CVE-2025-21067 - Samsung Notes Out-of-Bounds Read
CVE ID : CVE-2025-21067
Published : Oct. 10, 2025, 7:15 a.m. | 3 hours, 43 minutes ago
Description : Out-of-bounds read in the allocation of image buffer in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-21067
Published : Oct. 10, 2025, 7:15 a.m. | 3 hours, 43 minutes ago
Description : Out-of-bounds read in the allocation of image buffer in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-21068 - Samsung Notes Out-of-bounds Read Vulnerability
CVE ID : CVE-2025-21068
Published : Oct. 10, 2025, 7:15 a.m. | 3 hours, 43 minutes ago
Description : Out-of-bounds read in the reading of image data in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-21068
Published : Oct. 10, 2025, 7:15 a.m. | 3 hours, 43 minutes ago
Description : Out-of-bounds read in the reading of image data in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-21069 - Samsung Notes OOB Read Vulnerability
CVE ID : CVE-2025-21069
Published : Oct. 10, 2025, 7:15 a.m. | 3 hours, 43 minutes ago
Description : Out-of-bounds read in the parsing of image data in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-21069
Published : Oct. 10, 2025, 7:15 a.m. | 3 hours, 43 minutes ago
Description : Out-of-bounds read in the parsing of image data in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-21070 - Samsung Notes Out-of-Bounds Write Buffer Overflow
CVE ID : CVE-2025-21070
Published : Oct. 10, 2025, 7:15 a.m. | 3 hours, 43 minutes ago
Description : Out-of-bounds write in the SPI decoder in Samsung Notes prior to version 4.4.30.63 allows local attackers to write out-of-bounds memory.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-21070
Published : Oct. 10, 2025, 7:15 a.m. | 3 hours, 43 minutes ago
Description : Out-of-bounds write in the SPI decoder in Samsung Notes prior to version 4.4.30.63 allows local attackers to write out-of-bounds memory.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62292 - SonarQube Information Disclosure
CVE ID : CVE-2025-62292
Published : Oct. 10, 2025, 7:15 a.m. | 3 hours, 43 minutes ago
Description : In SonarQube before 25.6, 2025.3 Commercial, and 2025.1.3 LTA, authenticated low-privileged users can query the /api/v2/users-management/users endpoint and obtain user fields intended for administrators only, including the email addresses of other accounts.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62292
Published : Oct. 10, 2025, 7:15 a.m. | 3 hours, 43 minutes ago
Description : In SonarQube before 25.6, 2025.3 Commercial, and 2025.1.3 LTA, authenticated low-privileged users can query the /api/v2/users-management/users endpoint and obtain user fields intended for administrators only, including the email addresses of other accounts.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40640 - Multiple vulnerabilities in Energy CRM by Status Tracker
CVE ID : CVE-2025-40640
Published : Oct. 10, 2025, 9:15 a.m. | 1 hour, 43 minutes ago
Description : Stored Cross-Site Scripting (XSS) vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to “/crm/create_invoice_submit.php”, using the “customerName_0” parameter. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal their cookie session details.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40640
Published : Oct. 10, 2025, 9:15 a.m. | 1 hour, 43 minutes ago
Description : Stored Cross-Site Scripting (XSS) vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to “/crm/create_invoice_submit.php”, using the “customerName_0” parameter. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal their cookie session details.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52655 - HCL MyXalytics is affected by a Cross-Domain Script Include vulnerability.
