Latest CVE Feed
-
8.8
HIGHCVE-2025-11905
A vulnerability was found in yanyutao0402 ChanCMS up to 3.3.2. This vulnerability affects the function getArticle of the file app\modules\cms\controller\gather.js. The manipulation results in code injection. The attack may be launched remotely. The exploi... Read more
Affected Products : chancms- Published: Oct. 17, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-7851
An attacker may obtain the root shell on the underlying OS system with the restricted conditions on Omada gateways.... Read more
Affected Products : er7206_firmware er7206 er8411_firmware er8411 er7412-m2_firmware er7412-m2 er707-m2_firmware er707-m2 er605_firmware er605 +16 more products- Published: Oct. 21, 2025
- Modified: Oct. 24, 2025
-
9.3
CRITICALCVE-2025-7850
A command injection vulnerability may be exploited after the admin's authentication on the web portal on Omada gateways.... Read more
Affected Products : er7206_firmware er7206 er8411_firmware er8411 er7412-m2_firmware er7412-m2 er707-m2_firmware er707-m2 er605_firmware er605 +16 more products- Published: Oct. 21, 2025
- Modified: Oct. 24, 2025
-
7.5
HIGHCVE-2025-59043
OpenBao is an open source identity-based secrets management system. In OpenBao versions prior to 2.4.1, JSON objects after decoding may use significantly more memory than their serialized version. It is possible to craft a JSON payload to maximize the fac... Read more
Affected Products : openbao- Published: Oct. 17, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Denial of Service
-
8.2
HIGHCVE-2025-62419
DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a JDBC URL injection vulnerability exists in the DB2 and MongoDB data source configuration handlers. In the DB2 data source handler, when the extraParams field ... Read more
Affected Products : dataease- Published: Oct. 17, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Injection
-
8.8
HIGHCVE-2025-62420
DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a JDBC driver bypass vulnerability exists in the H2 database connection handler. The getJdbc function in H2.java checks if the jdbcUrl starts with jdbc:h2 but r... Read more
Affected Products : dataease- Published: Oct. 17, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Misconfiguration
-
9.8
CRITICALCVE-2025-55086
In NetXDuo version before 6.4.4, a networking support module for Eclipse Foundation ThreadX, in the DHCPV6 client there was an unchecked index extracting the server DUID from the server reply. With a crafted packet, an attacker could cause an out of memor... Read more
Affected Products : threadx_netx_duo- Published: Oct. 20, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Memory Corruption
-
6.9
MEDIUMCVE-2025-62597
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to version 3.5.1, a reflected cross-site scripting (XSS) vulnerability was identified in the editar_info_pessoal.php endpoint of the WeGIA application. T... Read more
Affected Products : wegia- Published: Oct. 21, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Cross-Site Scripting
-
7.0
HIGHCVE-2025-55340
Improper authentication in Windows Remote Desktop Protocol allows an authorized attacker to bypass a security feature locally.... Read more
Affected Products : windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 windows_11_25h2 +1 more products- Published: Oct. 14, 2025
- Modified: Oct. 24, 2025
-
5.5
MEDIUMCVE-2025-55676
Generation of error message containing sensitive information in Windows USB Video Driver allows an authorized attacker to disclose information locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 24, 2025
-
7.8
HIGHCVE-2025-55677
Untrusted pointer dereference in Windows Device Association Broker service allows an authorized attacker to elevate privileges locally.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 24, 2025
-
7.0
HIGHCVE-2025-55678
Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Oct. 14, 2025
- Modified: Oct. 24, 2025
-
7.1
HIGHCVE-2025-9339
SQL injection vulnerability in the fields of warehouse document filtering form in SIMPLE.ERP software allows logged-in user a malicious query injection. Potential exploitation is limited by the 20-character limit in form fields. Identified use case allows... Read more
Affected Products :- Published: Oct. 21, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Injection
-
5.3
MEDIUMCVE-2025-22168
Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to read the steps of another user's private checklist.... Read more
Affected Products : jira_align- Published: Oct. 22, 2025
- Modified: Oct. 24, 2025
- Vuln Type: Authorization
-
5.1
MEDIUMCVE-2025-55679
Improper input validation in Windows Kernel allows an unauthorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 +3 more products- Published: Oct. 14, 2025
- Modified: Oct. 24, 2025
-
7.8
HIGHCVE-2025-55680
Time-of-check time-of-use (toctou) race condition in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 +3 more products- Published: Oct. 14, 2025
- Modified: Oct. 24, 2025
-
7.8
HIGHCVE-2025-55681
Out-of-bounds read in Windows DWM allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 +3 more products- Published: Oct. 14, 2025
- Modified: Oct. 24, 2025
-
6.1
MEDIUMCVE-2025-55682
Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 24, 2025
-
4.9
MEDIUMCVE-2025-53067
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to... Read more
Affected Products : mysql_server- Published: Oct. 21, 2025
- Modified: Oct. 24, 2025
-
6.5
MEDIUMCVE-2025-53068
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris execut... Read more
- Published: Oct. 21, 2025
- Modified: Oct. 24, 2025