CVE-2025-61106 - FRRouting/FRR NULL Pointer Dereference Denial of Service Vulnerability
CVE ID : CVE-2025-61106
Published : Oct. 28, 2025, 3:16 p.m. | 3 hours, 28 minutes ago
Description : FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61106
Published : Oct. 28, 2025, 3:16 p.m. | 3 hours, 28 minutes ago
Description : FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61107 - FRRouting/frr NULL Pointer Dereference Denial of Service Vulnerability
CVE ID : CVE-2025-61107
Published : Oct. 28, 2025, 3:16 p.m. | 3 hours, 28 minutes ago
Description : FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LSA Update packet.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61107
Published : Oct. 28, 2025, 3:16 p.m. | 3 hours, 28 minutes ago
Description : FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LSA Update packet.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61128 - WAVLINK QUANTUM D3G/WL-WN530HG3 Firmware Stack-based Buffer Overflow Vulnerability
CVE ID : CVE-2025-61128
Published : Oct. 28, 2025, 3:16 p.m. | 3 hours, 28 minutes ago
Description : Stack-based buffer overflow vulnerability in WAVLINK QUANTUM D3G/WL-WN530HG3 firmware M30HG3_V240730, and possibly other wavlink models allows attackers to execute arbitrary code via crafted referrer value POST to login.cgi.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61128
Published : Oct. 28, 2025, 3:16 p.m. | 3 hours, 28 minutes ago
Description : Stack-based buffer overflow vulnerability in WAVLINK QUANTUM D3G/WL-WN530HG3 firmware M30HG3_V240730, and possibly other wavlink models allows attackers to execute arbitrary code via crafted referrer value POST to login.cgi.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34294 - Wazuh File Integrity Monitoring (FIM) & Active Response Arbitrary File Deletion as SYSTEM
CVE ID : CVE-2025-34294
Published : Oct. 28, 2025, 4:15 p.m. | 2 hours, 29 minutes ago
Description : Wazuh's File Integrity Monitoring (FIM), when configured with automatic threat removal, contains a time-of-check/time-of-use (TOCTOU) race condition that can allow a local, low-privileged attacker to cause the Wazuh service (running as NT AUTHORITY\SYSTEM) to delete attacker-controlled files or paths. The root cause is insufficient synchronization and lack of robust final-path validation in the threat-removal workflow: the agent records an active-response action and proceeds to perform deletion without guaranteeing the deletion target is the originally intended file. This can result in SYSTEM-level arbitrary file or folder deletion and consequent local privilege escalation. Wazuh made an attempted fix via pull request 8697 on 2025-07-10, but that change was incomplete.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34294
Published : Oct. 28, 2025, 4:15 p.m. | 2 hours, 29 minutes ago
Description : Wazuh's File Integrity Monitoring (FIM), when configured with automatic threat removal, contains a time-of-check/time-of-use (TOCTOU) race condition that can allow a local, low-privileged attacker to cause the Wazuh service (running as NT AUTHORITY\SYSTEM) to delete attacker-controlled files or paths. The root cause is insufficient synchronization and lack of robust final-path validation in the threat-removal workflow: the agent records an active-response action and proceeds to perform deletion without guaranteeing the deletion target is the originally intended file. This can result in SYSTEM-level arbitrary file or folder deletion and consequent local privilege escalation. Wazuh made an attempted fix via pull request 8697 on 2025-07-10, but that change was incomplete.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-36386 - There is a vulnerability in the IBM Maximo Manage application in IBM Maximo Application Suite for Cognos Analytics
CVE ID : CVE-2025-36386
Published : Oct. 28, 2025, 4:15 p.m. | 2 hours, 29 minutes ago
Description : IBM Maximo Application Suite 9.0.0 through 9.0.15 and 9.1.0 through 9.1.4 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-36386
Published : Oct. 28, 2025, 4:15 p.m. | 2 hours, 29 minutes ago
Description : IBM Maximo Application Suite 9.0.0 through 9.0.15 and 9.1.0 through 9.1.4 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-56399 - Alexusmai Laravel-FileManager RCE
CVE ID : CVE-2025-56399
Published : Oct. 28, 2025, 4:15 p.m. | 2 hours, 29 minutes ago
Description : alexusmai laravel-file-manager 3.3.1 and before allows an authenticated attacker to achieve Remote Code Execution (RCE) through a crafted file upload. A file with a '.png` extension containing PHP code can be uploaded via the file manager interface. Although the upload appears to fail client-side validation, the file is still saved on the server. The attacker can then use the rename API to change the file extension to `.php`, and upon accessing it via a public URL, the server executes the embedded code.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-56399
