Corgea LogoCorgea Security Hub

Latest Security Threats

Stay informed about emerging security threats, vulnerabilities, and the latest CVEs

MEDIUM
CVE-2025-5390
Critical vulnerability found in JeeWMS leading to improper access controls
MEDIUM
CVE-2025-5409
Mist Community Edition up to 4.7.1 improper access controls vulnerability
MEDIUM
CVE-2025-5410
Cross-Site Request Forgery in Mist Community Edition
MEDIUM
CVE-2025-5411
Cross-site Scripting Vulnerability in Mist Community Edition
MEDIUM
CVE-2025-5412
Cross Site Scripting vulnerability in Mist Community Edition up to 4.7.1
MEDIUM
CVE-2025-5420
Cross-Site Scripting (XSS) vulnerability in juzaweb CMS
MEDIUM
CVE-2025-5332
SQL Injection in 1000 Projects Online Notice Board 1.0
HIGH
CVE-2025-5334
Unauthorized Access to Private Personal Information in Devolutions Remote Desktop Manager
Medium
CVE-2025-5386
SQL injection vulnerability in JeeWMS, Medium Severity
MEDIUM
CVE-2025-5387
Improper Access Control vulnerability in JeeWMS
MEDIUM
CVE-2025-5388
Critical SQL injection vulnerability found in JeeWMS
MEDIUM
CVE-2025-5389
Improper access controls in JeeWMS.
HIGH
CVE-2025-5287
Unauthenticated SQL injection vulnerability in Likes and Dislikes Plugin plugin for WordPress
MEDIUM
CVE-2025-5295
Critical vulnerability in FreeFloat FTP Server 1.0.0
Medium
CVE-2025-5297
Stack-based buffer overflow in SourceCodester Computer Store 1.0
MEDIUM
CVE-2025-5298
SQL Injection vulnerability in Campcodes Online Hospital Management System 1.0.
MEDIUM
CVE-2025-5299
Vulnerability in SourceCodester Client Database Management System 1.0 allowing unrestricted file upload
MEDIUM
CVE-2025-5328
Path traversal vulnerability in chshcms mccms 2.7
MEDIUM
CVE-2025-5330
Critical vulnerability in FreeFloat FTP Server 1.0 leading to buffer overflow
MEDIUM
CVE-2025-5331
Buffer overflow vulnerability in PCMan FTP Server 2.0.7's NLST Command Handler
MEDIUM
CVE-2025-5110
Buffer overflow vulnerability in FreeFloat FTP Server 1.0
MEDIUM
CVE-2025-5111
Critical vulnerability found in FreeFloat FTP Server 1.0 TYPE Command Handler component causing buffer overflow.
MEDIUM
CVE-2025-5112
Buffer overflow vulnerability in FreeFloat FTP Server 1.0
MEDIUM
CVE-2025-5114
Vulnerability in easysoft zentaopms 21.5_20250307
MEDIUM
CVE-2025-5119
Emlog Pro 2.5.11 SQL Injection Vulnerability
MEDIUM
CVE-2025-5133
Cross site scripting vulnerability in Tmall Demo Search Box
Medium
CVE-2025-5134
A vulnerability found in Tmall Demo leading to cross site scripting.
MEDIUM
CVE-2025-5135
Remote Cross Site Scripting vulnerability in Tmall Demo software
MEDIUM
CVE-2025-5136
Problematic vulnerability in Tmall Demo
MEDIUM
CVE-2025-5137
Critical vulnerability in DedeCMS 5.7.117 causing code injection
HIGH
CVE-2025-5156
Buffer overflow vulnerability found in H3C GR-5400AX in the EditWlanMacList function
MEDIUM
CVE-2025-5157
Critical vulnerability in H3C SecCenter SMP-E1114P02 up to 20250513 causing path traversal.
MEDIUM
CVE-2025-5158
Path traversal vulnerability in H3C SecCenter SMP-E1114P02 file downloadSoftware
MEDIUM
CVE-2025-5159
Vulnerability in H3C SecCenter SMP-E1114P02 allowing path traversal
MEDIUM
CVE-2025-5160
Path Traversal vulnerability discovered in H3C SecCenter SMP-E1114P02
MEDIUM
CVE-2025-5056
SQL Injection in Campcodes Online Shopping Portal 1.0
MEDIUM
CVE-2025-5057
SQL Injection vulnerability in Campcodes Online Shopping Portal 1.0
MEDIUM
CVE-2025-5059
Unrestricted upload vulnerability in Campcodes Online Shopping Portal 1.0
MEDIUM
CVE-2025-5077
Critical vulnerability in Campcodes Online Shopping Portal 1.0 leading to sql injection
MEDIUM
CVE-2025-5078
