Total
10887 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-61582 | 1 Joni1802 | 1 Ts3 Manager | 2025-10-20 | N/A | 7.5 HIGH |
| TS3 Manager is modern web interface for maintaining Teamspeak3 servers. A Denial of Dervice vulnerability has been identified in versions 2.2.1 and earlier. The vulnerability permits an unauthenticated actor to crash the application through the submission of specially crafted Unicode input, requiring no prior authentication or privileges. The flaw manifests when Unicode tag characters are submitted to the Server field on the login page. The application fails to properly handle these characters during the ASCII conversion process, resulting in an unhandled exception that terminates the application within four to five seconds of submission. This issue is fixed in version 2.2.2. | |||||
| CVE-2025-61583 | 1 Joni1802 | 1 Ts3 Manager | 2025-10-20 | N/A | 4.3 MEDIUM |
| TS3 Manager is modern web interface for maintaining Teamspeak3 servers. A reflected cross-site scripting vulnerability has been identified in versions 2.2.1 and earlier. The vulnerability exists in the error handling mechanism of the login page, where malicious scripts embedded in server hostnames are executed in the victim's browser context without proper sanitization. This issue is fixed in version 2.2.2. | |||||
| CVE-2025-61920 | 1 Authlib | 1 Authlib | 2025-10-20 | N/A | 7.5 HIGH |
| Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JOSE implementation accepts unbounded JWS/JWT header and signature segments. A remote attacker can craft a token whose base64url‑encoded header or signature spans hundreds of megabytes. During verification, Authlib decodes and parses the full input before it is rejected, driving CPU and memory consumption to hostile levels and enabling denial of service. Version 1.6.5 patches the issue. Some temporary workarounds are available. Enforce input size limits before handing tokens to Authlib and/or use application-level throttling to reduce amplification risk. | |||||
| CVE-2025-8963 | 1 Jeecg | 1 Jimureport | 2025-10-17 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was determined in jeecgboot JimuReport up to 2.1.1. Affected by this issue is some unknown functionality of the file /drag/onlDragDataSource/testConnection of the component Data Large Screen Template. The manipulation leads to deserialization. The attack may be launched remotely. The vendor response to the GitHub issue report is: "Modified, next version updated". | |||||
| CVE-2025-59207 | 1 Microsoft | 11 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 8 more | 2025-10-17 | N/A | 7.8 HIGH |
| Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-59190 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2025-10-17 | N/A | 5.5 MEDIUM |
| Improper input validation in Microsoft Windows Search Component allows an unauthorized attacker to deny service locally. | |||||
| CVE-2025-57644 | 1 Accela | 1 Automation Platform | 2025-10-17 | N/A | 9.1 CRITICAL |
| Accela Automation Platform 22.2.3.0.230103 contains multiple vulnerabilities in the Test Script feature. An authenticated administrative user can execute arbitrary Java code on the server, resulting in remote code execution. In addition, improper input validation allows for arbitrary file write and server-side request forgery (SSRF), enabling interaction with internal or external systems. Successful exploitation can lead to full server compromise, unauthorized access to sensitive data, and further network exploitation. | |||||
| CVE-2025-27151 | 1 Redis | 1 Redis | 2025-10-16 | N/A | 4.7 MEDIUM |
| Redis is an open source, in-memory database that persists on disk. In versions starting from 7.0.0 to before 8.0.2, a stack-based buffer overflow exists in redis-check-aof due to the use of memcpy with strlen(filepath) when copying a user-supplied file path into a fixed-size stack buffer. This allows an attacker to overflow the stack and potentially achieve code execution. This issue has been patched in version 8.0.2. | |||||
| CVE-2025-3413 | 1 Opplus | 1 Springboot-admin | 2025-10-16 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in opplus springboot-admin up to a2d5310f44fd46780a8686456cf2f9001ab8f024 and classified as critical. Affected by this vulnerability is the function code of the file SysGeneratorController.java. The manipulation of the argument Tables leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-2611 | 2025-10-15 | N/A | N/A | ||
| The ICTBroadcast application unsafely passes session cookie data to shell processing, allowing an attacker to inject shell commands into a session cookie that get executed on the server. This results in unauthenticated remote code execution in the session handling. Versions 7.4 and below are known to be vulnerable. | |||||
| CVE-2025-52907 | 1 Totolink | 2 X6000r, X6000r Firmware | 2025-10-14 | N/A | 8.8 HIGH |
| Improper Input Validation vulnerability in TOTOLINK X6000R allows Command Injection, File Manipulation.This issue affects X6000R: through V9.4.0cu.1360_B20241207. | |||||
| CVE-2025-62162 | 2025-10-14 | N/A | 7.5 HIGH | ||
| cel-rust is a Common Expression Language interpreter written in Rust. Starting in version 0.10.0 and prior to version 0.11.4, parsing certain malformed CEL expressions can cause the parser to panic, terminating the process. When the crate is used to evaluate untrusted expressions (e.g., user-supplied input over an API), an attacker can send crafted input to trigger a denial of service (DoS). Version 0.11.4 fixes the issue. | |||||
| CVE-2025-31995 | 2025-10-14 | N/A | 3.5 LOW | ||
| HCL Unica MaxAI Workbench is vulnerable to improper input validation. This allows attackers to exploit vulnerabilities such as SQL Injection, XSS, or command injection, leading to unauthorized access or data breaches, etc. | |||||
| CVE-2025-9066 | 2025-10-14 | N/A | N/A | ||
| A security issue was discovered within FactoryTalk® ViewPoint, allowing unauthenticated attackers to achieve XXE. Certain SOAP requests can be abused to perform XXE, resulting in a temporary denial-of-service. | |||||
| CVE-2011-20001 | 2025-10-14 | N/A | 7.5 HIGH | ||
| A vulnerability has been identified in SIMATIC S7-1200 CPU V1 family (incl. SIPLUS variants) (All versions < V2.0.3), SIMATIC S7-1200 CPU V2 family (incl. SIPLUS variants) (All versions < V2.0.3). The web server interface of affected devices improperly processes incoming malformed HTTP traffic at high rate. This could allow an unauthenticated remote attacker to force the device entering the stop/defect state, thus creating a denial of service condition. | |||||
| CVE-2025-59248 | 2025-10-14 | N/A | 7.5 HIGH | ||
| Improper input validation in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. | |||||
| CVE-2025-59198 | 2025-10-14 | N/A | 5.0 MEDIUM | ||
| Improper input validation in Microsoft Windows Search Component allows an authorized attacker to deny service locally. | |||||
| CVE-2025-60537 | 2025-10-14 | N/A | 6.5 MEDIUM | ||
| Improper input validation in the component /kafka/ui/serdes/CustomSerdeLoader.java of kafka-ui v0.6.0 to v0.7.2 allows attackers to execute arbitrary code via supplying crafted data. | |||||
| CVE-2025-59228 | 2025-10-14 | N/A | 8.8 HIGH | ||
| Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||||
| CVE-2025-55692 | 2025-10-14 | N/A | 7.8 HIGH | ||
| Improper input validation in Windows Error Reporting allows an authorized attacker to elevate privileges locally. | |||||