Latest CVE Feed
-
8.7
HIGHCVE-2025-41067
Reachable Assertion vulnerability in Open5GS up to version 2.7.6 allows attackers with connectivity to the NRF to cause a denial of service. An SBI request that deletes the NRF's own registry causes a check that ends up crashing the NRF process and render... Read more
- Published: Oct. 27, 2025
- Modified: Oct. 29, 2025
- Vuln Type: Denial of Service
-
0.0
NACVE-2023-53628
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: drop gfx_v11_0_cp_ecc_error_irq_funcs The gfx.cp_ecc_error_irq is retired in gfx11. In gfx_v11_0_hw_fini still use amdgpu_irq_put to disable this interrupt, which caused the... Read more
Affected Products : linux_kernel- Published: Oct. 07, 2025
- Modified: Oct. 29, 2025
-
4.3
MEDIUMCVE-2025-41443
Mattermost versions 10.5.x <= 10.5.12, 10.11.x <= 10.11.2 fail to properly validate guest user permissions when accessing channel information which allows guest users to discover active public channels and their metadata via the `/api/v4/teams/{team_id}/c... Read more
Affected Products : mattermost_server- Published: Oct. 16, 2025
- Modified: Oct. 29, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-59686
Kazaar 1.25.12 allows /api/v1/org-id/orders/order-id/documents calls with a modified order-id.... Read more
Affected Products :- Published: Oct. 01, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-59685
Kazaar 1.25.12 allows a JWT with none in the alg field.... Read more
Affected Products :- Published: Oct. 01, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Authentication
-
6.5
MEDIUMCVE-2025-57423
A SQL injection vulnerability was discovered in the /articles endpoint of MyClub 0.5, affecting the query parameters Content, GroupName, PersonName, lastUpdate, pool, and title. Due to insufficient input sanitisation, an unauthenticated remote attacker co... Read more
Affected Products :- Published: Oct. 03, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Injection
-
9.9
CRITICALCVE-2025-55315
Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 28, 2025
-
6.0
MEDIUMCVE-2025-37149
A potential out-of-bound reads vulnerability in HPE ProLiant RL300 Gen11 Server's UEFI firmware.... Read more
Affected Products :- Published: Oct. 14, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2025-10720
The WP Private Content Plus through 3.6.2 provides a global content protection feature that requires a password. However, the access control check is based only on the presence of an unprotected client-side cookie. As a result, an unauthenticated attacker... Read more
Affected Products : wp_private_content_plus- Published: Oct. 13, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Authentication
-
8.8
HIGHCVE-2025-59228
Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 28, 2025
-
5.5
MEDIUMCVE-2025-59229
Uncaught exception in Microsoft Office allows an unauthorized attacker to deny service locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 28, 2025
-
7.8
HIGHCVE-2025-59231
Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office 365_apps excel office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 +1 more products- Published: Oct. 14, 2025
- Modified: Oct. 28, 2025
-
7.8
HIGHCVE-2025-59233
Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office 365_apps excel office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 +1 more products- Published: Oct. 14, 2025
- Modified: Oct. 28, 2025
-
7.8
HIGHCVE-2025-59234
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 28, 2025
-
8.4
HIGHCVE-2025-59236
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 28, 2025
-
8.8
HIGHCVE-2025-59237
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 28, 2025
-
7.5
HIGHCVE-2025-59248
Improper input validation in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 28, 2025
-
8.8
HIGHCVE-2025-59249
Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 28, 2025
-
7.2
HIGHCVE-2025-8078
A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware versions from V4.16 through V5.40, and USG20(W... Read more
Affected Products : usg20w-vpn_firmware zld usg_flex_100_firmware atp100_firmware atp100 atp200 atp500 atp100w atp700 atp800 +10 more products- Published: Oct. 21, 2025
- Modified: Oct. 28, 2025
-
4.3
MEDIUMCVE-2025-48025
In Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1280, 1330, 1380, 1480, 1580, W920, W930, and W1000, there is an improper access control vulnerability related to a log file.... Read more
Affected Products : exynos_980_firmware exynos_850_firmware exynos_1280_firmware exynos_1380_firmware exynos_1330_firmware exynos_w920_firmware exynos_980 exynos_850 exynos_1280 exynos_1380 +10 more products- Published: Oct. 20, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Authorization