Latest CVE Feed
-
7.5
HIGHCVE-2025-11660
A vulnerability has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. Affected by this issue is some unknown functionality of the file /assets/uploadSllyabus.php. Such manipulation of the argument F... Read more
Affected Products : school_management_system- Published: Oct. 13, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Misconfiguration
-
7.5
HIGHCVE-2025-57326
A Prototype Pollution vulnerability in the byGroupAndType function of sassdoc-extras v2.5.1 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence.... Read more
Affected Products : sassdoc-extras- Published: Sep. 24, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Misconfiguration
-
7.5
HIGHCVE-2025-59942
go-f3 is a Golang implementation of Fast Finality for Filecoin (F3). In versions 0.8.6 and below, go-f3 panics when it validates a "poison" messages causing Filecoin nodes consuming F3 messages to become vulnerable. A "poison" message can can cause intege... Read more
Affected Products : go-f3- Published: Sep. 29, 2025
- Modified: Oct. 18, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-56301
An issue was discovered in Chipsalliance Rocket-Chip commit f517abbf41abb65cea37421d3559f9739efd00a9 (2025-01-29) allowing attackers to corrupt exception handling and privilege state transitions via a flawed interaction between exception handling and MRET... Read more
Affected Products : rocket-chip- Published: Sep. 30, 2025
- Modified: Oct. 17, 2025
- Vuln Type: Misconfiguration
-
7.5
HIGHCVE-2025-43914
Dell PowerProtect Data Domain BoostFS for Linux Ubuntu systems of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60... Read more
Affected Products :- Published: Oct. 07, 2025
- Modified: Oct. 08, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-57318
A Prototype Pollution vulnerability in the toCsv function of csvjson versions thru 5.1.0 allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence.... Read more
Affected Products : csvjson- Published: Sep. 24, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-61590
Cursor is a code editor built for programming with AI. Versions 1.6 and below are vulnerable to Remote Code Execution (RCE) attacks through Visual Studio Code Workspaces. Workspaces allow users to open more than a single folder and save specific settings ... Read more
Affected Products : cursor- Published: Oct. 03, 2025
- Modified: Oct. 17, 2025
- Vuln Type: Misconfiguration
-
7.5
HIGHCVE-2025-62370
Alloy Core libraries at the root of the Rust Ethereum ecosystem. Prior to 0.8.26 and 1.4.1, an uncaught panic triggered by malformed input to alloy_dyn_abi::TypedData could lead to a denial-of-service (DoS) via eip712_signing_hash(). Software with high av... Read more
Affected Products :- Published: Oct. 15, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-57317
apidoc-core is the core parser library to generate apidoc result following the apidoc-spec. A Prototype Pollution vulnerability in the preProcess function of apidoc-core versions thru 0.15.0 allows attackers to inject properties on Object.prototype via su... Read more
Affected Products : apidoc-core- Published: Sep. 25, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Misconfiguration
-
7.5
HIGHCVE-2025-43727
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an incorrect I... Read more
Affected Products : data_domain_operating_system- Published: Oct. 07, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Authentication
-
7.5
HIGHCVE-2025-58726
Improper access control in Windows SMB Server allows an authorized attacker to elevate privileges over a network.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +8 more products- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
-
7.5
HIGHCVE-2025-6921
The huggingface/transformers library, versions prior to 4.53.0, is vulnerable to Regular Expression Denial of Service (ReDoS) in the AdamWeightDecay optimizer. The vulnerability arises from the _do_use_weight_decay method, which processes user-controlled ... Read more
Affected Products : transformers- Published: Sep. 23, 2025
- Modified: Oct. 10, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-11234
A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abuse... Read more
Affected Products : qemu- Published: Oct. 03, 2025
- Modified: Oct. 06, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-11583
A flaw has been found in code-projects Online Job Search Engine 1.0. Impacted is an unknown function of the file /postjob.php. Executing manipulation of the argument txtjobID can lead to sql injection. The attack may be launched remotely. The exploit has ... Read more
Affected Products :- Published: Oct. 10, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-62162
cel-rust is a Common Expression Language interpreter written in Rust. Starting in version 0.10.0 and prior to version 0.11.4, parsing certain malformed CEL expressions can cause the parser to panic, terminating the process. When the crate is used to evalu... Read more
Affected Products :- Published: Oct. 10, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-11558
A vulnerability was found in code-projects E-Commerce Website 1.0. Impacted is an unknown function of the file /pages/user_index_search.php. Performing manipulation of the argument Search results in sql injection. The attack is possible to be carried out ... Read more
Affected Products : e-commerce_website- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-11556
A flaw has been found in code-projects Simple Leave Manager 1.0. This vulnerability affects unknown code of the file /user.php. This manipulation of the argument table causes sql injection. Remote exploitation of the attack is possible. The exploit has be... Read more
Affected Products :- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-55326
Use after free in Connected Devices Platform Service (Cdpsvc) allows an unauthorized attacker to execute code over a network.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
-
7.5
HIGHCVE-2025-11585
A vulnerability was found in code-projects Project Monitoring System 1.0. The impacted element is an unknown function of the file /useredit.php. The manipulation of the argument uid results in sql injection. The attack can be executed remotely. The exploi... Read more
Affected Products : project_monitoring_system- Published: Oct. 10, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-51495
An integer overflow vulnerability exists in the WebSocket component of Mongoose 7.5 thru 7.17. By sending a specially crafted WebSocket request, an attacker can cause the application to crash. If downstream vendors integrate this component improperly, the... Read more
Affected Products : mongoose- Published: Sep. 29, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Denial of Service