Latest CVE Feed
-
6.9
MEDIUMCVE-2025-62695
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - WikiLambda Extension allows Stored XSS.This issue affects Mediawiki - WikiLambda Extension: master.... Read more
Affected Products :- Published: Oct. 21, 2025
- Modified: Oct. 21, 2025
-
9.3
CRITICALCVE-2025-41028
A SQL Injection vulnerability has been found in Epsilon RH by Grupo Castilla. This vulnerability allows an attacker to retrieve, create, update and delete database via sending a POST request using the parameter ‘sEstadoUsr’ in ‘/epsilonnetws/WSAvisos.asmx... Read more
Affected Products :- Published: Oct. 20, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Injection
-
2.9
LOWCVE-2025-57837
Tileservice module is affected by information leak vulnerability, successful exploitation of this vulnerability may affect service confidentiality.... Read more
Affected Products :- Published: Oct. 20, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Information Disclosure
-
1.8
LOWCVE-2025-11624
Potential stack buffer overwrite on the SFTP server side when receiving a malicious packet that has a handle size larger than the system handle or file descriptor size, but smaller than max handle size allowed.... Read more
Affected Products : wolfssh- Published: Oct. 21, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2025-54957
An issue was discovered in Dolby UDC 4.5 through 4.13. A crash of the DD+ decoder process can occur when a malformed DD+ bitstream is processed. When Evolution data is processed by evo_priv.c from the DD+ bitstream, the decoder writes that data into a buf... Read more
Affected Products :- Published: Oct. 20, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Memory Corruption