CVE-2025-55094 - Potential out-of-bounds read in _nx_icmpv6_validate_options()
CVE ID : CVE-2025-55094
Published : Oct. 17, 2025, 6:15 a.m. | 3 hours, 29 minutes ago
Description : In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_icmpv6_validate_options() when handling a packet with ICMP6 options.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55094
Published : Oct. 17, 2025, 6:15 a.m. | 3 hours, 29 minutes ago
Description : In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_icmpv6_validate_options() when handling a packet with ICMP6 options.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55096 - Inadequate bounds check and potential underflow in _ux_host_class_hid_report_descriptor_get()
CVE ID : CVE-2025-55096
Published : Oct. 17, 2025, 6:15 a.m. | 3 hours, 29 minutes ago
Description : In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_hid_report_descriptor_get() when parsing a descriptor of an USB HID device.
Severity: 2.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55096
Published : Oct. 17, 2025, 6:15 a.m. | 3 hours, 29 minutes ago
Description : In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_hid_report_descriptor_get() when parsing a descriptor of an USB HID device.
Severity: 2.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55097 - Potential out-of-bounds read in _ux_host_class_audio_streaming_sampling_get()
CVE ID : CVE-2025-55097
Published : Oct. 17, 2025, 6:15 a.m. | 3 hours, 29 minutes ago
Description : In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_audio_streaming_sampling_get() when parsing a descriptor of an USB streaming device.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55097
Published : Oct. 17, 2025, 6:15 a.m. | 3 hours, 29 minutes ago
Description : In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_audio_streaming_sampling_get() when parsing a descriptor of an USB streaming device.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55098 - Potential out-of-bounds read in _ux_host_class_audio_device_type_get()
CVE ID : CVE-2025-55098
Published : Oct. 17, 2025, 6:15 a.m. | 3 hours, 29 minutes ago
Description : In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_audio_device_type_get() when parsing a descriptor of an USB audio device.
Severity: 1.0 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55098
Published : Oct. 17, 2025, 6:15 a.m. | 3 hours, 29 minutes ago
Description : In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_audio_device_type_get() when parsing a descriptor of an USB audio device.
Severity: 1.0 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55099 - Potential out-of-bounds read in _ux_host_class_audio_alternate_setting_locate()
CVE ID : CVE-2025-55099
Published : Oct. 17, 2025, 6:15 a.m. | 3 hours, 29 minutes ago
Description : In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_audio_alternate_setting_locate() when parsing a descriptor with attacker-controlled frequency fields.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55099
Published : Oct. 17, 2025, 6:15 a.m. | 3 hours, 29 minutes ago
Description : In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_audio_alternate_setting_locate() when parsing a descriptor with attacker-controlled frequency fields.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55100 - Potential out-of-bounds read in _ux_host_class_audio10_sam_parse_func()
CVE ID : CVE-2025-55100
Published : Oct. 17, 2025, 6:15 a.m. | 3 hours, 29 minutes ago
Description : In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_audio10_sam_parse_func() when parsing a list of sampling frequencies.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55100
Published : Oct. 17, 2025, 6:15 a.m. | 3 hours, 29 minutes ago
Description : In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_audio10_sam_parse_func() when parsing a list of sampling frequencies.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11895 - Binary MLM Plan <= 3.0 - Authenticated (Subscriber+) Insecure Direct Object Reference
CVE ID : CVE-2025-11895
Published : Oct. 17, 2025, 10:15 a.m. | 1 hour, 30 minutes ago
Description : The Binary MLM Plan plugin for WordPress is vulnerable to insecure direct object reference in versions up to, and including, 3.0. This is due to the bmp_user_payout_detail_of_current_user() function selecting payout records solely by id without verifying ownership. This makes it possible for authenticated attackers with the bmp_user role (often subscribers) to view other members' payout summaries via direct requests to the /bmp-account-detail/ endpoint with a crafted payout-id parameter granted they can access the shortcode output.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11895
Published : Oct. 17, 2025, 10:15 a.m. | 1 hour, 30 minutes ago
Description : The Binary MLM Plan plugin for WordPress is vulnerable to insecure direct object reference in versions up to, and including, 3.0. This is due to the bmp_user_payout_detail_of_current_user() function selecting payout records solely by id without verifying ownership. This makes it possible for authenticated attackers with the bmp_user role (often subscribers) to view other members' payout summaries via direct requests to the /bmp-account-detail/ endpoint with a crafted payout-id parameter granted they can access the shortcode output.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2023-28815 - Hikvision iSecure Center Command Injection Vulnerability
CVE ID : CVE-2023-28815
Published : Oct. 17, 2025, 11:07 a.m. | 38 minutes ago
Description : Some versions of Hikvision's iSecure Center Product contain insufficient parameter validation, resulting in a command injection vulnerability. Attackers may exploit this to gain platform privileges and execute arbitrary commands on the system.iSecure Center is software released for China's domestic market only, with no overseas release.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2023-28815
Published : Oct. 17, 2025, 11:07 a.m. | 38 minutes ago
Description : Some versions of Hikvision's iSecure Center Product contain insufficient parameter validation, resulting in a command injection vulnerability. Attackers may exploit this to gain platform privileges and execute arbitrary commands on the system.iSecure Center is software released for China's domestic market only, with no overseas release.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2023-28814 - Hikvision iSecure Center Improper File Upload Vulnerability
CVE ID : CVE-2023-28814
Published : Oct. 17, 2025, 11:15 a.m. | 30 minutes ago
