Latest CVE Feed
-
5.5
MEDIUMCVE-2025-12207
A vulnerability has been found in Kamailio 5.5. This affects the function yyerror_at of the file src/core/cfg.y of the component Grammar Rule Handler. Such manipulation leads to null pointer dereference. The attack needs to be performed locally. The explo... Read more
Affected Products : kamailio- Published: Oct. 27, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2025-23300
NVIDIA Display Driver for Linux contains a vulnerability in the kernel driver, where a user could cause a null pointer dereference by allocating a specific memory resource. A successful exploit of this vulnerability might lead to denial of service.... Read more
- Published: Oct. 23, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2025-43382
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to access sensitive user data.... Read more
Affected Products : macos- Published: Nov. 04, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Path Traversal
-
5.5
MEDIUMCVE-2025-13187
A security vulnerability has been detected in Intelbras ICIP 2.0.20. Affected is an unknown function of the file /xml/sistema/acessodeusuario.xml. Such manipulation of the argument NomeUsuario/SenhaAcess leads to unprotected storage of credentials. The at... Read more
Affected Products :- Published: Nov. 14, 2025
- Modified: Nov. 17, 2025
- Vuln Type: Authentication
-
5.5
MEDIUMCVE-2025-11941
A vulnerability was detected in e107 CMS up to 2.3.3. This impacts an unknown function of the file /e107_admin/image.php?mode=main&action=avatar of the component Avatar Handler. Performing manipulation of the argument multiaction[] results in path travers... Read more
Affected Products :- Published: Oct. 19, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Path Traversal
-
5.5
MEDIUMCVE-2025-62209
Insertion of sensitive information into log file in Windows License Manager allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +5 more products- Published: Nov. 11, 2025
- Modified: Nov. 17, 2025
-
5.5
MEDIUMCVE-2025-13266
A security vulnerability has been detected in wwwlike vlife up to 2.0.1. This issue affects the function create of the file vlife-base/src/main/java/cn/wwwlike/sys/api/SysFileApi.java of the component VLifeApi. Such manipulation of the argument fileName l... Read more
Affected Products :- Published: Nov. 17, 2025
- Modified: Nov. 17, 2025
- Vuln Type: Path Traversal
-
5.5
MEDIUMCVE-2025-46370
Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contain a Process Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information Disclosure.... Read more
Affected Products : alienware_command_center- Published: Nov. 13, 2025
- Modified: Nov. 17, 2025
- Vuln Type: Information Disclosure
-
5.5
MEDIUMCVE-2022-4981
A vulnerability was detected in DCMTK up to 3.6.7. The impacted element is the function DcmQueryRetrieveConfig::readPeerList of the file /dcmqrcnf.cc of the component dcmqrscp. The manipulation results in null pointer dereference. The attack needs to be a... Read more
Affected Products : dcmtk- Published: Oct. 21, 2025
- Modified: Oct. 31, 2025
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2025-13261
A vulnerability was found in lsfusion platform up to 6.1. Affected is the function DownloadFileRequestHandler of the file web-client/src/main/java/lsfusion/http/controller/file/DownloadFileRequestHandler.java. Performing manipulation of the argument Versi... Read more
Affected Products :- Published: Nov. 17, 2025
- Modified: Nov. 17, 2025
- Vuln Type: Path Traversal
-
5.5
MEDIUMCVE-2020-36855
A security vulnerability has been detected in DCMTK up to 3.6.5. The affected element is the function parseQuota of the component dcmqrscp. The manipulation of the argument StorageQuota leads to stack-based buffer overflow. Local access is required to app... Read more
Affected Products : dcmtk- Published: Oct. 21, 2025
- Modified: Oct. 31, 2025
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2025-53053
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access ... Read more
Affected Products : mysql_server- Published: Oct. 21, 2025
- Modified: Oct. 23, 2025
-
5.5
MEDIUMCVE-2025-43377
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. An app may be able to cause a denial-of-service.... Read more
- Published: Nov. 04, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2025-12439
Inappropriate implementation in App-Bound Encryption in Google Chrome on Windows prior to 142.0.7444.59 allowed a local attacker to obtain potentially sensitive information from process memory via a malicious file. (Chromium security severity: Medium)... Read more
- Published: Nov. 10, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Information Disclosure
-
5.5
MEDIUMCVE-2025-13117
A security vulnerability has been detected in macrozheng mall-swarm and mall up to 1.0.3. Affected by this vulnerability is the function cancelOrder of the file /order/cancelOrder. The manipulation of the argument orderId leads to improper authorization. ... Read more
Affected Products : mall- Published: Nov. 13, 2025
- Modified: Nov. 15, 2025
- Vuln Type: Authorization
-
5.5
MEDIUMCVE-2025-59510
Improper link resolution before file access ('link following') in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to deny service locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 +5 more products- Published: Nov. 11, 2025
- Modified: Nov. 17, 2025
-
5.5
MEDIUMCVE-2025-23330
NVIDIA Display Driver for Linux contains a vulnerability where an attacker might be able to trigger a null pointer dereference. A successful exploit of this vulnerability might lead to denial of service.... Read more
- Published: Oct. 23, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2025-53061
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows high privileged attacker with net... Read more
Affected Products : peoplesoft_enterprise_peopletools- Published: Oct. 21, 2025
- Modified: Oct. 28, 2025
-
5.5
MEDIUMCVE-2025-59513
Out-of-bounds read in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2008 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 +6 more products- Published: Nov. 11, 2025
- Modified: Nov. 17, 2025
-
5.5
MEDIUMCVE-2025-43498
An authorization issue was addressed with improved state management. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, visionOS 26.1. An app may be able to access sensitive user data.... Read more
- Published: Nov. 04, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Authorization