Latest CVE Feed
-
6.0
MEDIUMCVE-2025-12743
The Looker endpoint for generating new projects from database connections allows users to specify "looker" as a connection name, which is a reserved internal name for Looker's internal MySQL database. The schemas parameter is vulnerable to SQL injection, ... Read more
Affected Products :- Published: Nov. 19, 2025
- Modified: Nov. 19, 2025
- Vuln Type: Injection
-
6.9
MEDIUMCVE-2025-34336
eGovFramework/egovframe-common-components versions up to and including 4.3.1 contain an unauthenticated file upload vulnerability via the /utl/wed/insertImage.do and /utl/wed/insertImageCk.do image upload endpoints. These controllers accept multipart requ... Read more
Affected Products :- Published: Nov. 19, 2025
- Modified: Nov. 19, 2025
- Vuln Type: Misconfiguration
-
8.6
HIGHCVE-2025-10703
Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. The SpyAttribute connection option... Read more
Affected Products :- Published: Nov. 19, 2025
- Modified: Nov. 19, 2025
- Vuln Type: Injection
-
10.0
CRITICALCVE-2025-63224
The Itel DAB Encoder (IDEnc build 25aec8d) is vulnerable to Authentication Bypass due to improper JWT validation across devices. Attackers can reuse a valid JWT token obtained from one device to authenticate and gain administrative access to any other dev... Read more
Affected Products :- Published: Nov. 19, 2025
- Modified: Nov. 19, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-63218
The Axel Technology WOLF1MS and WOLF2MS devices (firmware versions 0.8.5 to 1.0.3) are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create... Read more
Affected Products :- Published: Nov. 19, 2025
- Modified: Nov. 19, 2025
- Vuln Type: Authentication