Latest CVE Feed
- 
                                
                                8.6HIGHCVE-2025-59968A Missing Authorization vulnerability in the Juniper Networks Junos Space Security Director allows an unauthenticated network-based attacker to read or modify metadata via the web interface. Tampering with this metadata can result in managed SRX Seri... Read more Affected Products : junos- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Authorization
 
- 
                                
                                9.8CRITICALCVE-2025-35051Newforma Project Center Server (NPCS) accepts serialized .NET data via the '/ProjectCenter.rem' endpoint on 9003/tcp, allowing a remote, unauthenticated attacker to execute arbitrary code with 'NT AUTHORITY\NetworkService' privileges. According to the rec... Read more - Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Information Disclosure
 
- 
                                
                                8.7HIGHCVE-2025-25018Improper Neutralization of Input During Web Page Generation in Kibana can lead to stored Cross-Site Scripting (XSS)... Read more Affected Products : kibana- Published: Oct. 10, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Cross-Site Scripting
 
- 
                                
                                6.1MEDIUMCVE-2025-59993An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Space Node Setting fields that, when visited by another user, enable the ... Read more Affected Products : junos_space- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Cross-Site Scripting
 
- 
                                
                                6.1MEDIUMCVE-2025-59991An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Device Management pages that, when visited by another user, enable the at... Read more Affected Products : junos_space- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Cross-Site Scripting
 
- 
                                
                                5.5MEDIUMCVE-2025-21060Cleartext storage of sensitive information in Smart Switch prior to version 3.7.67.2 allows local attackers to access backup data from applications. User interaction is required for triggering this vulnerability.... Read more Affected Products :- Published: Oct. 10, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Information Disclosure
 
- 
                                
                                3.1LOWCVE-2025-52655Inclusion of Functionality from Untrusted Control Sphere vulnerability in HCL MyXalytics. v6.6 allows Loading third-party scripts without integrity checks or validation can allow external code run in the application's context, risking data exposure.... Read more Affected Products : dryice_myxalytics- Published: Oct. 10, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Misconfiguration
 
- 
                                
                                6.2MEDIUMCVE-2025-11371In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild. ... Read more Affected Products :- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Path Traversal
 
- 
                                
                                6.1MEDIUMCVE-2025-59981An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Device Template Definition page that, when visited by another user, enabl... Read more Affected Products : junos_space- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Cross-Site Scripting
 
- 
                                
                                8.4HIGHCVE-2025-61863An out-of-bounds read vulnerability exists in VS6ComFile!CSaveData::delete_mem of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code execution.... Read more Affected Products : monitouch_v-sft- Published: Oct. 10, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Information Disclosure
 
- 
                                
                                8.4HIGHCVE-2025-61864A use after free vulnerability exists in VS6ComFile!load_link_inf of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code execution.... Read more Affected Products : monitouch_v-sft- Published: Oct. 10, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Memory Corruption
 
- 
                                
                                8.4HIGHCVE-2025-61861An out-of-bounds read vulnerability exists in VS6ComFile!load_link_inf of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code execution.... Read more Affected Products : monitouch_v-sft- Published: Oct. 10, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Memory Corruption
 
- 
                                
                                8.4HIGHCVE-2025-61862An out-of-bounds read vulnerability exists in VS6ComFile!get_ovlp_element_size of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code execution.... Read more Affected Products : monitouch_v-sft- Published: Oct. 10, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Information Disclosure
 
- 
                                
                                8.4HIGHCVE-2025-61857An out-of-bounds write vulnerability exists in VS6ComFile!CItemExChange::WinFontDynStrCheck of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code... Read more Affected Products : monitouch_v-sft- Published: Oct. 10, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Memory Corruption
 
- 
                                
                                8.4HIGHCVE-2025-61858An out-of-bounds write vulnerability exists in VS6ComFile!set_AnimationItem of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code execution.... Read more Affected Products : monitouch_v-sft- Published: Oct. 10, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Memory Corruption
 
- 
                                
                                7.3HIGHCVE-2025-21058Improper access control in Routines prior to version 4.8.7.1 in Android 15 and 4.9.6.0 in Android 16 allows local attackers to potentially execute arbitrary code with SystemUI privilege.... Read more Affected Products :- Published: Oct. 10, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Authorization
 
- 
                                
                                6.2MEDIUMCVE-2025-21059Improper authorization in Samsung Health prior to version 6.30.5.105 allows local attackers to access data in Samsung Health.... Read more Affected Products : health- Published: Oct. 10, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Authorization
 
- 
                                
                                4.0MEDIUMCVE-2025-21045Insecure storage of sensitive information in Galaxy Watch prior to SMR Oct-2025 Release 1 allows local attackers to access sensitive information.... Read more Affected Products :- Published: Oct. 10, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Information Disclosure
 
- 
                                
                                8.4HIGHCVE-2025-61871NAS Navigator2 Windows version by BUFFALO INC. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.... Read more Affected Products :- Published: Oct. 10, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Misconfiguration
 
- 
                                
                                5.3MEDIUMCVE-2025-11450ServiceNow has addressed a reflected cross-site scripting vulnerability that was identified in the ServiceNow AI Platform. This vulnerability could result in arbitrary code being executed within the browsers of ServiceNow users who click on a specially cr... Read more Affected Products :- Published: Oct. 10, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Cross-Site Scripting
 
 
                         
                         
                         
                                             
                                            