Latest CVE Feed
-
7.4
CVSS31CVE-2025-6248
A cross-site scripting (XSS) vulnerability was reported in the Lenovo Browser that could allow an attacker to obtain sensitive information if a user visits a web page with specially crafted content.... Read more
Affected Products : browser- Published: Jul. 17, 2025
- Modified: Jul. 17, 2025
-
7.3
CVSS31CVE-2025-7814
A vulnerability classified as critical was found in code-projects Food Ordering Review System 1.0. This vulnerability affects unknown code of the file /pages/signup_function.php. The manipulation of the argument fname leads to sql injection. The attack ca... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
7.3
CVSS31CVE-2025-7764
A vulnerability classified as critical has been found in code-projects Online Appointment Booking System 1.0. Affected is an unknown function of the file /admin/deletedoctorclinic.php. The manipulation of the argument clinic leads to sql injection. It is ... Read more
Affected Products : online_appointment_booking_system- Published: Jul. 17, 2025
- Modified: Jul. 18, 2025
-
7.3
CVSS31CVE-2025-7765
A vulnerability classified as critical was found in code-projects Online Appointment Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/addmanagerclinic.php. The manipulation of the argument clinic leads to s... Read more
Affected Products : online_appointment_booking_system- Published: Jul. 17, 2025
- Modified: Jul. 18, 2025
-
7.3
CVSS31CVE-2025-7757
A vulnerability classified as critical was found in PHPGurukul Land Record System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit-property.php. The manipulation of the argument editid leads to sql injection. The attack ca... Read more
Affected Products : land_record_system- Published: Jul. 17, 2025
- Modified: Jul. 18, 2025
-
7.3
CVSS31CVE-2025-7801
A vulnerability has been found in BossSoft CRM 6.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /crm/module/HNDCBas_customPrmSearchDtl.jsp. The manipulation of the argument cstid leads to sql injection... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
7.1
CVSS31CVE-2025-52169
agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability.... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
7.1
CVSS31CVE-2025-23270
NVIDIA Jetson Linux contains a vulnerability in UEFI Management mode, where an unprivileged local attacker may cause exposure of sensitive information via a side channel vulnerability. A successful exploit of this vulnerability might lead to code executio... Read more
Affected Products :- Published: Jul. 17, 2025
- Modified: Jul. 17, 2025
-
7.0
CVSS31CVE-2025-53945
apko allows users to build and publish OCI container images built from apk packages. Starting in version 0.27.0 and prior to version 0.29.5, critical files were inadvertently set to 0666, which could likely be abused for root escalation. Version 0.29.5 co... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
7.0
CVSS31CVE-2025-1700
A DLL hijacking vulnerability was reported in the Motorola Software Fix (Rescue and Smart Assistant) installer that could allow a local attacker to escalate privileges during installation of the software.... Read more
Affected Products : software_fix- Published: Jul. 17, 2025
- Modified: Jul. 17, 2025
-
6.8
CVSS31CVE-2025-6233
Mattermost versions 10.8.x <= 10.8.1, 10.7.x <= 10.7.3, 10.5.x <= 10.5.7, 9.11.x <= 9.11.16 fail to sanitize input paths of file attachments in the bulk import JSONL file, which allows a system admin to read arbitrary system files via path traversal.... Read more
Affected Products : mattermost_server- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
6.7
CVSS31CVE-2025-6249
An authentication bypass vulnerability was reported in FileZ client application that could allow a local attacker with elevated permissions access to application data.... Read more
Affected Products : filez_client- Published: Jul. 17, 2025
- Modified: Jul. 17, 2025
-
6.7
CVSS31CVE-2024-27779
An insufficient session expiration vulnerability [CWE-613] in FortiSandbox FortiSandbox version 4.4.4 and below, version 4.2.6 and below, 4.0 all versions, 3.2 all versions and FortiIsolator version 2.4 and below, 2.3 all versions, 2.2 all versions, 2.1 a... Read more
- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
6.7
CVSS31CVE-2025-4657
A buffer overflow vulnerability was reported in the Lenovo Protection Driver, prior to version 5.1.1110.4231, used in Lenovo PC Manager, Lenovo Browser, and Lenovo App Store could allow a local attacker with elevated privileges to execute arbitrary code.... Read more
- Published: Jul. 17, 2025
- Modified: Jul. 17, 2025
-
6.7
CVSS31CVE-2025-1729
A DLL hijacking vulnerability was reported in TrackPoint Quick Menu software that, under certain conditions, could allow a local attacker to escalate privileges.... Read more
Affected Products : trackpoint_quick_menu- Published: Jul. 17, 2025
- Modified: Jul. 17, 2025
-
6.5
CVSS31CVE-2025-6717
The B1.lt plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 2.2.56 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Th... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
6.5
CVSS31CVE-2025-7784
A flaw was found in the Keycloak identity and access management system when Fine-Grained Admin Permissions(FGAPv2) are enabled. An administrative user with the manage-users role can escalate their privileges to realm-admin due to improper privilege enforc... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
6.5
CVSS31CVE-2025-54078
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in versions prior to 3.4.6 in the `personalizacao_imagem.php` endpoint of the WeGI... Read more
Affected Products : wegia- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
6.5
CVSS31CVE-2025-52163
A Server-Side Request Forgery (SSRF) in the component TunnelServlet of agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 allows attackers to forcefully initiate connections to arbitrary internal and external resources via a crafted request. This ca... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
6.5
CVSS31CVE-2025-45157
Insecure permissions in Splashin iOS v2.0 allow unauthorized attackers to access location data for specific users.... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025