Total
468 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-10937 | 2025-10-23 | N/A | 5.5 MEDIUM | ||
| Oxford Nanopore Technologies' MinKNOW software at or prior to version 24.11 creates a temporary file to store the local authentication token during startup, before copying it to its final location. This temporary file is created in a directory accessible to all users on the system. An unauthorized local user or process can exploit this behavior by placing a file lock on the temporary token file using the flock system call. This prevents MinKNOW from completing the token generation process. As a result, no valid local token is created, and the software is unable to execute commands on the sequencer. This leads to a denial-of-service (DoS) condition, blocking sequencing operations. | |||||
| CVE-2023-41992 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-10-23 | N/A | 7.8 HIGH |
| The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, iOS 16.7 and iPadOS 16.7, macOS Ventura 13.6. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. | |||||
| CVE-2023-41993 | 6 Apple, Debian, Fedoraproject and 3 more | 14 Ipados, Iphone Os, Macos and 11 more | 2025-10-23 | N/A | 8.8 HIGH |
| The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. | |||||
| CVE-2025-2704 | 1 Openvpn | 1 Openvpn | 2025-10-23 | N/A | 7.5 HIGH |
| OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase | |||||
| CVE-2021-3560 | 4 Canonical, Debian, Polkit Project and 1 more | 7 Ubuntu Linux, Debian Linux, Polkit and 4 more | 2025-10-22 | 7.2 HIGH | 7.8 HIGH |
| It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2024-3393 | 1 Paloaltonetworks | 2 Pan-os, Prisma Access | 2025-10-21 | N/A | 7.5 HIGH |
| A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode. | |||||
| CVE-2025-55035 | 2025-10-21 | N/A | 6.1 MEDIUM | ||
| Mattermost Desktop App versions <=5.13.0 fail to manage modals in the Mattermost Desktop App that stops a user with a server that uses basic authentication from accessing their server which allows an attacker that provides a malicious server to the user to deny use of the Desktop App via having the user configure the malicious server and forcing a modal popup that cannot be closed. | |||||
| CVE-2025-11925 | 2025-10-21 | N/A | N/A | ||
| Incorrect Content-Type header in one of the APIs (`text/html` instead of `application/json`) replies may potentially allow injection of HTML/JavaScript into reply.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | |||||
| CVE-2025-62605 | 2025-10-21 | N/A | 4.3 MEDIUM | ||
| Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon version 4.4, support for verifiable quote posts with quote controls was added, but it is possible for an attacker to bypass these controls in Mastodon versions prior to 4.4.8 and 4.5.0-beta.2. Mastodon internally treats reblogs as statuses. Since they were not special-treated, an attacker could reblog any post, then quote their reblog, technically quoting themselves, but having the quote feature a preview of the post they did not get authorization for with all of the affordances that would be otherwise denied by the quote controls. This issue has been patched in versions 4.4.8 and 4.5.0-beta.2. | |||||
| CVE-2025-32997 | 1 Chimurai | 1 Http-proxy-middleware | 2025-10-21 | N/A | 4.0 MEDIUM |
| In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed. | |||||
| CVE-2025-30258 | 1 Gnupg | 1 Gnupg | 2025-10-16 | N/A | 2.7 LOW |
| In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS." | |||||
| CVE-2025-58289 | 1 Huawei | 1 Harmonyos | 2025-10-16 | N/A | 5.9 MEDIUM |
| Vulnerability of improper exception handling in the print module. Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2024-50602 | 3 Debian, Libexpat Project, Netapp | 17 Debian Linux, Libexpat, Active Iq Unified Manager and 14 more | 2025-10-15 | N/A | 5.9 MEDIUM |
| An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser. | |||||
| CVE-2024-26008 | 1 Fortinet | 4 Fortios, Fortipam, Fortiproxy and 1 more | 2025-10-15 | N/A | 5.3 MEDIUM |
| An improper check or handling of exceptional conditions vulnerability [CWE-703] in FortiOS version 7.4.0 through 7.4.3 and before 7.2.7, FortiProxy version 7.4.0 through 7.4.3 and before 7.2.9, FortiPAM before 1.2.0 and FortiSwitchManager version 7.2.0 through 7.2.3 and version 7.0.0 through 7.0.3 fgfm daemon may allow an unauthenticated attacker to repeatedly reset the fgfm connection via crafted SSL encrypted TCP requests. | |||||
