Latest CVE Feed
- 
                                
                                8.2HIGHCVE-2025-52960A Buffer Copy without Checking Size of Input vulnerability in the Session Initialization Protocol (SIP) ALG of Juniper Networks Junos OS on MX Series and SRX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). W... Read more Affected Products : junos- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Denial of Service
 
- 
                                
                                8.5HIGHCVE-2025-11198A Missing Authentication for Critical Function vulnerability in Juniper Networks Security Director Policy Enforcer allows an unauthenticated, network-based attacker to replace legitimate vSRX images with malicious ones. If a trusted user initiates depl... Read more Affected Products :- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Authentication
 
- 
                                
                                9.6CRITICALCVE-2025-10284BBOT's unarchive module could be abused by supplying malicious archives files and when extracted can then perform an arbitrary file write, resulting in remote code execution.... Read more Affected Products :- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Denial of Service
 
- 
                                
                                9.6CRITICALCVE-2025-10283BBOT's gitdumper module could be abused to execute commands through a malicious git repository.... Read more Affected Products :- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Injection
 
- 
                                
                                4.7MEDIUMCVE-2025-10282BBOT's gitlab module could be abused to disclose a GitLab API key to an attacker controlled server with a malicious formatted git URL.... Read more Affected Products :- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Information Disclosure
 
- 
                                
                                4.7MEDIUMCVE-2025-10281BBOT's git_clone module could be abused to disclose a GitHub API key to an attacker controlled server with a malicious formatted git URL.... Read more Affected Products :- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Information Disclosure
 
- 
                                
                                9.6CRITICALCVE-2025-56683A cross-site scripting (XSS) vulnerability in the component /app/marketplace.html of Logseq v0.10.9 allows attackers to execute arbitrary code via injecting arbitrary Javascript into a crafted README.md file.... Read more Affected Products :- Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Cross-Site Scripting
 
- 
                                
                                7.3HIGHCVE-2025-45095Lavasoft Web Companion (also known as Ad-Aware WebCompanion) versions 8.9.0.1091 through 12.1.3.1037 installs the DCIService.exe service with an unquoted service path vulnerability. An attacker with write access to the file system could potentially execut... Read more Affected Products :- Published: Oct. 09, 2025
- Modified: Oct. 09, 2025
- Vuln Type: Misconfiguration
 
- 
                                
                                7.1HIGHCVE-2025-39664Insufficient escaping in the report scheduler within Checkmk <2.4.0p13, <2.3.0p38, <2.2.0p46 and 2.1.0 (EOL) allows authenticated attackers to define the storage location of report file pairs beyond their intended root directory.... Read more Affected Products : checkmk- Published: Oct. 09, 2025
- Modified: Oct. 13, 2025
- Vuln Type: Path Traversal
 
- 
                                
                                8.8HIGHCVE-2025-32919Use of an insecure temporary directory in the Windows License plugin for the Checkmk Windows Agent allows Privilege Escalation. This issue affects Checkmk: from 2.4.0 before 2.4.0p13, from 2.3.0 before 2.3.0p38, from 2.2.0 before 2.2.0p46, and all version... Read more Affected Products : checkmk- Published: Oct. 09, 2025
- Modified: Oct. 13, 2025
- Vuln Type: Misconfiguration
 
- 
                                
                                1.0LOWCVE-2025-32916Potential use of sensitive information in GET requests in Checkmk GmbH's Checkmk versions <2.4.0p13, <2.3.0p38, <2.2.0p46, and 2.1.0 (EOL) may cause sensitive form data to be included in URL query parameters, which may be logged in various places such as ... Read more Affected Products : checkmk- Published: Oct. 09, 2025
- Modified: Oct. 09, 2025
- Vuln Type: Information Disclosure
 
- 
                                
                                5.1MEDIUMCVE-2025-62228Apache Flink CDC version 3.4.0 was vulnerable to a SQL injection via maliciously crafted identifiers eg. crafted database name or crafted table name. Even through only the logged-in database user can trigger the attack, we recommend users update Flink CDC... Read more Affected Products :- Published: Oct. 09, 2025
- Modified: Oct. 09, 2025
- Vuln Type: Injection
 
- 
                                
                                4.3MEDIUMCVE-2025-36225IBM Aspera 5.0.0 through 5.0.13.1 could disclose sensitive user information from the system to an authenticated user due to an observable discrepancy of returned data.... Read more - Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Information Disclosure
 
- 
                                
                                4.9MEDIUMCVE-2025-36171IBM Aspera Faspex 5.0.0 through 5.0.13.1 could allow a privileged user to cause a denial of service from improperly validated API input due to excessive resource consumption.... Read more - Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Denial of Service
 
- 
                                
                                8.8HIGHCVE-2025-11561A flaw was found in the integration of Active Directory and the System Security Services Daemon (SSSD) on Linux systems. In default configurations, the Kerberos local authentication plugin (sssd_krb5_localauth_plugin) is enabled, but a fallback to the an2... Read more Affected Products :- Published: Oct. 09, 2025
- Modified: Oct. 10, 2025
- Vuln Type: Authentication
 
- 
                                
                                5.3MEDIUMCVE-2023-37401IBM Aspera Faspex 5.0.0 through 5.0.13.1 uses a cross-domain policy file that includes domains that should not be trusted.... Read more - Published: Oct. 09, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Misconfiguration
 
- 
                                
                                0.0NACVE-2025-39963In the Linux kernel, the following vulnerability has been resolved: io_uring: fix incorrect io_kiocb reference in io_link_skb In io_link_skb function, there is a bug where prev_notif is incorrectly assigned using 'nd' instead of 'prev_nd'. This causes t... Read more Affected Products : linux_kernel- Published: Oct. 09, 2025
- Modified: Oct. 09, 2025
- Vuln Type: Memory Corruption
 
- 
                                
                                0.0NACVE-2025-39962In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix untrusted unsigned subtract Fix the following Smatch static checker warning: net/rxrpc/rxgk_app.c:65 rxgk_yfs_decode_ticket() warn: untrusted unsigned subtract. 'ticke... Read more Affected Products : linux_kernel- Published: Oct. 09, 2025
- Modified: Oct. 09, 2025
- Vuln Type: Memory Corruption
 
- 
                                
                                0.0NACVE-2025-39961In the Linux kernel, the following vulnerability has been resolved: iommu/amd/pgtbl: Fix possible race while increase page table level The AMD IOMMU host page table implementation supports dynamic page table levels (up to 6 levels), starting with a 3-le... Read more Affected Products : linux_kernel- Published: Oct. 09, 2025
- Modified: Oct. 09, 2025
- Vuln Type: Race Condition
 
- 
                                
                                0.0NACVE-2025-39960In the Linux kernel, the following vulnerability has been resolved: gpiolib: acpi: initialize acpi_gpio_info struct Since commit 7c010d463372 ("gpiolib: acpi: Make sure we fill struct acpi_gpio_info"), uninitialized acpi_gpio_info struct are passed to _... Read more Affected Products : linux_kernel- Published: Oct. 09, 2025
- Modified: Oct. 09, 2025
 
 
                         
                         
                         
                                             
                                            