0.0

CVE-2025-60660 -

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the mac parameter in the fromAdvSetMacMtuWan function.

๐Ÿ“… Published: Oct. 2, 2025, midnight ๐Ÿ”„ Last Modified: Oct. 2, 2025, 4:10 p.m.

0.0

CVE-2025-32942 -

SSH Tectia Server before 6.6.6 sometimes allows attackers to read and alter a user's session traffic.

๐Ÿ“… Published: Oct. 2, 2025, midnight ๐Ÿ”„ Last Modified: Oct. 2, 2025, 6:55 p.m.

0.0

CVE-2025-56161 -

YOSHOP 2.0 allows unauthenticated information disclosure via comment-list API endpoints in the Goods module. The Comment model eagerly loads the related User model without field filtering; because User.php defines no $hidden or $visible attributes, sensitive fields (bcrypt password hash, mobile numโ€ฆ

๐Ÿ“… Published: Oct. 2, 2025, midnight ๐Ÿ”„ Last Modified: Oct. 2, 2025, 3:46 p.m.

0.0

CVE-2025-61096 -

PHPGurukul Online Shopping Portal Project v2.1 is vulnerable to SQL Injection in /shopping/login.php via the fullname parameter.

๐Ÿ“… Published: Oct. 2, 2025, midnight ๐Ÿ”„ Last Modified: Oct. 2, 2025, 2:32 p.m.

0.0

CVE-2025-56381 -

ERPNEXT v15.67.0 was discovered to contain multiple SQL injection vulnerabilities in the /api/method/frappe.desk.reportview.get endpoint via the order_by and group_by parameters.

๐Ÿ“… Published: Oct. 2, 2025, midnight ๐Ÿ”„ Last Modified: Oct. 2, 2025, 2:06 p.m.

7.1

CVSS3.1

CVE-2025-54315 -

The Matrix specification before 1.16 (i.e., with a room version before 12) lacks create event uniqueness.

๐Ÿ“… Published: Oct. 2, 2025, midnight ๐Ÿ”„ Last Modified: Oct. 2, 2025, 6:33 p.m.

0.0

CVE-2025-56019 -

An insecure permission vulnerability exists in the Agasta Easytouch+ version 9.3.97 The device allows unauthorized mobile applications to connect via Bluetooth Low Energy (BLE) without authentication. Once an unauthorized connection is established, legitimate applications are unable to connect, cauโ€ฆ

๐Ÿ“… Published: Oct. 2, 2025, midnight ๐Ÿ”„ Last Modified: Oct. 2, 2025, 5:18 p.m.

0.0

CVE-2025-56154 -

htmly v3.0.8 is vulnerable to Cross Site Scripting (XSS) in the /author/:name endpoint of the affected application. The name parameter is not properly sanitized before being reflected in the HTML response, allowing attackers to inject arbitrary JavaScript payloads.

๐Ÿ“… Published: Oct. 2, 2025, midnight ๐Ÿ”„ Last Modified: Oct. 2, 2025, 4:05 p.m.

0.0

CVE-2025-56162 -

YOSHOP 2.0 suffers from an unauthenticated SQL injection in the goodsIds parameter of the /api/goods/listByIds endpoint. The getListByIds function concatenates user input into orderRaw('field(goods_id, ...)'), allowing attackers to: (a) enumerate or modify database data, including dumping admin pasโ€ฆ

๐Ÿ“… Published: Oct. 2, 2025, midnight ๐Ÿ”„ Last Modified: Oct. 2, 2025, 3:46 p.m.

0.0

CVE-2025-59406 -

The Flock Safety Pisco com.flocksafety.android.pisco application 6.21.11 for Android (installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices) has a cleartext Auth0 client secret in its codebase. Because application binaries can be trivially decompiled or inspected, โ€ฆ

๐Ÿ“… Published: Oct. 2, 2025, midnight ๐Ÿ”„ Last Modified: Oct. 2, 2025, 5:06 p.m.
Total resulsts: 312544
Page 11 of 31,255
ยซ previous page ยป next page
Filters