CVE Alerts
@cve.skyfleet.blue
Unofficial account to notify You about new CVE id's
CVE is a program that identifies, defines, and catalogs publicly disclosed cybersecurity vulnerabilities.
check out @infosec.skyfleet.blue
🆘 @skyfleet.blue
CVE is a program that identifies, defines, and catalogs publicly disclosed cybersecurity vulnerabilities.
check out @infosec.skyfleet.blue
🆘 @skyfleet.blue
CVE-2025-8693 - Zyxel DX3300-T0 Command Injection Vulnerability
CVE ID : CVE-2025-8693
Published : Nov. 18, 2025, 2:15 a.m. | 2 hours, 49 minutes ago
Description : A post-authentication command injection vulnerability in the "priv" parameter of Zyxel DX3300-T0 firmware v...
CVE ID : CVE-2025-8693
Published : Nov. 18, 2025, 2:15 a.m. | 2 hours, 49 minutes ago
Description : A post-authentication command injection vulnerability in the "priv" parameter of Zyxel DX3300-T0 firmware v...
CVE-2025-8693 - Zyxel DX3300-T0 Command Injection Vulnerability
A post-authentication command injection vulnerability in the "priv" parameter of Zyxel DX3300-T0 firmware version 5.50(ABVY.6.3)C0 and earlier could allow an authenticated attacker to execute operating system (OS) commands on an affected device.
cvefeed.io
November 18, 2025 at 5:38 AM
CVE-2025-8693 - Zyxel DX3300-T0 Command Injection Vulnerability
CVE ID : CVE-2025-8693
Published : Nov. 18, 2025, 2:15 a.m. | 2 hours, 49 minutes ago
Description : A post-authentication command injection vulnerability in the "priv" parameter of Zyxel DX3300-T0 firmware v...
CVE ID : CVE-2025-8693
Published : Nov. 18, 2025, 2:15 a.m. | 2 hours, 49 minutes ago
Description : A post-authentication command injection vulnerability in the "priv" parameter of Zyxel DX3300-T0 firmware v...
CVE-2025-6599 - Zyxel DX3301-T0 Slowloris-Style Denial-of-Service Vulnerability
CVE ID : CVE-2025-6599
Published : Nov. 18, 2025, 2:15 a.m. | 2 hours, 49 minutes ago
Description : An uncontrolled resource consumption vulnerability in the web server of Zyxel DX3301-T0 fir...
CVE ID : CVE-2025-6599
Published : Nov. 18, 2025, 2:15 a.m. | 2 hours, 49 minutes ago
Description : An uncontrolled resource consumption vulnerability in the web server of Zyxel DX3301-T0 fir...
CVE-2025-6599 - Zyxel DX3301-T0 Slowloris-Style Denial-of-Service Vulnerability
An uncontrolled resource consumption vulnerability in the web server of Zyxel DX3301-T0 firmware version 5.50(ABVY.6.3)C0 and earlier could allow an attacker to perform Slowloris‑style denial‑of‑service (DoS) attacks. Such attacks may temporarily block legitimate HTTP requests and partially disrupt access to the web management interface, while other networking services remain unaffected.
cvefeed.io
November 18, 2025 at 5:33 AM
CVE-2025-6599 - Zyxel DX3301-T0 Slowloris-Style Denial-of-Service Vulnerability
CVE ID : CVE-2025-6599
Published : Nov. 18, 2025, 2:15 a.m. | 2 hours, 49 minutes ago
Description : An uncontrolled resource consumption vulnerability in the web server of Zyxel DX3301-T0 fir...
CVE ID : CVE-2025-6599
Published : Nov. 18, 2025, 2:15 a.m. | 2 hours, 49 minutes ago
Description : An uncontrolled resource consumption vulnerability in the web server of Zyxel DX3301-T0 fir...
CVE-2025-64734 - Tyco T21 Reader Resource Exhaustion Denial of Service
CVE ID : CVE-2025-64734
Published : Nov. 18, 2025, 4:15 a.m. | 49 minutes ago
Description : Missing Release of Resource after Effective Lifetime (CWE-772) in the T21 Reader allows an attacker with phy...
CVE ID : CVE-2025-64734
Published : Nov. 18, 2025, 4:15 a.m. | 49 minutes ago
Description : Missing Release of Resource after Effective Lifetime (CWE-772) in the T21 Reader allows an attacker with phy...
