CVE-2025-36386 - There is a vulnerability in the IBM Maximo Manage application in IBM Maximo Application Suite for Cognos Analytics
CVE ID : CVE-2025-36386
Published : Oct. 28, 2025, 4:15 p.m. | 2 hours, 29 minutes ago
Description : IBM Maximo Application Suite 9.0.0 through 9.0.15 and 9.1.0 through 9.1.4 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-36386
Published : Oct. 28, 2025, 4:15 p.m. | 2 hours, 29 minutes ago
Description : IBM Maximo Application Suite 9.0.0 through 9.0.15 and 9.1.0 through 9.1.4 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-56399 - Alexusmai Laravel-FileManager RCE
CVE ID : CVE-2025-56399
Published : Oct. 28, 2025, 4:15 p.m. | 2 hours, 29 minutes ago
Description : alexusmai laravel-file-manager 3.3.1 and before allows an authenticated attacker to achieve Remote Code Execution (RCE) through a crafted file upload. A file with a '.png` extension containing PHP code can be uploaded via the file manager interface. Although the upload appears to fail client-side validation, the file is still saved on the server. The attacker can then use the rename API to change the file extension to `.php`, and upon accessing it via a public URL, the server executes the embedded code.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-56399
Published : Oct. 28, 2025, 4:15 p.m. | 2 hours, 29 minutes ago
Description : alexusmai laravel-file-manager 3.3.1 and before allows an authenticated attacker to achieve Remote Code Execution (RCE) through a crafted file upload. A file with a '.png` extension containing PHP code can be uploaded via the file manager interface. Although the upload appears to fail client-side validation, the file is still saved on the server. The attacker can then use the rename API to change the file extension to `.php`, and upon accessing it via a public URL, the server executes the embedded code.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60349 - Prevx Denial of Service IOCTL Code Injection Vulnerability
CVE ID : CVE-2025-60349
Published : Oct. 28, 2025, 4:15 p.m. | 2 hours, 29 minutes ago
Description : An issue was discovered in Prevx v3.0.5.220 allowing attackers to cause a denial of service via sending IOCTL code 0x22E044 to the pxscan.sys driver. Any processes listed under registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\pxscan\Files will be terminated.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60349
Published : Oct. 28, 2025, 4:15 p.m. | 2 hours, 29 minutes ago
Description : An issue was discovered in Prevx v3.0.5.220 allowing attackers to cause a denial of service via sending IOCTL code 0x22E044 to the pxscan.sys driver. Any processes listed under registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\pxscan\Files will be terminated.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60858 - Reolink Video Doorbell Wi-Fi Authentication Bypass
CVE ID : CVE-2025-60858
Published : Oct. 28, 2025, 4:15 p.m. | 2 hours, 29 minutes ago
Description : Reolink Video Doorbell Wi-Fi DB_566128M5MP_W stores and transmits DDNS credentials in plaintext within its configuration and update scripts, allowing attackers to intercept or extract sensitive information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60858
Published : Oct. 28, 2025, 4:15 p.m. | 2 hours, 29 minutes ago
Description : Reolink Video Doorbell Wi-Fi DB_566128M5MP_W stores and transmits DDNS credentials in plaintext within its configuration and update scripts, allowing attackers to intercept or extract sensitive information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61155 - Hotta Studio GameDriverX64.sys Kernel Denial of Service Vulnerability
CVE ID : CVE-2025-61155
Published : Oct. 28, 2025, 4:15 p.m. | 2 hours, 29 minutes ago
Description : Hotta Studio GameDriverX64.sys 7.23.4.7, a signed kernel-mode anti-cheat driver, allows local attackers to cause a denial of service by crashing arbitrary processes via sending crafted IOCTL requests.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61155
Published : Oct. 28, 2025, 4:15 p.m. | 2 hours, 29 minutes ago
Description : Hotta Studio GameDriverX64.sys 7.23.4.7, a signed kernel-mode anti-cheat driver, allows local attackers to cause a denial of service by crashing arbitrary processes via sending crafted IOCTL requests.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54604 - Bitcoin Core Uncontrolled Resource Consumption Vulnerability
CVE ID : CVE-2025-54604
Published : Oct. 28, 2025, 5:15 p.m. | 1 hour, 29 minutes ago
Description : Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption (issue 1 of 2).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54604
Published : Oct. 28, 2025, 5:15 p.m. | 1 hour, 29 minutes ago
Description : Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption (issue 1 of 2).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54605 - Bitcoin Core Uncontrolled Resource Consumption Vulnerability
CVE ID : CVE-2025-54605
Published : Oct. 28, 2025, 5:15 p.m. | 1 hour, 29 minutes ago
Description : Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption (issue 2 of 2).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54605
Published : Oct. 28, 2025, 5:15 p.m. | 1 hour, 29 minutes ago
Description : Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption (issue 2 of 2).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12423 - Denial of Service - Protocol Manipulation
CVE ID : CVE-2025-12423
Published : Oct. 28, 2025, 6:14 p.m. | 29 minutes ago
