Latest CVE Feed
-
9.8
CRITICALCVE-2025-10156
An Improper Handling of Exceptional Conditions vulnerability in the ZIP archive scanning component of mmaitre314 picklescan allows a remote attacker to bypass security scans. This is achieved by crafting a ZIP archive containing a file with a bad Cyclic R... Read more
Affected Products : picklescan- Published: Sep. 17, 2025
- Modified: Oct. 02, 2025
- Vuln Type: Misconfiguration
-
8.8
HIGHCVE-2025-11096
A flaw has been found in D-Link DIR-823X 250416. This issue affects some unknown processing of the file /goform/diag_traceroute. Executing manipulation of the argument target_addr can lead to command injection. The attack can be executed remotely. The exp... Read more
- Published: Sep. 28, 2025
- Modified: Oct. 02, 2025
- Vuln Type: Injection
-
9.3
CRITICALCVE-2025-10157
A Protection Mechanism Failure vulnerability in mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass the unsafe globals check. This is possible because the scanner performs an exact match for module names, allowing ... Read more
Affected Products : picklescan- Published: Sep. 17, 2025
- Modified: Oct. 02, 2025
- Vuln Type: Misconfiguration
-
8.8
HIGHCVE-2025-11097
A vulnerability has been found in D-Link DIR-823X 250416. Impacted is an unknown function of the file /goform/set_device_name. The manipulation of the argument mac leads to command injection. The attack is possible to be carried out remotely. The exploit ... Read more
- Published: Sep. 28, 2025
- Modified: Oct. 02, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-11098
A vulnerability was found in D-Link DIR-823X 250416. The affected element is an unknown function of the file /goform/set_wifi_blacklists. The manipulation of the argument macList results in command injection. The attack may be performed from remote. The e... Read more
- Published: Sep. 28, 2025
- Modified: Oct. 02, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-11099
A vulnerability was determined in D-Link DIR-823X 250416. The impacted element is the function uci_del of the file /goform/delete_prohibiting. This manipulation of the argument delvalue causes command injection. It is possible to initiate the attack remot... Read more
- Published: Sep. 28, 2025
- Modified: Oct. 02, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-11100
A vulnerability was identified in D-Link DIR-823X 250416. This affects the function uci_set of the file /goform/set_wifi_blacklists. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit is publicly availa... Read more
- Published: Sep. 28, 2025
- Modified: Oct. 02, 2025
- Vuln Type: Injection
-
8.4
HIGHCVE-2025-59050
Greenshot is an open source Windows screenshot utility. Greenshot 1.3.300 and earlier deserializes attacker-controlled data received in a WM_COPYDATA message using BinaryFormatter.Deserialize without prior validation or authentication, allowing a local pr... Read more
- Published: Sep. 16, 2025
- Modified: Oct. 02, 2025
- Vuln Type: Memory Corruption
-
7.0
HIGHCVE-2025-53802
Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.... Read more
- Published: Sep. 09, 2025
- Modified: Oct. 02, 2025
-
7.8
HIGHCVE-2025-53801
Untrusted pointer dereference in Windows DWM allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +2 more products- Published: Sep. 09, 2025
- Modified: Oct. 02, 2025
-
7.8
HIGHCVE-2025-53800
No cwe for this issue in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 +3 more products- Published: Sep. 09, 2025
- Modified: Oct. 02, 2025
-
9.8
CRITICALCVE-2025-10459
A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown part of the file /admin/all-appointment.php. The manipulation of the argument delid results in sql injection. The attack can be executed remote... Read more
- Published: Sep. 15, 2025
- Modified: Oct. 02, 2025
- Vuln Type: Injection
-
5.5
MEDIUMCVE-2025-53799
Use of uninitialized resource in Windows Imaging Component allows an unauthorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 office windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 +10 more products- Published: Sep. 09, 2025
- Modified: Oct. 02, 2025
-
6.5
MEDIUMCVE-2025-53798
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.... Read more
- Published: Sep. 09, 2025
- Modified: Oct. 02, 2025
-
6.3
MEDIUMCVE-2025-49089
wangxutech MoneyPrinterTurbo 1.2.6 allows path traversal via /api/v1/download/ URIs such as /api/v1/download//etc/passwd.... Read more
- Published: Sep. 15, 2025
- Modified: Oct. 02, 2025
- Vuln Type: Path Traversal
-
5.3
MEDIUMCVE-2025-59474
Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission, allowing attackers without Overall/Read permission to list agent names thr... Read more
Affected Products : jenkins- Published: Sep. 17, 2025
- Modified: Oct. 02, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-59475
Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check for the authenticated user profile dropdown menu, allowing attackers without Overall/Read permission to obtain limited information about the Jenkins configuration by li... Read more
Affected Products : jenkins- Published: Sep. 17, 2025
- Modified: Oct. 02, 2025
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2025-53797
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.... Read more
- Published: Sep. 09, 2025
- Modified: Oct. 02, 2025
-
6.5
MEDIUMCVE-2025-53796
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.... Read more
- Published: Sep. 09, 2025
- Modified: Oct. 02, 2025
-
7.0
HIGHCVE-2025-49734
Improper restriction of communication channel to intended endpoints in Windows PowerShell allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 powershell windows_11_23h2 +4 more products- Published: Sep. 09, 2025
- Modified: Oct. 02, 2025