Latest CVE Feed
-
7.5
HIGHCVE-2025-60660
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the mac parameter in the fromAdvSetMacMtuWan function.... Read more
- Published: Oct. 02, 2025
- Modified: Oct. 07, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-54831
Apache Airflow 3 introduced a change to the handling of sensitive information in Connections. The intent was to restrict access to sensitive connection fields to Connection Editing Users, effectively applying a "write-only" model for sensitive values. I... Read more
Affected Products : airflow- Published: Sep. 26, 2025
- Modified: Oct. 01, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-11135
A vulnerability was detected in pmTicket Project-Management-Software up to 2ef379da2075f4761a2c9029cf91d073474e7486. The affected element is the function loadLanguage of the file classes/class.database.php of the component Cookie Handler. Performing manip... Read more
Affected Products :- Published: Sep. 29, 2025
- Modified: Sep. 29, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-11341
A security flaw has been discovered in Jinher OA up to 2.0. This affects an unknown function of the file /c6/Jhsoft.Web.module/eformaspx/WebDesign.aspx/?type=SystemUserInfo&style=1. Performing manipulation results in xml external entity reference. Remote ... Read more
Affected Products : jinher_oa- Published: Oct. 06, 2025
- Modified: Oct. 08, 2025
- Vuln Type: XML External Entity
-
7.5
HIGHCVE-2025-56161
YOSHOP 2.0 allows unauthenticated information disclosure via comment-list API endpoints in the Goods module. The Comment model eagerly loads the related User model without field filtering; because User.php defines no $hidden or $visible attributes, sensit... Read more
Affected Products : yoshop2.0- Published: Oct. 02, 2025
- Modified: Oct. 07, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-36274
IBM Aspera HTTP Gateway 2.0.0 through 2.3.1 stores sensitive information in clear text in easily obtainable files which can be read by an unauthenticated user.... Read more
Affected Products : aspera_http_gateway- Published: Sep. 26, 2025
- Modified: Sep. 29, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-6985
The HTMLSectionSplitter class in langchain-text-splitters version 0.3.8 is vulnerable to XML External Entity (XXE) attacks due to unsafe XSLT parsing. This vulnerability arises because the class allows the use of arbitrary XSLT stylesheets, which are pars... Read more
Affected Products : langchain- Published: Oct. 06, 2025
- Modified: Oct. 08, 2025
- Vuln Type: XML External Entity
-
7.5
HIGHCVE-2025-11312
A vulnerability was detected in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. This affects the function findModulePage of the file findModulePage.do. The manipulation of the argument sort results in sql injection. The attack can be la... Read more
Affected Products :- Published: Oct. 06, 2025
- Modified: Oct. 06, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-41252
Description: VMware NSX contains a username enumeration vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially leading to unauthorized access attempts. Impact: Username enumeration → facilitates unau... Read more
Affected Products :- Published: Sep. 29, 2025
- Modified: Sep. 29, 2025
- Vuln Type: Authentication
-
7.5
HIGHCVE-2025-11313
A flaw has been found in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. This impacts the function findRolePage of the file findRolePage.do. This manipulation of the argument sort causes sql injection. The attack may be initiated remote... Read more
Affected Products :- Published: Oct. 06, 2025
- Modified: Oct. 06, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-11030
A vulnerability was detected in Tutorials-Website Employee Management System up to 611887d8f8375271ce8abc704507d46340837a60. Impacted is an unknown function of the file /admin/all-applied-leave.php of the component HTTP Request Handler. The manipulation r... Read more
Affected Products : employee_management_system- Published: Sep. 26, 2025
- Modified: Sep. 29, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-11315
A vulnerability was found in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. Affected by this vulnerability is the function findUserPage of the file findUserPage.do. Performing manipulation of the argument sort results in sql injection.... Read more
Affected Products :- Published: Oct. 06, 2025
- Modified: Oct. 06, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-40838
Ericsson Indoor Connect 8855 contains a vulnerability where server-side security can be bypassed in the client which if exploited can lead to unauthorized disclosure of certain information.... Read more
- Published: Sep. 25, 2025
- Modified: Oct. 02, 2025
- Vuln Type: Authentication
-
7.5
HIGHCVE-2025-59147
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Versions 7.0.11 and below, as well as 8.0.0, are vulnerable to detection bypass when crafted traffic sends multiple SYN ... Read more
Affected Products : suricata- Published: Oct. 01, 2025
- Modified: Oct. 06, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-8014
Denial of Service issue in GraphQL endpoints in Gitlab EE/CE affecting all versions from 11.10 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1 allows unauthenticated users to potentially bypass query complexity limits leading to resource e... Read more
Affected Products : gitlab- Published: Sep. 27, 2025
- Modified: Oct. 03, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-56571
Finance.js v4.1.0 contains a Denial of Service (DoS) vulnerability via the IRR function’s depth parameter. Improper handling of the recursion/iteration limit can lead to excessive CPU usage, causing application stalls or crashes.... Read more
Affected Products : finance.js- Published: Sep. 30, 2025
- Modified: Oct. 08, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-20350
A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. Th... Read more
Affected Products :- Published: Oct. 15, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-59425
vLLM is an inference and serving engine for large language models (LLMs). Before version 0.11.0rc2, the API key support in vLLM performs validation using a method that was vulnerable to a timing attack. API key validation uses a string comparison that tak... Read more
Affected Products : vllm- Published: Oct. 07, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Authentication
-
7.5
HIGHCVE-2025-59830
Rack is a modular Ruby web server interface. Prior to version 2.2.18, Rack::QueryParser enforces its params_limit only for parameters separated by &, while still splitting on both & and ;. As a result, attackers could use ; separators to bypass the parame... Read more
Affected Products : rack- Published: Sep. 25, 2025
- Modified: Oct. 10, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-62585
Whale browser before 4.33.325.17 allows an attacker to bypass the Content Security Policy via a specific scheme in a dual-tab environment.... Read more
Affected Products : whale- Published: Oct. 16, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Misconfiguration