Latest CVE Feed
-
7.8
HIGHCVE-2025-47316
Memory corruption due to double free when multiple threads race to set the timestamp store.... Read more
Affected Products : aqt1000_firmware qca6391_firmware qca6420_firmware qca6430_firmware wcd9341_firmware wcd9380_firmware wcd9385_firmware wsa8810_firmware wsa8815_firmware wsa8830_firmware +48 more products- Published: Sep. 24, 2025
- Modified: Sep. 25, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-47317
Memory corruption due to global buffer overflow when a test command uses an invalid payload type.... Read more
Affected Products : wcd9385_firmware wcn3988_firmware wsa8810_firmware wsa8815_firmware wsa8830_firmware wsa8835_firmware wcd9370_firmware wcd9375_firmware wsa8832_firmware fastconnect_6200_firmware +96 more products- Published: Sep. 24, 2025
- Modified: Sep. 25, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-47326
Transient DOS while handling command data during power control processing.... Read more
- Published: Sep. 24, 2025
- Modified: Sep. 25, 2025
- Vuln Type: Denial of Service
-
7.8
HIGHCVE-2025-47327
Memory corruption while encoding the image data.... Read more
Affected Products : aqt1000_firmware qca6391_firmware qca6420_firmware qca6430_firmware wcd9341_firmware wcd9380_firmware wcd9385_firmware wsa8810_firmware wsa8815_firmware wsa8830_firmware +72 more products- Published: Sep. 24, 2025
- Modified: Sep. 25, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-47328
Transient DOS while processing power control requests with invalid antenna or stream values.... Read more
Affected Products : wsa8830_firmware wsa8835_firmware ipq9008_firmware ipq9574_firmware qca8075_firmware qca8081_firmware qca8082_firmware qca8084_firmware qca8085_firmware qca8386_firmware +124 more products- Published: Sep. 24, 2025
- Modified: Sep. 25, 2025
- Vuln Type: Denial of Service
-
7.8
HIGHCVE-2025-47329
Memory corruption while handling invalid inputs in application info setup.... Read more
Affected Products : qca6574au_firmware qca6595au_firmware qca6696_firmware sa6155p_firmware sa8155p_firmware sa8195p_firmware sw5100_firmware sw5100p_firmware wcd9380_firmware wcd9385_firmware +66 more products- Published: Sep. 24, 2025
- Modified: Sep. 25, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-10500
Use after free in Dawn in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more
- Published: Sep. 24, 2025
- Modified: Sep. 25, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-10501
Use after free in WebRTC in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more
- Published: Sep. 24, 2025
- Modified: Sep. 25, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-10502
Heap buffer overflow in ANGLE in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via malicious network traffic. (Chromium security severity: High)... Read more
- Published: Sep. 24, 2025
- Modified: Sep. 25, 2025
- Vuln Type: Memory Corruption
-
9.1
CRITICALCVE-2025-10890
Side-channel information leakage in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)... Read more
- Published: Sep. 24, 2025
- Modified: Sep. 25, 2025
- Vuln Type: Information Disclosure
-
8.8
HIGHCVE-2025-10891
Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more
- Published: Sep. 24, 2025
- Modified: Sep. 25, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-10892
Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)... Read more
- Published: Sep. 24, 2025
- Modified: Sep. 25, 2025
- Vuln Type: Memory Corruption
-
7.0
HIGHCVE-2025-59220
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.... Read more
- Published: Sep. 18, 2025
- Modified: Sep. 25, 2025
-
7.0
HIGHCVE-2025-59216
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.... Read more
- Published: Sep. 18, 2025
- Modified: Sep. 25, 2025
-
7.0
HIGHCVE-2025-59215
Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.... Read more
- Published: Sep. 18, 2025
- Modified: Sep. 25, 2025
-
4.3
MEDIUMCVE-2025-36146
IBM Lakehouse (watsonx.data 2.2) could allow an authenticated user to obtain sensitive server component version information which could aid in further attacks against the system.... Read more
Affected Products : watsonx.data- Published: Sep. 18, 2025
- Modified: Sep. 25, 2025
- Vuln Type: Information Disclosure
-
7.3
HIGHCVE-2025-55912
An issue in ClipBucket 5.5.0 and prior versions allows an unauthenticated attacker can exploit the plupload endpoint in photo_uploader.php to upload arbitrary files without any authentication, due to missing access controls in the upload handler... Read more
Affected Products : clipbucket_v5- Published: Sep. 18, 2025
- Modified: Sep. 25, 2025
- Vuln Type: Authentication
-
7.2
HIGHCVE-2025-36143
IBM Lakehouse (watsonx.data 2.2) could allow an authenticated privileged user to execute arbitrary commands on the system due to improper validation of user supplied input.... Read more
Affected Products : watsonx.data- Published: Sep. 18, 2025
- Modified: Sep. 25, 2025
- Vuln Type: Injection
-
6.8
MEDIUMCVE-2025-59417
Lobe Chat is an open-source artificial intelligence chat framework. Prior to version 1.129.4, there is a a cross-site scripting (XSS) vulnerability when handling chat message in lobe-chat that can be escalated to remote code execution on the user’s machin... Read more
Affected Products : lobe_chat- Published: Sep. 18, 2025
- Modified: Sep. 25, 2025
- Vuln Type: Cross-Site Scripting
-
8.6
HIGHCVE-2025-59839
The EmbedVideo Extension is a MediaWiki extension which adds a parser function called #ev and various parser tags for embedding video clips from various video sharing services. In versions 4.0.0 and prior, the EmbedVideo extension allows adding arbitrary ... Read more
Affected Products :- Published: Sep. 25, 2025
- Modified: Sep. 25, 2025
- Vuln Type: Cross-Site Scripting