CVE-2025-64734 - Tyco T21 Reader Resource Exhaustion Denial of Service
Missing Release of Resource after Effective Lifetime (CWE-772) in the T21 Reader allows an attacker with physical access to the Reader to perform a denial-of-service attack against that specific reader, preventing cardholders from badging for entry. This issue affects Command Centre Server: 9.30 prior to vCR9.30.251028a (distributed in 9.30.2881 (MR3)), …
cvefeed.io
November 18, 2025 at 5:28 AM
CVE-2025-64734 - Tyco T21 Reader Resource Exhaustion Denial of Service
CVE ID : CVE-2025-64734
Published : Nov. 18, 2025, 4:15 a.m. | 49 minutes ago
Description : Missing Release of Resource after Effective Lifetime (CWE-772) in the T21 Reader allows an attacker with phy...
CVE ID : CVE-2025-64734
Published : Nov. 18, 2025, 4:15 a.m. | 49 minutes ago
Description : Missing Release of Resource after Effective Lifetime (CWE-772) in the T21 Reader allows an attacker with phy...
CVE-2025-48593 - Bluetooth Low Energy (BLE) BlueBorne Remote Code Execution
CVE ID : CVE-2025-48593
Published : Nov. 18, 2025, 4:51 a.m. | 13 minutes ago
Description : In bta_hf_client_cb_init of bta_hf_client_main.cc, there is a possible remote code execution due to a u...
CVE ID : CVE-2025-48593
Published : Nov. 18, 2025, 4:51 a.m. | 13 minutes ago
Description : In bta_hf_client_cb_init of bta_hf_client_main.cc, there is a possible remote code execution due to a u...
CVE-2025-48593 - Bluetooth Low Energy (BLE) BlueBorne Remote Code Execution
In bta_hf_client_cb_init of bta_hf_client_main.cc, there is a possible remote code execution due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
cvefeed.io
November 18, 2025 at 5:23 AM
CVE-2025-48593 - Bluetooth Low Energy (BLE) BlueBorne Remote Code Execution
CVE ID : CVE-2025-48593
Published : Nov. 18, 2025, 4:51 a.m. | 13 minutes ago
Description : In bta_hf_client_cb_init of bta_hf_client_main.cc, there is a possible remote code execution due to a u...
CVE ID : CVE-2025-48593
Published : Nov. 18, 2025, 4:51 a.m. | 13 minutes ago
Description : In bta_hf_client_cb_init of bta_hf_client_main.cc, there is a possible remote code execution due to a u...
CVE-2025-12974 - Gravity Forms
CVE ID : CVE-2025-12974
Published : Nov. 18, 2025, 4:15 a.m. | 49 minutes ago
Description : The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the legacy chunked upload mech...
CVE ID : CVE-2025-12974
Published : Nov. 18, 2025, 4:15 a.m. | 49 minutes ago
Description : The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the legacy chunked upload mech...
CVE-2025-12974 - Gravity Forms <= 2.9.21.1 - Unauthenticated Arbitrary File Upload via Legacy Chunked Upload
The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the legacy chunked upload mechanism in all versions up to, and including, 2.9.21.1. This is due to the extension blacklist not including .phar files, which can be uploaded through the chunked …
cvefeed.io
November 18, 2025 at 5:18 AM
CVE-2025-12974 - Gravity Forms
CVE ID : CVE-2025-12974
Published : Nov. 18, 2025, 4:15 a.m. | 49 minutes ago
Description : The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the legacy chunked upload mech...
CVE ID : CVE-2025-12974
Published : Nov. 18, 2025, 4:15 a.m. | 49 minutes ago
Description : The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the legacy chunked upload mech...
CVE-2025-52578 - Schneider Electric Command Centre Server Predictable Random Number Generation Vulnerability
CVE ID : CVE-2025-52578
Published : Nov. 18, 2025, 4:15 a.m. | 49 minutes ago
Description : Incorrect Usage of Seeds in Pseudo-Random Number Generator (CWE- 335) ...
CVE ID : CVE-2025-52578
Published : Nov. 18, 2025, 4:15 a.m. | 49 minutes ago
Description : Incorrect Usage of Seeds in Pseudo-Random Number Generator (CWE- 335) ...
