CVE-2025-58776 - KV Studio Stack-Based Buffer Overflow Vulnerability
CVE ID : CVE-2025-58776
Published : Oct. 2, 2025, 6:15 a.m. | 3 hours ago
Description : KV Studio versions 12.23 and prior contain a stack-based buffer overflow vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58776
Published : Oct. 2, 2025, 6:15 a.m. | 3 hours ago
Description : KV Studio versions 12.23 and prior contain a stack-based buffer overflow vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58777 - VT Studio Uninitialized Pointer Access and Code Execution
CVE ID : CVE-2025-58777
Published : Oct. 2, 2025, 6:15 a.m. | 3 hours ago
Description : VT Studio versions 8.53 and prior contain an access of uninitialized pointer vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58777
Published : Oct. 2, 2025, 6:15 a.m. | 3 hours ago
Description : VT Studio versions 8.53 and prior contain an access of uninitialized pointer vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61690 - KV STUDIO Buffer Underflow RCE Vulnerability
CVE ID : CVE-2025-61690
Published : Oct. 2, 2025, 6:15 a.m. | 3 hours ago
Description : KV STUDIO versions 12.23 and prior contain a buffer underflow vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61690
Published : Oct. 2, 2025, 6:15 a.m. | 3 hours ago
Description : KV STUDIO versions 12.23 and prior contain a buffer underflow vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61691 - VT STUDIO RCE (Out-of-Bounds Read)
CVE ID : CVE-2025-61691
Published : Oct. 2, 2025, 6:15 a.m. | 3 hours ago
Description : VT STUDIO versions 8.53 and prior contain an out-of-bounds read vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61691
Published : Oct. 2, 2025, 6:15 a.m. | 3 hours ago
Description : VT STUDIO versions 8.53 and prior contain an out-of-bounds read vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61692 - VT STUDIO Use After Free Arbitrary Code Execution Vulnerability
CVE ID : CVE-2025-61692
Published : Oct. 2, 2025, 6:15 a.m. | 3 hours ago
Description : VT STUDIO versions 8.53 and prior contain a use after free vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61692
Published : Oct. 2, 2025, 6:15 a.m. | 3 hours ago
Description : VT STUDIO versions 8.53 and prior contain a use after free vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9587 - CTL Behance Importer Lite <= 1.0 - Unauthenticated SQL Injection
CVE ID : CVE-2025-9587
Published : Oct. 2, 2025, 6:15 a.m. | 3 hours ago
Description : The CTL Behance Importer Lite WordPress plugin through 1.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9587
Published : Oct. 2, 2025, 6:15 a.m. | 3 hours ago
Description : The CTL Behance Importer Lite WordPress plugin through 1.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9697 - Ajax WooSearch <= 1.0.0 - Unauthenticated SQL Injection
CVE ID : CVE-2025-9697
Published : Oct. 2, 2025, 6:15 a.m. | 3 hours ago
Description : The Ajax WooSearch WordPress plugin through 1.0.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9697
Published : Oct. 2, 2025, 6:15 a.m. | 3 hours ago
Description : The Ajax WooSearch WordPress plugin through 1.0.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40646 - Exposure of sensitive information in Viday
CVE ID : CVE-2025-40646
Published : Oct. 2, 2025, 10:15 a.m. | 3 hours, 1 minute ago
Description : Exposure of sensitive information in Viday. This vulnerability could allow an attacker to obtain sensitive information about customers by intercepting HTTP requests and searching for the JWT containing sensitive user information in the JWT payload.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40646
Published : Oct. 2, 2025, 10:15 a.m. | 3 hours, 1 minute ago
Description : Exposure of sensitive information in Viday. This vulnerability could allow an attacker to obtain sensitive information about customers by intercepting HTTP requests and searching for the JWT containing sensitive user information in the JWT payload.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54286 - CSRF Vulnerability When Using Client Certificate Authentication with the LXD-UI
CVE ID : CVE-2025-54286
Published : Oct. 2, 2025, 10:15 a.m. | 3 hours, 1 minute ago
Description : Cross-Site Request Forgery (CSRF) in LXD-UI in Canonical LXD versions >= 5.0 on Linux allows an attacker to create and start container instances without user consent via crafted HTML form submissions exploiting client certificate authentication.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54286
Published : Oct. 2, 2025, 10:15 a.m. | 3 hours, 1 minute ago
