[GUEST ACCESS MODE: Data is scrambled or limited to provide examples. Make requests using your API key to unlock full data. Check https://lunarcrush.ai/auth for authentication information.]
#  @CVEnew CVE
CVE posts on X about has been, microsoft, elevate, sql the most. They currently have XXXXXX followers and 8996 posts still getting attention that total XXXXXX engagements in the last XX hours.
### Engagements: XXXXXX [#](/creator/twitter::821806287461740544/interactions)
- X Week XXXXXXX +12%
- X Month XXXXXXXXX +20%
- X Months XXXXXXXXX +10%
- X Year XXXXXXXXX -XX%
### Mentions: XXX [#](/creator/twitter::821806287461740544/posts_active)
- X Week XXXXX +42%
- X Month XXXXX +48%
- X Months XXXXXX +23%
- X Year XXXXXX +25%
### Followers: XXXXXX [#](/creator/twitter::821806287461740544/followers)
- X Week XXXXXX +0.04%
- X Month XXXXXX +0.21%
- X Months XXXXXX +2.30%
- X Year XXXXXX +3.50%
### CreatorRank: XXXXXXX [#](/creator/twitter::821806287461740544/influencer_rank)
### Social Influence [#](/creator/twitter::821806287461740544/influence)
---
**Social category influence**
[technology brands](/list/technology-brands) XXXX% [stocks](/list/stocks) XXXX% [social networks](/list/social-networks) XXXX% [finance](/list/finance) XXXX% [gaming](/list/gaming) XXXX% [countries](/list/countries) XXXX% [cryptocurrencies](/list/cryptocurrencies) XXXX%
**Social topic influence**
[has been](/topic/has-been) #3909, [microsoft](/topic/microsoft) #2287, [elevate](/topic/elevate) 0.17%, [sql](/topic/sql) 0.16%, [adobe](/topic/adobe) #780, [injection](/topic/injection) #132, [javascript](/topic/javascript) #639, [bypass](/topic/bypass) 0.11%, [applications](/topic/applications) #292, [excel](/topic/excel) XXX%
**Top accounts mentioned or mentioned by**
[@cveannounce](/creator/undefined) [@transilienceai](/creator/undefined) [@centry_agent](/creator/undefined) [@askperplexity](/creator/undefined) [@blacksnufkin42](/creator/undefined) [@builderioqwikcity](/creator/undefined) [@opennextjscloudflare](/creator/undefined) [@strapicore](/creator/undefined) [@cyanheadsgitmcpserver](/creator/undefined) [@vueclipl](/creator/undefined) [@psytester1](/creator/undefined) [@klsgitbelagavi](/creator/undefined) [@replyaz](/creator/undefined) [@threadreaderapp](/creator/undefined) [@greenbacktick](/creator/undefined) [@basefortify](/creator/undefined) [@batalhao](/creator/undefined) [@vysecurity](/creator/undefined) [@cwecapec](/creator/undefined) [@umidcybers](/creator/undefined)
**Top assets mentioned**
[Microsoft Corp. (MSFT)](/topic/microsoft) [IBM (IBM)](/topic/ibm) [Pegasystems Inc (PEGA)](/topic/$pega) [Alphabet Inc Class A (GOOGL)](/topic/$googl)
### Top Social Posts [#](/creator/twitter::821806287461740544/posts)
---
Top posts by engagements in the last XX hours
"CVE-2025-10228 Session Fixation vulnerability in Rolantis Information Technologies Agentis allows Session Hijacking.This issue affects Agentis: before 4.44"
[X Link](https://x.com/CVEnew/status/1978032040365691233) [@CVEnew](/creator/x/CVEnew) 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-59287 Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network"
[X Link](https://x.com/CVEnew/status/1978171146819567661) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-59998 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
[X Link](https://x.com/CVEnew/status/1976328929037386232) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-62178 WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1 a Reflected Cross-Site Scripting (XSS) vulnerability w"
[X Link](https://x.com/CVEnew/status/1977850829391757641) [@CVEnew](/creator/x/CVEnew) 2025-10-13T21:35Z 55.7K followers, XXX engagements
"CVE-2025-61951 Undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. This issue may occur when a Datagram Transport Layer Security (DTLS) XXX virtual"
[X Link](https://x.com/CVEnew/status/1978545075383882233) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-57567 A remote code execution (RCE) vulnerability exists in the PluXml CMS theme editor specifically in the minify.php file located under the default theme directory (/the"
[X Link](https://x.com/CVEnew/status/1979289046451888370) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-10294 The OwnID Passwordless Login plugin for WordPress is vulnerable to Authentication Bypass in all versions up to and including 1.3.4. This is due to the plugin not pr"
[X Link](https://x.com/CVEnew/status/1978545112134320299) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-58738 Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally"
[X Link](https://x.com/CVEnew/status/1978171191077814275) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-59295 Heap-based buffer overflow in Internet Explorer allows an unauthorized attacker to execute code over a network"
[X Link](https://x.com/CVEnew/status/1978171244014092514) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-10140 The Quick Social Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'quick-login' shortcode in all versions up to and including"
[X Link](https://x.com/CVEnew/status/1978545114093080636) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-55683 Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally"
[X Link](https://x.com/CVEnew/status/1978171219775209603) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-62177 WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1 a SQL Injection vulnerability was identified in the /h"
[X Link](https://x.com/CVEnew/status/1977848645958447365) [@CVEnew](/creator/x/CVEnew) 2025-10-13T21:27Z 55.7K followers, XXX engagements
"CVE-2025-37142 Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could"
[X Link](https://x.com/CVEnew/status/1978198298964963492) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-40809 A vulnerability has been identified in Solid Edge SE2024 (All versions V224.0 Update 14) Solid Edge SE2025 (All versions V225.0 Update 6). The affected applicati"
[X Link](https://x.com/CVEnew/status/1978032044211924995) [@CVEnew](/creator/x/CVEnew) 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-10406 The BlindMatrix e-Commerce WordPress plugin before XXX does not validate some shortcode attributes before using them to generate paths passed to include function/s a"
[X Link](https://x.com/CVEnew/status/1978562093126135905) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-54499 Mattermost versions 10.5.x = 10.5.10 10.11.x = 10.11.2 fail to use constant-time comparison for sensitive string comparisons which allows attackers to exploit timi"
[X Link](https://x.com/CVEnew/status/1978926628974510477) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-55072 Stored cross-site scripting (XSS) vulnerability in desknet's NEO V2.0R1.0 to V9.0R2.0 allow execution of arbitrary JavaScript in a users web browser"
[X Link](https://x.com/CVEnew/status/1978926612809703502) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-10299 The WPBifrst Instant Passwordless Temporary Login Links plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ctl_cre"
[X Link](https://x.com/CVEnew/status/1978545126487240964) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-62241 Insecure Direct Object Reference (IDOR) vulnerability with shipment addresses in Liferay DXP 2023.Q4.1 through 2023.Q4.5 allows remote authenticated users to from one"
[X Link](https://x.com/CVEnew/status/1977820914860654956) [@CVEnew](/creator/x/CVEnew) 2025-10-13T19:37Z 55.7K followers, XXX engagements
"CVE-2025-62179 WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1 a SQL Injection vulnerability was identified in the /h"
[X Link](https://x.com/CVEnew/status/1977850824991936816) [@CVEnew](/creator/x/CVEnew) 2025-10-13T21:35Z 55.7K followers, XXX engagements
"CVE-2025-61675 FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX XX and versions prior to 17.0.6 for"
[X Link](https://x.com/CVEnew/status/1978198210993594555) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-53521 When a BIG-IP APM Access Policy is configured on a virtual server undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End o"
[X Link](https://x.com/CVEnew/status/1978545069042082272) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-59982 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Spaceallows an attacker to inject scr"
[X Link](https://x.com/CVEnew/status/1976328945340645614) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59230 Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978171156470567220) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-59962 An Access of Uninitialized Pointer vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved with BGP sharding configured a"
[X Link](https://x.com/CVEnew/status/1976328959618056562) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-55036 When BIG-IP SSL Orchestrator explicit forward proxy is configured on a virtual server and the proxy connect feature is enabled undisclosed traffic may cause memory c"
[X Link](https://x.com/CVEnew/status/1978545084519141419) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-59290 Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978198227187839433) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-60537 Improper input validation in the component /kafka/ui/serdes/CustomSerdeLoader.java of kafka-ui v0.6.0 to v0.7.2 allows attackers to execute arbitrary code via supplyi"
[X Link](https://x.com/CVEnew/status/1978932619074273722) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-59261 Time-of-check time-of-use (toctou) race condition in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978171152842580024) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:48Z 55.7K followers, XX engagements
"CVE-2025-59277 Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978198234255270349) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-59224 Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally"
[X Link](https://x.com/CVEnew/status/1978171167807852704) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-59987 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Spaceallows an attacker to inject scr"
[X Link](https://x.com/CVEnew/status/1976328940244566057) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-39987 In the Linux kernel the following vulnerability has been resolved: can: hi311x: populate ndo_change_mtu() to prevent buffer overflow Sending an PF_PACKET allows to"
[X Link](https://x.com/CVEnew/status/1978562060888780870) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-8486 A potential vulnerability was reported in PC Manager that could allow a local authenticated user to execute code with elevated privileges"
[X Link](https://x.com/CVEnew/status/1978545056211751313) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-62515 pyquokka is a framework for making data lakes work for time series. In versions 0.3.1 and prior the FlightServer class directly uses pickle.loads() to deserialize ac"
[X Link](https://x.com/CVEnew/status/1979289008208220293) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-48008 When a TCP profile with Multipath TCP (MPTCP) enabled is configured on a virtual server undisclosed traffic along with conditions beyond the attacker's control can c"
[X Link](https://x.com/CVEnew/status/1978545089543860418) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-37145 Arbitrary file download vulnerabilities exist in a low-level interface library in AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful expl"
[X Link](https://x.com/CVEnew/status/1978171143543738744) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:48Z 55.7K followers, XX engagements
"CVE-2025-55682 Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack"
[X Link](https://x.com/CVEnew/status/1978171220806996410) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-10041 The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in thesave_qr_code_to_db() function in all"
[X Link](https://x.com/CVEnew/status/1978562034460393584) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-59299 Delta Electronics DIAScreenlacks proper validation of the user-supplied file. If a user opens a malicious file an attacker can leverage this vulnerability to execut"
[X Link](https://x.com/CVEnew/status/1973951258571444548) [@CVEnew](/creator/x/CVEnew) 2025-10-03T03:20Z 55.7K followers, XXX engagements
"CVE-2025-10243 OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2 12.5.0.4 and 12.4.0.4 allows a remote authenticated attacker with admin privileges to"
[X Link](https://x.com/CVEnew/status/1978112151152648340) [@CVEnew](/creator/x/CVEnew) 2025-10-14T14:54Z 55.7K followers, XXX engagements
"CVE-2025-43281 The issue was addressed with improved authentication. This issue is fixed in macOS Sequoia XXXX. A local attacker may be able to elevate their privileges"
[X Link](https://x.com/CVEnew/status/1978562028852699366) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-59986 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Spaceallows an attacker to inject scr"
[X Link](https://x.com/CVEnew/status/1976328941226066043) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-55320 Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to elevate privi"
[X Link](https://x.com/CVEnew/status/1978198289284501905) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-56749 Creativeitem Academy LMS up to and including XXXX uses a hardcoded default JWT secret for token signing. This predictable secret allows attackers to forge valid JWT t"
[X Link](https://x.com/CVEnew/status/1978562118677835816) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-6894 An Execution with Unnecessary Privileges vulnerability has been identified in Moxas network security appliances and routers. A flaw in the API authorization logic of t"
[X Link](https://x.com/CVEnew/status/1979045631739203934) [@CVEnew](/creator/x/CVEnew) 2025-10-17T04:43Z 55.7K followers, XXX engagements
"CVE-2025-58120 When HTTP/2 Ingress is configured undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.Note: Software versions which have reached En"
[X Link](https://x.com/CVEnew/status/1978545073332863398) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-60855 Reolink Video Doorbell WiFi DB_566128M5MP_W performs insufficient validation of firmware update signatures. This allows attackers to load malicious firmware images r"
[X Link](https://x.com/CVEnew/status/1978932567446557130) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-10045 The onOffice for WP-Websites plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to and including XXX due to insufficie"
[X Link](https://x.com/CVEnew/status/1978562040579928273) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-62646 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote attackers to review the stored audio of conversations between associates"
[X Link](https://x.com/CVEnew/status/1979289052525285813) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-55097 In USBX before 6.4.3 the USB support module for Eclipse Foundation ThreadX there was a potential out of bound read issue in _ux_host_class_audio_streaming_sampling_"
[X Link](https://x.com/CVEnew/status/1979063785785852044) [@CVEnew](/creator/x/CVEnew) 2025-10-17T05:55Z 55.7K followers, XXX engagements
"CVE-2025-62506 MinIO is a high-performance object storage system. In all versions prior to RELEASE.2025-10-15T17-29-55Z a privilege escalation vulnerability allows service accounts"
[X Link](https://x.com/CVEnew/status/1978938150061064545) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:36Z 55.7K followers, XXX engagements
"CVE-2025-10611 Due to an insufficient access control implementation in multiple WSO2 Products authentication and authorization checks for certain REST APIs can be bypassed allowin"
[X Link](https://x.com/CVEnew/status/1978926608938381383) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-59983 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Spaceallows an attacker to inject scr"
[X Link](https://x.com/CVEnew/status/1976328944275362239) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-55334 Cleartext storage of sensitive information in Windows Kernel allows an unauthorized attacker to bypass a security feature locally"
[X Link](https://x.com/CVEnew/status/1978171226175803777) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-11851 A vulnerability has been found in Apeman ID71 EN75.8.53.20. The affected element is an unknown function of the file /set_alias.cgi. Such manipulation of the argument"
[X Link](https://x.com/CVEnew/status/1978926585374728495) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-22831 APTIOV contains a vulnerability in BIOS where an attacker may cause an Out-of-bounds Write by local. Successful exploitation of this vulnerability may lead to data co"
[X Link](https://x.com/CVEnew/status/1978108115855036450) [@CVEnew](/creator/x/CVEnew) 2025-10-14T14:38Z 55.7K followers, XXX engagements
"CVE-2025-48044 Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/policy.ex an"
[X Link](https://x.com/CVEnew/status/1979198257915183159) [@CVEnew](/creator/x/CVEnew) 2025-10-17T14:50Z 55.7K followers, XXX engagements
"CVE-2025-59958 An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on PTX Series allows"
[X Link](https://x.com/CVEnew/status/1976328960679240009) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-0277 HCL BigFix Mobile XXX and earlier are vulnerable to certain insecure directives within the Content Security Policy (CSP). An attacker could trick users into performing"
[X Link](https://x.com/CVEnew/status/1978926624318910882) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-59289 Double free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978171145804505362) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:48Z 55.7K followers, XX engagements
"CVE-2025-11814 The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to 3.21.1 (exclusive) due to insufficient input"
[X Link](https://x.com/CVEnew/status/1978932555866083768) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-39903 In the Linux kernel the following vulnerability has been resolved: of_numa: fix uninitialized memory nodes causing kernel panic When there are memory-only nodes (n"
[X Link](https://x.com/CVEnew/status/1973302174479212861) [@CVEnew](/creator/x/CVEnew) 2025-10-01T08:21Z 55.7K followers, XXX engagements
"CVE-2025-47150 When SNMP is configured on F5OS Appliance and Chassis systems undisclosed requests can cause an increase in SNMP memory resource utilization. Note: Software version"
[X Link](https://x.com/CVEnew/status/1978545086528184343) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-62511 yt-grabber-tui is a C++ terminal user interface application for downloading YouTube content. yt-grabber-tui version XXX contains a Time-of-Check to Time-of-Use (TOCTO"
[X Link](https://x.com/CVEnew/status/1979289015078490164) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-37133 An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mobility Conductor operating system. Successful exploitation could al"
[X Link](https://x.com/CVEnew/status/1978932588799758438) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-59258 Insertion of sensitive information into log file in Active Directory Federation Services allows an unauthorized attacker to disclose information locally"
[X Link](https://x.com/CVEnew/status/1978198236151054490) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-62358 WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1 the log parameter in configuracao_geral.php is vulnera"
[X Link](https://x.com/CVEnew/status/1977850824052408554) [@CVEnew](/creator/x/CVEnew) 2025-10-13T21:35Z 55.7K followers, XXX engagements
"CVE-2025-40000 In the Linux kernel the following vulnerability has been resolved: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() There is a bug observed whe"
[X Link](https://x.com/CVEnew/status/1978562048008102246) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-22258 A heap-based buffer overflow in Fortinet FortiSRA 1.5.0 1.4.0 through 1.4.2 FortiPAM 1.5.0 1.4.0 through 1.4.2 1.3.0 through 1.3.1 1.2.0 1.1.0 through 1.1.2 1"
[X Link](https://x.com/CVEnew/status/1978932602225725627) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-11722 The Woocommerce Category and Products Accordion Panel plugin for WordPress is vulnerable to Local File Inclusion in all versions up to and including XXX via the 'ca"
[X Link](https://x.com/CVEnew/status/1978545124541096340) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-54196 Adobe Connect versions XXXX and earlier are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. An attacker could leverage this vulnerabi"
[X Link](https://x.com/CVEnew/status/1978562122788335717) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-56221 A lack of rate limiting in the login mechanism of SigningHub v8.6.8 allows attackers to bypass authentication via a brute force attack"
[X Link](https://x.com/CVEnew/status/1979289042626703520) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-55332 Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack"
[X Link](https://x.com/CVEnew/status/1978171227207549095) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-62356 A path traversal vulnerability in all versions of the Qodo Qodo Gen IDE enables a threat actor to read arbitrary local files in and outside of current projects on an"
[X Link](https://x.com/CVEnew/status/1979289035748045169) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-41254 STOMP over WebSocket applications may be vulnerable to a security bypass that allows an attacker to send unauthorized messages. Affected Spring Products and Versions"
[X Link](https://x.com/CVEnew/status/1978926598775570866) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-34267 Flowise v3.0.1 3.0.8 and all versions after with 'ALLOW_BUILTIN_DEP' enabled contain an authenticated remote code execution vulnerability and node VM sandbox escape"
[X Link](https://x.com/CVEnew/status/1978198209924149385) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-58724 Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978171202343694410) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-55687 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Resilient File System (ReFS) allows an unauthorized attacker to"
[X Link](https://x.com/CVEnew/status/1978198276429029603) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-10732 The SureForms Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to and including"
[X Link](https://x.com/CVEnew/status/1977975258322719109) [@CVEnew](/creator/x/CVEnew) 2025-10-14T05:50Z 55.7K followers, XXX engagements
"CVE-2025-62389 SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database"
[X Link](https://x.com/CVEnew/status/1977850832738718055) [@CVEnew](/creator/x/CVEnew) 2025-10-13T21:35Z 55.7K followers, XXX engagements
"CVE-2025-37137 Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these"
[X Link](https://x.com/CVEnew/status/1978932583292637450) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-54889 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (SNMP traps manufacturer config"
[X Link](https://x.com/CVEnew/status/1978118125485953108) [@CVEnew](/creator/x/CVEnew) 2025-10-14T15:18Z 55.7K followers, XXX engagements
"CVE-2025-59244 External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network"
[X Link](https://x.com/CVEnew/status/1978171158509089102) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:48Z 55.7K followers, XX engagements
"CVE-2025-20713 In wlan AP driver there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has"
[X Link](https://x.com/CVEnew/status/1978032058409562300) [@CVEnew](/creator/x/CVEnew) 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-61540 SQL injection vulnerability in Ultimate PHP Board 2.2.7 via the username field in lostpassword.php"
[X Link](https://x.com/CVEnew/status/1978932573226307722) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-24833 Stored cross-site scripting (XSS) vulnerability in desknet's NEO versions V4.0R1.0V9.0R2.0 allow execution of arbitrary JavaScript in a users web browser"
[X Link](https://x.com/CVEnew/status/1978926616618090988) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62392 SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database"
[X Link](https://x.com/CVEnew/status/1977848644775604449) [@CVEnew](/creator/x/CVEnew) 2025-10-13T21:27Z 55.7K followers, XXX engagements
"CVE-2025-59481 A vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command that may allow an authenticated attacker with at least resource administra"
[X Link](https://x.com/CVEnew/status/1978545063690170462) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-10700 The Ally Web Accessibility & Usability plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 3.8.0. This is due to"
[X Link](https://x.com/CVEnew/status/1978932556994351254) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-41253 The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An"
[X Link](https://x.com/CVEnew/status/1978926599794770226) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62419 DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13 a JDBC URL injection vulnerability exists in the DB2 and MongoDB data s"
[X Link](https://x.com/CVEnew/status/1979289026239594690) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-53768 Use after free in Xbox allows an authorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978171234216292573) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-6042 The Lisfinity Core - Lisfinity Core plugin used for pebas Lisfinity WordPress theme plugin for WordPress is vulnerable to privilege escalation in all versions up to a"
[X Link](https://x.com/CVEnew/status/1978562097534427621) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-55333 Incomplete comparison with missing factors in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack"
[X Link](https://x.com/CVEnew/status/1978198287178989937) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-61536 FelixRiddle dev-jobs-handlebars XXX uses absolute password-reset (magic) links using the untrusted header and forces the http:// scheme. An attac"
[X Link](https://x.com/CVEnew/status/1978932571070513218) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-58718 Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network"
[X Link](https://x.com/CVEnew/status/1978171204319248395) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-62380 mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Mailgen versions through 2.0.31 contain an HTML injection vulnerab"
[X Link](https://x.com/CVEnew/status/1978545032451039688) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-11900 The iSherlock developed by HGiga has an OS Command Injection vulnerability allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them"
[X Link](https://x.com/CVEnew/status/1979045627360370824) [@CVEnew](/creator/x/CVEnew) 2025-10-17T04:43Z 55.7K followers, XXX engagements
"CVE-2025-11840 A weakness has been identified in GNU Binutils XXXX. The affected element is the function vfinfo of the file ldmisc.c. Executing manipulation can lead to out-of-bound"
[X Link](https://x.com/CVEnew/status/1978926594736447934) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-11839 A security flaw has been discovered in GNU Binutils XXXX. Impacted is the function tg_tag_type of the file prdbg.c. Performing manipulation results in unchecked retur"
[X Link](https://x.com/CVEnew/status/1978926600776192091) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-58720 Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally"
[X Link](https://x.com/CVEnew/status/1978171203358781884) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-61803 Substance3D - Stager versions 3.1.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the c"
[X Link](https://x.com/CVEnew/status/1978198199111233598) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XX engagements
"CVE-2025-59988 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
[X Link](https://x.com/CVEnew/status/1976328939267326295) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-53860 A vulnerability exists in F5OS-A software that allows a highly privileged authenticated attacker to access sensitive FIPS hardware security module (HSM) information o"
[X Link](https://x.com/CVEnew/status/1978545051858067876) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-58715 Integer overflow or wraparound in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978198272528232924) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-10357 The Simple SEO WordPress plugin before 2.0.32 does not sanitise and escape some parameters when outputing them in the page which could allow users with a role as low"
[X Link](https://x.com/CVEnew/status/1977983507654746531) [@CVEnew](/creator/x/CVEnew) 2025-10-14T06:23Z 55.7K followers, XXX engagements
"CVE-2025-59211 Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally"
[X Link](https://x.com/CVEnew/status/1978198251766525956) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-62383 SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database"
[X Link](https://x.com/CVEnew/status/1977850827625968104) [@CVEnew](/creator/x/CVEnew) 2025-10-13T21:35Z 55.7K followers, XXX engagements
"CVE-2025-9548 A potential null pointer dereference vulnerability was reported in the Lenovo Power Management Driver that could allow a local authenticated user to cause a Windows blu"
[X Link](https://x.com/CVEnew/status/1978545055163203980) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-54264 Adobe Commerce versions 2.4.9-alpha2 2.4.8-p2 2.4.7-p7 2.4.6-p12 2.4.5-p14 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting (XSS) Cross-Site S"
[X Link](https://x.com/CVEnew/status/1978562132967841833) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-58778 Multiple versions of RG-EST300 provided by Ruijie Networks provide SSH server functionality. It is not documented in the manual and enabled in the initial configurat"
[X Link](https://x.com/CVEnew/status/1978932552686801152) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-39990 In the Linux kernel the following vulnerability has been resolved: bpf: Check the helper function is valid in get_helper_proto kernel test robot reported verifier"
[X Link](https://x.com/CVEnew/status/1978562058737127632) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-58096 When the database variable tm.tcpudptxchecksumis configured as non-default value Software-onlyon a BIG-IP system undisclosed traffic can cause the Traffic Manageme"
[X Link](https://x.com/CVEnew/status/1978545070073856022) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-20359 Multiple Cisco products are affected by a vulnerability in the Snort X HTTP Decoder that could allow an unauthenticated remote attacker to cause the disclosure of po"
[X Link](https://x.com/CVEnew/status/1978545035777130645) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-62585 Whale browser before 4.33.325.17 allows an attacker to bypass the Content Security Policy via a specific scheme in a dual-tab environment"
[X Link](https://x.com/CVEnew/status/1978926635987431871) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-55684 Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978171218810536122) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-62411 LibreNMS is a community-based GPL-licensed network monitoring system. LibreNMS = 25.8.0 contains a Stored Cross-Site Scripting (XSS) vulnerability in the Alert Tran"
[X Link](https://x.com/CVEnew/status/1978926569335706057) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-59284 Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing locally"
[X Link](https://x.com/CVEnew/status/1978198229259833565) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-55328 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges loc"
[X Link](https://x.com/CVEnew/status/1978171230156214524) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-20709 In wlan AP driver there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege wit"
[X Link](https://x.com/CVEnew/status/1978032062838747144) [@CVEnew](/creator/x/CVEnew) 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-59282 Concurrent execution using shared resource with improper synchronization ('race condition') in Inbox COM Objects allows an unauthorized attacker to execute code local"
[X Link](https://x.com/CVEnew/status/1978198230337802343) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-58153 Under undisclosed traffic conditions along with conditions beyond the attacker's control hardware systems with a High-Speed Bridge (HSB) may experience a lockup of t"
[X Link](https://x.com/CVEnew/status/1978545090508529667) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-55701 Improper validation of specified type of input in Microsoft Windows allows an authorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978198273513918779) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-59206 Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability"
[X Link](https://x.com/CVEnew/status/1978198253716767123) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-59193 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate pr"
[X Link](https://x.com/CVEnew/status/1978171181678358998) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-49201 A weak authentication in Fortinet FortiPAM 1.5.0 1.4.0 through 1.4.2 1.3.0 through 1.3.1 1.2.0 1.1.0 through 1.1.2 1.0.0 through 1.0.3 FortiSwitchManager 7.2.0"
[X Link](https://x.com/CVEnew/status/1978932607888036033) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-39973 In the Linux kernel the following vulnerability has been resolved: i40e: add validation for ring_len param The ring_len parameter provided by the virtual functio"
[X Link](https://x.com/CVEnew/status/1978562076332208602) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-11853 A vulnerability was determined in Sismics Teedy up to XXXX. This affects an unknown function of the file /api/file of the component API Endpoint. Executing manipulati"
[X Link](https://x.com/CVEnew/status/1978926541825270116) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-62176 Mastodon is a free open-source social network server based on ActivityPub. In Mastodon before 4.4.6 4.3.14 and 4.2.27 the streaming server accepts serving events"
[X Link](https://x.com/CVEnew/status/1977848650123341880) [@CVEnew](/creator/x/CVEnew) 2025-10-13T21:27Z 55.7K followers, XXX engagements
"CVE-2025-59836 Omni manages Kubernetes on bare metal virtual machines or in a cloud. Prior to 1.1.5 and 1.0.2 there is a nil pointer dereference vulnerability in the Omni Resour"
[X Link](https://x.com/CVEnew/status/1977839363787563095) [@CVEnew](/creator/x/CVEnew) 2025-10-13T20:50Z 55.7K followers, XXX engagements
"CVE-2025-60009 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
[X Link](https://x.com/CVEnew/status/1976328921689006461) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-55098 In USBX before 6.4.3 the USB support module for Eclipse Foundation ThreadX there was a potential out of bound read issue in _ux_host_class_audio_device_type_get()"
[X Link](https://x.com/CVEnew/status/1979063784779198701) [@CVEnew](/creator/x/CVEnew) 2025-10-17T05:55Z 55.7K followers, XXX engagements
"CVE-2025-61941 A path traversal issue exists in WXR9300BE6P series firmware versions prior to Ver.1.10. Arbitrary file may be altered by an administrative user who logs in to the af"
[X Link](https://x.com/CVEnew/status/1978562084729233876) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-57563 A path traversal in StarNet Communications Corporation FastX v.4 through v4.1.51 allows unauthenticated attackers to read arbitrary files"
[X Link](https://x.com/CVEnew/status/1978932615093850355) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-59993 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
[X Link](https://x.com/CVEnew/status/1976328934318080315) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-41410 Mattermost versions 10.10.x = 10.10.2 10.5.x = 10.5.10 10.11.x = 10.11.2 fail to validate email ownership during Slack import process which allows attackers to c"
[X Link](https://x.com/CVEnew/status/1978926623341588746) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-23356 NVIDIA Isaac Lab contains a vulnerability in SB3 configuration parsing. A successful exploit of this vulnerability might lead to code execution denial of service es"
[X Link](https://x.com/CVEnew/status/1978171139986989318) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:48Z 55.7K followers, XX engagements
"CVE-2025-11577 Clevos UEFI firmware update packages including B10717.exe inadvertently contained private signing keys used for Boot Guard and Boot Policy Manifest verification. T"
[X Link](https://x.com/CVEnew/status/1978932596978716917) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-39966 In the Linux kernel the following vulnerability has been resolved: iommufd: Fix race during abort for file descriptors fput() doesn't actually call file_operations"
[X Link](https://x.com/CVEnew/status/1978562083647070374) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-20715 In wlan AP driver there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has"
[X Link](https://x.com/CVEnew/status/1978032054949347459) [@CVEnew](/creator/x/CVEnew) 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-41020 Insecure direct object reference (IDOR) vulnerability in Sergestec's Exito v8.0. This vulnerability allows an attacker to access data belonging to other customers thr"
[X Link](https://x.com/CVEnew/status/1978926631818231871) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-61907 Icinga X is an open source monitoring system. In Icinga X versions XXX through 2.15.0 filter expressions provided to the various /v1/objects endpoints could access v"
[X Link](https://x.com/CVEnew/status/1978926578412195863) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-53139 Cleartext transmission of sensitive information in Windows Hello allows an unauthorized attacker to bypass a security feature locally"
[X Link](https://x.com/CVEnew/status/1978171235176734863) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-9955 An improper access control vulnerability exists in WSO2 Enterprise Integrator product due to insufficient permission restrictions on internal SOAP admin services relate"
[X Link](https://x.com/CVEnew/status/1978926607952699739) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-54603 An incorrect OIDC authentication flow in Claroty Secure Access 3.3.0 through 4.0.2 can result in unauthorized user creation or impersonation of existing OIDC users"
[X Link](https://x.com/CVEnew/status/1978932614057857343) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-10312 The Theme Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including XXX. This is due to missing nonce validation"
[X Link](https://x.com/CVEnew/status/1978545118262198537) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-61802 Substance3D - Stager versions 3.1.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the cur"
[X Link](https://x.com/CVEnew/status/1978198200231031225) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-40773 A vulnerability has been identified in SiPass integrated (All versions V3.0). Affected server applications contains a broken access control vulnerability. The autho"
[X Link](https://x.com/CVEnew/status/1978032045960892880) [@CVEnew](/creator/x/CVEnew) 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-59995 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
[X Link](https://x.com/CVEnew/status/1976328932157948288) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-55669 When the BIG-IP Advanced WAF and ASM security policy and a server-side HTTP/2 profile are configured on a virtual server undisclosed traffic can cause the Traffic Ma"
[X Link](https://x.com/CVEnew/status/1978545088486908386) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-0276 HCL BigFix Modern Client Management (MCM) XXX and earlier are vulnerable to certain insecure directives within the Content Security Policy (CSP). An attacker could tri"
[X Link](https://x.com/CVEnew/status/1978926626206335454) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-55099 In USBX before 6.4.3 the USB support module for Eclipse Foundation ThreadX there was a potential out of bound read issue in _ux_host_class_audio_alternate_setting_l"
[X Link](https://x.com/CVEnew/status/1979063783822888998) [@CVEnew](/creator/x/CVEnew) 2025-10-17T05:55Z 55.7K followers, XXX engagements
"CVE-2025-46752 A insertion of sensitive information into log file in Fortinet FortiDLP 12.0.0 through 12.0.5 11.5.1 11.4.6 11.4.5 allows attacker to information disclosure via re"
[X Link](https://x.com/CVEnew/status/1978926601757679865) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-25298 Strapi is an open source headless CMS. The @strapi/core package before version 5.10.3 does not enforce a maximum password length when using bcryptjs for password hash"
[X Link](https://x.com/CVEnew/status/1978926583411851569) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62579 ASDA-Soft Stack-based Buffer Overflow Vulnerability"
[X Link](https://x.com/CVEnew/status/1978932559137640744) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-40810 A vulnerability has been identified in Solid Edge SE2024 (All versions V224.0 Update 14) Solid Edge SE2025 (All versions V225.0 Update 6). The affected applicati"
[X Link](https://x.com/CVEnew/status/1978032043276603890) [@CVEnew](/creator/x/CVEnew) 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-53856 When a virtual server network address translation (NAT) object or secure network address translation (SNAT) object uses the embedded Packet Velocity Acceleration (e"
[X Link](https://x.com/CVEnew/status/1978545076394664202) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-59980 An Authentication Bypass by Primary Weakness in the FTP server of Juniper Networks Junos OS allows an unauthenticated network-based attacker to get limited read-wri"
