Latest CVE Feed
-
9.8
CRITICALCVE-2025-46581
ZTE's ZXCDN product is affected by a Struts remote code execution (RCE) vulnerability. An unauthenticated attacker can remotely execute commands with non-root privileges.... Read more
Affected Products :- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Injection
-
5.3
MEDIUMCVE-2025-41707
The websocket handler is vulnerable to a denial of service condition. An unauthenticated remote attacker can send a crafted websocket message to trigger the issue without affecting the core functionality.... Read more
Affected Products :- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Denial of Service
-
5.3
MEDIUMCVE-2025-41706
The webserver is vulnerable to a denial of service condition. An unauthenticated remote attacker can craft a special GET request with an over-long content-length to trigger the issue without affecting the core functionality.... Read more
Affected Products :- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Denial of Service
-
4.8
MEDIUMCVE-2025-62246
Multiple stored cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and older unsupported... Read more
- Published: Oct. 13, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Cross-Site Scripting
-
8.6
HIGHCVE-2025-61688
Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. Prior to 1.1.5 and 1.0.2, Omni might leak sensitive information via an API.... Read more
Affected Products :- Published: Oct. 13, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Information Disclosure
-
6.2
MEDIUMCVE-2025-62364
text-generation-webui is an open-source web interface for running Large Language Models. In versions through 3.13, a Local File Inclusion vulnerability exists in the character picture upload feature. An attacker can upload a text file containing a symboli... Read more
Affected Products :- Published: Oct. 13, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Path Traversal
-
6.8
MEDIUMCVE-2025-41705
An unauthenticated remote attacker (MITM) can intercept the websocket messages to gain access to the login credentials for the Webfrontend.... Read more
Affected Products :- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Information Disclosure
-
6.9
MEDIUMCVE-2025-61775
Vickey is a Misskey-based microblogging platform. A vulnerability exists in Vickey prior to version 2025.10.0 where unexpired email confirmation links can be reused multiple times to send repeated confirmation emails to a verified email address. Under cer... Read more
Affected Products :- Published: Oct. 13, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Information Disclosure
-
4.8
MEDIUMCVE-2025-62244
Insecure direct object reference (IDOR) vulnerability in Publications in Liferay Portal 7.3.1 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92, and 7.3 GA through update 36 allows re... Read more
- Published: Oct. 13, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-41704
An unauthanticated remote attacker can perform a DoS of the Modbus service by sending a specific function and sub-function code without affecting the core functionality.... Read more
Affected Products :- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Denial of Service
-
5.3
MEDIUMCVE-2025-62243
Insecure direct object reference (IDOR) vulnerability in Publications in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote authenticated attackers t... Read more
- Published: Oct. 13, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-41703
An unauthenticated remote attacker can cause a Denial of Service by turning off the output of the UPS via Modbus command.... Read more
Affected Products :- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Denial of Service
-
0.0
NACVE-2025-39964
In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg Issuing two writes to the same af_alg socket is bogus as the data will be interleaved in an unpredictable fashion. Further... Read more
Affected Products : linux_kernel- Published: Oct. 13, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Race Condition
-
9.8
CRITICALCVE-2025-6919
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cats Information Technology Software Development Technologies Aykome License Tracking System allows SQL Injection.This issue affects Aykome License Track... Read more
Affected Products :- Published: Oct. 13, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Injection
-
0.0
NACVE-2025-39965
In the Linux kernel, the following vulnerability has been resolved: xfrm: xfrm_alloc_spi shouldn't use 0 as SPI x->id.spi == 0 means "no SPI assigned", but since commit 94f39804d891 ("xfrm: Duplicate SPI Handling"), we now create states and add them to ... Read more
Affected Products : linux_kernel- Published: Oct. 13, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Memory Corruption
-
9.1
CRITICALCVE-2025-37729
Improper neutralization of special elements used in a template engine in Elastic Cloud Enterprise (ECE) can lead to a malicious actor with Admin access exfiltrating sensitive information and issuing commands via a specially crafted string where Jinjava va... Read more
Affected Products : elastic_cloud_enterprise- Published: Oct. 13, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-9902
Authorization Bypass Through User-Controlled Key vulnerability in AKIN Software Computer Import Export Industry and Trade Co. Ltd. QRMenu allows Privilege Abuse.This issue affects QRMenu: from 1.05.12 before Version dated 05.09.2025.... Read more
Affected Products :- Published: Oct. 13, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-10732
The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 1.12.1. This is due to improper access control implementation on the '/wp-json/sureforms/... Read more
Affected Products :- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Information Disclosure
-
0.0
NACVE-2025-10720
The WP Private Content Plus through 3.6.2 provides a global content protection feature that requires a password. However, the access control check is based only on the presence of an unprotected client-side cookie. As a result, an unauthenticated attacker... Read more
Affected Products : wp_private_content_plus- Published: Oct. 13, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Authentication
-
6.9
MEDIUMCVE-2025-11674
SOOP-CLM developed by PiExtract has a Server-Side Request Forgery vulnerability, allowing privileged remote attackers to read server files or probe internal network information.... Read more
Affected Products :- Published: Oct. 13, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Server-Side Request Forgery