9.4

CVSS4.0

CVE-2025-10729 - Use-after-free vulnerability in Qt SVG qsvghandler.cpp allows denial of service via crafted SVG

The module will parse a <pattern> node which is not a child of a structural node. The node will be deleted after creation but might be accessed later leading to a use after free.

๐Ÿ“… Published: Oct. 3, 2025, 2:39 p.m. ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

9.4

CVSS4.0

CVE-2025-10728 - Uncontrolled recursion in Qt SVG module

When the module renders a Svg file that contains a <pattern> element, it might end up rendering it recursivelyย leading to stack overflow DoS

๐Ÿ“… Published: Oct. 3, 2025, 2:35 p.m. ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.9

CVSS3.1

CVE-2025-10609 - Hardcoded Credentials in Logo Software's TigerWings ERP

Use of Hard-coded Credentials vulnerability in Logo Software Inc. TigerWings ERP allows Read Sensitive Constants Within an Executable.This issue affects TigerWings ERP: from 01.01.00 before 3.03.00.

๐Ÿ“… Published: Oct. 3, 2025, 12:02 p.m. ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

9.8

CVSS3.1

CVE-2025-10547 - CVE-2025-10547

An uninitialized variable in the HTTP CGI request arguments processing component of Vigor Routers running DrayOS may allow an attacker the ability to perform RCE on the appliance through memory corruption.

๐Ÿ“… Published: Oct. 3, 2025, 11:35 a.m. ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.1

CVSS4.0

CVE-2025-49641 - Insufficient permission check for the problem.view.refresh action

A regular Zabbix user with no permission to the Monitoring -> Problems view is still able to call the problem.view.refresh action and therefore still retrieve a list of active problems.

๐Ÿ“… Published: Oct. 3, 2025, 11:29 a.m. ๐Ÿ”„ Last Modified: Oct. 8, 2025, 2:55 p.m.

7.3

CVSS4.0

CVE-2025-27237 - DLL injection in Zabbix Agent and Agent 2 via OpenSSL configuration

In Zabbix Agent and Agent 2 on Windows, the OpenSSL configuration file is loaded from a path writable by low-privileged users, allowing malicious modification and potential local privilege escalation by injecting a DLL.

๐Ÿ“… Published: Oct. 3, 2025, 11:28 a.m. ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

2.1

CVSS4.0

CVE-2025-27236 - User information disclosure via api_jsonrpc.php on method user.get with param search

A regular Zabbix user can search other users in their user group via Zabbix API by select fields the user does not have access to view. This allows data-mining some field values the user does not have access to.

๐Ÿ“… Published: Oct. 3, 2025, 11:28 a.m. ๐Ÿ”„ Last Modified: Oct. 8, 2025, 2:54 p.m.

4.1

CVSS3.1

CVE-2025-0876 - XSS in Isin Basi Advertisement & IT's Workif

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Isin Basi Advertisement Information Technologies Trade Inc. IT's Workif allows Cross-Site Scripting (XSS).This issue affects IT's Workif: through 20251003.ย NOTE: The vendor was contacted earโ€ฆ

๐Ÿ“… Published: Oct. 3, 2025, 11:25 a.m. ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

4.3

CVSS4.0

CVE-2025-27231 - LDAP 'Bind password' field value can be leaked by a Zabbix Super Admin

The LDAP 'Bind password' value cannot be read after saving, but a Super Admin account can leak it by changing LDAP 'Host' to a rogue LDAP server. To mitigate this, the 'Bind password' value is now reset on 'Host' change.

๐Ÿ“… Published: Oct. 3, 2025, 11:25 a.m. ๐Ÿ”„ Last Modified: Oct. 8, 2025, 2:54 p.m.

9.3

CVSS4.0

CVE-2025-40636 - SQL injection in the mod_vvisit_counter module

SQL injection vulnerability in Joomla module mod_vvisit_counter v2.0.4j3. This vulnerability allows an attacker to retrieve database content via the โ€˜cip_vvisitcounterโ€™ cookie at all endpoints where the plugin counts visits.

๐Ÿ“… Published: Oct. 3, 2025, 11:24 a.m. ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.
Total resulsts: 349182
Page 3579 of 34,919
ยซ previous page ยป next page
Filters