6.5

CVSS3.1

CVE-2025-62651 -

The Restaurant Brands International (RBI) assistant platform through 2025-09-06 does not implement access control for the bathroom rating interface.

πŸ“… Published: Oct. 17, 2025, midnight πŸ”„ Last Modified: Oct. 31, 2025, 6:40 p.m.

9.6

CVSS3.1

CVE-2025-60279 -

A server-side request forgery (SSRF) vulnerability in Illia Cloud illia-Builder before v4.8.5 allows authenticated users to send arbitrary requests to internal services via the API. An attacker can leverage this to enumerate open ports based on response discrepancies and interact with internal serv…

πŸ“… Published: Oct. 17, 2025, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

9.8

CVSS3.1

CVE-2025-56316 -

A SQL injection vulnerability in the content_title parameter of the /cms/content/list endpoint in MCMS 5.5.0 allows remote attackers to execute arbitrary SQL queries via unsanitized input in the FreeMarker template rendering.

πŸ“… Published: Oct. 17, 2025, midnight πŸ”„ Last Modified: Oct. 28, 2025, 4:44 p.m.

5.8

CVSS3.1

CVE-2025-62649 -

The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for submission of equipment orders.

πŸ“… Published: Oct. 17, 2025, midnight πŸ”„ Last Modified: Nov. 6, 2025, 10:20 p.m.

2.1

CVSS4.0

CVE-2025-11896 - Stack overflow in Xpdf 4.05 due to object loop in PDF CMap

In Xpdf 4.05 (and earlier), a PDF object loop in a CMap, via the "UseCMap" entry, leads to infinite recursion and a stack overflow.

πŸ“… Published: Oct. 16, 2025, 9:59 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.5

CVSS3.1

CVE-2025-62504 - Envoy Lua filter use-after-free when oversized rewritten response body causes crash

Envoy is an open source edge and service proxy. Envoy versions earlier than 1.36.2, 1.35.6, 1.34.10, and 1.33.12 contain a use-after-free vulnerability in the Lua filter. When a Lua script executing in the response phase rewrites a response body so that its size exceeds the configured per_connectio…

πŸ“… Published: Oct. 16, 2025, 9:23 p.m. πŸ”„ Last Modified: Oct. 29, 2025, 7:19 p.m.

8.1

CVSS3.1

CVE-2025-62506 - MinIO vulnerable to privilege escalation via session policy bypass in service accounts and STS

MinIO is a high-performance object storage system. In all versions prior to RELEASE.2025-10-15T17-29-55Z, a privilege escalation vulnerability allows service accounts and STS (Security Token Service) accounts with restricted session policies to bypass their inline policy restrictions when performin…

πŸ“… Published: Oct. 16, 2025, 9:17 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6.9

CVSS4.0

CVE-2025-11864 - NucleoidAI Nucleoid Outbound Request cluster.ts extension.apply server-side request forgery

A vulnerability was identified in NucleoidAI Nucleoid up to 0.7.10. The impacted element is the function extension.apply of the file /src/cluster.ts of the component Outbound Request Handler. Such manipulation of the argument https/ip/port/path/headers leads to server-side request forgery. The atta…

πŸ“… Published: Oct. 16, 2025, 9:02 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.5

CVSS3.1

CVE-2024-42192 - HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a credential leakage

HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a credential leakage which could allow an attacker to access other computers or applications.

πŸ“… Published: Oct. 16, 2025, 8:24 p.m. πŸ”„ Last Modified: Oct. 29, 2025, 7:25 p.m.

5.3

CVSS4.0

CVE-2025-11853 - Sismics Teedy API Endpoint file access control

A vulnerability was determined in Sismics Teedy up to 1.11. This affects an unknown function of the file /api/file of the component API Endpoint. Executing a manipulation can lead to improper access controls. The attack may be performed from remote. The exploit has been publicly disclosed and may b…

πŸ“… Published: Oct. 16, 2025, 7:02 p.m. πŸ”„ Last Modified: Feb. 24, 2026, 8:16 a.m.
Total resulsts: 349182
Page 3385 of 34,919
Β« previous page Β» next page
Filters