[GUEST ACCESS MODE: Data is scrambled or limited to provide examples. Make requests using your API key to unlock full data. Check https://lunarcrush.ai/auth for authentication information.]
@CVEnew CVE
CVE posts on X about has been, elevate, microsoft, adobe the most. They currently have XXXXXX followers and 9063 posts still getting attention that total XXXXXX engagements in the last XX hours.
Engagements: XXXXXX #
- X Week XXXXXXX +30%
- X Month XXXXXXXXX +41%
- X Months XXXXXXXXX +6.50%
- X Year XXXXXXXXX -XX%
Mentions: XXX #
- X Week XXXXX +43%
- X Month XXXXX +56%
- X Months XXXXXX +21%
- X Year XXXXXX +25%
Followers: XXXXXX #
- X Week XXXXXX +0.06%
- X Month XXXXXX +0.19%
- X Months XXXXXX +2.30%
- X Year XXXXXX +3.50%
CreatorRank: XXXXXXX #
Social Influence #
Social category influence technology brands XXXX% stocks XXXX% social networks XXXX% finance XXXX% gaming XXXX% cryptocurrencies XXXX% countries XXXX%
Social topic influence has been #3624, elevate #150, microsoft #402, adobe #332, sql #45, files #1191, sap #214, javascript #593, excel #665, os #729
Top accounts mentioned or mentioned by @cveannounce @transilienceai @centry_agent @blacksnufkin42 @askperplexity @builderioqwikcity @opennextjscloudflare @cyanheadsgitmcpserver @vueclipl @klsgitbelagavi @replyaz @threadreaderapp @greenbacktick @vysecurity @basefortify @batalhao @cwecapec @notnotnotveg @umidcybers @asuspressroom
Top assets mentioned Microsoft Corp. (MSFT) IBM (IBM) Alphabet Inc Class A (GOOGL) Ethereum (ETH)
Top Social Posts #
Top posts by engagements in the last XX hours
"CVE-2025-10228 Session Fixation vulnerability in Rolantis Information Technologies Agentis allows Session Hijacking.This issue affects Agentis: before 4.44"
X Link @CVEnew 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-59287 Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XX engagements
"CVE-2025-59998 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-62178 WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1 a Reflected Cross-Site Scripting (XSS) vulnerability w"
X Link @CVEnew 2025-10-13T21:35Z 55.7K followers, XXX engagements
"CVE-2025-61951 Undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. This issue may occur when a Datagram Transport Layer Security (DTLS) XXX virtual"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-10294 The OwnID Passwordless Login plugin for WordPress is vulnerable to Authentication Bypass in all versions up to and including 1.3.4. This is due to the plugin not pr"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-58738 Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-59295 Heap-based buffer overflow in Internet Explorer allows an unauthorized attacker to execute code over a network"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-10140 The Quick Social Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'quick-login' shortcode in all versions up to and including"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-42906 SAP Commerce Cloud contains a path traversal vulnerability that may allow users to access web applications such as the Administration Console from addresses where the"
X Link @CVEnew 2025-10-14T01:03Z 55.7K followers, XXX engagements
"CVE-2025-55683 Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-62177 WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1 a SQL Injection vulnerability was identified in the /h"
X Link @CVEnew 2025-10-13T21:27Z 55.7K followers, XXX engagements
"CVE-2025-8915 Hardcoded TLS private key and certificate in firmware in Kiloview N30 2.02.246allows malicious adversary to do a Mann-in-the-middle attack via the network"
X Link @CVEnew 2025-10-13T07:16Z 55.7K followers, XXX engagements
"CVE-2025-11184 Cross-site scripting vulnerability in QGIS QWC2 Registration GUI =v2025.03.31 allows an authorized attacker to plant arbitrary JavaScript code in the page"
X Link @CVEnew 2025-10-13T09:43Z 55.7K followers, XXX engagements
"CVE-2025-37142 Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-11636 A security vulnerability has been detected in Tomofun Furbo XXX up to FB0035_FW_036. This issue affects some unknown processing of the component Account Handler. Such"
X Link @CVEnew 2025-10-12T15:29Z 55.7K followers, XXX engagements
"CVE-2025-40809 A vulnerability has been identified in Solid Edge SE2024 (All versions V224.0 Update 14) Solid Edge SE2025 (All versions V225.0 Update 6). The affected applicati"
X Link @CVEnew 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-10406 The BlindMatrix e-Commerce WordPress plugin before XXX does not validate some shortcode attributes before using them to generate paths passed to include function/s a"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-10299 The WPBifrst Instant Passwordless Temporary Login Links plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ctl_cre"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-62241 Insecure Direct Object Reference (IDOR) vulnerability with shipment addresses in Liferay DXP 2023.Q4.1 through 2023.Q4.5 allows remote authenticated users to from one"
X Link @CVEnew 2025-10-13T19:37Z 55.7K followers, XXX engagements
"CVE-2025-62179 WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1 a SQL Injection vulnerability was identified in the /h"
X Link @CVEnew 2025-10-13T21:35Z 55.7K followers, XXX engagements
"CVE-2025-61675 FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX XX and versions prior to 17.0.6 for"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-53521 When a BIG-IP APM Access Policy is configured on a virtual server undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End o"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-59982 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Spaceallows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59230 Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-59962 An Access of Uninitialized Pointer vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved with BGP sharding configured a"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-55036 When BIG-IP SSL Orchestrator explicit forward proxy is configured on a virtual server and the proxy connect feature is enabled undisclosed traffic may cause memory c"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-59290 Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-59261 Time-of-check time-of-use (toctou) race condition in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XX engagements
"CVE-2025-59277 Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-59224 Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-59987 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Spaceallows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-39987 In the Linux kernel the following vulnerability has been resolved: can: hi311x: populate ndo_change_mtu() to prevent buffer overflow Sending an PF_PACKET allows to"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-8486 A potential vulnerability was reported in PC Manager that could allow a local authenticated user to execute code with elevated privileges"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-48008 When a TCP profile with Multipath TCP (MPTCP) enabled is configured on a virtual server undisclosed traffic along with conditions beyond the attacker's control can c"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-37145 Arbitrary file download vulnerabilities exist in a low-level interface library in AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful expl"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XX engagements
"CVE-2025-55682 Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-10041 The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in thesave_qr_code_to_db() function in all"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-31969 HCL Unica Platform is impacted by misconfigured Content Security Policy (CSP). These can result in malicious resources getting loaded and browsers may come across ce"
X Link @CVEnew 2025-10-12T07:50Z 55.7K followers, XXX engagements
"CVE-2025-59299 Delta Electronics DIAScreenlacks proper validation of the user-supplied file. If a user opens a malicious file an attacker can leverage this vulnerability to execut"
X Link @CVEnew 2025-10-03T03:20Z 55.7K followers, XXX engagements
"CVE-2025-10243 OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2 12.5.0.4 and 12.4.0.4 allows a remote authenticated attacker with admin privileges to"
X Link @CVEnew 2025-10-14T14:54Z 55.7K followers, XXX engagements
"CVE-2025-2139 IBM Engineering Requirements Management Doors Next 7.0.2 7.0.3 and XXX could allow an authenticated user on the network to delete reviews from other users due to clie"
X Link @CVEnew 2025-10-12T13:50Z 55.7K followers, XXX engagements
"CVE-2025-43281 The issue was addressed with improved authentication. This issue is fixed in macOS Sequoia XXXX. A local attacker may be able to elevate their privileges"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-59986 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Spaceallows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-55320 Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to elevate privi"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-56749 Creativeitem Academy LMS up to and including XXXX uses a hardcoded default JWT secret for token signing. This predictable secret allows attackers to forge valid JWT t"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-58120 When HTTP/2 Ingress is configured undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.Note: Software versions which have reached En"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-10045 The onOffice for WP-Websites plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to and including XXX due to insufficie"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-11673 SOOP-CLM developed by PiExtract has a Hidden Functionality vulnerability allowing privileged remote attackers to exploit a hidden functionality to execute arbitrary"
X Link @CVEnew 2025-10-13T07:50Z 55.7K followers, XXX engagements
"CVE-2025-59983 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Spaceallows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-55334 Cleartext storage of sensitive information in Windows Kernel allows an unauthorized attacker to bypass a security feature locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-39964 In the Linux kernel the following vulnerability has been resolved: crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg Issuing two writes to the same af_"
X Link @CVEnew 2025-10-13T13:54Z 55.7K followers, XXX engagements
"CVE-2025-31994 HCL Unica Campaign 12.1.10 is vulnerable to Reflected Cross-Site Scripting (XSS) where an attacker injects malicious script into an HTTP request which is then reflec"
X Link @CVEnew 2025-10-13T04:23Z 55.7K followers, XXX engagements
"CVE-2025-22831 APTIOV contains a vulnerability in BIOS where an attacker may cause an Out-of-bounds Write by local. Successful exploitation of this vulnerability may lead to data co"
X Link @CVEnew 2025-10-14T14:38Z 55.7K followers, XXX engagements
"CVE-2025-59958 An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on PTX Series allows"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59289 Double free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XX engagements
"CVE-2025-39903 In the Linux kernel the following vulnerability has been resolved: of_numa: fix uninitialized memory nodes causing kernel panic When there are memory-only nodes (n"
X Link @CVEnew 2025-10-01T08:21Z 55.7K followers, XXX engagements
"CVE-2025-11655 A security flaw has been discovered in Total.js Flow up to 673ef9144dd25d4f4fd4fdfda5af27f230198924. The impacted element is an unknown function of the component SVG"
X Link @CVEnew 2025-10-13T02:49Z 55.7K followers, XXX engagements
"CVE-2025-47150 When SNMP is configured on F5OS Appliance and Chassis systems undisclosed requests can cause an increase in SNMP memory resource utilization. Note: Software version"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-59258 Insertion of sensitive information into log file in Active Directory Federation Services allows an unauthorized attacker to disclose information locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-62358 WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1 the log parameter in configuracao_geral.php is vulnera"
X Link @CVEnew 2025-10-13T21:35Z 55.7K followers, XXX engagements
"CVE-2025-40000 In the Linux kernel the following vulnerability has been resolved: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() There is a bug observed whe"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-11722 The Woocommerce Category and Products Accordion Panel plugin for WordPress is vulnerable to Local File Inclusion in all versions up to and including XXX via the 'ca"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-54196 Adobe Connect versions XXXX and earlier are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. An attacker could leverage this vulnerabi"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-9265 A broken authorization vulnerability in Kiloview NDI N30 allows a remote unauthenticated attacker to deactivate user verification giving them access to state changing"
X Link @CVEnew 2025-10-13T07:16Z 55.7K followers, XXX engagements
"CVE-2025-11612 A vulnerability has been found in code-projects Simple Food Ordering System XXX. This impacts an unknown function of the file /addproduct.php. The manipulation of the"
X Link @CVEnew 2025-10-11T19:23Z 55.7K followers, XXX engagements
"CVE-2025-55332 Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-34267 Flowise v3.0.1 3.0.8 and all versions after with 'ALLOW_BUILTIN_DEP' enabled contain an authenticated remote code execution vulnerability and node VM sandbox escape"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-58724 Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-55687 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Resilient File System (ReFS) allows an unauthorized attacker to"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-10732 The SureForms Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to and including"
X Link @CVEnew 2025-10-14T05:50Z 55.7K followers, XXX engagements
"CVE-2025-62389 SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database"
X Link @CVEnew 2025-10-13T21:35Z 55.7K followers, XXX engagements
"CVE-2025-61930 Emlog is an open source website building system. Emlog Pro versions 2.5.19 and earlier are vulnerable to CrossSite Request Forgery (CSRF) on the password change endp"
X Link @CVEnew 2025-10-10T20:33Z 55.7K followers, XXX engagements
"CVE-2025-62364 text-generation-webui is an open-source web interface for running Large Language Models. In versions through XXXX a Local File Inclusion vulnerability exists in the"
X Link @CVEnew 2025-10-13T20:50Z 55.7K followers, XXX engagements
"CVE-2025-54889 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (SNMP traps manufacturer config"
X Link @CVEnew 2025-10-14T15:18Z 55.7K followers, XXX engagements
"CVE-2025-59244 External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XX engagements
"CVE-2025-20713 In wlan AP driver there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has"
X Link @CVEnew 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-11664 A security vulnerability has been detected in Campcodes Online Beauty Parlor Management System XXX. The impacted element is an unknown function of the file /admin/sea"
X Link @CVEnew 2025-10-13T06:24Z 55.7K followers, XXX engagements
"CVE-2025-62392 SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database"
X Link @CVEnew 2025-10-13T21:27Z 55.7K followers, XXX engagements
"CVE-2025-59481 A vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command that may allow an authenticated attacker with at least resource administra"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-9698 The Plus Addons for Elementor WordPress plugin before 6.3.16 does not sanitize SVG file contents which could allow users with minimum role access as Author to perform"
