Latest CVE Feed
-
8.8
HIGHCVE-2025-62495
An integer overflow vulnerability exists in the QuickJS regular expression engine (libregexp) due to an inconsistent representation of the bytecode buffer size. * The regular expression bytecode is stored in a DynBuf structure, which correctly uses a ... Read more
Affected Products : quickjs- Published: Oct. 16, 2025
- Modified: Oct. 29, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-64140
Jenkins Azure CLI Plugin 0.9 and earlier does not restrict which commands it executes on the Jenkins controller, allowing attackers with Item/Configure permission to execute arbitrary shell commands.... Read more
Affected Products :- Published: Oct. 29, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-62525
OpenWrt Project is a Linux operating system targeting embedded devices. Prior to version 24.10.4, local users could read and write arbitrary kernel memory using the ioctls of the ltq-ptm driver which is used to drive the datapath of the DSL line. This onl... Read more
Affected Products : openwrt- Published: Oct. 22, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-61429
An issue in NCR Atleos Terminal Manager (ConfigApp) v3.4.0 allows attackers to escalate privileges via a crafted request.... Read more
Affected Products :- Published: Oct. 29, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Authorization
-
8.8
HIGHCVE-2025-64101
Zitadel is open-source identity infrastructure software. Prior to 4.6.0, 3.4.3, and 2.71.18, a potential vulnerability exists in ZITADEL's password reset mechanism. ZITADEL utilizes the Forwarded or X-Forwarded-Host header from incoming requests to constr... Read more
Affected Products : zitadel- Published: Oct. 29, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Server-Side Request Forgery
-
8.8
HIGHCVE-2025-62726
n8n is an open source workflow automation platform. Prior to 1.113.0, a remote code execution vulnerability exists in the Git Node component available in both Cloud and Self-Hosted versions of n8n. When a malicious actor clones a remote repository contain... Read more
Affected Products : n8n- Published: Oct. 30, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-9428
Zohocorp ManageEngine Analytics Plus versions 6171 and prior are vulnerable to authenticated SQL Injection via the key update api.... Read more
Affected Products : manageengine_analytics_plus- Published: Oct. 21, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-11756
Use after free in Safe Browsing in Google Chrome prior to 141.0.7390.107 allowed a remote attacker who had compromised the renderer process to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)... Read more
- Published: Nov. 06, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-5949
The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0. This is due to the plugin not properly validating a user's identity prior to processing a password chang... Read more
Affected Products :- Published: Nov. 01, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Authentication
-
8.8
HIGHCVE-2025-52079
The administrator password setting of the D-Link DIR-820L 1.06B02 is has Improper Access Control and is vulnerable to Unverified Password Change via crafted POST request to /get_set.ccp.... Read more
- Published: Oct. 21, 2025
- Modified: Nov. 03, 2025
- Vuln Type: Authentication
-
8.8
HIGHCVE-2024-13995
Nagios XI versions prior to 2024R1.1.2 may (confirmed in 2024R1.1 and 2024R1.1.1) disclose sensitive user account information (including API keys and hashed passwords) to authenticated users who should not have access to that data. Exposure of API keys or... Read more
- Published: Oct. 30, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Information Disclosure
-
8.8
HIGHCVE-2025-64109
Cursor is a code editor built for programming with AI. In versions and below, a vulnerability in the Cursor CLI Beta allowed an attacker to achieve remote code execution through the MCP (Model Context Protocol) server mechanism by uploading a malicious MC... Read more
Affected Products : cursor- Published: Nov. 05, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Misconfiguration
-
8.8
HIGHCVE-2025-43431
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing maliciously crafted web content may lead to memory corruption.... Read more
- Published: Nov. 04, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-12346
A vulnerability was detected in MaxSite CMS up to 109. This vulnerability affects unknown code of the file application/maxsite/admin/plugins/auto_post/uploads-require-maxsite.php of the component HTTP Header Handler. Performing manipulation of the argumen... Read more
- Published: Oct. 28, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Misconfiguration
-
8.8
HIGHCVE-2025-60222
Incorrect Privilege Assignment vulnerability in FantasticPlugins SUMO Memberships for WooCommerce sumomemberships allows Privilege Escalation.This issue affects SUMO Memberships for WooCommerce: from n/a through <= 7.6.0.... Read more
Affected Products :- Published: Oct. 22, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Authorization
-
8.8
HIGHCVE-2025-62630
Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to traverse directories and achieve remote code execution with system-level permissions.... Read more
Affected Products :- Published: Nov. 06, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Path Traversal
-
8.8
HIGHCVE-2025-12779
Improper handling of the authentication token in the Amazon WorkSpaces client for Linux, versions 2023.0 through 2024.8, may expose the authentication token for DCV-based WorkSpaces to other local users on the same client machine. Under certain circumstan... Read more
Affected Products :- Published: Nov. 05, 2025
- Modified: Nov. 10, 2025
- Vuln Type: Authentication
-
8.8
HIGHCVE-2025-47902
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Microchip Time Provider 4100 allows SQL Injection.This issue affects Time Provider 4100: before 2.5.... Read more
- Published: Oct. 20, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-12261
A vulnerability was found in CodeAstro Gym Management System 1.0. This affects an unknown function of the file /admin/actions/remove-announcement.php. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotel... Read more
Affected Products : gym_management_system- Published: Oct. 27, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-62035
Deserialization of Untrusted Data vulnerability in uxper Togo togo.This issue affects Togo: from n/a through < 1.0.4.... Read more
Affected Products :- Published: Nov. 06, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Misconfiguration