Latest CVE Feed
-
7.5
HIGHCVE-2025-26782
An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 9110, W920, W930, Modem 5123, and Modem 5300. Incorrect handling of RLC AM PDUs leads to a Denial of S... Read more
- Published: Oct. 20, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-60333
TOTOLINK N600R v4.3.0cu.7866_B20220506 was discovered to contain a stack overflow in the wepkey2 parameter in the setWiFiMultipleConfig function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.... Read more
- Published: Oct. 22, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-10162
The Admin and Customer Messages After Order for WooCommerce: OrderConvo WordPress plugin before 14 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/download arbitrary files via a path traversal attac... Read more
Affected Products :- Published: Oct. 07, 2025
- Modified: Oct. 08, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-43727
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an incorrect I... Read more
Affected Products : data_domain_operating_system- Published: Oct. 07, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Authentication
-
7.4
HIGHCVE-2025-40772
A vulnerability has been identified in SiPass integrated (All versions < V3.0). Affected server applications are vulnerable to stored Cross-Site Scripting (XSS), allowing an attacker to inject malicious code that can be executed by other users when they v... Read more
Affected Products : sipass_integrated- Published: Oct. 14, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Cross-Site Scripting
-
7.4
HIGHCVE-2025-9970
Cleartext Storage of Sensitive Information in Memory vulnerability in ABB MConfig.This issue affects MConfig: through 1.4.9.21.... Read more
Affected Products :- Published: Oct. 08, 2025
- Modified: Oct. 08, 2025
- Vuln Type: Information Disclosure
-
7.4
HIGHCVE-2025-52756
Improper Control of Generation of Code ('Code Injection') vulnerability in Sayan Datta WP Last Modified Info wp-last-modified-info allows Remote Code Inclusion.This issue affects WP Last Modified Info: from n/a through <= 1.9.2.... Read more
Affected Products : wp_last_modified_info- Published: Oct. 22, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Injection
-
7.4
HIGHCVE-2025-59189
Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
-
7.4
HIGHCVE-2025-62371
OpenSearch Data Prepper as an open source data collector for observability data. In versions prior to 2.12.2, the OpenSearch sink and source plugins in Data Prepper trust all SSL certificates by default when no certificate path is provided. Prior to this ... Read more
Affected Products :- Published: Oct. 15, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Misconfiguration
-
7.4
HIGHCVE-2025-55693
Use after free in Windows Kernel allows an unauthorized attacker to elevate privileges locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 30, 2025
-
7.4
HIGHCVE-2025-59210
Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 17, 2025
-
7.4
HIGHCVE-2025-55335
Use after free in Windows NTFS allows an unauthorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +11 more products- Published: Oct. 14, 2025
- Modified: Oct. 27, 2025
-
7.4
HIGHCVE-2025-55687
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Resilient File System (ReFS) allows an unauthorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +8 more products- Published: Oct. 14, 2025
- Modified: Oct. 27, 2025
-
7.4
HIGHCVE-2025-11648
A vulnerability has been found in Tomofun Furbo 360 and Furbo Mini. Impacted is an unknown function of the file TF_FQDN.json of the component GATT Interface URL Handler. Such manipulation leads to server-side request forgery. The attack may be performed f... Read more
Affected Products : furbo_mini_firmware furbo_mini furbo_360_dog_camera_firmware furbo_360_dog_camera- Published: Oct. 12, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Server-Side Request Forgery
-
7.4
HIGHCVE-2025-30189
When cache is enabled, some passdb/userdb drivers incorrectly cache all users with same cache key, causing wrong cached information to be used for these users. After cached login, all subsequent logins are for same user. Install fixed version or disable c... Read more
Affected Products :- Published: Oct. 31, 2025
- Modified: Oct. 31, 2025
- Vuln Type: Misconfiguration
-
7.4
HIGHCVE-2025-48004
Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 21, 2025
-
7.4
HIGHCVE-2025-59206
Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 17, 2025
-
7.3
HIGHCVE-2025-61977
A weak password recovery mechanism for forgotten password vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an attacker to decrypt an encrypted project by answering just one recovery question.... Read more
- Published: Oct. 23, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Authentication
-
7.3
HIGHCVE-2024-13999
Nagios XI versions prior to 2024R1.1.3, under certain circumstances, disclose the server's Active Directory (AD) or LDAP authentication token to an authenticated user. Exposure of the server’s AD/LDAP token could allow domain-wide authentication misuse, e... Read more
Affected Products : xi- Published: Oct. 30, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Information Disclosure
-
7.3
HIGHCVE-2025-48982
This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation if a system administrator is tricked into restoring a malicious file.... Read more
Affected Products :- Published: Oct. 31, 2025
- Modified: Oct. 31, 2025
- Vuln Type: Misconfiguration