X Link @CVEnew 2025-10-13T06:24Z 55.7K followers, XXX engagements
"CVE-2025-11653 A vulnerability was determined in UTT HiPER 2620G up to 3.1.4. Impacted is the function strcpy of the file /goform/fNTP. This manipulation of the argument NTPServerIP"
X Link @CVEnew 2025-10-13T02:49Z 55.7K followers, XXX engagements
"CVE-2025-53768 Use after free in Xbox allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-6042 The Lisfinity Core - Lisfinity Core plugin used for pebas Lisfinity WordPress theme plugin for WordPress is vulnerable to privilege escalation in all versions up to a"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-55333 Incomplete comparison with missing factors in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-58718 Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-31998 HCL Unica Centralized Offer Management is vulnerable to poor unhandled exceptions which exposes sensitive information. An attacker can exploit use this information t"
X Link @CVEnew 2025-10-12T03:26Z 55.7K followers, XXX engagements
"CVE-2025-11595 A vulnerability was found in Campcodes Online Apartment Visitor Management System XXX. Impacted is an unknown function of the file /admin-profile.php. Performing mani"
X Link @CVEnew 2025-10-11T09:50Z 55.7K followers, XXX engagements
"CVE-2025-62380 mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Mailgen versions through 2.0.31 contain an HTML injection vulnerab"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-11659 A flaw has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. Affected by this vulnerability is an unknown fun"
X Link @CVEnew 2025-10-13T03:59Z 55.7K followers, XXX engagements
"CVE-2025-58720 Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-11663 A weakness has been identified in Campcodes Online Beauty Parlor Management System XXX. The affected element is an unknown function of the file /admin/manage-services"
X Link @CVEnew 2025-10-13T05:50Z 55.7K followers, XXX engagements
"CVE-2025-9950 The Error Log Viewer by BestWebSoft plugin for WordPress is vulnerable to Directory Traversal in all versions up to and including 1.1.6 via the rrrlgvwr_get_file func"
X Link @CVEnew 2025-10-11T09:50Z 55.7K followers, XXX engagements
"CVE-2025-61803 Substance3D - Stager versions 3.1.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the c"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XX engagements
"CVE-2025-59988 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-53860 A vulnerability exists in F5OS-A software that allows a highly privileged authenticated attacker to access sensitive FIPS hardware security module (HSM) information o"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-58715 Integer overflow or wraparound in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-10357 The Simple SEO WordPress plugin before 2.0.32 does not sanitise and escape some parameters when outputing them in the page which could allow users with a role as low"
X Link @CVEnew 2025-10-14T06:23Z 55.7K followers, XXX engagements
"CVE-2025-59211 Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-62383 SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database"
X Link @CVEnew 2025-10-13T21:35Z 55.7K followers, XXX engagements
"CVE-2025-11647 A flaw has been found in Tomofun Furbo XXX and Furbo Mini. This issue affects some unknown processing of the component GATT Service. This manipulation of the argument"
X Link @CVEnew 2025-10-12T21:36Z 55.7K followers, XXX engagements
"CVE-2025-9548 A potential null pointer dereference vulnerability was reported in the Lenovo Power Management Driver that could allow a local authenticated user to cause a Windows blu"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-54264 Adobe Commerce versions 2.4.9-alpha2 2.4.8-p2 2.4.7-p7 2.4.6-p12 2.4.5-p14 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting (XSS) Cross-Site S"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-62244 Insecure direct object reference (IDOR) vulnerability in Publications in Liferay Portal 7.3.1 through 7.4.3.111 and Liferay DXP 2023.Q4.0 through 2023.Q4.5 2023.Q3"
X Link @CVEnew 2025-10-13T17:14Z 55.7K followers, XXX engagements
"CVE-2025-39990 In the Linux kernel the following vulnerability has been resolved: bpf: Check the helper function is valid in get_helper_proto kernel test robot reported verifier"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-58096 When the database variable tm.tcpudptxchecksumis configured as non-default value Software-onlyon a BIG-IP system undisclosed traffic can cause the Traffic Manageme"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-20359 Multiple Cisco products are affected by a vulnerability in the Snort X HTTP Decoder that could allow an unauthenticated remote attacker to cause the disclosure of po"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-55684 Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-59284 Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-55328 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges loc"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-20709 In wlan AP driver there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege wit"
X Link @CVEnew 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-59282 Concurrent execution using shared resource with improper synchronization ('race condition') in Inbox COM Objects allows an unauthorized attacker to execute code local"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-58153 Under undisclosed traffic conditions along with conditions beyond the attacker's control hardware systems with a High-Speed Bridge (HSB) may experience a lockup of t"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-55701 Improper validation of specified type of input in Microsoft Windows allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-59206 Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-59193 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate pr"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-39973 In the Linux kernel the following vulnerability has been resolved: i40e: add validation for ring_len param The ring_len parameter provided by the virtual functio"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-11668 A vulnerability was determined in code-projects Automated Voting System XXX. Affected by this issue is some unknown functionality of the file /admin/update_user.php"
X Link @CVEnew 2025-10-13T08:49Z 55.7K followers, XXX engagements
"CVE-2025-62176 Mastodon is a free open-source social network server based on ActivityPub. In Mastodon before 4.4.6 4.3.14 and 4.2.27 the streaming server accepts serving events"
X Link @CVEnew 2025-10-13T21:27Z 55.7K followers, XXX engagements
"CVE-2025-59836 Omni manages Kubernetes on bare metal virtual machines or in a cloud. Prior to 1.1.5 and 1.0.2 there is a nil pointer dereference vulnerability in the Omni Resour"
X Link @CVEnew 2025-10-13T20:50Z 55.7K followers, XXX engagements
"CVE-2025-60009 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-61941 A path traversal issue exists in WXR9300BE6P series firmware versions prior to Ver.1.10. Arbitrary file may be altered by an administrative user who logs in to the af"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-59993 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-11652 A vulnerability was found in UTT 518G up to V3v3.2.7-210919-161313. This issue affects some unknown processing of the file /goform/formTaskEdit_ap. The manipulatio"
X Link @CVEnew 2025-10-13T02:49Z 55.7K followers, XXX engagements
"CVE-2025-23356 NVIDIA Isaac Lab contains a vulnerability in SB3 configuration parsing. A successful exploit of this vulnerability might lead to code execution denial of service es"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XX engagements
"CVE-2025-39966 In the Linux kernel the following vulnerability has been resolved: iommufd: Fix race during abort for file descriptors fput() doesn't actually call file_operations"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-20715 In wlan AP driver there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has"
X Link @CVEnew 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-53139 Cleartext transmission of sensitive information in Windows Hello allows an unauthorized attacker to bypass a security feature locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-10312 The Theme Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including XXX. This is due to missing nonce validation"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-61802 Substance3D - Stager versions 3.1.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the cur"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-40773 A vulnerability has been identified in SiPass integrated (All versions V3.0). Affected server applications contains a broken access control vulnerability. The autho"
X Link @CVEnew 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-11667 A vulnerability was found in code-projects Automated Voting System XXX. Affected by this vulnerability is an unknown functionality of the file /admin/add_candidate_mo"
X Link @CVEnew 2025-10-13T07:50Z 55.7K followers, XXX engagements
"CVE-2025-59995 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-55669 When the BIG-IP Advanced WAF and ASM security policy and a server-side HTTP/2 profile are configured on a virtual server undisclosed traffic can cause the Traffic Ma"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-0636 EMCLI contains a high severity vulnerability where improper neutralization of special elements used in an OS command could be exploited leading to Arbitrary Code Execut"
X Link @CVEnew 2025-10-13T06:51Z 55.7K followers, XXX engagements
"CVE-2025-40810 A vulnerability has been identified in Solid Edge SE2024 (All versions V224.0 Update 14) Solid Edge SE2025 (All versions V225.0 Update 6). The affected applicati"
X Link @CVEnew 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-53856 When a virtual server network address translation (NAT) object or secure network address translation (SNAT) object uses the embedded Packet Velocity Acceleration (e"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-59980 An Authentication Bypass by Primary Weakness in the FTP server of Juniper Networks Junos OS allows an unauthenticated network-based attacker to get limited read-wri"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-11728 The Oceanpayment CreditCard Gateway plugin for WordPress is vulnerable to unauthenticated and unauthorized modification of data due to missing authentication and capa"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-39998 In the Linux kernel the following vulnerability has been resolved: scsi: target: target_core_configfs: Add length check to avoid buffer overflow A buffer overflow"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-60006 Multiple instances of an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the CLI of Juniper Networks Jun"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-39970 In the Linux kernel the following vulnerability has been resolved: i40e: fix input validation logic for action_meta Fix condition to check 'greater or equal' to pr"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-20351 A vulnerability in the web UI of Cisco Desk Phone 9800 Series Cisco IP Phone 7800 and 8800 Series and Cisco Video Phone 8875 running Cisco SIP Software could allow"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-54281 Adobe Framemaker versions 2020.9 2022.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of th"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-11176 The Quick Featured Images plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to and including 13.7.2 via the qfi_set_thumbnai"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-49553 Adobe Connect versions XXXX and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute malicio"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-59204 Use of uninitialized resource in Windows Management Services allows an authorized attacker to disclose information locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-41707 The websocket handler is vulnerable to a denial of service condition. An unauthenticated remote attacker can send a crafted websocket message to trigger the issue wit"
X Link @CVEnew 2025-10-14T08:45Z 55.7K followers, XXX engagements
"CVE-2025-59201 Improper access control in Network Connection Status Indicator (NCSI) allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-59228 Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-55685 Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-39985 In the Linux kernel the following vulnerability has been resolved: can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow Sending an PF_PACKET allows"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-11615 A security flaw has been discovered in SourceCodester Best Salon Management System XXX. This affects an unknown part of the file /panel/add_invoice.php. Performing ma"
X Link @CVEnew 2025-10-11T21:36Z 55.7K followers, XXX engagements
"CVE-2025-54276 Substance3D - Modeler versions 1.22.3 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file which could result in a read past t"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-59231 Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-55338 Missing Ability to Patch ROM Code in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-9336 A stack buffer overflow has been identified in the AsIO3.sys driver. This vulnerability can be triggered by input manipulation may leading to a system crash (BSOD) or"
X Link @CVEnew 2025-10-13T09:52Z 55.7K followers, XXX engagements
"CVE-2025-54755 A directory traversal vulnerability exists in TMUI that allows an authenticated attacker to access files which are not limited to the intended files. Note: Software"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-59189 Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-36087 IBM Security Verify Access 10.0.0 through 10.0.9 11.0.0 IBM Verify Identity Access Container 10.0.0 through 10.0.9 and 11.0.0 under certain configurations contai"
X Link @CVEnew 2025-10-13T02:49Z 55.7K followers, XXX engagements
"CVE-2025-11719 Starting in Firefox XXX the use of the native messaging API by web extensions on Windows could lead to crashes caused by use-after-free memory corruption. This vulne"
X Link @CVEnew 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-11614 A vulnerability was identified in SourceCodester Best Salon Management System XXX. Affected by this issue is some unknown functionality of the file /panel/edit-appoin"
X Link @CVEnew 2025-10-11T20:50Z 55.7K followers, XXX engagements
"CVE-2025-46706 When an iRule containing the HTTP::respond command is configured on a virtual server undisclosed requests can cause an increase in memory resource utilization.Note:"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-62385 SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database"
X Link @CVEnew 2025-10-13T21:35Z 55.7K followers, XXX engagements
"CVE-2025-62374 Parse Javascript SDK provides access to the powerful Parse Server backend from your JavaScript app. Prior to 7.0.0 injection of malicious payload allows attacker to"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XX engagements
"CVE-2025-59196 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privilege"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-58133 Authentication bypass in some Zoom Rooms Clients before version 6.5.1 may allow an unauthenticated user to conduct a disclosure of information via network access"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-54891 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (ACL Resource access configurat"
X Link @CVEnew 2025-10-14T15:18Z 55.7K followers, XXX engagements
