Latest CVE Feed
-
5.1
MEDIUMCVE-2018-25149
Microhard Systems IPn4G 1.1.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change admin passwords, add new users, and modify sy... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Cross-Site Request Forgery
-
9.8
CRITICALCVE-2018-25135
Anviz AIM CrossChex Standard 4.3.6.0 contains a CSV injection vulnerability that allows attackers to execute commands by inserting malicious formulas in user import fields. Attackers can craft payloads in fields like 'Name', 'Gender', or 'Position' to tri... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Injection
-
6.8
MEDIUMCVE-2018-25130
Beward Intercom 2.3.1 contains a credentials disclosure vulnerability that allows local attackers to access plain-text authentication credentials stored in an unencrypted database file. Attackers can read the BEWARD.INTERCOM.FDB file to extract usernames ... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2025-60935
An open redirect vulnerability in the login endpoint of Blitz Panel v1.17.0 allows attackers to redirect users to malicious domains via a crafted URL. This issue affects the next_url parameter in the login endpoint and could lead to phishing or token thef... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Misconfiguration
-
8.7
HIGHCVE-2025-43875
Under certain circumstances a successful exploitation could result in access to the device.... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Authorization
-
0.0
NACVE-2023-54149
In the Linux kernel, the following vulnerability has been resolved: net: dsa: avoid suspicious RCU usage for synced VLAN-aware MAC addresses When using the felix driver (the only one which supports UC filtering and MC filtering) as a DSA master for a ra... Read more
Affected Products : linux_kernel- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Race Condition
-
8.8
HIGHCVE-2025-68592
Missing Authorization vulnerability in Liton Arefin WP Adminify adminify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Adminify: from n/a through <= 4.0.6.1.... Read more
Affected Products : wp_adminify- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Authorization
-
8.8
HIGHCVE-2025-68586
Missing Authorization vulnerability in Gora Tech Cooked cooked allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cooked: from n/a through <= 1.11.2.... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2025-68506
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Nawawi Jamili Docket Cache docket-cache allows PHP Local File Inclusion.This issue affects Docket Cache: from n/a through <= 24.07.03.... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Path Traversal
-
0.0
NACVE-2023-54157
In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF of alloc->vma in race with munmap() [ cmllamas: clean forward port from commit 015ac18be7de ("binder: fix UAF of alloc->vma in race with munmap()") in 5.10 stable. It ... Read more
Affected Products : linux_kernel- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Race Condition
-
0.0
NACVE-2023-54156
In the Linux kernel, the following vulnerability has been resolved: sfc: fix crash when reading stats while NIC is resetting efx_net_stats() (.ndo_get_stats64) can be called during an ethtool selftest, during which time nic_data->mc_stats is NULL as th... Read more
Affected Products : linux_kernel- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Memory Corruption
-
9.1
CRITICALCVE-2025-67623
Server-Side Request Forgery (SSRF) vulnerability in 6Storage 6Storage Rentals 6storage-rentals allows Server Side Request Forgery.This issue affects 6Storage Rentals: from n/a through <= 2.19.9.... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Server-Side Request Forgery
-
8.1
HIGHCVE-2025-68517
Missing Authorization vulnerability in Essekia Tablesome tablesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tablesome: from n/a through <= 1.1.35.1.... Read more
Affected Products : tablesome- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Authorization
-
9.1
CRITICALCVE-2025-68508
Missing Authorization vulnerability in Brave Brave brave-popup-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brave: from n/a through <= 0.8.3.... Read more
Affected Products : brave- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Authorization
-
0.0
NACVE-2025-68740
In the Linux kernel, the following vulnerability has been resolved: ima: Handle error code returned by ima_filter_rule_match() In ima_match_rules(), if ima_filter_rule_match() returns -ENOENT due to the rule being NULL, the function incorrectly skips th... Read more
Affected Products : linux_kernel- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Misconfiguration
-
8.7
HIGHCVE-2025-3232
A remote unauthenticated attacker may be able to bypass authentication by utilizing a specific API route to execute arbitrary OS commands.... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Authentication
-
5.3
MEDIUMCVE-2019-25252
Teradek VidiU Pro 3.0.3 contains a cross-site request forgery vulnerability that allows attackers to change administrative passwords without proper request validation. Attackers can craft malicious web pages that automatically submit password change reque... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Cross-Site Request Forgery
-
0.0
NACVE-2023-54150
In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix an out of bounds error in BIOS parser The array is hardcoded to 8 in atomfirmware.h, but firmware provides a bigger one sometimes. Deferencing the larger array causes an ou... Read more
Affected Products : linux_kernel- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Memory Corruption
-
6.9
MEDIUMCVE-2019-25251
Teradek VidiU Pro 3.0.3 contains a server-side request forgery vulnerability in the management interface that allows attackers to manipulate GET parameters 'url' and 'xml_url'. Attackers can exploit this flaw to bypass firewalls, initiate network enumerat... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Server-Side Request Forgery
-
8.7
HIGHCVE-2019-25255
VideoFlow Digital Video Protection DVP 2.10 contains an authenticated remote code execution vulnerability that allows attackers to execute system commands with root privileges. Attackers can exploit the vulnerability through a cross-site request forgery (... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Cross-Site Request Forgery