[X Link](https://x.com/CVEnew/status/1976328947454574715) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-11728 The Oceanpayment CreditCard Gateway plugin for WordPress is vulnerable to unauthenticated and unauthorized modification of data due to missing authentication and capa"
[X Link](https://x.com/CVEnew/status/1978545108166566259) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-62495 An integer overflow vulnerability exists in the QuickJS regular expression engine (libregexp) due to an inconsistent representation of the bytecode buffer size. *"
[X Link](https://x.com/CVEnew/status/1978926587446763849) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62648 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote attackers to adjust Drive Thru speaker audio volume"
[X Link](https://x.com/CVEnew/status/1979289054517588013) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-53858 ChatLuck contains a cross-site scripting vulnerability in Chat Rooms. If exploited an arbitrary script may be executed on the web browser of the user who is accessin"
[X Link](https://x.com/CVEnew/status/1978926620464369839) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-39998 In the Linux kernel the following vulnerability has been resolved: scsi: target: target_core_configfs: Add length check to avoid buffer overflow A buffer overflow"
[X Link](https://x.com/CVEnew/status/1978562050184892845) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-60006 Multiple instances of an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the CLI of Juniper Networks Jun"
[X Link](https://x.com/CVEnew/status/1976328922796261806) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-11905 A vulnerability was found in yanyutao0402 ChanCMS up to 3.3.2. This vulnerability affects the function getArticle of the file appmodulescmscontrollergather.js. Th"
[X Link](https://x.com/CVEnew/status/1979289036687618333) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-39970 In the Linux kernel the following vulnerability has been resolved: i40e: fix input validation logic for action_meta Fix condition to check 'greater or equal' to pr"
[X Link](https://x.com/CVEnew/status/1978562079448584282) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-20351 A vulnerability in the web UI of Cisco Desk Phone 9800 Series Cisco IP Phone 7800 and 8800 Series and Cisco Video Phone 8875 running Cisco SIP Software could allow"
[X Link](https://x.com/CVEnew/status/1978545036850774325) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-54281 Adobe Framemaker versions 2020.9 2022.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of th"
[X Link](https://x.com/CVEnew/status/1978198217440244071) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-11176 The Quick Featured Images plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to and including 13.7.2 via the qfi_set_thumbnai"
[X Link](https://x.com/CVEnew/status/1978562098645942436) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-49553 Adobe Connect versions XXXX and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute malicio"
[X Link](https://x.com/CVEnew/status/1978562121789997149) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-59204 Use of uninitialized resource in Windows Management Services allows an authorized attacker to disclose information locally"
[X Link](https://x.com/CVEnew/status/1978198254614393299) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-41707 The websocket handler is vulnerable to a denial of service condition. An unauthenticated remote attacker can send a crafted websocket message to trigger the issue wit"
[X Link](https://x.com/CVEnew/status/1978019314705080718) [@CVEnew](/creator/x/CVEnew) 2025-10-14T08:45Z 55.7K followers, XXX engagements
"CVE-2025-59201 Improper access control in Network Connection Status Indicator (NCSI) allows an authorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978198256522846337) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-34513 IleviaEVE X1 Server firmware versions 4.7.18.0.eden contain an OS command injection vulnerability in mbus_build_from_csv.phpthat allows an unauthenticated attacke"
[X Link](https://x.com/CVEnew/status/1978926567339233587) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-59228 Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network"
[X Link](https://x.com/CVEnew/status/1978198250805977316) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-47890 An URL Redirection to Untrusted Site vulnerabilities CWE-601 in FortiOS 7.6.0 through 7.6.2 7.4.0 through 7.4.8 XXX all versions XXX all versions XXX all versio"
[X Link](https://x.com/CVEnew/status/1978932605530837305) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-55685 Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978198278542934131) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-39985 In the Linux kernel the following vulnerability has been resolved: can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow Sending an PF_PACKET allows"
[X Link](https://x.com/CVEnew/status/1978562063136960759) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-11842 A security vulnerability has been detected in Shazwazza Smidge up to 4.5.1. The impacted element is an unknown function of the component Bundle Handler. The manipulat"
[X Link](https://x.com/CVEnew/status/1978926593583071507) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-54276 Substance3D - Modeler versions 1.22.3 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file which could result in a read past t"
[X Link](https://x.com/CVEnew/status/1978198219470340107) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-59231 Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally"
[X Link](https://x.com/CVEnew/status/1978198249891615045) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-55338 Missing Ability to Patch ROM Code in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack"
[X Link](https://x.com/CVEnew/status/1978198284268089719) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-54755 A directory traversal vulnerability exists in TMUI that allows an authenticated attacker to access files which are not limited to the intended files. Note: Software"
[X Link](https://x.com/CVEnew/status/1978545060334715169) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-59189 Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978171185688138002) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-57741 An Incorrect Permission Assignment for Critical Resource vulnerability CWE-732 in FortiClientMac 7.4.0 through 7.4.3 7.2.0 through 7.2.11 XXX all versions may all"
[X Link](https://x.com/CVEnew/status/1978932606671687885) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-11719 Starting in Firefox XXX the use of the native messaging API by web extensions on Windows could lead to crashes caused by use-after-free memory corruption. This vulne"
[X Link](https://x.com/CVEnew/status/1978085827327484319) [@CVEnew](/creator/x/CVEnew) 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-46706 When an iRule containing the HTTP::respond command is configured on a virtual server undisclosed requests can cause an increase in memory resource utilization.Note:"
[X Link](https://x.com/CVEnew/status/1978545087488594179) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-62385 SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database"
[X Link](https://x.com/CVEnew/status/1977850830255779882) [@CVEnew](/creator/x/CVEnew) 2025-10-13T21:35Z 55.7K followers, XXX engagements
"CVE-2025-62374 Parse Javascript SDK provides access to the powerful Parse Server backend from your JavaScript app. Prior to 7.0.0 injection of malicious payload allows attacker to"
[X Link](https://x.com/CVEnew/status/1978198198003831282) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XX engagements
"CVE-2025-59196 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privilege"
[X Link](https://x.com/CVEnew/status/1978198259475648852) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-58133 Authentication bypass in some Zoom Rooms Clients before version 6.5.1 may allow an unauthenticated user to conduct a disclosure of information via network access"
[X Link](https://x.com/CVEnew/status/1978545040046862367) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-60540 karakeep v0.26.0 to v0.7.0 was discovered to contain a Server-Side Request Forgery (SSRF)"
[X Link](https://x.com/CVEnew/status/1978932621133648302) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-34255 D-Link Nuclias Connect firmware versions = 1.3.1.4 contain an observable response discrepancy vulnerability.The application's 'Forgot Password' endpoint returns dis"
[X Link](https://x.com/CVEnew/status/1978926548586496385) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-54891 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (ACL Resource access configurat"
[X Link](https://x.com/CVEnew/status/1978118121979630016) [@CVEnew](/creator/x/CVEnew) 2025-10-14T15:18Z 55.7K followers, XXX engagements
"CVE-2025-53782 Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978198295013994549) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-50175 Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978171236112040308) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2024-33507 An insufficient session expiration vulnerability CWE-613 and an incorrect authorization vulnerability CWE-863 in FortiIsolator 2.4.0 through 2.4.4 XXX all versio"
[X Link](https://x.com/CVEnew/status/1978123686046560575) [@CVEnew](/creator/x/CVEnew) 2025-10-14T15:40Z 55.7K followers, XXX engagements
"CVE-2025-40771 A vulnerability has been identified in SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions V2.4.24) SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions"
[X Link](https://x.com/CVEnew/status/1978032047705755722) [@CVEnew](/creator/x/CVEnew) 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-58725 Heap-based buffer overflow in Windows COM allows an authorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978171201265738167) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-62168 Squid is a caching proxy for the Web. In Squid versions prior to XXX a failure to redact HTTP authentication credentials in error handling allows information disclos"
[X Link](https://x.com/CVEnew/status/1979289031549575361) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62492 A vulnerability stemming from floating-point arithmetic precision errors exists in the QuickJS engine's implementation of TypedArray.prototype.indexOf() when a negati"
[X Link](https://x.com/CVEnew/status/1978926590336585849) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-55677 Untrusted pointer dereference in Windows Device Association Broker service allows an authorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978198280438767619) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-58474 When BIG-IP Advanced WAF is configured on a virtual server with Server-Side Request Forgery (SSRF) protection or when an NGINX server is configured with App Protect B"
[X Link](https://x.com/CVEnew/status/1978545093490753782) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-10730 The Wp tabber widget plugin for WordPress is vulnerable to SQL Injection via the 'wp-tabber-widget' shortcode in all versions up to and including XXX due to insuffi"
[X Link](https://x.com/CVEnew/status/1978562038642221488) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-58079 Improper Protection of Alternate Path (CWE-424) in the AppSuite of desknet's NEO V4.0R1.0 to V9.0R2.0 allows an attacker to create malicious AppSuite applications"
[X Link](https://x.com/CVEnew/status/1978926611845013797) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-58739 Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network"
[X Link](https://x.com/CVEnew/status/1978171190012477569) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-41430 When BIG-IP SSL Orchestrator is enabled undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have re"
[X Link](https://x.com/CVEnew/status/1978545081436229962) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-54266 Adobe Commerce versions 2.4.9-alpha2 2.4.8-p2 2.4.7-p7 2.4.6-p12 2.4.5-p14 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerabilit"
[X Link](https://x.com/CVEnew/status/1978562128316391784) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-59967 A NULL Pointer Dereference vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved on ACX7024ACX7024XACX7100-32CACX7100-48"
[X Link](https://x.com/CVEnew/status/1976328953515344256) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-9124 A denial-of-service security issue in the affected product. The security issue stems from a fault occurring when a crafted CIP unconnected explicit message is sent. Thi"
[X Link](https://x.com/CVEnew/status/1978085839084175860) [@CVEnew](/creator/x/CVEnew) 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-59186 Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally"
[X Link](https://x.com/CVEnew/status/1978198261551771837) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-11925 Incorrect Content-Type header in one of the APIs (text/html instead of application/json) replies may potentially allow injection of HTML/JavaScript into reply.Thi"
[X Link](https://x.com/CVEnew/status/1979289014109663233) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-39995 In the Linux kernel the following vulnerability has been resolved: media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe The state-timer i"
[X Link](https://x.com/CVEnew/status/1978562053292839126) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-55686 Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978198277452333333) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-11898 Agentflow developed by Flowring has an Arbitrary File Reading vulnerability allowing unauthenticated remote attackers to exploit Relative Path Traversal to download"
[X Link](https://x.com/CVEnew/status/1979045629214277753) [@CVEnew](/creator/x/CVEnew) 2025-10-17T04:43Z 55.7K followers, XXX engagements
"CVE-2025-60514 Tillywork v0.1.3 and below is vulnerable to SQL Injection in app/common/helpers/query.builder.helper.ts"
[X Link](https://x.com/CVEnew/status/1979289047311806946) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-58717 Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network"
[X Link](https://x.com/CVEnew/status/1978198269550354641) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-59195 Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to deny serv"
[X Link](https://x.com/CVEnew/status/1978198260440293582) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-60004 An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an"
[X Link](https://x.com/CVEnew/status/1976328923811283138) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-20714 In wlan AP driver there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has"
[X Link](https://x.com/CVEnew/status/1978032057516265913) [@CVEnew](/creator/x/CVEnew) 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-61798 Dimension versions 4.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file which could result in a read past the end of an"
[X Link](https://x.com/CVEnew/status/1978198205410979950) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XX engagements
"CVE-2025-59234 Use after free in Microsoft Office allows an unauthorized attacker to execute code locally"
[X Link](https://x.com/CVEnew/status/1978198248025112800) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-10139 The WP BookWidgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bw_link' shortcode in all versions up to and including XXX du"
[X Link](https://x.com/CVEnew/status/1978562045877387355) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-55690 Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978171216365289978) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-59190 Improper input validation in Microsoft Windows Search Component allows an unauthorized attacker to deny service locally"
[X Link](https://x.com/CVEnew/status/1978171184643805400) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-59243 Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally"
[X Link](https://x.com/CVEnew/status/1978198242182508925) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-59989 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
[X Link](https://x.com/CVEnew/status/1976328938331963879) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-39977 In the Linux kernel the following vulnerability has been resolved: futex: Prevent use-after-free during requeue-PI syzbot managed to trigger the following race:"
[X Link](https://x.com/CVEnew/status/1978562072225939588) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-46581 ZTE's ZXCDN product is affected by a Struts remote code execution (RCE) vulnerability. An unauthenticated attacker can remotely execute commands with non-root privil"
[X Link](https://x.com/CVEnew/status/1978027335489343864) [@CVEnew](/creator/x/CVEnew) 2025-10-14T09:17Z 55.7K followers, XXX engagements
"CVE-2025-61514 An arbitrary file upload vulnerability in SageMath Inc CoCalc before commit 0d2ff58 allows attackers to execute arbitrary code via uploading a crafted SVG file"
[X Link](https://x.com/CVEnew/status/1978932569862476001) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-10706 The Classified Pro theme for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check in the 'cwp_addons_update_plugin_cb' functi"
[X Link](https://x.com/CVEnew/status/1978932548286976151) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-10575 The WP jQuery Pager plugin for WordPress is vulnerable to SQL Injection via the 'ids' shortcode attribute parameter handled by the WPJqueryPaged::get_gallery_page_img"
[X Link](https://x.com/CVEnew/status/1978562036482130167) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-11912 A flaw has been found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. Affected is the function Query of the file /DeviceState.doAction=Query. This manipulatio"
[X Link](https://x.com/CVEnew/status/1979289013153407183) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-60535 A Cross-Site Request Forgery (CSRF) in the component /endpoints/currency/currency of Wallos v4.1.1 allows attackers to execute arbitrary operations via a crafted GET"
[X Link](https://x.com/CVEnew/status/1978932616985481551) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-62424 ClipBucket is a web-based video-sharing platform. In ClipBucket version 5.5.2 - #146 and earlier the /admin_area/template_editor.php endpoint is vulnerable to path t"
[X Link](https://x.com/CVEnew/status/1979289024931008747) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-40774 A vulnerability has been identified in SiPass integrated (All versions V3.0). Affected server applications store user passwords encrypted in its database. Decryptio"
[X Link](https://x.com/CVEnew/status/1978032045088526552) [@CVEnew](/creator/x/CVEnew) 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-11493 The ConnectWise Automate Agent does not fully verify the authenticity of files downloaded from the server such as updates dependencies and integrations. This creat"
[X Link](https://x.com/CVEnew/status/1978926544111243356) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-61539 Cross site scripting (XSS) vulnerability in Ultimate PHP Board 2.2.7 via the u_name parameter in lostpassword.php"
[X Link](https://x.com/CVEnew/status/1978932572215480562) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-11864 A vulnerability was identified in NucleoidAI Nucleoid up to 0.7.10. The impacted element is the function extension.apply of the file /src/cluster.ts of the component"
[X Link](https://x.com/CVEnew/status/1978938151059230861) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:36Z 55.7K followers, XXX engagements
"CVE-2025-10303 The Library Management System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the owt7_library_management"
[X Link](https://x.com/CVEnew/status/1978545116983001335) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-34516 IleviaEVE X1 Server firmware versions 4.7.18.0.eden contain a use of default credentials vulnerabilitythat allows an unauthenticated attacker to obtain remote acc"
[X Link](https://x.com/CVEnew/status/1978926568333283592) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-11911 A vulnerability was detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. This impacts the function Query of the file /DeviceFault.doAction=Query. The mani"
[X Link](https://x.com/CVEnew/status/1979289016240370039) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-39976 In the Linux kernel the following vulnerability has been resolved: futex: Use correct exit on failure from futex_hash_allocate_default() copy_process() uses the wr"
[X Link](https://x.com/CVEnew/status/1978562073308119359) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-60010 A password aging vulnerability in the RADIUS client of Juniper Networks Junos OS and Junos OS Evolved allows an authenticated network-based attacker to access the de"
[X Link](https://x.com/CVEnew/status/1976328920585863334) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-55339 Out-of-bounds read in Windows NDIS allows an authorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978198283320246378) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-39979 In the Linux kernel the following vulnerability has been resolved: net/mlx5: fs fix UAF in flow counter release Fix a kernel trace X caused by releasing an HWS"
[X Link](https://x.com/CVEnew/status/1978562070149742970) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-55087 In NextX Duo's snmp addon versions before 6.4.4 a part of the Eclipse Foundation ThreadX an attacker could cause an out-of-bound read by a crafted SNMPv3 security p"
[X Link](https://x.com/CVEnew/status/1979087859127849402) [@CVEnew](/creator/x/CVEnew) 2025-10-17T07:31Z 55.7K followers, XXX engagements
"CVE-2025-8429 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (ACL Action access configuration"
[X Link](https://x.com/CVEnew/status/1978123674394771614) [@CVEnew](/creator/x/CVEnew) 2025-10-14T15:40Z 55.7K followers, XXX engagements
"CVE-2025-36128 IBM MQ XXX XXX XXX XXX LTS and XXX XXX CD is vulnerable to a denial of service caused by improper enforcement of the timeout on individual read operations. By co"
[X Link](https://x.com/CVEnew/status/1978926580433850378) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-8561 The Ova Advent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to and including 1.1.7 due to insuffic"
[X Link](https://x.com/CVEnew/status/1978562096355741784) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-34519 IleviaEVE X1 Server firmware versions 4.7.18.0.eden contain an insecure hashing algorithm vulnerability.The product stores passwords using the MD5 hash function w"
[X Link](https://x.com/CVEnew/status/1978926562201235484) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-8430 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Commands Connectors configuratio"
[X Link](https://x.com/CVEnew/status/1978932587721822431) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-34518 IleviaEVE X1 Server firmware versions 4.7.18.0.eden contain a relative path traversal vulnerabilityinget_file_content.phpthat allows an attacker to read arbitra"
[X Link](https://x.com/CVEnew/status/1978926564239634611) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-60279 A server-side request forgery (SSRF) vulnerability in Illia Cloud illia-Builder before v4.8.5 allows authenticated users to send arbitrary requests to internal servic"
[X Link](https://x.com/CVEnew/status/1979289039736820130) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-59997 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
[X Link](https://x.com/CVEnew/status/1976328930127917096) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59253 Improper access control in Microsoft Windows Search Component allows an authorized attacker to deny service locally"
[X Link](https://x.com/CVEnew/status/1978171155438862444) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:48Z 55.7K followers, XX engagements
"CVE-2025-62171 ImageMagick is an open source software suite for displaying converting and editing raster image files. In ImageMagick versions prior to 7.1.2-7 and 6.9.13-32 an in"
[X Link](https://x.com/CVEnew/status/1979289030672998674) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-55700 Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network"
[X Link](https://x.com/CVEnew/status/1978198274491265186) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-37135 Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these"
[X Link](https://x.com/CVEnew/status/1978932585410805982) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-59257 Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network"
[X Link](https://x.com/CVEnew/status/1978198237098975588) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-54274 Substance3D - Viewer versions 0.25.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the cont"
[X Link](https://x.com/CVEnew/status/1978198221357719588) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-9068 A security issue exists within the Rockwell Automation Driver Package x64 Microsoft Installer File (MSI) repair functionality installed with FTLinx. Authenticated atta"
[X Link](https://x.com/CVEnew/status/1978085840044577251) [@CVEnew](/creator/x/CVEnew) 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-59233 Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally"
[X Link](https://x.com/CVEnew/status/1978198248914379205) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-59280 Improper authentication in Windows SMB Client allows an unauthorized attacker to perform tampering over a network"
[X Link](https://x.com/CVEnew/status/1978198233324113962) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-10051 The Demo Import Kit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to and including 1.1.0 via t"
[X Link](https://x.com/CVEnew/status/1978545128538279943) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-62410 In versions before 20.0.2 it was found that --disallow-code-generation-from-strings is not sufficient for isolating untrusted JavaScript in happy-dom. The untrusted"
[X Link](https://x.com/CVEnew/status/1978545025048105010) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-43313 A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13.7.7 macOS Sonoma 14.7.7 macOS Sequoia XXXX. An app may be able to ac"
[X Link](https://x.com/CVEnew/status/1978562026348707930) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-9437 A security issue exists within the Studio 5000 Logix Designer add-on profile (AOP) for the ArmorStart Classic distributed motor controller resulting in denial-of-servi"
[X Link](https://x.com/CVEnew/status/1978085843907563683) [@CVEnew](/creator/x/CVEnew) 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2024-42192 HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a credential leakage which could allow an attacker to access other computers or applications"
[X Link](https://x.com/CVEnew/status/1978926540558573952) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-54265 Adobe Commerce versions 2.4.9-alpha2 2.4.8-p2 2.4.7-p7 2.4.6-p12 2.4.5-p14 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. An att"
[X Link](https://x.com/CVEnew/status/1978562131705356741) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-54283 Illustrator versions XXXX 28.7.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the"
[X Link](https://x.com/CVEnew/status/1978198212017090784) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-37143 An arbitrary file download vulnerability exists in the web-based management interface of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successf"
[X Link](https://x.com/CVEnew/status/1978198270494052444) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-62414 Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7 the Create New Customer feature (in the admin panel) is vulnerable to Cross-Site Scripting"
[X Link](https://x.com/CVEnew/status/1978926555783959017) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-58732 Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally"
[X Link](https://x.com/CVEnew/status/1978198265532121521) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-59300 Delta Electronics DIAScreenlacks proper validation of the user-supplied file. If a user opens a malicious file an attacker can leverage this vulnerability to execut"
[X Link](https://x.com/CVEnew/status/1973951257556537836) [@CVEnew](/creator/x/CVEnew) 2025-10-03T03:20Z 55.7K followers, XXX engagements
"CVE-2025-48004 Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978198296955875546) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-59991 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
[X Link](https://x.com/CVEnew/status/1976328936247468488) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-58730 Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally"
[X Link](https://x.com/CVEnew/status/1978171196962435088) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-62645 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows a remote authenticated attacker to obtain a token with administrative privilege"
[X Link](https://x.com/CVEnew/status/1979289051145408762) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-53474 When an iRule using an ILX::callcommand is configured on a virtual server undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note"
[X Link](https://x.com/CVEnew/status/1978545097483616350) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-10682 The TARIFFUXX plugin for WordPress is vulnerable to SQL Injection in versions up to and including XXX. This is due to insufficient neutralization of user-supplied i"
[X Link](https://x.com/CVEnew/status/1978545102680404083) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-61990 When using a multi-bladed platform with more than one blade undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software vers"
[X Link](https://x.com/CVEnew/status/1978545046501933297) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-61922 PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5 missing validation on the Express Chec"
[X Link](https://x.com/CVEnew/status/1978926574339530840) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-2529 Applications using affected versions of Ehcache 3.x can experience degraded cache-write performance if the application using Ehcache utilizes keys sourced from (malicio"
[X Link](https://x.com/CVEnew/status/1978545045440774441) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-58426 desknet's NEO V4.0R1.0 to V9.0R2.0 contains a hard-coded cryptographic key which allows an attacker to create malicious AppSuite applications"
[X Link](https://x.com/CVEnew/status/1978926610918076755) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-55695 Out-of-bounds read in Windows WLAN Auto Config Service allows an authorized attacker to disclose information locally"
[X Link](https://x.com/CVEnew/status/1978171210946191651) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-24990 Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of"
[X Link](https://x.com/CVEnew/status/1978198291222290680) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-55094 In NetX Duo before 6.4.4 the networking support module for Eclipse Foundation ThreadX there was a potential out of bound read issue in _nx_icmpv6_validate_options("
[X Link](https://x.com/CVEnew/status/1979063787593637904) [@CVEnew](/creator/x/CVEnew) 2025-10-17T05:55Z 55.7K followers, XXX engagements
"CVE-2025-56747 Creativeitem Academy LMS up to and including XXXX contains a privilege escalation vulnerability in the Api_instructor controller where regular authenticated users can"
[X Link](https://x.com/CVEnew/status/1978118129445417253) [@CVEnew](/creator/x/CVEnew) 2025-10-14T15:18Z 55.7K followers, XXX engagements
"CVE-2025-61955 A vulnerability exists in F5OS-A and F5OS-C systems that may allow an authenticated attacker with local access to escalate their privileges. A successful exploit may"
[X Link](https://x.com/CVEnew/status/1978545065913172413) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-10986 Path traversal in the admin panel of Ivanti EPMM before version 12.6.0.2 12.5.0.4 and 12.4.0.4 allows a remote authenticated attacker with admin privileges to write"
[X Link](https://x.com/CVEnew/status/1978112147902156853) [@CVEnew](/creator/x/CVEnew) 2025-10-14T14:54Z 55.7K followers, XXX engagements
"CVE-2025-60360 radare2 v5.9.8 and before contains a memory leak in the function r2r_subprocess_init"
[X Link](https://x.com/CVEnew/status/1979198259769020584) [@CVEnew](/creator/x/CVEnew) 2025-10-17T14:50Z 55.7K followers, XXX engagements
"CVE-2025-59976 An arbitrary file download vulnerability in the web interface of Juniper Networks Junos Space allows a network-based authenticated attacker using a crafted GET method"
[X Link](https://x.com/CVEnew/status/1976328949530808449) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-62490 In quickjs in js_print_object when printing an array the function first fetches the array length and then loops over it.The issue is printing a value is not side"
[X Link](https://x.com/CVEnew/status/1978926592517685500) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62505 LobeChat is an open source chat application platform. The web-crawler package in LobeChat version 1.136.1 allows server-side request forgery (SSRF) in the tools.searc"
[X Link](https://x.com/CVEnew/status/1979289022645067978) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-27906 IBM Content Navigator 3.0.11 3.0.15 3.1.0 and 3.2.0 could expose the directory listing of the application upon using an application URL. Application files and fold"
[X Link](https://x.com/CVEnew/status/1978108111685853198) [@CVEnew](/creator/x/CVEnew) 2025-10-14T14:38Z 55.7K followers, XXX engagements
"CVE-2025-55697 Heap-based buffer overflow in Azure Local allows an authorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978171208551285152) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-54270 Animate versions 23.0.13 24.0.10 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to memory exposure. An attacker could leverage"
[X Link](https://x.com/CVEnew/status/1978562115460821395) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-9804 An improper access control vulnerability exists in multiple WSO2 products due to insufficient permission enforcement in certain internal SOAP Admin Services and System"
[X Link](https://x.com/CVEnew/status/1978926606971203627) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-20712 In wlan AP driver there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege wit"
[X Link](https://x.com/CVEnew/status/1978032065367908411) [@CVEnew](/creator/x/CVEnew) 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-54269 Animate versions 23.0.13 24.0.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this"
[X Link](https://x.com/CVEnew/status/1978562114412237295) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-33177 NVIDIA Jetson Linux and IGX OS contain a vulnerability in NvMap where improper tracking of memory allocations could allow a local attacker to cause memory overalloca"
[X Link](https://x.com/CVEnew/status/1978198214999195978) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-37140 Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could"
[X Link](https://x.com/CVEnew/status/1978932579773616473) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-6949 An Execution with Unnecessary Privileges vulnerability has been identified in Moxas network security appliances and routers. A critical authorization flaw in the API a"
[X Link](https://x.com/CVEnew/status/1979045630887837755) [@CVEnew](/creator/x/CVEnew) 2025-10-17T04:43Z 55.7K followers, XXX engagements
"CVE-2025-55337 Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack"
[X Link](https://x.com/CVEnew/status/1978171225156546768) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-59292 External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978198225296228707) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-62491 A Use-After-Free (UAF) vulnerability exists in the QuickJS engine's standard library when iterating over the global list of unhandled rejected promises (ts-rejected_"
[X Link](https://x.com/CVEnew/status/1978926591523635471) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62353 A path traversal vulnerability in all versions of the Windsurf IDE enables a threat actor to read and write arbitrary local files in and outside of current projects o"
[X Link](https://x.com/CVEnew/status/1979289038667284556) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-11708 Use-after-free in MediaTrackGraphImpl::GetInstance() This vulnerability affects Firefox XXX Firefox ESR XXXXX Thunderbird XXX and Thunderbird 140.4"
[X Link](https://x.com/CVEnew/status/1978085832847192320) [@CVEnew](/creator/x/CVEnew) 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-58727 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacke"
[X Link](https://x.com/CVEnew/status/1978171198942093567) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-60361 radare2 v5.9.8 and before contains a memory leak in the function bochs_open"
[X Link](https://x.com/CVEnew/status/1979204793097949338) [@CVEnew](/creator/x/CVEnew) 2025-10-17T15:16Z 55.7K followers, XXX engagements
"CVE-2025-11492 In the ConnectWise Automate Agent communications could be configured to use HTTP instead of HTTPS. In such cases an on-path threat actor with a man-in-the-middle ne"
[X Link](https://x.com/CVEnew/status/1978926545268776961) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-58722 Heap-based buffer overflow in Windows DWM allows an authorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978198267444756868) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-61958 A vulnerability exists in the iHealth command that may allow an authenticated attacker with at least a resource administrator role to bypass tmshrestrictions and gai"
[X Link](https://x.com/CVEnew/status/1978545068052189581) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-20360 Multiple Cisco products are affected by a vulnerability in the Snort X HTTP Decoder that could allow an unauthenticated remote attacker to cause the Snort X Detectio"
[X Link](https://x.com/CVEnew/status/1978545034749522179) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-11714 Memory safety bugs present in Firefox ESR XXXXXX Firefox ESR XXXXX Thunderbird ESR XXXXX Firefox XXX and Thunderbird XXX. Some of these bugs showed evidence of mem"
[X Link](https://x.com/CVEnew/status/1978085833983852960) [@CVEnew](/creator/x/CVEnew) 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-50174 Use after free in Windows Device Association Broker service allows an authorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978198295957606585) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-11713 Insufficient escaping in the Copy as cURL feature could have been used to trick a user into executing unexpected code on Windows. This did not affect Firefox runnin"
[X Link](https://x.com/CVEnew/status/1978085830469054659) [@CVEnew](/creator/x/CVEnew) 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-34253 D-Link Nuclias Connect firmware versions = 1.3.1.4 contain a stored cross-site scripting (XSS) vulnerability due to improper sanitization of the 'Network' field when"
[X Link](https://x.com/CVEnew/status/1978926547433107621) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-57618 A path traversal vulnerability in FastX3 thru 3.3.67 allows an unauthenticated attacker to read arbitrary files on the server. By leveraging this vulnerability it is"
[X Link](https://x.com/CVEnew/status/1978932616037638542) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-20716 In wlan AP driver there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has"
[X Link](https://x.com/CVEnew/status/1978032054093701218) [@CVEnew](/creator/x/CVEnew) 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-9713 Path traversal in Ivanti Endpoint Manager allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required"
[X Link](https://x.com/CVEnew/status/1977848648055631944) [@CVEnew](/creator/x/CVEnew) 2025-10-13T21:27Z 55.7K followers, XXX engagements
"CVE-2025-11832 Allocation of Resources Without Limits or Throttling vulnerability in Azure Access Technology BLU-IC2 Azure Access Technology BLU-IC4 allows Flooding.This issue affe"
[X Link](https://x.com/CVEnew/status/1978562033382572053) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-52583 Reflected cross-site scripting (XSS) vulnerability in desknet's Web Server allows execution of arbitrary JavaScript in a users web browser"
[X Link](https://x.com/CVEnew/status/1978926615699554498) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-20366 In Splunk Enterprise versions below 9.4.4 9.3.6 and 9.2.8 and Splunk Cloud Platform versions below 9.3.2411.111 9.3.2408.119 and 9.2.2406.122 a low-privileged u"
[X Link](https://x.com/CVEnew/status/1973429142306603389) [@CVEnew](/creator/x/CVEnew) 2025-10-01T16:45Z 55.7K followers, XXX engagements
"CVE-2025-49552 Adobe Connect versions XXXX and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a high-privileged attacker to"
[X Link](https://x.com/CVEnew/status/1978562120766685639) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-62156 Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions prior to 3.6.12 and versions 3.7.0 through 3"
[X Link](https://x.com/CVEnew/status/1978118126438146271) [@CVEnew](/creator/x/CVEnew) 2025-10-14T15:18Z 55.7K followers, XXX engagements
