CVE-2025-43282 - Apple macOS and iOS Double Free Vulnerability
Published: Wed, 15 Oct 2025 20:00:49 +0000
CVE ID : CVE-2025-43282
Published : Oct. 15, 2025, 8 p.m. | 19 minutes ago
Description : A double free issue was addressed with improved memory management. This issue is fixed in macOS Sequoia 15.6, iOS 18.6 and iPadOS 18.6, watchOS 11.6, tvOS 18.6, visionOS 2.6, macOS Ventura 13.7.7, macOS Sonoma 14.7.7, iPadOS 17.7.9. An app may be able to cause unexpected system termination.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43313 - Apple macOS Sensitive Data Access Vulnerability
Published: Wed, 15 Oct 2025 20:00:48 +0000
CVE ID : CVE-2025-43313
Published : Oct. 15, 2025, 8 p.m. | 19 minutes ago
Description : A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13.7.7, macOS Sonoma 14.7.7, macOS Sequoia 15.6. An app may be able to access sensitive user data.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43280 - Apple Mail Remote Image Loading Vulnerability
Published: Wed, 15 Oct 2025 20:00:47 +0000
CVE ID : CVE-2025-43280
Published : Oct. 15, 2025, 8 p.m. | 19 minutes ago
Description : The issue was resolved by not loading remote images This issue is fixed in iOS 18.6 and iPadOS 18.6. Forwarding an email could display remote images in Mail in Lockdown Mode.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43281 - Apple macOS Sequoia Privilege Escalation Vulnerability
Published: Wed, 15 Oct 2025 20:00:47 +0000
CVE ID : CVE-2025-43281
Published : Oct. 15, 2025, 8 p.m. | 19 minutes ago
Description : The issue was addressed with improved authentication. This issue is fixed in macOS Sequoia 15.6. A local attacker may be able to elevate their privileges.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11619 - Devolutions Server SSL/TLS Certificate Validation Bypass
Published: Wed, 15 Oct 2025 19:45:10 +0000
CVE ID : CVE-2025-11619
Published : Oct. 15, 2025, 7:45 p.m. | 34 minutes ago
Description : Improper certificate validation when connecting to gateways in Devolutions Server 2025.3.2 and earlier allows attackers in MitM position to intercept traffic.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11568 - Luksmeta: data corruption when handling luks1 partitions with luksmeta
Published: Wed, 15 Oct 2025 19:37:11 +0000
CVE ID : CVE-2025-11568
Published : Oct. 15, 2025, 7:37 p.m. | 42 minutes ago
Description : A data corruption vulnerability has been identified in the luksmeta utility when used with the LUKS1 disk encryption format. An attacker with the necessary permissions can exploit this flaw by writing a large amount of metadata to an encrypted device. The utility fails to correctly validate the available space, causing the metadata to overwrite and corrupt the user's encrypted data. This action leads to a permanent loss of the stored information. Devices using the LUKS formats other than LUKS1 are not affected by this issue.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62375 - go-witness Improper Verification of AWS EC2 Identity Documents
Published: Wed, 15 Oct 2025 19:23:24 +0000
CVE ID : CVE-2025-62375
Published : Oct. 15, 2025, 7:23 p.m. | 56 minutes ago
Description : go-witness and witness are Go modules for generating attestations. In go-witness versions 0.8.6 and earlier and witness versions 0.9.2 and earlier the AWS attestor improperly verifies AWS EC2 instance identity documents. Verification can incorrectly succeed when a signature is not present or is empty, and when RSA signature verification fails. The attestor also embeds a single legacy global AWS public certificate and does not account for newer region specific certificates issued in 2024, making detection of forged documents difficult without additional trusted region data. An attacker able to supply or intercept instance identity document data (such as through Instance Metadata Service impersonation) can cause a forged identity document to be accepted, leading to incorrect trust decisions based on the attestation. This is fixed in go-witness 0.9.1 and witness 0.10.1. As a workaround, manually verify the included identity document, signature, and public key with standard tools (for example openssl) following AWS’s verification guidance, or disable use of the AWS attestor until upgraded.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11832 - APIs Lack Rate Limiting
Published: Wed, 15 Oct 2025 19:15:31 +0000
CVE ID : CVE-2025-11832
Published : Oct. 15, 2025, 7:15 p.m. | 1 hour, 4 minutes ago
Description : Allocation of Resources Without Limits or Throttling vulnerability in Azure Access Technology BLU-IC2, Azure Access Technology BLU-IC4 allows Flooding.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62410 - --disallow-code-generation-from-strings is not sufficient for isolating untrusted JavaScript in happy-dom
Published: Wed, 15 Oct 2025 18:15:40 +0000
