Latest CVE Feed
-
6.5
MEDIUMCVE-2025-54603
An incorrect OIDC authentication flow in Claroty Secure Access 3.3.0 through 4.0.2 can result in unauthorized user creation or impersonation of existing OIDC users.... Read more
Affected Products :- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Authentication
-
6.5
MEDIUMCVE-2025-60537
Improper input validation in the component /kafka/ui/serdes/CustomSerdeLoader.java of kafka-ui v0.6.0 to v0.7.2 allows attackers to execute arbitrary code via supplying crafted data.... Read more
Affected Products :- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Injection
-
4.6
MEDIUMCVE-2025-36730
A prompt injection vulnerability exists in Windsurft version 1.10.7 in Write mode using SWE-1 model. It is possible to create a file name that will be appended to the user prompt causing Windsurf to follow its instructions.... Read more
Affected Products :- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Injection
-
7.3
HIGHCVE-2025-57618
A path traversal vulnerability in FastX3 thru 3.3.67 allows an unauthenticated attacker to read arbitrary files on the server. By leveraging this vulnerability, it is possible to access the application's configuration files, which contain the secret key u... Read more
Affected Products :- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Path Traversal
-
7.3
HIGHCVE-2025-60535
A Cross-Site Request Forgery (CSRF) in the component /endpoints/currency/currency of Wallos v4.1.1 allows attackers to execute arbitrary operations via a crafted GET request.... Read more
Affected Products :- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Cross-Site Request Forgery