"CVE-2025-10556 A stored Cross-site Scripting (XSS) vulnerability affecting Specification Management in ENOVIA Specification Manager from Release 3DEXPERIENCE R2023x through Release"
X Link @CVEnew 2025-10-13T07:50Z 55.7K followers, XXX engagements
"CVE-2025-53782 Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-50175 Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2024-33507 An insufficient session expiration vulnerability CWE-613 and an incorrect authorization vulnerability CWE-863 in FortiIsolator 2.4.0 through 2.4.4 XXX all versio"
X Link @CVEnew 2025-10-14T15:40Z 55.7K followers, XXX engagements
"CVE-2025-40771 A vulnerability has been identified in SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions V2.4.24) SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions"
X Link @CVEnew 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-58725 Heap-based buffer overflow in Windows COM allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-55677 Untrusted pointer dereference in Windows Device Association Broker service allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-58474 When BIG-IP Advanced WAF is configured on a virtual server with Server-Side Request Forgery (SSRF) protection or when an NGINX server is configured with App Protect B"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-10730 The Wp tabber widget plugin for WordPress is vulnerable to SQL Injection via the 'wp-tabber-widget' shortcode in all versions up to and including XXX due to insuffi"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-11611 A weakness has been identified in SourceCodester Simple Inventory System XXX. Impacted is an unknown function of the file /user.php. This manipulation of the argument"
X Link @CVEnew 2025-10-11T18:41Z 55.7K followers, XXX engagements
"CVE-2025-11613 A vulnerability was found in code-projects Simple Food Ordering System XXX. Affected is an unknown function of the file /addcategory.php. The manipulation of the argu"
X Link @CVEnew 2025-10-11T19:50Z 55.7K followers, XXX engagements
"CVE-2025-58739 Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-31997 HCL Unica Centralized Offer Management is vulnerable to Insecure Direct Object References (IDOR). An attacker can bypass authorization and access resources in the sy"
X Link @CVEnew 2025-10-12T03:26Z 55.7K followers, XXX engagements
"CVE-2025-41430 When BIG-IP SSL Orchestrator is enabled undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have re"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-54266 Adobe Commerce versions 2.4.9-alpha2 2.4.8-p2 2.4.7-p7 2.4.6-p12 2.4.5-p14 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerabilit"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-59967 A NULL Pointer Dereference vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved on ACX7024ACX7024XACX7100-32CACX7100-48"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-9124 A denial-of-service security issue in the affected product. The security issue stems from a fault occurring when a crafted CIP unconnected explicit message is sent. Thi"
X Link @CVEnew 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-59186 Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-39995 In the Linux kernel the following vulnerability has been resolved: media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe The state-timer i"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-55686 Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-58717 Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-59195 Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to deny serv"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-10720 The WP Private Content Plus through 3.6.2 provides a global content protection feature that requires a password. However the access control check is based only on th"
X Link @CVEnew 2025-10-13T09:52Z 55.7K followers, XXX engagements
"CVE-2025-60004 An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-20714 In wlan AP driver there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has"
X Link @CVEnew 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-61775 Vickey is a Misskey-based microblogging platform. A vulnerability exists in Vickey prior to version 2025.10.0 where unexpired email confirmation links can be reused m"
X Link @CVEnew 2025-10-13T17:42Z 55.7K followers, XXX engagements
"CVE-2025-61798 Dimension versions 4.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file which could result in a read past the end of an"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XX engagements
"CVE-2025-59234 Use after free in Microsoft Office allows an unauthorized attacker to execute code locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-11637 A vulnerability was detected in Tomofun Furbo XXX up to FB0035_FW_036. Impacted is an unknown function of the component Audio Handler. Performing manipulation results"
X Link @CVEnew 2025-10-12T16:50Z 55.7K followers, XXX engagements
"CVE-2025-10139 The WP BookWidgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bw_link' shortcode in all versions up to and including XXX du"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-55690 Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-59190 Improper input validation in Microsoft Windows Search Component allows an unauthorized attacker to deny service locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-9968 A link following vulnerability exists in the UnifyScanner component of Armoury Crate. This vulnerability may be triggered by creating a specially crafted junction pote"
X Link @CVEnew 2025-10-13T08:49Z 55.7K followers, XXX engagements
"CVE-2025-59243 Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-59989 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-39977 In the Linux kernel the following vulnerability has been resolved: futex: Prevent use-after-free during requeue-PI syzbot managed to trigger the following race:"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-46581 ZTE's ZXCDN product is affected by a Struts remote code execution (RCE) vulnerability. An unauthenticated attacker can remotely execute commands with non-root privil"
X Link @CVEnew 2025-10-14T09:17Z 55.7K followers, XXX engagements
"CVE-2025-10575 The WP jQuery Pager plugin for WordPress is vulnerable to SQL Injection via the 'ids' shortcode attribute parameter handled by the WPJqueryPaged::get_gallery_page_img"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-40774 A vulnerability has been identified in SiPass integrated (All versions V3.0). Affected server applications store user passwords encrypted in its database. Decryptio"
X Link @CVEnew 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-11635 A weakness has been identified in Tomofun Furbo XXX up to FB0035_FW_036. This vulnerability affects unknown code of the component File Upload. This manipulation cause"
X Link @CVEnew 2025-10-12T14:30Z 55.7K followers, XXX engagements
"CVE-2025-10303 The Library Management System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the owt7_library_management"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-39976 In the Linux kernel the following vulnerability has been resolved: futex: Use correct exit on failure from futex_hash_allocate_default() copy_process() uses the wr"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-60010 A password aging vulnerability in the RADIUS client of Juniper Networks Junos OS and Junos OS Evolved allows an authenticated network-based attacker to access the de"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-55339 Out-of-bounds read in Windows NDIS allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-39979 In the Linux kernel the following vulnerability has been resolved: net/mlx5: fs fix UAF in flow counter release Fix a kernel trace X caused by releasing an HWS"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-8429 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (ACL Action access configuration"
X Link @CVEnew 2025-10-14T15:40Z 55.7K followers, XXX engagements
"CVE-2025-8561 The Ova Advent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to and including 1.1.7 due to insuffic"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-59997 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59253 Improper access control in Microsoft Windows Search Component allows an authorized attacker to deny service locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XX engagements
"CVE-2025-55700 Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-59257 Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-54274 Substance3D - Viewer versions 0.25.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the cont"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-9068 A security issue exists within the Rockwell Automation Driver Package x64 Microsoft Installer File (MSI) repair functionality installed with FTLinx. Authenticated atta"
X Link @CVEnew 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-59233 Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-59280 Improper authentication in Windows SMB Client allows an unauthorized attacker to perform tampering over a network"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-10051 The Demo Import Kit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to and including 1.1.0 via t"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-62410 In versions before 20.0.2 it was found that --disallow-code-generation-from-strings is not sufficient for isolating untrusted JavaScript in happy-dom. The untrusted"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-43313 A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13.7.7 macOS Sonoma 14.7.7 macOS Sequoia XXXX. An app may be able to ac"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-11183 Cross-Site Scripting vulnerability in attribute table in QGIS QWC2 2025.08.14 allows an authorized attacker to plant arbitrary JavaScript code in the page"
X Link @CVEnew 2025-10-13T09:43Z 55.7K followers, XXX engagements
"CVE-2025-9437 A security issue exists within the Studio 5000 Logix Designer add-on profile (AOP) for the ArmorStart Classic distributed motor controller resulting in denial-of-servi"
X Link @CVEnew 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-54265 Adobe Commerce versions 2.4.9-alpha2 2.4.8-p2 2.4.7-p7 2.4.6-p12 2.4.5-p14 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. An att"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-54283 Illustrator versions XXXX 28.7.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XX engagements
"CVE-2025-37143 An arbitrary file download vulnerability exists in the web-based management interface of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successf"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-61882 Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are"
X Link @CVEnew 2025-10-05T03:49Z 55.7K followers, 1866 engagements
"CVE-2025-58732 Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-59300 Delta Electronics DIAScreenlacks proper validation of the user-supplied file. If a user opens a malicious file an attacker can leverage this vulnerability to execut"
X Link @CVEnew 2025-10-03T03:20Z 55.7K followers, XXX engagements
"CVE-2025-48004 Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-59991 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-52614 HCL Unica Platform is affected by a Cookie without HTTPOnly Flag Set vulnerability. A malicious agent may be able to induce this event by feeding a user suitable lin"
X Link @CVEnew 2025-10-12T08:17Z 55.7K followers, XXX engagements
"CVE-2025-58730 Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-53474 When an iRule using an ILX::callcommand is configured on a virtual server undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-10682 The TARIFFUXX plugin for WordPress is vulnerable to SQL Injection in versions up to and including XXX. This is due to insufficient neutralization of user-supplied i"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-61990 When using a multi-bladed platform with more than one blade undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software vers"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-2529 Applications using affected versions of Ehcache 3.x can experience degraded cache-write performance if the application using Ehcache utilizes keys sourced from (malicio"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-62243 Insecure direct object reference (IDOR) vulnerability in Publications in Liferay Portal 7.4.1 through 7.4.3.112 and Liferay DXP 2023.Q4.0 through 2023.Q4.5 2023.Q3"
X Link @CVEnew 2025-10-13T17:35Z 55.7K followers, XXX engagements
"CVE-2025-55695 Out-of-bounds read in Windows WLAN Auto Config Service allows an authorized attacker to disclose information locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-24990 Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-56747 Creativeitem Academy LMS up to and including XXXX contains a privilege escalation vulnerability in the Api_instructor controller where regular authenticated users can"
X Link @CVEnew 2025-10-14T15:18Z 55.7K followers, XXX engagements
"CVE-2025-61955 A vulnerability exists in F5OS-A and F5OS-C systems that may allow an authenticated attacker with local access to escalate their privileges. A successful exploit may"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-10986 Path traversal in the admin panel of Ivanti EPMM before version 12.6.0.2 12.5.0.4 and 12.4.0.4 allows a remote authenticated attacker with admin privileges to write"
X Link @CVEnew 2025-10-14T14:54Z 55.7K followers, XXX engagements
"CVE-2025-59976 An arbitrary file download vulnerability in the web interface of Juniper Networks Junos Space allows a network-based authenticated attacker using a crafted GET method"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-10557 A stored Cross-site Scripting (XSS) vulnerability affecting Issue Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Relea"
X Link @CVEnew 2025-10-13T07:50Z 55.7K followers, XXX engagements
"CVE-2025-27906 IBM Content Navigator 3.0.11 3.0.15 3.1.0 and 3.2.0 could expose the directory listing of the application upon using an application URL. Application files and fold"
X Link @CVEnew 2025-10-14T14:38Z 55.7K followers, XXX engagements
"CVE-2025-55697 Heap-based buffer overflow in Azure Local allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-54270 Animate versions 23.0.13 24.0.10 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to memory exposure. An attacker could leverage"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-20712 In wlan AP driver there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege wit"
X Link @CVEnew 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-54269 Animate versions 23.0.13 24.0.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-33177 NVIDIA Jetson Linux and IGX OS contain a vulnerability in NvMap where improper tracking of memory allocations could allow a local attacker to cause memory overalloca"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-39902 In the Linux kernel the following vulnerability has been resolved: mm/slub: avoid accessing metadata when pointer is invalid in object_err() object_err() reports d"
X Link @CVEnew 2025-10-01T08:21Z 55.7K followers, XXX engagements
"CVE-2025-11609 A flaw has been found in code-projects Hospital Management System XXX. Affected is the function session of the component express-session. This manipulation of the arg"
X Link @CVEnew 2025-10-11T17:36Z 55.7K followers, XXX engagements
"CVE-2025-55337 Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-59292 External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-11708 Use-after-free in MediaTrackGraphImpl::GetInstance() This vulnerability affects Firefox XXX Firefox ESR XXXXX Thunderbird XXX and Thunderbird 140.4"
