No Result
View All Result
No Result
View All Result
No Result
View All Result

Live CVE Feed

Share on FacebookShare on Twitter

Live CVE Feed

Curated from global sources like ENISA EUVD and CVE Details

  • CVE-2025-36592 - Dell Secure Connect Gateway (SCG) Policy Manager Cross-site Scripting Vulnerability

    CVE ID : CVE-2025-36592Published : Oct. 30, 2025, 3:26 p.m. | 22 minutes agoDescription : Dell Secure Connect Gateway (SCG) Policy Manager, version(s) 5.20. 5.22, 5.24, 5.26, 5.28, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Script injection.Severity: 5.4 | MEDIUMVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2025-46363 - Dell Secure Connect Gateway Relative Path Traversal Vulnerability

    CVE ID : CVE-2025-46363Published : Oct. 30, 2025, 3:22 p.m. | 27 minutes agoDescription : Dell Secure Connect Gateway (SCG) 5.0 Application and Appliance version(s) 5.26.00.00 - 5.30.00.00, contain a Relative Path Traversal vulnerability in the SCG exposed for an internal collection download REST API (if this REST API is enabled by Admin user from UI). A low privileged attacker with remote access could potentially exploit this vulnerability, leading to allowing relative path traversal to restricted resources.Severity: 4.3 | MEDIUMVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2025-5342 - Denial of Service (DoS)

    CVE ID : CVE-2025-5342Published : Oct. 30, 2025, 3:15 p.m. | 34 minutes agoDescription : Zohocorp ManageEngine Exchange Reporter Plus through 5721 are vulnerable to ReDOS vulnerability in the search module.Severity: 4.3 | MEDIUMVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2025-5343 - Stored XSS

    CVE ID : CVE-2025-5343Published : Oct. 30, 2025, 3:15 p.m. | 34 minutes agoDescription : Zohocorp ManageEngine Exchange Reporter Plus versions through 5721 are vulnerable to Stored Cross Site Scripting in the Instant Search option.Severity: 6.3 | MEDIUMVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2025-5347 - Stored XSS

    CVE ID : CVE-2025-5347Published : Oct. 30, 2025, 3:15 p.m. | 34 minutes agoDescription : Zohocorp ManageEngine Exchange Reporter Plus versions before 5723 are vulnerable to Stored Cross Site Scripting in the reports module.Severity: 6.3 | MEDIUMVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2025-43942 - Dell Unity OS Command Injection Vulnerability

    CVE ID : CVE-2025-43942Published : Oct. 30, 2025, 3:15 p.m. | 34 minutes agoDescription : Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.Severity: 7.8 | HIGHVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2025-46422 - Dell Unity OS Command Injection

    CVE ID : CVE-2025-46422Published : Oct. 30, 2025, 3:15 p.m. | 34 minutes agoDescription : Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.Severity: 7.8 | HIGHVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2025-46423 - Dell Unity OS Command Injection

    CVE ID : CVE-2025-46423Published : Oct. 30, 2025, 3:15 p.m. | 34 minutes agoDescription : Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.Severity: 7.8 | HIGHVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2025-50574 - Glamour Salon Management System XSS

    CVE ID : CVE-2025-50574Published : Oct. 30, 2025, 3:15 p.m. | 34 minutes agoDescription : Cross-site scripting (XSS) vulnerability in blog-details.php in Hiruna Gallage's Glamour Salon Management System v1 allows remote attackers to inject arbitrary web script or HTML via the blog comment section parameter.Severity: 0.0 | NAVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2025-43027 - Genetec Security Center Administrative Access Bypass Vulnerability

    CVE ID : CVE-2025-43027Published : Oct. 30, 2025, 3:15 p.m. | 34 minutes agoDescription : A critical severity vulnerability has been identified in the ALPR Manager role of Security Center that could allow attackers to gain administrative access to the Genetec Security Center system. The Genetec engineering team discovered this issue internally. There is currently no evidence that this vulnerability has been exploited in the wild.Severity: 9.8 | CRITICALVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • From Domain User to SYSTEM: Analyzing the NTLM LDAP Authentication Bypass Vulnerability (CVE-2025-54918)
    on October 30, 2025 at 1:49 pm

