Latest CVE Feed
-
6.1
MEDIUMCVE-2025-11498
An Improper Neutralization of Formula Elements in a CSV File vulnerability exists in System Diagnostics Manager (SDM) of B&R Automation Runtime versions before 6.4 enabling a remote attacker to inject formula data into a generated CSV file. The exploitati... Read more
Affected Products :- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-10228
Session Fixation vulnerability in Rolantis Information Technologies Agentis allows Session Hijacking.This issue affects Agentis: before 4.44.... Read more
Affected Products :- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Authentication
-
8.1
HIGHCVE-2025-62156
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 contain a Zip Slip path traversal vulnerability in artifact extraction. During artif... Read more
Affected Products : argo_workflows- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Path Traversal
-
8.7
HIGHCVE-2011-20001
A vulnerability has been identified in SIMATIC S7-1200 CPU V1 family (incl. SIPLUS variants) (All versions < V2.0.3), SIMATIC S7-1200 CPU V2 family (incl. SIPLUS variants) (All versions < V2.0.3). The web server interface of affected devices improperly pr... Read more
Affected Products :- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2025-10558
A stored Cross-site Scripting (XSS) vulnerability affecting 3DSearch in 3DSwymer on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.... Read more
Affected Products : 3dexperience- Published: Oct. 13, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Cross-Site Scripting
-
3.8
LOWCVE-2025-8594
The Pz-LinkCard WordPress plugin before 2.5.7 does not validate a parameter before making a request to it, which could allow users with a role as low as Contributor to perform SSRF attack.... Read more
Affected Products : pz-linkcard- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Server-Side Request Forgery
-
3.0
LOWCVE-2025-42909
SAP Cloud Appliance Library Appliances allows an attacker with high privileges to leverage an insecure S/4HANA default profile setting in an existing SAP CAL appliances to gain access to other appliances. This has low impact on confidentiality of the appl... Read more
Affected Products :- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-42906
SAP Commerce Cloud contains a path traversal vulnerability that may allow users to access web applications such as the Administration Console from addresses where the Administration Console is not explicitly deployed. This could potentially bypass configu... Read more
Affected Products : commerce_cloud- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Path Traversal
-
8.8
HIGHCVE-2025-41699
An low privileged remote attacker with an account for the Web-based management can change the system configuration to perform a command injection as root, resulting in a total loss of confidentiality, availability and integrity due to improper control of ... Read more
Affected Products : charx_sec-3150_firmware charx_sec-3100_firmware charx_sec-3050_firmware charx_sec-3000_firmware- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Injection
-
8.0
HIGHCVE-2025-11695
When tlsInsecure=False appears in a connection string, certificate validation is disabled. This vulnerability affects MongoDB Rust Driver versions prior to v3.2.5... Read more
Affected Products : mongodb- Published: Oct. 13, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Misconfiguration
-
9.8
CRITICALCVE-2025-6919
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cats Information Technology Software Development Technologies Aykome License Tracking System allows SQL Injection.This issue affects Aykome License Track... Read more
Affected Products :- Published: Oct. 13, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Injection
-
6.8
MEDIUMCVE-2025-9337
A null pointer dereference has been identified in the AsIO3.sys driver. The vulnerability can be triggered by a specially crafted input, which may lead to a system crash (BSOD). Refer to the 'Security Update for Armoury Crate App' section on the ASUS Secu... Read more
Affected Products : armoury_crate- Published: Oct. 13, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2025-59186
Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_server_2022 windows_server_23h2 windows_server_2025- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
-
7.8
HIGHCVE-2025-58720
Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 +1 more products- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
-
7.0
HIGHCVE-2025-58725
Heap-based buffer overflow in Windows COM allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +8 more products- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
-
5.5
MEDIUMCVE-2025-59188
Exposure of sensitive information to an unauthorized actor in Windows Failover Cluster allows an authorized attacker to disclose information locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
-
7.8
HIGHCVE-2025-59187
Improper input validation in Windows Kernel allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +8 more products- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
-
7.4
HIGHCVE-2025-59189
Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
-
7.8
HIGHCVE-2025-58722
Heap-based buffer overflow in Windows DWM allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_23h2 +3 more products- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
-
6.5
MEDIUMCVE-2025-58739
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 +8 more products- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025