Latest CVE Feed
-
5.5
MEDIUMCVE-2025-20722
In gnss driver, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: A... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 15, 2025
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2025-35981
Exposure of Private Personal Information to an Unauthorized Actor (CWE-359) in the Command Centre Server allows a privileged Operator to view limited personal data about a Cardholder they would not normally have permissions to view. This issue affects C... Read more
Affected Products :- Published: Oct. 23, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Authorization
-
5.5
MEDIUMCVE-2025-54269
Animate versions 23.0.13, 24.0.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this is... Read more
- Published: Oct. 15, 2025
- Modified: Oct. 17, 2025
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2025-20724
In wlan AP driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418894; Is... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Information Disclosure
-
5.5
MEDIUMCVE-2025-59203
Insertion of sensitive information into log file in Windows StateRepository API allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +6 more products- Published: Oct. 14, 2025
- Modified: Oct. 17, 2025
-
5.5
MEDIUMCVE-2025-59253
Improper access control in Microsoft Windows Search Component allows an authorized attacker to deny service locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +7 more products- Published: Oct. 14, 2025
- Modified: Oct. 17, 2025
-
5.5
MEDIUMCVE-2025-10874
The Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More WordPress plugin before 3.0.2 does not limit URLs which may be used for the stock photo import feature, allowing the user to specify arbitrary URLs. This leads to a... Read more
Affected Products :- Published: Oct. 24, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Server-Side Request Forgery
-
5.5
MEDIUMCVE-2025-62421
DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a stored cross-site scripting vulnerability exists due to improper file upload validation and authentication bypass. The StaticResourceApi interface defines a r... Read more
Affected Products : dataease- Published: Oct. 17, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Cross-Site Scripting
-
5.5
MEDIUMCVE-2025-12245
A vulnerability was identified in chatwoot up to 4.7.0. This vulnerability affects the function initPostMessageCommunication of the file app/javascript/sdk/IFrameHelper.js of the component Widget. The manipulation of the argument baseUrl leads to origin v... Read more
Affected Products : chatwoot- Published: Oct. 27, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Misconfiguration
-
5.5
MEDIUMCVE-2025-59211
Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +8 more products- Published: Oct. 14, 2025
- Modified: Oct. 17, 2025
-
5.5
MEDIUMCVE-2025-8884
Authorization Bypass Through User-Controlled Key vulnerability in VHS Electronic Software Ltd. Co. ACE Center allows Privilege Abuse, Exploitation of Trusted Identifiers.This issue affects ACE Center: from 3.10.100.1768 before 3.10.161.2255.... Read more
Affected Products :- Published: Oct. 20, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Authorization
-
5.5
MEDIUMCVE-2025-48430
Uncaught Exception (CWE-248) in the Command Centre Server allows an Authorized and Privileged Operator to crash the Command Centre Server at will. This issue affects Command Centre Server: 9.30 prior to vEL9.30.2482 (MR2), 9.20 prior to vEL9.20.2819 (M... Read more
Affected Products :- Published: Oct. 23, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2025-61554
A divide-by-zero in VirtIO network device emulation in BitVisor from commit 108df6 (2020-05-20) to commit 480907 (2025-07-06) allows local attackers to cause a denial of service (host hypervisor crash) via a crafted PCI configuration space access.... Read more
Affected Products :- Published: Oct. 16, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2025-11941
A vulnerability was detected in e107 CMS up to 2.3.3. This impacts an unknown function of the file /e107_admin/image.php?mode=main&action=avatar of the component Avatar Handler. Performing manipulation of the argument multiaction[] results in path travers... Read more
Affected Products :- Published: Oct. 19, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Path Traversal
-
5.5
MEDIUMCVE-2025-11839
A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tg_tag_type of the file prdbg.c. Performing manipulation results in unchecked return value. The attack needs to be approached locally. The exploit has been released to the ... Read more
Affected Products : binutils- Published: Oct. 16, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2025-33177
NVIDIA Jetson Linux and IGX OS contain a vulnerability in NvMap, where improper tracking of memory allocations could allow a local attacker to cause memory overallocation. A successful exploitation of this vulnerability might lead to denial of service.... Read more
Affected Products :- Published: Oct. 14, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2025-43397
A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to cause a denial-of-service.... Read more
Affected Products : macos- Published: Nov. 04, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Denial of Service
-
5.5
MEDIUMCVE-2025-42888
SAP GUI for Windows may allow a highly privileged user on the affected client PC to locally access sensitive information stored in process memory during runtime.This vulnerability has a high impact on confidentiality, with no impact on integrity and avail... Read more
Affected Products : gui_for_windows- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Information Disclosure
-
5.5
MEDIUMCVE-2025-59184
Exposure of sensitive information to an unauthorized actor in Windows High Availability Services allows an authorized attacker to disclose information locally.... Read more
- Published: Oct. 14, 2025
- Modified: Nov. 07, 2025
-
5.5
MEDIUMCVE-2025-59240
Exposure of sensitive information to an unauthorized actor in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.... Read more
- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025