Latest CVE Feed
-
6.5
MEDIUMCVE-2025-43457
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected Safari crash.... Read more
- Published: Nov. 04, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2025-43412
A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to break out of its sandbox.... Read more
Affected Products : macos- Published: Nov. 04, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2025-35021
By failing to authenticate three times to an unconfigured Abilis CPX device via SSH, an attacker can login to a restricted shell on the fourth attempt, and from there, relay connections.... Read more
Affected Products :- Published: Nov. 04, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Authentication
-
6.5
MEDIUMCVE-2025-56426
An issue WebKul Bagisto v.2.3.6 allows a remote attacker to execute arbitrary code via the Cart/Checkout API endpoint, specifically, the price calculation logic fails to validate quantity inputs properly.... Read more
Affected Products : bagisto- Published: Oct. 09, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-11635
A weakness has been identified in Tomofun Furbo 360 up to FB0035_FW_036. This vulnerability affects unknown code of the component File Upload. This manipulation causes resource consumption. Remote exploitation of the attack is possible. The vendor was con... Read more
- Published: Oct. 12, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2025-12329
A security flaw has been discovered in shawon100 RUET OJ up to 18fa45b0a669fa1098a0b8fc629cf6856369d9a5. The affected element is an unknown function of the file /details.php. Performing manipulation of the argument ID results in sql injection. Remote expl... Read more
Affected Products : ruet_oj- Published: Oct. 27, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-36092
IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause a denial of service due to the improper validation of input length.... Read more
Affected Products : cloud_pak_for_business_automation- Published: Nov. 03, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2025-64318
Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Manipulating Writeable Configuration Files.This issue affects Mulesoft Anypoint Code Builder: before 1.11.6.... Read more
Affected Products : mulesoft_anypoint_code_builder- Published: Nov. 04, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-64204
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeSphere SmartMag smart-mag allows Stored XSS.This issue affects SmartMag: from n/a through <= 10.3.1.... Read more
Affected Products : smartmag- Published: Oct. 29, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-63563
Summer Pearl Group Vacation Rental Management Platform prior to v1.0.2 does not properly invalidate active user sessions after a password change. This allows an attacker with a valid session token to maintain access to the account even after the legitimat... Read more
Affected Products :- Published: Oct. 31, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Authentication
-
6.5
MEDIUMCVE-2025-54335
An issue was discovered in the GPU driver in Samsung Mobile Processor Exynos 1480, 2400, 1580, 2500. There is a use-after-free in the Xclipse GPU Driver.... Read more
Affected Products :- Published: Nov. 04, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2025-52910
An issue was discovered in the GPU in Samsung Mobile Processor and Wearable Processor Exynos 1280, 2200, 1330, 1380, 1480, 2400. A Use-After-Free leads to privilege escalation.... Read more
Affected Products :- Published: Nov. 04, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2025-11638
A flaw has been found in Tomofun Furbo 360 and Furbo Mini. The affected element is an unknown function of the component Bluetooth Handler. Executing manipulation can lead to denial of service. The attacker needs to be present on the local network. The fir... Read more
Affected Products : furbo_mini_firmware furbo_mini furbo_360_dog_camera_firmware furbo_360_dog_camera- Published: Oct. 12, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2025-61430
Improper handling of DNS over TCP in Simple DNS Plus v9 allows a remote attacker with querying access to the DNS server to cause the server to return request payloads from other clients. This happens when the TCP length prefix is malformed (len differs fr... Read more
Affected Products :- Published: Oct. 24, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2025-62019
Missing Authorization vulnerability in WPZOOM Recipe Card Blocks for Gutenberg & Elementor recipe-card-blocks-by-wpzoom.This issue affects Recipe Card Blocks for Gutenberg & Elementor: from n/a through <= 3.4.8.... Read more
Affected Products : recipe_card_blocks_for_gutenberg_\&_elementor- Published: Oct. 22, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-11758
The All in One Time Clock Lite plugin for WordPress is vulnerable to unauthorized access due to a missing authorization check in all versions up to, and including, 2.0.3. This is due to the plugin exposing admin-level AJAX actions to unauthenticated user... Read more
Affected Products :- Published: Nov. 04, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-63293
FairSketch Rise Ultimate Project Manager & CRM 3.9.4 is vulnerable to Insecure Permissions. A remote authenticated user can append comments or upload attachments to tickets for which they lack view or edit authorization, due to missing authorization check... Read more
Affected Products :- Published: Nov. 03, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-43440
This issue was addressed with improved checks This issue is fixed in Safari 26.1, visionOS 26.1, watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.... Read more
- Published: Nov. 04, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2025-62949
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BuddyDev Activity Plus Reloaded for BuddyPress bp-activity-plus-reloaded allows Stored XSS.This issue affects Activity Plus Reloaded for BuddyPress: from... Read more
Affected Products : activity_plus_reloaded_for_buddypress- Published: Oct. 27, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-64202
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TieLabs Sahifa sahifa allows DOM-Based XSS.This issue affects Sahifa: from n/a through < 5.8.6.... Read more
Affected Products :- Published: Oct. 29, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Cross-Site Scripting