Latest CVE Feed
-
7.5
HIGHCVE-2025-41253
The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An application should be considered vulnerable when all the following are true: * The a... Read more
Affected Products :- Published: Oct. 16, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-55972
A TCL Smart TV running a vulnerable UPnP/DLNA MediaRenderer implementation is affected by a remote, unauthenticated Denial of Service (DoS) condition. By sending a flood of malformed or oversized SetAVTransportURI SOAP requests to the UPnP control endpoin... Read more
- Published: Oct. 03, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-36128
IBM MQ 9.1, 9.2, 9.3, 9.4 LTS and 9.3, 9.4 CD is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting slowloris-type attacks, a remote attacker could exploit this vulnerability to ca... Read more
Affected Products : mq- Published: Oct. 16, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-61602
BigBlueButton is an open-source virtual classroom. A denial-of-service (DoS) vulnerability in versions prior to 3.0.13 allows any authenticated user to crash the chat functionality for all participants in a meeting by sending a malformed `reactionEmojiId`... Read more
Affected Products : bigbluebutton- Published: Oct. 09, 2025
- Modified: Oct. 20, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-26781
An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 9110, W920, W930, Modem 5123, and Modem 5300. Incorrect handling of RLC AM PDUs leads to a... Read more
Affected Products :- Published: Oct. 20, 2025
- Modified: Oct. 20, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-61581
** UNSUPPORTED WHEN ASSIGNED ** Inefficient Regular Expression Complexity vulnerability in Apache Traffic Control. This issue affects Apache Traffic Control: all versions. People with access to the management interface of the Traffic Router component co... Read more
Affected Products : traffic_control- Published: Oct. 16, 2025
- Modified: Oct. 20, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2024-55568
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400. The absence of a NULL check leads to a De... Read more
Affected Products :- Published: Oct. 20, 2025
- Modified: Oct. 20, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-26782
An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 9110, W920, W930, Modem 5123, and Modem 5300. Incorrect handling of RLC AM PDUs leads to a... Read more
Affected Products :- Published: Oct. 20, 2025
- Modified: Oct. 20, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-11678
Stack-based Buffer Overflow in lws_adns_parse_label in warmcat libwebsockets allows, when the LWS_WITH_SYS_ASYNC_DNS flag is enabled during compilation, to overflow the label_stack, when the attacker is able to sniff a DNS request in order to craft a resp... Read more
Affected Products :- Published: Oct. 20, 2025
- Modified: Oct. 20, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-10162
The Admin and Customer Messages After Order for WooCommerce: OrderConvo WordPress plugin before 14 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/download arbitrary files via a path traversal attac... Read more
Affected Products :- Published: Oct. 07, 2025
- Modified: Oct. 08, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-56223
A lack of rate limiting in the component /Home/UploadStreamDocument of SigningHub v8.6.8 allows attackers to cause a Denial of Service (DoS) via uploading an excessive number of files.... Read more
Affected Products :- Published: Oct. 20, 2025
- Modified: Oct. 20, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-56219
Incorrect access control in SigningHub v8.6.8 allows attackers to arbitrarily add user accounts without any rate limiting. This can lead to a resource exhaustion and a Denial of Service (DoS) when an excessively large number of user accounts are created.... Read more
Affected Products :- Published: Oct. 20, 2025
- Modified: Oct. 20, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-11943
A vulnerability has been found in 70mai X200 up to 20251010. Affected by this vulnerability is an unknown functionality of the component HTTP Web Server. The manipulation leads to use of default credentials. The attack can be initiated remotely. The explo... Read more
Affected Products :- Published: Oct. 19, 2025
- Modified: Oct. 19, 2025
- Vuln Type: Authentication
-
7.5
HIGHCVE-2025-41718
A cleartext transmission of sensitive information vulnerability in the affected products allows an unauthorized remote attacker to gain login credentials and access the Web-UI.... Read more
Affected Products :- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Cryptography
-
7.5
HIGHCVE-2025-11942
A flaw has been found in 70mai X200 up to 20251010. Affected is an unknown function of the component Pairing. Executing manipulation can lead to missing authentication. It is possible to launch the attack remotely. The exploit has been published and may b... Read more
Affected Products :- Published: Oct. 19, 2025
- Modified: Oct. 19, 2025
- Vuln Type: Authentication
-
7.5
HIGHCVE-2025-11153
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 143.0.3.... Read more
Affected Products : firefox- Published: Sep. 30, 2025
- Modified: Oct. 13, 2025
-
7.5
HIGHCVE-2025-11604
A vulnerability was determined in projectworlds Online Ordering Food System 1.0. This issue affects some unknown processing of the file /all-orders.php. This manipulation of the argument Status causes sql injection. Remote exploitation of the attack is po... Read more
Affected Products :- Published: Oct. 11, 2025
- Modified: Oct. 17, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-11517
The Event Tickets and Registration plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 5.26.5. This is due to the /wp-json/tribe/tickets/v1/commerce/free/order endpoint not verifying that a ticket type should be free... Read more
Affected Products : event_tickets- Published: Oct. 18, 2025
- Modified: Oct. 18, 2025
- Vuln Type: Authentication
-
7.5
HIGHCVE-2025-11691
The PPOM – Product Addons & Custom Fields for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the PPOM_Meta::get_fields_by_id() function in all versions up to, and including, 33.0.15 due to insufficient escaping on the user supplied pa... Read more
Affected Products :- Published: Oct. 18, 2025
- Modified: Oct. 18, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-59502
Uncontrolled resource consumption in Windows Remote Procedure Call allows an unauthorized attacker to deny service over a network.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025