Latest CVE Feed
-
3.1
LOWCVE-2025-46824
The Discourse Code Review Plugin allows users to review GitHub commits on Discourse. Prior to commit eed3a80, an attacker can execute arbitrary JavaScript on users' browsers by posting links to malicious GitHub commits. This problem is patched in commit e... Read more
Affected Products :- Published: May. 07, 2025
- Modified: Aug. 20, 2025
- Vuln Type: Cross-Site Scripting
-
9.0
HIGHCVE-2025-8019
A vulnerability was found in Shenzhen Libituo Technology LBT-T300-T310 2.2.3.6. It has been rated as critical. Affected by this issue is the function sub_40B6F0 of the file at/appy.cgi. The manipulation of the argument wan_proto leads to buffer overflow. ... Read more
- Published: Jul. 22, 2025
- Modified: Aug. 20, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-46198
Cross Site Scripting vulnerability in grav v.1.7.48, v.1.7.47 and v.1.7.46 allows an attacker to execute arbitrary code via the onerror attribute of the img element... Read more
Affected Products : grav- Published: Jul. 25, 2025
- Modified: Aug. 20, 2025
- Vuln Type: Cross-Site Scripting
-
7.8
HIGHCVE-2025-21440
Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver.... Read more
Affected Products : aqt1000_firmware qca6391_firmware qca6420_firmware qca6430_firmware wcd9341_firmware wcd9380_firmware wcd9385_firmware wsa8810_firmware wsa8815_firmware qca1062_firmware +88 more products- Published: Apr. 07, 2025
- Modified: Aug. 20, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-26063
An issue in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows unauthenticated attackers to execute arbitrary code via injecting a crafted payload into the ESSID name when creating a network.... Read more
- Published: Jul. 31, 2025
- Modified: Aug. 20, 2025
- Vuln Type: Injection
-
7.3
HIGHCVE-2025-26064
A cross-site scripting (XSS) vulnerability in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name of a connnected device.... Read more
- Published: Jul. 31, 2025
- Modified: Aug. 20, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-7204
In ConnectWise PSA versions older than 2025.9, a vulnerability exists where authenticated users could gain access to sensitive user information. Specific API requests were found to return an overly verbose user object, which included encrypted password ha... Read more
Affected Products : professional_service_automation- Published: Jul. 09, 2025
- Modified: Aug. 20, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2024-56468
IBM InfoSphere Data Replication VSAM for z/OS Remote Source 11.4 could allow a remote user to cause a denial of service by sending an invalid HTTP request to the log reading service.... Read more
Affected Products : infosphere_data_replication- Published: Jul. 08, 2025
- Modified: Aug. 20, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-27073
Transient DOS while creating NDP instance.... Read more
Affected Products : qca6391_firmware qca6426_firmware qca6436_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sd_8_gen1_5g_firmware sd865_5g_firmware wcd9380_firmware wcd9385_firmware +330 more products- Published: Aug. 06, 2025
- Modified: Aug. 20, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-27065
Transient DOS while processing a frame with malformed shared-key descriptor.... Read more
Affected Products : qca6391_firmware qca6426_firmware qca6436_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sd_8_gen1_5g_firmware sd865_5g_firmware wcd9380_firmware wcd9385_firmware +290 more products- Published: Aug. 06, 2025
- Modified: Aug. 20, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-21477
Transient DOS while processing CCCH data when NW sends data with invalid length.... Read more
Affected Products : qca6391_firmware qca6595au_firmware qca6696_firmware wcd9341_firmware wcd9380_firmware wcd9385_firmware wcn3988_firmware wsa8810_firmware wsa8815_firmware wsa8830_firmware +168 more products- Published: Aug. 06, 2025
- Modified: Aug. 20, 2025
- Vuln Type: Denial of Service
-
7.8
HIGHCVE-2025-21456
Memory corruption while processing IOCTL command when multiple threads are called to map/unmap buffer concurrently.... Read more
Affected Products : qam8295p_firmware qca6574au_firmware qca6696_firmware sa6145p_firmware sa6150p_firmware sa6155p_firmware sa8145p_firmware sa8150p_firmware sa8155p_firmware sa8195p_firmware +118 more products- Published: Aug. 06, 2025
- Modified: Aug. 20, 2025
- Vuln Type: Memory Corruption
-
6.2
MEDIUMCVE-2025-54608
Vulnerability that allows setting screen rotation direction without permission verification in the screen management module. Impact: Successful exploitation of this vulnerability may cause device screen orientation to be arbitrarily set.... Read more
Affected Products : harmonyos- Published: Aug. 06, 2025
- Modified: Aug. 20, 2025
- Vuln Type: Authorization
-
7.8
HIGHCVE-2025-21455
Memory corruption while submitting blob data to kernel space though IOCTL.... Read more
Affected Products : qca6391_firmware qca6426_firmware qca6436_firmware sd865_5g_firmware sw5100_firmware sw5100p_firmware wcd9380_firmware wcd9385_firmware wcn3980_firmware wcn3988_firmware +48 more products- Published: Aug. 06, 2025
- Modified: Aug. 20, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2024-32006
A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 SP2). The affected application does not expire the user session on reboot without logout. This could allow an attacker to bypass Multi-Factor Authentication.... Read more
- Published: Sep. 10, 2024
- Modified: Aug. 20, 2025
-
8.1
HIGHCVE-2024-38365
btcd is an alternative full node bitcoin implementation written in Go (golang). The btcd Bitcoin client (versions 0.10 to 0.24) did not correctly re-implement Bitcoin Core's "FindAndDelete()" functionality. This logic is consensus-critical: the difference... Read more
Affected Products : btcd- Published: Oct. 11, 2024
- Modified: Aug. 20, 2025
-
7.5
HIGHCVE-2025-21452
Transient DOS while processing a random-access response (RAR) with an invalid PDU length on LTE network.... Read more
Affected Products : qca6391_firmware qca6426_firmware qca6436_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sd855_firmware sd865_5g_firmware wcd9341_firmware wcd9380_firmware +150 more products- Published: Aug. 06, 2025
- Modified: Aug. 20, 2025
- Vuln Type: Denial of Service
-
7.1
HIGHCVE-2025-52955
An Incorrect Calculation of Buffer Size vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause a memory corruption that leads to a rpd crash. Wh... Read more
- Published: Jul. 11, 2025
- Modified: Aug. 20, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-51543
An issue was discovered in Cicool builder 3.4.4 allowing attackers to reset the administrator's password via the /administrator/auth/reset_password endpoint.... Read more
Affected Products :- Published: Aug. 19, 2025
- Modified: Aug. 20, 2025
- Vuln Type: Authentication
-
5.9
MEDIUMCVE-2024-43382
Snowflake JDBC driver versions >= 3.2.6 and <= 3.19.1 have an Incorrect Security Setting that can result in data being uploaded to an encrypted stage without the additional layer of protection provided by client side encryption.... Read more
Affected Products : snowflake_jdbc- Published: Oct. 30, 2024
- Modified: Aug. 20, 2025