"CVE-2025-60536 An issue in the Configure New Cluster interface of kafka-ui v0.6.0 to v0.7.2 allows attackers to cause a Denial of Service (DoS) via uploading a crafted configuration"
[X Link](https://x.com/CVEnew/status/1978932618126332192) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-59222 Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally"
[X Link](https://x.com/CVEnew/status/1978171169682645374) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-62366 mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Mailgen versions through 2.0.30 contain an HTML injection vulnerab"
[X Link](https://x.com/CVEnew/status/1978123681210536445) [@CVEnew](/creator/x/CVEnew) 2025-10-14T15:40Z 55.7K followers, XXX engagements
"CVE-2025-10135 The WP ViewSTL plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'viewstl' shortcode in all versions up to and including XXX due to"
[X Link](https://x.com/CVEnew/status/1978545120292270559) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-59447 The YoSmart YoLink Smart Hub device 0382 exposes a UART debug interface. An attacker with direct physical access can leverage this interface to read a boot log which"
[X Link](https://x.com/CVEnew/status/1975294170659959037) [@CVEnew](/creator/x/CVEnew) 2025-10-06T20:16Z 55.7K followers, XXX engagements
"CVE-2025-55681 Out-of-bounds read in Windows DWM allows an authorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978198279482397169) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-62584 Whale browser before 4.33.325.17 allows an attacker to bypass the Same-Origin Policy in a dual-tab environment"
[X Link](https://x.com/CVEnew/status/1978926636922782184) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-37147 A Secure Boot Bypass Vulnerability exists in affected Access Points that allows an adversary to bypass the hardware root of trust verification in place to ensure only"
[X Link](https://x.com/CVEnew/status/1978932593103094020) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-11709 A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. This vulnerability affects"
[X Link](https://x.com/CVEnew/status/1978085837058232659) [@CVEnew](/creator/x/CVEnew) 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-59992 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
[X Link](https://x.com/CVEnew/status/1976328935265927285) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-58733 Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally"
[X Link](https://x.com/CVEnew/status/1978171194793939139) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-11904 A vulnerability has been found in yanyutao0402 ChanCMS up to 3.3.2. This affects the function hasUse of the file /cms/model/hasUse. The manipulation of the argument I"
[X Link](https://x.com/CVEnew/status/1979204791030149289) [@CVEnew](/creator/x/CVEnew) 2025-10-17T15:16Z 55.7K followers, XXX engagements
"CVE-2025-55326 Use after free in Connected Devices Platform Service (Cdpsvc) allows an unauthorized attacker to execute code over a network"
[X Link](https://x.com/CVEnew/status/1978171231246733807) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-62644 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 has a Global Store Directory that shares personal information among authenticated user"
[X Link](https://x.com/CVEnew/status/1979289050138759223) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-59298 Delta Electronics DIAScreenlacks proper validation of the user-supplied file. If a user opens a malicious file an attacker can leverage this vulnerability to execut"
[X Link](https://x.com/CVEnew/status/1973951259594919983) [@CVEnew](/creator/x/CVEnew) 2025-10-03T03:20Z 55.7K followers, XXX engagements
"CVE-2025-55080 In Eclipse ThreadX before 6.4.3 when memory protection is enabled syscall parameters verification wasn't enough allowing an attacker to obtain an arbitrary memory"
[X Link](https://x.com/CVEnew/status/1978562095185576189) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-36730 A prompt injection vulnerability exists in Windsurft version 1.10.7 in Write mode using SWE-1 model. It is possible to create a file name that will be appended to th"
[X Link](https://x.com/CVEnew/status/1978932595162595572) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-59238 Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally"
[X Link](https://x.com/CVEnew/status/1978171161029792085) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-54858 When a BIG-IP Advanced WAF or BIG-IP ASM Security Policy is configured with a JSON content profile that has a malformed JSON schema and the security policy is applie"
[X Link](https://x.com/CVEnew/status/1978545071248314476) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-54275 Substance3D - Viewer versions 0.25.2 and earlier are affected by an out-of-bounds write vulnerability that could lead to application denial-of-service. An attacker co"
[X Link](https://x.com/CVEnew/status/1978198223366795440) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-39974 In the Linux kernel the following vulnerability has been resolved: tracing/osnoise: Fix slab-out-of-bounds in _parse_integer_limit() When config osnoise cpus by wr"
[X Link](https://x.com/CVEnew/status/1978562075321360579) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-59275 Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978171150372118859) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:48Z 55.7K followers, XX engagements
"CVE-2025-59990 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
[X Link](https://x.com/CVEnew/status/1976328937249947852) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-39996 In the Linux kernel the following vulnerability has been resolved: media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove The original cod"
[X Link](https://x.com/CVEnew/status/1978562052256870416) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-41018 SQL injection in Sergestec's Exito v8.0. This vulnerability allows an attacker to retrieve create update and delete databases through the 'cat' parameter in '/publ"
[X Link](https://x.com/CVEnew/status/1978926635018543157) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-56218 An arbitrary file upload vulnerability in SigningHub v8.6.8 allows attackers to execute arbitrary code via uploading a crafted PDF file"
[X Link](https://x.com/CVEnew/status/1979289041741791725) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-55340 Improper authentication in Windows Remote Desktop Protocol allows an authorized attacker to bypass a security feature locally"
[X Link](https://x.com/CVEnew/status/1978198282368106875) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-55694 Improper access control in Windows Error Reporting allows an authorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978171212007453081) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-47148 When the BIG-IP system is configured as both a Security Assertion Markup Language (SAML) service provider (SP) and Identity Provider (IdP) with single logout (SLO) e"
[X Link](https://x.com/CVEnew/status/1978545094497329366) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-11913 A vulnerability has been found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. Affected by this vulnerability is the function Download of the file /Service.do"
[X Link](https://x.com/CVEnew/status/1979289012071243981) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62416 Bagisto is an open source laravel eCommerce platform. Bagisto v2.3.7 is vulnerable to Server-Side Template Injection (SSTI) due to unsanitized user input being proces"
[X Link](https://x.com/CVEnew/status/1978926556840878099) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-60359 radare2 v5.9.8 and before contains a memory leak in the function r_bin_object_new"
[X Link](https://x.com/CVEnew/status/1979198258867245122) [@CVEnew](/creator/x/CVEnew) 2025-10-17T14:50Z 55.7K followers, XXX engagements
"CVE-2024-47569 A insertion of sensitive information into sent data in Fortinet FortiManager Cloud 7.4.1 through 7.4.3 FortiVoice 7.0.0 through 7.0.4 6.4.0 through 6.4.9 6.0.7 thr"
[X Link](https://x.com/CVEnew/status/1978123690895122586) [@CVEnew](/creator/x/CVEnew) 2025-10-14T15:40Z 55.7K followers, XXX engagements
"CVE-2025-62361 WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.0 an Open Redirect vulnerability was identified in the c"
[X Link](https://x.com/CVEnew/status/1977850820088791359) [@CVEnew](/creator/x/CVEnew) 2025-10-13T21:35Z 55.7K followers, XXX engagements
"CVE-2025-58075 Mattermost versions 10.11.x = 10.11.1 10.10.x = 10.10.2 10.5.x = 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite"
[X Link](https://x.com/CVEnew/status/1978926628081107079) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-54892 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (SNMP traps group configuration"
[X Link](https://x.com/CVEnew/status/1978118124496105969) [@CVEnew](/creator/x/CVEnew) 2025-10-14T15:18Z 55.7K followers, XXX engagements
"CVE-2025-59192 Buffer over-read in Storport.sys Driver allows an authorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978171182697587052) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-59185 External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network"
[X Link](https://x.com/CVEnew/status/1978198263724400990) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-58747 Dify is an LLM application development platform. In Dify versions through 1.9.1 the MCP OAuth component is vulnerable to cross-site scripting when a victim connects"
[X Link](https://x.com/CVEnew/status/1979289034569458128) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-54973 A concurrent execution using shared resource with improper synchronization ('Race Condition') vulnerability CWE-362 in Fortinet FortiAnalyzer version 7.6.0 through"
[X Link](https://x.com/CVEnew/status/1978932598065041783) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2024-50571 A heap-based buffer overflow in Fortinet FortiOS 7.6.0 through 7.6.1 7.4.0 through 7.4.5 7.2.0 through 7.2.10 7.0.0 through 7.0.16 6.4.0 through 6.4.15 6.2.0 thr"
[X Link](https://x.com/CVEnew/status/1978932599977545915) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-20718 In wlan AP driver there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution priv"
[X Link](https://x.com/CVEnew/status/1978032061878333495) [@CVEnew](/creator/x/CVEnew) 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-10699 A vulnerability was reported in the Lenovo LeCloud client application that under certain conditions could allow information disclosure"
[X Link](https://x.com/CVEnew/status/1978545053095354421) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-9967 The Orion SMS OTP Verification plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to and including 1.1.7. This is due"
[X Link](https://x.com/CVEnew/status/1978545113115824459) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-59260 Exposure of sensitive information to an unauthorized actor in Microsoft Failover Cluster Virtual Driver allows an authorized attacker to disclose information locally"
[X Link](https://x.com/CVEnew/status/1978171154432238011) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:48Z 55.7K followers, XX engagements
"CVE-2025-20722 In gnss driver there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure if a malicious actor has already ob"
[X Link](https://x.com/CVEnew/status/1978032056698384557) [@CVEnew](/creator/x/CVEnew) 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-59214 Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network"
[X Link](https://x.com/CVEnew/status/1978171171658203431) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-55691 Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978171215346024816) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-59237 Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network"
[X Link](https://x.com/CVEnew/status/1978198245022056609) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-59269 A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the c"
[X Link](https://x.com/CVEnew/status/1978545095503970677) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-62423 ClipBucket V5 provides open source video hosting with PHP. In version5.5.2 - #140 and earlier a Blind SQL injection vulnerability exists in the Admin Areas /admin_"
[X Link](https://x.com/CVEnew/status/1978926552722100546) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-46774 An Improper Verification of Cryptographic Signature vulnerability CWE-347 in FortiClient MacOS installer version 7.4.2 and below version 7.2.9 and below XXX all v"
[X Link](https://x.com/CVEnew/status/1978123678198943997) [@CVEnew](/creator/x/CVEnew) 2025-10-14T15:40Z 55.7K followers, XXX engagements
"CVE-2025-59199 Improper access control in Software Protection Platform (SPP) allows an authorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978198258376724595) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-59248 Improper input validation in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network"
[X Link](https://x.com/CVEnew/status/1978171157502476335) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:48Z 55.7K followers, XX engagements
"CVE-2025-10313 The Find And Replace content for WordPress plugin for WordPress is vulnerable to unauthorized Stored Cross-Site Scripting and Arbitrary Content Replacement due to a m"
[X Link](https://x.com/CVEnew/status/1978545109173199135) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-53845 An improper authentication vulnerability CWE-287 in Fortinet FortiAnalyzer version 7.6.0 through 7.6.3 and before 7.4.6 allows an unauthenticated attacker to obtain"
[X Link](https://x.com/CVEnew/status/1978123683458658688) [@CVEnew](/creator/x/CVEnew) 2025-10-14T15:40Z 55.7K followers, XXX engagements
"CVE-2025-55315 Inconsistent interpretation of http requests ('http request/response smuggling') in Core allows an authorized attacker to bypass a security feature over a net"
[X Link](https://x.com/CVEnew/status/1978198292258234640) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-11177 The External Login plugin for WordPress is vulnerable to SQL Injection via the 'log' parameter in all versions up to and including 1.11.2 due to insufficient escapi"
[X Link](https://x.com/CVEnew/status/1978545127510663313) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-41443 Mattermost versions 10.5.x = 10.5.10 10.11.x = 10.11.2 fail to properly validate guest user permissions when accessing channel information which allows guest users"
[X Link](https://x.com/CVEnew/status/1978926629960192091) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-43280 The issue was resolved by not loading remote images This issue is fixed in iOS XXXX and iPadOS XXXX. Forwarding an email could display remote images in Mail in Lockdo"
[X Link](https://x.com/CVEnew/status/1978562027577544721) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-62415 Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7 the TinyMCE image upload functionality allows an attacker with sufficient privileges (e.g. ad"
[X Link](https://x.com/CVEnew/status/1978926553745498523) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-59291 External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978198226248315153) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-61933 A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of BIG-IP APM that allows an attacker to run JavaScript in the context of the targe"
[X Link](https://x.com/CVEnew/status/1978545048561316225) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-26860 RemoteCall Remote Support Program (for Operator) versions prior to 5.1.0 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the"
[X Link](https://x.com/CVEnew/status/1978562091054141810) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-59249 Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network"
[X Link](https://x.com/CVEnew/status/1978198241020657900) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-10293 The Keyy Two Factor Authentication (like Clef) plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to and including 1"
[X Link](https://x.com/CVEnew/status/1978562044870685105) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-55079 In Eclipse ThreadX before version 6.4.3 the thread module has a setting of maximum priority. In some cases the check of that maximum priority wasn't performed allow"
[X Link](https://x.com/CVEnew/status/1978562099761516708) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-59985 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Spaceallows an attacker to inject scr"
[X Link](https://x.com/CVEnew/status/1976328942220083348) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-50152 Out-of-bounds read in Windows Kernel allows an authorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978171238213464113) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-37144 Arbitrary file download vulnerabilities exist in a low-level interface library in AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful expl"
[X Link](https://x.com/CVEnew/status/1978171151798129102) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:48Z 55.7K followers, XX engagements
"CVE-2025-55091 In NetX Duo before 6.4.4 the networking support module for Eclipse Foundation ThreadX there was a potential out of bound read issue in _nx_ip_packet_receive() funct"
[X Link](https://x.com/CVEnew/status/1978926634087375273) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-39983 In the Linux kernel the following vulnerability has been resolved: Bluetooth: hci_event: Fix UAF in hci_conn_tx_dequeue This fixes the following UAF caused by not"
[X Link](https://x.com/CVEnew/status/1978562065456349432) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-53092 Strapi is an open source headless content management system. Strapi versions prior to 5.20.0 contain a CORS misconfiguration vulnerability in default installations. B"
[X Link](https://x.com/CVEnew/status/1978926582438695069) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-8428 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (HTTP Loader widget modules) allo"
[X Link](https://x.com/CVEnew/status/1978112149051289896) [@CVEnew](/creator/x/CVEnew) 2025-10-14T14:54Z 55.7K followers, XXX engagements
"CVE-2025-62422 DataEase is an open source data visualization and analytics platform. In versions 2.10.13 and earlier the /de2api/datasetData/tableField interface is vulnerable to S"
[X Link](https://x.com/CVEnew/status/1979289029561438509) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-0275 HCL BigFix Mobile XXX and earlier is affected by improper access control. Unauthorized users can access a small subset of endpoint actions potentially allowing access"
[X Link](https://x.com/CVEnew/status/1978932553861218528) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-62362 gpp-burgerportaal is a Dutch government citizen portal application. In versions before 2.0.3 3.0.2 and 4.0.1 the name and email address of employees who publish co"
[X Link](https://x.com/CVEnew/status/1977854472882913570) [@CVEnew](/creator/x/CVEnew) 2025-10-13T21:50Z 55.7K followers, XXX engagements
"CVE-2025-37146 A vulnerability in the web-based management interface of network access point configuration services could allow an authenticated remote attacker to perform remote co"
[X Link](https://x.com/CVEnew/status/1978932594235576379) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-62387 SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database"
[X Link](https://x.com/CVEnew/status/1977850831107231798) [@CVEnew](/creator/x/CVEnew) 2025-10-13T21:35Z 55.7K followers, XXX engagements
"CVE-2025-10486 The Content Writer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to and including 3.6.8 through publicly exposed log files"
[X Link](https://x.com/CVEnew/status/1978545111165435956) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-59968 A Missing Authorization vulnerability in the Juniper Networks Junos Space Security Director allows an unauthenticated network-based attacker to read or modify metadat"
[X Link](https://x.com/CVEnew/status/1976328952479350983) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59205 Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate p"
[X Link](https://x.com/CVEnew/status/1978171176691355688) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-39971 In the Linux kernel the following vulnerability has been resolved: i40e: fix idx validation in config queues msg Ensure idx is within range of active/initialized T"
[X Link](https://x.com/CVEnew/status/1978562078433493341) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-62428 Drawing-Captcha APP provides interactive engaging verification for Web-Based Applications. The vulnerability is a Host Header Injection in the /register and /confirm"
[X Link](https://x.com/CVEnew/status/1978926546363597018) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-36002 IBM Sterling B2B Integrator 6.2.0.0 through 6.2.0.5 and 6.2.1.0 and IBM Sterling File Gateway 6.2.0.0 through 6.2.0.5 and 6.2.1.0 stores user credentials in configu"
[X Link](https://x.com/CVEnew/status/1978926597806629065) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-10985 OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2 12.5.0.4 and 12.4.0.4 allows a remote authenticated attacker with admin privileges to"
[X Link](https://x.com/CVEnew/status/1978112150137627112) [@CVEnew](/creator/x/CVEnew) 2025-10-14T14:54Z 55.7K followers, XXX engagements
"CVE-2025-55083 In NetX Duo version before 6.4.4 the component of Eclipse Foundation ThreadX there was an incorrect bound check resulting it out by two out of bound read"
[X Link](https://x.com/CVEnew/status/1978545058246000849) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-54822 An improper authorization vulnerability CWE-285 in Fortinet FortiOS version 7.4.0 through 7.4.1 and before 7.2.8 & Fortinet FortiProxy before version 7.4.8 allows a"
[X Link](https://x.com/CVEnew/status/1978123679381835852) [@CVEnew](/creator/x/CVEnew) 2025-10-14T15:40Z 55.7K followers, XXX engagements
"CVE-2025-11721 Memory safety bug present in Firefox XXX and Thunderbird XXX. This bug showed evidence of memory corruption and we presume that with enough effort this could have bee"
[X Link](https://x.com/CVEnew/status/1978085826102779990) [@CVEnew](/creator/x/CVEnew) 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-54263 Adobe Commerce versions 2.4.9-alpha2 2.4.8-p2 2.4.7-p7 2.4.6-p12 2.4.5-p14 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. A low-"
[X Link](https://x.com/CVEnew/status/1978562129562107946) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-10141 The Digiseller plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ds' shortcode in all versions up to and including 1.3.0 due to in"
[X Link](https://x.com/CVEnew/status/1978545106170105954) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-57740 An Heap-based Buffer Overflow vulnerability CWE-122 in FortiOS version 7.6.2 and below version 7.4.7 and below version 7.2.10 and below XXX all versions XXX all"
[X Link](https://x.com/CVEnew/status/1978932604402569281) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-10056 The Task Scheduler plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to and including 1.6.3 via the Check Website task. This ma"
[X Link](https://x.com/CVEnew/status/1978545107151556622) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-55331 Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978171228201648429) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-11914 A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. Affected by this issue is the function Download of the file /DeviceFileReport.doActi"
[X Link](https://x.com/CVEnew/status/1979289009365942428) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-61908 Icinga X is an open source monitoring system. From 2.10.0 to before 2.15.1 2.14.7 and 2.13.13 when creating an invalid reference such as a reference to null dere"
[X Link](https://x.com/CVEnew/status/1978926577372078553) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-59236 Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally"
[X Link](https://x.com/CVEnew/status/1978198246087364630) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-62252 Insecure Direct Object Reference (IDOR) vulnerability in Liferay Portal 7.4.0 through 7.4.3.111 and older unsupported versions and Liferay DXP 2023.Q4.0 through 202"
[X Link](https://x.com/CVEnew/status/1977839364760613109) [@CVEnew](/creator/x/CVEnew) 2025-10-13T20:50Z 55.7K followers, XXX engagements
"CVE-2025-11720 The Firefox and Firefox Focus UI for the Android custom tab feature only showed the "site" that was loaded not the full hostname. User supplied content hosted on a s"
[X Link](https://x.com/CVEnew/status/1978085822772482287) [@CVEnew](/creator/x/CVEnew) 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-59232 Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally"
[X Link](https://x.com/CVEnew/status/1978171162107814339) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-59203 Insertion of sensitive information into log file in Windows StateRepository API allows an authorized attacker to disclose information locally"
[X Link](https://x.com/CVEnew/status/1978171177693761908) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-39992 In the Linux kernel the following vulnerability has been resolved: mm: swap: check for stable address space before operating on the VMA It is possible to hit a zer"
[X Link](https://x.com/CVEnew/status/1978562056476365204) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-6338 There is an incomplete cleanup vulnerability in Qt Network's Schannel support on Windows which can lead to a Denial of Service over a long period.This issue affects Qt"
[X Link](https://x.com/CVEnew/status/1978926617603850695) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-11712 A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a conten"
[X Link](https://x.com/CVEnew/status/1978085831781798273) [@CVEnew](/creator/x/CVEnew) 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-11717 When switching between Android apps using the card carousel Firefox shows a black screen as its card image when a password-related screen was the last one being used"
[X Link](https://x.com/CVEnew/status/1978085825066754425) [@CVEnew](/creator/x/CVEnew) 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-22833 APTIOV contains a vulnerability in BIOS where an attacker may cause a Buffer Copy without Checking Size of Input by local accessing. Successful exploitation of this v"
[X Link](https://x.com/CVEnew/status/1978108114160541768) [@CVEnew](/creator/x/CVEnew) 2025-10-14T14:38Z 55.7K followers, XXX engagements
"CVE-2025-62421 DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13 a stored cross-site scripting vulnerability exists due to improper file"
[X Link](https://x.com/CVEnew/status/1979289028458426546) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62407 Frappe is a full-stack web application framework. Prior to 14.98.0 and 15.83.0 an open redirect was possible through the redirect argument on the login page if a s"
[X Link](https://x.com/CVEnew/status/1978926571315405154) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-58716 Improper input validation in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978198271492239729) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-10132 The Dhivehi Text plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dhivehi' shortcode in all versions up to and including XXX due"
[X Link](https://x.com/CVEnew/status/1978545122192363801) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-57716 An Uncontrolled Search Path Element vulnerability CWE-427 in FortiClient Windows 7.4.0 through 7.4.3 7.2.0 through 7.2.11 XXX all versions may allow a local low p"
[X Link](https://x.com/CVEnew/status/1978123687011262800) [@CVEnew](/creator/x/CVEnew) 2025-10-14T15:40Z 55.7K followers, XXX engagements
"CVE-2025-59200 Concurrent execution using shared resource with improper synchronization ('race condition') in Data Sharing Service Client allows an unauthorized attacker to perform"
[X Link](https://x.com/CVEnew/status/1978198257454006339) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-26625 Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0 when populating a Git repository's working tree with the contents of G"
[X Link](https://x.com/CVEnew/status/1979289037811720236) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-59198 Improper input validation in Microsoft Windows Search Component allows an authorized attacker to deny service locally"
[X Link](https://x.com/CVEnew/status/1978171178713051253) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-22832 APTIOV contains a vulnerability in BIOS where an attacker may cause an Out-of-bounds Write by local. Successful exploitation of this vulnerability may lead to data co"
[X Link](https://x.com/CVEnew/status/1978108114995236964) [@CVEnew](/creator/x/CVEnew) 2025-10-14T14:38Z 55.7K followers, XXX engagements
"CVE-2025-62363 yt-grabber-tui is a terminal user interface application for downloading videos. In versions before 1.0-rc the application allows users to configure the path to the y"
[X Link](https://x.com/CVEnew/status/1977854471725273556) [@CVEnew](/creator/x/CVEnew) 2025-10-13T21:50Z 55.7K followers, XXX engagements
"CVE-2025-59250 Improper input validation in JDBC Driver for SQL Server allows an unauthorized attacker to perform spoofing over a network"
[X Link](https://x.com/CVEnew/status/1978198240014012648) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-55336 Exposure of sensitive information to an unauthorized actor in Windows Cloud Files Mini Filter Driver allows an authorized attacker to disclose information locally"
[X Link](https://x.com/CVEnew/status/1978198285241242058) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-62412 LibreNMS is a community-based GPL-licensed network monitoring system. The alert rule name in the Alerts Alert Rules page is not properly sanitized and can be used"
[X Link](https://x.com/CVEnew/status/1978926566324220207) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-39975 In the Linux kernel the following vulnerability has been resolved: smb: client: fix wrong index reference in smb2_compound_op() In smb2_compound_op() the loop tha"
[X Link](https://x.com/CVEnew/status/1978562074285351365) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-37132 An arbitrary file write vulnerability exists in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Su"
[X Link](https://x.com/CVEnew/status/1978932589777031523) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-20350 A vulnerability in the web UI of Cisco Desk Phone 9800 Series Cisco IP Phone 7800 and 8800 Series and Cisco Video Phone 8875 running Cisco SIP Software could allow"
[X Link](https://x.com/CVEnew/status/1978545037920420202) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-62390 SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database"
[X Link](https://x.com/CVEnew/status/1977850833619534043) [@CVEnew](/creator/x/CVEnew) 2025-10-13T21:36Z 55.7K followers, XXX engagements
"CVE-2025-61796 Adobe Experience Manager versions XXXX and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker"
[X Link](https://x.com/CVEnew/status/1978562126152110150) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-10301 The FunKItools plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.0.2. This is due to missing or incorrect nonce"
[X Link](https://x.com/CVEnew/status/1978562037534921208) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-62504 Envoy is an open source edge and service proxy. Envoy versions earlier than 1.36.2 1.35.6 1.34.10 and 1.33.12 contain a use-after-free vulnerability in the Lua fil"
[X Link](https://x.com/CVEnew/status/1978938148857221173) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:36Z 55.7K followers, XXX engagements
"CVE-2025-25255 An Improperly Implemented Security Check for Standard vulnerability CWE-358 in FortiProxy 7.6.0 through 7.6.3 XXX all versions XXX all versions 7.0.1 through 7.0"
[X Link](https://x.com/CVEnew/status/1978123688034587030) [@CVEnew](/creator/x/CVEnew) 2025-10-14T15:40Z 55.7K followers, XXX engagements
"CVE-2025-6950 An Use of Hard-coded Credentials vulnerability has been identified in Moxas network security appliances and routers. The system employs a hard-coded secret key to sign"
[X Link](https://x.com/CVEnew/status/1979045630061482207) [@CVEnew](/creator/x/CVEnew) 2025-10-17T04:43Z 55.7K followers, XXX engagements
"CVE-2025-10743 The Outdoor plugin for WordPress is vulnerable to SQL Injection via the 'edit' action in all versions up to and including 1.3.2 due to insufficient escaping on the"
[X Link](https://x.com/CVEnew/status/1978545123563823266) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-9064 A path traversal security issue exists within FactoryTalk View Machine Edition allowing unauthenticated attackers on the same network as the device to delete any file"
[X Link](https://x.com/CVEnew/status/1978085840996729001) [@CVEnew](/creator/x/CVEnew) 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-58729 Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network"
[X Link](https://x.com/CVEnew/status/1978171197910290739) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-39978 In the Linux kernel the following vulnerability has been resolved: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() This code calls kfree_rcu(new_n"
[X Link](https://x.com/CVEnew/status/1978562071219327242) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-61938 When a BIG-IP Advanced WAF or ASM security policy is configured with a URL greater than 1024 characters in length for the Data Guard Protection Enforcement setting e"
[X Link](https://x.com/CVEnew/status/1978545082484887661) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-20720 In wlan AP driver there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege wit"
[X Link](https://x.com/CVEnew/status/1978032060141810035) [@CVEnew](/creator/x/CVEnew) 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-62642 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 has an "Anyone Can Join This Party" signup API that does not verify user account creat"
[X Link](https://x.com/CVEnew/status/1979289048351985864) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-41021 Stored Cross-Site Scripting (XSS) in Sergestec's Exito v8.0 consisting of a stored XSS due to a lack of proper validation of user input by sending a POST request usi"
[X Link](https://x.com/CVEnew/status/1978926630878790136) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-59242 Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978198244065763668) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-54272 Adobe Experience Manager versions XXXX and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker"
[X Link](https://x.com/CVEnew/status/1978562124977787359) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-41705 An unauthenticated remote attacker (MITM) can intercept the websocket messages to gain access to the login credentials for the Webfrontend"
[X Link](https://x.com/CVEnew/status/1978019316902822322) [@CVEnew](/creator/x/CVEnew) 2025-10-14T08:45Z 55.7K followers, XXX engagements
"CVE-2025-59778 When the Allowed IP Addresses feature is configured on the F5OS-C partition control plane undisclosed traffic can cause multiple containers to terminate. Note: So"
[X Link](https://x.com/CVEnew/status/1978545078399627430) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2023-28814 Some versions of Hikvision's iSecure Center Product have an improper file upload control vulnerability. Due to the improper verification of file to be uploaded attac"
[X Link](https://x.com/CVEnew/status/1979147278167478627) [@CVEnew](/creator/x/CVEnew) 2025-10-17T11:27Z 55.7K followers, XXX engagements
"CVE-2025-55692 Improper input validation in Windows Error Reporting allows an authorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978171214293287005) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-20721 In imgsensor there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already"
[X Link](https://x.com/CVEnew/status/1978032059281993802) [@CVEnew](/creator/x/CVEnew) 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-62427 The Angular CLI is a command-line interface tool for Angular applications. The vulnerability is a Server-Side Request Forgery (SSRF) flaw within the URL resolution me"
[X Link](https://x.com/CVEnew/status/1978926550729801771) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-11715 Memory safety bugs present in Firefox ESR XXXXX Thunderbird ESR XXXXX Firefox XXX and Thunderbird XXX. Some of these bugs showed evidence of memory corruption and w"
[X Link](https://x.com/CVEnew/status/1978085829491753251) [@CVEnew](/creator/x/CVEnew) 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-61924 PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5 the Target PayPal merchant account hij"
[X Link](https://x.com/CVEnew/status/1978926572305260888) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-59043 OpenBao is an open source identity-based secrets management system. In OpenBao versions prior to 2.4.1 JSON objects after decoding may use significantly more memory"
[X Link](https://x.com/CVEnew/status/1979289032648478809) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-55089 In FileX before 6.4.2 the file support module for Eclipse Foundation ThreadX there was a possible buffer overflow in the FileX RAM disk driver. It could cause a rem"
[X Link](https://x.com/CVEnew/status/1978932550379933952) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-11161 The WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the vc_custom_heading shortcode in all versions up to and including"
[X Link](https://x.com/CVEnew/status/1978562088927732045) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-58735 Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally"
[X Link](https://x.com/CVEnew/status/1978198264680681860) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-37141 Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could"
[X Link](https://x.com/CVEnew/status/1978932578834096610) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-62378 CommandKit is the discord.js meta-framework for building Discord bots. In versions 1.2.0-rc.1 through 1.2.0-rc.11 a logic flaw exists in the message command handler"
[X Link](https://x.com/CVEnew/status/1978545028873257200) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-59051 The FreePBX Endpoint Manager module includes a Network Scanning feature that provides web-based access to nmap functionality for network device discovery. In Endpoint"
[X Link](https://x.com/CVEnew/status/1978198218501505303) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-59921 An exposure of sensitive information to an unauthorized actor vulnerability CWE-200 in Fortinet FortiADC version 7.4.0 version 7.2.3 and below version 7.1.4 and b"
[X Link](https://x.com/CVEnew/status/1978123685056729150) [@CVEnew](/creator/x/CVEnew) 2025-10-14T15:40Z 55.7K followers, XXX engagements
"CVE-2025-34254 D-Link Nuclias Connect firmware versions = 1.3.1.4 contain an observable response discrepancy vulnerability.The application's 'Login' endpoint returns distinct JSON"
[X Link](https://x.com/CVEnew/status/1978926549740007797) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-62493 A vulnerability exists in the QuickJS engine's BigInt string conversion logic (js_bigint_to_string1) due to an incorrect calculation of the required number of digits"
[X Link](https://x.com/CVEnew/status/1978926589355114750) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-34517 IleviaEVE X1 Server firmware versions 4.7.18.0.eden contain an absolute path traversal vulnerabilityinget_file_content.phpthat allows an attacker to read arbitr"
[X Link](https://x.com/CVEnew/status/1978926560095752293) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-39984 In the Linux kernel the following vulnerability has been resolved: net: tun: Update napi-skb after XDP process The syzbot report a UAF issue: BUG: KASAN: slab-"
[X Link](https://x.com/CVEnew/status/1978562064370004345) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-43282 A double free issue was addressed with improved memory management. This issue is fixed in macOS Sequoia XXXX iOS XXXX and iPadOS XXXX watchOS XXXX tvOS XXXX visio"
[X Link](https://x.com/CVEnew/status/1978562025178427750) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-39972 In the Linux kernel the following vulnerability has been resolved: i40e: fix idx validation in i40e_validate_queue_map Ensure idx is within range of active/initial"
[X Link](https://x.com/CVEnew/status/1978562077389193433) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-62650 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for use of the diagnostic screen"
[X Link](https://x.com/CVEnew/status/1979289056421789914) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-61806 Substance3D - Stager versions 3.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file which could result in a read past the"
[X Link](https://x.com/CVEnew/status/1978198203401912545) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XX engagements
"CVE-2025-55693 Use after free in Windows Kernel allows an unauthorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978171213307695588) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-10133 The URLYar URL Shortner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'urlyar_shortlink' shortcode in all versions up to and inc"
