Latest CVE Feed
-
7.5
HIGHCVE-2025-43500
A privacy issue was addressed with improved handling of user preferences. This issue is fixed in watchOS 26.1, iOS 26.1 and iPadOS 26.1, visionOS 26.1. An app may be able to access sensitive user data.... Read more
- Published: Nov. 04, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-21055
Out-of-bounds read and write in libimagecodec.quram.so prior to SMR Oct-2025 Release 1 allows remote attackers to access out-of-bounds memory.... Read more
Affected Products : android- Published: Oct. 10, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-20725
In ims service, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges nee... Read more
- Published: Nov. 04, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-11488
A weakness has been identified in D-Link DIR-852 up to 20251002. This affects an unknown part of the file /HNAP1/. Executing manipulation can lead to command injection. The attack may be launched remotely. The exploit has been made available to the public... Read more
Affected Products : dir-852_firmware- Published: Oct. 08, 2025
- Modified: Oct. 08, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-60751
GeographicLib 2.5 is vulnerable to Buffer Overflow in GeoConvert DMS::InternalDecode.... Read more
Affected Products :- Published: Oct. 21, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-26781
An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 9110, W920, W930, Modem 5123, and Modem 5300. Incorrect handling of RLC AM PDUs leads to a Denial of S... Read more
Affected Products : exynos_980_firmware exynos_850_firmware exynos_1080_firmware exynos_2200_firmware exynos_1380_firmware exynos_1330_firmware exynos_9110_firmware exynos_w920_firmware exynos_980 exynos_990_firmware +16 more products- Published: Oct. 20, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-41722
The wsc server uses a hard-coded certificate to check the authenticity of SOAP messages. An unauthenticated remote attacker can extract private keys from the Software of the affected devices.... Read more
Affected Products :- Published: Oct. 22, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Cryptography
-
7.5
HIGHCVE-2025-61100
FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the ospf_opaque_lsa_dump function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) under specific malformed LSA condit... Read more
Affected Products : frrouting- Published: Oct. 27, 2025
- Modified: Nov. 03, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-20727
In Modem, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. U... Read more
- Published: Nov. 04, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-62585
Whale browser before 4.33.325.17 allows an attacker to bypass the Content Security Policy via a specific scheme in a dual-tab environment.... Read more
Affected Products : whale- Published: Oct. 16, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Misconfiguration
-
7.5
HIGHCVE-2025-54329
An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. The function used to send a mu... Read more
Affected Products :- Published: Nov. 04, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-62792
Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.12.0, a buffer over-read occurs in w_expression_match() when strlen() is called on str_test, because the corresponding buffer is not being properly NU... Read more
Affected Products : wazuh- Published: Oct. 29, 2025
- Modified: Nov. 03, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-63458
Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via the timeZone parameter in the form_fast_setting_wifi_set function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.... Read more
- Published: Oct. 31, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-31996
HCL Unica Platform is affected by unprotected files due to improper access controls. These files may contain sensitive information such as private or system information that can be exploited by attackers to compromise the application, infrastructure, or... Read more
Affected Products : unica- Published: Oct. 13, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-52616
HCL Unica 12.1.10 can expose sensitive system information. An attacker could use this information to form an attack plan by leveraging known vulnerabilities in the application.... Read more
Affected Products : unica- Published: Oct. 12, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-62658
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation MediaWiki WatchAnalytics extension allows SQL Injection.This issue affects MediaWiki WatchAnalytics extension: 1.43, 1.44.... Read more
Affected Products :- Published: Oct. 20, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-62789
Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.11.0, fim_alert() implementation does not check whether the return value of ctime_r is NULL or not before calling strdup() on it. A compromised agent ... Read more
Affected Products : wazuh- Published: Oct. 29, 2025
- Modified: Nov. 03, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-63466
Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the password parameter in the sub_426EF8 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.... Read more
- Published: Oct. 31, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-60201
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in aguilatechnologies WP Customer Area customer-area allows PHP Local File Inclusion.This issue affects WP Customer Area: from n/a throug... Read more
Affected Products :- Published: Nov. 06, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-61921
Sinatra is a domain-specific language for creating web applications in Ruby. In versions prior to 4.2.0, there is a denial of service vulnerability in the `If-Match` and `If-None-Match` header parsing component of Sinatra, if the `etag` method is used whe... Read more
Affected Products : sinatra- Published: Oct. 10, 2025
- Modified: Oct. 31, 2025
- Vuln Type: Denial of Service