A vulnerability in the Mount service of Veeam Backup & Replication, which allows for remote code execution (RCE) on the Backup infrastructure hosts by an authenticated domain user.
Published on: 31/10/2025 00:15:36
Last Modified: 31/10/2025 00:15:36
ELOG allows an authenticated user to modify another user's profile. An attacker can edit a target user's email address, then request a password reset, and take control of the target account. By default, ELOG is not configured to allow self-registration.
Published on: 31/10/2025 19:15:51
Last Modified: 31/10/2025 19:15:51
Incorrect access control in the realtime.cgi endpoint of Deep Sea Electronics devices DSE855 v1.1.0 to v1.1.26 allows attackers to gain access to the admin panel and complete control of the device.
Published on: 31/10/2025 16:15:40
Last Modified: 31/10/2025 20:15:42
The service Bizerba Communication Server (BCS) has an unquoted service path. Due to the way Windows searches the executable for the BCS service, malicious programs can be executed.
Published on: 31/10/2025 16:15:39
Last Modified: 31/10/2025 16:15:39
Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap use-after-free vulnerability in vtkGLTFDocumentLoader. The vulnerability manifests during mesh object copy operations where vector members are accessed after the underlying memory has been freed, specifically when handling GLTF files with corrupted or invalid mesh reference structures.
Published on: 31/10/2025 15:15:42
Last Modified: 31/10/2025 20:15:45
Deserialization of Untrusted Data vulnerability in Chouby Polylang polylang allows Object Injection.This issue affects Polylang: from n/a through <= 3.7.3.
Published on: 31/10/2025 12:15:35
Last Modified: 31/10/2025 19:15:52
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Abis Technology BAPSIS allows Blind SQL Injection.This issue affects BAPSIS: before 202510271606.
Published on: 31/10/2025 08:15:36
Last Modified: 31/10/2025 08:15:36
A malicious actor with access to the management network could exploit a misconfiguration in UniFi’s door access application, UniFi Access, that exposed a management API without proper authentication. This vulnerability was introduced in Version 3.3.22 and was fixed in Version 4.0.21 and later. Affected Products: UniFi Access Application (Version 3.3.22 through 3.4.31). Mitigation: Update your UniFi Access Application to Version 4.0.21 or later.
Published on: 31/10/2025 00:15:37
Last Modified: 31/10/2025 14:16:13
A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.
Published on: 31/10/2025 00:15:36
Last Modified: 31/10/2025 13:15:33
SQL injection in Revive Adserver 6.0.0 causes potential disruption or information access when specifically crafted payloads are sent by logged in users
Published on: 31/10/2025 00:15:36
Last Modified: 31/10/2025 00:15:36
The WooCommerce Designer Pro theme for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.9.28. This makes it possible for unauthenticated attackers to read arbitrary files on the server, which can expose DB credentials when the wp-config.php file is read.
Published on: 31/10/2025 08:15:36
Last Modified: 31/10/2025 08:15:36
The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the save_fields() function in all versions up to, and including, 16.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
Published on: 31/10/2025 07:15:38
Last Modified: 31/10/2025 07:15:38
The King Addons for Elementor – Free Elements, Widgets, Templates, and Features for Elementor plugin for WordPress is vulnerable to privilege escalation in versions 24.12.92 to 51.1.14 . This is due to the plugin not properly restricting the roles that users can register with. This makes it possible for unauthenticated attackers to register with administrator-level user accounts.
Published on: 31/10/2025 07:15:38
Last Modified: 31/10/2025 07:15:38
The Noo JobMonster theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4.8.1. This is due to the check_login() function not properly verifying a user's identity prior to successfully authenticating them This makes it possible for unauthenticated attackers to bypass standard authentication and access administrative user accounts. Please note social login needs to be enabled in order for a site to be impacted by this vulnerability.
Published on: 31/10/2025 07:15:37
Last Modified: 31/10/2025 07:15:37
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prier to 1.4.2, there is a missing bounds check in Crypto_Key_update() (crypto_key_mgmt.c) which allows a remote attacker to trigger a stack-based buffer overflow by supplying a TLV packet with a spoofed length field. The function calculates the number of keys from an attacker-controlled field (pdu_len), which may exceed the static array size (kblk[98]), leading to an out-of-bounds write and potential memory corruption. This vulnerability is fixed in 1.4.2.
Published on: 30/10/2025 17:15:40
Last Modified: 30/10/2025 19:16:36
An issue in BusinessNext CRMnext v.10.8.3.0 allows a remote attacker to execute arbitrary code via the comments input parameter.
