Latest CVE Feed
-
6.0
MEDIUMCVE-2025-12148
In Search Guard versions 3.1.1 and earlier, Field Masking (FM) rules are improperly enforced on fields of type IP (IP Address). While the content of these fields is properly redacted in the _source document returned by search operations, the results do r... Read more
Affected Products : search_guard_flx- Published: Oct. 29, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2025-54471
NeuVector used a hard-coded cryptographic key embedded in the source code. At compilation time, the key value was replaced with the secret key value and used to encrypt sensitive configurations when NeuVector stores the data.... Read more
Affected Products : neuvector- Published: Oct. 30, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Cryptography
-
4.3
MEDIUMCVE-2025-54548
On affected platforms, restricted users could view sensitive portions of the config database via a debug API (e.g., user password hashes)... Read more
Affected Products : danz_monitoring_fabric- Published: Oct. 29, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Information Disclosure
-
6.3
MEDIUMCVE-2025-10928
Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Access code allows Brute Force.This issue affects Access code: from 0.0.0 before 2.0.5.... Read more
- Published: Oct. 30, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Authentication
-
6.5
MEDIUMCVE-2025-10930
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Currency allows Cross Site Request Forgery.This issue affects Currency: from 0.0.0 before 3.5.0.... Read more
Affected Products : drupal- Published: Oct. 30, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Cross-Site Request Forgery
-
0.0
NACVE-2025-40100
In the Linux kernel, the following vulnerability has been resolved: btrfs: do not assert we found block group item when creating free space tree Currently, when building a free space tree at populate_free_space_tree(), if we are not using the block grou... Read more
Affected Products : linux_kernel- Published: Oct. 30, 2025
- Modified: Oct. 30, 2025
-
0.0
NACVE-2025-40088
In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() The hfsplus_strcasecmp() logic can trigger the issue: [ 117.317703][ T9855] ==============================================... Read more
Affected Products : linux_kernel- Published: Oct. 30, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Memory Corruption
-
6.4
MEDIUMCVE-2025-12475
The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'blocksy_newsletter_subscribe' shortcode in all versions up to, and including, 2.1.14 due to insufficient input sanitization and output escaping on us... Read more
Affected Products : blocksy_companion- Published: Oct. 30, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Cross-Site Scripting
-
0.0
NACVE-2025-40089
In the Linux kernel, the following vulnerability has been resolved: cxl/features: Add check for no entries in cxl_feature_info cxl EDAC calls cxl_feature_info() to get the feature information and if the hardware has no Features support, cxlfs may be pas... Read more
Affected Products : linux_kernel- Published: Oct. 30, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Memory Corruption
-
5.8
MEDIUMCVE-2025-60898
An unauthenticated server-side request forgery (SSRF) vulnerability in the Thumbnail via-uri endpoint of Halo CMS 2.21 allows a remote attacker to cause the server to issue HTTP requests to attacker-controlled URLs, including internal addresses. The endpo... Read more
Affected Products :- Published: Oct. 29, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Server-Side Request Forgery
-
0.0
NACVE-2025-40102
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Prevent access to vCPU events before init Another day, another syzkaller bug. KVM erroneously allows userspace to pend vCPU events for a vCPU that hasn't been initialized ye... Read more
Affected Products : linux_kernel- Published: Oct. 30, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Misconfiguration
-
9.9
CRITICALCVE-2025-54469
A vulnerability was identified in NeuVector, where the enforcer used environment variables CLUSTER_RPC_PORT and CLUSTER_LAN_PORT to generate a command to be executed via popen, without first sanitising their values. The entry process of the enforcer con... Read more
Affected Products : neuvector- Published: Oct. 30, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-11627
The Site Checkup Debug AI Troubleshooting with Wizard and Tips for Each Issue plugin for WordPress is vulnerable to log file poisoning in all versions up to, and including, 1.47. This makes it possible for unauthenticated attackers to insert arbitrary con... Read more
Affected Products :- Published: Oct. 30, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Misconfiguration
-
3.5
LOWCVE-2025-10636
The NS Maintenance Mode for WP WordPress plugin through 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability i... Read more
Affected Products :- Published: Oct. 30, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Cross-Site Scripting
-
0.0
NACVE-2025-40103
In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix refcount leak for cifs_sb_tlink Fix three refcount inconsistency issues related to `cifs_sb_tlink`. Comments for `cifs_sb_tlink` state that `cifs_put_tlink()` needs to... Read more
Affected Products : linux_kernel- Published: Oct. 30, 2025
- Modified: Oct. 30, 2025
-
5.3
MEDIUMCVE-2025-10008
The Translate WordPress and go Multilingual – Weglot plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'clean_options' function in all versions up to, and including, 5.1. This makes it possible for un... Read more
Affected Products :- Published: Oct. 30, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Authorization
-
8.4
HIGHCVE-2025-8432
Incorrect Default Permissions vulnerability in Centreon Infra Monitoring (MBI modules) allows Embedding Scripts within Scripts by CentreonBI user account on the MBI server This issue affects Infra Monitoring: from 24.10.0 before 24.10.6, from 24.04.0 befo... Read more
Affected Products : infra_monitoring- Published: Oct. 27, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Misconfiguration
-
9.8
CRITICALCVE-2025-62586
OPEXUS FOIAXpress allows a remote, unauthenticated attacker to reset the administrator password. Fixed in FOIAXpress version 11.13.2.0.... Read more
Affected Products : foiaxpress- Published: Oct. 16, 2025
- Modified: Oct. 29, 2025
- Vuln Type: Authentication
-
4.4
MEDIUMCVE-2025-61909
Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, the safe-reload script (also used during systemctl reload icinga2) and logrotate configuration shipped with Icinga 2 read the PID of the main Icinga 2 process... Read more
Affected Products : icinga- Published: Oct. 16, 2025
- Modified: Oct. 29, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-62409
Envoy is a cloud-native, open source edge and service proxy. Prior to 1.36.1, 1.35.5, 1.34.9, and 1.33.10, large requests and responses can potentially trigger TCP connection pool crashes due to flow control management in Envoy. It will happen when the co... Read more
Affected Products : envoy- Published: Oct. 16, 2025
- Modified: Oct. 29, 2025
- Vuln Type: Denial of Service