[X Link](https://x.com/CVEnew/status/1978545125501677666) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-31514 An Insertion of Sensitive Information into Log File vulnerability CWE-532 in FortiOS 7.6.0 through 7.6.3 XXX all versions XXX all versions XXX all versions 6.4"
[X Link](https://x.com/CVEnew/status/1978123677041344556) [@CVEnew](/creator/x/CVEnew) 2025-10-14T15:40Z 55.7K followers, XXX engagements
"CVE-2025-11736 A flaw has been found in itsourcecode Online Examination System XXX. Affected by this issue is some unknown functionality of the file /index.php. This manipulation of"
[X Link](https://x.com/CVEnew/status/1978171141329137692) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:48Z 55.7K followers, XX engagements
"CVE-2025-20724 In wlan AP driver there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with User execution privil"
[X Link](https://x.com/CVEnew/status/1978032052319465536) [@CVEnew](/creator/x/CVEnew) 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-20711 In wlan AP driver there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege wit"
[X Link](https://x.com/CVEnew/status/1978032064520679741) [@CVEnew](/creator/x/CVEnew) 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-40765 A vulnerability has been identified in TeleControl Server Basic V3.1 (All versions = V3.1.2.2 V3.1.2.3). The affected application contains an information disclosur"
[X Link](https://x.com/CVEnew/status/1978032048725000378) [@CVEnew](/creator/x/CVEnew) 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-59278 Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978171149310976449) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:48Z 55.7K followers, XX engagements
"CVE-2025-37138 An authenticated command injection vulnerability exists in the command line interface binary of AOS-10 GW and AOS-8 Controllers/Mobility Conductor operating system. E"
[X Link](https://x.com/CVEnew/status/1978932582273421629) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-61807 Substance3D - Stager versions 3.1.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the c"
[X Link](https://x.com/CVEnew/status/1978198202311381103) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XX engagements
"CVE-2025-55247 Improper link resolution before file access ('link following') in .NET allows an authorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978198293315264677) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-62381 sveltekit-superforms makes SvelteKit forms a pleasure to use. sveltekit-superforms v2.27.3 and prior are susceptible to a prototype pollution vulnerability within the"
[X Link](https://x.com/CVEnew/status/1978545026306318443) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-6893 An Execution with Unnecessary Privileges vulnerability has been identified in Moxas network security appliances and routers. A flaw in broken access control has been i"
[X Link](https://x.com/CVEnew/status/1979045632603205942) [@CVEnew](/creator/x/CVEnew) 2025-10-17T04:43Z 55.7K followers, XXX engagements
"CVE-2025-11909 A weakness has been identified in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. The impacted element is the function queryLast of the file /RepairRecord.doActi"
[X Link](https://x.com/CVEnew/status/1979289020627587505) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-8594 The Pz-LinkCard WordPress plugin before 2.5.7 does not validate a parameter before making a request to it which could allow users with a role as low as Contributor to"
[X Link](https://x.com/CVEnew/status/1977983506719359302) [@CVEnew](/creator/x/CVEnew) 2025-10-14T06:23Z 55.7K followers, XXX engagements
"CVE-2025-55248 Inadequate encryption strength in .NET .NET Framework Visual Studio allows an authorized attacker to disclose information over a network"
[X Link](https://x.com/CVEnew/status/1978171232253255984) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-6892 An Incorrect Authorization vulnerability has been identified in Moxas network security appliances and routers. A flaw in the API authentication mechanism allows unauth"
[X Link](https://x.com/CVEnew/status/1979045633437897141) [@CVEnew](/creator/x/CVEnew) 2025-10-17T04:43Z 55.7K followers, XXX engagements
"CVE-2025-54479 When a classification profile is configured on a virtual server without an HTTP or HTTP/2 profile undisclosed requests can cause the Traffic Management Microkernel ("
[X Link](https://x.com/CVEnew/status/1978545077384602086) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-10576 Potential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver which might allow escalation"
[X Link](https://x.com/CVEnew/status/1978545031335309699) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-34512 IleviaEVE X1 Server firmware versions 4.7.18.0.eden contain a reflected cross-site scripting (XSS) vulnerability in index.php that allows an unauthenticated attack"
[X Link](https://x.com/CVEnew/status/1978926563199496459) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-11701 The Zip Attachments plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check as well as missing post status validation in t"
[X Link](https://x.com/CVEnew/status/1978545104664309918) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-60016 When Diffie-Hellman (DH) group Elliptic Curve Cryptography (ECC) Brainpool curves are configured in an SSL profile's Cipher Rule or Cipher Group and that profile is"
[X Link](https://x.com/CVEnew/status/1978545091510936007) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2023-28815 Some versions of Hikvision's iSecure Center Product contain insufficient parameter validation resulting in a command injection vulnerability. Attackers may exploit t"
[X Link](https://x.com/CVEnew/status/1979147277211181491) [@CVEnew](/creator/x/CVEnew) 2025-10-17T11:27Z 55.7K followers, XXX engagements
"CVE-2025-10850 The Felan Framework plugin for WordPress is vulnerable to improper authentication in versions up to and including 1.1.4. This is due to the hardcoded password in th"
[X Link](https://x.com/CVEnew/status/1978926639942648200) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-58424 On BIG-IP systems undisclosed traffic can cause data corruption and unauthorized data modification in protocols which do not have message integrity protection.Note"
[X Link](https://x.com/CVEnew/status/1978545083483128101) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-59978 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to store scri"
[X Link](https://x.com/CVEnew/status/1976328948494827792) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-9559 Pega Platform versions 8.7.5 to Infinity 24.2.2 are affected by a Insecure Direct Object Reference issue in a user interface component that can only be used to read dat"
[X Link](https://x.com/CVEnew/status/1978926595654967412) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-61923 PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5 the backoffice is missing validation o"
[X Link](https://x.com/CVEnew/status/1978926573358100620) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-59889 Improper authentication of library files in the Eaton IPP software installer could lead to arbitrary code execution of an attacker with the access to the software pac"
[X Link](https://x.com/CVEnew/status/1977971009429942765) [@CVEnew](/creator/x/CVEnew) 2025-10-14T05:33Z 55.7K followers, XXX engagements
"CVE-2025-53717 Reliance on untrusted inputs in a security decision in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978171239211614433) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-54461 ChatLuck contains an insufficient granularity of access control vulnerability in Invitation of Guest Users. If exploited an uninvited guest user may register itself"
[X Link](https://x.com/CVEnew/status/1978926619533148271) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62371 OpenSearch Data Prepper as an open source data collector for observability data. In versions prior to 2.12.2 the OpenSearch sink and source plugins in Data Prepper t"
[X Link](https://x.com/CVEnew/status/1978545023852703748) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-59288 Improper verification of cryptographic signature in GitHub allows an unauthorized attacker to perform spoofing over an adjacent network"
[X Link](https://x.com/CVEnew/status/1978198228215505071) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-62430 ClipBucket v5 is an open source video sharing platform. ClipBucket v5 through build 5.5.2 #145 allows stored cross-site scripting (XSS) in multiple video and photo me"
[X Link](https://x.com/CVEnew/status/1979289023630766252) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-59428 EspoCRM is an open source customer relationship management application. In versions before 9.1.9 a vulnerability allows arbitrary user creation including administra"
[X Link](https://x.com/CVEnew/status/1978118128359166240) [@CVEnew](/creator/x/CVEnew) 2025-10-14T15:18Z 55.7K followers, XXX engagements
"CVE-2025-41706 The webserver is vulnerable to a denial of service condition. An unauthenticated remote attacker can craft a special GET request with an over-long content-length to t"
[X Link](https://x.com/CVEnew/status/1978019315946566058) [@CVEnew](/creator/x/CVEnew) 2025-10-14T08:45Z 55.7K followers, XXX engagements
"CVE-2025-52960 A Buffer Copy without Checking Size of Input vulnerability in the Session Initialization Protocol (SIP) ALG of Juniper Networks Junos OS on MX Series and SRX Series"
[X Link](https://x.com/CVEnew/status/1976328963707597056) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-39999 In the Linux kernel the following vulnerability has been resolved: blk-mq: fix blk_mq_tags double free while nr_requests grown In the case user trigger tags grow b"
[X Link](https://x.com/CVEnew/status/1978562049085964654) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-11623 SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database"
[X Link](https://x.com/CVEnew/status/1977848647048990918) [@CVEnew](/creator/x/CVEnew) 2025-10-13T21:27Z 55.7K followers, XXX engagements
"CVE-2025-60001 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
[X Link](https://x.com/CVEnew/status/1976328925908537552) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-54854 When a BIG-IP APM OAuth access profile (Resource Server or Resource Client) is configured on a virtual server undisclosed traffic can cause the apmdprocess to termi"
[X Link](https://x.com/CVEnew/status/1978545066961695106) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2024-56143 Strapi is an open-source headless content management system. In versions from 5.0.0 to before 5.5.2 the lookup operator provided by the document service does not pro"
[X Link](https://x.com/CVEnew/status/1978926584380694654) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62418 Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7 the TinyMCE image upload functionality allows an attacker with sufficient privileges (e.g. ad"
[X Link](https://x.com/CVEnew/status/1978926554802495772) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-41699 An low privileged remote attacker with an account for the Web-based management can change the system configuration to perform a command injection as root resulting i"
[X Link](https://x.com/CVEnew/status/1978022087966208152) [@CVEnew](/creator/x/CVEnew) 2025-10-14T08:56Z 55.7K followers, XXX engagements
"CVE-2025-62651 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 does not implement access control for the bathroom rating interface"
[X Link](https://x.com/CVEnew/status/1979289057290055992) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-48813 Use of a key past its expiration date in Virtual Secure Mode allows an authorized attacker to perform spoofing locally"
[X Link](https://x.com/CVEnew/status/1978171241141006552) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-60013 When a user attempts to initialize the rSeries FIPS module using a password with special shell metacharacters the FIPS hardware security module (HSM) may fail to ini"
[X Link](https://x.com/CVEnew/status/1978545074347860037) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-33182 NVIDIA Jetson Linux contains a vulnerability in UEFI where improper authentication may allow a privileged user to cause corruption of the Linux Device Tree. A succes"
[X Link](https://x.com/CVEnew/status/1978198220405661786) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-54267 Adobe Commerce versions 2.4.9-alpha2 2.4.8-p2 2.4.7-p7 2.4.6-p12 2.4.5-p14 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. A low-"
[X Link](https://x.com/CVEnew/status/1978562127259377993) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-59235 Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally"
[X Link](https://x.com/CVEnew/status/1978198246955647482) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-56320 Enterprise Contract Management Portal v.22.4.0 is vulnerable to Stored Cross-Site Scripting (XSS) in its chat box component. This allows a remote attacker to execute"
[X Link](https://x.com/CVEnew/status/1979289044451303672) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-25253 An Improper Validation of Certificate with Host Mismatch vulnerability CWE-297 in FortiProxy version 7.6.1 and below version 7.4.8 and below XXX all versions 7.0"
[X Link](https://x.com/CVEnew/status/1978932603328827420) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-11718 When the address bar was hidden due to scrolling on Android a malicious page could create a fake address bar to fool the user in response to a visibilitychange event"
[X Link](https://x.com/CVEnew/status/1978085823896555694) [@CVEnew](/creator/x/CVEnew) 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-10849 The Felan Framework plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_plugin_actions' function"
[X Link](https://x.com/CVEnew/status/1978926638969594302) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62384 SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database"
[X Link](https://x.com/CVEnew/status/1977850825973383567) [@CVEnew](/creator/x/CVEnew) 2025-10-13T21:35Z 55.7K followers, XXX engagements
"CVE-2025-54805 When an iRule is configured on a virtual server via the declarative API upon re-instantiation the cleanup process can cause an increase in the Traffic Management Mi"
[X Link](https://x.com/CVEnew/status/1978545079393693728) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-22381 Aggie 2.6.1 has a Host Header injection vulnerability in the forgot password functionality allowing an attacker to reset a user's password"
[X Link](https://x.com/CVEnew/status/1978932561356427505) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-9063 An authentication bypass security issue exists within FactoryTalk View Machine Edition Web Browser ActiveX control. Exploitation of this vulnerability allows unauthori"
[X Link](https://x.com/CVEnew/status/1978085842049527880) [@CVEnew](/creator/x/CVEnew) 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-62360 WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users.Prior to 3.5.1 a SQL Injection vulnerability was identified in the /ht"
[X Link](https://x.com/CVEnew/status/1977850821141557662) [@CVEnew](/creator/x/CVEnew) 2025-10-13T21:35Z 55.7K followers, XXX engagements
"CVE-2025-9066 A security issue was discovered within FactoryTalk ViewPoint allowing unauthenticated attackers to achieve XXE. Certain SOAP requests can be abused to perform XXE re"
[X Link](https://x.com/CVEnew/status/1978085842955420152) [@CVEnew](/creator/x/CVEnew) 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-11644 A weakness has been identified in Tomofun Furbo XXX and Furbo Mini. Affected by this issue is some unknown functionality of the component UART Interface. Executing ma"
[X Link](https://x.com/CVEnew/status/1977472358513283265) [@CVEnew](/creator/x/CVEnew) 2025-10-12T20:32Z 55.7K followers, XXX engagements
"CVE-2025-58728 Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978198266450719043) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-62172 Home Assistant is open source home automation software that puts local control and privacy first. In versions 2025.1.0 through 2025.10.1 the energy dashboard is vuln"
[X Link](https://x.com/CVEnew/status/1978932613105750140) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-10660 The WP Dashboard Chat plugin for WordPress is vulnerable to SQL Injection via the id parameter in all versions up to and including 1.0.3 due to insufficient escap"
[X Link](https://x.com/CVEnew/status/1978562042723246492) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-60000 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
[X Link](https://x.com/CVEnew/status/1976328926977982919) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-11716 Links in a sandboxed iframe could open an external app on Android without the required "allow-" permission. This vulnerability affects Firefox XXX and Thunderbird"
[X Link](https://x.com/CVEnew/status/1978085828371877936) [@CVEnew](/creator/x/CVEnew) 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-59254 Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978198239024136486) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-34515 IleviaEVE X1 Server firmware versions 4.7.18.0.eden contain an execution with unnecessary privileges vulnerability in sync_project.shthat allows an attacker to es"
[X Link](https://x.com/CVEnew/status/1978926565246259542) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-59221 Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally"
[X Link](https://x.com/CVEnew/status/1978171170664145162) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-55081 In Eclipse Foundation NextX Duo before 6.4.4 a module of ThreadX the _nx_secure_tls_process_clienthello() function was missing length verification of certain SSL/T"
[X Link](https://x.com/CVEnew/status/1978545101690621961) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-58324 An improper neutralization of input during web page generation vulnerability CWE-79 in FortiSIEM 7.2.0 through 7.2.2 XXX all versions XXX all versions XXX all ve"
[X Link](https://x.com/CVEnew/status/1978932610031325630) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-31702 A vulnerability exists in certain Dahua embedded products. Third-party malicious attacker with obtained normal user credentials could exploit the vulnerability to acc"
[X Link](https://x.com/CVEnew/status/1978562094128648683) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-61800 Dimension versions 4.1.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of t"
[X Link](https://x.com/CVEnew/status/1978198206400868627) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-61543 A Host Header Injection vulnerability exists in the password reset functionality of CraftMyCMS 4.0.2.2. The system uses $_SERVER'HTTP_HOST' directly to construct"
[X Link](https://x.com/CVEnew/status/1978932575554146697) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-62580 ASDA-Soft Stack-based Buffer Overflow Vulnerability"
[X Link](https://x.com/CVEnew/status/1978932558252642760) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-39968 In the Linux kernel the following vulnerability has been resolved: i40e: add max boundary check for VF filters There is no check for max filters that VF can reques"
[X Link](https://x.com/CVEnew/status/1978562081554059273) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-10648 The YourMembership Single Sign On YM SSO Login plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'moym_disp"
[X Link](https://x.com/CVEnew/status/1978562043830501625) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-11710 A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process. Thi"
[X Link](https://x.com/CVEnew/status/1978085836055855446) [@CVEnew](/creator/x/CVEnew) 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-62420 DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13 a JDBC driver bypass vulnerability exists in the H2 database connection"
[X Link](https://x.com/CVEnew/status/1979289027388813489) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2024-48891 An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability CWE-78 in FortiSOAR 7.6.0 through 7.6.1 7.5.0 through 7"
[X Link](https://x.com/CVEnew/status/1978932612183056467) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-62391 SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database"
[X Link](https://x.com/CVEnew/status/1977850828473196891) [@CVEnew](/creator/x/CVEnew) 2025-10-13T21:35Z 55.7K followers, XXX engagements
"CVE-2025-61909 Icinga X is an open source monitoring system. From 2.10.0 to before 2.15.1 2.14.7 and 2.13.13 the safe-reload script (also used during systemctl reload icinga2) an"
[X Link](https://x.com/CVEnew/status/1978926575342047686) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-56316 A SQL injection vulnerability in the content_title parameter of the /cms/content/list endpoint in MCMS 5.5.0 allows remote attackers to execute arbitrary SQL queries"
[X Link](https://x.com/CVEnew/status/1979289043549511974) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-59297 Delta Electronics DIAScreenlacks proper validation of the user-supplied file. If a user opens a malicious file an attacker can leverage this vulnerability to execut"
[X Link](https://x.com/CVEnew/status/1973951260601557053) [@CVEnew](/creator/x/CVEnew) 2025-10-03T03:20Z 55.7K followers, XXX engagements
"CVE-2025-62425 MAS (Matrix Authentication Service) is a user management and authentication service for Matrix homeservers written and maintained by Element. A logic flaw in matrix-"
[X Link](https://x.com/CVEnew/status/1978926551732203868) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-37149 A potential out-of-bound reads vulnerability in HPE ProLiant RL300 Gen11 Server's UEFI firmware"
[X Link](https://x.com/CVEnew/status/1978932596110397665) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-37136 Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these"
[X Link](https://x.com/CVEnew/status/1978932584458653732) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-10300 The TopBar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.0.0. This is due to missing or incorrect nonce val"
[X Link](https://x.com/CVEnew/status/1978545119231090924) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-10754 The DocoDoco Store Locator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the zip upload functionality in all ver"
[X Link](https://x.com/CVEnew/status/1978562046951039039) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-62359 WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.0 a Reflected Cross-Site Scripting (XSS) vulnerability w"
[X Link](https://x.com/CVEnew/status/1977850823133819092) [@CVEnew](/creator/x/CVEnew) 2025-10-13T21:35Z 55.7K followers, XXX engagements
"CVE-2025-41703 An unauthenticated remote attacker can cause a Denial of Service by turning off the output of the UPS via Modbus command"
[X Link](https://x.com/CVEnew/status/1978019318903550380) [@CVEnew](/creator/x/CVEnew) 2025-10-14T08:45Z 55.7K followers, XXX engagements
"CVE-2025-57164 Flowise through v3.0.4 is vulnerable to remote code execution via unsanitized evaluation of user input in the "Supabase RPC Filter" field"
[X Link](https://x.com/CVEnew/status/1979289045348818982) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-10742 The Truelysell Core plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to and including 1.8.6. This is due to the plugin providing"
[X Link](https://x.com/CVEnew/status/1978926640894808281) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-26861 RemoteCall Remote Support Program (for Operator) versions prior to 5.3.0 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the"
[X Link](https://x.com/CVEnew/status/1978562090005647833) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-9640 A flaw was found in Samba in the vfs_streams_xattr module where uninitialized heap memory could be written into alternate data streams. This allows an authenticated u"
[X Link](https://x.com/CVEnew/status/1978545098712547436) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-58903 An Unchecked Return Value vulnerability CWE-252 in Fortinet FortiOS version 7.6.0 through 7.6.3 and before 7.4.8 API allows an authenticated user to cause a Null P"
[X Link](https://x.com/CVEnew/status/1978932611046347193) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2023-46718 A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.12 and 6.4.6 through 6.4.15 and 6.2.9 thro"
[X Link](https://x.com/CVEnew/status/1978932599017107932) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-59294 Exposure of sensitive information to an unauthorized actor in Windows Taskbar Live allows an unauthorized attacker to disclose information with a physical attack"
[X Link](https://x.com/CVEnew/status/1978171244974637435) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-55240 Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978171233272553633) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-25252 An Insufficient Session Expiration vulnerability CWE-613 in FortiOS SSL VPN 7.6.0 through 7.6.2 7.4.0 through 7.4.6 7.2.0 through 7.2.10 7.0.0 through 7.0.16 6"
[X Link](https://x.com/CVEnew/status/1978123688961528309) [@CVEnew](/creator/x/CVEnew) 2025-10-14T15:40Z 55.7K followers, XXX engagements
"CVE-2025-58115 ChatLuck contains a cross-site scripting vulnerability in Guest User Sign-up. If exploited an arbitrary script may be executed on the web browser of the user who is"
[X Link](https://x.com/CVEnew/status/1978926618555900251) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-11910 A security vulnerability has been detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. This affects the function Query of the file /MemoryState.doAction=Q"
[X Link](https://x.com/CVEnew/status/1979289017234420220) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-10545 Mattermost versions 10.5.x = 10.5.10 10.11.x = 10.11.2 fail to properly validate guest user permissions when adding channel members which allows guest users to add"
[X Link](https://x.com/CVEnew/status/1978926627137507674) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-61799 Dimension versions 4.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file which could result in a read past the end of an"
[X Link](https://x.com/CVEnew/status/1978198204437934342) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-62413 MQTTX is an MQTT XXX desktop client and MQTT testing tool. A Cross-Site Scripting (XSS) vulnerability was introduced in MQTTX v1.12.0 due to improper handling of MQTT"
[X Link](https://x.com/CVEnew/status/1978926558929687002) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-61734 Files or Directories Accessible to External Parties vulnerability in Apache Kylin. You are fine as long as the Kylin's system and project admin access is well protec"
[X Link](https://x.com/CVEnew/status/1973693361954386400) [@CVEnew](/creator/x/CVEnew) 2025-10-02T10:15Z 55.7K followers, XXX engagements
"CVE-2025-20717 In wlan AP driver there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has"
[X Link](https://x.com/CVEnew/status/1978032053233828122) [@CVEnew](/creator/x/CVEnew) 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-62365 LibreNMS is an open-source PHP/MySQL/SNMP-based network monitoring system. Prior to 25.7.0 there is a reflected-XSS in report_this function in librenms/includes/"
[X Link](https://x.com/CVEnew/status/1977854470727115088) [@CVEnew](/creator/x/CVEnew) 2025-10-13T21:50Z 55.7K followers, XXX engagements
"CVE-2025-59225 Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally"
[X Link](https://x.com/CVEnew/status/1978171166847332591) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-54279 Animate versions 23.0.13 24.0.10 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the curre"
[X Link](https://x.com/CVEnew/status/1978562113388822556) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-59957 An Origin Validation Error vulnerability in an insufficient protected file of Juniper Networks Junos OS onEX4600 Series and QFX5000 Series allows an unauthenticated"
[X Link](https://x.com/CVEnew/status/1976328961727861041) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-58325 An Incorrect Provision of Specified Functionality vulnerability CWE-684 in FortiOS 7.6.0 7.4.0 through 7.4.5 7.2.5 through 7.2.10 7.0.0 through 7.0.15 XXX all v"
[X Link](https://x.com/CVEnew/status/1978932609028886955) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-55100 In USBX before 6.4.3 the USB support module for Eclipse Foundation ThreadX there was a potential out of bound read issue in _ux_host_class_audio10_sam_parse_func()"
[X Link](https://x.com/CVEnew/status/1979063782841422025) [@CVEnew](/creator/x/CVEnew) 2025-10-17T05:55Z 55.7K followers, XXX engagements
"CVE-2025-47856 Two improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities CWE-78 in Fortinet FortiVoice version 7.2.0 7.0.0 th"
[X Link](https://x.com/CVEnew/status/1978102613196345737) [@CVEnew](/creator/x/CVEnew) 2025-10-14T14:16Z 55.7K followers, XXX engagements
"CVE-2025-62665 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - Skin:BlueSky allows Stor"
[X Link](https://x.com/CVEnew/status/1979406116447453320) [@CVEnew](/creator/x/CVEnew) 2025-10-18T04:36Z 55.7K followers, XXX engagements
"CVE-2025-37148 A vulnerability in the parsing of ethernet frames in AOS-8 Instant and AOS XX could allow an unauthenticated remote attacker to conduct a denial of service attack. Su"
[X Link](https://x.com/CVEnew/status/1978932591991624075) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-53150 Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978171237152247868) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-49655 Deserialization of untrusted data can occur in versions of the Keras framework running versions 3.11.0 up to but not including 3.11.3 enabling a maliciously uploaded"
[X Link](https://x.com/CVEnew/status/1979209220038996014) [@CVEnew](/creator/x/CVEnew) 2025-10-17T15:33Z 55.7K followers, XXX engagements
"CVE-2025-59187 Improper input validation in Windows Kernel allows an authorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978171188015927557) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-59268 On the BIG-IP system undisclosed endpoints that contain static non-sensitive information are accessible to an unauthenticated remote attacker through the Configurati"
[X Link](https://x.com/CVEnew/status/1978545096535716151) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-58084 Mattermost Desktop App versions = 5.13.0 fail to validate URLs external to the configured Mattermost servers allowing an attacker on a server the user has configure"
[X Link](https://x.com/CVEnew/status/1977831057698296134) [@CVEnew](/creator/x/CVEnew) 2025-10-13T20:17Z 55.7K followers, XXX engagements
"CVE-2025-59999 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
[X Link](https://x.com/CVEnew/status/1976328927963721982) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-60358 radare2 v.5.9.8 and before contains a memory leak in the function _load_relocations"
[X Link](https://x.com/CVEnew/status/1978932564409880835) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-59197 Insertion of sensitive information into log file in Windows ETL Channel allows an authorized attacker to disclose information locally"
[X Link](https://x.com/CVEnew/status/1978171179694506398) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-34281 ThingsBoard versions 4.2.1 contain a stored cross-site scripting (XSS) vulnerability in the dashboard's Image Upload Gallery feature. An attacker can upload an SVG"
[X Link](https://x.com/CVEnew/status/1979289019482521834) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-58734 Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally"
[X Link](https://x.com/CVEnew/status/1978171193846046968) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-56746 Creativeitem Academy LMS up to and including XXXX does not regenerate session IDs upon successful authentication enabling session fixation attacks where attackers ca"
[X Link](https://x.com/CVEnew/status/1978562116542980466) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2024-31573 XMLUnit for Java before 2.10.0 in the default configuration might allow code execution via an untrusted stylesheet (used for an XSLT transformation) because XSLT e"
[X Link](https://x.com/CVEnew/status/1979289040663797763) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-10581 A potential DLL hijacking vulnerability was discovered in the Lenovo PC Manager during an internal security assessment that could allow a local authenticated user to"
[X Link](https://x.com/CVEnew/status/1978545054173315186) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-61935 When a BIG IP Advanced WAF or ASM security policy is configured on a virtual server undisclosed requests can cause the bd process to terminate.Note: Software versi"
[X Link](https://x.com/CVEnew/status/1978545050687856801) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-9067 A security issue exists within the x86 Microsoft Installer File (MSI) installed with FTLinx. Authenticated attackers with valid Windows user credentials can initiate a"
[X Link](https://x.com/CVEnew/status/1978085838048071812) [@CVEnew](/creator/x/CVEnew) 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-58719 Use after free in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978198268367540240) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-49708 Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges over a network"
[X Link](https://x.com/CVEnew/status/1978198243101032817) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-31366 An Improper Neutralization of Input During Web Page Generation vulnerability CWE-79 in FortiOS 7.6.0 through 7.6.3 7.4.0 through 7.4.7 XXX all versions XXX all v"
[X Link](https://x.com/CVEnew/status/1978932601235857584) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-62409 Envoy is a cloud-native open source edge and service proxy. Prior to 1.36.1 1.35.5 1.34.9 and 1.33.10 large requests and responses can potentially trigger TCP co"
[X Link](https://x.com/CVEnew/status/1978926570333945971) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-11548 A remote unauthenticated privilege escalation in ibi WebFOCUS allows an attacker to gain administrative access to the application which may lead to unauthenticated R"
[X Link](https://x.com/CVEnew/status/1978932590892716206) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-41718 A cleartext transmission of sensitive information vulnerability in the affected products allows an unauthorized remote attacker to gain login credentials and access t"
[X Link](https://x.com/CVEnew/status/1978019313727721880) [@CVEnew](/creator/x/CVEnew) 2025-10-14T08:45Z 55.7K followers, XXX engagements
"CVE-2025-55085 In NextX Duo before 6.4.4 in the HTTP client module the network support code for Eclipse Foundation ThreadX the parsing of HTTP header fields was missing bounds ve"
[X Link](https://x.com/CVEnew/status/1979204792024207382) [@CVEnew](/creator/x/CVEnew) 2025-10-17T15:16Z 55.7K followers, XXX engagements
"CVE-2025-39981 In the Linux kernel the following vulnerability has been resolved: Bluetooth: MGMT: Fix possible UAFs This attemps to fix possible UAFs caused by struct mgmt_pendi"
[X Link](https://x.com/CVEnew/status/1978562068035846400) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-62376 DOJO is an education platform for learning cybersecurity. In versions up to and including commit 781d91157cfc234a434d0bab45cbcf97894c642e the /workspace"
[X Link](https://x.com/CVEnew/status/1978562119692853688) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-39986 In the Linux kernel the following vulnerability has been resolved: can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow Sending an PF_PACKET allows"
[X Link](https://x.com/CVEnew/status/1978562061962473588) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-47979 Insertion of sensitive information into log file in Windows Failover Cluster allows an authorized attacker to disclose information locally"
[X Link](https://x.com/CVEnew/status/1978198232338473220) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-10194 The Shortcode Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions up to and including 1.1.9"
[X Link](https://x.com/CVEnew/status/1978545103636762843) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-61974 When a client SSL profile is configured on a virtual server undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which"
[X Link](https://x.com/CVEnew/status/1978545062624776542) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-62508 Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Citizen from 3.3.0 to 3.9.0 are vulnerable to stored cross-site scripting in the st"
[X Link](https://x.com/CVEnew/status/1979289010670350624) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-40755 A vulnerability has been identified in SINEC NMS (All versions V4.0 SP1). Affected applications are vulnerable to SQL injection through getTotalAndFilterCounts endp"
[X Link](https://x.com/CVEnew/status/1978032049643458895) [@CVEnew](/creator/x/CVEnew) 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-60639 Hardcoded credentials in gsigel14 ATLAS-EPIC commit f29312c (2025-05-26)"
[X Link](https://x.com/CVEnew/status/1978932565429080111) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-55325 Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally"
[X Link](https://x.com/CVEnew/status/1978198288336638154) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-62375 go-witness and witness are Go modules for generating attestations. In go-witness versions 0.8.6 and earlier and witness versions 0.9.2 and earlier the AWS attestor im"
[X Link](https://x.com/CVEnew/status/1978562032271011862) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-59213 Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an unauthorized attacker to elevate pri"
[X Link](https://x.com/CVEnew/status/1978171172660679032) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-11568 A data corruption vulnerability has been identified in the luksmeta utility when used with the LUKS1 disk encryption format. An attacker with the necessary permission"
[X Link](https://x.com/CVEnew/status/1978562031151161543) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-11896 In Xpdf XXXX (and earlier) a PDF object loop in a CMap via the "UseCMap" entry leads to infinite recursion and a stack overflow"
[X Link](https://x.com/CVEnew/status/1978954173321531588) [@CVEnew](/creator/x/CVEnew) 2025-10-16T22:40Z 55.7K followers, XXX engagements
"CVE-2025-61804 Animate versions 23.0.13 24.0.10 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context"
[X Link](https://x.com/CVEnew/status/1978562112373895377) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-62647 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 provides the functionality of returning a JWT that can be used to call an API to retur"
[X Link](https://x.com/CVEnew/status/1979289053481533530) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-11622 Insecure deserialization in Ivanti Endpoint Manager allows a local authenticated attacker to escalate their privileges"
[X Link](https://x.com/CVEnew/status/1977848649095708821) [@CVEnew](/creator/x/CVEnew) 2025-10-13T21:27Z 55.7K followers, XXX engagements
"CVE-2025-59494 Improper access control in Azure Monitor Agent allows an authorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978171243062079725) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-11501 The Dynamically Display Posts plugin for WordPress is vulnerable to SQL Injection via the 'tax_query' parameter in all versions up to and including XXX due to insuf"
[X Link](https://x.com/CVEnew/status/1978562085727379712) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-54268 Bridge versions 14.1.8 15.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of"
[X Link](https://x.com/CVEnew/status/1978562110264090885) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-11365 The WP Google Map Plugin plugin for WordPress is vulnerable to blind SQL Injection via the 'id' parameter of the 'google_map' shortcode in all versions up to and inc"
[X Link](https://x.com/CVEnew/status/1978545116018356235) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-55335 Use after free in Windows NTFS allows an unauthorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978198286239408283) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-0274 HCL BigFix Modern Client Management (MCM) XXX and earlier is affected by improper access control. Unauthorized users can access a small subset of endpoint actions pot"
[X Link](https://x.com/CVEnew/status/1978932554855219232) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-61960 When a per-request policy is configured on a BIG-IP APM portal access virtual server undisclosed traffic can cause the Traffic Management Microkernel (TMM) to termin"
[X Link](https://x.com/CVEnew/status/1978545064700956978) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-59281 Improper link resolution before file access ('link following') in XBox Gaming Services allows an authorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978198231310843973) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-58737 Use after free in Windows Remote Desktop allows an unauthorized attacker to execute code locally"
[X Link](https://x.com/CVEnew/status/1978171191979642963) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-54658 An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability CWE-22 in Fortinet FortiDLP Agent's Outlookproxy plugin for MacOS 11"
[X Link](https://x.com/CVEnew/status/1978926605033476302) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-39988 In the Linux kernel the following vulnerability has been resolved: can: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow Sending an PF_PACKET allow"