SQL Injection Vulnerability in Campcodes Online Shopping Portal 1.0
MEDIUM
CVE-2025-5079
SQL injection vulnerability in Campcodes Online Shopping Portal 1.0
HIGH
CVE-2025-5080
Critical vulnerability found in Tenda FH451 1.0.0.9 leading to stack-based buffer overflow.
HIGH
CVE-2025-5081
Critical vulnerability in Campcodes Cybercafe Management System
MEDIUM
CVE-2025-5010
Cross Site Scripting vulnerability in moonlightL hexo-boot 4.3.0
MEDIUM
CVE-2025-5011
Problematic vulnerability in moonlightL hexo-boot 4.3.0 leading to cross site scripting.
MEDIUM
CVE-2025-5052
Buffer overflow vulnerability in FreeFloat FTP Server 1.0 LS Command Handler.
MEDIUM
CVE-2025-5053
Critical vulnerability in FreeFloat FTP Server 1.0 leading to buffer overflow
Not provided
CVE-2025-4919
Vulnerability related to out-of-bounds read or write on a JavaScript object in Firefox.
MEDIUM
CVE-2025-4940
SQL Injection vulnerability in Daily College Class Work Report Book 1.0
MEDIUM
CVE-2025-4941
SQL Injection vulnerability in PHPGurukul Credit Card Application Management System 1.0
LOW
CVE-2025-4945
Integer overflow vulnerability in libsoup HTTP library's cookie parsing logic
HIGH
CVE-2025-4948
Denial of Service risk in the libsoup HTTP library
HIGH
CVE-2025-4971
Privilege escalation vulnerability in Broadcom Automic Automation Agent Unix
MEDIUM
CVE-2025-5006
SQL Injection Vulnerability in Campcodes Online Shopping Portal 1.0
MEDIUM
CVE-2025-5007
Vulnerability in Part-DB up to 1.17.0 leads to cross site scripting
MEDIUM
CVE-2025-5008
SQL Injection flaw in projectworlds Online Time Table Generator 1.0
LOW
CVE-2025-48188
Incorrect call leading to a heap-based buffer over-read in GNU PSPP
MEDIUM
CVE-2025-4901
Problematic vulnerability found in D-Link DI-7003GV2 24.04.18D1 R(68125)
Not specified
CVE-2025-4918
Out-of-bounds read or write vulnerability in JavaScript Promise object in Firefox.
HIGH
CVE-2025-48050
Pathname under the current working directory is not ensured in DOMPurify before 6bc6d60
MEDIUM
CVE-2025-48051
XSS vulnerability in Lila (for Lichess)
HIGH
CVE-2025-48144
Cross-Site Request Forgery (CSRF) vulnerability in sidngr Import Export For WooCommerce
HIGH
CVE-2025-48146
Cross-Site Request Forgery (CSRF) vulnerability with Stored XSS effect in Michael Lups SEO Flow by LupsOnline
MEDIUM
CVE-2025-48174
Integer and buffer overflow in libavif before 1.3.0
MEDIUM
CVE-2025-48175
Integer overflow vulnerability in libavif before 1.3.0
MEDIUM
CVE-2025-47814
Heap-based buffer overflow vulnerability in GNU PSPP through 2.0.1
MEDIUM
CVE-2025-47815
Heap-based buffer overflow in libpspp-core.a in GNU PSPP through 2.0.1
LOW
CVE-2025-47816
Out-of-Bounds Read in GNU PSPP
HIGH
CVE-2025-47817
BlueWave Checkmate versions prior to 2.0.2 allows profile edit request to include a role parameter.
MEDIUM
CVE-2025-47828
Lumi H5P-Nodejs-library before 9.3.3 omits a sanitizeHtml call for plain text strings.
MEDIUM
CVE-2025-47905
Varnish Cache allows client-side desync via HTTP/1 requests
MEDIUM
CVE-2025-47930
Zulip "Who can create public channels" access control mechanism flawed in version 10.0 - 10.2
MEDIUM
CVE-2025-48024
Authenticated user can access sensitive data via /api/v1/settings endpoint
MEDIUM
CVE-2025-48027
HttpAuth plugin in pGina.Fork allows authentication bypass
MEDIUM
Threat Advisory: CVE-2025-43717
In PEAR HTTP_Request2 before 2.7.0, multiple files in the tests directory, notably tests/_network/getparameters.php and tests/_network/postparameters.php, refle...
MEDIUM
Threat Advisory: CVE-2025-43903
NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries....
Medium
Title of the Article
Brief description of the article
security
best-practices
nodejs