Latest CVE Feed
-
10.0
CRITICALCVE-2010-10016
BS.Player version 2.57 (build 1051) contains a vulnerability in its playlist import functionality. When processing .m3u files, the application fails to properly validate the length of playlist entries, resulting in a buffer overflow condition. This flaw o... Read more
Affected Products :- Published: Aug. 30, 2025
- Modified: Aug. 30, 2025
- Vuln Type: Memory Corruption
-
10.0
CRITICALCVE-2009-20011
ContentKeeper Web Appliance (now maintained by Impero Software) versions prior to 125.10 are vulnerable to remote command execution due to insecure handling of file uploads via the mimencode CGI utility. The vulnerability allows unauthenticated attackers ... Read more
Affected Products :- Published: Aug. 30, 2025
- Modified: Aug. 30, 2025
- Vuln Type: Authentication
-
9.3
CRITICALCVE-2009-20010
Dogfood CRM version 2.0.10 contains a remote command execution vulnerability in the spell.php script used by its mail subsystem. The vulnerability arises from unsanitized user input passed via a POST request to the data parameter, which is processed by th... Read more
Affected Products :- Published: Aug. 30, 2025
- Modified: Aug. 30, 2025
- Vuln Type: Injection
-
9.3
CRITICALCVE-2009-20009
Belkin Bulldog Plus version 4.0.2 build 1219 contains a stack-based buffer overflow vulnerability in its web service authentication handler. When a specially crafted HTTP request is sent with an oversized Authorization header, the application fails to pro... Read more
Affected Products :- Published: Aug. 30, 2025
- Modified: Aug. 30, 2025
- Vuln Type: Memory Corruption
-
8.6
HIGHCVE-2009-20008
Green Dam Youth Escort version 3.17 is vulnerable to a stack-based buffer overflow when processing overly long URLs. The flaw resides in the URL filtering component, which fails to properly validate input length before copying user-supplied data into a fi... Read more
Affected Products :- Published: Aug. 30, 2025
- Modified: Aug. 30, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2008-20001
activePDF WebGrabber version 3.8.2.0 contains a stack-based buffer overflow vulnerability in the GetStatus() method of the APWebGrb.ocx ActiveX control. By passing an overly long string to this method, a remote attacker can execute arbitrary code in the c... Read more
Affected Products :- Published: Aug. 30, 2025
- Modified: Aug. 30, 2025
- Vuln Type: Memory Corruption
-
8.7
HIGHCVE-2005-10004
Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graph_view.php script. An authenticated user can inject arbitrary shell commands via the graph_start GET parameter, which is improperly handled during graph rendering.... Read more
Affected Products :- Published: Aug. 30, 2025
- Modified: Aug. 30, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-9689
A vulnerability was detected in SourceCodester Advanced School Management System 1.0. The impacted element is an unknown function of the file /index.php/stock/item_select. The manipulation of the argument q results in sql injection. It is possible to laun... Read more
Affected Products : advanced_school_management_system- Published: Aug. 30, 2025
- Modified: Aug. 30, 2025
- Vuln Type: Injection
-
5.1
MEDIUMCVE-2025-9688
A security vulnerability has been detected in Mupen64Plus up to 2.6.0. The affected element is the function write_is_viewer of the file src/device/cart/is_viewer.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely... Read more
Affected Products :- Published: Aug. 30, 2025
- Modified: Aug. 30, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-34165
A stack-based buffer overflow vulnerability in NetSupport Manager 14.x versions prior to 14.12.0000 allows a remote, unauthenticated attacker to cause a denial of service (DoS) or potentially leak a limited amount of memory.... Read more
Affected Products :- Published: Aug. 30, 2025
- Modified: Aug. 30, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-34164
A heap-based buffer overflow vulnerability in NetSupport Manager 14.x versions prior to 14.12.0000 allows a remote, unauthenticated attacker to cause a denial of service (DoS) or potentially result in arbitrary code execution.... Read more
Affected Products :- Published: Aug. 30, 2025
- Modified: Aug. 30, 2025
- Vuln Type: Memory Corruption
-
7.6
HIGHCVE-2025-0165
IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data 4.8.4, 4.8.5, and 5.0.0 through 5.2.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delet... Read more
Affected Products : watsonx_orchestrate_cartridge_for_ibm_cloud_pak_for_data- Published: Aug. 30, 2025
- Modified: Aug. 30, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-9687
A weakness has been identified in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/HistoricoEscolar/processamentoApi. Executing manipulation can lead to improper authorization. The attack may be performed from a remote l... Read more
Affected Products : i-educar- Published: Aug. 30, 2025
- Modified: Aug. 30, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-9686
A security flaw has been discovered in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /module/AreaConhecimento/edit of the component Listagem de áreas de conhecimento Page. Performing manipulation of the argument ID... Read more
Affected Products : i-educar- Published: Aug. 30, 2025
- Modified: Aug. 30, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-9685
A vulnerability was identified in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /module/AreaConhecimento/view of the component Listagem de áreas de conhecimento Page. Such manipulation of the argument ID leads to sql ... Read more
Affected Products : i-educar- Published: Aug. 30, 2025
- Modified: Aug. 30, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-9684
A vulnerability was determined in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /module/FormulaMedia/edit of the component Formula de Cálculo de Média Page. This manipulation of the argument ID causes sql injection. Remote explo... Read more
Affected Products : i-educar- Published: Aug. 30, 2025
- Modified: Aug. 30, 2025
- Vuln Type: Injection
-
5.1
MEDIUMCVE-2025-9683
A vulnerability was found in O2OA up to 10.0-410. Affected by this issue is some unknown functionality of the file /x_cms_assemble_control/jaxrs/form of the component Personal Profile Page. The manipulation results in cross site scripting. The attack may ... Read more
Affected Products :- Published: Aug. 30, 2025
- Modified: Aug. 30, 2025
- Vuln Type: Cross-Site Scripting
-
5.1
MEDIUMCVE-2025-9682
A vulnerability has been found in O2OA up to 10.0-410. Affected by this vulnerability is an unknown functionality of the file /x_cms_assemble_control/jaxrs/design/appdict of the component Personal Profile Page. The manipulation leads to cross site scripti... Read more
Affected Products :- Published: Aug. 30, 2025
- Modified: Aug. 30, 2025
- Vuln Type: Cross-Site Scripting
-
0.0
NACVE-2025-38677
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid out-of-boundary access in dnode page As Jiaming Zhang reported: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x1c1/0x2a0 lib/dump_stack.c:120 ... Read more
Affected Products : linux_kernel- Published: Aug. 30, 2025
- Modified: Aug. 30, 2025
- Vuln Type: Memory Corruption
-
5.1
MEDIUMCVE-2025-9681
A flaw has been found in O2OA up to 10.0-410. Affected is an unknown function of the file /x_program_center/jaxrs/agent of the component Personal Profile Page. Executing manipulation can lead to cross site scripting. The attack can be launched remotely. T... Read more
Affected Products :- Published: Aug. 30, 2025
- Modified: Aug. 30, 2025
- Vuln Type: Cross-Site Scripting