Latest CVE Feed
-
7.2
HIGHCVE-2025-64523
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Versions prior to 2.45.1 have an Insecure Direct Object Reference (IDOR) vulnerability in the FileBrowser ap... Read more
Affected Products : filebrowser- Published: Nov. 12, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Authorization
-
6.6
MEDIUMCVE-2025-30662
Symlink following in the installer for the Zoom Workplace VDI Plugin macOS Universal installer before version 6.3.14, 6.4.14, and 6.5.10 in their respective tracks may allow an authenticated user to conduct a disclosure of information via network access.... Read more
- Published: Nov. 13, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Information Disclosure
-
8.5
HIGHCVE-2025-13131
A vulnerability was found in Sonarr 4.0.15.2940. The impacted element is an unknown function of the file C:\ProgramData\Sonarr\bin\Sonarr.Console.exe of the component Service. Performing manipulation results in incorrect default permissions. The attack is... Read more
Affected Products :- Published: Nov. 13, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2025-13114
A vulnerability was identified in macrozheng mall-swarm up to 1.0.3. This affects the function updateAttr of the file /cart/update/attr. Such manipulation leads to improper authorization. The attack may be performed from remote. The exploit is publicly av... Read more
Affected Products :- Published: Nov. 13, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Authorization
-
8.7
HIGHCVE-2025-13161
IQ-Support developed by IQ Service International has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.... Read more
Affected Products :- Published: Nov. 14, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Path Traversal
-
4.3
MEDIUMCVE-2025-64379
Missing Authorization vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster for WooCommerce: from n/a through <= 7.4.0.... Read more
Affected Products : booster_for_woocommerce- Published: Nov. 13, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Authorization
-
6.1
MEDIUMCVE-2025-59480
Mattermost Mobile Apps versions <=2.32.0 fail to verify that SSO redirect tokens originate from the trusted server, which allows a malicious Mattermost instance or on-path attacker to obtain user session credentials via crafted token-in-URL responses... Read more
Affected Products : mattermost_server- Published: Nov. 13, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Authentication
-
5.3
MEDIUMCVE-2025-64718
js-yaml is a JavaScript YAML parser and dumper. In js-yaml 4.1.0 and below, it's possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (`__proto__`). All users who parse untrusted yaml documents m... Read more
Affected Products : js-yaml- Published: Nov. 13, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Misconfiguration
-
7.0
HIGHCVE-2025-62217
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 +8 more products- Published: Nov. 11, 2025
- Modified: Nov. 14, 2025
-
7.0
HIGHCVE-2025-62218
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privileges locally.... Read more
- Published: Nov. 11, 2025
- Modified: Nov. 14, 2025
-
7.0
HIGHCVE-2025-62219
Double free in Microsoft Wireless Provisioning System allows an authorized attacker to elevate privileges locally.... Read more
- Published: Nov. 11, 2025
- Modified: Nov. 14, 2025
-
8.8
HIGHCVE-2025-62220
Heap-based buffer overflow in Windows Subsystem for Linux GUI allows an unauthorized attacker to execute code over a network.... Read more
- Published: Nov. 11, 2025
- Modified: Nov. 14, 2025
-
8.8
HIGHCVE-2025-62222
Improper neutralization of special elements used in a command ('command injection') in Visual Studio Code CoPilot Chat Extension allows an unauthorized attacker to execute code over a network.... Read more
- Published: Nov. 11, 2025
- Modified: Nov. 14, 2025
-
8.0
HIGHCVE-2025-62452
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 +8 more products- Published: Nov. 11, 2025
- Modified: Nov. 14, 2025
-
5.0
MEDIUMCVE-2025-62453
Improper validation of generative ai output in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a security feature locally.... Read more
Affected Products : visual_studio_code- Published: Nov. 11, 2025
- Modified: Nov. 14, 2025
-
6.5
MEDIUMCVE-2025-43205
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in watchOS 11.4, tvOS 18.4, visionOS 2.4, iOS 18.4 and iPadOS 18.4. An app may be able to bypass ASLR.... Read more
- Published: Nov. 12, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2024-12125
A flaw was found in the 3scale Developer Portal. When creating or updating an account in the Developer Portal UI it is possible to modify fields explicitly configured as read-only or hidden, allowing an attacker to modify restricted information.... Read more
Affected Products :- Published: Nov. 06, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Cross-Site Request Forgery
-
5.3
MEDIUMCVE-2025-10259
Improper Validation of Specified Quantity in Input vulnerability in TCP Communication Function on Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote attacker to disconnect the connection by sending specially crafted TCP packets ... Read more
Affected Products : melsec_iq-fx5u-32mt\/es_firmware melsec_iq-fx5u-32mt\/ds_firmware melsec_iq-fx5u-32mt\/ess_firmware melsec_iq-fx5u-32mt\/dss_firmware melsec_iq-fx5u-32mr\/es_firmware melsec_iq-fx5u-32mr\/ds_firmware melsec_iq-fx5u-64mt\/es_firmware melsec_iq-fx5u-64mt\/ds_firmware melsec_iq-fx5u-64mt\/ess_firmware melsec_iq-fx5u-64mt\/dss_firmware +11 more products- Published: Nov. 06, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Denial of Service
-
9.1
CRITICALCVE-2025-12480
Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete.... Read more
Affected Products : triofox- Actively Exploited
- Published: Nov. 10, 2025
- Modified: Nov. 14, 2025
- Vuln Type: Authorization
-
7.0
HIGHCVE-2025-62215
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2 windows_server_2025 +1 more products- Actively Exploited
- Published: Nov. 11, 2025
- Modified: Nov. 14, 2025