Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7 CVE-2025-51281

CVE-2025-51281_CVE-2025-51281

D-Link DI-8100 16.07.26A1 is vulnerable to Buffer Overflow via the en`, `val and id parameters in the qj_asp function. This vulnerability allows au...

n/a n/a n/a CVE
HIGH 8.5 CVE-2025-56216

CVE-2025-56216_CVE-2025-56216

phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in about-us.php via the pagetitle parameter.

n/a n/a n/a CVE
HIGH 8.8 CVE-2025-55409

CVE-2025-55409_CVE-2025-55409

FoxCMS 1.2.6, there is a Cross Site Scripting vulnerability in /index.php/article. This allows attackers to execute arbitrary code.

n/a n/a n/a CVE
HIGH 7.2 CVE-2025-29523

CVE-2025-29523_CVE-2025-29523

D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the ping6 function.

n/a n/a n/a CVE
HIGH 7.5 CVE-2025-53119

Securden Unified PAM Unauthenticated Unrestricted File Upload_CVE-2025-53119

An unauthenticated unrestricted file upload vulnerability allows an attacker to upload malicious binaries and scripts to the server.

Securden Unified PAM 9.0.* CVE
HIGH 7.2 CVE-2025-6737

Securden Unified PAM Shared SSH Key and Cloud Infrastructure_CVE-2025-6737

Securden’s Unified PAM Remote Vendor Gateway access portal shares infrastructure and access tokens across multiple tenants. A malicious actor can o...

Securden Unified PAM 9.0.* CVE
HIGH 8.8 CVE-2025-57760

Langflow Vulnerable to Privilege Escalation via CLI Superuser Creation_CVE-2025-57760

Langflow is a tool for building and deploying AI-powered agents and workflows. A privilege escalation vulnerability exists in Langflow containers w...

langflow-ai langflow <= 1.5.0 CVE
HIGH 8.2 CVE-2025-57773

Dataease DB2 Aspectweaver Deserialization Arbitrary File Write Vulnerability_CVE-2025-57773

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.12, because DB2 parameters are not filtered, a ...

dataease dataease < 2.10.12 CVE
HIGH 8.2 CVE-2025-57772

Dataease H2 JDBC RCE Bypass_CVE-2025-57772

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.12, there is a H2 JDBC RCE bypass in DataEase. ...

dataease dataease < 2.10.12 CVE
HIGH 8.7 CVE-2025-57802

Airlink’s Daemon Symlink Vulnerability_CVE-2025-57802

Airlink's Daemon interfaces with Docker and the Panel to provide secure access for controlling instances via the Panel. In version 1.0.0, an attack...

airlinklabs daemon = 1.0.0 CVE