CVE-2025-11671 - EBM Technologies|Uniweb/SoliPACS WebServer - Missing Authentication
CVE ID : CVE-2025-11671
Published : Oct. 13, 2025, 8:15 a.m. | 1 hour, 18 minutes ago
Description : Uniweb/SoliPACS WebServer developed by EBM Technologies has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access a specific page to obtain information such as account names and IP addresses.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11671
Published : Oct. 13, 2025, 8:15 a.m. | 1 hour, 18 minutes ago
Description : Uniweb/SoliPACS WebServer developed by EBM Technologies has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access a specific page to obtain information such as account names and IP addresses.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11672 - EBM Technologies|Uniweb/SoliPACS WebServer - Missing Authentication
CVE ID : CVE-2025-11672
Published : Oct. 13, 2025, 8:15 a.m. | 1 hour, 18 minutes ago
Description : Uniweb/SoliPACS WebServer developed by EBM Technologies has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access a specific page to obtain user group names.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11672
Published : Oct. 13, 2025, 8:15 a.m. | 1 hour, 18 minutes ago
Description : Uniweb/SoliPACS WebServer developed by EBM Technologies has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access a specific page to obtain user group names.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11673 - PiExtract |SOOP-CLM - Hidden Functionality
CVE ID : CVE-2025-11673
Published : Oct. 13, 2025, 8:15 a.m. | 1 hour, 18 minutes ago
Description : SOOP-CLM developed by PiExtract has a Hidden Functionality vulnerability, allowing privileged remote attackers to exploit a hidden functionality to execute arbitrary code on the server.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11673
Published : Oct. 13, 2025, 8:15 a.m. | 1 hour, 18 minutes ago
Description : SOOP-CLM developed by PiExtract has a Hidden Functionality vulnerability, allowing privileged remote attackers to exploit a hidden functionality to execute arbitrary code on the server.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11674 - PiExtract|SOOP-CLM - Server-Side Request Forgery
CVE ID : CVE-2025-11674
Published : Oct. 13, 2025, 8:15 a.m. | 1 hour, 18 minutes ago
Description : SOOP-CLM developed by PiExtract has a Server-Side Request Forgery vulnerability, allowing privileged remote attackers to read server files or probe internal network information.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11674
Published : Oct. 13, 2025, 8:15 a.m. | 1 hour, 18 minutes ago
Description : SOOP-CLM developed by PiExtract has a Server-Side Request Forgery vulnerability, allowing privileged remote attackers to read server files or probe internal network information.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11675 - Ragic|Enterprise Cloud Database - Arbitrary File Upload
CVE ID : CVE-2025-11675
Published : Oct. 13, 2025, 8:15 a.m. | 1 hour, 18 minutes ago
Description : Enterprise Cloud Database developed by Ragic has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11675
Published : Oct. 13, 2025, 8:15 a.m. | 1 hour, 18 minutes ago
Description : Enterprise Cloud Database developed by Ragic has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9976 - OS Command Injection vulnerability affecting Station Launcher App in 3DEXPERIENCE platform from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x
CVE ID : CVE-2025-9976
Published : Oct. 13, 2025, 8:15 a.m. | 1 hour, 18 minutes ago
Description : An OS Command Injection vulnerability affecting Station Launcher App in 3DEXPERIENCE platform from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x could allow an attacker to execute arbitrary code on the user's machine.
Severity: 9.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9976
Published : Oct. 13, 2025, 8:15 a.m. | 1 hour, 18 minutes ago
Description : An OS Command Injection vulnerability affecting Station Launcher App in 3DEXPERIENCE platform from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x could allow an attacker to execute arbitrary code on the user's machine.
