CVE-2025-11731 - Libxslt: type confusion in exsltfuncresultcompfunction of libxslt
CVE ID : CVE-2025-11731
Published : Oct. 14, 2025, 6:15 a.m. | 1 hour, 52 minutes ago
Description : A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regular XML element node, resulting in a type confusion. This can cause unexpected memory reads and potential crashes. While difficult to exploit, the flaw could lead to application instability or denial of service.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11731
Published : Oct. 14, 2025, 6:15 a.m. | 1 hour, 52 minutes ago
Description : A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regular XML element node, resulting in a type confusion. This can cause unexpected memory reads and potential crashes. While difficult to exploit, the flaw could lead to application instability or denial of service.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59889 - Eaton IPP Software Arbitrary Code Execution Vulnerability
CVE ID : CVE-2025-59889
Published : Oct. 14, 2025, 6:15 a.m. | 1 hour, 52 minutes ago
Description : Improper authentication of library files in the Eaton IPP software installer could lead to arbitrary code execution of an attacker with the access to the software package.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59889
Published : Oct. 14, 2025, 6:15 a.m. | 1 hour, 52 minutes ago
Description : Improper authentication of library files in the Eaton IPP software installer could lead to arbitrary code execution of an attacker with the access to the software package.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8594 - Pz-LinkCard < 2.5.7 - Contributor+ SSRF
CVE ID : CVE-2025-8594
Published : Oct. 14, 2025, 6:15 a.m. | 1 hour, 52 minutes ago
Description : The Pz-LinkCard WordPress plugin before 2.5.7 does not validate a parameter before making a request to it, which could allow users with a role as low as Contributor to perform SSRF attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8594
Published : Oct. 14, 2025, 6:15 a.m. | 1 hour, 52 minutes ago
Description : The Pz-LinkCard WordPress plugin before 2.5.7 does not validate a parameter before making a request to it, which could allow users with a role as low as Contributor to perform SSRF attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55078 - Incomplete validation of kernel object pointers in system calls
CVE ID : CVE-2025-55078
Published : Oct. 14, 2025, 7:28 a.m. | 39 minutes ago
Description : In Eclipse ThreadX before version 6.4.3, an attacker can cause a denial of service (crash) by providing a pointer to a reserved or unmapped memory region. Vulnerable system calls had a check of pointers, but that check wasn't verifying whether the pointer is outside the module memory region.
Severity: 5.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55078
Published : Oct. 14, 2025, 7:28 a.m. | 39 minutes ago
Description : In Eclipse ThreadX before version 6.4.3, an attacker can cause a denial of service (crash) by providing a pointer to a reserved or unmapped memory region. Vulnerable system calls had a check of pointers, but that check wasn't verifying whether the pointer is outside the module memory region.
Severity: 5.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20710 - "Qualcomm Wlan AP Out-of-Bounds Write Privilege Escalation"
CVE ID : CVE-2025-20710
Published : Oct. 14, 2025, 10:15 a.m. | 1 hour, 52 minutes ago
Description : In wlan AP driver, there is a possible out of bounds write due to an integer overflow. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418785; Issue ID: MSV-3515.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20710
Published : Oct. 14, 2025, 10:15 a.m. | 1 hour, 52 minutes ago
Description : In wlan AP driver, there is a possible out of bounds write due to an integer overflow. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418785; Issue ID: MSV-3515.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20711 - "Belkin Wlan AP Driver Out-of-Bounds Write Privilege Escalation"
CVE ID : CVE-2025-20711
Published : Oct. 14, 2025, 10:15 a.m. | 1 hour, 52 minutes ago
Description : In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00422399; Issue ID: MSV-3748.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20711
Published : Oct. 14, 2025, 10:15 a.m. | 1 hour, 52 minutes ago
Description : In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00422399; Issue ID: MSV-3748.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20712 - Aruba WLAN AP Driver Out-of-Bounds Write Privilege Escalation
CVE ID : CVE-2025-20712
Published : Oct. 14, 2025, 10:15 a.m. | 1 hour, 52 minutes ago
Description : In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00422323; Issue ID: MSV-3810.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20712
Published : Oct. 14, 2025, 10:15 a.m. | 1 hour, 52 minutes ago
Description : In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00422323; Issue ID: MSV-3810.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20713 - Aruba WLAN AP Driver Unbounded Write Privilege Escalation Vulnerability
CVE ID : CVE-2025-20713
Published : Oct. 14, 2025, 10:15 a.m. | 1 hour, 52 minutes ago
Description : In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00432661; Issue ID: MSV-3904.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20713
Published : Oct. 14, 2025, 10:15 a.m. | 1 hour, 52 minutes ago
Description : In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00432661; Issue ID: MSV-3904.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20714 - Aruba Networks WLAN AP Driver Out-of-Bounds Write Vulnerability
CVE ID : CVE-2025-20714
Published : Oct. 14, 2025, 10:15 a.m. | 1 hour, 52 minutes ago
Description : In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00432659; Issue ID: MSV-3902.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20714
Published : Oct. 14, 2025, 10:15 a.m. | 1 hour, 52 minutes ago
Description : In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00432659; Issue ID: MSV-3902.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20715 - Linksys WLAN AP Driver Buffer Overflow Vulnerability
CVE ID : CVE-2025-20715
Published : Oct. 14, 2025, 10:15 a.m. | 1 hour, 52 minutes ago
Description : In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00421152; Issue ID: MSV-3731.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20715
Published : Oct. 14, 2025, 10:15 a.m. | 1 hour, 52 minutes ago
Description : In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00421152; Issue ID: MSV-3731.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20716 - "Linksys Wlan AP Driver Out-of-Bounds Write Vulnerability"
CVE ID : CVE-2025-20716
