Latest CVE Feed
-
6.5
MEDIUMCVE-2025-61464
gnuboard gnuboard4 v4.36.04 and before is vulnerable to Second-order SQL Injection via the search_table in bbs/search.php.... Read more
Affected Products : gnuboard- Published: Oct. 23, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Injection
-
7.0
HIGHCVE-2025-59194
Use of uninitialized resource in Windows Kernel allows an authorized attacker to elevate privileges locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 30, 2025
-
7.0
HIGHCVE-2025-59195
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to deny service locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 +3 more products- Published: Oct. 14, 2025
- Modified: Oct. 30, 2025
-
7.0
HIGHCVE-2025-59196
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +11 more products- Published: Oct. 14, 2025
- Modified: Oct. 30, 2025
-
5.5
MEDIUMCVE-2025-59197
Insertion of sensitive information into log file in Windows ETL Channel allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +6 more products- Published: Oct. 14, 2025
- Modified: Oct. 30, 2025
-
5.0
MEDIUMCVE-2025-59198
Improper input validation in Microsoft Windows Search Component allows an authorized attacker to deny service locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +11 more products- Published: Oct. 14, 2025
- Modified: Oct. 30, 2025
-
7.8
HIGHCVE-2025-59199
Improper access control in Software Protection Platform (SPP) allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 +3 more products- Published: Oct. 14, 2025
- Modified: Oct. 30, 2025
-
8.1
HIGHCVE-2025-59250
Improper input validation in JDBC Driver for SQL Server allows an unauthorized attacker to perform spoofing over a network.... Read more
Affected Products : jdbc_driver_for_sql_server_12.8 jdbc_driver_for_sql_server_10.2 jdbc_driver_for_sql_server_12.6 jdbc_driver_for_sql_server_12.4 jdbc_driver_for_sql_server_12.10 jdbc_driver_for_sql_server_13.2 jdbc_driver_for_sql_server_12.2 jdbc_driver_for_sql_server_11.2 jdbc_driver_for_sql_server- Published: Oct. 14, 2025
- Modified: Oct. 30, 2025
-
6.1
MEDIUMCVE-2025-10869
Stored Cross-site Scripting (XSS) in Oct8ne Chatbot v2.3. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting a malicious payload through the creation of a transcript that is sent by email. This vulnerabil... Read more
Affected Products : chatbot- Published: Oct. 15, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Cross-Site Scripting
-
8.8
HIGHCVE-2025-62490
In quickjs, in js_print_object, when printing an array, the function first fetches the array length and then loops over it. The issue is, printing a value is not side-effect free. An attacker-defined callback could run during js_print_value, during which ... Read more
Affected Products : quickjs- Published: Oct. 16, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-62491
A Use-After-Free (UAF) vulnerability exists in the QuickJS engine's standard library when iterating over the global list of unhandled rejected promises (ts->rejected_promise_list). * The function js_std_promise_rejection_check attempts to iterate over... Read more
Affected Products : quickjs- Published: Oct. 16, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2025-62492
A vulnerability stemming from floating-point arithmetic precision errors exists in the QuickJS engine's implementation of TypedArray.prototype.indexOf() when a negative fromIndex argument is supplied. * The fromIndex argument (read as a double variabl... Read more
Affected Products : quickjs- Published: Oct. 16, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Memory Corruption
-
7.3
HIGHCVE-2025-64104
LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). Prior to 2.0.11, LangGraph's SQLite store implementation contains SQL injection vulnerabilities using direct string con... Read more
Affected Products :- Published: Oct. 29, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Injection
-
9.6
CRITICALCVE-2025-62712
JumpServer is an open source bastion host and an operation and maintenance security audit system. In JumpServer versions prior to v3.10.20-lts and v4.10.11-lts, an authenticated, non-privileged user can retrieve connection tokens belonging to other users ... Read more
Affected Products : jumpserver- Published: Oct. 30, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-46363
Dell Secure Connect Gateway (SCG) 5.0 Application and Appliance version(s) 5.26.00.00 - 5.30.00.00, contain a Relative Path Traversal vulnerability in the SCG exposed for an internal collection download REST API (if this REST API is enabled by Admin user ... Read more
Affected Products : secure_connect_gateway_scg_5.0_application_and_appliance- Published: Oct. 30, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Path Traversal
-
5.4
MEDIUMCVE-2025-36592
Dell Secure Connect Gateway (SCG) Policy Manager, version(s) 5.20. 5.22, 5.24, 5.26, 5.28, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. An unauthenticated attacker with remote access cou... Read more
Affected Products : secure_connect_gateway_scg_policy_manager- Published: Oct. 30, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Cross-Site Scripting
-
2.1
LOWCVE-2025-12517
Credits Page not Matching Versions in Use in the FirmwareThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .... Read more
Affected Products :- Published: Oct. 30, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Information Disclosure
-
10.0
CRITICALCVE-2025-12516
Lack of Graceful Error Handling - HTTP 5xx ErrorThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .... Read more
Affected Products :- Published: Oct. 30, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Information Disclosure
-
10.0
CRITICALCVE-2025-12515
Systemic Internal Server Errors - HTTP 500 ResponseThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .... Read more
Affected Products :- Published: Oct. 30, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Misconfiguration
-
6.8
MEDIUMCVE-2025-11998
The following HP Card Readers B Models (X3D03B & Y7C05B) are potentially vulnerable to information disclosure, allowing prior user identity to be inherited under certain conditions —e.g., when an NFC device (such as a smartphone/smartwatches) is in proxim... Read more
Affected Products : card_readers_b_model- Published: Oct. 30, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Information Disclosure