5.3

CVSS3.1

CVE-2024-55374 -

REDCap 14.3.13 allows an attacker to enumerate usernames due to an observable discrepancy between login attempts.

๐Ÿ“… Published: Jan. 2, 2026, midnight ๐Ÿ”„ Last Modified: Jan. 12, 2026, 3:27 p.m.

7.5

CVSS3.1

CVE-2025-67269 - gpsd: gpsd: Denial of Service due to malformed NAVCOM packet parsing

An integer underflow vulnerability exists in the `nextstate()` function in `gpsd/packet.c` of gpsd versions prior to commit `ffa1d6f40bca0b035fc7f5e563160ebb67199da7`. When parsing a NAVCOM packet, the payload length is calculated using `lexer->length = (size_t)c - 4` without checking if the input โ€ฆ

๐Ÿ“… Published: Jan. 2, 2026, midnight ๐Ÿ”„ Last Modified: Jan. 9, 2026, 10:07 p.m.

9.8

CVSS3.1

CVE-2025-67268 - gpsd: gpsd: Arbitrary code execution via heap-based out-of-bounds write in NMEA2000 packet handling

gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/driver_nmea2000.c file. The hnd_129540 function, which handles NMEA2000 PGN 129540 (GNSS Satellites in View) packets, fails to validate the user-supplied satellite count against the size of the skyviewโ€ฆ

๐Ÿ“… Published: Jan. 2, 2026, midnight ๐Ÿ”„ Last Modified: Jan. 12, 2026, 3:33 p.m.

7.5

CVSS3.1

CVE-2025-67160 -

An issue in Vatilon v1.12.37-20240124 allows attackers to access sensitive directories and files via a directory traversal.

๐Ÿ“… Published: Jan. 2, 2026, midnight ๐Ÿ”„ Last Modified: Jan. 30, 2026, 1:44 a.m.

7.5

CVSS3.1

CVE-2025-67158 -

An authentication bypass in the /cgi-bin/jvsweb.cgi endpoint of Revotech I6032W-FHW v1.0.0014 - 20210517 allows attackers to access sensitive information and escalate privileges via a crafted HTTP request.

๐Ÿ“… Published: Jan. 2, 2026, midnight ๐Ÿ”„ Last Modified: Jan. 30, 2026, 1:44 a.m.

9.8

CVSS3.1

CVE-2025-65125 -

SQL injection in gosaliajainam/online-movie-booking 5.5 in movie_details.php allows attackers to gain sensitive information.

๐Ÿ“… Published: Jan. 2, 2026, midnight ๐Ÿ”„ Last Modified: Jan. 12, 2026, 3:16 p.m.

7.5

CVSS3.1

CVE-2025-67159 -

Vatilon v1.12.37-20240124 was discovered to transmit user credentials in plaintext.

๐Ÿ“… Published: Jan. 2, 2026, midnight ๐Ÿ”„ Last Modified: Jan. 30, 2026, 1:44 a.m.

4.8

CVSS4.0

CVE-2025-15418 - Open5GS Bearer QoS IE Length types.c ogs_gtp2_parse_bearer_qos denial of service

A security flaw has been discovered in Open5GS up to 2.7.6. Affected by this vulnerability is the function ogs_gtp2_parse_bearer_qos in the library lib/gtp/v2/types.c of the component Bearer QoS IE Length Handler. Performing a manipulation results in denial of service. The attack must be initiated โ€ฆ

๐Ÿ“… Published: Jan. 1, 2026, 11:32 p.m. ๐Ÿ”„ Last Modified: Feb. 23, 2026, 9:16 a.m.

4.8

CVSS4.0

CVE-2025-15417 - Open5GS GTPv2-C F-TEID s11-handler.c sgwc_s11_handle_create_session_request denial of service

A vulnerability was identified in Open5GS up to 2.7.6. Affected is the function sgwc_s11_handle_create_session_request of the file src/sgwc/s11-handler.c of the component GTPv2-C F-TEID Handler. Such manipulation leads to denial of service. The attack must be carried out locally. The exploit is pubโ€ฆ

๐Ÿ“… Published: Jan. 1, 2026, 11:02 p.m. ๐Ÿ”„ Last Modified: Feb. 23, 2026, 9:16 a.m.

4.8

CVSS4.0

CVE-2025-15416 - xnx3 wangmarket Add Global Variable save.do cross site scripting

A vulnerability was found in xnx3 wangmarket up to 6.4. This affects an unknown function of the file /siteVar/save.do of the component Add Global Variable Handler. The manipulation of the argument Remark/Variable Value results in cross site scripting. The attack can be executed remotely. The exploiโ€ฆ

๐Ÿ“… Published: Jan. 1, 2026, 10:32 p.m. ๐Ÿ”„ Last Modified: Feb. 23, 2026, 8:04 a.m.
Total resulsts: 343980
Page 1792 of 34,398
ยซ previous page ยป next page
Filters