Latest CVE Feed
-
7.5
HIGHCVE-2025-54605
Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption (issue 2 of 2).... Read more
Affected Products : bitcoin_core- Published: Oct. 28, 2025
- Modified: Nov. 07, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-54604
Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption (issue 1 of 2).... Read more
Affected Products : bitcoin_core- Published: Oct. 28, 2025
- Modified: Nov. 07, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-64173
Apollo Router Core is a configurable graph router written in Rust to run a federated supergraph using Apollo Federation 2. In versions 1.61.11 below, as well as 2.0.0-alpha.0 through 2.8.1-rc.0, a vulnerability allowed for unauthenticated queries to acces... Read more
Affected Products : apollo_router- Published: Nov. 06, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-21074
Out-of-bounds read in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory.... Read more
Affected Products : android- Published: Nov. 05, 2025
- Modified: Nov. 07, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-54332
An issue was discovered in NPU in Samsung Mobile Processor Exynos 1380 through July 2025. There is a NULL Pointer Dereference of profiler.node in the npu_vertex_profileoff function.... Read more
- Published: Nov. 04, 2025
- Modified: Nov. 07, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-1037
By making minor configuration changes to the TropOS 4th Gen device, an authenticated user with the ability to run user level shell commands can enable access via secure shell (SSH) to an unrestricted root shell. This is possible through abuse of a particu... Read more
Affected Products : tropos_4th_gen- Published: Oct. 28, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-1038
The “Diagnostics Tools” page of the web-based configuration utility does not properly validate user-controlled input, allowing an authenticated user with high privileges to inject commands into the command shell of the TropOS 4th Gen device. The injected ... Read more
Affected Products : tropos_4th_gen- Published: Oct. 28, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-27223
TRUfusion Enterprise through 7.10.4.0 exposes the encrypted COOKIEID as an authentication mechanism for some endpoints such as /trufusionPortal/getProjectList. However, the application uses a static key to create the encrypted cookie, ultimately allowing ... Read more
Affected Products : trufusion_enterprise- Published: Oct. 27, 2025
- Modified: Oct. 31, 2025
- Vuln Type: Authentication
-
7.5
HIGHCVE-2025-62651
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 does not implement access control for the bathroom rating interface.... Read more
Affected Products : restaurant_brands_international_assistant- Published: Oct. 17, 2025
- Modified: Oct. 31, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-11145
Observable Discrepancy, Exposure of Sensitive Information to an Unauthorized Actor, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in CBK Soft Software Hardware Electronic Computer Systems Industry and Trade Inc. EnVision ... Read more
Affected Products :- Published: Oct. 24, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-62788
Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.11.0, w_copy_event_for_log() references memory (initially allocated in OS_CleanMSG()) after it has been freed. A compromised agent can potentially com... Read more
Affected Products : wazuh- Published: Oct. 29, 2025
- Modified: Nov. 03, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-56223
A lack of rate limiting in the component /Home/UploadStreamDocument of SigningHub v8.6.8 allows attackers to cause a Denial of Service (DoS) via uploading an excessive number of files.... Read more
Affected Products : signinghub- Published: Oct. 20, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-61104
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_unknown_tlv function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.... Read more
Affected Products : frrouting- Published: Oct. 28, 2025
- Modified: Oct. 31, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-61107
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LSA Update packet.... Read more
Affected Products : frrouting- Published: Oct. 28, 2025
- Modified: Oct. 31, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-62895
Insertion of Sensitive Information Into Sent Data vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Retrieve Embedded Sensitive Data.This issue affects Atarim: from n/a through <= 4.2.... Read more
Affected Products :- Published: Oct. 27, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-6980
Captive Portal can expose sensitive information... Read more
Affected Products : arista_edge_threat_management_-_arista_next_generation_firewall- Published: Oct. 23, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-12044
Vault and Vault Enterprise (“Vault”) are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a previous fix for [+HCSEC-2025-24+|https://discuss.hashicorp.com/t/hcsec-2025-24-vault-denial-... Read more
Affected Products : vault- Published: Oct. 23, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-60349
An issue was discovered in Prevx v3.0.5.220 allowing attackers to cause a denial of service via sending IOCTL code 0x22E044 to the pxscan.sys driver. Any processes listed under registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\pxscan\Files... Read more
Affected Products :- Published: Oct. 28, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-62604
MeterSphere is an open source continuous testing platform. Prior to version 2.10.25-lts, a logic flaw allows retrieval of arbitrary user information. This allows an unauthenticated attacker to log in to the system as any user. This issue has been patched ... Read more
Affected Products : metersphere- Published: Oct. 22, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Authentication
-
7.5
HIGHCVE-2025-54963
An issue was discovered in BAE SOCET GXP before 4.6.0.2. An attacker with the ability to interact with the GXP Job Service may submit a crafted job request that grants read access to files on the filesystem with the permissions of the GXP Job Service proc... Read more
Affected Products : socet_gxp- Published: Oct. 23, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Path Traversal