Security Vulnerabilities
When passing through PCI devices, the detach logic in libxl won't remove
access permissions to any 64bit memory BARs the device might have. As a
result a domain can still have access any 64bit memory BAR when such
device is no longer assigned to the domain.
For PV domains the permission leak allows the domain itself to map the memory
in the page-tables. For HVM it would require a compromised device model or
stubdomain to map the leaked memory into the HVM domain p2m.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-10-31
[This CNA information record relates to multiple CVEs; the
text explains which aspects/vulnerabilities correspond to which CVE.]
Some Viridian hypercalls can specify a mask of vCPU IDs as an input, in
one of three formats. Xen has boundary checking bugs with all three
formats, which can cause out-of-bounds reads and writes while processing
the inputs.
* CVE-2025-58147. Hypercalls using the HV_VP_SET Sparse format can
cause vpmask_set() to write out of bounds when converting the bitmap
to Xen's format.
* CVE-2025-58148. Hypercalls using any input format can cause
send_ipi() to read d->vcpu[] out-of-bounds, and operate on a wild
vCPU pointer.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-10-31
A potential exposure of sensitive information in log files in SonicWall SMA100 Series appliances may allow a remote, authenticated administrator, under certain conditions to view partial users credential data.
CVSS Score
4.5
EPSS Score
0.001
Published
2025-10-31
Sensitive data exposure via logging in basic-auth leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG. This creates a high risk of credential compromise through log access.
It has been fixed in the following commit: https://github.com/apache/apisix/pull/12629
Users are recommended to upgrade to version 3.14, which fixes this issue.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-10-31
cryptidy through 1.2.4 allows code execution via untrusted data because pickle.loads is used. This occurs in aes_decrypt_message in symmetric_encryption.py.
CVSS Score
6.9
EPSS Score
0.0
Published
2025-10-31
A malicious actor with access to the management network could exploit a misconfiguration in UniFi’s door access application, UniFi Access, that exposed a management API without proper authentication. This vulnerability was introduced in Version 3.3.22 and was fixed in Version 4.0.21 and later.
Affected Products:
UniFi Access Application (Version 3.3.22 through 3.4.31).
Mitigation:
Update your UniFi Access Application to Version 4.0.21 or later.
CVSS Score
10.0
EPSS Score
0.102
Published
2025-10-31
LibreChat version 0.7.9 is vulnerable to a Denial of Service (DoS) attack due to unbounded parameter values in the `/api/memories` endpoint. The `key` and `value` parameters accept arbitrarily large inputs without proper validation, leading to a null pointer error in the Rust-based backend when excessively large values are submitted. This results in the inability to create new memories, impacting the stability of the service.
CVSS Score
5.4
EPSS Score
0.001
Published
2025-10-31
A reflected Cross-Site Scripting (XSS) vulnerability has been identified in Revive Adserver version 5.5.2. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and execute injected JavaScript code in the context of the victim's browser. The session cookie cannot be accessed, but a number of other operations could be performed.
The vulnerability is present in the admin-search.php file and can be exploited via the compact parameter.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-10-31
This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation if a system administrator is tricked into restoring a malicious file.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-10-31
A vulnerability in the Mount service of Veeam Backup & Replication, which allows for remote code execution (RCE) on the Backup infrastructure hosts by an authenticated domain user.
CVSS Score
9.9
EPSS Score
0.003
Published
2025-10-31