| CVE-2025-59958 | 2025-10-14 | N/A | 6.5 MEDIUM | ||
| An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated, network-based attacker to cause impact to confidentiality and availability. When an output firewall filter is configured with one or more terms where the action is 'reject', packets matching these terms are erroneously sent to the Routing Engine (RE) and further processed there. Processing of these packets will consume limited RE resources. Also responses from the RE back to the source of this traffic could reveal confidential information about the affected device. This issue only applies to firewall filters applied to WAN or revenue interfaces, so not the mgmt or lo0 interface of the routing-engine, nor any input filters. This issue affects Junos OS Evolved on PTX Series: * all versions before 22.4R3-EVO, * 23.2 versions before 23.2R2-EVO. | |||||
| CVE-2025-60004 | 2025-10-14 | N/A | 7.5 HIGH | ||
| An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial-Of-Service (DoS). When an affected system receives a specific BGP EVPN update message over an established BGP session, this causes an rpd crash and restart. A BGP EVPN configuration is not necessary to be vulnerable. If peers are not configured to send BGP EVPN updates to a vulnerable device, then this issue can't occur. This issue affects iBGP and eBGP, over IPv4 and IPv6. This issue affects: Junos OS: * 23.4 versions from 23.4R2-S3 before 23.4R2-S5, * 24.2 versions from 24.2R2 before 24.2R2-S1, * 24.4 versions before 24.4R1-S3, 24.4R2; Junos OS Evolved: * 23.4-EVO versions from 23.4R2-S2-EVO before 23.4R2-S5-EVO, * 24.2-EVO versions from 24.2R2-EVO before 24.2R2-S1-EVO, * 24.4-EVO versions before 24.4R1-S3-EVO, 24.4R2-EVO. | |||||
| CVE-2025-24975 | 1 Firebirdsql | 1 Firebird | 2025-10-09 | N/A | 7.1 HIGH |
| Firebird is a relational database. Prior to snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609, Firebird is vulnerable if ExtConnPoolSize is not set equal to 0. If connections stored in ExtConnPool are not verified for presence and suitability of the CryptCallback interface is used when created versus what is available could result in a segfault in the server process. Encrypted databases, accessed by execute statement on external, may be accessed later by an attachment missing a key to that database. In a case when execute statement are chained, segfault may happen. Additionally, the segfault may affect unencrypted databases. This issue has been patched in snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609 and point releases 4.0.6 and 5.0.2. A workaround for this issue involves setting ExtConnPoolSize equal to 0 in firebird.conf. | |||||
| CVE-2024-10635 | 1 Proofpoint | 1 Enterprise Protection | 2025-10-06 | N/A | 6.1 MEDIUM |
| Enterprise Protection contains an improper input validation vulnerability in attachment defense that allows an unauthenticated remote attacker to bypass attachment scanning security policy by sending a malicious S/MIME attachment with an opaque signature. When opened by a recipient in a downstream email client, the malicious attachment could cause partial loss of integrity and confidentiality to their system. | |||||
| CVE-2025-0130 | 1 Paloaltonetworks | 1 Pan-os | 2025-10-06 | N/A | 7.5 HIGH |
| A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled allows an unauthenticated attacker to send a burst of maliciously crafted packets that causes the firewall to become unresponsive and eventually reboot. Repeated successful attempts to trigger this condition will cause the firewall to enter maintenance mode. This issue does not affect Cloud NGFW or Prisma Access. | |||||
| CVE-2025-61668 | 2025-10-06 | N/A | N/A | ||
| Volto is a ReactJS-based frontend for the Plone Content Management System. Versions 16.34.0 and below, 17.0.0 through 17.22.1, 18.0.0 through 18.27.1, and 19.0.0-alpha.1 through 19.0.0-alpha.5, an anonymous user could cause the NodeJS server part of Volto to quit with an error when visiting a specific URL. This issue is fixed in versions 16.34.1, 17.22.2, 18.27.2 and 19.0.0-alpha.6. | |||||