Severity: 9.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9968 - Armoury Crate UnifyScanner Local Privilege Escalation
CVE ID : CVE-2025-9968
Published : Oct. 13, 2025, 9:15 a.m. | 18 minutes ago
Description : A link following vulnerability exists in the UnifyScanner component of Armoury Crate. This vulnerability may be triggered by creating a specially crafted junction, potentially leading to local privilege escalation. For more information, please refer to section 'Security Update for Armoury Crate App' in the ASUS Security Advisory.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9968
Published : Oct. 13, 2025, 9:15 a.m. | 18 minutes ago
Description : A link following vulnerability exists in the UnifyScanner component of Armoury Crate. This vulnerability may be triggered by creating a specially crafted junction, potentially leading to local privilege escalation. For more information, please refer to section 'Security Update for Armoury Crate App' in the ASUS Security Advisory.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11183 - Cross-Site Scripting Vulnerability in QWC2
CVE ID : CVE-2025-11183
Published : Oct. 13, 2025, 9:17 a.m. | 16 minutes ago
Description : Cross-Site Scripting vulnerability in attribute table in QGIS QWC2 <2025.08.14 allows an authorized attacker to plant arbitrary JavaScript code in the page
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11183
Published : Oct. 13, 2025, 9:17 a.m. | 16 minutes ago
Description : Cross-Site Scripting vulnerability in attribute table in QGIS QWC2 <2025.08.14 allows an authorized attacker to plant arbitrary JavaScript code in the page
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11184 - Cross-Site Scripting Vulnerability in QWC2 Registration GUI
CVE ID : CVE-2025-11184
Published : Oct. 13, 2025, 9:20 a.m. | 13 minutes ago
Description : Cross-site scripting vulnerability in QGIS QWC2 Registration GUI <=v2025.03.31 allows an authorized attacker to plant arbitrary JavaScript code in the page
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11184
Published : Oct. 13, 2025, 9:20 a.m. | 13 minutes ago
Description : Cross-site scripting vulnerability in QGIS QWC2 Registration GUI <=v2025.03.31 allows an authorized attacker to plant arbitrary JavaScript code in the page
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10720 - WP Private Content Plus <= 3.6.2 - Password Protection Bypass
CVE ID : CVE-2025-10720
Published : Oct. 13, 2025, 10:15 a.m. | 3 hours, 19 minutes ago
Description : The WP Private Content Plus through 3.6.2 provides a global content protection feature that requires a password. However, the access control check is based only on the presence of an unprotected client-side cookie. As a result, an unauthenticated attacker can completely bypass the password protection by manually setting the cookie value in their browser.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10720
Published : Oct. 13, 2025, 10:15 a.m. | 3 hours, 19 minutes ago
Description : The WP Private Content Plus through 3.6.2 provides a global content protection feature that requires a password. However, the access control check is based only on the presence of an unprotected client-side cookie. As a result, an unauthenticated attacker can completely bypass the password protection by manually setting the cookie value in their browser.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9336 - ASUS Armoury Crate App Stack Buffer Overflow
CVE ID : CVE-2025-9336
Published : Oct. 13, 2025, 10:15 a.m. | 3 hours, 19 minutes ago
Description : A stack buffer overflow has been identified in the AsIO3.sys driver. This vulnerability can be triggered by input manipulation, may leading to a system crash (BSOD) or other potentially undefined execution. Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9336
Published : Oct. 13, 2025, 10:15 a.m. | 3 hours, 19 minutes ago
Description : A stack buffer overflow has been identified in the AsIO3.sys driver. This vulnerability can be triggered by input manipulation, may leading to a system crash (BSOD) or other potentially undefined execution. Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9337 - ASUS Armoury Crate App Null Pointer Dereference
CVE ID : CVE-2025-9337
Published : Oct. 13, 2025, 10:15 a.m. | 3 hours, 19 minutes ago
Description : A null pointer dereference has been identified in the AsIO3.sys driver. The vulnerability can be triggered by a specially crafted input, which may lead to a system crash (BSOD). Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9337
Published : Oct. 13, 2025, 10:15 a.m. | 3 hours, 19 minutes ago
Description : A null pointer dereference has been identified in the AsIO3.sys driver. The vulnerability can be triggered by a specially crafted input, which may lead to a system crash (BSOD). Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6919 - SQLi in Cats Informatics' Aykome
CVE ID : CVE-2025-6919
Published : Oct. 13, 2025, 1:15 p.m. | 20 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cats Information Technology Software Development Technologies Aykome License Tracking System allows SQL Injection.This issue affects Aykome License Tracking System: through 06.10.2025.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6919
Published : Oct. 13, 2025, 1:15 p.m. | 20 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cats Information Technology Software Development Technologies Aykome License Tracking System allows SQL Injection.This issue affects Aykome License Tracking System: through 06.10.2025.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9902 - IDOR in Akınsoft QRMenu
CVE ID : CVE-2025-9902
Published : Oct. 13, 2025, 1:15 p.m. | 20 minutes ago
Description : Authorization Bypass Through User-Controlled Key vulnerability in AKIN Software Computer Import Export Industry and Trade Co. Ltd. QRMenu allows Privilege Abuse.This issue affects QRMenu: from 1.05.12 before Version dated 05.09.2025.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9902
Published : Oct. 13, 2025, 1:15 p.m. | 20 minutes ago
Description : Authorization Bypass Through User-Controlled Key vulnerability in AKIN Software Computer Import Export Industry and Trade Co. Ltd. QRMenu allows Privilege Abuse.This issue affects QRMenu: from 1.05.12 before Version dated 05.09.2025.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-37729 - Elastic Cloud Enterprise (ECE) Improper Neutralization of Special Elements Used in a Template Engine
CVE ID : CVE-2025-37729
Published : Oct. 13, 2025, 2:15 p.m. | 3 hours, 20 minutes ago
Description : Improper neutralization of special elements used in a template engine in Elastic Cloud Enterprise (ECE) can lead to a malicious actor with Admin access exfiltrating sensitive information and issuing commands via a specially crafted string where Jinjava variables are evaluated.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-37729