Published on: 30/10/2025 17:15:39
Last Modified: 31/10/2025 15:15:43
n8n is an open source workflow automation platform. Prior to 1.113.0, a remote code execution vulnerability exists in the Git Node component available in both Cloud and Self-Hosted versions of n8n. When a malicious actor clones a remote repository containing a pre-commit hook, the subsequent use of the Commit operation in the Git Node can inadvertently trigger the hook’s execution. This allows attackers to execute arbitrary code within the n8n environment, potentially compromising the system and any connected credentials or workflows. This vulnerability is fixed in 1.113.0.
Published on: 30/10/2025 17:15:39
Last Modified: 30/10/2025 17:15:39
JumpServer is an open source bastion host and an operation and maintenance security audit system. In JumpServer versions prior to v3.10.20-lts and v4.10.11-lts, an authenticated, non-privileged user can retrieve connection tokens belonging to other users via the super-connection API endpoint (/api/v1/authentication/super-connection-token/). When accessed from a web browser, this endpoint returns connection tokens created by all users instead of restricting results to tokens owned by or authorized for the requester. An attacker who obtains these tokens can use them to initiate connections to managed assets on behalf of the original token owners, resulting in unauthorized access and privilege escalation across sensitive systems. This vulnerability is fixed in v3.10.20-lts and v4.10.11-lts.
Published on: 30/10/2025 16:15:36
Last Modified: 30/10/2025 16:15:36
A critical severity vulnerability has been identified in the ALPR Manager role of Security Center that could allow attackers to gain administrative access to the Genetec Security Center system. The Genetec engineering team discovered this issue internally. There is currently no evidence that this vulnerability has been exploited in the wild.
Published on: 30/10/2025 15:15:37
Last Modified: 30/10/2025 15:15:37
This vulnerability affects NeuVector deployments only when the Report anonymous cluster data option is enabled. When this option is enabled, NeuVector sends anonymous telemetry data to the telemetry server. In affected versions, NeuVector does not enforce TLS certificate verification when transmitting anonymous cluster data to the telemetry server. As a result, the communication channel is susceptible to man-in-the-middle (MITM) attacks, where an attacker could intercept or modify the transmitted data. Additionally, NeuVector loads the response of the telemetry server is loaded into memory without size limitation, which makes it vulnerable to a Denial of Service(DoS) attack
Published on: 30/10/2025 10:15:35
Last Modified: 30/10/2025 15:03:13
A vulnerability was identified in NeuVector, where the enforcer used environment variables CLUSTER_RPC_PORT and CLUSTER_LAN_PORT to generate a command to be executed via popen, without first sanitising their values. The entry process of the enforcer container is the monitor process. When the enforcer container stops, the monitor process checks whether the consul subprocess has exited. To perform this check, the monitor process uses the popen function to execute a shell command that determines whether the ports used by the consul subprocess are still active. The values of environment variables CLUSTER_RPC_PORT and CLUSTER_LAN_PORT are used directly to compose shell commands via popen without validation or sanitization. This behavior could allow a malicious user to inject malicious commands through these variables within the enforcer container.
Published on: 30/10/2025 10:15:34
Last Modified: 30/10/2025 15:03:13
IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view, overwrite, or append to arbitrary files on the system.
Published on: 30/10/2025 20:15:38
Last Modified: 30/10/2025 20:15:38
WordPress plugin Contact Form CFDB7 versions up to and including 1.3.2 are affected by a pre-authentication SQL injection vulnerability that cascades into insecure deserialization (PHP Object Injection). The weakness arises due to insufficient validation of user input in plugin endpoints, allowing crafted input to influence backend queries in unexpected ways. Using specially crafted payloads, this can escalate into unsafe deserialization, enabling arbitrary object injection in PHP. Although the issue is remotely exploitable without authentication, it does require a crafted interaction with the affected endpoint in order to trigger successfully.
Published on: 29/10/2025 00:15:34
Last Modified: 30/10/2025 15:05:32
GitLab has remediated an issue in EE affecting all versions from 17.1 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker with specific permissions to hijack project runners from other projects.
Published on: 29/10/2025 07:15:37
Last Modified: 30/10/2025 15:03:13
win-cli-mcp-server resolveCommandPath Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of win-cli-mcp-server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the resolveCommandPath method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-27787.
Published on: 29/10/2025 20:15:35
Last Modified: 30/10/2025 15:03:13
A vulnerability was found in code-projects Online Complaint Site 1.0. This issue affects some unknown processing of the file /cms/admin/subcategory.php. This manipulation of the argument category causes SQL injection.
