Latest CVE Feed
-
4.9
MEDIUMCVE-2025-20758
In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interactio... Read more
- Published: Dec. 02, 2025
- Modified: Dec. 03, 2025
- Vuln Type: Denial of Service
-
4.9
MEDIUMCVE-2025-58053
Galette is a membership management web application for non profit organizations. Prior to version 1.2.0, while updating any existing account with a self forged POST request, one can gain higher privileges. Version 1.2.0 fixes the issue.... Read more
Affected Products : galette- Published: Dec. 19, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Authorization
-
4.9
MEDIUMCVE-2025-68941
Gitea before 1.22.3 mishandles access to a private resource upon receiving an API token with scope limited to public resources.... Read more
Affected Products : gitea- Published: Dec. 26, 2025
- Modified: Dec. 26, 2025
- Vuln Type: Authorization
-
4.9
MEDIUMCVE-2025-66510
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contacts search allowed to retrieve personal data of other use... Read more
- Published: Dec. 05, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Authorization
-
4.9
MEDIUMCVE-2025-67819
An issue was discovered in Weaviate OSS before 1.33.4. Due to a lack of validation of the fileName field in the transfer logic, an attacker who can call the GetFile method while a shard is in the "Pause file activity" state and the FileReplicationService ... Read more
Affected Products : weaviate- Published: Dec. 12, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Path Traversal
-
4.8
MEDIUMCVE-2025-6946
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the IPS module. This vulnerability requires an authenticated administrator session to a locally manag... Read more
Affected Products : fireware firebox_m270 firebox_m290 firebox_m370 firebox_m390 firebox_m440 firebox_m470 firebox_m4800 firebox_m570 firebox_m5800 +19 more products- Published: Dec. 04, 2025
- Modified: Dec. 10, 2025
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-13505
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Datateam Information Technologies Inc. Datactive allows Stored XSS.... Read more
Affected Products :- Published: Dec. 02, 2025
- Modified: Dec. 02, 2025
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-11775
An out-of-bounds read vulnerability has been identified in the asComSvc service. This vulnerability can be triggered by sending specially crafted requests, which may lead to a service crash or partial loss of functionality. This vulnerability only affects... Read more
Affected Products : armoury_crate- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Memory Corruption
-
4.8
MEDIUMCVE-2025-13795
A weakness has been identified in codingWithElias School Management System up to f1ac334bfd89ae9067cc14dea12ec6ff3f078c01. Affected is an unknown function of the file /student-view.php of the component Edit Student Info Page. This manipulation of the argu... Read more
Affected Products :- Published: Nov. 30, 2025
- Modified: Dec. 01, 2025
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-14946
A flaw was found in libnbd. A malicious actor could exploit this by convincing libnbd to open a specially crafted Uniform Resource Identifier (URI). This vulnerability arises because non-standard hostnames starting with '-o' are incorrectly interpreted as... Read more
Affected Products :- Published: Dec. 19, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Misconfiguration
-
4.8
MEDIUMCVE-2025-14991
A weakness has been identified in Campcodes Complete Online Beauty Parlor Management System 1.0. The affected element is an unknown function of the file /admin/bwdates-reports-details.php. Executing manipulation of the argument fromdate can lead to cross ... Read more
Affected Products : online_beauty_parlor_management_system- Published: Dec. 21, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-14722
A vulnerability was determined in vion707 DMadmin up to 3403cafdb42537a648c30bf8cbc8148ec60437d1. This impacts the function Add of the file Admin/Controller/AddonsController.class.php of the component Backend. Executing manipulation can lead to cross site... Read more
Affected Products :- Published: Dec. 15, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-68163
In JetBrains TeamCity before 2025.11 stored XSS was possible on agentpushInstall page... Read more
Affected Products : teamcity- Published: Dec. 16, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-14663
A vulnerability was determined in code-projects Student File Management System 1.0. This vulnerability affects unknown code of the file /admin/update_student.php. Executing manipulation can lead to cross site scripting. The attack may be launched remotely... Read more
Affected Products : student_file_management_system- Published: Dec. 14, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-64872
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be ... Read more
Affected Products : experience_manager- Published: Dec. 10, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-64696
Android App "Brother iPrint&Scan" versions 6.13.7 and earlier improperly uses an external cache directory. If exploited, application-specific files may be accessed from other malicious applications.... Read more
Affected Products :- Published: Dec. 09, 2025
- Modified: Dec. 09, 2025
- Vuln Type: Misconfiguration
-
4.8
MEDIUMCVE-2025-64724
Arduino IDE is an integrated development environment. Prior to version 2.3.7, Arduino IDE for macOS is installed with world-writable file permissions on sensitive application components, allowing any local user to replace legitimate files with malicious c... Read more
Affected Products :- Published: Dec. 18, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Misconfiguration
-
4.8
MEDIUMCVE-2025-14201
A vulnerability was found in alokjaiswal Hotel-Management-services-using-MYSQL-and-php up to 5f8b60a7aa6c06a5632de569d4e3f6a8cd82f76f. Affected by this vulnerability is an unknown functionality of the file /dishsub.php. The manipulation of the argument it... Read more
Affected Products : hotel-management-services-using-mysql-and-php- Published: Dec. 07, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-11531
HP System Event Utility and Omen Gaming Hub might allow execution of certain files outside of their restricted paths. This potential vulnerability was remediated with HP System Event Utility version 3.2.12 and Omen Gaming Hub version 110... Read more
- Published: Dec. 09, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Path Traversal
-
4.8
MEDIUMCVE-2025-68114
Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, an unchecked vsnprintf return in SStream_concat lets a malicious cs_opt_mem.vsnprintf drive SStream’s index negative or past the end, leading to a stack buffer underflow/overflow whe... Read more
Affected Products : capstone- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Memory Corruption