Latest CVE Feed
-
5.8
MEDIUMCVE-2024-52529
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For users with the following configuration: 1. An allow policy that selects a Layer 3 destination and a port range `AND` 2. A Layer 7 allow policy that selects a sp... Read more
Affected Products : cilium- Published: Nov. 25, 2024
- Modified: Sep. 03, 2025
-
5.3
MEDIUMCVE-2025-23028
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. A denial of service vulnerability affects versions 1.14.0 through 1.14.7, 1.15.0 through 1.15.11, and 1.16.0 through 1.16.4. In a Kubernetes cluster where Cilium is... Read more
Affected Products : cilium- Published: Jan. 22, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2025-23047
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An insecure default `Access-Control-Allow-Origin` header value could lead to sensitive data exposure for users of Cilium versions 1.14.0 through 1.14.7, 1.15.0 thro... Read more
Affected Products : cilium- Published: Jan. 22, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Misconfiguration
-
4.0
MEDIUMCVE-2025-32793
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.15.0 to 1.15.15, 1.16.0 to 1.16.8, and 1.17.0 to 1.17.2, are vulnerable when using Wireguard transparent encryption in a Cilium cluster, packets that ori... Read more
Affected Products : cilium- Published: Apr. 21, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Race Condition
-
7.6
HIGHCVE-2025-9959
Incomplete validation of dunder attributes allows an attacker to escape from the Local Python execution environment sandbox, enforced by smolagents. The attack requires a Prompt Injection in order to trick the agent to create malicious code.... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Injection
-
5.3
MEDIUMCVE-2025-9922
A security vulnerability has been detected in Campcodes Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php. Such manipulation of the argument page leads to cross site scripting. The attack can... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-9921
A weakness has been identified in code-projects POS Pharmacy System 1.0. Affected is an unknown function of the file /main/products.php. This manipulation of the argument product_code/gen_name/product_name/supplier causes cross site scripting. The attack ... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Cross-Site Scripting
-
0.0
NACVE-2025-9867
Inappropriate implementation in Downloads in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Misconfiguration
-
0.0
NACVE-2025-9866
Inappropriate implementation in Extensions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Misconfiguration
-
0.0
NACVE-2025-9865
Inappropriate implementation in Toolbar in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Me... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Information Disclosure
-
8.8
HIGHCVE-2025-9864
Use after free in V8 in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-56761
Memos 0.22 is vulnerable to Stored Cross site scripting (XSS) vulnerabilities by the upload attachment and user avatar features. Memos does not verify the content type of the uploaded data and serve it back as is. An authenticated attacker can use this to... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Cross-Site Scripting
-
0.0
NACVE-2025-56760
When Memos 0.22 is configured to store objects locally, an attacker can create a file via the CreateResource endpoint containing a path traversal sequence in the name, allowing arbitrary file write on the server.... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Path Traversal
-
0.0
NACVE-2025-56689
An issue was discovered in Quest One Identity 7.5.1.20903. A crafted response manipulation can bypass the OTP on MFA page which leads to access the PAM portal without OTP allowing attackers to control an arbitrary account.... Read more
Affected Products :- Published: Sep. 03, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Authentication
-
6.0
MEDIUMCVE-2025-4876
ConnectWise-Password-Encryption-Utility.exe in ConnectWise Risk Assessment allows an attacker to extract a hardcoded AES decryption key via reverse engineering. This key is embedded in plaintext within the binary and used in cryptographic operations witho... Read more
Affected Products : risk_assessment- Published: May. 19, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Cryptography
-
8.1
HIGHCVE-2025-3935
ScreenConnect versions 25.2.3 and earlier versions may be susceptible to a ViewState code injection attack. ASP.NET Web Forms use ViewState to preserve page and control state, with data encoded using Base64 protected by machine keys. It is important to n... Read more
Affected Products : screenconnect- Actively Exploited
- Published: Apr. 25, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Injection
-
7.3
HIGHCVE-2025-22417
In finishTransition of Transition.java, there is a possible way to bypass touch filtering restrictions due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is... Read more
Affected Products : android- Published: Sep. 02, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Authentication
-
7.8
HIGHCVE-2025-22416
In onCreate of ChooserActivity.java , there is a possible way to view other users' images due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploit... Read more
Affected Products : android- Published: Sep. 02, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Authorization
-
7.8
HIGHCVE-2022-49493
In the Linux kernel, the following vulnerability has been resolved: ASoC: rt5645: Fix errorenous cleanup order There is a logic error when removing rt5645 device as the function rt5645_i2c_remove() first cancel the &rt5645->jack_detect_work and delete t... Read more
Affected Products : linux_kernel- Published: Feb. 26, 2025
- Modified: Sep. 03, 2025
- Vuln Type: Race Condition
-
6.5
MEDIUMCVE-2025-32387
Helm is a package manager for Charts for Kubernetes. A JSON Schema file within a chart can be crafted with a deeply nested chain of references, leading to parser recursion that can exceed the stack size limit and trigger a stack overflow. This issue has b... Read more
Affected Products : helm- Published: Apr. 09, 2025
- Modified: Sep. 03, 2025