4.8

CVSS4.0

CVE-2025-9638 - i-Educar 2.10.0 - Stored Cross-Site Scripting (XSS) in admin panel

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Portabilis i-Educar allows Stored Cross-Site Scripting (XSS) via the matricula_interna parameter in the educar_usuario_cad.php endpoint. This issue affects i-Educar: 2.10.0.

πŸ“… Published: Dec. 9, 2025, 3:59 p.m. πŸ”„ Last Modified: Dec. 11, 2025, 5:56 p.m.

7.3

CVSS4.0

CVE-2025-5469 - Dylib Hijacking in Yandex Messenger

Uncontrolled Search Path Element vulnerability in Yandex Messenger on MacOS allows Search Order Hijacking.This issue affects Telemost: before 2.245

πŸ“… Published: Dec. 9, 2025, 3:55 p.m. πŸ”„ Last Modified: Dec. 10, 2025, 5:49 p.m.

9.6

CVSS3.1

CVE-2025-10573 -

Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the context of an administrator session. User interaction is required.

πŸ“… Published: Dec. 9, 2025, 3:55 p.m. πŸ”„ Last Modified: Dec. 11, 2025, 5:48 p.m.

7.3

CVSS4.0

CVE-2025-5471 - Dylib Hijacking in Yandex Telemost

Uncontrolled Search Path Element vulnerability in Yandex Telemost on MacOS allows Search Order Hijacking.This issue affects Telemost: before 2.19.1.

πŸ“… Published: Dec. 9, 2025, 3:53 p.m. πŸ”„ Last Modified: Dec. 10, 2025, 5:49 p.m.

7.3

CVSS4.0

CVE-2025-5470 - Dylib Hijacking in Yandex Disk

Uncontrolled Search Path Element vulnerability in Yandex Disk on MacOS allows Search Order Hijacking.This issue affects Disk: before 3.2.45.3275.

πŸ“… Published: Dec. 9, 2025, 3:50 p.m. πŸ”„ Last Modified: Dec. 10, 2025, 5:49 p.m.

5.4

CVSS3.1

CVE-2025-13642 - ProfilePress <= 4.16.7 - Authenticated (Subscriber+) Arbitrary Shortcode Execution

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.16.7 due to insufficient input sanitization on the `type` parameter i…

πŸ“… Published: Dec. 9, 2025, 3:23 p.m. πŸ”„ Last Modified: Dec. 10, 2025, 5:49 p.m.

4.5

CVSS3.1

CVE-2025-67467 - WordPress GiveWP plugin <= 4.13.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in StellarWP GiveWP give allows Cross Site Request Forgery.This issue affects GiveWP: from n/a through <= 4.13.1.

πŸ“… Published: Dec. 9, 2025, 3:03 p.m. πŸ”„ Last Modified: Dec. 10, 2025, 5:49 p.m.

7.8

CVSS3.1

CVE-2025-66533 - WordPress GiveWP plugin <= 4.13.1 - Arbitrary Shortocde Execution vulnerability

Improper Control of Generation of Code ('Code Injection') vulnerability in StellarWP GiveWP give allows Code Injection.This issue affects GiveWP: from n/a through <= 4.13.1.

πŸ“… Published: Dec. 9, 2025, 3:03 p.m. πŸ”„ Last Modified: Dec. 10, 2025, 5:49 p.m.

8.4

CVSS4.0

CVE-2025-2296 - Un-verified kernel bypass Secure Boot mechanism in direct boot mode

EDK2 contains a vulnerability in BIOS where an attacker may cause β€œ Improper Input Validation” by local access. Successful exploitation of this vulnerability could alter control flow in unexpected ways, potentially allowing arbitrary command execution and impacting Confidentiality, Integrity, and A…

πŸ“… Published: Dec. 9, 2025, 3 p.m. πŸ”„ Last Modified: Dec. 10, 2025, 5:49 p.m.

2.3

CVSS4.0

CVE-2025-14345 - Cross-Shard Failovers May Lead to Partial Transaction Commit in MongoDB Server

A post-authenticationΒ flaw in the network two-phase commit protocol used for cross-shard transactions in MongoDB Server may lead to logical data inconsistencies under specific conditions which are not predictable and exist for a very short period of time. This error can cause the transaction coordi…

πŸ“… Published: Dec. 9, 2025, 3 p.m. πŸ”„ Last Modified: Dec. 11, 2025, 4:41 p.m.
Total resulsts: 322292
Page 106 of 32,230
Β« previous page Β» next page
Filters