Corgea LogoCorgea Security Hub

Latest Security Threats

Stay informed about emerging security threats, vulnerabilities, and the latest CVEs

MEDIUM
CVE-2025-5410
Cross-Site Request Forgery in Mist Community Edition
MEDIUM
CVE-2025-5411
Cross-site Scripting Vulnerability in Mist Community Edition
MEDIUM
CVE-2025-5412
Cross Site Scripting vulnerability in Mist Community Edition up to 4.7.1
MEDIUM
CVE-2025-5420
Cross-Site Scripting (XSS) vulnerability in juzaweb CMS
Medium
CVE-2025-5386
SQL injection vulnerability in JeeWMS, Medium Severity
MEDIUM
CVE-2025-5387
Improper Access Control vulnerability in JeeWMS
MEDIUM
CVE-2025-5388
Critical SQL injection vulnerability found in JeeWMS
MEDIUM
CVE-2025-5389
Improper access controls in JeeWMS.
MEDIUM
CVE-2025-5390
Critical vulnerability found in JeeWMS leading to improper access controls
MEDIUM
CVE-2025-5409
Mist Community Edition up to 4.7.1 improper access controls vulnerability
HIGH
CVE-2025-5156
Buffer overflow vulnerability found in H3C GR-5400AX in the EditWlanMacList function
MEDIUM
CVE-2025-5157
Critical vulnerability in H3C SecCenter SMP-E1114P02 up to 20250513 causing path traversal.
MEDIUM
CVE-2025-5158
Path traversal vulnerability in H3C SecCenter SMP-E1114P02 file downloadSoftware
MEDIUM
CVE-2025-5159
Vulnerability in H3C SecCenter SMP-E1114P02 allowing path traversal
MEDIUM
CVE-2025-5160
Path Traversal vulnerability discovered in H3C SecCenter SMP-E1114P02
HIGH
CVE-2025-5287
Unauthenticated SQL injection vulnerability in Likes and Dislikes Plugin plugin for WordPress
MEDIUM
CVE-2025-5295
Critical vulnerability in FreeFloat FTP Server 1.0.0
Medium
CVE-2025-5297
Stack-based buffer overflow in SourceCodester Computer Store 1.0
MEDIUM
CVE-2025-5298
SQL Injection vulnerability in Campcodes Online Hospital Management System 1.0.
MEDIUM
CVE-2025-5299
Vulnerability in SourceCodester Client Database Management System 1.0 allowing unrestricted file upload
MEDIUM
CVE-2025-5328
Path traversal vulnerability in chshcms mccms 2.7
MEDIUM
CVE-2025-5330
Critical vulnerability in FreeFloat FTP Server 1.0 leading to buffer overflow
MEDIUM
CVE-2025-5331
Buffer overflow vulnerability in PCMan FTP Server 2.0.7's NLST Command Handler
MEDIUM
CVE-2025-5332
SQL Injection in 1000 Projects Online Notice Board 1.0
HIGH
CVE-2025-5334
Unauthorized Access to Private Personal Information in Devolutions Remote Desktop Manager
MEDIUM
CVE-2025-5079
SQL injection vulnerability in Campcodes Online Shopping Portal 1.0
HIGH
CVE-2025-5080
Critical vulnerability found in Tenda FH451 1.0.0.9 leading to stack-based buffer overflow.
HIGH
CVE-2025-5081
Critical vulnerability in Campcodes Cybercafe Management System
MEDIUM
CVE-2025-5110
Buffer overflow vulnerability in FreeFloat FTP Server 1.0
MEDIUM
CVE-2025-5111
Critical vulnerability found in FreeFloat FTP Server 1.0 TYPE Command Handler component causing buffer overflow.
MEDIUM
CVE-2025-5112
Buffer overflow vulnerability in FreeFloat FTP Server 1.0
MEDIUM
CVE-2025-5114
Vulnerability in easysoft zentaopms 21.5_20250307
MEDIUM
CVE-2025-5119
Emlog Pro 2.5.11 SQL Injection Vulnerability
MEDIUM
CVE-2025-5133
Cross site scripting vulnerability in Tmall Demo Search Box
Medium
CVE-2025-5134
A vulnerability found in Tmall Demo leading to cross site scripting.
MEDIUM
CVE-2025-5135
Remote Cross Site Scripting vulnerability in Tmall Demo software
MEDIUM
CVE-2025-5136
Problematic vulnerability in Tmall Demo
MEDIUM
CVE-2025-5137
Critical vulnerability in DedeCMS 5.7.117 causing code injection
MEDIUM
CVE-2025-5056
SQL Injection in Campcodes Online Shopping Portal 1.0
MEDIUM
CVE-2025-5057
SQL Injection vulnerability in Campcodes Online Shopping Portal 1.0
