Latest CVE Feed
-
6.9
MEDIUMCVE-2025-55082
In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was a potential out of bound read in _nx_secure_tls_process_clienthello() because of a missing validation of PSK length provided in the user message.... Read more
- Published: Oct. 15, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2025-27040
Information disclosure may occur while processing the hypervisor log.... Read more
- Published: Oct. 09, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Information Disclosure
-
8.8
HIGHCVE-2025-27059
Memory corruption while performing SCM call.... Read more
- Published: Oct. 09, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-27060
Memory corruption while performing SCM call with malformed inputs.... Read more
- Published: Oct. 09, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Memory Corruption
-
7.1
HIGHCVE-2025-47342
Transient DOS may occur when multi-profile concurrency arises with QHS enabled.... Read more
Affected Products : qcc7225_firmware qcc7226_firmware qcc7228_firmware qcc7225 qcc7226 qcc7228 qcc5161_firmware qcc5161 s3_gen_2_sound_platform_firmware s3_gen_2_sound_platform +6 more products- Published: Oct. 09, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Denial of Service
-
7.8
HIGHCVE-2025-47347
Memory corruption while processing control commands in the virtual memory management interface.... Read more
Affected Products : qam8295p_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa6145p_firmware sa6150p_firmware sa6155p_firmware sa8145p_firmware sa8150p_firmware sa8155p_firmware +64 more products- Published: Oct. 09, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2025-59214
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +11 more products- Published: Oct. 14, 2025
- Modified: Oct. 21, 2025
-
8.8
HIGHCVE-2025-11605
A vulnerability was identified in code-projects Client Details System 1.0. Impacted is an unknown function of the file /admin/update-profile.php. Such manipulation of the argument uid leads to sql injection. The attack can be executed remotely. The exploi... Read more
Affected Products : client_details_system- Published: Oct. 11, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-52616
HCL Unica 12.1.10 can expose sensitive system information. An attacker could use this information to form an attack plan by leveraging known vulnerabilities in the application.... Read more
Affected Products : unica- Published: Oct. 12, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-31996
HCL Unica Platform is affected by unprotected files due to improper access controls. These files may contain sensitive information such as private or system information that can be exploited by attackers to compromise the application, infrastructure, or... Read more
Affected Products : unica- Published: Oct. 13, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Information Disclosure
-
7.8
HIGHCVE-2025-7707
The llama_index library version 0.12.33 sets the NLTK data directory to a subdirectory of the codebase by default, which is world-writable in multi-user environments. This configuration allows local users to overwrite, delete, or corrupt NLTK data files, ... Read more
Affected Products : llamaindex- Published: Oct. 13, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Misconfiguration
-
8.8
HIGHCVE-2025-40755
A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP1). Affected applications are vulnerable to SQL injection through getTotalAndFilterCounts endpoint. An authenticated low privileged attacker could exploit to insert data and achieve p... Read more
Affected Products : sinec_nms- Published: Oct. 14, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-40765
A vulnerability has been identified in TeleControl Server Basic V3.1 (All versions >= V3.1.2.2 < V3.1.2.3). The affected application contains an information disclosure vulnerability. This could allow an unauthenticated remote attacker to obtain password h... Read more
Affected Products : telecontrol_server_basic- Published: Oct. 14, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2025-56747
Creativeitem Academy LMS up to and including 5.13 contains a privilege escalation vulnerability in the Api_instructor controller where regular authenticated users can access instructor-only functions without proper role validation, allowing unauthorized c... Read more
Affected Products : academy_lms- Published: Oct. 14, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Authorization
-
7.4
HIGHCVE-2025-48004
Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 21, 2025
-
5.3
MEDIUMCVE-2025-27906
IBM Content Navigator 3.0.11, 3.0.15, 3.1.0, and 3.2.0 could expose the directory listing of the application upon using an application URL. Application files and folders are visible in the browser to a user; however, the contents of the files cannot be re... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Misconfiguration
-
9.8
CRITICALCVE-2025-62583
Whale Browser before 4.33.325.17 allows an attacker to escape the iframe sandbox in a dual-tab environment.... Read more
Affected Products : whale- Published: Oct. 16, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Misconfiguration
-
7.5
HIGHCVE-2025-62584
Whale browser before 4.33.325.17 allows an attacker to bypass the Same-Origin Policy in a dual-tab environment.... Read more
Affected Products : whale- Published: Oct. 16, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Misconfiguration
-
3.1
LOWCVE-2025-6026
An improper certificate validation vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow a user capable of intercepting network traffic to obtain application metadata, including device information, geolocation, and teleme... Read more
Affected Products : universal_device_client- Published: Oct. 15, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Cryptography
-
7.5
HIGHCVE-2025-62585
Whale browser before 4.33.325.17 allows an attacker to bypass the Content Security Policy via a specific scheme in a dual-tab environment.... Read more
Affected Products : whale- Published: Oct. 16, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Misconfiguration