CVE ID : CVE-2025-52655
Published : Oct. 10, 2025, 9:15 a.m. | 1 hour, 43 minutes ago
Description : Inclusion of Functionality from Untrusted Control Sphere vulnerability in HCL MyXalytics. v6.6 allows Loading third-party scripts without integrity checks or validation can allow external code run in the application's context, risking data exposure.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52655
Published : Oct. 10, 2025, 9:15 a.m. | 1 hour, 43 minutes ago
Description : Inclusion of Functionality from Untrusted Control Sphere vulnerability in HCL MyXalytics. v6.6 allows Loading third-party scripts without integrity checks or validation can allow external code run in the application's context, risking data exposure.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-25017 - Kibana Stored Cross-Site Scripting (XSS)
CVE ID : CVE-2025-25017
Published : Oct. 10, 2025, 10:15 a.m. | 43 minutes ago
Description : Improper Neutralization of Input During Web Page Generation in Kibana can lead to Cross-Site Scripting (XSS)
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-25017
Published : Oct. 10, 2025, 10:15 a.m. | 43 minutes ago
Description : Improper Neutralization of Input During Web Page Generation in Kibana can lead to Cross-Site Scripting (XSS)
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-25018 - Kibana Stored Cross-Site Scripting (XSS)
CVE ID : CVE-2025-25018
Published : Oct. 10, 2025, 10:15 a.m. | 43 minutes ago
Description : Improper Neutralization of Input During Web Page Generation in Kibana can lead to stored Cross-Site Scripting (XSS)
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-25018
Published : Oct. 10, 2025, 10:15 a.m. | 43 minutes ago
Description : Improper Neutralization of Input During Web Page Generation in Kibana can lead to stored Cross-Site Scripting (XSS)
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-30001 - Apache StreamPark: Authenticated users can trigger remote command execution
CVE ID : CVE-2025-30001
Published : Oct. 10, 2025, 10:15 a.m. | 43 minutes ago
Description : Incorrect Execution-Assigned Permissions vulnerability in Apache StreamPark. This issue affects Apache StreamPark: from 2.1.4 before 2.1.6. Users are recommended to upgrade to version 2.1.6, which fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-30001
Published : Oct. 10, 2025, 10:15 a.m. | 43 minutes ago
Description : Incorrect Execution-Assigned Permissions vulnerability in Apache StreamPark. This issue affects Apache StreamPark: from 2.1.4 before 2.1.6. Users are recommended to upgrade to version 2.1.6, which fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-37727 - Elasticsearch Insertion of sensitive information in log file
CVE ID : CVE-2025-37727
Published : Oct. 10, 2025, 10:15 a.m. | 43 minutes ago
Description : Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the reindex API https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex
Severity: 5.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-37727
Published : Oct. 10, 2025, 10:15 a.m. | 43 minutes ago
Description : Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the reindex API https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex
Severity: 5.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41088 - Stored Cross-Site Scripting (XSS) in CMS
CVE ID : CVE-2025-41088
Published : Oct. 10, 2025, 10:15 a.m. | 43 minutes ago
Description : Stored Cross-Site Scripting (XSS) in Xibo Signage's Xibo CMS v4.1.2, due to a lack of proper validation of user input. To exploit the vulnerability, the attacker must create a template in the 'Templates' section, then add a text element in the 'Global Elements' section, and finally modify the 'Text' field in the section with the malicious payload.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41088
Published : Oct. 10, 2025, 10:15 a.m. | 43 minutes ago
Description : Stored Cross-Site Scripting (XSS) in Xibo Signage's Xibo CMS v4.1.2, due to a lack of proper validation of user input. To exploit the vulnerability, the attacker must create a template in the 'Templates' section, then add a text element in the 'Global Elements' section, and finally modify the 'Text' field in the section with the malicious payload.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41089 - Reflected Cross-Site Scripting (XSS) in CMS
CVE ID : CVE-2025-41089
Published : Oct. 10, 2025, 10:15 a.m. | 43 minutes ago
Description : Reflected Cross-Site Scripting (XSS) in Xibo CMS v4.1.2 from Xibo Signage, due to a lack of proper validation of user input. To exploit the vulnerability, the attacker must create a template in the 'Templates' section, then add an element that has the 'Configuration Name' field, such as the 'Clock' widget. Next, modify the 'Configuration Name' field in the left-hand section.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41089
Published : Oct. 10, 2025, 10:15 a.m. | 43 minutes ago
