Latest CVE Feed
-
7.5
HIGHCVE-2025-64335
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction wit... Read more
Affected Products :- Published: Nov. 26, 2025
- Modified: Nov. 26, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-64334
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, compressed HTTP data can lead to unbounded memory growth during decompression. T... Read more
Affected Products :- Published: Nov. 26, 2025
- Modified: Nov. 26, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-64333
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a large HTTP content type, when logged can cause a stack overflow crashing Suricata.... Read more
Affected Products :- Published: Nov. 26, 2025
- Modified: Nov. 26, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-64332
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a stack overflow that causes Suricata to crash can occur if SWF decompression is ena... Read more
Affected Products :- Published: Nov. 26, 2025
- Modified: Nov. 26, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-64331
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a stack overflow can occur on large HTTP file transfers if the user has increased th... Read more
Affected Products :- Published: Nov. 26, 2025
- Modified: Nov. 26, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-64330
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a single byte read heap overflow when logging the verdict in eve.alert and eve.drop ... Read more
Affected Products :- Published: Nov. 26, 2025
- Modified: Nov. 26, 2025
- Vuln Type: Memory Corruption
-
9.4
CRITICALCVE-2025-62593
Ray is an AI compute engine. Prior to version 2.52.0, developers working with Ray as a development tool can be exploited via a critical RCE vulnerability exploitable via Firefox and Safari. This vulnerability is due to an insufficient guard against browse... Read more
Affected Products :- Published: Nov. 26, 2025
- Modified: Nov. 26, 2025
- Vuln Type: Authentication
-
0.0
NACVE-2025-40934
XML-Sig versions 0.27 through 0.67 for Perl incorrectly validates XML files if signatures are omitted. An attacker can remove the signature from the XML document to make it pass the verification check. XML-Sig is a Perl module to validate signatures on ... Read more
Affected Products :- Published: Nov. 26, 2025
- Modified: Nov. 26, 2025
- Vuln Type: Misconfiguration
-
8.7
HIGHCVE-2020-36874
ACE SECURITY WIP-90113 HD cameras contain an unauthenticated configuration disclosure vulnerability in the /web/cgi-bin/hi3510/backup.cgi endpoint. The endpoint permits remote download of a compressed configuration backup without requiring authentication ... Read more
Affected Products :- Published: Nov. 26, 2025
- Modified: Nov. 26, 2025
- Vuln Type: Information Disclosure
-
8.7
HIGHCVE-2020-36873
Astak CM-818T3 2.4GHz wireless security surveillance cameras contain an unauthenticated configuration disclosure vulnerability in the /web/cgi-bin/hi3510/backup.cgi endpoint. The endpoint permits remote download of a compressed configuration backup withou... Read more
Affected Products :- Published: Nov. 26, 2025
- Modified: Nov. 26, 2025
- Vuln Type: Information Disclosure
-
8.7
HIGHCVE-2020-36872
BACnet Test Server versions up to and including 1.01 contains a remote denial of service vulnerability in its BACnet/IP BVLC packet handling. The server fails to properly validate the BVLC Length field in incoming UDP BVLC frames on the default BACnet por... Read more
Affected Products :- Published: Nov. 26, 2025
- Modified: Nov. 26, 2025
- Vuln Type: Denial of Service
-
8.7
HIGHCVE-2020-36871
ESCAM QD-900 WIFI HD cameras contain an unauthenticated configuration disclosure vulnerability in the /web/cgi-bin/hi3510/backup.cgi endpoint. The endpoint allows remote download of a compressed configuration backup without requiring authentication or aut... Read more
Affected Products :- Published: Nov. 26, 2025
- Modified: Nov. 26, 2025
- Vuln Type: Information Disclosure
-
8.7
HIGHCVE-2019-25227
Tellion HN-2204AP routers contain an unauthenticated configuration disclosure vulnerability in the /cgi-bin/system_config_file management endpoint. The endpoint allows remote retrieval of a compressed configuration archive without requiring authentication... Read more
Affected Products :- Published: Nov. 26, 2025
- Modified: Nov. 26, 2025
- Vuln Type: Information Disclosure
-
8.7
HIGHCVE-2019-25226
Dongyoung Media DM-AP240T/W wireless access points contain an unauthenticated configuration disclosure vulnerability in the /cgi-bin/sys_system_config management endpoint. The endpoint allows remote retrieval of a compressed configuration archive without ... Read more
Affected Products :- Published: Nov. 26, 2025
- Modified: Nov. 26, 2025
- Vuln Type: Information Disclosure
-
0.0
NACVE-2025-65202
TRENDnet TEW-657BRM 1.00.1 has an authenticated remote OS command injection vulnerability in the setup.cgi binary, exploitable via the HTTP parameters "command", "todo", and "next_file," which allows an attacker to execute arbitrary commands with root pri... Read more
Affected Products :- Published: Nov. 26, 2025
- Modified: Nov. 26, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-7449
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an authenticated user with specific permissions to cause a denial of service condition through... Read more
Affected Products :- Published: Nov. 26, 2025
- Modified: Nov. 26, 2025
- Vuln Type: Denial of Service
-
4.3
MEDIUMCVE-2025-6195
GitLab has remediated an issue in GitLab EE affecting all versions from 13.7 before 18.4.5, 18.5 before 18.5.3, and 18.6 before 18.6.1 that could have allowed an authenticated user to view information from security reports under certain configuration cond... Read more
Affected Products :- Published: Nov. 26, 2025
- Modified: Nov. 26, 2025
- Vuln Type: Information Disclosure
-
0.0
NACVE-2025-65670
An Insecure Direct Object Reference (IDOR) in classroomio 0.1.13 allows students to access sensitive admin/teacher endpoints by manipulating course IDs in URLs, resulting in unauthorized disclosure of sensitive course, admin, and student data. The leak oc... Read more
Affected Products :- Published: Nov. 26, 2025
- Modified: Nov. 26, 2025
- Vuln Type: Authorization
-
0.0
NACVE-2025-65278
An issue was discovered in file users.json in GroceryMart commit 21934e6 (2020-10-23) allowing unauthenticated attackers to gain sensitive information including plaintext usernames and passwords.... Read more
Affected Products :- Published: Nov. 26, 2025
- Modified: Nov. 26, 2025
- Vuln Type: Information Disclosure
-
0.0
NACVE-2025-65276
An unauthenticated administrative access vulnerability exists in the open-source HashTech project (https://github.com/henzljw/hashtech) 1.0 thru commit 5919decaff2681dc250e934814fc3a35f6093ee5 (2021-07-02). Due to missing authentication checks on /admin_i... Read more
Affected Products :- Published: Nov. 26, 2025
- Modified: Nov. 26, 2025
- Vuln Type: Authentication