Latest CVE Feed
-
7.0
HIGHCVE-2023-6270
A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the access ... Read more
- EPSS Score: %0.02
- Published: Jan. 04, 2024
- Modified: Aug. 30, 2025
-
5.1
MEDIUMCVE-2025-9680
A vulnerability was detected in O2OA up to 10.0-410. This impacts an unknown function of the file /x_portal_assemble_designer/jaxrs/page of the component Personal Profile Page. Performing manipulation results in cross site scripting. The attack can be ini... Read more
Affected Products :- Published: Aug. 30, 2025
- Modified: Aug. 30, 2025
- Vuln Type: Cross-Site Scripting
-
5.9
MEDIUMCVE-2025-9341
Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java FIPS bc-fips on All (API modules), Legion of the Bouncy Castle Inc. Bouncy Castle for Java LTS bcprov-lts8on on All (API modules) allows Excessive A... Read more
Affected Products : bouncy_castle_for_java- Published: Aug. 22, 2025
- Modified: Aug. 30, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-9679
A security vulnerability has been detected in itsourcecode Student Information System 1.0. This affects an unknown function of the file /course_edit1.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack rem... Read more
Affected Products :- Published: Aug. 30, 2025
- Modified: Aug. 30, 2025
- Vuln Type: Injection
-
6.4
MEDIUMCVE-2025-9500
The TablePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘shortcode_debug’ parameter in all versions up to, and including, 3.2 due to insufficient input sanitization and output escaping. This makes it possible for authentic... Read more
Affected Products : tablepress- Published: Aug. 30, 2025
- Modified: Aug. 30, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-9499
The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's oceanwp_library shortcode in all versions up to, and including, 2.4.9 due to insufficient input sanitization and output escaping on user supplied attributes... Read more
Affected Products : ocean_extra- Published: Aug. 30, 2025
- Modified: Aug. 30, 2025
- Vuln Type: Cross-Site Scripting
-
9.3
CRITICALCVE-2025-54946
A SQL injection vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary SQL commands.... Read more
Affected Products :- Published: Aug. 30, 2025
- Modified: Aug. 30, 2025
- Vuln Type: Injection
-
10.0
CRITICALCVE-2025-54945
An external control of file name or path vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary system commands via a malicious file by controlling the destination file path.... Read more
Affected Products :- Published: Aug. 30, 2025
- Modified: Aug. 30, 2025
- Vuln Type: Path Traversal
-
6.9
MEDIUMCVE-2025-54944
An unrestricted upload of file with dangerous type vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to write malicious code in a specific file, which may lead to arbitrary code execution.... Read more
Affected Products :- Published: Aug. 30, 2025
- Modified: Aug. 30, 2025
- Vuln Type: Misconfiguration
-
9.3
CRITICALCVE-2025-54943
A missing authorization vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to perform unauthorized application deployment due to the absence of proper access control checks.... Read more
Affected Products :- Published: Aug. 30, 2025
- Modified: Aug. 30, 2025
- Vuln Type: Authorization
-
9.3
CRITICALCVE-2025-54942
A missing authentication for critical function vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to access deployment functionality without prior authentication.... Read more
Affected Products :- Published: Aug. 30, 2025
- Modified: Aug. 30, 2025
- Vuln Type: Authentication
-
4.3
MEDIUMCVE-2025-9618
The Related Posts Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unaut... Read more
Affected Products :- Published: Aug. 30, 2025
- Modified: Aug. 30, 2025
- Vuln Type: Cross-Site Request Forgery
-
4.3
MEDIUMCVE-2025-4956
Path Traversal: '.../...//' vulnerability in AA-Team Pro Bulk Watermark Plugin for WordPress allows Path Traversal.This issue affects Pro Bulk Watermark Plugin for WordPress: from n/a through 2.0.... Read more
Affected Products :- Published: Aug. 30, 2025
- Modified: Aug. 30, 2025
- Vuln Type: Path Traversal
-
8.1
HIGHCVE-2025-49405
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Favethemes Houzez allows PHP Local File Inclusion.This issue affects Houzez: from n/a before 4.1.4.... Read more
Affected Products : houzez- Published: Aug. 28, 2025
- Modified: Aug. 30, 2025
- Vuln Type: Path Traversal
-
10.0
CRITICALCVE-2025-57819
FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipul... Read more
Affected Products :- Actively Exploited
- Published: Aug. 28, 2025
- Modified: Aug. 30, 2025
- Vuln Type: Authentication
-
9.9
CRITICALCVE-2025-58159
WeGIA is a Web manager for charitable institutions. Prior to version 3.4.11, a remote code execution vulnerability was identified, caused by improper validation of uploaded files. The application allows an attacker to upload files with arbitrary filenames... Read more
Affected Products : wegia- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Misconfiguration
-
7.5
HIGHCVE-2025-9678
A weakness has been identified in Campcodes Online Loan Management System 1.0. The impacted element is an unknown function of the file /ajax.php?action=delete_borrower. This manipulation of the argument ID causes sql injection. It is possible to initiate ... Read more
Affected Products :- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Injection
-
2.3
LOWCVE-2025-58160
tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI es... Read more
Affected Products :- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Misconfiguration
-
7.5
HIGHCVE-2025-58157
gnark is a zero-knowledge proof system framework. In version 0.12.0, there is a potential denial of service vulnerability when computing scalar multiplication is using the fake-GLV algorithm. This is because the algorithm didn't converge quickly enough fo... Read more
Affected Products : gnark-crypto- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Denial of Service
-
1.9
LOWCVE-2025-58156
Centurion ERP is an ERP with a focus on ITSM and automation. In versions starting from 1.12.0 to before 1.21.0, an authenticated user can view all authentication token details within the database. This includes the actual token, although only the hashed t... Read more
Affected Products : centurion_erp- Published: Aug. 29, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Information Disclosure