Description : Cross-Site Request Forgery (CSRF) in LXD-UI in Canonical LXD versions >= 5.0 on Linux allows an attacker to create and start container instances without user consent via crafted HTML form submissions exploiting client certificate authentication.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54287 - Arbitrary File Read via Template Injection in Snapshot Patterns
CVE ID : CVE-2025-54287
Published : Oct. 2, 2025, 10:15 a.m. | 3 hours, 1 minute ago
Description : Template Injection in instance snapshot creation component in Canonical LXD (>= 4.0) allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54287
Published : Oct. 2, 2025, 10:15 a.m. | 3 hours, 1 minute ago
Description : Template Injection in instance snapshot creation component in Canonical LXD (>= 4.0) allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54288 - Source Container Identification Vulnerability via cmdline Spoofing in devLXD Server
CVE ID : CVE-2025-54288
Published : Oct. 2, 2025, 10:15 a.m. | 3 hours, 1 minute ago
Description : Information Spoofing in devLXD Server in Canonical LXD versions 4.0 and above on Linux container platforms allows attackers with root privileges within any container to impersonate other containers and obtain their metadata, configuration, and device information via spoofed process names in the command line.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54288
Published : Oct. 2, 2025, 10:15 a.m. | 3 hours, 1 minute ago
Description : Information Spoofing in devLXD Server in Canonical LXD versions 4.0 and above on Linux container platforms allows attackers with root privileges within any container to impersonate other containers and obtain their metadata, configuration, and device information via spoofed process names in the command line.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54289 - Privilege Escalation via WebSocket Connection Hijacking in LXD Operations API
CVE ID : CVE-2025-54289
Published : Oct. 2, 2025, 10:15 a.m. | 3 hours, 1 minute ago
Description : Privilege Escalation in operations API in Canonical LXD 6.5 on multiple platforms allows attacker with read permissions to hijack terminal or console sessions and execute arbitrary commands via WebSocket connection hijacking format
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54289
Published : Oct. 2, 2025, 10:15 a.m. | 3 hours, 1 minute ago
Description : Privilege Escalation in operations API in Canonical LXD 6.5 on multiple platforms allows attacker with read permissions to hijack terminal or console sessions and execute arbitrary commands via WebSocket connection hijacking format
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54290 - Project Existence Disclosure via Error Handling in LXD Image Export
CVE ID : CVE-2025-54290
Published : Oct. 2, 2025, 10:15 a.m. | 3 hours, 1 minute ago
Description : Information disclosure in image export API in Canonical LXD before 6.5 and 5.21.4 on Linux allows network attackers to determine project existence without authentication via crafted requests using wildcard fingerprints.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54290
Published : Oct. 2, 2025, 10:15 a.m. | 3 hours, 1 minute ago
Description : Information disclosure in image export API in Canonical LXD before 6.5 and 5.21.4 on Linux allows network attackers to determine project existence without authentication via crafted requests using wildcard fingerprints.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54291 - Project existence disclosure in LXD images API
CVE ID : CVE-2025-54291
Published : Oct. 2, 2025, 10:15 a.m. | 3 hours, 1 minute ago
Description : Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54291
Published : Oct. 2, 2025, 10:15 a.m. | 3 hours, 1 minute ago
Description : Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54292 - Client-Side Path Traversal in LXD-UI
CVE ID : CVE-2025-54292
Published : Oct. 2, 2025, 10:15 a.m. | 3 hours, 1 minute ago
Description : Path traversal in Canonical LXD LXD-UI versions before 6.5 and 5.21.4 on all platforms allows remote authenticated attackers to access or modify unintended resources via crafted resource names embedded in URL paths.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54292
Published : Oct. 2, 2025, 10:15 a.m. | 3 hours, 1 minute ago
Description : Path traversal in Canonical LXD LXD-UI versions before 6.5 and 5.21.4 on all platforms allows remote authenticated attackers to access or modify unintended resources via crafted resource names embedded in URL paths.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54468 - Rancher sends sensitive information to external services through the `/meta/proxy` endpoint
CVE ID : CVE-2025-54468
Published : Oct. 2, 2025, 10:15 a.m. | 3 hours, 1 minute ago
