Latest CVE Feed
-
4.1
MEDIUMCVE-2025-59701
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker (with elevated privileges) to read and modify the Appliance SSD contents (because they are unencrypted).... Read more
- Published: Dec. 02, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Misconfiguration
-
7.2
HIGHCVE-2025-59702
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker with elevated privileges to falsify tamper events by accessing internal components.... Read more
- Published: Dec. 02, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Misconfiguration
-
6.8
MEDIUMCVE-2025-59705
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a Physically Proximate Attacker to Escalate Privileges by enabling the USB interface through chassis probe insertion during system boot, aka "Unauthorized Reactivatio... Read more
- Published: Dec. 02, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Misconfiguration
-
9.1
CRITICALCVE-2025-59703
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a Physically Proximate Attacker to access the internal components of the appliance, without leaving tamper evidence. To exploit this, the attacker needs to remove the... Read more
- Published: Dec. 02, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Authentication
-
4.6
MEDIUMCVE-2025-59704
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow an attacker to gain access the the BIOS menu because is has no password.... Read more
- Published: Dec. 02, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Misconfiguration
-
9.8
CRITICALCVE-2025-66208
Collabora Online - Built-in CODE Server (richdocumentscode) provides a built-in server with all of the document editing features of Collabora Online. In versions prior to 25.04.702, Collabora Online has a Configuration-Dependent RCE (OS Command Injection)... Read more
Affected Products : online- Published: Dec. 03, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Injection
-
8.3
HIGHCVE-2025-58098
Apache HTTP Server 2.4.65 and earlier with Server Side Includes (SSI) enabled and mod_cgid (but not mod_cgi) passes the shell-escaped query string to #exec cmd="..." directives. This issue affects Apache HTTP Server before 2.4.66. Users are recommended ... Read more
Affected Products : http_server- Published: Dec. 05, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Injection
-
5.5
MEDIUMCVE-2025-66334
Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability.... Read more
Affected Products : harmonyos- Published: Dec. 08, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Denial of Service
-
7.2
HIGHCVE-2025-59697
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to escalate privileges by editing the Legacy GRUB bootloader configuration to start a root shell upon boot of the host OS. This is cal... Read more
- Published: Dec. 02, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Authentication
-
3.2
LOWCVE-2025-59696
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to modify or erase tamper events via the Chassis management board.... Read more
- Published: Dec. 02, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Misconfiguration
-
7.5
HIGHCVE-2025-54848
A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted series of network requests can lead to a denial of service. An attacker can send a sequence of unaut... Read more
- Published: Dec. 01, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-54849
A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted series of network requests can lead to a denial of service. An attacker can send a sequence of unaut... Read more
- Published: Dec. 01, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Denial of Service
-
8.9
HIGHCVE-2025-66509
LaraDashboard is an all-In-one solution to start a Laravel Application. In 2.3.0 and earlier, the password reset flow trusts the Host header, allowing attackers to redirect the administrator’s reset token to an attacker-controlled server. This can be comb... Read more
Affected Products :- Published: Dec. 04, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Injection
-
8.7
HIGHCVE-2024-58276
Obi08/Enrollment System 1.0 contains a SQL injection vulnerability in the keyword parameter of /get_subject.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can use UNION-based injection to extract sensitive informatio... Read more
Affected Products :- Published: Dec. 04, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Injection
-
6.3
MEDIUMCVE-2025-1910
The WatchGuard Mobile VPN with SSL Client on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY/SYSTEM on the Windows machine where the VPN Client is installed.This issue affects the Mobi... Read more
Affected Products : mobile_vpn_with_ssl_client- Published: Dec. 04, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Authentication
-
7.5
HIGHCVE-2025-65945
auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an improper signature verification vulnerability when using the HS256 algorithm under specific conditions. Applications ... Read more
Affected Products :- Published: Dec. 04, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Authentication
-
8.7
HIGHCVE-2025-12097
There is a relative path traversal vulnerability in the NI System Web Server that may result in information disclosure. Successful exploitation requires an attacker to send a specially crafted request to the NI System Web Server, allowing the attacker to... Read more
Affected Products : labview- Published: Dec. 04, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Path Traversal
-
6.1
MEDIUMCVE-2025-13515
The Nouri.sh Newsletter plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` parameter in all versions up to, and including, 1.0.1.3 due to insufficient input sanitization and output escaping. This makes it p... Read more
Affected Products :- Published: Dec. 05, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-13625
The WP-SOS-Donate Donation Sidebar Plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` parameter in all versions up to, and including, 0.9.2 due to insufficient input sanitization and output escaping. This m... Read more
Affected Products :- Published: Dec. 05, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Cross-Site Scripting
-
5.3
MEDIUMCVE-2025-13528
The Feedback Modal for Website plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'handle_export' function in all versions up to, and including, 1.0.1. This makes it possible for unauthenticated atta... Read more
Affected Products :- Published: Dec. 05, 2025
- Modified: Dec. 08, 2025
- Vuln Type: Authorization