Published : Oct. 28, 2025, 4:15 p.m. | 2 hours, 29 minutes ago
Description : alexusmai laravel-file-manager 3.3.1 and before allows an authenticated attacker to achieve Remote Code Execution (RCE) through a crafted file upload. A file with a '.png` extension containing PHP code can be uploaded via the file manager interface. Although the upload appears to fail client-side validation, the file is still saved on the server. The attacker can then use the rename API to change the file extension to `.php`, and upon accessing it via a public URL, the server executes the embedded code.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60349 - Prevx Denial of Service IOCTL Code Injection Vulnerability
CVE ID : CVE-2025-60349
Published : Oct. 28, 2025, 4:15 p.m. | 2 hours, 29 minutes ago
Description : An issue was discovered in Prevx v3.0.5.220 allowing attackers to cause a denial of service via sending IOCTL code 0x22E044 to the pxscan.sys driver. Any processes listed under registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\pxscan\Files will be terminated.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60349
Published : Oct. 28, 2025, 4:15 p.m. | 2 hours, 29 minutes ago
Description : An issue was discovered in Prevx v3.0.5.220 allowing attackers to cause a denial of service via sending IOCTL code 0x22E044 to the pxscan.sys driver. Any processes listed under registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\pxscan\Files will be terminated.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60858 - Reolink Video Doorbell Wi-Fi Authentication Bypass
CVE ID : CVE-2025-60858
Published : Oct. 28, 2025, 4:15 p.m. | 2 hours, 29 minutes ago
Description : Reolink Video Doorbell Wi-Fi DB_566128M5MP_W stores and transmits DDNS credentials in plaintext within its configuration and update scripts, allowing attackers to intercept or extract sensitive information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60858
Published : Oct. 28, 2025, 4:15 p.m. | 2 hours, 29 minutes ago
Description : Reolink Video Doorbell Wi-Fi DB_566128M5MP_W stores and transmits DDNS credentials in plaintext within its configuration and update scripts, allowing attackers to intercept or extract sensitive information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61155 - Hotta Studio GameDriverX64.sys Kernel Denial of Service Vulnerability
CVE ID : CVE-2025-61155
Published : Oct. 28, 2025, 4:15 p.m. | 2 hours, 29 minutes ago
Description : Hotta Studio GameDriverX64.sys 7.23.4.7, a signed kernel-mode anti-cheat driver, allows local attackers to cause a denial of service by crashing arbitrary processes via sending crafted IOCTL requests.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61155
Published : Oct. 28, 2025, 4:15 p.m. | 2 hours, 29 minutes ago
Description : Hotta Studio GameDriverX64.sys 7.23.4.7, a signed kernel-mode anti-cheat driver, allows local attackers to cause a denial of service by crashing arbitrary processes via sending crafted IOCTL requests.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54604 - Bitcoin Core Uncontrolled Resource Consumption Vulnerability
CVE ID : CVE-2025-54604
Published : Oct. 28, 2025, 5:15 p.m. | 1 hour, 29 minutes ago
Description : Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption (issue 1 of 2).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54604
Published : Oct. 28, 2025, 5:15 p.m. | 1 hour, 29 minutes ago
Description : Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption (issue 1 of 2).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54605 - Bitcoin Core Uncontrolled Resource Consumption Vulnerability
CVE ID : CVE-2025-54605
Published : Oct. 28, 2025, 5:15 p.m. | 1 hour, 29 minutes ago
Description : Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption (issue 2 of 2).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54605
Published : Oct. 28, 2025, 5:15 p.m. | 1 hour, 29 minutes ago
Description : Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption (issue 2 of 2).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12423 - Denial of Service - Protocol Manipulation
CVE ID : CVE-2025-12423
Published : Oct. 28, 2025, 6:14 p.m. | 29 minutes ago
Description : Protocol manipulation might lead to denial of service.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12423
Published : Oct. 28, 2025, 6:14 p.m. | 29 minutes ago
Description : Protocol manipulation might lead to denial of service.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12422 - Vulnerable Upgrade Feature (Arbitrary File Write)
CVE ID : CVE-2025-12422
Published : Oct. 28, 2025, 6:15 p.m. | 29 minutes ago
Description : Vulnerable Upgrade Feature (Arbitrary File Write) may lead to obtaining super user permissions on board.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12422
