Latest CVE Feed
-
1.8
LOWCVE-2025-11624
Potential stack buffer overwrite on the SFTP server side when receiving a malicious packet that has a handle size larger than the system handle or file descriptor size, but smaller than max handle size allowed.... Read more
Affected Products : wolfssh- Published: Oct. 21, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Memory Corruption
-
6.1
MEDIUMCVE-2025-10612
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in giSoft Information Technologies City Guide allows Reflected XSS.This issue affects City Guide: before 1.4.45.... Read more
Affected Products :- Published: Oct. 21, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Cross-Site Scripting
-
6.3
MEDIUMCVE-2025-11677
Use After Free in WebSocket server implementation in lws_handshake_server in warmcat libwebsockets may allow an attacker, in specific configurations where the user provides a callback function that handles LWS_CALLBACK_HTTP_CONFIRM_UPGRADE, to achieve den... Read more
Affected Products : libwebsockets- Published: Oct. 20, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-62658
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation MediaWiki WatchAnalytics extension allows SQL Injection.This issue affects MediaWiki WatchAnalytics extension: 1.43, 1.44.... Read more
Affected Products :- Published: Oct. 20, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Injection
-
6.8
MEDIUMCVE-2025-60856
Reolink Video Doorbell WiFi DB_566128M5MP_W allows root shell access through an unsecured UART/serial console. An attacker with physical access can connect to the exposed interface and execute arbitrary commands with root privileges. NOTE: this is dispute... Read more
Affected Products :- Published: Oct. 20, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Authentication