Latest CVE Feed
- 
                                
                                6.1MEDIUMCVE-2025-60837A reflected cross-site scripting (XSS) vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload.... Read more Affected Products :- Published: Oct. 23, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Cross-Site Scripting
 
- 
                                
                                7.8HIGHCVE-2025-54808Oxford Nanopore Technologies' MinKNOW software at or prior to version 24.11 stores authentication tokens in a file located in the system's temporary directory (/tmp) on the host machine. This directory is typically world-readable, allowing any local user ... Read more Affected Products : minknow- Published: Oct. 23, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Authentication
 
- 
                                
                                7.8HIGHCVE-2025-23352NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause uninitialized pointer access. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privilege... Read more Affected Products :- Published: Oct. 23, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Memory Corruption
 
- 
                                
                                7.8HIGHCVE-2025-23347NVIDIA Project G-Assist contains a vulnerability where an attacker might be able to escalate permissions. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information... Read more - Published: Oct. 23, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Authorization
 
- 
                                
                                4.4MEDIUMCVE-2025-23345NVIDIA Display Driver for Windows and Linux contains a vulnerability in a video decoder, where an attacker might cause an out-of-bounds read. A successful exploit of this vulnerability might lead to information disclosure or denial of service.... Read more - Published: Oct. 23, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Information Disclosure
 
- 
                                
                                5.0MEDIUMCVE-2025-23332NVIDIA Display Driver for Linux contains a vulnerability in a kernel module, where an attacker might be able to trigger a null pointer deference. A successful exploit of this vulnerability might lead to denial of service.... Read more - Published: Oct. 23, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Denial of Service
 
- 
                                
                                5.5MEDIUMCVE-2025-23330NVIDIA Display Driver for Linux contains a vulnerability where an attacker might be able to trigger a null pointer dereference. A successful exploit of this vulnerability might lead to denial of service.... Read more - Published: Oct. 23, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Denial of Service
 
- 
                                
                                5.5MEDIUMCVE-2025-23300NVIDIA Display Driver for Linux contains a vulnerability in the kernel driver, where a user could cause a null pointer dereference by allocating a specific memory resource. A successful exploit of this vulnerability might lead to denial of service.... Read more - Published: Oct. 23, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Memory Corruption
 
- 
                                
                                8.1HIGHCVE-2025-11621Vault and Vault Enterprise’s (“Vault”) AWS Auth method may be susceptible to authentication bypass if the role of the configured bound_principal_iam is the same across AWS accounts, or uses a wildcard. This vulnerability, CVE-2025-11621, is fixed in Vault... Read more Affected Products : vault- Published: Oct. 23, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Authentication
 
- 
                                
                                6.8MEDIUMCVE-2025-10937Oxford Nanopore Technologies' MinKNOW software at or prior to version 24.11 creates a temporary file to store the local authentication token during startup, before copying it to its final location. This temporary file is created in a directory accessible ... Read more Affected Products : minknow- Published: Oct. 23, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Denial of Service
 
- 
                                
                                6.5MEDIUMCVE-2025-61464gnuboard gnuboard4 v4.36.04 and before is vulnerable to Second-order SQL Injection via the search_table in bbs/search.php.... Read more Affected Products :- Published: Oct. 23, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Injection
 
- 
                                
                                6.1MEDIUMCVE-2025-61413A stored cross-site scripting (XSS) vulnerability in the /manager/pages component of Piranha CMS v12.0 allows attackers to execute arbitrary web scripts or HTML via creating a page and injecting a crafted payload into the Markdown blocks.... Read more Affected Products :- Published: Oct. 23, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Cross-Site Scripting
 
- 
                                
                                6.1MEDIUMCVE-2025-57240Cross site scripting (XSS) vulnerability in 17gz International Student service system 1.0 allows attackers to execute arbitrary code via the registration step.... Read more Affected Products :- Published: Oct. 23, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Cross-Site Scripting
 
- 
                                
                                7.2HIGHCVE-2025-62713Kottster is a self hosted Node.js admin panel. From versions 3.2.0 to before 3.3.2, Kottster contains a pre-authentication remote code execution (RCE) vulnerability when running in development mode. This affects development mode only, production deploymen... Read more Affected Products :- Published: Oct. 23, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Misconfiguration
 
- 
                                
                                6.9MEDIUMCVE-2025-34156Tibbo AggreGate Network Manager < 6.40.05 exposes sensitive system information through an unauthenticated endpoint at /cwmp/happyaxis.jsp. The page discloses Java system properties, server path details, and version information to unauthorized users, resul... Read more Affected Products : aggregate_network_manager- Published: Oct. 23, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Information Disclosure
 
- 
                                
                                6.9MEDIUMCVE-2025-34155Tibbo AggreGate Network Manager < 6.40.05 contains an observable response discrepancy in its login functionality. Authentication failure messages differ based on whether a supplied username exists or not, allowing an unauthenticated remote attacker to inf... Read more Affected Products : aggregate_network_manager- Published: Oct. 23, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Authentication
 
- 
                                
                                8.1HIGHCVE-2025-62169OctoPrint-SpoolManager is a plugin for managing spools and all their usage metadata. In versions 1.8.0a2 and older of the testing branch and versions 1.7.7 and older of the stable branch, the APIs of the OctoPrint-SpoolManager plugin do not correctly enfo... Read more Affected Products :- Published: Oct. 23, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Authentication
 
- 
                                
                                8.1HIGHCVE-2025-59048OpenBao's AWS Plugin generates AWS access credentials based on IAM policies. Prior to version 0.1.1, the AWS Plugin is vulnerable to cross-account IAM role Impersonation in the AWS auth method. The vulnerability allows an IAM role from an untrusted AWS ac... Read more Affected Products :- Published: Oct. 23, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Authorization
 
- 
                                
                                7.5HIGHCVE-2025-50951FontForge v20230101 was discovered to contain a memory leak via the utf7toutf8_copy function at /fontforge/sfd.c.... Read more Affected Products :- Published: Oct. 23, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Memory Corruption
 
- 
                                
                                7.5HIGHCVE-2025-50950Audiofile v0.3.7 was discovered to contain a NULL pointer dereference via the ModuleState::setup function.... Read more Affected Products :- Published: Oct. 23, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Memory Corruption
 
 
                         
                         
                         
                                             
                                            