CVE-2025-52578 - Schneider Electric Command Centre Server Predictable Random Number Generation Vulnerability
Incorrect Usage of Seeds in Pseudo-Random Number Generator (CWE- 335) vulnerability in the High Sec ELM may allow a sophisticated attacker with physical access, to compromise internal device communications. This issue affects Command Centre Server: 9.30 prior to vCR9.30.251028a (distributed in 9.30.2881 (MR3)), 9.20 prior to vCR9.20.251028a (distributed in 9.20.3265 …
cvefeed.io
November 18, 2025 at 5:13 AM
CVE-2025-52578 - Schneider Electric Command Centre Server Predictable Random Number Generation Vulnerability
CVE ID : CVE-2025-52578
Published : Nov. 18, 2025, 4:15 a.m. | 49 minutes ago
Description : Incorrect Usage of Seeds in Pseudo-Random Number Generator (CWE- 335) ...
CVE ID : CVE-2025-52578
Published : Nov. 18, 2025, 4:15 a.m. | 49 minutes ago
Description : Incorrect Usage of Seeds in Pseudo-Random Number Generator (CWE- 335) ...
CVE-2025-52457 - HBUS Command Centre Server Key Extraction Timing Vulnerability
CVE ID : CVE-2025-52457
Published : Nov. 18, 2025, 4:15 a.m. | 49 minutes ago
Description : Observable Timing Discrepancy (CWE-208) in HBUS devices may allow an attacker with physical access ...
CVE ID : CVE-2025-52457
Published : Nov. 18, 2025, 4:15 a.m. | 49 minutes ago
Description : Observable Timing Discrepancy (CWE-208) in HBUS devices may allow an attacker with physical access ...
CVE-2025-52457 - HBUS Command Centre Server Key Extraction Timing Vulnerability
Observable Timing Discrepancy (CWE-208) in HBUS devices may allow an attacker with physical access to the device to extract device-specific keys, potentially compromising further site security. This issue affects Command Centre Server: 9.30 prior to vCR9.30.251028a (distributed in 9.30.2881 (MR3)), 9.20 prior to vCR9.20.251028a (distributed in 9.20.3265 (MR5)), 9.10 prior …
cvefeed.io
November 18, 2025 at 5:09 AM
CVE-2025-52457 - HBUS Command Centre Server Key Extraction Timing Vulnerability
CVE ID : CVE-2025-52457
Published : Nov. 18, 2025, 4:15 a.m. | 49 minutes ago
Description : Observable Timing Discrepancy (CWE-208) in HBUS devices may allow an attacker with physical access ...
CVE ID : CVE-2025-52457
Published : Nov. 18, 2025, 4:15 a.m. | 49 minutes ago
Description : Observable Timing Discrepancy (CWE-208) in HBUS devices may allow an attacker with physical access ...
CVE-2025-7711 - Classified Listing – Classified ads & Business Directory Plugin
CVE ID : CVE-2025-7711
Published : Nov. 17, 2025, 11:15 p.m. | 1 hour, 49 minutes ago
Description : The The Classified Listing – Classified ads & Business Directory Plugin plugin for Word...
CVE ID : CVE-2025-7711
Published : Nov. 17, 2025, 11:15 p.m. | 1 hour, 49 minutes ago
Description : The The Classified Listing – Classified ads & Business Directory Plugin plugin for Word...
CVE-2025-7711 - Classified Listing – Classified ads & Business Directory Plugin <= 5.0.3 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via Listing Description
The The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.0.3. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. …
cvefeed.io
November 18, 2025 at 2:00 AM
CVE-2025-7711 - Classified Listing – Classified ads & Business Directory Plugin
CVE ID : CVE-2025-7711
Published : Nov. 17, 2025, 11:15 p.m. | 1 hour, 49 minutes ago
Description : The The Classified Listing – Classified ads & Business Directory Plugin plugin for Word...
CVE ID : CVE-2025-7711
Published : Nov. 17, 2025, 11:15 p.m. | 1 hour, 49 minutes ago
Description : The The Classified Listing – Classified ads & Business Directory Plugin plugin for Word...
CVE-2025-13304 - D-Link DWR-M920/DWR-M921/DWR-M960/DWR-M961/DIR-825M formPingDiagnosticRun buffer overflow
CVE ID : CVE-2025-13304
Published : Nov. 17, 2025, 11:15 p.m. | 1 hour, 49 minutes ago
Description : A security flaw has been discovered in D-Link DWR-M920, DWR-M92...
