Latest CVE Feed
-
5.1
MEDIUMCVE-2025-65885
An issue was discovered in the Delight Custom Firmware (CFW) for Nokia Symbian Belle devices on Nokia 808 (Delight v1.8), Nokia N8 (Delight v6.7), Nokia E7 (Delight v1.3), Nokia C7 (Delight v6.7), Nokia 700 (Delight v1.2), Nokia 701 (Delight v1.1), Nokia ... Read more
Affected Products :- Published: Dec. 26, 2025
- Modified: Dec. 26, 2025
- Vuln Type: Injection
-
5.1
MEDIUMCVE-2025-15095
A security vulnerability has been detected in postmanlabs httpbin up to 0.6.1. This affects an unknown function of the file httpbin-master/httpbin/core.py. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit h... Read more
Affected Products :- Published: Dec. 26, 2025
- Modified: Dec. 26, 2025
- Vuln Type: Cross-Site Scripting
-
5.1
MEDIUMCVE-2019-25238
V-SOL GPON/EPON OLT Platform 2.03 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to create admin users, enable SSH, or modify system... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 24, 2025
- Vuln Type: Cross-Site Request Forgery
-
5.1
MEDIUMCVE-2025-13879
Directory traversal vulnerability in SOLIDserver IPAM v8.2.3. This vulnerability allows an authenticated user with administrator privileges to list directories other than those to which the have authorized access using the 'directory' parameter in '/mod/a... Read more
Affected Products : solidserver_ipam- Published: Dec. 02, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Path Traversal
-
5.1
MEDIUMCVE-2025-64052
An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local network to execute arbitrary system commands.... Read more
- Published: Dec. 05, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Authentication
-
5.1
MEDIUMCVE-2023-53906
projectSend r1605 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript through the custom assets configuration page. Attackers can craft a JavaScript payload in the custom assets sect... Read more
Affected Products : projectsend- Published: Dec. 17, 2025
- Modified: Dec. 27, 2025
- Vuln Type: Cross-Site Scripting
-
5.1
MEDIUMCVE-2023-53737
A stored cross-site scripting vulnerability in Kentico Xperience allows global administrators to inject malicious payloads via the Localization application. Attackers can execute scripts that could affect multiple parts of the administration interface.... Read more
Affected Products : xperience- Published: Dec. 18, 2025
- Modified: Dec. 27, 2025
- Vuln Type: Cross-Site Scripting
-
5.1
MEDIUMCVE-2018-25149
Microhard Systems IPn4G 1.1.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change admin passwords, add new users, and modify sy... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 24, 2025
- Vuln Type: Cross-Site Request Forgery
-
5.1
MEDIUMCVE-2025-14836
A flaw has been found in ZZCMS 2025. Affected by this vulnerability is an unknown functionality of the file /reg/user_save.php of the component User Data Storage Module. This manipulation causes cleartext storage in a file or on disk. Remote exploitation ... Read more
Affected Products : zzcms- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Misconfiguration
-
5.1
MEDIUMCVE-2025-40939
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V4.0.1). The affected device contains a USB port which allows unauthenticated connections. This could allow an attacker with physical access to the device to trigger reboot that could ... Read more
- Published: Dec. 09, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Authentication
-
5.0
MEDIUMCVE-2025-68944
Gitea before 1.22.2 sometimes mishandles the propagation of token scope for access control within one of its own package registries.... Read more
Affected Products : gitea- Published: Dec. 26, 2025
- Modified: Dec. 26, 2025
- Vuln Type: Authorization
-
5.0
MEDIUMCVE-2025-66432
In Oxide control plane 15 through 17 before 17.1, API tokens can be renewed past their expiration date.... Read more
Affected Products :- Published: Nov. 30, 2025
- Modified: Dec. 01, 2025
- Vuln Type: Authentication
-
5.0
MEDIUMCVE-2025-67461
External control of file name or path in Zoom Rooms for macOS before version 6.6.0 may allow an authenticated user to conduct a disclosure of information via local access.... Read more
Affected Products : rooms- Published: Dec. 10, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Path Traversal
-
5.0
MEDIUMCVE-2024-58335
OpenXRechnungToolbox through 2024-10-05-3.0.0 before 6c50e89 allows XXE because the disallow-doctype-decl feature is not enabled in visualization/VisualizerImpl.java.... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 24, 2025
- Vuln Type: XML External Entity
-
5.0
MEDIUMCVE-2025-12941
Denial of Service Vulnerability in NETGEAR C6220 and C6230 (DOCSIS® 3.0 Two-in-one Cable Modem + WiFi Router) allows authenticated local WiFi users reboot the router.... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Denial of Service
-
5.0
MEDIUMCVE-2025-66407
Weblate is a web based localization tool. The Create Component functionality in Weblate allows authorized users to add new translation components by specifying both a version control system and a source code repository URL to pull from. However, prior to ... Read more
Affected Products : weblate- Published: Dec. 16, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Server-Side Request Forgery
-
5.0
MEDIUMCVE-2025-14485
A weakness has been identified in EFM ipTIME A3004T 14.19.0. This vulnerability affects the function show_debug_screen of the file /sess-bin/timepro.cgi of the component Administrator Password Handler. This manipulation of the argument aaksjdkfj with the ... Read more
Affected Products :- Published: Dec. 11, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Injection
-
5.0
MEDIUMCVE-2025-67640
Jenkins Git client Plugin 6.4.0 and earlier does not not correctly escape the path to the workspace directory as part of an argument in a temporary shell script generated by the plugin, allowing attackers able to control the workspace directory name to in... Read more
Affected Products : git_client- Published: Dec. 10, 2025
- Modified: Dec. 17, 2025
- Vuln Type: Injection
-
5.0
MEDIUMCVE-2025-66406
Step CA is an online certificate authority for secure, automated certificate management for DevOps. Prior to 0.29.0, there is an improper authorization check for SSH certificate revocation. This affects deployments configured with the SSHPOP provisioner. ... Read more
Affected Products :- Published: Dec. 03, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Authorization
-
5.0
MEDIUMCVE-2025-64631
Missing Authorization vulnerability in WC Lovers WCFM Marketplace wc-multivendor-marketplace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM Marketplace: from n/a through <= 3.6.15.... Read more
Affected Products : wcfm_marketplace- Published: Dec. 16, 2025
- Modified: Dec. 17, 2025
- Vuln Type: Authorization