X Link @CVEnew 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-58727 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacke"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-58722 Heap-based buffer overflow in Windows DWM allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-61958 A vulnerability exists in the iHealth command that may allow an authenticated attacker with at least a resource administrator role to bypass tmshrestrictions and gai"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-20360 Multiple Cisco products are affected by a vulnerability in the Snort X HTTP Decoder that could allow an unauthenticated remote attacker to cause the Snort X Detectio"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-52615 HCL Unica Platform is impacted by misconfigured security related HTTP headers. This can lead to less secure browser default treatment for the policies controlled by"
X Link @CVEnew 2025-10-12T08:41Z 55.7K followers, XXX engagements
"CVE-2025-11714 Memory safety bugs present in Firefox ESR XXXXXX Firefox ESR XXXXX Thunderbird ESR XXXXX Firefox XXX and Thunderbird XXX. Some of these bugs showed evidence of mem"
X Link @CVEnew 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-11608 A security vulnerability has been detected in code-projects E-Banking System XXX. This affects an unknown function of the file /register.php of the component POST Par"
X Link @CVEnew 2025-10-11T17:27Z 55.7K followers, XXX engagements
"CVE-2025-50174 Use after free in Windows Device Association Broker service allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-11713 Insufficient escaping in the Copy as cURL feature could have been used to trick a user into executing unexpected code on Windows. This did not affect Firefox runnin"
X Link @CVEnew 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-20716 In wlan AP driver there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has"
X Link @CVEnew 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-9713 Path traversal in Ivanti Endpoint Manager allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required"
X Link @CVEnew 2025-10-13T21:27Z 55.7K followers, XXX engagements
"CVE-2025-11832 Allocation of Resources Without Limits or Throttling vulnerability in Azure Access Technology BLU-IC2 Azure Access Technology BLU-IC4 allows Flooding.This issue affe"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-49552 Adobe Connect versions XXXX and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a high-privileged attacker to"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-62156 Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions prior to 3.6.12 and versions 3.7.0 through 3"
X Link @CVEnew 2025-10-14T15:18Z 55.7K followers, XXX engagements
"CVE-2025-11606 A security flaw has been discovered in iPynch Social Network Website up to b6933b6d7f82c84819abe458ccf0e59d61119541. The affected element is an unknown function of th"
X Link @CVEnew 2025-10-11T15:28Z 55.7K followers, XXX engagements
"CVE-2025-59222 Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-11648 A vulnerability has been found in Tomofun Furbo XXX and Furbo Mini. Impacted is an unknown function of the file TF_FQDN.json of the component GATT Interface URL Handl"
X Link @CVEnew 2025-10-12T22:31Z 55.7K followers, XXX engagements
"CVE-2025-62366 mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Mailgen versions through 2.0.30 contain an HTML injection vulnerab"
X Link @CVEnew 2025-10-14T15:40Z 55.7K followers, XXX engagements
"CVE-2025-10135 The WP ViewSTL plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'viewstl' shortcode in all versions up to and including XXX due to"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-55681 Out-of-bounds read in Windows DWM allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-11709 A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. This vulnerability affects"
X Link @CVEnew 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-59992 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-58733 Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-55326 Use after free in Connected Devices Platform Service (Cdpsvc) allows an unauthorized attacker to execute code over a network"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-59298 Delta Electronics DIAScreenlacks proper validation of the user-supplied file. If a user opens a malicious file an attacker can leverage this vulnerability to execut"
X Link @CVEnew 2025-10-03T03:20Z 55.7K followers, XXX engagements
"CVE-2025-55080 In Eclipse ThreadX before 6.4.3 when memory protection is enabled syscall parameters verification wasn't enough allowing an attacker to obtain an arbitrary memory"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-59238 Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XX engagements
"CVE-2025-54858 When a BIG-IP Advanced WAF or BIG-IP ASM Security Policy is configured with a JSON content profile that has a malformed JSON schema and the security policy is applie"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-54275 Substance3D - Viewer versions 0.25.2 and earlier are affected by an out-of-bounds write vulnerability that could lead to application denial-of-service. An attacker co"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-39974 In the Linux kernel the following vulnerability has been resolved: tracing/osnoise: Fix slab-out-of-bounds in _parse_integer_limit() When config osnoise cpus by wr"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-59275 Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XX engagements
"CVE-2025-59990 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-39996 In the Linux kernel the following vulnerability has been resolved: media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove The original cod"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-55340 Improper authentication in Windows Remote Desktop Protocol allows an authorized attacker to bypass a security feature locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-55694 Improper access control in Windows Error Reporting allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-47148 When the BIG-IP system is configured as both a Security Assertion Markup Language (SAML) service provider (SP) and Identity Provider (IdP) with single logout (SLO) e"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-42903 A vulnerability in SAP Financial Service Claims Management RFC function ICL_USER_GET_NAME_AND_ADDRESS allows user enumeration and potential disclosure of personal dat"
X Link @CVEnew 2025-10-14T01:03Z 55.7K followers, XXX engagements
"CVE-2024-47569 A insertion of sensitive information into sent data in Fortinet FortiManager Cloud 7.4.1 through 7.4.3 FortiVoice 7.0.0 through 7.0.4 6.4.0 through 6.4.9 6.0.7 thr"
X Link @CVEnew 2025-10-14T15:40Z 55.7K followers, XXX engagements
"CVE-2025-62361 WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.0 an Open Redirect vulnerability was identified in the c"
X Link @CVEnew 2025-10-13T21:35Z 55.7K followers, XXX engagements
"CVE-2025-54892 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (SNMP traps group configuration"
X Link @CVEnew 2025-10-14T15:18Z 55.7K followers, XXX engagements
"CVE-2025-59192 Buffer over-read in Storport.sys Driver allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-59185 External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-2140 IBM Engineering Requirements Management Doors Next 7.0.2 7.0.3 and XXX could allow an authenticated user on the network to spoof email identity of the sender due to i"
X Link @CVEnew 2025-10-12T13:50Z 55.7K followers, XXX engagements
"CVE-2025-20718 In wlan AP driver there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution priv"
X Link @CVEnew 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-10699 A vulnerability was reported in the Lenovo LeCloud client application that under certain conditions could allow information disclosure"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-9967 The Orion SMS OTP Verification plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to and including 1.1.7. This is due"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-59260 Exposure of sensitive information to an unauthorized actor in Microsoft Failover Cluster Virtual Driver allows an authorized attacker to disclose information locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XX engagements
"CVE-2025-20722 In gnss driver there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure if a malicious actor has already ob"
X Link @CVEnew 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-59214 Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-55691 Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-59237 Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-59269 A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the c"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-46774 An Improper Verification of Cryptographic Signature vulnerability CWE-347 in FortiClient MacOS installer version 7.4.2 and below version 7.2.9 and below XXX all v"
X Link @CVEnew 2025-10-14T15:40Z 55.7K followers, XXX engagements
"CVE-2025-59199 Improper access control in Software Protection Platform (SPP) allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-59248 Improper input validation in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XX engagements
"CVE-2025-10313 The Find And Replace content for WordPress plugin for WordPress is vulnerable to unauthorized Stored Cross-Site Scripting and Arbitrary Content Replacement due to a m"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-53845 An improper authentication vulnerability CWE-287 in Fortinet FortiAnalyzer version 7.6.0 through 7.6.3 and before 7.4.6 allows an unauthenticated attacker to obtain"
X Link @CVEnew 2025-10-14T15:40Z 55.7K followers, XXX engagements
"CVE-2025-55315 Inconsistent interpretation of http requests ('http request/response smuggling') in Core allows an authorized attacker to bypass a security feature over a net"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-42908 Due to a Cross-Site Request Forgery (CSRF) vulnerability in SAP NetWeaver Application Server for ABAP an authenticated attacker could initiate transactions directly"
X Link @CVEnew 2025-10-14T01:03Z 55.7K followers, XXX engagements
"CVE-2025-11662 A security flaw has been discovered in SourceCodester Best Salon Management System XXX. Impacted is an unknown function of the file /booking.php. The manipulation of"
X Link @CVEnew 2025-10-13T05:16Z 55.7K followers, XXX engagements
"CVE-2025-11177 The External Login plugin for WordPress is vulnerable to SQL Injection via the 'log' parameter in all versions up to and including 1.11.2 due to insufficient escapi"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-42909 SAP Cloud Appliance Library Appliances allows an attacker with high privileges to leverage an insecure S/4HANA default profile setting in an existing SAP CAL applianc"
X Link @CVEnew 2025-10-14T01:03Z 55.7K followers, XXX engagements
"CVE-2025-43280 The issue was resolved by not loading remote images This issue is fixed in iOS XXXX and iPadOS XXXX. Forwarding an email could display remote images in Mail in Lockdo"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-6919 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cats Information Technology Software Development Technologies Ayko"
X Link @CVEnew 2025-10-13T13:08Z 55.7K followers, XXX engagements
"CVE-2025-59291 External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-61933 A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of BIG-IP APM that allows an attacker to run JavaScript in the context of the targe"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-26860 RemoteCall Remote Support Program (for Operator) versions prior to 5.1.0 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-59249 Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-10293 The Keyy Two Factor Authentication (like Clef) plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to and including 1"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-33096 IBM Engineering Requirements Management Doors Next 7.0.2 7.0.3 and XXX could allow an authenticated user to cause a denial of service by uploading specially crafted"
X Link @CVEnew 2025-10-12T13:50Z 55.7K followers, XXX engagements
"CVE-2025-55079 In Eclipse ThreadX before version 6.4.3 the thread module has a setting of maximum priority. In some cases the check of that maximum priority wasn't performed allow"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-59985 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Spaceallows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-50152 Out-of-bounds read in Windows Kernel allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-37144 Arbitrary file download vulnerabilities exist in a low-level interface library in AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful expl"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XX engagements
"CVE-2025-39983 In the Linux kernel the following vulnerability has been resolved: Bluetooth: hci_event: Fix UAF in hci_conn_tx_dequeue This fixes the following UAF caused by not"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-11599 A weakness has been identified in Campcodes Online Apartment Visitor Management System XXX. This impacts an unknown function of the file /forgot-password.php. This ma"
X Link @CVEnew 2025-10-11T12:58Z 55.7K followers, XXX engagements
"CVE-2025-8428 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (HTTP Loader widget modules) allo"
X Link @CVEnew 2025-10-14T14:54Z 55.7K followers, XXX engagements
"CVE-2025-62362 gpp-burgerportaal is a Dutch government citizen portal application. In versions before 2.0.3 3.0.2 and 4.0.1 the name and email address of employees who publish co"
X Link @CVEnew 2025-10-13T21:50Z 55.7K followers, XXX engagements
"CVE-2025-62387 SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database"
X Link @CVEnew 2025-10-13T21:35Z 55.7K followers, XXX engagements
"CVE-2025-42939 SAP S/4HANA (Manage Processing Rules - For Bank Statements) allows an authenticated attacker with basic privileges to delete conditions from any shared rule of any us"
X Link @CVEnew 2025-10-14T01:03Z 55.7K followers, XXX engagements
"CVE-2025-10486 The Content Writer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to and including 3.6.8 through publicly exposed log files"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-59968 A Missing Authorization vulnerability in the Juniper Networks Junos Space Security Director allows an unauthenticated network-based attacker to read or modify metadat"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59205 Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate p"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-39971 In the Linux kernel the following vulnerability has been resolved: i40e: fix idx validation in config queues msg Ensure idx is within range of active/initialized T"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-10985 OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2 12.5.0.4 and 12.4.0.4 allows a remote authenticated attacker with admin privileges to"
X Link @CVEnew 2025-10-14T14:54Z 55.7K followers, XXX engagements
"CVE-2025-55083 In NetX Duo version before 6.4.4 the component of Eclipse Foundation ThreadX there was an incorrect bound check resulting it out by two out of bound read"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-54822 An improper authorization vulnerability CWE-285 in Fortinet FortiOS version 7.4.0 through 7.4.1 and before 7.2.8 & Fortinet FortiProxy before version 7.4.8 allows a"
X Link @CVEnew 2025-10-14T15:40Z 55.7K followers, XXX engagements
"CVE-2025-11721 Memory safety bug present in Firefox XXX and Thunderbird XXX. This bug showed evidence of memory corruption and we presume that with enough effort this could have bee"
