CVE Feeds
Latest Critical CVEs
Updates on the latest high and critical severity vulnerabilities.
-
CVE-2025-65947 - thread-amount is Vulnerable to Resource Exhaustion (Memory and Handle Leaks) on Windows and macOS
CVE ID :CVE-2025-65947
Published : Nov. 21, 2025, 11:15 p.m. | 12 hours, 41 minutes ago
Description :thread-amount is a tool that gets the amount of threads in the current process. Prior to version 0.2.2, there are resource leaks when querying thread counts on Windows and Apple platforms. In Windows platforms, the thread_amount function calls CreateToolhelp32Snapshot but fails to close the returned HANDLE using CloseHandle. Repeated calls to this function will cause the handle count of the process to grow indefinitely, eventually leading to system instability or process termination when the handle limit is reached. In Apple platforms, the thread_amount function calls task_threads (via Mach kernel APIs) which allocates memory for the thread list. The function fails to deallocate this memory using vm_deallocate. Repeated calls will result in a steady memory leak, eventually causing the process to be killed by the OOM (Out of Memory) killer. This issue has been patched in version 0.2.2.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-65946 - Roo Code is Vulnerable to Potential Remote Code Execution via zsh Command Validation Bug
CVE ID :CVE-2025-65946
Published : Nov. 21, 2025, 11:15 p.m. | 12 hours, 41 minutes ago
Description :Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Prior to version 3.26.7, Due to an error in validation it was possible for Roo to automatically execute commands that did not match the allow list prefixes. This issue has been patched in version 3.26.7.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-65109 - Minder does not sandbox http.send in Rego programs
CVE ID :CVE-2025-65109
Published : Nov. 21, 2025, 10:16 p.m. | 13 hours, 40 minutes ago
Description :Minder is an open source software supply chain security platform. In Minder Helm version 0.20241106.3386+ref.2507dbf and Minder Go versions from 0.0.72 to 0.0.83, Minder users may fetch content in the context of the Minder server, which may include URLs which the user would not normally have access to. This issue has been patched in Minder Helm version 0.20250203.3849+ref.fdc94f0 and Minder Go version 0.0.84.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-65108 - md-to-pdf is vulnerable to arbitrary JavaScript code execution when parsing front matter
CVE ID :CVE-2025-65108
Published : Nov. 21, 2025, 10:16 p.m. | 13 hours, 40 minutes ago
Description :md-to-pdf is a CLI tool for converting Markdown files to PDF using Node.js and headless Chrome. Prior to version 5.2.5, a Markdown front-matter block that contains JavaScript delimiter causes the JS engine in gray-matter library to execute arbitrary code in the Markdown to PDF converter process of md-to-pdf library, resulting in remote code execution. This issue has been patched in version 5.2.5.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-65106 - LangChain Vulnerable to Template Injection via Attribute Access in Prompt Templates
CVE ID :CVE-2025-65106
Published : Nov. 21, 2025, 10:16 p.m. | 13 hours, 40 minutes ago
Description :LangChain is a framework for building agents and LLM-powered applications. From versions 0.3.79 and prior and 1.0.0 to 1.0.6, a template injection vulnerability exists in LangChain's prompt template system that allows attackers to access Python object internals through template syntax. This vulnerability affects applications that accept untrusted template strings (not just template variables) in ChatPromptTemplate and related prompt template classes. This issue has been patched in versions 0.3.80 and 1.0.7.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-65102 - PJSIP is vulnerable to buffer overflow in Opus PLC
CVE ID :CVE-2025-65102
Published : Nov. 21, 2025, 10:16 p.m. | 13 hours, 40 minutes ago
Description :PJSIP is a free and open source multimedia communication library. Prior to version 2.16, Opus PLC may zero-fill the input frame as long as the decoder ptime, while the input frame length, which is based on stream ptime, may be less than that. This issue affects PJSIP users who use the Opus audio codec in receiving direction. The vulnerability can lead to unexpected application termination due to a memory overwrite. This issue has been patched in version 2.16.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-11087 - Zegen Core Forgery to Arbitrary File Upload
CVE ID :CVE-2025-11087
Published : Nov. 21, 2025, 9:15 p.m. | 14 hours, 41 minutes ago
Description :The Zegen Core plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 2.0.1. This is due to missing nonce validation and missing file type validation in the '/custom-font-code/custom-fonts-uploads.php' file. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-64767 - hpke-js reuses AEAD nonces
CVE ID :CVE-2025-64767
Published : Nov. 21, 2025, 7:16 p.m. | 16 hours, 40 minutes ago
Description :hpke-js is a Hybrid Public Key Encryption (HPKE) module built on top of Web Cryptography API. Prior to version 1.7.5, the public SenderContext Seal() API has a race condition which allows for the same AEAD nonce to be re-used for multiple Seal() calls. This can lead to complete loss of Confidentiality and Integrity of the produced messages. This issue has been patched in version 1.7.5.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-41115 - Incorrect privilege assignment
CVE ID :CVE-2025-41115
Published : Nov. 21, 2025, 3:15 p.m. | 20 hours, 41 minutes ago
Description :SCIM provisioning was introduced in Grafana Enterprise and Grafana Cloud in April to improve how organizations manage users and teams in Grafana by introducing automated user lifecycle management. In Grafana versions 12.x where SCIM provisioning is enabled and configured, a vulnerability in user identity handling allows a malicious or compromised SCIM client to provision a user with a numeric externalId, which in turn could allow to override internal user IDs and lead to impersonation or privilege escalation. This vulnerability applies only if all of the following conditions are met: - `enableSCIM` feature flag set to true - `user_sync_enabled` config option in the `[auth.scim]` block set to true