CVE ID : CVE-2025-13304
Published : Nov. 17, 2025, 11:15 p.m. | 1 hour, 49 minutes ago
Description : A security flaw has been discovered in D-Link DWR-M920, DWR-M92...
CVE-2025-13304 - D-Link DWR-M920/DWR-M921/DWR-M960/DWR-M961/DIR-825M formPingDiagnosticRun buffer overflow
A security flaw has been discovered in D-Link DWR-M920, DWR-M921, DWR-M960, DWR-M961 and DIR-825M 1.01.07/1.1.47. This vulnerability affects unknown code of the file /boafrm/formPingDiagnosticRun. Performing manipulation of the argument host results in buffer overflow. The attack may be initiated remotely. The exploit has been released to the public and may …
cvefeed.io
November 18, 2025 at 1:55 AM
CVE-2025-13304 - D-Link DWR-M920/DWR-M921/DWR-M960/DWR-M961/DIR-825M formPingDiagnosticRun buffer overflow
CVE ID : CVE-2025-13304
Published : Nov. 17, 2025, 11:15 p.m. | 1 hour, 49 minutes ago
Description : A security flaw has been discovered in D-Link DWR-M920, DWR-M92...
CVE ID : CVE-2025-13304
Published : Nov. 17, 2025, 11:15 p.m. | 1 hour, 49 minutes ago
Description : A security flaw has been discovered in D-Link DWR-M920, DWR-M92...
CVE-2025-12792 - "Canva for Mac Hardened Runtime Elevation of Privilege Vulnerability"
CVE ID : CVE-2025-12792
Published : Nov. 18, 2025, 12:18 a.m. | 47 minutes ago
Description : The Mac App Store distribution of the Canva for Mac desktop app before 1.117.1 was built wi...
CVE ID : CVE-2025-12792
Published : Nov. 18, 2025, 12:18 a.m. | 47 minutes ago
Description : The Mac App Store distribution of the Canva for Mac desktop app before 1.117.1 was built wi...
CVE-2025-12792 - "Canva for Mac Hardened Runtime Elevation of Privilege Vulnerability"
The Mac App Store distribution of the Canva for Mac desktop app before 1.117.1 was built without Hardened Runtime. A local threat actor with unprivileged access could execute arbitrary code that inherits the TCC (Transparency, Consent, and Control) permissions assigned to Canva.
cvefeed.io
November 18, 2025 at 1:50 AM
CVE-2025-12792 - "Canva for Mac Hardened Runtime Elevation of Privilege Vulnerability"
CVE ID : CVE-2025-12792
Published : Nov. 18, 2025, 12:18 a.m. | 47 minutes ago
Description : The Mac App Store distribution of the Canva for Mac desktop app before 1.117.1 was built wi...
CVE ID : CVE-2025-12792
Published : Nov. 18, 2025, 12:18 a.m. | 47 minutes ago
Description : The Mac App Store distribution of the Canva for Mac desktop app before 1.117.1 was built wi...
CVE-2025-36553 - Dell ControlVault3 CvManager buffer overflow vulnerability
CVE ID : CVE-2025-36553
Published : Nov. 17, 2025, 11:15 p.m. | 1 hour, 49 minutes ago
Description : A buffer overflow vulnerability exists in the CvManager functionality of Dell ControlVault3 pr...
CVE ID : CVE-2025-36553
Published : Nov. 17, 2025, 11:15 p.m. | 1 hour, 49 minutes ago
Description : A buffer overflow vulnerability exists in the CvManager functionality of Dell ControlVault3 pr...
CVE-2025-36553 - Dell ControlVault3 CvManager buffer overflow vulnerability
A buffer overflow vulnerability exists in the CvManager functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to memory corruption. An attacker can issue an api call to trigger this vulnerability.
cvefeed.io
November 18, 2025 at 1:45 AM
CVE-2025-36553 - Dell ControlVault3 CvManager buffer overflow vulnerability
CVE ID : CVE-2025-36553
Published : Nov. 17, 2025, 11:15 p.m. | 1 hour, 49 minutes ago
Description : A buffer overflow vulnerability exists in the CvManager functionality of Dell ControlVault3 pr...
