Latest CVE Feed
-
8.1
HIGHCVE-2025-62518
astral-tokio-tar is a tar archive reading/writing library for async Rust. Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar... Read more
Affected Products :- Published: Oct. 21, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Path Traversal
-
8.9
HIGHCVE-2025-60507
Cross site scripting vulnerability in Moodle GeniAI plugin (local_geniai) 2.3.6. An authenticated user with Teacher role can upload a PDF containing embedded JavaScript. The assistant outputs a direct HTML link to the uploaded file without sanitization. W... Read more
Affected Products :- Published: Oct. 21, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Cross-Site Scripting
-
6.9
MEDIUMCVE-2025-62250
Improper Authentication in Liferay Portal 7.4.0 through 7.4.3.132, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote att... Read more
- Published: Oct. 21, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Authentication
-
4.3
MEDIUMCVE-2025-62605
Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon version 4.4, support for verifiable quote posts with quote controls was added, but it is possible for an attacker to bypass these controls in Mastodon versions prior t... Read more
Affected Products : mastodon- Published: Oct. 21, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Authorization
-
8.2
HIGHCVE-2025-11151
Exposure of Sensitive Information to an Unauthorized Actor, Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Beyaz Bilgisayar Software Design Industry and Trade Ltd. Co. CityPLus allows Detect Unpublicized Web Pa... Read more
Affected Products :- Published: Oct. 21, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Information Disclosure