Latest CVE Feed
-
9.8
CRITICALCVE-2025-7851
An attacker may obtain the root shell on the underlying OS system with the restricted conditions on Omada gateways.... Read more
Affected Products : er7206_firmware er7206 er8411_firmware er8411 er7412-m2_firmware er7412-m2 er707-m2_firmware er707-m2 er605_firmware er605 +16 more products- Published: Oct. 21, 2025
- Modified: Oct. 24, 2025
-
9.3
CRITICALCVE-2025-7850
A command injection vulnerability may be exploited after the admin's authentication on the web portal on Omada gateways.... Read more
Affected Products : er7206_firmware er7206 er8411_firmware er8411 er7412-m2_firmware er7412-m2 er707-m2_firmware er707-m2 er605_firmware er605 +16 more products- Published: Oct. 21, 2025
- Modified: Oct. 24, 2025
-
7.5
HIGHCVE-2025-59043
OpenBao is an open source identity-based secrets management system. In OpenBao versions prior to 2.4.1, JSON objects after decoding may use significantly more memory than their serialized version. It is possible to craft a JSON payload to maximize the fac... Read more
Affected Products : openbao- Published: Oct. 17, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-62171
ImageMagick is an open source software suite for displaying, converting, and editing raster image files. In ImageMagick versions prior to 7.1.2-7 and 6.9.13-32, an integer overflow vulnerability exists in the BMP decoder on 32-bit systems. The vulnerabili... Read more
Affected Products : imagemagick- Published: Oct. 17, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Memory Corruption
-
8.2
HIGHCVE-2025-62419
DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a JDBC URL injection vulnerability exists in the DB2 and MongoDB data source configuration handlers. In the DB2 data source handler, when the extraParams field ... Read more
Affected Products : dataease- Published: Oct. 17, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-62420
DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a JDBC driver bypass vulnerability exists in the H2 database connection handler. The getJdbc function in H2.java checks if the jdbcUrl starts with jdbc:h2 but r... Read more
Affected Products : dataease- Published: Oct. 17, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Misconfiguration
-
9.8
CRITICALCVE-2025-55086
In NetXDuo version before 6.4.4, a networking support module for Eclipse Foundation ThreadX, in the DHCPV6 client there was an unchecked index extracting the server DUID from the server reply. With a crafted packet, an attacker could cause an out of memor... Read more
Affected Products : threadx_netx_duo- Published: Oct. 20, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Memory Corruption
-
6.9
MEDIUMCVE-2025-62597
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to version 3.5.1, a reflected cross-site scripting (XSS) vulnerability was identified in the editar_info_pessoal.php endpoint of the WeGIA application. T... Read more
Affected Products : wegia- Published: Oct. 21, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Cross-Site Scripting
-
7.0
HIGHCVE-2025-55340
Improper authentication in Windows Remote Desktop Protocol allows an authorized attacker to bypass a security feature locally.... Read more
Affected Products : windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 windows_11_25h2 +1 more products- Published: Oct. 14, 2025
- Modified: Oct. 24, 2025
-
5.5
MEDIUMCVE-2025-55676
Generation of error message containing sensitive information in Windows USB Video Driver allows an authorized attacker to disclose information locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 24, 2025
-
7.8
HIGHCVE-2025-55677
Untrusted pointer dereference in Windows Device Association Broker service allows an authorized attacker to elevate privileges locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 24, 2025
-
7.0
HIGHCVE-2025-55678
Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Oct. 14, 2025
- Modified: Oct. 24, 2025
-
7.1
HIGHCVE-2025-9339
SQL injection vulnerability in the fields of warehouse document filtering form in SIMPLE.ERP software allows logged-in user a malicious query injection. Potential exploitation is limited by the 20-character limit in form fields. Identified use case allows... Read more
Affected Products :- Published: Oct. 21, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Injection
-
5.3
MEDIUMCVE-2025-22168
Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to read the steps of another user's private checklist.... Read more
Affected Products : jira_align- Published: Oct. 22, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Authorization
-
5.1
MEDIUMCVE-2025-55679
Improper input validation in Windows Kernel allows an unauthorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 +3 more products- Published: Oct. 14, 2025
- Modified: Oct. 24, 2025
-
7.8
HIGHCVE-2025-55680
Time-of-check time-of-use (toctou) race condition in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 +3 more products- Published: Oct. 14, 2025
- Modified: Oct. 24, 2025
-
7.8
HIGHCVE-2025-55681
Out-of-bounds read in Windows DWM allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 +3 more products- Published: Oct. 14, 2025
- Modified: Oct. 24, 2025
-
6.1
MEDIUMCVE-2025-55682
Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 24, 2025
-
4.9
MEDIUMCVE-2025-53067
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to... Read more
Affected Products : mysql_server- Published: Oct. 21, 2025
- Modified: Oct. 24, 2025
-
6.5
MEDIUMCVE-2025-53068
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris execut... Read more
- Published: Oct. 21, 2025
- Modified: Oct. 24, 2025