X Link @CVEnew 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-54263 Adobe Commerce versions 2.4.9-alpha2 2.4.8-p2 2.4.7-p7 2.4.6-p12 2.4.5-p14 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. A low-"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-10141 The Digiseller plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ds' shortcode in all versions up to and including 1.3.0 due to in"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-10056 The Task Scheduler plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to and including 1.6.3 via the Check Website task. This ma"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-55331 Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-59236 Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-62252 Insecure Direct Object Reference (IDOR) vulnerability in Liferay Portal 7.4.0 through 7.4.3.111 and older unsupported versions and Liferay DXP 2023.Q4.0 through 202"
X Link @CVEnew 2025-10-13T20:50Z 55.7K followers, XXX engagements
"CVE-2025-11720 The Firefox and Firefox Focus UI for the Android custom tab feature only showed the "site" that was loaded not the full hostname. User supplied content hosted on a s"
X Link @CVEnew 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-59232 Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XX engagements
"CVE-2025-59203 Insertion of sensitive information into log file in Windows StateRepository API allows an authorized attacker to disclose information locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-39992 In the Linux kernel the following vulnerability has been resolved: mm: swap: check for stable address space before operating on the VMA It is possible to hit a zer"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-11712 A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a conten"
X Link @CVEnew 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-11717 When switching between Android apps using the card carousel Firefox shows a black screen as its card image when a password-related screen was the last one being used"
X Link @CVEnew 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-22833 APTIOV contains a vulnerability in BIOS where an attacker may cause a Buffer Copy without Checking Size of Input by local accessing. Successful exploitation of this v"
X Link @CVEnew 2025-10-14T14:38Z 55.7K followers, XXX engagements
"CVE-2025-58716 Improper input validation in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-10132 The Dhivehi Text plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dhivehi' shortcode in all versions up to and including XXX due"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-11654 A vulnerability was identified in yousaf530 Inferno Online Clothing Store up to 827dd42bfbe380e8de76fdc67958c24cf1246208. The affected element is an unknown function"
X Link @CVEnew 2025-10-13T02:49Z 55.7K followers, XXX engagements
"CVE-2025-57716 An Uncontrolled Search Path Element vulnerability CWE-427 in FortiClient Windows 7.4.0 through 7.4.3 7.2.0 through 7.2.11 XXX all versions may allow a local low p"
X Link @CVEnew 2025-10-14T15:40Z 55.7K followers, XXX engagements
"CVE-2025-59200 Concurrent execution using shared resource with improper synchronization ('race condition') in Data Sharing Service Client allows an unauthorized attacker to perform"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-59198 Improper input validation in Microsoft Windows Search Component allows an authorized attacker to deny service locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-22832 APTIOV contains a vulnerability in BIOS where an attacker may cause an Out-of-bounds Write by local. Successful exploitation of this vulnerability may lead to data co"
X Link @CVEnew 2025-10-14T14:38Z 55.7K followers, XXX engagements
"CVE-2025-31995 HCL Unica MaxAI Workbench is vulnerable to improper input validation. This allows attackers to exploit vulnerabilities such as SQL Injection XSS or command injecti"
X Link @CVEnew 2025-10-13T05:16Z 55.7K followers, XXX engagements
"CVE-2025-62363 yt-grabber-tui is a terminal user interface application for downloading videos. In versions before 1.0-rc the application allows users to configure the path to the y"
X Link @CVEnew 2025-10-13T21:50Z 55.7K followers, XXX engagements
"CVE-2025-59250 Improper input validation in JDBC Driver for SQL Server allows an unauthorized attacker to perform spoofing over a network"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-55336 Exposure of sensitive information to an unauthorized actor in Windows Cloud Files Mini Filter Driver allows an authorized attacker to disclose information locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-39975 In the Linux kernel the following vulnerability has been resolved: smb: client: fix wrong index reference in smb2_compound_op() In smb2_compound_op() the loop tha"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-20350 A vulnerability in the web UI of Cisco Desk Phone 9800 Series Cisco IP Phone 7800 and 8800 Series and Cisco Video Phone 8875 running Cisco SIP Software could allow"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-62390 SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database"
X Link @CVEnew 2025-10-13T21:36Z 55.7K followers, XXX engagements
"CVE-2025-61796 Adobe Experience Manager versions XXXX and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-10301 The FunKItools plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.0.2. This is due to missing or incorrect nonce"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-25255 An Improperly Implemented Security Check for Standard vulnerability CWE-358 in FortiProxy 7.6.0 through 7.6.3 XXX all versions XXX all versions 7.0.1 through 7.0"
X Link @CVEnew 2025-10-14T15:40Z 55.7K followers, XXX engagements
"CVE-2025-10743 The Outdoor plugin for WordPress is vulnerable to SQL Injection via the 'edit' action in all versions up to and including 1.3.2 due to insufficient escaping on the"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-9064 A path traversal security issue exists within FactoryTalk View Machine Edition allowing unauthenticated attackers on the same network as the device to delete any file"
X Link @CVEnew 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-11674 SOOP-CLM developed by PiExtract has a Server-Side Request Forgery vulnerability allowing privileged remote attackers to read server files or probe internal network i"
X Link @CVEnew 2025-10-13T08:22Z 55.7K followers, XXX engagements
"CVE-2025-58729 Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-39978 In the Linux kernel the following vulnerability has been resolved: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() This code calls kfree_rcu(new_n"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-61938 When a BIG-IP Advanced WAF or ASM security policy is configured with a URL greater than 1024 characters in length for the Data Guard Protection Enforcement setting e"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-20720 In wlan AP driver there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege wit"
X Link @CVEnew 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-59242 Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-54272 Adobe Experience Manager versions XXXX and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-41705 An unauthenticated remote attacker (MITM) can intercept the websocket messages to gain access to the login credentials for the Webfrontend"
X Link @CVEnew 2025-10-14T08:45Z 55.7K followers, XXX engagements
"CVE-2025-59778 When the Allowed IP Addresses feature is configured on the F5OS-C partition control plane undisclosed traffic can cause multiple containers to terminate. Note: So"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-55692 Improper input validation in Windows Error Reporting allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-11607 A weakness has been identified in harry0703 MoneyPrinterTurbo up to 1.2.6. The impacted element is the function upload_music of the file app/controllers/v1/music.py o"
X Link @CVEnew 2025-10-11T16:50Z 55.7K followers, XXX engagements
"CVE-2025-20721 In imgsensor there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already"
X Link @CVEnew 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-11715 Memory safety bugs present in Firefox ESR XXXXX Thunderbird ESR XXXXX Firefox XXX and Thunderbird XXX. Some of these bugs showed evidence of memory corruption and w"
X Link @CVEnew 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-11161 The WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the vc_custom_heading shortcode in all versions up to and including"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-58735 Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-62378 CommandKit is the discord.js meta-framework for building Discord bots. In versions 1.2.0-rc.1 through 1.2.0-rc.11 a logic flaw exists in the message command handler"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-59051 The FreePBX Endpoint Manager module includes a Network Scanning feature that provides web-based access to nmap functionality for network device discovery. In Endpoint"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-59921 An exposure of sensitive information to an unauthorized actor vulnerability CWE-200 in Fortinet FortiADC version 7.4.0 version 7.2.3 and below version 7.1.4 and b"
X Link @CVEnew 2025-10-14T15:40Z 55.7K followers, XXX engagements
"CVE-2025-39984 In the Linux kernel the following vulnerability has been resolved: net: tun: Update napi-skb after XDP process The syzbot report a UAF issue: BUG: KASAN: slab-"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-43282 A double free issue was addressed with improved memory management. This issue is fixed in macOS Sequoia XXXX iOS XXXX and iPadOS XXXX watchOS XXXX tvOS XXXX visio"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-39972 In the Linux kernel the following vulnerability has been resolved: i40e: fix idx validation in i40e_validate_queue_map Ensure idx is within range of active/initial"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2023-53561 In the Linux kernel the following vulnerability has been resolved: net: wwan: iosm: fix NULL pointer dereference when removing device In suspend and resume cycle"
X Link @CVEnew 2025-10-04T15:27Z 55.7K followers, XXX engagements
"CVE-2025-11660 A vulnerability has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. Affected by this issue is some unknown"
X Link @CVEnew 2025-10-13T04:44Z 55.7K followers, XXX engagements
"CVE-2025-61806 Substance3D - Stager versions 3.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file which could result in a read past the"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XX engagements
"CVE-2025-55693 Use after free in Windows Kernel allows an unauthorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-10133 The URLYar URL Shortner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'urlyar_shortlink' shortcode in all versions up to and inc"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-31514 An Insertion of Sensitive Information into Log File vulnerability CWE-532 in FortiOS 7.6.0 through 7.6.3 XXX all versions XXX all versions XXX all versions 6.4"
X Link @CVEnew 2025-10-14T15:40Z 55.7K followers, XXX engagements
"CVE-2025-11736 A flaw has been found in itsourcecode Online Examination System XXX. Affected by this issue is some unknown functionality of the file /index.php. This manipulation of"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XX engagements
"CVE-2025-20724 In wlan AP driver there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with User execution privil"
X Link @CVEnew 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-20711 In wlan AP driver there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege wit"
X Link @CVEnew 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-40765 A vulnerability has been identified in TeleControl Server Basic V3.1 (All versions = V3.1.2.2 V3.1.2.3). The affected application contains an information disclosur"
X Link @CVEnew 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-59278 Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XX engagements
"CVE-2025-11661 A vulnerability was found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This affects an unknown part. Performing man"
X Link @CVEnew 2025-10-13T04:44Z 55.7K followers, XXX engagements
"CVE-2025-61807 Substance3D - Stager versions 3.1.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the c"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XX engagements
"CVE-2025-55247 Improper link resolution before file access ('link following') in .NET allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-62381 sveltekit-superforms makes SvelteKit forms a pleasure to use. sveltekit-superforms v2.27.3 and prior are susceptible to a prototype pollution vulnerability within the"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-61688 Omni manages Kubernetes on bare metal virtual machines or in a cloud. Prior to 1.1.5 and 1.0.2 Omni might leak sensitive information via an API"
X Link @CVEnew 2025-10-13T21:13Z 55.7K followers, XXX engagements
"CVE-2025-8594 The Pz-LinkCard WordPress plugin before 2.5.7 does not validate a parameter before making a request to it which could allow users with a role as low as Contributor to"
X Link @CVEnew 2025-10-14T06:23Z 55.7K followers, XXX engagements
"CVE-2025-55248 Inadequate encryption strength in .NET .NET Framework Visual Studio allows an authorized attacker to disclose information over a network"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-11639 A vulnerability has been found in Tomofun Furbo XXX and Furbo Mini. The impacted element is an unknown function of the file collect_logs.sh of the component Debug Log"
X Link @CVEnew 2025-10-12T17:50Z 55.7K followers, XXX engagements
"CVE-2025-9337 A null pointer dereference has been identified in the AsIO3.sys driver. The vulnerability can be triggered by a specially crafted input which may lead to a system cras"
X Link @CVEnew 2025-10-13T09:52Z 55.7K followers, XXX engagements
"CVE-2025-54479 When a classification profile is configured on a virtual server without an HTTP or HTTP/2 profile undisclosed requests can cause the Traffic Management Microkernel ("
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-10576 Potential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver which might allow escalation"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-39897 In the Linux kernel the following vulnerability has been resolved: net: xilinx: axienet: Add error handling for RX metadata pointer retrieval Add proper error chec"
X Link @CVEnew 2025-10-01T08:21Z 55.7K followers, XXX engagements
"CVE-2025-39965 In the Linux kernel the following vulnerability has been resolved: xfrm: xfrm_alloc_spi shouldn't use X as SPI x-id.spi == X means "no SPI assigned" but since co"
X Link @CVEnew 2025-10-13T13:53Z 55.7K followers, XXX engagements
"CVE-2025-11701 The Zip Attachments plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check as well as missing post status validation in t"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-60016 When Diffie-Hellman (DH) group Elliptic Curve Cryptography (ECC) Brainpool curves are configured in an SSL profile's Cipher Rule or Cipher Group and that profile is"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-11649 A vulnerability was found in Tomofun Furbo XXX and Furbo Mini. The affected element is an unknown function of the component Root Account Handler. Performing manipulat"
X Link @CVEnew 2025-10-12T22:50Z 55.7K followers, XXX engagements
"CVE-2025-58424 On BIG-IP systems undisclosed traffic can cause data corruption and unauthorized data modification in protocols which do not have message integrity protection.Note"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-59978 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to store scri"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59889 Improper authentication of library files in the Eaton IPP software installer could lead to arbitrary code execution of an attacker with the access to the software pac"
X Link @CVEnew 2025-10-14T05:33Z 55.7K followers, XXX engagements
