5.5

CVSS3.1

CVE-2025-8884 - IDOR in VHS Electronic Software's ACE Center

Authorization Bypass Through User-Controlled Key vulnerability in VHS Electronic Software Ltd. Co. ACE Center allows Privilege Abuse, Exploitation of Trusted Identifiers.This issue affects ACE Center: from 3.10.100.1768 before 3.10.161.2255.

๐Ÿ“… Published: Oct. 20, 2025, 2:36 p.m. ๐Ÿ”„ Last Modified: Oct. 21, 2025, 7:31 p.m.

7.8

CVSS3.1

CVE-2025-41390 - TruffleHog: specially crafted git repository can lead to arbitrary code execution

An arbitrary code execution vulnerability exists in the git functionality of Truffle Security Co. TruffleHog 3.90.2. A specially crafted repository can lead to a arbitrary code execution. An attacker can provide a malicious respository to trigger this vulnerability.

๐Ÿ“… Published: Oct. 20, 2025, 2:15 p.m. ๐Ÿ”„ Last Modified: Oct. 21, 2025, 7:31 p.m.

5.9

CVSS4.0

CVE-2025-11680 - Out-of-bounds Write in libwebsockets PNG parsing

Out-of-bounds Write in unfilter_scanline in warmcat libwebsockets allows, when the LWS_WITH_UPNG flag is enabled during compilation and the HTML display stack is used, to write past a heap allocated buffer possibly causing a crash, when the user visits an attacker controlled website that contains aโ€ฆ

๐Ÿ“… Published: Oct. 20, 2025, 2:04 p.m. ๐Ÿ”„ Last Modified: Oct. 21, 2025, 7:31 p.m.

5.9

CVSS4.0

CVE-2025-11679 - Out-of-bounds Read in libwebsockets PNG parsing

Out-of-bounds Read in lws_upng_emit_next_line in warmcat libwebsockets allows, when the LWS_WITH_UPNG flag is enabled during compilation and the HTML display stack is used, to read past a heap allocated buffer possibly causing a crash, when the user visits an attacker controlled website that contaiโ€ฆ

๐Ÿ“… Published: Oct. 20, 2025, 1:58 p.m. ๐Ÿ”„ Last Modified: Oct. 21, 2025, 7:31 p.m.

7.5

CVSS4.0

CVE-2025-11678 - Stack-based Buffer Overflow in libwebsockets DNS response parsing

Stack-based Buffer Overflowย in lws_adns_parse_label in warmcat libwebsockets allows, when the LWS_WITH_SYS_ASYNC_DNS flag is enabled during compilation, to overflow the label_stack, when the attacker is able to sniff a DNS request in order to craft a response with a matching id containing a label lโ€ฆ

๐Ÿ“… Published: Oct. 20, 2025, 1:51 p.m. ๐Ÿ”„ Last Modified: Oct. 21, 2025, 7:31 p.m.

6.3

CVSS4.0

CVE-2025-11677 - Use After Free in libwebsockets WebSocket server

Use After Free in WebSocket server implementation in lws_handshake_server in warmcat libwebsockets may allow an attacker, in specific configurations where the user provides a callback function that handlesย LWS_CALLBACK_HTTP_CONFIRM_UPGRADE, to achieve denial of service.

๐Ÿ“… Published: Oct. 20, 2025, 1:41 p.m. ๐Ÿ”„ Last Modified: Oct. 21, 2025, 7:31 p.m.

5.3

CVSS4.0

CVE-2025-8349 - Cross-Site Scripting (XSS) stored in Tawk Live Chat

Cross-site Scripting (XSS) stored vulnerability in Tawk Live Chat. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by uploading a malicious PDF with JavaScript payload through the chatbot. The PDF is stored by the application and subsequently displayed withoโ€ฆ

๐Ÿ“… Published: Oct. 20, 2025, 9:56 a.m. ๐Ÿ”„ Last Modified: Oct. 21, 2025, 7:31 p.m.

9.3

CVSS4.0

CVE-2025-41028 - SQL injection in Epsilon RH

A SQL Injection vulnerability has been found in Epsilon RH by Grupo Castilla. This vulnerability allows an attacker to retrieve, create, update and delete database via sending a POST request using the parameter โ€˜sEstadoUsrโ€™ in โ€˜/epsilonnetws/WSAvisos.asmxโ€™.

๐Ÿ“… Published: Oct. 20, 2025, 9 a.m. ๐Ÿ”„ Last Modified: Oct. 21, 2025, 7:31 p.m.

2.9

CVSS3.1

CVE-2025-57837 -

Tileservice module is affected by information leak vulnerability, successful exploitation of this vulnerability may affect service confidentiality.

๐Ÿ“… Published: Oct. 20, 2025, 8:12 a.m. ๐Ÿ”„ Last Modified: Oct. 21, 2025, 7:31 p.m.

0.0

CVE-2025-62680 -

Not used

๐Ÿ“… Published: Oct. 20, 2025, 8:07 a.m. ๐Ÿ”„ Last Modified: Oct. 21, 2025, 2:55 a.m.
Total resulsts: 315337
Page 58 of 31,534
ยซ previous page ยป next page
Filters