Latest CVE Feed
-
6.5
MEDIUMCVE-2025-11913
A vulnerability has been found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. Affected by this vulnerability is the function Download of the file /Service.do?Action=Download. Such manipulation of the argument Path leads to path traversal. The atta... Read more
Affected Products : streamax_crocus- Published: Oct. 17, 2025
- Modified: Oct. 31, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-11914
A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. Affected by this issue is the function Download of the file /DeviceFileReport.do?Action=Download. Performing manipulation of the argument FilePath results in path traversal. ... Read more
Affected Products : streamax_crocus- Published: Oct. 17, 2025
- Modified: Oct. 31, 2025
- Vuln Type: Path Traversal
-
7.5
HIGHCVE-2025-61921
Sinatra is a domain-specific language for creating web applications in Ruby. In versions prior to 4.2.0, there is a denial of service vulnerability in the `If-Match` and `If-None-Match` header parsing component of Sinatra, if the `etag` method is used whe... Read more
Affected Products : sinatra- Published: Oct. 10, 2025
- Modified: Oct. 31, 2025
- Vuln Type: Denial of Service
-
7.7
HIGHCVE-2025-55698
Null pointer dereference in Windows DirectX allows an authorized attacker to deny service over a network.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 31, 2025
-
5.5
MEDIUMCVE-2025-55699
Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +6 more products- Published: Oct. 14, 2025
- Modified: Oct. 31, 2025
-
6.5
MEDIUMCVE-2025-55700
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +11 more products- Published: Oct. 14, 2025
- Modified: Oct. 31, 2025
-
7.8
HIGHCVE-2025-55701
Improper validation of specified type of input in Microsoft Windows allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +11 more products- Published: Oct. 14, 2025
- Modified: Oct. 31, 2025
-
7.8
HIGHCVE-2025-58714
Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +11 more products- Published: Oct. 14, 2025
- Modified: Oct. 31, 2025
-
8.8
HIGHCVE-2025-58715
Integer overflow or wraparound in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +6 more products- Published: Oct. 14, 2025
- Modified: Oct. 31, 2025
-
8.8
HIGHCVE-2025-58716
Improper input validation in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +6 more products- Published: Oct. 14, 2025
- Modified: Oct. 31, 2025
-
6.5
MEDIUMCVE-2025-58717
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +11 more products- Published: Oct. 14, 2025
- Modified: Oct. 31, 2025
-
8.8
HIGHCVE-2025-58718
Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +15 more products- Published: Oct. 14, 2025
- Modified: Oct. 31, 2025
-
6.2
MEDIUMCVE-2025-54764
Mbed TLS before 3.6.5 allows a local timing attack against certain RSA operations, and direct calls to mbedtls_mpi_mod_inv or mbedtls_mpi_gcd.... Read more
Affected Products : mbed_tls- Published: Oct. 20, 2025
- Modified: Oct. 31, 2025
- Vuln Type: Information Disclosure
-
5.5
MEDIUMCVE-2020-36855
A security vulnerability has been detected in DCMTK up to 3.6.5. The affected element is the function parseQuota of the component dcmqrscp. The manipulation of the argument StorageQuota leads to stack-based buffer overflow. Local access is required to app... Read more
Affected Products : dcmtk- Published: Oct. 21, 2025
- Modified: Oct. 31, 2025
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2022-4981
A vulnerability was detected in DCMTK up to 3.6.7. The impacted element is the function DcmQueryRetrieveConfig::readPeerList of the file /dcmqrcnf.cc of the component dcmqrscp. The manipulation results in null pointer dereference. The attack needs to be a... Read more
Affected Products : dcmtk- Published: Oct. 21, 2025
- Modified: Oct. 31, 2025
- Vuln Type: Memory Corruption
-
6.1
MEDIUMCVE-2025-60280
Cross-Site Scripting (XSS) vulnerability in Bang Resto v1.0 could allow an attacker to inject malicious JavaScript code into the application's web pages. This vulnerability exists due to insufficient input sanitization or output encoding, allowing attacke... Read more
Affected Products : bang_resto- Published: Oct. 21, 2025
- Modified: Oct. 31, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-11952
Stored Cross-site Scripting (XSS) in Oct8ne Chatbot v2.3. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting a malicious payload through the creation of a transcript that is sent by email. This vulnerabil... Read more
Affected Products : chatbot- Published: Oct. 22, 2025
- Modified: Oct. 31, 2025
- Vuln Type: Cross-Site Scripting
-
4.4
MEDIUMCVE-2025-43724
Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an authorization bypass through user-controlled key vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to gain unauthorized access to NFSv4 o... Read more
Affected Products : powerscale_onefs- Published: Oct. 08, 2025
- Modified: Oct. 31, 2025
- Vuln Type: Authorization
-
8.5
HIGHCVE-2025-7329
A Stored Cross-Site Scripting security issue exists in the affected product that could potentially allow a malicious user to view and modify sensitive data or make the webpage unavailable. The vulnerability stems from missing special character filtering a... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Cross-Site Scripting
-
7.0
HIGHCVE-2025-7330
A cross-site request forgery security issue exists in the product and version listed. The vulnerability stems from missing CSRF checks on the impacted form. This allows for unintended configuration modification if an attacker can convince a logged in admi... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Cross-Site Request Forgery