"CVE-2025-53717 Reliance on untrusted inputs in a security decision in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-10558 A stored Cross-site Scripting (XSS) vulnerability affecting 3DSearch in 3DSwymer on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in"
X Link @CVEnew 2025-10-13T07:50Z 55.7K followers, XXX engagements
"CVE-2025-62371 OpenSearch Data Prepper as an open source data collector for observability data. In versions prior to 2.12.2 the OpenSearch sink and source plugins in Data Prepper t"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-59288 Improper verification of cryptographic signature in GitHub allows an unauthorized attacker to perform spoofing over an adjacent network"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-59428 EspoCRM is an open source customer relationship management application. In versions before 9.1.9 a vulnerability allows arbitrary user creation including administra"
X Link @CVEnew 2025-10-14T15:18Z 55.7K followers, XXX engagements
"CVE-2025-11605 A vulnerability was identified in code-projects Client Details System XXX. Impacted is an unknown function of the file /admin/update-profile.php. Such manipulation of"
X Link @CVEnew 2025-10-11T14:50Z 55.7K followers, XXX engagements
"CVE-2025-41706 The webserver is vulnerable to a denial of service condition. An unauthenticated remote attacker can craft a special GET request with an over-long content-length to t"
X Link @CVEnew 2025-10-14T08:45Z 55.7K followers, XXX engagements
"CVE-2025-52960 A Buffer Copy without Checking Size of Input vulnerability in the Session Initialization Protocol (SIP) ALG of Juniper Networks Junos OS on MX Series and SRX Series"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-39999 In the Linux kernel the following vulnerability has been resolved: blk-mq: fix blk_mq_tags double free while nr_requests grown In the case user trigger tags grow b"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-11623 SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database"
X Link @CVEnew 2025-10-13T21:27Z 55.7K followers, XXX engagements
"CVE-2025-60001 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-60378 Stored HTML injection in RISE Ultimate Project Manager & CRM allows authenticated users to inject arbitrary HTML into invoices and messages. Injected content renders"
X Link @CVEnew 2025-10-10T14:51Z 55.7K followers, XXX engagements
"CVE-2025-54854 When a BIG-IP APM OAuth access profile (Resource Server or Resource Client) is configured on a virtual server undisclosed traffic can cause the apmdprocess to termi"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-41699 An low privileged remote attacker with an account for the Web-based management can change the system configuration to perform a command injection as root resulting i"
X Link @CVEnew 2025-10-14T08:56Z 55.7K followers, XXX engagements
"CVE-2025-48813 Use of a key past its expiration date in Virtual Secure Mode allows an authorized attacker to perform spoofing locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-60013 When a user attempts to initialize the rSeries FIPS module using a password with special shell metacharacters the FIPS hardware security module (HSM) may fail to ini"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-33182 NVIDIA Jetson Linux contains a vulnerability in UEFI where improper authentication may allow a privileged user to cause corruption of the Linux Device Tree. A succes"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-54267 Adobe Commerce versions 2.4.9-alpha2 2.4.8-p2 2.4.7-p7 2.4.6-p12 2.4.5-p14 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. A low-"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-59235 Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-11640 A vulnerability was found in Tomofun Furbo XXX and Furbo Mini. This affects an unknown function of the component Bluetooth Low Energy. The manipulation results in cle"
X Link @CVEnew 2025-10-12T18:19Z 55.7K followers, XXX engagements
"CVE-2025-11718 When the address bar was hidden due to scrolling on Android a malicious page could create a fake address bar to fool the user in response to a visibilitychange event"
X Link @CVEnew 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-11665 A vulnerability was detected in D-Link DAP-2695 2.00RC131. This affects the function fwupdater_main of the file rgbin of the component Firmware Update Handler. Perfor"
X Link @CVEnew 2025-10-13T06:51Z 55.7K followers, XXX engagements
"CVE-2025-62384 SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database"
X Link @CVEnew 2025-10-13T21:35Z 55.7K followers, XXX engagements
"CVE-2025-42937 SAP Print Service (SAPSprint) performs insufficient validation of path information provided by users. An unauthenticated attacker could traverse to the parent directo"
X Link @CVEnew 2025-10-14T01:03Z 55.7K followers, XXX engagements
"CVE-2025-54805 When an iRule is configured on a virtual server via the declarative API upon re-instantiation the cleanup process can cause an increase in the Traffic Management Mi"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-42910 Due to missing verification of file type or content SAP Supplier Relationship Management allows an authenticated attacker to upload arbitrary files. These files coul"
X Link @CVEnew 2025-10-14T01:03Z 55.7K followers, XXX engagements
"CVE-2025-9063 An authentication bypass security issue exists within FactoryTalk View Machine Edition Web Browser ActiveX control. Exploitation of this vulnerability allows unauthori"
X Link @CVEnew 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-62360 WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users.Prior to 3.5.1 a SQL Injection vulnerability was identified in the /ht"
X Link @CVEnew 2025-10-13T21:35Z 55.7K followers, XXX engagements
"CVE-2025-9066 A security issue was discovered within FactoryTalk ViewPoint allowing unauthenticated attackers to achieve XXE. Certain SOAP requests can be abused to perform XXE re"
X Link @CVEnew 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-11644 A weakness has been identified in Tomofun Furbo XXX and Furbo Mini. Affected by this issue is some unknown functionality of the component UART Interface. Executing ma"
X Link @CVEnew 2025-10-12T20:32Z 55.7K followers, XXX engagements
"CVE-2025-58728 Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-9496 The Enable Media Replace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file_modified shortcode in all versions up to and including"
X Link @CVEnew 2025-10-11T07:36Z 55.7K followers, XXX engagements
"CVE-2025-10660 The WP Dashboard Chat plugin for WordPress is vulnerable to SQL Injection via the id parameter in all versions up to and including 1.0.3 due to insufficient escap"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-60000 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-11716 Links in a sandboxed iframe could open an external app on Android without the required "allow-" permission. This vulnerability affects Firefox XXX and Thunderbird"
X Link @CVEnew 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-59254 Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-59221 Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-55081 In Eclipse Foundation NextX Duo before 6.4.4 a module of ThreadX the _nx_secure_tls_process_clienthello() function was missing length verification of certain SSL/T"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-11604 A vulnerability was determined in projectworlds Online Ordering Food System XXX. This issue affects some unknown processing of the file /all-orders.php. This manipula"
X Link @CVEnew 2025-10-11T14:28Z 55.7K followers, XXX engagements
"CVE-2025-31702 A vulnerability exists in certain Dahua embedded products. Third-party malicious attacker with obtained normal user credentials could exploit the vulnerability to acc"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-61800 Dimension versions 4.1.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of t"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XX engagements
"CVE-2025-39968 In the Linux kernel the following vulnerability has been resolved: i40e: add max boundary check for VF filters There is no check for max filters that VF can reques"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-10648 The YourMembership Single Sign On YM SSO Login plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'moym_disp"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-11710 A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process. Thi"
X Link @CVEnew 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-62391 SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database"
X Link @CVEnew 2025-10-13T21:35Z 55.7K followers, XXX engagements
"CVE-2025-62251 Liferay Portal 7.3.0 through 7.4.3.119 and Liferay DXP 2023.Q3.1 through 2023.Q3.8 2023.Q4.0 through 2023.Q4.5 XXX GA through update XX and XXX GA though update 36"
X Link @CVEnew 2025-10-13T21:35Z 55.7K followers, XXX engagements
"CVE-2025-59297 Delta Electronics DIAScreenlacks proper validation of the user-supplied file. If a user opens a malicious file an attacker can leverage this vulnerability to execut"
X Link @CVEnew 2025-10-03T03:20Z 55.7K followers, XXX engagements
"CVE-2025-10300 The TopBar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.0.0. This is due to missing or incorrect nonce val"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-10754 The DocoDoco Store Locator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the zip upload functionality in all ver"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-62359 WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.0 a Reflected Cross-Site Scripting (XSS) vulnerability w"
X Link @CVEnew 2025-10-13T21:35Z 55.7K followers, XXX engagements
"CVE-2025-11695 When tlsInsecure=False appears in a connection string certificate validation is disabled. This vulnerability affects MongoDB Rust Driver versions prior to v3.2.5"
X Link @CVEnew 2025-10-13T16:45Z 55.7K followers, XXX engagements
"CVE-2025-41703 An unauthenticated remote attacker can cause a Denial of Service by turning off the output of the UPS via Modbus command"
X Link @CVEnew 2025-10-14T08:45Z 55.7K followers, XXX engagements
"CVE-2025-11628 A flaw has been found in jimit105 Project-Online-Shopping-Website up to 7d892f442bd8a96dd242dbe2b9bd5ed641e13e64. This affects an unknown function of the file /delete"
X Link @CVEnew 2025-10-12T05:31Z 55.7K followers, XXX engagements
"CVE-2025-26861 RemoteCall Remote Support Program (for Operator) versions prior to 5.3.0 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-11671 Uniweb/SoliPACS WebServer developed by EBM Technologies has a Missing Authentication vulnerability allowing unauthenticated remote attackers to access a specific pag"
X Link @CVEnew 2025-10-13T07:50Z 55.7K followers, XXX engagements
"CVE-2025-9640 A flaw was found in Samba in the vfs_streams_xattr module where uninitialized heap memory could be written into alternate data streams. This allows an authenticated u"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-11651 A vulnerability has been found in UTT 518G up to V3v3.2.7-210919-161313. This vulnerability affects the function sub_4247AC of the file /goform/formRemoteControl"
X Link @CVEnew 2025-10-12T23:50Z 55.7K followers, XXX engagements
"CVE-2025-43991 SupportAssist for Home PCs versions 4.8.2 and prior and SupportAssist for Business PCs versions 4.5.3 and prior contain an UNIX Symbolic Link (Symlink) following vul"
X Link @CVEnew 2025-10-13T14:52Z 55.7K followers, XXX engagements
"CVE-2025-59294 Exposure of sensitive information to an unauthorized actor in Windows Taskbar Live allows an unauthorized attacker to disclose information with a physical attack"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-55240 Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-25252 An Insufficient Session Expiration vulnerability CWE-613 in FortiOS SSL VPN 7.6.0 through 7.6.2 7.4.0 through 7.4.6 7.2.0 through 7.2.10 7.0.0 through 7.0.16 6"
X Link @CVEnew 2025-10-14T15:40Z 55.7K followers, XXX engagements
"CVE-2025-11610 A security flaw has been discovered in SourceCodester Simple Inventory System XXX. This issue affects some unknown processing of the file /brand.php. The manipulation"
X Link @CVEnew 2025-10-11T18:41Z 55.7K followers, XXX engagements
"CVE-2025-61799 Dimension versions 4.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file which could result in a read past the end of an"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XX engagements
"CVE-2025-11641 A vulnerability was determined in Tomofun Furbo XXX and Furbo Mini. This impacts an unknown function of the component Trial Restriction Handler. This manipulation cau"
X Link @CVEnew 2025-10-12T18:44Z 55.7K followers, XXX engagements
"CVE-2025-42902 Due to the memory corruption vulnerability in SAP NetWeaver AS ABAP and ABAP Platform an unauthenticated attacker can send a corrupted SAP Logon Ticket or SAP Assert"
X Link @CVEnew 2025-10-14T01:03Z 55.7K followers, XXX engagements
"CVE-2025-61734 Files or Directories Accessible to External Parties vulnerability in Apache Kylin. You are fine as long as the Kylin's system and project admin access is well protec"
X Link @CVEnew 2025-10-02T10:15Z 55.7K followers, XXX engagements
"CVE-2025-20717 In wlan AP driver there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has"
X Link @CVEnew 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-62365 LibreNMS is an open-source PHP/MySQL/SNMP-based network monitoring system. Prior to 25.7.0 there is a reflected-XSS in report_this function in librenms/includes/"
X Link @CVEnew 2025-10-13T21:50Z 55.7K followers, XXX engagements
"CVE-2025-59225 Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XX engagements
"CVE-2025-54279 Animate versions 23.0.13 24.0.10 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the curre"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-59957 An Origin Validation Error vulnerability in an insufficient protected file of Juniper Networks Junos OS onEX4600 Series and QFX5000 Series allows an unauthenticated"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-11638 A flaw has been found in Tomofun Furbo XXX and Furbo Mini. The affected element is an unknown function of the component Bluetooth Handler. Executing manipulation can"
X Link @CVEnew 2025-10-12T17:28Z 55.7K followers, XXX engagements
"CVE-2025-47856 Two improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities CWE-78 in Fortinet FortiVoice version 7.2.0 7.0.0 th"
X Link @CVEnew 2025-10-14T14:16Z 55.7K followers, XXX engagements
"CVE-2025-31992 HCL Unica MaxAI Assistant is susceptible to a HTML injection vulnerability. An attacker could insert special characters that are processed client-side in the context"
X Link @CVEnew 2025-10-12T06:19Z 55.7K followers, XXX engagements
"CVE-2025-62174 Mastodon is an open source federated social media platform. In Mastodon before 4.4.6 4.3.14 and 4.2.27 when an administrator resets a user account's password via"
X Link @CVEnew 2025-10-13T21:13Z 55.7K followers, XXX engagements
"CVE-2025-53150 Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-27259 Ericsson Network Manager versions prior to ENM XXXX GA contain a vulnerability that if exploited can exfiltrate limited data or redirect victims to other sites or d"
X Link @CVEnew 2025-10-13T06:24Z 55.7K followers, XXX engagements
"CVE-2025-59187 Improper input validation in Windows Kernel allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-59268 On the BIG-IP system undisclosed endpoints that contain static non-sensitive information are accessible to an unauthenticated remote attacker through the Configurati"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-11629 A vulnerability has been found in RainyGao DocSys up to 2.02.36. This impacts the function getUserList of the file /Manage/getUserList.do. Such manipulation leads to"
