Latest CVE Feed
-
5.5
MEDIUMCVE-2025-11941
A vulnerability was detected in e107 CMS up to 2.3.3. This impacts an unknown function of the file /e107_admin/image.php?mode=main&action=avatar of the component Avatar Handler. Performing manipulation of the argument multiaction[] results in path travers... Read more
Affected Products :- Published: Oct. 19, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Path Traversal
-
5.5
MEDIUMCVE-2025-12206
A flaw has been found in Kamailio 5.5. The impacted element is the function rve_is_constant of the file src/core/rvalue.c. This manipulation causes null pointer dereference. The attack needs to be launched locally. The exploit has been published and may b... Read more
Affected Products : kamailio- Published: Oct. 27, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2025-54269
Animate versions 23.0.13, 24.0.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this is... Read more
- Published: Oct. 15, 2025
- Modified: Oct. 17, 2025
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2025-55676
Generation of error message containing sensitive information in Windows USB Video Driver allows an authorized attacker to disclose information locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 24, 2025
-
5.5
MEDIUMCVE-2025-59203
Insertion of sensitive information into log file in Windows StateRepository API allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +6 more products- Published: Oct. 14, 2025
- Modified: Oct. 17, 2025
-
5.5
MEDIUMCVE-2025-62421
DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a stored cross-site scripting vulnerability exists due to improper file upload validation and authentication bypass. The StaticResourceApi interface defines a r... Read more
Affected Products : dataease- Published: Oct. 17, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Cross-Site Scripting
-
5.5
MEDIUMCVE-2025-55699
Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +6 more products- Published: Oct. 14, 2025
- Modified: Oct. 31, 2025
-
5.5
MEDIUMCVE-2025-11840
A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing manipulation can lead to out-of-bounds read. The attack can only be executed locally. The exploit has been made available to t... Read more
Affected Products : binutils- Published: Oct. 16, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2025-55695
Out-of-bounds read in Windows WLAN Auto Config Service allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +11 more products- Published: Oct. 14, 2025
- Modified: Oct. 30, 2025
-
5.5
MEDIUMCVE-2025-59197
Insertion of sensitive information into log file in Windows ETL Channel allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +6 more products- Published: Oct. 14, 2025
- Modified: Oct. 30, 2025
-
5.5
MEDIUMCVE-2025-43377
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. An app may be able to cause a denial-of-service.... Read more
- Published: Nov. 04, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2025-20722
In gnss driver, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: A... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 15, 2025
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2025-58292
Denial of service (DoS) vulnerability in the office service. Successful exploitation of this vulnerability may affect availability.... Read more
Affected Products : harmonyos- Published: Oct. 11, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2025-61155
Hotta Studio GameDriverX64.sys 7.23.4.7, a signed kernel-mode anti-cheat driver, allows local attackers to cause a denial of service by crashing arbitrary processes via sending crafted IOCTL requests.... Read more
Affected Products :- Published: Oct. 28, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2025-43498
An authorization issue was addressed with improved state management. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, visionOS 26.1. An app may be able to access sensitive user data.... Read more
- Published: Nov. 04, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Authorization
-
5.5
MEDIUMCVE-2025-59188
Exposure of sensitive information to an unauthorized actor in Windows Failover Cluster allows an authorized attacker to disclose information locally.... Read more
- Published: Oct. 14, 2025
- Modified: Nov. 05, 2025
-
5.5
MEDIUMCVE-2025-10986
Path traversal in the admin panel of Ivanti EPMM before version 12.6.0.2, 12.5.0.4, and 12.4.0.4 allows a remote authenticated attacker with admin privileges to write data in unintended locations on disk.... Read more
Affected Products : endpoint_manager_mobile- Published: Oct. 14, 2025
- Modified: Oct. 15, 2025
- Vuln Type: Path Traversal
-
5.5
MEDIUMCVE-2025-59209
Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +8 more products- Published: Oct. 14, 2025
- Modified: Oct. 17, 2025
-
5.5
MEDIUMCVE-2025-58293
Vulnerability of improper exception handling in the print module. Successful exploitation of this vulnerability may affect availability.... Read more
Affected Products : harmonyos- Published: Oct. 11, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2025-59260
Exposure of sensitive information to an unauthorized actor in Microsoft Failover Cluster Virtual Driver allows an authorized attacker to disclose information locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 20, 2025