Published : Oct. 13, 2025, 2:15 p.m. | 3 hours, 20 minutes ago
Description : Improper neutralization of special elements used in a template engine in Elastic Cloud Enterprise (ECE) can lead to a malicious actor with Admin access exfiltrating sensitive information and issuing commands via a specially crafted string where Jinjava variables are evaluated.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-39964 - crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg
CVE ID : CVE-2025-39964
Published : Oct. 13, 2025, 2:15 p.m. | 3 hours, 20 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg Issuing two writes to the same af_alg socket is bogus as the data will be interleaved in an unpredictable fashion. Furthermore, concurrent writes may create inconsistencies in the internal socket state. Disallow this by adding a new ctx->write field that indiciates exclusive ownership for writing.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-39964
Published : Oct. 13, 2025, 2:15 p.m. | 3 hours, 20 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg Issuing two writes to the same af_alg socket is bogus as the data will be interleaved in an unpredictable fashion. Furthermore, concurrent writes may create inconsistencies in the internal socket state. Disallow this by adding a new ctx->write field that indiciates exclusive ownership for writing.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-39965 - xfrm: xfrm_alloc_spi shouldn't use 0 as SPI
CVE ID : CVE-2025-39965
Published : Oct. 13, 2025, 2:15 p.m. | 3 hours, 20 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: xfrm: xfrm_alloc_spi shouldn't use 0 as SPI x->id.spi == 0 means "no SPI assigned", but since commit 94f39804d891 ("xfrm: Duplicate SPI Handling"), we now create states and add them to the byspi list with this value. __xfrm_state_delete doesn't remove those states from the byspi list, since they shouldn't be there, and this shows up as a UAF the next time we go through the byspi list.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-39965
Published : Oct. 13, 2025, 2:15 p.m. | 3 hours, 20 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: xfrm: xfrm_alloc_spi shouldn't use 0 as SPI x->id.spi == 0 means "no SPI assigned", but since commit 94f39804d891 ("xfrm: Duplicate SPI Handling"), we now create states and add them to the byspi list with this value. __xfrm_state_delete doesn't remove those states from the byspi list, since they shouldn't be there, and this shows up as a UAF the next time we go through the byspi list.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43991 - Dell SupportAssist Symlink Deletion Vulnerability
CVE ID : CVE-2025-43991
Published : Oct. 13, 2025, 3:16 p.m. | 2 hours, 19 minutes ago
Description : SupportAssist for Home PCs versions 4.8.2 and prior and SupportAssist for Business PCs versions 4.5.3 and prior, contain an UNIX Symbolic Link (Symlink) following vulnerability. A low privileged attacker with local access to the system could potentially exploit this vulnerability to delete arbitrary files only in that affected system.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43991
Published : Oct. 13, 2025, 3:16 p.m. | 2 hours, 19 minutes ago
Description : SupportAssist for Home PCs versions 4.8.2 and prior and SupportAssist for Business PCs versions 4.5.3 and prior, contain an UNIX Symbolic Link (Symlink) following vulnerability. A low privileged attacker with local access to the system could potentially exploit this vulnerability to delete arbitrary files only in that affected system.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62243 - Liferay Portal and DXP Insecure Direct Object Reference (IDOR) and Permission Bypass Vulnerability
CVE ID : CVE-2025-62243
Published : Oct. 13, 2025, 5:14 p.m. | 20 minutes ago
Description : Insecure direct object reference (IDOR) vulnerability in Publications in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote authenticated attackers to view publication comments via the _com_liferay_change_tracking_web_portlet_PublicationsPortlet_value parameter. Publications comments in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 does not properly check user permissions, which allows remote authenticated users to edit publication comments via crafted URLs.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62243
Published : Oct. 13, 2025, 5:14 p.m. | 20 minutes ago
Description : Insecure direct object reference (IDOR) vulnerability in Publications in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote authenticated attackers to view publication comments via the _com_liferay_change_tracking_web_portlet_PublicationsPortlet_value parameter. Publications comments in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 does not properly check user permissions, which allows remote authenticated users to edit publication comments via crafted URLs.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11695 - Configuration may unexpectedly disable certificate validation
CVE ID : CVE-2025-11695
Published : Oct. 13, 2025, 5:15 p.m. | 20 minutes ago
Description : When tlsInsecure=False appears in a connection string, certificate validation is disabled. This vulnerability affects MongoDB Rust Driver versions prior to v3.2.5
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11695
Published : Oct. 13, 2025, 5:15 p.m. | 20 minutes ago
Description : When tlsInsecure=False appears in a connection string, certificate validation is disabled. This vulnerability affects MongoDB Rust Driver versions prior to v3.2.5
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62244 - Liferay Portal Liferay DXP IDOR Vulnerability
CVE ID : CVE-2025-62244
Published : Oct. 13, 2025, 5:15 p.m. | 20 minutes ago
Description : Insecure direct object reference (IDOR) vulnerability in Publications in Liferay Portal 7.3.1 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92, and 7.3 GA through update 36 allows remote authenticated attackers to view the edit page of a publication via the _com_liferay_change_tracking_web_portlet_PublicationsPortlet_ctCollectionId parameter.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62244
Published : Oct. 13, 2025, 5:15 p.m. | 20 minutes ago
Description : Insecure direct object reference (IDOR) vulnerability in Publications in Liferay Portal 7.3.1 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92, and 7.3 GA through update 36 allows remote authenticated attackers to view the edit page of a publication via the _com_liferay_change_tracking_web_portlet_PublicationsPortlet_ctCollectionId parameter.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...