Latest CVE Feed
- 
                                
                                2.6LOWCVE-2025-54087CVE-2025-54087 is a server-side request forgery vulnerability in Secure Access prior to version 14.10. Attackers with administrative privileges can publish a crafted test HTTP request originating from the Secure Access server. The attack complexity is hig... Read more Affected Products : secure_access- Published: Oct. 02, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Server-Side Request Forgery
 
- 
                                
                                9.8CRITICALCVE-2025-11659A flaw has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. Affected by this vulnerability is an unknown functionality of the file /assets/uploadNotes.php. This manipulation of the argument File ca... Read more Affected Products : school_management_system- Published: Oct. 13, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Misconfiguration
 
- 
                                
                                6.1MEDIUMCVE-2025-54088CVE-2025-54088 is an open-redirect vulnerability in Secure Access prior to version 14.10. Attackers with access to the console can redirect victims to an arbitrary URL. The attack complexity is low, attack requirements are present, no privileges are requi... Read more Affected Products : secure_access- Published: Oct. 02, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Misconfiguration
 
- 
                                
                                4.6MEDIUMCVE-2025-54089CVE-2025-54089 is a cross-site scripting vulnerability in versions of secure access prior to 14.10. Attackers with administrative access to the console can interfere with another administrator’s access to the console. The attack complexity is low; there a... Read more Affected Products : secure_access- Published: Oct. 02, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Cross-Site Scripting
 
- 
                                
                                9.8CRITICALCVE-2025-59944Cursor is a code editor built for programming with AI. Versions 1.6.23 and below contain case-sensitive checks in the way Cursor IDE protects its sensitive files (e.g., */.cursor/mcp.json), which allows attackers to modify the content of these files throu... Read more Affected Products : cursor- Published: Oct. 03, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Injection
 
- 
                                
                                4.6MEDIUMCVE-2025-61926Allstar is a GitHub App to set and enforce security policies. In versions prior to 4.5, a vulnerability in Allstar’s Reviewbot component caused inbound webhook requests to be validated against a hard-coded, shared secret. The value used for the secret tok... Read more Affected Products :- Published: Oct. 09, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Misconfiguration
 
- 
                                
                                8.1HIGHCVE-2025-61787Deno is a JavaScript, TypeScript, and WebAssembly runtime. Versions prior to 2.5.3 and 2.2.15 are vulnerable to Command Line Injection attacks on Windows when batch files are executed. In Windows, ``CreateProcess()`` always implicitly spawns ``cmd.exe`` i... Read more - Published: Oct. 08, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Injection
 
- 
                                
                                3.3LOWCVE-2025-61786Deno is a JavaScript, TypeScript, and WebAssembly runtime. In versions prior to 2.5.3 and 2.2.15, `Deno.FsFile.prototype.stat` and `Deno.FsFile.prototype.statSync` are not limited by the permission model check `--deny-read=./`. It's possible to retrieve s... Read more Affected Products : deno- Published: Oct. 08, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Authorization
 
- 
                                
                                9.8CRITICALCVE-2023-49886IBM Standards Processing Engine 10.0.1.10 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe java deserialization. By sending specially crafted input, an attacker could exploit this vulnerability to execute arbitrar... Read more Affected Products : transformation_extender_advanced- Published: Oct. 06, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Injection
 
- 
                                
                                3.3LOWCVE-2025-61785Deno is a JavaScript, TypeScript, and WebAssembly runtime. In versions prior to 2.5.3 and 2.2.15, `Deno.FsFile.prototype.utime` and `Deno.FsFile.prototype.utimeSync` are not limited by the permission model check `--deny-write=./`. It's possible to change ... Read more Affected Products : deno- Published: Oct. 08, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Misconfiguration
 
- 
                                
                                8.8HIGHCVE-2025-61687Flowise is a drag & drop user interface to build a customized large language model flow. A file upload vulnerability in version 3.0.7 of FlowiseAI allows authenticated users to upload arbitrary files without proper validation. This enables attackers to pe... Read more Affected Products : flowise- Published: Oct. 06, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Misconfiguration
 
- 
                                
                                7.5HIGHCVE-2025-59425vLLM is an inference and serving engine for large language models (LLMs). Before version 0.11.0rc2, the API key support in vLLM performs validation using a method that was vulnerable to a timing attack. API key validation uses a string comparison that tak... Read more Affected Products : vllm- Published: Oct. 07, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Authentication
 
- 
                                
                                7.8HIGHCVE-2025-53951An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiDLP Agent's Outlookproxy plugin for Windows 11.5.1 and 11.4.2 through 11.4.6 and 11.3.2 through 11.3.4 and 11.2.0 through 11.2.3 and ... Read more - Published: Oct. 16, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Path Traversal
 
- 
                                
                                7.8HIGHCVE-2025-54658An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiDLP Agent's Outlookproxy plugin for MacOS 11.5.1 and 11.4.2 through 11.4.6 and 11.3.2 through 11.3.4 and 11.2.0 through 11.2.3 and 11... Read more - Published: Oct. 16, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Path Traversal
 
- 
                                
                                6.0MEDIUMCVE-2025-53950An Exposure of Private Personal Information ('Privacy Violation') vulnerability [CWE-359] in Fortinet FortiDLP Agent's Outlookproxy plugin for MacOS and Windows 11.5.1 and 11.4.2 through 11.4.6 and 11.3.2 through 11.3.4 and 11.2.0 through 11.2.3 and 11.1.... Read more - Published: Oct. 16, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Information Disclosure
 
- 
                                
                                4.4MEDIUMCVE-2025-46752A insertion of sensitive information into log file in Fortinet FortiDLP 12.0.0 through 12.0.5, 11.5.1, 11.4.6, 11.4.5 allows attacker to information disclosure via re-using the enrollment code.... Read more - Published: Oct. 16, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Information Disclosure
 
- 
                                
                                7.8HIGHCVE-2025-36156IBM InfoSphere Data Replication VSAM for z/OS Remote Source 11.4 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user with access to the files storing CECSUB or CECRM on the container could overflow the buffer a... Read more Affected Products : infosphere_data_replication infosphere_data_replication_vsam_for_z\/os_remote_source- Published: Oct. 07, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Memory Corruption
 
- 
                                
                                7.8HIGHCVE-2025-54284Illustrator versions 29.7, 28.7.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must... Read more - Published: Oct. 14, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Memory Corruption
 
- 
                                
                                7.8HIGHCVE-2025-54283Illustrator versions 29.7, 28.7.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must... Read more - Published: Oct. 14, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Memory Corruption
 
- 
                                
                                7.8HIGHCVE-2025-61801Dimension versions 4.1.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicio... Read more - Published: Oct. 14, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Memory Corruption
 
 
                         
                         
                         
                                             
                                            