Latest CVE Feed
-
7.5
HIGHCVE-2025-55752
Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query par... Read more
Affected Products : tomcat- Published: Oct. 27, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-59460
The system is deployed in its default state, with configuration settings that do not comply with the latest best practices for restricting access. This increases the risk of unauthorised connections.... Read more
- Published: Oct. 27, 2025
- Modified: Nov. 03, 2025
- Vuln Type: Misconfiguration
-
7.5
HIGHCVE-2025-64284
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Majestic Support Majestic Support majestic-support allows PHP Local File Inclusion.This issue affects Majestic Support: from n/a throu... Read more
Affected Products :- Published: Oct. 29, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-43452
This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 26.1 and iPadOS 26.1. Keyboard suggestions may display sensitive information on the lock screen.... Read more
- Published: Nov. 04, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-11501
The Dynamically Display Posts plugin for WordPress is vulnerable to SQL Injection via the 'tax_query' parameter in all versions up to, and including, 1.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the... Read more
Affected Products :- Published: Oct. 15, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-59248
Improper input validation in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 28, 2025
-
7.5
HIGHCVE-2025-61756
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: System Configuration). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily expl... Read more
Affected Products : financial_services_analytical_applications_infrastructure- Published: Oct. 21, 2025
- Modified: Oct. 24, 2025
-
7.5
HIGHCVE-2025-61103
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_lan_adj_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.... Read more
Affected Products : frrouting- Published: Oct. 28, 2025
- Modified: Oct. 31, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-61106
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.... Read more
Affected Products : frrouting- Published: Oct. 28, 2025
- Modified: Oct. 31, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-6980
Captive Portal can expose sensitive information... Read more
Affected Products : arista_edge_threat_management_-_arista_next_generation_firewall- Published: Oct. 23, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-43385
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.... Read more
- Published: Nov. 04, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-10862
The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.1.3. This is due to insufficient escaping on the 'id' parame... Read more
Affected Products :- Published: Oct. 09, 2025
- Modified: Oct. 09, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-59043
OpenBao is an open source identity-based secrets management system. In OpenBao versions prior to 2.4.1, JSON objects after decoding may use significantly more memory than their serialized version. It is possible to craft a JSON payload to maximize the fac... Read more
Affected Products : openbao- Published: Oct. 17, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-60858
Reolink Video Doorbell Wi-Fi DB_566128M5MP_W stores and transmits DDNS credentials in plaintext within its configuration and update scripts, allowing attackers to intercept or extract sensitive information.... Read more
Affected Products :- Published: Oct. 28, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-50951
FontForge v20230101 was discovered to contain a memory leak via the utf7toutf8_copy function at /fontforge/sfd.c.... Read more
- Published: Oct. 23, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-43376
A logic issue was addressed with improved state management. This issue is fixed in Safari 26, tvOS 26, watchOS 26, iOS 26 and iPadOS 26, visionOS 26. A remote attacker may be able to view leaked DNS queries with Private Relay turned on.... Read more
- Published: Nov. 04, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-43462
The issue was addressed with improved memory handling. This issue is fixed in watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1, visionOS 26.1. An app may be able to cause unexpected system termination or corrupt kernel memory.... Read more
- Published: Nov. 04, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-60354
Unauthorized modification of arbitrary articles vulnerability exists in blog-vue-springboot.... Read more
Affected Products :- Published: Oct. 28, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-60338
Tenda AC6 V2.0 15.03.06.50 was discovered to contain a stack overflow in the page parameter in the DhcpListClient function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.... Read more
- Published: Oct. 22, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-60557
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetEasy_Wizard.... Read more
- Published: Oct. 24, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Memory Corruption