Latest CVE Feed
-
7.5
HIGHCVE-2023-28760
TP-Link AX1800 WiFi 6 Router (Archer AX21) devices allow unauthenticated attackers (on the LAN) to execute arbitrary code as root via the db_dir field to minidlnad. The attacker obtains the ability to modify files.db, and that can be used to reach a stack... Read more
Affected Products :- Published: Oct. 02, 2025
- Modified: Oct. 02, 2025
- Vuln Type: Memory Corruption
-
8.7
HIGHCVE-2025-40645
Exposure of sensitive information in Viday. This vulnerability could allow an unauthenticated attacker to obtain sensitive information about customers by sending an HTTP GET request to “/api/reserva/web/clients” using the “phone” parameter.... Read more
Affected Products :- Published: Oct. 02, 2025
- Modified: Oct. 02, 2025
- Vuln Type: Information Disclosure
-
9.4
CRITICALCVE-2025-11221
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Unrestricted Upload of File with Dangerous Type vulnerability in GTONE ChangeFlow allows Path Traversal, Accessing Functionality Not Properly Constrained by ACLs.This issue af... Read more
Affected Products :- Published: Oct. 02, 2025
- Modified: Oct. 02, 2025
- Vuln Type: Path Traversal
-
5.1
MEDIUMCVE-2025-41010
Incorrect Cross-Origin Resource Sharing (CORS) configuration in Hiberus Sintra. Cross-Origin Resource Sharing (CORS) allows browsers to make cross-domain requests in a controlled manner. This request has an “Origin” header that identifies the domain makin... Read more
Affected Products :- Published: Oct. 02, 2025
- Modified: Oct. 02, 2025
- Vuln Type: Misconfiguration