Latest CVE Feed
-
6.9
MEDIUMCVE-2025-62698
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - ExternalGuidance allows Stored XSS.This issue affects Mediawiki - ExternalGuidance: from master before 1.39.... Read more
Affected Products :- Published: Oct. 20, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Cross-Site Scripting
-
6.9
MEDIUMCVE-2025-62700
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - MultiBoilerplate Extensionmaste allows Stored XSS.This issue affects Mediawiki - MultiBoilerplate Extensionma... Read more
Affected Products :- Published: Oct. 20, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Cross-Site Scripting
-
0.0
NACVE-2025-40011
In the Linux kernel, the following vulnerability has been resolved: drm/gma500: Fix null dereference in hdmi teardown pci_set_drvdata sets the value of pdev->driver_data to NULL, after which the driver_data obtained from the same dev is dereferenced in ... Read more
Affected Products : linux_kernel- Published: Oct. 20, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Memory Corruption
-
7.6
HIGHCVE-2025-61488
An issue in Senayan Library Management System (SLiMS) 9 Bulian v.9.6.1 allows a remote attacker to execute arbitrary code via the scrap_image.php component and the imageURL parameter... Read more
Affected Products :- Published: Oct. 20, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Injection
-
6.0
MEDIUMCVE-2025-62522
Vite is a frontend tooling framework for JavaScript. In versions from 2.9.18 to before 3.0.0, 3.2.9 to before 4.0.0, 4.5.3 to before 5.0.0, 5.2.6 to before 5.4.21, 6.0.0 to before 6.4.1, 7.0.0 to before 7.0.8, and 7.1.0 to before 7.1.11, files denied by s... Read more
Affected Products : vite- Published: Oct. 20, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2025-60783
There is a SQL injection vulnerability in Restaurant Management System DBMS Project v1.0 via login.php. The vulnerability allows attackers to manipulate the application's database through specially crafted SQL query strings.... Read more
Affected Products :- Published: Oct. 20, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-61455
SQL Injection vulnerability exists in Bhabishya-123 E-commerce 1.0, specifically within the signup.inc.php endpoint. The application directly incorporates unsanitized user inputs into SQL queries, allowing unauthenticated attackers to bypass authenticatio... Read more
Affected Products :- Published: Oct. 20, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-61301
Denial-of-analysis in reporting/mongodb.py and reporting/jsondump.py in CAPEv2 (commit 52e4b43, on 2025-05-17) allows attackers who can submit samples to cause incomplete or missing behavioral analysis reports by generating deeply nested or oversized beha... Read more
Affected Products :- Published: Oct. 20, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Denial of Service
-
9.8
CRITICALCVE-2025-61303
Hatching Triage Sandbox Windows 10 build 2004 (2025-08-14) and Windows 10 LTSC 2021(2025-08-14) contains a vulnerability in its Windows behavioral analysis engine that allows a submitted malware sample to evade detection and cause denial-of-analysis. The ... Read more
Affected Products :- Published: Oct. 20, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Denial of Service
-
6.9
MEDIUMCVE-2025-62701
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Wikistories allows Stored XSS.This issue affects Mediawiki - Wikistories: from master before 1.44.... Read more
Affected Products :- Published: Oct. 21, 2025
- Modified: Oct. 21, 2025