Latest CVE Feed
-
6.9
MEDIUMCVE-2025-55091
In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ip_packet_receive() function when received an Ethernet with type set as IP but no IP data.... Read more
- Published: Oct. 16, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Memory Corruption
-
6.9
MEDIUMCVE-2025-55090
In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_packet_receive() function when received an Ethernet frame with less than 4 bytes of IP packet.... Read more
- Published: Oct. 16, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Memory Corruption
-
6.9
MEDIUMCVE-2025-55084
In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check in_nx_secure_tls_proc_clienthello_supported_versions_extension() in the extension version field.... Read more
- Published: Oct. 16, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Memory Corruption
-
6.9
MEDIUMCVE-2025-55083
In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check resulting it out by two out of bound read.... Read more
- Published: Oct. 15, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Memory Corruption
-
6.9
MEDIUMCVE-2025-55082
In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was a potential out of bound read in _nx_secure_tls_process_clienthello() because of a missing validation of PSK length provided in the user message.... Read more
- Published: Oct. 15, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2025-27040
Information disclosure may occur while processing the hypervisor log.... Read more
- Published: Oct. 09, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Information Disclosure
-
8.8
HIGHCVE-2025-27059
Memory corruption while performing SCM call.... Read more
- Published: Oct. 09, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-27060
Memory corruption while performing SCM call with malformed inputs.... Read more
- Published: Oct. 09, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Memory Corruption
-
7.1
HIGHCVE-2025-47342
Transient DOS may occur when multi-profile concurrency arises with QHS enabled.... Read more
Affected Products : qcc7225_firmware qcc7226_firmware qcc7228_firmware qcc7225 qcc7226 qcc7228 qcc5161_firmware qcc5161 s3_gen_2_sound_platform_firmware s3_gen_2_sound_platform +6 more products- Published: Oct. 09, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Denial of Service
-
7.8
HIGHCVE-2025-47347
Memory corruption while processing control commands in the virtual memory management interface.... Read more
Affected Products : qam8295p_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa6145p_firmware sa6150p_firmware sa6155p_firmware sa8145p_firmware sa8150p_firmware sa8155p_firmware +64 more products- Published: Oct. 09, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2025-59214
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +11 more products- Published: Oct. 14, 2025
- Modified: Oct. 21, 2025
-
7.5
HIGHCVE-2025-52616
HCL Unica 12.1.10 can expose sensitive system information. An attacker could use this information to form an attack plan by leveraging known vulnerabilities in the application.... Read more
Affected Products : unica- Published: Oct. 12, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-31996
HCL Unica Platform is affected by unprotected files due to improper access controls. These files may contain sensitive information such as private or system information that can be exploited by attackers to compromise the application, infrastructure, or... Read more
Affected Products : unica- Published: Oct. 13, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Information Disclosure
-
7.8
HIGHCVE-2025-7707
The llama_index library version 0.12.33 sets the NLTK data directory to a subdirectory of the codebase by default, which is world-writable in multi-user environments. This configuration allows local users to overwrite, delete, or corrupt NLTK data files, ... Read more
Affected Products : llamaindex- Published: Oct. 13, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Misconfiguration
-
8.8
HIGHCVE-2025-40755
A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP1). Affected applications are vulnerable to SQL injection through getTotalAndFilterCounts endpoint. An authenticated low privileged attacker could exploit to insert data and achieve p... Read more
Affected Products : sinec_nms- Published: Oct. 14, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-40765
A vulnerability has been identified in TeleControl Server Basic V3.1 (All versions >= V3.1.2.2 < V3.1.2.3). The affected application contains an information disclosure vulnerability. This could allow an unauthenticated remote attacker to obtain password h... Read more
Affected Products : telecontrol_server_basic- Published: Oct. 14, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2025-56747
Creativeitem Academy LMS up to and including 5.13 contains a privilege escalation vulnerability in the Api_instructor controller where regular authenticated users can access instructor-only functions without proper role validation, allowing unauthorized c... Read more
Affected Products : academy_lms- Published: Oct. 14, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Authorization
-
7.4
HIGHCVE-2025-48004
Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 21, 2025
-
5.3
MEDIUMCVE-2025-27906
IBM Content Navigator 3.0.11, 3.0.15, 3.1.0, and 3.2.0 could expose the directory listing of the application upon using an application URL. Application files and folders are visible in the browser to a user; however, the contents of the files cannot be re... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Misconfiguration
-
9.8
CRITICALCVE-2025-62583
Whale Browser before 4.33.325.17 allows an attacker to escape the iframe sandbox in a dual-tab environment.... Read more
Affected Products : whale- Published: Oct. 16, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Misconfiguration