Total
68 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-13026 | 1 Mozilla | 1 Firefox | 2025-11-19 | N/A | 9.8 CRITICAL |
| Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 145 and Thunderbird < 145. | |||||
| CVE-2025-13023 | 1 Mozilla | 1 Firefox | 2025-11-19 | N/A | 9.8 CRITICAL |
| Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 145 and Thunderbird < 145. | |||||
| CVE-2025-13022 | 1 Mozilla | 1 Firefox | 2025-11-19 | N/A | 9.8 CRITICAL |
| Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 145 and Thunderbird < 145. | |||||
| CVE-2025-13021 | 1 Mozilla | 1 Firefox | 2025-11-19 | N/A | 9.8 CRITICAL |
| Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 145 and Thunderbird < 145. | |||||
| CVE-2025-12890 | 2025-11-12 | N/A | 6.5 MEDIUM | ||
| Improper handling of malformed Connection Request with the interval set to be 1 (which supposed to be illegal) and the chM 0x7CFFFFFFFF triggers a crash. The peripheral will not be connectable after it. | |||||
| CVE-2025-64435 | 2025-11-12 | N/A | 5.3 MEDIUM | ||
| KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.7.0-beta.0, a logic flaw in the virt-controller allows an attacker to disrupt the control over a running VMI by creating a pod with the same labels as the legitimate virt-launcher pod associated with the VMI. This can mislead the virt-controller into associating the fake pod with the VMI, resulting in incorrect status updates and potentially causing a DoS (Denial-of-Service). This vulnerability is fixed in 1.7.0-beta.0. | |||||
| CVE-2025-43458 | 1 Apple | 6 Ipados, Iphone Os, Safari and 3 more | 2025-11-05 | N/A | 4.3 MEDIUM |
| This issue was addressed through improved state management. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. Processing maliciously crafted web content may lead to an unexpected process crash. | |||||
| CVE-2025-43427 | 1 Apple | 5 Ipados, Iphone Os, Safari and 2 more | 2025-11-05 | N/A | 4.3 MEDIUM |
| This issue was addressed through improved state management. This issue is fixed in iOS 26.1 and iPadOS 26.1, tvOS 26.1, Safari 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash. | |||||
| CVE-2025-43430 | 1 Apple | 6 Ipados, Iphone Os, Safari and 3 more | 2025-11-05 | N/A | 4.3 MEDIUM |
| This issue was addressed through improved state management. This issue is fixed in Safari 26.1, visionOS 26.1, watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash. | |||||
| CVE-2025-43240 | 1 Apple | 2 Macos, Safari | 2025-11-04 | N/A | 6.2 MEDIUM |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.6, Safari 18. 6. A download's origin may be incorrectly associated. | |||||
| CVE-2023-51443 | 1 Freeswitch | 1 Freeswitch | 2025-11-04 | N/A | 7.5 HIGH |
| FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.11, when handling DTLS-SRTP for media setup, FreeSWITCH is susceptible to Denial of Service due to a race condition in the hello handshake phase of the DTLS protocol. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. If an attacker manages to send a ClientHello DTLS message with an invalid CipherSuite (such as `TLS_NULL_WITH_NULL_NULL`) to the port on the FreeSWITCH server that is expecting packets from the caller, a DTLS error is generated. This results in the media session being torn down, which is followed by teardown at signaling (SIP) level too. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable FreeSWITCH servers for calls that rely on DTLS-SRTP. To address this vulnerability, upgrade FreeSWITCH to 1.10.11 which includes the security fix. The solution implemented is to drop all packets from addresses that have not been validated by an ICE check. | |||||
| CVE-2023-45927 | 1 Jedsoft | 1 S-lang | 2025-11-04 | N/A | 9.1 CRITICAL |
| S-Lang 2.3.2 was discovered to contain an arithmetic exception via the function tt_sprintf(). | |||||
| CVE-2024-55548 | 1 Oringnet | 2 Iap-420, Iap-420 Firmware | 2025-11-03 | N/A | 7.5 HIGH |
| Improper check of password character lenght in ORing IAP-420 allows a forced deadlock. This issue affects IAP-420: through 2.01e. | |||||
| CVE-2024-25741 | 1 Linux | 1 Linux Kernel | 2025-11-03 | N/A | 5.5 MEDIUM |
| printer_write in drivers/usb/gadget/function/f_printer.c in the Linux kernel through 6.7.4 does not properly call usb_ep_queue, which might allow attackers to cause a denial of service or have unspecified other impact. | |||||
| CVE-2025-24188 | 1 Apple | 2 Macos, Safari | 2025-11-03 | N/A | 6.5 MEDIUM |
| A logic issue was addressed with improved checks. This issue is fixed in Safari 18.6, macOS Sequoia 15.6. Processing maliciously crafted web content may lead to an unexpected Safari crash. | |||||
| CVE-2025-31998 | 1 Hcltech | 1 Unica Centralized Offer Management | 2025-10-29 | N/A | 3.5 LOW |
| HCL Unica Centralized Offer Management is vulnerable to poor unhandled exceptions which exposes sensitive information. An attacker can exploit use this information to exploit known vulnerabilities launch targeted attacks, such as remote code execution or denial of service. | |||||
| CVE-2025-58153 | 1 F5 | 21 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 18 more | 2025-10-22 | N/A | 5.9 MEDIUM |
| Under undisclosed traffic conditions along with conditions beyond the attacker's control, hardware systems with a High-Speed Bridge (HSB) may experience a lockup of the HSB. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2025-43296 | 1 Apple | 1 Macos | 2025-10-20 | N/A | 5.5 MEDIUM |
| A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26. An app may bypass Gatekeeper checks. | |||||
| CVE-2025-61602 | 1 Bigbluebutton | 1 Bigbluebutton | 2025-10-20 | N/A | 7.5 HIGH |
| BigBlueButton is an open-source virtual classroom. A denial-of-service (DoS) vulnerability in versions prior to 3.0.13 allows any authenticated user to crash the chat functionality for all participants in a meeting by sending a malformed `reactionEmojiId` in the GraphQL mutation `chatSendMessageReaction`. Version 3.0.13 contains a patch. No known workarounds are available. | |||||
| CVE-2025-61601 | 1 Bigbluebutton | 1 Bigbluebutton | 2025-10-20 | N/A | 7.5 HIGH |
| BigBlueButton is an open-source virtual classroom. A Denial of Service (DoS) vulnerability in versions prior to 3.0.13 allows any authenticated user to freeze or crash the entire server by abusing the polling feature's `Choices` response type. By submitting a malicious payload with a massive array in the `answerIds` field, the attacker can cause the current meeting — and potentially all meetings on the server — to become unresponsive. Version 3.0.13 contains a patch. No known workarounds are available. | |||||