    From Domain User to SYSTEM: Analyzing the NTLM LDAP Authentication Bypass Vulnerability (CVE-2025-54918) In September 2025, a critical vulnerability (CVE-2025-54918) was discovered affecting domain controllers running LDAP or LDAPS services. This vulnerability allows attackers to elevate privileges from ... Read more Published Date: Oct 30, 2025 (1 hour, 33 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2025-61882 CVE-2025-54918 CVE-2025-48384

  • How Falcon Exposure Management’s ExPRT.AI Predicts What Attackers Will Exploit
    on October 30, 2025 at 1:49 pm

    How Falcon Exposure Management’s ExPRT.AI Predicts What Attackers Will Exploit Nearly 40,000 vulnerabilities were disclosed in 2024.1 Security teams are overwhelmed, especially those relying on outdated tools. ExPRT.AI, the native intelligence engine embedded in CrowdStrike Falc ... Read more Published Date: Oct 30, 2025 (1 hour, 33 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2025-61882 CVE-2025-54918 CVE-2025-48384 CVE-2025-4664

  • Falcon Defends Against Git Vulnerability CVE-2025-48384
    on October 30, 2025 at 1:49 pm

    Falcon Defends Against Git Vulnerability CVE-2025-48384 CrowdStrike has identified active exploitation of Git vulnerability CVE-2025-48384. In the observed activity, threat actors combined sophisticated social engineering tactics with malicious Git reposit ... Read more Published Date: Oct 30, 2025 (1 hour, 33 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2025-61882 CVE-2025-54918 CVE-2025-48384

  • Multiple Jenkins Vulnerability SAML Authentication Bypass And MCP Server Plugin Permissions
    on October 30, 2025 at 1:44 pm

    Multiple Jenkins Vulnerability SAML Authentication Bypass And MCP Server Plugin Permissions The Jenkins project released Security Advisory 2025-10-29 on October 28, 2025, disclosing multiple vulnerabilities across 13 plugins that power the popular open-source automation server. These flaws r ... Read more Published Date: Oct 30, 2025 (1 hour, 39 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2025-64149 CVE-2025-64148 CVE-2025-64146 CVE-2025-64144 CVE-2025-64143 CVE-2025-64141 CVE-2025-64140 CVE-2025-64138 CVE-2025-64136 CVE-2025-64135 CVE-2025-64134 CVE-2025-64133 CVE-2025-64132 CVE-2025-64131 CVE-2016-5597

  • Vulnerability in Eveo URVE Smart Office software
    on October 30, 2025 at 12:55 pm

    Vulnerability in Eveo URVE Smart Office software Vulnerability in Eveo URVE Smart Office software CVE ID CVE-2025-10348 Publication date 30 October 2025 Vendor Eveo Product URVE Smart Office Vulnerable versions All before 1.1.24 Vulnerability type ( ... Read more Published Date: Oct 30, 2025 (2 hours, 28 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2025-10348

  • Attackers exploiting WSUS vulnerability drop Skuld infostealer (CVE-2025-59287)
    on October 30, 2025 at 12:45 pm

    Attackers exploiting WSUS vulnerability drop Skuld infostealer (CVE-2025-59287) Attackers have been spotted exploiting the recently patched WSUS vulnerability (CVE-2025-59287) to deploy infostealer malware on unpatched Windows servers. An out-of-band update Last week’s release of ... Read more Published Date: Oct 30, 2025 (2 hours, 38 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2025-59287

  • Google Chrome 142 Stable Channel Release
    on October 30, 2025 at 12:22 pm

    Google Chrome 142 Stable Channel Release October 30, 2025Google Chrome 142 stable channel was officially released on October 28, 2025, for Windows, Mac, Linux, Android, and ChromeOS platforms. The update includes 20 security fixes, addressin ... Read more Published Date: Oct 30, 2025 (3 hours, 1 minute ago) Vulnerabilities has been mentioned in this article.