MEDIUM
CVE-2025-5059
Unrestricted upload vulnerability in Campcodes Online Shopping Portal 1.0
MEDIUM
CVE-2025-5077
Critical vulnerability in Campcodes Online Shopping Portal 1.0 leading to sql injection
MEDIUM
CVE-2025-5078
SQL Injection Vulnerability in Campcodes Online Shopping Portal 1.0
MEDIUM
CVE-2025-5007
Vulnerability in Part-DB up to 1.17.0 leads to cross site scripting
MEDIUM
CVE-2025-5008
SQL Injection flaw in projectworlds Online Time Table Generator 1.0
MEDIUM
CVE-2025-5010
Cross Site Scripting vulnerability in moonlightL hexo-boot 4.3.0
MEDIUM
CVE-2025-5011
Problematic vulnerability in moonlightL hexo-boot 4.3.0 leading to cross site scripting.
MEDIUM
CVE-2025-5052
Buffer overflow vulnerability in FreeFloat FTP Server 1.0 LS Command Handler.
MEDIUM
CVE-2025-5053
Critical vulnerability in FreeFloat FTP Server 1.0 leading to buffer overflow
MEDIUM
CVE-2025-4901
Problematic vulnerability found in D-Link DI-7003GV2 24.04.18D1 R(68125)
Not specified
CVE-2025-4918
Out-of-bounds read or write vulnerability in JavaScript Promise object in Firefox.
Not provided
CVE-2025-4919
Vulnerability related to out-of-bounds read or write on a JavaScript object in Firefox.
MEDIUM
CVE-2025-4940
SQL Injection vulnerability in Daily College Class Work Report Book 1.0
MEDIUM
CVE-2025-4941
SQL Injection vulnerability in PHPGurukul Credit Card Application Management System 1.0
LOW
CVE-2025-4945
Integer overflow vulnerability in libsoup HTTP library's cookie parsing logic
HIGH
CVE-2025-4948
Denial of Service risk in the libsoup HTTP library
HIGH
CVE-2025-4971
Privilege escalation vulnerability in Broadcom Automic Automation Agent Unix
MEDIUM
CVE-2025-5006
SQL Injection Vulnerability in Campcodes Online Shopping Portal 1.0
MEDIUM
CVE-2025-47930
Zulip "Who can create public channels" access control mechanism flawed in version 10.0 - 10.2
MEDIUM
CVE-2025-48024
Authenticated user can access sensitive data via /api/v1/settings endpoint
MEDIUM
CVE-2025-48027
HttpAuth plugin in pGina.Fork allows authentication bypass
HIGH
CVE-2025-48050
Pathname under the current working directory is not ensured in DOMPurify before 6bc6d60
MEDIUM
CVE-2025-48051
XSS vulnerability in Lila (for Lichess)
HIGH
CVE-2025-48144
Cross-Site Request Forgery (CSRF) vulnerability in sidngr Import Export For WooCommerce
HIGH
CVE-2025-48146
Cross-Site Request Forgery (CSRF) vulnerability with Stored XSS effect in Michael Lups SEO Flow by LupsOnline
MEDIUM
CVE-2025-48174
Integer and buffer overflow in libavif before 1.3.0
MEDIUM
CVE-2025-48175
Integer overflow vulnerability in libavif before 1.3.0
LOW
CVE-2025-48188
Incorrect call leading to a heap-based buffer over-read in GNU PSPP
MEDIUM
Threat Advisory: CVE-2025-43717
In PEAR HTTP_Request2 before 2.7.0, multiple files in the tests directory, notably tests/_network/getparameters.php and tests/_network/postparameters.php, refle...
MEDIUM
Threat Advisory: CVE-2025-43903
NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries....
MEDIUM
CVE-2025-47814
Heap-based buffer overflow vulnerability in GNU PSPP through 2.0.1
MEDIUM
CVE-2025-47815
Heap-based buffer overflow in libpspp-core.a in GNU PSPP through 2.0.1
LOW
CVE-2025-47816
Out-of-Bounds Read in GNU PSPP
HIGH
CVE-2025-47817
BlueWave Checkmate versions prior to 2.0.2 allows profile edit request to include a role parameter.
MEDIUM
CVE-2025-47828
Lumi H5P-Nodejs-library before 9.3.3 omits a sanitizeHtml call for plain text strings.
MEDIUM
CVE-2025-47905
Varnish Cache allows client-side desync via HTTP/1 requests
Medium
Title of the Article
Brief description of the article
security
best-practices
nodejs