[X Link](https://x.com/CVEnew/status/1978562059814989843) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-55084 In NetX Duo version before 6.4.4 the component of Eclipse Foundation ThreadX there was an incorrect bound check in_nx_secure_tls_proc_clienthello_supported_versions"
[X Link](https://x.com/CVEnew/status/1978932551688544582) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-26859 RemoteView PC Application Console versions prior to 6.0.2 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder wit"
[X Link](https://x.com/CVEnew/status/1978562092127924400) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-59208 Out-of-bounds read in Windows MapUrlToZone allows an unauthorized attacker to disclose information over a network"
[X Link](https://x.com/CVEnew/status/1978171175663792431) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-11196 The External Login plugin for WordPress is vulnerable to sensitive information exposure in all versions up to and including 1.11.2 due to the 'exlog_test_connection"
[X Link](https://x.com/CVEnew/status/1978545110137934086) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-60015 An out-of-bounds write vulnerability exists in F5OS-A and F5OS-C that could lead to memory corruption. Note: Software versions which have reached End of Technic"
[X Link](https://x.com/CVEnew/status/1978545059307143568) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-8459 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Monitoring recurrent downtime sc"
[X Link](https://x.com/CVEnew/status/1978171142444879956) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:48Z 55.7K followers, XX engagements
"CVE-2025-58051 Nextcloud Tables allows you to create your own tables with individual columns. Prior 0.7.6 0.8.8 and 0.9.5 when importing a table a user was able to specify files"
[X Link](https://x.com/CVEnew/status/1978926581448847582) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-11160 The WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom JS module in all versions up to and including 8.6.1. This"
[X Link](https://x.com/CVEnew/status/1978562087820365942) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-39994 In the Linux kernel the following vulnerability has been resolved: media: tuner: xc5000: Fix use-after-free in xc5000_release The original code uses cancel_delayed"
[X Link](https://x.com/CVEnew/status/1978562054362481040) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-58731 Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally"
[X Link](https://x.com/CVEnew/status/1978171196052226259) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-54893 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Hosts templates configuration"
[X Link](https://x.com/CVEnew/status/1978123675405578364) [@CVEnew](/creator/x/CVEnew) 2025-10-14T15:40Z 55.7K followers, XXX engagements
"CVE-2025-62583 Whale Browser before 4.33.325.17 allows an attacker to escape the iframe sandbox in a dual-tab environment"
[X Link](https://x.com/CVEnew/status/1978926638030037472) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-56748 Creativeitem Academy LMS up to and including XXXX uses predictable password reset tokens based on Base64 encoded templates without rate limiting allowing brute force"
[X Link](https://x.com/CVEnew/status/1978562117637697756) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-54760 Stored cross-site scripting (XSS) vulnerability in desknet's NEO V9.0R2.0 and earlier allow execution of arbitrary JavaScript in a users web browser"
[X Link](https://x.com/CVEnew/status/1978926614768476572) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-20710 In wlan AP driver there is a possible out of bounds write due to an integer overflow. This could lead to remote (proximal/adjacent) escalation of privilege with no a"
[X Link](https://x.com/CVEnew/status/1978032063652491479) [@CVEnew](/creator/x/CVEnew) 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-61581 ** UNSUPPORTED WHEN ASSIGNED ** Inefficient Regular Expression Complexity vulnerability in Apache Traffic Control. This issue affects Apache Traffic Control: all ver"
[X Link](https://x.com/CVEnew/status/1978926622406213967) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-59996 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
[X Link](https://x.com/CVEnew/status/1976328931155579001) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-55330 Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack"
[X Link](https://x.com/CVEnew/status/1978171229166256179) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-20329 A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software could allow an authenticated remote attacker to"
[X Link](https://x.com/CVEnew/status/1978545038939554013) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-60641 The file mexcel.php in the Vfront 0.99.52 codebase contains a vulnerable call to unserialize(base64_decode($_POST'mexcel')) where $_POST'mexcel' is user-controll"
[X Link](https://x.com/CVEnew/status/1978932566481867145) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-11634 A security flaw has been discovered in Tomofun Furbo XXX and Furbo Mini. This affects an unknown part of the component UART Interface. The manipulation results in inf"
[X Link](https://x.com/CVEnew/status/1977358333477536255) [@CVEnew](/creator/x/CVEnew) 2025-10-12T12:58Z 55.7K followers, XXX engagements
"CVE-2025-62382 Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Prior to 0.16.2 Frigate's export workflow allows an authenticated oper"
[X Link](https://x.com/CVEnew/status/1978545027581423819) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-59188 Exposure of sensitive information to an unauthorized actor in Windows Failover Cluster allows an authorized attacker to disclose information locally"
[X Link](https://x.com/CVEnew/status/1978171186799694185) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-55035 Mattermost Desktop App versions =5.13.0 fail to manage modals in the Mattermost Desktop App that stops a user with a server that uses basic authentication from acces"
[X Link](https://x.com/CVEnew/status/1978926596665810945) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-61330 A hard-coded weak password vulnerability has been discovered in all Magic-branded devices from Chinese network equipment manufacturer H3C. The vulnerability stems fro"
[X Link](https://x.com/CVEnew/status/1978932568704823447) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-39967 In the Linux kernel the following vulnerability has been resolved: fbcon: fix integer overflow in fbcon_do_set_font Fix integer overflow vulnerabilities in fbcon_d"
[X Link](https://x.com/CVEnew/status/1978562082556498185) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-8414 Due to improper input validation a buffer overflow vulnerability is present in Zigbee EZSP Host Applications. If the buffer overflows stack corruption is possible"
[X Link](https://x.com/CVEnew/status/1979289033663504542) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-6026 An improper certificate validation vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow a user capable of intercepting network traffi"
[X Link](https://x.com/CVEnew/status/1978545057210007834) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-61805 Substance3D - Stager versions 3.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file which could result in a read past the"
[X Link](https://x.com/CVEnew/status/1978198201313194496) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XX engagements
"CVE-2025-39969 In the Linux kernel the following vulnerability has been resolved: i40e: fix validation of VF state in get resources VF state I40E_VF_STATE_ACTIVE is not the only"
[X Link](https://x.com/CVEnew/status/1978562080488726564) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-5946 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Centreon Infra Monitoring (Poller reload setup in the config"
[X Link](https://x.com/CVEnew/status/1978112146929070460) [@CVEnew](/creator/x/CVEnew) 2025-10-14T14:54Z 55.7K followers, XXX engagements
"CVE-2025-11619 Improper certificate validation when connecting to gateways in Devolutions Server 2025.3.2 and earlier allows attackersin MitM position to intercept traffic"
[X Link](https://x.com/CVEnew/status/1978562030031213050) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-60002 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
[X Link](https://x.com/CVEnew/status/1976328924826395042) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-54539 A Deserialization of Untrusted Data vulnerability exists in the Apache ActiveMQ NMS AMQP Client. This issue affects all versions of Apache ActiveMQ NMS AMQP up to an"
[X Link](https://x.com/CVEnew/status/1978926625258353003) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-58319 Delta Electronics CNCSoft-G2lacks proper validation of the user-supplied file. If a user opens a malicious file an attacker can leverage this vulnerability to execu"
[X Link](https://x.com/CVEnew/status/1970765350166794690) [@CVEnew](/creator/x/CVEnew) 2025-09-24T08:20Z 55.7K followers, XXX engagements
"CVE-2025-11731 A flaw was found in the exsltFuncResultComp() function of libxslt which handles EXSLT func:result elements during stylesheet parsing. Due to improper type handling"
[X Link](https://x.com/CVEnew/status/1977983505695973613) [@CVEnew](/creator/x/CVEnew) 2025-10-14T06:23Z 55.7K followers, XXX engagements
"CVE-2025-59229 Uncaught exception in Microsoft Office allows an unauthorized attacker to deny service locally"
[X Link](https://x.com/CVEnew/status/1978171163085091303) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-62388 SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database"
[X Link](https://x.com/CVEnew/status/1977850831950184607) [@CVEnew](/creator/x/CVEnew) 2025-10-13T21:35Z 55.7K followers, XXX engagements
"CVE-2025-55678 Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978171224259011018) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-25004 Improper access control in Microsoft PowerShell allows an authorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978171240159547575) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-55680 Time-of-check time-of-use (toctou) race condition in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978171222233067671) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-55676 Generation of error message containing sensitive information in Windows USB Video Driver allows an authorized attacker to disclose information locally"
[X Link](https://x.com/CVEnew/status/1978198281411797376) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-61678 FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX XX and versions prior to 17.0.6 for"
[X Link](https://x.com/CVEnew/status/1978198208527438331) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-58736 Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally"
[X Link](https://x.com/CVEnew/status/1978171192906539026) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-59210 Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability"
[X Link](https://x.com/CVEnew/status/1978171173679825388) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-61789 Icinga DB Web provides a graphical interface for Icinga monitoring. Before 1.1.4 and 1.2.3 an authorized user with access to Icinga DB Web can use a custom variable"
[X Link](https://x.com/CVEnew/status/1978926579427221772) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-59226 Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally"
[X Link](https://x.com/CVEnew/status/1978171165073195185) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-10577 Potential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver which might allow escalation"
[X Link](https://x.com/CVEnew/status/1978545030030823446) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-11711 There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable. This vulnerability affects Firefox XXX Firefox ESR 11"
[X Link](https://x.com/CVEnew/status/1978085834936013105) [@CVEnew](/creator/x/CVEnew) 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-10186 The WhyDonate FREE Donate button Crowdfunding Fundraising plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on t"
[X Link](https://x.com/CVEnew/status/1978562035454464005) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-39980 In the Linux kernel the following vulnerability has been resolved: nexthop: Forbid FDB status change while nexthop is in a group The kernel forbids the creation of"
[X Link](https://x.com/CVEnew/status/1978562069092819064) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-20369 In Splunk Enterprise versions below 9.4.4 9.3.6 and 9.2.8 and Splunk Cloud Platform versions below 9.3.2411.108 9.3.2408.118 and 9.2.2406.123 a low privilege use"
[X Link](https://x.com/CVEnew/status/1973429143258669544) [@CVEnew](/creator/x/CVEnew) 2025-10-01T16:45Z 55.7K followers, XXX engagements
"CVE-2025-62175 Mastodon is a free open-source social network server based on ActivityPub. In versions before 4.4.6 4.3.14 and 4.2.27 disabling or suspending a user account does"
[X Link](https://x.com/CVEnew/status/1977848651146768693) [@CVEnew](/creator/x/CVEnew) 2025-10-13T21:27Z 55.7K followers, XXX engagements
"CVE-2025-59227 Use after free in Microsoft Office allows an unauthorized attacker to execute code locally"
[X Link](https://x.com/CVEnew/status/1978171164125233639) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-62246 Multiple stored cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.4.0 through 7.4.3.111 and older unsupported versions and Liferay DXP 2023.Q4.0 throug"
[X Link](https://x.com/CVEnew/status/1977839366941626739) [@CVEnew](/creator/x/CVEnew) 2025-10-13T20:50Z 55.7K followers, XXX engagements
"CVE-2025-0033 Improper access control within AMD SEV-SNP could allow an admin privileged attacker to write to the RMP during SNP initialization potentially resulting in a loss of SE"
[X Link](https://x.com/CVEnew/status/1978118127402782971) [@CVEnew](/creator/x/CVEnew) 2025-10-14T15:18Z 55.7K followers, XXX engagements
"CVE-2025-48087 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jason C. Memberlite Shortcodes memberlite-shortcodes allows Stor"
[X Link](https://x.com/CVEnew/status/1979198254953959750) [@CVEnew](/creator/x/CVEnew) 2025-10-17T14:50Z 55.7K followers, XXX engagements
"CVE-2025-55078 In Eclipse ThreadX before version 6.4.3 an attacker can cause a denial of service (crash) by providing a pointer to a reserved or unmapped memory region. Vulnerable"
[X Link](https://x.com/CVEnew/status/1978003693220810931) [@CVEnew](/creator/x/CVEnew) 2025-10-14T07:43Z 55.7K followers, XXX engagements
"CVE-2025-11899 Agentflow developed by Flowring has an Use of Hard-coded Cryptographic Key vulnerability allowing unauthenticated remote attackers to exploit the fixed key to genera"
[X Link](https://x.com/CVEnew/status/1979045628366983601) [@CVEnew](/creator/x/CVEnew) 2025-10-17T04:43Z 55.7K followers, XXX engagements
"CVE-2025-59191 Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978171183653953836) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-55679 Improper input validation in Windows Kernel allows an unauthorized attacker to disclose information locally"
[X Link](https://x.com/CVEnew/status/1978171223222956325) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-62379 Reflex is a library to build full-stack web apps in pure Python. In versions 0.5.4 through 0.8.14 the /auth-codespace endpoint automatically assigns the redirect_to"
[X Link](https://x.com/CVEnew/status/1978545042244653175) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-11908 A security flaw has been discovered in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. The affected element is the function uploadFile of the file /FileDir.doAct"
[X Link](https://x.com/CVEnew/status/1979289021755871541) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-54284 Illustrator versions XXXX 28.7.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the"
[X Link](https://x.com/CVEnew/status/1978198213019451474) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XX engagements
"CVE-2025-55698 Null pointer dereference in Windows DirectX allows an authorized attacker to deny service over a network"
[X Link](https://x.com/CVEnew/status/1978171207553053037) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-61797 Adobe Experience Manager versions XXXX and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker"
[X Link](https://x.com/CVEnew/status/1978562123958567221) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-59194 Use of uninitialized resource in Windows Kernel allows an authorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978171180671746494) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-58726 Improper access control in Windows SMB Server allows an authorized attacker to elevate privileges over a network"
[X Link](https://x.com/CVEnew/status/1978171200192102786) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-33044 APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Restriction of Operations within the Bounds of a Memory Buffer by local means. Success"
[X Link](https://x.com/CVEnew/status/1978108112684163271) [@CVEnew](/creator/x/CVEnew) 2025-10-14T14:38Z 55.7K followers, XXX engagements
"CVE-2025-62417 Bagisto is an open source laravel eCommerce platform. When product data that begins with a spreadsheet formula character (for example = + - or @) is accepted and l"
[X Link](https://x.com/CVEnew/status/1978926557885321681) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-9152 An improper privilege management vulnerability exists in WSO2 API Manager due to missing authentication and authorization checks in the keymanager-operations Dynamic Cl"
[X Link](https://x.com/CVEnew/status/1978926606052667453) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-39997 In the Linux kernel the following vulnerability has been resolved: ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free The previous commit 0718a78f6a9f"
[X Link](https://x.com/CVEnew/status/1978562051246113226) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-39982 In the Linux kernel the following vulnerability has been resolved: Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync This fixes the following UFA in hci_ac"
[X Link](https://x.com/CVEnew/status/1978562066878267522) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-60374 Stored Cross-Site Scripting (XSS) in Perfex CRM chatbot before 3.3.1 allows attackers to inject arbitrary HTML/JavaScript. The payload is executed in the browsers of"
[X Link](https://x.com/CVEnew/status/1978932620181537160) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-11746 The XStore theme for WordPress is vulnerable to Local File Inclusion in all versions up to and including 9.5.4 via theet_ajax_required_plugins_popup() function. Thi"
[X Link](https://x.com/CVEnew/status/1978562100898193447) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-58714 Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978171205581684877) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-58073 Mattermost versions 10.11.x = 10.11.1 10.10.x = 10.10.2 10.5.x = 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite"
[X Link](https://x.com/CVEnew/status/1978926621441642682) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-40812 A vulnerability has been identified in Solid Edge SE2024 (All versions V224.0 Update 14) Solid Edge SE2025 (All versions V225.0 Update 6). The affected applicati"
[X Link](https://x.com/CVEnew/status/1978032041426857989) [@CVEnew](/creator/x/CVEnew) 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-40772 A vulnerability has been identified in SiPass integrated (All versions V3.0). Affected server applications are vulnerable to stored Cross-Site Scripting (XSS) allo"
[X Link](https://x.com/CVEnew/status/1978032046850166871) [@CVEnew](/creator/x/CVEnew) 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-59483 A validation vulnerability exists in an undisclosed URL in the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are"
[X Link](https://x.com/CVEnew/status/1978545061425250544) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-61554 A divide-by-zero in VirtIO network device emulation in BitVisor from commit 108df6 (2020-05-20) to commit 480907 (2025-07-06) allows local attackers to cause a denial"
[X Link](https://x.com/CVEnew/status/1978932577668076013) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-62643 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 transmits passwords of user accounts in cleartext e-mail messages"
[X Link](https://x.com/CVEnew/status/1979289049270481305) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-59502 Uncontrolled resource consumption in Windows Remote Procedure Call allows an unauthorized attacker to deny service over a network"
[X Link](https://x.com/CVEnew/status/1978171242076410324) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-55090 In NetX Duo before 6.4.4 the networking support module for Eclipse Foundation ThreadX there was a potential out of bound read issue in _nx_ipv4_packet_receive() fun"
[X Link](https://x.com/CVEnew/status/1978932549377495208) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-62494 A type confusion vulnerability exists in the handling of the string addition (+) operation within the QuickJS engine. * The code first checks if the left-hand ope"
[X Link](https://x.com/CVEnew/status/1978926588411380091) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-59981 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Spaceallows an attacker to inject scr"
[X Link](https://x.com/CVEnew/status/1976328946397610312) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-55039 This issue affects Apache Spark versions before 3.4.43.5.2 and 4.0.0. Apache Spark versions before 4.0.0 3.5.2 and 3.4.4 use an insecure default network encryp"
[X Link](https://x.com/CVEnew/status/1978562086813814851) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-59419 Netty is an asynchronous event-driven network application framework. In versions prior to and the SMTP codec in Netty contains an SMTP com"
[X Link](https://x.com/CVEnew/status/1978545043310002217) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-59259 Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network"
[X Link](https://x.com/CVEnew/status/1978198235194810442) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-11198 A Missing Authentication for Critical Function vulnerability in Juniper Networks Security Director Policy Enforcer allows an unauthenticated network-based attacker t"
[X Link](https://x.com/CVEnew/status/1976328964663804152) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-62586 OPEXUS FOIAXpress allows a remote unauthenticated attacker to reset the administrator password. Fixed in FOIAXpress version 11.13.2.0"
[X Link](https://x.com/CVEnew/status/1978926576340242661) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-11902 A vulnerability was detected in yanyutao0402 ChanCMS up to 3.3.2. Affected by this vulnerability is the function findField of the file /cms/article/findField. Perform"
[X Link](https://x.com/CVEnew/status/1979198256967291176) [@CVEnew](/creator/x/CVEnew) 2025-10-17T14:50Z 55.7K followers, XXX engagements
"CVE-2025-59202 Use after free in Windows Remote Desktop Services allows an authorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978198255562293440) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-3930 Strapi uses JSON Web Tokens (JWT) for authentication. After logout or account deactivation the JWT is not invalidated which allows an attacker who has stolen or inter"
[X Link](https://x.com/CVEnew/status/1978926609940799941) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-55689 Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978198275497824306) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-54282 Adobe Framemaker versions 2020.9 2022.7 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the c"
[X Link](https://x.com/CVEnew/status/1978198216437825851) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-53950 An Exposure of Private Personal Information ('Privacy Violation') vulnerability CWE-359 in Fortinet FortiDLP Agent's Outlookproxy plugin for MacOS and Windows 11.5"
[X Link](https://x.com/CVEnew/status/1978926602726547706) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-59964 A Use of Uninitialized Resource vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX4700devices allows an unauthenticated network"
[X Link](https://x.com/CVEnew/status/1976328954488422767) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-56699 SQL injection vulnerability in the cmd component of Base Digitale Group spa product Centrax Open PSIM version XXX allows an unauthenticated user to execute arbitrary"
[X Link](https://x.com/CVEnew/status/1978932562409197853) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-54277 Adobe Commerce versions 2.4.9-alpha2 2.4.8-p2 2.4.7-p7 2.4.6-p12 2.4.5-p14 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. An att"
[X Link](https://x.com/CVEnew/status/1978562130619019546) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-62496 A vulnerability exists in the QuickJS engine's BigInt string parsing logic (js_bigint_from_string) when attempting to create a BigInt from a string with an excessivel"
[X Link](https://x.com/CVEnew/status/1978926586456904040) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-55670 On BIG-IP Next CNF BIG-IP Next SPK and BIG-IP Next for Kubernetes systems repeated undisclosed API calls can cause the Traffic Management Microkernel (TMM) to term"
[X Link](https://x.com/CVEnew/status/1978545080396038277) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-54280 Substance3D - Viewer versions 0.25.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of"
[X Link](https://x.com/CVEnew/status/1978198224327299436) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-10242 OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2 12.5.0.4 and 12.4.0.4 allows a remote authenticated attacker with admin privileges to"
[X Link](https://x.com/CVEnew/status/1978112152335470950) [@CVEnew](/creator/x/CVEnew) 2025-10-14T14:54Z 55.7K followers, XXX engagements
"CVE-2025-31365 An Improper Control of Generation of Code ('Code Injection') vulnerability CWE-94 in FortiClientMac 7.4.0 through 7.4.3 7.2.1 through 7.2.8 may allow an unauthenti"
[X Link](https://x.com/CVEnew/status/1978123682464629063) [@CVEnew](/creator/x/CVEnew) 2025-10-14T15:40Z 55.7K followers, XXX engagements
"CVE-2025-59994 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
[X Link](https://x.com/CVEnew/status/1976328933269479449) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-53951 An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability CWE-22 in Fortinet FortiDLP Agent's Outlookproxy plugin for Windows"
[X Link](https://x.com/CVEnew/status/1978926603817115864) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-59255 Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978198238055334053) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-62157 Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Argo Workflows versions prior to 3.6.12 and versions"
[X Link](https://x.com/CVEnew/status/1978118123091046738) [@CVEnew](/creator/x/CVEnew) 2025-10-14T15:18Z 55.7K followers, XXX engagements
"CVE-2025-59207 Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978198252781457866) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-58317 Delta Electronics CNCSoft-G2lacks proper validation of the user-supplied file. If a user opens a malicious file an attacker can leverage this vulnerability to execu"
[X Link](https://x.com/CVEnew/status/1970765351089508559) [@CVEnew](/creator/x/CVEnew) 2025-09-24T08:20Z 55.7K followers, XXX engagements
"CVE-2025-30247 An OS command injection vulnerability in user interface in Western Digital My Cloud firmware prior to 5.31.108 on NAS platforms allows remote attackers to execute arb"
[X Link](https://x.com/CVEnew/status/1972775453929701629) [@CVEnew](/creator/x/CVEnew) 2025-09-29T21:28Z 55.7K followers, XXX engagements
"CVE-2025-34282 ThingsBoard versions 4.2.1 contain a server-side request forgery (SSRF) vulnerability in the dashboard's Image Upload Gallery feature. An attacker can upload a mali"
[X Link](https://x.com/CVEnew/status/1979289018299756989) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-54859 Stored cross-site scripting (XSS) vulnerability in desknet's NEO V9.0R2.0 and earlier allow execution of arbitrary JavaScript in a users web browser"
[X Link](https://x.com/CVEnew/status/1978926613786968357) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-54278 Bridge versions 14.1.8 15.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure. An attacker could leverage t"
[X Link](https://x.com/CVEnew/status/1978562111304327505) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-39991 In the Linux kernel the following vulnerability has been resolved: wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load() If ab-fw.m3_data points to data the"
[X Link](https://x.com/CVEnew/status/1978562057650766279) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-61553 An out-of-bounds write in VirtIO network device emulation in BitVisor from commit 108df6 (2020-05-20) to commit 480907 (2025-07-06) allows local attackers to cause a"
[X Link](https://x.com/CVEnew/status/1978932576548221184) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-59285 Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978171147813605873) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:48Z 55.7K followers, XX engagements
"CVE-2025-62370 Alloy Core libraries at the root of the Rust Ethereum ecosystem. Prior to 0.8.26 and 1.4.1 an uncaught panic triggered by malformed input to alloy_dyn_abi::TypedData"
[X Link](https://x.com/CVEnew/status/1978545044358644032) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-59478 When a BIG-IP AFM denial-of-service (DoS) protection profile is configured on a virtual server undisclosed requests can cause the Traffic Management Microkernel (TMM"
[X Link](https://x.com/CVEnew/status/1978545092496642068) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-58071 When IPsec is configured on the BIG-IP system undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.Note: Software versions which hav"
[X Link](https://x.com/CVEnew/status/1978545049626681728) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-11903 A flaw has been found in yanyutao0402 ChanCMS up to 3.3.2. Affected by this issue is the function update of the file /cms/article/update. Executing manipulation of th"
[X Link](https://x.com/CVEnew/status/1979198255948009709) [@CVEnew](/creator/x/CVEnew) 2025-10-17T14:50Z 55.7K followers, XXX engagements
"CVE-2025-11692 The Zip Attachments plugin for WordPress is vulnerable to unauthorized loss of data due to a missing authorization and capability checks on the download.php file in a"
[X Link](https://x.com/CVEnew/status/1978545115032637844) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-37139 A vulnerability in an AOS firmware binary allows an authenticated malicious actor to permanently delete necessary boot information. Successful exploitation may render"
[X Link](https://x.com/CVEnew/status/1978932580889301432) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-55699 Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally"
[X Link](https://x.com/CVEnew/status/1978171206550598066) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-39993 In the Linux kernel the following vulnerability has been resolved: media: rc: fix races with imon_disconnect() Syzbot reports a KASAN issue as below: BUG: KASAN: u"
[X Link](https://x.com/CVEnew/status/1978562055406780922) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-34514 Ilevia EVE X1 Server firmware versions 4.7.18.0.eden contain authenticated OS command injection vulnerabilities in multiple web-accessible PHP scripts that call exe"
[X Link](https://x.com/CVEnew/status/1978926561177850368) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-55096 In USBX before 6.4.3 the USB support module for Eclipse Foundation ThreadX there was a potential out of bound read issue in _ux_host_class_hid_report_descriptor_get"
[X Link](https://x.com/CVEnew/status/1979063786641506327) [@CVEnew](/creator/x/CVEnew) 2025-10-17T05:55Z 55.7K followers, XXX engagements
"CVE-2025-55688 Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978171217841697227) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-58132 Command injection in some Zoom Clients for Windows may allow an authenticated user to conduct a disclosure of information via network access"
[X Link](https://x.com/CVEnew/status/1978545041200255325) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-59984 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Spaceallows an attacker to inject scr"
[X Link](https://x.com/CVEnew/status/1976328943293903087) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59184 Exposure of sensitive information to an unauthorized actor in Windows High Availability Services allows an authorized attacker to disclose information locally"
[X Link](https://x.com/CVEnew/status/1978171189035147486) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-59781 When DNS cache is configured on a BIG-IP or BIG-IP Next CNF virtual server undisclosed DNS queries can cause an increase in memory resource utilization. Note: Soft"
[X Link](https://x.com/CVEnew/status/1978545085538304407) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-54271 Creative Cloud Desktop versions 6.7.0.278 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to arbitrary f"
[X Link](https://x.com/CVEnew/status/1978545033633845642) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-11852 A vulnerability was found in Apeman ID71 218.53.203.117. The impacted element is an unknown function of the file /onvif/device_service of the component ONVIF Service"
[X Link](https://x.com/CVEnew/status/1978926543003922843) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-62386 SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database"
[X Link](https://x.com/CVEnew/status/1977850826812162073) [@CVEnew](/creator/x/CVEnew) 2025-10-13T21:35Z 55.7K followers, XXX engagements
"CVE-2025-55696 Time-of-check time-of-use (toctou) race condition in NtQueryInformation Token function (ntifs.h) allows an authorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978171209872556495) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-61801 Dimension versions 4.1.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user"
[X Link](https://x.com/CVEnew/status/1978198207386505256) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-59975 An Uncontrolled Resource Consumption vulnerability in the HTTP daemon (httpd) of Juniper Networks Junos Space allows an unauthenticated network-based attacker floodin"
[X Link](https://x.com/CVEnew/status/1976328950541586798) [@CVEnew](/creator/x/CVEnew) 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-61541 Webmin XXXXX is vulnerable to a Host Header Injection in the password reset functionality (forgot_send.cgi). The reset link sent to users is constructed using the HTT"
[X Link](https://x.com/CVEnew/status/1978932574350393431) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-20723 In gnss driver there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has al"
[X Link](https://x.com/CVEnew/status/1978032055796576467) [@CVEnew](/creator/x/CVEnew) 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-59429 FreePBX is an open source GUI for managing Asterisk. In versions prior to 16.0.68.39 for FreePBX XX and versions prior to 17.0.18.38 for FreePBX XX a reflected cross"
[X Link](https://x.com/CVEnew/status/1978198214000992758) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-41019 SQL injection in Sergestec's SISTICK v7.2. This vulnerability allows an attacker to retrieve create update and delete databases through the 'id' parameter in '/ind"
[X Link](https://x.com/CVEnew/status/1978926633126912410) [@CVEnew](/creator/x/CVEnew) 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-59497 Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Linux allows an authorized attacker to deny service locally"
[X Link](https://x.com/CVEnew/status/1978171144688783579) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:48Z 55.7K followers, XX engagements
"CVE-2025-10038 The Binary MLM Plan plugin for WordPress is vulnerable to limited Privilege Escalation in all versions up to and including XXX. This is due to bmp_user role grantin"
[X Link](https://x.com/CVEnew/status/1978545121240166723) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-20719 In wlan AP driver there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege wit"
[X Link](https://x.com/CVEnew/status/1978032061039403480) [@CVEnew](/creator/x/CVEnew) 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-40811 A vulnerability has been identified in Solid Edge SE2024 (All versions V224.0 Update 14) Solid Edge SE2025 (All versions V225.0 Update 6). The affected applicati"
[X Link](https://x.com/CVEnew/status/1978032042337054760) [@CVEnew](/creator/x/CVEnew) 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-24052 Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of"
[X Link](https://x.com/CVEnew/status/1978198290224091419) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-47989 Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally"
[X Link](https://x.com/CVEnew/status/1978198298000248987) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-62649 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for submission of equipment orders"
[X Link](https://x.com/CVEnew/status/1979289055528423458) [@CVEnew](/creator/x/CVEnew) 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-54273 Substance3D - Viewer versions 0.25.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of"
[X Link](https://x.com/CVEnew/status/1978198222372815303) [@CVEnew](/creator/x/CVEnew) 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-59223 Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally"
[X Link](https://x.com/CVEnew/status/1978171168743137604) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-59241 Improper link resolution before file access ('link following') in Windows Health and Optimized Experiences Service allows an authorized attacker to elevate privileges"
[X Link](https://x.com/CVEnew/status/1978171159536652576) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:48Z 55.7K followers, XX engagements
"CVE-2025-10310 The Rich Snippet Site Report plugin for WordPress is vulnerable to SQL Injection via the 'last' parameter in all versions up to and including 2.0.0105 due to insuf"
[X Link](https://x.com/CVEnew/status/1978562041708204381) [@CVEnew](/creator/x/CVEnew) 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-11683 YAML::Syck versions before XXXX for Perl has missing null-terminators which causes out-of-bounds read and potential information disclosure Missing null terminators i"
[X Link](https://x.com/CVEnew/status/1978932560177828097) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-41704 An unauthanticated remote attacker can perform a DoS of the Modbus service by sending a specific function and sub-function code without affecting the core functionali"
[X Link](https://x.com/CVEnew/status/1978019317943001478) [@CVEnew](/creator/x/CVEnew) 2025-10-14T08:45Z 55.7K followers, XXX engagements
"CVE-2025-37134 An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mobility Conductor operating system. Successful exploitation could al"
[X Link](https://x.com/CVEnew/status/1978932586492875073) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-10869 Stored Cross-site Scripting (XSS) in Oct8ne Chatbot v2.3. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting a mali"
[X Link](https://x.com/CVEnew/status/1978545099698274598) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-57780 A vulnerability exists in F5OS-A and F5OS-C system that may allow an authenticated attacker with local access to escalate their privileges. A successful exploit may"
[X Link](https://x.com/CVEnew/status/1978545047537934700) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-53868 When running in Appliance mode a highly privileged authenticated attacker with access to SCP and SFTP may be able to bypass Appliance mode restrictions using undiscl"
[X Link](https://x.com/CVEnew/status/1978545072338882987) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-55082 In NetX Duo version before 6.4.4 the component of Eclipse Foundation ThreadX there was a potential out of bound read in _nx_secure_tls_process_clienthello() because"
[X Link](https://x.com/CVEnew/status/1978545100700758188) [@CVEnew](/creator/x/CVEnew) 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-56700 Boolean SQL injection vulnerability in the web app of Base Digitale Group spa product Centrax Open PSIM version XXX allows a low level priviliged user that has access"
[X Link](https://x.com/CVEnew/status/1978932563424260420) [@CVEnew](/creator/x/CVEnew) 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-59209 Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally"
[X Link](https://x.com/CVEnew/status/1978171174644576604) [@CVEnew](/creator/x/CVEnew) 2025-10-14T18:48Z 55.7K followers, XXX engagements
[GUEST ACCESS MODE: Data is scrambled or limited to provide examples. Make requests using your API key to unlock full data. Check https://lunarcrush.ai/auth for authentication information.]
@CVEnew CVE
CVE posts on X about has been, microsoft, elevate, sql the most. They currently have XXXXXX followers and 8996 posts still getting attention that total XXXXXX engagements in the last XX hours.