Description : A vulnerability has been identified within Rancher Manager whereby `Impersonate-Extra-*` headers are being sent to an external entity, for example `amazonaws.com`, via the `/meta/proxy` Rancher endpoint. These headers may contain identifiable and/or sensitive information e.g. email addresses.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54468
Published : Oct. 2, 2025, 10:15 a.m. | 3 hours, 1 minute ago
Description : A vulnerability has been identified within Rancher Manager whereby `Impersonate-Extra-*` headers are being sent to an external entity, for example `amazonaws.com`, via the `/meta/proxy` Rancher endpoint. These headers may contain identifiable and/or sensitive information e.g. email addresses.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61733 - Apache Kylin: Authentication bypass
CVE ID : CVE-2025-61733
Published : Oct. 2, 2025, 10:15 a.m. | 3 hours, 1 minute ago
Description : Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. Users are recommended to upgrade to version 5.0.3, which fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61733
Published : Oct. 2, 2025, 10:15 a.m. | 3 hours, 1 minute ago
Description : Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. Users are recommended to upgrade to version 5.0.3, which fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61734 - Apache Kylin: improper restriction of file read
CVE ID : CVE-2025-61734
Published : Oct. 2, 2025, 10:15 a.m. | 3 hours, 1 minute ago
Description : Files or Directories Accessible to External Parties vulnerability in Apache Kylin. You are fine as long as the Kylin's system and project admin access is well protected. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. Users are recommended to upgrade to version 5.0.3, which fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61734
Published : Oct. 2, 2025, 10:15 a.m. | 3 hours, 1 minute ago
Description : Files or Directories Accessible to External Parties vulnerability in Apache Kylin. You are fine as long as the Kylin's system and project admin access is well protected. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. Users are recommended to upgrade to version 5.0.3, which fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61735 - Apache Kylin: Server-Side Request Forgery
CVE ID : CVE-2025-61735
Published : Oct. 2, 2025, 10:15 a.m. | 3 hours, 1 minute ago
Description : Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. You are fine as long as the Kylin's system and project admin access is well protected. Users are recommended to upgrade to version 5.0.3, which fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61735
Published : Oct. 2, 2025, 10:15 a.m. | 3 hours, 1 minute ago
Description : Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. You are fine as long as the Kylin's system and project admin access is well protected. Users are recommended to upgrade to version 5.0.3, which fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40989 - Stored XSS in Creativeitem Ekushey CRM
CVE ID : CVE-2025-40989
Published : Oct. 2, 2025, 11:15 a.m. | 2 hours, 2 minutes ago
Description : Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/project_message/add/xxx", affecting to "message" parameter via POST. This vulnerability could allow a remote attacker to send a specially crafted query to an authenticated user and steal his/her cookie session details.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40989
Published : Oct. 2, 2025, 11:15 a.m. | 2 hours, 2 minutes ago
Description : Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/project_message/add/xxx", affecting to "message" parameter via POST. This vulnerability could allow a remote attacker to send a specially crafted query to an authenticated user and steal his/her cookie session details.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40990 - Stored XSS in Creativeitem Ekushey CRM
CVE ID : CVE-2025-40990
Published : Oct. 2, 2025, 11:15 a.m. | 2 hours, 2 minutes ago
Description : Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/project_bug/create/xxx", affecting to "title" and "description" parameters via POST. This vulnerability could allow a remote attacker to send a specially crafted query to an authenticated user and steal his/her cookie session details.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40990
Published : Oct. 2, 2025, 11:15 a.m. | 2 hours, 2 minutes ago
Description : Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/project_bug/create/xxx", affecting to "title" and "description" parameters via POST. This vulnerability could allow a remote attacker to send a specially crafted query to an authenticated user and steal his/her cookie session details.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...