7.5

CVSS3.1

CVE-2025-9230 - Out-of-bounds read & write in RFC 3211 KEK Unwrap

Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a m…

πŸ“… Published: Sept. 30, 2025, 1:17 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

10

CVSS4.0

CVE-2025-34217 - Vasion Print (formerly PrinterLogic) Undocumented Hardcoded SSH Key

Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments) contain an undocumented 'printerlogic' user with a hardcoded SSH public key in '~/.ssh/authorized_keys' and a sudoers rule granting the printerlogic_ssh group 'NOPASSWD: ALL'. Possession of the matchin…

πŸ“… Published: Sept. 30, 2025, 1:03 p.m. πŸ”„ Last Modified: Nov. 17, 2025, 11:56 p.m.

4

CVSS3.1

CVE-2025-10859 - Data stored in cookies for non-HTML content while browsing Incognito could be viewed after closing …

Cookie storage for non-HTML temporary documents was being shared incorrectly with normal browsing content, allowing information from private tabs to escape Incognito mode even after the user closed all tabs. This vulnerability was fixed in Firefox for iOS 143.1.

πŸ“… Published: Sept. 30, 2025, 12:49 p.m. πŸ”„ Last Modified: April 20, 2026, 9:45 p.m.

7.5

CVSS3.1

CVE-2025-11153 - JIT miscompilation in the JavaScript Engine: JIT component

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 143.0.3.

πŸ“… Published: Sept. 30, 2025, 12:49 p.m. πŸ”„ Last Modified: April 20, 2026, 9:45 p.m.

8.6

CVSS3.1

CVE-2025-11152 - Sandbox escape due to integer overflow in the Graphics: Canvas2D component

Sandbox escape due to integer overflow in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143.0.3.

πŸ“… Published: Sept. 30, 2025, 12:49 p.m. πŸ”„ Last Modified: April 20, 2026, 6 p.m.

7.5

CVSS3.1

CVE-2025-11234 - Qemu-kvm: vnc websocket handshake use-after-free

A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client with network access …

πŸ“… Published: Sept. 30, 2025, 12:18 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

6

CVSS4.0

CVE-2025-10217 -

A vulnerability exists in Asset Suite for an authenticated user to manipulate the content of performance related log data or to inject crafted data in logfile for potentially carrying out further malicious attacks. Performance logging is typically enabled for troubleshooting purposes while resolvin…

πŸ“… Published: Sept. 30, 2025, 12:10 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

7.1

CVSS4.0

CVE-2025-41098 - Insecure Direct Object Reference in GPS BOLD Workplanner

Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of aΒ  misuse of the general enquiry web service.

πŸ“… Published: Sept. 30, 2025, 11:18 a.m. πŸ”„ Last Modified: Oct. 8, 2025, 6:19 p.m.

7.1

CVSS4.0

CVE-2025-41099 - Insecure Direct Object Reference in GPS BOLD Workplanner

Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of a lack of adequate validation of user input, allowing an authenticated user toΒ access to the list of permissions using unauthorised internal identifiers.

πŸ“… Published: Sept. 30, 2025, 11:17 a.m. πŸ”„ Last Modified: Oct. 8, 2025, 6:19 p.m.

7.1

CVSS4.0

CVE-2025-41097 - Insecure Direct Object Reference in GPS BOLD Workplanner

Insecure Direct Object Reference (IDOR) vulnerability in BOLD Workplanner in versions prior to 2.5.25 (4935b438f9b), consisting of a lack of adequate validation of user input, allowing an authenticated user toΒ access to basic employee details using unauthorised internal identifiers.

πŸ“… Published: Sept. 30, 2025, 11:16 a.m. πŸ”„ Last Modified: Oct. 8, 2025, 6:18 p.m.
Total resulsts: 349182
Page 3629 of 34,919
Β« previous page Β» next page
Filters