Engagements: XXXXXX #
- X Week XXXXXXX +12%
- X Month XXXXXXXXX +20%
- X Months XXXXXXXXX +10%
- X Year XXXXXXXXX -XX%
Mentions: XXX #
- X Week XXXXX +42%
- X Month XXXXX +48%
- X Months XXXXXX +23%
- X Year XXXXXX +25%
Followers: XXXXXX #
- X Week XXXXXX +0.04%
- X Month XXXXXX +0.21%
- X Months XXXXXX +2.30%
- X Year XXXXXX +3.50%
CreatorRank: XXXXXXX #
Social Influence #
Social category influence technology brands XXXX% stocks XXXX% social networks XXXX% finance XXXX% gaming XXXX% countries XXXX% cryptocurrencies XXXX%
Social topic influence has been #3909, microsoft #2287, elevate 0.17%, sql 0.16%, adobe #780, injection #132, javascript #639, bypass 0.11%, applications #292, excel XXX%
Top accounts mentioned or mentioned by @cveannounce @transilienceai @centry_agent @askperplexity @blacksnufkin42 @builderioqwikcity @opennextjscloudflare @strapicore @cyanheadsgitmcpserver @vueclipl @psytester1 @klsgitbelagavi @replyaz @threadreaderapp @greenbacktick @basefortify @batalhao @vysecurity @cwecapec @umidcybers
Top assets mentioned Microsoft Corp. (MSFT) IBM (IBM) Pegasystems Inc (PEGA) Alphabet Inc Class A (GOOGL)
Top Social Posts #
Top posts by engagements in the last XX hours
"CVE-2025-10228 Session Fixation vulnerability in Rolantis Information Technologies Agentis allows Session Hijacking.This issue affects Agentis: before 4.44"
X Link @CVEnew 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-59287 Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-59998 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-62178 WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1 a Reflected Cross-Site Scripting (XSS) vulnerability w"
X Link @CVEnew 2025-10-13T21:35Z 55.7K followers, XXX engagements
"CVE-2025-61951 Undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. This issue may occur when a Datagram Transport Layer Security (DTLS) XXX virtual"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-57567 A remote code execution (RCE) vulnerability exists in the PluXml CMS theme editor specifically in the minify.php file located under the default theme directory (/the"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-10294 The OwnID Passwordless Login plugin for WordPress is vulnerable to Authentication Bypass in all versions up to and including 1.3.4. This is due to the plugin not pr"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-58738 Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-59295 Heap-based buffer overflow in Internet Explorer allows an unauthorized attacker to execute code over a network"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-10140 The Quick Social Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'quick-login' shortcode in all versions up to and including"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-55683 Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-62177 WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1 a SQL Injection vulnerability was identified in the /h"
X Link @CVEnew 2025-10-13T21:27Z 55.7K followers, XXX engagements
"CVE-2025-37142 Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-40809 A vulnerability has been identified in Solid Edge SE2024 (All versions V224.0 Update 14) Solid Edge SE2025 (All versions V225.0 Update 6). The affected applicati"
X Link @CVEnew 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-10406 The BlindMatrix e-Commerce WordPress plugin before XXX does not validate some shortcode attributes before using them to generate paths passed to include function/s a"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-54499 Mattermost versions 10.5.x = 10.5.10 10.11.x = 10.11.2 fail to use constant-time comparison for sensitive string comparisons which allows attackers to exploit timi"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-55072 Stored cross-site scripting (XSS) vulnerability in desknet's NEO V2.0R1.0 to V9.0R2.0 allow execution of arbitrary JavaScript in a users web browser"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-10299 The WPBifrst Instant Passwordless Temporary Login Links plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ctl_cre"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-62241 Insecure Direct Object Reference (IDOR) vulnerability with shipment addresses in Liferay DXP 2023.Q4.1 through 2023.Q4.5 allows remote authenticated users to from one"
X Link @CVEnew 2025-10-13T19:37Z 55.7K followers, XXX engagements
"CVE-2025-62179 WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1 a SQL Injection vulnerability was identified in the /h"
X Link @CVEnew 2025-10-13T21:35Z 55.7K followers, XXX engagements
"CVE-2025-61675 FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX XX and versions prior to 17.0.6 for"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-53521 When a BIG-IP APM Access Policy is configured on a virtual server undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End o"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-59982 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Spaceallows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59230 Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-59962 An Access of Uninitialized Pointer vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved with BGP sharding configured a"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-55036 When BIG-IP SSL Orchestrator explicit forward proxy is configured on a virtual server and the proxy connect feature is enabled undisclosed traffic may cause memory c"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-59290 Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-60537 Improper input validation in the component /kafka/ui/serdes/CustomSerdeLoader.java of kafka-ui v0.6.0 to v0.7.2 allows attackers to execute arbitrary code via supplyi"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-59261 Time-of-check time-of-use (toctou) race condition in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XX engagements
"CVE-2025-59277 Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-59224 Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-59987 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Spaceallows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-39987 In the Linux kernel the following vulnerability has been resolved: can: hi311x: populate ndo_change_mtu() to prevent buffer overflow Sending an PF_PACKET allows to"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-8486 A potential vulnerability was reported in PC Manager that could allow a local authenticated user to execute code with elevated privileges"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-62515 pyquokka is a framework for making data lakes work for time series. In versions 0.3.1 and prior the FlightServer class directly uses pickle.loads() to deserialize ac"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-48008 When a TCP profile with Multipath TCP (MPTCP) enabled is configured on a virtual server undisclosed traffic along with conditions beyond the attacker's control can c"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-37145 Arbitrary file download vulnerabilities exist in a low-level interface library in AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful expl"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XX engagements
"CVE-2025-55682 Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-10041 The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in thesave_qr_code_to_db() function in all"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-59299 Delta Electronics DIAScreenlacks proper validation of the user-supplied file. If a user opens a malicious file an attacker can leverage this vulnerability to execut"
X Link @CVEnew 2025-10-03T03:20Z 55.7K followers, XXX engagements
"CVE-2025-10243 OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2 12.5.0.4 and 12.4.0.4 allows a remote authenticated attacker with admin privileges to"
X Link @CVEnew 2025-10-14T14:54Z 55.7K followers, XXX engagements
"CVE-2025-43281 The issue was addressed with improved authentication. This issue is fixed in macOS Sequoia XXXX. A local attacker may be able to elevate their privileges"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-59986 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Spaceallows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-55320 Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to elevate privi"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-56749 Creativeitem Academy LMS up to and including XXXX uses a hardcoded default JWT secret for token signing. This predictable secret allows attackers to forge valid JWT t"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-6894 An Execution with Unnecessary Privileges vulnerability has been identified in Moxas network security appliances and routers. A flaw in the API authorization logic of t"
X Link @CVEnew 2025-10-17T04:43Z 55.7K followers, XXX engagements
"CVE-2025-58120 When HTTP/2 Ingress is configured undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.Note: Software versions which have reached En"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-60855 Reolink Video Doorbell WiFi DB_566128M5MP_W performs insufficient validation of firmware update signatures. This allows attackers to load malicious firmware images r"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-10045 The onOffice for WP-Websites plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to and including XXX due to insufficie"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-62646 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote attackers to review the stored audio of conversations between associates"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-55097 In USBX before 6.4.3 the USB support module for Eclipse Foundation ThreadX there was a potential out of bound read issue in ux_host_class_audio_streaming_sampling"
X Link @CVEnew 2025-10-17T05:55Z 55.7K followers, XXX engagements
"CVE-2025-62506 MinIO is a high-performance object storage system. In all versions prior to RELEASE.2025-10-15T17-29-55Z a privilege escalation vulnerability allows service accounts"
X Link @CVEnew 2025-10-16T21:36Z 55.7K followers, XXX engagements
"CVE-2025-10611 Due to an insufficient access control implementation in multiple WSO2 Products authentication and authorization checks for certain REST APIs can be bypassed allowin"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-59983 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Spaceallows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-55334 Cleartext storage of sensitive information in Windows Kernel allows an unauthorized attacker to bypass a security feature locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-11851 A vulnerability has been found in Apeman ID71 EN75.8.53.20. The affected element is an unknown function of the file /set_alias.cgi. Such manipulation of the argument"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-22831 APTIOV contains a vulnerability in BIOS where an attacker may cause an Out-of-bounds Write by local. Successful exploitation of this vulnerability may lead to data co"
X Link @CVEnew 2025-10-14T14:38Z 55.7K followers, XXX engagements
"CVE-2025-48044 Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/policy.ex an"
X Link @CVEnew 2025-10-17T14:50Z 55.7K followers, XXX engagements
"CVE-2025-59958 An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on PTX Series allows"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-0277 HCL BigFix Mobile XXX and earlier are vulnerable to certain insecure directives within the Content Security Policy (CSP). An attacker could trick users into performing"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-59289 Double free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XX engagements
"CVE-2025-11814 The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to 3.21.1 (exclusive) due to insufficient input"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-39903 In the Linux kernel the following vulnerability has been resolved: of_numa: fix uninitialized memory nodes causing kernel panic When there are memory-only nodes (n"
X Link @CVEnew 2025-10-01T08:21Z 55.7K followers, XXX engagements
"CVE-2025-47150 When SNMP is configured on F5OS Appliance and Chassis systems undisclosed requests can cause an increase in SNMP memory resource utilization. Note: Software version"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-62511 yt-grabber-tui is a C++ terminal user interface application for downloading YouTube content. yt-grabber-tui version XXX contains a Time-of-Check to Time-of-Use (TOCTO"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-37133 An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mobility Conductor operating system. Successful exploitation could al"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-59258 Insertion of sensitive information into log file in Active Directory Federation Services allows an unauthorized attacker to disclose information locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-62358 WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1 the log parameter in configuracao_geral.php is vulnera"
X Link @CVEnew 2025-10-13T21:35Z 55.7K followers, XXX engagements
"CVE-2025-40000 In the Linux kernel the following vulnerability has been resolved: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() There is a bug observed whe"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-22258 A heap-based buffer overflow in Fortinet FortiSRA 1.5.0 1.4.0 through 1.4.2 FortiPAM 1.5.0 1.4.0 through 1.4.2 1.3.0 through 1.3.1 1.2.0 1.1.0 through 1.1.2 1"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-11722 The Woocommerce Category and Products Accordion Panel plugin for WordPress is vulnerable to Local File Inclusion in all versions up to and including XXX via the 'ca"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-54196 Adobe Connect versions XXXX and earlier are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. An attacker could leverage this vulnerabi"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-56221 A lack of rate limiting in the login mechanism of SigningHub v8.6.8 allows attackers to bypass authentication via a brute force attack"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-55332 Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-62356 A path traversal vulnerability in all versions of the Qodo Qodo Gen IDE enables a threat actor to read arbitrary local files in and outside of current projects on an"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-41254 STOMP over WebSocket applications may be vulnerable to a security bypass that allows an attacker to send unauthorized messages. Affected Spring Products and Versions"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-34267 Flowise v3.0.1 3.0.8 and all versions after with 'ALLOW_BUILTIN_DEP' enabled contain an authenticated remote code execution vulnerability and node VM sandbox escape"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-58724 Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-55687 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Resilient File System (ReFS) allows an unauthorized attacker to"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-10732 The SureForms Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to and including"
X Link @CVEnew 2025-10-14T05:50Z 55.7K followers, XXX engagements
"CVE-2025-62389 SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database"
X Link @CVEnew 2025-10-13T21:35Z 55.7K followers, XXX engagements
"CVE-2025-37137 Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-54889 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (SNMP traps manufacturer config"
X Link @CVEnew 2025-10-14T15:18Z 55.7K followers, XXX engagements
"CVE-2025-59244 External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XX engagements
"CVE-2025-20713 In wlan AP driver there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has"
X Link @CVEnew 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-61540 SQL injection vulnerability in Ultimate PHP Board 2.2.7 via the username field in lostpassword.php"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-24833 Stored cross-site scripting (XSS) vulnerability in desknet's NEO versions V4.0R1.0V9.0R2.0 allow execution of arbitrary JavaScript in a users web browser"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62392 SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database"
X Link @CVEnew 2025-10-13T21:27Z 55.7K followers, XXX engagements
"CVE-2025-59481 A vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command that may allow an authenticated attacker with at least resource administra"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-10700 The Ally Web Accessibility & Usability plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 3.8.0. This is due to"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-41253 The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62419 DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13 a JDBC URL injection vulnerability exists in the DB2 and MongoDB data s"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-53768 Use after free in Xbox allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-6042 The Lisfinity Core - Lisfinity Core plugin used for pebas Lisfinity WordPress theme plugin for WordPress is vulnerable to privilege escalation in all versions up to a"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-55333 Incomplete comparison with missing factors in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-61536 FelixRiddle dev-jobs-handlebars XXX uses absolute password-reset (magic) links using the untrusted header and forces the http:// scheme. An attac"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-58718 Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-62380 mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Mailgen versions through 2.0.31 contain an HTML injection vulnerab"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-11900 The iSherlock developed by HGiga has an OS Command Injection vulnerability allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them"
X Link @CVEnew 2025-10-17T04:43Z 55.7K followers, XXX engagements
"CVE-2025-11840 A weakness has been identified in GNU Binutils XXXX. The affected element is the function vfinfo of the file ldmisc.c. Executing manipulation can lead to out-of-bound"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-11839 A security flaw has been discovered in GNU Binutils XXXX. Impacted is the function tg_tag_type of the file prdbg.c. Performing manipulation results in unchecked retur"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-58720 Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-61803 Substance3D - Stager versions 3.1.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the c"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XX engagements
"CVE-2025-59988 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-53860 A vulnerability exists in F5OS-A software that allows a highly privileged authenticated attacker to access sensitive FIPS hardware security module (HSM) information o"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-58715 Integer overflow or wraparound in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-10357 The Simple SEO WordPress plugin before 2.0.32 does not sanitise and escape some parameters when outputing them in the page which could allow users with a role as low"
X Link @CVEnew 2025-10-14T06:23Z 55.7K followers, XXX engagements
"CVE-2025-59211 Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-62383 SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database"
X Link @CVEnew 2025-10-13T21:35Z 55.7K followers, XXX engagements
"CVE-2025-9548 A potential null pointer dereference vulnerability was reported in the Lenovo Power Management Driver that could allow a local authenticated user to cause a Windows blu"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-54264 Adobe Commerce versions 2.4.9-alpha2 2.4.8-p2 2.4.7-p7 2.4.6-p12 2.4.5-p14 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting (XSS) Cross-Site S"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-58778 Multiple versions of RG-EST300 provided by Ruijie Networks provide SSH server functionality. It is not documented in the manual and enabled in the initial configurat"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-39990 In the Linux kernel the following vulnerability has been resolved: bpf: Check the helper function is valid in get_helper_proto kernel test robot reported verifier"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-58096 When the database variable tm.tcpudptxchecksumis configured as non-default value Software-onlyon a BIG-IP system undisclosed traffic can cause the Traffic Manageme"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-20359 Multiple Cisco products are affected by a vulnerability in the Snort X HTTP Decoder that could allow an unauthenticated remote attacker to cause the disclosure of po"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-62585 Whale browser before 4.33.325.17 allows an attacker to bypass the Content Security Policy via a specific scheme in a dual-tab environment"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-55684 Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-62411 LibreNMS is a community-based GPL-licensed network monitoring system. LibreNMS = 25.8.0 contains a Stored Cross-Site Scripting (XSS) vulnerability in the Alert Tran"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-59284 Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-55328 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges loc"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-20709 In wlan AP driver there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege wit"
X Link @CVEnew 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-59282 Concurrent execution using shared resource with improper synchronization ('race condition') in Inbox COM Objects allows an unauthorized attacker to execute code local"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-58153 Under undisclosed traffic conditions along with conditions beyond the attacker's control hardware systems with a High-Speed Bridge (HSB) may experience a lockup of t"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-55701 Improper validation of specified type of input in Microsoft Windows allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-59206 Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-59193 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate pr"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-49201 A weak authentication in Fortinet FortiPAM 1.5.0 1.4.0 through 1.4.2 1.3.0 through 1.3.1 1.2.0 1.1.0 through 1.1.2 1.0.0 through 1.0.3 FortiSwitchManager 7.2.0"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-39973 In the Linux kernel the following vulnerability has been resolved: i40e: add validation for ring_len param The ring_len parameter provided by the virtual functio"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-11853 A vulnerability was determined in Sismics Teedy up to XXXX. This affects an unknown function of the file /api/file of the component API Endpoint. Executing manipulati"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-62176 Mastodon is a free open-source social network server based on ActivityPub. In Mastodon before 4.4.6 4.3.14 and 4.2.27 the streaming server accepts serving events"
X Link @CVEnew 2025-10-13T21:27Z 55.7K followers, XXX engagements
"CVE-2025-59836 Omni manages Kubernetes on bare metal virtual machines or in a cloud. Prior to 1.1.5 and 1.0.2 there is a nil pointer dereference vulnerability in the Omni Resour"
X Link @CVEnew 2025-10-13T20:50Z 55.7K followers, XXX engagements
"CVE-2025-60009 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-55098 In USBX before 6.4.3 the USB support module for Eclipse Foundation ThreadX there was a potential out of bound read issue in _ux_host_class_audio_device_type_get()"
X Link @CVEnew 2025-10-17T05:55Z 55.7K followers, XXX engagements
"CVE-2025-61941 A path traversal issue exists in WXR9300BE6P series firmware versions prior to Ver.1.10. Arbitrary file may be altered by an administrative user who logs in to the af"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-57563 A path traversal in StarNet Communications Corporation FastX v.4 through v4.1.51 allows unauthenticated attackers to read arbitrary files"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-59993 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-41410 Mattermost versions 10.10.x = 10.10.2 10.5.x = 10.5.10 10.11.x = 10.11.2 fail to validate email ownership during Slack import process which allows attackers to c"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-23356 NVIDIA Isaac Lab contains a vulnerability in SB3 configuration parsing. A successful exploit of this vulnerability might lead to code execution denial of service es"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XX engagements
"CVE-2025-11577 Clevos UEFI firmware update packages including B10717.exe inadvertently contained private signing keys used for Boot Guard and Boot Policy Manifest verification. T"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-39966 In the Linux kernel the following vulnerability has been resolved: iommufd: Fix race during abort for file descriptors fput() doesn't actually call file_operations"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-20715 In wlan AP driver there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has"
X Link @CVEnew 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-41020 Insecure direct object reference (IDOR) vulnerability in Sergestec's Exito v8.0. This vulnerability allows an attacker to access data belonging to other customers thr"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-61907 Icinga X is an open source monitoring system. In Icinga X versions XXX through 2.15.0 filter expressions provided to the various /v1/objects endpoints could access v"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-53139 Cleartext transmission of sensitive information in Windows Hello allows an unauthorized attacker to bypass a security feature locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-9955 An improper access control vulnerability exists in WSO2 Enterprise Integrator product due to insufficient permission restrictions on internal SOAP admin services relate"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-54603 An incorrect OIDC authentication flow in Claroty Secure Access 3.3.0 through 4.0.2 can result in unauthorized user creation or impersonation of existing OIDC users"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-10312 The Theme Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including XXX. This is due to missing nonce validation"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-61802 Substance3D - Stager versions 3.1.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the cur"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-40773 A vulnerability has been identified in SiPass integrated (All versions V3.0). Affected server applications contains a broken access control vulnerability. The autho"
X Link @CVEnew 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-59995 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-55669 When the BIG-IP Advanced WAF and ASM security policy and a server-side HTTP/2 profile are configured on a virtual server undisclosed traffic can cause the Traffic Ma"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-0276 HCL BigFix Modern Client Management (MCM) XXX and earlier are vulnerable to certain insecure directives within the Content Security Policy (CSP). An attacker could tri"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-55099 In USBX before 6.4.3 the USB support module for Eclipse Foundation ThreadX there was a potential out of bound read issue in _ux_host_class_audio_alternate_setting_l"
X Link @CVEnew 2025-10-17T05:55Z 55.7K followers, XXX engagements
"CVE-2025-46752 A insertion of sensitive information into log file in Fortinet FortiDLP 12.0.0 through 12.0.5 11.5.1 11.4.6 11.4.5 allows attacker to information disclosure via re"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-25298 Strapi is an open source headless CMS. The @strapi/core package before version 5.10.3 does not enforce a maximum password length when using bcryptjs for password hash"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62579 ASDA-Soft Stack-based Buffer Overflow Vulnerability"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-40810 A vulnerability has been identified in Solid Edge SE2024 (All versions V224.0 Update 14) Solid Edge SE2025 (All versions V225.0 Update 6). The affected applicati"
X Link @CVEnew 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-53856 When a virtual server network address translation (NAT) object or secure network address translation (SNAT) object uses the embedded Packet Velocity Acceleration (e"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-59980 An Authentication Bypass by Primary Weakness in the FTP server of Juniper Networks Junos OS allows an unauthenticated network-based attacker to get limited read-wri"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-11728 The Oceanpayment CreditCard Gateway plugin for WordPress is vulnerable to unauthenticated and unauthorized modification of data due to missing authentication and capa"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-62495 An integer overflow vulnerability exists in the QuickJS regular expression engine (libregexp) due to an inconsistent representation of the bytecode buffer size. *"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62648 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote attackers to adjust Drive Thru speaker audio volume"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-53858 ChatLuck contains a cross-site scripting vulnerability in Chat Rooms. If exploited an arbitrary script may be executed on the web browser of the user who is accessin"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-39998 In the Linux kernel the following vulnerability has been resolved: scsi: target: target_core_configfs: Add length check to avoid buffer overflow A buffer overflow"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-60006 Multiple instances of an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the CLI of Juniper Networks Jun"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-11905 A vulnerability was found in yanyutao0402 ChanCMS up to 3.3.2. This vulnerability affects the function getArticle of the file appmodulescmscontrollergather.js. Th"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-39970 In the Linux kernel the following vulnerability has been resolved: i40e: fix input validation logic for action_meta Fix condition to check 'greater or equal' to pr"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-20351 A vulnerability in the web UI of Cisco Desk Phone 9800 Series Cisco IP Phone 7800 and 8800 Series and Cisco Video Phone 8875 running Cisco SIP Software could allow"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-54281 Adobe Framemaker versions 2020.9 2022.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of th"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-11176 The Quick Featured Images plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to and including 13.7.2 via the qfi_set_thumbnai"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-49553 Adobe Connect versions XXXX and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute malicio"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-59204 Use of uninitialized resource in Windows Management Services allows an authorized attacker to disclose information locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-41707 The websocket handler is vulnerable to a denial of service condition. An unauthenticated remote attacker can send a crafted websocket message to trigger the issue wit"
X Link @CVEnew 2025-10-14T08:45Z 55.7K followers, XXX engagements
"CVE-2025-59201 Improper access control in Network Connection Status Indicator (NCSI) allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-34513 IleviaEVE X1 Server firmware versions 4.7.18.0.eden contain an OS command injection vulnerability in mbus_build_from_csv.phpthat allows an unauthenticated attacke"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-59228 Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-47890 An URL Redirection to Untrusted Site vulnerabilities CWE-601 in FortiOS 7.6.0 through 7.6.2 7.4.0 through 7.4.8 XXX all versions XXX all versions XXX all versio"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-55685 Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-39985 In the Linux kernel the following vulnerability has been resolved: can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow Sending an PF_PACKET allows"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-11842 A security vulnerability has been detected in Shazwazza Smidge up to 4.5.1. The impacted element is an unknown function of the component Bundle Handler. The manipulat"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-54276 Substance3D - Modeler versions 1.22.3 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file which could result in a read past t"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-59231 Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-55338 Missing Ability to Patch ROM Code in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-54755 A directory traversal vulnerability exists in TMUI that allows an authenticated attacker to access files which are not limited to the intended files. Note: Software"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-59189 Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-57741 An Incorrect Permission Assignment for Critical Resource vulnerability CWE-732 in FortiClientMac 7.4.0 through 7.4.3 7.2.0 through 7.2.11 XXX all versions may all"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-11719 Starting in Firefox XXX the use of the native messaging API by web extensions on Windows could lead to crashes caused by use-after-free memory corruption. This vulne"
X Link @CVEnew 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-46706 When an iRule containing the HTTP::respond command is configured on a virtual server undisclosed requests can cause an increase in memory resource utilization.Note:"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-62385 SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database"
X Link @CVEnew 2025-10-13T21:35Z 55.7K followers, XXX engagements
"CVE-2025-62374 Parse Javascript SDK provides access to the powerful Parse Server backend from your JavaScript app. Prior to 7.0.0 injection of malicious payload allows attacker to"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XX engagements
"CVE-2025-59196 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privilege"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-58133 Authentication bypass in some Zoom Rooms Clients before version 6.5.1 may allow an unauthenticated user to conduct a disclosure of information via network access"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-60540 karakeep v0.26.0 to v0.7.0 was discovered to contain a Server-Side Request Forgery (SSRF)"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-34255 D-Link Nuclias Connect firmware versions = 1.3.1.4 contain an observable response discrepancy vulnerability.The application's 'Forgot Password' endpoint returns dis"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-54891 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (ACL Resource access configurat"
X Link @CVEnew 2025-10-14T15:18Z 55.7K followers, XXX engagements
"CVE-2025-53782 Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-50175 Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2024-33507 An insufficient session expiration vulnerability CWE-613 and an incorrect authorization vulnerability CWE-863 in FortiIsolator 2.4.0 through 2.4.4 XXX all versio"
X Link @CVEnew 2025-10-14T15:40Z 55.7K followers, XXX engagements
"CVE-2025-40771 A vulnerability has been identified in SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions V2.4.24) SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions"
X Link @CVEnew 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-58725 Heap-based buffer overflow in Windows COM allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-62168 Squid is a caching proxy for the Web. In Squid versions prior to XXX a failure to redact HTTP authentication credentials in error handling allows information disclos"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62492 A vulnerability stemming from floating-point arithmetic precision errors exists in the QuickJS engine's implementation of TypedArray.prototype.indexOf() when a negati"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-55677 Untrusted pointer dereference in Windows Device Association Broker service allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-58474 When BIG-IP Advanced WAF is configured on a virtual server with Server-Side Request Forgery (SSRF) protection or when an NGINX server is configured with App Protect B"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-10730 The Wp tabber widget plugin for WordPress is vulnerable to SQL Injection via the 'wp-tabber-widget' shortcode in all versions up to and including XXX due to insuffi"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-58079 Improper Protection of Alternate Path (CWE-424) in the AppSuite of desknet's NEO V4.0R1.0 to V9.0R2.0 allows an attacker to create malicious AppSuite applications"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-58739 Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-41430 When BIG-IP SSL Orchestrator is enabled undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have re"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-54266 Adobe Commerce versions 2.4.9-alpha2 2.4.8-p2 2.4.7-p7 2.4.6-p12 2.4.5-p14 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerabilit"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-59967 A NULL Pointer Dereference vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved on ACX7024ACX7024XACX7100-32CACX7100-48"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-9124 A denial-of-service security issue in the affected product. The security issue stems from a fault occurring when a crafted CIP unconnected explicit message is sent. Thi"
X Link @CVEnew 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-59186 Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-11925 Incorrect Content-Type header in one of the APIs (text/html instead of application/json) replies may potentially allow injection of HTML/JavaScript into reply.Thi"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-39995 In the Linux kernel the following vulnerability has been resolved: media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe The state-timer i"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-55686 Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-11898 Agentflow developed by Flowring has an Arbitrary File Reading vulnerability allowing unauthenticated remote attackers to exploit Relative Path Traversal to download"
X Link @CVEnew 2025-10-17T04:43Z 55.7K followers, XXX engagements
"CVE-2025-60514 Tillywork v0.1.3 and below is vulnerable to SQL Injection in app/common/helpers/query.builder.helper.ts"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-58717 Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-59195 Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to deny serv"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-60004 An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-20714 In wlan AP driver there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has"
X Link @CVEnew 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-61798 Dimension versions 4.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file which could result in a read past the end of an"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XX engagements
"CVE-2025-59234 Use after free in Microsoft Office allows an unauthorized attacker to execute code locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-10139 The WP BookWidgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bw_link' shortcode in all versions up to and including XXX du"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-55690 Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-59190 Improper input validation in Microsoft Windows Search Component allows an unauthorized attacker to deny service locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-59243 Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-59989 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-39977 In the Linux kernel the following vulnerability has been resolved: futex: Prevent use-after-free during requeue-PI syzbot managed to trigger the following race:"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-46581 ZTE's ZXCDN product is affected by a Struts remote code execution (RCE) vulnerability. An unauthenticated attacker can remotely execute commands with non-root privil"
X Link @CVEnew 2025-10-14T09:17Z 55.7K followers, XXX engagements
"CVE-2025-61514 An arbitrary file upload vulnerability in SageMath Inc CoCalc before commit 0d2ff58 allows attackers to execute arbitrary code via uploading a crafted SVG file"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-10706 The Classified Pro theme for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check in the 'cwp_addons_update_plugin_cb' functi"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-10575 The WP jQuery Pager plugin for WordPress is vulnerable to SQL Injection via the 'ids' shortcode attribute parameter handled by the WPJqueryPaged::get_gallery_page_img"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-11912 A flaw has been found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. Affected is the function Query of the file /DeviceState.doAction=Query. This manipulatio"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-60535 A Cross-Site Request Forgery (CSRF) in the component /endpoints/currency/currency of Wallos v4.1.1 allows attackers to execute arbitrary operations via a crafted GET"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-62424 ClipBucket is a web-based video-sharing platform. In ClipBucket version 5.5.2 - #146 and earlier the /admin_area/template_editor.php endpoint is vulnerable to path t"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-40774 A vulnerability has been identified in SiPass integrated (All versions V3.0). Affected server applications store user passwords encrypted in its database. Decryptio"
X Link @CVEnew 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-11493 The ConnectWise Automate Agent does not fully verify the authenticity of files downloaded from the server such as updates dependencies and integrations. This creat"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-61539 Cross site scripting (XSS) vulnerability in Ultimate PHP Board 2.2.7 via the u_name parameter in lostpassword.php"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-11864 A vulnerability was identified in NucleoidAI Nucleoid up to 0.7.10. The impacted element is the function extension.apply of the file /src/cluster.ts of the component"
X Link @CVEnew 2025-10-16T21:36Z 55.7K followers, XXX engagements
"CVE-2025-10303 The Library Management System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the owt7_library_management"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-34516 IleviaEVE X1 Server firmware versions 4.7.18.0.eden contain a use of default credentials vulnerabilitythat allows an unauthenticated attacker to obtain remote acc"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-11911 A vulnerability was detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. This impacts the function Query of the file /DeviceFault.doAction=Query. The mani"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-39976 In the Linux kernel the following vulnerability has been resolved: futex: Use correct exit on failure from futex_hash_allocate_default() copy_process() uses the wr"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-60010 A password aging vulnerability in the RADIUS client of Juniper Networks Junos OS and Junos OS Evolved allows an authenticated network-based attacker to access the de"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-55339 Out-of-bounds read in Windows NDIS allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-39979 In the Linux kernel the following vulnerability has been resolved: net/mlx5: fs fix UAF in flow counter release Fix a kernel trace X caused by releasing an HWS"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-55087 In NextX Duo's snmp addon versions before 6.4.4 a part of the Eclipse Foundation ThreadX an attacker could cause an out-of-bound read by a crafted SNMPv3 security p"
X Link @CVEnew 2025-10-17T07:31Z 55.7K followers, XXX engagements
"CVE-2025-8429 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (ACL Action access configuration"
X Link @CVEnew 2025-10-14T15:40Z 55.7K followers, XXX engagements
"CVE-2025-36128 IBM MQ XXX XXX XXX XXX LTS and XXX XXX CD is vulnerable to a denial of service caused by improper enforcement of the timeout on individual read operations. By co"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-8561 The Ova Advent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to and including 1.1.7 due to insuffic"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-34519 IleviaEVE X1 Server firmware versions 4.7.18.0.eden contain an insecure hashing algorithm vulnerability.The product stores passwords using the MD5 hash function w"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-8430 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Commands Connectors configuratio"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-34518 IleviaEVE X1 Server firmware versions 4.7.18.0.eden contain a relative path traversal vulnerabilityinget_file_content.phpthat allows an attacker to read arbitra"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-60279 A server-side request forgery (SSRF) vulnerability in Illia Cloud illia-Builder before v4.8.5 allows authenticated users to send arbitrary requests to internal servic"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-59997 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59253 Improper access control in Microsoft Windows Search Component allows an authorized attacker to deny service locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XX engagements
"CVE-2025-62171 ImageMagick is an open source software suite for displaying converting and editing raster image files. In ImageMagick versions prior to 7.1.2-7 and 6.9.13-32 an in"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-55700 Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-37135 Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-59257 Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-54274 Substance3D - Viewer versions 0.25.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the cont"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-9068 A security issue exists within the Rockwell Automation Driver Package x64 Microsoft Installer File (MSI) repair functionality installed with FTLinx. Authenticated atta"
X Link @CVEnew 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-59233 Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-59280 Improper authentication in Windows SMB Client allows an unauthorized attacker to perform tampering over a network"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-10051 The Demo Import Kit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to and including 1.1.0 via t"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-62410 In versions before 20.0.2 it was found that --disallow-code-generation-from-strings is not sufficient for isolating untrusted JavaScript in happy-dom. The untrusted"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-43313 A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13.7.7 macOS Sonoma 14.7.7 macOS Sequoia XXXX. An app may be able to ac"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XX engagements
"CVE-2025-9437 A security issue exists within the Studio 5000 Logix Designer add-on profile (AOP) for the ArmorStart Classic distributed motor controller resulting in denial-of-servi"
X Link @CVEnew 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2024-42192 HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a credential leakage which could allow an attacker to access other computers or applications"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-54265 Adobe Commerce versions 2.4.9-alpha2 2.4.8-p2 2.4.7-p7 2.4.6-p12 2.4.5-p14 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. An att"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-54283 Illustrator versions XXXX 28.7.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-37143 An arbitrary file download vulnerability exists in the web-based management interface of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successf"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-62414 Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7 the Create New Customer feature (in the admin panel) is vulnerable to Cross-Site Scripting"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-58732 Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-59300 Delta Electronics DIAScreenlacks proper validation of the user-supplied file. If a user opens a malicious file an attacker can leverage this vulnerability to execut"
X Link @CVEnew 2025-10-03T03:20Z 55.7K followers, XXX engagements
