Latest CVE Feed
-
6.5
MEDIUMCVE-2025-64114
ClipBucket v5 is an open source video sharing platform. Versions 5.5.2 - #151 and below allow authenticated administrators with plugin management privileges to execute arbitrary SQL commands against the database through its ClipBucket Custom Fields plugin... Read more
Affected Products : clipbucket- Published: Nov. 06, 2025
- Modified: Nov. 10, 2025
- Vuln Type: Injection
-
10.0
CRITICALCVE-2025-62596
Youki is a container runtime written in Rust. In versions 0.5.6 and below, youki’s apparmor handling performs insufficiently strict write-target validation, and when combined with path substitution during pathname resolution, can allow writes to unintende... Read more
Affected Products : youki- Published: Nov. 06, 2025
- Modified: Nov. 10, 2025
- Vuln Type: Race Condition
-
10.0
CRITICALCVE-2025-62161
Youki is a container runtime written in Rust. In versions 0.5.6 and below, the initial validation of the source /dev/null is insufficient, allowing container escape when youki utilizes bind mounting the container's /dev/null as a file mask. This issue is ... Read more
Affected Products : youki- Published: Nov. 06, 2025
- Modified: Nov. 10, 2025
- Vuln Type: Path Traversal
-
8.1
HIGHCVE-2025-55278
Improper authentication in the API authentication middleware of HCL DevOps Loop allows authentication tokens to be accepted without proper validation of their expiration and cryptographic signature. As a result, an attacker could potentially use expired ... Read more
Affected Products :- Published: Nov. 05, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Authentication
-
8.8
HIGHCVE-2025-12779
Improper handling of the authentication token in the Amazon WorkSpaces client for Linux, versions 2023.0 through 2024.8, may expose the authentication token for DCV-based WorkSpaces to other local users on the same client machine. Under certain circumstan... Read more
Affected Products :- Published: Nov. 05, 2025
- Modified: Nov. 10, 2025
- Vuln Type: Authentication
-
6.5
MEDIUMCVE-2025-63585
OSSN (Open Source Social Network) 8.6 is vulnerable to SQL Injection in /action/rtcomments/status via the timestamp parameter.... Read more
Affected Products :- Published: Nov. 05, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-60784
A vulnerability in the XiaozhangBang Voluntary Like System V8.8 allows remote attackers to manipulate the zhekou parameter in the /topfirst.php Pay module, enabling unauthorized discounts. By sending a crafted HTTP POST request with zhekou set to an abnor... Read more
Affected Products :- Published: Nov. 05, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Misconfiguration
-
9.8
CRITICALCVE-2025-63334
PocketVJ CP PocketVJ-CP-v3 pvj version 3.9.1 contains an unauthenticated remote code execution vulnerability in the submit_opacity.php component. The application fails to sanitize user input in the opacityValue POST parameter before passing it to a shell ... Read more
Affected Products :- Published: Nov. 05, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Injection
-
6.1
MEDIUMCVE-2025-10853
A reflected cross-site scripting (XSS) vulnerability exists in the management console of multiple WSO2 products due to improper output encoding. By tampering with specific parameters, a malicious actor can inject arbitrary JavaScript into the response, le... Read more
Affected Products : api_manager identity_server identity_server_as_key_manager enterprise_integrator open_banking_am open_banking_iam api_control_plane wso2_open_banking_am wso2_identity_server wso2_api_control_plane +12 more products- Published: Nov. 05, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Cross-Site Scripting