CVE-2025-1037 - TropOS 4th Gen Unauthenticated Root Shell Access via SSH
CVE ID : CVE-2025-1037
Published : Oct. 28, 2025, 1:15 p.m. | 1 hour, 24 minutes ago
Description : By making minor configuration changes to the TropOS 4th Gen device, an authenticated user with the ability to run user level shell commands can enable access via secure shell (SSH) to an unrestricted root shell. This is possible through abuse of a particular set of scripts and executables that allow for certain commands to be run as root from an unprivileged context.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-1037
Published : Oct. 28, 2025, 1:15 p.m. | 1 hour, 24 minutes ago
Description : By making minor configuration changes to the TropOS 4th Gen device, an authenticated user with the ability to run user level shell commands can enable access via secure shell (SSH) to an unrestricted root shell. This is possible through abuse of a particular set of scripts and executables that allow for certain commands to be run as root from an unprivileged context.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-1038 - TropOS 4th Gen Command Injection Vulnerability
CVE ID : CVE-2025-1038
Published : Oct. 28, 2025, 1:15 p.m. | 1 hour, 24 minutes ago
Description : The “Diagnostics Tools” page of the web-based configuration utility does not properly validate user-controlled input, allowing an authenticated user with high privileges to inject commands into the command shell of the TropOS 4th Gen device. The injected commands can be exploited to execute several set-uid (SUID) applications to ultimately gain root access to the TropOS device.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-1038
Published : Oct. 28, 2025, 1:15 p.m. | 1 hour, 24 minutes ago
Description : The “Diagnostics Tools” page of the web-based configuration utility does not properly validate user-controlled input, allowing an authenticated user with high privileges to inject commands into the command shell of the TropOS 4th Gen device. The injected commands can be exploited to execute several set-uid (SUID) applications to ultimately gain root access to the TropOS device.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12103 - Openshift-ai: trusty ai grants all authenticated users to list pods in any namespace
CVE ID : CVE-2025-12103
Published : Oct. 28, 2025, 2:15 p.m. | 24 minutes ago
Description : A flaw was found in Red Hat Openshift AI Service. The TrustyAI component is granting all service accounts and users on a cluster permissions to get, list, watch any pod in any namespace on the cluster. TrustyAI is creating a role `trustyai-service-operator-lmeval-user-role` and a CRB `trustyai-service-operator-default-lmeval-user-rolebinding` which is being applied to `system:authenticated` making it so that every single user or service account can get a list of pods running in any namespace on the cluster Additionally users can access all `persistentvolumeclaims` and `lmevaljobs`
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12103
Published : Oct. 28, 2025, 2:15 p.m. | 24 minutes ago
Description : A flaw was found in Red Hat Openshift AI Service. The TrustyAI component is granting all service accounts and users on a cluster permissions to get, list, watch any pod in any namespace on the cluster. TrustyAI is creating a role `trustyai-service-operator-lmeval-user-role` and a CRB `trustyai-service-operator-default-lmeval-user-rolebinding` which is being applied to `system:authenticated` making it so that every single user or service account can get a list of pods running in any namespace on the cluster Additionally users can access all `persistentvolumeclaims` and `lmevaljobs`
Severity: 5.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12380 - Firefox WebGPU IPC Use-After-Free Escape
CVE ID : CVE-2025-12380
Published : Oct. 28, 2025, 2:15 p.m. | 24 minutes ago
Description : Starting with Firefox 142, it was possible for a compromised child process to trigger a use-after-free in the GPU or browser process using WebGPU-related IPC calls. This may have been usable to escape the child process sandbox. This vulnerability affects Firefox < 144.0.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12380
Published : Oct. 28, 2025, 2:15 p.m. | 24 minutes ago
Description : Starting with Firefox 142, it was possible for a compromised child process to trigger a use-after-free in the GPU or browser process using WebGPU-related IPC calls. This may have been usable to escape the child process sandbox. This vulnerability affects Firefox < 144.0.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12390 - Org.keycloak.protocol.oidc.endpoints.logoutendpoint: offline session takeover due to reused authentication session id
CVE ID : CVE-2025-12390
Published : Oct. 28, 2025, 2:15 p.m. | 24 minutes ago
Description : A flaw was found in Keycloak. In Keycloak where a user can accidentally get access to another user's session if both use the same device and browser. This happens because Keycloak sometimes reuses session identifiers and doesn’t clean up properly during logout when browser cookies are missing. As a result, one user may receive tokens that belong to another user.