  • From Domain User to SYSTEM: Analyzing the NTLM LDAP Authentication Bypass Vulnerability (CVE-2025-54918)
    on October 30, 2025 at 11:49 am

    From Domain User to SYSTEM: Analyzing the NTLM LDAP Authentication Bypass Vulnerability (CVE-2025-54918) In September 2025, a critical vulnerability (CVE-2025-54918) was discovered affecting domain controllers running LDAP or LDAPS services. This vulnerability allows attackers to elevate privileges from ... Read more Published Date: Oct 30, 2025 (3 hours, 33 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2025-61882 CVE-2025-54918 CVE-2025-48384

  • How Falcon Exposure Management’s ExPRT.AI Predicts What Attackers Will Exploit
    on October 30, 2025 at 11:49 am

    How Falcon Exposure Management’s ExPRT.AI Predicts What Attackers Will Exploit Nearly 40,000 vulnerabilities were disclosed in 2024.1 Security teams are overwhelmed, especially those relying on outdated tools. ExPRT.AI, the native intelligence engine embedded in CrowdStrike Falc ... Read more Published Date: Oct 30, 2025 (3 hours, 33 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2025-61882 CVE-2025-54918 CVE-2025-48384 CVE-2025-4664

  • Falcon Defends Against Git Vulnerability CVE-2025-48384
    on October 30, 2025 at 11:49 am

    Falcon Defends Against Git Vulnerability CVE-2025-48384 CrowdStrike has identified active exploitation of Git vulnerability CVE-2025-48384. In the observed activity, threat actors combined sophisticated social engineering tactics with malicious Git reposit ... Read more Published Date: Oct 30, 2025 (3 hours, 33 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2025-61882 CVE-2025-54918 CVE-2025-48384

  • Micropatches Released for Windows Installer Elevation of Privilege Vulnerability (CVE-2025-50173)
    on October 30, 2025 at 11:43 am

    Micropatches Released for Windows Installer Elevation of Privilege Vulnerability (CVE-2025-50173) August 2025 Windows Updates brought a patch for CVE-2025-50173, a privilege escalation vulnerability in Windows Installer that could allow a local low-privileged attacker to execute arbitrary code as ... Read more Published Date: Oct 30, 2025 (3 hours, 40 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2025-50173 CVE-2024-38014

  • Vulnerability in OpenSolution Quick.Cart software
    on October 30, 2025 at 10:55 am

    Vulnerability in OpenSolution Quick.Cart software Vulnerability in OpenSolution Quick.Cart software CVE ID CVE-2025-10317 Publication date 30 October 2025 Vendor OpenSolution Product Quick.Cart Vulnerable versions 6.7 Vulnerability type (CWE) Cross-S ... Read more Published Date: Oct 30, 2025 (4 hours, 28 minutes ago) Vulnerabilities has been mentioned in this article.

  • ThreatsDay Bulletin: DNS Poisoning Flaw, Supply-Chain Heist, Rust Malware Trick and New RATs Rising
    on October 30, 2025 at 10:54 am

    ThreatsDay Bulletin: DNS Poisoning Flaw, Supply-Chain Heist, Rust Malware Trick and New RATs Rising The comfort zone in cybersecurity is gone. Attackers are scaling down, focusing tighter, and squeezing more value from fewer, high-impact targets. At the same time, defenders face growing blind spots ... Read more Published Date: Oct 30, 2025 (4 hours, 29 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2025-40778 CVE-2017-11882

  • New Attack Combines Ghost SPNs and Kerberos Reflection to Elevate Privileges on SMB Servers
    on October 30, 2025 at 9:52 am

    New Attack Combines Ghost SPNs and Kerberos Reflection to Elevate Privileges on SMB Servers A sophisticated privilege escalation vulnerability in Windows SMB servers, leveraging Ghost Service Principal Names (SPNs) and Kerberos authentication reflection to achieve remote SYSTEM-level access. ... Read more Published Date: Oct 30, 2025 (5 hours, 31 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2025-58726 CVE-2025-33073