Description : Protocol manipulation might lead to denial of service.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12423
Published : Oct. 28, 2025, 6:14 p.m. | 29 minutes ago
Description : Protocol manipulation might lead to denial of service.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12422 - Vulnerable Upgrade Feature (Arbitrary File Write)
CVE ID : CVE-2025-12422
Published : Oct. 28, 2025, 6:15 p.m. | 29 minutes ago
Description : Vulnerable Upgrade Feature (Arbitrary File Write) may lead to obtaining super user permissions on board.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12422
Published : Oct. 28, 2025, 6:15 p.m. | 29 minutes ago
Description : Vulnerable Upgrade Feature (Arbitrary File Write) may lead to obtaining super user permissions on board.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60354 - Blog-Vue-Springboot Unauthenticated Article Modification Vulnerability
CVE ID : CVE-2025-60354
Published : Oct. 28, 2025, 6:15 p.m. | 29 minutes ago
Description : Unauthorized modification of arbitrary articles vulnerability exists in blog-vue-springboot.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60354
Published : Oct. 28, 2025, 6:15 p.m. | 29 minutes ago
Description : Unauthorized modification of arbitrary articles vulnerability exists in blog-vue-springboot.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60355 - Zhangyd-c OneBlog SSTI Vulnerability
CVE ID : CVE-2025-60355
Published : Oct. 28, 2025, 6:15 p.m. | 29 minutes ago
Description : zhangyd-c OneBlog before 2.3.9 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60355
Published : Oct. 28, 2025, 6:15 p.m. | 29 minutes ago
Description : zhangyd-c OneBlog before 2.3.9 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60800 - jshERP Unauthenticated Information Disclosure Vulnerability
CVE ID : CVE-2025-60800
Published : Oct. 28, 2025, 6:15 p.m. | 29 minutes ago
Description : Incorrect access control in the /jshERP-boot/user/info interface of jshERP up to commit 90c411a allows attackers to access sensitive information via a crafted GET request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60800
Published : Oct. 28, 2025, 6:15 p.m. | 29 minutes ago
Description : Incorrect access control in the /jshERP-boot/user/info interface of jshERP up to commit 90c411a allows attackers to access sensitive information via a crafted GET request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60805 - BESystem BES Application Server Information Disclosure Vulnerability
CVE ID : CVE-2025-60805
Published : Oct. 28, 2025, 6:15 p.m. | 29 minutes ago
Description : An issue was discovered in BESSystem BES Application Server thru 9.5.x allowing unauthorized attackers to gain sensitive information via the "pre-resource" option in bes-web.xml.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60805
Published : Oct. 28, 2025, 6:15 p.m. | 29 minutes ago
Description : An issue was discovered in BESSystem BES Application Server thru 9.5.x allowing unauthorized attackers to gain sensitive information via the "pre-resource" option in bes-web.xml.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61080 - Clear2Pay Bank Visibility Application Payment Execution Reflected Cross-Site Scripting (XSS)
CVE ID : CVE-2025-61080
Published : Oct. 28, 2025, 6:15 p.m. | 29 minutes ago
Description : A reflected Cross-Site Scripting (XSS) vulnerability has been identified in Clear2Pay Bank Visibility Application - Payment Execution 1.10.0.104 via the ID parameter in the URL.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61080
Published : Oct. 28, 2025, 6:15 p.m. | 29 minutes ago
Description : A reflected Cross-Site Scripting (XSS) vulnerability has been identified in Clear2Pay Bank Visibility Application - Payment Execution 1.10.0.104 via the ID parameter in the URL.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12424 - Privilege Escalation through SUID-bit Binary
CVE ID : CVE-2025-12424
Published : Oct. 28, 2025, 6:18 p.m. | 26 minutes ago
Description : Privilege Escalation through SUID-bit Binary.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12424
Published : Oct. 28, 2025, 6:18 p.m. | 26 minutes ago
Description : Privilege Escalation through SUID-bit Binary.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12425 - Local Privilege Escalation
CVE ID : CVE-2025-12425
Published : Oct. 28, 2025, 6:21 p.m. | 23 minutes ago
Description : Local Privilege Escalation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12425
Published : Oct. 28, 2025, 6:21 p.m. | 23 minutes ago
Description : Local Privilege Escalation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40843 - Buffer overflow in CodeChecker log command
CVE ID : CVE-2025-40843
Published : Oct. 28, 2025, 7:15 p.m. | 3 hours, 32 minutes ago
Description : CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. CodeChecker versions up to 6.26.1 contain a buffer overflow vulnerability in the internal ldlogger library, which is executed by the CodeChecker log command. This issue affects CodeChecker: through 6.26.1.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40843
Published : Oct. 28, 2025, 7:15 p.m. | 3 hours, 32 minutes ago
Description : CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. CodeChecker versions up to 6.26.1 contain a buffer overflow vulnerability in the internal ldlogger library, which is executed by the CodeChecker log command. This issue affects CodeChecker: through 6.26.1.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-27093 - Sliver does not restricted traffic between Wireguard clients.