CVE ID : CVE-2025-62410
Published : Oct. 15, 2025, 6:15 p.m. | 2 hours, 4 minutes ago
Description : In versions before 20.0.2, it was found that --disallow-code-generation-from-strings is not sufficient for isolating untrusted JavaScript in happy-dom. The untrusted script and the rest of the application still run in the same Isolate/process, so attackers can deploy prototype pollution payloads to hijack important references like "process" in the example below, or to hijack control flow via flipping checks of undefined property. This vulnerability is due to an incomplete fix for CVE-2025-61927. The vulnerability is fixed in 20.0.2.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62382 - Frigate Vulnerable to Arbitrary File Read via Export Thumbnail "image_path" parameter
Published: Wed, 15 Oct 2025 18:15:40 +0000
CVE ID : CVE-2025-62382
Published : Oct. 15, 2025, 6:15 p.m. | 2 hours, 4 minutes ago
Description : Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Prior to 0.16.2, Frigate's export workflow allows an authenticated operator to nominate any filesystem location as the thumbnail source for a video export. Because that path is copied verbatim into the publicly served clips directory, the feature can be abused to read arbitrary files that reside on the host running Frigate. In practice, a low-privilege user with API access can pivot from viewing camera footage to exfiltrating sensitive configuration files, secrets, or user data from the appliance itself. This behavior violates the principle of least privilege for the export subsystem and turns a convenience feature into a direct information disclosure vector, with exploitation hinging on a short race window while the background exporter copies the chosen file into place before cleanup runs. This vulnerability is fixed in 0.16.2.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62381 - sveltekit-superforms Prototype Pollution in `parseFormData` function of `formData.js`
Published: Wed, 15 Oct 2025 18:15:40 +0000
CVE ID : CVE-2025-62381
Published : Oct. 15, 2025, 6:15 p.m. | 2 hours, 4 minutes ago
Description : sveltekit-superforms makes SvelteKit forms a pleasure to use. sveltekit-superforms v2.27.3 and prior are susceptible to a prototype pollution vulnerability within the parseFormData function of formData.js. An attacker can inject string and array properties into Object.prototype, leading to denial of service, type confusion, and potential remote code execution in downstream applications that rely on polluted objects. This vulnerability is fixed in 2.27.4.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62371 - OpenSearch Data Prepper plugins trusts all SSL certificates by default
Published: Wed, 15 Oct 2025 18:15:39 +0000
CVE ID : CVE-2025-62371
Published : Oct. 15, 2025, 6:15 p.m. | 2 hours, 4 minutes ago
Description : OpenSearch Data Prepper as an open source data collector for observability data. In versions prior to 2.12.2, the OpenSearch sink and source plugins in Data Prepper trust all SSL certificates by default when no certificate path is provided. Prior to this fix, the OpenSearch sink and source plugins would automatically use a trust all SSL strategy when connecting to OpenSearch clusters if no certificate path was explicitly configured. This behavior bypasses SSL certificate validation, potentially allowing attackers to intercept and modify data in transit through man-in-the-middle attacks. The vulnerability affects connections to OpenSearch when the cert parameter is not explicitly provided. This issue has been patched in version 2.12.2. As a workaround, users can add the cert parameter to their OpenSearch sink or source configuration with the path to the cluster's CA certificate.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62380 - Mailgen has HTML Injection and XSS Filter Bypass in Plaintext Emails
Published: Wed, 15 Oct 2025 17:16:00 +0000
CVE ID : CVE-2025-62380
Published : Oct. 15, 2025, 5:16 p.m. | 3 hours, 3 minutes ago
Description : mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Mailgen versions through 2.0.31 contain an HTML injection vulnerability in plaintext emails generated with the generatePlaintext method when user generated content is supplied. The plaintext generation code attempts to strip HTML tags using a regular expression and then decodes HTML entities, but tags that include certain Unicode line separator characters are not matched and removed. These encoded tags are later decoded into valid HTML content, allowing unexpected HTML to remain in output intended to be plaintext. Projects are affected if they call Mailgen.generatePlaintext with untrusted input and then render or otherwise process the returned string in a context where HTML is interpreted. This can lead to execution of attacker supplied script in the victim’s browser. Version 2.0.32 fixes the issue.