Description : Reflected Cross-Site Scripting (XSS) in Xibo CMS v4.1.2 from Xibo Signage, due to a lack of proper validation of user input. To exploit the vulnerability, the attacker must create a template in the 'Templates' section, then add an element that has the 'Configuration Name' field, such as the 'Clock' widget. Next, modify the 'Configuration Name' field in the left-hand section.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52630 - HCL AION is susceptible to Missing or insecure "X-Content-Type-Options" header vulnerability
CVE ID : CVE-2025-52630
Published : Oct. 10, 2025, 10:15 a.m. | 43 minutes ago
Description : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION.This issue affects AION: 2.0.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52630
Published : Oct. 10, 2025, 10:15 a.m. | 43 minutes ago
Description : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION.This issue affects AION: 2.0.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52632 - HCL AION is susceptible to Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability
CVE ID : CVE-2025-52632
Published : Oct. 10, 2025, 10:15 a.m. | 43 minutes ago
Description : A Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability in HCL AION.This issue affects AION: 2.0.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52632
Published : Oct. 10, 2025, 10:15 a.m. | 43 minutes ago
Description : A Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability in HCL AION.This issue affects AION: 2.0.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52634 - HCL AION is susceptible to Spring Boot Actuator Endpoints Exposed
CVE ID : CVE-2025-52634
Published : Oct. 10, 2025, 10:15 a.m. | 43 minutes ago
Description : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION This issue affects HCL AION: 2.0.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52634
Published : Oct. 10, 2025, 10:15 a.m. | 43 minutes ago
Description : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HCL AION This issue affects HCL AION: 2.0.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52650 - HCL AION is susceptible to Inline script execution allowed in CSP vulnerability
CVE ID : CVE-2025-52650
Published : Oct. 10, 2025, 10:15 a.m. | 43 minutes ago
Description : Inline script execution allowed in CSP vulnerability has been identified in HCL AION v2.0
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52650
Published : Oct. 10, 2025, 10:15 a.m. | 43 minutes ago
Description : Inline script execution allowed in CSP vulnerability has been identified in HCL AION v2.0
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61856 - V-SFT Buffer Overflow Vulnerability
CVE ID : CVE-2025-61856
Published : Oct. 10, 2025, 10:19 a.m. | 39 minutes ago
Description : A stack-based buffer overflow vulnerability exists in VS6ComFile!CV7BaseMap::WriteV7DataToRom of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code execution.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61856
Published : Oct. 10, 2025, 10:19 a.m. | 39 minutes ago
Description : A stack-based buffer overflow vulnerability exists in VS6ComFile!CV7BaseMap::WriteV7DataToRom of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code execution.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52635 - HCL AION is susceptible to Trusted types in scripts not enforced in CSP
CVE ID : CVE-2025-52635
Published : Oct. 10, 2025, 10:21 a.m. | 37 minutes ago
Description : A rusted types in scripts not enforced in CSP vulnerability has been identified in HCL AION.This issue affects AION: 2.0.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52635
Published : Oct. 10, 2025, 10:21 a.m. | 37 minutes ago
Description : A rusted types in scripts not enforced in CSP vulnerability has been identified in HCL AION.This issue affects AION: 2.0.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52624 - HCL AION is susceptible to Bypass of the script allow list configuration vulnerability
CVE ID : CVE-2025-52624
Published : Oct. 10, 2025, 10:25 a.m. | 33 minutes ago
Description : A vulnerability Bypass of the script allowlist configuration in HCL AION. An incorrectly configured Content-Security-Policy header may allow unauthorized scripts to execute, increasing the risk of cross-site scripting and other injection-based attacks.This issue affects AION: 2.0.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52624
Published : Oct. 10, 2025, 10:25 a.m. | 33 minutes ago
Description : A vulnerability Bypass of the script allowlist configuration in HCL AION. An incorrectly configured Content-Security-Policy header may allow unauthorized scripts to execute, increasing the risk of cross-site scripting and other injection-based attacks.This issue affects AION: 2.0.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61858 - An out-of-bounds write vulnerability exists in VS6
CVE ID : CVE-2025-61858
Published : Oct. 10, 2025, 10:28 a.m. | 30 minutes ago
Description : An out-of-bounds write vulnerability exists in VS6ComFile!set_AnimationItem of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code execution.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61858
Published : Oct. 10, 2025, 10:28 a.m. | 30 minutes ago
Description : An out-of-bounds write vulnerability exists in VS6ComFile!set_AnimationItem of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end (ABEND), and arbitrary code execution.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...