Total
3968 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-55244 | 1 Microsoft | 1 Azure Ai Bot Service | 2025-10-17 | N/A | 9.0 CRITICAL |
| Azure Bot Service Elevation of Privilege Vulnerability | |||||
| CVE-2025-55240 | 1 Microsoft | 3 Visual Studio 2017, Visual Studio 2019, Visual Studio 2022 | 2025-10-17 | N/A | 7.3 HIGH |
| Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-59201 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2025-10-17 | N/A | 7.8 HIGH |
| Improper access control in Network Connection Status Indicator (NCSI) allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-59253 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-10-17 | N/A | 5.5 MEDIUM |
| Improper access control in Microsoft Windows Search Component allows an authorized attacker to deny service locally. | |||||
| CVE-2025-45615 | 1 User-xiangpeng | 1 Yaoqishan | 2025-10-17 | N/A | 9.8 CRITICAL |
| Incorrect access control in the /admin/ API of yaoqishan v0.0.1-SNAPSHOT allows attackers to gain access to Admin rights via a crafted request. | |||||
| CVE-2025-45616 | 1 Baidu | 1 Brcc | 2025-10-17 | N/A | 9.8 CRITICAL |
| Incorrect access control in the /admin/** API of brcc v1.2.0 allows attackers to gain access to Admin rights via a crafted request. | |||||
| CVE-2025-45617 | 1 Megagao | 1 Production Ssm | 2025-10-17 | N/A | 7.5 HIGH |
| Incorrect access control in the component /user/list of production_ssm v0.0.1-SNAPSHOT allows attackers to access sensitive information via a crafted payload. | |||||
| CVE-2025-59218 | 1 Microsoft | 1 Entra Id | 2025-10-16 | N/A | 9.6 CRITICAL |
| Azure Entra ID Elevation of Privilege Vulnerability | |||||
| CVE-2025-23242 | 2 Linux, Nvidia | 2 Linux Kernel, Riva | 2025-10-16 | N/A | 7.3 HIGH |
| NVIDIA Riva contains a vulnerability where a user could cause an improper access control issue. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, denial of service, or information disclosure. | |||||
| CVE-2025-23243 | 2 Linux, Nvidia | 2 Linux Kernel, Riva | 2025-10-16 | N/A | 6.5 MEDIUM |
| NVIDIA Riva contains a vulnerability where a user could cause an improper access control issue. A successful exploit of this vulnerability might lead to data tampering or denial of service. | |||||
| CVE-2025-61543 | 2025-10-16 | N/A | 7.1 HIGH | ||
| A Host Header Injection vulnerability exists in the password reset functionality of CraftMyCMS 4.0.2.2. The system uses `$_SERVER['HTTP_HOST']` directly to construct password reset links sent via email. An attacker can manipulate the Host header to send malicious reset links, enabling phishing attacks or account takeover. | |||||
| CVE-2025-11656 | 1 Oranbyte | 1 School Management System | 2025-10-16 | 7.5 HIGH | 7.3 HIGH |
| A weakness has been identified in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This affects an unknown function of the file /assets/editNotes.php. Executing manipulation of the argument File can lead to unrestricted upload. The attack can be launched remotely. The exploit has been made available to the public and could be exploited. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. | |||||
| CVE-2025-11657 | 1 Oranbyte | 1 School Management System | 2025-10-16 | 7.5 HIGH | 7.3 HIGH |
| A security vulnerability has been detected in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This impacts an unknown function of the file /assets/createNotice.php. The manipulation of the argument File leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. | |||||
| CVE-2025-11658 | 1 Oranbyte | 1 School Management System | 2025-10-16 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was detected in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. Affected is an unknown function of the file /assets/changeSllyabus.php. The manipulation of the argument File results in unrestricted upload. The attack may be launched remotely. The exploit is now public and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. | |||||
| CVE-2025-11659 | 1 Oranbyte | 1 School Management System | 2025-10-16 | 7.5 HIGH | 7.3 HIGH |
| A flaw has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. Affected by this vulnerability is an unknown functionality of the file /assets/uploadNotes.php. This manipulation of the argument File causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. | |||||
| CVE-2025-43313 | 1 Apple | 1 Macos | 2025-10-16 | N/A | 5.5 MEDIUM |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13.7.7, macOS Sonoma 14.7.7, macOS Sequoia 15.6. An app may be able to access sensitive user data. | |||||
| CVE-2025-55795 | 1 Openml | 1 Openml.org | 2025-10-16 | N/A | 3.5 LOW |
| The openml/openml.org web application version v2.0.20241110 uses incremental user IDs and insufficient email ownership verification during email update workflows. An authenticated attacker controlling a user account with a lower user ID can update their email address to that of another user with a higher user ID without proper verification. This results in the victim's email being reassigned to the attacker's account, causing the victim to be locked out immediately and unable to log in. The vulnerability leads to denial of service via account lockout but does not grant the attacker direct access to the victim's private data. | |||||
| CVE-2025-60306 | 1 Code-projects | 1 Simple Car Rental System | 2025-10-16 | N/A | 9.9 CRITICAL |
| code-projects Simple Car Rental System 1.0 has a permission bypass issue where low privilege users can forge high privilege sessions and perform sensitive operations. | |||||
| CVE-2025-45584 | 1 Audi | 2 Universal Traffic Recorder, Universal Traffic Recorder Firmware | 2025-10-16 | N/A | 7.5 HIGH |
| Incorrect access control in the web service of Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to download car information without authentication. | |||||
| CVE-2025-11716 | 2 Google, Mozilla | 3 Android, Firefox, Thunderbird | 2025-10-16 | N/A | 6.5 MEDIUM |
| Links in a sandboxed iframe could open an external app on Android without the required "allow-" permission. This vulnerability affects Firefox < 144 and Thunderbird < 144. | |||||