Latest CVE Feed
-
9.3
CRITICALCVE-2025-10351
SQL injection vulnerability based on the melis-cms module of the Melis platform from Melis Technology. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'idPage' parameter in the '/melis/MelisCms/PageEditi... Read more
Affected Products : meliscms- Published: Oct. 08, 2025
- Modified: Oct. 08, 2025
- Vuln Type: Injection
-
4.8
MEDIUMCVE-2025-43821
Cross-site scripting (XSS) vulnerability in the Commerce Product Comparison Table widget in Liferay Portal 7.4.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote attack... Read more
- Published: Oct. 08, 2025
- Modified: Oct. 08, 2025
- Vuln Type: Cross-Site Scripting
-
7.5
HIGHCVE-2025-11488
A weakness has been identified in D-Link DIR-852 up to 20251002. This affects an unknown part of the file /HNAP1/. Executing manipulation can lead to command injection. The attack may be launched remotely. The exploit has been made available to the public... Read more
Affected Products : dir-852_firmware- Published: Oct. 08, 2025
- Modified: Oct. 08, 2025
- Vuln Type: Injection
-
7.4
HIGHCVE-2025-9970
Cleartext Storage of Sensitive Information in Memory vulnerability in ABB MConfig.This issue affects MConfig: through 1.4.9.21.... Read more
Affected Products :- Published: Oct. 08, 2025
- Modified: Oct. 08, 2025
- Vuln Type: Information Disclosure