Description : Some versions of Hikvision's iSecure Center Product have an improper file upload control vulnerability. Due to the improper verification of file to be uploaded, attackers may upload malicious files to the server. iSecure Center is software released for China's domestic market only, with no overseas release.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2023-28814
Published : Oct. 17, 2025, 11:15 a.m. | 30 minutes ago
Description : Some versions of Hikvision's iSecure Center Product have an improper file upload control vulnerability. Due to the improper verification of file to be uploaded, attackers may upload malicious files to the server. iSecure Center is software released for China's domestic market only, with no overseas release.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11902 - yanyutao0402 ChanCMS findField sql injection
CVE ID : CVE-2025-11902
Published : Oct. 17, 2025, 2:15 p.m. | 1 hour, 31 minutes ago
Description : A vulnerability was detected in yanyutao0402 ChanCMS up to 3.3.2. Affected by this vulnerability is the function findField of the file /cms/article/findField. Performing manipulation of the argument cid results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11902
Published : Oct. 17, 2025, 2:15 p.m. | 1 hour, 31 minutes ago
Description : A vulnerability was detected in yanyutao0402 ChanCMS up to 3.3.2. Affected by this vulnerability is the function findField of the file /cms/article/findField. Performing manipulation of the argument cid results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11903 - yanyutao0402 ChanCMS update sql injection
CVE ID : CVE-2025-11903
Published : Oct. 17, 2025, 2:15 p.m. | 1 hour, 31 minutes ago
Description : A flaw has been found in yanyutao0402 ChanCMS up to 3.3.2. Affected by this issue is the function update of the file /cms/article/update. Executing manipulation of the argument cid can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11903
Published : Oct. 17, 2025, 2:15 p.m. | 1 hour, 31 minutes ago
Description : A flaw has been found in yanyutao0402 ChanCMS up to 3.3.2. Affected by this issue is the function update of the file /cms/article/update. Executing manipulation of the argument cid can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48044 - Authorization bypass when bypass policy condition evaluates to true
CVE ID : CVE-2025-48044
Published : Oct. 17, 2025, 2:15 p.m. | 1 hour, 31 minutes ago
Description : Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/policy.ex and program routines 'Elixir.Ash.Policy.Policy':expression/2. This issue affects ash: from pkg:hex/ash@3.6.3 before pkg:hex/ash@3.7.1, from 3.6.3 before 3.7.1, from 79749c2685ea031ebb2de8cf60cc5edced6a8dd0 before 8b83efa225f657bfc3656ad8ee8485f9b2de923d.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48044
Published : Oct. 17, 2025, 2:15 p.m. | 1 hour, 31 minutes ago
Description : Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/policy.ex and program routines 'Elixir.Ash.Policy.Policy':expression/2. This issue affects ash: from pkg:hex/ash@3.6.3 before pkg:hex/ash@3.7.1, from 3.6.3 before 3.7.1, from 79749c2685ea031ebb2de8cf60cc5edced6a8dd0 before 8b83efa225f657bfc3656ad8ee8485f9b2de923d.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60359 - Radare2 Bin Object Memory Leak
CVE ID : CVE-2025-60359
Published : Oct. 17, 2025, 2:15 p.m. | 1 hour, 31 minutes ago
Description : radare2 v5.9.8 and before contains a memory leak in the function r_bin_object_new.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60359
Published : Oct. 17, 2025, 2:15 p.m. | 1 hour, 31 minutes ago
Description : radare2 v5.9.8 and before contains a memory leak in the function r_bin_object_new.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60360 - Radare2 Memory Leak Vulnerability
CVE ID : CVE-2025-60360
Published : Oct. 17, 2025, 2:15 p.m. | 1 hour, 31 minutes ago
Description : radare2 v5.9.8 and before contains a memory leak in the function r2r_subprocess_init.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60360
Published : Oct. 17, 2025, 2:15 p.m. | 1 hour, 31 minutes ago
Description : radare2 v5.9.8 and before contains a memory leak in the function r2r_subprocess_init.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11904 - yanyutao0402 ChanCMS hasUse sql injection
CVE ID : CVE-2025-11904
Published : Oct. 17, 2025, 3:15 p.m. | 31 minutes ago
Description : A vulnerability has been found in yanyutao0402 ChanCMS up to 3.3.2. This affects the function hasUse of the file /cms/model/hasUse. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11904
Published : Oct. 17, 2025, 3:15 p.m. | 31 minutes ago
Description : A vulnerability has been found in yanyutao0402 ChanCMS up to 3.3.2. This affects the function hasUse of the file /cms/model/hasUse. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48087 - WordPress Memberlite Shortcodes plugin <= 1.4.1 - Cross Site Scripting (XSS) vulnerability
CVE ID : CVE-2025-48087
Published : Oct. 17, 2025, 3:15 p.m. | 31 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jason C. Memberlite Shortcodes memberlite-shortcodes allows Stored XSS.This issue affects Memberlite Shortcodes: from n/a through 1.4.1.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48087
Published : Oct. 17, 2025, 3:15 p.m. | 31 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jason C. Memberlite Shortcodes memberlite-shortcodes allows Stored XSS.This issue affects Memberlite Shortcodes: from n/a through 1.4.1.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55085 - Web http client: Unchecked Server-Side Malicious Packet Issue
CVE ID : CVE-2025-55085
Published : Oct. 17, 2025, 3:15 p.m. | 31 minutes ago
Description : In NextX Duo before 6.4.4, in the HTTP client module, the network support code for Eclipse Foundation ThreadX, the parsing of HTTP header fields was missing bounds verification. A crafted server response could cause undefined behavior.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55085
Published : Oct. 17, 2025, 3:15 p.m. | 31 minutes ago
Description : In NextX Duo before 6.4.4, in the HTTP client module, the network support code for Eclipse Foundation ThreadX, the parsing of HTTP header fields was missing bounds verification. A crafted server response could cause undefined behavior.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60361 - Radare2 Bochs Open Memory Leak
CVE ID : CVE-2025-60361
Published : Oct. 17, 2025, 3:15 p.m. | 31 minutes ago
Description : radare2 v5.9.8 and before contains a memory leak in the function bochs_open.