CVE ID : CVE-2025-27093
Published : Oct. 28, 2025, 8:15 p.m. | 2 hours, 32 minutes ago
Description : Sliver is a command and control framework that uses a custom Wireguard netstack. In versions 1.5.43 and earlier, and in development version 1.6.0-dev, the netstack does not limit traffic between Wireguard clients. This allows clients to communicate with each other unrestrictedly, potentially enabling leaked or recovered keypairs to be used to attack operators or allowing port forwardings to be accessible from other implants.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-27093
Published : Oct. 28, 2025, 8:15 p.m. | 2 hours, 32 minutes ago
Description : Sliver is a command and control framework that uses a custom Wireguard netstack. In versions 1.5.43 and earlier, and in development version 1.6.0-dev, the netstack does not limit traffic between Wireguard clients. This allows clients to communicate with each other unrestrictedly, potentially enabling leaked or recovered keypairs to be used to attack operators or allowing port forwardings to be accessible from other implants.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59837 - astro allows bypass of image proxy domain validation leading to SSRF and potential XSS
CVE ID : CVE-2025-59837
Published : Oct. 28, 2025, 8:15 p.m. | 2 hours, 32 minutes ago
Description : Astro is a web framework that includes an image proxy. In versions 5.13.4 and later before 5.13.10, the image proxy domain validation can be bypassed by using backslashes in the href parameter, allowing server-side requests to arbitrary URLs. This can lead to server-side request forgery (SSRF) and potentially cross-site scripting (XSS). This vulnerability exists due to an incomplete fix for CVE-2025-58179. Fixed in 5.13.10.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59837
Published : Oct. 28, 2025, 8:15 p.m. | 2 hours, 32 minutes ago
Description : Astro is a web framework that includes an image proxy. In versions 5.13.4 and later before 5.13.10, the image proxy domain validation can be bypassed by using backslashes in the href parameter, allowing server-side requests to arbitrary URLs. This can lead to server-side request forgery (SSRF) and potentially cross-site scripting (XSS). This vulnerability exists due to an incomplete fix for CVE-2025-58179. Fixed in 5.13.10.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61235 - Dataphone A920 Authentication Bypass
CVE ID : CVE-2025-61235
Published : Oct. 28, 2025, 8:15 p.m. | 2 hours, 32 minutes ago
Description : An issue was discovered in Dataphone A920 v2025.07.161103. A custom packet based on public documentation can be crafted, where some fields can contain arbitrary or trivial data. Normally, such data should cause the device to reject the packet. However, due to a lack of validation, the device accepts it with no authetication and triggers the functionality instead.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61235
Published : Oct. 28, 2025, 8:15 p.m. | 2 hours, 32 minutes ago
Description : An issue was discovered in Dataphone A920 v2025.07.161103. A custom packet based on public documentation can be crafted, where some fields can contain arbitrary or trivial data. Normally, such data should cause the device to reject the packet. However, due to a lack of validation, the device accepts it with no authetication and triggers the functionality instead.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62367 - Taiga Blind SQL Injection Time Based
CVE ID : CVE-2025-62367
Published : Oct. 28, 2025, 8:15 p.m. | 2 hours, 32 minutes ago
Description : Taiga is an open source project management platform. In versions 6.8.3 and earlier, Taiga API is vulnerable to time-based blind SQL injection allowing sensitive data disclosure via response timing. This issue is fixed in version 6.9.0.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62367
Published : Oct. 28, 2025, 8:15 p.m. | 2 hours, 32 minutes ago
Description : Taiga is an open source project management platform. In versions 6.8.3 and earlier, Taiga API is vulnerable to time-based blind SQL injection allowing sensitive data disclosure via response timing. This issue is fixed in version 6.9.0.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...