X Link @CVEnew 2025-10-12T07:27Z 55.7K followers, XXX engagements
"CVE-2025-31993 HCL Unica Centralized Offer Management is vulnerable to a potential Server-Side Request Forgery (SSRF). An attacker can exploit improper input validation by submittin"
X Link @CVEnew 2025-10-12T03:26Z 55.7K followers, XXX engagements
"CVE-2025-58084 Mattermost Desktop App versions = 5.13.0 fail to validate URLs external to the configured Mattermost servers allowing an attacker on a server the user has configure"
X Link @CVEnew 2025-10-13T20:17Z 55.7K followers, XXX engagements
"CVE-2025-59999 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59197 Insertion of sensitive information into log file in Windows ETL Channel allows an authorized attacker to disclose information locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-42901 SAP Application Server for ABAP allows an authenticated attacker to store malicious JavaScript payloads which could be executed in victim user's browser when accessin"
X Link @CVEnew 2025-10-14T01:03Z 55.7K followers, XXX engagements
"CVE-2025-58734 Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-56746 Creativeitem Academy LMS up to and including XXXX does not regenerate session IDs upon successful authentication enabling session fixation attacks where attackers ca"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-11600 A security vulnerability has been detected in code-projects Simple Food Ordering System XXX. Affected is an unknown function of the file editcategory.php. Such manipu"
X Link @CVEnew 2025-10-11T13:20Z 55.7K followers, XXX engagements
"CVE-2025-10581 A potential DLL hijacking vulnerability was discovered in the Lenovo PC Manager during an internal security assessment that could allow a local authenticated user to"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-61935 When a BIG IP Advanced WAF or ASM security policy is configured on a virtual server undisclosed requests can cause the bd process to terminate.Note: Software versi"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-9067 A security issue exists within the x86 Microsoft Installer File (MSI) installed with FTLinx. Authenticated attackers with valid Windows user credentials can initiate a"
X Link @CVEnew 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-58719 Use after free in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-49708 Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges over a network"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-41718 A cleartext transmission of sensitive information vulnerability in the affected products allows an unauthorized remote attacker to gain login credentials and access t"
X Link @CVEnew 2025-10-14T08:45Z 55.7K followers, XXX engagements
"CVE-2025-39981 In the Linux kernel the following vulnerability has been resolved: Bluetooth: MGMT: Fix possible UAFs This attemps to fix possible UAFs caused by struct mgmt_pendi"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-62376 DOJO is an education platform for learning cybersecurity. In versions up to and including commit 781d91157cfc234a434d0bab45cbcf97894c642e the /workspace"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-39986 In the Linux kernel the following vulnerability has been resolved: can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow Sending an PF_PACKET allows"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-47979 Insertion of sensitive information into log file in Windows Failover Cluster allows an authorized attacker to disclose information locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-10194 The Shortcode Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions up to and including 1.1.9"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-61974 When a client SSL profile is configured on a virtual server undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-40755 A vulnerability has been identified in SINEC NMS (All versions V4.0 SP1). Affected applications are vulnerable to SQL injection through getTotalAndFilterCounts endp"
X Link @CVEnew 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-55325 Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-27258 Ericsson Network Manager (ENM) versions prior to ENM XXXX GA contain a vulnerability if exploited can result in an escalation of privilege"
X Link @CVEnew 2025-10-13T06:51Z 55.7K followers, XXX engagements
"CVE-2025-62375 go-witness and witness are Go modules for generating attestations. In go-witness versions 0.8.6 and earlier and witness versions 0.9.2 and earlier the AWS attestor im"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-59213 Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an unauthorized attacker to elevate pri"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-11568 A data corruption vulnerability has been identified in the luksmeta utility when used with the LUKS1 disk encryption format. An attacker with the necessary permission"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-61804 Animate versions 23.0.13 24.0.10 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-11622 Insecure deserialization in Ivanti Endpoint Manager allows a local authenticated attacker to escalate their privileges"
X Link @CVEnew 2025-10-13T21:27Z 55.7K followers, XXX engagements
"CVE-2025-59494 Improper access control in Azure Monitor Agent allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-7707 The llama_index library version 0.12.33 sets the NLTK data directory to a subdirectory of the codebase by default which is world-writable in multi-user environments. T"
X Link @CVEnew 2025-10-13T16:45Z 55.7K followers, XXX engagements
"CVE-2025-11501 The Dynamically Display Posts plugin for WordPress is vulnerable to SQL Injection via the 'tax_query' parameter in all versions up to and including XXX due to insuf"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-11365 The WP Google Map Plugin plugin for WordPress is vulnerable to blind SQL Injection via the 'id' parameter of the 'google_map' shortcode in all versions up to and inc"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-54268 Bridge versions 14.1.8 15.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-55335 Use after free in Windows NTFS allows an unauthorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-61960 When a per-request policy is configured on a BIG-IP APM portal access virtual server undisclosed traffic can cause the Traffic Management Microkernel (TMM) to termin"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-59281 Improper link resolution before file access ('link following') in XBox Gaming Services allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-58737 Use after free in Windows Remote Desktop allows an unauthorized attacker to execute code locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-39988 In the Linux kernel the following vulnerability has been resolved: can: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow Sending an PF_PACKET allow"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-37729 Improper neutralization of special elements used in a template engine in Elastic Cloud Enterprise (ECE) can lead to a malicious actor with Admin access exfiltrating s"
X Link @CVEnew 2025-10-13T13:54Z 55.7K followers, XXX engagements
"CVE-2025-26859 RemoteView PC Application Console versions prior to 6.0.2 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder wit"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-9902 Authorization Bypass Through User-Controlled Key vulnerability in AKIN Software Computer Import Export Industry and Trade Co. Ltd. QRMenu allows Privilege Abuse.This is"
X Link @CVEnew 2025-10-13T13:42Z 55.7K followers, XXX engagements
"CVE-2025-59208 Out-of-bounds read in Windows MapUrlToZone allows an unauthorized attacker to disclose information over a network"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-11196 The External Login plugin for WordPress is vulnerable to sensitive information exposure in all versions up to and including 1.11.2 due to the 'exlog_test_connection"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-11591 A security vulnerability has been detected in CodeAstro Gym Management System XXX. Affected by this issue is some unknown functionality of the file /admin/actions/del"
X Link @CVEnew 2025-10-11T05:31Z 55.7K followers, XXX engagements
"CVE-2025-60015 An out-of-bounds write vulnerability exists in F5OS-A and F5OS-C that could lead to memory corruption. Note: Software versions which have reached End of Technic"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-8459 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Monitoring recurrent downtime sc"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XX engagements
"CVE-2025-11160 The WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom JS module in all versions up to and including 8.6.1. This"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-39994 In the Linux kernel the following vulnerability has been resolved: media: tuner: xc5000: Fix use-after-free in xc5000_release The original code uses cancel_delayed"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-58731 Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-54893 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Hosts templates configuration"
X Link @CVEnew 2025-10-14T15:40Z 55.7K followers, XXX engagements
"CVE-2025-11630 A vulnerability was found in RainyGao DocSys up to 2.02.36. Affected is the function updateRealDoc of the file /Doc/uploadDoc.do of the component File Upload. Perform"
X Link @CVEnew 2025-10-12T07:36Z 55.7K followers, XXX engagements
"CVE-2025-56748 Creativeitem Academy LMS up to and including XXXX uses predictable password reset tokens based on Base64 encoded templates without rate limiting allowing brute force"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-20710 In wlan AP driver there is a possible out of bounds write due to an integer overflow. This could lead to remote (proximal/adjacent) escalation of privilege with no a"
X Link @CVEnew 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-59996 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-55330 Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-20329 A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software could allow an authenticated remote attacker to"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-31996 HCL Unica Platform is affected by unprotected files due to improper access controls. These files may contain sensitive information such as private or system informa"
X Link @CVEnew 2025-10-13T04:23Z 55.7K followers, XXX engagements
"CVE-2025-11634 A security flaw has been discovered in Tomofun Furbo XXX and Furbo Mini. This affects an unknown part of the component UART Interface. The manipulation results in inf"
X Link @CVEnew 2025-10-12T12:58Z 55.7K followers, XXX engagements
"CVE-2025-62382 Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Prior to 0.16.2 Frigate's export workflow allows an authenticated oper"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-59188 Exposure of sensitive information to an unauthorized actor in Windows Failover Cluster allows an authorized attacker to disclose information locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-39967 In the Linux kernel the following vulnerability has been resolved: fbcon: fix integer overflow in fbcon_do_set_font Fix integer overflow vulnerabilities in fbcon_d"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-6026 An improper certificate validation vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow a user capable of intercepting network traffi"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-61805 Substance3D - Stager versions 3.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file which could result in a read past the"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XX engagements
"CVE-2025-39969 In the Linux kernel the following vulnerability has been resolved: i40e: fix validation of VF state in get resources VF state I40E_VF_STATE_ACTIVE is not the only"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-5946 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Centreon Infra Monitoring (Poller reload setup in the config"
X Link @CVEnew 2025-10-14T14:54Z 55.7K followers, XXX engagements
"CVE-2025-11619 Improper certificate validation when connecting to gateways in Devolutions Server 2025.3.2 and earlier allows attackersin MitM position to intercept traffic"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-60002 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-11675 Enterprise Cloud Database developed by Ragic has an Arbitrary File Upload vulnerability allowing privileged remote attackers to upload and execute web shell backdoor"
X Link @CVEnew 2025-10-13T08:22Z 55.7K followers, XXX engagements
"CVE-2025-58319 Delta Electronics CNCSoft-G2lacks proper validation of the user-supplied file. If a user opens a malicious file an attacker can leverage this vulnerability to execu"
X Link @CVEnew 2025-09-24T08:20Z 55.7K followers, XXX engagements
"CVE-2025-11731 A flaw was found in the exsltFuncResultComp() function of libxslt which handles EXSLT func:result elements during stylesheet parsing. Due to improper type handling"
X Link @CVEnew 2025-10-14T06:23Z 55.7K followers, XXX engagements
"CVE-2025-59229 Uncaught exception in Microsoft Office allows an unauthorized attacker to deny service locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-62388 SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database"
X Link @CVEnew 2025-10-13T21:35Z 55.7K followers, XXX engagements
"CVE-2025-55678 Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-25004 Improper access control in Microsoft PowerShell allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-55680 Time-of-check time-of-use (toctou) race condition in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-55676 Generation of error message containing sensitive information in Windows USB Video Driver allows an authorized attacker to disclose information locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-61678 FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX XX and versions prior to 17.0.6 for"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-61884 Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI). Supported versions that are affected are 12.2.3-12.2.14. Easily"
X Link @CVEnew 2025-10-12T03:26Z 55.7K followers, XXX engagements
"CVE-2025-58736 Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-59210 Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-59226 Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XX engagements
"CVE-2025-10577 Potential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver which might allow escalation"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-11711 There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable. This vulnerability affects Firefox XXX Firefox ESR 11"
X Link @CVEnew 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-10186 The WhyDonate FREE Donate button Crowdfunding Fundraising plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on t"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-39980 In the Linux kernel the following vulnerability has been resolved: nexthop: Forbid FDB status change while nexthop is in a group The kernel forbids the creation of"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-62175 Mastodon is a free open-source social network server based on ActivityPub. In versions before 4.4.6 4.3.14 and 4.2.27 disabling or suspending a user account does"
X Link @CVEnew 2025-10-13T21:27Z 55.7K followers, XXX engagements
"CVE-2025-59227 Use after free in Microsoft Office allows an unauthorized attacker to execute code locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-62246 Multiple stored cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.4.0 through 7.4.3.111 and older unsupported versions and Liferay DXP 2023.Q4.0 throug"
X Link @CVEnew 2025-10-13T20:50Z 55.7K followers, XXX engagements
