Latest CVE Feed
-
7.5
HIGHCVE-2025-62651
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 does not implement access control for the bathroom rating interface.... Read more
Affected Products : restaurant_brands_international_assistant- Published: Oct. 17, 2025
- Modified: Oct. 31, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-11145
Observable Discrepancy, Exposure of Sensitive Information to an Unauthorized Actor, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in CBK Soft Software Hardware Electronic Computer Systems Industry and Trade Inc. EnVision ... Read more
Affected Products :- Published: Oct. 24, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-62788
Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.11.0, w_copy_event_for_log() references memory (initially allocated in OS_CleanMSG()) after it has been freed. A compromised agent can potentially com... Read more
Affected Products : wazuh- Published: Oct. 29, 2025
- Modified: Nov. 03, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-61104
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_unknown_tlv function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.... Read more
Affected Products : frrouting- Published: Oct. 28, 2025
- Modified: Oct. 31, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-61107
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LSA Update packet.... Read more
Affected Products : frrouting- Published: Oct. 28, 2025
- Modified: Oct. 31, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-62895
Insertion of Sensitive Information Into Sent Data vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Retrieve Embedded Sensitive Data.This issue affects Atarim: from n/a through <= 4.2.... Read more
Affected Products :- Published: Oct. 27, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-60191
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Premmerce Premmerce Wishlist for WooCommerce premmerce-woocommerce-wishlist allows PHP Local File Inclusion.This issue affects Premmer... Read more
Affected Products :- Published: Nov. 06, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-60074
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Processby Lazy Load Optimizer lazy-load-optimizer allows PHP Local File Inclusion.This issue affects Lazy Load Optimizer: from n/a thr... Read more
Affected Products :- Published: Nov. 06, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-60349
An issue was discovered in Prevx v3.0.5.220 allowing attackers to cause a denial of service via sending IOCTL code 0x22E044 to the pxscan.sys driver. Any processes listed under registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\pxscan\Files... Read more
Affected Products :- Published: Oct. 28, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-6980
Captive Portal can expose sensitive information... Read more
Affected Products : arista_edge_threat_management_-_arista_next_generation_firewall- Published: Oct. 23, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-62604
MeterSphere is an open source continuous testing platform. Prior to version 2.10.25-lts, a logic flaw allows retrieval of arbitrary user information. This allows an unauthenticated attacker to log in to the system as any user. This issue has been patched ... Read more
Affected Products : metersphere- Published: Oct. 22, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Authentication
-
7.5
HIGHCVE-2025-54963
An issue was discovered in BAE SOCET GXP before 4.6.0.2. An attacker with the ability to interact with the GXP Job Service may submit a crafted job request that grants read access to files on the filesystem with the permissions of the GXP Job Service proc... Read more
Affected Products : socet_gxp- Published: Oct. 23, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-60805
An issue was discovered in BESSystem BES Application Server thru 9.5.x allowing unauthorized attackers to gain sensitive information via the "pre-resource" option in bes-web.xml.... Read more
Affected Products :- Published: Oct. 28, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-61101
FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_rmt_itf_addr function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.... Read more
Affected Products : frrouting- Published: Oct. 27, 2025
- Modified: Nov. 03, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-62727
Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/... Read more
Affected Products :- Published: Oct. 28, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-60193
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Premmerce Premmerce User Roles premmerce-user-roles allows PHP Local File Inclusion.This issue affects Premmerce User Roles: from n/a ... Read more
Affected Products : medikaid- Published: Nov. 06, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-12044
Vault and Vault Enterprise (“Vault”) are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a previous fix for [+HCSEC-2025-24+|https://discuss.hashicorp.com/t/hcsec-2025-24-vault-denial-... Read more
Affected Products : vault- Published: Oct. 23, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-60196
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Clearblue Clearblue® Ovulation Calculator clearblue-ovulation-calculator allows PHP Local File Inclusion.This issue affects Clearblue®... Read more
Affected Products :- Published: Nov. 06, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-60192
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Premmerce Premmerce Wholesale Pricing for WooCommerce premmerce-woocommerce-wholesale-pricing allows PHP Local File Inclusion.This iss... Read more
Affected Products :- Published: Nov. 06, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-12139
The File Manager for Google Drive – Integrate Google Drive with WordPress plugin for WordPress is vulnerable to sensitive information exposure in all versions up to, and including, 1.5.3 via the "get_localize_data" function. This makes it possible for una... Read more
Affected Products :- Published: Nov. 05, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Information Disclosure