Latest CVE Feed
-
6.5
MEDIUMCVE-2025-0277
HCL BigFix Mobile 3.3 and earlier are vulnerable to certain insecure directives within the Content Security Policy (CSP). An attacker could trick users into performing actions by not properly restricting the sources of scripts and other content.... Read more
- Published: Oct. 16, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Misconfiguration
-
4.3
MEDIUMCVE-2025-10545
Mattermost versions 10.5.x <= 10.5.10, 10.11.x <= 10.11.2 fail to properly validate guest user permissions when adding channel members which allows guest users to add any team members to their private channels via the `/api/v4/channels/{channel_id}/member... Read more
Affected Products : mattermost_server- Published: Oct. 16, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Authorization
-
5.4
MEDIUMCVE-2025-41410
Mattermost versions 10.10.x <= 10.10.2, 10.5.x <= 10.5.10, 10.11.x <= 10.11.2 fail to validate email ownership during Slack import process which allows attackers to create verified user accounts with arbitrary email domains via malicious Slack import data... Read more
Affected Products : mattermost_server- Published: Oct. 16, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Authentication
-
3.7
LOWCVE-2025-54499
Mattermost versions 10.5.x <= 10.5.10, 10.11.x <= 10.11.2 fail to use constant-time comparison for sensitive string comparisons which allows attackers to exploit timing oracles to perform byte-by-byte brute force attacks via response time analysis on Clou... Read more
Affected Products : mattermost_server- Published: Oct. 16, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Authentication
-
8.1
HIGHCVE-2025-58073
Mattermost versions 10.11.x <= 10.11.1, 10.10.x <= 10.10.2, 10.5.x <= 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite token which allows any attacked to join any team on a Mattermost server regardless of re... Read more
Affected Products : mattermost_server- Published: Oct. 16, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Authorization
-
8.1
HIGHCVE-2025-58075
Mattermost versions 10.11.x <= 10.11.1, 10.10.x <= 10.10.2, 10.5.x <= 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite token which allows any attacked to join any team on a Mattermost server regardless of re... Read more
Affected Products : mattermost_server- Published: Oct. 16, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2025-60307
code-projects Computer Laboratory System 1.0 has a SQL injection vulnerability, where entering a universal password in the Password field on the login page can bypass login attempts.... Read more
Affected Products : computer_laboratory_system- Published: Oct. 10, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-60305
SourceCodester Online Student Clearance System 1.0 is vulnerable to Incorrect Access Control. The application contains a logic flaw which allows low privilege users can forge high privileged sessions and perform sensitive operations.... Read more
Affected Products : online_student_clearance_system- Published: Oct. 10, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Authentication
-
5.4
MEDIUMCVE-2025-27259
Ericsson Network Manager versions prior to ENM 25.2 GA contain a vulnerability that, if exploited, can exfiltrate limited data or redirect victims to other sites or domains.... Read more
Affected Products : network_manager- Published: Oct. 13, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Information Disclosure
-
9.8
CRITICALCVE-2025-27258
Ericsson Network Manager (ENM) versions prior to ENM 25.1 GA contain a vulnerability, if exploited, can result in an escalation of privilege.... Read more
Affected Products : network_manager- Published: Oct. 13, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Authorization
-
6.9
MEDIUMCVE-2025-55091
In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ip_packet_receive() function when received an Ethernet with type set as IP but no IP data.... Read more
- Published: Oct. 16, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Memory Corruption
-
6.9
MEDIUMCVE-2025-55090
In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_packet_receive() function when received an Ethernet frame with less than 4 bytes of IP packet.... Read more
- Published: Oct. 16, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Memory Corruption
-
6.9
MEDIUMCVE-2025-55084
In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check in_nx_secure_tls_proc_clienthello_supported_versions_extension() in the extension version field.... Read more
- Published: Oct. 16, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Memory Corruption
-
6.9
MEDIUMCVE-2025-55083
In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check resulting it out by two out of bound read.... Read more
- Published: Oct. 15, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Memory Corruption
-
6.9
MEDIUMCVE-2025-55082
In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was a potential out of bound read in _nx_secure_tls_process_clienthello() because of a missing validation of PSK length provided in the user message.... Read more
- Published: Oct. 15, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2025-27040
Information disclosure may occur while processing the hypervisor log.... Read more
- Published: Oct. 09, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Information Disclosure
-
8.8
HIGHCVE-2025-27059
Memory corruption while performing SCM call.... Read more
- Published: Oct. 09, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-27060
Memory corruption while performing SCM call with malformed inputs.... Read more
- Published: Oct. 09, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Memory Corruption
-
7.1
HIGHCVE-2025-47342
Transient DOS may occur when multi-profile concurrency arises with QHS enabled.... Read more
Affected Products : qcc7225_firmware qcc7226_firmware qcc7228_firmware qcc7225 qcc7226 qcc7228 qcc5161_firmware qcc5161 s3_gen_2_sound_platform_firmware s3_gen_2_sound_platform +6 more products- Published: Oct. 09, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Denial of Service
-
7.8
HIGHCVE-2025-47347
Memory corruption while processing control commands in the virtual memory management interface.... Read more
Affected Products : qam8295p_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa6145p_firmware sa6150p_firmware sa6155p_firmware sa8145p_firmware sa8150p_firmware sa8155p_firmware +64 more products- Published: Oct. 09, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Memory Corruption