CVE-2025-64363 - WordPress Kleo theme < 5.5.0 - Local File Inclusion vulnerability
CVE ID : CVE-2025-64363
Published : Oct. 31, 2025, 12:15 p.m. | 1 hour, 4 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SeventhQueen Kleo kleo allows PHP Local File Inclusion.This issue affects Kleo: from n/a through < 5.5.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64363
Published : Oct. 31, 2025, 12:15 p.m. | 1 hour, 4 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SeventhQueen Kleo kleo allows PHP Local File Inclusion.This issue affects Kleo: from n/a through < 5.5.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64364 - WordPress Masterstudy theme < 4.8.126 - Local File Inclusion vulnerability
CVE ID : CVE-2025-64364
Published : Oct. 31, 2025, 12:15 p.m. | 1 hour, 4 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Masterstudy masterstudy allows PHP Local File Inclusion.This issue affects Masterstudy: from n/a through < 4.8.126.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64364
Published : Oct. 31, 2025, 12:15 p.m. | 1 hour, 4 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Masterstudy masterstudy allows PHP Local File Inclusion.This issue affects Masterstudy: from n/a through < 4.8.126.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64365 - WordPress Ohio Extra plugin <= 3.6.0 - Cross Site Scripting (XSS) vulnerability
CVE ID : CVE-2025-64365
Published : Oct. 31, 2025, 12:15 p.m. | 1 hour, 4 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in colabrio Ohio Extra ohio-extra allows DOM-Based XSS.This issue affects Ohio Extra: from n/a through <= 3.6.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64365
Published : Oct. 31, 2025, 12:15 p.m. | 1 hour, 4 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in colabrio Ohio Extra ohio-extra allows DOM-Based XSS.This issue affects Ohio Extra: from n/a through <= 3.6.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64366 - WordPress MasterStudy LMS plugin <= 3.6.27 - SQL Injection vulnerability
CVE ID : CVE-2025-64366
Published : Oct. 31, 2025, 12:15 p.m. | 1 hour, 4 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Blind SQL Injection.This issue affects MasterStudy LMS: from n/a through <= 3.6.27.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64366
Published : Oct. 31, 2025, 12:15 p.m. | 1 hour, 4 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Blind SQL Injection.This issue affects MasterStudy LMS: from n/a through <= 3.6.27.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64367 - WordPress Groundhogg plugin <= 4.2.6 - Cross Site Scripting (XSS) vulnerability
CVE ID : CVE-2025-64367
Published : Oct. 31, 2025, 12:15 p.m. | 1 hour, 4 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Adrian Tobey Groundhogg groundhogg allows Stored XSS.This issue affects Groundhogg: from n/a through <= 4.2.6.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64367
Published : Oct. 31, 2025, 12:15 p.m. | 1 hour, 4 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Adrian Tobey Groundhogg groundhogg allows Stored XSS.This issue affects Groundhogg: from n/a through <= 4.2.6.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64368 - WordPress Bard theme <= 1.6 - Cross Site Request Forgery (CSRF) vulnerability
CVE ID : CVE-2025-64368
Published : Oct. 31, 2025, 12:15 p.m. | 1 hour, 4 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Mikado-Themes Bard bardwp allows Cross Site Request Forgery.This issue affects Bard: from n/a through <= 1.6.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64368
Published : Oct. 31, 2025, 12:15 p.m. | 1 hour, 4 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Mikado-Themes Bard bardwp allows Cross Site Request Forgery.This issue affects Bard: from n/a through <= 1.6.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4952 - Denial-of-service vulnerability in ESET security products for Windows
CVE ID : CVE-2025-4952
Published : Oct. 31, 2025, 12:28 p.m. | 51 minutes ago
Description : Tampering of the registry entries might have led to preventing the ESET security products from starting correctly on the next system startup or to unauthorized changes in the product's configuration.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4952
Published : Oct. 31, 2025, 12:28 p.m. | 51 minutes ago
Description : Tampering of the registry entries might have led to preventing the ESET security products from starting correctly on the next system startup or to unauthorized changes in the product's configuration.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-13992 - Nagios XI < 2024R1.1 XSS via Missing Page / 404
CVE ID : CVE-2024-13992
Published : Oct. 31, 2025, 12:35 p.m. | 44 minutes ago
Description : Nagios XI versions prior to < 2024R1.1 is vulnerable to a cross-site scripting (XSS) when a user visits the "missing page" (404) page after following a link from another website. The vulnerable component, page-missing.php, fails to properly validate or escape user-supplied input, allowing an attacker to craft a malicious link that, when visited by a victim, executes arbitrary JavaScript in the victim’s browser within the Nagios XI domain.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-13992
Published : Oct. 31, 2025, 12:35 p.m. | 44 minutes ago
