a remote authenticated attacker to inject JavaScript code via _com_liferay... Read more
- Published: Sep. 24, 2025
- Modified: Sep. 24, 2025
- Vuln Type: Cross-Site Scripting
-
8.7
HIGHCVE-2025-10244
A maliciously crafted HTML payload, when rendered by the Autodesk Fusion desktop application, can trigger a Stored Cross-site Scripting (XSS) vulnerability. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in... Read more
Affected Products : fusion- Published: Sep. 23, 2025
- Modified: Sep. 24, 2025
- Vuln Type: Cross-Site Scripting
-
8.8
HIGHCVE-2025-9844
Uncontrolled Search Path Element vulnerability in Salesforce Salesforce CLI on Windows allows Replace Trusted Executable.This issue affects Salesforce CLI: before 2.106.6.... Read more
Affected Products :- Published: Sep. 23, 2025
- Modified: Sep. 24, 2025
- Vuln Type: Path Traversal
-
6.4
MEDIUMCVE-2025-8902
The Widget Options - Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'do_sidebar' shortcode in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping on user supplied... Read more
Affected Products :- Published: Sep. 23, 2025
- Modified: Sep. 24, 2025
- Vuln Type: Cross-Site Scripting
-
0.0
NACVE-2025-39868
In the Linux kernel, the following vulnerability has been resolved: erofs: fix runtime warning on truncate_folio_batch_exceptionals() Commit 0e2f80afcfa6("fs/dax: ensure all pages are idle prior to filesystem unmount") introduced the WARN_ON_ONCE to cap... Read more
Affected Products : linux_kernel- Published: Sep. 23, 2025
- Modified: Sep. 24, 2025
- Vuln Type: Misconfiguration
-
4.5
MEDIUMCVE-2025-23274
NVIDIA nvJPEG contains a vulnerability in jpeg encoding where a user may cause an out-of-bounds read by providing a maliciously crafted input image with dimensions that cause integer overflows in array index calculations. A successful exploit of this vuln... Read more
Affected Products : cuda_toolkit- Published: Sep. 24, 2025
- Modified: Sep. 24, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-26399
SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass ... Read more
Affected Products : web_help_desk- Published: Sep. 23, 2025
- Modified: Sep. 24, 2025
- Vuln Type: Injection
-
8.2
HIGHCVE-2025-58473
An improper resource shutdown or release vulnerability has been identified in the Click Plus C2-03CPU-2 device running firmware version 3.60. The vulnerability allows an unauthenticated attacker to perform a denial-of-service attack by exhausting all avai... Read more
Affected Products :- Published: Sep. 23, 2025
- Modified: Sep. 24, 2025
- Vuln Type: Denial of Service
-
8.8
HIGHCVE-2025-10380
The Advanced Views – Display Posts, Custom Fields, and More plugin for WordPress is vulnerable to Server-Side Template Injection in all versions up to, and including, 3.7.19. This is due to insufficient input sanitization and lack of access control when p... Read more
Affected Products :- Published: Sep. 23, 2025
- Modified: Sep. 24, 2025
- Vuln Type: Injection
-
8.7
HIGHCVE-2025-59484
The use of a broken or risky cryptographic algorithm was discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software uses an insecure implementation of the RSA encryption algorithm.... Read more
Affected Products :- Published: Sep. 23, 2025
- Modified: Sep. 24, 2025
- Vuln Type: Cryptography