Latest CVE Feed
-
4.6
MEDIUMCVE-2024-45161
A CSRF issue was discovered in the administrative web GUI in Blu-Castle BCUM221E 1.0.0P220507. This can be exploited via a URL, an image load, an XMLHttpRequest, etc. and can result in exposure of data or unintended code execution.... Read more
Affected Products :- Published: Oct. 29, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Cross-Site Request Forgery
-
6.1
MEDIUMCVE-2025-12450
The LiteSpeed Cache plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 7.5.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker... Read more
Affected Products : litespeed_cache- Published: Oct. 29, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Cross-Site Scripting
-
0.0
NACVE-2025-40088
In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() The hfsplus_strcasecmp() logic can trigger the issue: [ 117.317703][ T9855] ==============================================... Read more
Affected Products : linux_kernel- Published: Oct. 30, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-40091
In the Linux kernel, the following vulnerability has been resolved: ixgbe: fix too early devlink_free() in ixgbe_remove() Since ixgbe_adapter is embedded in devlink, calling devlink_free() prematurely in the ixgbe_remove() path can lead to UAF. Move dev... Read more
Affected Products : linux_kernel- Published: Oct. 30, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-40089
In the Linux kernel, the following vulnerability has been resolved: cxl/features: Add check for no entries in cxl_feature_info cxl EDAC calls cxl_feature_info() to get the feature information and if the hardware has no Features support, cxlfs may be pas... Read more
Affected Products : linux_kernel- Published: Oct. 30, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Memory Corruption
-
4.3
MEDIUMCVE-2025-11632
The Call Now Button – The #1 Click to Call Button for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions in all versions up to, and including, 1.5.4. This makes it possible f... Read more
Affected Products : call_now_button- Published: Oct. 29, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Authorization
-
0.0
NACVE-2025-40092
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ncm: Refactor bind path to use __free() After an bind/unbind cycle, the ncm->notify_req is left stale. If a subsequent bind fails, the unified error label attempts to fre... Read more
Affected Products : linux_kernel- Published: Oct. 30, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Memory Corruption
-
4.3
MEDIUMCVE-2025-11587
The Call Now Button – The #1 Click to Call Button for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the activate function in all versions up to, and including, 1.5.3. This makes it p... Read more
Affected Products : call_now_button- Published: Oct. 29, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Authorization
-
9.9
CRITICALCVE-2025-54469
A vulnerability was identified in NeuVector, where the enforcer used environment variables CLUSTER_RPC_PORT and CLUSTER_LAN_PORT to generate a command to be executed via popen, without first sanitising their values. The entry process of the enforcer con... Read more
Affected Products : neuvector- Published: Oct. 30, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Injection
-
0.0
NACVE-2025-40095
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_rndis: Refactor bind path to use __free() After an bind/unbind cycle, the rndis->notify_req is left stale. If a subsequent bind fails, the unified error label attempts to... Read more
Affected Products : linux_kernel- Published: Oct. 30, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Memory Corruption
-
5.3
MEDIUMCVE-2025-10929
Improper Validation of Consistency within Input vulnerability in Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables.This issue affects Reverse Proxy Header: from 0.0.0 before 1.1.2.... Read more
Affected Products : drupal- Published: Oct. 30, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Misconfiguration
-
0.0
NACVE-2023-7324
In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses Sanitize possible addl_desc_ptr out-of-bounds accesses in ses_enclosure_data_process().... Read more
Affected Products : linux_kernel- Published: Oct. 29, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-40104
In the Linux kernel, the following vulnerability has been resolved: ixgbevf: fix mailbox API compatibility by negotiating supported features There was backward compatibility in the terms of mailbox API. Various drivers from various OSes supporting 10G a... Read more
Affected Products : linux_kernel- Published: Oct. 30, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Misconfiguration
-
4.9
MEDIUMCVE-2015-10146
The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the... Read more
Affected Products : thumbnail_slider_with_lightbox- Published: Oct. 29, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Injection
-
0.0
NACVE-2025-40100
In the Linux kernel, the following vulnerability has been resolved: btrfs: do not assert we found block group item when creating free space tree Currently, when building a free space tree at populate_free_space_tree(), if we are not using the block grou... Read more
Affected Products : linux_kernel- Published: Oct. 30, 2025
- Modified: Oct. 30, 2025
-
6.0
MEDIUMCVE-2025-12147
In Search Guard FLX versions 3.1.1 and earlier, Field-Level Security (FLS) rules are improperly enforced on object-valued fields. When an FLS exclusion rule (e.g., ~field) is applied to a field which contains an object as its value, the object is correc... Read more
Affected Products : search_guard_flx- Published: Oct. 29, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Authorization
-
7.3
HIGHCVE-2024-14012
Potential privilege escalation issue in Revenera InstallShield version 2023 R1 running a renamed Setup.exe on Windows. When a local administrator executes a renamed Setup.exe, the MPR.dll may get loaded from an insecure location and can result in a privil... Read more
Affected Products : installshield- Published: Oct. 29, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Misconfiguration
-
8.4
HIGHCVE-2025-8432
Incorrect Default Permissions vulnerability in Centreon Infra Monitoring (MBI modules) allows Embedding Scripts within Scripts by CentreonBI user account on the MBI server This issue affects Infra Monitoring: from 24.10.0 before 24.10.6, from 24.04.0 befo... Read more
Affected Products : infra_monitoring- Published: Oct. 27, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Misconfiguration
-
9.8
CRITICALCVE-2025-62586
OPEXUS FOIAXpress allows a remote, unauthenticated attacker to reset the administrator password. Fixed in FOIAXpress version 11.13.2.0.... Read more
Affected Products : foiaxpress- Published: Oct. 16, 2025
- Modified: Oct. 29, 2025
- Vuln Type: Authentication
-
4.4
MEDIUMCVE-2025-61909
Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, the safe-reload script (also used during systemctl reload icinga2) and logrotate configuration shipped with Icinga 2 read the PID of the main Icinga 2 process... Read more
Affected Products : icinga- Published: Oct. 16, 2025
- Modified: Oct. 29, 2025
- Vuln Type: Authorization