Description : Nagios XI versions prior to < 2024R1.1 is vulnerable to a cross-site scripting (XSS) when a user visits the "missing page" (404) page after following a link from another website. The vulnerable component, page-missing.php, fails to properly validate or escape user-supplied input, allowing an attacker to craft a malicious link that, when visited by a victim, executes arbitrary JavaScript in the victim’s browser within the Nagios XI domain.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-33003 - IBM InfoSphere Information Server is vulnerable to privilege escalation
CVE ID : CVE-2025-33003
Published : Oct. 31, 2025, 1:04 p.m. | 15 minutes ago
Description : IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow a non-root user to gain higher privileges/capabilities within the scope of a container due to execution with unnecessary privileges.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-33003
Published : Oct. 31, 2025, 1:04 p.m. | 15 minutes ago
Description : IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow a non-root user to gain higher privileges/capabilities within the scope of a container due to execution with unnecessary privileges.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-36249 - IBM Jazz for Service Management is vulnerable to "filter" cookie not sent over SSL
CVE ID : CVE-2025-36249
Published : Oct. 31, 2025, 1:05 p.m. | 14 minutes ago
Description : IBM Jazz for Service Management 1.1.3.0 through 1.1.3.25 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-36249
Published : Oct. 31, 2025, 1:05 p.m. | 14 minutes ago
Description : IBM Jazz for Service Management 1.1.3.0 through 1.1.3.25 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12501 - GameMaker IDE Integer Overflow Denial-of-Service Vulnerability
CVE ID : CVE-2025-12501
Published : Oct. 31, 2025, 3:15 p.m. | 2 hours, 7 minutes ago
Description : Integer overflow in GameMaker IDE below 2024.14.0 version can lead to can lead to application crashes through denial-of-service attacks (DoS). GameMaker users who use the network_create_server() function in their projects are urged to update and recompile immediately.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12501
Published : Oct. 31, 2025, 3:15 p.m. | 2 hours, 7 minutes ago
Description : Integer overflow in GameMaker IDE below 2024.14.0 version can lead to can lead to application crashes through denial-of-service attacks (DoS). GameMaker users who use the network_create_server() function in their projects are urged to update and recompile immediately.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57106 - Kitware VTK Buffer Overflow
CVE ID : CVE-2025-57106
Published : Oct. 31, 2025, 3:15 p.m. | 2 hours, 7 minutes ago
Description : Kitware VTK (Visualization Toolkit) up to 9.5.0 is vulnerable to Buffer Overflow in vtkGLTFDocumentLoader. The vulnerability occurs in the BufferDataExtractionWorker template function when processing GLTF accessor data.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57106
Published : Oct. 31, 2025, 3:15 p.m. | 2 hours, 7 minutes ago
Description : Kitware VTK (Visualization Toolkit) up to 9.5.0 is vulnerable to Buffer Overflow in vtkGLTFDocumentLoader. The vulnerability occurs in the BufferDataExtractionWorker template function when processing GLTF accessor data.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57107 - Kitware VTK Heap Buffer Overflow Vulnerability
CVE ID : CVE-2025-57107
Published : Oct. 31, 2025, 3:15 p.m. | 2 hours, 7 minutes ago
Description : Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap buffer overflow vulnerability in vtkGLTFDocumentLoader. When processing specially crafted GLTF files, the copy constructor of Accessor objects fails to properly validate buffer boundaries before performing memory read operations.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57107
Published : Oct. 31, 2025, 3:15 p.m. | 2 hours, 7 minutes ago
Description : Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap buffer overflow vulnerability in vtkGLTFDocumentLoader. When processing specially crafted GLTF files, the copy constructor of Accessor objects fails to properly validate buffer boundaries before performing memory read operations.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57108 - Kitware VTK Heap Use-After-Free Vulnerability in GLTFDocumentLoader
CVE ID : CVE-2025-57108
Published : Oct. 31, 2025, 3:15 p.m. | 2 hours, 7 minutes ago
Description : Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap use-after-free vulnerability in vtkGLTFDocumentLoader. The vulnerability manifests during mesh object copy operations where vector members are accessed after the underlying memory has been freed, specifically when handling GLTF files with corrupted or invalid mesh reference structures.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57108
Published : Oct. 31, 2025, 3:15 p.m. | 2 hours, 7 minutes ago
Description : Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap use-after-free vulnerability in vtkGLTFDocumentLoader. The vulnerability manifests during mesh object copy operations where vector members are accessed after the underlying memory has been freed, specifically when handling GLTF files with corrupted or invalid mesh reference structures.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60749 - Trimble SketchUp DLL Hijacking Vulnerability
CVE ID : CVE-2025-60749
Published : Oct. 31, 2025, 3:15 p.m. | 2 hours, 7 minutes ago
Description : DLL Hijacking vulnerability in Trimble SketchUp desktop 2025 via crafted libcef.dll used by sketchup_webhelper.exe.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60749
