Latest CVE Feed
-
8.1
HIGHCVE-2025-41251
VMware NSX contains a weak password recovery mechanism vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially enabling brute-force attacks. Impact: Username enumeration → credential brute force risk. ... Read more
Affected Products :- Published: Sep. 29, 2025
- Modified: Sep. 29, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2024-13150
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Fayton Software and Consulting Services fayton.Pro ERP allows SQL Injection.This issue affects fayton.Pro ERP: through 20250929.... Read more
Affected Products :- Published: Sep. 29, 2025
- Modified: Sep. 29, 2025
- Vuln Type: Injection
-
8.7
HIGHCVE-2025-9648
A vulnerability in the CivetWeb library's function mg_handle_form_request allows remote attackers to trigger a denial of service (DoS) condition. By sending a specially crafted HTTP POST request containing a null byte in the payload, the server enters an ... Read more
Affected Products :- Published: Sep. 29, 2025
- Modified: Sep. 29, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-41252
Description: VMware NSX contains a username enumeration vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially leading to unauthorized access attempts. Impact: Username enumeration → facilitates unau... Read more
Affected Products :- Published: Sep. 29, 2025
- Modified: Sep. 29, 2025
- Vuln Type: Authentication
-
4.9
MEDIUMCVE-2025-41245
VMware Aria Operations contains an information disclosure vulnerability. A malicious actor with non-administrative privileges in Aria Operations may exploit this vulnerability to disclose credentials of other users of Aria Operations.... Read more
- Published: Sep. 29, 2025
- Modified: Sep. 29, 2025
- Vuln Type: Information Disclosure