Latest CVE Feed
-
6.3
MEDIUMCVE-2025-66522
A stored cross-site scripting (XSS) vulnerability exists in the Digital IDs functionality of the Foxit PDF Editor Cloud (pdfonline.foxit.com). The application does not properly sanitize or encode the Common Name field of Digital IDs before inserting user-... Read more
Affected Products : pdf_editor_cloud- Published: Dec. 19, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Cross-Site Scripting
-
6.3
MEDIUMCVE-2025-12084
When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents.... Read more
Affected Products : python- Published: Dec. 03, 2025
- Modified: Dec. 22, 2025
- Vuln Type: Denial of Service
-
6.3
MEDIUMCVE-2025-46268
Advantech WebAccess/SCADA is vulnerable to SQL injection, which may allow an attacker to execute arbitrary SQL commands.... Read more
Affected Products : webaccess\/scada- Published: Dec. 18, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Injection
-
6.3
MEDIUMCVE-2025-13836
When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other... Read more
Affected Products : python- Published: Dec. 01, 2025
- Modified: Dec. 22, 2025
- Vuln Type: Denial of Service
-
6.3
MEDIUMCVE-2025-14636
A security flaw has been discovered in Tenda AX9 22.03.01.46. This affects the function image_check of the component httpd. The manipulation results in use of weak hash. It is possible to launch the attack remotely. A high complexity level is associated w... Read more
- Published: Dec. 13, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Cryptography
-
6.3
MEDIUMCVE-2025-10543
In Eclipse Paho Go MQTT v3.1 library (paho.mqtt.golang) versions <=1.5.0 UTF-8 encoded strings, passed into the library, may be incorrectly encoded if their length exceeds 65535 bytes. This may lead to unexpected content in packets sent to the server (for... Read more
Affected Products :- Published: Dec. 02, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Misconfiguration
-
6.3
MEDIUMCVE-2025-14276
A vulnerability was determined in Ilevia EVE X1 Server up to 4.6.5.0.eden. Impacted is an unknown function of the file /ajax/php/leaf_search.php. This manipulation of the argument line causes command injection. The attack can be initiated remotely. A high... Read more
Affected Products :- Published: Dec. 08, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Injection
-
6.3
MEDIUMCVE-2025-66551
Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.6 and 0.9.3, a malicious user was able to create their own table and then move a column to a victims table. This vulnerability is fixed in 0.8.6 and 0.9.3.... Read more
- Published: Dec. 05, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Authorization
-
6.3
MEDIUMCVE-2025-14954
A vulnerability has been found in Open5GS up to 2.7.5. Affected is the function ogs_pfcp_pdr_find_or_add/ogs_pfcp_far_find_or_add/ogs_pfcp_urr_find_or_add/ogs_pfcp_qer_find_or_add in the library lib/pfcp/context.c of the component QER/FAR/URR/PDR. The man... Read more
Affected Products : open5gs- Published: Dec. 19, 2025
- Modified: Dec. 24, 2025
- Vuln Type: Denial of Service
-
6.3
MEDIUMCVE-2025-0836
Missing Authorization vulnerability in Milestone Systems XProtect VMS allows users with read-only access to Management Server to have full read/write access to MIP Webhooks API.... Read more
Affected Products :- Published: Dec. 16, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Authorization
-
6.3
MEDIUMCVE-2025-14651
A vulnerability has been found in MartialBE one-hub up to 0.14.27. This vulnerability affects unknown code of the file docker-compose.yml. The manipulation of the argument SESSION_SECRET leads to use of hard-coded cryptographic key . The attack may be in... Read more
Affected Products :- Published: Dec. 14, 2025
- Modified: Dec. 15, 2025
- Vuln Type: Cryptography
-
6.3
MEDIUMCVE-2025-13948
A vulnerability was determined in opsre go-ldap-admin up to 20251011. This issue affects some unknown processing of the file docs/docker-compose/docker-compose.yaml of the component JWT Handler. Executing manipulation of the argument secret key can lead t... Read more
Affected Products :- Published: Dec. 03, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Cryptography
-
6.3
MEDIUMCVE-2025-14660
A flaw has been found in DecoCMS Mesh up to 1.0.0-alpha.31. Affected by this vulnerability is the function createTool of the file packages/sdk/src/mcp/teams/api.ts of the component Workspace Domain Handler. This manipulation of the argument domain causes ... Read more
Affected Products :- Published: Dec. 14, 2025
- Modified: Dec. 15, 2025
- Vuln Type: Authorization
-
6.3
MEDIUMCVE-2025-13805
A weakness has been identified in nutzam NutzBoot up to 2.6.0-SNAPSHOT. This affects the function getInputStream of the file nutzcloud/nutzcloud-literpc/src/main/java/org/nutz/boot/starter/literpc/impl/endpoint/http/HttpServletRpcEndpoint.java of the comp... Read more
Affected Products :- Published: Dec. 01, 2025
- Modified: Dec. 01, 2025
- Vuln Type: Injection
-
6.3
MEDIUMCVE-2025-14889
A security flaw has been discovered in Campcodes Advanced Voting Management System 1.0. The impacted element is an unknown function of the file /admin/voters_edit.php of the component Password Handler. Performing manipulation of the argument ID results in... Read more
Affected Products : advanced_voting_management_system- Published: Dec. 18, 2025
- Modified: Dec. 24, 2025
- Vuln Type: Authorization
-
6.3
MEDIUMCVE-2025-15005
A security flaw has been discovered in CouchCMS up to 2.4. Affected is an unknown function of the file couch/config.example.php of the component reCAPTCHA Handler. The manipulation of the argument K_RECAPTCHA_SITE_KEY/K_RECAPTCHA_SECRET_KEY results in use... Read more
Affected Products :- Published: Dec. 22, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Cryptography
-
6.3
MEDIUMCVE-2025-66030
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing ... Read more
Affected Products : forge- Published: Nov. 26, 2025
- Modified: Dec. 06, 2025
- Vuln Type: Misconfiguration
-
6.3
MEDIUMCVE-2025-66500
A stored cross-site scripting (XSS) vulnerability exists in webplugins.foxit.com. A postMessage handler fails to validate the message origin and directly assigns externalPath to a script source, allowing an attacker to execute arbitrary JavaScript when a ... Read more
Affected Products : pdf_editor_cloud- Published: Dec. 19, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Cross-Site Scripting
-
6.3
MEDIUMCVE-2025-66521
A stored cross-site scripting (XSS) vulnerability exists in pdfonline.foxit.com within the Trusted Certificates feature. A crafted payload can be injected as the certificate name, which is later rendered into the DOM without proper sanitization. As a resu... Read more
Affected Products : pdf_editor_cloud- Published: Dec. 19, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Cross-Site Scripting
-
6.3
MEDIUMCVE-2025-1910
The WatchGuard Mobile VPN with SSL Client on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY/SYSTEM on the Windows machine where the VPN Client is installed.This issue affects the Mobi... Read more
Affected Products : mobile_vpn_with_ssl_client- Published: Dec. 04, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Authentication