Published on: 29/10/2025 15:15:44
Last Modified: 30/10/2025 15:15:45
An issue in NCR Atleos Terminal Manager (ConfigApp) v3.4.0 allows attackers to escalate privileges via a crafted request.
Published on: 29/10/2025 15:15:43
Last Modified: 30/10/2025 15:03:13
A stack-based buffer overflow issue was discovered in the phddns client in Blu-Castle BCUM221E 1.0.0P220507 via the password field.
Published on: 29/10/2025 14:15:50
Last Modified: 30/10/2025 15:03:13
Jenkins Azure CLI Plugin 0.9 and earlier does not restrict which commands it executes on the Jenkins controller, allowing attackers with Item/Configure permission to execute arbitrary shell commands.
Published on: 29/10/2025 14:15:58
Last Modified: 30/10/2025 15:03:13
Jenkins Azure CLI Plugin 0.9 and earlier does not restrict which commands it executes on the Jenkins controller, allowing attackers with Item/Configure permission to execute arbitrary shell commands.
Published on: 29/10/2025 14:15:58
Last Modified: 30/10/2025 15:03:13
Taiga is an open source project management platform. In versions 6.8.3 and earlier, a remote code execution vulnerability exists in the Taiga API due to unsafe deserialization of untrusted data. This issue is fixed in version 6.9.0.
Published on: 28/10/2025 21:15:40
Last Modified: 30/10/2025 15:05:32
An issue was discovered in Dataphone A920 v2025.07.161103. A custom packet based on public documentation can be crafted, where some fields can contain arbitrary or trivial data. Normally, such data should cause the device to reject the packet. However, due to a lack of validation, the device accepts it with no authetication and triggers the functionality instead.
Published on: 28/10/2025 20:15:49
Last Modified: 30/10/2025 15:05:32
zhangyd-c OneBlog before 2.3.9 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.
Published on: 28/10/2025 18:15:38
Last Modified: 30/10/2025 15:05:32
Stack-based buffer overflow vulnerability in WAVLINK QUANTUM D3G/WL-WN530HG3 firmware M30HG3_V240730, and possibly other wavlink models allows attackers to execute arbitrary code via crafted referrer value POST to login.cgi.
Published on: 28/10/2025 15:16:13
Last Modified: 30/10/2025 15:05:32
An out-of-bounds read vulnerability has been discovered in Monkey's Audio 11.31, specifically in the CAPECharacterHelper::GetUTF16FromUTF8 function. The issue arises from improper handling of the length of the input UTF-8 string, causing the function to read past the memory boundary. This vulnerability may result in a crash or expose sensitive data.
Published on: 28/10/2025 15:16:12
Last Modified: 30/10/2025 15:05:32
Use of Hard-Coded Credentials issue exists in MZK-DP300N version 1.07 and earlier, which may allow an attacker within the local network to log in to the affected device via Telnet and execute arbitrary commands.
Published on: 28/10/2025 05:15:48
Last Modified: 30/10/2025 15:05:32
Starting with Firefox 142, it was possible for a compromised child process to trigger a use-after-free in the GPU or browser process using WebGPU-related IPC calls. This may have been usable to escape the child process sandbox. This vulnerability affects Firefox < 144.0.2.
Published on: 28/10/2025 14:15:57
Last Modified: 30/10/2025 15:05:32
IBM Maximo Application Suite 9.0.0 through 9.0.15 and 9.1.0 through 9.1.4 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application.
Published on: 28/10/2025 16:15:38
Last Modified: 30/10/2025 15:05:32
alexusmai laravel-file-manager 3.3.1 and before allows an authenticated attacker to achieve Remote Code Execution (RCE) through a crafted file upload. A file with a '.png` extension containing PHP code can be uploaded via the file manager interface. Although the upload appears to fail client-side validation, the file is still saved on the server. The attacker can then use the rename API to change the file extension to `.php`, and upon accessing it via a public URL, the server executes the embedded code.
Published on: 28/10/2025 16:15:38
Last Modified: 30/10/2025 15:05:32
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, the default HTML editor provider allows unauthenticated file uploads and images can overwrite existing files. An unauthenticated user can upload and replace existing files allowing defacing a website and combined with other issue, injection XSS payloads. This vulnerability is fixed in 10.1.1.
Published on: 28/10/2025 22:15:38
Last Modified: 30/10/2025 15:05:32