Severity: 2.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62378 - CommandKit exposes incorrect command name in context object for message command aliases
Published: Wed, 15 Oct 2025 17:16:00 +0000
CVE ID : CVE-2025-62378
Published : Oct. 15, 2025, 5:16 p.m. | 3 hours, 3 minutes ago
Description : CommandKit is the discord.js meta-framework for building Discord bots. In versions 1.2.0-rc.1 through 1.2.0-rc.11, a logic flaw exists in the message command handler that affects how the commandName property is exposed to both middleware functions and command execution contexts when handling command aliases. When a message command is invoked using an alias, the ctx.commandName value reflects the alias rather than the canonical command name. This occurs in both middleware functions and within the command's own run function. Although not explicitly documented, CommandKit's examples and guidance around middleware usage implicitly convey that ctx.commandName represents the canonical command identifier. Middleware examples in the documentation consistently use ctx.commandName to reference the command being executed. Developers who assume ctx.commandName is canonical may introduce unintended behavior when relying on it for logic such as permission checks, rate limiting, or audit logging. This could allow unauthorized command execution or inaccurate access control decisions. Slash commands and context menu commands are not affected. This issue has been patched in version 1.2.0-rc.12, where ctx.commandName now consistently returns the actual canonical command name regardless of the alias used to invoke it.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58133 - Zoom Rooms Clients - Authentication Bypass
Published: Wed, 15 Oct 2025 17:16:00 +0000
CVE ID : CVE-2025-58133
Published : Oct. 15, 2025, 5:16 p.m. | 3 hours, 3 minutes ago
Description : Authentication bypass in some Zoom Rooms Clients before version 6.5.1 may allow an unauthenticated user to conduct a disclosure of information via network access.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58132 - Zoom Clients for Windows - Command Injection
Published: Wed, 15 Oct 2025 17:15:59 +0000
CVE ID : CVE-2025-58132
Published : Oct. 15, 2025, 5:15 p.m. | 3 hours, 3 minutes ago
Description : Command injection in some Zoom Clients for Windows may allow an authenticated user to conduct a disclosure of information via network access.
Severity: 4.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54271 - Creative Cloud Desktop | Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)
Published: Wed, 15 Oct 2025 17:15:59 +0000
CVE ID : CVE-2025-54271
Published : Oct. 15, 2025, 5:15 p.m. | 3 hours, 3 minutes ago
Description : Creative Cloud Desktop versions 6.7.0.278 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to arbitrary file system write. A low-privileged attacker could exploit the timing between the check and use of a resource, potentially allowing unauthorized modifications to files. Exploitation of this issue does not require user interaction.
Severity: 5.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20360 - Cisco Snort 3 HTTP Decoder HTTP Header Parsing DoS Vulnerability
Published: Wed, 15 Oct 2025 17:15:49 +0000
CVE ID : CVE-2025-20360
Published : Oct. 15, 2025, 5:15 p.m. | 3 hours, 4 minutes ago
Description : Multiple Cisco products are affected by a vulnerability in the Snort 3 HTTP Decoder that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart.
This vulnerability is due to a lack of complete error checking when the MIME fields of the HTTP header are parsed. An attacker could exploit this vulnerability by sending crafted HTTP packets through an established connection to be parsed by Snort 3. A successful exploit could allow the attacker to cause a DoS condition when the Snort 3 Detection Engine unexpectedly restarts.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20359 - Multiple Cisco Products Snort 3 MIME Information Disclosure or Denial of Service Vulnerability
Published: Wed, 15 Oct 2025 17:15:49 +0000
CVE ID : CVE-2025-20359
Published : Oct. 15, 2025, 5:15 p.m. | 3 hours, 4 minutes ago
Description : Multiple Cisco products are affected by a vulnerability in the Snort 3 HTTP Decoder that could allow an unauthenticated, remote attacker to cause the disclosure of possible sensitive data or cause the Snort 3 Detection Engine to crash.
