Latest CVE Feed
-
6.7
MEDIUMCVE-2025-20741
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. ... Read more
- Published: Nov. 04, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Memory Corruption
-
6.7
MEDIUMCVE-2025-20747
In gnss service, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Pa... Read more
- Published: Nov. 04, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Memory Corruption
-
6.7
MEDIUMCVE-2025-20748
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. ... Read more
- Published: Nov. 04, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Memory Corruption
-
6.7
MEDIUMCVE-2025-4645
An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an att... Read more
Affected Products : axis_os- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Misconfiguration
-
6.6
MEDIUMCVE-2025-32732
Buffer overflow for some Intel(R) QAT Windows software before version 2.6.0. within Ring 3: User Applications may allow a denial of service. System software adversary with an authenticated user combined with a low complexity attack may enable denial of se... Read more
Affected Products :- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Memory Corruption
-
6.6
MEDIUMCVE-2025-30662
Symlink following in the installer for the Zoom Workplace VDI Plugin macOS Universal installer before version 6.3.14, 6.4.14, and 6.5.10 in their respective tracks may allow an authenticated user to conduct a disclosure of information via network access.... Read more
- Published: Nov. 13, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Information Disclosure
-
6.6
MEDIUMCVE-2025-4619
A denial-of-service (DoS) vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to reboot a firewall by sending a specially crafted packet through the dataplane. Repeated attempts to initiate a reboot causes the firewall ... Read more
- Published: Nov. 13, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Denial of Service
-
6.6
MEDIUMCVE-2025-5452
A malicious ACAP application can gain access to admin-level service account credentials used by legitimate ACAP applications, leading to potential privilege escalation of the malicious ACAP application. This vulnerability can only be exploited if the Axis... Read more
Affected Products : axis_os- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Misconfiguration
-
6.6
MEDIUMCVE-2025-46368
Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contains an Insecure Temporary File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering.... Read more
Affected Products :- Published: Nov. 13, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Misconfiguration
-
6.6
MEDIUMCVE-2025-46362
Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information Tampering.... Read more
Affected Products :- Published: Nov. 13, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Authorization
-
6.6
MEDIUMCVE-2025-60344
An unauthenticated Local File Inclusion (LFI) vulnerability in D-Link DSR series routers allows remote attackers to retrieve sensitive configuration files in clear text. The exposed files contain administrative credentials, VPN settings, and other sensiti... Read more
Affected Products :- Published: Oct. 21, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Path Traversal
-
6.6
MEDIUMCVE-2025-8421
An improper default permission vulnerability was reported in Lenovo Dock Manager that, under certain conditions during installation, could allow an authenticated local user to redirect log files with elevated privileges.... Read more
Affected Products : dock_manager- Published: Nov. 12, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2025-11971
GitLab has remediated an issue in GitLab EE affecting all versions from 10.6 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker to trigger unauthorized pipeline executions by manipulating commits.... Read more
Affected Products : gitlab- Published: Oct. 27, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-64367
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Adrian Tobey Groundhogg groundhogg allows Stored XSS.This issue affects Groundhogg: from n/a through <= 4.2.6.... Read more
Affected Products : groundhogg- Published: Oct. 31, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-64114
ClipBucket v5 is an open source video sharing platform. Versions 5.5.2 - #151 and below allow authenticated administrators with plugin management privileges to execute arbitrary SQL commands against the database through its ClipBucket Custom Fields plugin... Read more
Affected Products : clipbucket- Published: Nov. 06, 2025
- Modified: Nov. 10, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-12266
A vulnerability was detected in Zytec Dalian Zhuoyun Technology Central Authentication Service up to 20251009. This vulnerability affects the function _empty of the file /index.php/auth/widget. Performing manipulation of the argument get.layer/get.widget/... Read more
Affected Products :- Published: Oct. 27, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-61430
Improper handling of DNS over TCP in Simple DNS Plus v9 allows a remote attacker with querying access to the DNS server to cause the server to return request payloads from other clients. This happens when the TCP length prefix is malformed (len differs fr... Read more
Affected Products :- Published: Oct. 24, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2025-29699
NetSurf 3.11 is vulnerable to Use After Free in dom_node_set_text_content function.... Read more
Affected Products : netsurf- Published: Nov. 03, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2025-64493
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 8.6.0 through 8.9.0, there is an authenticated, blind (time-based) SQL-injection inside the appMetadata-operation of the GraphQL-API. Thi... Read more
Affected Products : suitecrm- Published: Nov. 08, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-50949
FontForge v20230101 was discovered to contain a memory leak via the component DlgCreate8.... Read more
- Published: Oct. 23, 2025
- Modified: Oct. 27, 2025
- Vuln Type: Memory Corruption