Published : Oct. 31, 2025, 3:15 p.m. | 2 hours, 7 minutes ago
Description : DLL Hijacking vulnerability in Trimble SketchUp desktop 2025 via crafted libcef.dll used by sketchup_webhelper.exe.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61427 - BEO Atlas Einfuhr Ausfuhr XSS
CVE ID : CVE-2025-61427
Published : Oct. 31, 2025, 3:15 p.m. | 2 hours, 7 minutes ago
Description : A reflected cross-site scripting (XSS) vulnerability in BEO GmbH BEO Atlas Einfuhr Ausfuhr 3.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the userid and password parameters.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61427
Published : Oct. 31, 2025, 3:15 p.m. | 2 hours, 7 minutes ago
Description : A reflected cross-site scripting (XSS) vulnerability in BEO GmbH BEO Atlas Einfuhr Ausfuhr 3.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the userid and password parameters.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64168 - Agno session state overwrites between different sessions/users
CVE ID : CVE-2025-64168
Published : Oct. 31, 2025, 3:15 p.m. | 2 hours, 7 minutes ago
Description : Agno is a multi-agent framework, runtime and control plane. From 2.0.0 to before 2.2.2, under high concurrency, when session_state is passed to Agent or Team during run or arun calls, a race condition can occur, causing a session_state to be assigned and persisted to the incorrect session. This may result in user data from one session being exposed to another user. This has been patched in version 2.2.2.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64168
Published : Oct. 31, 2025, 3:15 p.m. | 2 hours, 7 minutes ago
Description : Agno is a multi-agent framework, runtime and control plane. From 2.0.0 to before 2.2.2, under high concurrency, when session_state is passed to Agent or Team during run or arun calls, a race condition can occur, causing a session_state to be assigned and persisted to the incorrect session. This may result in user data from one session being exposed to another user. This has been patched in version 2.2.2.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64385 - INCORRECT SECURITY VALIDATION IN SENDING UDP FRAMES
CVE ID : CVE-2025-64385
Published : Oct. 31, 2025, 3:15 p.m. | 2 hours, 7 minutes ago
Description : The equipment initially can be configured using the manufacturer's application, by Wi-Fi, by the web server or with the manufacturer’s software. Using the manufacturer's software, the device can be configured via UDP. Analyzing this communication, it has been observed that any aspect of the initial configuration can be changed by means of the device's MAC without the need for authentication.
Severity: 9.2 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64385
Published : Oct. 31, 2025, 3:15 p.m. | 2 hours, 7 minutes ago
Description : The equipment initially can be configured using the manufacturer's application, by Wi-Fi, by the web server or with the manufacturer’s software. Using the manufacturer's software, the device can be configured via UDP. Analyzing this communication, it has been observed that any aspect of the initial configuration can be changed by means of the device's MAC without the need for authentication.
Severity: 9.2 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64387 - CLICKJACKING
CVE ID : CVE-2025-64387
Published : Oct. 31, 2025, 3:15 p.m. | 2 hours, 7 minutes ago
Description : The web application is vulnerable to a so-called ‘clickjacking’ attack. In this type of attack, the vulnerable page is inserted into a page controlled by the attacker in order to deceive the victim. This deception can range from making the victim click on a button to making them enter their login credentials in a form that, a priori, appears legitimate.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64387
Published : Oct. 31, 2025, 3:15 p.m. | 2 hours, 7 minutes ago
Description : The web application is vulnerable to a so-called ‘clickjacking’ attack. In this type of attack, the vulnerable page is inserted into a page controlled by the attacker in order to deceive the victim. This deception can range from making the victim click on a button to making them enter their login credentials in a form that, a priori, appears legitimate.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64388 - Denial of service through specific packets
CVE ID : CVE-2025-64388
Published : Oct. 31, 2025, 3:15 p.m. | 2 hours, 7 minutes ago
Description : Denial of service of the web server through specific requests to this protocol
Severity: 9.2 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64388
Published : Oct. 31, 2025, 3:15 p.m. | 2 hours, 7 minutes ago
Description : Denial of service of the web server through specific requests to this protocol
Severity: 9.2 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64389 - EXCHANGE OF SENSITIVE INFORMATION IN CLEAR TEXT
CVE ID : CVE-2025-64389
Published : Oct. 31, 2025, 3:15 p.m. | 2 hours, 7 minutes ago
Description : The web server of the device performs exchanges of sensitive information in clear text through an insecure protocol.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64389
Published : Oct. 31, 2025, 3:15 p.m. | 2 hours, 7 minutes ago
Description : The web server of the device performs exchanges of sensitive information in clear text through an insecure protocol.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...