This vulnerability is due to an error in the logic of buffer handling when the MIME fields of the HTTP header are parsed. This can result in a buffer under-read. An attacker could exploit this vulnerability by sending crafted HTTP packets through an established connection that is parsed by Snort 3. A successful exploit could allow the attacker to induce one of two possible outcomes: the unexpected restarting of the Snort 3 Detection Engine, which could cause a denial of service (DoS) condition, or information disclosure of sensitive information in the Snort 3 data stream. Due to the under-read condition, it is possible that sensitive information that is not valid connection data could be returned.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20351 - Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Firmware Cross-Site Scripting Vulnerability
Published: Wed, 15 Oct 2025 17:15:49 +0000
CVE ID : CVE-2025-20351
Published : Oct. 15, 2025, 5:15 p.m. | 3 hours, 4 minutes ago
Description : A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of the web UI.
This vulnerability exists because the web UI of an affected device does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
Note: To exploit this vulnerability, the phone must be registered to Cisco Unified Communications Manager and have Web Access enabled. Web Access is disabled by default.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20350 - Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Firmware Denial of Service Vulnerability
Published: Wed, 15 Oct 2025 17:15:48 +0000
CVE ID : CVE-2025-20350
Published : Oct. 15, 2025, 5:15 p.m. | 3 hours, 4 minutes ago
Description : A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device.
This vulnerability is due to a buffer overflow when an affected device processes HTTP packets. An attacker could exploit this vulnerability by sending crafted HTTP input to the device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
Note: To exploit this vulnerability, the phone must be registered to Cisco Unified Communications Manager and have Web Access enabled. Web Access is disabled by default.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-20329 - Cisco TelePresence Collaboration Endpoint and RoomOS Software Information Disclosure Vulnerability
Published: Wed, 15 Oct 2025 17:15:48 +0000
CVE ID : CVE-2025-20329
Published : Oct. 15, 2025, 5:15 p.m. | 3 hours, 4 minutes ago
Description : A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials.
This vulnerability exists because certain unencrypted credentials are stored when SIP media component logging is enabled. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials to which they may not normally have access. A successful exploit could allow the attacker to use those credentials to access confidential information, some of which may contain personally identifiable information (PII).
Note: To access the logs that are stored in the Webex Cloud or stored on the device itself, an attacker must have valid administrative credentials.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10577 - Sound Research SECOMNService Escalation of Privilege
Published: Wed, 15 Oct 2025 17:15:48 +0000
CVE ID : CVE-2025-10577
Published : Oct. 15, 2025, 5:15 p.m. | 3 hours, 4 minutes ago
Description : Potential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver, which might allow escalation of privilege. HP is releasing updated audio packages to mitigate the potential vulnerabilities
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10576 - Sound Research SECOMNService Escalation of Privilege
Published: Wed, 15 Oct 2025 17:15:47 +0000
CVE ID : CVE-2025-10576
Published : Oct. 15, 2025, 5:15 p.m. | 3 hours, 4 minutes ago
Description : Potential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver, which might allow escalation of privilege. HP is releasing updated audio packages to mitigate the potential vulnerabilities.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62379 - Open Redirect in reflex-dev/reflex
Published: Wed, 15 Oct 2025 16:15:36 +0000
CVE ID : CVE-2025-62379
Published : Oct. 15, 2025, 4:15 p.m. | 4 hours, 4 minutes ago
Description : Reflex is a library to build full-stack web apps in pure Python. In versions 0.5.4 through 0.8.14, the /auth-codespace endpoint automatically assigns the redirect_to query parameter value directly to client-side links without any validation and triggers automatic clicks when the page loads in a GitHub Codespaces environment. This allows attackers to redirect users to arbitrary external URLs. The vulnerable route is only registered when a Codespaces environment is detected, and the detection is controlled by environment variables. The same behavior can be activated in production if the GITHUB_CODESPACES_PORT_FORWARDING_DOMAIN environment variable is set. The vulnerability occurs because the code assigns the redirect_to query parameter directly to a.href without any validation and immediately triggers a click (automatic navigation), allowing users to be sent to arbitrary external domains. The execution condition is based on the presence of a sessionStorage flag, meaning it triggers immediately on first visits or in incognito/private browsing windows, with no server-side origin/scheme whitelist or internal path enforcement defenses in place. This issue has been patched in version 0.8.15. As a workaround, users can ensure that GITHUB_CODESPACES_PORT_FORWARDING_DOMAIN is not set in a production environment.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