CVE ID : CVE-2025-36553
Published : Nov. 17, 2025, 11:15 p.m. | 1 hour, 49 minutes ago
Description : A buffer overflow vulnerability exists in the CvManager functionality of Dell ControlVault3 pr...
CVE-2025-13229 - Google Chrome V8 Type Confusion Heap Corruption
CVE ID : CVE-2025-13229
Published : Nov. 18, 2025, 12:15 a.m. | 49 minutes ago
Description : Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit hea...
CVE ID : CVE-2025-13229
Published : Nov. 18, 2025, 12:15 a.m. | 49 minutes ago
Description : Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit hea...
CVE-2025-13229 - Google Chrome V8 Type Confusion Heap Corruption
Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvefeed.io
November 18, 2025 at 1:40 AM
CVE-2025-13229 - Google Chrome V8 Type Confusion Heap Corruption
CVE ID : CVE-2025-13229
Published : Nov. 18, 2025, 12:15 a.m. | 49 minutes ago
Description : Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit hea...
CVE ID : CVE-2025-13229
Published : Nov. 18, 2025, 12:15 a.m. | 49 minutes ago
Description : Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit hea...
CVE-2025-36461 - Dell ControlVault3 ControlVault WBDI Driver Broadcom Storage Adapter out-of-bounds write vulnerability
CVE ID : CVE-2025-36461
Published : Nov. 17, 2025, 11:15 p.m. | 1 hour, 49 minutes ago
Description : Multiple out-of-bounds read and write vulnerabilit...
CVE ID : CVE-2025-36461
Published : Nov. 17, 2025, 11:15 p.m. | 1 hour, 49 minutes ago
Description : Multiple out-of-bounds read and write vulnerabilit...
CVE-2025-36461 - Dell ControlVault3 ControlVault WBDI Driver Broadcom Storage Adapter out-of-bounds write vulnerability
Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlUnit call can lead to memory corruption. An attacker can issue an api call to trigger this vulnerability. …
cvefeed.io
November 18, 2025 at 1:35 AM
CVE-2025-36461 - Dell ControlVault3 ControlVault WBDI Driver Broadcom Storage Adapter out-of-bounds write vulnerability
CVE ID : CVE-2025-36461
Published : Nov. 17, 2025, 11:15 p.m. | 1 hour, 49 minutes ago
Description : Multiple out-of-bounds read and write vulnerabilit...
CVE ID : CVE-2025-36461
Published : Nov. 17, 2025, 11:15 p.m. | 1 hour, 49 minutes ago
Description : Multiple out-of-bounds read and write vulnerabilit...
CVE-2025-36462 - Dell ControlVault3 ControlVault WBDI Driver Broadcom Storage Adapter out-of-bounds write vulnerability
CVE ID : CVE-2025-36462
Published : Nov. 17, 2025, 11:15 p.m. | 1 hour, 49 minutes ago
Description : Multiple out-of-bounds read and write vulnerabilit...
CVE ID : CVE-2025-36462
Published : Nov. 17, 2025, 11:15 p.m. | 1 hour, 49 minutes ago
Description : Multiple out-of-bounds read and write vulnerabilit...
CVE-2025-36462 - Dell ControlVault3 ControlVault WBDI Driver Broadcom Storage Adapter out-of-bounds write vulnerability
Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlUnit call can lead to memory corruption. An attacker can issue an api call to trigger this vulnerability. …
cvefeed.io
November 18, 2025 at 1:31 AM
CVE-2025-36462 - Dell ControlVault3 ControlVault WBDI Driver Broadcom Storage Adapter out-of-bounds write vulnerability
CVE ID : CVE-2025-36462
Published : Nov. 17, 2025, 11:15 p.m. | 1 hour, 49 minutes ago
Description : Multiple out-of-bounds read and write vulnerabilit...
CVE ID : CVE-2025-36462
Published : Nov. 17, 2025, 11:15 p.m. | 1 hour, 49 minutes ago
Description : Multiple out-of-bounds read and write vulnerabilit...
CVE-2025-13230 - Google Chrome V8 Type Confusion Heap Corruption Vulnerability
CVE ID : CVE-2025-13230
Published : Nov. 18, 2025, 12:15 a.m. | 49 minutes ago
Description : Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potential...
CVE ID : CVE-2025-13230
Published : Nov. 18, 2025, 12:15 a.m. | 49 minutes ago
Description : Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potential...
