Latest CVE Feed
-
6.2
MEDIUMCVE-2025-58301
Buffer overflow vulnerability in the device management module. Successful exploitation of this vulnerability may affect availability.... Read more
Affected Products : harmonyos- Published: Oct. 11, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Memory Corruption
-
6.2
MEDIUMCVE-2025-54654
Permission control vulnerability in the Gallery module. Successful exploitation of this vulnerability may affect service confidentiality... Read more
Affected Products : harmonyos- Published: Oct. 11, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Authorization
-
6.2
MEDIUMCVE-2025-54764
Mbed TLS before 3.6.5 allows a local timing attack against certain RSA operations, and direct calls to mbedtls_mpi_mod_inv or mbedtls_mpi_gcd.... Read more
Affected Products :- Published: Oct. 20, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Information Disclosure
-
6.2
MEDIUMCVE-2025-58300
Buffer overflow vulnerability in the device management module. Successful exploitation of this vulnerability may affect availability.... Read more
Affected Products : harmonyos- Published: Oct. 11, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Memory Corruption
-
6.2
MEDIUMCVE-2025-62364
text-generation-webui is an open-source web interface for running Large Language Models. In versions through 3.13, a Local File Inclusion vulnerability exists in the character picture upload feature. An attacker can upload a text file containing a symboli... Read more
Affected Products :- Published: Oct. 13, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Path Traversal
-
6.2
MEDIUMCVE-2025-35032
Medical Informatics Engineering Enterprise Health allows authenticated users to upload arbitrary files. The impact of this behavior depends on how files are accessed. This issue is fixed as of 2025-04-08.... Read more
Affected Products :- Published: Sep. 29, 2025
- Modified: Oct. 02, 2025
- Vuln Type: Misconfiguration
-
6.2
MEDIUMCVE-2025-11371
In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild. ... Read more
Affected Products :- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Path Traversal
-
6.2
MEDIUMCVE-2025-21059
Improper authorization in Samsung Health prior to version 6.30.5.105 allows local attackers to access data in Samsung Health.... Read more
Affected Products : health- Published: Oct. 10, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Authorization
-
6.2
MEDIUMCVE-2025-59149
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In version 8.0.0, rules using keyword ldap.responses.attribute_type (which is long) with transforms can lead to a stack ... Read more
Affected Products : suricata- Published: Oct. 01, 2025
- Modified: Oct. 06, 2025
- Vuln Type: Memory Corruption
-
6.2
MEDIUMCVE-2023-50300
IBM Transformation Extender Advanced 10.0.1 could allow a local user to perform unauthorized actions due to improper access controls.... Read more
Affected Products : transformation_extender_advanced- Published: Oct. 01, 2025
- Modified: Oct. 03, 2025
- Vuln Type: Authorization
-
6.2
MEDIUMCVE-2025-59406
The Flock Safety Pisco com.flocksafety.android.pisco application 6.21.11 for Android (installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices) has a cleartext Auth0 client secret in its codebase. Because application binarie... Read more
Affected Products :- Published: Oct. 02, 2025
- Modified: Oct. 02, 2025
- Vuln Type: Authentication
-
6.1
MEDIUMCVE-2025-59825
astral-tokio-tar is a tar archive reading/writing library for async Rust. In versions 0.5.3 and earlier of astral-tokio-tar, tar archives may extract outside of their intended destination directory when using the Entry::unpack_in_raw API. Additionally, th... Read more
Affected Products :- Published: Sep. 23, 2025
- Modified: Sep. 24, 2025
- Vuln Type: Path Traversal
-
6.1
MEDIUMCVE-2025-59995
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Quick Template page that, when visited by another user, enables the attac... Read more
Affected Products : junos_space- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-59999
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the API Access Profiles page that, when visited by another user, enables the ... Read more
Affected Products : junos_space- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-27036
Information disclosure when Video engine escape input data is less than expected minimum size.... Read more
- Published: Sep. 24, 2025
- Modified: Sep. 25, 2025
- Vuln Type: Information Disclosure
-
6.1
MEDIUMCVE-2025-61532
Cross Site Scripting vulnerability in SVX Portal v.2.7A to execute arbitrary code via the TG parameter on last_heard_page.php component... Read more
Affected Products :- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-57878
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.... Read more
Affected Products : portal_for_arcgis- Published: Sep. 29, 2025
- Modified: Oct. 17, 2025
- Vuln Type: Information Disclosure
-
6.1
MEDIUMCVE-2025-59768
Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identif... Read more
Affected Products : e-tms- Published: Oct. 02, 2025
- Modified: Oct. 02, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-9512
The Schema & Structured Data for WP & AMP WordPress plugin before 1.50 does not properly handles HTML tag attribute modifications, making it possible for unauthenticated attackers to conduct Stored XSS attacks via post comments.... Read more
Affected Products :- Published: Oct. 01, 2025
- Modified: Oct. 02, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-59763
Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identif... Read more
Affected Products : e-tms- Published: Oct. 02, 2025
- Modified: Oct. 02, 2025
- Vuln Type: Cross-Site Scripting