Latest CVE Feed
-
7.8
HIGHCVE-2025-59233
Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office 365_apps excel office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 +1 more products- Published: Oct. 14, 2025
- Modified: Oct. 28, 2025
-
7.8
HIGHCVE-2025-59234
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 28, 2025
-
8.4
HIGHCVE-2025-59236
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 28, 2025
-
8.8
HIGHCVE-2025-59237
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 28, 2025
-
7.5
HIGHCVE-2025-59248
Improper input validation in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 28, 2025
-
8.8
HIGHCVE-2025-59249
Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 28, 2025
-
7.2
HIGHCVE-2025-8078
A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware versions from V4.16 through V5.40, and USG20(W... Read more
Affected Products : usg20w-vpn_firmware zld usg_flex_100_firmware atp100_firmware atp100 atp200 atp500 atp100w atp700 atp800 +10 more products- Published: Oct. 21, 2025
- Modified: Oct. 28, 2025
-
4.3
MEDIUMCVE-2025-48025
In Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1280, 1330, 1380, 1480, 1580, W920, W930, and W1000, there is an improper access control vulnerability related to a log file.... Read more
Affected Products : exynos_980_firmware exynos_850_firmware exynos_1280_firmware exynos_1380_firmware exynos_1330_firmware exynos_w920_firmware exynos_980 exynos_850 exynos_1280 exynos_1380 +10 more products- Published: Oct. 20, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-26782
An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 9110, W920, W930, Modem 5123, and Modem 5300. Incorrect handling of RLC AM PDUs leads to a Denial of S... Read more
- Published: Oct. 20, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Denial of Service
-
8.1
HIGHCVE-2025-9133
A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware versions from V4.16 through V5.40, and USG20(W)-VPN series fir... Read more
Affected Products : usg20w-vpn_firmware zld usg_flex_100_firmware atp100_firmware atp100 atp200 atp500 atp100w atp700 atp800 +10 more products- Published: Oct. 21, 2025
- Modified: Oct. 28, 2025
-
7.5
HIGHCVE-2025-53066
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle G... Read more
- Published: Oct. 21, 2025
- Modified: Oct. 28, 2025
-
3.7
LOWCVE-2025-61748
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 21.0.8 and 25; Oracle GraalVM for JDK: 21.0.8; Orac... Read more
- Published: Oct. 21, 2025
- Modified: Oct. 28, 2025
-
8.8
HIGHCVE-2025-52079
The administrator password setting of the D-Link DIR-820L 1.06B02 is has Improper Access Control and is vulnerable to Unverified Password Change via crafted POST request to /get_set.ccp.... Read more
- Published: Oct. 21, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Authentication
-
8.8
HIGHCVE-2025-62496
A vulnerability exists in the QuickJS engine's BigInt string parsing logic (js_bigint_from_string) when attempting to create a BigInt from a string with an excessively large number of digits. The function calculates the necessary number of bits (n_bits) ... Read more
Affected Products : quickjs- Published: Oct. 16, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-54539
A Deserialization of Untrusted Data vulnerability exists in the Apache ActiveMQ NMS AMQP Client. This issue affects all versions of Apache ActiveMQ NMS AMQP up to and including 2.3.0, when establishing connections to untrusted AMQP servers. Malicious ser... Read more
Affected Products : activemq_nms_amqp- Published: Oct. 16, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-36128
IBM MQ 9.1, 9.2, 9.3, 9.4 LTS and 9.3, 9.4 CD is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting slowloris-type attacks, a remote attacker could exploit this vulnerability to ca... Read more
- Published: Oct. 16, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Denial of Service
-
9.8
CRITICALCVE-2025-56316
A SQL injection vulnerability in the content_title parameter of the /cms/content/list endpoint in MCMS 5.5.0 allows remote attackers to execute arbitrary SQL queries via unsanitized input in the FreeMarker template rendering.... Read more
Affected Products : mcms- Published: Oct. 17, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-62642
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 has an "Anyone Can Join This Party" signup API that does not verify user account creation, allowing a remote unauthenticated attacker to create a user account.... Read more
Affected Products : restaurant_brands_international_assistant- Published: Oct. 17, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Authentication
-
7.5
HIGHCVE-2025-62604
MeterSphere is an open source continuous testing platform. Prior to version 2.10.25-lts, a logic flaw allows retrieval of arbitrary user information. This allows an unauthenticated attacker to log in to the system as any user. This issue has been patched ... Read more
Affected Products : metersphere- Published: Oct. 22, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Authentication
-
7.5
HIGHCVE-2025-50950
Audiofile v0.3.7 was discovered to contain a NULL pointer dereference via the ModuleState::setup function.... Read more
Affected Products : audiofile- Published: Oct. 23, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Memory Corruption