Total
10583 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-52907 | 1 Totolink | 2 X6000r, X6000r Firmware | 2025-10-14 | N/A | 8.8 HIGH |
| Improper Input Validation vulnerability in TOTOLINK X6000R allows Command Injection, File Manipulation.This issue affects X6000R: through V9.4.0cu.1360_B20241207. | |||||
| CVE-2025-31995 | 2025-10-14 | N/A | 3.5 LOW | ||
| HCL Unica MaxAI Workbench is vulnerable to improper input validation. This allows attackers to exploit vulnerabilities such as SQL Injection, XSS, or command injection, leading to unauthorized access or data breaches, etc. | |||||
| CVE-2025-61920 | 2025-10-14 | N/A | 7.5 HIGH | ||
| Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JOSE implementation accepts unbounded JWS/JWT header and signature segments. A remote attacker can craft a token whose base64url‑encoded header or signature spans hundreds of megabytes. During verification, Authlib decodes and parses the full input before it is rejected, driving CPU and memory consumption to hostile levels and enabling denial of service. Version 1.6.5 patches the issue. Some temporary workarounds are available. Enforce input size limits before handing tokens to Authlib and/or use application-level throttling to reduce amplification risk. | |||||
| CVE-2025-62162 | 2025-10-14 | N/A | 7.5 HIGH | ||
| cel-rust is a Common Expression Language interpreter written in Rust. Starting in version 0.10.0 and prior to version 0.11.4, parsing certain malformed CEL expressions can cause the parser to panic, terminating the process. When the crate is used to evaluate untrusted expressions (e.g., user-supplied input over an API), an attacker can send crafted input to trigger a denial of service (DoS). Version 0.11.4 fixes the issue. | |||||
| CVE-2011-20001 | 2025-10-14 | N/A | 7.5 HIGH | ||
| A vulnerability has been identified in SIMATIC S7-1200 CPU V1 family (incl. SIPLUS variants) (All versions < V2.0.3), SIMATIC S7-1200 CPU V2 family (incl. SIPLUS variants) (All versions < V2.0.3). The web server interface of affected devices improperly processes incoming malformed HTTP traffic at high rate. This could allow an unauthenticated remote attacker to force the device entering the stop/defect state, thus creating a denial of service condition. | |||||
| CVE-2025-9066 | 2025-10-14 | N/A | N/A | ||
| A security issue was discovered within FactoryTalk® ViewPoint, allowing unauthenticated attackers to achieve XXE. Certain SOAP requests can be abused to perform XXE, resulting in a temporary denial-of-service. | |||||
| CVE-2025-59198 | 2025-10-14 | N/A | 5.0 MEDIUM | ||
| Improper input validation in Microsoft Windows Search Component allows an authorized attacker to deny service locally. | |||||
| CVE-2025-55679 | 2025-10-14 | N/A | 5.1 MEDIUM | ||
| Improper input validation in Windows Kernel allows an unauthorized attacker to disclose information locally. | |||||
| CVE-2025-59207 | 2025-10-14 | N/A | 7.8 HIGH | ||
| Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-59228 | 2025-10-14 | N/A | 8.8 HIGH | ||
| Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||||
| CVE-2025-59187 | 2025-10-14 | N/A | 7.8 HIGH | ||
| Improper input validation in Windows Kernel allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-58716 | 2025-10-14 | N/A | 8.8 HIGH | ||
| Improper input validation in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-55692 | 2025-10-14 | N/A | 7.8 HIGH | ||
| Improper input validation in Windows Error Reporting allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-59190 | 2025-10-14 | N/A | 5.5 MEDIUM | ||
| Improper input validation in Microsoft Windows Search Component allows an unauthorized attacker to deny service locally. | |||||
| CVE-2025-59250 | 2025-10-14 | N/A | 8.1 HIGH | ||
| Improper input validation in JDBC Driver for SQL Server allows an unauthorized attacker to perform spoofing over a network. | |||||
| CVE-2025-59248 | 2025-10-14 | N/A | 7.5 HIGH | ||
| Improper input validation in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. | |||||
| CVE-2025-60537 | 2025-10-14 | N/A | 6.5 MEDIUM | ||
| Improper input validation in the component /kafka/ui/serdes/CustomSerdeLoader.java of kafka-ui v0.6.0 to v0.7.2 allows attackers to execute arbitrary code via supplying crafted data. | |||||
| CVE-2025-11346 | 1 Ilias | 1 Ilias | 2025-10-14 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in ILIAS up to 8.23/9.13/10.1. This affects the function unserialize of the component Base64 Decoding Handler. Such manipulation of the argument f_settings leads to deserialization. It is possible to launch the attack remotely. Upgrading to version 8.24, 9.14 and 10.2 is able to mitigate this issue. It is advisable to upgrade the affected component. | |||||
| CVE-2025-11345 | 1 Ilias | 1 Ilias | 2025-10-14 | 6.5 MEDIUM | 5.5 MEDIUM |
| A flaw has been found in ILIAS up to 8.23/9.13/10.1. Affected by this issue is the function unserialize of the component Test Import. This manipulation causes deserialization. It is possible to initiate the attack remotely. Upgrading to version 8.24, 9.14 and 10.2 can resolve this issue. Upgrading the affected component is advised. | |||||
| CVE-2025-4260 | 1 Zhangyanbo2007 | 1 Youkefu | 2025-10-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in zhangyanbo2007 youkefu up to 4.2.0 and classified as problematic. Affected by this issue is the function impsave of the file m\web\handler\admin\system\TemplateController.java. The manipulation of the argument dataFile leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||