Latest CVE Feed
-
5.5
MEDIUMCVE-2025-8884
Authorization Bypass Through User-Controlled Key vulnerability in VHS Electronic Software Ltd. Co. ACE Center allows Privilege Abuse, Exploitation of Trusted Identifiers.This issue affects ACE Center: from 3.10.100.1768 before 3.10.161.2255.... Read more
Affected Products :- Published: Oct. 20, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-54957
An issue was discovered in Dolby UDC 4.5 through 4.13. A crash of the DD+ decoder process can occur when a malformed DD+ bitstream is processed. When Evolution data is processed by evo_priv.c from the DD+ bitstream, the decoder writes that data into a buf... Read more
Affected Products :- Published: Oct. 20, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Memory Corruption
-
6.9
MEDIUMCVE-2025-62702
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - PageTriage Extension allows Stored XSS.This issue affects Mediawiki - PageTriage Extension: from master befor... Read more
Affected Products :- Published: Oct. 21, 2025
- Modified: Oct. 21, 2025
-
5.0
MEDIUMCVE-2025-62763
Zimbra Collaboration (ZCS) before 10.1.12 allows SSRF because of the configuration of the chat proxy.... Read more
Affected Products : collaboration- Published: Oct. 21, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Server-Side Request Forgery
-
7.2
HIGHCVE-2025-60500
QDocs Smart School Management System 7.1 allows authenticated users with roles such as "accountant" or "admin" to bypass file type restrictions in the media upload feature by abusing the alternate YouTube URL option. This logic flaw permits uploading of a... Read more
Affected Products :- Published: Oct. 21, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Misconfiguration