Latest CVE Feed
-
8.2
HIGHCVE-2025-62611
aiomysql is a library for accessing a MySQL database from the asyncio. Prior to version 0.3.0, the client-side settings are not checked before sending local files to MySQL server, which allows obtaining arbitrary files from the client using a rogue server... Read more
Affected Products :- Published: Oct. 22, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Misconfiguration
-
8.1
HIGHCVE-2025-62610
Hono is a Web application framework that provides support for any JavaScript runtime. In versions from 1.1.0 to before 4.10.2, Hono’s JWT Auth Middleware does not provide a built-in aud (Audience) verification option, which can cause confused-deputy / tok... Read more
Affected Products : hono- Published: Oct. 22, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Authentication
-
4.8
MEDIUMCVE-2025-62248
A reflected cross-site scripting (XSS) vulnerability, resulting from a regression, has been identified in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024... Read more
- Published: Oct. 22, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Cross-Site Scripting
-
5.2
MEDIUMCVE-2025-58712
A container privilege escalation flaw was found in certain AMQ Broker images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an... Read more
Affected Products :- Published: Oct. 22, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Misconfiguration