Latest CVE Feed
-
7.5
HIGHCVE-2025-60332
A NULL pointer dereference in the SetWLanRadioSettings function of D-Link DIR-823G A1 v1.0.2B05 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.... Read more
- Published: Oct. 22, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-30188
Malicious or unintentional API requests can be used to add significant amount of data to caches. Caches may evict information that is required to operate the web frontend, which leads to unavailability of the component. Please deploy the provided updates ... Read more
Affected Products : ox_app_suite- Published: Oct. 31, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-54329
An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. The function used to send a mu... Read more
Affected Products : exynos_980_firmware exynos_850_firmware exynos_2100_firmware exynos_2200_firmware exynos_1280_firmware exynos_1380_firmware exynos_1330_firmware exynos_w920_firmware exynos_980 exynos_990_firmware +26 more products- Published: Nov. 04, 2025
- Modified: Nov. 07, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-61116
AdForest - Classified Android App version 4.0.12 (package name scriptsbundle.adforest), developed by Muhammad Jawad Arshad, contains an improper access control vulnerability in its authentication mechanism. The app uses a Base64-encoded email address as t... Read more
Affected Products :- Published: Oct. 30, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Authentication
-
7.5
HIGHCVE-2025-62785
Wazuh is a free and open source platform used for threat prevention, detection, and response. fillData() implementation does not check whether value is NULL or not before calling os_strdup() on it. A compromised agent can cause a crash of analysisd by sen... Read more
Affected Products : wazuh- Published: Oct. 29, 2025
- Modified: Nov. 03, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-11501
The Dynamically Display Posts plugin for WordPress is vulnerable to SQL Injection via the 'tax_query' parameter in all versions up to, and including, 1.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the... Read more
Affected Products :- Published: Oct. 15, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-31997
HCL Unica Centralized Offer Management is vulnerable to Insecure Direct Object References (IDOR). An attacker can bypass authorization and access resources in the system directly, for example database records or files.... Read more
Affected Products : unica_centralized_offer_management- Published: Oct. 12, 2025
- Modified: Oct. 29, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-43424
The issue was addressed with improved bounds checks. This issue is fixed in iOS 26.1 and iPadOS 26.1. A malicious HID device may cause an unexpected process crash.... Read more
- Published: Nov. 04, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-61301
Denial-of-analysis in reporting/mongodb.py and reporting/jsondump.py in CAPEv2 (commit 52e4b43, on 2025-05-17) allows attackers who can submit samples to cause incomplete or missing behavioral analysis reports by generating deeply nested or oversized beha... Read more
Affected Products :- Published: Oct. 20, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-60564
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetLog.... Read more
- Published: Oct. 24, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-61118
mCarFix Motorists App version 2.3 (package name com.skytop.mcarfix), developed by Paniel Mwaura, contains improper access control vulnerabilities. Attackers may bypass verification to arbitrarily register accounts, and by tampering with sequential numeric... Read more
Affected Products :- Published: Oct. 30, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-55752
Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the possibility that, for rewrite rules that rewrite query par... Read more
Affected Products : tomcat- Published: Oct. 27, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-12105
A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message q... Read more
Affected Products :- Published: Oct. 23, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2024-55568
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400. The absence of a NULL check leads to a De... Read more
- Published: Oct. 20, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-64284
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Majestic Support Majestic Support majestic-support allows PHP Local File Inclusion.This issue affects Majestic Support: from n/a throu... Read more
Affected Products :- Published: Oct. 29, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-60241
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Premmerce Premmerce premmerce allows PHP Local File Inclusion.This issue affects Premmerce: from n/a through <= 1.3.19.... Read more
Affected Products : premmerce- Published: Nov. 06, 2025
- Modified: Nov. 07, 2025
- Vuln Type: Path Traversal
-
7.4
HIGHCVE-2025-40772
A vulnerability has been identified in SiPass integrated (All versions < V3.0). Affected server applications are vulnerable to stored Cross-Site Scripting (XSS), allowing an attacker to inject malicious code that can be executed by other users when they v... Read more
Affected Products : sipass_integrated- Published: Oct. 14, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Cross-Site Scripting
-
7.4
HIGHCVE-2025-55687
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Resilient File System (ReFS) allows an unauthorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +8 more products- Published: Oct. 14, 2025
- Modified: Oct. 27, 2025
-
7.4
HIGHCVE-2025-64439
LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). In versions 2.1.2 and below, the JsonPlusSerializer (used as the default serialization protocol for all checkpointing) ... Read more
Affected Products :- Published: Nov. 07, 2025
- Modified: Nov. 07, 2025
- Vuln Type: Injection
-
7.4
HIGHCVE-2025-30189
When cache is enabled, some passdb/userdb drivers incorrectly cache all users with same cache key, causing wrong cached information to be used for these users. After cached login, all subsequent logins are for same user. Install fixed version or disable c... Read more
Affected Products :- Published: Oct. 31, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Misconfiguration