Total
316558 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-27925 | 1 Synacor | 1 Zimbra Collaboration Suite | 2025-10-31 | 6.5 MEDIUM | 7.2 HIGH |
| Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated user with administrator rights has the ability to upload arbitrary files to the system, leading to directory traversal. | |||||
| CVE-2022-26871 | 1 Trendmicro | 2 Apex Central, Apex One | 2025-10-31 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to upload an arbitrary file which could lead to remote code execution. | |||||
| CVE-2025-62651 | 1 Rbi | 1 Restaurant Brands International Assistant | 2025-10-31 | N/A | 6.5 MEDIUM |
| The Restaurant Brands International (RBI) assistant platform through 2025-09-06 does not implement access control for the bathroom rating interface. | |||||
| CVE-2025-62642 | 1 Rbi | 1 Restaurant Brands International Assistant | 2025-10-31 | N/A | 5.8 MEDIUM |
| The Restaurant Brands International (RBI) assistant platform through 2025-09-06 has an "Anyone Can Join This Party" signup API that does not verify user account creation, allowing a remote unauthenticated attacker to create a user account. | |||||
| CVE-2025-62647 | 1 Rbi | 1 Restaurant Brands International Assistant | 2025-10-31 | N/A | 5.0 MEDIUM |
| The Restaurant Brands International (RBI) assistant platform through 2025-09-06 provides the functionality of returning a JWT that can be used to call an API to return a signed AWS upload URL, for any store's path. | |||||
| CVE-2025-62648 | 1 Rbi | 1 Restaurant Brands International Assistant | 2025-10-31 | N/A | 6.4 MEDIUM |
| The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote attackers to adjust Drive Thru speaker audio volume. | |||||
| CVE-2025-62650 | 1 Rbi | 1 Restaurant Brands International Assistant | 2025-10-31 | N/A | 8.3 HIGH |
| The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for use of the diagnostic screen. | |||||
| CVE-2024-55548 | 1 Oringnet | 2 Iap-420, Iap-420 Firmware | 2025-10-31 | N/A | 7.5 HIGH |
| Improper check of password character lenght in ORing IAP-420 allows a forced deadlock. This issue affects IAP-420: through 2.01e. | |||||
| CVE-2024-55544 | 1 Oringnet | 2 Iap-420, Iap-420 Firmware | 2025-10-31 | N/A | 8.8 HIGH |
| Missing input validation in the ORing IAP-420 web-interface allows authenticated Command Injections on OS level.This issue affects IAP-420 version 2.01e and below. | |||||
| CVE-2025-62646 | 1 Rbi | 1 Restaurant Brands International Assistant | 2025-10-31 | N/A | 5.0 MEDIUM |
| The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote attackers to review the stored audio of conversations between associates and Drive Thru customers. | |||||
| CVE-2024-55547 | 1 Oringnet | 2 Iap-420, Iap-420 Firmware | 2025-10-31 | N/A | 9.8 CRITICAL |
| SNMP objects in NET-SNMP used in ORing IAP-420 allows Command Injection. This issue affects IAP-420: through 2.01e. | |||||
| CVE-2024-55546 | 1 Oringnet | 2 Iap-420, Iap-420 Firmware | 2025-10-31 | N/A | 5.4 MEDIUM |
| Missing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below. | |||||
| CVE-2024-55545 | 1 Oringnet | 2 Iap-420, Iap-420 Firmware | 2025-10-31 | N/A | 6.1 MEDIUM |
| Missing input validation in the ORing IAP-420 web-interface allows Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below. | |||||
| CVE-2025-62643 | 1 Rbi | 1 Restaurant Brands International Assistant | 2025-10-31 | N/A | 3.4 LOW |
| The Restaurant Brands International (RBI) assistant platform through 2025-09-06 transmits passwords of user accounts in cleartext e-mail messages. | |||||
| CVE-2025-62644 | 1 Rbi | 1 Restaurant Brands International Assistant | 2025-10-31 | N/A | 5.0 MEDIUM |
| The Restaurant Brands International (RBI) assistant platform through 2025-09-06 has a Global Store Directory that shares personal information among authenticated users. | |||||
| CVE-2025-11618 | 1 Amazon | 1 Freertos-plus-tcp | 2025-10-31 | N/A | 4.3 MEDIUM |
| A missing validation check in FreeRTOS-Plus-TCP's UDP/IPv6 packet processing code can lead to an invalid pointer dereference when receiving a UDP/IPv6 packet with an incorrect IP version field in the packet header. This issue only affects applications using IPv6. We recommend upgrading to the latest version and ensure any forked or derivative code is patched to incorporate the new fixes. | |||||
| CVE-2025-11616 | 1 Amazon | 1 Freertos-plus-tcp | 2025-10-31 | N/A | 5.4 MEDIUM |
| A missing validation check in FreeRTOS-Plus-TCP's ICMPv6 packet processing code can lead to an out-of-bounds read when receiving ICMPv6 packets of certain message types which are smaller than the expected size. These issues only affect applications using IPv6. Users should upgrade to the latest version and ensure any forked or derivative code is patched to incorporate the new fixes. | |||||
| CVE-2025-11617 | 1 Amazon | 1 Freertos-plus-tcp | 2025-10-31 | N/A | 5.4 MEDIUM |
| A missing validation check in FreeRTOS-Plus-TCP's IPv6 packet processing code can lead to an out-of-bounds read when receiving a IPv6 packet with incorrect payload lengths in the packet header. This issue only affects applications using IPv6. We recommend users upgrade to the latest version and ensure any forked or derivative code is patched to incorporate the new fixes. | |||||
| CVE-2025-21955 | 1 Linux | 1 Linux Kernel | 2025-10-31 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: ksmbd: prevent connection release during oplock break notification ksmbd_work could be freed when after connection release. Increment r_count of ksmbd_conn to indicate that requests are not finished yet and to not release the connection. | |||||
| CVE-2025-21954 | 1 Linux | 1 Linux Kernel | 2025-10-31 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: netmem: prevent TX of unreadable skbs Currently on stable trees we have support for netmem/devmem RX but not TX. It is not safe to forward/redirect an RX unreadable netmem packet into the device's TX path, as the device may call dma-mapping APIs on dma addrs that should not be passed to it. Fix this by preventing the xmit of unreadable skbs. Tested by configuring tc redirect: sudo tc qdisc add dev eth1 ingress sudo tc filter add dev eth1 ingress protocol ip prio 1 flower ip_proto \ tcp src_ip 192.168.1.12 action mirred egress redirect dev eth1 Before, I see unreadable skbs in the driver's TX path passed to dma mapping APIs. After, I don't see unreadable skbs in the driver's TX path passed to dma mapping APIs. | |||||