CVE-2025-13230 - Google Chrome V8 Type Confusion Heap Corruption Vulnerability
Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvefeed.io
November 18, 2025 at 1:27 AM
CVE-2025-13230 - Google Chrome V8 Type Confusion Heap Corruption Vulnerability
CVE ID : CVE-2025-13230
Published : Nov. 18, 2025, 12:15 a.m. | 49 minutes ago
Description : Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potential...
CVE ID : CVE-2025-13230
Published : Nov. 18, 2025, 12:15 a.m. | 49 minutes ago
Description : Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potential...
CVE-2025-13228 - Google Chrome V8 Type Confusion Heap Corruption
CVE ID : CVE-2025-13228
Published : Nov. 18, 2025, 12:15 a.m. | 49 minutes ago
Description : Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit hea...
CVE ID : CVE-2025-13228
Published : Nov. 18, 2025, 12:15 a.m. | 49 minutes ago
Description : Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit hea...
CVE-2025-13228 - Google Chrome V8 Type Confusion Heap Corruption
Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvefeed.io
November 18, 2025 at 1:23 AM
CVE-2025-13228 - Google Chrome V8 Type Confusion Heap Corruption
CVE ID : CVE-2025-13228
Published : Nov. 18, 2025, 12:15 a.m. | 49 minutes ago
Description : Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit hea...
CVE ID : CVE-2025-13228
Published : Nov. 18, 2025, 12:15 a.m. | 49 minutes ago
Description : Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit hea...
CVE-2025-13227 - Google Chrome V8 Type Confusion Heap Corruption
CVE ID : CVE-2025-13227
Published : Nov. 18, 2025, 12:15 a.m. | 49 minutes ago
Description : Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit hea...
CVE ID : CVE-2025-13227
Published : Nov. 18, 2025, 12:15 a.m. | 49 minutes ago
Description : Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit hea...
CVE-2025-13227 - Google Chrome V8 Type Confusion Heap Corruption
Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvefeed.io
November 18, 2025 at 1:20 AM
CVE-2025-13227 - Google Chrome V8 Type Confusion Heap Corruption
CVE ID : CVE-2025-13227
Published : Nov. 18, 2025, 12:15 a.m. | 49 minutes ago
Description : Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit hea...
CVE ID : CVE-2025-13227
Published : Nov. 18, 2025, 12:15 a.m. | 49 minutes ago
Description : Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit hea...
CVE-2025-36460 - Dell ControlVault3 ControlVault WBDI Driver Broadcom Storage Adapter out-of-bounds write vulnerability
CVE ID : CVE-2025-36460
Published : Nov. 17, 2025, 11:15 p.m. | 1 hour, 49 minutes ago
Description : Multiple out-of-bounds read and write vulnerabilit...
CVE ID : CVE-2025-36460
Published : Nov. 17, 2025, 11:15 p.m. | 1 hour, 49 minutes ago
Description : Multiple out-of-bounds read and write vulnerabilit...
CVE-2025-36460 - Dell ControlVault3 ControlVault WBDI Driver Broadcom Storage Adapter out-of-bounds write vulnerability
Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlUnit call can lead to memory corruption. An attacker can issue an api call to trigger this vulnerability. …
cvefeed.io
November 18, 2025 at 1:18 AM
CVE-2025-36460 - Dell ControlVault3 ControlVault WBDI Driver Broadcom Storage Adapter out-of-bounds write vulnerability
CVE ID : CVE-2025-36460
Published : Nov. 17, 2025, 11:15 p.m. | 1 hour, 49 minutes ago
Description : Multiple out-of-bounds read and write vulnerabilit...
CVE ID : CVE-2025-36460
Published : Nov. 17, 2025, 11:15 p.m. | 1 hour, 49 minutes ago
Description : Multiple out-of-bounds read and write vulnerabilit...
CVE-2025-31361 - Dell ControlVault3 ControlVault WBDI Driver Broadcom Storage Adapter privilege escalation vulnerability
CVE ID : CVE-2025-31361
Published : Nov. 17, 2025, 11:15 p.m. | 1 hour, 49 minutes ago
Description : A privilege escalation vulnerability exists in th...
CVE ID : CVE-2025-31361
Published : Nov. 17, 2025, 11:15 p.m. | 1 hour, 49 minutes ago
Description : A privilege escalation vulnerability exists in th...
