Latest CVE Feed
-
7.5
HIGHCVE-2025-54329
An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. The function used to send a mu... Read more
Affected Products : exynos_980_firmware exynos_850_firmware exynos_2100_firmware exynos_2200_firmware exynos_1280_firmware exynos_1380_firmware exynos_1330_firmware exynos_w920_firmware exynos_980 exynos_990_firmware +26 more products- Published: Nov. 04, 2025
- Modified: Nov. 07, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-43385
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.... Read more
- Published: Nov. 04, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-64458
An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. NFKC normalization in Python is slow on Windows. As a consequence, `django.http.HttpResponseRedirect`, `django.http.HttpResponsePermanentRedirect`, and the shortcut `dj... Read more
Affected Products : django- Published: Nov. 05, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-62708
pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream of a page using the LZWDecode filter. This... Read more
Affected Products : pypdf- Published: Oct. 22, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-64131
Jenkins SAML Plugin 4.583.vc68232f7018a_ and earlier does not implement a replay cache, allowing attackers able to obtain information about the SAML authentication flow between a user's web browser and Jenkins to replay those requests, authenticating to J... Read more
Affected Products : saml- Published: Oct. 29, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Authentication
-
7.5
HIGHCVE-2025-26782
An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 9110, W920, W930, Modem 5123, and Modem 5300. Incorrect handling of RLC AM PDUs leads to a Denial of S... Read more
- Published: Oct. 20, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-60938
Emoncms 11.7.3 has a remote code execution vulnerability in the firmware upload feature that allows authenticated users to execute arbitrary commands on the target system. The vulnerability stems from insufficient input validation of user-controlled param... Read more
Affected Products : emoncms- Published: Oct. 24, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Authentication
-
7.5
HIGHCVE-2025-49494
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 2100, 1280, 2200, 1330, 1380, 1480, 9110, Modem 5123. Mishandling of an 5G NRMM packet leads to a Denial of Service.... Read more
Affected Products : exynos_2100_firmware exynos_2200_firmware exynos_1280_firmware exynos_1380_firmware exynos_1330_firmware exynos_9110_firmware exynos_2100 exynos_2200 exynos_1280 exynos_1380 +6 more products- Published: Nov. 04, 2025
- Modified: Nov. 07, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-8677
Querying for records within a specially crafted zone containing certain malformed DNSKEY records can lead to CPU exhaustion. This issue affects BIND 9 versions 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.18.11-S1 through 9.18... Read more
Affected Products : bind- Published: Oct. 22, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-6176
Scrapy versions up to 2.13.2 are vulnerable to a denial of service (DoS) attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to... Read more
Affected Products : scrapy- Published: Oct. 31, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-54334
An issue was discovered in the NPU driver in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, 2500. There is a NULL Pointer Dereference of hdev in the __npu_vertex_bootup function.... Read more
Affected Products : exynos_2200_firmware exynos_1280_firmware exynos_1380_firmware exynos_2200 exynos_1280 exynos_1380 exynos_2400_firmware exynos_2400 exynos_1480_firmware exynos_1480 +4 more products- Published: Nov. 04, 2025
- Modified: Nov. 07, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-60563
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetPortTr.... Read more
- Published: Oct. 24, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-52513
An issue was discovered in Samsung Mobile Processor Exynos 2400, 1580, 2500. A race condition in the HTS driver results in an out-of-bounds write, leading to a denial of service.... Read more
Affected Products : exynos_2400_firmware exynos_2400 exynos_1580_firmware exynos_1580 exynos_2500_firmware exynos_2500- Published: Nov. 04, 2025
- Modified: Nov. 07, 2025
- Vuln Type: Race Condition
-
7.5
HIGHCVE-2025-49377
Missing Authorization vulnerability in Themefic Hydra Booking hydra-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hydra Booking: from n/a through <= 1.1.9.... Read more
Affected Products :- Published: Oct. 22, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-61725
The ParseAddress function constructeds domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.... Read more
Affected Products : go- Published: Oct. 29, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-49376
Missing Authorization vulnerability in DELUCKS DELUCKS SEO delucks-seo allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects DELUCKS SEO: from n/a through <= 2.5.9.... Read more
Affected Products : delucks_seo- Published: Oct. 22, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-52099
Integer Overflow vulnerability in SQLite SQLite3 v.3.50.0 allows a remote attacker to cause a denial of service via the setupLookaside function... Read more
Affected Products :- Published: Oct. 24, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-61100
FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the ospf_opaque_lsa_dump function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) under specific malformed LSA condit... Read more
Affected Products : frrouting- Published: Oct. 27, 2025
- Modified: Nov. 03, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-62651
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 does not implement access control for the bathroom rating interface.... Read more
Affected Products : restaurant_brands_international_assistant- Published: Oct. 17, 2025
- Modified: Oct. 31, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-43469
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to access sensitive user data.... Read more
Affected Products : macos- Published: Nov. 04, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Authorization