Latest CVE Feed
-
5.3
MEDIUMCVE-2025-57352
A vulnerability exists in the 'min-document' package prior to version 2.19.0, stemming from improper handling of namespace operations in the removeAttributeNS method. By processing malicious input involving the __proto__ property, an attacker can manipula... Read more
Affected Products :- Published: Sep. 24, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-59830
Rack is a modular Ruby web server interface. Prior to version 2.2.18, Rack::QueryParser enforces its params_limit only for parameters separated by &, while still splitting on both & and ;. As a result, attackers could use ; separators to bypass the parame... Read more
Affected Products : rack- Published: Sep. 25, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2025-57348
The node-cube package (prior to version 5.0.0) contains a vulnerability in its handling of prototype chain initialization, which could allow an attacker to inject properties into the prototype of built-in objects. This issue, categorized under CWE-1321, a... Read more
Affected Products :- Published: Sep. 24, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Injection
-
5.3
MEDIUMCVE-2025-46149
In PyTorch before 2.7.0, when inductor is used, nn.Fold has an assertion error.... Read more
Affected Products :- Published: Sep. 25, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Misconfiguration
-
6.7
MEDIUMCVE-2025-43943
Dell Cloud Disaster Recovery, version(s) prior to 19.20, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vu... Read more
Affected Products :- Published: Sep. 25, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-10542
iMonitor EAM 9.6394 ships with default administrative credentials that are also displayed within the management client’s connection dialog. If the administrator does not change these defaults, a remote attacker can authenticate to the EAM server and gain ... Read more
Affected Products :- Published: Sep. 25, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Authentication
-
6.7
MEDIUMCVE-2025-20313
Multiple vulnerabilities in Cisco IOS XE Software of could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the chain of tru... Read more
Affected Products : ios_xe- Published: Sep. 24, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Path Traversal
-
9.9
CRITICALCVE-2025-59823
Project Gardener implements the automated management and operation of Kubernetes clusters as a service. Code injection may be possible in Gardener Extensions for AWS providers prior to version 1.64.0, Azure providers prior to version 1.55.0, OpenStack pro... Read more
Affected Products :- Published: Sep. 25, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Injection
-
4.3
MEDIUMCVE-2025-59426
Lobe Chat is an open-source artificial intelligence chat framework. Prior to version 1.130.1, the project's OIDC redirect handling logic constructs the host and protocol of the final redirect URL based on the X-Forwarded-Host or Host headers and the X-For... Read more
Affected Products : lobe_chat- Published: Sep. 25, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Misconfiguration
-
5.3
MEDIUMCVE-2025-57353
The Runtime components of messageformat package for Node.js prior to version 3.0.1 contain a prototype pollution vulnerability. Due to insufficient validation of nested message keys during the processing of message data, an attacker can manipulate the pro... Read more
Affected Products :- Published: Sep. 24, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Injection
-
9.0
HIGHCVE-2025-10953
A security vulnerability has been detected in UTT 1200GW and 1250GW up to 3.0.0-170831/3.2.2-200710. This vulnerability affects unknown code of the file /goform/formApMail. The manipulation of the argument senderEmail leads to buffer overflow. The attack ... Read more
Affected Products :- Published: Sep. 25, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Memory Corruption
-
5.3
MEDIUMCVE-2025-46148
In PyTorch through 2.6.0, when eager is used, nn.PairwiseDistance(p=2) produces incorrect results.... Read more
Affected Products :- Published: Sep. 25, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Misconfiguration
-
5.5
MEDIUMCVE-2025-10947
A flaw has been found in Sistemas Pleno Gestão de Locação up to 2025.7.x. The impacted element is an unknown function of the file /api/areacliente/pessoa/validarCpf of the component CPF Handler. Executing manipulation of the argument pes_cpf can lead to a... Read more
Affected Products :- Published: Sep. 25, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Authorization
-
7.6
HIGHCVE-2025-59305
Improper authorization in the background migration endpoints of Langfuse 3.1 before d67b317 allows any authenticated user to invoke migration control functions. This can lead to data corruption or denial of service through unauthorized access to TRPC endp... Read more
Affected Products :- Published: Sep. 24, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2025-59834
ADB MCP Server is a MCP (Model Context Protocol) server for interacting with Android devices through ADB. In versions 0.1.0 and prior, the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its ... Read more
Affected Products :- Published: Sep. 25, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Injection
-
5.3
MEDIUMCVE-2025-46153
PyTorch before 3.7.0 has a bernoulli_p decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d for fallback_random=True.... Read more
Affected Products :- Published: Sep. 25, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Misconfiguration
-
7.5
HIGHCVE-2025-26278
A prototype pollution in the lib.set function of dref v0.1.2 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.... Read more
Affected Products :- Published: Sep. 25, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Denial of Service
-
5.9
MEDIUMCVE-2025-26333
Dell Crypto-J generates an error message that includes sensitive information about its environment and associated data. A remote attacker could potentially exploit this vulnerability, leading to information exposure.... Read more
Affected Products :- Published: Sep. 25, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Information Disclosure
-
5.5
MEDIUMCVE-2025-10911
A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash.... Read more
Affected Products :- Published: Sep. 25, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Memory Corruption
-
2.4
LOWCVE-2025-59838
Monkeytype is a minimalistic and customizable typing test. In versions 25.36.0 and prior, improper handling of user input when loading a saved custom text results in XSS. This issue has been patched via commit f025b12.... Read more
Affected Products : monkeytype- Published: Sep. 25, 2025
- Modified: Sep. 26, 2025
- Vuln Type: Cross-Site Scripting