Severity: 6.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12390
Published : Oct. 28, 2025, 2:15 p.m. | 24 minutes ago
Description : A flaw was found in Keycloak. In Keycloak where a user can accidentally get access to another user's session if both use the same device and browser. This happens because Keycloak sometimes reuses session identifiers and doesn’t clean up properly during logout when browser cookies are missing. As a result, one user may receive tokens that belong to another user.
Severity: 6.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-53814 - Fade In XML Parser Use-after-Free Vulnerability
CVE ID : CVE-2025-53814
Published : Oct. 28, 2025, 2:15 p.m. | 24 minutes ago
Description : A use-after-free vulnerability exists in the XML parser functionality of GCC Productions Inc. Fade In 4.2.0. A specially crafted .xml file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-53814
Published : Oct. 28, 2025, 2:15 p.m. | 24 minutes ago
Description : A use-after-free vulnerability exists in the XML parser functionality of GCC Productions Inc. Fade In 4.2.0. A specially crafted .xml file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-53855 - Fade In XML Parser Out-of-Bounds Write Vulnerability
CVE ID : CVE-2025-53855
Published : Oct. 28, 2025, 2:15 p.m. | 24 minutes ago
Description : An out-of-bounds write vulnerability exists in the XML parser functionality of GCC Productions Inc. Fade In 4.2.0. A specially crafted .fadein file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-53855
Published : Oct. 28, 2025, 2:15 p.m. | 24 minutes ago
Description : An out-of-bounds write vulnerability exists in the XML parser functionality of GCC Productions Inc. Fade In 4.2.0. A specially crafted .fadein file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-36083 - Multiple Vulnerabilities in IBM Concert Software.
CVE ID : CVE-2025-36083
Published : Oct. 28, 2025, 3:16 p.m. | 3 hours, 28 minutes ago
Description : IBM Concert Software 1.0.0 through 2.0.0 could allow a local user to obtain sensitive information from buffers due to improper clearing of heap memory before release.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-36083
Published : Oct. 28, 2025, 3:16 p.m. | 3 hours, 28 minutes ago
Description : IBM Concert Software 1.0.0 through 2.0.0 could allow a local user to obtain sensitive information from buffers due to improper clearing of heap memory before release.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-36085 - Multiple Vulnerabilities in IBM Concert Software.
CVE ID : CVE-2025-36085
Published : Oct. 28, 2025, 3:16 p.m. | 3 hours, 28 minutes ago
Description : IBM Concert 1.0.0 through 2.0.0 Software is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-36085
Published : Oct. 28, 2025, 3:16 p.m. | 3 hours, 28 minutes ago
Description : IBM Concert 1.0.0 through 2.0.0 Software is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61043 - Monkey's Audio UTF-8 Out-of-Bounds Read Vulnerability
CVE ID : CVE-2025-61043
Published : Oct. 28, 2025, 3:16 p.m. | 3 hours, 28 minutes ago
Description : An out-of-bounds read vulnerability has been discovered in Monkey's Audio 11.31, specifically in the CAPECharacterHelper::GetUTF16FromUTF8 function. The issue arises from improper handling of the length of the input UTF-8 string, causing the function to read past the memory boundary. This vulnerability may result in a crash or expose sensitive data.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61043
Published : Oct. 28, 2025, 3:16 p.m. | 3 hours, 28 minutes ago
Description : An out-of-bounds read vulnerability has been discovered in Monkey's Audio 11.31, specifically in the CAPECharacterHelper::GetUTF16FromUTF8 function. The issue arises from improper handling of the length of the input UTF-8 string, causing the function to read past the memory boundary. This vulnerability may result in a crash or expose sensitive data.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61103 - FRRouting/frr NULL Pointer Dereference Denial of Service Vulnerability
CVE ID : CVE-2025-61103
Published : Oct. 28, 2025, 3:16 p.m. | 3 hours, 28 minutes ago
Description : FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_lan_adj_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61103
Published : Oct. 28, 2025, 3:16 p.m. | 3 hours, 28 minutes ago
