5.5

CVSS3.1

CVE-2025-43282 -

A double free issue was addressed with improved memory management. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7, tvOS 18.6, visionOS 2.6, watchOS 11.6. An app may be able to cause unexpected system termination.

πŸ“… Published: Oct. 15, 2025, 8 p.m. πŸ”„ Last Modified: April 2, 2026, 7:20 p.m.

5.5

CVSS3.1

CVE-2025-43313 -

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to access sensitive user data.

πŸ“… Published: Oct. 15, 2025, 8 p.m. πŸ”„ Last Modified: April 2, 2026, 7:20 p.m.

4.7

CVSS3.1

CVE-2025-43280 -

The issue was resolved by not loading remote images. This issue is fixed in iOS 18.6 and iPadOS 18.6. Forwarding an email could display remote images in Mail in Lockdown Mode.

πŸ“… Published: Oct. 15, 2025, 8 p.m. πŸ”„ Last Modified: April 2, 2026, 7:20 p.m.

7.8

CVSS3.1

CVE-2025-43281 -

The issue was addressed with improved authentication. This issue is fixed in macOS Sequoia 15.6. A local attacker may be able to elevate their privileges.

πŸ“… Published: Oct. 15, 2025, 8 p.m. πŸ”„ Last Modified: April 2, 2026, 6:09 p.m.

8.8

CVSS3.1

CVE-2025-11619 -

Improper certificate validation when connecting to gateways in Devolutions Server 2025.3.2 and earlier allows attackersΒ in MitM position to intercept traffic.

πŸ“… Published: Oct. 15, 2025, 7:45 p.m. πŸ”„ Last Modified: Dec. 3, 2025, 2:51 p.m.

6.9

CVSS4.0

CVE-2025-62375 - go-witness Improper Verification of AWS EC2 Identity Documents

go-witness and witness are Go modules for generating attestations. In go-witness versions 0.8.6 and earlier and witness versions 0.9.2 and earlier the AWS attestor improperly verifies AWS EC2 instance identity documents. Verification can incorrectly succeed when a signature is not present or is emp…

πŸ“… Published: Oct. 15, 2025, 7:23 p.m. πŸ”„ Last Modified: Oct. 21, 2025, 9:40 a.m.

10

CVSS4.0

CVE-2025-11832 - APIs Lack Rate Limiting

Allocation of Resources Without Limits or Throttling vulnerability in Azure Access Technology BLU-IC2, Azure Access Technology BLU-IC4 allows Flooding.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

πŸ“… Published: Oct. 15, 2025, 7:10 p.m. πŸ”„ Last Modified: Nov. 7, 2025, 5:49 p.m.

7.4

CVSS3.1

CVE-2025-62371 - OpenSearch Data Prepper plugins trusts all SSL certificates by default

OpenSearch Data Prepper as an open source data collector for observability data. In versions prior to 2.12.2, the OpenSearch sink and source plugins in Data Prepper trust all SSL certificates by default when no certificate path is provided. Prior to this fix, the OpenSearch sink and source plugins …

πŸ“… Published: Oct. 15, 2025, 5:25 p.m. πŸ”„ Last Modified: Dec. 4, 2025, 6:06 p.m.

9.4

CVSS4.0

CVE-2025-62410 - --disallow-code-generation-from-strings is not sufficient for isolating untrusted JavaScript in hap…

In versions before 20.0.2, it was found that --disallow-code-generation-from-strings is not sufficient for isolating untrusted JavaScript in happy-dom. The untrusted script and the rest of the application still run in the same Isolate/process, so attackers can deploy prototype pollution payloads to…

πŸ“… Published: Oct. 15, 2025, 5:16 p.m. πŸ”„ Last Modified: Oct. 20, 2025, 1:25 p.m.

8.3

CVSS4.0

CVE-2025-62381 - sveltekit-superforms Prototype Pollution in `parseFormData` function of `formData.js`

sveltekit-superforms makes SvelteKit forms a pleasure to use. sveltekit-superforms v2.27.3 and prior are susceptible to a prototype pollution vulnerability within the parseFormData function of formData.js. An attacker can inject string and array properties into Object.prototype, leading to denial o…

πŸ“… Published: Oct. 15, 2025, 5:12 p.m. πŸ”„ Last Modified: Oct. 21, 2025, 9:40 a.m.
Total resulsts: 343168
Page 2799 of 34,317
Β« previous page Β» next page
Filters