2025-10-22 Daily Vulns
NEW:
| CVE | vendor-product | description | metric | Referenceurl | title | GithubURL | |
|---|---|---|---|---|---|---|---|
| CVE-2025-11534 | Raisecomm - RAX701-GC-WP-01 P200R002C52Raisecomm - RAX701-GC-WP-01 P200R002C53 | The affected Raisecom devices allow SSH sessions to be established without completing user authentication. This could allow attackers to gain shell access without valid credentials. | CVSS4.0: 9.3 - CRITICAL | 0 | Exploitation: noneAutomatable: yesTechnical Impact: total | Authentication Bypass Using an Alternate Path or Channel in Raisecomm RAX701-GC Series | github |
| CVE-2025-22166 | Atlassian - Confluence Data Center | This High severity DoS (Denial of Service) vulnerability was introduced in version 2.0 of Confluence Data Center. This DoS (Denial of Service) vulnerability, with a CVSS Score of 8.3, allows an attacker to cause a resource to be unavailable for its intended users by temporarily or indefinitely disrupting services of a host connected to a network. Atlassian recommends that Confluence Data Center customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Confluence Data Center and Server 8.5: Upgrade to a release greater than or equal to 8.5.25 Confluence Data Center and Server 9.2: Upgrade to a release greater than or equal to 9.2.7 Confluence Data Center and Server 10.0: Upgrade to a release greater than or equal to 10.0.2 See the release notes ([https://confluence.atlassian.com/doc/confluence-release-notes-327.html]). You can download the latest version of Confluence Data Center from the download center ([https://www.atlassian.com/software/confluence/download-archives]). This vulnerability was reported via our Atlassian (Internal) program. | CVSS4.0: 8.3 - HIGH | 0 1 | Exploitation: noneAutomatable: noTechnical Impact: partial | undefined | github |
| CVE-2018-25118 | GeoVision Inc. - GV-BX1500GeoVision Inc. - GV-MFD1501GeoVision Inc. - GeoVision embedded IP devices | GeoVision embedded IP devices, confirmed on GV-BX1500 and GV-MFD1501, contain a remote command injection vulnerability via /PictureCatch.cgi that enables an attacker to execute arbitrary commands on the device. VulnCheck has observed this vulnerability being exploited in the wild as of 2025-10-19 08:55:13.141502 UTC. | CVSS4.0: 9.3 - CRITICAL | 0 1 2 3 | Exploitation: pocAutomatable: yesTechnical Impact: total | GeoVision Command Injection RCE via /PictureCatch.cgi | github |
This post is licensed under CC BY 4.0 by the author.