Latest CVE Feed
-
6.7
MEDIUMCVE-2025-5187
A vulnerability exists in the NodeRestriction admission controller in Kubernetes clusters where node users can delete their corresponding node object by patching themselves with an OwnerReference to a cluster-scoped resource. If the OwnerReference resourc... Read more
Affected Products : kubernetes- Published: Aug. 27, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Authorization
-
8.4
HIGHCVE-2025-43730
Dell ThinOS 10, versions prior to 2508_10.0127, contains an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability. A local unauthenticated user could potentially exploit this vulnerability leading to Elevation of... Read more
Affected Products :- Published: Aug. 27, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Injection
-
4.2
MEDIUMCVE-2025-57821
Basecamp's Google Sign-In adds Google sign-in to Rails applications. Prior to version 1.3.0, it is possible to craft a malformed URL that passes the "same origin" check, resulting in the user being redirected to another origin. Rails applications configur... Read more
Affected Products :- Published: Aug. 27, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Misconfiguration
-
7.5
HIGHCVE-2025-40779
If a DHCPv4 client sends a request with some specific options, and Kea fails to find an appropriate subnet for the client, the `kea-dhcp4` process will abort with an assertion failure. This happens only if the client request is unicast directly to Kea; b... Read more
Affected Products : kea- Published: Aug. 27, 2025
- Modified: Aug. 29, 2025
- Vuln Type: Denial of Service