CVE-2025-31361 - Dell ControlVault3 ControlVault WBDI Driver Broadcom Storage Adapter privilege escalation vulnerability
A privilege escalation vulnerability exists in the ControlVault WBDI Driver WBIO_USH_ADD_RECORD functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlUnit call can lead to privilege escalation. An attacker can issue an api call to trigger this vulnerability.
cvefeed.io
November 18, 2025 at 1:15 AM
CVE-2025-31361 - Dell ControlVault3 ControlVault WBDI Driver Broadcom Storage Adapter privilege escalation vulnerability
CVE ID : CVE-2025-31361
Published : Nov. 17, 2025, 11:15 p.m. | 1 hour, 49 minutes ago
Description : A privilege escalation vulnerability exists in th...
CVE ID : CVE-2025-31361
Published : Nov. 17, 2025, 11:15 p.m. | 1 hour, 49 minutes ago
Description : A privilege escalation vulnerability exists in th...
CVE-2025-36463 - Dell ControlVault3 ControlVault WBDI Driver Broadcom Storage Adapter out-of-bounds write vulnerability
CVE ID : CVE-2025-36463
Published : Nov. 17, 2025, 11:15 p.m. | 1 hour, 49 minutes ago
Description : Multiple out-of-bounds read and write vulnerabilit...
CVE ID : CVE-2025-36463
Published : Nov. 17, 2025, 11:15 p.m. | 1 hour, 49 minutes ago
Description : Multiple out-of-bounds read and write vulnerabilit...
CVE-2025-36463 - Dell ControlVault3 ControlVault WBDI Driver Broadcom Storage Adapter out-of-bounds write vulnerability
Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlUnit call can lead to memory corruption. An attacker can issue an api call to trigger this vulnerability. …
cvefeed.io
November 18, 2025 at 1:13 AM
CVE-2025-36463 - Dell ControlVault3 ControlVault WBDI Driver Broadcom Storage Adapter out-of-bounds write vulnerability
CVE ID : CVE-2025-36463
Published : Nov. 17, 2025, 11:15 p.m. | 1 hour, 49 minutes ago
Description : Multiple out-of-bounds read and write vulnerabilit...
CVE ID : CVE-2025-36463
Published : Nov. 17, 2025, 11:15 p.m. | 1 hour, 49 minutes ago
Description : Multiple out-of-bounds read and write vulnerabilit...
CVE-2025-31649 - Dell ControlVault3 ControlVault WBDI Driver hard-coded password vulnerability
CVE ID : CVE-2025-31649
Published : Nov. 17, 2025, 11:15 p.m. | 1 hour, 49 minutes ago
Description : A hard-coded password vulnerability exists in the ControlVault WBDI Driver ...
CVE ID : CVE-2025-31649
Published : Nov. 17, 2025, 11:15 p.m. | 1 hour, 49 minutes ago
Description : A hard-coded password vulnerability exists in the ControlVault WBDI Driver ...
CVE-2025-31649 - Dell ControlVault3 ControlVault WBDI Driver hard-coded password vulnerability
A hard-coded password vulnerability exists in the ControlVault WBDI Driver functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to execute priviledged operation. An attacker can issue an api call to trigger this vulnerability.
cvefeed.io
November 18, 2025 at 1:11 AM
CVE-2025-31649 - Dell ControlVault3 ControlVault WBDI Driver hard-coded password vulnerability
CVE ID : CVE-2025-31649
Published : Nov. 17, 2025, 11:15 p.m. | 1 hour, 49 minutes ago
Description : A hard-coded password vulnerability exists in the ControlVault WBDI Driver ...
CVE ID : CVE-2025-31649
Published : Nov. 17, 2025, 11:15 p.m. | 1 hour, 49 minutes ago
Description : A hard-coded password vulnerability exists in the ControlVault WBDI Driver ...
CVE-2025-13226 - Google Chrome V8 Type Confusion Heap Corruption
CVE ID : CVE-2025-13226
Published : Nov. 18, 2025, 12:15 a.m. | 49 minutes ago
Description : Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit hea...
CVE ID : CVE-2025-13226
Published : Nov. 18, 2025, 12:15 a.m. | 49 minutes ago
Description : Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit hea...
CVE-2025-13226 - Google Chrome V8 Type Confusion Heap Corruption
Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
cvefeed.io
November 18, 2025 at 1:09 AM
CVE-2025-13226 - Google Chrome V8 Type Confusion Heap Corruption
CVE ID : CVE-2025-13226
Published : Nov. 18, 2025, 12:15 a.m. | 49 minutes ago
Description : Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit hea...