Description : FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_lan_adj_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61104 - FRRouting FRR NULL Pointer Dereference OSPF Denial of Service Vulnerability
CVE ID : CVE-2025-61104
Published : Oct. 28, 2025, 3:16 p.m. | 3 hours, 28 minutes ago
Description : FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_unknown_tlv function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61104
Published : Oct. 28, 2025, 3:16 p.m. | 3 hours, 28 minutes ago
Description : FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_unknown_tlv function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61106 - FRRouting/FRR NULL Pointer Dereference Denial of Service Vulnerability
CVE ID : CVE-2025-61106
Published : Oct. 28, 2025, 3:16 p.m. | 3 hours, 28 minutes ago
Description : FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61106
Published : Oct. 28, 2025, 3:16 p.m. | 3 hours, 28 minutes ago
Description : FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61107 - FRRouting/frr NULL Pointer Dereference Denial of Service Vulnerability
CVE ID : CVE-2025-61107
Published : Oct. 28, 2025, 3:16 p.m. | 3 hours, 28 minutes ago
Description : FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LSA Update packet.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61107
Published : Oct. 28, 2025, 3:16 p.m. | 3 hours, 28 minutes ago
Description : FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LSA Update packet.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61128 - WAVLINK QUANTUM D3G/WL-WN530HG3 Firmware Stack-based Buffer Overflow Vulnerability
CVE ID : CVE-2025-61128
Published : Oct. 28, 2025, 3:16 p.m. | 3 hours, 28 minutes ago
Description : Stack-based buffer overflow vulnerability in WAVLINK QUANTUM D3G/WL-WN530HG3 firmware M30HG3_V240730, and possibly other wavlink models allows attackers to execute arbitrary code via crafted referrer value POST to login.cgi.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61128
Published : Oct. 28, 2025, 3:16 p.m. | 3 hours, 28 minutes ago
Description : Stack-based buffer overflow vulnerability in WAVLINK QUANTUM D3G/WL-WN530HG3 firmware M30HG3_V240730, and possibly other wavlink models allows attackers to execute arbitrary code via crafted referrer value POST to login.cgi.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34294 - Wazuh File Integrity Monitoring (FIM) & Active Response Arbitrary File Deletion as SYSTEM
CVE ID : CVE-2025-34294
Published : Oct. 28, 2025, 4:15 p.m. | 2 hours, 29 minutes ago
Description : Wazuh's File Integrity Monitoring (FIM), when configured with automatic threat removal, contains a time-of-check/time-of-use (TOCTOU) race condition that can allow a local, low-privileged attacker to cause the Wazuh service (running as NT AUTHORITY\SYSTEM) to delete attacker-controlled files or paths. The root cause is insufficient synchronization and lack of robust final-path validation in the threat-removal workflow: the agent records an active-response action and proceeds to perform deletion without guaranteeing the deletion target is the originally intended file. This can result in SYSTEM-level arbitrary file or folder deletion and consequent local privilege escalation. Wazuh made an attempted fix via pull request 8697 on 2025-07-10, but that change was incomplete.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34294
Published : Oct. 28, 2025, 4:15 p.m. | 2 hours, 29 minutes ago
Description : Wazuh's File Integrity Monitoring (FIM), when configured with automatic threat removal, contains a time-of-check/time-of-use (TOCTOU) race condition that can allow a local, low-privileged attacker to cause the Wazuh service (running as NT AUTHORITY\SYSTEM) to delete attacker-controlled files or paths. The root cause is insufficient synchronization and lack of robust final-path validation in the threat-removal workflow: the agent records an active-response action and proceeds to perform deletion without guaranteeing the deletion target is the originally intended file. This can result in SYSTEM-level arbitrary file or folder deletion and consequent local privilege escalation. Wazuh made an attempted fix via pull request 8697 on 2025-07-10, but that change was incomplete.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-36386 - There is a vulnerability in the IBM Maximo Manage application in IBM Maximo Application Suite for Cognos Analytics