"CVE-2025-0033 Improper access control within AMD SEV-SNP could allow an admin privileged attacker to write to the RMP during SNP initialization potentially resulting in a loss of SE"
X Link @CVEnew 2025-10-14T15:18Z 55.7K followers, XXX engagements
"CVE-2025-55078 In Eclipse ThreadX before version 6.4.3 an attacker can cause a denial of service (crash) by providing a pointer to a reserved or unmapped memory region. Vulnerable"
X Link @CVEnew 2025-10-14T07:43Z 55.7K followers, XXX engagements
"CVE-2025-59191 Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-55679 Improper input validation in Windows Kernel allows an unauthorized attacker to disclose information locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-62379 Reflex is a library to build full-stack web apps in pure Python. In versions 0.5.4 through 0.8.14 the /auth-codespace endpoint automatically assigns the redirect_to"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-62170 rAthena is an open-source cross-platform MMORPG server. A use-after-free vulnerability exists in the RODEX functionality of rAthena's map-server in versions prior to"
X Link @CVEnew 2025-10-13T18:21Z 55.7K followers, XXX engagements
"CVE-2025-11645 A security vulnerability has been detected in Tomofun Furbo Mobile App up to 7.57.0a on Android. This affects an unknown part of the component Authentication Token Ha"
X Link @CVEnew 2025-10-12T20:50Z 55.7K followers, XXX engagements
"CVE-2025-54284 Illustrator versions XXXX 28.7.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XX engagements
"CVE-2025-11643 A security flaw has been discovered in Tomofun Furbo XXX and Furbo Mini. Affected by this vulnerability is an unknown functionality of the file /squashfs-root/furbo_i"
X Link @CVEnew 2025-10-12T19:50Z 55.7K followers, XXX engagements
"CVE-2025-55698 Null pointer dereference in Windows DirectX allows an authorized attacker to deny service over a network"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-61797 Adobe Experience Manager versions XXXX and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-59194 Use of uninitialized resource in Windows Kernel allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-11666 A flaw has been found in Tenda RP3 Pro up to 22.5.7.93. This impacts an unknown function of the file force_upgrade.sh of the component Firmware Update Handler. Execut"
X Link @CVEnew 2025-10-13T07:33Z 55.7K followers, XXX engagements
"CVE-2025-58726 Improper access control in Windows SMB Server allows an authorized attacker to elevate privileges over a network"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-33044 APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Restriction of Operations within the Bounds of a Memory Buffer by local means. Success"
X Link @CVEnew 2025-10-14T14:38Z 55.7K followers, XXX engagements
"CVE-2025-39997 In the Linux kernel the following vulnerability has been resolved: ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free The previous commit 0718a78f6a9f"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-39982 In the Linux kernel the following vulnerability has been resolved: Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync This fixes the following UFA in hci_ac"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-11746 The XStore theme for WordPress is vulnerable to Local File Inclusion in all versions up to and including 9.5.4 via theet_ajax_required_plugins_popup() function. Thi"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-58714 Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-9976 An OS Command Injection vulnerability affecting Station Launcher App in 3DEXPERIENCE platform from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x could"
X Link @CVEnew 2025-10-13T07:50Z 55.7K followers, XXX engagements
"CVE-2025-40812 A vulnerability has been identified in Solid Edge SE2024 (All versions V224.0 Update 14) Solid Edge SE2025 (All versions V225.0 Update 6). The affected applicati"
X Link @CVEnew 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-40772 A vulnerability has been identified in SiPass integrated (All versions V3.0). Affected server applications are vulnerable to stored Cross-Site Scripting (XSS) allo"
X Link @CVEnew 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-59483 A validation vulnerability exists in an undisclosed URL in the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-59502 Uncontrolled resource consumption in Windows Remote Procedure Call allows an unauthorized attacker to deny service over a network"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-11631 A vulnerability was determined in RainyGao DocSys up to 2.02.36. Affected by this vulnerability is an unknown functionality of the file /Doc/deleteDoc.do. Executing m"
X Link @CVEnew 2025-10-12T08:41Z 55.7K followers, XXX engagements
"CVE-2025-59981 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Spaceallows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-55039 This issue affects Apache Spark versions before 3.4.43.5.2 and 4.0.0. Apache Spark versions before 4.0.0 3.5.2 and 3.4.4 use an insecure default network encryp"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-59419 Netty is an asynchronous event-driven network application framework. In versions prior to and the SMTP codec in Netty contains an SMTP com"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-59259 Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-11198 A Missing Authentication for Critical Function vulnerability in Juniper Networks Security Director Policy Enforcer allows an unauthenticated network-based attacker t"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-11672 Uniweb/SoliPACS WebServer developed by EBM Technologies has a Missing Authentication vulnerability allowing unauthenticated remote attackers to access a specific pag"
X Link @CVEnew 2025-10-13T07:50Z 55.7K followers, XXX engagements
"CVE-2025-59202 Use after free in Windows Remote Desktop Services allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-55689 Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-54282 Adobe Framemaker versions 2020.9 2022.7 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the c"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-59964 A Use of Uninitialized Resource vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX4700devices allows an unauthenticated network"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-54277 Adobe Commerce versions 2.4.9-alpha2 2.4.8-p2 2.4.7-p7 2.4.6-p12 2.4.5-p14 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. An att"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-55670 On BIG-IP Next CNF BIG-IP Next SPK and BIG-IP Next for Kubernetes systems repeated undisclosed API calls can cause the Traffic Management Microkernel (TMM) to term"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-11601 A vulnerability was detected in SourceCodester Online Student Result System XXX. Affected by this vulnerability is an unknown functionality of the file /login.php. Pe"
X Link @CVEnew 2025-10-11T13:37Z 55.7K followers, XXX engagements
"CVE-2025-54280 Substance3D - Viewer versions 0.25.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-11603 A vulnerability was found in code-projects Simple Food Ordering System XXX. This vulnerability affects unknown code of the file /editproduct.php. The manipulation of"
X Link @CVEnew 2025-10-11T13:37Z 55.7K followers, XXX engagements
"CVE-2025-10242 OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2 12.5.0.4 and 12.4.0.4 allows a remote authenticated attacker with admin privileges to"
X Link @CVEnew 2025-10-14T14:54Z 55.7K followers, XXX engagements
"CVE-2025-31365 An Improper Control of Generation of Code ('Code Injection') vulnerability CWE-94 in FortiClientMac 7.4.0 through 7.4.3 7.2.1 through 7.2.8 may allow an unauthenti"
X Link @CVEnew 2025-10-14T15:40Z 55.7K followers, XXX engagements
"CVE-2025-59994 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59255 Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-62157 Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Argo Workflows versions prior to 3.6.12 and versions"
X Link @CVEnew 2025-10-14T15:18Z 55.7K followers, XXX engagements
"CVE-2025-59207 Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-58317 Delta Electronics CNCSoft-G2lacks proper validation of the user-supplied file. If a user opens a malicious file an attacker can leverage this vulnerability to execu"
X Link @CVEnew 2025-09-24T08:20Z 55.7K followers, XXX engagements
"CVE-2025-2138 IBM Engineering Requirements Management Doors Next 7.0.2 7.0.3 and XXX could allow an authenticated user on the network to delete comments from other users due to c"
X Link @CVEnew 2025-10-12T13:50Z 55.7K followers, XXX engagements
"CVE-2025-54278 Bridge versions 14.1.8 15.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure. An attacker could leverage t"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-39991 In the Linux kernel the following vulnerability has been resolved: wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load() If ab-fw.m3_data points to data the"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-59285 Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XX engagements
"CVE-2025-62370 Alloy Core libraries at the root of the Rust Ethereum ecosystem. Prior to 0.8.26 and 1.4.1 an uncaught panic triggered by malformed input to alloy_dyn_abi::TypedData"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-59478 When a BIG-IP AFM denial-of-service (DoS) protection profile is configured on a virtual server undisclosed requests can cause the Traffic Management Microkernel (TMM"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-58071 When IPsec is configured on the BIG-IP system undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.Note: Software versions which hav"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-11692 The Zip Attachments plugin for WordPress is vulnerable to unauthorized loss of data due to a missing authorization and capability checks on the download.php file in a"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-55699 Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-39993 In the Linux kernel the following vulnerability has been resolved: media: rc: fix races with imon_disconnect() Syzbot reports a KASAN issue as below: BUG: KASAN: u"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-55688 Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-58132 Command injection in some Zoom Clients for Windows may allow an authenticated user to conduct a disclosure of information via network access"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-59984 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Spaceallows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59184 Exposure of sensitive information to an unauthorized actor in Windows High Availability Services allows an authorized attacker to disclose information locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-59781 When DNS cache is configured on a BIG-IP or BIG-IP Next CNF virtual server undisclosed DNS queries can cause an increase in memory resource utilization. Note: Soft"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-54271 Creative Cloud Desktop versions 6.7.0.278 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to arbitrary f"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-62386 SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database"
X Link @CVEnew 2025-10-13T21:35Z 55.7K followers, XXX engagements
"CVE-2025-55696 Time-of-check time-of-use (toctou) race condition in NtQueryInformation Token function (ntifs.h) allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-61801 Dimension versions 4.1.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-59975 An Uncontrolled Resource Consumption vulnerability in the HTTP daemon (httpd) of Juniper Networks Junos Space allows an unauthenticated network-based attacker floodin"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-20723 In gnss driver there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has al"
X Link @CVEnew 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-59429 FreePBX is an open source GUI for managing Asterisk. In versions prior to 16.0.68.39 for FreePBX XX and versions prior to 17.0.18.38 for FreePBX XX a reflected cross"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-59497 Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Linux allows an authorized attacker to deny service locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XX engagements
"CVE-2025-10038 The Binary MLM Plan plugin for WordPress is vulnerable to limited Privilege Escalation in all versions up to and including XXX. This is due to bmp_user role grantin"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-20719 In wlan AP driver there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege wit"
X Link @CVEnew 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-40811 A vulnerability has been identified in Solid Edge SE2024 (All versions V224.0 Update 14) Solid Edge SE2025 (All versions V225.0 Update 6). The affected applicati"
X Link @CVEnew 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-24052 Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-47989 Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-11646 A vulnerability was detected in Tomofun Furbo XXX and Furbo Mini. This vulnerability affects unknown code of the component GATT Service. The manipulation results in i"
X Link @CVEnew 2025-10-12T21:27Z 55.7K followers, XXX engagements
"CVE-2025-54273 Substance3D - Viewer versions 0.25.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-59223 Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-59241 Improper link resolution before file access ('link following') in Windows Health and Optimized Experiences Service allows an authorized attacker to elevate privileges"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XX engagements
"CVE-2025-10310 The Rich Snippet Site Report plugin for WordPress is vulnerable to SQL Injection via the 'last' parameter in all versions up to and including 2.0.0105 due to insuf"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-41704 An unauthanticated remote attacker can perform a DoS of the Modbus service by sending a specific function and sub-function code without affecting the core functionali"
X Link @CVEnew 2025-10-14T08:45Z 55.7K followers, XXX engagements
"CVE-2025-10869 Stored Cross-site Scripting (XSS) in Oct8ne Chatbot v2.3. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting a mali"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-57780 A vulnerability exists in F5OS-A and F5OS-C system that may allow an authenticated attacker with local access to escalate their privileges. A successful exploit may"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-53868 When running in Appliance mode a highly privileged authenticated attacker with access to SCP and SFTP may be able to bypass Appliance mode restrictions using undiscl"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-11633 A vulnerability was identified in Tomofun Furbo XXX and Furbo Mini. Affected by this issue is some unknown functionality of the component HTTP Traffic Handler. The ma"
X Link @CVEnew 2025-10-12T12:58Z 55.7K followers, XXX engagements
"CVE-2025-10552 A stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in u"
X Link @CVEnew 2025-10-13T07:50Z 55.7K followers, XXX engagements
"CVE-2025-55082 In NetX Duo version before 6.4.4 the component of Eclipse Foundation ThreadX there was a potential out of bound read in _nx_secure_tls_process_clienthello() because"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-11642 A vulnerability was identified in Tomofun Furbo XXX and Furbo Mini. Affected is an unknown function of the component Registration Handler. Such manipulation leads to"
X Link @CVEnew 2025-10-12T19:24Z 55.7K followers, XXX engagements
"CVE-2025-59209 Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements