6.3

CVSS4.0

CVE-2025-11677 - Use After Free in libwebsockets WebSocket server

Use After Free in WebSocket server implementation in lws_handshake_server in warmcat libwebsockets may allow an attacker, in specific configurations where the user provides a callback function that handles LWS_CALLBACK_HTTP_CONFIRM_UPGRADE, to achieve denial of service.

📅 Published: Oct. 20, 2025, 1:41 p.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

5.3

CVSS4.0

CVE-2025-8349 - Cross-Site Scripting (XSS) stored in Tawk Live Chat

Cross-site Scripting (XSS) stored vulnerability in Tawk Live Chat. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by uploading a malicious PDF with JavaScript payload through the chatbot. The PDF is stored by the application and subsequently displayed witho…

📅 Published: Oct. 20, 2025, 9:56 a.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

9.3

CVSS4.0

CVE-2025-41028 - SQL injection in Epsilon RH

A SQL Injection vulnerability has been found in Epsilon RH by Grupo Castilla. This vulnerability allows an attacker to retrieve, create, update and delete database via sending a POST request using the parameter ‘sEstadoUsr’ in ‘/epsilonnetws/WSAvisos.asmx’.

📅 Published: Oct. 20, 2025, 9 a.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

2.9

CVSS3.1

6.3

CVE-2025-11677 - Use After Free in libwebsockets WebSocket server

5.3

CVE-2025-8349 - Cross-Site Scripting (XSS) stored in Tawk Live Chat

9.3

CVE-2025-41028 - SQL injection in Epsilon RH

2.9

CVE-2025-57837 -

0.0

CVE-2025-62680 -

0.0

CVE-2025-62681 -

0.0

CVE-2025-62684 -

0.0

CVE-2025-62682 -

0.0

CVE-2025-62683 -

0.0

CVE-2025-62679 -