CVE ID : CVE-2025-36386
Published : Oct. 28, 2025, 4:15 p.m. | 2 hours, 29 minutes ago
Description : IBM Maximo Application Suite 9.0.0 through 9.0.15 and 9.1.0 through 9.1.4 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-36386
Published : Oct. 28, 2025, 4:15 p.m. | 2 hours, 29 minutes ago
Description : IBM Maximo Application Suite 9.0.0 through 9.0.15 and 9.1.0 through 9.1.4 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-56399 - Alexusmai Laravel-FileManager RCE
CVE ID : CVE-2025-56399
Published : Oct. 28, 2025, 4:15 p.m. | 2 hours, 29 minutes ago
Description : alexusmai laravel-file-manager 3.3.1 and before allows an authenticated attacker to achieve Remote Code Execution (RCE) through a crafted file upload. A file with a '.png` extension containing PHP code can be uploaded via the file manager interface. Although the upload appears to fail client-side validation, the file is still saved on the server. The attacker can then use the rename API to change the file extension to `.php`, and upon accessing it via a public URL, the server executes the embedded code.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-56399
Published : Oct. 28, 2025, 4:15 p.m. | 2 hours, 29 minutes ago
Description : alexusmai laravel-file-manager 3.3.1 and before allows an authenticated attacker to achieve Remote Code Execution (RCE) through a crafted file upload. A file with a '.png` extension containing PHP code can be uploaded via the file manager interface. Although the upload appears to fail client-side validation, the file is still saved on the server. The attacker can then use the rename API to change the file extension to `.php`, and upon accessing it via a public URL, the server executes the embedded code.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60349 - Prevx Denial of Service IOCTL Code Injection Vulnerability
CVE ID : CVE-2025-60349
Published : Oct. 28, 2025, 4:15 p.m. | 2 hours, 29 minutes ago
Description : An issue was discovered in Prevx v3.0.5.220 allowing attackers to cause a denial of service via sending IOCTL code 0x22E044 to the pxscan.sys driver. Any processes listed under registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\pxscan\Files will be terminated.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60349
Published : Oct. 28, 2025, 4:15 p.m. | 2 hours, 29 minutes ago
Description : An issue was discovered in Prevx v3.0.5.220 allowing attackers to cause a denial of service via sending IOCTL code 0x22E044 to the pxscan.sys driver. Any processes listed under registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\pxscan\Files will be terminated.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60858 - Reolink Video Doorbell Wi-Fi Authentication Bypass
CVE ID : CVE-2025-60858
Published : Oct. 28, 2025, 4:15 p.m. | 2 hours, 29 minutes ago
Description : Reolink Video Doorbell Wi-Fi DB_566128M5MP_W stores and transmits DDNS credentials in plaintext within its configuration and update scripts, allowing attackers to intercept or extract sensitive information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60858
Published : Oct. 28, 2025, 4:15 p.m. | 2 hours, 29 minutes ago
Description : Reolink Video Doorbell Wi-Fi DB_566128M5MP_W stores and transmits DDNS credentials in plaintext within its configuration and update scripts, allowing attackers to intercept or extract sensitive information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61155 - Hotta Studio GameDriverX64.sys Kernel Denial of Service Vulnerability
CVE ID : CVE-2025-61155
Published : Oct. 28, 2025, 4:15 p.m. | 2 hours, 29 minutes ago
Description : Hotta Studio GameDriverX64.sys 7.23.4.7, a signed kernel-mode anti-cheat driver, allows local attackers to cause a denial of service by crashing arbitrary processes via sending crafted IOCTL requests.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61155
Published : Oct. 28, 2025, 4:15 p.m. | 2 hours, 29 minutes ago
Description : Hotta Studio GameDriverX64.sys 7.23.4.7, a signed kernel-mode anti-cheat driver, allows local attackers to cause a denial of service by crashing arbitrary processes via sending crafted IOCTL requests.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...