CVE-2025-11466 - Allegra DatabaseBackupBL Directory Traversal Information Disclosure Vulnerability
CVE ID : CVE-2025-11466
Published : Oct. 29, 2025, 8:15 p.m. | 2 hours, 44 minutes ago
Description : Allegra DatabaseBackupBL Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the DatabaseBackupBL class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of the service account. Was ZDI-CAN-27136.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11466
Published : Oct. 29, 2025, 8:15 p.m. | 2 hours, 44 minutes ago
Description : Allegra DatabaseBackupBL Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the DatabaseBackupBL class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of the service account. Was ZDI-CAN-27136.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60320 - memoQ Unquoted Service Path Vulnerability
CVE ID : CVE-2025-60320
Published : Oct. 29, 2025, 8:15 p.m. | 2 hours, 44 minutes ago
Description : memoQ 10.1.13.ef1b2b52aae and earlier contains an unquoted service path vulnerability in the memoQ Auto Update Service (memoQauhlp101). The affected service is installed with a path containing spaces and without surrounding quotes. This misconfiguration allows local users to escalate privileges to SYSTEM by placing a malicious executable at C:\Program.exe.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60320
Published : Oct. 29, 2025, 8:15 p.m. | 2 hours, 44 minutes ago
Description : memoQ 10.1.13.ef1b2b52aae and earlier contains an unquoted service path vulnerability in the memoQ Auto Update Service (memoQauhlp101). The affected service is installed with a path containing spaces and without surrounding quotes. This misconfiguration allows local users to escalate privileges to SYSTEM by placing a malicious executable at C:\Program.exe.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9869 - Razer Synapse 3 Macro Module Link Following Local Privilege Escalation Vulnerability
CVE ID : CVE-2025-9869
Published : Oct. 29, 2025, 8:15 p.m. | 2 hours, 44 minutes ago
Description : Razer Synapse 3 Macro Module Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Razer Synapse 3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Razer Synapse Service. By creating a symbolic link, an attacker can abuse the service to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-26374.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9869
Published : Oct. 29, 2025, 8:15 p.m. | 2 hours, 44 minutes ago
Description : Razer Synapse 3 Macro Module Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Razer Synapse 3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Razer Synapse Service. By creating a symbolic link, an attacker can abuse the service to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-26374.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9870 - Razer Synapse 3 RazerPhilipsHueUninstall Link Following Local Privilege Escalation Vulnerability
CVE ID : CVE-2025-9870
Published : Oct. 29, 2025, 8:15 p.m. | 2 hours, 44 minutes ago
Description : Razer Synapse 3 RazerPhilipsHueUninstall Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Razer Synapse 3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Philips HUE module installer. By creating a symbolic link, an attacker can abuse the installer to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-26375.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9870
Published : Oct. 29, 2025, 8:15 p.m. | 2 hours, 44 minutes ago
Description : Razer Synapse 3 RazerPhilipsHueUninstall Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Razer Synapse 3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Philips HUE module installer. By creating a symbolic link, an attacker can abuse the installer to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-26375.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9871 - Razer Synapse 3 Chroma Connect Link Following Local Privilege Escalation Vulnerability
CVE ID : CVE-2025-9871
Published : Oct. 29, 2025, 8:15 p.m. | 2 hours, 44 minutes ago
Description : Razer Synapse 3 Chroma Connect Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Razer Synapse 3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Razer Chroma SDK installer. By creating a symbolic link, an attacker can abuse the installer to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-26373.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9871
Published : Oct. 29, 2025, 8:15 p.m. | 2 hours, 44 minutes ago
Description : Razer Synapse 3 Chroma Connect Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Razer Synapse 3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Razer Chroma SDK installer. By creating a symbolic link, an attacker can abuse the installer to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-26373.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54459 - Vertikal Systems Hospital Manager Backend Services Exposure of Sensitive System Information to an Unauthorized Control Sphere
CVE ID : CVE-2025-54459
Published : Oct. 29, 2025, 10:15 p.m. | 44 minutes ago
Description : Prior to September 19, 2025, the Hospital Manager Backend Services exposed the ASP.NET tracing endpoint /trace.axd without authentication, allowing a remote attacker to obtain live request traces and sensitive information such as request metadata, session identifiers, authorization headers, server variables, and internal file paths.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54459
Published : Oct. 29, 2025, 10:15 p.m. | 44 minutes ago
Description : Prior to September 19, 2025, the Hospital Manager Backend Services exposed the ASP.NET tracing endpoint /trace.axd without authentication, allowing a remote attacker to obtain live request traces and sensitive information such as request metadata, session identifiers, authorization headers, server variables, and internal file paths.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61959 - Vertikal Systems Hospital Manager Backend Services Generation of Error Message Containing Sensitive Information
CVE ID : CVE-2025-61959
Published : Oct. 29, 2025, 10:15 p.m. | 44 minutes ago
Description : Prior to September 19, 2025, the Hospital Manager Backend Services returned verbose ASP.NET error pages for invalid WebResource.axd requests, disclosing framework and ASP.NET version information, stack traces, internal paths, and the insecure configuration 'customErrors mode="Off"', which could have facilitated reconnaissance by unauthenticated attackers.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61959
Published : Oct. 29, 2025, 10:15 p.m. | 44 minutes ago
Description : Prior to September 19, 2025, the Hospital Manager Backend Services returned verbose ASP.NET error pages for invalid WebResource.axd requests, disclosing framework and ASP.NET version information, stack traces, internal paths, and the insecure configuration 'customErrors mode="Off"', which could have facilitated reconnaissance by unauthenticated attackers.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54545 - On affected platforms, a restricted user could break out of the CLI sandbox to the system shell and elevate their privileges.