Published : Oct. 14, 2025, 10:15 a.m. | 1 hour, 52 minutes ago
Description : In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00421149; Issue ID: MSV-3728.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20716
Published : Oct. 14, 2025, 10:15 a.m. | 1 hour, 52 minutes ago
Description : In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00421149; Issue ID: MSV-3728.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20717 - Aruba Wireless Network Card Out-of-Bounds Write Vulnerability
CVE ID : CVE-2025-20717
Published : Oct. 14, 2025, 10:15 a.m. | 1 hour, 52 minutes ago
Description : In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00419946; Issue ID: MSV-3582.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20717
Published : Oct. 14, 2025, 10:15 a.m. | 1 hour, 52 minutes ago
Description : In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00419946; Issue ID: MSV-3582.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20718 - Aruba WLAN AP Driver Out-of-Bounds Write Vulnerability (Local Privilege Escalation)
CVE ID : CVE-2025-20718
Published : Oct. 14, 2025, 10:15 a.m. | 1 hour, 52 minutes ago
Description : In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00419945; Issue ID: MSV-3581.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20718
Published : Oct. 14, 2025, 10:15 a.m. | 1 hour, 52 minutes ago
Description : In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00419945; Issue ID: MSV-3581.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20719 - Cisco Wlan AP Out-of-Bounds Write Privilege Escalation Vulnerability
CVE ID : CVE-2025-20719
Published : Oct. 14, 2025, 10:15 a.m. | 1 hour, 52 minutes ago
Description : In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418955; Issue ID: MSV-3570.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20719
Published : Oct. 14, 2025, 10:15 a.m. | 1 hour, 52 minutes ago
Description : In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418955; Issue ID: MSV-3570.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20720 - Cisco WLAN AP Driver Out-of-Bounds Write Privilege Escalation Vulnerability
CVE ID : CVE-2025-20720
Published : Oct. 14, 2025, 10:15 a.m. | 1 hour, 52 minutes ago
Description : In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418954; Issue ID: MSV-3569.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20720
Published : Oct. 14, 2025, 10:15 a.m. | 1 hour, 52 minutes ago
Description : In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418954; Issue ID: MSV-3569.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20721 - imgsensor Out-of-Bounds Write Vulnerability
CVE ID : CVE-2025-20721
Published : Oct. 14, 2025, 10:15 a.m. | 1 hour, 52 minutes ago
Description : In imgsensor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10089545; Issue ID: MSV-4279.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20721
Published : Oct. 14, 2025, 10:15 a.m. | 1 hour, 52 minutes ago
Description : In imgsensor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10089545; Issue ID: MSV-4279.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20722 - Huawei GNSS Driver Integer Overflow Information Disclosure
CVE ID : CVE-2025-20722
Published : Oct. 14, 2025, 10:15 a.m. | 1 hour, 52 minutes ago
Description : In gnss driver, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09920036; Issue ID: MSV-3798.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20722
Published : Oct. 14, 2025, 10:15 a.m. | 1 hour, 52 minutes ago
Description : In gnss driver, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09920036; Issue ID: MSV-3798.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20723 - Apache Linux Privilege Escalation Vulnerability in Gnss Driver
CVE ID : CVE-2025-20723
Published : Oct. 14, 2025, 10:15 a.m. | 1 hour, 52 minutes ago
Description : In gnss driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09920033; Issue ID: MSV-3797.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20723
Published : Oct. 14, 2025, 10:15 a.m. | 1 hour, 52 minutes ago
Description : In gnss driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09920033; Issue ID: MSV-3797.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20724 - Intel Wlan AP Driver Out-of-Bounds Read Vulnerability
CVE ID : CVE-2025-20724
Published : Oct. 14, 2025, 10:15 a.m. | 1 hour, 52 minutes ago
Description : In wlan AP driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418894; Issue ID: MSV-3475.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-20724
Published : Oct. 14, 2025, 10:15 a.m. | 1 hour, 52 minutes ago
Description : In wlan AP driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418894; Issue ID: MSV-3475.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40755 - SINEC NMS SQL Injection Vulnerability
CVE ID : CVE-2025-40755
Published : Oct. 14, 2025, 10:15 a.m. | 1 hour, 52 minutes ago
Description : A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP1). Affected applications are vulnerable to SQL injection through getTotalAndFilterCounts endpoint. An authenticated low privileged attacker could exploit to insert data and achieve privilege escalation. (ZDI-CAN-26570)
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40755
Published : Oct. 14, 2025, 10:15 a.m. | 1 hour, 52 minutes ago
Description : A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP1). Affected applications are vulnerable to SQL injection through getTotalAndFilterCounts endpoint. An authenticated low privileged attacker could exploit to insert data and achieve privilege escalation. (ZDI-CAN-26570)
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40765 - "TeleControl Server Basic Information Disclosure Vulnerability"
CVE ID : CVE-2025-40765
Published : Oct. 14, 2025, 10:15 a.m. | 1 hour, 52 minutes ago
Description : A vulnerability has been identified in TeleControl Server Basic V3.1 (All versions >= V3.1.2.2 < V3.1.2.3). The affected application contains an information disclosure vulnerability. This could allow an unauthenticated remote attacker to obtain password hashes of users and to login to and perform authenticated operations of the database service.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40765
Published : Oct. 14, 2025, 10:15 a.m. | 1 hour, 52 minutes ago
Description : A vulnerability has been identified in TeleControl Server Basic V3.1 (All versions >= V3.1.2.2 < V3.1.2.3). The affected application contains an information disclosure vulnerability. This could allow an unauthenticated remote attacker to obtain password hashes of users and to login to and perform authenticated operations of the database service.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...