Latest CVE Feed
-
6.3
MEDIUMCVE-2025-9315
An unauthenticated device registration vulnerability, caused by Improperly Controlled Modification of Dynamically-Determined Object Attributes, has been identified in the MXsecurity Series. An unauthenticated remote attacker can exploit this vulnerability... Read more
Affected Products : mxsecurity- Published: Dec. 10, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Authentication
-
6.3
MEDIUMCVE-2025-40807
A vulnerability has been identified in Gridscale X Prepay (All versions < V4.2.1). The affected application is vulnerable to capture-replay of authentication tokens. This could allow an authenticated but already locked-out user to establish still valid us... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Authentication
-
6.3
MEDIUMCVE-2025-46268
Advantech WebAccess/SCADA is vulnerable to SQL injection, which may allow an attacker to execute arbitrary SQL commands.... Read more
Affected Products : webaccess\/scada- Published: Dec. 18, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Injection
-
6.3
MEDIUMCVE-2025-66551
Nextcloud Tables allows you to create your own tables with individual columns. Prior to 0.8.6 and 0.9.3, a malicious user was able to create their own table and then move a column to a victims table. This vulnerability is fixed in 0.8.6 and 0.9.3.... Read more
- Published: Dec. 05, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Authorization
-
6.3
MEDIUMCVE-2025-66502
A stored cross-site scripting (XSS) vulnerability exists in pdfonline.foxit.com within the Page Templates feature. A crafted payload can be stored as the template name, which is later rendered into the DOM without proper sanitization. As a result, the inj... Read more
Affected Products : pdf_editor_cloud- Published: Dec. 19, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Cross-Site Scripting
-
6.3
MEDIUMCVE-2025-15153
A weakness has been identified in PbootCMS up to 3.2.12. Impacted is an unknown function of the file /data/pbootcms.db of the component SQLite Database. Executing manipulation can lead to files or directories accessible. It is possible to launch the attac... Read more
Affected Products : pbootcms- Published: Dec. 28, 2025
- Modified: Dec. 30, 2025
- Vuln Type: Path Traversal
-
6.3
MEDIUMCVE-2025-12874
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Quest Coexistence Manager for Notes (Free/Busy Connector modules) allows HTTP Request Smuggling via the Content-Length-Transfer-Encoding (CL.TE) attack vecto... Read more
Affected Products : coexistence_manager_for_notes- Published: Dec. 19, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Misconfiguration
-
6.3
MEDIUMCVE-2025-15251
A vulnerability was detected in beecue FastBee up to 2.1. Impacted is the function getRootElement of the file springboot/fastbee-server/sip-server/src/main/java/com/fastbee/sip/handler/req/ReqAbstractHandler.java of the component SIP Message Handler. The ... Read more
Affected Products :- Published: Dec. 30, 2025
- Modified: Dec. 30, 2025
- Vuln Type: XML External Entity
-
6.3
MEDIUMCVE-2025-68146
filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a Time-of-Check-Time-of-Use (TOCTOU) race condition allows local attackers to corrupt or truncate arbitrary user files through symlink attacks. The vulnerability exists ... Read more
Affected Products :- Published: Dec. 16, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Race Condition
-
6.3
MEDIUMCVE-2025-14697
A security flaw has been discovered in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 4.10.24.3. Affected by this issue is some unknown functionality of the file /ExportFiles/. The manipulation results in files or directories acce... Read more
Affected Products :- Published: Dec. 15, 2025
- Modified: Dec. 15, 2025
- Vuln Type: Path Traversal
-
6.3
MEDIUMCVE-2025-69205
Micro Registration Utility (µURU) is a telephone self registration utility based on asterisk. In versions up to and including commit 88db9a953f38a3026bcd6816d51c7f3b93c55893, an attacker can crafts a special federation name and characters treated special ... Read more
Affected Products :- Published: Dec. 29, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Injection
-
6.3
MEDIUMCVE-2025-68161
The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName https://logging.apache.org/log4j/2.x/manual/appenders/network.html#SslConfiguratio... Read more
Affected Products :- Published: Dec. 18, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Misconfiguration
-
6.3
MEDIUMCVE-2025-64192
Missing Authorization vulnerability in 8theme XStore xstore allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects XStore: from n/a through < 9.6.... Read more
Affected Products : xstore- Published: Dec. 18, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Authorization
-
6.3
MEDIUMCVE-2025-14347
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Proliz Software Ltd. OBS (Student Affairs Information System)0 allows Reflected XSS.This issue affects OBS (Student Affairs Information System)0: ... Read more
Affected Products :- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Cross-Site Scripting
-
6.3
MEDIUMCVE-2025-14660
A flaw has been found in DecoCMS Mesh up to 1.0.0-alpha.31. Affected by this vulnerability is the function createTool of the file packages/sdk/src/mcp/teams/api.ts of the component Workspace Domain Handler. This manipulation of the argument domain causes ... Read more
Affected Products :- Published: Dec. 14, 2025
- Modified: Dec. 15, 2025
- Vuln Type: Authorization
-
6.3
MEDIUMCVE-2025-8082
Improper neutralization of the title date in the 'VDatePicker' component in Vuetify, allows unsanitized HTML to be inserted into the page. This can lead to a Cross-Site Scripting (XSS) https://owasp.org/www-community/attacks/xss attack. The vulnerabilit... Read more
Affected Products :- Published: Dec. 12, 2025
- Modified: Dec. 15, 2025
- Vuln Type: Cross-Site Scripting
-
6.3
MEDIUMCVE-2025-15105
A security flaw has been discovered in getmaxun maxun up to 0.0.28. Impacted is an unknown function of the file /getmaxun/maxun/blob/develop/server/src/routes/auth.ts. Performing manipulation of the argument api_key results in use of hard-coded cryptograp... Read more
Affected Products :- Published: Dec. 27, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Cryptography
-
6.3
MEDIUMCVE-2025-68144
In mcp-server-git versions prior to 2025.12.17, the git_diff and git_checkout functions passed user-controlled arguments directly to git CLI commands without sanitization. Flag-like values (e.g., `--output=/path/to/file` for `git_diff`) would be interpret... Read more
Affected Products :- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Injection
-
6.3
MEDIUMCVE-2025-52598
Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has found a flaw that camera's client service does not perform certificate validation. The manufacturer has released patch ... Read more
Affected Products :- Published: Dec. 26, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Authentication
-
6.3
MEDIUMCVE-2025-64528
Discourse is an open source discussion platform. Prior to versions 3.5.3, 2025.11.1, and 2025.12.0, an attacker who knows part of a username can find the user and their full name via UI or API, even when `enable_names` is disabled. Versions 3.5.3, 2025.11... Read more
Affected Products : discourse- Published: Dec. 30, 2025
- Modified: Dec. 30, 2025
- Vuln Type: Information Disclosure