Latest CVE Feed
-
6.5
MEDIUMCVE-2025-10720
The WP Private Content Plus through 3.6.2 provides a global content protection feature that requires a password. However, the access control check is based only on the presence of an unprotected client-side cookie. As a result, an unauthenticated attacker... Read more
Affected Products : wp_private_content_plus- Published: Oct. 13, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Authentication
-
8.8
HIGHCVE-2025-59228
Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 28, 2025
-
5.5
MEDIUMCVE-2025-59229
Uncaught exception in Microsoft Office allows an unauthorized attacker to deny service locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 28, 2025
-
7.8
HIGHCVE-2025-59231
Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office 365_apps excel office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 +1 more products- Published: Oct. 14, 2025
- Modified: Oct. 28, 2025
-
7.8
HIGHCVE-2025-59233
Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
Affected Products : office 365_apps excel office_online_server office_long_term_servicing_channel office_macos_2024 office_macos_2021 excel_2016 office_2024 office_2021 +1 more products- Published: Oct. 14, 2025
- Modified: Oct. 28, 2025
-
7.8
HIGHCVE-2025-59234
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 28, 2025
-
8.4
HIGHCVE-2025-59236
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 28, 2025
-
8.8
HIGHCVE-2025-59237
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 28, 2025
-
7.5
HIGHCVE-2025-59248
Improper input validation in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 28, 2025
-
8.8
HIGHCVE-2025-59249
Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 28, 2025
-
7.2
HIGHCVE-2025-8078
A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware versions from V4.16 through V5.40, and USG20(W... Read more
Affected Products : usg20w-vpn_firmware zld usg_flex_100_firmware atp100_firmware atp100 atp200 atp500 atp100w atp700 atp800 +10 more products- Published: Oct. 21, 2025
- Modified: Oct. 28, 2025
-
4.3
MEDIUMCVE-2025-48025
In Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1280, 1330, 1380, 1480, 1580, W920, W930, and W1000, there is an improper access control vulnerability related to a log file.... Read more
Affected Products : exynos_980_firmware exynos_850_firmware exynos_1280_firmware exynos_1380_firmware exynos_1330_firmware exynos_w920_firmware exynos_980 exynos_850 exynos_1280 exynos_1380 +10 more products- Published: Oct. 20, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-26782
An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 9110, W920, W930, Modem 5123, and Modem 5300. Incorrect handling of RLC AM PDUs leads to a Denial of S... Read more
- Published: Oct. 20, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Denial of Service
-
8.1
HIGHCVE-2025-9133
A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware versions from V4.16 through V5.40, and USG20(W)-VPN series fir... Read more
Affected Products : usg20w-vpn_firmware zld usg_flex_100_firmware atp100_firmware atp100 atp200 atp500 atp100w atp700 atp800 +10 more products- Published: Oct. 21, 2025
- Modified: Oct. 28, 2025
-
7.5
HIGHCVE-2025-53066
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle G... Read more
- Published: Oct. 21, 2025
- Modified: Oct. 28, 2025
-
3.7
LOWCVE-2025-61748
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 21.0.8 and 25; Oracle GraalVM for JDK: 21.0.8; Orac... Read more
- Published: Oct. 21, 2025
- Modified: Oct. 28, 2025
-
8.8
HIGHCVE-2025-52079
The administrator password setting of the D-Link DIR-820L 1.06B02 is has Improper Access Control and is vulnerable to Unverified Password Change via crafted POST request to /get_set.ccp.... Read more
- Published: Oct. 21, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Authentication
-
8.8
HIGHCVE-2025-62496
A vulnerability exists in the QuickJS engine's BigInt string parsing logic (js_bigint_from_string) when attempting to create a BigInt from a string with an excessively large number of digits. The function calculates the necessary number of bits (n_bits) ... Read more
Affected Products : quickjs- Published: Oct. 16, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-54539
A Deserialization of Untrusted Data vulnerability exists in the Apache ActiveMQ NMS AMQP Client. This issue affects all versions of Apache ActiveMQ NMS AMQP up to and including 2.3.0, when establishing connections to untrusted AMQP servers. Malicious ser... Read more
Affected Products : activemq_nms_amqp- Published: Oct. 16, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-36128
IBM MQ 9.1, 9.2, 9.3, 9.4 LTS and 9.3, 9.4 CD is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting slowloris-type attacks, a remote attacker could exploit this vulnerability to ca... Read more
- Published: Oct. 16, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Denial of Service