CVE ID : CVE-2025-13226
Published : Nov. 18, 2025, 12:15 a.m. | 49 minutes ago
Description : Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit hea...
CVE-2025-13300 - itsourcecode Web-Based Internet Laboratory Management System controller.php sql injection
CVE ID : CVE-2025-13300
Published : Nov. 17, 2025, 8:32 p.m. | 32 minutes ago
Description : A vulnerability has been found in itsourcecode Web-Based Internet Labora...
CVE ID : CVE-2025-13300
Published : Nov. 17, 2025, 8:32 p.m. | 32 minutes ago
Description : A vulnerability has been found in itsourcecode Web-Based Internet Labora...
CVE-2025-13300 - itsourcecode Web-Based Internet Laboratory Management System controller.php sql injection
A vulnerability has been found in itsourcecode Web-Based Internet Laboratory Management System 1.0. Affected is an unknown function of the file /settings/controller.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
cvefeed.io
November 17, 2025 at 10:09 PM
CVE-2025-13300 - itsourcecode Web-Based Internet Laboratory Management System controller.php sql injection
CVE ID : CVE-2025-13300
Published : Nov. 17, 2025, 8:32 p.m. | 32 minutes ago
Description : A vulnerability has been found in itsourcecode Web-Based Internet Labora...
CVE ID : CVE-2025-13300
Published : Nov. 17, 2025, 8:32 p.m. | 32 minutes ago
Description : A vulnerability has been found in itsourcecode Web-Based Internet Labora...
CVE-2025-36357 - IBM Planning Analytics Local Directory Traversal
CVE ID : CVE-2025-36357
Published : Nov. 17, 2025, 8:15 p.m. | 49 minutes ago
Description : IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow a remote authenticated user to traverse directories...
CVE ID : CVE-2025-36357
Published : Nov. 17, 2025, 8:15 p.m. | 49 minutes ago
Description : IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow a remote authenticated user to traverse directories...
CVE-2025-36357 - IBM Planning Analytics Local Directory Traversal
IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow a remote authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing absolute path sequences to view, read, or write arbitrary files on the system.
cvefeed.io
November 17, 2025 at 10:04 PM
CVE-2025-36357 - IBM Planning Analytics Local Directory Traversal
CVE ID : CVE-2025-36357
Published : Nov. 17, 2025, 8:15 p.m. | 49 minutes ago
Description : IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow a remote authenticated user to traverse directories...
CVE ID : CVE-2025-36357
Published : Nov. 17, 2025, 8:15 p.m. | 49 minutes ago
Description : IBM Planning Analytics Local 2.1.0 through 2.1.14 could allow a remote authenticated user to traverse directories...
CVE-2024-44655 - PHPGurukul Complaint Management System Cross Site Scripting (XSS)
CVE ID : CVE-2024-44655
Published : Nov. 17, 2025, 7:16 p.m. | 1 hour, 48 minutes ago
Description : PHPGurukul Complaint Management System 2.0 is vulnerable to Cross Site Scripting (XSS) v...
CVE ID : CVE-2024-44655
Published : Nov. 17, 2025, 7:16 p.m. | 1 hour, 48 minutes ago
Description : PHPGurukul Complaint Management System 2.0 is vulnerable to Cross Site Scripting (XSS) v...
CVE-2024-44655 - PHPGurukul Complaint Management System Cross Site Scripting (XSS)
PHPGurukul Complaint Management System 2.0 is vulnerable to Cross Site Scripting (XSS) via the search parameter in user-search.php.
cvefeed.io
November 17, 2025 at 9:59 PM
CVE-2024-44655 - PHPGurukul Complaint Management System Cross Site Scripting (XSS)
CVE ID : CVE-2024-44655
Published : Nov. 17, 2025, 7:16 p.m. | 1 hour, 48 minutes ago
Description : PHPGurukul Complaint Management System 2.0 is vulnerable to Cross Site Scripting (XSS) v...
CVE ID : CVE-2024-44655
Published : Nov. 17, 2025, 7:16 p.m. | 1 hour, 48 minutes ago
Description : PHPGurukul Complaint Management System 2.0 is vulnerable to Cross Site Scripting (XSS) v...