Latest CVE Feed
-
0.0
NACVE-2025-40051
In the Linux kernel, the following vulnerability has been resolved: vhost: vringh: Modify the return value check The return value of copy_from_iter and copy_to_iter can't be negative, check whether the copied lengths are equal.... Read more
Affected Products : linux_kernel- Published: Oct. 28, 2025
- Modified: Oct. 30, 2025
-
6.5
MEDIUMCVE-2025-33126
IBM DB2 High Performance Unload 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, 5.1, 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, 5.1, 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, 5.1, 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5,... Read more
Affected Products : db2_high_performance_unload- Published: Oct. 28, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Denial of Service
-
0.0
NACVE-2025-40061
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix race in do_task() when draining When do_task() exhausts its iteration budget (!ret), it sets the state to TASK_STATE_IDLE to reschedule, without a secondary check on the c... Read more
Affected Products : linux_kernel- Published: Oct. 28, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Race Condition
-
5.3
MEDIUMCVE-2025-62784
InventoryGui is a library for creating chest GUIs for Bukkit/Spigot plugins. Versions before 1.6.5 contain a vulnerability where any plugin using a GUI with the GuiStorageElement and allows taking out items out of that element can allow item duplication w... Read more
Affected Products :- Published: Oct. 27, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Misconfiguration
-
6.0
MEDIUMCVE-2025-12390
A flaw was found in Keycloak. In Keycloak where a user can accidentally get access to another user's session if both use the same device and browser. This happens because Keycloak sometimes reuses session identifiers and doesn’t clean up properly during l... Read more
Affected Products :- Published: Oct. 28, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Authentication
-
4.6
MEDIUMCVE-2025-62262
Information exposure through log file vulnerability in LDAP import feature in Liferay Portal 7.4.0 through 7.4.3.97, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older... Read more
- Published: Oct. 27, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2025-12344
A vulnerability has been found in Yonyou U8 Cloud up to 5.1sp. The impacted element is an unknown function of the file /service/NCloudGatewayServlet of the component Request Header Handler. Such manipulation of the argument ts/sign leads to unrestricted u... Read more
Affected Products :- Published: Oct. 28, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Misconfiguration
-
1.3
LOWCVE-2025-62778
Frappe Learning is a learning management system. A security issue was identified in Frappe Learning 2.39.1 and earlier, where students were able to access the Quiz Form if they had the URL.... Read more
Affected Products : learning- Published: Oct. 27, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Authentication
-
6.5
MEDIUMCVE-2025-33132
IBM DB2 High Performance Unload 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, and 5.1 could allow an authenticated user to cause the program to crash due to the incorrect calculation of the size of the data that is being pointed to.... Read more
Affected Products : db2_high_performance_unload- Published: Oct. 28, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Memory Corruption
-
5.9
MEDIUMCVE-2025-49042
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooCommerce woocommerce allows Stored XSS.This issue affects WooCommerce: from n/a through 10.0.2.... Read more
Affected Products : woocommerce- Published: Oct. 29, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Cross-Site Scripting
-
7.5
HIGHCVE-2025-12336
A vulnerability was identified in Campcodes Retro Basketball Shoes Online Store 1.0. Affected by this issue is some unknown functionality of the file /admin/admin_index.php. Such manipulation of the argument Username leads to sql injection. The attack can... Read more
Affected Products : retro_basketball_shoes_online_store- Published: Oct. 28, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Injection
-
7.8
HIGHCVE-2025-53855
An out-of-bounds write vulnerability exists in the XML parser functionality of GCC Productions Inc. Fade In 4.2.0. A specially crafted .fadein file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.... Read more
Affected Products :- Published: Oct. 28, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-12337
A security flaw has been discovered in Campcodes Retro Basketball Shoes Online Store 1.0. This affects an unknown part of the file /admin/admin_feature.php. Performing manipulation of the argument pid results in sql injection. The attack may be initiated ... Read more
Affected Products : retro_basketball_shoes_online_store- Published: Oct. 28, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Injection
-
9.1
CRITICALCVE-2025-61043
An out-of-bounds read vulnerability has been discovered in Monkey's Audio 11.31, specifically in the CAPECharacterHelper::GetUTF16FromUTF8 function. The issue arises from improper handling of the length of the input UTF-8 string, causing the function to r... Read more
Affected Products :- Published: Oct. 28, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Memory Corruption
-
5.1
MEDIUMCVE-2025-34303
IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the IGNORE_ENTRY_REMARK parameter when adding a whitelisted host. W... Read more
Affected Products : ipfire- Published: Oct. 28, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Cross-Site Scripting
-
0.0
NACVE-2025-40071
In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: Don't block input queue by waiting MSC Currently gsm_queue() processes incoming frames and when opening a DLC channel it calls gsm_dlci_open() which calls gsm_modem_update()... Read more
Affected Products : linux_kernel- Published: Oct. 28, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Denial of Service
-
0.0
NACVE-2025-40030
In the Linux kernel, the following vulnerability has been resolved: pinctrl: check the return value of pinmux_ops::get_function_name() While the API contract in docs doesn't specify it explicitly, the generic implementation of the get_function_name() ca... Read more
Affected Products : linux_kernel- Published: Oct. 28, 2025
- Modified: Oct. 30, 2025
-
8.2
HIGHCVE-2025-59151
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface before 6.3 is vulnerable to Carriage Return Line Feed (CRLF) injection. When a request is mad... Read more
Affected Products : web_interface- Published: Oct. 27, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Injection
-
6.9
MEDIUMCVE-2025-62261
Liferay Portal 7.4.0 through 7.4.3.99, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 34, and older unsupported versions stores password reset tokens in plain text, which allows... Read more
- Published: Oct. 27, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Information Disclosure
-
5.8
MEDIUMCVE-2025-12331
A weakness has been identified in Willow CMS up to 1.4.0. Impacted is an unknown function of the file /admin/images/add. This manipulation causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been made available to th... Read more
Affected Products :- Published: Oct. 27, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Misconfiguration