CVE-2025-58185 - Parsing DER payload can cause memory exhaustion in encoding/asn1
CVE ID : CVE-2025-58185
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58185
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58186 - Lack of limit when parsing cookies can cause memory exhaustion in net/http
CVE ID : CVE-2025-58186
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58186
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58187 - Quadratic complexity when checking name constraints in crypto/x509
CVE ID : CVE-2025-58187
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : Due to the design of the name constraint checking algorithm, the processing time of some inputs scals non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58187
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : Due to the design of the name constraint checking algorithm, the processing time of some inputs scals non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58188 - Panic when validating certificates with DSA public keys in crypto/x509
CVE ID : CVE-2025-58188
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58188
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58189 - ALPN negotiation error contains attacker controlled information in crypto/tls
CVE ID : CVE-2025-58189
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58189
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61723 - Quadratic complexity when parsing some invalid inputs in encoding/pem
CVE ID : CVE-2025-61723
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61723
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61724 - Excessive CPU consumption in Reader.ReadResponse in net/textproto
CVE ID : CVE-2025-61724
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61724
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61725 - Excessive CPU consumption in ParseAddress in net/mail
CVE ID : CVE-2025-61725
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : The ParseAddress function constructeds domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61725
Published : Oct. 29, 2025, 11:16 p.m. | 3 hours, 43 minutes ago
Description : The ParseAddress function constructeds domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10926 - JSON Field - Critical - Cross Site Scripting - SA-CONTRIB-2025-106
CVE ID : CVE-2025-10926
Published : Oct. 30, 2025, 12:15 a.m. | 2 hours, 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal JSON Field allows Cross-Site Scripting (XSS).This issue affects JSON Field: from 0.0.0 before 1.5.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10926
Published : Oct. 30, 2025, 12:15 a.m. | 2 hours, 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal JSON Field allows Cross-Site Scripting (XSS).This issue affects JSON Field: from 0.0.0 before 1.5.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10927 - Plausible tracking - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-107
CVE ID : CVE-2025-10927
Published : Oct. 30, 2025, 12:15 a.m. | 2 hours, 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Plausible tracking allows Cross-Site Scripting (XSS).This issue affects Plausible tracking: from 0.0.0 before 1.0.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10927
Published : Oct. 30, 2025, 12:15 a.m. | 2 hours, 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Plausible tracking allows Cross-Site Scripting (XSS).This issue affects Plausible tracking: from 0.0.0 before 1.0.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10928 - Access code - Moderately critical - Access bypass - SA-CONTRIB-2025-108
CVE ID : CVE-2025-10928
Published : Oct. 30, 2025, 12:15 a.m. | 2 hours, 44 minutes ago
Description : Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Access code allows Brute Force.This issue affects Access code: from 0.0.0 before 2.0.5.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10928
Published : Oct. 30, 2025, 12:15 a.m. | 2 hours, 44 minutes ago
Description : Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Access code allows Brute Force.This issue affects Access code: from 0.0.0 before 2.0.5.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10929 - Reverse Proxy Header - Less critical - Access bypass - SA-CONTRIB-2025-111
CVE ID : CVE-2025-10929
Published : Oct. 30, 2025, 12:15 a.m. | 2 hours, 44 minutes ago
Description : Improper Validation of Consistency within Input vulnerability in Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables.This issue affects Reverse Proxy Header: from 0.0.0 before 1.1.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10929
Published : Oct. 30, 2025, 12:15 a.m. | 2 hours, 44 minutes ago
Description : Improper Validation of Consistency within Input vulnerability in Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables.This issue affects Reverse Proxy Header: from 0.0.0 before 1.1.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10930 - Currency - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-110
CVE ID : CVE-2025-10930
Published : Oct. 30, 2025, 12:15 a.m. | 2 hours, 44 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Drupal Currency allows Cross Site Request Forgery.This issue affects Currency: from 0.0.0 before 3.5.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10930
Published : Oct. 30, 2025, 12:15 a.m. | 2 hours, 44 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Drupal Currency allows Cross Site Request Forgery.This issue affects Currency: from 0.0.0 before 3.5.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10931 - Umami Analytics - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-109