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-11127 - Mstoreapp Mobile (App nticated Privilege Escalation
CVE ID :CVE-2025-11127
Published : Nov. 21, 2025, 2:15 p.m. | 21 hours, 41 minutes ago
Description :The Mstoreapp Mobile App WordPress plugin through 2.08 and Mstoreapp Mobile Multivendor through 9.0.1 do not properly verify users identify when using an AJAX action, allowing unauthenticated users to retrieve a valid session for arbitrary users by knowing their email address.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-13156 - Vitepos – Point of Sale (POS) for WooCommerce mote Code Execution
CVE ID :CVE-2025-13156
Published : Nov. 21, 2025, 9:15 a.m. | 1 day, 2 hours ago
Description :The Vitepos – Point of Sale (POS) for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the insert_media_attachment() function in all versions up to, and including, 3.3.0. This is due to the save_update_category_img() function accepting user-supplied file types without validation when processing category images. This makes it possible for authenticated attackers, with subscriber level access and above, to upload arbitrary files on the affected site's server which makes remote code execution possible.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-13322 - WP AUDIO GALLERY ) Arbitrary File Deletion via 'audio_upload' Parameter
CVE ID :CVE-2025-13322
Published : Nov. 21, 2025, 8:15 a.m. | 1 day, 3 hours ago
Description :The WP AUDIO GALLERY plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in all versions up to, and including, 2.0. This is due to the `wpag_uploadaudio_callback()` AJAX handler not properly validating user-supplied file paths in the `audio_upload` parameter before passing them to `unlink()`. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when critical files like wp-config.php are deleted.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-12138 - URL Image Importer bitrary File Upload
CVE ID :CVE-2025-12138
Published : Nov. 21, 2025, 8:15 a.m. | 1 day, 3 hours ago
Description :The URL Image Importer plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, and including, 1.0.6. This is due to the plugin relying on a user-controlled Content-Type HTTP header to validate file uploads in the 'uimptr_import_image_from_url()' function which writes the file to the server before performing proper validation. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible via the uploaded PHP file.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-11985 - Realty Portal to Authenticated (Subscriber+) Arbitrary Options Update
CVE ID :CVE-2025-11985
Published : Nov. 21, 2025, 8:15 a.m. | 1 day, 3 hours ago
Description :The Realty Portal plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'rp_save_property_settings' function in versions 0.1 to 0.4.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-11456 - ELEX WordPress HelpDesk & Customer Ticketing System
CVE ID :CVE-2025-11456
Published : Nov. 21, 2025, 8:15 a.m. | 1 day, 3 hours ago
Description :The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the eh_crm_new_ticket_post() function in all versions up to, and including, 3.3.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-64695 - LogStare Collector Windows Installer Uncontrolled Search Path Element Vulnerability (RCE)
CVE ID :CVE-2025-64695
Published : Nov. 21, 2025, 7:15 a.m. | 1 day, 4 hours ago
Description :Uncontrolled search path element issue exists in the installer of LogStare Collector (for Windows). If exploited, arbitrary code may be executed with the privilege of the user invoking the installer.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-64310 - Epson Projector WebConfig Brute Force Authentication Vulnerability
CVE ID :CVE-2025-64310
Published : Nov. 21, 2025, 3:16 a.m. | 1 day, 8 hours ago
Description :EPSON WebConfig and Epson Web Control for SEIKO EPSON Projector Products do not restrict excessive authentication attempts. An administrative user's password may be identified through a brute force attack.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-64762 - authkit-nextjs may let session cookies be cached in CDNs
CVE ID :CVE-2025-64762
Published : Nov. 21, 2025, 2:15 a.m. | 1 day, 9 hours ago
Description :The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js. In authkit-nextjs version 2.11.0 and below, authenticated responses do not defensively apply anti-caching headers. In environments where CDN caching is enabled, this can result in session tokens being included in cached responses and subsequently served to multiple users. Next.js applications deployed on Vercel are unaffected unless they manually enable CDN caching by setting cache headers on authenticated paths. Patched in authkit-nextjs 2.11.1, which applies anti-caching headers to all responses behind authentication.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-64755 - @anthropic-ai/claude-code has Sed Command Validation Bypass that Allows Arbitrary File Writes
CVE ID :CVE-2025-64755
Published : Nov. 21, 2025, 2:15 a.m. | 1 day, 9 hours ago
Description :Claude Code is an agentic coding tool. Prior to version 2.0.31, due to an error in sed command parsing, it was possible to bypass the Claude Code read-only validation and write to arbitrary files on the host system. This issue has been patched in version 2.0.31.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-62372 - vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs
CVE ID :CVE-2025-62372
Published : Nov. 21, 2025, 2:15 a.m. | 1 day, 9 hours ago
Description :vLLM is an inference and serving engine for large language models (LLMs). From version 0.5.5 to before 0.11.1, users can crash the vLLM engine serving multimodal models by passing multimodal embedding inputs with correct ndim but incorrect shape (e.g. hidden dimension is wrong), regardless of whether the model is intended to support such inputs (as defined in the Supported Models page). This issue has been patched in version 0.11.1.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Information
Vortech Consulting is a network security and design consulting firm originally founded in 1997. Over our nearly 30 year history we have provided security services and products for a wide variety of companies around the globe.
Company
Who's Online
We have 290 guests and no members online