  • Blue TryHackMe Walkthrough
    on October 30, 2025 at 9:05 am

    Blue TryHackMe Walkthrough 23 min readFeb 6, 2025Room link [TryHackMe]ReconnaissanceThe first phase of Hacking involves in gathering information about a target to identify the potential technologies used by the target, which co ... Read more Published Date: Oct 30, 2025 (6 hours, 18 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2017-0143 CVE-2012-1182

  • Planning — HackTheBox Walkthrough
    on October 30, 2025 at 9:01 am

    Planning — HackTheBox Walkthrough 6 min read4 days agoIntroductionPlanning is an Easy Linux machine on HackTheBox that covers key penetration testing techniques such as Grafana exploitation, container escape, and privilege escalation ... Read more Published Date: Oct 30, 2025 (6 hours, 22 minutes ago) Vulnerabilities has been mentioned in this article.

  • VS verzoekt organisaties om op kwetsbare Windows-servers te controleren
    on October 30, 2025 at 8:52 am

    VS verzoekt organisaties om op kwetsbare Windows-servers te controleren Het cyberagentschap van de Amerikaanse overheid heeft organisaties opgeroepen om op kwetsbare Windows-servers te controleren. Aanleiding is actief misbruik van een kritieke kwetsbaarheid in de Windows ... Read more Published Date: Oct 30, 2025 (6 hours, 31 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2025-59287

  • WordPress-sites aangevallen via kritieke kwetsbaarheid in plug-in Freeio
    on October 30, 2025 at 8:25 am

    WordPress-sites aangevallen via kritieke kwetsbaarheid in plug-in Freeio WordPress-sites worden actief aangevallen via een kritieke kwetsbaarheid in de plug-in Freeio, zo laat securitybedrijf Wordfence weten. Freeio is een plug-in waarmee WordPress-sites zijn te veranderen ... Read more Published Date: Oct 30, 2025 (6 hours, 58 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2025-11533

  • Microsoft Windows Cloud Files Minifilter Privilege Escalation Vulnerability Exploited
    on October 30, 2025 at 8:21 am

    Microsoft Windows Cloud Files Minifilter Privilege Escalation Vulnerability Exploited Microsoft has patched a critical race condition vulnerability in its Windows Cloud Files Minifilter driver, known as CVE-2025-55680, which enables local attackers to escalate privileges and create arb ... Read more Published Date: Oct 30, 2025 (7 hours, 2 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2025-55680 CVE-2020-17136

  • From Domain User to SYSTEM: Analyzing the NTLM LDAP Authentication Bypass Vulnerability (CVE-2025-54918)
    on October 30, 2025 at 7:49 am

    From Domain User to SYSTEM: Analyzing the NTLM LDAP Authentication Bypass Vulnerability (CVE-2025-54918) In September 2025, a critical vulnerability (CVE-2025-54918) was discovered affecting domain controllers running LDAP or LDAPS services. This vulnerability allows attackers to elevate privileges from ... Read more Published Date: Oct 30, 2025 (7 hours, 33 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2025-61882 CVE-2025-54918 CVE-2025-48384

  • How Falcon Exposure Management’s ExPRT.AI Predicts What Attackers Will Exploit
    on October 30, 2025 at 7:49 am

    How Falcon Exposure Management’s ExPRT.AI Predicts What Attackers Will Exploit Nearly 40,000 vulnerabilities were disclosed in 2024.1 Security teams are overwhelmed, especially those relying on outdated tools. ExPRT.AI, the native intelligence engine embedded in CrowdStrike Falc ... Read more Published Date: Oct 30, 2025 (7 hours, 33 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2025-61882 CVE-2025-54918 CVE-2025-48384 CVE-2025-4664

  • Falcon Defends Against Git Vulnerability CVE-2025-48384
    on October 30, 2025 at 7:49 am