CVE ID : CVE-2025-10931
Published : Oct. 30, 2025, 12:15 a.m. | 2 hours, 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Umami Analytics allows Cross-Site Scripting (XSS).This issue affects Umami Analytics: from 0.0.0 before 1.0.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10931
Published : Oct. 30, 2025, 12:15 a.m. | 2 hours, 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Umami Analytics allows Cross-Site Scripting (XSS).This issue affects Umami Analytics: from 0.0.0 before 1.0.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12082 - CivicTheme Design System - Moderately critical - Information disclosure - SA-CONTRIB-2025-112
CVE ID : CVE-2025-12082
Published : Oct. 30, 2025, 12:15 a.m. | 2 hours, 44 minutes ago
Description : Incorrect Authorization vulnerability in Drupal CivicTheme Design System allows Forceful Browsing.This issue affects CivicTheme Design System: from 0.0.0 before 1.12.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12082
Published : Oct. 30, 2025, 12:15 a.m. | 2 hours, 44 minutes ago
Description : Incorrect Authorization vulnerability in Drupal CivicTheme Design System allows Forceful Browsing.This issue affects CivicTheme Design System: from 0.0.0 before 1.12.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12083 - CivicTheme Design System - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-113
CVE ID : CVE-2025-12083
Published : Oct. 30, 2025, 12:15 a.m. | 2 hours, 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal CivicTheme Design System allows Cross-Site Scripting (XSS).This issue affects CivicTheme Design System: from 0.0.0 before 1.12.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12083
Published : Oct. 30, 2025, 12:15 a.m. | 2 hours, 44 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal CivicTheme Design System allows Cross-Site Scripting (XSS).This issue affects CivicTheme Design System: from 0.0.0 before 1.12.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12466 - Simple OAuth (OAuth2) & OpenID Connect - Critical - Access bypass - SA-CONTRIB-2025-114
CVE ID : CVE-2025-12466
Published : Oct. 30, 2025, 12:15 a.m. | 2 hours, 44 minutes ago
Description : Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Simple OAuth (OAuth2) & OpenID Connect allows Authentication Bypass.This issue affects Simple OAuth (OAuth2) & OpenID Connect: from 6.0.0 before 6.0.7.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12466
Published : Oct. 30, 2025, 12:15 a.m. | 2 hours, 44 minutes ago
Description : Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Simple OAuth (OAuth2) & OpenID Connect allows Authentication Bypass.This issue affects Simple OAuth (OAuth2) & OpenID Connect: from 6.0.0 before 6.0.7.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62257 - Liferay Portal Liferay DXP Password Enumeration Vulnerability
CVE ID : CVE-2025-62257
Published : Oct. 30, 2025, 12:15 a.m. | 2 hours, 44 minutes ago
Description : Password enumeration vulnerability in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows remote attackers to determine a user’s password even if account lockout is enabled via brute force attack.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62257
Published : Oct. 30, 2025, 12:15 a.m. | 2 hours, 44 minutes ago
Description : Password enumeration vulnerability in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows remote attackers to determine a user’s password even if account lockout is enabled via brute force attack.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9954 - Acquia DAM - Moderately critical - Access bypass, Information Disclosure - SA-CONTRIB-2025-105
CVE ID : CVE-2025-9954
Published : Oct. 30, 2025, 12:15 a.m. | 2 hours, 44 minutes ago
Description : Missing Authorization vulnerability in Drupal Acquia DAM allows Forceful Browsing.This issue affects Acquia DAM: from 0.0.0 before 1.1.5.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9954
Published : Oct. 30, 2025, 12:15 a.m. | 2 hours, 44 minutes ago
Description : Missing Authorization vulnerability in Drupal Acquia DAM allows Forceful Browsing.This issue affects Acquia DAM: from 0.0.0 before 1.1.5.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12475 - Blocksy Companion <= 2.1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE ID : CVE-2025-12475
Published : Oct. 30, 2025, 5:15 a.m. | 1 hour, 48 minutes ago
Description : The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'blocksy_newsletter_subscribe' shortcode in all versions up to, and including, 2.1.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12475
Published : Oct. 30, 2025, 5:15 a.m. | 1 hour, 48 minutes ago
Description : The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'blocksy_newsletter_subscribe' shortcode in all versions up to, and including, 2.1.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62231 - Xorg: xmayland: value overflow in xkbsetcompatmap()
CVE ID : CVE-2025-62231
Published : Oct. 30, 2025, 5:15 a.m. | 1 hour, 48 minutes ago
Description : A flaw was identified in the X.Org X server’s X Keyboard (Xkb) extension where improper bounds checking in the XkbSetCompatMap() function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a crash.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62231
Published : Oct. 30, 2025, 5:15 a.m. | 1 hour, 48 minutes ago
Description : A flaw was identified in the X.Org X server’s X Keyboard (Xkb) extension where improper bounds checking in the XkbSetCompatMap() function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a crash.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...