Severity: 2.8 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60361
Published : Oct. 17, 2025, 3:15 p.m. | 31 minutes ago
Description : radare2 v5.9.8 and before contains a memory leak in the function bochs_open.
Severity: 2.8 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-49655 - Keras TorchModuleWrapper Deserialization Vulnerability
CVE ID : CVE-2025-49655
Published : Oct. 17, 2025, 3:20 p.m. | 26 minutes ago
Description : Deserialization of untrusted data can occur in versions of the Keras framework running versions 3.11.0 up to but not including 3.11.3, enabling a maliciously uploaded Keras file containing a TorchModuleWrapper class to run arbitrary code on an end user’s system when loaded despite safe mode being enabled. The vulnerability can be triggered through both local and remote files.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-49655
Published : Oct. 17, 2025, 3:20 p.m. | 26 minutes ago
Description : Deserialization of untrusted data can occur in versions of the Keras framework running versions 3.11.0 up to but not including 3.11.3, enabling a maliciously uploaded Keras file containing a TorchModuleWrapper class to run arbitrary code on an end user’s system when loaded despite safe mode being enabled. The vulnerability can be triggered through both local and remote files.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62353 - Windsurf IDE Path Traversal Vulnerability
CVE ID : CVE-2025-62353
Published : Oct. 17, 2025, 3:27 p.m. | 18 minutes ago
Description : A path traversal vulnerability in all versions of the Windsurf IDE enables a threat actor to read and write arbitrary local files in and outside of current projects on an end user’s system. The vulnerability can be reached directly and through indirect prompt injection.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62353
Published : Oct. 17, 2025, 3:27 p.m. | 18 minutes ago
Description : A path traversal vulnerability in all versions of the Windsurf IDE enables a threat actor to read and write arbitrary local files in and outside of current projects on an end user’s system. The vulnerability can be reached directly and through indirect prompt injection.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-26625 - Git LFS may write to arbitrary files via crafted symlinks
CVE ID : CVE-2025-26625
Published : Oct. 17, 2025, 3:30 p.m. | 16 minutes ago
Description : Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symbolic or hard links exist which collide with the paths of files tracked by Git LFS. The git lfs checkout and git lfs pull commands do not check for symbolic links before writing to files in the working tree, allowing an attacker to craft a repository containing symbolic or hard links that cause Git LFS to write to arbitrary file system locations accessible to the user running these commands. As well, when the git lfs checkout and git lfs pull commands are run in a bare repository, they could write to files visible outside the repository. The vulnerability is fixed in version 3.7.1. As a workaround, support for symlinks in Git may be disabled by setting the core.symlinks configuration option to false, after which further clones and fetches will not create symbolic links. However, any symbolic or hard links in existing repositories will still provide the opportunity for Git LFS to write to their targets.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-26625
Published : Oct. 17, 2025, 3:30 p.m. | 16 minutes ago
Description : Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symbolic or hard links exist which collide with the paths of files tracked by Git LFS. The git lfs checkout and git lfs pull commands do not check for symbolic links before writing to files in the working tree, allowing an attacker to craft a repository containing symbolic or hard links that cause Git LFS to write to arbitrary file system locations accessible to the user running these commands. As well, when the git lfs checkout and git lfs pull commands are run in a bare repository, they could write to files visible outside the repository. The vulnerability is fixed in version 3.7.1. As a workaround, support for symlinks in Git may be disabled by setting the core.symlinks configuration option to false, after which further clones and fetches will not create symbolic links. However, any symbolic or hard links in existing repositories will still provide the opportunity for Git LFS to write to their targets.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...