    Falcon Defends Against Git Vulnerability CVE-2025-48384 CrowdStrike has identified active exploitation of Git vulnerability CVE-2025-48384. In the observed activity, threat actors combined sophisticated social engineering tactics with malicious Git reposit ... Read more Published Date: Oct 30, 2025 (7 hours, 33 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2025-61882 CVE-2025-54918 CVE-2025-48384

  • Chrome 142 Released With Fix for 20 Vulnerabilities that Allows Malicious Code Execution
    on October 30, 2025 at 6:21 am

    Chrome 142 Released With Fix for 20 Vulnerabilities that Allows Malicious Code Execution Google has officially promoted Chrome 142 to the stable channel, delivering critical security updates for Windows, Mac, and Linux users. The rollout begins immediately and will continue over the next ... Read more Published Date: Oct 30, 2025 (9 hours, 1 minute ago) Vulnerabilities has been mentioned in this article.

  • How Falcon Exposure Management’s ExPRT.AI Predicts What Attackers Will Exploit
    on October 30, 2025 at 5:49 am

    How Falcon Exposure Management’s ExPRT.AI Predicts What Attackers Will Exploit Nearly 40,000 vulnerabilities were disclosed in 2024.1 Security teams are overwhelmed, especially those relying on outdated tools. ExPRT.AI, the native intelligence engine embedded in CrowdStrike Falc ... Read more Published Date: Oct 30, 2025 (9 hours, 33 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2025-61882 CVE-2025-54918 CVE-2025-48384 CVE-2025-4664

  • Falcon Defends Against Git Vulnerability CVE-2025-48384
    on October 30, 2025 at 5:49 am

    Falcon Defends Against Git Vulnerability CVE-2025-48384 CrowdStrike has identified active exploitation of Git vulnerability CVE-2025-48384. In the observed activity, threat actors combined sophisticated social engineering tactics with malicious Git reposit ... Read more Published Date: Oct 30, 2025 (9 hours, 33 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2025-61882 CVE-2025-54918 CVE-2025-48384

severity high

  • CVE-2025-43027 - Genetec Security Center Administrative Access Bypass Vulnerability

    CVE ID : CVE-2025-43027Published : Oct. 30, 2025, 3:15 p.m. | 34 minutes agoDescription : A critical severity vulnerability has been identified in the ALPR Manager role of Security Center that could allow attackers to gain administrative access to the Genetec Security Center system. The Genetec engineering team discovered this issue internally. There is currently no evidence that this vulnerability has been exploited in the wild.Severity: 9.8 | CRITICALVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2025-53880 - susemanager-tftpsync-recv allows arbitrary file creation and deletion due to path traversal

    CVE ID : CVE-2025-53880Published : Oct. 30, 2025, 11:15 a.m. | 4 hours, 34 minutes agoDescription : A Path Traversal vulnerability in the tftpsync/add and tftpsync/delete scripts allows a remote attacker on an adjacent network to write or delete files on the filesystem with the privileges of the unprivileged wwwrun user. Although the endpoint is unauthenticated, access is restricted to a list of allowed IP addresses.Severity: 8.7 | HIGHVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2025-53883 - spacewalk-java has various XSS issues on search page

    CVE ID : CVE-2025-53883Published : Oct. 30, 2025, 11:15 a.m. | 4 hours, 34 minutes agoDescription : A Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability allows attackers to run arbitrary javascript via a reflected XSS issue in the search fields.This issue affects Container suse/manager/5.0/x86_64/server:latest: from ? before 5.0.28-150600.3.36.8; SUSE Manager Server LTS 4.3: from ? before 4.3.88-150400.3.113.5.Severity: 9.3 | CRITICALVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2025-39663 - Cross Site Scripting through compromised remote site

    CVE ID : CVE-2025-39663Published : Oct. 30, 2025, 11:15 a.m. | 4 hours, 34 minutes agoDescription : Cross-Site Scripting (XSS) vulnerability in Checkmk's distributed monitoring allows a compromised remote site to inject malicious HTML code into service outputs in the central site. Affecting Checkmk before 2.4.0p14, 2.3.0p39, 2.2.0 and 2.1.0 (eol).Severity: 8.5 | HIGHVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2025-54470 - NeuVector telemetry sender is vulnerable to MITM and DoS

