Latest CVE Feed
-
4.3
MEDIUMCVE-2025-10545
Mattermost versions 10.5.x <= 10.5.10, 10.11.x <= 10.11.2 fail to properly validate guest user permissions when adding channel members which allows guest users to add any team members to their private channels via the `/api/v4/channels/{channel_id}/member... Read more
Affected Products : mattermost_server- Published: Oct. 16, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Authorization
-
5.4
MEDIUMCVE-2025-41410
Mattermost versions 10.10.x <= 10.10.2, 10.5.x <= 10.5.10, 10.11.x <= 10.11.2 fail to validate email ownership during Slack import process which allows attackers to create verified user accounts with arbitrary email domains via malicious Slack import data... Read more
Affected Products : mattermost_server- Published: Oct. 16, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Authentication
-
3.7
LOWCVE-2025-54499
Mattermost versions 10.5.x <= 10.5.10, 10.11.x <= 10.11.2 fail to use constant-time comparison for sensitive string comparisons which allows attackers to exploit timing oracles to perform byte-by-byte brute force attacks via response time analysis on Clou... Read more
Affected Products : mattermost_server- Published: Oct. 16, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Authentication
-
8.1
HIGHCVE-2025-58073
Mattermost versions 10.11.x <= 10.11.1, 10.10.x <= 10.10.2, 10.5.x <= 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite token which allows any attacked to join any team on a Mattermost server regardless of re... Read more
Affected Products : mattermost_server- Published: Oct. 16, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Authorization
-
8.1
HIGHCVE-2025-58075
Mattermost versions 10.11.x <= 10.11.1, 10.10.x <= 10.10.2, 10.5.x <= 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite token which allows any attacked to join any team on a Mattermost server regardless of re... Read more
Affected Products : mattermost_server- Published: Oct. 16, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2025-60307
code-projects Computer Laboratory System 1.0 has a SQL injection vulnerability, where entering a universal password in the Password field on the login page can bypass login attempts.... Read more
Affected Products : computer_laboratory_system- Published: Oct. 10, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-60305
SourceCodester Online Student Clearance System 1.0 is vulnerable to Incorrect Access Control. The application contains a logic flaw which allows low privilege users can forge high privileged sessions and perform sensitive operations.... Read more
Affected Products : online_student_clearance_system- Published: Oct. 10, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Authentication
-
5.4
MEDIUMCVE-2025-27259
Ericsson Network Manager versions prior to ENM 25.2 GA contain a vulnerability that, if exploited, can exfiltrate limited data or redirect victims to other sites or domains.... Read more
Affected Products : network_manager- Published: Oct. 13, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Information Disclosure
-
9.8
CRITICALCVE-2025-27258
Ericsson Network Manager (ENM) versions prior to ENM 25.1 GA contain a vulnerability, if exploited, can result in an escalation of privilege.... Read more
Affected Products : network_manager- Published: Oct. 13, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Authorization
-
6.9
MEDIUMCVE-2025-55091
In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ip_packet_receive() function when received an Ethernet with type set as IP but no IP data.... Read more
- Published: Oct. 16, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Memory Corruption
-
6.9
MEDIUMCVE-2025-55090
In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_packet_receive() function when received an Ethernet frame with less than 4 bytes of IP packet.... Read more
- Published: Oct. 16, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Memory Corruption
-
6.9
MEDIUMCVE-2025-55084
In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check in_nx_secure_tls_proc_clienthello_supported_versions_extension() in the extension version field.... Read more
- Published: Oct. 16, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Memory Corruption
-
6.9
MEDIUMCVE-2025-55083
In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check resulting it out by two out of bound read.... Read more
- Published: Oct. 15, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Memory Corruption
-
6.9
MEDIUMCVE-2025-55082
In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was a potential out of bound read in _nx_secure_tls_process_clienthello() because of a missing validation of PSK length provided in the user message.... Read more
- Published: Oct. 15, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2025-27040
Information disclosure may occur while processing the hypervisor log.... Read more
- Published: Oct. 09, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Information Disclosure
-
8.8
HIGHCVE-2025-27059
Memory corruption while performing SCM call.... Read more
- Published: Oct. 09, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-27060
Memory corruption while performing SCM call with malformed inputs.... Read more
- Published: Oct. 09, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Memory Corruption
-
7.1
HIGHCVE-2025-47342
Transient DOS may occur when multi-profile concurrency arises with QHS enabled.... Read more
Affected Products : qcc7225_firmware qcc7226_firmware qcc7228_firmware qcc7225 qcc7226 qcc7228 qcc5161_firmware qcc5161 s3_gen_2_sound_platform_firmware s3_gen_2_sound_platform +6 more products- Published: Oct. 09, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Denial of Service
-
7.8
HIGHCVE-2025-47347
Memory corruption while processing control commands in the virtual memory management interface.... Read more
Affected Products : qam8295p_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa6145p_firmware sa6150p_firmware sa6155p_firmware sa8145p_firmware sa8150p_firmware sa8155p_firmware +64 more products- Published: Oct. 09, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2025-59214
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +11 more products- Published: Oct. 14, 2025
- Modified: Oct. 21, 2025