Latest CVE Feed
-
6.1
MEDIUMCVE-2025-9862
Server-Side Request Forgery (SSRF) vulnerability in Ghost allows an attacker to access internal resources.This issue affects Ghost: from 6.0.0 through 6.0.8, from 5.99.0 through 5.130.3.... Read more
Affected Products : ghost- Published: Sep. 17, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Server-Side Request Forgery
-
9.0
CRITICALCVE-2025-58766
Dyad is a local AI app builder. A critical security vulnerability has been discovered that affected Dyad v0.19.0 and earlier versions that allows attackers to execute arbitrary code on users' systems. The vulnerability affects the application's preview wi... Read more
Affected Products :- Published: Sep. 17, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Denial of Service
-
4.4
MEDIUMCVE-2025-59339
The Bastion provides authentication, authorization, traceability and auditability for SSH accesses. Session-recording ttyrec files, may be handled by the provided osh-encrypt-rsync script that is a helper to rotate, encrypt, sign, copy, and optionally mov... Read more
Affected Products : the-bastion- Published: Sep. 17, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Cryptography
-
7.7
HIGHCVE-2025-59341
esm.sh is a nobuild content delivery network(CDN) for modern web development. In 136 and earlier, a Local File Inclusion (LFI) issue was identified in the esm.sh service URL handling. An attacker could craft a request that causes the server to read and re... Read more
Affected Products :- Published: Sep. 17, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Path Traversal
-
8.1
HIGHCVE-2025-8565
The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on the wplp_gdpr_install_plugin_ajax_handler() functi... Read more
Affected Products :- Published: Sep. 18, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Authorization
-
4.6
MEDIUMCVE-2025-59415
Frappe Learning is a learning system that helps users structure their content. In versions 2.34.1 and below, there is a security vulnerability in Frappe Learning where the system did not adequately sanitize the content uploaded in the profile bio. Malicio... Read more
Affected Products : frappe_lms- Published: Sep. 17, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2025-10493
The Chained Quiz plugin for WordPress is vulnerable to Insecure Direct Object Reference in version 1.3.4 and below via the quiz submission and completion mechanisms due to missing validation on a user controlled key. This makes it possible for unauthentic... Read more
Affected Products : chained_quiz- Published: Sep. 18, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Authorization
-
3.7
LOWCVE-2025-30187
In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an... Read more
Affected Products : dnsdist- Published: Sep. 18, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Denial of Service
-
6.4
MEDIUMCVE-2025-9992
The Ghost Kit – Page Builder Blocks, Motion Effects & Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS field in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escapi... Read more
Affected Products :- Published: Sep. 18, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Cross-Site Scripting
-
0.0
NACVE-2023-53353
In the Linux kernel, the following vulnerability has been resolved: accel/habanalabs: postpone mem_mgr IDR destruction to hpriv_release() The memory manager IDR is currently destroyed when user releases the file descriptor. However, at this point the us... Read more
Affected Products : linux_kernel- Published: Sep. 17, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-39809
In the Linux kernel, the following vulnerability has been resolved: HID: intel-thc-hid: intel-quicki2c: Fix ACPI dsd ICRS/ISUB length The QuickI2C ACPI _DSD methods return ICRS and ISUB data with a trailing byte, making the actual length is one more byt... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-39810
In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix memory corruption when FW resources change during ifdown bnxt_set_dflt_rings() assumes that it is always called before any TC has been created. So it doesn't take bp->num_... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-39813
In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump When calling ftrace_dump_one() concurrently with reading trace_pipe, a WARN_ON_ONCE() in trace_printk_seq() can be t... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Race Condition
-
0.0
NACVE-2025-39817
In the Linux kernel, the following vulnerability has been resolved: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare Observed on kernel 6.6 (present on master as well): BUG: KASAN: slab-out-of-bounds in memcmp+0x98/0xd0 Call trace: kasan_c... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-39818
In the Linux kernel, the following vulnerability has been resolved: HID: intel-thc-hid: intel-thc: Fix incorrect pointer arithmetic in I2C regs save Improper use of secondary pointer (&dev->i2c_subip_regs) caused kernel crash and out-of-bounds error: ... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2025-54237
Substance3D - Stager versions 3.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires us... Read more
- Published: Sep. 16, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-54262
Substance3D - Stager versions 3.1.3 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to e... Read more
- Published: Sep. 16, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Memory Corruption
-
4.3
MEDIUMCVE-2025-59034
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Prior to version 3.3.8, a legacy API to retrieve user details could be misused to retrieve profile details of other users without having admin... Read more
Affected Products : indico- Published: Sep. 10, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Authorization
-
5.4
MEDIUMCVE-2025-59035
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Prior to version 3.3.8, there is a Cross-Site-Scripting vulnerability when rendering LaTeX math code in contribution or abstract descriptions.... Read more
Affected Products : indico- Published: Sep. 10, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Cross-Site Scripting
-
7.8
HIGHCVE-2025-57392
BenimPOS Masaustu 3.0.x is affected by insecure file permissions. The application installation directory grants Everyone and BUILTIN\Users groups FILE_ALL_ACCESS, allowing local users to replace or modify .exe and .dll files. This may lead to privilege es... Read more
Affected Products : benimpos- Published: Sep. 10, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Misconfiguration