Latest CVE Feed
-
5.3
MEDIUMCVE-2025-66577
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to influence server-visible metadata, logging, and authorization decisions. An attacker can supply X... Read more
Affected Products : cpp-httplib- Published: Dec. 05, 2025
- Modified: Dec. 11, 2025
- Vuln Type: Misconfiguration
-
5.3
MEDIUMCVE-2025-53965
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. The function used to decode the SOR t... Read more
Affected Products : exynos_980_firmware exynos_850_firmware exynos_2100_firmware exynos_2200_firmware exynos_1280_firmware exynos_1380_firmware exynos_1330_firmware exynos_w920_firmware exynos_980 exynos_990_firmware +26 more products- Published: Dec. 03, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Memory Corruption
-
5.3
MEDIUMCVE-2025-64763
Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, when Envoy is configured in TCP proxy mode to handle CONNECT requests, it accepts client data before issuing a 2xx response and forwards that data to ... Read more
Affected Products : envoy- Published: Dec. 03, 2025
- Modified: Dec. 05, 2025
- Vuln Type: Misconfiguration
-
5.3
MEDIUMCVE-2025-62740
Missing Authorization vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CRM System: from n/a through <= 3.4.5.... Read more
Affected Products : wp-crm_system- Published: Dec. 09, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2018-25155
Teradek Slice 7.3.15 contains a cross-site request forgery vulnerability that allows attackers to change administrative passwords without proper request validation. Attackers can craft a malicious web page that automatically submits password change reques... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 24, 2025
- Vuln Type: Cross-Site Request Forgery
-
5.3
MEDIUMCVE-2025-15085
A security flaw has been discovered in youlaitech youlai-mall 1.0.0/2.0.0. This affects the function deductBalance of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java of the component Balance Handler. The m... Read more
Affected Products :- Published: Dec. 25, 2025
- Modified: Dec. 25, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-12355
The Payaza plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_nopriv_update_order_status' AJAX endpoint in all versions up to, and including, 0.3.8. This makes it possible for unauthen... Read more
Affected Products :- Published: Dec. 05, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-15093
A security flaw has been discovered in sunkaifei FlyCMS up to abbaa5a8daefb146ad4d61027035026b052cb414. The affected element is an unknown function of the file src/main/java/com/flycms/web/system/IndexAdminController.java of the component Admin Login. Per... Read more
Affected Products :- Published: Dec. 26, 2025
- Modified: Dec. 26, 2025
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2025-12876
The Projectopia – WordPress Project Management plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pto_delete_file AJAX action in all versions up to, and including, 5.1.19. This makes it possibl... Read more
Affected Products : projectopia- Published: Dec. 05, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-14220
A security vulnerability has been detected in ORICO CD3510 1.9.12. This affects an unknown function of the component File Upload. The manipulation leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed publicly and m... Read more
Affected Products :- Published: Dec. 08, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Path Traversal
-
5.3
MEDIUMCVE-2019-25234
SmartHouse Webapp 6.5.33 contains multiple cross-site request forgery and cross-site scripting vulnerabilities that allow attackers to perform unauthorized actions. Attackers can exploit these vulnerabilities by tricking logged-in users into visiting mali... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 24, 2025
- Vuln Type: Cross-Site Request Forgery
-
5.3
MEDIUMCVE-2025-13807
A vulnerability was detected in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected is the function MachineKeyController of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineKeyController.java of ... Read more
Affected Products : orion-ops- Published: Dec. 01, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Authorization
-
5.2
MEDIUMCVE-2025-57850
A container privilege escalation flaw was found in certain CodeReady Workspaces images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands... Read more
Affected Products :- Published: Dec. 02, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Misconfiguration
-
5.2
MEDIUMCVE-2025-43393
A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to break out of its sandbox.... Read more
Affected Products : macos- Published: Dec. 12, 2025
- Modified: Dec. 15, 2025
- Vuln Type: Authorization
-
5.2
MEDIUMCVE-2025-43497
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to break out of its sandbox.... Read more
Affected Products : macos- Published: Dec. 12, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Authorization
-
5.2
MEDIUMCVE-2025-52600
Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered a vulnerability in camera video analytics that Improper input validation. This vulnerability could allow an ... Read more
Affected Products :- Published: Dec. 26, 2025
- Modified: Dec. 26, 2025
- Vuln Type: Injection
-
5.1
MEDIUMCVE-2025-6349
Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform improper GPU memory processing operations to gain access to already freed memory.Th... Read more
- Published: Dec. 01, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Memory Corruption
-
5.1
MEDIUMCVE-2025-2879
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform improper GPU processing operations to e... Read more
- Published: Dec. 01, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Information Disclosure
-
5.1
MEDIUMCVE-2021-47729
Selea Targa IP OCR-ANPR Camera contains a stored cross-site scripting vulnerability in the 'files_list' parameter that allows attackers to inject malicious HTML and script code. Attackers can send a POST request to /cgi-bin/get_file.php with crafted paylo... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Cross-Site Scripting
-
5.1
MEDIUMCVE-2025-11009
Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GT Designer3 Version1 (GOT2000) all versions and Mitsubishi Electric GT Designer3 Version1 (GOT1000) all versions allows a local unauthenticated attacker to obtain plaintext c... Read more
Affected Products : gt_designer3- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Information Disclosure