"CVE-2025-48004 Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-59991 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-58730 Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-62645 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows a remote authenticated attacker to obtain a token with administrative privilege"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-53474 When an iRule using an ILX::callcommand is configured on a virtual server undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-10682 The TARIFFUXX plugin for WordPress is vulnerable to SQL Injection in versions up to and including XXX. This is due to insufficient neutralization of user-supplied i"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-61990 When using a multi-bladed platform with more than one blade undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software vers"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-61922 PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5 missing validation on the Express Chec"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-2529 Applications using affected versions of Ehcache 3.x can experience degraded cache-write performance if the application using Ehcache utilizes keys sourced from (malicio"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-58426 desknet's NEO V4.0R1.0 to V9.0R2.0 contains a hard-coded cryptographic key which allows an attacker to create malicious AppSuite applications"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-55695 Out-of-bounds read in Windows WLAN Auto Config Service allows an authorized attacker to disclose information locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-24990 Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-55094 In NetX Duo before 6.4.4 the networking support module for Eclipse Foundation ThreadX there was a potential out of bound read issue in _nx_icmpv6_validate_options("
X Link @CVEnew 2025-10-17T05:55Z 55.7K followers, XXX engagements
"CVE-2025-56747 Creativeitem Academy LMS up to and including XXXX contains a privilege escalation vulnerability in the Api_instructor controller where regular authenticated users can"
X Link @CVEnew 2025-10-14T15:18Z 55.7K followers, XXX engagements
"CVE-2025-61955 A vulnerability exists in F5OS-A and F5OS-C systems that may allow an authenticated attacker with local access to escalate their privileges. A successful exploit may"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-10986 Path traversal in the admin panel of Ivanti EPMM before version 12.6.0.2 12.5.0.4 and 12.4.0.4 allows a remote authenticated attacker with admin privileges to write"
X Link @CVEnew 2025-10-14T14:54Z 55.7K followers, XXX engagements
"CVE-2025-60360 radare2 v5.9.8 and before contains a memory leak in the function r2r_subprocess_init"
X Link @CVEnew 2025-10-17T14:50Z 55.7K followers, XXX engagements
"CVE-2025-59976 An arbitrary file download vulnerability in the web interface of Juniper Networks Junos Space allows a network-based authenticated attacker using a crafted GET method"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-62490 In quickjs in js_print_object when printing an array the function first fetches the array length and then loops over it.The issue is printing a value is not side"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62505 LobeChat is an open source chat application platform. The web-crawler package in LobeChat version 1.136.1 allows server-side request forgery (SSRF) in the tools.searc"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-27906 IBM Content Navigator 3.0.11 3.0.15 3.1.0 and 3.2.0 could expose the directory listing of the application upon using an application URL. Application files and fold"
X Link @CVEnew 2025-10-14T14:38Z 55.7K followers, XXX engagements
"CVE-2025-55697 Heap-based buffer overflow in Azure Local allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-54270 Animate versions 23.0.13 24.0.10 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to memory exposure. An attacker could leverage"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-9804 An improper access control vulnerability exists in multiple WSO2 products due to insufficient permission enforcement in certain internal SOAP Admin Services and System"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-20712 In wlan AP driver there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege wit"
X Link @CVEnew 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-54269 Animate versions 23.0.13 24.0.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-33177 NVIDIA Jetson Linux and IGX OS contain a vulnerability in NvMap where improper tracking of memory allocations could allow a local attacker to cause memory overalloca"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-37140 Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-6949 An Execution with Unnecessary Privileges vulnerability has been identified in Moxas network security appliances and routers. A critical authorization flaw in the API a"
X Link @CVEnew 2025-10-17T04:43Z 55.7K followers, XXX engagements
"CVE-2025-55337 Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-59292 External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-62491 A Use-After-Free (UAF) vulnerability exists in the QuickJS engine's standard library when iterating over the global list of unhandled rejected promises (ts-rejected_"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62353 A path traversal vulnerability in all versions of the Windsurf IDE enables a threat actor to read and write arbitrary local files in and outside of current projects o"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-11708 Use-after-free in MediaTrackGraphImpl::GetInstance() This vulnerability affects Firefox XXX Firefox ESR XXXXX Thunderbird XXX and Thunderbird 140.4"
X Link @CVEnew 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-58727 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacke"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-60361 radare2 v5.9.8 and before contains a memory leak in the function bochs_open"
X Link @CVEnew 2025-10-17T15:16Z 55.7K followers, XXX engagements
"CVE-2025-11492 In the ConnectWise Automate Agent communications could be configured to use HTTP instead of HTTPS. In such cases an on-path threat actor with a man-in-the-middle ne"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-58722 Heap-based buffer overflow in Windows DWM allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-61958 A vulnerability exists in the iHealth command that may allow an authenticated attacker with at least a resource administrator role to bypass tmshrestrictions and gai"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-20360 Multiple Cisco products are affected by a vulnerability in the Snort X HTTP Decoder that could allow an unauthenticated remote attacker to cause the Snort X Detectio"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-11714 Memory safety bugs present in Firefox ESR XXXXXX Firefox ESR XXXXX Thunderbird ESR XXXXX Firefox XXX and Thunderbird XXX. Some of these bugs showed evidence of mem"
X Link @CVEnew 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-50174 Use after free in Windows Device Association Broker service allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-11713 Insufficient escaping in the Copy as cURL feature could have been used to trick a user into executing unexpected code on Windows. This did not affect Firefox runnin"
X Link @CVEnew 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-34253 D-Link Nuclias Connect firmware versions = 1.3.1.4 contain a stored cross-site scripting (XSS) vulnerability due to improper sanitization of the 'Network' field when"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-57618 A path traversal vulnerability in FastX3 thru 3.3.67 allows an unauthenticated attacker to read arbitrary files on the server. By leveraging this vulnerability it is"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-20716 In wlan AP driver there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has"
X Link @CVEnew 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-9713 Path traversal in Ivanti Endpoint Manager allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required"
X Link @CVEnew 2025-10-13T21:27Z 55.7K followers, XXX engagements
"CVE-2025-11832 Allocation of Resources Without Limits or Throttling vulnerability in Azure Access Technology BLU-IC2 Azure Access Technology BLU-IC4 allows Flooding.This issue affe"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-52583 Reflected cross-site scripting (XSS) vulnerability in desknet's Web Server allows execution of arbitrary JavaScript in a users web browser"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-20366 In Splunk Enterprise versions below 9.4.4 9.3.6 and 9.2.8 and Splunk Cloud Platform versions below 9.3.2411.111 9.3.2408.119 and 9.2.2406.122 a low-privileged u"
X Link @CVEnew 2025-10-01T16:45Z 55.7K followers, XXX engagements
"CVE-2025-49552 Adobe Connect versions XXXX and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a high-privileged attacker to"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-62156 Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions prior to 3.6.12 and versions 3.7.0 through 3"
X Link @CVEnew 2025-10-14T15:18Z 55.7K followers, XXX engagements
"CVE-2025-60536 An issue in the Configure New Cluster interface of kafka-ui v0.6.0 to v0.7.2 allows attackers to cause a Denial of Service (DoS) via uploading a crafted configuration"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-59222 Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-62366 mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Mailgen versions through 2.0.30 contain an HTML injection vulnerab"
X Link @CVEnew 2025-10-14T15:40Z 55.7K followers, XXX engagements
"CVE-2025-10135 The WP ViewSTL plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'viewstl' shortcode in all versions up to and including XXX due to"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-59447 The YoSmart YoLink Smart Hub device 0382 exposes a UART debug interface. An attacker with direct physical access can leverage this interface to read a boot log which"
X Link @CVEnew 2025-10-06T20:16Z 55.7K followers, XXX engagements
"CVE-2025-55681 Out-of-bounds read in Windows DWM allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-62584 Whale browser before 4.33.325.17 allows an attacker to bypass the Same-Origin Policy in a dual-tab environment"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-37147 A Secure Boot Bypass Vulnerability exists in affected Access Points that allows an adversary to bypass the hardware root of trust verification in place to ensure only"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-11709 A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. This vulnerability affects"
X Link @CVEnew 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-59992 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-58733 Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-11904 A vulnerability has been found in yanyutao0402 ChanCMS up to 3.3.2. This affects the function hasUse of the file /cms/model/hasUse. The manipulation of the argument I"
X Link @CVEnew 2025-10-17T15:16Z 55.7K followers, XXX engagements
"CVE-2025-55326 Use after free in Connected Devices Platform Service (Cdpsvc) allows an unauthorized attacker to execute code over a network"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-62644 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 has a Global Store Directory that shares personal information among authenticated user"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-59298 Delta Electronics DIAScreenlacks proper validation of the user-supplied file. If a user opens a malicious file an attacker can leverage this vulnerability to execut"
X Link @CVEnew 2025-10-03T03:20Z 55.7K followers, XXX engagements
"CVE-2025-55080 In Eclipse ThreadX before 6.4.3 when memory protection is enabled syscall parameters verification wasn't enough allowing an attacker to obtain an arbitrary memory"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-36730 A prompt injection vulnerability exists in Windsurft version 1.10.7 in Write mode using SWE-1 model. It is possible to create a file name that will be appended to th"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-59238 Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-54858 When a BIG-IP Advanced WAF or BIG-IP ASM Security Policy is configured with a JSON content profile that has a malformed JSON schema and the security policy is applie"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-54275 Substance3D - Viewer versions 0.25.2 and earlier are affected by an out-of-bounds write vulnerability that could lead to application denial-of-service. An attacker co"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-39974 In the Linux kernel the following vulnerability has been resolved: tracing/osnoise: Fix slab-out-of-bounds in _parse_integer_limit() When config osnoise cpus by wr"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-59275 Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XX engagements
"CVE-2025-59990 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-39996 In the Linux kernel the following vulnerability has been resolved: media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove The original cod"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-41018 SQL injection in Sergestec's Exito v8.0. This vulnerability allows an attacker to retrieve create update and delete databases through the 'cat' parameter in '/publ"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-56218 An arbitrary file upload vulnerability in SigningHub v8.6.8 allows attackers to execute arbitrary code via uploading a crafted PDF file"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-55340 Improper authentication in Windows Remote Desktop Protocol allows an authorized attacker to bypass a security feature locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-55694 Improper access control in Windows Error Reporting allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-47148 When the BIG-IP system is configured as both a Security Assertion Markup Language (SAML) service provider (SP) and Identity Provider (IdP) with single logout (SLO) e"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-11913 A vulnerability has been found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. Affected by this vulnerability is the function Download of the file /Service.do"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62416 Bagisto is an open source laravel eCommerce platform. Bagisto v2.3.7 is vulnerable to Server-Side Template Injection (SSTI) due to unsanitized user input being proces"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-60359 radare2 v5.9.8 and before contains a memory leak in the function r_bin_object_new"
X Link @CVEnew 2025-10-17T14:50Z 55.7K followers, XXX engagements
"CVE-2024-47569 A insertion of sensitive information into sent data in Fortinet FortiManager Cloud 7.4.1 through 7.4.3 FortiVoice 7.0.0 through 7.0.4 6.4.0 through 6.4.9 6.0.7 thr"
X Link @CVEnew 2025-10-14T15:40Z 55.7K followers, XXX engagements
"CVE-2025-62361 WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.0 an Open Redirect vulnerability was identified in the c"
X Link @CVEnew 2025-10-13T21:35Z 55.7K followers, XXX engagements
"CVE-2025-58075 Mattermost versions 10.11.x = 10.11.1 10.10.x = 10.10.2 10.5.x = 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-54892 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (SNMP traps group configuration"
X Link @CVEnew 2025-10-14T15:18Z 55.7K followers, XXX engagements
"CVE-2025-59192 Buffer over-read in Storport.sys Driver allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-59185 External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-58747 Dify is an LLM application development platform. In Dify versions through 1.9.1 the MCP OAuth component is vulnerable to cross-site scripting when a victim connects"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-54973 A concurrent execution using shared resource with improper synchronization ('Race Condition') vulnerability CWE-362 in Fortinet FortiAnalyzer version 7.6.0 through"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2024-50571 A heap-based buffer overflow in Fortinet FortiOS 7.6.0 through 7.6.1 7.4.0 through 7.4.5 7.2.0 through 7.2.10 7.0.0 through 7.0.16 6.4.0 through 6.4.15 6.2.0 thr"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-20718 In wlan AP driver there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution priv"
X Link @CVEnew 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-10699 A vulnerability was reported in the Lenovo LeCloud client application that under certain conditions could allow information disclosure"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-9967 The Orion SMS OTP Verification plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to and including 1.1.7. This is due"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-59260 Exposure of sensitive information to an unauthorized actor in Microsoft Failover Cluster Virtual Driver allows an authorized attacker to disclose information locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XX engagements
"CVE-2025-20722 In gnss driver there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure if a malicious actor has already ob"
X Link @CVEnew 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-59214 Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-55691 Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-59237 Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-59269 A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the c"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-62423 ClipBucket V5 provides open source video hosting with PHP. In version5.5.2 - #140 and earlier a Blind SQL injection vulnerability exists in the Admin Areas /admin_"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-46774 An Improper Verification of Cryptographic Signature vulnerability CWE-347 in FortiClient MacOS installer version 7.4.2 and below version 7.2.9 and below XXX all v"
X Link @CVEnew 2025-10-14T15:40Z 55.7K followers, XXX engagements
"CVE-2025-59199 Improper access control in Software Protection Platform (SPP) allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-59248 Improper input validation in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XX engagements
"CVE-2025-10313 The Find And Replace content for WordPress plugin for WordPress is vulnerable to unauthorized Stored Cross-Site Scripting and Arbitrary Content Replacement due to a m"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-53845 An improper authentication vulnerability CWE-287 in Fortinet FortiAnalyzer version 7.6.0 through 7.6.3 and before 7.4.6 allows an unauthenticated attacker to obtain"
X Link @CVEnew 2025-10-14T15:40Z 55.7K followers, XXX engagements
"CVE-2025-55315 Inconsistent interpretation of http requests ('http request/response smuggling') in Core allows an authorized attacker to bypass a security feature over a net"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-11177 The External Login plugin for WordPress is vulnerable to SQL Injection via the 'log' parameter in all versions up to and including 1.11.2 due to insufficient escapi"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-41443 Mattermost versions 10.5.x = 10.5.10 10.11.x = 10.11.2 fail to properly validate guest user permissions when accessing channel information which allows guest users"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-43280 The issue was resolved by not loading remote images This issue is fixed in iOS XXXX and iPadOS XXXX. Forwarding an email could display remote images in Mail in Lockdo"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-62415 Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7 the TinyMCE image upload functionality allows an attacker with sufficient privileges (e.g. ad"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-59291 External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-61933 A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of BIG-IP APM that allows an attacker to run JavaScript in the context of the targe"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-26860 RemoteCall Remote Support Program (for Operator) versions prior to 5.1.0 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-59249 Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-10293 The Keyy Two Factor Authentication (like Clef) plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to and including 1"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-55079 In Eclipse ThreadX before version 6.4.3 the thread module has a setting of maximum priority. In some cases the check of that maximum priority wasn't performed allow"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-59985 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Spaceallows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-50152 Out-of-bounds read in Windows Kernel allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-37144 Arbitrary file download vulnerabilities exist in a low-level interface library in AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful expl"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XX engagements
"CVE-2025-55091 In NetX Duo before 6.4.4 the networking support module for Eclipse Foundation ThreadX there was a potential out of bound read issue in _nx_ip_packet_receive() funct"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-39983 In the Linux kernel the following vulnerability has been resolved: Bluetooth: hci_event: Fix UAF in hci_conn_tx_dequeue This fixes the following UAF caused by not"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-53092 Strapi is an open source headless content management system. Strapi versions prior to 5.20.0 contain a CORS misconfiguration vulnerability in default installations. B"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-8428 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (HTTP Loader widget modules) allo"
X Link @CVEnew 2025-10-14T14:54Z 55.7K followers, XXX engagements
"CVE-2025-62422 DataEase is an open source data visualization and analytics platform. In versions 2.10.13 and earlier the /de2api/datasetData/tableField interface is vulnerable to S"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-0275 HCL BigFix Mobile XXX and earlier is affected by improper access control. Unauthorized users can access a small subset of endpoint actions potentially allowing access"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-62362 gpp-burgerportaal is a Dutch government citizen portal application. In versions before 2.0.3 3.0.2 and 4.0.1 the name and email address of employees who publish co"
X Link @CVEnew 2025-10-13T21:50Z 55.7K followers, XXX engagements
"CVE-2025-37146 A vulnerability in the web-based management interface of network access point configuration services could allow an authenticated remote attacker to perform remote co"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-62387 SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database"
X Link @CVEnew 2025-10-13T21:35Z 55.7K followers, XXX engagements
"CVE-2025-10486 The Content Writer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to and including 3.6.8 through publicly exposed log files"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-59968 A Missing Authorization vulnerability in the Juniper Networks Junos Space Security Director allows an unauthenticated network-based attacker to read or modify metadat"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59205 Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate p"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-39971 In the Linux kernel the following vulnerability has been resolved: i40e: fix idx validation in config queues msg Ensure idx is within range of active/initialized T"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-62428 Drawing-Captcha APP provides interactive engaging verification for Web-Based Applications. The vulnerability is a Host Header Injection in the /register and /confirm"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-36002 IBM Sterling B2B Integrator 6.2.0.0 through 6.2.0.5 and 6.2.1.0 and IBM Sterling File Gateway 6.2.0.0 through 6.2.0.5 and 6.2.1.0 stores user credentials in configu"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-10985 OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2 12.5.0.4 and 12.4.0.4 allows a remote authenticated attacker with admin privileges to"
X Link @CVEnew 2025-10-14T14:54Z 55.7K followers, XXX engagements
"CVE-2025-55083 In NetX Duo version before 6.4.4 the component of Eclipse Foundation ThreadX there was an incorrect bound check resulting it out by two out of bound read"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-54822 An improper authorization vulnerability CWE-285 in Fortinet FortiOS version 7.4.0 through 7.4.1 and before 7.2.8 & Fortinet FortiProxy before version 7.4.8 allows a"
X Link @CVEnew 2025-10-14T15:40Z 55.7K followers, XXX engagements
"CVE-2025-11721 Memory safety bug present in Firefox XXX and Thunderbird XXX. This bug showed evidence of memory corruption and we presume that with enough effort this could have bee"
X Link @CVEnew 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-54263 Adobe Commerce versions 2.4.9-alpha2 2.4.8-p2 2.4.7-p7 2.4.6-p12 2.4.5-p14 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. A low-"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-10141 The Digiseller plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ds' shortcode in all versions up to and including 1.3.0 due to in"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-57740 An Heap-based Buffer Overflow vulnerability CWE-122 in FortiOS version 7.6.2 and below version 7.4.7 and below version 7.2.10 and below XXX all versions XXX all"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-10056 The Task Scheduler plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to and including 1.6.3 via the Check Website task. This ma"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-55331 Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-11914 A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. Affected by this issue is the function Download of the file /DeviceFileReport.doActi"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-61908 Icinga X is an open source monitoring system. From 2.10.0 to before 2.15.1 2.14.7 and 2.13.13 when creating an invalid reference such as a reference to null dere"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-59236 Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-62252 Insecure Direct Object Reference (IDOR) vulnerability in Liferay Portal 7.4.0 through 7.4.3.111 and older unsupported versions and Liferay DXP 2023.Q4.0 through 202"
X Link @CVEnew 2025-10-13T20:50Z 55.7K followers, XXX engagements
"CVE-2025-11720 The Firefox and Firefox Focus UI for the Android custom tab feature only showed the "site" that was loaded not the full hostname. User supplied content hosted on a s"
X Link @CVEnew 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-59232 Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-59203 Insertion of sensitive information into log file in Windows StateRepository API allows an authorized attacker to disclose information locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-39992 In the Linux kernel the following vulnerability has been resolved: mm: swap: check for stable address space before operating on the VMA It is possible to hit a zer"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-6338 There is an incomplete cleanup vulnerability in Qt Network's Schannel support on Windows which can lead to a Denial of Service over a long period.This issue affects Qt"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-11712 A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a conten"
X Link @CVEnew 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-11717 When switching between Android apps using the card carousel Firefox shows a black screen as its card image when a password-related screen was the last one being used"
X Link @CVEnew 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-22833 APTIOV contains a vulnerability in BIOS where an attacker may cause a Buffer Copy without Checking Size of Input by local accessing. Successful exploitation of this v"
X Link @CVEnew 2025-10-14T14:38Z 55.7K followers, XXX engagements
"CVE-2025-62421 DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13 a stored cross-site scripting vulnerability exists due to improper file"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62407 Frappe is a full-stack web application framework. Prior to 14.98.0 and 15.83.0 an open redirect was possible through the redirect argument on the login page if a s"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-58716 Improper input validation in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-10132 The Dhivehi Text plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dhivehi' shortcode in all versions up to and including XXX due"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-57716 An Uncontrolled Search Path Element vulnerability CWE-427 in FortiClient Windows 7.4.0 through 7.4.3 7.2.0 through 7.2.11 XXX all versions may allow a local low p"
X Link @CVEnew 2025-10-14T15:40Z 55.7K followers, XXX engagements
"CVE-2025-59200 Concurrent execution using shared resource with improper synchronization ('race condition') in Data Sharing Service Client allows an unauthorized attacker to perform"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-26625 Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0 when populating a Git repository's working tree with the contents of G"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-59198 Improper input validation in Microsoft Windows Search Component allows an authorized attacker to deny service locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-22832 APTIOV contains a vulnerability in BIOS where an attacker may cause an Out-of-bounds Write by local. Successful exploitation of this vulnerability may lead to data co"
X Link @CVEnew 2025-10-14T14:38Z 55.7K followers, XXX engagements
"CVE-2025-62363 yt-grabber-tui is a terminal user interface application for downloading videos. In versions before 1.0-rc the application allows users to configure the path to the y"
X Link @CVEnew 2025-10-13T21:50Z 55.7K followers, XXX engagements
"CVE-2025-59250 Improper input validation in JDBC Driver for SQL Server allows an unauthorized attacker to perform spoofing over a network"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-55336 Exposure of sensitive information to an unauthorized actor in Windows Cloud Files Mini Filter Driver allows an authorized attacker to disclose information locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-62412 LibreNMS is a community-based GPL-licensed network monitoring system. The alert rule name in the Alerts Alert Rules page is not properly sanitized and can be used"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-39975 In the Linux kernel the following vulnerability has been resolved: smb: client: fix wrong index reference in smb2_compound_op() In smb2_compound_op() the loop tha"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-37132 An arbitrary file write vulnerability exists in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Su"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-20350 A vulnerability in the web UI of Cisco Desk Phone 9800 Series Cisco IP Phone 7800 and 8800 Series and Cisco Video Phone 8875 running Cisco SIP Software could allow"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-62390 SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database"
X Link @CVEnew 2025-10-13T21:36Z 55.7K followers, XXX engagements
"CVE-2025-61796 Adobe Experience Manager versions XXXX and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-10301 The FunKItools plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.0.2. This is due to missing or incorrect nonce"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-62504 Envoy is an open source edge and service proxy. Envoy versions earlier than 1.36.2 1.35.6 1.34.10 and 1.33.12 contain a use-after-free vulnerability in the Lua fil"
X Link @CVEnew 2025-10-16T21:36Z 55.7K followers, XXX engagements
"CVE-2025-25255 An Improperly Implemented Security Check for Standard vulnerability CWE-358 in FortiProxy 7.6.0 through 7.6.3 XXX all versions XXX all versions 7.0.1 through 7.0"
X Link @CVEnew 2025-10-14T15:40Z 55.7K followers, XXX engagements
"CVE-2025-6950 An Use of Hard-coded Credentials vulnerability has been identified in Moxas network security appliances and routers. The system employs a hard-coded secret key to sign"
X Link @CVEnew 2025-10-17T04:43Z 55.7K followers, XXX engagements
"CVE-2025-10743 The Outdoor plugin for WordPress is vulnerable to SQL Injection via the 'edit' action in all versions up to and including 1.3.2 due to insufficient escaping on the"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-9064 A path traversal security issue exists within FactoryTalk View Machine Edition allowing unauthenticated attackers on the same network as the device to delete any file"
X Link @CVEnew 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-58729 Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-39978 In the Linux kernel the following vulnerability has been resolved: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() This code calls kfree_rcu(new_n"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-61938 When a BIG-IP Advanced WAF or ASM security policy is configured with a URL greater than 1024 characters in length for the Data Guard Protection Enforcement setting e"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-20720 In wlan AP driver there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege wit"
X Link @CVEnew 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-62642 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 has an "Anyone Can Join This Party" signup API that does not verify user account creat"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-41021 Stored Cross-Site Scripting (XSS) in Sergestec's Exito v8.0 consisting of a stored XSS due to a lack of proper validation of user input by sending a POST request usi"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-59242 Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-54272 Adobe Experience Manager versions XXXX and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-41705 An unauthenticated remote attacker (MITM) can intercept the websocket messages to gain access to the login credentials for the Webfrontend"
X Link @CVEnew 2025-10-14T08:45Z 55.7K followers, XXX engagements
"CVE-2025-59778 When the Allowed IP Addresses feature is configured on the F5OS-C partition control plane undisclosed traffic can cause multiple containers to terminate. Note: So"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2023-28814 Some versions of Hikvision's iSecure Center Product have an improper file upload control vulnerability. Due to the improper verification of file to be uploaded attac"
X Link @CVEnew 2025-10-17T11:27Z 55.7K followers, XXX engagements
"CVE-2025-55692 Improper input validation in Windows Error Reporting allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-20721 In imgsensor there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already"
X Link @CVEnew 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-62427 The Angular CLI is a command-line interface tool for Angular applications. The vulnerability is a Server-Side Request Forgery (SSRF) flaw within the URL resolution me"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-11715 Memory safety bugs present in Firefox ESR XXXXX Thunderbird ESR XXXXX Firefox XXX and Thunderbird XXX. Some of these bugs showed evidence of memory corruption and w"
X Link @CVEnew 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-61924 PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5 the Target PayPal merchant account hij"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-59043 OpenBao is an open source identity-based secrets management system. In OpenBao versions prior to 2.4.1 JSON objects after decoding may use significantly more memory"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-55089 In FileX before 6.4.2 the file support module for Eclipse Foundation ThreadX there was a possible buffer overflow in the FileX RAM disk driver. It could cause a rem"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-11161 The WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the vc_custom_heading shortcode in all versions up to and including"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-58735 Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-37141 Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-62378 CommandKit is the discord.js meta-framework for building Discord bots. In versions 1.2.0-rc.1 through 1.2.0-rc.11 a logic flaw exists in the message command handler"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-59051 The FreePBX Endpoint Manager module includes a Network Scanning feature that provides web-based access to nmap functionality for network device discovery. In Endpoint"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-59921 An exposure of sensitive information to an unauthorized actor vulnerability CWE-200 in Fortinet FortiADC version 7.4.0 version 7.2.3 and below version 7.1.4 and b"
X Link @CVEnew 2025-10-14T15:40Z 55.7K followers, XXX engagements
"CVE-2025-34254 D-Link Nuclias Connect firmware versions = 1.3.1.4 contain an observable response discrepancy vulnerability.The application's 'Login' endpoint returns distinct JSON"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-62493 A vulnerability exists in the QuickJS engine's BigInt string conversion logic (js_bigint_to_string1) due to an incorrect calculation of the required number of digits"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-34517 IleviaEVE X1 Server firmware versions 4.7.18.0.eden contain an absolute path traversal vulnerabilityinget_file_content.phpthat allows an attacker to read arbitr"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-39984 In the Linux kernel the following vulnerability has been resolved: net: tun: Update napi-skb after XDP process The syzbot report a UAF issue: BUG: KASAN: slab-"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-43282 A double free issue was addressed with improved memory management. This issue is fixed in macOS Sequoia XXXX iOS XXXX and iPadOS XXXX watchOS XXXX tvOS XXXX visio"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-39972 In the Linux kernel the following vulnerability has been resolved: i40e: fix idx validation in i40e_validate_queue_map Ensure idx is within range of active/initial"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-62650 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for use of the diagnostic screen"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-61806 Substance3D - Stager versions 3.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file which could result in a read past the"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XX engagements
"CVE-2025-55693 Use after free in Windows Kernel allows an unauthorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-10133 The URLYar URL Shortner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'urlyar_shortlink' shortcode in all versions up to and inc"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-31514 An Insertion of Sensitive Information into Log File vulnerability CWE-532 in FortiOS 7.6.0 through 7.6.3 XXX all versions XXX all versions XXX all versions 6.4"
X Link @CVEnew 2025-10-14T15:40Z 55.7K followers, XXX engagements
"CVE-2025-11736 A flaw has been found in itsourcecode Online Examination System XXX. Affected by this issue is some unknown functionality of the file /index.php. This manipulation of"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XX engagements
"CVE-2025-20724 In wlan AP driver there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with User execution privil"
X Link @CVEnew 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-20711 In wlan AP driver there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege wit"
X Link @CVEnew 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-40765 A vulnerability has been identified in TeleControl Server Basic V3.1 (All versions = V3.1.2.2 V3.1.2.3). The affected application contains an information disclosur"
X Link @CVEnew 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-59278 Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XX engagements
"CVE-2025-37138 An authenticated command injection vulnerability exists in the command line interface binary of AOS-10 GW and AOS-8 Controllers/Mobility Conductor operating system. E"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-61807 Substance3D - Stager versions 3.1.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the c"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XX engagements
"CVE-2025-55247 Improper link resolution before file access ('link following') in .NET allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-62381 sveltekit-superforms makes SvelteKit forms a pleasure to use. sveltekit-superforms v2.27.3 and prior are susceptible to a prototype pollution vulnerability within the"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-6893 An Execution with Unnecessary Privileges vulnerability has been identified in Moxas network security appliances and routers. A flaw in broken access control has been i"
X Link @CVEnew 2025-10-17T04:43Z 55.7K followers, XXX engagements
"CVE-2025-11909 A weakness has been identified in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. The impacted element is the function queryLast of the file /RepairRecord.doActi"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-8594 The Pz-LinkCard WordPress plugin before 2.5.7 does not validate a parameter before making a request to it which could allow users with a role as low as Contributor to"
X Link @CVEnew 2025-10-14T06:23Z 55.7K followers, XXX engagements
"CVE-2025-55248 Inadequate encryption strength in .NET .NET Framework Visual Studio allows an authorized attacker to disclose information over a network"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-6892 An Incorrect Authorization vulnerability has been identified in Moxas network security appliances and routers. A flaw in the API authentication mechanism allows unauth"
X Link @CVEnew 2025-10-17T04:43Z 55.7K followers, XXX engagements
"CVE-2025-54479 When a classification profile is configured on a virtual server without an HTTP or HTTP/2 profile undisclosed requests can cause the Traffic Management Microkernel ("
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-10576 Potential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver which might allow escalation"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-34512 IleviaEVE X1 Server firmware versions 4.7.18.0.eden contain a reflected cross-site scripting (XSS) vulnerability in index.php that allows an unauthenticated attack"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-11701 The Zip Attachments plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check as well as missing post status validation in t"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-60016 When Diffie-Hellman (DH) group Elliptic Curve Cryptography (ECC) Brainpool curves are configured in an SSL profile's Cipher Rule or Cipher Group and that profile is"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2023-28815 Some versions of Hikvision's iSecure Center Product contain insufficient parameter validation resulting in a command injection vulnerability. Attackers may exploit t"
X Link @CVEnew 2025-10-17T11:27Z 55.7K followers, XXX engagements
"CVE-2025-10850 The Felan Framework plugin for WordPress is vulnerable to improper authentication in versions up to and including 1.1.4. This is due to the hardcoded password in th"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-58424 On BIG-IP systems undisclosed traffic can cause data corruption and unauthorized data modification in protocols which do not have message integrity protection.Note"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-59978 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to store scri"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-9559 Pega Platform versions 8.7.5 to Infinity 24.2.2 are affected by a Insecure Direct Object Reference issue in a user interface component that can only be used to read dat"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-61923 PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5 the backoffice is missing validation o"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-59889 Improper authentication of library files in the Eaton IPP software installer could lead to arbitrary code execution of an attacker with the access to the software pac"
X Link @CVEnew 2025-10-14T05:33Z 55.7K followers, XXX engagements
"CVE-2025-53717 Reliance on untrusted inputs in a security decision in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-54461 ChatLuck contains an insufficient granularity of access control vulnerability in Invitation of Guest Users. If exploited an uninvited guest user may register itself"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62371 OpenSearch Data Prepper as an open source data collector for observability data. In versions prior to 2.12.2 the OpenSearch sink and source plugins in Data Prepper t"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-59288 Improper verification of cryptographic signature in GitHub allows an unauthorized attacker to perform spoofing over an adjacent network"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-62430 ClipBucket v5 is an open source video sharing platform. ClipBucket v5 through build 5.5.2 #145 allows stored cross-site scripting (XSS) in multiple video and photo me"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-59428 EspoCRM is an open source customer relationship management application. In versions before 9.1.9 a vulnerability allows arbitrary user creation including administra"
X Link @CVEnew 2025-10-14T15:18Z 55.7K followers, XXX engagements
"CVE-2025-41706 The webserver is vulnerable to a denial of service condition. An unauthenticated remote attacker can craft a special GET request with an over-long content-length to t"
X Link @CVEnew 2025-10-14T08:45Z 55.7K followers, XXX engagements
"CVE-2025-52960 A Buffer Copy without Checking Size of Input vulnerability in the Session Initialization Protocol (SIP) ALG of Juniper Networks Junos OS on MX Series and SRX Series"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-39999 In the Linux kernel the following vulnerability has been resolved: blk-mq: fix blk_mq_tags double free while nr_requests grown In the case user trigger tags grow b"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-11623 SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database"
X Link @CVEnew 2025-10-13T21:27Z 55.7K followers, XXX engagements
"CVE-2025-60001 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-54854 When a BIG-IP APM OAuth access profile (Resource Server or Resource Client) is configured on a virtual server undisclosed traffic can cause the apmdprocess to termi"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2024-56143 Strapi is an open-source headless content management system. In versions from 5.0.0 to before 5.5.2 the lookup operator provided by the document service does not pro"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62418 Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7 the TinyMCE image upload functionality allows an attacker with sufficient privileges (e.g. ad"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-41699 An low privileged remote attacker with an account for the Web-based management can change the system configuration to perform a command injection as root resulting i"
X Link @CVEnew 2025-10-14T08:56Z 55.7K followers, XXX engagements
"CVE-2025-62651 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 does not implement access control for the bathroom rating interface"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-48813 Use of a key past its expiration date in Virtual Secure Mode allows an authorized attacker to perform spoofing locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-60013 When a user attempts to initialize the rSeries FIPS module using a password with special shell metacharacters the FIPS hardware security module (HSM) may fail to ini"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-33182 NVIDIA Jetson Linux contains a vulnerability in UEFI where improper authentication may allow a privileged user to cause corruption of the Linux Device Tree. A succes"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-54267 Adobe Commerce versions 2.4.9-alpha2 2.4.8-p2 2.4.7-p7 2.4.6-p12 2.4.5-p14 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. A low-"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-59235 Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-56320 Enterprise Contract Management Portal v.22.4.0 is vulnerable to Stored Cross-Site Scripting (XSS) in its chat box component. This allows a remote attacker to execute"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-25253 An Improper Validation of Certificate with Host Mismatch vulnerability CWE-297 in FortiProxy version 7.6.1 and below version 7.4.8 and below XXX all versions 7.0"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-11718 When the address bar was hidden due to scrolling on Android a malicious page could create a fake address bar to fool the user in response to a visibilitychange event"
X Link @CVEnew 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-10849 The Felan Framework plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_plugin_actions' function"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-62384 SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database"
X Link @CVEnew 2025-10-13T21:35Z 55.7K followers, XXX engagements
"CVE-2025-54805 When an iRule is configured on a virtual server via the declarative API upon re-instantiation the cleanup process can cause an increase in the Traffic Management Mi"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-22381 Aggie 2.6.1 has a Host Header injection vulnerability in the forgot password functionality allowing an attacker to reset a user's password"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-9063 An authentication bypass security issue exists within FactoryTalk View Machine Edition Web Browser ActiveX control. Exploitation of this vulnerability allows unauthori"
