Latest CVE Feed
-
6.3
MEDIUMCVE-2025-60023
A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and delete arbitrary directories on ... Read more
- Published: Oct. 23, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Path Traversal
-
6.3
MEDIUMCVE-2025-59776
A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and create arbitrary directories on ... Read more
- Published: Oct. 23, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Path Traversal
-
8.3
HIGHCVE-2025-58429
A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and delete arbitrary files on the ta... Read more
- Published: Oct. 23, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Path Traversal
-
7.1
HIGHCVE-2025-62688
An incorrect permission assignment for a critical resource vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an attacker with low-privileged credentials to change their role, gaining full control access... Read more
- Published: Oct. 23, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Authorization
-
8.8
HIGHCVE-2025-62498
A relative path traversal (ZipSlip) vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an attacker who can tamper with a productivity project to execute arbitrary code on the machine where the project ... Read more
- Published: Oct. 23, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Path Traversal
-
7.3
HIGHCVE-2025-61977
A weak password recovery mechanism for forgotten password vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an attacker to decrypt an encrypted project by answering just one recovery question.... Read more
- Published: Oct. 23, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Authentication
-
10.0
CRITICALCVE-2025-61934
A binding to an unrestricted IP address vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and read, write, or d... Read more
- Published: Oct. 23, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Misconfiguration
-
9.9
CRITICALCVE-2025-59503
Server-side request forgery (ssrf) in Azure Compute Gallery allows an authorized attacker to elevate privileges over a network.... Read more
Affected Products : azure_compute_resource_provider- Published: Oct. 23, 2025
- Modified: Oct. 23, 2025
-
7.7
HIGHCVE-2025-59500
Improper access control in Azure Notification Service allows an authorized attacker to elevate privileges over a network.... Read more
Affected Products : azure_notification_service- Published: Oct. 23, 2025
- Modified: Oct. 23, 2025
-
7.3
HIGHCVE-2025-59273
Improper access control in Azure Event Grid allows an unauthorized attacker to elevate privileges over a network.... Read more
Affected Products : azure_event_grid_system- Published: Oct. 23, 2025
- Modified: Oct. 23, 2025
-
8.2
HIGHCVE-2025-58456
A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and read arbitrary files on the ... Read more
- Published: Oct. 23, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Path Traversal
-
8.3
HIGHCVE-2025-58078
A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and write files with arbitrary ... Read more
- Published: Oct. 23, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Path Traversal
-
8.8
HIGHCVE-2025-12100
Incorrect Default Permissions vulnerability in MongoDB BI Connector ODBC driver allows Privilege Escalation.This issue affects BI Connector ODBC driver: from 1.0.0 through 1.4.6.... Read more
Affected Products :- Published: Oct. 23, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Authorization
-
5.9
MEDIUMCVE-2025-62517
Rollbar.js offers error tracking and logging from Javascript to Rollbar. In versions before 2.26.5 and from 3.0.0-alpha1 to before 3.0.0-beta5, there is a prototype pollution vulnerability in merge(). If application code calls rollbar.configure() with unt... Read more
Affected Products : rollbar- Published: Oct. 23, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Misconfiguration
-
6.9
MEDIUMCVE-2025-62236
The Frontier Airlines website has a publicly available endpoint that validates if an email addresses is associated with an account. An unauthenticated, remote attacker could determine valid email addresses, possibly aiding in further attacks.... Read more
Affected Products :- Published: Oct. 23, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Information Disclosure
-
9.9
CRITICALCVE-2025-58428
The TLS4B ATG system's SOAP-based interface is vulnerable due to its accessibility through the web services handler. This vulnerability enables remote attackers with valid credentials to execute system-level commands on the underlying Linux system. This c... Read more
Affected Products : tls4b_automatic_tank_gauge_system- Published: Oct. 23, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Authentication
-
5.2
MEDIUMCVE-2025-57848
A container privilege escalation flaw was found in certain Container-native Virtualization images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execu... Read more
Affected Products :- Published: Oct. 23, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Misconfiguration
-
7.1
HIGHCVE-2025-55067
The TLS4B ATG system is vulnerable to improper handling of Unix time values that exceed the 2038 epoch rollover. When the system clock reaches January 19, 2038, it resets to December 13, 1901, causing authentication failures and disrupting core system fun... Read more
Affected Products : tls4b_automatic_tank_gauge_system- Published: Oct. 23, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Denial of Service
-
5.1
MEDIUMCVE-2025-54966
An issue was discovered in BAE SOCET GXP before 4.6.0.2. Some endpoints on the SOCET GXP Job Status Service may return sensitive information in certain situations, including local file paths and SOCET GXP version information.... Read more
Affected Products :- Published: Oct. 23, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Information Disclosure
-
8.4
HIGHCVE-2025-54964
An issue was discovered in BAE SOCET GXP before 4.6.0.2. An attacker with the ability to interact with the GXP Job Service may inject arbitrary executables. If the Job Service is configured for local-only access, this may allow for privilege escalation in... Read more
Affected Products :- Published: Oct. 23, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Injection