Published : Oct. 28, 2025, 6:15 p.m. | 29 minutes ago
Description : Vulnerable Upgrade Feature (Arbitrary File Write) may lead to obtaining super user permissions on board.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60354 - Blog-Vue-Springboot Unauthenticated Article Modification Vulnerability
CVE ID : CVE-2025-60354
Published : Oct. 28, 2025, 6:15 p.m. | 29 minutes ago
Description : Unauthorized modification of arbitrary articles vulnerability exists in blog-vue-springboot.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60354
Published : Oct. 28, 2025, 6:15 p.m. | 29 minutes ago
Description : Unauthorized modification of arbitrary articles vulnerability exists in blog-vue-springboot.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60355 - Zhangyd-c OneBlog SSTI Vulnerability
CVE ID : CVE-2025-60355
Published : Oct. 28, 2025, 6:15 p.m. | 29 minutes ago
Description : zhangyd-c OneBlog before 2.3.9 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60355
Published : Oct. 28, 2025, 6:15 p.m. | 29 minutes ago
Description : zhangyd-c OneBlog before 2.3.9 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60800 - jshERP Unauthenticated Information Disclosure Vulnerability
CVE ID : CVE-2025-60800
Published : Oct. 28, 2025, 6:15 p.m. | 29 minutes ago
Description : Incorrect access control in the /jshERP-boot/user/info interface of jshERP up to commit 90c411a allows attackers to access sensitive information via a crafted GET request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60800
Published : Oct. 28, 2025, 6:15 p.m. | 29 minutes ago
Description : Incorrect access control in the /jshERP-boot/user/info interface of jshERP up to commit 90c411a allows attackers to access sensitive information via a crafted GET request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60805 - BESystem BES Application Server Information Disclosure Vulnerability
CVE ID : CVE-2025-60805
Published : Oct. 28, 2025, 6:15 p.m. | 29 minutes ago
Description : An issue was discovered in BESSystem BES Application Server thru 9.5.x allowing unauthorized attackers to gain sensitive information via the "pre-resource" option in bes-web.xml.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60805
Published : Oct. 28, 2025, 6:15 p.m. | 29 minutes ago
Description : An issue was discovered in BESSystem BES Application Server thru 9.5.x allowing unauthorized attackers to gain sensitive information via the "pre-resource" option in bes-web.xml.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61080 - Clear2Pay Bank Visibility Application Payment Execution Reflected Cross-Site Scripting (XSS)
CVE ID : CVE-2025-61080
Published : Oct. 28, 2025, 6:15 p.m. | 29 minutes ago
Description : A reflected Cross-Site Scripting (XSS) vulnerability has been identified in Clear2Pay Bank Visibility Application - Payment Execution 1.10.0.104 via the ID parameter in the URL.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61080
Published : Oct. 28, 2025, 6:15 p.m. | 29 minutes ago
Description : A reflected Cross-Site Scripting (XSS) vulnerability has been identified in Clear2Pay Bank Visibility Application - Payment Execution 1.10.0.104 via the ID parameter in the URL.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12424 - Privilege Escalation through SUID-bit Binary
CVE ID : CVE-2025-12424
Published : Oct. 28, 2025, 6:18 p.m. | 26 minutes ago
Description : Privilege Escalation through SUID-bit Binary.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12424
Published : Oct. 28, 2025, 6:18 p.m. | 26 minutes ago
Description : Privilege Escalation through SUID-bit Binary.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12425 - Local Privilege Escalation
CVE ID : CVE-2025-12425
Published : Oct. 28, 2025, 6:21 p.m. | 23 minutes ago
Description : Local Privilege Escalation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12425
Published : Oct. 28, 2025, 6:21 p.m. | 23 minutes ago
Description : Local Privilege Escalation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40843 - Buffer overflow in CodeChecker log command
CVE ID : CVE-2025-40843
Published : Oct. 28, 2025, 7:15 p.m. | 3 hours, 32 minutes ago
Description : CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. CodeChecker versions up to 6.26.1 contain a buffer overflow vulnerability in the internal ldlogger library, which is executed by the CodeChecker log command. This issue affects CodeChecker: through 6.26.1.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40843
Published : Oct. 28, 2025, 7:15 p.m. | 3 hours, 32 minutes ago
Description : CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. CodeChecker versions up to 6.26.1 contain a buffer overflow vulnerability in the internal ldlogger library, which is executed by the CodeChecker log command. This issue affects CodeChecker: through 6.26.1.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...