X Link @CVEnew 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-62360 WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users.Prior to 3.5.1 a SQL Injection vulnerability was identified in the /ht"
X Link @CVEnew 2025-10-13T21:35Z 55.7K followers, XXX engagements
"CVE-2025-9066 A security issue was discovered within FactoryTalk ViewPoint allowing unauthenticated attackers to achieve XXE. Certain SOAP requests can be abused to perform XXE re"
X Link @CVEnew 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-11644 A weakness has been identified in Tomofun Furbo XXX and Furbo Mini. Affected by this issue is some unknown functionality of the component UART Interface. Executing ma"
X Link @CVEnew 2025-10-12T20:32Z 55.7K followers, XXX engagements
"CVE-2025-58728 Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-62172 Home Assistant is open source home automation software that puts local control and privacy first. In versions 2025.1.0 through 2025.10.1 the energy dashboard is vuln"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-10660 The WP Dashboard Chat plugin for WordPress is vulnerable to SQL Injection via the id parameter in all versions up to and including 1.0.3 due to insufficient escap"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-60000 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-11716 Links in a sandboxed iframe could open an external app on Android without the required "allow-" permission. This vulnerability affects Firefox XXX and Thunderbird"
X Link @CVEnew 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-59254 Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-34515 IleviaEVE X1 Server firmware versions 4.7.18.0.eden contain an execution with unnecessary privileges vulnerability in sync_project.shthat allows an attacker to es"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-59221 Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-55081 In Eclipse Foundation NextX Duo before 6.4.4 a module of ThreadX the _nx_secure_tls_process_clienthello() function was missing length verification of certain SSL/T"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-58324 An improper neutralization of input during web page generation vulnerability CWE-79 in FortiSIEM 7.2.0 through 7.2.2 XXX all versions XXX all versions XXX all ve"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-31702 A vulnerability exists in certain Dahua embedded products. Third-party malicious attacker with obtained normal user credentials could exploit the vulnerability to acc"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-61800 Dimension versions 4.1.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of t"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-61543 A Host Header Injection vulnerability exists in the password reset functionality of CraftMyCMS 4.0.2.2. The system uses $_SERVER'HTTP_HOST' directly to construct"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-62580 ASDA-Soft Stack-based Buffer Overflow Vulnerability"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-39968 In the Linux kernel the following vulnerability has been resolved: i40e: add max boundary check for VF filters There is no check for max filters that VF can reques"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-10648 The YourMembership Single Sign On YM SSO Login plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'moym_disp"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-11710 A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process. Thi"
X Link @CVEnew 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-62420 DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13 a JDBC driver bypass vulnerability exists in the H2 database connection"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2024-48891 An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability CWE-78 in FortiSOAR 7.6.0 through 7.6.1 7.5.0 through 7"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-62391 SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database"
X Link @CVEnew 2025-10-13T21:35Z 55.7K followers, XXX engagements
"CVE-2025-61909 Icinga X is an open source monitoring system. From 2.10.0 to before 2.15.1 2.14.7 and 2.13.13 the safe-reload script (also used during systemctl reload icinga2) an"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-56316 A SQL injection vulnerability in the content_title parameter of the /cms/content/list endpoint in MCMS 5.5.0 allows remote attackers to execute arbitrary SQL queries"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-59297 Delta Electronics DIAScreenlacks proper validation of the user-supplied file. If a user opens a malicious file an attacker can leverage this vulnerability to execut"
X Link @CVEnew 2025-10-03T03:20Z 55.7K followers, XXX engagements
"CVE-2025-62425 MAS (Matrix Authentication Service) is a user management and authentication service for Matrix homeservers written and maintained by Element. A logic flaw in matrix-"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-37149 A potential out-of-bound reads vulnerability in HPE ProLiant RL300 Gen11 Server's UEFI firmware"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-37136 Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-10300 The TopBar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.0.0. This is due to missing or incorrect nonce val"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-10754 The DocoDoco Store Locator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the zip upload functionality in all ver"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-62359 WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.0 a Reflected Cross-Site Scripting (XSS) vulnerability w"
X Link @CVEnew 2025-10-13T21:35Z 55.7K followers, XXX engagements
"CVE-2025-41703 An unauthenticated remote attacker can cause a Denial of Service by turning off the output of the UPS via Modbus command"
X Link @CVEnew 2025-10-14T08:45Z 55.7K followers, XXX engagements
"CVE-2025-57164 Flowise through v3.0.4 is vulnerable to remote code execution via unsanitized evaluation of user input in the "Supabase RPC Filter" field"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-10742 The Truelysell Core plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to and including 1.8.6. This is due to the plugin providing"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-26861 RemoteCall Remote Support Program (for Operator) versions prior to 5.3.0 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-9640 A flaw was found in Samba in the vfs_streams_xattr module where uninitialized heap memory could be written into alternate data streams. This allows an authenticated u"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-58903 An Unchecked Return Value vulnerability CWE-252 in Fortinet FortiOS version 7.6.0 through 7.6.3 and before 7.4.8 API allows an authenticated user to cause a Null P"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2023-46718 A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.12 and 6.4.6 through 6.4.15 and 6.2.9 thro"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-59294 Exposure of sensitive information to an unauthorized actor in Windows Taskbar Live allows an unauthorized attacker to disclose information with a physical attack"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-55240 Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-25252 An Insufficient Session Expiration vulnerability CWE-613 in FortiOS SSL VPN 7.6.0 through 7.6.2 7.4.0 through 7.4.6 7.2.0 through 7.2.10 7.0.0 through 7.0.16 6"
X Link @CVEnew 2025-10-14T15:40Z 55.7K followers, XXX engagements
"CVE-2025-58115 ChatLuck contains a cross-site scripting vulnerability in Guest User Sign-up. If exploited an arbitrary script may be executed on the web browser of the user who is"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-11910 A security vulnerability has been detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. This affects the function Query of the file /MemoryState.doAction=Q"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-10545 Mattermost versions 10.5.x = 10.5.10 10.11.x = 10.11.2 fail to properly validate guest user permissions when adding channel members which allows guest users to add"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-61799 Dimension versions 4.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file which could result in a read past the end of an"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-62413 MQTTX is an MQTT XXX desktop client and MQTT testing tool. A Cross-Site Scripting (XSS) vulnerability was introduced in MQTTX v1.12.0 due to improper handling of MQTT"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-61734 Files or Directories Accessible to External Parties vulnerability in Apache Kylin. You are fine as long as the Kylin's system and project admin access is well protec"
X Link @CVEnew 2025-10-02T10:15Z 55.7K followers, XXX engagements
"CVE-2025-20717 In wlan AP driver there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has"
X Link @CVEnew 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-62365 LibreNMS is an open-source PHP/MySQL/SNMP-based network monitoring system. Prior to 25.7.0 there is a reflected-XSS in report_this function in librenms/includes/"
X Link @CVEnew 2025-10-13T21:50Z 55.7K followers, XXX engagements
"CVE-2025-59225 Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-54279 Animate versions 23.0.13 24.0.10 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the curre"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-59957 An Origin Validation Error vulnerability in an insufficient protected file of Juniper Networks Junos OS onEX4600 Series and QFX5000 Series allows an unauthenticated"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-58325 An Incorrect Provision of Specified Functionality vulnerability CWE-684 in FortiOS 7.6.0 7.4.0 through 7.4.5 7.2.5 through 7.2.10 7.0.0 through 7.0.15 XXX all v"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-55100 In USBX before 6.4.3 the USB support module for Eclipse Foundation ThreadX there was a potential out of bound read issue in _ux_host_class_audio10_sam_parse_func()"
X Link @CVEnew 2025-10-17T05:55Z 55.7K followers, XXX engagements
"CVE-2025-47856 Two improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities CWE-78 in Fortinet FortiVoice version 7.2.0 7.0.0 th"
X Link @CVEnew 2025-10-14T14:16Z 55.7K followers, XXX engagements
"CVE-2025-62665 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - Skin:BlueSky allows Stor"
X Link @CVEnew 2025-10-18T04:36Z 55.7K followers, XXX engagements
"CVE-2025-37148 A vulnerability in the parsing of ethernet frames in AOS-8 Instant and AOS XX could allow an unauthenticated remote attacker to conduct a denial of service attack. Su"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-53150 Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-49655 Deserialization of untrusted data can occur in versions of the Keras framework running versions 3.11.0 up to but not including 3.11.3 enabling a maliciously uploaded"
X Link @CVEnew 2025-10-17T15:33Z 55.7K followers, XXX engagements
"CVE-2025-59187 Improper input validation in Windows Kernel allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-59268 On the BIG-IP system undisclosed endpoints that contain static non-sensitive information are accessible to an unauthenticated remote attacker through the Configurati"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-58084 Mattermost Desktop App versions = 5.13.0 fail to validate URLs external to the configured Mattermost servers allowing an attacker on a server the user has configure"
X Link @CVEnew 2025-10-13T20:17Z 55.7K followers, XXX engagements
"CVE-2025-59999 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-60358 radare2 v.5.9.8 and before contains a memory leak in the function _load_relocations"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-59197 Insertion of sensitive information into log file in Windows ETL Channel allows an authorized attacker to disclose information locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-34281 ThingsBoard versions 4.2.1 contain a stored cross-site scripting (XSS) vulnerability in the dashboard's Image Upload Gallery feature. An attacker can upload an SVG"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-58734 Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-56746 Creativeitem Academy LMS up to and including XXXX does not regenerate session IDs upon successful authentication enabling session fixation attacks where attackers ca"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2024-31573 XMLUnit for Java before 2.10.0 in the default configuration might allow code execution via an untrusted stylesheet (used for an XSLT transformation) because XSLT e"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-10581 A potential DLL hijacking vulnerability was discovered in the Lenovo PC Manager during an internal security assessment that could allow a local authenticated user to"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-61935 When a BIG IP Advanced WAF or ASM security policy is configured on a virtual server undisclosed requests can cause the bd process to terminate.Note: Software versi"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-9067 A security issue exists within the x86 Microsoft Installer File (MSI) installed with FTLinx. Authenticated attackers with valid Windows user credentials can initiate a"
X Link @CVEnew 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-58719 Use after free in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-49708 Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges over a network"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-31366 An Improper Neutralization of Input During Web Page Generation vulnerability CWE-79 in FortiOS 7.6.0 through 7.6.3 7.4.0 through 7.4.7 XXX all versions XXX all v"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-62409 Envoy is a cloud-native open source edge and service proxy. Prior to 1.36.1 1.35.5 1.34.9 and 1.33.10 large requests and responses can potentially trigger TCP co"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-11548 A remote unauthenticated privilege escalation in ibi WebFOCUS allows an attacker to gain administrative access to the application which may lead to unauthenticated R"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-41718 A cleartext transmission of sensitive information vulnerability in the affected products allows an unauthorized remote attacker to gain login credentials and access t"
X Link @CVEnew 2025-10-14T08:45Z 55.7K followers, XXX engagements
"CVE-2025-55085 In NextX Duo before 6.4.4 in the HTTP client module the network support code for Eclipse Foundation ThreadX the parsing of HTTP header fields was missing bounds ve"
X Link @CVEnew 2025-10-17T15:16Z 55.7K followers, XXX engagements
"CVE-2025-39981 In the Linux kernel the following vulnerability has been resolved: Bluetooth: MGMT: Fix possible UAFs This attemps to fix possible UAFs caused by struct mgmt_pendi"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-62376 DOJO is an education platform for learning cybersecurity. In versions up to and including commit 781d91157cfc234a434d0bab45cbcf97894c642e the /workspace"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-39986 In the Linux kernel the following vulnerability has been resolved: can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow Sending an PF_PACKET allows"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-47979 Insertion of sensitive information into log file in Windows Failover Cluster allows an authorized attacker to disclose information locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-10194 The Shortcode Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions up to and including 1.1.9"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-61974 When a client SSL profile is configured on a virtual server undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-62508 Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Citizen from 3.3.0 to 3.9.0 are vulnerable to stored cross-site scripting in the st"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-40755 A vulnerability has been identified in SINEC NMS (All versions V4.0 SP1). Affected applications are vulnerable to SQL injection through getTotalAndFilterCounts endp"
X Link @CVEnew 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-60639 Hardcoded credentials in gsigel14 ATLAS-EPIC commit f29312c (2025-05-26)"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-55325 Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-62375 go-witness and witness are Go modules for generating attestations. In go-witness versions 0.8.6 and earlier and witness versions 0.9.2 and earlier the AWS attestor im"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-59213 Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an unauthorized attacker to elevate pri"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-11568 A data corruption vulnerability has been identified in the luksmeta utility when used with the LUKS1 disk encryption format. An attacker with the necessary permission"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-11896 In Xpdf XXXX (and earlier) a PDF object loop in a CMap via the "UseCMap" entry leads to infinite recursion and a stack overflow"
X Link @CVEnew 2025-10-16T22:40Z 55.7K followers, XXX engagements
"CVE-2025-61804 Animate versions 23.0.13 24.0.10 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-62647 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 provides the functionality of returning a JWT that can be used to call an API to retur"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-11622 Insecure deserialization in Ivanti Endpoint Manager allows a local authenticated attacker to escalate their privileges"
X Link @CVEnew 2025-10-13T21:27Z 55.7K followers, XXX engagements
"CVE-2025-59494 Improper access control in Azure Monitor Agent allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-11501 The Dynamically Display Posts plugin for WordPress is vulnerable to SQL Injection via the 'tax_query' parameter in all versions up to and including XXX due to insuf"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-54268 Bridge versions 14.1.8 15.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-11365 The WP Google Map Plugin plugin for WordPress is vulnerable to blind SQL Injection via the 'id' parameter of the 'google_map' shortcode in all versions up to and inc"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-55335 Use after free in Windows NTFS allows an unauthorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-0274 HCL BigFix Modern Client Management (MCM) XXX and earlier is affected by improper access control. Unauthorized users can access a small subset of endpoint actions pot"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-61960 When a per-request policy is configured on a BIG-IP APM portal access virtual server undisclosed traffic can cause the Traffic Management Microkernel (TMM) to termin"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-59281 Improper link resolution before file access ('link following') in XBox Gaming Services allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-58737 Use after free in Windows Remote Desktop allows an unauthorized attacker to execute code locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-54658 An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability CWE-22 in Fortinet FortiDLP Agent's Outlookproxy plugin for MacOS 11"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-39988 In the Linux kernel the following vulnerability has been resolved: can: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow Sending an PF_PACKET allow"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-55084 In NetX Duo version before 6.4.4 the component of Eclipse Foundation ThreadX there was an incorrect bound check in_nx_secure_tls_proc_clienthello_supported_versions"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-26859 RemoteView PC Application Console versions prior to 6.0.2 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder wit"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-59208 Out-of-bounds read in Windows MapUrlToZone allows an unauthorized attacker to disclose information over a network"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-11196 The External Login plugin for WordPress is vulnerable to sensitive information exposure in all versions up to and including 1.11.2 due to the 'exlog_test_connection"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-60015 An out-of-bounds write vulnerability exists in F5OS-A and F5OS-C that could lead to memory corruption. Note: Software versions which have reached End of Technic"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-8459 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Monitoring recurrent downtime sc"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XX engagements
"CVE-2025-58051 Nextcloud Tables allows you to create your own tables with individual columns. Prior 0.7.6 0.8.8 and 0.9.5 when importing a table a user was able to specify files"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-11160 The WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom JS module in all versions up to and including 8.6.1. This"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-39994 In the Linux kernel the following vulnerability has been resolved: media: tuner: xc5000: Fix use-after-free in xc5000_release The original code uses cancel_delayed"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-58731 Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-54893 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Hosts templates configuration"
X Link @CVEnew 2025-10-14T15:40Z 55.7K followers, XXX engagements
"CVE-2025-62583 Whale Browser before 4.33.325.17 allows an attacker to escape the iframe sandbox in a dual-tab environment"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-56748 Creativeitem Academy LMS up to and including XXXX uses predictable password reset tokens based on Base64 encoded templates without rate limiting allowing brute force"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-54760 Stored cross-site scripting (XSS) vulnerability in desknet's NEO V9.0R2.0 and earlier allow execution of arbitrary JavaScript in a users web browser"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-20710 In wlan AP driver there is a possible out of bounds write due to an integer overflow. This could lead to remote (proximal/adjacent) escalation of privilege with no a"
X Link @CVEnew 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-61581 ** UNSUPPORTED WHEN ASSIGNED ** Inefficient Regular Expression Complexity vulnerability in Apache Traffic Control. This issue affects Apache Traffic Control: all ver"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-59996 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-55330 Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-20329 A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software could allow an authenticated remote attacker to"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-60641 The file mexcel.php in the Vfront 0.99.52 codebase contains a vulnerable call to unserialize(base64_decode($_POST'mexcel')) where $_POST'mexcel' is user-controll"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-11634 A security flaw has been discovered in Tomofun Furbo XXX and Furbo Mini. This affects an unknown part of the component UART Interface. The manipulation results in inf"
X Link @CVEnew 2025-10-12T12:58Z 55.7K followers, XXX engagements
"CVE-2025-62382 Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Prior to 0.16.2 Frigate's export workflow allows an authenticated oper"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-59188 Exposure of sensitive information to an unauthorized actor in Windows Failover Cluster allows an authorized attacker to disclose information locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-55035 Mattermost Desktop App versions =5.13.0 fail to manage modals in the Mattermost Desktop App that stops a user with a server that uses basic authentication from acces"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-61330 A hard-coded weak password vulnerability has been discovered in all Magic-branded devices from Chinese network equipment manufacturer H3C. The vulnerability stems fro"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-39967 In the Linux kernel the following vulnerability has been resolved: fbcon: fix integer overflow in fbcon_do_set_font Fix integer overflow vulnerabilities in fbcon_d"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-8414 Due to improper input validation a buffer overflow vulnerability is present in Zigbee EZSP Host Applications. If the buffer overflows stack corruption is possible"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-6026 An improper certificate validation vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow a user capable of intercepting network traffi"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-61805 Substance3D - Stager versions 3.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file which could result in a read past the"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XX engagements
"CVE-2025-39969 In the Linux kernel the following vulnerability has been resolved: i40e: fix validation of VF state in get resources VF state I40E_VF_STATE_ACTIVE is not the only"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-5946 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Centreon Infra Monitoring (Poller reload setup in the config"
X Link @CVEnew 2025-10-14T14:54Z 55.7K followers, XXX engagements
"CVE-2025-11619 Improper certificate validation when connecting to gateways in Devolutions Server 2025.3.2 and earlier allows attackersin MitM position to intercept traffic"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-60002 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-54539 A Deserialization of Untrusted Data vulnerability exists in the Apache ActiveMQ NMS AMQP Client. This issue affects all versions of Apache ActiveMQ NMS AMQP up to an"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-58319 Delta Electronics CNCSoft-G2lacks proper validation of the user-supplied file. If a user opens a malicious file an attacker can leverage this vulnerability to execu"
X Link @CVEnew 2025-09-24T08:20Z 55.7K followers, XXX engagements
"CVE-2025-11731 A flaw was found in the exsltFuncResultComp() function of libxslt which handles EXSLT func:result elements during stylesheet parsing. Due to improper type handling"
X Link @CVEnew 2025-10-14T06:23Z 55.7K followers, XXX engagements
"CVE-2025-59229 Uncaught exception in Microsoft Office allows an unauthorized attacker to deny service locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-62388 SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database"
X Link @CVEnew 2025-10-13T21:35Z 55.7K followers, XXX engagements
"CVE-2025-55678 Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-25004 Improper access control in Microsoft PowerShell allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-55680 Time-of-check time-of-use (toctou) race condition in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-55676 Generation of error message containing sensitive information in Windows USB Video Driver allows an authorized attacker to disclose information locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-61678 FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX XX and versions prior to 17.0.6 for"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-58736 Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-59210 Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-61789 Icinga DB Web provides a graphical interface for Icinga monitoring. Before 1.1.4 and 1.2.3 an authorized user with access to Icinga DB Web can use a custom variable"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-59226 Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-10577 Potential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver which might allow escalation"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-11711 There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable. This vulnerability affects Firefox XXX Firefox ESR 11"
X Link @CVEnew 2025-10-14T13:09Z 55.7K followers, XXX engagements
"CVE-2025-10186 The WhyDonate FREE Donate button Crowdfunding Fundraising plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on t"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-39980 In the Linux kernel the following vulnerability has been resolved: nexthop: Forbid FDB status change while nexthop is in a group The kernel forbids the creation of"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-20369 In Splunk Enterprise versions below 9.4.4 9.3.6 and 9.2.8 and Splunk Cloud Platform versions below 9.3.2411.108 9.3.2408.118 and 9.2.2406.123 a low privilege use"
X Link @CVEnew 2025-10-01T16:45Z 55.7K followers, XXX engagements
"CVE-2025-62175 Mastodon is a free open-source social network server based on ActivityPub. In versions before 4.4.6 4.3.14 and 4.2.27 disabling or suspending a user account does"
X Link @CVEnew 2025-10-13T21:27Z 55.7K followers, XXX engagements
"CVE-2025-59227 Use after free in Microsoft Office allows an unauthorized attacker to execute code locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-62246 Multiple stored cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.4.0 through 7.4.3.111 and older unsupported versions and Liferay DXP 2023.Q4.0 throug"
X Link @CVEnew 2025-10-13T20:50Z 55.7K followers, XXX engagements
"CVE-2025-0033 Improper access control within AMD SEV-SNP could allow an admin privileged attacker to write to the RMP during SNP initialization potentially resulting in a loss of SE"
X Link @CVEnew 2025-10-14T15:18Z 55.7K followers, XXX engagements
"CVE-2025-48087 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jason C. Memberlite Shortcodes memberlite-shortcodes allows Stor"
X Link @CVEnew 2025-10-17T14:50Z 55.7K followers, XXX engagements
"CVE-2025-55078 In Eclipse ThreadX before version 6.4.3 an attacker can cause a denial of service (crash) by providing a pointer to a reserved or unmapped memory region. Vulnerable"
X Link @CVEnew 2025-10-14T07:43Z 55.7K followers, XXX engagements
"CVE-2025-11899 Agentflow developed by Flowring has an Use of Hard-coded Cryptographic Key vulnerability allowing unauthenticated remote attackers to exploit the fixed key to genera"
X Link @CVEnew 2025-10-17T04:43Z 55.7K followers, XXX engagements
"CVE-2025-59191 Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-55679 Improper input validation in Windows Kernel allows an unauthorized attacker to disclose information locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-62379 Reflex is a library to build full-stack web apps in pure Python. In versions 0.5.4 through 0.8.14 the /auth-codespace endpoint automatically assigns the redirect_to"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-11908 A security flaw has been discovered in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. The affected element is the function uploadFile of the file /FileDir.doAct"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-54284 Illustrator versions XXXX 28.7.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XX engagements
"CVE-2025-55698 Null pointer dereference in Windows DirectX allows an authorized attacker to deny service over a network"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-61797 Adobe Experience Manager versions XXXX and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-59194 Use of uninitialized resource in Windows Kernel allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-58726 Improper access control in Windows SMB Server allows an authorized attacker to elevate privileges over a network"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-33044 APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Restriction of Operations within the Bounds of a Memory Buffer by local means. Success"
X Link @CVEnew 2025-10-14T14:38Z 55.7K followers, XXX engagements
"CVE-2025-62417 Bagisto is an open source laravel eCommerce platform. When product data that begins with a spreadsheet formula character (for example = + - or @) is accepted and l"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-9152 An improper privilege management vulnerability exists in WSO2 API Manager due to missing authentication and authorization checks in the keymanager-operations Dynamic Cl"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-39997 In the Linux kernel the following vulnerability has been resolved: ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free The previous commit 0718a78f6a9f"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-39982 In the Linux kernel the following vulnerability has been resolved: Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync This fixes the following UFA in hci_ac"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-60374 Stored Cross-Site Scripting (XSS) in Perfex CRM chatbot before 3.3.1 allows attackers to inject arbitrary HTML/JavaScript. The payload is executed in the browsers of"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-11746 The XStore theme for WordPress is vulnerable to Local File Inclusion in all versions up to and including 9.5.4 via theet_ajax_required_plugins_popup() function. Thi"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-58714 Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-58073 Mattermost versions 10.11.x = 10.11.1 10.10.x = 10.10.2 10.5.x = 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-40812 A vulnerability has been identified in Solid Edge SE2024 (All versions V224.0 Update 14) Solid Edge SE2025 (All versions V225.0 Update 6). The affected applicati"
X Link @CVEnew 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-40772 A vulnerability has been identified in SiPass integrated (All versions V3.0). Affected server applications are vulnerable to stored Cross-Site Scripting (XSS) allo"
X Link @CVEnew 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-59483 A validation vulnerability exists in an undisclosed URL in the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-61554 A divide-by-zero in VirtIO network device emulation in BitVisor from commit 108df6 (2020-05-20) to commit 480907 (2025-07-06) allows local attackers to cause a denial"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-62643 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 transmits passwords of user accounts in cleartext e-mail messages"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-59502 Uncontrolled resource consumption in Windows Remote Procedure Call allows an unauthorized attacker to deny service over a network"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-55090 In NetX Duo before 6.4.4 the networking support module for Eclipse Foundation ThreadX there was a potential out of bound read issue in _nx_ipv4_packet_receive() fun"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-62494 A type confusion vulnerability exists in the handling of the string addition (+) operation within the QuickJS engine. * The code first checks if the left-hand ope"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-59981 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Spaceallows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-55039 This issue affects Apache Spark versions before 3.4.43.5.2 and 4.0.0. Apache Spark versions before 4.0.0 3.5.2 and 3.4.4 use an insecure default network encryp"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-59419 Netty is an asynchronous event-driven network application framework. In versions prior to and the SMTP codec in Netty contains an SMTP com"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-59259 Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-11198 A Missing Authentication for Critical Function vulnerability in Juniper Networks Security Director Policy Enforcer allows an unauthenticated network-based attacker t"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-62586 OPEXUS FOIAXpress allows a remote unauthenticated attacker to reset the administrator password. Fixed in FOIAXpress version 11.13.2.0"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-11902 A vulnerability was detected in yanyutao0402 ChanCMS up to 3.3.2. Affected by this vulnerability is the function findField of the file /cms/article/findField. Perform"
X Link @CVEnew 2025-10-17T14:50Z 55.7K followers, XXX engagements
"CVE-2025-59202 Use after free in Windows Remote Desktop Services allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-3930 Strapi uses JSON Web Tokens (JWT) for authentication. After logout or account deactivation the JWT is not invalidated which allows an attacker who has stolen or inter"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-55689 Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-54282 Adobe Framemaker versions 2020.9 2022.7 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the c"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-53950 An Exposure of Private Personal Information ('Privacy Violation') vulnerability CWE-359 in Fortinet FortiDLP Agent's Outlookproxy plugin for MacOS and Windows 11.5"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-59964 A Use of Uninitialized Resource vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX4700devices allows an unauthenticated network"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-56699 SQL injection vulnerability in the cmd component of Base Digitale Group spa product Centrax Open PSIM version XXX allows an unauthenticated user to execute arbitrary"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-54277 Adobe Commerce versions 2.4.9-alpha2 2.4.8-p2 2.4.7-p7 2.4.6-p12 2.4.5-p14 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. An att"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-62496 A vulnerability exists in the QuickJS engine's BigInt string parsing logic (js_bigint_from_string) when attempting to create a BigInt from a string with an excessivel"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-55670 On BIG-IP Next CNF BIG-IP Next SPK and BIG-IP Next for Kubernetes systems repeated undisclosed API calls can cause the Traffic Management Microkernel (TMM) to term"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-54280 Substance3D - Viewer versions 0.25.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-10242 OS command injection in the admin panel of Ivanti EPMM before version 12.6.0.2 12.5.0.4 and 12.4.0.4 allows a remote authenticated attacker with admin privileges to"
X Link @CVEnew 2025-10-14T14:54Z 55.7K followers, XXX engagements
"CVE-2025-31365 An Improper Control of Generation of Code ('Code Injection') vulnerability CWE-94 in FortiClientMac 7.4.0 through 7.4.3 7.2.1 through 7.2.8 may allow an unauthenti"
X Link @CVEnew 2025-10-14T15:40Z 55.7K followers, XXX engagements
"CVE-2025-59994 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-53951 An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability CWE-22 in Fortinet FortiDLP Agent's Outlookproxy plugin for Windows"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-59255 Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-62157 Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Argo Workflows versions prior to 3.6.12 and versions"
X Link @CVEnew 2025-10-14T15:18Z 55.7K followers, XXX engagements
"CVE-2025-59207 Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-58317 Delta Electronics CNCSoft-G2lacks proper validation of the user-supplied file. If a user opens a malicious file an attacker can leverage this vulnerability to execu"
X Link @CVEnew 2025-09-24T08:20Z 55.7K followers, XXX engagements
"CVE-2025-30247 An OS command injection vulnerability in user interface in Western Digital My Cloud firmware prior to 5.31.108 on NAS platforms allows remote attackers to execute arb"
X Link @CVEnew 2025-09-29T21:28Z 55.7K followers, XXX engagements
"CVE-2025-34282 ThingsBoard versions 4.2.1 contain a server-side request forgery (SSRF) vulnerability in the dashboard's Image Upload Gallery feature. An attacker can upload a mali"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-54859 Stored cross-site scripting (XSS) vulnerability in desknet's NEO V9.0R2.0 and earlier allow execution of arbitrary JavaScript in a users web browser"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-54278 Bridge versions 14.1.8 15.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure. An attacker could leverage t"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-39991 In the Linux kernel the following vulnerability has been resolved: wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load() If ab-fw.m3_data points to data the"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-61553 An out-of-bounds write in VirtIO network device emulation in BitVisor from commit 108df6 (2020-05-20) to commit 480907 (2025-07-06) allows local attackers to cause a"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-59285 Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XX engagements
"CVE-2025-62370 Alloy Core libraries at the root of the Rust Ethereum ecosystem. Prior to 0.8.26 and 1.4.1 an uncaught panic triggered by malformed input to alloy_dyn_abi::TypedData"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-59478 When a BIG-IP AFM denial-of-service (DoS) protection profile is configured on a virtual server undisclosed requests can cause the Traffic Management Microkernel (TMM"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-58071 When IPsec is configured on the BIG-IP system undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.Note: Software versions which hav"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-11903 A flaw has been found in yanyutao0402 ChanCMS up to 3.3.2. Affected by this issue is the function update of the file /cms/article/update. Executing manipulation of th"
X Link @CVEnew 2025-10-17T14:50Z 55.7K followers, XXX engagements
"CVE-2025-11692 The Zip Attachments plugin for WordPress is vulnerable to unauthorized loss of data due to a missing authorization and capability checks on the download.php file in a"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-37139 A vulnerability in an AOS firmware binary allows an authenticated malicious actor to permanently delete necessary boot information. Successful exploitation may render"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-55699 Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-39993 In the Linux kernel the following vulnerability has been resolved: media: rc: fix races with imon_disconnect() Syzbot reports a KASAN issue as below: BUG: KASAN: u"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-34514 Ilevia EVE X1 Server firmware versions 4.7.18.0.eden contain authenticated OS command injection vulnerabilities in multiple web-accessible PHP scripts that call exe"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-55096 In USBX before 6.4.3 the USB support module for Eclipse Foundation ThreadX there was a potential out of bound read issue in _ux_host_class_hid_report_descriptor_get"
X Link @CVEnew 2025-10-17T05:55Z 55.7K followers, XXX engagements
"CVE-2025-55688 Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-58132 Command injection in some Zoom Clients for Windows may allow an authenticated user to conduct a disclosure of information via network access"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-59984 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Spaceallows an attacker to inject scr"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-59184 Exposure of sensitive information to an unauthorized actor in Windows High Availability Services allows an authorized attacker to disclose information locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-59781 When DNS cache is configured on a BIG-IP or BIG-IP Next CNF virtual server undisclosed DNS queries can cause an increase in memory resource utilization. Note: Soft"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-54271 Creative Cloud Desktop versions 6.7.0.278 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to arbitrary f"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XX engagements
"CVE-2025-11852 A vulnerability was found in Apeman ID71 218.53.203.117. The impacted element is an unknown function of the file /onvif/device_service of the component ONVIF Service"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XX engagements
"CVE-2025-62386 SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database"
X Link @CVEnew 2025-10-13T21:35Z 55.7K followers, XXX engagements
"CVE-2025-55696 Time-of-check time-of-use (toctou) race condition in NtQueryInformation Token function (ntifs.h) allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T18:49Z 55.7K followers, XXX engagements
"CVE-2025-61801 Dimension versions 4.1.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-59975 An Uncontrolled Resource Consumption vulnerability in the HTTP daemon (httpd) of Juniper Networks Junos Space allows an unauthenticated network-based attacker floodin"
X Link @CVEnew 2025-10-09T16:48Z 55.7K followers, XXX engagements
"CVE-2025-61541 Webmin XXXXX is vulnerable to a Host Header Injection in the password reset functionality (forgot_send.cgi). The reset link sent to users is constructed using the HTT"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-20723 In gnss driver there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has al"
X Link @CVEnew 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-59429 FreePBX is an open source GUI for managing Asterisk. In versions prior to 16.0.68.39 for FreePBX XX and versions prior to 17.0.18.38 for FreePBX XX a reflected cross"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-41019 SQL injection in Sergestec's SISTICK v7.2. This vulnerability allows an attacker to retrieve create update and delete databases through the 'id' parameter in '/ind"
X Link @CVEnew 2025-10-16T20:50Z 55.7K followers, XXX engagements
"CVE-2025-59497 Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Linux allows an authorized attacker to deny service locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XX engagements
"CVE-2025-10038 The Binary MLM Plan plugin for WordPress is vulnerable to limited Privilege Escalation in all versions up to and including XXX. This is due to bmp_user role grantin"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-20719 In wlan AP driver there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege wit"
X Link @CVEnew 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-40811 A vulnerability has been identified in Solid Edge SE2024 (All versions V224.0 Update 14) Solid Edge SE2025 (All versions V225.0 Update 6). The affected applicati"
X Link @CVEnew 2025-10-14T09:36Z 55.7K followers, XXX engagements
"CVE-2025-24052 Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-47989 Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-62649 The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for submission of equipment orders"
X Link @CVEnew 2025-10-17T20:50Z 55.7K followers, XXX engagements
"CVE-2025-54273 Substance3D - Viewer versions 0.25.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of"
X Link @CVEnew 2025-10-14T20:36Z 55.7K followers, XXX engagements
"CVE-2025-59223 Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements
"CVE-2025-59241 Improper link resolution before file access ('link following') in Windows Health and Optimized Experiences Service allows an authorized attacker to elevate privileges"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XX engagements
"CVE-2025-10310 The Rich Snippet Site Report plugin for WordPress is vulnerable to SQL Injection via the 'last' parameter in all versions up to and including 2.0.0105 due to insuf"
X Link @CVEnew 2025-10-15T20:42Z 55.7K followers, XXX engagements
"CVE-2025-11683 YAML::Syck versions before XXXX for Perl has missing null-terminators which causes out-of-bounds read and potential information disclosure Missing null terminators i"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-41704 An unauthanticated remote attacker can perform a DoS of the Modbus service by sending a specific function and sub-function code without affecting the core functionali"
X Link @CVEnew 2025-10-14T08:45Z 55.7K followers, XXX engagements
"CVE-2025-37134 An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mobility Conductor operating system. Successful exploitation could al"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-10869 Stored Cross-site Scripting (XSS) in Oct8ne Chatbot v2.3. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting a mali"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-57780 A vulnerability exists in F5OS-A and F5OS-C system that may allow an authenticated attacker with local access to escalate their privileges. A successful exploit may"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-53868 When running in Appliance mode a highly privileged authenticated attacker with access to SCP and SFTP may be able to bypass Appliance mode restrictions using undiscl"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-55082 In NetX Duo version before 6.4.4 the component of Eclipse Foundation ThreadX there was a potential out of bound read in _nx_secure_tls_process_clienthello() because"
X Link @CVEnew 2025-10-15T19:34Z 55.7K followers, XXX engagements
"CVE-2025-56700 Boolean SQL injection vulnerability in the web app of Base Digitale Group spa product Centrax Open PSIM version XXX allows a low level priviliged user that has access"
X Link @CVEnew 2025-10-16T21:14Z 55.7K followers, XXX engagements
"CVE-2025-59209 Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally"
X Link @CVEnew 2025-10-14T18:48Z 55.7K followers, XXX engagements