Latest CVE Feed
-
8.8
HIGHCVE-2025-67622
Cross-Site Request Forgery (CSRF) vulnerability in titopandub Evergreen Post Tweeter evergreen-post-tweeter allows Stored XSS.This issue affects Evergreen Post Tweeter: from n/a through <= 1.8.9.... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Cross-Site Request Forgery
-
0.0
NACVE-2023-54157
In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF of alloc->vma in race with munmap() [ cmllamas: clean forward port from commit 015ac18be7de ("binder: fix UAF of alloc->vma in race with munmap()") in 5.10 stable. It ... Read more
Affected Products : linux_kernel- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Race Condition
-
0.0
NACVE-2025-68737
In the Linux kernel, the following vulnerability has been resolved: arm64/pageattr: Propagate return value from __change_memory_common The rodata=on security measure requires that any code path which does vmalloc -> set_memory_ro/set_memory_rox must pro... Read more
Affected Products : linux_kernel- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Memory Corruption
-
5.4
MEDIUMCVE-2025-68512
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in creativeinteractivemedia Real 3D FlipBook real3d-flipbook-lite allows Stored XSS.This issue affects Real 3D FlipBook: from n/a through <= 4.11.4.... Read more
Affected Products : real3d_flipbook- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-68513
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Timeline Lite bold-timeline-lite allows Stored XSS.This issue affects Bold Timeline Lite: from n/a through <= 1.2.7.... Read more
Affected Products : bold_timeline_lite- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Cross-Site Scripting
-
8.8
HIGHCVE-2025-68522
Missing Authorization vulnerability in wpstream WpStream wpstream allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WpStream: from n/a through <= 4.9.5.... Read more
Affected Products : wpstream- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2025-68537
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Zota zota allows PHP Local File Inclusion.This issue affects Zota: from n/a through <= 1.3.14.... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Path Traversal
-
8.8
HIGHCVE-2025-68608
Missing Authorization vulnerability in DeluxeThemes Userpro userpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Userpro: from n/a through <= 5.1.9.... Read more
Affected Products : userpro- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Authorization
-
0.0
NACVE-2023-54144
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix kernel warning during topology setup This patch fixes the following kernel warning seen during driver load by correctly initializing the p2plink attr before creating the... Read more
Affected Products : linux_kernel- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Misconfiguration
-
9.1
CRITICALCVE-2025-67623
Server-Side Request Forgery (SSRF) vulnerability in 6Storage 6Storage Rentals 6storage-rentals allows Server Side Request Forgery.This issue affects 6Storage Rentals: from n/a through <= 2.19.9.... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Server-Side Request Forgery
-
0.0
NACVE-2023-54147
In the Linux kernel, the following vulnerability has been resolved: media: platform: mtk-mdp3: Add missing check and free for ida_alloc Add the check for the return value of the ida_alloc in order to avoid NULL pointer dereference. Moreover, free alloca... Read more
Affected Products : linux_kernel- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2023-54153
In the Linux kernel, the following vulnerability has been resolved: ext4: turn quotas off if mount failed after enabling quotas Yi found during a review of the patch "ext4: don't BUG on inconsistent journal feature" that when ext4_mark_recovery_complete... Read more
Affected Products : linux_kernel- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Misconfiguration
-
0.0
NACVE-2023-54140
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse A syzbot stress test using a corrupted disk image reported that mark_buffer_dirty() called from __nilfs_mark_inode... Read more
Affected Products : linux_kernel- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Memory Corruption
-
6.1
MEDIUMCVE-2025-67633
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brownbagmarketing Greenhouse Job Board greenhouse-job-board allows DOM-Based XSS.This issue affects Greenhouse Job Board: from n/a through <= 2.7.3.... Read more
Affected Products :- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Cross-Site Scripting
-
0.0
NACVE-2023-54150
In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix an out of bounds error in BIOS parser The array is hardcoded to 8 in atomfirmware.h, but firmware provides a bigger one sometimes. Deferencing the larger array causes an ou... Read more
Affected Products : linux_kernel- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2025-15128
A vulnerability was detected in ZKTeco BioTime up to 9.0.3/9.0.4/9.5.2. This affects an unknown part of the file /base/safe_setting/ of the component Endpoint. Performing manipulation of the argument backup_encryption_password_decrypt/export_encryption_pa... Read more
Affected Products : biotime- Published: Dec. 28, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Misconfiguration
-
2.0
LOWCVE-2025-15083
A vulnerability was determined in TOZED ZLT M30s up to 1.47. The affected element is an unknown function of the component UART Interface. Executing manipulation can lead to on-chip debug and test interface with improper access control. The physical device... Read more
Affected Products :- Published: Dec. 25, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2025-15088
A vulnerability was detected in ketr JEPaaS up to 7.2.8. Affected by this vulnerability is the function postilService.loadPostils of the file /je/postil/postil/loadPostil. Performing manipulation of the argument keyWord results in sql injection. Remote ex... Read more
Affected Products :- Published: Dec. 25, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Injection
-
9.9
CRITICALCVE-2025-66203
StreamVault is a video download integration solution. Prior to version 251126, a Remote Code Execution (RCE) vulnerability exists in the stream-vault application (SpiritApplication). The application allows administrators to configure yt-dlp arguments via ... Read more
Affected Products :- Published: Dec. 27, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Injection
-
7.6
HIGHCVE-2025-2406
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Verisay Communication and Information Technology Industry and Trade Ltd. Co. Trizbi allows Cross-Site Scripting (XSS).This issue affects Trizbi: b... Read more
Affected Products :- Published: Dec. 25, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Cross-Site Scripting