Total
95070 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-12284 | 2025-10-27 | N/A | N/A | ||
| Lack of Input Validation in the web UI might lead to potential exploitation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | |||||
| CVE-2025-62714 | 2025-10-27 | N/A | N/A | ||
| Karmada Dashboard is a general-purpose, web-based control panel for Karmada which is a multi-cluster management project. Prior to version 0.2.0, there is an authentication bypass vulnerability in the Karmada Dashboard API. The backend API endpoints (e.g., /api/v1/secret, /api/v1/service) did not enforce authentication, allowing unauthenticated users to access sensitive cluster information such as Secrets and Services directly. Although the web UI required a valid JWT for access, the API itself remained exposed to direct requests without any authentication checks. Any user or entity with network access to the Karmada Dashboard service could exploit this vulnerability to retrieve sensitive data. | |||||
| CVE-2025-11955 | 2025-10-27 | N/A | N/A | ||
| Incorrect validation of OCSP certificates vulnerability in TheGreenBow VPN, versions 7.5 and 7.6. During the IKEv2 authentication step, the OCSP-enabled VPN client establishes the tunnel even if it does not receive an OCSP response or if the OCSP response signature is invalid. | |||||
| CVE-2025-12080 | 2025-10-27 | N/A | N/A | ||
| On Wear OS devices, when Google Messages is configured as the default SMS/MMS/RCS application, the handling of ACTION_SENDTO intents utilizing the sms:, smsto:, mms:, and mmsto: Uniform Resource Identifier (URI) schemes is incorrectly implemented. Due to this misconfiguration, an attacker capable of invoking an Android intent can exploit this vulnerability to send messages on the user’s behalf to arbitrary receivers without requiring any further user interaction or specific permissions. This allows for the silent and unauthorized transmission of messages from a compromised Wear OS device. | |||||
| CVE-2025-41009 | 2025-10-27 | N/A | N/A | ||
| SQL injection vulnerability in the DRED virtual campus platform. This vulnerability allows an attacker to retrieve, create, update, and delete data from the database by sending a POST request using the ‘buscame’ parameter in ‘/catalogo_c/catalogo.php’. | |||||
| CVE-2025-11682 | 2025-10-27 | N/A | N/A | ||
| Stored cross-site scripting (XSS) vulnerability in the LMT Dashboard of the Perx Customer Engagement & Loyalty Platform allows an authenticated attacker to execute arbitrary JavaScript code in a victim's browser. The vulnerability is due to improper sanitization of SVG file uploads. An attacker can upload a malicious SVG file containing a script payload to a campaign. When another user views this image on the public LMT microsite, the script executes, which can lead to session hijacking, data theft, or other unauthorized actions.This issue affects Customer Engagement & Loyalty Platform before 4.617.4. | |||||
| CVE-2025-9341 | 2025-10-24 | N/A | N/A | ||
| Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java FIPS bc-fips on All (API modules), Legion of the Bouncy Castle Inc. Bouncy Castle for Java LTS bcprov-lts8on on All (API modules) allows Excessive Allocation. This vulnerability is associated with program files org/bouncycastle/crypto/fips/AESNativeCBC.Java, org/bouncycastle/crypto/engines/AESNativeCBC.Java. This issue affects Bouncy Castle for Java FIPS: 2.1.0; Bouncy Castle for Java LTS: from 2.73.0 through 2.73.7. | |||||
| CVE-2023-7101 | 2025-10-24 | N/A | 7.8 HIGH | ||
| Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic. | |||||
| CVE-2025-9339 | 2025-10-24 | N/A | N/A | ||
| SQL injection vulnerability in the fields of warehouse document filtering form in SIMPLE.ERP software allows logged-in user a malicious query injection. Potential exploitation is limited by the 20-character limit in form fields. Identified use case allows to delete tables with a name of maximum 6 characters. We weren't able to identify a way to exfiltrate data within query character limit. This issue affects SIMPLE.ERP in versions before 6.30@a04.3. | |||||
| CVE-2022-4262 | 2025-10-24 | N/A | 8.8 HIGH | ||
| Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-27997 | 1 Fortinet | 4 Fortigate 6000, Fortigate 7000, Fortios and 1 more | 2025-10-24 | N/A | 9.8 CRITICAL |
| A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests. | |||||
| CVE-2025-39898 | 2025-10-24 | N/A | N/A | ||
| Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | |||||
| CVE-2025-62835 | 2025-10-24 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-62834 | 2025-10-24 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-62833 | 2025-10-24 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-62832 | 2025-10-24 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-62831 | 2025-10-24 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-62830 | 2025-10-24 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-62829 | 2025-10-24 | N/A | N/A | ||
| Rejected reason: Not used | |||||
| CVE-2025-62828 | 2025-10-24 | N/A | N/A | ||
| Rejected reason: Not used | |||||