Latest CVE Feed
-
8.2
HIGHCVE-2025-11151
Exposure of Sensitive Information to an Unauthorized Actor, Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Beyaz Bilgisayar Software Design Industry and Trade Ltd. Co. CityPLus allows Detect Unpublicized Web Pa... Read more
Affected Products :- Published: Oct. 21, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Information Disclosure
-
4.3
MEDIUMCVE-2025-62595
Koa is expressive middleware for Node.js using ES2017 async functions. In versions 2.16.2 to before 2.16.3 and 3.0.1 to before 3.0.3, a bypass to CVE-2025-8129 was discovered in the Koa.js framework affecting its back redirect functionality. In certain ci... Read more
Affected Products : koa- Published: Oct. 21, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Server-Side Request Forgery
-
8.7
HIGHCVE-2025-11757
The CloudEdge Cloud does not sanitize the MQTT topic input, which could allow an attacker to leverage the MQTT wildcard to receive all the messages that should be delivered to other users by subscribing to the a MQTT topic. In these messages, the attacker... Read more
Affected Products :- Published: Oct. 21, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Authorization
-
9.4
CRITICALCVE-2025-11625
Improper host authentication vulnerability in wolfSSH version 1.4.20 and earlier clients that allows authentication bypass and leaking of clients credentials.... Read more
Affected Products : wolfssh- Published: Oct. 21, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Authentication
-
4.3
MEDIUMCVE-2025-62605
Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon version 4.4, support for verifiable quote posts with quote controls was added, but it is possible for an attacker to bypass these controls in Mastodon versions prior t... Read more
Affected Products : mastodon- Published: Oct. 21, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Authorization