CVE ID : CVE-2025-54545
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : On affected platforms, a restricted user could break out of the CLI sandbox to the system shell and elevate their privileges.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54545
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : On affected platforms, a restricted user could break out of the CLI sandbox to the system shell and elevate their privileges.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54546 - On affected platforms, restricted users could use SSH port forwarding to access host-internal services
CVE ID : CVE-2025-54546
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : On affected platforms, restricted users could use SSH port forwarding to access host-internal services
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54546
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : On affected platforms, restricted users could use SSH port forwarding to access host-internal services
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54547 - On affected platforms, if SSH session multiplexing was configured on the client side, SSH sessions (e.g, scp, sftp) multiplexed onto the same channel could perform file-system operations after a configured session timeout expired
CVE ID : CVE-2025-54547
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : On affected platforms, if SSH session multiplexing was configured on the client side, SSH sessions (e.g, scp, sftp) multiplexed onto the same channel could perform file-system operations after a configured session timeout expired
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54547
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : On affected platforms, if SSH session multiplexing was configured on the client side, SSH sessions (e.g, scp, sftp) multiplexed onto the same channel could perform file-system operations after a configured session timeout expired
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54548 - On affected platforms, restricted users could view sensitive portions of the config database via a debug API (e.g., user password hashes)
CVE ID : CVE-2025-54548
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : On affected platforms, restricted users could view sensitive portions of the config database via a debug API (e.g., user password hashes)
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54548
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : On affected platforms, restricted users could view sensitive portions of the config database via a debug API (e.g., user password hashes)
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54549 - Cryptographic validation of upgrade images could be circumventing by dropping a specifically crafted file into the upgrade ISO
CVE ID : CVE-2025-54549
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : Cryptographic validation of upgrade images could be circumventing by dropping a specifically crafted file into the upgrade ISO
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54549
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : Cryptographic validation of upgrade images could be circumventing by dropping a specifically crafted file into the upgrade ISO
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58183 - Unbounded allocation when parsing GNU sparse map in archive/tar
CVE ID : CVE-2025-58183
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58183
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58185 - Parsing DER payload can cause memory exhaustion in encoding/asn1
CVE ID : CVE-2025-58185
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58185
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58186 - Lack of limit when parsing cookies can cause memory exhaustion in net/http
CVE ID : CVE-2025-58186
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58186
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58187 - Quadratic complexity when checking name constraints in crypto/x509
CVE ID : CVE-2025-58187
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : Due to the design of the name constraint checking algorithm, the processing time of some inputs scals non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58187
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : Due to the design of the name constraint checking algorithm, the processing time of some inputs scals non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58188 - Panic when validating certificates with DSA public keys in crypto/x509
CVE ID : CVE-2025-58188
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58188
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58189 - ALPN negotiation error contains attacker controlled information in crypto/tls
CVE ID : CVE-2025-58189
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58189
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61723 - Quadratic complexity when parsing some invalid inputs in encoding/pem
CVE ID : CVE-2025-61723
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61723
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61724 - Excessive CPU consumption in Reader.ReadResponse in net/textproto
CVE ID : CVE-2025-61724
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61724
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61725 - Excessive CPU consumption in ParseAddress in net/mail
CVE ID : CVE-2025-61725
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : The ParseAddress function constructeds domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61725
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : The ParseAddress function constructeds domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...