    CVE ID : CVE-2025-54470Published : Oct. 30, 2025, 10:15 a.m. | 5 hours, 34 minutes agoDescription : This vulnerability affects NeuVector deployments only when the Report anonymous cluster data option is enabled. When this option is enabled, NeuVector sends anonymous telemetry data to the telemetry server.In affected versions, NeuVector does not enforce TLS certificate verification when transmitting anonymous cluster data to the telemetry server. As a result, the communication channel is susceptible to man-in-the-middle (MITM) attacks, where an attacker could intercept or modify the transmitted data. Additionally, NeuVector loads the response of the telemetry server is loaded into memory without size limitation, which makes it vulnerable to a Denial of Service(DoS) attackSeverity: 8.6 | HIGHVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2025-54469 - NeuVector Enforcer is vulnerable to Command Injection and Buffer overflow

    CVE ID : CVE-2025-54469Published : Oct. 30, 2025, 10:15 a.m. | 5 hours, 34 minutes agoDescription : A vulnerability was identified in NeuVector, where the enforcer used environment variables CLUSTER_RPC_PORT and CLUSTER_LAN_PORT to generate a command to be executed via popen, without first sanitising their values.The entry process of the enforcer container is the monitor process. When the enforcer container stops, the monitor process checks whether the consul subprocess has exited. To perform this check, the monitor process uses the popen function to execute a shell command that determines whether the ports used by the consul subprocess are still active.The values of environment variables CLUSTER_RPC_PORT and CLUSTER_LAN_PORT are used directly to compose shell commands via popen without validation or sanitization. This behavior could allow a malicious user to inject malicious commands through these variables within the enforcer container.Severity: 9.9 | CRITICALVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2025-54459 - Vertikal Systems Hospital Manager Backend Services Exposure of Sensitive System Information to an Unauthorized Control Sphere

    CVE ID : CVE-2025-54459Published : Oct. 29, 2025, 10:15 p.m. | 17 hours, 34 minutes agoDescription : Prior to September 19, 2025, the Hospital Manager Backend Services exposed the ASP.NET tracing endpoint /trace.axd without authentication, allowing a remote attacker to obtain live request traces and sensitive information such as request metadata, session identifiers, authorization headers, server variables, and internal file paths.Severity: 8.7 | HIGHVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2025-11200 - MLflow Weak Password Requirements Authentication Bypass Vulnerability

    CVE ID : CVE-2025-11200Published : Oct. 29, 2025, 8:15 p.m. | 19 hours, 34 minutes agoDescription : MLflow Weak Password Requirements Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of passwords. The issue results from weak password requirements. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26916.Severity: 8.1 | HIGHVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2025-11201 - MLflow Tracking Server Model Creation Directory Traversal Remote Code Execution Vulnerability

    CVE ID : CVE-2025-11201Published : Oct. 29, 2025, 8:15 p.m. | 19 hours, 34 minutes agoDescription : MLflow Tracking Server Model Creation Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MLflow Tracking Server. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of model file paths. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-26921.Severity: 8.1 | HIGHVisit the link for more details, such as CVSS details, affected products, timeline, and more...

  • CVE-2025-11202 - win-cli-mcp-server resolveCommandPath Command Injection Remote Code Execution Vulnerability

    CVE ID : CVE-2025-11202Published : Oct. 29, 2025, 8:15 p.m. | 19 hours, 34 minutes agoDescription : win-cli-mcp-server resolveCommandPath Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of win-cli-mcp-server. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the resolveCommandPath method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-27787.Severity: 9.8 | CRITICALVisit the link for more details, such as CVSS details, affected products, timeline, and more...

    NEWS Events

    No Result
    View All Result

    © 2025 Sumtrix – Your source for the latest in Cybersecurity, AI, and Tech News.

    Our website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.